| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
|
| |
|
|
|
|
|
|
|
|
| |
ed65a00 netifd: bridge: Fix format string position
19372d8 netifd: Fix multiple -Wsign-compare warnings
8ebf033 netifd: Do not return values in void function
c77417a netifd: Explicitly zero initialize variables
463a120 netifd: Activate -Wextra compile warnings
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
| |
498f6e2 ustream-mbedtls: Use getrandom() instead of /dev/urandom
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release Notes:
https://lwn.net/Articles/923952/
Refresh patches:
- 110-darwin_fixes.patch
- 115-add-config-xtlibdir.patch
- 140-allow_pfifo_fast.patch
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 170-ip_tiny.patch
- 175-reduce-dynamic-syms.patch
- 180-drop_FAILED_POLICY.patch
- 190-fix-nls-rpath-link.patch
- 195-build_variant_ip_tc.patch
- 200-drop_libbsd_dependency.patch
- 300-selinux-configurable.patch
Remove upstreamed:
- 320-configure-Remove-include-sys-stat.h.patch
While working on it remove AUTORELEASE.
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release notes:
- Feature: link down event statistics (no option)
- Feature: JSON output for coalesce (-c)
- Feature: new link modes (no option)
- Feature: JSON output for ring (-g)
- Feature: netlink handler for RSS get (-x)
- Fix: fix boolean value output in JSON output
- Fix: fix build errors and warnings
Remove upstreamed patches:
- 100-uapi-Bring-in-if-h.patch
- 101-netlink-Fix-maybe-uninitialized-meters-variable.patch
- 102-raw-marvell-c-Fix-build-with-musl-libc.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
|
|
|
|
| |
Release notes:
https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.o8papfkfh1x9
While working on it, remove $(AUTORELEASE).
Tested-by: Linhui Liu liulinhui36@gmail.com # Xiaomi AX3600
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
|
| |
In DHCPv6-PD enabled environments, addresses are assigned to interfaces.
These new functions retrieve the IPv6 assigned prefix(es).
Signed-off-by: Mark Baker <mark@vpost.net>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Synchronize the ath11k backports with the current ath-next tree.
This backports several memory leak issues, PCI IRQ fixup, peer add locking
fix as well as IPQ5018 support, though IPQ5018 support is unused for now.
This allows to easily backport further fixes as cherry picking them has
started requiring manual conflict resolution.
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
PowerPC CONFIG_ARCH is defined as powerpc, not ppc. Fix that in the
DEPENDS condition.
Arc needs to be built with libatomic. Change the OpenSSL configuration
file, and add it to the libatomic DEPENDS condition.
Fixes: 7e7e76afca "openssl: bump to 3.0.8"
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is a major update to the current LTS version, supported until
2026-09-07.
Changelog:
https://github.com/openssl/openssl/blob/openssl-3.0.8/CHANGES.md
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
| |
|
|
|
|
|
| |
fix forwarding received mesh a-msdu packets
add fast xmit support for mesh to improve performance
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes a corner case when using passwords that are exactly 64
characters in length with mesh mode or passwords longer than 63 characters
with SAE because 'psk' is used instead of 'sae_password'.
SAE is obligatory for 802.11s (mesh point).
The 'psk' option for hostapd is suited for WPA2 and enforces length
restrictions on passwords. Values of 64 characters are treated as PMKs.
With SAE, PMKs are always generated during the handshake and there are no
length restrictions.
The 'sae_password' option is more suited for SAE and should be used
instead.
Before this patch, the 'sae_password' option is only used with mesh mode
passwords that are not 64 characters long.
As a consequence:
- mesh passwords can't be 64 characters in length
- SAE only works with passwords with lengths >8 and <=63 (due to psk
limitation).
Fix this by always using 'sae_password' with SAE/mesh and applying the PMK
differentiation only when PSK is used.
Fixes: #11324
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ improve commit description ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
| |
It's generally advised to use quotes for variable assignments in bash.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On some devices the chip has RTC but no battery save time.
This leads back to getting the wrong time
and skipping the check of the last file modification date.
This commit ensures that the file time is checked even
if the RTC exists.
which would ordinarily return an approbiate
system time used for e.g. certificate generation.
Tested-on: NanoPi R2S
Signed-off-by: Yuan Tao <ty@wevs.org>
|
| |
|
|
|
|
|
|
|
| |
Including kernel.mk moves the package build folder in the linux one, which
is confusing since this isn't building any kernel modules.
package-defaults.mk is already included my package.mk.
Signed-off-by: Andre Heider <a.heider@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Pstore ramoops support is useful even when there isn't an explicit
panic/crash. We can log all kernel messages via a "console", and then
retrieve them in the event of some non-kernel-panic reset (e.g.,
watchdog).
Since the buffer memory is already reserved, there isn't much overhead
to doing this.
The new console files will show up as:
/sys/fs/pstore/console-ramoops-N
Cc: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
|
| |
|
|
|
|
|
|
| |
GCC 11 doesn't know about -Wno-error=use-after-free and aborts
compilation.
Fixes: 2748c45d "elfutils: Ignore wrong use-after-free error"
Signed-off-by: Andre Heider <a.heider@gmail.com>
|
| |
|
|
|
|
| |
Fix autoload module name for can-mcp251x kmod.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
| |
|
|
|
|
|
|
|
| |
There have been some demands for the `ct count` expression,
like https://forum.openwrt.org/t/22-03-2-unable-to-use-ct-count-nft-rules/146680.
This adds the required kernel modules for the expression to work.
Signed-off-by: Aviana Cruz <gwencroft@proton.me>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FCC ID: A8J-EPG600
Engenius EPG600 is an indoor wireless router with
1 Gb ethernet switch, dual-band wireless,
internal antenna plates, USB, and phone lines (not supported)
this board is a Senao device:
the hardware is equivalent to EnGenius ESR600 (except for phone lines)
the software is Senao SDK which is based on openwrt and uboot
which uses the legacy Senao header with Vendor / Product IDs
to verify the firmware upgrade image.
**Specification:**
- MT7620 SOC MIPS 24kec, 2.4 GHz WMAC, 2x2
- RT5592N WLAN PCI chip, 5 GHz, 2x2
- QCA8337N Gb SW RGMII GbE, SW P0 -- SOC P5, 5 LEDs
- 40 MHz clock
- 16 MB FLASH MX25L12845EMI-10G
- 64 MB RAM NT5TU32M16
- UART console J2, populated
- USB 2.0 port direct to SOC
- 6 GPIO LEDs power, 2G, 5G, wps2g, wps5g, line
- 3 buttons reset, wps, "reg" (registeration)
- 4 antennas internal omni-directional plates
NOT YET SUPPORTED: VoIP
- Si3050-FT + Si3019-FT Voice DAA, SPI control, PCM data
- Phone Ports "TEL", "LINE" RJ11, 4P2C (2 pins)
**MAC addresses:**
MAC address labeled as MAC ADDRESS
MACs present in both wifi cal data and uboot environment
eth0.1/phy1 ---- *:82 rf 0x4
phy0 ---- *:83 factory 0x4
eth0.2 MAC *:b8 "wanaddr"
**Installation:**
Method 1: Firmware upgrade page:
(if you cannot access the APs webpage)
factory reset with the reset button
connect ethernet to a computer
OEM webpage at 192.168.0.1
username and password 'admin'
Navigate to gear icon, "Device Management", "Tools"
select the factory.dlf image
Upload and verify checksum
Method 2: Serial to upload initramfs:
Follow directions for TFTP recovery
upload and boot initramfs and do a sysupgrade
**TFTP recovery:**
Requires UART serial console, reset button does nothing
rename initramfs-kernel.bin to 'uImageEPG600'
make available on TFTP server at 192.168.99.8
power board, interrupt boot with "4"
execute `tftpboot` and `bootm` (with the load address)
**Return to OEM:**
Images from OEM are provided, but not compatible
with openwrt sysupgrade. So it must be modified.
Alternatively, back up all mtd partitions before flashing
**Note on switch registers:**
The necessary registers needed for the QCA8337 switch
can be read from interrupted boot (tftpboot, bootm)
by using the following lines in the switch driver ar8327.c
in the function 'ar8327_hw_config_of'
where 'qca,ar8327-initvals' is parsed from DTS
before the new register values are written:
pr_info("0x04 %08x\n", ar8xxx_read(priv, AR8327_REG_PAD0_MODE));
pr_info("0x08 %08x\n", ar8xxx_read(priv, AR8327_REG_PAD5_MODE));
pr_info("0x0c %08x\n", ar8xxx_read(priv, AR8327_REG_PAD6_MODE));
pr_info("0x10 %08x\n", ar8xxx_read(priv, AR8327_REG_POWER_ON_STRAP));
Signed-off-by: Michael Pratt <mcpratt@pm.me>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changes:
7f7a9f7 wireless-regdb: update regulatory database based on preceding changes
660a1ae wireless-regdb: Update regulatory info for Russia (RU) on 5GHz
fe05cc9 wireless-regdb: Update regulatory rules for Japan (JP) on 6GHz
d8584dc wireless-regdb: Update regulatory rules for Japan (JP) on 5GHz
c04fd9b wireless-regdb: update regulatory rules for Switzerland (CH)
f29772a wireless-regdb: Update regulatory rules for Brazil (BR)
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
|
| |
|
|
|
|
|
|
| |
dfab0fa dhcpv4: detect noarp interfaces
5a17751 router: improve RA logging
edc5e17 router: always check ra_default
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
|
|
|
| |
We currently have build options to customize the IP address used in the
preinit phase of the boot process, but not to set the default LAN IP.
Introduce a boolean build option that, when enabled, results in the IP
address configured for the preinit phase, to be also used as the default
LAN IP address.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Package the Aquantia AQR PHY driver as kmod.
This enables using the Aquantia driver with hwmon support on targets where
hwmon is not compiled-in.
Currently, in case when AQR driver is compiled-in but hwmon core is not
hwmon code in AQR driver will not get compiled because of macro
IS_REACHABLE(CONFIG_HWMON) evaluating to false.
Signed-off-by: Robert Marko <robimarko@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Package kmod-ipt-raw enables CONFIG_IP_NF_RAW and packages
iptable_raw.ko
According to kernel's net/netfilter/Kconfig there are only 3 kernel
symbols that depend on the IP_NF_RAW:
1. NETFILTER_XT_TARGET_CT (xt_CT.ko)
2. NETFILTER_XT_TARGET_NOTRACK (unused symbol?!)
3. NETFILTER_XT_TARGET_TRACE (xt_TRACE.ko)
Now: iptables-mod-conntrack-extra selects kmod-ipt-conntrack-extra which
provides: xt_helper.ko nf_conncount.ko xt_connlimit.ko xt_connmark.ko
xt_recent.ko and xt_connbytes.ko (none of them seems to require
iptable_raw.ko).
It seems there is no explicit reason for iptables-mod-conntrack-extra to
require kmod-ipt-raw (iptables_raw.ko).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
|
| |
1. Move setup code to independent script file
2. Add init.d script to allow automatic updates
3. Support platform specific /usr/libexec/platform/packet-steering.sh
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
| |
|
|
|
|
|
|
|
|
| |
Starting from Linux Kernel version 6.3 UBI devices will no longer be
considered virtual, but rather have an MTD device parent. Hence they
will no longer be listed under /sys/devices/virtual/ubi which is
used in multiple places in OpenWrt. Prepare for future kernels by
using /sys/class/ubi instead of /sys/devuces/virtual/ubi.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
| |
12155d3 libfstools: use class interface to iterate over ubi devices
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
08c709c58187 rtnl: add support for registering an uloop based listener
599a7fb59380 Merge pull request #140 from nbd168/rtnl
c4125c516e0a nl80211: fix NL80211_ATTR_SURVEY_INFO
c43bb9d8fe8d Merge pull request #141 from dhewg/master
c1342d934b2d nl80211: add missing ucv_get() calls
9022b270683a rtnl: add missing ucv_get() calls
837cffec5a5c Merge pull request #142 from nbd168/ref-fixes
65b1f181e642 rtnl: add missing uc_vm_registry_set call
ab2f3f70257d Merge pull request #143 from nbd168/rtnl-fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Buffalo WXR-5950AX12 is a 2.4/5 GHz band 11ax (Wi-Fi 6) router, based on
IPQ8074A.
Specification:
- SoC : Qualcomm IPQ8074A
- RAM : DDR3 1024 MiB (2x Nanya NT5CC256M16ER-EK)
- Flash : RAW NAND 256 MiB (Winbond W29N02GZBIBA)
- WLAN : 2.4/5 GHz (IPQ8074A)
- Ethernet : 5 ports
- WAN : 100/1000/2500/10000 Mbps x1 (AQR113C)
- LAN : 100/1000/2500/10000 Mbps x1 (AQR113C),
10/100/1000 Mbps x3 (QCA8075)
- LED/Keys : 8x/5x
- UART : pin header on PCB (J7)
- assignment: 3.3V, GND, TX, RX from disc marking
- settings : 115200n8
- Power : 12 VDC, 4 A
Flash instruction using initramfs image:
1. Prepare TFTP server with IP address 192.168.11.10
2. Rename OpenWrt initramfs image to "WXR-5950AX12-initramfs.uImage and
place it to TFTP directory
3. Hold AOSS (WPS) button and power on WXR-5950AX12
4. WXR-5950AX12 downloads initramfs image from TFTP server and boots
with it automatically
5. Upload sysupgrade image to WXR-5950AX12 and perform sysupgrade
6. Wait ~120 seconds to complete flashing
Partition layout:
0x000000000000-0x000000100000 : "0:sbl1"
0x000000100000-0x000000200000 : "0:mibib"
0x000000200000-0x000000280000 : "0:bootconfig"
0x000000280000-0x000000300000 : "0:bootconfig1"
0x000000300000-0x000000600000 : "0:qsee"
0x000000600000-0x000000900000 : "0:qsee_1"
0x000000900000-0x000000980000 : "0:devcfg"
0x000000980000-0x000000a00000 : "0:devcfg_1"
0x000000a00000-0x000000a80000 : "0:apdp"
0x000000a80000-0x000000b00000 : "0:apdp_1"
0x000000b00000-0x000000b80000 : "0:rpm"
0x000000b80000-0x000000c00000 : "0:rpm_1"
0x000000c00000-0x000000c80000 : "0:cdt"
0x000000c80000-0x000000d00000 : "0:cdt_1"
0x000000d00000-0x000000d80000 : "0:appsblenv"
0x000000d80000-0x000000e80000 : "0:appsbl"
0x000000e80000-0x000000f80000 : "0:appsbl_1"
0x000000f80000-0x000001000000 : "0:art"
0x000001000000-0x000001080000 : "0:art_1"
0x000001080000-0x000001100000 : "0:orgdata"
0x000001100000-0x000001180000 : "0:orgdata_1"
0x000001180000-0x000005180000 : "rootfs"
0x000005180000-0x000009180000 : "rootfs_recover"
0x000009180000-0x000010000000 : "user_property"
Notes:
- WXR-5950AX12 has 2x OS images on NAND flash. The 1st image is for
normal operation and the 2nd one is for recoverying or firmware
upgrading on stock.
- Stock U-Boot checks MD5 hashes in "fw_hash" volume in each "root*"
partition when booting. This is just a comparation of hash strings.
Behaviors:
- both "fw_hash" volumes exist, hashes are rootfs == rootfs_recover
---> boot from rootfs
- both "fw_hash" volumes exist, hashes are rootfs != rootfs_recover
---> boot from rootfs_recover
Note: this behavior is used for firmware upgrading on stock
- "fw_hash" volume in rootfs is missing
---> boot from rootfs_recover
- "fw_hash" volume in rootfs_recover is missing
---> boot from rootfs
- "fw_hash" volumes in both root* partition are missing
---> boot from rootfs_recover
Reverting to stock firmware:
1. Decrypt official image by buffalo-enc and remove header
example of decryption:
$ buffalo-enc -i wxr_5950ax12_jp_305 -o wxr_5950ax12_jp_305.dec \
-d -k olaffuB -O 0xc8
example of removing header (v3.05):
- before
$ hexdump -n 64 -v -C wxr_5950ax12_jp_305.dec
00000000 57 58 52 2d 35 39 35 30 41 58 31 32 5f 33 2e 30 |WXR-5950AX12_3.0|
00000010 35 5f 31 2e 30 31 5f 4a 50 5f 6a 70 5f 71 63 61 |5_1.01_JP_jp_qca|
00000020 0a 66 69 6c 65 6c 65 6e 3d 34 35 33 35 30 39 31 |.filelen=4535091|
00000030 32 0a 55 42 49 23 01 00 00 00 00 00 00 00 00 00 |2.UBI#..........|
00000040
- after
$ hexdump -n 64 -v -C wxr_5950ax12_jp_305.ubi
00000000 55 42 49 23 01 00 00 00 00 00 00 00 00 00 00 00 |UBI#............|
00000010 00 00 08 00 00 00 10 00 78 cf c4 91 00 00 00 00 |........x.......|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000030 00 00 00 00 00 00 00 00 00 00 00 00 3d 2a 64 fd |............=*d.|
00000040
2. Boot WXR-5950AX12 with OpenWrt initramfs image
3. Upload modified stock image to WXR-5950AX12
4. Find partitions "rootfs" and "rootfs_recover"
example:
root@OpenWrt:/# cat /proc/mtd
dev: size erasesize name
...
mtd22: 04000000 00020000 "rootfs"
mtd23: 04000000 00020000 "rootfs_recover"
...
in this case, "rootfs" is mtd22 and "rootfs_recover" is mtd23
5. Format "rootfs"/"rootfs_recover" partition with the uploaded image
example:
ubiformat /dev/mtd22 -f /tmp/wxr_5950ax12_jp_305.ubi
ubiformat /dev/mtd23 -f /tmp/wxr_5950ax12_jp_305.ubi
6. Remove "rootfs"/"rootfs_data" volume from user_property partition
example:
. /lib/upgrade/nand.sh
UBI=$(nand_attach_ubi user_property)
ubirmvol /dev/$UBI -N rootfs
ubirmvol /dev/$UBI -N rootfs_data
7. Reboot
MAC addresses:
LAN : 50:C4:DD:xx:xx:28 (0:APPSBLENV, ethaddr (text))
WAN : 50:C4:DD:xx:xx:28 (0:APPSBLENV, ethaddr (text))
2.4 GHz: 50:C4:DD:xx:xx:30 (0:APPSBLENV, wlan0addr (text))
5 GHz : 50:C4:DD:xx:xx:38 (0:APPSBLENV, wlan1addr (text))
Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
|
| |
|
|
|
|
|
| |
This patch adds support for APRESIA ApresiaLightGS120GT-SS to
uboot-envtools.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
|
| |
|
|
|
|
|
|
| |
The standard defines the A-MSDU header length field differently for mesh
compared to other modes. Deal with this accordingly and work around broken
implementations (e.g. ath10k, ath11k).
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
Release notes:
https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.47.0
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Specifications:
- Device: ASUS RT-AX54 (AX1800S/HP,AX54HP)
- SoC: MT7621AT
- Flash: 128MB
- RAM: 256MB
- Switch: 1 WAN, 4 LAN (10/100/1000 Mbps)
- WiFi: MT7905 2x2 2.4G + MT7975 2x2 5G
- LEDs: 1x POWER (blue, configurable)
1x LAN (blue, configurable)
1x WAN (blue, configurable)
1x 2.4G (blue, not configurable)
1x 5G (blue, not configurable)
Flash by U-Boot TFTP method:
- Configure your PC with IP 192.168.1.2
- Set up TFTP server and put the factory.bin image on your PC
- Connect serial port(rate:115200) and turn on AP, then interrupt "U-Boot Boot Menu" by hitting any key
Select "2. Upgrade firmware"
Press enter when show "Run firmware after upgrading? (Y/n):"
Select 0 for TFTP method
Input U-Boot's IP address: 192.168.1.1
Input TFTP server's IP address: 192.168.1.2
Input IP netmask: 255.255.255.0
Input file name: openwrt-ramips-mt7621-asus_rt-ax1800hp-squashfs-factory.bin
- Restart AP aftre see the log "Firmware upgrade completed!"
Signed-off-by: Karl Chan <exkc@exkc.moe>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removed upstreamed patch: 010-padlock.patch
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Signed-off-by: John Audia <therealgraysky@proton.me>
|
| |
|
|
|
|
| |
Fix typo that mistaken the description of ntfs3 for fuse.
Signed-off-by: Xu Yiming <xuyiming.open@outlook.com>
|
| |
|
|
|
|
|
|
|
|
| |
Release information:
https://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.46.6
Remove upstreamed patch:
- 004-CVE-2022-1304-libext2fs-add-sanity-check-to-extent-manipulation.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
| |
It worked fine before but gawk warns about it.
Signed-off-by: Leon M. George <leon@georgemail.eu>
|
| |
|
|
|
|
| |
For gawk compatibility.
Signed-off-by: Leon M. George <leon@georgemail.eu>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use ipcalc's return value to react to invalid range specifications.
By simply ignoring the range instead of aborting with an error code,
dnsmasq should still start when there's an error (best effort).
Aborting the config generation or working with invalid range specs leaves
dnsmasq crash-looping which is the right thing to do concerning that
particular interface but it also hinders DHCP service on other interfaces
and DNS on the router itself.
Signed-off-by: Leon M. George <leon@georgemail.eu>
|
| |
|
|
|
|
|
|
|
|
|
| |
There's hardly an shell logic in ipcalc.sh and a $* that would garble
parameter positions.
Move the awk invokation to the shebang.
A rename from "ipcalc.sh" to "ipcalc" is desirable but could prove tricky
with packages in other repositories depending on the filename.
Signed-off-by: Leon M. George <leon@georgemail.eu>
|
| |
|
|
|
|
|
|
| |
It's possible to move range boundaries in a way that the start address
lies behind the end address.
Detect this condition and exit with an error message.
Signed-off-by: Leon M. George <leon@georgemail.eu>
|
| |
|
|
|
|
| |
Make sure our own address doesn't lie in the calculated range.
Signed-off-by: Leon M. George <leon@georgemail.eu>
|
| |
|
|
|
|
|
| |
With this patch, ipcalc only calculates range boundaries if the
corresponding parameters are supplied.
Signed-off-by: Leon M. George <leon@georgemail.eu>
|
| |
|
|
|
|
|
| |
c7eb8eb nl80211: restore iterating over all devices in nl80211_phy2ifname()
Fixes: #11902
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
| |
14d535e partname: Correct fstools_partname_fallback_scan comparison
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
$BOOTDEV_MAJOR may be empty for many of the uevents parsed in this
function. This condition thus tends to fail benignly (we just skip to
the next device), but it can really clutter the stage2 sysupgrade
stderr, since it looks like the "=" operand doesn't have an appropriate
left-hand argument.
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
|
| |
|
|
|
|
| |
Useful for debugging panic/error handling, crash logging, and more.
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Expose a few additional useful values via ubus:
- Channel error counters (CRC, FEC)
- Retransmission counters (MINEFTR, LEFTRS)
- Impulse noise protection level
- Rate adaptation mode
- OLR statistics (Bitswap, SRA, SOS)
- Pilot tones
- Upstream/downstream band information
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
|
| |
|
|
|
|
|
|
| |
The upstream value read from the device seems to already be in bits per
second, so there is no need to multiply by 1000 again (which for typical
values causes an overflow of the 32-bit unsigned integer).
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
|
