- 15 10月, 2022 10 次提交
-
-
由 Hauke Mehrtens 提交于
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
-
由 Jo-Philipp Wich 提交于
4fbf6d7 ruleset.uc: log forwarded traffic not matched by zone policies c7201a3 main.uc: reintroduce set reload restriction 756f1e2 ruleset: fix emitting set_mark/set_xmark rules with masks 3db4741 ruleset: properly handle zone names starting with a digit 43d8ef5 fw4: fix formatting of default log prefix 592ba45 main.uc: remove uneeded/wrong set reload restrictions b0a6bff tests: fix testcases 145e159 fw4: recognize `option log` and `option counter` in `config nat` sections ce050a8 fw4: fall back to device if l3_device is not available in ifstatus Fixes: #10639, #10965 Signed-off-by: NJo-Philipp Wich <jo@mein.io> (cherry picked from commit fdfa9d8f7469626d2dc8e4b46a6ad56a3b27c16b)
-
由 Jo-Philipp Wich 提交于
4ae7072 fs: use `getline()` for line wise read operations 21ace5e lexer: fixes for regex literal parsing 00965fa lib: implement slice() function 76d396d main: implement print mode 7bbba78 compiler: optimize function return opcode generation a45f2a3 lexer: improve regex literal handling d64d5d6 vm: maintain export symbol tables per program f4b4ded uloop: task: gracefully handle absent output callback a58fe47 ubus: hold reference to underlying connection until deferred is concluded e23b58a lib: uc_system(): retry waitpid() on EINTR cc4eb79 ubus: support obtaining numeric error code 01c412c ubus: add toplevel constants for ubus status codes 8e240fa ubus: allow object method call handlers to return a numeric status code 5cdddd3 lib: add limit support to split() and replace() 0ba9c3e fs: add optional third permission argument to fs.open() c1f7b3b lib: remove fixed capture group limit in match() and regex replace() Signed-off-by: NJo-Philipp Wich <jo@mein.io> (backported from commits 639754e3 and 5110dcb1)
-
由 Jo-Philipp Wich 提交于
8c852b6 ucode: write ucode runtime exceptions to stderr e80d0b2 ucode: pass-through `ubus_rpc_session` argument 0d02243 ucode: initialize module search path early Signed-off-by: NJo-Philipp Wich <jo@mein.io> (backported from commits 94129cbe and db17c752)
-
由 Matthias Schiffer 提交于
Kernel loaders like the lzma-loader currently don't track changes to their sources. This can lead to an old version of a loader to be used when a build tree is not clean between builds. As the loaders are tiny and the build times are insignificant, simply force rebuilding them on every build to avoid this problem. Signed-off-by: NMatthias Schiffer <mschiffer@universe-factory.net> (cherry picked from commit a01d23e7)
-
由 Matthias Schiffer 提交于
Add the spi-loader as a pre-kernel stage, so we can lift the kernel size limit. Signed-off-by: NMatthias Schiffer <mschiffer@universe-factory.net> (cherry picked from commit 2fa53c92)
-
由 Matthias Schiffer 提交于
Similar to the lzma-loader on our MIPS targets, the spi-loader acts as a second-stage loader that will then load and start the actual kernel. As the TL-WDR4900 uses SPI-NOR and the P1010 family does not have support for memory mapping of this type of flash, this loader needs to contain a basic driver for the FSL ESPI controller. Signed-off-by: NMatthias Schiffer <mschiffer@universe-factory.net> (cherry picked from commit a296055b)
-
由 David Bauer 提交于
The model name was missing a letter. Signed-off-by: NDavid Bauer <mail@david-bauer.net> (cherry picked from commit 9c8605de)
-
由 David Bauer 提交于
Hardware -------- CPU: Mediatek MT7621 RAM: 256M DDR3 FLASH: 128M NAND ETH: 1x Gigabit Ethernet WiFi: Mediatek MT7915 (2.4/5GHz 802.11ax 2x2 DBDC) BTN: 1x Reset (NWA50AX only) LED: 1x Multi-Color (NWA50AX only) UART Console ------------ NWA50AX: Available below the rubber cover next to the ethernet port. NWA55AXE: Available on the board when disassembling the device. Settings: 115200 8N1 Layout: <12V> <LAN> GND-RX-TX-VCC Logic-Level is 3V3. Don't connect VCC to your UART adapter! Installation Web-UI ------------------- Upload the Factory image using the devices Web-Interface. As the device uses a dual-image partition layout, OpenWrt can only installed on Slot A. This requires the current active image prior flashing the device to be on Slot B. If the currently installed image is started from Slot A, the device will flash OpenWrt to Slot B. OpenWrt will panic upon first boot in this case and the device will return to the ZyXEL firmware upon next boot. If this happens, first install a ZyXEL firmware upgrade of any version and install OpenWrt after that. Installation TFTP ----------------- This installation routine is especially useful in case * unknown device password (NWA55AXE lacks reset button) * bricked device Attach to the UART console header of the device. Interrupt the boot procedure by pressing Enter. The bootloader has a reduced command-set available from CLI, but more commands can be executed by abusing the atns command. Boot a OpenWrt initramfs image available on a TFTP server at 192.168.1.66. Rename the image to owrt.bin $ atnf owrt.bin $ atna 192.168.1.88 $ atns "192.168.1.66; tftpboot; bootm" Upon booting, set the booted image to the correct slot: $ zyxel-bootconfig /dev/mtd10 get-status $ zyxel-bootconfig /dev/mtd10 set-image-status 0 valid $ zyxel-bootconfig /dev/mtd10 set-active-image 0 Copy the OpenWrt ramboot-factory image to the device using scp. Write the factory image to NAND and reboot the device. $ mtd write ramboot-factory.bin firmware $ reboot Signed-off-by: NDavid Bauer <mail@david-bauer.net> (cherry picked from commit a0b7fef0)
-
由 Uwe Kleine-König 提交于
On machines with a coarse monotonic clock (here: TP-Link RE200 powered by a MediaTek MT7620A) it can happen that the two DNS requests (for A and AAAA) share the same transaction ID. If this happens the second reply is wrongly dropped and nslookup reports "No answer". Fix this by ensuring that the transaction IDs are unique. Signed-off-by: NUwe Kleine-König <uwe@kleine-koenig.org> (cherry picked from commit 63e5ba8e) Signed-off-by: NChristian Marangi <ansuelsmth@gmail.com>
-
- 13 10月, 2022 2 次提交
-
-
由 Felix Fietkau 提交于
This mainly affects scanning and beacon parsing, especially with MBSSID enabled Fixes: CVE-2022-41674 Fixes: CVE-2022-42719 Fixes: CVE-2022-42720 Fixes: CVE-2022-42721 Fixes: CVE-2022-42722 Signed-off-by: NFelix Fietkau <nbd@nbd.name> (cherry-picked from commit 26f40021)
-
由 Koen Vandeputte 提交于
fetched from upstream kernel v5.15.67 Signed-off-by: NKoen Vandeputte <koen.vandeputte@ncentric.com> (cherry-picked from commit aa9be386)
-
- 11 10月, 2022 5 次提交
-
-
由 Felix Fietkau 提交于
reduces unnecessary flash reads and speeds up boot time Signed-off-by: NFelix Fietkau <nbd@nbd.name> (cherry-picked from commit 55e8d521)
-
由 Felix Fietkau 提交于
Signed-off-by: NFelix Fietkau <nbd@nbd.name> (cherry-picked from commit 4947623d)
-
由 Felix Fietkau 提交于
This is needed for the ECC controller to access FDM data Signed-off-by: NFelix Fietkau <nbd@nbd.name> (cherry-picked from commit 73b2a4ca)
-
由 Stijn Tintel 提交于
Avoid flooding the log with the message below by increasing the log level to debug: mt7621-nand 1e003000.nand: Using programmed access timing: 31c07388 Signed-off-by: NStijn Tintel <stijn@linux-ipv6.be> (cherry-picked from commit 89c19592)
-
由 Stijn Tintel 提交于
The patch was rejected by upstream. The mtk_nand driver should be modified to support the mt7621 flash controller instead. As there is no newer version to backport, or no upstream version to fix bugs, let's move the driver to the files dir under the ramips target. This makes it easier to make changes to the driver while waiting for mt7621 support to land in mtk_nand. Signed-off-by: NStijn Tintel <stijn@linux-ipv6.be> (cherry-picked from commit 2f2e81a4)
-
- 10 10月, 2022 10 次提交
-
-
由 Felix Fietkau 提交于
Change the partition name accordingly. Same behavior as mtdsplit_uimage Signed-off-by: NFelix Fietkau <nbd@nbd.name> (cherry-picked from commit 62fd9f97)
-
由 Chuanhong Guo 提交于
kernel spi-nand driver leaves this field empty and let mtd set it later. Signed-off-by: NChuanhong Guo <gch981213@gmail.com> (cherry-picked from commit 6fa50e26)
-
由 Felix Fietkau 提交于
This can be used for sectors that are not physically damaged Signed-off-by: NFelix Fietkau <nbd@nbd.name> (cherry-picked from commit 2a8a333e)
-
由 Felix Fietkau 提交于
This NAND flash remapping method is used on newer MediaTek devices with NAND flash. Signed-off-by: NFelix Fietkau <nbd@nbd.name> (cherry-picked from commit 06382d1a)
-
由 Felix Fietkau 提交于
Pass errors to caller instead Signed-off-by: NFelix Fietkau <nbd@nbd.name> (cherry-picked from commit be1f2b4d)
-
由 Felix Fietkau 提交于
Copy from the previously mapped block (in case it was remapped already) Signed-off-by: NFelix Fietkau <nbd@nbd.name> (cherry-picked from commit 7d1e2be1)
-
由 Felix Fietkau 提交于
Used by the mapping implementation to indicate that no backing block is available Signed-off-by: NFelix Fietkau <nbd@nbd.name> (cherry-picked from commit b4c7f8c5)
-
由 Felix Fietkau 提交于
Keep a separate source file per variant Signed-off-by: NFelix Fietkau <nbd@nbd.name> (cherry-picked from commit 601c7b4a)
-
由 Hauke Mehrtens 提交于
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
-
由 Hauke Mehrtens 提交于
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
-
- 08 10月, 2022 1 次提交
-
-
由 Tom Herbers 提交于
Everywhere else the device is referred to as WS-AP3805i, only the model name wrongly only said AP3805i. Signed-off-by: NTom Herbers <mail@tomherbers.de> (cherry picked from commit 7d6032f3)
-
- 06 10月, 2022 2 次提交
-
-
由 Nick Hainke 提交于
Devices with SMALL_FLASH enabled have "SQUASHFS_BLOCK_SIZE=1024" in their config. This significantly increases the cache memory required by squashfs [0]. This commit enables low_mem leading to a much better performance because the SQUASHFS_BLOCK_SIZE is reduced to 256. Example Nanostation M5 (XM): The image size increases by 128 KiB. However, the memory statisitcs look much better: Default tiny build: ------ MemTotal: 26020 kB MemFree: 5648 kB MemAvailable: 6112 kB Buffers: 0 kB Cached: 3044 kB low_mem enabled: ----- MemTotal: 26976 kB MemFree: 6748 kB MemAvailable: 11504 kB Buffers: 0 kB Cached: 7204 kB [0] - https://github.com/freifunk-gluon/gluon/commit/7e8af99cf504ca1dc389f282a0c94f4a911571beSigned-off-by: NNick Hainke <vincent@systemli.org> (cherry picked from commit f54ac98f)
-
由 Nick Hainke 提交于
ath79 has was bumped to 5.10. With this, as with every kernel change, the kernel has become larger. However, although the kernel gets bigger, there are still enough flash resources. But the RAM reaches its capacity limits. The tiny image comes with fewer kernel flags enabled and fewer daemons. Improves: 15aa53d7 ("ath79: switch to Kernel 5.10") Tested-by: NRobert Foss <me@robertfoss.se> Signed-off-by: NNick Hainke <vincent@systemli.org> (cherry picked from commit f4415f76)
-
- 04 10月, 2022 10 次提交
-
-
由 Rafał Miłecki 提交于
Fixes: cae4d089 ("kernel: backport mtd dynamic partition patch") Signed-off-by: NRafał Miłecki <rafal@milecki.pl> (cherry picked from commit a5265497)
-
由 Petr Štetiar 提交于
As wolfSSL is having hard time maintaining ABI compatibility between releases, we need to manually force rebuild of packages depending on libwolfssl and thus force their upgrade. Otherwise due to the ABI handling we would endup with possibly two libwolfssl libraries in the system, including the patched libwolfssl-5.5.1, but still have vulnerable services running using the vulnerable libwolfssl-5.4.0. So in order to propagate update of libwolfssl to latest stable release done in commit ec8fb542 ("wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages using wolfSSL library. Signed-off-by: NPetr Štetiar <ynezz@true.cz> (cherry picked from commit f1b7e143)
-
由 Petr Štetiar 提交于
Fixes denial of service attack and buffer overflow against TLS 1.3 servers using session ticket resumption. When built with --enable-session-ticket and making use of TLS 1.3 server code in wolfSSL, there is the possibility of a malicious client to craft a malformed second ClientHello packet that causes the server to crash. This issue is limited to when using both --enable-session-ticket and TLS 1.3 on the server side. Users with TLS 1.3 servers, and having --enable-session-ticket, should update to the latest version of wolfSSL. Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France" for research on tlspuffin. Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable Fixes: CVE-2022-39173 Fixes: https://github.com/openwrt/luci/issues/5962 References: https://github.com/wolfSSL/wolfssl/issues/5629Tested-by: NKien Truong <duckientruong@gmail.com> Reported-by: NKien Truong <duckientruong@gmail.com> Signed-off-by: NPetr Štetiar <ynezz@true.cz> (cherry picked from commit ec8fb542)
-
由 Petr Štetiar 提交于
So they're tidy and apply cleanly. Signed-off-by: NPetr Štetiar <ynezz@true.cz> (cherry picked from commit 8ad9a72c)
-
由 Ivan Pavlov 提交于
Remove upstreamed: 101-update-sp_rand_prime-s-preprocessor-gating-to-match.patch Some low severity vulnerabilities fixed OpenVPN compatibility fixed (broken in 5.4.0) Other fixes && improvements Signed-off-by: NIvan Pavlov <AuthorReflex@gmail.com> (cherry picked from commit 3d88f26d)
-
由 John Audia 提交于
All patches automatically rebased. Signed-off-by: NJohn Audia <therealgraysky@proton.me> (cherry picked from commit eed0a31b)
-
由 John Audia 提交于
Manually rebased: hack-5.10/780-usb-net-MeigLink_modem_support.patch Removed upstreamed: patches-5.10/110-gpio-mpc8xxx-Fix-support-for-IRQ_TYPE_LEVEL_LOW-flow.patch[1] All other patches automatically rebased. 1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.145&id=24196210b198e8e39296e277bb93b362aa207775Signed-off-by: NJohn Audia <therealgraysky@proton.me> (cherry picked from commit 8fe67fae)
-
由 John Audia 提交于
All patches automatically rebased. Signed-off-by: NJohn Audia <therealgraysky@proton.me> (cherry picked from commit eff4f8b2)
-
由 Matthias Schiffer 提交于
The device has only 1 WAN + 3 LAN ports. Remove "lan4" interface corresponding to the non-existing port. Signed-off-by: NMatthias Schiffer <mschiffer@universe-factory.net> (cherry picked from commit 149fc3a2)
-
由 Josef Schlehofer 提交于
If you would like to compile the newest version of U-boot together with the stable OpenWrt version, which does not have LibreSSL >= 3.5, which was updated in the master branch by commit 5451b03b ("tools/libressl: bump to v3.5.3"), then you need these two patches to fix it. They are backported from U-boot repository. This should be backported to stable OpenWrt versions. Reported-by: NMichal Vasilek <michal.vasilek@nic.cz> Signed-off-by: NJosef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 185541f5)
-