[pull] openwrt-21.02 from immortalwrt:openwrt-21.02 #75

Allign dl_github_archieve.py to 8252511 change. On supported system the sigid bit is applied to files and tar archieve that on tar creation. This cause unreproducible tar for these system and these bit should be dropped to produce reproducible tar. Add the missing option following the command options used in other scripts. Fixes: 75ab064 ("build: download code from github using archive API") Suggested-by: Eneas U de Queiroz <[email protected]> Tested-by: Robert Marko <[email protected]> Signed-off-by: Christian Marangi <[email protected]> (cherry picked from commit 5f1758e)

Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 731846c)

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit ad34421)

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 9fe5813)

OpenWrt provides kmod-asn1-decoder for CONFIG_ASN1 but selecting it doesn't really work as expected. Kernel symbol is hidden and can be actually selected only as a dependency. That works well for in-kernel stuff but fails for external modules requiring ASN1 like ksmbd. Modify kernel Kconfig to make CONFIG_ASN1 always selectable. It's required to satisfy ksmbd dependencies cleanly (without hack like selecting unrelated modules). Link: http://lists.openwrt.org/pipermail/openwrt-devel/2023-January/040298.html Signed-off-by: Rafał Miłecki <[email protected]>

Removed upstreamed: - generic/backport-5.4/702-Revert-net-dsa-b53-Fix-valid-setting-for-MDB-entries.patch Manually rebased: - layerscape/patches-5.4/805-display-0002-drm-rockchip-prepare-common-code-for-cdns-and-rk-dpi.patch - layerscape/patches-5.4/820-usb-0010-MLK-22675-usb-dwc3-host-disable-park-mode.patch Refreshed all patches. Signed-off-by: Tianling Shen <[email protected]>

Fixes: #863 Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit f295e34)

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 17ec9ea)

(cherry picked from commit 9f853eb)

This adds missing HE modes to mac80211_prepare_ht_modes. Previously mesh without wpa_supplicant would be initialized with 802.11g /NO-HT only, as this method did not parse channel bandwidth for HE operation. Signed-off-by: David Bauer <[email protected]> (cherry picked from commit a63430e)

Signed-off-by: Tianling Shen <[email protected]>

This was done by running these commands: ./scripts/kconfig.pl '+' target/linux/generic/config-5.4 /dev/null > target/linux/generic/config-5.4-new mv target/linux/generic/config-5.4-new target/linux/generic/config-5.4 Signed-off-by: Hauke Mehrtens <[email protected]>

Compile-tested: x86/64 Run-tested: x86/64 Signed-off-by: Hauke Mehrtens <[email protected]>

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 73adb850b0af7c242df1c141dc4b66ec3422cd60)

Device is the same as Xiaomi Mi Router 4A Gigabit, except of: - 5G WiFi is MT7663 - addresses of leds, wifi and eth ports are slightly changed Specs: SoC: MT7621 CPU: 2 x 880 MHz ROM: 16 MB RAM: 128 MB WLAN: MT7603, MT7663 MAC addresses: WAN **** factory 0xe006 (label) LAN *:f7 factory 0xe000 2.4 GHz *:f8 factory 0x0000+0x4 (mtd-eeprom+0x4) 5 GHz *:f9 factory 0x8000+0x4 (mtd-eeprom+0x4) Installation: Factory firmware is based on a custom OpenWrt 17.x. Installation is the same as for Xiaomi Mi Router 4A Gigabit. Probably the easiest way to install is to use the script from this repository: acecilia/OpenWRTInvasion#155 In a more advanced case, you can do everything yourself: - gain access to the device through one of the exploits described in the link above - upload sysupgrade image to /tmp - overwrite stock firmware: # mtd -e OS1 -r write /tmp/sysupgrade.bin OS1 Recovery: Recovery procedure is the same as for Xiaomi Mi Router 4A Gigabit. Possible options can be found here: https://openwrt.org/inbox/toh/xiaomi/xiaomi_mi_router_4a_gigabit_edition One of the ways is to use another router with OpenWrt: - connect both routers by their LAN ports - download stock firmware from [1] - place it inside /tmp/test.bin on the main router - configure PXE/TFTP on the main router - power off 4Av2, hold Reset button, power on - as soon as image download via TFTP starts, Reset can be released - blinking blue wan LED will indicate the end of the flashing process, now router can be rebooted [1] http://cdn.cnbj1.fds.api.mi-img.com/xiaoqiang/rom/r4av2/miwifi_r4av2_firmware_release_2.30.28.bin Signed-off-by: Dmitry Sokolov <[email protected]> (cherry picked from commit 39e4f03) Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

As of upstream Linux commit 0fe1e96fef0a ("powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias"), the PCIe domain address is no longer numbered by the lowest 16 bits of the PCI register address after a fallthrough. Instead of the fallthrough, the enumeration process accepts the alias ID (as determined by `of_alias_scan()`). This causes e.g.: 9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11) 9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ... to become 0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11) 0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ... ... which then causes the sysfs path of the netdev to change, invalidating the `wifi_device.path`s enumerated in `/etc/config/wireless`. One other solution might be to migrate the uci configuration, as was done for mvebu in commit 0bd5aa8 ("mvebu: Migrate uci config to new PCIe path"). However, there are concerns that the sysfs path will change once again once some upstream patches[^2][^3] are merged and backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled). Instead, remove the aliases and allow the fallthrough to continue for now. We will provide a migration in a later release. This was first reported as a Github issue[^1]. [^1]: openwrt/openwrt#10530 [^2]: https://lore.kernel.org/linuxppc-dev/[email protected]/t/#u [^3]: https://lore.kernel.org/linuxppc-dev/[email protected]/ Fixes: #10530 Tested-by: Martin Kennedy <[email protected]> [Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i] Signed-off-by: Martin Kennedy <[email protected]> (cherry picked from commit 7f4b4c2) Signed-off-by: Fabian Bläse <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

Removed upstreamed patch: 010-padlock.patch Changes between 1.1.1s and 1.1.1t [7 Feb 2023] *) Fixed X.400 address type confusion in X.509 GeneralName. There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This vulnerability may allow an attacker who can provide a certificate chain and CRL (neither of which need have a valid signature) to pass arbitrary pointers to a memcmp call, creating a possible read primitive, subject to some constraints. Refer to the advisory for more information. Thanks to David Benjamin for discovering this issue. (CVE-2023-0286) This issue has been fixed by changing the public header file definition of GENERAL_NAME so that x400Address reflects the implementation. It was not possible for any existing application to successfully use the existing definition; however, if any application references the x400Address field (e.g. in dead code), note that the type of this field has changed. There is no ABI change. [Hugo Landau] *) Fixed Use-after-free following BIO_new_NDEF. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. (CVE-2023-0215) [Viktor Dukhovni, Matt Caswell] *) Fixed Double free after calling PEM_read_bio_ex. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. (CVE-2022-4450) [Kurt Roeckx, Matt Caswell] *) Fixed Timing Oracle in RSA Decryption. A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. (CVE-2022-4304) [Dmitry Belyavsky, Hubert Kario] Signed-off-by: John Audia <[email protected]> Signed-off-by: Tianling Shen <[email protected]>

This update mac80211 to version 5.15.92-1. This includes multiple bugfixes. Some of these bugfixes are fixing security relevant bugs. Signed-off-by: Hauke Mehrtens <[email protected]> (cherry picked from commit 863288b49d3d1466f22bcf6098e4635a5be98626)

With the various variants of Netgear R**** devices, make it more obvious which image should be used for the R7200. Signed-off-by: Dale Hui <[email protected]> [provide proper commit message] Signed-off-by: Adrian Schmutzler <[email protected]> (cherry picked from commit af3104d)

Netgear R6900v2 is a clone of Netgear R6700v2 Specifications ============== SoC: MediaTek MT7621AT RAM: 256M DDR3 FLASH: 128M NAND WiFi: MediaTek MT7615N an+ac MediaTek MT7615N bgn ETH: MediaTek MT7621AT BTN: 1x Connect (WPS), 1x WLAN, 1x Reset LED: Power (white/amber), WAN(white/amber), 2.4G(white), 5G(white), USB(white) , GuestWifi(white) 4x LAN(white/amber), Wifi Button(white), WPS Button(white) Flash Instructions ================== Login to netgear webinterface and flash factory.img Signed-off-by: Dale Hui <[email protected]> (cherry picked from commit 16fc409)

Signed-off-by: Tianling Shen <[email protected]>

fixes the problem that the banana pi m2 berry cannot connect to wifi and cannot be used as an access point Signed-off-by: Josef Schlehofer <[email protected]> (cherry picked from commit ff2bb16) Signed-off-by: LizenzFass78851 <[email protected]>

Changes between 1.1.1s and 1.1.1t [7 Feb 2023] *) Fixed X.400 address type confusion in X.509 GeneralName. There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This vulnerability may allow an attacker who can provide a certificate chain and CRL (neither of which need have a valid signature) to pass arbitrary pointers to a memcmp call, creating a possible read primitive, subject to some constraints. Refer to the advisory for more information. Thanks to David Benjamin for discovering this issue. (CVE-2023-0286) This issue has been fixed by changing the public header file definition of GENERAL_NAME so that x400Address reflects the implementation. It was not possible for any existing application to successfully use the existing definition; however, if any application references the x400Address field (e.g. in dead code), note that the type of this field has changed. There is no ABI change. [Hugo Landau] *) Fixed Use-after-free following BIO_new_NDEF. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. (CVE-2023-0215) [Viktor Dukhovni, Matt Caswell] *) Fixed Double free after calling PEM_read_bio_ex. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. (CVE-2022-4450) [Kurt Roeckx, Matt Caswell] *) Fixed Timing Oracle in RSA Decryption. A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. (CVE-2022-4304) [Dmitry Belyavsky, Hubert Kario] Signed-off-by: John Audia <[email protected]> (cherry picked from commit 4ae86b3) The original commit removed the upstreamed patch 010-padlock.patch, but it's not on OpenWrt 21.02, so it doesn't have to be removed. Signed-off-by: Michal Vasilek <[email protected]>

Compile-tested: x86/64 Run-tested: x86/64 Signed-off-by: Hauke Mehrtens <[email protected]>

This update mac80211 to version 5.10.168-1. This includes multiple bugfixes. Some of these bugfixes are fixing security relevant bugs. Signed-off-by: Hauke Mehrtens <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

Background radar detection is not supported on devices that using MT7905, so disable this feature in the following devices: asus,rt-ax53u jcg,q20 tplink,eap615-wall-v1 xiaomi,mi-router-cr6606 xiaomi,mi-router-cr6608 xiaomi,mi-router-cr6609 yuncore,ax820 Devices with MT7915 lacking a DFS antenna also do not support background DFS: totolink,x5000r cudy,x6 Signed-off-by: Shiji Yang <[email protected]> (cherry picked from commit 6cbcc34)

1. Explicitly declare gpio pin groups to ensure that gpio works properly. 2. Override bootargs in device tree to avoid modifying u-boot envs during initial installation. Tested on H3C TX1801 Plus Signed-off-by: Shiji Yang <[email protected]> (cherry picked from commit a7d8b54)

Commit f4a7914 ("ramips: add support for ipTIME AX2004M") was reverted due to KERNEL_LOADADDR leakage, and it seems the problem can be mitigated by moving the variable definition into Device/Default. By this, KERNEL_LOADADDR redefined in a device recipe will not be leaked into the subsequent device recipes anymore and thus will remain as a per-device variable. Ref: cd6a6e3 ("Revert "ramips: add support for ipTIME AX2004M"") Signed-off-by: Sungbo Eo <[email protected]> (cherry picked from commit 09f3834)

Signed-off-by: Tianling Shen <[email protected]>

Fix 2.5 Gbps auto-negotiate. This reverts commit 5657d4f. Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

This adds support for the Askey RT4230W REV6 (Branded by Spectrum/Charter as RAC2V1K) At this time, there's no way to reinstall the stock firmware so don't install this on a router that's being rented. Specifications: Qualcomm IPQ8065 1 GB of RAM (DDR3) 512 MB Flash (NAND) 2x Wave 2 WiFi cards (QCA9984) 5x 10/100/1000 Mbps Ethernet (Switch: QCA8337) 1x LED (Controlled by a microcontroller that switches it between red and blue with different patterns) 1x USB 3.0 Type-A 12V DC Power Input UART header on PCB - pinout from top to bottom is RX, TX, GND, 5V Port settings are 115200n8 More information: https://forum.openwrt.org/t/askey-rac2v1k-support/15830 https://deviwiki.com/wiki/Askey_RAC2V1K To check what revision your router is, restore one of these config backups through the stock firmware to get ssh access then run "cat /proc/device-tree/model". https://forum.openwrt.org/t/askey-rac2v1k-support/15830/17 The revision number on the board doesn't seem to be very consistent so that's why this is needed. You can also run printenv in the uboot console and if machid is set to 177d, that means your router is rev6. Note: Don't install this if the router is being rented from an ISP. The defined partition layout is different from the OEM one and even if you changed the layout to match, backing up and restoring the OEM firmware breaks /overlay so nothing will save and the router will likely enter a bootloop. How to install: Method 1: Install without opening the case using SSH and tftp You'll need: RAC2V1K-SSH.zip: https://github.com/lmore377/openwrt-rt4230w/blob/master/RAC2V1K-SSH.zip initramfs and sysupgrade images Connect to one of the router's LAN ports Download the RAC2V1K-SSH.zip file and restore the config file that corresponds to your router's firmware (If you're firmware is newer than what's in the zip file, just restore the 1.1.16 file) After a reboot, you should be able to ssh into the router with username: "4230w" and password: "linuxbox" or "admin". Run the following commannds fw_setenv ipaddr 10.42.0.10 #IP of router, can be anything as long as it's in the same subnet as the server fw_setenv serverip 10.42.0.1# #IP of tftp server that's set up in next steps fw_setenv bootdelay 8 fw_setenv bootcmd "tftpboot initramfs.bin; bootm; bootipq" Don't reboot the router yet. Install and set up a tftp server on your computer Set a static ip on the ethernet interface of your computer (use this for serverip in the above commands) Rename the initramfs image to initramfs.bin, and host it with the tftp server Reboot the router. If you set up everything right, the router led should switch over to a slow blue glow which means openwrt is booted. If for some reason the file doesn't get loaded into ram properly, it should still boot to the OEM firmware. After openwrt boots, ssh into it and run these commands: fw_setenv bootcmd "setenv mtdids nand0=nand0 && setenv mtdparts mtdparts=nand0:0x1A000000@0x2400000(firmware) && ubi part firmware && ubi read 0x44000000 kernel 0x6e0000 && bootm" fw_setenv bootdelay 2 After openwrt boots up, figure out a way to get the sysupgrade file onto it (scp, custom build with usb kernel module included, wget, etc.) then flash it with sysupgrade. After it finishes flashing, it should reboot, the light should start flashing blue, then when the light starts "breathing" blue that means openwrt is booted. Method 2: Install with serial access (Do this if something fails and you can't boot after using method 1) You'll need: initramfs and sysupgrade images Serial access: https://openwrt.org/inbox/toh/askey/askey_rt4230w_rev6#opening_the_case Install and set up a tftp server Set a static ip on the ethernet interface of your computer Download the initramfs image, rename it to initramfs.bin, and host it with the tftp server Connect the wan port of the router to your computer Interrupt U-Boot and run these commands: setenv serverip 10.42.0.1 (You can use whatever ip you set for the computer) setenv ipaddr 10.42.0.10 (Can be any ip as long as it's in the same subnet) setenv bootcmd "setenv mtdids nand0=nand0 && set mtdparts mtdparts=nand0:0x1A000000@0x2400000(firmware) && ubi part firmware && ubi read 0x44000000 kernel 0x6e0000 && bootm" saveenv tftpboot initramfs.bin bootm After openwrt boots up, figure out a way to get the sysupgrade file onto it (scp, custom build with usb kernel module included, wget, etc.) then flash it with sysupgrade. After it finishes flashing, it should reboot, the light should start flashing blue, then when the light starts "breathing" blue that means openwrt is booted. Signed-off-by: Lauro Moreno <[email protected]> [add entry in 5.10 patch, fix whitespace issues] Signed-off-by: Adrian Schmutzler <[email protected]> (cherry picked from commit da8428d)

The problem has been fixed in f47cb40 ("ipq806x: fix pci broken on bootm command"), now the pcie part can be written in the usual way. Signed-off-by: Chukun Pan <[email protected]> Reviewed-by: Ansuel Smith <[email protected]> (cherry picked from commit 269758a)

There is a mr25h256 spi flash on this machine. From the mtd backup of the stock firmware, this spi flash is empty. [ 3.652745] spi_qup 1a280000.spi: IN:block:16, fifo:64, OUT:block:16, fifo:64 [ 3.653925] spi-nor spi0.0: mr25h256 (32 Kbytes) Signed-off-by: Chukun Pan <[email protected]> (cherry picked from commit eee41e3)

Signed-off-by: Tianling Shen <[email protected]>

It's not just required for the PCI version, but for USB and presumably SDIO as well. Tested with 0e8d:7961 Comfast CF-953AX (MT7921AU). Signed-off-by: Andre Heider <[email protected]> (cherry picked from commit 6f72916)

The kmod-mt7615-common package does not contain any code that related to mt7915e Wi-Fi6 driver, so remove it. Tested on ramips/mt7621: SIM SIMAX1800T Signed-off-by: Shiji Yang <[email protected]> (cherry picked from commit 3410f01)

3deafbad7061 wifi: mt76: mt7915: fix uninitialized irq_mask 6ca31dc64da4 wifi: mt76: mt7921: introduce remain_on_channel support 7962005b0734 wifi: mt76: connac: rework macros for unified command 3b2882ca704e wifi: mt76: connac: update struct sta_rec_phy c4d46cb1dd45 wifi: mt76: connac: rework fields for larger bandwidth support in sta_rec_bf 532c322fd72f wifi: mt76: connac: add more unified command IDs 4c43e060726b wifi: mt76: connac: introduce unified event table 4c423058920d wifi: mt76: connac: add more bss info command tags 143d7ab8ef92 wifi: mt76: connac: add more starec command tags 733ef9887b2c wifi: mt76: connac: introduce helper for mt7996 chipset 8e309b5560e1 wifi: mt76: mt7921: fix wrong power after multiple SAR set d791ed1f5877 wifi: mt76: mt7915: add missing MODULE_PARM_DESC 3b8eed9c3866 wifi: mt76: mt7915: add support to configure spatial reuse parameter set 417cca39bab2 wifi: mt76: introduce rxwi and rx token utility routines 629f8631f54f wifi: mt76: add WED RX support to mt76_dma_{add,get}_buf 13c2dc8993b6 wifi: mt76: add WED RX support to mt76_dma_rx_fill 86e94f4162b7 wifi: mt76: add WED RX support to dma queue alloc 1361519851f3 wifi: mt76: add info parameter to rx_skb signature a2e5e0667553 wifi: mt76: connac: introduce mt76_connac_mcu_sta_wed_update utility routine f38faf294310 wifi: mt76: mt7915: enable WED RX support a887a5feb3d1 wifi: mt76: mt7915: enable WED RX stats 4c23061ebcfc wifi: mt76: mt7915: add basedband Txpower info into debugfs a9c88ded5cac wifi: mt76: mt7915: enable .sta_set_txpwr support 2c172bb6cd9f wifi: mt76: mt7915: fix band_idx usage 1b88dd07f153 linux-firmware: update firmware for MT7915 6196f6080506 linux-firmware: update firmware for MT7916 daae6ca5d81f linux-firmware: update firmware for MT7986 e7a9f7a0440c wifi: mt76: mt7915: fix unused-but-set warning 340f3be65397 wifi: mt76: fix coverity overrun-call in mt76_get_txpower() aa7132da0326 wifi: mt76: mt7915: fix endianness of mt7915_mcu_set_obss_spr_pd() a36017d09324 wifi: mt76: mt7921: Add missing __packed annotation of struct mt7921_clc 66dc48bea883 wifi: mt76: do not send firmware FW_FEATURE_NON_DL region fa79eeeadc2d mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() ff94604b2edd wifi: mt76: mt7915: introduce mt7915_get_power_bound() 5082a58f8082 wifi: mt76: mt7915: enable per bandwidth power limit support a7b915302147 wifi: mt76: mt7915: fix scene detection flow of spatial reuse 525592c28d6b wifi: mt76: mt7915: rely on band_idx of mt76_phy cdd7229e769b wifi: mt76: mt7915: mmio: fix naming convention Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit b1b29ba)

ec46d7486ab9 sync with upstream 2575de3aea33 wifi: mt76: mt7921: introduce chanctx support 473cebb3c3e1 wifi: mt76: fix bandwidth 80MHz link fail in 6GHz band de3e77227f62 wifi: mt76: mt7996: add driver for MediaTek Wi-Fi 7 (802.11be) devices f0c191a9f6cd wifi: mt76: mt7996: add missing argument in mt7996_queue_rx_skb() d3838a52df62 wifi: mt76: mt7996: enable use_cts_prot support 98492dff3bec wifi: mt76: mt7996: enable ack signal support 2a41e7a82f86 wifi: mt76: mt7996: add support to configure spatial reuse parameter set 194cb3392829 mt76: mt7915: add missing of_node_put() f91d6f3b73ac wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host 1ce4970d799f wifi: mt76: mt7915: fix mt7915_rate_txpower_get() resource leaks 379f3fc0fc43 wifi: mt76: mt7996: fix insecure data handling of mt7996_mcu_ie_countdown() 233c272f0f86 wifi: mt76: mt7996: fix insecure data handling of mt7996_mcu_rx_radar_detected() 5616c4cc1d5d wifi: mt76: mt7996: fix integer handling issue of mt7996_rf_regval_set() f9598e6d4c2c wifi: mt76: mt7915: split mcu chan_mib array up b252d94bd763 wifi: mt76: mt7915: check return value before accessing free_block_num f1cc3696d725 wifi: mt76: mt7996: check return value before accessing free_block_num b94ba58fa698 wifi: mt76: mt7915: check the correctness of event data 35843a1670c0 wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr() 01a256c1dc41 wifi: mt76: mt7996: drop always true condition of __mt7996_reg_addr() 5185bbab8953 wifi: mt76: mt7996: fix endianness warning in mt7996_mcu_sta_he_tlv eeb6949c4d06 wifi: mt76: mt76x0: fix oob access in mt76x0_phy_get_target_power 063823aba978 wifi: mt76: mt7921: add support to update fw capability with MTFG table a44109267e4e wifi: mt76: mt7996: fix unintended sign extension of mt7996_hw_queue_read() be5dbb781068 wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read() adf9042b6f63 wifi: mt76: fix coverity uninit_use_in_call in mt76_connac2_reverse_frag0_hdr_trans() 551201379efe wifi: mt76: move leds field in leds struct 14fbb6d6e85e wifi: mt76: move leds struct in mt76_phy 81edc468fc62 wifi: mt76: mt7915: enable per-phy led support bbad827e447f wifi: mt76: mt7615: enable per-phy led support 8e7e7e52fc09 wifi: mt76: dma: do not increment queue head if mt76_dma_add_buf fails 95c66d651133 wifi: mt76: handle possible mt76_rx_token_consume failures 52d04463a66e wifi: mt76: dma: rely on queue page_frag_cache for wed rx queues 7fae1de12ae7 wifi: mt76: mt7921: resource leaks at mt7921_check_offload_capability() Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit a75a798)

a03ef0aab93e wifi: mt76: mt7921: fix deadlock in mt7921_abort_roc 5b509e80384a wifi: mt76: dma: fix a regression in adding rx buffers Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit 274dfcb)

Signed-off-by: Tianling Shen <[email protected]>

(cherry picked from commit 78527a1)

(cherry picked from commit 8dbca10)

(cherry picked from commit b8874d9)

RAISECOM MSG1500 X.00 is a 2.4/5 GHz band 11ac (Wi-Fi 5) router. Apart from the general model, there are two ISP customized models: China Mobile and China Telecom. Specifications: - SoC: Mediatek MT7621AT - RAM: 256MiB DDR3 - Flash: 128MiB NAND - Ethernet: 5 * 10/100/1000Mbps: 4 * LAN + 1 * WAN - Switch: MediaTek MT7530 (SoC) - WLAN: 1 * MT7615DN Dual-Band 2.4GHz 2T2R (400Mbps) 5GHz 2T2R (867Mbps) - USB: 1 * USB 2.0 port - Button: 1 * RESET button, 1 * WPS button, 1 * WIFI button - LED: blue color: POWER, WAN, WPS, 2.4G, 5G, LAN1, LAN2, LAN3, LAN4, USB - UART: 1 * serial port header (4-pin) - Power: DC 12V, 1A - Switch: 1 * POWER switch MAC addresses as verified by vendor firmware: use address source LAN C8:XX:XX:3A:XX:E7 Config "protest_lan_mac" ascii (label) WAN C8:XX:XX:3A:XX:EA Config "protest_wan_mac" ascii 5G C8:XX:XX:3A:XX:E8 Factory "0x4" hex 2.4G CA:XX:XX:4A:XX:E8 [not on flash] The increment of the 4th byte for the 2.4g address appears to vary. Reported cases: 5g 2.4g increment C8:XX:XX:90:XX:C3 CA:XX:XX:C0:XX:C3 0x30 C8:XX:XX:3A:XX:08 CA:XX:XX:4A:XX:08 0x10 C8:XX:XX:3A:XX:E8 CA:XX:XX:4A:XX:E8 0x10 Since increment is inconsistent and there is no obvious pattern in swapping bytes, and the 2.4g address has local bit set anyway, it seems safer to use the LAN address with flipped byte here in order to prevent collisions between OpenWrt devices and OEM devices for this interface. This way we at least use an address as base that is definitely owned by the device at hand. Notes: 1. The vendor firmware allows you to connect to the router by telnet. (known version 1.0.0 can open telnet.) There is no official binary firmware available. Backup the important partitions data: "Bootloader", "Config", "Factory", and "firmware". Note that with the vendor firmware the memory is detected only 128MiB and the last 512KiB in NAND flash is not used. 2. The POWER LED is default on after press POWER switch. The WAN and LAN1 - 4 LEDs are wired to ethernet switch. The WPS LED is controlled by MT7615DN's GPIO. Currently there is no proper way to configure it. 3. At the time of adding support the wireless config needs to be set up by editing the wireless config file: * Setting the country code is mandatory, otherwise the router loses connectivity at the next reboot. This is mandatory and can be done from luci. After setting the country code the router boots correctly. A reset with the reset button will fix the issue and the user has to reconfigure. * This is minor since the 5g interface does not come up online although it is not set as disabled. 2 options here: 1- Either run the "wifi" command. Can be added from LuCI in system - startup - local startup and just add wifi above "exit 0". 2- Or add the serialize option in the wireless config file as shown below. This one would work and bring both interfaces automatically at every boot: config wifi-device 'radio0' option serialize '1' config wifi-device 'radio1' option serialize '1' Flash instructions using initramfs image: 1. Press POWER switch to power down if the router is running. 2. Connect PC to one of LAN ports, and set static IP address to "10.10.10.2", netmask to "255.255.255.0", and gateway to "10.10.10.1" manually on the PC. 3. Push and hold the WIFI button, and then power up the router. After about 10s (or you can call the recovery page, see "4" below) you can release the WIFI button. There is no clear indication when the router is entering or has entered into "RAISECOM Router Recovery Mode". 4. Call the recovery page for the router at "http://10.10.10.1". Keep an eye on the "WARNING!! tip" of the recovery page. Click "Choose File" to select initramfs image, then click "Upload". 5. If image is uploaded successfully, you will see the page display "Device is upgrading the firmware... %". Keep an eye on the "WARNING!! tip" of the recovery page. When the page display "Upgrade Successfully", you can set IP address as "automatically obtain". 6. After the rebooting (PC should automatically obtain an IP address), open the SSH connection, then download the sysupgrade image to the router and perform sysupgrade with it. Flash back to vendor firmware: See "Flash instructions 1 - 5" above. The only difference is that in step 4 you should select the vendor firmware which you backup. Signed-off-by: Liangkuan Yang <[email protected]> (cherry picked from commit bc7d36b)

The hardware of Nokia A-040W-Q and RAISECOM MSG1500 X.00 are exactly the same, both of which are customized by operators. Signed-off-by: Chukun Pan <[email protected]> (cherry picked from commit 4f9b360)

Signed-off-by: Tianling Shen <[email protected]>

This driver is backported from the v6.0 which deals with "linux,default-trigger" in leds core. For kernel 5.4 we need leds-bcm63138 to read trigger on its own. Signed-off-by: Rafał Miłecki <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

Update the ca-certificates and ca-bundle package from version 20210119 to version 20211016. Debian change-log entry [1]: |[...] |[ Julien Cristau ] |* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority | bundle to version 2.50 | The following certificate authorities were added (+): | + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" | + "GlobalSign Root R46" | + "GlobalSign Root E46" | + "GLOBALTRUST 2020" | + "ANF Secure Server Root CA" | + "Certum EC-384 CA" | + "Certum Trusted Root CA" | The following certificate authorities were removed (-): | - "QuoVadis Root CA" | - "Sonera Class 2 Root CA" | - "GeoTrust Primary Certification Authority - G2" | - "VeriSign Universal Root Certification Authority" | - "Chambers of Commerce Root - 2008" | - "Global Chambersign Root - 2008" | - "Trustis FPS Root CA" | - "Staat der Nederlanden Root CA - G3" | * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) |[...] [1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog> Signed-off-by: Christian Lamparter <[email protected]> (cherry picked from commit 7c99085)

This patch is a revert of the upstream patch to Debian's ca-certificate commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.") The reason is, that this change broke builds with the popular Ubuntu 20.04 LTS (focal) releases which are shipping with an older version of the python3-cryptography package that is not compatible. |Traceback (most recent call last): | File "certdata2pem.py", line 125, in <module> | cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend' |make[5]: *** [Makefile:6: all] Error 1 ...or if the python3-cryptography was missing all together: |Traceback (most recent call last): | File "/certdata2pem.py", line 31, in <module> | from cryptography import x509 |ModuleNotFoundError: No module named 'cryptography' More concerns were raised by Jo-Philipp Wich: "We don't want the build to depend on the local system time anyway. Right now it seems to be just a warning but I could imagine that eventually certs are simply omitted of found to be expired at build time which would break reproducibility." Link: <openwrt/openwrt@7c99085bd697> Reported-by: Chen Minqiang <[email protected]> Reported-by: Shane Synan <[email protected]> Signed-off-by: Christian Lamparter <[email protected]> (cherry picked from commit 25bc66e)

It's generally advised to use quotes for variable assignments in bash. Signed-off-by: Leon M. Busch-George <[email protected]> (cherry picked from commit 3c10c42)

This patch fixes a corner case when using passwords that are exactly 64 characters in length with mesh mode or passwords longer than 63 characters with SAE because 'psk' is used instead of 'sae_password'. SAE is obligatory for 802.11s (mesh point). The 'psk' option for hostapd is suited for WPA2 and enforces length restrictions on passwords. Values of 64 characters are treated as PMKs. With SAE, PMKs are always generated during the handshake and there are no length restrictions. The 'sae_password' option is more suited for SAE and should be used instead. Before this patch, the 'sae_password' option is only used with mesh mode passwords that are not 64 characters long. As a consequence: - mesh passwords can't be 64 characters in length - SAE only works with passwords with lengths >8 and <=63 (due to psk limitation). Fix this by always using 'sae_password' with SAE/mesh and applying the PMK differentiation only when PSK is used. Fixes: #11324 Signed-off-by: Leon M. Busch-George <[email protected]> [ improve commit description ] Signed-off-by: Christian Marangi <[email protected]> (cherry picked from commit ae75153)

Fixes: #896 Signed-off-by: Tianling Shen <[email protected]>

Fixes bogus errors on ubus calls Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit cf992ca)

Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit a589031)

Manually rebased: - layerscape/patches-5.4/801-audio-0037-MLK-16224-4-ASoC-fsl_sai-support-multi-fifo-and-DSD.patch - ramips/patches-5.4/0031-uvc-add-iPassion-iP2970-support.patch Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 3ddf2d6)

Signed-off-by: Tianling Shen <[email protected]>

The callback handling of the tasklet API was redesigned and the macros using the old syntax renamed to _OLD. The stuck queue is now passed to ndo_tx_timeout callback but not used so far. Signed-off-by: Mathias Kresin <[email protected]> Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=linux-5.4.y&id=7a6fb69bbcb21e9ce13bdf18c008c268874f0480 Signed-off-by: John Audia <[email protected]> Signed-off-by: Tianling Shen <[email protected]>

Fixes: #907 Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

Due to SCHED_FIFO being a broken scheduler model, all users of sched_setscheduler() are converted to sched_set_fifo_low() upstream and sched_setscheduler() is no longer exported. The callback handling of the tasklet API was redesigned and the macros using the old syntax renamed to _OLD. Signed-off-by: Mathias Kresin <[email protected]> ltq tapi (cherry picked from commit 31f3f79)

Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit ffaabee)

Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit cb26618)

Signed-off-by: Tianling Shen <[email protected]>

Compile-tested: armvirt/64, lantiq/xrx200 Run-tested: armvirt/64 Signed-off-by: Hauke Mehrtens <[email protected]>

https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.4.235&id=7a6fb69bbcb21e9ce13bdf18c008c268874f0480 Signed-off-by: John Audia <[email protected]> (cherry picked from commit fbfec32)

The callback handling of the tasklet API was redesigned and the macros using the old syntax renamed to _OLD. The stuck queue is now passed to ndo_tx_timeout callback but not used so far. Signed-off-by: Mathias Kresin <[email protected]> (cherry picked from commit 804c541) [Add DECLARE_TASKLET handling for kernel 5.4.235 too] Signed-off-by: Hauke Mehrtens <[email protected]>

Due to SCHED_FIFO being a broken scheduler model, all users of sched_setscheduler() are converted to sched_set_fifo_low() upstream and sched_setscheduler() is no longer exported. The callback handling of the tasklet API was redesigned and the macros using the old syntax renamed to _OLD. Signed-off-by: Mathias Kresin <[email protected]> (cherry picked from commit 31f3f79) [Add DECLARE_TASKLET handling for kernel 5.4.235 too] Signed-off-by: Hauke Mehrtens <[email protected]>

Compile-tested: armvirt/64, lantiq/xrx200 Run-tested: armvirt/64, lantiq/xrx200 Signed-off-by: Hauke Mehrtens <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

The USB port on the MR8300 randomly fails to feed bus-powered devices. This is caused by a misconfigured pinmux. The GPIO68 should be used to enable the USB power (active low), but it's inside the NAND pinmux. This GPIO pin was found in the original firmware at a startup script in both MR8300 and EA8300. Therefore apply the fix for both boards. Signed-off-by: Daniel González Cabanelas <[email protected]> Reviewed-by: Robert Marko <[email protected]> (cherry picked from commit ed64c33) Signed-off-by: Steffen Scheib <[email protected]>

Fixes CVE-2022-47522 Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit d54c91b)

On any currently supported hardware, the performance impact should not matter anymore. Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit 75e78bc)

Fixes CVE-2022-47522 Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit d54c91b) (cherry picked from commit 4ae854d05568bc36a4df2cb6dd8fb023b5ef9944)

Signed-off-by: Tianling Shen <[email protected]>

This reverts commit ee76f4f. Signed-off-by: Tianling Shen <[email protected]>

The modem is based on Marvell PXA1826 and uses ACM+RNDIS interface to establish connection with custom commands specific to ZTE modems. Two variants of modems were discovered, some identifying themselves as "ZTE", and others as plain "Marvell", the chipset manufacturer. The modem itself runs a fork of OpenWrt inside, which root shell can be accessed via ADB interface. Signed-off-by: Cezary Jackiewicz <[email protected]> Signed-off-by: Lech Perczak <[email protected]> (cherry picked from commit e02fb42)

context_type is an integer mapping of pdptype: 1: IPV4 2: IPV6 3: IPV4V6 Signed-off-by: Jan-Niklas Burfeind <[email protected]> (cherry picked from commit 13f82ce)

This patch solves the problem of receiving "error" responses when initially calling gcom. This avoids unnecessary NO_DEVICE failures. A retry loop retries the call after an "error" response within the specified delay. A successful response will continue with the connection immediately without waiting for max specified delay, bringing the interface up sooner. Signed-off-by: Mike Wilson <[email protected]> (cherry picked from commit 8f27093)

The MikroTik R11e-LTE6 modem goes into flight mode (CFUN=4) at startup and the radio is off (*RADIOPOWER: 0): AT+RESET OK OK *SIMDETEC:2,NOS *SIMDETEC:1,SIM *ICCID: 8936500119010596302 *EUICC: 1 +MSTK: 11, D025....74F3 *ADMINDATA: 0, 2, 0 +CPIN: READY *EUICC: 1 *ECCLIST: 5, 0, 112, 0, 000, 0, 08, 0, 118, 0, 911 +CREG: 0 $CREG: 0 +CESQ: 99,99,255,255,255,255 *CESQ: 99,99,255,255,255,255,0 +CGREG: 0 +CEREG: 0 +CESQ: 99,99,255,255,255,255 *CESQ: 99,99,255,255,255,255,0 *RADIOPOWER: 0 +MMSG: 0, 0 +MMSG: 0, 0 +MMSG: 1, 0 +MPBK: 1 While the chat script is able to establish the PPP connection, it's closed instantly by the modem: LCP terminated by peer. local2.info chat[7000]: send (ATD*99***1#^M) local2.info chat[7000]: expect (CONNECT) local2.info chat[7000]: ^M local2.info chat[7000]: ATD*99***1#^M^M local2.info chat[7000]: CONNECT local2.info chat[7000]: -- got it local2.info chat[7000]: send ( ^M) daemon.info pppd[6997]: Serial connection established. kern.info kernel: [ 453.659146] 3g-mikrotik: renamed from ppp0 daemon.info pppd[6997]: Renamed interface ppp0 to 3g-mikrotik daemon.info pppd[6997]: Using interface 3g-mikrotik daemon.notice pppd[6997]: Connect: 3g-mikrotik <--> /dev/ttyACM0 daemon.info pppd[6997]: LCP terminated by peer daemon.notice pppd[6997]: Connection terminated. daemon.notice pppd[6997]: Modem hangup daemon.info pppd[6997]: Exit. daemon.notice netifd: Interface 'mikrotik' is now down Sending "AT+CFUN=1" to modem deactivates the flight mode and solves the issue: daemon.notice netifd: Interface 'mikrotik' is setting up now daemon.notice netifd: mikrotik (7051): sending -> AT+CFUN=1 daemon.notice pppd[7137]: pppd 2.4.9 started by root, uid 0 local2.info chat[7140]: abort on (BUSY) local2.info chat[7140]: abort on (NO CARRIER) local2.info chat[7140]: abort on (ERROR) local2.info chat[7140]: report (CONNECT) local2.info chat[7140]: timeout set to 10 seconds local2.info chat[7140]: send (AT&F^M) local2.info chat[7140]: expect (OK) local2.info chat[7140]: ^M local2.info chat[7140]: +CESQ: 99,99,255,255,255,255^M local2.info chat[7140]: ^M local2.info chat[7140]: *CESQ: 99,99,255,255,255,255,0^M local2.info chat[7140]: AT&F^MAT&F^M^M local2.info chat[7140]: OK local2.info chat[7140]: -- got it ... local2.info chat[7140]: send (ATD*99***1#^M) local2.info chat[7140]: expect (CONNECT) local2.info chat[7140]: ^M local2.info chat[7140]: ATD*99***1#^M^M local2.info chat[7140]: CONNECT local2.info chat[7140]: -- got it local2.info chat[7140]: send ( ^M) daemon.info pppd[7137]: Serial connection established. kern.info kernel: [ 463.094254] 3g-mikrotik: renamed from ppp0 daemon.info pppd[7137]: Renamed interface ppp0 to 3g-mikrotik daemon.info pppd[7137]: Using interface 3g-mikrotik daemon.notice pppd[7137]: Connect: 3g-mikrotik <--> /dev/ttyACM0 daemon.warn pppd[7137]: Could not determine remote IP address: defaulting to 10.64.64.64 daemon.notice pppd[7137]: local IP address 100.112.63.62 daemon.notice pppd[7137]: remote IP address 10.64.64.64 daemon.notice pppd[7137]: primary DNS address 185.29.83.64 daemon.notice pppd[7137]: secondary DNS address 185.62.131.64 daemon.notice netifd: Network device '3g-mikrotik' link is up daemon.notice netifd: Interface 'mikrotik' is now up To send this AT command to the modem the "runcommand.gcom" script dependency is moved from comgt-ncm to comgt. As the comgt-ncm package depends on comgt already, this change is a NOOP from that point of view. But from the modem's point it is a low hanging fruit as the modem is usable with installing comgt and kmod-usb-ncm packages. Signed-off-by: Szabolcs Hubai <[email protected]> (cherry picked from commit 91eca7b)

The Mikrotik R11e-LTE6 modem is similar to ZTE MF286R modem, added earlier: it has a Marvel chip, able to work in ACM+RNDIS mode, knows ZTE specific commands, runs OpenWrt Barrier Breaker fork. While the modem is able to offer IPv6 address, the RNDIS setup is unable to complete if there is an IPv6 adress. While it works in ACM+RNDIS mode, the user experience isn't as good as with "proto 3g": the modem happily serves a local IP (192.168.1.xxx) without internet access. Of course, if the modem has enough time (for example at the second dialup), it will serve a public IP. Modifing the DHCP Lease (to a short interval before connect and back to default while finalizing) is a workaround to get a public IP at the first try. A safe workaround for this is to excercise an offline script of the pingcheck program: simply restart (ifdown - ifup) the connection. Another pitfall is that the modem writes a few messages at startup, which confuses the manufacturer detection algorithm and got disabled. daemon.notice netifd: Interface 'mikrotik' is setting up now daemon.notice netifd: mikrotik (2366): Failed to parse message data daemon.notice netifd: mikrotik (2366): WARNING: Variable 'ok' does not exist or is not an array/object daemon.notice netifd: mikrotik (2366): Unsupported modem daemon.notice netifd: mikrotik (2426): Stopping network mikrotik daemon.notice netifd: mikrotik (2426): Failed to parse message data daemon.notice netifd: mikrotik (2426): WARNING: Variable '*simdetec:1,sim' does not exist or is not an array/object daemon.notice netifd: mikrotik (2426): Unsupported modem daemon.notice netifd: Interface 'mikrotik' is now down A workaround for this is to use the "delay" option in the interface configuration. I want to thank Forum members dchard (in topic Adding support for MikroTik hAP ac3 LTE6 kit (D53GR_5HacD2HnD)) [1] and mrhaav (in topic OpenWrt X86_64 + Mikrotik R11e-LTE6) [2] for sharing their experiments and works. Another information page was found at eko.one.pl [3]. [1]: https://forum.openwrt.org/t/137555 [2]: https://forum.openwrt.org/t/151743 [3]: https://eko.one.pl/?p=modem-r11elte Signed-off-by: Szabolcs Hubai <[email protected]> (cherry picked from commit dbd6ebd)

…s patch" Keep this for shortcut-fe. This reverts commit cbe73ea. Fixes: #923 Signed-off-by: Tianling Shen <[email protected]>

Add support for the Firefly ROC-RK3328-CC. Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit d9a1c7a)

Hardware -------- RockChip RK3328 ARM64 (4 cores) 4GB DDR4 RAM 1x 1000 Base-T 2 LEDs (POWER / USER) HDMI 2.0 3.5mm TRRS AV jack Micro-SD slot eMMC slot 1x USB 3.0 Port 2x USB 2.0 Port Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit f05de85)

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit bed2c6c)

Signed-off-by: AmadeusGhost <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

There's no valid mac address for the second band in the eeprom. The vendor fw uses 2.4G mac + 4 as the mac for 5G radio. Do the same in our firmware. Fixes: 23be410 ("ramips: add support for TOTOLINK X5000R") Signed-off-by: Chuanhong Guo <[email protected]> (cherry picked from commit 2126325)

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 1f85199)

Setting this options modifies the rootfs size of created images. When installing a large number of packages it may become necessary to increase the size to have enough storage. This option is only useful for supported devices, i.e. with an attached SD Card or installed on a hard drive. Signed-off-by: Paul Spooren <[email protected]> (cherry picked from commit 7b7edd2)

Signed-off-by: Daniel Golle <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

007d94546749 uclient: cancel state change timeout in uclient_disconnect() 644d3c7e13c6 ci: improve wolfSSL test coverage dc54d2b544a1 tests: add certificate check against letsencrypt.org Signed-off-by: Matthias Schiffer <[email protected]> (cherry picked from commit 4f1c2e8)

Signed-off-by: Tianling Shen <[email protected]>

Import commit "ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size" which did not yet make it to stable upstream Linux trees. Fixes: #12232 Fixes: #12339 Signed-off-by: Daniel Golle <[email protected]> (cherry picked from commit aad3481)

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 6bed850)

Apply two patches fixing low-severity vulnerabilities related to certificate policies validation: - Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464) Severity: Low A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. - Invalid certificate policies in leaf certificates are silently ignored (CVE-2023-0465) Severity: Low Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Note: OpenSSL also released a fix for low-severity security advisory CVE-2023-466. It is not included here because the fix only changes the documentation, which is not built nor included in any OpenWrt package. Due to the low-severity of these issues, there will be not be an immediate new release of OpenSSL. Signed-off-by: Eneas U de Queiroz <[email protected]>

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 327536f)

Signed-off-by: Tianling Shen <[email protected]>

For firmware-selector. Signed-off-by: Tianling Shen <[email protected]>

Removed upstreamed patches: - generic/backport-5.4/430-v6.3-ubi-Fix-failure-attaching-when-vid_hdr-offset-equals.patch - mvebu/patches-5.4/008-net-mvneta-make-tx-buffer-array-agnostic.patch Refreshed all patches. Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Hauke Mehrtens <[email protected]>

Partial clone is much faster without clipping history Signed-off-by: Glen Huang <[email protected]> [also apply to include/download.mk] Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 3151477)

Refreshed all patches. Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit b6cc644)

Unfortunately this feature requires very recent git version. This reverts commit b6cc644. Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 98bb1a6)

Add support for the FriendlyARM NanoPi R4SE. Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 133ee76)

The FriendlyARM NanoPi R4SE is a minor variant of R4S with a on-board eMMC. Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 1ef2391)

Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Nian Bohung <[email protected]> (cherry picked from commit 454ebdf)

Signed-off-by: Tianling Shen <[email protected]>

The index.json file lies next to Packages index files and contains a json dict with the package architecture and a dict of package names and versions. This can be used for downstream project to know what packages in which versions are available. Signed-off-by: Paul Spooren <[email protected]> (cherry picked from commit 218ce40)

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 6fc6d06)

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 650f5ea)

The index.json file lies next to Packages index files and contains a json dict with the package architecture and a dict of package names and versions. This can be used for downstream project to know what packages in which versions are available. Signed-off-by: Paul Spooren <[email protected]> (cherry picked from commit 218ce40)

Manually rebased: * bcm27xx/patches-5.4/950-0052-firmware-bcm2835-Support-ARCH_BCM270x.patch * bcm27xx/patches-5.4/950-0642-media-uapi-Add-MEDIA_BUS_FMT_SENSOR_DATA-media-bus-f.patch * bcm27xx/patches-5.4/950-0653-Revert-firmware-raspberrypi-register-clk-device.patch Refreshed all patches. Signed-off-by: Tianling Shen <[email protected]>

1. add bolt_bl201 LED aliases 2. fix bolt_bl201 restart key gpio 3. make bolt_bl201 bootloader read-only 4. add bolt_bl201 partition settings 5. fix bolt_bl201 wrong gpio group 6. update bolt_bl201 LED and network switch settings (cherry picked from commit 3575157)

Signed-off-by: Tianling Shen <[email protected]>

Add driver for QLogic QLE8240 and QLE8242 Converged Ethernet devices. Signed-off-by: Vieno Hakkerinen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit acf1d35)

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit e218aa4)

Update the ca-certificates and ca-bundle package from version 20211016 to version 20230311. Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches. Debian change-log entry [1]: |[...] |[ Đoàn Trần Công Danh ] |* ca-certificates: compat with non-GNU mktemp (closes: #1000847) | |[ Ilya Lipnitskiy ] |* certdata2pem.py: use UTC time when checking cert validity | |[ Julien Cristau ] |* Update Mozilla certificate authority bundle to version 2.60 | The following certificate authorities were added (+): | + "Autoridad de Certificacion Firmaprofesional CIF A62634068" | + "Certainly Root E1" | + "Certainly Root R1" | + "D-TRUST BR Root CA 1 2020" | + "D-TRUST EV Root CA 1 2020" | + "DigiCert TLS ECC P384 Root G5" | + "DigiCert TLS RSA4096 Root G5" | + "E-Tugra Global Root CA ECC v3" | + "E-Tugra Global Root CA RSA v3" | + "HARICA TLS ECC Root CA 2021" | + "HARICA TLS RSA Root CA 2021" | + "HiPKI Root CA - G1" | + "ISRG Root X2" | + "Security Communication ECC RootCA1" | + "Security Communication RootCA3" | + "Telia Root CA v2" | + "TunTrust Root CA" | + "vTrus ECC Root CA" | + "vTrus Root CA" | The following certificate authorities were removed (-): | - "Cybertrust Global Root" (expired) | - "EC-ACC" | - "GlobalSign Root CA - R2" (expired) | - "Hellenic Academic and Research Institutions RootCA 2011" | - "Network Solutions Certificate Authority" | - "Staat der Nederlanden EV Root CA" (expired) |* Drop trailing space from debconf template causing misformatting | (closes: #980821) | |[ Wataru Ashihara ] |* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244) |[...] [1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 7c83b6a)

Changes between 1.1.1t and 1.1.1u [30 May 2023] *) Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic OBJECT IDENTIFIER sub-identifiers to canonical numeric text form. OBJ_obj2txt() would translate any size OBJECT IDENTIFIER to canonical numeric text form. For gigantic sub-identifiers, this would take a very long time, the time complexity being O(n^2) where n is the size of that sub-identifier. (CVE-2023-2650) To mitigitate this, `OBJ_obj2txt()` will only translate an OBJECT IDENTIFIER to canonical numeric text form if the size of that OBJECT IDENTIFIER is 586 bytes or less, and fail otherwise. The basis for this restriction is RFC 2578 (STD 58), section 3.5. OBJECT IDENTIFIER values, which stipulates that OBJECT IDENTIFIERS may have at most 128 sub-identifiers, and that the maximum value that each sub- identifier may have is 2^32-1 (4294967295 decimal). For each byte of every sub-identifier, only the 7 lower bits are part of the value, so the maximum amount of bytes that an OBJECT IDENTIFIER with these restrictions may occupy is 32 * 128 / 7, which is approximately 586 bytes. Ref: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5 [Richard Levitte] *) Reworked the Fix for the Timing Oracle in RSA Decryption (CVE-2022-4304). The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case compared to 1.1.1s. The new fix uses existing constant time code paths, and restores the previous performance level while fully eliminating all existing timing side channels. The fix was developed by Bernd Edlinger with testing support by Hubert Kario. [Bernd Edlinger] *) Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that it does not enable policy checking. Thanks to David Benjamin for discovering this issue. (CVE-2023-0466) [Tomas Mraz] *) Fixed an issue where invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. (CVE-2023-0465) [Matt Caswell] *) Limited the number of nodes created in a policy tree to mitigate against CVE-2023-0464. The default limit is set to 1000 nodes, which should be sufficient for most installations. If required, the limit can be adjusted by setting the OPENSSL_POLICY_TREE_NODES_MAX build time define to a desired maximum number of nodes or zero to allow unlimited growth. (CVE-2023-0464) [Paul Dale] Removed upstreamed patches. Signed-off-by: Tianling Shen <[email protected]>

Refreshed all patches. Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

A static-linked binary doesn't have a .dynamic section, but when starting ujail with -r or -w will automatically search for PT_DYNAMIC in ELF and exit with failure if it is not found. Fixes: #970 Signed-off-by: Yuteng Zhong <[email protected]> Signed-off-by: Tianling Shen <[email protected]>

openssl sets additional cflags in its configuration script. We need to make it aware of our custom cflags to avoid adding conflicting cflags. Fixes: #12866 Signed-off-by: Jitao Lu <[email protected]> (cherry picked from commit 51f57e7)

Some devices rename cferam bootloader using specific patterns and don't follow broadcom standards for renaming cferam files. This requires supporting different cferam file names. Signed-off-by: Álvaro Fernández Rojas <[email protected]> (cherry picked from commit 8813edd)

The DGND3700v2 renames the cferam bootloader from cferam to cfeXXX, where XXX is the number of firmware upgrades performed by the bootloader. Other bcm63xx devices rename cferam.000 to cferam.XXX, but this device is special because the cferam name isn't changed on the first firmware flashing but it's changed on the subsequent ones. Therefore, we need to look for "cfe" instead of "cferam" to properly detect the cferam partition and fix the bootlop. Signed-off-by: Álvaro Fernández Rojas <[email protected]> (cherry picked from commit cdfcac6)

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 1bd9254)

Refreshed all patches. Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit a290a61)

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit c90db07)

Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit fd71ef3)

This fixes: [ 2.548098] bgmac_bcma bcma0:1: Failed to register fixed PHY device [ 2.554584] bgmac_bcma bcma0:1: Cannot connect to phy and downstream (swconfig-based) b53 driver failing to load. Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit 6cdac99)

Fix two long-standing regressions. Fixes: openwrt/openwrt#8278 Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit 5e48c53)

Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit d54f3b2)

Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit 8674b41)

Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit 37ff916)

Signed-off-by: Tianling Shen <[email protected]>

Some device recipes remove default target packages. If user tries to add them back they will be ignored, since packages list is processed in one go. Process the device recipe packages first and do user ones later, so additions won't get filtered out. Signed-off-by: Tomasz Maciej Nowak <[email protected]> (cherry picked from commit e40b9a7)

'help' target fails not finding a file, so follow up on a change[2] made as a fix for main README[1]. 1. d011371 ("README: port to 21st century") 2. 751486b ("build: fix README.md reference after rename") Signed-off-by: Tomasz Maciej Nowak <[email protected]> (cherry picked from commit 2d5f703) (cherry picked from commit e9911f1) Signed-off-by: Christian Lamparter <[email protected]>

Refreshed all patches. Signed-off-by: Tianling Shen <[email protected]>

Basic fan controls are working, including PWM and tachometer. RPM target mode is not working yet. Signed-off-by: Robert Marko <[email protected]> Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

It seems that DSA-based b53 driver never worked with BCM53573 SoCs and BCM53125. In case of swconfig-based b53 this fixes a regression. Switching bgmac from using mdiobus_register() to of_mdiobus_register() resulted in MDIO device (BCM53125) having of_node set (see of_mdiobus_register_phy()). That made downstream b53 driver read invalid data from DT and broke Ethernet support. Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit 79fd3e6)

Those sort out BCM53573 Ethernet info finally. Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit ca8868a)

Signed-off-by: Tianling Shen <[email protected]>

Removed upstreamed patches: - generic/backport-5.4/711-v6.3-bgmac-fix-initial-chip-reset-to-support-BCM5358.patch - bcm53xx/patches-5.4/043-v6.5-0003-ARM-dts-BCM5301X-Drop-clock-names-from-the-SPI-node.patch Manually rebased: - generic/hack-5.4/952-net-conntrack-events-support-multiple-registrant.patch Refreshed all patches. Signed-off-by: Tianling Shen <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

Safely detect integer overflow in try_addint() and try_subint(). Old code relied on undefined behavior, and recent versions of GCC on x86 optimized away the if-statements. This caused integer overflow in Lua code instead of falling back to floating-point numbers. Signed-off-by: Adam Bailey <[email protected]> (cherry picked from commit 3a2e7c3)

Inline the preinst.arm-ce script. Support for including was added in make 4.2 and is not working with older make versions. Fixes: openwrt/openwrt#11866 Signed-off-by: Chen Minqiang <[email protected]> (cherry picked from commit fcde517)

Release Notes: - https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.0-stable - https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.2-stable - https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.3-stable Refresh patch: - 100-disable-hardening-check.patch Backport patch: - 001-fix-detection-of-cut-tool-in-configure.ac.patch Signed-off-by: Nick Hainke <[email protected]> (cherry picked from commit 0e83b5e)

Changelog: * New Microcodes: sig 0x000606c1, pf_mask 0x10, 2022-08-07, rev 0x1000201, size 286720 sig 0x000b0671, pf_mask 0x32, 2022-09-07, rev 0x010e, size 204800 * Updated Microcodes: sig 0x000706e5, pf_mask 0x80, 2022-08-02, rev 0x00b6, size 113664 sig 0x000806c1, pf_mask 0x80, 2022-06-28, rev 0x00a6, size 110592 sig 0x000806d1, pf_mask 0xc2, 2022-06-28, rev 0x0042, size 102400 sig 0x000806ec, pf_mask 0x94, 2022-07-31, rev 0x00f4, size 105472 sig 0x00090661, pf_mask 0x01, 2022-07-15, rev 0x0017, size 20480 sig 0x00090672, pf_mask 0x07, 2022-09-19, rev 0x0026, size 218112 sig 0x00090675, pf_mask 0x07, 2022-09-19, rev 0x0026 sig 0x000b06f2, pf_mask 0x07, 2022-09-19, rev 0x0026 sig 0x000b06f5, pf_mask 0x07, 2022-09-19, rev 0x0026 sig 0x000906a3, pf_mask 0x80, 2022-09-19, rev 0x0424, size 217088 sig 0x000906a4, pf_mask 0x80, 2022-09-19, rev 0x0424 sig 0x000906ed, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 104448 sig 0x000a0652, pf_mask 0x20, 2022-07-31, rev 0x00f4, size 96256 sig 0x000a0653, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 97280 sig 0x000a0655, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 96256 sig 0x000a0660, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 97280 sig 0x000a0661, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 96256 sig 0x000a0671, pf_mask 0x02, 2022-08-02, rev 0x0056, size 103424 We need to update to this version because https://ftp.debian.org/debian/pool/non-free/i/intel-microcode/intel-microcode_3.20220809.1.tar.xz has been removed. Signed-off-by: Linhui Liu <[email protected]> (cherry picked from commit 340d3d8)

Debian changelog: intel-microcode (3.20230512.1) unstable; urgency=medium * New upstream microcode datafile 20230512 (closes: #1036013) * Includes fixes or mitigations for an undisclosed security issue * New microcodes: sig 0x000906a4, pf_mask 0x40, 2022-10-12, rev 0x0004, size 115712 sig 0x000b06e0, pf_mask 0x01, 2022-12-19, rev 0x0010, size 134144 * Updated microcodes: sig 0x00050653, pf_mask 0x97, 2022-12-21, rev 0x1000171, size 36864 sig 0x00050654, pf_mask 0xb7, 2022-12-21, rev 0x2006f05, size 44032 sig 0x00050656, pf_mask 0xbf, 2022-12-21, rev 0x4003501, size 37888 sig 0x00050657, pf_mask 0xbf, 2022-12-21, rev 0x5003501, size 37888 sig 0x0005065b, pf_mask 0xbf, 2022-12-21, rev 0x7002601, size 29696 sig 0x000606a6, pf_mask 0x87, 2022-12-28, rev 0xd000390, size 296960 sig 0x000706e5, pf_mask 0x80, 2022-12-25, rev 0x00ba, size 113664 sig 0x000806a1, pf_mask 0x10, 2023-01-13, rev 0x0033, size 34816 sig 0x000806c1, pf_mask 0x80, 2022-12-28, rev 0x00aa, size 110592 sig 0x000806c2, pf_mask 0xc2, 2022-12-28, rev 0x002a, size 97280 sig 0x000806d1, pf_mask 0xc2, 2022-12-28, rev 0x0044, size 102400 sig 0x000806e9, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472 sig 0x000806e9, pf_mask 0x10, 2023-01-02, rev 0x00f2, size 105472 sig 0x000806ea, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472 sig 0x000806eb, pf_mask 0xd0, 2022-12-26, rev 0x00f2, size 105472 sig 0x000806ec, pf_mask 0x94, 2022-12-26, rev 0x00f6, size 105472 sig 0x000806f8, pf_mask 0x87, 2023-03-13, rev 0x2b000461, size 564224 sig 0x000806f7, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f6, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f5, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f4, pf_mask 0x87, 2023-03-13, rev 0x2b000461 sig 0x000806f8, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1, size 595968 sig 0x000806f6, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1 sig 0x000806f5, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1 sig 0x000806f4, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1 sig 0x000906a3, pf_mask 0x80, 2023-02-14, rev 0x042a, size 218112 sig 0x000906a4, pf_mask 0x80, 2023-02-14, rev 0x042a sig 0x000906e9, pf_mask 0x2a, 2022-12-26, rev 0x00f2, size 108544 sig 0x000906ea, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448 sig 0x000906eb, pf_mask 0x02, 2022-12-26, rev 0x00f2, size 105472 sig 0x000906ec, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448 sig 0x000906ed, pf_mask 0x22, 2023-02-05, rev 0x00f8, size 104448 sig 0x000a0652, pf_mask 0x20, 2022-12-27, rev 0x00f6, size 96256 sig 0x000a0653, pf_mask 0x22, 2023-01-01, rev 0x00f6, size 97280 sig 0x000a0655, pf_mask 0x22, 2022-12-26, rev 0x00f6, size 96256 sig 0x000a0660, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 97280 sig 0x000a0661, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 96256 sig 0x000a0671, pf_mask 0x02, 2022-12-25, rev 0x0058, size 103424 sig 0x000b0671, pf_mask 0x32, 2023-02-06, rev 0x0113, size 207872 sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992 sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112 * source: update symlinks to reflect id of the latest release, 20230512 -- Henrique de Moraes Holschuh <[email protected]> Tue, 16 May 2023 00:13:02 -0300 intel-microcode (3.20230214.1) unstable; urgency=medium * Non-maintainer upload. * New upstream microcode datafile 20230214 - Includes Fixes for: (Closes: #1031334) - INTEL-SA-00700: CVE-2022-21216 - INTEL-SA-00730: CVE-2022-33972 - INTEL-SA-00738: CVE-2022-33196 - INTEL-SA-00767: CVE-2022-38090 * New Microcodes: sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170 sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064 sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181 sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152 sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992 sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e * Updated Microcodes: sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864 sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888 sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888 sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696 sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960 sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792 sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776 sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800 sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664 sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816 sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136 sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429 sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112 sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429 sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480 sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424 sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872 sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c -- Tobias Frost <[email protected]> Sun, 12 Mar 2023 18:16:50 +0100 Signed-off-by: Christian Lamparter <[email protected]> (cherry picked from commit 8182c7e)

Debian changelog: intel-microcode (3.20230808.1) unstable; urgency=high * New upstream microcode datafile 20230808 (closes: #1043305) Mitigations for "Downfall" INTEL-SA-00828 (CVE-2022-40982), INTEL-SA-00836 (CVE-2023-23908) and INTEL-SA-00837 (CVE-2022-41804) * Updated microcodes: sig 0x00050653, pf_mask 0x97, 2023-03-23, rev 0x1000181, size 36864 sig 0x00050654, pf_mask 0xb7, 2023-03-06, rev 0x2007006, size 44032 sig 0x00050656, pf_mask 0xbf, 2023-03-17, rev 0x4003604, size 38912 sig 0x00050657, pf_mask 0xbf, 2023-03-17, rev 0x5003604, size 38912 sig 0x0005065b, pf_mask 0xbf, 2023-03-21, rev 0x7002703, size 30720 sig 0x000606a6, pf_mask 0x87, 2023-03-30, rev 0xd0003a5, size 297984 sig 0x000706e5, pf_mask 0x80, 2023-02-26, rev 0x00bc, size 113664 sig 0x000806c1, pf_mask 0x80, 2023-02-27, rev 0x00ac, size 111616 sig 0x000806c2, pf_mask 0xc2, 2023-02-27, rev 0x002c, size 98304 sig 0x000806d1, pf_mask 0xc2, 2023-02-27, rev 0x0046, size 103424 sig 0x000806e9, pf_mask 0xc0, 2023-02-22, rev 0x00f4, size 106496 sig 0x000806e9, pf_mask 0x10, 2023-02-23, rev 0x00f4, size 105472 sig 0x000806ea, pf_mask 0xc0, 2023-02-23, rev 0x00f4, size 105472 sig 0x000806eb, pf_mask 0xd0, 2023-02-23, rev 0x00f4, size 106496 sig 0x000806ec, pf_mask 0x94, 2023-02-26, rev 0x00f8, size 106496 sig 0x000806f8, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416 sig 0x000806f7, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1 sig 0x000806f6, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1 sig 0x000806f5, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1 sig 0x000806f4, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1 sig 0x000806f8, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184 sig 0x000806f6, pf_mask 0x10, 2023-05-15, rev 0x2c000271 sig 0x000806f5, pf_mask 0x10, 2023-05-15, rev 0x2c000271 sig 0x000806f4, pf_mask 0x10, 2023-05-15, rev 0x2c000271 sig 0x00090672, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160 sig 0x00090675, pf_mask 0x07, 2023-04-18, rev 0x002e sig 0x000b06f2, pf_mask 0x07, 2023-04-18, rev 0x002e sig 0x000b06f5, pf_mask 0x07, 2023-04-18, rev 0x002e sig 0x000906a3, pf_mask 0x80, 2023-04-18, rev 0x042c, size 219136 sig 0x000906a4, pf_mask 0x80, 2023-04-18, rev 0x042c sig 0x000906e9, pf_mask 0x2a, 2023-02-23, rev 0x00f4, size 108544 sig 0x000906ea, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 104448 sig 0x000906eb, pf_mask 0x02, 2023-02-23, rev 0x00f4, size 106496 sig 0x000906ec, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 105472 sig 0x000906ed, pf_mask 0x22, 2023-02-27, rev 0x00fa, size 106496 sig 0x000a0652, pf_mask 0x20, 2023-02-23, rev 0x00f8, size 97280 sig 0x000a0653, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280 sig 0x000a0655, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280 sig 0x000a0660, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 97280 sig 0x000a0661, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 96256 sig 0x000a0671, pf_mask 0x02, 2023-02-26, rev 0x0059, size 104448 sig 0x000b0671, pf_mask 0x32, 2023-06-06, rev 0x0119, size 210944 sig 0x000b06a2, pf_mask 0xe0, 2023-06-06, rev 0x4119, size 216064 sig 0x000b06a3, pf_mask 0xe0, 2023-06-06, rev 0x4119 sig 0x000b06e0, pf_mask 0x11, 2023-04-12, rev 0x0011, size 136192 * source: update symlinks to reflect id of the latest release, 20230808 intel-microcode (3.20230512.1) unstable; urgency=medium Signed-off-by: Hauke Mehrtens <[email protected]> (cherry picked from commit ced2854)

Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit ae4b007)

4435700d18 Remove redundant YYLOC global declaration Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit 57a8ea6)

7aefb47 jitterentropy-rngd: update to the v1.2.0 What's interesting about jitterentropy-rngd v1.2.0 release is that it bumps its copy of jitterentropy-library from v2.2.0 to the v3.0.0. That bump includes a relevant commit 3130cd9 ("replace LSFR with SHA-3 256"). When initializing entropy jent calculates time delta. Time values are obtained using clock_gettime() + CLOCK_REALTIME. There is no guarantee from CLOCK_REALTIME of unique values and slow devices often return duplicated ones. A switch from jent_lfsr_time() to jent_hash_time() resulted in many less cases of zero delta and avoids ECOARSETIME. Long story short: on some system this fixes: [ 6.722725] urngd: jent-rng init failed, err: 2 This is important change for BCM53573 which doesn't include hwrng and seems to have arch_timer running at 36,8 Hz. Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit c74b5e0)

Signed-off-by: Tianling Shen <[email protected]>

7aefb47 jitterentropy-rngd: update to the v1.2.0 What's interesting about jitterentropy-rngd v1.2.0 release is that it bumps its copy of jitterentropy-library from v2.2.0 to the v3.0.0. That bump includes a relevant commit 3130cd9 ("replace LSFR with SHA-3 256"). When initializing entropy jent calculates time delta. Time values are obtained using clock_gettime() + CLOCK_REALTIME. There is no guarantee from CLOCK_REALTIME of unique values and slow devices often return duplicated ones. A switch from jent_lfsr_time() to jent_hash_time() resulted in many less cases of zero delta and avoids ECOARSETIME. Long story short: on some system this fixes: [ 6.722725] urngd: jent-rng init failed, err: 2 This is important change for BCM53573 which doesn't include hwrng and seems to have arch_timer running at 36,8 Hz. Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit c74b5e0)

It seems that the Makefile has both CC and CFLAGS hardcoded and does not allow overriding them by ones being passed by the buildsystem. This works fine until CONFIG_PKG_ASLR_PIE_ALL is selected, then building will fail with: arm-openwrt-linux-muslgnueabi/bin/ld.bfd: mhz.o: relocation R_ARM_MOVW_ABS_NC against `a local symbol' can not be used when making a shared object; recompile with -fPIC arm-openwrt-linux-muslgnueabi/bin/ld.bfd: mhz.o(.text+0x75c): unresolvable R_ARM_CALL relocation against symbol `__aeabi_l2d@@GCC_3.5 So, lets add a patch pending upstream that allows both CC and CFLAGS to be overriden so that ones passed by the buildsystem are actually respected. Fixes: 89123b308f98 ("mhz: add new package") Signed-off-by: Robert Marko <[email protected]> (cherry picked from commit 6c28f46f37d35dce06c320d9ac7f256c113aea22) Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 8c90527)

Signed-off-by: Tianling Shen <[email protected]>

When the membase and pci_dev pointer were moved to a new struct in priv, the actual membase users were left untouched, and they started reading out arbitrary memory behind the struct instead of registers. This unfortunately turned the RNG into a constant number generator, depending on the content of what was at that offset. To fix this, update geode_rng_data_{read,present}() to also get the membase via amd_geode_priv, and properly read from the right addresses again. Closes #13417. Reported-by: Timur I. Davletshin <[email protected]> Tested-by: Timur I. Davletshin <[email protected]> Suggested-by: Jo-Philipp Wich <[email protected]> Signed-off-by: Jonas Gorski <[email protected]> (cherry picked from commit 09d13cd)

Signed-off-by: Nicholas Sun <[email protected]> Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 680e475)

Added minimal mmc support for helper functions: - find_mmc_part: Look for a given partition name. Returns the coresponding partition path - caldata_extract_mmc: Look for a given partition name and then extracts the calibration data - mmc_get_mac_binary: Returns the mac address from a given partition name and offset Signed-off-by: Davide Fioravanti <[email protected]> Signed-off-by: Robert Marko <[email protected]> [replace dd with caldata_dd, moved sysupgrade mmc to orbi] Signed-off-by: Christian Lamparter <[email protected]> (cherry picked from commit 6e13794)

Some devices got more than one mmc device. Allow specifying the root device as 2nd parameter of find_mmc_part so scripts can avoid matching irrelevant partitions on wrong mmc device. Signed-off-by: Daniel Golle <[email protected]> (cherry picked from commit 9f223a2)

Adds generic support for sysupgrading on eMMC-based devices. Provide function emmc_do_upgrade and emmc_copy_config to be used in /lib/upgrade/platform.sh instead of redundantly implementing the same logic over and over again. Similar to generic sysupgrade on NAND, use environment variables CI_KERNPART, CI_ROOTPART and newly introduce CI_DATAPART to indicate GPT partition names to be used. On devices with more than one MMC block device, CI_ROOTDEV can be used to specify the MMC device for partition name lookups. Also allow to select block devices directly using EMMC_KERN_DEV, EMMC_ROOT_DEV and EMMC_DATA_DEV, as using GPT partition names is not always an option (e.g. when forced to use MBR). To easily handle writing kernel and rootfs make use of sysupgrade.tar format convention which is also already used for generic NAND support. Signed-off-by: Enrico Mioso <[email protected]> Signed-off-by: Daniel Golle <[email protected]> CC: Li Zhang <[email protected]> CC: TruongSinh Tran-Nguyen <[email protected]> (cherry picked from commit 57c1f3f)

Rootfs overlays get created at a ROOTDEV_OVERLAY_ALIGN (64KiB) alignment after the rootfs, but emmc_do_upgrade() is assuming it comes at the very next 512-byte sector. Suggested-by: Christian Lamparter <[email protected]> Signed-off-by: Brian Norris <[email protected]> (move spaces around, mention fstools' libtoolfs) Signed-off-by: Christian Lamparter <[email protected]> (cherry picked from commit e8a0c55)

emmc_do_upgrade() relies on identify() from the nand.sh upgrade helper. This only works because FEATURES=emmc targets also tend to include FEATURES=nand. Rename identify_magic() to identify_magic_long() to match the common.sh style and make it clear it pairs with other *_long() variants (and not, say *_word()). Signed-off-by: Brian Norris <[email protected]> (cherry picked from commit d3c19c7)

The PKG_CPE_ID links to NIST CPE version 2.2. Assign PKG_CPE_ID to all remaining package which have a CPE ID. Not every package has CPE id. Related: openwrt/packages#8534 Signed-off-by: Alexander Couzens <[email protected]>

The PKG_CPE_ID links to NIST CPE version 2.2. Assign PKG_CPE_ID to all remaining tools which have a CPE ID. Not every tool has CPE id. Related: openwrt/packages#8534 Signed-off-by: Alexander Couzens <[email protected]>

The PKG_CPE_ID links to NIST CPE version 2.2. Assign PKG_CPE_ID to all remaining package which have a CPE ID. Not every package has a CPE id. Related: openwrt/packages#8534 Signed-off-by: Alexander Couzens <[email protected]>

Vulnerabilities of musl libc are tracked as cpe:/a:musl-libc:musl Signed-off-by: Arne Zachlod <[email protected]>

This adds some Common Platform Enumerations (CPE) identifiers which I found. Signed-off-by: Hauke Mehrtens <[email protected]>

Signed-off-by: Tianling Shen <[email protected]>

Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023] o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650) o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466) o Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465) o Limited the number of nodes created in a policy tree ([CVE-2023-0464]) Signed-off-by: Hauke Mehrtens <[email protected]> (cherry picked from commit afb442270211c00282cecf323d568aa88391a32c)

Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023] o Fix excessive time spent checking DH q parameter value (CVE-2023-3817) o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446) Signed-off-by: Hauke Mehrtens <[email protected]> (cherry picked from commit de29f15af173e9434d11a00ffcf437bd6bc97727)

The compex WPJ563 actually has both usb controllers wired: usb0 --> pci-e slot usb1 --> pin header As the board exposes it for generic use, enable this controller too. fixes: #13650 Signed-off-by: Koen Vandeputte <[email protected]> (cherry picked from commit 9188c77)

Doing a simple ping to my device shows this: 64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=2.00 ms 64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=2.02 ms 64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=1.68 ms 64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=1.91 ms 64 bytes from 10.0.253.101: icmp_seq=5 ttl=64 time=1.92 ms 64 bytes from 10.0.253.101: icmp_seq=6 ttl=64 time=2.04 ms Some users even report higher values on older kernels: 64 bytes from 192.168.1.10: seq=0 ttl=64 time=0.612 ms 64 bytes from 192.168.1.10: seq=1 ttl=64 time=2.852 ms 64 bytes from 192.168.1.10: seq=2 ttl=64 time=2.719 ms 64 bytes from 192.168.1.10: seq=3 ttl=64 time=2.741 ms 64 bytes from 192.168.1.10: seq=4 ttl=64 time=2.808 ms The problem is that the governor is set to Ondemand, which causes the CPU to clock all the way down to 48MHz in some cases. Switching to performance governor: 64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=0.528 ms 64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=0.561 ms 64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=0.633 ms 64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=0.526 ms In theory, using the Performance governor should increase power draw, but it looks like it really does not matter for this soc. Using a calibrated precision DC power supply (cpu idle): Ondemand 24.00V * 0.134A = 3.216 Watts 48.00V * 0.096A = 4.608 Watts Performance 24.00V * 0.135A = 3.240 Watts 48.00V * 0.096A = 4.608 Watts Let's simply switch to the Performance governor by default to fix the general jittery behaviour on devices using this soc. Tested on: MikroTik wAP ac Fixes: #13649 Reviewed-by: Robert Marko <[email protected]> Reviewed-by: Thibaut VARÈNE <[email protected]> Signed-off-by: Koen Vandeputte <[email protected]> (cherry picked from commit b8e5285)

Ensure the MAC address for all NanoPi R1 boards is assigned uniquely for each board. The vendor ships the device in two variants; one with and one without eMMC; but both without static mac-addresses. In order to assign both board types unique MAC addresses, fall back on the same method used for the NanoPi R2S and R4S in case the EEPROM chip is not present by generating the board MAC from the SD card CID. [0] https://wiki.friendlyelec.com/wiki/index.php/NanoPi_R1#Hardware_Spec Similar too and based on: commit b5675f5 ("rockchip: ensure NanoPi R4S has unique MAC address") Co-authored-by: David Bauer <[email protected]> Signed-off-by: Jan-Niklas Burfeind <[email protected]>

Backport the patch that adds the DT for ASUS RT-AC3100. Signed-off-by: Arınç ÜNAL <[email protected]> (cherry picked from commit b7ee8c9)

ASUS RT-AC3100 is ASUS RT-AC88U without the external switch. OpenWrt forum users effortless and ktmakwana have confirmed that there are revisions with either 4366b1 or 4366c0 wireless chips. Therefore, include firmware for 4366b1 along with 4366c0. This way, all hardware revisions of the router will be supported by having brcmfmac use the firmware file for the wireless chip it detects. Signed-off-by: Arınç ÜNAL <[email protected]> (cherry picked from commit 2214bab)

So far every build of a single bcm53xx Target Profile (it means: when NOT using CONFIG_TARGET_MULTI_PROFILE) resulted in all target devices images being built. Now it only builds the one matching selected profile. Fixes: #13572 Suggested-by: Jonas Gorski <[email protected]> Signed-off-by: Rani Hod <[email protected]> [rmilecki: update commit subject + body & move PROFILES line] Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit 802a5f5)

We now have all raw ports defined in bcm-ns.dtsi. Leave only lables in custom device files. Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit 08ce0c7)

Among other changes this commit makes Linux use correct switch ports again. Fixes: fff279f ("bcm53xx: backport DT changes from v6.5") Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit a67af19)

This makes Linux use correct switch ports again. Fixes: fff279f ("bcm53xx: backport DT changes from v6.5") Fixes: openwrt/openwrt#13548 Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit a912ee7)

Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit 732ae34)

Signed-off-by: Rafał Miłecki <[email protected]>

Most (all?) of the realtek devices have two u-boot config partitions with a different set of variables in each. The U-Boot shell provides two sets of apps to manipulate these: printenv- print environment variables printsys- printsys - print system information variables saveenv - save environment variables to persistent storage savesys - savesys - save system information variables to persistent storage setenv - set environment variables setsys - setsys - set system information variables Add support for multiple ubootenv configuration types, allowing more than one configuration file. Section names are not suitable for naming the different configurations since each file can be the result of multiple sections in case of backup partitions. Signed-off-by: Bjørn Mork <[email protected]> (cherry picked from commit a3e9fd7)

Signed-off-by: Tianling Shen <[email protected]>

Fix compilation with glibc 44365eb Deactivate _FORTIFY_SOURCE in jitterentropy-base.c Signed-off-by: Hauke Mehrtens <[email protected]> (cherry picked from commit d62726b)

Signed-off-by: Tianling Shen <[email protected]>

[pull] openwrt-21.02 from immortalwrt:openwrt-21.02 #75

Are you sure you want to change the base?

[pull] openwrt-21.02 from immortalwrt:openwrt-21.02 #75

Commits on Jan 12, 2023

Commits on Jan 13, 2023

Commits on Jan 14, 2023

Commits on Jan 18, 2023

Commits on Jan 25, 2023

Commits on Jan 26, 2023

Commits on Jan 27, 2023

Commits on Jan 28, 2023

Commits on Jan 29, 2023

Commits on Feb 8, 2023

Commits on Feb 11, 2023

Commits on Feb 13, 2023

Commits on Feb 17, 2023

Commits on Feb 18, 2023

Commits on Feb 19, 2023

Commits on Feb 23, 2023

Commits on Feb 24, 2023

Commits on Feb 25, 2023

Commits on Feb 26, 2023

Commits on Mar 1, 2023

Commits on Mar 4, 2023

Commits on Mar 5, 2023

Commits on Mar 6, 2023

Commits on Mar 9, 2023

Commits on Mar 11, 2023

Commits on Mar 13, 2023

Commits on Mar 15, 2023

Commits on Mar 16, 2023

Commits on Mar 25, 2023

Commits on Mar 26, 2023

Commits on Mar 27, 2023

Commits on Mar 29, 2023

Commits on Mar 30, 2023

Commits on Apr 1, 2023

Commits on Apr 2, 2023

Commits on Apr 4, 2023

Commits on Apr 5, 2023

Commits on Apr 7, 2023

Commits on Apr 8, 2023

Commits on Apr 9, 2023

Commits on Apr 10, 2023

Commits on Apr 13, 2023

Commits on Apr 14, 2023

Commits on Apr 15, 2023

Commits on Apr 17, 2023

Commits on Apr 18, 2023

Commits on Apr 23, 2023

Commits on Apr 27, 2023

Commits on Apr 29, 2023

Commits on Apr 30, 2023

Commits on May 1, 2023

Commits on May 4, 2023

Commits on May 8, 2023

Commits on May 10, 2023

Commits on May 11, 2023

Commits on May 19, 2023

Commits on May 28, 2023

Commits on May 29, 2023

Commits on May 30, 2023

Commits on Jun 1, 2023

Commits on Jun 2, 2023

Commits on Jun 5, 2023

Commits on Jun 14, 2023

Commits on Jun 15, 2023

Commits on Jun 17, 2023

Commits on Jun 23, 2023

Commits on Jul 5, 2023

Commits on Jul 7, 2023

Commits on Jul 9, 2023

Commits on Jul 10, 2023

Commits on Jul 11, 2023

Commits on Jul 14, 2023

Commits on Jul 19, 2023

Commits on Jul 20, 2023

Commits on Jul 25, 2023

Commits on Jul 26, 2023

Commits on Jul 29, 2023