staging/noltari/package, branch master

kernel: modules: add missing kmod-ptp for lan743x

2023-03-09T09:27:15Z

Fixes: 3e9005546a ("kernel: modules: package Microchip LAN743x PCIe gigE driver") Signed-off-by: Chuanhong Guo

kernel: modules: package Microchip LAN743x PCIe gigE driver

2023-03-08T22:57:13Z

Package the Microchip LAN743x PCIe gigE driver Signed-off-by: Tim Harvey

ramips: add support for SNR-CPE-ME2-SFP

2023-03-08T22:44:59Z

SNR-CPE-ME2-SFP is a wireless router with SFP cage manufactured by SNR/NAG company. Specification: - SoC: MediaTek MT7621A - CPU: 880MHz - Flash: 16 MB (GD25Q127CSIG) - RAM: 256 MB - WLAN: 2.4 GHz, 5 GHz (MediaTek MT7615DN) - Ethernet: 4x 10/100/1000 Mbps - SFP cage (using RTL8211FS-CG) - USB 3.0 port - Power: 12 VDC, 2 A Flash instruction via TFTP: 1. Boot SNR-CPE-ME2 to recovery mode (press reset button and power on device, hold button for ~10 seconds) 2. Send firmware via TFTP client: TFTP Server address: 192.168.1.1 TFTP Client address: 192.168.1.131 3. Wait ~120 seconds to complete flashing 4. Do sysupgrade using web-interface MAC Addresses(stock) -------------------- +----------+------------------+-------------------+ | use | address | example | +----------+------------------+-------------------+ | Device | label | 6A:C4:DD:xx:xx:28 | | Ethernet | + 1 | 6A:C4:DD:xx:xx:29 | | 2g | + 2 | 6A:C4:DD:xx:xx:2A | | 5g | + 3 | 6A:C4:DD:xx:xx:2B | +----------+------------------+-------------------+ Notes: - Reading sfp eeprom is not supported [1] (driver issue). Stock image has the same situation. References: 1. https://forum.openwrt.org/t/mt7621-and-reading-sfp-eeprom/152249 Signed-off-by: Aleksey Nasibulin

qosify: update to the latest version

2023-03-07T20:53:37Z

ca4509cf84d2 bpf: switch to using bpf_skb_utils.h d064439009d0 qosify-bpf: skip unnecessary flow lookups 9c625ae96f2d map: fix deleting port based rules 9a47ea4b683d map: fix return code check for bpf_map_get_next_key calls Signed-off-by: Felix Fietkau

mpc85xx: add support for Watchguard Firebox T10

2023-03-07T13:05:02Z

Hardware -------- SoC: Freescale P1010 RAM: 512MB FLASH: 1 MB SPI-NOR 512 MB NAND ETH: 3x Gigabite Ethernet (Atheros AR8033) SERIAL: Cisco RJ-45 (115200 8N1) RTC: Battery-Backed RTC (I2C) Installation ------------ 1. Patch U-Boot by dumping the content of the SPI-Flash using a SPI programmer. The SHA1 hash for the U-Boot password is currently unknown. A tool for patching U-Boot is available at https://github.com/blocktrron/t10-uboot-patcher/ You can also patch the unknown password yourself. The SHA1 hash is E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA 2. Interrupt the bootmenu by pressing CTRL+C. A password prompt appears. The patched password is '1234' (without quotation marks) 3. Download the OpenWrt initramfs image. Copy it to a TFTP server reachable at 10.0.1.13/24 and rename it to uImage. 4. Connect the TFTP server to ethernet port 0 of the Watchguard T10. 5. Download and boot the initramfs image by entering "tftpboot; bootm;" in U-Boot. 6. After OpenWrt booted, create a UBI volume on the old data partition. The "ubi" mtd partition should be mtd7, check this using $ cat /proc/mtd Create a UBI partition by executing $ ubiformat /dev/mtd7 -y 7. Increase the loadable kernel-size of U-Boot by executing $ fw_setenv SysAKernSize 800000 8. Transfer the OpenWrt sysupgrade image to the Watchguard T10 using scp. Install the image by using sysupgrade: $ sysupgrade -n Note: The LAN ports of the T10 are 1 & 2 while 0 is WAN. You might have to change the ethernet-port. 9. OpenWrt should now boot from the internal NAND. Enjoy. Signed-off-by: David Bauer

hostapd: enable radius server support

2023-03-07T09:24:05Z

This is useful in combination with the built-in eap server support Signed-off-by: Felix Fietkau

hostapd: add missing return code for the bss_mgmt_enable ubus method

2023-03-07T09:24:05Z

Fixes bogus errors on ubus calls Signed-off-by: Felix Fietkau

hostapd: add support for defining multiple acct/auth servers

2023-03-07T09:24:05Z

This allows adding backup servers, in case the primary ones fail. Assume that port and shared secret are going to be the same. Signed-off-by: Felix Fietkau

openssl: fix variable reference in conffiles

2023-03-06T21:11:36Z

Fix the trivial abscence of $() when assigning engine config files to the main libopenssl-config package even if the corresponding engines were not built into the main library. This is mostly cosmetic, since scripts/ipkg-build tests the file's presence before it is actually included in the package's conffiles. Fixes: 30b0351039 "openssl: configure engine packages during install" Signed-off-by: Eneas U de Queiroz

openssl: fix sysupgrade failure with devcrypto

2023-03-06T21:09:13Z

The bump to 3.0.8 inadvertently removed patches that are needed here, but were not adopted upstream. The most important one changes the default value of the DIGESTS setting from ALL to NONE. The absence of this patch causes a sysupgrade failure while the engine is in use with digests enabled. When this happens, the system fails to boot with a kernel panic. Also, explicitly set DIGESTS to NONE in the provided config file, and change the default ciphers setting to disable ECB, which has been recommended for a long time and may cause trouble with some apps. The config file change by itself is not enough because the config file may be preserved during sysupgrade. For people affected by this bug: You can either: 1. remove, the libopenssl-devcrypto package 2. disable the engine in /etc/config/openssl; 3. change /etc/ssl/engines.cnf.d/devcrypto.cnf to set DIGESTS=NONE; 4. update libopenssl-devcrypto to >=3.0.8-3 However, after doing any of the above, **you must reboot the device before running sysupgrade** to ensure no running application is using the engine. Running `/etc/init.d/openssl restart` is not enough. Fixes: 7e7e76afca "openssl: bump to 3.0.8" Signed-off-by: Eneas U de Queiroz