Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

It was brought to attention the Archer AX23 v1 fails to read jffs2 data
from time to time. While this is not reproducible on my unit, it is on
others.

Reducing the SPI frequency does the trick. While it worked with at lest
40 MHz, opt for the cautious side and choose a save frequency of 25 MHz.

Apply the same treatment to the Mercusys MR70X which uses a similar
design just in case.
Signed-off-by: NDavid Bauer <mail@david-bauer.net>
(cherry picked from commit 2c530fcb)

Release Notes:
https://ccache.dev/releasenotes.html#_ccache_4_6_3

Refresh patch:
- 100-honour-copts.patch
Signed-off-by: NNick Hainke <vincent@systemli.org>
(cherry picked from commit 83ea2e11)

Release notes:
https://ccache.dev/releasenotes.html#_ccache_4_6_2Signed-off-by: NNick Hainke <vincent@systemli.org>
(cherry picked from commit ac61cf59)

Release notes:
https://ccache.dev/releasenotes.html#_ccache_4_6_1Signed-off-by: NNick Hainke <vincent@systemli.org>
(cherry picked from commit 2e87e24e)

This fixes a well known "LZMA ERROR 1" error, reported previously on
numerous of similar devices.

Fixes: #11919
Signed-off-by: NHaoan Li <lihaoan1001@163.com>
(cherry picked from commit c7b484f3)

Alter the Aruba AP-105 image generation process so OpenWrt can be loaded
with the vendor Aruba APBoot.

This works by prepending the OpenWrt LZMA loader to the uImage and
jumping directly to the loader. Aruba does not offer bootm on these
boards.

This approach keeps compatibility to devices which had their U-Boot
replaced. Both bootloaders can boot the same image.

The same modification is most likely also possible for the Aruba AP-175.

With this patch, new installations do not require replacing the
bootloader and can be performed from the serial console without opening
the case.

Installation
------------

1. Attach to the serial console of the AP-105.
   Interrupt autoboot and change the U-Boot env.

   $ setenv apb_rb_openwrt "setenv ipaddr 192.168.1.1;
     setenv serverip 192.168.1.66;
     netget 0x84000000 ap105.bin; go 0x84000040"
   $ setenv apb_fb_openwrt "cp.b 0xbf040000 0x84000000 0x10000;
     go 0x84000040"
   $ setenv bootcmd "run apb_fb_openwrt"
   $ saveenv

2. Load the OpenWrt initramfs image on the device using TFTP.
   Place the initramfs image as "ap105.bin" in the TFTP server
   root directory, connect it to the AP and make the server reachable
   at 192.168.1.66/24.

   $ run apb_rb_openwrt

3. Once OpenWrt booted, transfer the sysupgrade image to the device
   using scp and use sysupgrade to install the firmware.
Signed-off-by: NDavid Bauer <mail@david-bauer.net>
(cherry picked from commit e11d00d4)

Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:

- Excessive Resource Usage Verifying X.509 Policy Constraints
  (CVE-2023-0464)
  Severity: Low
  A security vulnerability has been identified in all supported versions
  of OpenSSL related to the verification of X.509 certificate chains
  that include policy constraints.  Attackers may be able to exploit
  this vulnerability by creating a malicious certificate chain that
  triggers exponential use of computational resources, leading to a
  denial-of-service (DoS) attack on affected systems.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

- Invalid certificate policies in leaf certificates are silently ignored
  (CVE-2023-0465)
  Severity: Low
  Applications that use a non-default option when verifying certificates
  may be vulnerable to an attack from a malicious CA to circumvent
  certain checks.
  Invalid certificate policies in leaf certificates are silently ignored
  by OpenSSL and other certificate policy checks are skipped for that
  certificate.  A malicious CA could use this to deliberately assert
  invalid certificate policies in order to circumvent policy checking on
  the certificate altogether.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466.  It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.

Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.
Signed-off-by: NEneas U de Queiroz <cotequeiroz@gmail.com>

Import commit "ubi: Fix failure attaching when vid_hdr offset equals to
(sub)page size" which did not yet make it to stable upstream Linux trees.

Fixes: #12232
Fixes: #12339
Signed-off-by: NDaniel Golle <daniel@makrotopia.org>
(cherry picked from commit aad34818)

007d94546749 uclient: cancel state change timeout in uclient_disconnect()
644d3c7e13c6 ci: improve wolfSSL test coverage
dc54d2b544a1 tests: add certificate check against letsencrypt.org
Signed-off-by: NMatthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 4f1c2e8d)

Signed-off-by: NDaniel Golle <daniel@makrotopia.org>

Signed-off-by: NDaniel Golle <daniel@makrotopia.org>

Setting this options modifies the rootfs size of created images. When
installing a large number of packages it may become necessary to
increase the size to have enough storage.

This option is only useful for supported devices, i.e. with an attached
SD Card or installed on a hard drive.
Signed-off-by: NPaul Spooren <mail@aparcar.org>
(cherry picked from commit 7b7edd25)

Prevent the BBT translation layer from remapping the UBI used for
storing rootfs.

Explicitly define the number of blocks reserved for remapping.
Signed-off-by: NDavid Bauer <mail@david-bauer.net>
(cherry picked from commit 076da59f)

The DAP-X1860 is a wall-plug AX1800 repeater.

Specifications:
- MT7621, 256 MiB RAM, 128 MiB SPI NAND
- MT7915 + MT7975 2x2 802.11ax (DBDC)
- Ethernet: 1 port 10/100/1000
- LED RSSI bargraph (2x green, 1x red/orange), status
  and RSSI LEDs are incorrectly populated red/orange
  (should be red/green according to documentation)

Installation:
- Keep reset button pressed during plug-in
- Web Recovery Updater is at 192.168.0.50
- Upload factory.bin, confirm flashing
  (seems to work best with Chromium-based browsers)

Revert to OEM firmware:
- tar -xvf DAP-X1860_RevA_Firmware_101b94.bin
- openssl enc -d -md md5 -aes-256-cbc -in FWImage.st2 \
  -out FWImage.st1 -k MB0dBx62oXJXDvt12lETWQ==
- tar -xvf FWImage.st1
- flash kernel_DAP-X1860.bin via Recovery
Signed-off-by: NSebastian Schaper <openwrt@sebastianschaper.net>
(cherry picked from commit 3c31f6b5)

Fix flash I/O instability observed in newer devices with cFeon
QH64A-104HIP (detected as en25qh64).

Ref: https://forum.openwrt.org/t/support-for-tp-link-re305-v3/75893/91Reported-by: NDimitri Souza <dimitri.souza@gmail.com>
Tested-by: NDimitri Souza <dimitri.souza@gmail.com>
Signed-off-by: NJoe Mullally <jwmullally@gmail.com>
[alter commit-message - target master]
Signed-off-by: NDavid Bauer <mail@david-bauer.net>
(cherry picked from commit 2122c80b)

Fixes Uncompressing Kernel Image ... ERROR: LzmaDecode.c, 561

Fixes: #11701 for both 3500(B)
Signed-off-by: NMaik Goette <github@beeit.de>
(cherry picked from commit 4d9c38d6)

This patch adds libbpf to the dependencies of tc-mod-iptables.

The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491

    LIBBPF_FORCE=on set, but couldn't find a usable libbpf

The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.

Fixes: #9491
Signed-off-by: NKien Truong <duckientruong@gmail.com>
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit fa468d4b)

22.03.1+ and snapshot builds no longer fit the 6M flash space
available for these models.

This disables failing buildbot image builds for these devices.
Images can still be built manually with ImageBuilder.
Signed-off-by: NJoe Mullally <jwmullally@gmail.com>
(cherry picked from commit 4965cbd2)

This device uses an AR8031/AR8033 chip to convert SoC gmac1
RGMII to 1000base-x or sgmii for the SFP fibre cage.
The SFP cage requires phy-mode rgmii-rxid, and without it will not
recieve any packets: ethtool -S sfp rx_fcs_errors will increase when
packets should be being received, but no other _rx counters will change.

Fixes: c77858aa ("ramips: mt7621-dts: change phy-mode of gmac1 to rgmii")
Reviewed-by: NRobert Marko <robimarko@gmail.com>
Reviewed-by: NArınç ÜNAL <arinc.unal@arinc9.com>
Signed-off-by: NJohn Thomson <git@johnthomson.fastmail.com.au>
(cherry picked from commit 7ea965b5)

Fix the trivial abscence of $() when assigning engine config files to
the main libopenssl-config package even if the corresponding engines
were not built into the main library.

This is mostly cosmetic, since scripts/ipkg-build tests the file's
presence before it is actually included in the package's conffiles.

Fixes: 30b03510 "openssl: configure engine packages during install"
Signed-off-by: NEneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c75cd5f6)

Some vendors of Senao boards have put a bootloader
that cannot handle both large gzip or large lzma files.

There is no disadvantage by doing this for all of them.
Signed-off-by: NMichael Pratt <mcpratt@pm.me>
(cherry picked from commit 8342c092)

glinet forum users reported the problem at
https://forum.gl-inet.com/t/gl-ar300m16-openwrt-22-03-0-rc5-usb-port-power-off-by-default/23199

The current code uses the regulator framework to control the USB power
supply. Although usb0 described in DTS refers to the regulator by
vbus-supply, but there is no code related to regulator implemented
in the USB driver of QCA953X, so the USB of the device cannot work.

Under the regulator framework, adding the regulator-always-on attribute
fixes this problem, but it means that USB power will not be able to be
turned off. Since we need to control the USB power supply in user space,
I didn't find any other better way under the regulator framework of Linux,
so I directly export gpio.
Signed-off-by: NLuo Chongjun <luochongjun@gl-inet.com>
(cherry picked from commit b352124c)

Fix DT_DEBUG handling on MIPS in musl libc.
With this change gdb will load the symbol files for shared libraries on MIPS too.

This patch was taken from this thread: https://www.openwall.com/lists/musl/2022/01/09/4Signed-off-by: NHauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit fcdd407e)

Changes:
  7f7a9f7 wireless-regdb: update regulatory database based on preceding changes
  660a1ae wireless-regdb: Update regulatory info for Russia (RU) on 5GHz
  fe05cc9 wireless-regdb: Update regulatory rules for Japan (JP) on 6GHz
  d8584dc wireless-regdb: Update regulatory rules for Japan (JP) on 5GHz
  c04fd9b wireless-regdb: update regulatory rules for Switzerland (CH)
  f29772a wireless-regdb: Update regulatory rules for Brazil (BR)
Signed-off-by: NYuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 1173edf2)

Sourcing of image/Config.in will not happen
When a target is installed from target/linux/feeds/
Signed-off-by: NPrasun Maiti <prasunmaiti87@gmail.com>
Acked-by: NPetr Štetiar <ynezz@true.cz>
(cherry picked from commit 522a60cd)

Fixes the boot loader LZMA decompression issue:
LZMA ERROR 1 - must RESET board to recover
Signed-off-by: NSergio Paracuellos <sergio.paracuellos@gmail.com>
(cherry picked from commit 84c04ff4)

This removes the non-selectable 'Kernel' item
when make menuconfig.
Signed-off-by: NChukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 3e4c0140)

Some packages offer functionalities guarded by these options and it'll
be impossible to reach them without changing Config-build.in. So allow
to toggle these in more friendly way, by exposing them in configuration
menu.
Signed-off-by: NTomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit 477ff082)

Remove upstreamed patches.

Switch to normal tarballs. Codeload recently had a reproducibility issue.
Signed-off-by: NRosen Penev <rosenp@gmail.com>
(cherry picked from commit 44c24b3a)

Fixes bogus errors on ubus calls
Signed-off-by: NFelix Fietkau <nbd@nbd.name>
(cherry picked from commit cf992ca8)

Pahole version is being autodetected during runtime since kernel 5.15.96
via in-kernel scripts/pahole-version.sh so add CONFIG_PAHOLE_VERSION to
kernel filter in order to prevent it from being added to target configs.
Signed-off-by: NRobert Marko <robimarko@gmail.com>
(cherry picked from commit 5d8f14bf)

The dhcphostsfile must be mounted into the (ujail) sandbox.
The file can not be accessed without this mount.
Signed-off-by: NRuben Jenster <rjenster@gmail.com>
(cherry picked from commit 936df715)

ipaddr option can be in CIDR notation,
but udhcp wants just an IP address
Signed-off-by: NAndrey Erokhin <a.erokhin@inango-systems.com>
(cherry picked from commit 506bb436)

The nand driver normally while waiting for the device to become ready;
this is normally fine, but xway_nand holds the ebu_lock spinlock, and
this can cause lockups if other threads which use ebu_lock are
interleaved. Fix this by waiting instead of polling.

This mainly showed up as crashes in ath9k_pci_owl_loader (see
https://github.com/openwrt/openwrt/issues/9829 ), but turning on
spinlock debugging shows this happening in other places too.

This doesn't seem to measurably impact boot time.

Tested on bt_homehub-v5a with 5.10 and 5.15.
Signed-off-by: NThomas Nixon <tom@tomn.co.uk>
[Add commit description into patch]
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d3b47909)

Potentially fixes some driver data structure corruption issues
Signed-off-by: NFelix Fietkau <nbd@nbd.name>
(cherry picked from commit 9779ee02)
[Change patch number]
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Nests kernel and ubi into firmware partition in-order to be compatible
with OEM firmware. This allows restoring oem firmware from a backup of
firmware2. Add jffs2 partition which is present in the oem firmware.
Add support for mediatek NMBM (wear leveling on newer mediatek devices).
Exclude UBI partition from NMBM management.
Continues PR #10685.
Tested-by: NFelix Baumann <felix.bau@gmx.de>
Signed-off-by: NFelix Baumann <felix.bau@gmx.de>
(cherry picked from commit 787ecdf6)

The Asus RT-AX1800U is identical to the already supported Asus RT-AX53U.
Use the ALT0 buildroot tags to show both devices.
Tested-by: NMarian Sarcinschi <znevna@gmail.com>
Signed-off-by: NFelix Baumann <felix.bau@gmx.de>
(cherry picked from commit acd3b5e8)

This patch adds the missing LEDs to Asus RT-AX53U.
Based on PR #10400 and patch provided in #11068
 - enable the two LEDs controlled by mt7915e for wireless;
 - add label to power LED so it works properly and fix formatting;
 - add the USB LED;
 - switch LEDs are best left to be controlled by hardware for now.
Co-Authored-By: NIvan Rozhuk <rozhuk.im@gmail.com>
Co-Authored-By: NShiji Yang <yangshiji66@qq.com>
Co-Authored-By: NHartmut Birr <e9hack@gmail.com>
Tested-by: NFelix Baumann <felix.bau@gmx.de>
Tested-by: NMarian Sarcinschi <znevna@gmail.com>
Signed-off-by: NMarian Sarcinschi <znevna@gmail.com>
(cherry picked from commit c4b806d5)

Adds uboot-envtools support for ramips Asus RX-AX53U now that partition
can be correctly read.
Signed-off-by: NFelix Baumann <felix.bau@gmx.de>
[ improve commit title and description ]
Signed-off-by: NChristian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 75451681)