git.openwrt.org Git - openwrt/staging/pepe2k.git/log

libnl: add support for cli

Some packages (like wavemon >= 0.9.4) depend on libnl-cli. Add support
for this part of the lib. libnl-cli itself depends on libnl-genl and
libnl-nf. On MIPS, this component adds 81kB.

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(punctuation correction and reorganisation of commit message)
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 4bdd1c1a135b5c816a01055f3cc9fc158bbc840a)

mediatek: add label-mac for GL.iNet GL-MT3000

The MAC-address of gmac0 matches the one printed on the bottom label.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit ae500e62e2938e112ae1fc6aa7389e8c7b784b13)

odhcpd: Bump to latest commits

d8118f6 config: make sure timer is not on the timeouts list before freeing
4bbc6e7 add hostsfile output in addition to statefile

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 0221b860321ca2dd2bdc6339c01aa9adb3ddb34e)

uboot-mediatek: fix global pll clock override on mtk_spim

With patch 101-03-spi-mtk_spim-get-spi-clk-rate-only-once.patch
a new system to calculate the SPI clocks has been added.

Unfortunately, the do_div macro overrides the global
priv->pll_clk_rate field. This will cause to have a reduced
clock rate on each subsequent SPI call.

Signed-off-by: Valerio 'ftp21' Mancini <ftp21@ftp21.eu>
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit 8849ccb9957e69d85c93ad4b58400573a181ad18)

build: fix pkg-config detection when inside of a nix-shell

The output of command_all when inside a nix-shell looks like the below
where /usr does not match:

➜ scripts/command_all.sh pkg-config
/nix/store/ifr6srqgpvygd5vp14748d109ri31isv-pkg-config-wrapper-0.29.2/bin/pkg-config

Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
(cherry picked from commit 86ca7199dfb132042ce3110acef23d74f4ef14a7)

ci: add workflow for automated GitHub release

Implement a GitHub Actions workflow for automated project releases.

The workflow triggers on Git tags, ensuring that a GitHub release is
created whenever a new tag is pushed.

That new release is going to be created in draft and pre-release mode
and needs to be manually promoted to the proper release, once its
decided, that its good enough and prepared.

This is a start of a streamlined and consistent release process for
GitHub, reducing manual intervention.

Acked-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 280d9dd75874ef4c4e2407366eda987cda8efd25)

hostapd: fix broken WPS on broadcom-wl and ath11k

Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl/ath11k
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.

The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.

Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
Bug-Debian: https://bugs.debian.org/1004524
Bug-ArchLinux: https://bugs.archlinux.org/task/73495
Upstream-Status: Changes Requested [https://patchwork.ozlabs.org/project/hostap/patch/20220130192200.10883-1-mail@david-bauer.net]
Reported-by: Étienne Morice <neon.emorice@mail.com>
Tested-by: Étienne Morice <neon.emorice@mail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 6dca88aa4acd60229147628cb920d05a1136666d)

build: add CycloneDX SBOM JSON support

CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.

So lets add support for CycloneDX SBOM for packages and images
manifests.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d604a07225c5c82b942cd3374cc113ad676a2519)

package-dumpinfo,metadata: add ABI version information to package index

There is no standard for ABI versioning, so its not possible to find out
from `libext2fs2`, `libiwinfo20230701` or `libss2` package names if
thats just package name or package name with ABI version included. To
help with the decision, lets make ABI version aviable in package index.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 649655f427932fe79b96a41f883c8054b1806191)

package-metadata: add CPE information to JSON package manifests

Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.

In order for the information to be processed further, it should also be
available in JSON package manifests.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8562c65ff8aae3899cdb190319709500b7651492)

package-dumpinfo: add CPE information to package index

Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.

In order for the information to be processed further, it should also be
available in package index files.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 33b3fea70245068030ef64b6d7c5b344d08ba9d8)

firewall4: update to the latest version

23a434d0d15d tests: fix expected test output
840ccdeeabce fw4: avoid emitting invalid rule jump targets
20da9933fd7e fw4: fix another instance of invalid rule jump targets
598d9fbb5179 fw4: remove special cases around hw flow offloading

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 7049ea9e95b0aec461f585523b773e68db3ae304)

ucode: update to latest Git HEAD

cfb24ea build: avoid redefining _FORTIFY_SOURCE
448c763 lib: enforce consistent `index()` behavior with empty needle argument
cdc0203 nl80211: fix maybe uninitialized variable
a69b5c8 vm: fix unused result warning
ea046bd build: enable source fortification by default

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 262554f12cbcc4e3bea2440ce1e696ce8791e732)

ucode: fix build on macos

Remove ABI version, since its format is not accepted by the linker.
Enable rpath to avoid clash with system libraries

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 5eb8a21ba5fe5e87c03f0361d1db989189be9c6d)

ucode: update to latest Git HEAD

- Introduces signal handling facilities
- Fixes potentially incorrect object equality tests
- Introduces debug library
- Introduces log library
- ABI version bump due to changed VM structure layout
- Revised packaging

Changelog:

07c0317 jsdoc: switch to own custom theme
6ca08b0 jsdoc: properly handle indented documentation blocks
2a67f22 lib: add/improve documentation for require(), loadfile(), loadstring()
9993ccb uci: fix potential memory leaks in `configs()`
f56394f ci: re-trigger workflows on pull request pushes
1c18993 lib: various documentation fixes
d25dcb1 uci: add module documentation
4a8ece2 docs: use CSS and local JavaScript fixups to improve formatting
8f21cfa lib: introduce log library
8a3aefe build: auto-enable module depending on present libraries
6a01adc build: convert CMakeLists.txt into lowercase
8700665 ci: don't skip pull request workflows for `master` branch
0184d23 include: fix execvpe compat function on macOS
8b23884 uloop: rename environ variable to avoid clashing with system macro on macOS
7c209d7 types: ensure double serializatiion with decimal places
d150425 rtnl: update the link attr TODOs
d394174 rtnl: add IFLA_TARGET_NETNSID for operating in other namespaces
1227733 lib: fix documented return value for `splice()`
c9982de docs: add struct module documentation
7dde493 docs: add missing headline to debug module documentation
8f852ea types: improve comparison reliability of binary strings
6940c28 lib: introduce debug library
be07107 treewide: consolidate platform specific code in platform.c
2593270 uloop: interrupt on VM signals
97a5292 lib: add `signal()` stdlib function
1dbbb6a main: enable signal dispatching in the standalone cli interpreter
1623245 types: treat signal handler array as GC root
29b1c0d vm: introduce basic signal handling infrastructure
093684d fs: explicitly compare isatty() result
4f4f38f types: don't rely on implicit type conversion in ucv_compare()
4bee0ef docs: disable GitHub Jekyll post processing
5efb7a0 docs: further rework
33bc7bf docs: fix markup quirks
9d5e420 docs: add information about memory management and operator precedence
f1190ef docs: various improvements
f0cc841 fs: use `fseeko()` and `ftello()`
cba0c3c fs: complete function documentation coverage
f9260f7 github: drop superfluous CNAME file
c85bc74 Create CNAME
5309294 lib: add JSDoc documentation
b0f2f90 fs: add JSDoc documentation
fe086da math: add JSDoc documentation
70f9348 docs: add initial JSDoc infrastructure
24f1a56 source: fix source offset accounting
9df9160 lexer: don't count EOF token as newline
b9d8f06 ci: switch to official openwrt/gh-action-sdk

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit eacc885816fb46bf4054b0c3dd2cd1513322ad09)

bcm53xx: add the latest fix version of brcm_nvram

It was just sent for upstream.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 943bd3c9f6244c928cd168302d638a6a218fd4e6)

kernel: fix mtd/NVMEM regression affecting U-Boot env NVMEM driver

Fixes: 20736013e910 ("kernel: backport nvmem v6.6 fixes and v6.7 changes")
Fixes: https://github.com/openwrt/openwrt/issues/13831
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c997634c017294cb38cf6f9a0112860c7e736a53)

kernel: backport nvmem v6.6 fixes and v6.7 changes

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b5956700702b5649ec70bfa0d115af5b439ce6d1)

kernel: backport v6.6 nvmem changes

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 52c365f055f62eb820cc42b0a1cfd037c68b01d0)

kernel: nvmem: fix "fixed-layout" & support "mac-base"

DT binding for MAC cells in fixed layout was upstream approved and
accepted. Add support for it. This can replace quite some of our
downstream hacks.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 61f674df4f0ce2b1c53b0b7f6b0c1d03d99838c0)

urngd: update to version 2023-11-01

Fix compilation with glibc

44365eb Deactivate _FORTIFY_SOURCE in jitterentropy-base.c

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d62726b1e44f785d543e4625b19ca1f628adda6c)

uboot-mediatek: fix determine the size of an uImage.FIT using 'imsz' or 'imszb'.

It must read the entire image for previous code of 'imsz' or 'imszb'.

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Suggested-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 3bbc1d5fba1d700917138334a48c16bafdf48de9)

mediatek: add build for MT7981 RFB

Add build for the MTK3943 reference board for MT7981B+MT7976C.

**Hardware specification:**

- SoC: MediaTek MT7981B 2x A53
- Flash: various options
- RAM: 256MB DDR3
- Ethernet: 4 x 10/100/1000 Mbps via MT7531AE switch
        EITHER 1 x 10/100/1000 Mbps built-in PHY
            OR 1 x 10/100/1000/2500 Mbps MaxLinear GPY211C
- Switch: MediaTek MT7531AE
- WiFi: MediaTek MT7976C
- Button: RST, WPS

**Flash instructions for SPIM-NAND:**
- write *mt7981-rfb-spim-nand-preloader.bin to 'BL2' partition
- write *mt7981-rfb-spim-nand-bl31-uboot.fip to 'FIP' partition
- erase 'ubi' partition
- reset board
- create ubootenv and ubootenv2 UBI volumes in U-Boot
- edit environment and set bootcmd, e.g.
   setenv bootconf 'config-1#mt7981-rfb-spim-nand#mt7981-rfb-mxl-2p5g-phy-eth1'
   setenv bootcmd 'ubi read $loadaddr fit; bootm $loadaddr#$bootconf'
- load initramfs image via TFTP:
   setenv serverip 192.168.1.254
   setenv ipaddr 192.168.1.1
   setenv bootfile openwrt-mediatek-filogic-mediatek_mt7981-rfb-initramfs.itb
   saveenv ; saveenv
   tftpboot
   bootm $loadaddr#$bootconf
- Now use sysupgrade to write OpenWrt firmware to flash.

SNFI-NAND, SPIM-NOR and eMMC all work very similar, a bootable SD card image
is also being generated. However, as the board I've been provided only comes
with SPIM-NAND all other boot media are untested.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ce7209bd21661e3daa4a7f2f58dafdff990da19f)

uboot-mediatek: add build for mt7981 rfb

Improve and package builds for various boot media configurations of the
MediaTek MT7981 reference board.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 8428bed15d9b5a71a634c7f5639de31a09795bec)

arm-trusted-firmware-mediatek: fix copy&paste error in Makefile

When adding builds for MT7981 the related Makefile sections for MT7986
have apparently been copied, but in one instance the rename from 7986 to
7981 has been omitted. Fix that now.

Fixes: 602cb4f325 ("arm-trusted-firmware-mediatek: add build for MT7981 DDR3")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit be6e257fe6a248425fd390e9a2037a8432e644ea)

kernel: serial: 8250_mtk: track busclk state to avoid bus error

UARTs not used as boot console are currently broken on some MediaTek
targets due to register access depending on the bus clock being enabled.
Add patch to make sure this dependency is always met.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9f62abbb60b849c710cc7e40498d661827e8f852)

hostapd: fix OWE association with mbedtls

The code for hostapd-mbedtls did not work when used for OWE association.

When handling association requests, the buffer offsets and length
assumptions were incorrect, leading to never calculating the y point,
thus denying association.

Also when crafting the association response, the buffer contained the
trailing key-type.

Fix up both issues to adhere to the specification and make
hostapd-mbedtls work with the OWE security type.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 39341f422f895a37b405b753c3630b1bdc9b8c6e)

ramips: enable wireless LEDs activity blinking for TP-Link EC330-G5u v1

This commit enables wireless LEDs activity blinking for TP-Link EC330-G5u
v1 router.

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
(cherry picked from commit 7666940efea27c7d16bb0e329bb5dd7117fb5807)

hostapd: do not trim trailing whitespace, except for newline

Fixes adding SSID or key with trailing whitespace

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a2d8226c4f45555f49542d6f047b70d44f23f7ec)

ath79: increase the rfkill debounce interval for TP-Link Archer C7 v2

Due to circuit issue or silicon defect, sometimes the WiFi switch button
of the Archer C7 v2 can be accidentally triggered multiple times in one
second. This will cause WiFi to be unexpectedly shut down and trigger
'irq 23: nobody cared'[1] warning. Increasing the key debounce interval
to 1000 ms can fix this issue. This patch also add the missing rfkill
key label.

[1] Warning Log:
```
[87765.218511] irq 23: nobody cared (try booting with the "irqpoll" option)
[87765.225331] CPU: 0 PID: 317 Comm: irq/23-keys Not tainted 5.15.118 #0
...
[87765.486246] handlers:
[87765.488543] [<85257547>] 0x800c29a0 threaded [<5c6328a2>] 0x80ffe0b8 [gpio_button_hotplug@4cf73d00+0x1a00]
[87765.498364] Disabling IRQ #23
```

Fixes: https://github.com/openwrt/openwrt/issues/13010
Fixes: https://github.com/openwrt/openwrt/issues/12167
Fixes: https://github.com/openwrt/openwrt/issues/11191
Fixes: https://github.com/openwrt/openwrt/issues/7835
Tested-by: Hans Hasert
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit e32f70e7066c3110694851eced3301f50019693b)

ramips: fix Gigabit Ethernet port of the HiWiFi HC5861

HiWiFi HC5861 has a GbE port which connected to the RTL8211E PHY
chip. This patch adds the missing Realtek PHY driver package and
sets the correct external PHYs base address to make it work again.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit f025135f16e2b3e9398cfd87585d055a1ca31975)

iptables: opt-out of lto usage

This fixes building with USE_LTO enabled.

<artificial>:(.text+0xc22): relocation R_MIPS16_26 against `libxt_DNAT_init' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol printf
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status

Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 5dbdf3bb3af27993977aaaa72dca07d9251c1919)

lua: opt-out of lto usage

This fixes building with USE_LTO enabled.

<artificial>:(.text+0xcc8): relocation R_MIPS16_26 against `luaL_argerror' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol strcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status

Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 246b97b607e316d6acae66a23fcdf6d12c02a786)

libsepol: opt-out of lto usage

This fixes building with USE_LTO enabled.

<artificial>:(.text+0x4194): relocation R_MIPS16_26 against `cil_printf.lto_priv.0' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol memcmp
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status

Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 1925a183a3f25d2db1f10addc85ed894df14c210)

libselinux: opt-out of lto usage

This fixes building with USE_LTO enabled:

<artificial>:(.text.exit+0x6e): relocation R_MIPS16_26 against `pthread_key_delete' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol stpcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status

Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit 2a33d26d2110a9332e343a1deb32c9eee486c0db)

iwinfo: opt-out of lto usage

This fixes building with USE_LTO enabled.

<artificial>:(.text+0x400c): relocation R_MIPS16_26 against `iwinfo_close' cannot be used when making a shared object; recompile with -fPIC
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: non-dynamic relocations refer to dynamic symbol strcpy
./openwrt/staging_dir/toolchain-mips_24kc_gcc-12.3.0_musl/lib/gcc/mips-openwrt-linux-musl/12.3.0/../../../../mips-openwrt-linux-musl/bin/ld.bfd: failed to set dynamic section sizes: bad value
collect2: error: ld returned 1 exit status

Signed-off-by: Anari Jalakas <anari.jalakas@gmail.com>
(cherry picked from commit fbacc5ae52ec8fbe89b3a47850b4d6f62d4c4bf5)

build: hide kmod-zram config unless enabled

Currently the zram default compressor choice is displayed whether or not
zram is activated. Since the default choice is lzo-rle, this adds a
false dependency on kmod-lib-lzo.
With this patch, the choice options appear only when activating zram.

Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit 62ada26de28e6c43a957b8f186ead1f45e6a5623)

qualcommax: only build initramfs if CONFIG_TARGET_ROOTFS_INITRAMFS is set

This makes it possible to build the ipq807x netgear-wax218 without initramfs - which is required for downstream projects (gluon)

Signed-off-by: Florian Maurer <f.maurer@outlook.de>
(cherry picked from commit b3d2008f92f15ff776ad6c4f6d113b0cda1bd2d0)

uboot-mediatek: Sync phy-mode for Xiaomi Redmi Router AX6000

Commit 572ea6807053 ("uboot-mediatek: add patches for MT7988 and
builds for RFB") renamed HSGMII to 2500basex, but forgot to update
the dts of Redmi Router AX6000, makes the network unusable.
This patch makes the network usable again.

Fixes: #13724
Fixes: 572ea6807053 ("uboot-mediatek: add patches for MT7988 and builds for RFB")
Signed-off-by: Furong Xu <xfr@outlook.com>
(cherry picked from commit 03987d2d11c4954e3e8afa3d44ba6213e774c742)

sunxi: fixes led for nanopi boards

Kernel 5.15 already supports the NanoPi R1 and NanoPi R1S H5,
and they use new LED bindings that do not match the existing
settings in 01_leds. Update led settings to fixes that.

List the led node on NanoPi R1S H5:
root@OpenWrt:~# ls /sys/class/leds/
green:lan green:wan red:status

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit b25c7548e07ad8775f8511ba8276bf3ecb4409ba)

kernel: bump 5.15 to 5.15.137

Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.137

All patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
[Refreshed on top of OpenWrt 23.05]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 75aeb7ed627ba5ea6f10f365b232bed21e40b502)

kernel: bump 5.15 to 5.15.136

Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.136

Removed bcm53xx patch backported from 5.15.136:
target/linux/bcm53xx/patches-5.15/081-xhci-Keep-interrupt-disabled-in-initialization-until.patch [1]

All other patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

1. https://github.com/openwrt/openwrt/pull/13751#issuecomment-1781206937

Signed-off-by: John Audia <therealgraysky@proton.me>
[rmilecki: updated commit description & tested on Luxul XWR-3150]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
[Refreshed on top of OpenWrt 23.05]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5a6368e85deb1d751238447ea8b289576e701cb0)

bcm53xx: backport XHCI patch modifying xhci_run_finished()

This will help switching to newer 5.15 kernels. This backport required
rebasing Northstar's USB host patch.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c25c1e28b778e185da9253c4638db67952a84476)

kernel: bump 5.15 to 5.15.135

Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.135

All patches automatically rebased.

Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3

Signed-off-by: John Audia <therealgraysky@proton.me>
[Refreshed on top of OpenWrt 23.05]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 096bb8ed82cebeb8926a5b64466afec649385159)

kernel: fix jffs2 compilation with GCC_PLUGIN_RANDSTRUCT enabled

Designated initializers are required when using the randstruct GCC
plugin, otherwise an error like the following is seen:

./include/linux/lzma.h:60:31: error: positional initialization of field in 'struct' declared with 'designated_init' attribute [-Werror=designated-init]

This was originally applied via 55643e469c21, but was unintentionally
reverted in 483503603cb2.

Fixes: 483503603cb2 ("generic: 5.15: rework pending patch")
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry picked from commit b2068f4aac43754a681b675ff3814d9ca87ac986)
[ drop change for unavailable kernel 6.1 ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

umdns: update to the latest version

479c7f8676d9 cache: make record/hostname lookup case-insensitive
26c97a5a50bf ubus: add a browse flag for suppressing cached ip addresses
c286c51a9bd9 Fix AVL tree traversal in cache_record_find and cache_host_is_known
4035fe42df58 interface: use a global socket instead of per-interface ones
c63d465698c7 cache: dump hostname target from srv records
b42b22152d73 use hostname from SRV record to look up IP addresses
d45c443aa1e6 ubus: add array flag support for the hosts method

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3e1ac00ccbdaa0c396b36429ddbe83d2e3f6276f)

uqmi: update to latest HEAD

c8c9f10 uim: fix help formatting
aac0776 uqmi: add APN profile commands
ffc5eea uim: support SIM card power-up/down
d6c963d uim: add application state to SIM status

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 0da74dbb453d739ee37bbdca75cac5e294b2cb56)

prereq: merge common cases in SetupHostCommand

Now that most cases do the same thing in SetupHostCommand, merge them
together into one. To allow moving the generic symlink check, invert the
check and let it check for relative links by matching on link targets
that do not start with a slash.

This then allows us to also drop the absolute link case, shortening the
case statement further.

This reorders the check to

* if it is not a symlink, do not change it
* if it is a symlink and it points to the found command, do not change it
* if it is a symlink with a relative path, do not change it
* else, update/replace it

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit 3210aa8e0a113cc4354628b08b608c5c8f792941)

prereq: make existing binary check work for sdk as well

To avoid replacing host built binaries with symlinks again, a check for
an appropriate stamp was added in 729909c07f ("prereq-build: do not
replace binaries with symlinks"). Unfortunately the stamp directory does
not exist in the SDK, so the fix was ineffective there.

This caused the packages builders to e.g. use the host tar again, which
in turn made the tarballs created different since it may lack
reproducibility fixes, or implement these differently, causing spurious
hash failures on source repository based packages.

Fix this by dropping the stamp dir check, and just check that the file
is usable.

Fixes: 729909c07f ("prereq-build: do not replace binaries with symlinks")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit c1ef10c8d873254ce7c1f3019d821c4a87227474)

bcm53xx: backport 1 more late DT patch accepted for v6.7

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 732ae343ffb3ad19978b75a8105d55f5e6d1d435)

bcm53xx: disable unused switch ports in downstream patch

This makes Linux use correct switch ports again.

Fixes: a4792d79e899 ("bcm53xx: backport DT changes from v6.5")
Fixes: https://github.com/openwrt/openwrt/issues/13548
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a912ee74d6ca08020933dcdb9ce791e74244c25b)

bcm53xx: backport DT changes queued for v6.7

Among other changes this commit makes Linux use correct switch ports
again.

Fixes: a4792d79e899 ("bcm53xx: backport DT changes from v6.5")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a67af19bc84e98588c307af9b08686bde9dd38d5)

bcm53xx: simplify patch adding switch ports

We now have all raw ports defined in bcm-ns.dtsi. Leave only lables in
custom device files.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 08ce0c76d7d7daad5e9382d51960d69f4b8b8f3a)

bcm53xx: build a single device per profile

So far every build of a single bcm53xx Target Profile (it means: when
NOT using CONFIG_TARGET_MULTI_PROFILE) resulted in all target devices
images being built. Now it only builds the one matching selected
profile.

Fixes: #13572
Suggested-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rani Hod <rani.hod@gmail.com>
[rmilecki: update commit subject + body & move PROFILES line]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 802a5f5cb4a7b42d25e82b787d7ab1323a20183f)

bcm53xx: add support for ASUS RT-AC3100

ASUS RT-AC3100 is ASUS RT-AC88U without the external switch.

OpenWrt forum users effortless and ktmakwana have confirmed that there are
revisions with either 4366b1 or 4366c0 wireless chips.

Therefore, include firmware for 4366b1 along with 4366c0. This way, all
hardware revisions of the router will be supported by having brcmfmac use
the firmware file for the wireless chip it detects.

Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit 2214bab3503981fe6168746acd13044a9d5e89e7)

bcm53xx: backport DT changes for ASUS RT-AC3100 queued for v6.6

Backport the patch that adds the DT for ASUS RT-AC3100.

Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit b7ee8c9f83ea0e3b861e6b71b08ed7a62066d149)

bcm53xx: add Wavlink Quantum DAX/WL-WN538A8 as alt name

As already documented in the wiki (https://openwrt.org/toh/wavlink/quantum_dax_wn538a8),
this router is based on the Phicomm K3. Just the flashing method is different

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
(cherry picked from commit f1136fe1fd3e7539c4efb035efeffe77500dd9c0)

openssl: update to 3.0.12

Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e4ebc7b5662d6436fcc84b8e1583204b96fb0503)

bcm53xx: Linksys EA9200 nvram and 02_network fixes

1) clear nvram partialboots upon successful boot
This behavior is already defined for EA9500; enabled for EA9200 too.

2) fix MAC address in board.d/02_network
Use the correct nvram variable to derive lan/wan MAC address.

Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit 9c42d23c5f7aa2b7f80af96921b2d5476626b8c6)

ramips: TP-link archer A6/C6 device tree updates

Set correct GPIO (10) for the WPS button. This matches GPIO settings in
vendor GPL sources. Note that GPL sources also mention a USB indicator
LED (GPIO 13) but the device has neither an external USB port nor a USB LED.

In addition, prefixes (button-, led-) are added to relevant DT entries,
as well as color and function specifications for LEDs.

Closes: #13736
Reported-by: Waldemar Czabaj <kaball@wp.pl>
Signed-off-by: Rani Hod <rani.hod@gmail.com>
(added led mitigations for wifi leds)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit fe5e4987776ef66c6788f70251dcbc0ca80a1c5f)

CI: provide new required secret for S3 endpoint and bucket name

Provide new required secret for S3 endpoint and bucket name to permit an
easier migration to new services.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 881235c713fae8692190178561af4eb2dee4ead1)

CI: generilize S3 secret keys name and rename to proper name

Generilize S3 secret keys and rename to make them not platform specific.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f98dc5aa43e9d84b8ceef9414fd4f92e05c418d7)

CI: drop unused reusable workflow and dockerfiles

Drop unused reusable workflow and dockerfiles now that we moved them to
a dedicated repository.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 14293dd901e5fdb0fd242945b5916ccbb33ab328)

CI: migrate each workflow to use reusable workflow from dedicated repo

Migrate each workflow to use reusable workflow from dedicated repo to
skip pushing CI related commits to openwrt and better track versioning
of CI workflow.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 38cc09165fd11caa9599d960280bd91dbaba7a62)

CI: build-tools: build all host tools

Now that we build also core packages, we need more host tools. Compile
all of them to reduce compile time on other actions.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit de9955a62f6aab6eafb2cfdffc4829ee97e69c04)

CI: label-kernel: support compile testing kernel version and all target

Add support to label-kernel for compiling testing kernel version and
check patches. To trigger this special build appent :testing to the
normal label.
Example:

- ci:kernel:ipq806x:generic:testing

Test will fail if the requested target doesn't have a defined kernel
testing version.

Also add support for testing all target and subtarget. To trigger this
some special pattern are added:
- ci:kernel:all:all
  Trigger test for all target and subtarget

- ci:kernel:all:first
  Trigger test for all target and the first subtarget in alphabetical
  order for the target.

With these special case :testing can also be used and every target and
subtarget that supports kernel testing version will be selected:
- ci:kernel:all:all:testing
  Trigger test for all target and subtarget that have a kernel testing
  version defined.

- ci:kernel:all:first:testing
  Trigger test for all target and the first subtarget in alphabetical
  order for the target that, if they have a kernel testing version
  defined.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 218deba503f38e2f44f5012baf96af91b3e00c6a)

ci: build: verify downloaded toolchain tarball

CDNs are known to ship outdated or corrupted files, if it unpacks
correctly, it necessarily doesn't mean, that we're using the desired
content. So lets fix it by checking the tarball as well.

I'm adding GPG checking explicitly, its not needed, but just double
checking, that everything is working as expected on build
infrastructure.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 95dde523297c652072ee96ac32d22912a43ef761)

ci: bump buildworker container to version v6

Its being used by buildbot workers, adds g++-multilib to fix node
cross-compilation from a 64-bit build machine to 32-bit host.

References: https://github.com/openwrt/buildbot/pull/7
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 567784127e92ba6f9291adb1a546f567e50d9850)

CI: kernel: test each subtarget on push events

Test each subtarget on push events to improve testing and to refresh
ccache of each subtarget.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5bafc4352fb543c03389b6237f0e2fe327f328fa)

CI: add support for getting ccache cache from S3

Add support for getting ccache cache from S3.
ccache is archieved in a tar and downloaded from S3 Cloud Storage.

For push events, ccache is then uplodaed back to S3 to refresh and have
a ccache cache always fresh.

An additional workflow is added to upload files to an S3 Cloud Storage
from artifacts uplodaed to github. The minio tool is used to upload
files to S3.

If the ccache can't be downloaded from s3, we fallback to github cache
system.

Also limit s3 upload to the openwrt repository since external fork won't
have (obviously) the required secrtes to upload data to the S3 Cloud
Storage.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ebbc806d30502ff003ae7a19098c6afaaf1295a5)

CI: build: limit cache save/delete only on push events

Limit ccache cache save/delete only on push events. Saving ccache
cache for pull request will result in bloat and refreshing ccache is not
possible due to security measure on enforcing read permission on
pull_request events.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ff66a7c1c0f012324c0d2d90f047e6976c4fba11)

CI: coverity: disable ccache usage

Disable ccache usage for coverity workflow as it may cause side effect
in the produced bins.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 2129ee1879f564a9992a6761d4c9e77077c48e95)

CI: build: fix ccache cache usage

CCache cache is currently broken due to a funny bug in ccache compiler
type detection. It seems ccache compiler type detection is very fragile
and with the use of external toolchain doesn't correctly detect the
type.
The type detected is set to other instead of gcc resulting in ccache
complaining for unsupported compiler options.

To handle this problem, force the compiler type to gcc to make ccache
correctly work and speedup compilation.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ae7b05328cf471780de8559fba845c4b564e059e)

CI: build: add option to define custom ccache cache type

Add new input to define custom ccache cache type. This is useful to use
a different ccache cache for some special workflow that may do more test
than simple kernel compilation.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 07b52a8a25f261e3cee03f4980e4bc868e9ee5cc)

CI: build: add option to disable use of ccache

Add option to disable use of ccache. This can be useful for some
sensible test that should not use ccache as they can cause side effects
of any sort. (example Coverity Scan)

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b9a41c1e84067bcc63aac633b72e7dc808bfe6fe)

CI: build: add job to remove previous ccache cache if already exist

Github Actions cache doesn't permit to overwrite cache if it does
already exist. As a trick to refresh and have fresh ccache pool,
delete the ccache cache if it does exist with the help of Github REST
API. An additional permission is needed to access this API. Add this
permittion to each user of the build workflow.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 203cc0a7ef0bbf3b5a19db3caa96e91963ec154c)

CI: build: split cache ccache in separate restore and save jobs

Split caching ccache in separate restore and save jobs to always refresh
the ccache across different runs. Currently if a key is restored, cache
is not saved resulting in a less useful ccache that benefits from
multiple runs.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6321361c6b13a37b0cfa279a51a0cf8239a7852c)

CI: ignore master branch for push events

Due to problem with migrating from master to main as the default branch
and downstream project still requiring the master branch to be present,
we currently have for push events double CI runs, one for main and one
for master. To solve this ignore any push event to the master branch for
every workflow that react on push events.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f5a5ce8822e9add9627ecb6ea289c8de2b8a76a9)

CI: build: Add support to use container included external toolchain

Add support to use container included external toolchain and skip
redownloading external sdk for each test.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0fe5776f4a79a2b095912e258738e3203207e9dd)

CI: push-containers: build and push container with external toolchain

Build and push container with external toolchain embedded in the
container image.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit e1370cdd497a07612413106d707973155ad3004b)

CI: build: add checks to test if toolchain container can be used

Add checks to test if toolchain container can be used.
This is to handle case of new target or migration of any sort.

If the toolchain container can't be found, the tools container is used
instead.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 23a5c715a9296e828be5c32eadf68eacdb326a0a)

CI: build: add option to configure container to use

Add option to configure container to use for build test.
By default the tools container is used if no option is provided.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 803b0110485a12c1119a51044d17979795ede966)

CI: build: package external toolchain after build

Package external toolchain after correct build.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ce2e7c52f8ebc7ea92a1436ee2dbeecf149132dc)

CI: build: drop redundant generate ccache hash job

Drop redundant generare ccache hash job as that can be done by
integrated github expressions to generate an hash.
The only change is that the integrated way generate a sha256 hash
instead of an md5 sum.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 457f6b0b9c07772f529a9714a974f3eb74f9b99d)

image: Fix the CONFIG_EXTERNAL_CPIO logic

Fix the qstrip call.

Fixes: #13776.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 330492a101cdb1608d1194496c1b620315ef8bd8)

Revert "lantiq: xrx200: mark subtarget as source-only"

This reverts commit 0c117e1f6ccbee684ea0589d9024ca9dec4679c9.

Activate the lantiq/xrx200 target again.

There are still some problems with the GSWIP, but it is not leaking
packets to the wrong bridge in normal operations.
It shows some error messages at configuration like these:
[   54.308861] gswip 1e108000.switch: port 5 failed to add ce:9d:84:d1:81:f0 vid 1 to fdb: -22
[   54.325633] gswip 1e108000.switch: port 5 failed to add e8:de:27:95:c1:b4 vid 0 to fdb: -22
[   54.351242] gswip 1e108000.switch: port 5 failed to add e8:de:27:95:c1:b4 vid 1 to fdb: -22
[   54.358311] gswip 1e108000.switch: port 5 failed to delete ce:9d:84:d1:81:f0 vid 1 from fdb: -2

The problems are described in this pull request:
https://github.com/openwrt/openwrt/pull/13200

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e1aaa1defd2340be3544dc614f905795b4d52f81)

apm821xx: WNDR4700: fix broken sysupgrade, factory images

prepend-dtb got extended to handle the Meraki devices too,
the problem here was that the Netgear WNDR4700 expects an
u-boot header in front of the DTB, whereas Meraki devices
don't.

Since the header was dropped, the WNDR4700's uboot started
to complain:
Bad Magic Number,it is forbidden to be written to flash!!

when flashing the factory.img since it expects an u-boot
header there.

Fixes: 5dece2d9355a ("apm821xx: switch over from DTB_SIZE to DEVICE_DTC_FLAGS")
Fixes: #13716
Reported-by: @kisgezenguz
Reported-by: Tamas Szabo
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit d6a11833ad67c33ad10dadf396f6c30bb44ef30f)

ipq40xx: wpj428: switch to zimage to fit kernel partition

Like with some other ipq40xx devices, the kernel image size for the WPJ428
is limited in stock u-boot. For that reason, the current release doesn't
include an image for the board.
By switching to the zImage format, the kernel image size is reduced which
re-enables the build process. The image boots and behaved normally through
a few days of testing.

Before the switch to kernel version 6.1, it was possible to reduce the
image size by enough when disabling UBIFS and its otherwise unneeded
dependencies.

Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit 2657e8cab7f3d621b66cfdd4e228da3b912af32a)

ipq40xx: switch to performance governor by default

Doing a simple ping to my device shows this:

64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=2.00 ms
64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=2.02 ms
64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=1.68 ms
64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=1.91 ms
64 bytes from 10.0.253.101: icmp_seq=5 ttl=64 time=1.92 ms
64 bytes from 10.0.253.101: icmp_seq=6 ttl=64 time=2.04 ms

Some users even report higher values on older kernels:

64 bytes from 192.168.1.10: seq=0 ttl=64 time=0.612 ms
64 bytes from 192.168.1.10: seq=1 ttl=64 time=2.852 ms
64 bytes from 192.168.1.10: seq=2 ttl=64 time=2.719 ms
64 bytes from 192.168.1.10: seq=3 ttl=64 time=2.741 ms
64 bytes from 192.168.1.10: seq=4 ttl=64 time=2.808 ms

The problem is that the governor is set to Ondemand, which causes
the CPU to clock all the way down to 48MHz in some cases.

Switching to performance governor:

64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=0.528 ms
64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=0.561 ms
64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=0.633 ms
64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=0.526 ms

In theory, using the Performance governor should increase power draw,
but it looks like it really does not matter for this soc.

Using a calibrated precision DC power supply (cpu idle):

Ondemand
24.00V * 0.134A = 3.216 Watts
48.00V * 0.096A = 4.608 Watts

Performance
24.00V * 0.135A = 3.240 Watts
48.00V * 0.096A = 4.608 Watts

Let's simply switch to the Performance governor by default
to fix the general jittery behaviour on devices using this soc.

Tested on: MikroTik wAP ac

Fixes: #13649
Reviewed-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(cherry picked from commit b8e52852bd62236a2a84663b4592d221ebc64cb4)

netifd: update to latest git HEAD

5590a80e2566 config: fix incompatible with jshn network-device entry

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 53039bf7f5aa16d2f69394a86d04b8442c743e77)

base-files: fix wrong ucidef_set_network_device_mac network-device entry

The ucidef_set_network_device_* functions in uci-defaults.sh disagree
on whether to use "network-device" or "network_device" in board.json.
With the additional caveat that jshn will translate hyphens (-) into
underscores (_). This casues problems in netifd which expected
"network_device" causing boards which depend on assigning MACs in
board.json via uci-defaults.sh (or jshn in general) to fail.

This commit addresses the issue by using network_device in
uci-defaults.sh.

The bug was uncovered in the forums here:
https://forum.openwrt.org/t/support-for-rtl838x-based-managed-switches/57875/2596

This was exposed by commit 4ebba8a05d09 ("realtek: add support for HPE
1920-8g-poe+") where the board_config_load call from 03_gpio introduced
the key normalization by jshn.

Fixes: 9290539ca9c7 ("base-files: allow setting device and bridge macs")
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Michael 'ASAP' Weinrich <michael@a5ap.net>
[ improve commit title, description and fix wrong Tested-by tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 12bc79d6d521581e37a8b067ce8a562429aeefbd)

armsr: preserve configuration during sysupgrade

Copy configuration to boot partition (partition 1) instead of root
partition (partition 2) because the root partition is not writable if
it's a suqashfs image.
Move configuration back to root during preinit.

Fixes: https://github.com/openwrt/openwrt/issues/13695
Signed-off-by: Christian Buschau <cbuschau@d00t.de>
(cherry picked from commit 67ce60c5f961c4248fa108cd0f949e2bade4536e)

mbedtls: Update to version 2.28.5

This fixes some minor security problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9e1c5ad4b0c99c45927ccd44504cd8fdbbd03bb0)

ramips: fix ZyXEL NR7101 bricking typo

A typo snuck in with the addition of Cudy M1800, changing
"nr7101" to "nt7101". The result is a default network config
for NR7101 without the only ethernet interface on the NR7101,
thereby soft bricking it.

Fixes: f6d394e9f2fd ("ramips: add support for Cudy M1800")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit 2e57028424d0e914490a80178cd729adb17ba09b)

realtek: add support for HPE 1920-8g-poe+ (65W)

Hardware information:
---------------------

- RTL8380 SoC
- 8 Gigabit RJ45 PoE ports (built-in RTL8218B)
- 2 SFP ports (built-in SerDes)
- RJ45 RS232 port on front panel
- 32 MiB NOR Flash
- 128 MiB DDR3 DRAM
- PT7A7514 watchdog
- PoE chip
- Fanless

Known issues:
---------------------
- PoE LEDs are uncontrolled.

(Manual taken from f2f09bc)
Booting initramfs image:
------------------------

- Prepare a FTP or TFTP server serving the OpenWrt initramfs image and
  connect the server to a switch port.

- Connect to the console port of the device and enter the extended
  boot menu by typing Ctrl+B when prompted.

- Choose the menu option "<3> Enter Ethernet SubMenu".

- Set network parameters via the option "<5> Modify Ethernet Parameter".
  Enter the FTP/TFTP filename as "Load File Name" ("Target File Name"
  can be left blank, it is not required for booting from RAM). Note that
  the configuration is saved on flash, so it only needs to be done once.

- Select "<1> Download Application Program To SDRAM And Run".

Initial installation:
---------------------

- Boot an initramfs image as described above, then use sysupgrade to
  install OpenWrt permanently. After initial installation, the
  bootloader needs to be configured to load the correct image file

- Enter the extended boot menu again and choose "<4> File Control",
  then select "<2> Set Application File type".

- Enter the number of the file "openwrt-kernel.bin" (should be 1), and
  use the option "<1> +Main" to select it as boot image.

- Choose "<0> Exit To Main Menu" and then "<1> Boot System".

NOTE: The bootloader on these devices can only boot from the VFS
filesystem which normally spans most of the flash. With OpenWrt, only
the first part of the firmware partition contains a valid filesystem,
the rest is used for rootfs. As the bootloader does not know about this,
you must not do any file operations in the bootloader, as this may
corrupt the OpenWrt installation (selecting the boot image is an
exception, as it only stores a flag in the bootloader data, but doesn't
write to the filesystem).

Example PoE config file (/etc/config/poe):
---------------------
config global
        option budget   '65'

config port
        option enable   '1'
        option id       '1'
        option name     'lan8'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '2'
        option name     'lan7'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '3'
        option name     'lan6'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '4'
        option name     'lan5'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '5'
        option name     'lan4'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '6'
        option name     'lan3'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '7'
        option name     'lan2'
        option poe_plus '1'
        option priority '2'
config port
        option enable   '1'
        option id       '8'
        option name     'lan1'
        option poe_plus '1'
        option priority '2'

Signed-off-by: Kevin Jilissen <info@kevinjilissen.nl>
(cherry picked from commit f4ee08677cdeefba7cfda40a830b6b747c6ea36e)

realtek: rename hpe,1920-8g-poe to match hardware

There are two hardware models of the HPE 1920-8g-poe switch. The version
currently in the repository is the model with a PoE budget of 180W. In
preparation of the addition of the 65W model, the existing model is
renamed to clarify the hardware version it targets.

As suggested by Pawel, the 'SUPPORTED_DEVICES' includes the old target
name to enable an upgrade path of builds with the old name.

Suggested-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Kevin Jilissen <info@kevinjilissen.nl>
(cherry picked from commit 987c96e88927094ff61e83870f872f0560d8e5c1)

ath79: wpj563: enable 2nd USB controller

The compex WPJ563 actually has both usb controllers wired:

usb0 --> pci-e slot
usb1 --> pin header

As the board exposes it for generic use, enable this controller too.

fixes: #13650
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(cherry picked from commit 9188c77cbee55a933d0fa75c74e175fbc52c556d)

OpenWrt v23.05.0: revert to branch defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

OpenWrt v23.05.0: adjust config defaults

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

bsdiff: Add patches for CVEs

Add two patches from Debian fixing CVEs in the bsdiff application.
CVE-2014-9862: Heap vulnerability in bspatch
CVE-2020-14315: Memory Corruption Vulnerability in bspatch

Copied the patches from this location:
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/20-CVE-2014-9862.patch
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/33-CVE-2020-14315.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cac723e8b8748938b8d80603578c60189fc32b24)