| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
f09bebf amdgpu: update yellow carp DMCUB firmware
db6db36 amdgpu: add firmware for VCN 3.1.2 IP block
3647da5 amdgpu: add firmware for SDMA 5.2.6 IP block
639b5c1 amdgpu: add firmware for PSP 13.0.5 IP block
7658946 amdgpu: add firmware for GC 10.3.6 IP block
427ca6c amdgpu: add firmware for DCN 3.1.5 IP block
edf9a2b qcom: rename Lenovo ThinkPad X13s firmware paths
9ebd5a5 rtw89: 8852c: update fw to v0.27.42.0
7546432 rtw89: 8852c: update fw to v0.27.36.0
2f2f018 Mellanox: Add new mlxsw_spectrum firmware xx.2010.3146
706a462 amdgpu: update beige goby VCN firmware
09ec438 amdgpu: update dimgrey cavefish VCN firmware
647021b amdgpu: update navy flounder VCN firmware
3c1662d amdgpu: update sienna cichlid VCN firmware
d3c9228 rtl_bt: Update RTL8852C BT USB firmware to 0xDFB8_5A33
a1c4b15 mediatek: reference the LICENCE file for MediaTek firmwares
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 181dc64a8228bbbfc317a535e16c922369213885)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
12ca075 mediatek: Add new mt8186 SOF firmware
aed71f2 ice: Update package to 1.3.30.0
1ee415b QCA: Update Bluetooth WCN685x 2.1 firmware to 2.1.0-00438
c58f001 brcm: Add nvram for Lenovo Yoga Tablet 2 830F/L and 1050F/L tablets
d4a4224 brcm: Add nvram for the Xiaomi Mi Pad 2 tablet
7220731 brcm: Add nvram for the Asus TF103C tablet
89ec619 Add amd-ucode README file
4f8f67e qca: Update firmware files for BT chip WCN6750.
This commit will update required firmware files for WCN6750.
e6857b6 amdgpu: Update Yellow Carp VCN firmware
e6185d5 linux-firmware: Update firmware file for Intel Bluetooth 9462
140beaf linux-firmware: Update firmware file for Intel Bluetooth 9462
045847e linux-firmware: Update firmware file for Intel Bluetooth 9560
f7f3d1f linux-firmware: Update firmware file for Intel Bluetooth 9560
45c5e53 linux-firmware: Update firmware file for Intel Bluetooth AX201
1068c45 linux-firmware: Update firmware file for Intel Bluetooth AX201
b93bf2c linux-firmware: Update firmware file for Intel Bluetooth AX211
31d24ca linux-firmware: Update firmware file for Intel Bluetooth AX211
447ca4a linux-firmware: Update firmware file for Intel Bluetooth AX210
87d07fd linux-firmware: Update firmware file for Intel Bluetooth AX200
63a87d2 linux-firmware: Update firmware file for Intel Bluetooth AX201
a45053c Mellanox: Add new mlxsw_spectrum firmware xx.2010.3020
4ae4ae8 qcom: Add firmware for Lenovo ThinkPad X13s
feda199 linux-firmware: Add firmware for Cirrus CS35L41
a4235e0 i915: Add GuC v70.4.1 for DG2
3ab394a i915: Add DMC v2.07 for DG2
150864a amdgpu partially revert "amdgpu: update beige goby to release 22.20"
56cf646 mediatek: Update mt8183/mt8192/mt8195 SCP firmware
4421586 amdgpu: update renoir to release 22.20
06cead1 amdgpu: update beige goby to release 22.20
d3e37b7 amdgpu: update yellow carp to release 22.20
9149732 amdgpu: update dimgrey cavefish to release 22.20
c2f5699 amdgpu: update vega20 to release 22.20
c3afe6a amdgpu: update vega12 to release 22.20
e840fe5 amdgpu: update raven to release 22.20
efe98d4 amdgpu: update navy flounder to release 22.20
5f13921 amdgpu: update vega10 to release 22.20
8da4640 amdgpu: update sienna cichlid to release 22.20
3fbfd89 amdgpu: update navi14 to release 22.20
8fe4b42 amdgpu: update green sardine to release 22.20
ca36bb9 amdgpu: update vangogh to release 22.20
21ba56c amdgpu: update navi12 to release 22.20
e9918d2 amdgpu: update navi10 to release 22.20
f379030 amdgpu: update picasso to release 22.20
1826c07 amdgpu: update aldebaran to release 22.20
1cbf1c6 amdgpu: update psp 13.0.8 TA firmware
35bb3bd WHENCE: Fix the dangling symlinks fix
84661a3 amdgpu: update DMCUB firmware for DCN 3.1.6
dfa2931 WHENCE: Correct dangling symlinks
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 58271ed057fa9e4f451e5a10baf63cd92a170daf)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
git log --pretty=oneline --abbrev-commit 20220509..20220610 (sorted)
amdgpu:
4458bb4 amdgpu: update yellow carp DMCUB firmware
9ed4d42 amdgpu: update Yellow Carp VCN firmware
251d290 amdgpu: update beige goby firmware for 22.10
d4346b3 amdgpu: update renoir firmware for 22.10
b3df9c4 amdgpu: update dimgrey cavefish firmware for 22.10
e1b0a1c amdgpu: update vega20 firmware for 22.10
4a0d163 amdgpu: update yellow carp firmware for 22.10
e8f2e54 amdgpu: update vega12 firmware for 22.10
7a7f84a amdgpu: update navy flounder firmware for 22.10
5a6a482 amdgpu: update vega10 firmware for 22.10
4ee52ee amdgpu: update raven2 firmware for 22.10
e2d460f amdgpu: update raven firmware for 22.10
5b52a90 amdgpu: update sienna cichlid firmware for 22.10
c8268e6 amdgpu: update green sardine firmware for 22.10
f29f5b5 amdgpu: update PCO firmware for 22.10
95b5b3f amdgpu: update vangogh firmware for 22.10
6dcbd01 amdgpu: update navi14 firmware for 22.10
f803fbd amdgpu: update navi12 firmware for 22.10
8923000 amdgpu: update navi10 firmware for 22.10
4b2af01 amdgpu: update aldebaran firmware for 22.10
ath10k:
2aa4da3 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00157
f7cc4b4 ath10k: QCA9888 hw2.0: update board-2.bin
e9e987d ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00157
866b5b2 ath10k: QCA4019 hw1.0: update board-2.bin
intel:
ac640f0 linux-firmware: Update firmware file for Intel Bluetooth 9462
38dd3f2 linux-firmware: Update firmware file for Intel Bluetooth 9462
72e1216 linux-firmware: Update firmware file for Intel Bluetooth 9560
94c49b4 linux-firmware: Update firmware file for Intel Bluetooth 9560
e4971d1 linux-firmware: Update firmware file for Intel Bluetooth AX201
78c3731 linux-firmware: Update firmware file for Intel Bluetooth AX201
12564a2 linux-firmware: Update firmware file for Intel Bluetooth AX211
edc709e linux-firmware: Update firmware file for Intel Bluetooth AX211
9546d55 linux-firmware: Update firmware file for Intel Bluetooth AX210
111bd14 linux-firmware: Update firmware file for Intel Bluetooth AX200
ac67ec3 linux-firmware: Update firmware file for Intel Bluetooth AX201
99cb4b0 iwlwifi: add new FWs from core70-87 release
7073b8a iwlwifi: update 9000-family firmwares to core70-87
f9e0b9f iwlwifi: remove old unsupported 3160/7260/7265/8000/8265 firmware
7d118ce linux-firmware: Update firmware file for Intel Bluetooth 9462
30dcf82 linux-firmware: Update firmware file for Intel Bluetooth 9462
7d141a6 linux-firmware: Update firmware file for Intel Bluetooth 9560
741fee8 linux-firmware: Update firmware file for Intel Bluetooth 9560
e7214a2 linux-firmware: Update firmware file for Intel Bluetooth AX201
0e3e49a linux-firmware: Update firmware file for Intel Bluetooth AX201
46cfae6 linux-firmware: Update firmware file for Intel Bluetooth AX211
16c926e linux-firmware: Update firmware file for Intel Bluetooth AX211
f293900 linux-firmware: Update firmware file for Intel Bluetooth AX210
41386cc linux-firmware: Update firmware file for Intel Bluetooth AX200
62235c9 linux-firmware: Update firmware file for Intel Bluetooth AX201
realtek:
7eef50f rtw88: 8822c: Update normal firmware to v9.9.13
23b5428 rtw88: 8822c: Update normal firmware to v9.9.12
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit fffb8cacf1e25fe171e4cf1dedc347352df9596e)
|
| |
|
|
|
|
|
|
|
| |
Kalle Valo managed to add the qca9980's boardfile in the
upstream repository. Sourcing the file from his repository
is no longer needed.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 4ba7f6d9cbd74adc82ab3064cc4c9f6ec5eb51a6)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
git log --pretty=oneline --abbrev-commit 20220411..20220509 (sorted)
amdgpu:
480d6c2 amdgpu: update dcn_3_1_6_dmcub firmware
b4994be amdgpu: update gc_10_3_7_rlc firmware
61eb408 amdgpu: update psp_13_0_8 firmware
fcf9d8c amdgpu: update yellow carp DMCUB firmware
ath10k:
73743b8 ath10k: QCA4019 hw1.0: update board-2.bin
6ad0930 ath10k: QCA6174 hw3.0: update board-2.bin
729bd7f ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00288-QCARMSWPZ-1
9fce09f ath10k: QCA9888 hw2.0: update board-2.bin
b155d85 ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00156
44b8aee ath10k: QCA9984 hw1.0: update board-2.bin
4ad3bd3 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00156
1962cba ath10k: QCA99X0 hw2.0: add board-2.bin
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 25b29b53f01d3053bd7c8ef68b0bd7dcdb195913)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The index.json file lies next to Packages index files and contains a
json dict with the package architecture and a dict of package names and
versions.
This can be used for downstream project to know what packages in which
versions are available.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 218ce40cd738f3373438aab82467807a8707fb9c)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changes:
43f81b4 wireless-regdb: update regulatory database based on preceding changes
66f245d wireless-regdb: Update regulatory rules for Hong Kong (HK)
e78c450 wireless-regdb: update regulatory rules for India (IN)
1647bb6 wireless-regdb: Update regulatory rules for Russia (RU). Remove DFS requirement.
c076f21 Update regulatory info for Russia (RU) on 6GHz
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 97d20525b24e96558f974858f4d8ad6d9148e61f)
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:
- Excessive Resource Usage Verifying X.509 Policy Constraints
(CVE-2023-0464)
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit
this vulnerability by creating a malicious certificate chain that
triggers exponential use of computational resources, leading to a
denial-of-service (DoS) attack on affected systems.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
- Invalid certificate policies in leaf certificates are silently ignored
(CVE-2023-0465)
Severity: Low
Applications that use a non-default option when verifying certificates
may be vulnerable to an attack from a malicious CA to circumvent
certain checks.
Invalid certificate policies in leaf certificates are silently ignored
by OpenSSL and other certificate policy checks are skipped for that
certificate. A malicious CA could use this to deliberately assert
invalid certificate policies in order to circumvent policy checking on
the certificate altogether.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466. It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.
Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
007d94546749 uclient: cancel state change timeout in uclient_disconnect()
644d3c7e13c6 ci: improve wolfSSL test coverage
dc54d2b544a1 tests: add certificate check against letsencrypt.org
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 4f1c2e8deef10e9ca34ceff5a096e62aaa668e90)
|
| |
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds libbpf to the dependencies of tc-mod-iptables.
The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491
LIBBPF_FORCE=on set, but couldn't find a usable libbpf
The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.
Fixes: #9491
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit fa468d4bcdc7e6eb84ea51d9b05368ed87c43aae)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the trivial abscence of $() when assigning engine config files to
the main libopenssl-config package even if the corresponding engines
were not built into the main library.
This is mostly cosmetic, since scripts/ipkg-build tests the file's
presence before it is actually included in the package's conffiles.
Fixes: 30b0351039 "openssl: configure engine packages during install"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c75cd5f6028da6ceb1fb3438da93e2305cd720b1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
7f7a9f7 wireless-regdb: update regulatory database based on preceding changes
660a1ae wireless-regdb: Update regulatory info for Russia (RU) on 5GHz
fe05cc9 wireless-regdb: Update regulatory rules for Japan (JP) on 6GHz
d8584dc wireless-regdb: Update regulatory rules for Japan (JP) on 5GHz
c04fd9b wireless-regdb: update regulatory rules for Switzerland (CH)
f29772a wireless-regdb: Update regulatory rules for Brazil (BR)
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 1173edf23b3440137d60162d1ef9f48ffa13e3e2)
|
| |
|
|
|
|
|
|
| |
This removes the non-selectable 'Kernel' item
when make menuconfig.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 3e4c014008659c760b2e4638f606da90df1e3c93)
|
| |
|
|
|
|
|
|
|
| |
Remove upstreamed patches.
Switch to normal tarballs. Codeload recently had a reproducibility issue.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 44c24b3ac5d4523c0f9f55691d28387508e93de5)
|
| |
|
|
|
|
|
| |
Fixes bogus errors on ubus calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit cf992ca862f271936f61367236378378f0d91b6d)
|
| |
|
|
|
|
|
|
| |
The dhcphostsfile must be mounted into the (ujail) sandbox.
The file can not be accessed without this mount.
Signed-off-by: Ruben Jenster <rjenster@gmail.com>
(cherry picked from commit 936df715de3d33947ce38ca232b05c2bd3ef58f1)
|
| |
|
|
|
|
|
|
| |
ipaddr option can be in CIDR notation,
but udhcp wants just an IP address
Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
(cherry picked from commit 506bb436c678779e8ee54e83a7fb3e4e880037ec)
|
| |
|
|
|
|
|
|
|
| |
Potentially fixes some driver data structure corruption issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 9779ee021d30508eb9e7ebf1ec0a28a4be3c4c19)
[Change patch number]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
| |
Adds uboot-envtools support for ramips Asus RX-AX53U now that partition
can be correctly read.
Signed-off-by: Felix Baumann <felix.bau@gmx.de>
[ improve commit title and description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 75451681d03e609ac8a3d1cd7469eefa53e18ca4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Mikrotik R11e-LTE6 modem is similar to ZTE MF286R modem, added
earlier: it has a Marvel chip, able to work in ACM+RNDIS mode, knows ZTE
specific commands, runs OpenWrt Barrier Breaker fork.
While the modem is able to offer IPv6 address, the RNDIS setup is unable
to complete if there is an IPv6 adress.
While it works in ACM+RNDIS mode, the user experience isn't as good as
with "proto 3g": the modem happily serves a local IP (192.168.1.xxx)
without internet access. Of course, if the modem has enough time
(for example at the second dialup), it will serve a public IP.
Modifing the DHCP Lease (to a short interval before connect and back to
default while finalizing) is a workaround to get a public IP at the
first try.
A safe workaround for this is to excercise an offline script of the
pingcheck program: simply restart (ifdown - ifup) the connection.
Another pitfall is that the modem writes a few messages at startup,
which confuses the manufacturer detection algorithm and got disabled.
daemon.notice netifd: Interface 'mikrotik' is setting up now
daemon.notice netifd: mikrotik (2366): Failed to parse message data
daemon.notice netifd: mikrotik (2366): WARNING: Variable 'ok' does not exist or is not an array/object
daemon.notice netifd: mikrotik (2366): Unsupported modem
daemon.notice netifd: mikrotik (2426): Stopping network mikrotik
daemon.notice netifd: mikrotik (2426): Failed to parse message data
daemon.notice netifd: mikrotik (2426): WARNING: Variable '*simdetec:1,sim' does not exist or is not an array/object
daemon.notice netifd: mikrotik (2426): Unsupported modem
daemon.notice netifd: Interface 'mikrotik' is now down
A workaround for this is to use the "delay" option in the interface
configuration.
I want to thank Forum members dchard (in topic Adding support for
MikroTik hAP ac3 LTE6 kit (D53GR_5HacD2HnD)) [1]
and mrhaav (in topic OpenWrt X86_64 + Mikrotik R11e-LTE6) [2]
for sharing their experiments and works.
Another information page was found at eko.one.pl [3].
[1]: https://forum.openwrt.org/t/137555
[2]: https://forum.openwrt.org/t/151743
[3]: https://eko.one.pl/?p=modem-r11elte
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit dbd6ebd6d84b35599a0446559576df41f487200e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The MikroTik R11e-LTE6 modem goes into flight mode (CFUN=4) at startup
and the radio is off (*RADIOPOWER: 0):
AT+RESET
OK
OK
*SIMDETEC:2,NOS
*SIMDETEC:1,SIM
*ICCID: 8936500119010596302
*EUICC: 1
+MSTK: 11, D025....74F3
*ADMINDATA: 0, 2, 0
+CPIN: READY
*EUICC: 1
*ECCLIST: 5, 0, 112, 0, 000, 0, 08, 0, 118, 0, 911
+CREG: 0
$CREG: 0
+CESQ: 99,99,255,255,255,255
*CESQ: 99,99,255,255,255,255,0
+CGREG: 0
+CEREG: 0
+CESQ: 99,99,255,255,255,255
*CESQ: 99,99,255,255,255,255,0
*RADIOPOWER: 0
+MMSG: 0, 0
+MMSG: 0, 0
+MMSG: 1, 0
+MPBK: 1
While the chat script is able to establish the PPP connection,
it's closed instantly by the modem: LCP terminated by peer.
local2.info chat[7000]: send (ATD*99***1#^M)
local2.info chat[7000]: expect (CONNECT)
local2.info chat[7000]: ^M
local2.info chat[7000]: ATD*99***1#^M^M
local2.info chat[7000]: CONNECT
local2.info chat[7000]: -- got it
local2.info chat[7000]: send ( ^M)
daemon.info pppd[6997]: Serial connection established.
kern.info kernel: [ 453.659146] 3g-mikrotik: renamed from ppp0
daemon.info pppd[6997]: Renamed interface ppp0 to 3g-mikrotik
daemon.info pppd[6997]: Using interface 3g-mikrotik
daemon.notice pppd[6997]: Connect: 3g-mikrotik <--> /dev/ttyACM0
daemon.info pppd[6997]: LCP terminated by peer
daemon.notice pppd[6997]: Connection terminated.
daemon.notice pppd[6997]: Modem hangup
daemon.info pppd[6997]: Exit.
daemon.notice netifd: Interface 'mikrotik' is now down
Sending "AT+CFUN=1" to modem deactivates the flight mode and
solves the issue:
daemon.notice netifd: Interface 'mikrotik' is setting up now
daemon.notice netifd: mikrotik (7051): sending -> AT+CFUN=1
daemon.notice pppd[7137]: pppd 2.4.9 started by root, uid 0
local2.info chat[7140]: abort on (BUSY)
local2.info chat[7140]: abort on (NO CARRIER)
local2.info chat[7140]: abort on (ERROR)
local2.info chat[7140]: report (CONNECT)
local2.info chat[7140]: timeout set to 10 seconds
local2.info chat[7140]: send (AT&F^M)
local2.info chat[7140]: expect (OK)
local2.info chat[7140]: ^M
local2.info chat[7140]: +CESQ: 99,99,255,255,255,255^M
local2.info chat[7140]: ^M
local2.info chat[7140]: *CESQ: 99,99,255,255,255,255,0^M
local2.info chat[7140]: AT&F^MAT&F^M^M
local2.info chat[7140]: OK
local2.info chat[7140]: -- got it
...
local2.info chat[7140]: send (ATD*99***1#^M)
local2.info chat[7140]: expect (CONNECT)
local2.info chat[7140]: ^M
local2.info chat[7140]: ATD*99***1#^M^M
local2.info chat[7140]: CONNECT
local2.info chat[7140]: -- got it
local2.info chat[7140]: send ( ^M)
daemon.info pppd[7137]: Serial connection established.
kern.info kernel: [ 463.094254] 3g-mikrotik: renamed from ppp0
daemon.info pppd[7137]: Renamed interface ppp0 to 3g-mikrotik
daemon.info pppd[7137]: Using interface 3g-mikrotik
daemon.notice pppd[7137]: Connect: 3g-mikrotik <--> /dev/ttyACM0
daemon.warn pppd[7137]: Could not determine remote IP address: defaulting to 10.64.64.64
daemon.notice pppd[7137]: local IP address 100.112.63.62
daemon.notice pppd[7137]: remote IP address 10.64.64.64
daemon.notice pppd[7137]: primary DNS address 185.29.83.64
daemon.notice pppd[7137]: secondary DNS address 185.62.131.64
daemon.notice netifd: Network device '3g-mikrotik' link is up
daemon.notice netifd: Interface 'mikrotik' is now up
To send this AT command to the modem the "runcommand.gcom" script
dependency is moved from comgt-ncm to comgt.
As the comgt-ncm package depends on comgt already, this change
is a NOOP from that point of view.
But from the modem's point it is a low hanging fruit as the modem
is usable with installing comgt and kmod-usb-ncm packages.
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
(cherry picked from commit 91eca7b04ff1309c7408baa1f1631d7623ce50cf)
|
| |
|
|
|
|
|
| |
Fixes CVE-2022-47522
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d54c91bd9ab3c54ee06923eafbd67047816a37e4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This patch solves the problem of receiving "error" responses when
initially calling gcom. This avoids unnecessary NO_DEVICE failures.
A retry loop retries the call after an "error" response within the
specified delay. A successful response will continue with the connection
immediately without waiting for max specified delay, bringing the
interface up sooner.
Signed-off-by: Mike Wilson <mikewse@hotmail.com>
(cherry picked from commit 8f27093ce784daad5a9b1c89f51d0a76a8bbb07b)
|
| |
|
|
|
|
|
| |
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.10.173&id=18c3fa7a7fdbb4d21dafc8a7710ae2c1680930f6
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit fbfec3286e8bfce3a78749b7bcb67e658665f197)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hardware
--------
SoC: Freescale P1010
RAM: 512MB
FLASH: 1 MB SPI-NOR
512 MB NAND
ETH: 3x Gigabite Ethernet (Atheros AR8033)
SERIAL: Cisco RJ-45 (115200 8N1)
RTC: Battery-Backed RTC (I2C)
Installation
------------
1. Patch U-Boot by dumping the content of the SPI-Flash using a SPI
programmer. The SHA1 hash for the U-Boot password is currently
unknown.
A tool for patching U-Boot is available at
https://github.com/blocktrron/t10-uboot-patcher/
You can also patch the unknown password yourself. The SHA1 hash is
E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA
2. Interrupt the bootmenu by pressing CTRL+C. A password prompt appears.
The patched password is '1234' (without quotation marks)
3. Download the OpenWrt initramfs image. Copy it to a TFTP server
reachable at 10.0.1.13/24 and rename it to uImage.
4. Connect the TFTP server to ethernet port 0 of the Watchguard T10.
5. Download and boot the initramfs image by entering "tftpboot; bootm;"
in U-Boot.
6. After OpenWrt booted, create a UBI volume on the old data partition.
The "ubi" mtd partition should be mtd7, check this using
$ cat /proc/mtd
Create a UBI partition by executing
$ ubiformat /dev/mtd7 -y
7. Increase the loadable kernel-size of U-Boot by executing
$ fw_setenv SysAKernSize 800000
8. Transfer the OpenWrt sysupgrade image to the Watchguard T10 using
scp. Install the image by using sysupgrade:
$ sysupgrade -n <path-to-sysupgrade>
Note: The LAN ports of the T10 are 1 & 2 while 0 is WAN. You might
have to change the ethernet-port.
9. OpenWrt should now boot from the internal NAND. Enjoy.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 35f6d795134e9b089c4e763a7f58cba7d4e15e42)
|
| |
|
|
|
|
|
| |
Fix autoload module name for can-mcp251x kmod.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
(cherry picked from commit 29d02d8ce584fa7e420204e04dde1e17e14e009c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 4ae86b3358a149a17411657b12103ccebfbdb11b)
The original commit removed the upstreamed patch 010-padlock.patch, but
it's not on OpenWrt 22.03, so it doesn't have to be removed.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
|
| |
|
|
|
|
|
| |
This update mac80211 to version 5.15.92-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
This adds missing HE modes to mac80211_prepare_ht_modes.
Previously mesh without wpa_supplicant would be initialized with 802.11g
/NO-HT only, as this method did not parse channel bandwidth for HE
operation.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit a63430eac33ceb1dbf96d3667e2a0f2e04ba391f)
|
| |
|
|
|
|
|
|
| |
Patch the mbedtls source instead of modifying the compile-targets
in the prepare buildstep within OpenWrt.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 00f1463df7e690862403208082f71fb4741baf02)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This fixes a security problem in ksmbd. It currently has the
ZDI-CAN-18259 ID assigned, but no CVE yet.
Backported from:
https://github.com/cifsd-team/ksmbd/commit/8824b7af409f51f1316e92e9887c2fd48c0b26d6
https://github.com/cifsd-team/ksmbd/commit/cc4f3b5a6ab4693aba94a45cc073188df4d67175
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 76c67fcc66116381c69439f20159b636573080ba)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release Announcement:
https://github.com/cifsd-team/ksmbd/releases/tag/3.4.6
Remove upstreamed:
- 10-fix-build-on-kernel-5.15.52-or-higher.patch
This fixes the following security bugs:
* CVE-2022-47938, ZDI-22-1689
* CVE-2022-47939, ZDI-22-1690 (patch was already backported before)
* CVE-2022-47940, ZDI-22-1691
* CVE-2022-47941, ZDI-22-1687
* CVE-2022-47942, ZDI-22-1688
* CVE-2022-47943, ZDI-CAN-17817
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 78cbcc77cc33638b185f85c0e40daee1906a2c3c)
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
| |
brcmsmac needs bcma. bcma is build into the kernel for the other bcm47xx
subtargets, but not for the legacy target because it only uses ssb. We
could build bcma as a module for bcm47xx_legacy, but none of these old
devices uses a wifi card supported by brcsmac.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cb7d662dac897dd7df6ba6ba60417db822bd68f2)
|
| |
|
|
|
|
|
|
|
|
|
| |
libxxhash is now available in the OpenWrt package feed and gdb will link
against it if gdb finds this library. Explicitly deactivate the usage
of xxhash.
This should fix the build of gdb in build bots.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a442974cfa89c7182c37b3b422b2d49319e2b339)
|
| |
|
|
|
|
| |
4a673e1 fix null pointer dereference for INFORM messages
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
| |
This is used to access footer data in firmare files, and is simpler and
less error-prone than using 'dd' with calculated offsets.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 9cbc825b30a60c4c4b466301b87e15e59b107f24)
|
| |
|
|
|
|
|
|
|
| |
The ABI of the wolfssl library changed a bit between version 5.5.3 and
5.5.4. This release update will trigger a rebuild of all packages which
are using wolfssl to make sure they are adapted to the new ABI.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ee47a28cec01c7943238bae45f65a98e4fc9abbe)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove upstreamed:
- 001-Fix-enable-devcrypto-build-error.patch
Refresh patch:
- 100-disable-hardening-check.patch
Release notes:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.4-stable
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 04634b2d8253972a3e7b663231474eb564e69077)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Fixes the following CVEs:
* CVE-2022-46393: Fix potential heap buffer overread and overwrite in
DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
* CVE-2022-46392: An adversary with access to precise enough information
about memory accesses (typically, an untrusted operating system
attacking a secure enclave) could recover an RSA private key after
observing the victim performing a single private-key operation if the
window size used for the exponentiation was 3 or smaller.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit af3c9b74e177019b18055c263099a42c1c6c3453)
|
| |
|
|
|
|
|
|
| |
Tweaking the KCONFIG line of kmod-ata-marvell-sata makes the hack patch
unnecessary
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 2e375e9b3148cfdb9b19494a25eebc2fa7b256a3)
|
| |
|
|
|
|
|
| |
2397755 client: fix incorrectly emitting HTTP 413 for certain content lengths
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 73dca49f355fe10d1d5e629b0df584b03a1849b3)
|
| |
|
|
|
|
|
| |
Fix zero day vulnerability reported as ZDI-22-1690, no CVE assigned yet.
Picked from https://github.com/cifsd-team/ksmbd/commit/1f9d85a340
Signed-off-by: Daniel Graña <dangra@gmail.com>
|
| |
|
|
|
|
|
|
| |
The frequency appears as unlisted initial frequency.
Removed it as Hauke suggested.
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
(cherry picked from commit 5b82eeb320d9f8e543232bb5dd004e644b35983e)
|
| |
|
|
|
|
|
| |
The CPE ID is already set in trusted-firmware-a.mk.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 9ed1830bdc1e58efb3e5b17c0e484e1a2655b550)
|
