aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* OpenWrt v22.03.0-rc5: revert to branch defaultsHauke Mehrtens2022-07-065-11/+9
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v22.03.0-rc5: adjust config defaultsv22.03.0-rc5Hauke Mehrtens2022-07-065-9/+11
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: Add missing mediatek configuration optionsHauke Mehrtens2022-07-062-2/+3
| | | | | | | | | | | | When building the mediatek/mt7629 target in OpenWrt 22.03 the kernel does not have a configuration option for CONFIG_CRYPTO_DEV_MEDIATEK. Add this option to the generic kernel configuration and also add two other configuration options which are removed when we refresh the mt7629 kernel configuration. Fixes: 2bea35cb55d7 ("mediatek: remove crypto-hw-mtk package") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit dcc0fe24ea216d32300c0f01c8879e586d89cc1e)
* openssl: bump to 1.1.1pAndre Heider2022-07-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes between 1.1.1o and 1.1.1p [21 Jun 2022] *) In addition to the c_rehash shell command injection identified in CVE-2022-1292, further bugs where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection have been fixed. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. (CVE-2022-2068) [Daniel Fiala, Tomáš Mráz] *) When OpenSSL TLS client is connecting without any supported elliptic curves and TLS-1.3 protocol is disabled the connection will no longer fail if a ciphersuite that does not use a key exchange based on elliptic curves can be negotiated. [Tomáš Mráz] Signed-off-by: Andre Heider <a.heider@gmail.com> (cherry picked from commit eb7d2abbf06f0a3fe700df5dc6b57ee90016f1f1)
* mediatek: mt7622: fix white dome LED of UniFi 6 LRDaniel Golle2022-07-041-3/+1
| | | | | | | | | | | The recent differentiation between v1 and v2 of the UniFi 6 LR added support for the v2 version which has GPIO-controlled LEDs instead of using an additional microcontroller to drive an RGB led. The polarity of the white LED, however, was inverted and the default states didn't make a lot of sense after all. Fix that. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit f58e562b07803192d029a6be8c8c372e1ed11c68)
* mvebu: cortexa72: fix ImageBuilder for IEI Puzzle devicesDaniel Golle2022-07-041-2/+0
| | | | | | | | | | The line trying to generate the standard sdcard.img.gz fails due to boot.scr not being generated. Remove the line in order to use the default sdcard.img.gz which is exactly the same but includes generating the boot.scr file. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 1d3b57dbeeae70ab3a8f71d3bdb6fd41a00e1d22)
* uboot-mediatek: update UniFi 6 LR board nameDaniel Golle2022-07-041-1/+1
| | | | | | | | Select matching U-Boot for both v1 and v2 variants. Fixes: 15a02471bb ("mediatek: new target mt7622-ubnt-unifi-6-lr-v1") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 2caa03ec8607fb38e11ac1ce3c7b698f80191b49)
* mediatek: add Ubiquiti UniFi 6 LR v2 targetsHenrik Riomar2022-07-044-0/+239
| | | | | | | | | | | | | | | | Add targets: * Ubiquiti UniFi 6 LR v2 * Ubiquiti UniFi 6 LR v2 (U-Boot mod) This target does not have a RGB led bar like v1 did Used target/linux/ramips/dts/mt7621_ubnt_unifi.dtsi as inspiration The white dome LED is default-on, blue will turn on when the system is in running state Signed-off-by: Henrik Riomar <henrik.riomar@gmail.com> (cherry picked from commit 31d86a1a119265393db02aa66e6bc6518ee7b905)
* mediatek: new target ubnt_unifi-6-lr-v1-ubootmodHenrik Riomar2022-07-042-5/+6
| | | | | | | | | based on current ubnt_unifi-6-lr-ubootmod Signed-off-by: Daniel Golle <daniel@makrotopia.org> [added SUPPORTED_DEVICES for compatibility with existing setups] Signed-off-by: Henrik Riomar <henrik.riomar@gmail.com> (cherry picked from commit 5c8d3893a78fd81454930de30d90efaef99f8734)
* mediatek: new target mt7622-ubnt-unifi-6-lr-v1Henrik Riomar2022-07-045-31/+35
| | | | | | | | | | | | | Based on current mt7622-ubnt-unifi-6-lr, this is a preparation for adding a v2 version of this target * v1 - with led-bar * v2 - two simple GPIO connected LEDs (in later commits) Signed-off-by: Daniel Golle <daniel@makrotopia.org> [added SUPPORTED_DEVICES for compatibility with existing setups] Signed-off-by: Henrik Riomar <henrik.riomar@gmail.com> (cherry picked from commit 15a02471bb854245f8f94398c1e1d9ce29c2c341)
* mediatek: build ubnt-ledbar as a moduleChuanhong Guo2022-07-044-4/+18
| | | | | | | | | The config for LEDS_UBNT_LEDBAR doesn't stay in mt7629 kconfig because of its I2C dependency. Build it as a module and let buildroot handle this config option instead. Signed-off-by: Chuanhong Guo <gch981213@gmail.com> (cherry picked from commit d9ea9c06e98b597174e0e94e0a13934637c0c03e)
* mediatek: remove crypto-hw-mtk packageEneas U de Queiroz2022-07-041-23/+0
| | | | | | | | The MediaTek's Crypto Engine module is only available for mt7623, in which case it is built into the kernel. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 3f2d0703b60357e3ff1865783335be9f51528eb8)
* mediatek: mt7622: fix banana pi r64 wps buttonNick Hainke2022-07-041-0/+40
| | | | | | | | | | | | | | | | Fix the wps button to prevent wrongly detected recovery procedures. In the official banana pi r64 git the wps button is set to GPIO_ACTIVE_LOW and not GPIO_ACTIVE_HIGH. Import patch to fix on boot unwanted recovery entering: Press the [f] key and hit [enter] to enter failsafe mode Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level - failsafe button wps was pressed - - failsafe - Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry-picked from commit 668619425526cb0d43f8536a2f6f15a6314e6553)
* mediatek/mt7629: Activate CONFIG_ARM_ARCH_TIMER_EVTSTREAMHauke Mehrtens2022-07-031-0/+2
| | | | | | | | | | The kernel configuration option CONFIG_MACH_MT7629 selects CONFIG_HAVE_ARM_ARCH_TIMER now. Handle this change in the config-5.10. This fixes some build problems. Fixes: 81530d69ef58 ("kernel: bump 5.10 to 5.10.121") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mt76: update to the latest versionFelix Fietkau2022-07-031-3/+3
| | | | | | | 93e3fce916c6 mt76: pass original queue id from __mt76_tx_queue_skb to the driver Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 06d0cc2fb365485dd1ddd32937afd5091fa4b8a8)
* kernel: Refresh patches for all targetsHauke Mehrtens2022-07-0336-155/+79
| | | | | | | | | | | | | | | | This refreshes the patches on top of kernel 5.4.127. Deleted (upstreamed): bcm27xx/patches-5.10/950-0005-Revert-mailbox-avoid-timer-start-from-callback.patch [0] bcm27xx/patches-5.10/950-0678-bcm2711_thermal-Don-t-clamp-temperature-at-zero.patch [1] Needed manual modifications: bcm27xx/patches-5.10/950-0410-drm-atomic-Pass-the-full-state-to-CRTC-atomic-begin-.patch [0]: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.127&id=bb2220e0672b7433a9a42618599cd261b2629240 [1]: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.127&id=83603802954068ccd1b8a3f2ccbbaf5e0862acb0 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mt76: update to the latest versionFelix Fietkau2022-07-021-3/+3
| | | | | | | | c07f45927839 firmware: update mt7622 firmware to version 20220630 af406a2d1c36 mt76: do not use skb_set_queue_mapping for internal purposes Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 8e90abb39615e25a03f255f2c16c9203ab976ae7)
* mac80211: fix mesh queue selection issueFelix Fietkau2022-07-021-0/+28
| | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 51e9d496ba7958fb9f2d3eb4bc7f257837145dd0)
* ramips: improve YunCore AX820 LEDsThibaut VARÈNE2022-07-011-6/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | At least two AX820 hardware variants are known to exist, but they cannot be distinguished (same hardware revision, no specific markings). They appear to have the same LED hardware, but wired differently: - One has a red system LED at GPIO 15, a green wlan2g LED at GPIO 14 and a blue wlan5g LED at GPIO 16; - The other only offers a green system LED at GPIO 15, with GPIO 14 and 16 being apparently not connected Finally, a Yuncore datasheet says the canonical wiring should be: - Blue wlan2g GPIO 14, green system GPIO 15, red wlan5g GPIO 16 All GPIOs are tied to a single RGB LED which is exposed via lightpipe on the device front casing. Considering the above, this patch exposes all three LEDs, preserves the common system LED (GPIO 15) as the openwrt status LED, and removes the color information from the LEDs names since it is not consistent across hardware. The LED naming is made consistent with other YunCore devices. A note is added in DTS to ensure this information is always available and prevent unwanted changes in the future. Fixes: #10131 "YunCore AX820: GPIO LED not correct" Reviewed-by: Sander Vanheule <sander@svanheule.net> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* kernel: bump 5.10 to 5.10.127John Audia2022-07-019-20/+20
| | | | | | | All patches automatically rebased. Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 433dc5892a60003753655aac6e6a4b59fb13b2e4)
* kernel: bump 5.10 to 5.10.126John Audia2022-07-011-2/+2
| | | | | | | | | | No patches rebased, just checksum update for this refresh. Build system: x86_64 Build-tested: ipq806x/R7800 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit c5882c33a78153e84acca22af3429ff6eb6c99e0)
* qoriq: enable Book-E Watchdog TimerStijn Tintel2022-07-011-0/+2
| | | | | | | | | | | | | | | | Enable PowerPC Book-E Watchdog Timer support. Having this enabled in-kernel will result in procd starting it during boot. This effectively solves the problem of the WDT in the Winbond W83793 chip potentially resetting the system during sysupgrade, which could result in an unbootable device. While the driver is modular, resulting in procd not starting the WDT during boot (because that happens before kmod load), the WDT handover during sysupgrade results in the WDT being started. This normally shouldn't be a problem, but the W83793 WDT does not like procd's defaults, nor the handover happening during sysupgrade. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 04071cb111f290417074de130d34ae5895fd3a7b)
* ipq40xx: cut ath10k board file for mikrotik subtargetJohn Thomson2022-07-013-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoid shipping ath10k board file in Mikrotik initram images Most will only ever need to use these initram images once—to initially load OpenWrt, but fix these images for more consistent Wi-Fi performance between the initram and installed squashfs images. OpenWrt BUILDBOT config ignores -cut packages in the initram images build. This results in BUILDBOT initram images including the linux-firmware qca4019 board-2.bin, and (initram image booted) Mikrotik devices loading a generic BDF, rather than the intended BDF data loaded from NOR as an api 1 board_file. buildbot snapshot booted as initram image: cat /etc/openwrt_version r19679-810eac8c7f dmesg | grep ath10k | grep -E board\|BDF [ 9.794556] ath10k_ahb a000000.wifi: Loading BDF type 0 [ 9.807192] ath10k_ahb a000000.wifi: board_file api 2 bmi_id 0:16 crc32 11892f9b [ 12.457105] ath10k_ahb a800000.wifi: Loading BDF type 0 [ 12.464945] ath10k_ahb a800000.wifi: board_file api 2 bmi_id 0:17 crc32 11892f9b CC: Robert Marko <robimarko@gmail.com> Fixes: 5eee67a72fed ("ipq40xx: mikrotik: dont include ath10k-board-qca4019 by default") Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au> Reviewed-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 602b5f6c60a2827bd918dfae0ffb271f8b88f4df) Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* ipq40xx: mikrotik: dont include ath10k-board-qca4019 by defaultRobert Marko2022-07-011-0/+1
| | | | | | | | | | | | | Since MikroTik subtarget now uses dynamic BDF loading its crucial that it doesnt include the board-2.bin at all which is provided by the ath10k-board-qca4019 package. So to resolve this dont include the ath10k-board-qca4019 package on the MikroTik subtarget. Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 5eee67a72fed52ac686dd467d93eea95d44c8dff) Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* ipq-wifi: remove packaged BDF-s for MikroTik devicesRobert Marko2022-07-016-14/+4
| | | | | | | | | | | | | Since we now provide the BDF-s for MikroTik IPQ40xx devices on the fly, there is noneed to include package and ship them like we do now. This also resolves the performance issues that happen as MikroTik changes the boards and ships them under the same revision but they actually ship with and require a different BDF. Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit ab141a6e2cb645ff64adb107af2e8973a720c1c7) Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* ipq40xx: mikrotik: provide BDF-s on demandRobert Marko2022-07-011-0/+23
| | | | | | | | | | | | | Since we now can pass the API 1 BDF-s aka board.bin to the ath10k driver per radio lets use that to provide the BDF-s for MikroTik devices. This also resolves the performance issues that happen as MikroTik changes the boards and ships them under the same revision but they actually ship with and require a different BDF. Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 4d4462cc2ace4b044e99e9b22a24cb4d89c7db95) Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* mac80211: ath10k: backport bus and device specific API 1 BDF selectionRobert Marko2022-07-011-0/+65
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some ath10k IPQ40xx devices like the MikroTik hAP ac2 and ac3 require the BDF-s to be extracted from the device storage instead of shipping packaged API 2 BDF-s. This is required as MikroTik has started shipping boards that require BDF-s to be updated, as otherwise their WLAN performance really suffers. This is however impossible as the devices that require this are release under the same revision and its not possible to differentiate them from devices using the older BDF-s. In OpenWrt we are extracting the calibration data during runtime and we are able to extract the BDF-s in the same manner, however we cannot package the BDF-s to API 2 format on the fly and can only use API 1 to provide BDF-s on the fly. This is an issue as the ath10k driver explicitly looks only for the board.bin file and not for something like board-bus-device.bin like it does for pre-cal data. Due to this we have no way of providing correct BDF-s on the fly, so lets extend the ath10k driver to first look for BDF-s in the board-bus-device.bin format, for example: board-ahb-a800000.wifi.bin If that fails, look for the default board file name as defined previously. So, backport the upstream ath10k patch. Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 3daf2d477ee728b5b066fe7f31808a5f19bb98a1) [prune unrelated patch refreshes] Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* ath10k-ct: update to 2022-05-13Robert Marko2022-07-014-22/+22
| | | | | | | | | Update ath10k-ct to the latest version which includes the backported ath10k commit for requesting API 1 BDF-s with a unique name like caldata. Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit ab97b2a25d69215dcc0d9621e491aa7b17f315cb) Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* firewall4: bump to git HEADStijn Tintel2022-07-011-3/+3
| | | | | | | | | | | | | | | | | | | 11f5c7b fw4.uc: fix zone helper assignment b9d35ff fw4.uc: don't skip zone for unavailable helper e35e26b tests: add test for zone helpers a063317 ruleset: fix conntrack helpers e1cb763 ruleset: reuse zone-jump.uc template for notrack and helper chain jumps 11410b8 ruleset: reorder declarations & output tweaks 880dd31 fw4: fix skipping invalid IPv6 ipset entries 5994466 fw4: simplify `is_loopback_dev()` 53886e5 fw4: fix crash in parse_cthelper() if no helpers are present 11256ff fw4: add support for configurable includes 3b5a033 tests: add test coverage for firewall includes d79911c fw4: support sets with timeout capability but without default expiry 15c3831 fw4: add support for `option log` in rule and redirect sections Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit e8433fb4336b72e44a40cb667ee2eb06e0a31109)
* qoriq: enable HARDENED_USERCOPYStijn Tintel2022-07-011-1/+0
| | | | | | | | The random crashes observed with HARDENED_USERCOPY enabled no longer seem to occur. Enable HARDENED_USERCOPY to improve security. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 61587c92425ecdcabb82a6c81cff698a23ffb049)
* qoriq: disable CONFIG_COMPATStijn Tintel2022-07-011-8/+0
| | | | | | | | We do not need support for 32 bit applications, as we're building everything for 64 bit. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 3e1848ee0ff3b01461a9d2f772bde27a4101f3d9)
* qoriq: 02_network fix sweth globbing logicThibaut VARÈNE2022-07-011-1/+1
| | | | | | | This prevents invalid configuration of non-existent sweth devices. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> (cherry picked from commit 5fdbae463c57fa48709d876abaadbbbd5938f84f)
* qoriq: define reset button for Firebox M300Thibaut VARÈNE2022-07-012-1/+13
| | | | | | | This patch provides support for the Firebox M300 reset button. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> (cherry picked from commit 19231cf83835db563ee7431b502fe1695ef1f559)
* qoriq: define leds for Firebox M300Thibaut VARÈNE2022-07-012-1/+22
| | | | | | | | | This patch provides support for the Firebox M300 only user-controllable bi-color LED, and makes the green "shield" LED act as the typical OpenWrt status led. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> (cherry picked from commit 4ab421b81d383c127135716f56a1e18337575516)
* ath79: add support for RouterBOARD mAPThibaut VARÈNE2022-06-305-0/+134
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The MikroTik mAP-2nd (sold as mAP) is an indoor 2.4Ghz AP with 802.3af/at PoE input and passive PoE passthrough. See https://mikrotik.com/product/RBmAP2nD for more details. Specifications: - SoC: QCA9533 - RAM: 64MB - Storage: 16MB NOR - Wireless: QCA9533 802.11b/g/n 2x2 - Ethernet: 2x 10/100 ports, 802.3af/at PoE in port 1, 500 mA passive PoE out on port 2 - 7 user-controllable LEDs Note: the device is a tiny AP and does not distinguish between both ethernet ports roles, so they are both assigned to lan. With the current setup, ETH1 is connected to eth1 and ETH2 is connected to eth0 via the embedded switch port 2. Flashing: TFTP boot initramfs image and then perform sysupgrade. The "ETH1" port must be used to upload the TFTP image. Follow common MikroTik procedure as in https://openwrt.org/toh/mikrotik/common. Tested-By: Andrew Powers-Holmes <aholmes@omnom.net> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> (cherry picked from commit e1223dbee332b89caf71850eb909104529595c31)
* ipq40xx: mikrotik: make RouterBoot partition writeableThibaut VARÈNE2022-06-305-5/+0
| | | | | | | | | | Linux MTD requires the parent partition be writable for a child partition to be allowed write permission. In order for soft_config to be writeable (and modifiable via sysfs), the parent RouterBoot partition must be writeable Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> (cherry picked from commit bb929a0f9cbabef59eaced57d5162d112640c3cd)
* ath79: mikrotik: add rw soft_config to extra devicesJohn Thomson2022-06-302-2/+0
| | | | | | | | Linux MTD requires the parent partition be writable for a child partition to be allowed write permission. Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au> (cherry picked from commit 86fb287ad564e344d9630d8235104da144406d08)
* kernel: fix variable erasesize patchJohn Thomson2022-06-301-208/+64
| | | | | | | | | | Update this pending patch to remove the untested (variable eraseregions) section, alongside simplifying the patch. Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au> [refresh and split out unrelated refreshes] Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> (cherry picked from commit 4f7065ed250932d6ff725ba175e734ad4c782f14)
* x86: 64: Add kmod-igc to default packagesHauke Mehrtens2022-06-291-1/+1
| | | | | | | | | This adds the igc driver for the Intel 2.5GBit Ethernet chip to the default packages. Fixes: #10064 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit aae3a8a254275f8be5c45d766ac7b5afb82a9fe6)
* iptables: default to ip(6)tables-nftEtienne Champetier2022-06-291-19/+12
| | | | | | | | | | | | | | | | OpenWrt now uses firewall4 (nft) by default, so iptables should also default to nftables backend. When multiple packages provide the same virtual package, opkg pick the first one by alphabetical order, so we rename iptables-legacy to iptables-zz-legacy and add iptables-legacy in PROVIDES. We also need to remove IPTABLES_NFTABLES config as this cause recursive dependencies. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> (cherry picked from commit 35fec487e30f05c81bd135326a993dad7f861812)
* kernel: add missing symbol to 5.10 configStijn Tintel2022-06-291-0/+1
| | | | | | | | | Kernel 5.10.124 introduced a new symbol 'LIB_MEMNEQ'. Add it to the generic 5.10 config. Fixes: 9e5d743422ed ("kernel: bump 5.10 to 5.10.124") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit f3caba679b812bdaa374929350548025e792eeec)
* qoriq: use FIT uImage for Firebox M300 kernelStijn Tintel2022-06-291-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This requires U-Boot environment changes: setenv OpenWrt_kernel watchguard_firebox-m300-fit-uImage.itb setenv loadaddr 0x20000000 setenv wgBootSysA 'setenv bootargs root=/dev/mmcblk0p2 rw rootdelay=2 console=$consoledev,$baudrate fsl_dpaa_fman.fsl_fm_max_frm=1530; mmc dev 0; ext2load mmc 0:1 $loadaddr $OpenWrt_kernel; bootm $loadaddr' Trying to sysupgrade an image containing this change on an M300 already running OpenWrt will fail with the following error: Tue Jun 14 12:06:21 EEST 2022 upgrade: The device is supported, but the config is incompatible to the new image (1.0->1.1). Please upgrade without keeping config (sysupgrade -n). Tue Jun 14 12:06:21 EEST 2022 upgrade: Kernel switched to FIT uImage. Update U-Boot environment. Tue Jun 14 12:06:21 EEST 2022 upgrade: Reading partition table from bootdisk... Tue Jun 14 12:06:21 EEST 2022 upgrade: Extract boot sector from the image Tue Jun 14 12:06:21 EEST 2022 upgrade: Reading partition table from image... Image check failed. This is to prevent rendering your device unbootable. Make the U-Boot environment changes as instruced above, and then flash the image using sysupgrade -F. The config can be kept, there is no need to use -n. After the new image booted successfully, you can increase the compat_version: uci set system.@system[0].compat_version='1.1' uci commit Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit c4b499bc03ab0e2eea643c46d1d781ab64e78931)
* qoriq: use KERNEL_SUFFIX in Build/sdcard-imgStijn Tintel2022-06-291-1/+1
| | | | | | | | | | Use the KERNEL_SUFFIX variable in Build/sdcard-img, rather than using hardcoded "-kernel.bin", to allow overriding KERNEL_SUFFIX for a device. Fixes: 080a769b4da8 ("qoriq: new target") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 86948716dbc1c220d4be504cfe5433bfd9e1d630)
* kernel: bump 5.10 to 5.10.125John Audia2022-06-274-5/+5
| | | | | | | | | | All patches automatically rebased. Build system: x86_64 Build-tested: ipq806x/R7800 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 53d99fedc7afd96adfb6f38fc939c9ee9981c2ed)
* kernel: bump 5.10 to 5.10.124John Audia2022-06-2728-93/+93
| | | | | | | | | | All patches automatically rebased. Build system: x86_64 Build-tested: ipq806x/R7800 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 9e5d743422edc4036cda7d96b96ba62705f382de)
* kernel: bump 5.10 to 5.10.123John Audia2022-06-271-2/+2
| | | | | | | | | | No patches required a rebase, just updated checksum. Build system: x86_64 Build-tested: ipq806x/R7800 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 5202a511cc4557303d4b77bf77ebb66e524dcddf)
* kernel: bump 5.10 to 5.10.122John Audia2022-06-2722-58/+58
| | | | | | | | | | All patches automatically rebased. Build system: x86_64 Build-tested: ipq806x/R7800 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 9edc514e3dafcc36db69046a37daab818cfc1a07)
* kernel: bump 5.10 to 5.10.121John Audia2022-06-2735-64/+64
| | | | | | | | | | | | | Manually rebased: oxnas/patches-5.10/100-oxnas-clk-plla-pllb.patch All other patches automatically rebased. Build system: x86_64 Build-tested: ipq806x/R7800 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 706a4ec40cce108f484b40805bfa48619a0a7f09)
* dropbear: cherry-pick upstream commit 544f28a0Konstantin Demin2022-06-271-0/+134
| | | | | | | | Resolves #10081 Reported-By: Chen Minqiang <ptpt52@gmail.com> Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit f98bb1ffe5327d7309f11a3647efd8116d637b33)
* wolfssl: disable AES-NI by default for x86_64Eneas U de Queiroz2022-06-271-1/+6
| | | | | | | | | | | | | WolfSSL is crashing with an illegal opcode in some x86_64 CPUs that have AES instructions but lack other extensions that are used by WolfSSL when AES-NI is enabled. Disable the option by default for now until the issue is properly fixed. People can enable them in a custom build if they are sure it will work for them. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 0bd536723303ccd178e289690d073740c928bb34)