aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* wolfssl: make shared againJo-Philipp Wich2022-07-302-2/+0
| | | | | | | | | | | | | | Disable the usage of target specific CPU crypto instructions by default to allow the package being shared again. Since WolfSSL does not offer a stable ABI or a long term support version suitable for OpenWrt release timeframes, we're forced to frequently update it which is greatly complicated by the package being nonshared. People who want or need CPU crypto instruction support can enable it in menuconfig while building custom images for the few platforms that support them. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uboot-bcm4908: include SoC in output filesRafał Miłecki2022-07-251-2/+4
| | | | | | | | This fixes problem of overwriting BCM4908 U-Boot and DTB files by BCM4912 ones. That bug didn't allow booting BCM4908 devices. Fixes: f4c2dab544ec2 ("uboot-bcm4908: add BCM4912 build") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* layerscape: update remaining PKG_HASH / PKG_MIRROR_HASHChristian Lamparter2022-07-228-8/+8
| | | | | | | | | The change of the PKG_VERSION caused the hash of the package to change. This is because the PKG_VERSION is present in the internal directory structure of the archive. Fixes: e879cccaa215 ("uboot-layerscape: update PKG_HASH") Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ramips: add support for ZyXEL NWA50AX / NWA55AXEDavid Bauer2022-07-204-0/+392
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardware -------- CPU: Mediatek MT7621 RAM: 256M DDR3 FLASH: 128M NAND ETH: 1x Gigabit Ethernet WiFi: Mediatek MT7915 (2.4/5GHz 802.11ax 2x2 DBDC) BTN: 1x Reset (NWA50AX only) LED: 1x Multi-Color (NWA50AX only) UART Console ------------ NWA50AX: Available below the rubber cover next to the ethernet port. NWA55AXE: Available on the board when disassembling the device. Settings: 115200 8N1 Layout: <12V> <LAN> GND-RX-TX-VCC Logic-Level is 3V3. Don't connect VCC to your UART adapter! Installation Web-UI ------------------- Upload the Factory image using the devices Web-Interface. As the device uses a dual-image partition layout, OpenWrt can only installed on Slot A. This requires the current active image prior flashing the device to be on Slot B. If the currently installed image is started from Slot A, the device will flash OpenWrt to Slot B. OpenWrt will panic upon first boot in this case and the device will return to the ZyXEL firmware upon next boot. If this happens, first install a ZyXEL firmware upgrade of any version and install OpenWrt after that. Installation TFTP ----------------- This installation routine is especially useful in case * unknown device password (NWA55AXE lacks reset button) * bricked device Attach to the UART console header of the device. Interrupt the boot procedure by pressing Enter. The bootloader has a reduced command-set available from CLI, but more commands can be executed by abusing the atns command. Boot a OpenWrt initramfs image available on a TFTP server at 192.168.1.66. Rename the image to owrt.bin $ atnf owrt.bin $ atna 192.168.1.88 $ atns "192.168.1.66; tftpboot; bootm" Upon booting, set the booted image to the correct slot: $ zyxel-bootconfig /dev/mtd10 get-status $ zyxel-bootconfig /dev/mtd10 set-image-status 0 valid $ zyxel-bootconfig /dev/mtd10 set-active-image 0 Copy the OpenWrt ramboot-factory image to the device using scp. Write the factory image to NAND and reboot the device. $ mtd write ramboot-factory.bin firmware $ reboot Signed-off-by: David Bauer <mail@david-bauer.net>
* wolfssl: Do not activate HW acceleration on armvirt by defaultHauke Mehrtens2022-07-201-1/+1
| | | | | | | | | | | | | The armvirt target is also used to run OpenWrt in lxc on other targets like a Raspberry Pi. If we set WOLFSSL_HAS_CPU_CRYPTO by default the wolfssl binray is only working when the CPU supports the hardware crypto extension. Some targets like the Raspberry Pi do not support the ARM CPU crypto extension, compile wolfssl without it by default. It is still possible to activate it in custom builds. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uencrypt: add package to decrypt WG4хх223 configEneas U de Queiroz2022-07-193-0/+194
| | | | | | | | This adds a simple AES-128-CBC encryption/decryption program using either wolfSSL or OpenSSL as backend to decrypt Arcadyan WG4xx223 configuration partitions. The ipk size is 3,355 bytes. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* ramips: Add support command fw_setsys for Xiaomi routersOleg S2022-07-191-4/+10
| | | | | | | | | | | | The system parameters are contained in the Bdata partition. To use the fw_setsys command, you need to create a file fw_sys.config. This file is created after calling the functions ubootenv_add_uci_sys_config and ubootenv_add_app_config. Signed-off-by: Oleg S <remittor@gmail.com> [ wrapped commit description to 72 char ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* libiconv-full: add host buildRosen Penev2022-07-171-0/+7
| | | | | | | | | Now that libiconv-stub is gone, a replacement for its host build is needed. Fixes: c0ba4201f837 ("libiconv-stub: remove") Signed-off-by: Rosen Penev <rosenp@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* sdk: add spidev-test to the bundle of userspace sourcesChristian Lamparter2022-07-171-2/+3
| | | | | | | | | | | | | moves and extends the current facilities, which have been added some time ago for the the usbip utility, to support more utilites that are shipped with the Linux kernel tree to the SDK. this allows to drop all the hand-waving and code for failed previous attempts to mitigate the SDK build failures. Fixes: bdaaf66e28bd ("utils/spidev_test: build package directly from Linux") Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel: netconsole: add network console logging supportCatalin Toda2022-07-171-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Accessing the console on many devices is difficult. netconsole eases debugging on devices that crash after the network is up. Reference to the netconsole documentation in upstream Linux: <https://www.kernel.org/doc/html/latest/networking/netconsole.html> | |netconsole=[+][src-port]@[src-ip]/[<dev>],[tgt-port]@<tgt-ip>/[tgt-macaddr] | | where | + if present, enable extended console support | src-port source for UDP packets (defaults to 6665) | src-ip source IP to use (interface address) | dev network interface (eth0) | tgt-port port for logging agent (6666) | tgt-ip IP address for logging agent | tgt-macaddr ethernet MAC address for logging agent (broadcast) OpenWrt specific notes: OpenWrt's device userspace scripts are attaching the network interface (i.e. eth0) to a (virtual) bridge (br-lan) device. This will cause netconsole to report: |network logging stopped on interface eth0 as it is joining a master device (and unfortunately the traffic/logs to stop at this point) As a workaround, the netconsole module can be manually loaded again after the bridge has been setup with: insmod netconsole netconsole=@/br-lan,@192.168.1.x/MA:C... One way of catching errors before the handoff, try to append the /etc/modules.conf file with the following extra line: options netconsole netconsole=@/eth0,@192.168.1.x/MA:C... and install the kmod-netconsole (=y) into the base image. Signed-off-by: Catalin Toda <catalinii@yahoo.com> (Added commit message from PR, added links to documentation) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* uboot-layerscape: update PKG_HASHChristian Lamparter2022-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The change of the PKG_VERSION caused the hash of the package to change. This is because the PKG_VERSION is present in the internal directory structure of the uboot-layerscape-21.08.tar.xz archive. i.e: # tar tf uboot-layerscape-21.08.tar.xz: uboot-layerscape-21.08/ uboot-layerscape-21.08/.azure-pipelines.yml uboot-layerscape-21.08/.checkpatch.conf uboot-layerscape-21.08/.gitattributes uboot-layerscape-21.08/.github/ [...] vs. # tar tf uboot-layerscape-LSDK-21.08.tar.xz uboot-layerscape-LSDK-21.08/ uboot-layerscape-LSDK-21.08/.azure-pipelines.yml uboot-layerscape-LSDK-21.08/.checkpatch.conf uboot-layerscape-LSDK-21.08/.gitattributes uboot-layerscape-LSDK-21.08/.github/ [...] the (file) content of both archives are otherwise the same. The PKG_HASH was taken from the builder log: | Hash of the local file uboot-layerscape-21.08.tar.xz does not match |(file: 54909a98bdcc26c7f9b35b35fcae09b977ecbf044be7bffa6dad9306c47cccf6, |requested: 874e871755ef84ebbf3[...]) - deleting download. without this update, the uboot-layerscape-21.08 package would always try to download (from git), repacked the archive and reupload to sources.openwrt.org (~14 MiB saved). Fixes: 038d5bdab117 ("layerscape: use semantic versions for LSDK") Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* mbedtls: build with PICRosen Penev2022-07-171-0/+1
| | | | | | Fixes compilation with GCC12 and dependent packages for some reason. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ipq-wifi: remove dangling GL.iNet GL-B2200 boardfilesChristian Lamparter2022-07-172-0/+0
| | | | | | | those board files can/should be dropped now too. Fixes: 50c232d6f446 ("ipq-wifi: drop upstreamed board-2.bin") Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* nu801: fix DEPENDS on bcm53xxChristian Lamparter2022-07-171-1/+1
| | | | | | | | | | | the tacked on @TARGET_bcm53xx causes warnings: tmp/.config-package.in:14027:warning: ignoring unsupported character '@' tmp/.config-package.in:26028:warning: ignoring unsupported character '@' this was wrong. Fixes: be1761fa1488 ("nu801: add MR26 to the table") Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* procd: update to git HEADChristian Marangi2022-07-171-3/+3
| | | | | | | ef5d3e3 jail: fix various ignoring return value compilation warning 8e4a956 jail: add WARNING macro to log non critical warning message Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* fstools: update to git HEADChristian Marangi2022-07-171-3/+3
| | | | | | ebf7e90 libfstools: handle gzip return value in block_volume_format Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* ubox: update to latest git HEADChristian Marangi2022-07-171-4/+4
| | | | | | | | 46a33b8 kmodloader: fix compilation warning with not checking return of asprintf Also switch PKG_RELEASE to AUTORELEASE. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* wolfssl: bump to 5.4.0Eneas U de Queiroz2022-07-164-48/+4
| | | | | | | | | | This version fixes two vulnerabilities: -CVE-2022-34293[high]: Potential for DTLS DoS attack -[medium]: Ciphertext side channel attack on ECC and DH operations. The patch fixing x86 aesni build has been merged upstream. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* nu801: add MR26 to the tableChristian Lamparter2022-07-151-3/+3
| | | | | | | The MR26 uses a NU801 for the RGB-Leds. Make the LEDs available. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* module/firmware: remove intersil PRISM54 supportChristian Lamparter2022-07-152-38/+2
| | | | | | | | | | | the legacy driver was dropped in linux 5.14-rc3: commit d249ff28b1d8 ("intersil: remove obsolete prism54 wireless driver") Quoting Lukas Bulwahn: "p54 replaces prism54 so users should be unaffected." Reported-by: Marius Dinu <m95d+git@psihoexpert.ro> Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* utils/spidev_test: side-step build-system woesChristian Lamparter2022-07-151-1/+1
| | | | | | | | | | | | | The spidev_test is build in phase2 even though it should be disabled. My best guess is that we hit the same issue that I had with nu801. The build-system thinks it's a tool that is necessary for building the kernel. In this case, the same fix (adding a dependency on the presence of the module) could work in this case as well? Fixes: bdaaf66e28bd ("utils/spidev_test: build package directly from Linux") Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ipq-wifi: drop upstreamed board-2.binChristian Lamparter2022-07-151-2/+0
| | | | | | | | | | The BDFs for the: GL.iNet GL-B2200 were upstreamed to the ath10k-firmware repository and landed in linux-firmware.git Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* linux-firmware: Update to version 20220610Christian Lamparter2022-07-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git log --pretty=oneline --abbrev-commit 20220509..20220610 (sorted) amdgpu: 4458bb4 amdgpu: update yellow carp DMCUB firmware 9ed4d42 amdgpu: update Yellow Carp VCN firmware 251d290 amdgpu: update beige goby firmware for 22.10 d4346b3 amdgpu: update renoir firmware for 22.10 b3df9c4 amdgpu: update dimgrey cavefish firmware for 22.10 e1b0a1c amdgpu: update vega20 firmware for 22.10 4a0d163 amdgpu: update yellow carp firmware for 22.10 e8f2e54 amdgpu: update vega12 firmware for 22.10 7a7f84a amdgpu: update navy flounder firmware for 22.10 5a6a482 amdgpu: update vega10 firmware for 22.10 4ee52ee amdgpu: update raven2 firmware for 22.10 e2d460f amdgpu: update raven firmware for 22.10 5b52a90 amdgpu: update sienna cichlid firmware for 22.10 c8268e6 amdgpu: update green sardine firmware for 22.10 f29f5b5 amdgpu: update PCO firmware for 22.10 95b5b3f amdgpu: update vangogh firmware for 22.10 6dcbd01 amdgpu: update navi14 firmware for 22.10 f803fbd amdgpu: update navi12 firmware for 22.10 8923000 amdgpu: update navi10 firmware for 22.10 4b2af01 amdgpu: update aldebaran firmware for 22.10 ath10k: 2aa4da3 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00157 f7cc4b4 ath10k: QCA9888 hw2.0: update board-2.bin e9e987d ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00157 866b5b2 ath10k: QCA4019 hw1.0: update board-2.bin intel: ac640f0 linux-firmware: Update firmware file for Intel Bluetooth 9462 38dd3f2 linux-firmware: Update firmware file for Intel Bluetooth 9462 72e1216 linux-firmware: Update firmware file for Intel Bluetooth 9560 94c49b4 linux-firmware: Update firmware file for Intel Bluetooth 9560 e4971d1 linux-firmware: Update firmware file for Intel Bluetooth AX201 78c3731 linux-firmware: Update firmware file for Intel Bluetooth AX201 12564a2 linux-firmware: Update firmware file for Intel Bluetooth AX211 edc709e linux-firmware: Update firmware file for Intel Bluetooth AX211 9546d55 linux-firmware: Update firmware file for Intel Bluetooth AX210 111bd14 linux-firmware: Update firmware file for Intel Bluetooth AX200 ac67ec3 linux-firmware: Update firmware file for Intel Bluetooth AX201 99cb4b0 iwlwifi: add new FWs from core70-87 release 7073b8a iwlwifi: update 9000-family firmwares to core70-87 f9e0b9f iwlwifi: remove old unsupported 3160/7260/7265/8000/8265 firmware 7d118ce linux-firmware: Update firmware file for Intel Bluetooth 9462 30dcf82 linux-firmware: Update firmware file for Intel Bluetooth 9462 7d141a6 linux-firmware: Update firmware file for Intel Bluetooth 9560 741fee8 linux-firmware: Update firmware file for Intel Bluetooth 9560 e7214a2 linux-firmware: Update firmware file for Intel Bluetooth AX201 0e3e49a linux-firmware: Update firmware file for Intel Bluetooth AX201 46cfae6 linux-firmware: Update firmware file for Intel Bluetooth AX211 16c926e linux-firmware: Update firmware file for Intel Bluetooth AX211 f293900 linux-firmware: Update firmware file for Intel Bluetooth AX210 41386cc linux-firmware: Update firmware file for Intel Bluetooth AX200 62235c9 linux-firmware: Update firmware file for Intel Bluetooth AX201 realtek: 7eef50f rtw88: 8822c: Update normal firmware to v9.9.13 23b5428 rtw88: 8822c: Update normal firmware to v9.9.12 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* libiconv-stub: removeRosen Penev2022-07-1531-1942/+0
| | | | | | No longer used. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* firmware: intel-microcode: update to 20220510Christian Lamparter2022-07-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>: * New upstream microcode datafile 20220419 * Fixes errata APLI-11 in Atom E3900 series processors * Updated Microcodes: sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384 * New upstream microcode datafile 20220510 * Fixes INTEL-SA-000617, CVE-2022-21151: Processor optimization removal or modification of security-critical code may allow an authenticated user to potentially enable information disclosure via local access (closes: #1010947) * Fixes several errata (functional issues) on Xeon Scalable, Atom C3000, Atom E3900 * New Microcodes: sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992 sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992 sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992 * Updated Microcodes: sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224 sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496 sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816 sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008 sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888 sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888 sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696 sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408 sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568 sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264 sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912 sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776 sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776 sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640 sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816 sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568 sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280 sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400 sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472 sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472 sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472 sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472 sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472 sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480 sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480 sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544 sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448 sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472 sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448 sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448 sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256 sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280 sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256 sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256 sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256 sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424 Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ipq40xx: R619AC: replace space with - separator in variant stringChristian Lamparter2022-07-151-0/+0
| | | | | | | | | | | | | Kalle: "I see that variant has a space in it, does that work it correctly? My original idea was that spaces would not be allowed, but didn't realise to add a check for that." Is this an easy change? Because the original author (Tim Davis) noted: "You may substitute the & and space with something else saner if they prove to be problematic." Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* hostapd: add ppsk option (private psk)Manuel Giganto2022-07-151-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR allows a user to enable a private psk, where each station may have it's own psk or use a common psk if it is not defined. The private psk is defined using the sta's mac and a radius server is required. ppsk option should be enabled in the wireless configuration along with radius server details. When using PPSK, the key is ignored, it will be retrieved from radius server. SAE is not yet supported (private sae) in hostapd. Wireless example configuration: option encryption 'psk2+ccmp' option ppsk '1' option auth_server '127.0.0.1' option auth_secret 'radiusServerPassword' If you want to use dynamic VLAN on PPSK also include: option dynamic_vlan '2' option vlan_tagged_interface 'eth0' option vlan_bridge 'br-vlan' option vlan_naming '0' It works enabling mac address verification on radius server and requiring the tunnel-password (the private psk) from radius server. In the radius server we need to configure the users. In case of freeradius: /etc/freeradius3/mods-config/files/authorize The user and Cleartext-Password should be the mac lower case using the format "aabbccddeeff" <sta mac> Cleartext-Password := "<sta mac>" Tunnel-Password = <Private Password> Example of a user configured in radius and using dynamic VLAN5: 8cb84a000000 Cleartext-Password := "8cb84a000000" Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 5, Tunnel-Password = MyPrivPw If we want to have a default or shared psk, used when the mac is not found in the list, we need to add the following at the end of the radius authorize file: DEFAULT Auth-Type := Accept Tunnel-Password = SharedPw And if using VLANs, for example VLAN6 for default users: DEFAULT Auth-Type := Accept Tunnel-Type = VLAN, Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-ID = 6, Tunnel-Password = SharedPw Signed-off-by: Manuel Giganto <mgigantoregistros@gmail.com>
* strace: add nls.mkRosen Penev2022-07-151-1/+2
| | | | | | | Needed when building with libdw and CONFIG_BUILD_NLS, mostly for the rpath-link. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* firewall3: update file hashMichael Pratt2022-07-141-1/+1
| | | | | | | | the hash and timestamp of the remote copy of the archive has changed since last bump meaning the remote archive copy was recreated Signed-off-by: Michael Pratt <mcpratt@pm.me>
* uboot-mediatek: unbreak build with binmanDaniel Golle2022-07-1332-325/+71
| | | | | | | | | swig has been installed on the buildbots a while a ago and Petr Štetiar got a fix for the pylibfdt error. Use that and re-enable the builds for mt7620 and mt7621. Refresh patches while at it. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: add support for UBI EOF markerDaniel Golle2022-07-131-0/+51
| | | | | | | Let U-Boot handle free space in UBI partitions by recognizing the EOF marker OpenWrt is using as well for that purpose. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mac80211: fix AQL issue with multicast trafficFelix Fietkau2022-07-131-0/+30
| | | | | | Exclude multicast from pending AQL budget Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uboot-at91: fix build on buildbotsClaudiu Beznea2022-07-131-1/+2
| | | | | | | | | | | | | | | Buidbots are throwing the following compile error: In file included from tools/aisimage.c:9: include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory ^~~~~~~~~~~~~~~ compilation terminated. Fix it by passing `UBOOT_MAKE_FLAGS` variable to make. Suggested-by: Petr Štetiar <ynezz@true.cz> Fixes: 6d5611af2813 ("uboot-at91: update to linux4sam-2022.04") Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
* uboot-mediatek: mark mt7620 build as @BROKENDaniel Golle2022-07-121-0/+2
| | | | | | Turns out also mt7620 build has a more hidden dependency on binman. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: mark MT7621 variants as @BROKENDaniel Golle2022-07-121-0/+2
| | | | | | | | | | Building U-Boot for the MT7621 SoC requires binman, a Python-based host tool to generate images. For now, binman cannot work inside the OpenWrt build system because it requires swig, so mark the MT7621 boards as borken to fix the ramips/mt7621 build until someone with knowledge about Python and swig fixes the underlaying issue. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-imx: pico-pi-imx7d: fix wrong make flags overridingPetr Štetiar2022-07-121-1/+1
| | | | | | | | | | | | | | | | | | | | | Buidbots are currently choking on the following compile error: In file included from tools/aisimage.c:9: include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory # include <openssl/evp.h> ^~~~~~~~~~~~~~~ compilation terminated. This is caused by a complete overriding of make flags which are provided correctly in `UBOOT_MAKE_FLAGS` variable, but currently overriden instead of extended. This then leads to the usage of build host include dirs, which are not available. Fix it by extending `UBOOT_MAKE_FLAGS` variable like it was done in commit 481339a04266 ("uboot-imx: fix wrong make flags overriding"). Fixes: 7094e6550336 ("uboot-imx: add support for TechNexion PICO-PI-IMX7D") Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uboot-ramips: add support for MT7621, merge into uboot-mediatekDaniel Golle2022-07-1129-110/+7440
| | | | | | | | | | | | * Merge uboot-ramips into uboot-mediatek. * Port support for the RAVPower RP WD009 to U-Boot 2022.07. * Add support for MT7621 and add builds for the reference boards. * Add builds for MT7620 and MT7628 reference boards. This should help to make development of U-Boot-level board support for all MediaTek targets much easier. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: update to 2022.07 releaseDaniel Golle2022-07-1119-162/+207
| | | | | | | | | | | Add patch to fix host-build of the mkimage tool without CONFIG_TOOLS_LIBCRYPTO. Update and refresh all patches. Tested on BananaPi R64 (MT7622) successfully booting from SD card, eMMC and SPI-NAND. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-envtools: imx: cortexa7: add TechNexion PICO-PI-IMX7DLech Perczak2022-07-111-0/+19
| | | | | | Add configuration for upstream U-Boot environment for booting from eMMC. Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* uboot-imx: add support for TechNexion PICO-PI-IMX7DLech Perczak2022-07-111-0/+9
| | | | | | | | | | Add mainline U-Boot flavour for TechNexion PICO-PI-IMX7D board, using DM and upstream default configuration, storing payload in sector 138 of eMMC. Signed-off-by: Lech Perczak <lech.perczak@gmail.com> [pepe2k@gmail.com: fixed BUILD_DEVICES value] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* cypress-nvram: support BCM4339 on TechNexion PICO-PI-IMX7DLech Perczak2022-07-112-0/+117
| | | | | | | | | | This board features an AP6335 system-in-package combination of Wi-Fi and Bluetooth module based on BCM4339. Support is borrowed directly from the following Buildroot commit: 095420e05ae5: ("configs/imx7dpico: Add Wifi support"). Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* linux-firmware: use upstream firmware for cypress-firmware-4339-sdioLech Perczak2022-07-112-15/+8
| | | | | | | | | | Old firmware provided by 'cypress-firmware' suite is not sufficient for AP6335 module used in PICO-PI-IMX7D board to probe successfully. Use the upstream version from linux-firmware instead. At the same time, drop the old firmware from 'cypress-firmware' package. Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* mac80211: enable CONFIG_BRCMFMAC_SDIO for imx/cortexa7Lech Perczak2022-07-111-0/+1
| | | | | | | TechNexion PICO-PI-IMX7D uses BCM4339 Wi-Fi interface in SDIO mode. Enable SDIO support for imx/cortexa7 to fully support it in images. Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* kernel: add kmod-btsdio packageLech Perczak2022-07-111-0/+18
| | | | | | | | Add package supporting Bluetooth HCI interfaces connected over SDIO. Signed-off-by: Lech Perczak <lech.perczak@gmail.com> [pepe2k@gmail.com: dropped rfkill dependency, other minor text fixes] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* kernel: add kmod-touchscreen-edt-ft5x06 packageLech Perczak2022-07-111-0/+21
| | | | | | | This module contains driver for touchscreen used in TechNexion PICO-PI-IMX7D board. Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
* uboot-envtools: support NVMEM based accessRafał Miłecki2022-07-113-0/+427
| | | | | | | This will allow using fw_printenv without /etc/fw_env.config. Once there is Linux NVMEM driver available for U-Boot env data. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* hostapd: apply patch to fix building openssl variantPaul Blazejowski2022-07-111-0/+32
| | | | | | | | Add patch from: https://patchwork.ozlabs.org/project/hostap/patch/20220622121355.1337612-1-a.heider@gmail.com/ Fixes: dab9103 ("hostapd: update to 2022-06-02") Signed-off-by: Paul Blazejowski <paulb@blazebox.homeip.net>
* uboot-at91: update to linux4sam-2022.04Claudiu Beznea2022-07-112-16/+6
| | | | | | | | | Update uboot-at91 to linux4sam-2022.04. As linux4sam-2022.04 is based on U-Boot v2022.01 which contains commit 93b196532254 ("Makefile: Only build dtc if needed") removed also the DTC variable passed to MAKE to force the compilation of DTC. Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
* at91bootstrap: update at91bootstrap v4 targets to v4.0.3Claudiu Beznea2022-07-111-3/+3
| | | | | | Update AT91Bootstrap v4 capable targets to v4.0.3. Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
* iptables: update to 1.8.8Nick Hainke2022-07-1013-192/+362
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove upstreamed patches: - 001-xtables-Call-init_extensions6-for-static-builds.patch - 002-xtables-Call-init_extensions_a_b.patch Fix patches: - 102-iptables-disable-modprobe.patch Fix warnings in the form of: xtables.c:475:14: warning: 'get_modprobe' defined but not used [-Wunused-function] 475 | static char *get_modprobe(void) | ^~~~~~~~~~~~ Backport patches: - 020-treewide-use-uint-instead-of-u_int.patch - 030-revert-fix-build-for-missing-ETH_ALEN-definition.patch - 040-xshared-Fix-build-for-Werror-format-security.patch - 050-build-fix-error-during-out-of-tree-build.patch - 060-libxtables-unexport-init_extensions-declarations.patch Refresh patches: - 101-remove-check-already.patch - 102-iptables-disable-modprobe.patch - 200-configurable_builtin.patch - 600-shared-libext.patch - 700-disable-legacy-revisions.patch Remove from Makefile: $(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/ Changelog: fa0ccdbd configure: bump version for 1.8.8 release 8468fd4f nft: Fix EPERM handling for extensions without rev 0 ce9195c6 extensions: LOG: Document --log-macdecode in man page 404f304d man: *NAT: Review --random* option descriptions 0a538259 extensions: DNAT: Merge core printing functions a7c2b728 libxtables: Revert change to struct xtables_pprot fd64a587 libxtables: Drop xtables_globals 'optstring' field 3b8a6a6f xshared: Extend xtables_printhelp() for arptables 8ff84eaf xshared: Move arp_opcodes into shared space adbfec0b extensions: MARK: Drop extra newline at end of help 1dcfb81e nft: split gen_payload() to allocate register and initialize expression 7e38890c nft: prepare for dynamic register allocation 165cafec nft: pass handle to helper functions to build netlink payload 94309632 nft: native mark matching support aa92ec96 nft: pass struct nft_xt_ctx to parse_meta() 4c70c42f nft-shared: update context register for bitwise expression 18c96821 extensions: man: Document service name support in DNAT and REDIRECT 72d542b6 extensions: Merge REDIRECT into DNAT 14d77c8a extensions: Merge IPv4 and IPv6 DNAT targets 9621318b extensions: DNAT: Rename from libipt to libxt 2e0c9a40 extensions: ipt_DNAT: Combine xlate functions also 7adef314 extensions: ipt_DNAT: Merge v1/v2 print/save code 3f4f1cf0 extensions: ipt_DNAT: Merge v1 and v2 parsers 070a8626 Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified" 08c14fa6 man: DNAT: Describe shifted port range feature 24fff5d7 xlate-test: Fix for empty source line on failure ac4c84cc libxtables: Boost rule target checks by announcing chain names f58b0d74 libxtables: Implement notargets hash table b1aee6b2 nft: Reject standard targets as chain names when restoring b555bfed tests: shell: Fix 0004-return-codes_0 for static builds c293e116 nft: Review static extension loading 0836524f xtables: Call init_extensions{,a,b}() for static builds 6c689b63 Simplify static build extension loading 0c8e2535 libxtables: Fix for warning in xtables_ipmask_to_numeric 0c0cd434 nft: Don't pass command state opaque to family ops callbacks b6196c75 xshared: Prefer xtables_chain_protos lookup over getprotoent 07ee529f nft: Speed up immediate parsing b5f2faea nft: Simplify immediate parsing 17534cb1 Improve error messages for unsupported extensions 2dbb49d1 libxtables: Register only the highest revision extension 07e2107e xshared: Implement xtables lock timeout using signals a3980769 tests: NFLOG: enable `--nflog-range` tests b8e8ac27 tests: support explicit variant test result adb03c3f tests: add `NOMATCH` test result 7a006c7d tests: iptables-test: rename variable b7f15b42 iptables.8: Describe the effect of multiple -v flags 1407a9c4 tests: iptables-test: Support variant deviation fc8f7289 nft: cache: Dump rules if debugging 73b91292 nft: Add debug output to table creation 51d9d9e0 ebtables: Support verbose mode ad1ed75f nft: Set NFTNL_CHAIN_FAMILY in new chains 17ed253f iptables-restore: Support for extra debug output a761a026 nft: Use verbose flag to toggle debug output 98e69b7e nft: add support for native tcp flag matching 92808bd5 nft-shared: add tcp flag dissection 6aba94ef nft: prefer native expressions instead of tcp match c034cf31 nft: prefer native expressions instead of udp match 5489493e nft-shared: support native udp port delinearize 5795a1b5 nft-shared: support native tcp port range delinearize 250dce87 nft-shared: support native tcp port delinearize ea5d45dc extensions: libxt_NFLOG: fix typo 26ecdf53 xshared: Fix response to unprivileged users b32ae771 build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT` 05286bab extensions: libxt_NFLOG: remove extra space when saving targets with prefixes f0d02998 extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases f9df828a extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases 62ad29e9 extensions: libxt_NFLOG: don't truncate log prefix on print/save db99f601 extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG 30b178b9 extensions: *NAT: Kill multiple IPv4 range support 7ee5b970 tests: iptables-test: correct misspelt variable 223f02ca nft: fix indentation error. 5c2c2eea ip6tables: Use the shared do_parse, too 9baf3bf0 iptables: Use xtables' do_parse() function e4f5185d nft: Move proto_parse and post_parse callbacks to xshared ded7b579 xshared: Store parsed wait and wait_interval in xtables_args 62c3c93d xshared: Move do_parse to shared space 3039a52c xtables: Do not pass nft_handle to do_parse() ece001c2 xtables: Pass xtables_args to check_inverse() 17abaeb1 xtables: Pass xtables_args to check_empty_interface() dc8d8fce xtables: Move struct nft_xt_cmd_parse to xshared.h 98a4462f xtables: Pull table validity check out of do_parse() d83371c7 xtables: Drop xtables' family on demand feature 49aa44ba nft-shared: set correct register value b129b1cf iptables-*-restore: Drop pointless line reference 316d8efb libxtables: Extend basic_exit_err() 4bff5aef xtables_globals: Embed variant name in .program_version 51e5d293 xshared: Share exit_tryhelp() 56ac0452 xshared: Share a common printhelp function 4149b5d8 xshared: Share print_match_save() between legacy ip*tables 273d88a7 extensions: tcpmss: add iptables-translate support 7213561d xshared: Make load_proto() static cf14b92b nft-shared: Drop unused function print_proto() 24f30842 xshared: Share print_header() with legacy iptables a323c283 xshared: Share print_fragment() with legacy 1d73cec0 xshared: Share print_rule_details() with legacy e5fb9f8e xshared: Share save_ipv{4,6}_addr() with legacy 22f2e1fc xshared: Share save_rule_details() with legacy 766e4872 xshared: Share print_iface() function b5881e7f nft: Change whitespace printing in save_rule callback 1189d830 xshared: Merge and share parse_chain() 1eab8e83 extensions: hashlimit: Fix tests with HZ=1000 afa525ee xlate-test: Print full path if testing all files b8d5271d Unbreak xtables-translate 0af80a91 nft: Merge xtables-arp-standalone.c into xtables-standalone.c 142cf724 xtables: arptables accepts empty interface names ab0a785a xtables: Derive xtables_globals from family 6cf3976e nft-shared: Make nft_check_xt_legacy() family agnostic 832a0e2b nft-arp: Introduce post_parse callback 0aea399d arptables: Use standard data structures when parsing fe83b12f libxtables: Introduce xtables_globals print_help callback 0687852d xtables-standalone: Drop version number from init errors dded8ff3 nft: Add family ops callbacks wrapping different nft_cmd_* functions 38e1fe58 xtables: Simplify addr_mask freeing cfdda180 nft-shared: Introduce init_cs family ops callback 65b150ae xshared: Store optstring in xtables_globals 2e6014c7 nft: Introduce builtin_tables_lookup() db90ff64 tests: shell: fix bashism 45d8f769 nft: Delete builtin chains compatibly e865a853 nft-chain: Introduce base_slot field f9b33967 nft: Check base-chain compatibility when adding to cache 43189612 nft: cache: Avoid double free of unrecognized base-chains 040a15f2 xtables-translate: add missing argument and option to usage 2ed6dc75 tests: iptables-test: Fix conditional colors on stderr 63ab4fe3 ebtables: Avoid dropping policy when flushing b714d45d iptables-test.py: print with color escapes only when stdout isatty 481626bb tests: shell: Return non-zero on error 7559af83 tests: iptables-test: Exit non-zero on error c057939d tests: xlate-test: Exit non-zero on error a8da7186 tests: iptables-test: Print errors to stderr 5166c445 tests: xlate-test: Print errors to stderr fa78ff15 tests: xlate-test: Don't skip any input after the first empty line fcbe454b tests: iptables-test: Fix missing chain case 61e85e31 iptables-nft: allow removal of empty builtin chains 544e7dc1 Fix a few doc typos e438b976 nft: Use xtables_{m,c}alloc() everywhere ca11c7b7 nft: Use xtables_malloc() in mnl_err_list_node_add() cf410aa6 extensions: libxt_mac: Fix for missing space in listing 7ae14dc1 iptables-test: Make netns spawning more robust bef9dc57 extensions: hashlimit: Fix tests with HZ=100 943fbf3e ip6tables: masquerade: use fully-random so that nft can understand the rule ef7781eb libxtables: exit if called by setuid executeable 8629c53f tests/shell: Assert non-verbose mode is silent 57d1422d nft: Fix for non-verbose check command 26318637 ebtables: Dump atomic waste 765bf04e doc: ebtables-nft.8: Adjust for missing atomic-options e727ccad xtables: Call init_extensions6() for static builds 9e1fffdf extensions: libxt_multiport: add translation for -m multiport --ports c8145139 extensions: libxt_conntrack: simplify translation using negation 1c934617 extensions: libxt_tcp: rework translation to use flags match representation bb01e33d extensions: libxt_connlimit: add translation 62828a6a tests: xlate-test: support multiline expectation ba863c4b libxtables: extend xlate infrastructure 68ed965b extensions: libxt_string: Avoid buffer size warning for strncpy() 9b85e1ab libxtables: Introduce xtables_strdup() and use it everywhere ca840c20 extensions: libebt_ip6: Use xtables_ip6parse_any() 084671d5 iptables-apply: Drop unused variable 0729ab37 nft: Avoid buffer size warnings copying iface names eab75ed3 nft: Avoid memleak in error path of nft_cmd_new() ffe88f8f libxtables: Fix memleak in xtopt_parse_hostmask() 8bb5bcae extensions: libebt_ip6: Drop unused variables 97fabae7 libxtables: Drop leftover variable in xtables_numeric_to_ip6addr() 5818be17 extensions: sctp: Translate --chunk-types option a61282ec extensions: sctp: Fix nftables translation 556f7044 Use proto_to_name() from xshared in more places eea68ca8 ebtables-translate: Use shared ebt_get_current_chain() function 9dc50b5b xshared: Merge invflags handling code 3664249f xshared: Eliminate iptables_command_state->invert f647f61f xtables: Make invflags 16bit wide 616800af extensions: SECMARK: Implement revision 1 1e984079 nft-arp: Make use of ipv4_addr_to_string() acac2dbe Eliminate inet_aton() and inet_ntoa() 9084ef29 extensions: sctp: Explain match types in man page a3e81c62 nft: Increase BATCH_PAGE_SIZE to support huge rulesets fdf64dcd nft: cache: Sort chains on demand only c5d9a723 fix build for missing ETH_ALEN definition 18d7535d extensions: libxt_conntrack: use bitops for status negation 18e334da extensions: libxt_conntrack: use bitops for state negation 831f57c7 libxtables: Simplify xtables_ipmask_to_cidr() a bit 46f9d3a9 xtables-translate: Fix translation of odd netmasks 330f5df0 nft: Fix bitwise expression avoidance detection 5f1fcace iptables-nft: fix -Z option c9441657 include: Drop libipulog.h 30c1d443 ebtables: Exit gracefully on invalid table names Signed-off-by: Nick Hainke <vincent@systemli.org>