aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* mac80211: backport minstrel_ht fix for legacy ratesFelix Fietkau2022-04-121-0/+61
| | | | | | | Fixes OFDM rates on 5 GHz Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 5d5afd51772c9a992cb6bb9e0a9dce6feaa3fdef)
* musl-fts: add host buildRosen Penev2022-04-111-0/+2
| | | | | | | This will be used for libselinux. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 1fb099341e5879a8c5247020e5056676ba2f0745)
* nftables: add CONFLICT between versionsEneas U de Queiroz2022-04-111-1/+2
| | | | | | | Have nftables-json conflict with nftables-nojson. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 1135b75d1fd26049a0644b304b7199e4a73c6a08)
* mac80211: Update to version 5.15.33-1Hauke Mehrtens2022-04-1133-439/+85
| | | | | | | | | | | | | | | This updates mac80211 to version 5.15.33-1 which is based on kernel 5.15.33. The removed patches were applied upstream. This new release contains many fixes which were merged into the upstream Linux kernel. This also contains the following new drivers which are needed for ath11k: * net/qrtr/ * drivers/bus/mhi/ Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 3aa96efa24c13c6e0aafa5ad826f3f95a3bd74f9)
* wolfssl: bump to 5.2.0Eneas U de Queiroz2022-04-114-9/+7
| | | | | | | | | | | | | | | | | Fixes two high-severity vulnerabilities: - CVE-2022-25640: A TLS v1.3 server who requires mutual authentication can be bypassed. If a malicious client does not send the certificate_verify message a client can connect without presenting a certificate even if the server requires one. - CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS v1.3 server can have its certificate heck bypassed. If the sig_algo in the certificate_verify message is different than the certificate message checking may be bypassed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit e89f3e85eb1c1d81294e5d430a91b0ba625e2ec0)
* arm-trusted-firmware-mediatek: remove no longer needed Configure stepDaniel Golle2022-04-101-4/+0
| | | | | | | | | As anyway only the default is called now we can as well also just remove the override for Build/Configure. Fixes: e2cffbb805 ("arm-trusted-firmware-mediatek: update to 2021-03-10") Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit dffad93d3e34275b87d97724e64447d8bde537ff)
* dropbear: bump to 2022.82Konstantin Demin2022-04-109-66/+90
| | | | | | | | | | | | | | | | | | | | | | | - update dropbear to latest stable 2022.82; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES - use $(AUTORELEASE) in PKG_RELEASE - use https for all uris - refresh all patches - rewrite patches: - 100-pubkey_path.patch - 130-ssh_ignore_x_args.patch binary/pkg size changes: - ath79/generic, mips: - binary: 215112 -> 219228 (+4116) - pkg: 111914 -> 113404 (+1490) - ath79/tiny, mips: - binary: 172501 -> 172485 (-16) - pkg: 89871 -> 90904 (+1033) Tested-by: Stijn Segers <foss@volatilesystems.org> Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit 65256aee23a5104eb0c78411fdc73640c0b757ea)
* libmnl: update to 1.0.5Nick Hainke2022-04-101-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: Duncan Roe (5): nlmsg: Fix a missing doxygen section trailer build: doc: "make" builds & installs a full set of man pages build: doc: get rid of the need for manual updating of Makefile build: If doxygen is not available, be sure to report "doxygen: no" to ./configure src: doc: Fix messed-up Netlink message batch diagram Fernando Fernandez Mancera (1): src: fix doxygen function documentation Florian Westphal (1): libmnl: zero attribute padding Guillaume Nault (1): callback: mark cb_ctl_array 'const' in mnl_cb_run2() Kylie McClain (1): examples: nfct-daemon: Fix test building on musl libc Laura Garcia Liebana (4): examples: add arp cache dump example examples: fix neigh max attributes examples: fix print line format examples: reduce LOCs during neigh attributes validation Pablo Neira Ayuso (3): doxygen: remove EXPORT_SYMBOL from the output include: add MNL_SOCKET_DUMP_SIZE definition build: libmnl 1.0.5 release Petr Vorel (1): examples: Add rtnl-addr-add.c Stephen Hemminger (1): examples: rtnl-addr-dump: fix typo igo95862 (1): doxygen: Fixed link to the git source tree on the website. Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry picked from commit c3b738933981de601389794152534628b04555dc)
* libnfnetlink: update to 1.0.2Nick Hainke2022-04-102-23/+3
| | | | | | | | | | | | | | | | | | | | | | | | Changes: c63f193 bump version to 1.0.2 3cffa84 libnfnetlink: Check getsockname() return code 90ba679 include: Silence gcc warning in linux_list.h bb4f6c8 Make it clear that this library is deprecated e46569c Minimally resurrect doxygen documentation 5087de4 libnfnetlink: hide private symbols 62ca426 autogen: don't convert __u16 to u_int16_t efa1d8e src: Use stdint types everywhere 7a1a07c include: Sync with kernel headers 7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings 94b68f3 configure: uclinux is also linux 617fe82 src: get source code license header in sync with current licensing terms 97a3960 build: resolve automake-1.12 warnings Removed the patch 100-missing_include.patch, libnfnetlink compiles fine with musl without this patch. Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry picked from commit aecf088b3792d556c717510304729fa542ceb770)
* gpio-button-hotplug: fix data raceAndrey Erokhin2022-04-101-1/+1
| | | | | | | | bh_event_add_var can be called by multiple threads concurrently, so it shall not use a static char buffer Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com> (cherry picked from commit 1e991e09b73c309321d21b9cb706bd5139d952d2)
* libselinux: add missing host-build dependency on libsepol/hostDaniel Golle2022-04-101-1/+1
| | | | | | | | | The host-build of libselinux requires libsepol/host. Add the libsepol/host to HOST_BUILD_DEPENDS to allow build on hosts which don't have libsepol installed. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 0d3850dc5af4896ab3679dc4d8ef9a664e5e705f)
* dnsmasq: add procd interface index trackingValentyn Datsko2022-04-101-0/+5
| | | | | | | | | | | | | | Problem exist when dnsmasq is exclusively bind to particular interface. After reconfiguring or restarting this interface, its index changes, but dnsmasq uses the old one. When this problem occurs, dnsmasq does not listen on the correct interface so DHCP does not work, and clients do not get an IP address. Procd netdev param can be added to restart dnsmasq when the interface index is changed. Signed-off-by: Valentyn Datsko <valikk.d@gmail.com> [combined into a single &&-connected statement] Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 76f55e3c3f32dea63a385e9b3c8eaed1322089c7)
* libselinux: use musl-fts for host buildsRosen Penev2022-04-101-2/+5
| | | | | | | | | Fixes compilation under musl based distros like Alpine Linux. Also add pcre/host as a build dependency as it's needed. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit abb2683de36ffe7b29a1b6ea5a8d7edf73719152)
* toolchain: reproducible libstdcppPaul Spooren2022-04-061-1/+2
| | | | | | | | A Python script containing an unreproducible path is copied by default. Remove it before generating the package. Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit 950bd40a275d1a834c95d8f9830e1bfed4737a82)
* grub2: add missing licensePaul Spooren2022-04-051-1/+3
| | | | | | | | The PKG_LICENSE field was missing. While at it, normalize the Makefile a bit. Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit 839b1ff1fc0d6bcd74131a78fb9286df7f3b7b97)
* kernel: load device-mapper early on bootDaniel Golle2022-04-051-1/+1
| | | | | | | | | | Previously commit openwrt/packages@3abb7cb ("lvm2: Added script and updated Makefile[...]") couldn't actually work and allow rootfs_data to be stored on a LVM2 as the necessary kernel modules had not been loaded at this point. Fix this by loading device-mapper modules early at boot. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 82f9ad6ab21ca4925278429a3e1b31d26c306d9f)
* kernel: modules: drop 'AddDepends/bluetooth' callsPiotr Dymacz2022-04-051-2/+0
| | | | | | | Function 'AddDepends/bluetooth' doesn't exist in our codebase. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com> (cherry picked from commit 173198e35a898ff7ec97749247f75cd82fa3c3ab)
* busybox: Fix snprintf arguments in lockHauke Mehrtens2022-04-051-1/+1
| | | | | | | | | | The first argument for snprintf is the buffer and the 2. one is the size. Fix the order. This broke the lock application. Fixes: 9d2b26d5a705 ("busybox: fix busybox lock applet pidstr buffer overflow") Reported-by: Hartmut Birr <e9hack@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit d80336e1a970b088c235dcf2773052537e6f5d72)
* busybox: fix busybox lock applet pidstr buffer overflowQichao Zhang2022-04-051-3/+3
| | | | | | | | | | | Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7 digits) which will cause buffer overflow in busbox lock patch, this often happens when running in a rootfs container environment. This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer for pid number and an additional char '\n'. Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com> (cherry picked from commit 34567750db2c3a84fc9f971189c223e2eefd93b0)
* pcre: disable shared libraries for host buildsRosen Penev2022-04-051-0/+1
| | | | | | | | | Getting rid of shared libraries for hostpkg avoids having to use rpath hacks to find the library. It also fixes compilation with host glib2 binaries. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit f8571749a77ea23b418c84692220083858c1df79)
* musl-fts: remove shared libraries from hostRosen Penev2022-04-051-0/+1
| | | | | | | | | Avoids having to add rpath to the various packages using it. Also add PIC to fix compilation as static libraries do not use PIC by default. Fixes: 1fb099341e58 ("musl-fts: add host build") Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 8a75ed4ba07b9d64ae547ce36873e51ba54f0eaf)
* gettext-full: add gmsgfmt symlink in host installStijn Tintel2022-04-051-0/+5
| | | | | | | | | | | | | | | Some configure scripts look for msgfmt and gmsgfmt. As we don't install the latter, configure might pick up one from staging_dir/hostpkg, and the other from the host: checking for msgfmt... /home/stijn/Development/OpenWrt/openwrt/staging_dir/hostpkg/bin/msgfmt checking for gmsgfmt... /usr/bin/gmsgfmt This could potentially lead to hard to debug undefined behaviour. Install a symlink in the host install phase to avoid this. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 636cb00ecc8d693c36e48952f6d154f91e0e569e)
* uboot-mvebu: backport patch to fix eMMCRobert Marko2022-04-051-0/+64
| | | | | | | | | | | v2022.01 has a regression that broke eMMC usage on most if not all Armada SoC-s, thus breaking boards like uDPU which use eMMC for storage. Fix it by backporting a recent upstream patch. Fixes: 782d4c8306c8 ("uboot-mvebu: update to version 2022.01") Signed-off-by: Robert Marko <robert.marko@sartura.hr> (cherry picked from commit a70383080694f26d13db8341a83261f6b1c45f12)
* uqmi: fix acquiring PIN statusDaniel Golle2022-03-271-4/+8
| | | | | | | | | | | | | Evaluating the return value of 'json_load' didn't work in the intended way resulting in PIN status no longer being read on modems where --get-pin-status doesn't fail. Fix this by trying --get-pin-status first and checking if pin1_status field exists in JSON, and if it doesn't try again with --uim-get-sim-state. Fixes: #9501 Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit ee7cb5e885118b78fb5f692d8ed6c93bb7e35853)
* mac80211: backport patch that allows receiving packets with non-standard VHT ↵Felix Fietkau2022-03-271-0/+36
| | | | | | | MCS10-11 rates Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 56ae4eb90864373dd4663f579851290be74430aa)
* uboot-mediatek: add patch to allow accessing bootconf from LinuxDaniel Golle2022-03-271-0/+60
| | | | | | | | | Store selected boot configuration in '/chosen' node in device tree, so it can be accessed by Linux (and used for fine-tuning the FIT partition parser). Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit dfc3ea6810904f4f498d4a1304443c1a4c9f1e3c)
* uboot-envtools: oxnas: fix wrong eraseblock size for shuttle,kd20Daniel Golle2022-03-271-1/+1
| | | | | | | | | Shuttle KD20 has NAND flash with 0x20000 (128KiB) erase blocks. Correctly set that in uboot-envtools as well to allow writing to the bootloader environment using fw_setenv. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit fa676395136b17d753fd90137e58f02a4fcdb09e)
* openwrt-keyring: fix broken install stepPetr Štetiar2022-03-271-0/+1
| | | | | | | | | | In commit 2d03f27f0f07 ("openwrt-keyring: make opkg use 22.03 usign key") I've accidentally removed the `endef` keyword, so fix it by adding it back. Fixes: 2d03f27f0f07 ("openwrt-keyring: make opkg use 22.03 usign key") Reported-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* openwrt-keyring: make opkg use 22.03 usign keyPetr Štetiar2022-03-271-4/+3
| | | | | | | | | | | | In order to make opkg usable with artifacts produced by project's buildbot: Downloading https://downloads.openwrt.org/releases/22.03-SNAPSHOT/packages/x86_64/luci/Packages.sig Signature check failed. Remove wrong Signature file. References: https://gitlab.com/openwrt/docker/-/jobs/2255191689 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ipq40xx: update E2600AC c1/c2 board张 鹏2022-03-263-2/+4
| | | | | | | | | | Modified the radio frequency hardware part of e2600ac c1/c2, need to cooperate with the modified board.bin file, the device can work normally. Signed-off-by: 张 鹏 <sd20@qxwlan.com> (cherry picked from commit bdc786e82c13547b01bd8f699d00598a974c14f6) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* cypress-firmware: drop several packagesJosef Schlehofer2022-03-261-54/+0
| | | | | | | | | | | | | | | | | | | | | | | | 1. Drop package: cypress-firmware-4359-pcie This binary is no longer provided and there are not many details what happened. 2. Drop package: cypress-firmware-4359-sdio This binary is no longer provided, but in this case, to compare it with PCIe package mention as first, there was added support in Linux-firmware [1], but no sign of firmware file. 4. Drop package: cypress-firmware-89459-pcie [2] According to Infineon: "CYW89459 is an automotive Wi-Fi chip which is not supported in the broad market community." [1] https://patchwork.kernel.org/project/linux-wireless/patch/20191211235253.2539-6-smoch@web.de/ [2] https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/the-wifi-driver-for-CYW89459-in-linux4-14-98-2-3-00/m-p/138971 Fixes: 7ca7e0b22de6 ("cypress-firmware: update it to version 5.4.18-2021_0812") Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 51dee3f4f7bac26cae8a6355f5a9adb4823f63a5)
* openwrt-keyring: add OpenWrt 22.03 GPG/usign keysPetr Štetiar2022-03-251-3/+3
| | | | | | | | 62471e693b4f usign: add 22.03 release build public key 70817cffc905 gpg: add OpenWrt 22.03 signing key Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 759886345d900139f38bd9200a32ce12868d3343)
* zlib: backport security fix for a reproducible crash in compressorPetr Štetiar2022-03-242-1/+344
| | | | | | | | | | | | | | | Tavis has just reported, that he was recently trying to track down a reproducible crash in a compressor. Believe it or not, it really was a bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs. Tavis has reported it upstream, but it turns out the issue has been public since 2018, but the patch never made it into a release. As far as he knows, nobody ever assigned it a CVE. Suggested-by: Tavis Ormandy <taviso@gmail.com> References: https://www.openwall.com/lists/oss-security/2022/03/24/1 Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit b3aa2909a79aeff20d594160b207a89dc807c033)
* qosify: update to the latest versionFelix Fietkau2022-03-221-3/+3
| | | | | | | | | | | | | | | | | 391a9fbd5ace dns: fix parsing vlan encapsulated protocol 6aeeddbc91ad interface: extend dns filters to cover vlan tagged traffic as well 1ab53d4ca601 bpf: return TC_ACT_UNSPEC to allow other filters to proceed ca21e729af23 interface: switch to using clsact for filters 5d158f6b3c15 interface: run ingress bpf filter on main device ingress instead of ifb egress bdfcb11847ce interface: fix duplicated dns filter line b97405aa632a Revert "ubus: remove dnsmasq subscriber" 8fbaf39dbc95 interface: rework adding/removing filters, do not delete clsact d7ba5804eae4 interface: replace open-coded ifb-dns string with QOSIFY_DNS_IFNAME 91cf440db9e2 loader: fix use of deprecated functions 57c7817f91c2 qosify: fix dscp values of ubus-added dns host entries Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit af434e0da2485bd7a82895b5bb63b1182154b98e)
* kmod-lzo: include the lzo-rle kmod in the packageRui Salvaterra2022-03-221-1/+2
| | | | | | | | | | | Albeit a separate crypto module, lzo-rle uses the same kernel library as lzo. Crypto API users (zram, for example) expect both lzo and lzo-rle to be available, so let's include lzo-rle (about 5.5 kiB) in the lib-lzo package. Based on e9hack's original patch: https://patchwork.ozlabs.org/project/openwrt/patch/541cbfbd-76f2-59b3-a867-47b6f0fc7da9@gmail.com/ Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> (cherry picked from commit aaa0c09785bee4c9e2baf18c026882d1ff3bacd2)
* mediatek: Add support for Xiaomi Redmi Router AX6SRichard Huynh2022-03-211-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Also known as the "Xiaomi Router AX3200" in western markets, but only the AX6S is widely installation-capable at this time. SoC: MediaTek MT7622B RAM: DDR3 256 MiB (ESMT M15T2G16128A) Flash: SPI-NAND 128 MiB (ESMT F50L1G41LB or Gigadevice GD5F1GQ5xExxG) WLAN: 2.4/5 GHz 4T4R 2.4 GHz: MediaTek MT7622B 5 GHz: MediaTek MT7915E Ethernet: 4x 10/100/1000 Mbps Switch: MediaTek MT7531B LEDs/Keys: 2/2 (Internet + System LED, Mesh button + Reset pin) UART: Marked J1 on board VCC RX GND TX, beginning from "1". 3.3v, 115200n8 Power: 12 VDC, 1.5 A Notes: U-Boot passes through the ethaddr from uboot-env partition, but also has been known to reset it to a generic mac address hardcoded in the bootloader. However, bdata is also populated with the ethernet mac addresses, but is also typically never written to. Thus this is used instead. Installation: 1. Flash stock Xiaomi "closed beta" image labelled 'miwifi_rb03_firmware_stable_1.2.7_closedbeta.bin'. (MD5: 5eedf1632ac97bb5a6bb072c08603ed7) 2. Calculate telnet password from serial number and login 3. Execute commands to prepare device nvram set ssh_en=1 nvram set uart_en=1 nvram set boot_wait=on nvram set flag_boot_success=1 nvram set flag_try_sys1_failed=0 nvram set flag_try_sys2_failed=0 nvram commit 4. Download and flash image On computer: python -m http.server On router: cd /tmp wget http://<IP>:8000/factory.bin mtd -r write factory.bin firmware Device should reboot at this point. Reverting to stock: Stock Xiaomi recovery tftp that accepts their signed images, with default ips of 192.168.31.1 + 192.168.31.100. Stock image should be renamed to tftp server ip in hex (Eg. C0A81F64.img) Triggered by holding reset pin on powerup. A simple implementation of this would be via dnsmasq's dhcp-boot option or using the vendor's (Windows only) recovery tool available on their website. Signed-off-by: Richard Huynh <voxlympha@gmail.com> (cherry picked from commit 9f9477b2751231d57cdd8c227149b88c93491d93)
* OpenWrt v22.03: set branch defaultsPaul Spooren2022-03-201-1/+1
| | | | Signed-off-by: Paul Spooren <mail@aparcar.org>
* ncurses: update to 6.3Huangbin Zhan2022-03-196-37/+37
| | | | | | release notes: https://invisible-island.net/ncurses/announce-6.3.html Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
* ramips: add support for Beeline SmartBox FlashMikhail Zhilkin2022-03-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Beeline SmartBox Flash is a wireless AC1300 (WiFi 5) router manufactured by Arcadyan company. Device specification -------------------- SoC Type: MediaTek MT7621AT RAM: 256 MiB, Winbond W632GU6NB Flash: 128 MiB (NAND), Winbond W29N01HVSINF Wireless 2.4 GHz (MT7615DN): b/g/n, 2x2 Wireless 5 GHz (MT7615DN): a/n/ac, 2x2 Ethernet: 3xGbE (WAN, LAN1, LAN2) USB ports: 1xUSB3.0 Button: 1 (Reset/WPS) LEDs: 1 RGB LED Power: 12 VDC, 1.5 A Connector type: Barrel Bootloader: U-Boot (Ralink UBoot Version: 5.0.0.2) OEM: Arcadyan WE42022 Installation ------------ 1. Place *factory.trx on any web server (192.168.1.2 in this example) 2. Connect to the router using telnet shell (no password required) 3. Save MAC adresses to U-Boot environment: uboot_env --set --name eth2macaddr --value $(ifconfig | grep eth2 | \ awk '{print $5}') uboot_env --set --name eth3macaddr --value $(ifconfig | grep eth3 | \ awk '{print $5}') uboot_env --set --name ra0macaddr --value $(ifconfig | grep ra0 | \ awk '{print $5}') uboot_env --set --name rax0macaddr --value $(ifconfig | grep rax0 | \ awk '{print $5}') 4. Ensure that MACs were saved correctly: uboot_env --get --name eth2macaddr uboot_env --get --name eth3macaddr uboot_env --get --name ra0macaddr uboot_env --get --name rax0macaddr 5. Download and write the OpenWrt images: cd /tmp wget http://192.168.1.2/factory.trx mtd_write erase /dev/mtd4 mtd_write write factory.trx /dev/mtd4 6. Set 1st boot partition and reboot: uboot_env --set --name bootpartition --value 0 reboot Back to Stock ------------- 1. Run in the OpenWrt shell: fw_setenv bootpartition 1 reboot 2. Optional step. Upgrade the stock firmware with any version to overwrite the OpenWrt in Slot 1. MAC addresses ------------- +-----------+-------------------+----------------+ | Interface | MAC | Source | +-----------+-------------------+----------------+ | label | 30:xx:xx:51:xx:09 | No MACs was | | LAN | 30:xx:xx:51:xx:09 | found on Flash | | WAN | 30:xx:xx:51:xx:06 | [1] | | WLAN_2g | 30:xx:xx:51:xx:07 | | | WLAN_5g | 32:xx:xx:41:xx:07 | | +-----------+-------------------+----------------+ [1]: a. Label wasb't found neither in factory nor in other places. b. MAC addresses are stored in encrypted partition "glbcfg". Encryption key hasn't known yet. To ensure the correct MACs in OpenWrt, a hack with saving of the MACs to u-boot-env during the installation was applied. c. Default Ralink ethernet MAC address (00:0C:43:28:80:36) was found in "Factory" 0xfff0. It's the same for all Smartbox Flash devices. OEM firmware also uses this MAC when initialazes ethernet driver. In OpenWrt we use it only as internal GMAC (eth0), all other MACs are unique. Therefore, there is no any barriers to the operation of several Smartbox Flash devices even within the same broadcast domain. Stock firmware image format --------------------------- +--------------+---------------+----------------------------------------+ | Offset | 1.0.15 | Description | +==============+===============+========================================+ | 0x0 | 5d 43 6f 74 | TRX magic "]Cot" | +--------------+---------------+----------------------------------------+ | 0x4 | 00 70 ff 00 | Length (reverse) | +--------------+---------------+----------------------------------------+ | | | htonl(~crc) from 0xc ("flag_version") | | 0x8 | 72 b3 93 16 | to "Length" | +--------------+---------------+----------------------------------------+ | 0xc | 00 00 01 00 | Flags | +--------------+---------------+----------------------------------------+ | | | Offset (reverse) of Kernel partition | | 0x10 | 1c 00 00 00 | from the start of the header | +--------------+---------------+----------------------------------------+ | | | Offset (reverse) of RootFS partition | | 0x14 | 00 00 42 00 | from the start of the header | +--------------+---------------+----------------------------------------+ | 0x18 | 00 00 00 00 | Zeroes | +--------------+---------------+----------------------------------------+ | 0x1c | 27 05 19 56 … | Kernel data + zero padding | +--------------+---------------+----------------------------------------+ | | | RootFS data (starting with "hsqs") + | | 0x420000 | 68 73 71 73 … | zero padding to "Length" | +--------------+---------------+----------------------------------------+ | | | Some signature data (format is | | | | unknown). Necessary for the fw | | "Lenght" | 00 00 00 00 … | update via oem fw web interface. | +--------------+---------------+----------------------------------------+ | "Lenght" + | | TRX magic "HDR0". U-Boot is | | 0x10c | 48 44 52 30 | checking it at every boot. | +--------------+---------------+----------------------------------------+ | | | 1.00: | | | | Zero padding to ("Lenght" + 0x23000) | | | | 1.0.12: | | | | Zero padding to ("Lenght" + 0x2a000) | | "Lenght" + | | 1.0.13, 1.0.15, 1.0.16: | | 0x110 | 00 00 00 00 | Zero padding to ("Lenght" + 0x10000) | +--------------+---------------+----------------------------------------+ Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
* base-files: add wrapper for procd service list commandFlorian Eckert2022-03-191-0/+8
| | | | | | | | | | | | | | | | A service managed by procd does have a json object with usefull information. This information could by dumped with the following command. ubus call service list "{ 'verbose':true, 'name': '<service-name>)'". }" This line is long and complicated to enter. This commit adds a wrapper call to the procd service section tool to simplify the input and get the output faster. We could now enter the command /etc/initd/<service> info to get the info faster. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* procd: move service command to procdFlorian Eckert2022-03-193-21/+31
| | | | | | | | The service command belongs to the procd and does not belong in the shinit. In the course of the move, the script was also checked with shellcheck and cleaned up. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* iptables: bump PKG_RELEASEEtienne Champetier2022-03-191-1/+1
| | | | | | Following {arp,eb}tables-nft addition, bump PKG_RELEASE Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: add {arp,eb}tables-nftEtienne Champetier2022-03-192-0/+145
| | | | | | | Add a patch to add some missing init_extensions{a,b}() calls Package lib{arp,eb}t_*.so Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: add xtables-nft packageEtienne Champetier2022-03-191-3/+14
| | | | | | | This allows to install ip6tables-nft without iptables-nft This prepare the addition of {arp,eb}tables-nft Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* iptables: add xtables-legacy packageEtienne Champetier2022-03-191-3/+14
| | | | | | This allows to install ip6tables-legacy without iptables-legacy Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* ebtables: rename to ebtables-legacyEtienne Champetier2022-03-191-14/+21
| | | | | | | | This prepare the introduction of ebtables-nft. Add PROVIDES so dependencies are not broken, use ALTERNATIVES. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* arptables: rename package to arptables-legacyEtienne Champetier2022-03-191-4/+7
| | | | | | | | This prepare the introduction of arptables-nft. Add PROVIDES so dependencies are not broken, use ALTERNATIVES. Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* cypress-firmware: update it to version 5.4.18-2021_0812Josef Schlehofer2022-03-191-38/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Binary files were renamed to cyfmac from brcmfmac, but the files needs to be on the router with the previous naming [ 6.656165] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6 [ 6.665182] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.bin failed with error -2 [ 6.674928] brcmfmac mmc1:0001:1: Falling back to sysfs fallback for: brcm/brcmfmac43455-sdio.bin - Cypress were acquired by Infineon Technologies Thus change the project URL and switch to download files from their GitHub repository. This is much better than the previous solution, which requires finding new threads on their community forum about new driver updates, and it will be necessary to change the URL each time. Unfortunately, it seems that there is not published changelog, but according to this forum thread [1], be careful by opening the link from solution since it contains ending bracket ), it brings fixes for various security vulnerabilities, which were fixed in 7_45_234. Fixes: - FragAttacks - Kr00k Also add LICENSE file Run tested on Seeedstudio router powered by Raspberry Pi 4 CM with package cypress-firmware-43455-sdio. Before: root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6' [ 6.895050] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Mar 23 2020 02:20:01 version 7.45.206 (r725000 CY) FWID 01-febaba43 After: root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6' [ 6.829805] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID 01-996384e2 [1] https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/Outdated-brcmfmac-firmware-for-Raspberry-Pi-4-in-OpenWrt-21-02-1/m-p/331593#M2269 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* iwinfo: update to latest Git headJosef Schlehofer2022-03-191-3/+3
| | | | | | | | | Changelog: 90bfbb9 devices: Add Cypress CYW43455 234075b devices: fix AMD RZ608 format 0e2a318 devices: add AMD RZ608 device-id Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* bpftools: fix library path on 64 bit systemsFelix Fietkau2022-03-191-3/+3
| | | | | | | drop the use of LIB_SUFFIX Fixes: 00cbf6f6ab1d ("bpftools: update to standalone bpftools + libbpf, use the latest version") Signed-off-by: Felix Fietkau <nbd@nbd.name>