Draft
Conversation
This fixes multiple security problems: * [High] CVE-2024-0901 Potential denial of service and out of bounds read. Affects TLS 1.3 on the server side when accepting a connection from a malicious TLS 1.3 client. If using TLS 1.3 on the server side it is recommended to update the version of wolfSSL used. * [Med] CVE-2024-1545 Fault Injection vulnerability in RsaPrivateDecryption function that potentially allows an attacker that has access to the same system with a victims process to perform a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia)." * [Med] Fault injection attack with EdDSA signature operations. This affects ed25519 sign operations where the system could be susceptible to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang, Qingni Shen for the report (Peking University, The University of Western Australia). Size increased a little: wolfssl 5.6.6: 516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk wolfssl: 5.7.0: 519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk (cherry picked from commit f475a44) Link: openwrt#15872 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [04-Jun-2024] * Fixed potential use after free after SSL_free_buffers() is called. [CVE-2024-4741] * Fixed checking excessively long DSA keys or parameters may be very slow. [CVE-2024-4603] * Fixed an issue where some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions. An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service. [CVE-2024-2511] * New atexit configuration switch, which controls whether the OPENSSL_cleanup is registered when libcrypto is unloaded. This can be used on platforms where using atexit() from shared libraries causes crashes on exit Signed-off-by: John Audia <therealgraysky@proton.me> Build system: x86/64 Build-tested: x86/64/AMD Cezanne (cherry picked from commit bac2f1b) Link: openwrt#15873 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently, the build option to enable/disable engine support isn't reflected in the final '/etc/ssl/openssl.cnf' config. It assumes `engines` is always enabled, producing an error whenever running any commands in openssl util or programs that explicitly use settings from '/etc/ssl/openssl.cnf'. ``` ➤ openssl version FATAL: Startup failure (dev note: apps_startup()) for openssl 307D1EA97F000000:error:12800067:lib(37):dlfcn_load:reason(103):crypto/dso/dso_dlfcn.c:118:filename(libengines.so): Error loading shared library libengines.so: No such file or directory 307D1EA97F000000:error:12800067:lib(37):DSO_load:reason(103):crypto/dso/dso_lib.c:152: 307D1EA97F000000:error:0700006E:lib(14):module_load_dso:reason(110):crypto/conf/conf_mod.c:321:module=engines, path=engines 307D1EA97F000000:error:07000071:lib(14):module_run:reason(113):crypto/conf/conf_mod.c:266:module=engines ``` Build should check for the `CONFIG_OPENSSL_ENGINE` option, and comment out `engines` if not explicitly enabled. Example: ``` [openssl_init] providers = provider_sect ``` After this change, openssl util works correctly. ``` ➤ openssl version OpenSSL 3.0.14 4 Jun 2024 (Library: OpenSSL 3.0.14 4 Jun 2024) ``` Signed-off-by: Sean Khan <datapronix@protonmail.com> Link: openwrt#15661 Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 31ec451) Link: openwrt#15873 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cpe:/a:pcre:pcre2 is the correct CPE ID for pcre2: https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:pcre:pcre2 Fixes: c39b064 (pcre2: import pcre2 from packages feed) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> (cherry picked from commit 27d1ebb) Link: openwrt#15881 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cpe:/a:zlib:zlib is the correct CPE ID for zlib: https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:zlib:zlib Fixes: c61a239 (add PKG_CPE_ID ids to package and tools) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> (cherry picked from commit e9ecaad) Link: openwrt#15881 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cpe:/a:westes:flex is the correct CPE ID for flex: https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:westes:flex Fixes: c61a239 (add PKG_CPE_ID ids to package and tools) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> (cherry picked from commit 832460b) Link: openwrt#15881 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cpe:/a:nasm:netwide_assembler is the correct CPE ID for nasm: https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:nasm:netwide_assembler Fixes: bcf02c5 (toolchain: assign PKG_CPE_ID) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> (cherry picked from commit e1ca085) Link: openwrt#15881 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cpe:/a:dropbear_ssh_project:dropbear_ssh is the correct CPE ID for dropbear: https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:dropbear_ssh_project:dropbear_ssh Fixes: c61a239 (add PKG_CPE_ID ids to package and tools) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Link: openwrt#15290 Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 289f811) Link: openwrt#15881 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cpe:/a:json-c:json-c is the correct CPE ID for libjson-c: https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:json-c:json-c Fixes: c61a239 (add PKG_CPE_ID ids to package and tools) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Link: openwrt#15292 Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit a4f723e) Link: openwrt#15881 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cpe:/a:netfilter:iptables is the correct CPE ID for iptables: https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:netfilter:iptables Fixes: c61a239 (add PKG_CPE_ID ids to package and tools) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Link: openwrt#15297 Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 6e5edec) Link: openwrt#15881 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
cpe:/a:selinuxproject:secilc is not a correct CPE ID for secilc: https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:selinuxproject:secilc Fixes: 9ee7c1e (secilc: adds new package) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Link: openwrt#15298 Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 58a5877) Link: openwrt#15881 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
R32 is like the M32 part of the EAGLE PRO AI series from D-Link. Specification: - MT7622BV SoC with 2.4GHz wifi - MT7975AN + MT7915AN for 5GHz - MT7531BE Switch - 512MB RAM - 128 MB flash - 2 LEDs (Status and Internet, both can be either orange or white) - 2 buttons (WPS and Reset) Compared to M32, the R32 has the following differences: - 4 LAN ports instead of 2 - The recory image starts with DLK6E6015001 instaed of DLK6E6010001 - Individual LEDs for power and internet - MAC address is stored at another offset in the ODM partition MAC addresses: - WAN MAC is stored in partition "Odm" at offset 0x81 - LAN (as printed on the device) is WAN MAC + 1 - WLAN MAC (2.4 GHz) is WAN MAC + 2 - WLAN MAC (5GHz) is WAN MAC + 3 Flashing via Recovery Web Interface: - Set your IP address to 192.168.0.10, subnetmask 255.255.255.0 - Press the reset button while powering on the deivce - Keep the reset button pressed until the internet LED blinks fast - Open a Chromium based and goto http://192.168.0.1 - Download openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-a1-squashfs-recovery.bin Flashing via uBoot: - Open the case, connect to the UART console - Set your IP address to 10.10.10.3, subnet mask 255.255.255.0. Connect to one of the LAN interfaces of the router - Run a tftp server which provides openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-initramfs-kernel.bin. - You can rename the file to iverson_uImage (no extension), then you don't have to enter the whole file name in uboot later. - Power on the device and select "1. System Load Linux to SDRAM via TFTP." in the boot menu - Enter image file, tftp server IP and device IP (if they differ from the default). - TFTP download to RAM will start. After a few seconds OpenWrt initramfs should start - The initramfs is accessible via 192.168.1.1, change your IP address accordingly (or use multiple IP addresses on your interface) - Create a backup of the Kernel1 partition, this file is required if a revert to stock should be done later - Perform a sysupgrade using openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-squashfs-sysupgrade.bin - Reboot the device. OpenWrt should start from flash now Revert back to stock using the Recovery Web Interface: - Set your IP address to 192.168.0.10, subnetmask 255.255.255.0 - Press the reset button while powering on the deivce - Keep the reset button pressed until the internet LED blinks fast - Open a Chromium based and goto http://192.168.0.1 - Flash a decrypted firmware image from D-Link. Decrypting an firmware image is described below. Decrypting a D-Link firmware image: - Download https://github.com/RolandoMagico/firmware-utils/blob/M32/src/m32-firmware-util.c - Compile a binary from the downloaded file, e.g. gcc m32-firmware-util.c -lcrypto -o m32-firmware-util - Run ./m32-firmware-util R32 --DecryptFactoryImage <OriginalFirmware> <OutputFile> - Example for firmware R32A1_FW103B01: ./m32-firmware-util R32 --DecryptFactoryImage R32A1_FW103B01.bin R32A1_FW103B01.decrypted.bin Revert back to stock using uBoot: - Open the case, connect to the UART console - Set your IP address to 10.10.10.3, subnet mask 255.255.255.0. Connect to one of the LAN interfaces of the router - Run a tftp server which provides the previously created backup of the Kernel1 partition. - You can rename the file to iverson_uImage (no extension), then you don't have to enter the whole file name in uboot later. - Power on the device and select "2. System Load Linux Kernel then write to Flash via TFTP." in the boot menu - Enter image file, tftp server IP and device IP (if they differ from the default). - TFTP download to FLASH will start. After a few seconds the stock firmware should start again There is also an image openwrt-mediatek-mt7622-dlink_eagle-pro-ai-r32-a1-squashfs-tftp.bin which can directly be flashed via U-Boot and TFTP. It can be used if no backup of the Kernel1 partition is reuqired. Flahsing via OEM web interface is currently not possible, the OEM images are encrypted. Creating images is only possible manually at the moment. The support for the M32/R32 already includes support for flashing from the OEM web interface: - The device tree contains both partitions (Kernel1 and Kernel2) with conditions to select the correct one based on the kernel command line - The U-Boot variable "boot_part" is set accordingly during startup to finish the partition swap after flashing from the OEM web interface - OpenWrt sysupgrade flashing always uses the partition where it was initially flashed to (no partition swap) Signed-off-by: Roland Reinl <reinlroland+github@gmail.com> (cherry picked from commit fdb87a9) Link: openwrt#15776 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Support for Renesas Arm families was added in commit 1ff4f4d ("armsr: armv8: enable CONFIG_ARCH_RENESAS"), but this did not enable the console/tty hardware for these SoCs, which is derived from the SuperH family (CONFIG_SERIAL_SH_SCI). Link: openwrt#15284 Signed-off-by: Mathew McBride <matt@traverse.com.au> (cherry picked from commit 683355d) Link: openwrt#15808 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Ethernet module enable for Renesas RZ platform inittab fix for ttySC0 Fixes: openwrt#15284 Signed-off-by: John Vincent <john.vincent.xa@bp.renesas.com> (cherry picked from commit 531b3f6) Link: openwrt#15808 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This was discovered when trying to run OpenWrt on Hetzner Cloud's
Arm-based instances.
Hetzner uses QEMU/KVM with virtio-gpu as the main display device,
together with an ACPI firmware. This was not displaying a console
previously.
This setup can be emulated by qemu using options below:
qemu-system-aarch64 \
-machine virt \
-bios QEMU_EFI.fd \
-device virtio-gpu \
-usb \
-device qemu-xhci,id=xhci \
-device usb-tablet,bus=xhci.0 \
-device usb-kbd,bus=xhci.0 \
-vnc :0
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit ea7383e)
Link: openwrt#15808
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds two more common PHY brands to the image. Realtek is used on the Google Coral "Phanbell" board (i.MX8MQ). SMSC has been used on various Raspberry Pi boards. Signed-off-by: Mathew McBride <matt@traverse.com.au> (cherry picked from commit bcbdde0) Link: openwrt#15808 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Now kernel configs of armv6k CPUs don't include CONFIG_CPU_V6. So armv6k CPUs cannot be detected as arm_v6. Fix this by adding detection for CONFIG_CPU_V6K. Signed-off-by: Lu jicong <jiconglu58@gmail.com> Link: openwrt#15855 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit d55083f)
Update the nl80211.h file in iw with the version from backports. The files were out of sync already before the mac80211 update. If iw set the NL80211_ATTR_WIPHY_ANTENNA_GAIN attribute the kernel assumed it set the NL80211_ATTR_PUNCT_BITMAP attribute because the id was the same. Link: openwrt#15827 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This updates mac80211 to version 6.1.97-1. This code is based on Linux 6.1.97 and contains all fixes included in the upstream wireless subsystem from that kernel version. This includes many bugfixes and also some security fixes. The removed patches are already integrated in upstream Linux 6.1.97 or in backports. The following patches were integrated in upstream Linux: ath11k/0013-wifi-ath11k-synchronize-ath11k_mac_he_gi_to_nl80211_.patch ath11k/0035-wifi-ath11k-Use-platform_get_irq-to-get-the-interrup.patch ath11k/0036-wifi-ath11k-fix-SAC-bug-on-peer-addition-with-sta-ba.patch ath11k/0047-wifi-ath11k-fix-deinitialization-of-firmware-resourc.patch ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch ath11k/0060-wifi-ath11k-Ignore-frags-from-uninitialized-peer-in-.patch ath11k/0065-wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch ath11k/0067-wifi-ath11k-Fix-SKB-corruption-in-REO-destination-ri.patch ath11k/0069-wifi-ath11k-fix-registration-of-6Ghz-only-phy-withou.patch ath11k/0080-wifi-ath11k-add-support-default-regdb-while-searchin.patch ath11k/0085-wifi-ath11k-fix-memory-leak-in-WMI-firmware-stats.patch ath11k/0086-wifi-ath11k-Add-missing-check-for-ioremap.patch ath11k/0096-wifi-ath11k-fix-boot-failure-with-one-MSI-vector.patch subsys/337-wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch The following patches were integrated in upstream backports: ath11k/901-wifi-ath11k-pci-fix-compilation-in-5.16-and-older.patch build/080-resv_start_op.patch build/110-backport_napi_build_skb.patch The following files are missing in backports, we do not have to remove them any more. Some were already missing before some were removed in this update: include/linux/cordic.h include/linux/crc8.h include/linux/eeprom_93cx6.h include/linux/wl12xx.h include/net/ieee80211.h backport-include/linux/bcm47xx_nvram.h include/linux/ath9k_platform.h include/net/bluetooth/ backports ships a dummy Mediatek wed header for older kernel versions. We backported the feature in our kernel, remove the dummy header: backport-include/linux/soc/mediatek/mtk_wed.h Remove header files for subsystems used form the mainline kernel: include/trace/events/qrtr.h include/net/rsi_91x.h backport-include/linux/platform_data/brcmnand.h Link: openwrt#15827 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The PKG_MIRROR_HASH was updated to a wrong version. Fixes: f64576f ("mt76: update to Git HEAD (2024-04-03)") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hardware: - SoC: MediaTek MT7628AN (MIPS 580MHz) - Flash: 16 MiB XMC 25QH128CH10 - RAM: 128 MiB ESMT M14D1G1664A - WLAN: 2.4 GHz (MT7628), 5 GHz (MT7613BEN 802.11ac) - Ethernet: 1x 10/100 Mbps WAN, 1x 10/100 LAN (MT7628) - USB 2.0 port - Buttons: 1 Reset button, 1 slider button - LEDs: 1x Red, 1x White - Serial console: unpopulated header, 115200 8n1 - Power: 5 VDC, 2 A MAC addresses: +---------+-------------------+-----------+ | | MAC | Algorithm | +---------+-------------------+-----------+ | WAN | 80:af:ca:xx:xx:x0 | label | | LAN | 80:af:ca:xx:xx:x0 | label | | WLAN 2g | 80:af:ca:xx:xx:x0 | label | | WLAN 5g | 80:af:ca:xx:xx:x2 | label+2 | +---------+-------------------+-----------+ Installation: The installation must be done via TFTP by disassembling the router. On other occasions Cudy has distributed intermediate firmware to make installation easier, and so I recommend checking the Wiki for this device if there is a more convenient solution than the one below. To install using TFTP: 1. Upgrade to a beta firmware (signed by Cudy) that can be downloaded from the wiki. This is required in order to use an unlocked u-boot. 2. Connect to UART. 3. While the router is turning on, press 1. 4. Connect to LAN and set your IP to 192.168.1.88/24. Configure a TFTP server and an OpenWrt initramfs-kernel.bin firmware file as recovery.bin. 5. Press Enter three times. Verify the filename. 6. If you can reach LuCI or SSH now, just use the sysupgrade image with the 'Keep settings' option turned off. If you don't want to use the beta firmware nor the unlocked u-boot, you can install the firmware writing the sysupgrade image on the firmware partition of the SPI flash. Signed-off-by: Luis Mita <luis@luismita.com> (cherry picked from commit f1091ef) Link: openwrt#15875 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Cudy assigns hardware versions to its devices on its website, and the Cudy TR1200 router is now Cudy TR1200 v1. OpenWrt currently uses both variants, and this commit removes inconsistencies using only the new name. Signed-off-by: Luis Mita <luis@luismita.com> (cherry picked from commit d780d53) Link: openwrt#15875 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The vendor U-Boot has enabled signature verification, so add a custom U-Boot build for OpenWrt. Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> (cherry picked from commit 6fa4fbb)
Hardware specification: SoC: MediaTek MT7986A 4x A53 Flash: 128GB eMMC RAM: 1GB DDR4 Ethernet: 4x 1GbE, 1x 2.5GbE (RTL8221B) Switch: MediaTek MT7531AE WiFi: MediaTek MT7976C Button: Reset, Joylink Power: DC 12V 2A Flash instructions: 1. Download and flash the vendor migration firmware via webUI: https://firmware.download.immortalwrt.eu.org/cnsztl/mediatek/filogic/openwrt-mediatek-mt7986-jdcloud_re-cp-03-vendor-migration.bin (Default address is 192.168.68.1, user root, no password) 2. After device has booted up, write new GPT table: dd if=openwrt-mediatek-filogic-jdcloud_re-cp-03-gpt.bin of=/dev/mmcblk0 bs=512 seek=0 count=34 conv=fsync 3. Erase and write new BL2: echo 0 > /sys/block/mmcblk0boot0/force_ro dd if=/dev/zero of=/dev/mmcblk0boot0 bs=512 count=8192 conv=fsync dd if=openwrt-mediatek-filogic-jdcloud_re-cp-03-preloader.bin of=/dev/mmcblk0boot0 bs=512 conv=fsync 4. Erase and write new FIP: dd if=/dev/zero of=/dev/mmcblk0 bs=512 seek=13312 count=8192 conv=fsync dd if=openwrt-mediatek-filogic-jdcloud_re-cp-03-bl31-uboot.fip of=/dev/mmcblk0 bs=512 seek=13312 conv=fsync 5. Set static IP on your PC: IP 192.168.1.254/24, GW 192.168.1.1 6. Serve OpenWrt initramfs image using TFTP server. 7. Cut off the power and re-engage, wait for TFTP recovery to complete. 8. After OpenWrt has booted, perform sysupgrade. 9. Additionally, if you want to have eMMC recovery boot feature: (Don't worry! You will always have TFTP recovery boot feature.) dd if=openwrt-mediatek-filogic-jdcloud_re-cp-03-initramfs-recovery.itb of=/dev/mmcblk0p4 bs=512 conv=fsync Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> (cherry picked from commit c0c3234)
The vendor uboot requires special fit verification. So add a custom uboot build for this device. Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn> (cherry picked from commit 0170666)
Hardware specification:
SoC: MediaTek MT7986A 4x A53
Flash: ESMT F50L1G41LB 128MB
RAM: W632GU6NB DDR3 256MB
Ethernet: 1x 2.5G + 4x 1G
WiFi1: MT7975N 2.4GHz 4T4R
WiFi2: MT7975PN 5GHz 4T4R
Button: Reset, WPS
Power: DC 12V 2A
Flash instructions:
1. Connect to the router using ssh or telnet,
username: useradmin, password is the web
login password of the router.
2. Use scp to upload bl31-uboot.fip and flash:
"mtd write xxx-preloader.bin spi0.0"
"mtd write xxx-bl31-uboot.fip FIP"
"mtd erase ubi"
3. Connect to the router via the Lan port,
set a static ip of your PC.
(ip 192.168.1.254, gateway 192.168.1.1)
4. Download initramfs image, reboot router,
waiting for tftp recovery to complete.
5. After openwrt boots up, perform sysupgrade.
Note:
1. Back up all mtd partitions before flashing.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 4ae474a)
Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 36f7ece)
This fixes WARN_ONs when using AP_VLANs after station removal. The flush call passed AP_VLAN vif to driver, but because these vifs are virtual and not registered with drivers, we need to translate to the correct AP vif first. Fixes: openwrt#12420 Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com> [Rename to 360-wifi-mac80211-do-not-pass-ap_vlan-vif-pointer-to-dri.patch] (cherry picked from commit 3e73878) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fix length in ethernet header Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 8f7be2a) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Without this configuration it is not possible to run the radio using HE160 on channels 149-177. Fixes: openwrt#14906 Signed-off-by: Paweł Owoc <frut3k7@gmail.com> (cherry picked from commit a91b79f) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Recent changes to BuildBot config moved the kmods to a dedicated directory and dropped them from the packages dir. This was needed as both OPKG and APK gets confused if both entry are present. To fix this, unconditionally append the kmod feed line if CONFIG_BUILDBOT is enabled. Fixes: openwrt#17146 Link: openwrt#17151 (cherry picked from commit 53ee2e8) [ fix conflict error for missing APK support ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Set the physical switch to KEY_RFKILL, since its previous value (KEY_SETUP) is unsupported. This should also make the KEY_RESET button functional, by allowing the gpio-button-hotplug kmod to load. Signed-off-by: Chris Jones <cmsj@tenshu.net> Link: openwrt#16564 Signed-off-by: Mieczyslaw Nalewaj <namiltd@yahoo.com> (cherry picked from commit 83a04cd) Link: openwrt#17228 Signed-off-by: Robert Marko <robimarko@gmail.com>
The kernel logs the error "bcm6368_nand 10000200.nand: there is not valid maps for state default" on boot and all nand pins show as UNCLAIMED in sysfs pinmux-pins. bcm6362.dtsi, bcm6368.dtsi and bcm63268.dtsi use the undocumented property group which the driver doesn't understand. This has been documented upstream in commit caf963efd4b0b9ff42ca12e52b8efe277264d35b. Replacing group with pins allows the nand pins to be properly configured. Signed-off-by: Kyle Hendry <kylehendrydev@gmail.com> [add bcm636/bcm6368 and fix commit title] Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry picked from commit d1e9c50)
The Sophos AP15C uses the same hardware as the AP15, but has a reset button. Based on: commit 6f1efb2 ("ath79: add support for Sophos AP100/AP55 family") author Andrew Powers-Holmes <andrew@omnom.net> Fri, 3 Sep 2021 15:53:57 +0200 (23:53 +1000) committer Hauke Mehrtens <hauke@hauke-m.de> Sat, 16 Apr 2022 16:59:29 +0200 (16:59 +0200) Unique to AP15C: - Reset button - External RJ45 serial console port Flashing instructions: This firmware can be flashed either via a compatible Sophos SG or XG firewall appliance, which does not require disassembling the device, or via the U-Boot console available on the internal UART header. To flash via XG appliance: - Register on Sophos' website for a no-cost Home Use XG firewall license - Download and install the XG software on a compatible PC or virtual machine, complete initial appliance setup, and enable SSH console access - Connect the target AP device to the XG appliance's LAN interface - Approve the AP from the XG Web UI and wait until it shows as Active (this can take 3-5 minutes) - Connect to the XG appliance over SSH and access the Advanced Console (Menu option 5, then menu option 3) - Run `sudo awetool` and select the menu option to connect to an AP via SSH. When prompted to enable SSH on the target AP, select Yes. - Wait 2-3 minutes, then select the AP from the awetool menu again. This will connect you to a root shell on the target AP. - Copy the firmware to /tmp/openwrt.bin on the target AP via SCP/TFTP/etc - Run `mtd -r write /tmp/openwrt.bin astaro_image` - When complete, the access point will reboot to OpenWRT. To flash via U-Boot serial console: - Configure a TFTP server on your PC, and set IP address 192.168.99.8 with netmask 255.255.255.0 - Copy the firmware .bin to the TFTP server and rename to 'uImage_AP15C' - Open the target AP's enclosure and locate the 4-pin 3.3V UART header [4] - Connect the AP ethernet to your PC's ethernet port - Connect a terminal to the UART at 115200 8/N/1 as usual - Power on the AP and press a key to cancel autoboot when prompted - Run the following commands at the U-Boot console: - `tftpboot` - `cp.b $fileaddr 0x9f070000 $filesize` - `boot` - The access point will boot to OpenWRT. Signed-off-by: David Lutz <kpanic@hirnduenger.de>
This patch is needed on bmips since it fixes issues with GPIOs not being properly configured due to gpio_request_enable not being called on bcm63xx devices. Therefore we can now drop the bcm63268 gpio function patch. Backported from f5b1d34 with the exception of the realtek and bmips patches removal. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry picked from commit f5b1d34)
This patch has been accepted for linux v6.14 so we can move it from pending to backport. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry picked from commit 2f2e21a)
Supported devices are listed in the metadata as the first part of the DTS compatible. This normally follows the format "vendor,device". When updating the device name of the 180W 1920-8G PoE an underscore was used, instead of a comma, to join the vendor and device name. This will lead to warnings for users wanting to sysupgrade a device with an older compatible, as the device's info does not match the one the metadata. Fixes: 987c96e ("realtek: rename hpe,1920-8g-poe to match hardware") Signed-off-by: Sander Vanheule <sander@svanheule.net> (cherry picked from commit 6a7fa68)
Fixes the following DT warnings: ../dts/bcm63168-sercomm-shg2500.dts:76.4-14: Warning (reg_format): /ubus/spi@10001000/led-controller@1/led@1:reg: property has invalid length (4 bytes) (#address-cells == 2, #size-cells == 1) ../dts/bcm63168-sercomm-shg2500.dts:75.9-78.5: Warning (avoid_default_addr_size): /ubus/spi@10001000/led-controller@1/led@1: Relying on default #address-cells value ../dts/bcm63168-sercomm-shg2500.dts:75.9-78.5: Warning (avoid_default_addr_size): /ubus/spi@10001000/led-controller@1/led@1: Relying on default #size-cells value Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry picked from commit fbe0bd5)
A commit which made their way into Linux stable down to 5.15 broke the SATA support on the BPi-R64. Fix this by importing a (still pending) patch re-adding the 'syscon' compatible to the pciesys clock-controller which also contains phy-mode bits referenced by the ahci_mtk driver expecting to access them using syscon_regmap_lookup_by_phandle(). Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 69890e1)
Changelog: openwrt/rtl8168@8.054.00...8.055.00 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry picked from commit 5dd7636)
Changelog: openwrt/rtl8125@9.014.01...9.015.00 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry picked from commit a8dea56)
Changelog: openwrt/rtl8126@10.014.01...10.015.00 Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry picked from commit 3d3328b)
When a feed is referenced with a specific commit (i.e. <git_url>^<sha1>), a full clone was performed and a branch was created from the sha1 and named with the sha1. Other git clones operations are shallowed. As Git does not support clone at a specific commit, let's first perform a shallow clone to latest commit, then fetch the relevant commit and finally checkout it (no more 'pseudo' branch). It saves bandwith and significantly speeds up the feed update process. Signed-off-by: Cedric CHEDALEUX <cedric.chedaleux@orange.com> Link: openwrt#18003 Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 32d0a57) Link: openwrt#18168 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
When a feed has submodules, all its submodules are fully cloned whereas the feed itself is shallowed. Let's be consistent and perform shallow clones as well for the submodules. Signed-off-by: Cedric CHEDALEUX <cedric.chedaleux@orange.com> Link: openwrt#18003 Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 9ec32cf) Link: openwrt#18168 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Quoting the kconfig description for CONFIG_PCPU_DEV_REFCNT: network device refcount are using per cpu variables if this option is set. This can be forced to N to detect underflows (with a performance drop). This was introduced from kernel 5.13 and was wrongly set as disabled. Some target actually enables it but this should be always enabled unless refcount needs to be debugged (unlikely for production images) Enable in generic and drop the entry in every other target. Link: openwrt#18174 Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit ea6f3e4) [ adapt for kernel 5.15 ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
where csv = comma separated value(s) Make the function more generic. Can use it for not only 'config'. Now it can be used to parse interfaces for additional lldpd settings, e.g. custom-tlv. Tested on: 22.03.6 Signed-off-by: Paul Donald <newtwen+github@gmail.com> Link: openwrt#14872 (cherry picked from commit a015f59) Link: openwrt#18344 Signed-off-by: Robert Marko <robimarko@gmail.com>
Do not verify the format of TLV. Leave that to lldpd. These lldpd config entries: config custom-tlv list ports 'eth0' option tlv 'replace oui 33,44,55 subtype 254 oui-info 55,55,55,55,55' config custom-tlv option tlv 'oui 33,44,44 subtype 232' list ports 'br-lan' list ports 'eth0' config custom-tlv # oui-info truncated option tlv 'add oui 33,44,33 subtype 66 oui-info 5555555555' config custom-tlv option tlv 'add oui 33,44,31 subtype 44' config custom-tlv # invalid oui option tlv 'add oui 3322 subtype 79' config custom-tlv # invalid oui option tlv 'oui 3312 subtype 74' Produce the following lldpd.conf content: configure ports eth0 lldp custom-tlv replace oui 33,44,55 subtype 254 oui-info 55,55,55,55,55 configure ports br-lan,eth0 lldp custom-tlv oui 33,44,44 subtype 232 configure lldp custom-tlv add oui 33,44,33 subtype 66 oui-info 5555555555 configure lldp custom-tlv add oui 33,44,31 subtype 44 configure lldp custom-tlv add oui 3322 subtype 79 configure lldp custom-tlv oui 3312 subtype 74 And lldpd (v1.0.13 on v22) logs the following: Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op replace oui 33:44:55 subtype fe Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:44 subtype e8 Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42 Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42 Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3322' Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3312' Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: lldpd should resume operations ( The last two TLV are invalid: their oui must be three hex bytes, comma separated. Only the first hex byte of oui-info 5555555555 is used ) Depends on openwrt#14867 and its release version bump Tested on: 22.03.6 Signed-off-by: Paul Donald <newtwen+github@gmail.com> Link: openwrt#14872 (cherry picked from commit 8d1fe32) Link: openwrt#18344 Signed-off-by: Robert Marko <robimarko@gmail.com>
Fix compilation error for old stable version caused by genlmsg_multicast_allns backport fix pushed middle version. Version 5.15 version 0-169, 6.1 version 0-115, 6.6 version 0-58 have the old genlmsg_multicast_allns version with flags variable. Compiling backport project with these version result in a compilation error. To handle this, introduce a backport function for the affected kernel version. Link: openwrt#18373 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 4039388)
Release Notes: https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.6 Changelog (taken from the release notes): - Regressions - parser: Fix detection of duplicate attributes in XML namespace - xmlreader: Fix xmlTextReaderConstEncoding - html: Fix htmlCreatePushParserCtxt with encoding - xmllint: Return error code if XPath returns empty nodeset Compile-tested: x86_x64, Q35 VM, OpenWRT SNAPSHOT r26135-a8bfdf2ed4d9 Run-tested: x86_x64, Q35 VM, OpenWRT SNAPSHOT r26135-a8bfdf2ed4d9 Signed-off-by: Pascal Ernster <git@hardfalcon.net> Link: openwrt#18280 Signed-off-by: Robert Marko <robimarko@gmail.com>
Release Notes: https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.7 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.8 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.9 This fixes: CVE-2024-34459: Fix buffer overread with xmllint --htmlout CVE-2024-40896: Fix XXE protection in downstream code Link: openwrt#16593 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Link: openwrt#18280 Signed-off-by: Robert Marko <robimarko@gmail.com>
Release Notes: https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.0 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.1 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.2 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.3 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.4 Small size reduction: 415095 bin/packages/mips_24kc-old/base/libxml2_2.12.6-r1_mips_24kc.ipk 87175 bin/packages/mips_24kc-old/base/libxml2-dev_2.12.6-r1_mips_24kc.ipk 20190 bin/packages/mips_24kc-old/base/libxml2-utils_2.12.6-r1_mips_24kc.ipk 398070 bin/packages/mips_24kc-new/base/libxml2_2.13.4-r1_mips_24kc.ipk 86760 bin/packages/mips_24kc-new/base/libxml2-dev_2.13.4-r1_mips_24kc.ipk 19479 bin/packages/mips_24kc-new/base/libxml2-utils_2.13.4-r1_mips_24kc.ipk Link: openwrt#16593 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Link: openwrt#18280 Signed-off-by: Robert Marko <robimarko@gmail.com>
Release Notes: https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.5 https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6 Fixes: CVE-2025-24928 CVE-2024-56171 Link: openwrt#18194 Signed-off-by: Nick Hainke <vincent@systemli.org> Link: openwrt#18280 Signed-off-by: Robert Marko <robimarko@gmail.com>
…not install any software
Get official fingerprint here:
-> https://downloads.openwrt.org/releases/23.05.5/targets/mvebu/cortexa72/kmods/
-> 5.15.167-1-929d60da47a7932cac2a52ce60a4eee0
-> fingerprint is: 929d60da47a7932cac2a52ce60a4eee0
2. Added: system install script for factroy installtion for cx102s
Usage: cp cx102s_config.buildinfo .config && make defconfig
sudolee
pushed a commit
to sudolee/openwrt
that referenced
this pull request
Apr 10, 2025
It looks like VRX518 returns phys addr of data buffer in the 'data_ptr' field of the RX descriptor and an actual data offset within the buffer in the 'byte_off' field. In order to map the phys address back to virtual we need the original phys address of the allocated buffer. In the same driver applies offset to phys address before the mapping, what leads to WARN_ON triggering in plat_mem_virt() function with subsequent kernel panic: WARNING: CPU: 0 PID: 0 at .../sw_plat.c:764 0xbf306cd0 [vrx518_tc@8af9f5d0+0x25000] ... Unable to handle kernel NULL pointer dereference at virtual address 00000000 pgd = aff5701e [00000000] *pgd=00000000 Internal error: Oops: 5 [asterfusion#1] SMP ARM Noticed in ATM mode, when chip always returns byte_off = 4. In order to fix the issue, pass the phys address to plat_mem_virt() as is and apply byte_off later for proper DMA syncing and on mapped virtual address when copying RXed data into the skb. Run tested with FRITZ!Box 7530 on both ADSL and VDSL (thanks Jan) links. Fixes: 474bbe2 ("kernel: add Intel/Lantiq VRX518 TC driver") Tested-by: Jan Hoffmann <jan@3e8.eu> # VDSL link Reported-and-tested-by: nebibigon93@yandex.ru # ADSL link Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com> Link: https://patchwork.ozlabs.org/project/openwrt/patch/20250122222654.21833-2-ryazanov.s.a@gmail.com/ Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 7bd5796)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
It is recommended to create a new branch of cx102s. This merge of 5 commits supports CX102S:
Solved the problem of being unable to install software packages from the official due to different kernel fingerprints, and is actually fully compatible with official software;
Added a one-click installation script for cx102s;
Added the config file corresponding to cx102s;
Optimized some network-related parameters in the kernel and enabled the L3 dev feature.