filesystem

Releae Notes:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.4-stable



Remove upstreamed patch:
- 001-fix-detection-of-cut-tool-in-configure.ac.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit d8323160)

eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d45d72a6)

841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 17140874)

c9db9d0b3027 ipq8074: add Asus RT-AX89X BDF
33154283e54a ipq8074: update RegDB in new submitted BDF
2b034415ac3d ipq40xx: add YYeTs LE1 BDF
a9c253ebe926 ipq8074: add Netgear WAX620 Board file for Netgear WAX620, extracted from stock (bdwlan.b290) firmware and repacked.
ec0960967999 qca-wireless: ipq40xx: add BDFs for ZTE MF287
57aa1b1562ac ipq8174: Add Linksys MX4200
52a1c2940605 ipq8074: add Netgear WAX630 Board file for Netgear WAX630. Extracted from stock (WAX630_BDF.bin) firmware and repacked.
e7701b85d46d ipq8074: update RegDB in new submitted BDF
cd04ab7f984f qcn9074: update RegDB in new submitted BDF
f70fdf9438ae ipq8074: add Arcadyan AW1000 BDF
21c4d976b1e6 ipq8074: add CMCC RM2-6 BDF
f92fa0a2bdcf ipq8074: add ZTE MF269 BDF
371d4dce9b9a ipq8074: add Yuncore AX880 BDF
0c2e810e71ed qcn9074: fix prpl Foundation Haze BDF for old mac80211 version

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>

0352a33 uloop: support new interval and signal APIs
1468cc4 syntax: don't treat `as` and `from` as reserved keywords

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 55196366)

Refresh patches for hostapd using make package/hostapd/refresh.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 05e516b1)

Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never
permitted.

This is probably due to the complexity of setting periodic check for the
intolerant bit. When noscan option is set, we ignore the presence of the
intoleran bit in near AP, so we can enable 40MHz and ignore any complex
logic for checking.

Fixes: #13112
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6c9ac57d)

Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b1c7b1bd)

noscan option for mesh was broken and actually never applied.

This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1b5ea2e1)

noscan option was changed to hostapd_noscan but the entry in
wpa_supplicant was never updated resulting in the noscan option actually
never set.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1070fbce)

Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.

OpenSSL does this in the same way already.

With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.*
-rw-r--r--    1 root     root           749 Nov  6 23:14 /etc/uhttpd.crt
-rw-------    1 root     root           121 Nov  6 23:14 /etc/uhttpd.key

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6aad5ab0)

Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.

OpenSSL does this in the same way already.

With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r--    1 root     root           519 Nov  6 22:58 /etc/uhttpd.crt
-rw-------    1 root     root           121 Nov  6 22:58 /etc/uhttpd.key

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 929c9a58)

In wpa_supplicant, set up wlan interfaces before adding them

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit c2a30b6e)

Apply them directly using nl80211 after setting up the interface.
Use the same method in wdev.uc as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 53131426)

383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 41d7439a)

Hardware specification:
  SoC: MediaTek MT7981B 2x A53
  Flash: 64GB eMMC or 128 MB SPI-NAND
  RAM: 512MB
  Ethernet: 4x 10/100/1000 Mbps
  Switch: MediaTek MT7531AE
  WiFi: MediaTek MT7976C
  Button: Reset, Mesh
  Power: DC 12V 1A
- UART: 3.3v, 115200n8
  --------------------------
  |         Layout         |
  |   -----------------    |
  | 4 | GND TX VCC RX | <= |
  |   -----------------    |
  --------------------------

Gain SSH access:
1. Login into web interface, and download the configuration.
2. Enter fakeroot, decompress the configuration:
   tar -zxf cfg_export_config_file.conf
3. Edit 'etc/config/dropbear', set 'enable' to '1'.
4. Edit 'etc/shadow', update (remove) root password:
   'root::19523:0:99999:7:::'
5. Repack 'etc' directory:
   tar -zcf cfg_export_config_file.conf etc/
   * If you find an error about 'etc/wireless/mediatek/DBDC_card0.dat',
     just ignore it.
6. Upload new configuration via web interface, now you can SSH to RAX3000M.

Check stroage type:
Check the label on the back of the device:
"CH EC CMIIT ID: xxxx" is eMMC version
"CH    CMIIT ID: xxxx" is NAND version

eMMC Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'factory' part.
   ('data' partition can be ignored, it's useless.)
2. Write new GPT table:
   dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-gpt.bin of=/dev/mmcblk0 bs=512 seek=0 count=34 conv=fsync
3. Erase and write new BL2:
   echo 0 > /sys/block/mmcblk0boot0/force_ro
   dd if=/dev/zero of=/dev/mmcblk0boot0 bs=512 count=8192 conv=fsync
   dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-preloader.bin of=/dev/mmcblk0boot0 bs=512 conv=fsync
4. Erase and write new FIP:
   dd if=/dev/zero of=/dev/mmcblk0 bs=512 seek=13312 count=8192 conv=fsync
   dd if=openwrt-mediatek-filogic-cmcc_rax3000m-emmc-bl31-uboot.fip of=/dev/mmcblk0 bs=512 seek=13312 conv=fsync
5. Set static IP on your PC:
   IP 192.168.1.254, GW 192.168.1.1
6. Serve OpenWrt initramfs image using TFTP server.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt has booted, perform sysupgrade.
9. Additionally, if you want to have eMMC recovery boot feature:
     (Don't worry! You will always have TFTP recovery boot feature.)
   dd if=openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb of=/dev/mmcblk0p4 bs=512 conv=fsync

NAND Flash instructions:
1. SSH to RAX3000M, and backup everything, especially 'Factory' part.
2. Erase and write new BL2:
   mtd erase BL2
   mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-preloader.bin BL2
3. Erase and write new FIP:
   mtd erase FIP
   mtd write openwrt-mediatek-filogic-cmcc_rax3000m-nand-bl31-uboot.fip FIP
4. Set static IP on your PC:
   IP 192.168.1.254, GW 192.168.1.1
5. Serve OpenWrt initramfs image using TFTP server.
6. Cut off the power and re-engage, wait for TFTP recovery to complete.
7. After OpenWrt has booted, erase UBI volumes:
   ubidetach -p /dev/mtd0
   ubiformat -y /dev/mtd0
   ubiattach -p /dev/mtd0
8. Create new ubootenv volumes:
   ubimkvol /dev/ubi0 -n 0 -N ubootenv -s 128KiB
   ubimkvol /dev/ubi0 -n 1 -N ubootenv2 -s 128KiB
9. Additionally, if you want to have NAND recovery boot feature:
     (Don't worry! You will always have TFTP recovery boot feature.)
   ubimkvol /dev/ubi0 -n 2 -N recovery -s 20MiB
   ubiupdatevol /dev/ubi0_2 openwrt-mediatek-filogic-cmcc_rax3000m-initramfs-recovery.itb
10. Perform sysupgrade.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 423186d7)
[rebased to 23.05]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

The OEM U-Boot uses dual boot and signature verification which does not
support by OpenWrt. So add a custom U-Boot build for OpenWrt.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit fddd735d)

They will be used on CMCC RAX3000M.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7d8ffe94)

This commit fixes MERCUSYS brand spelling. The proper name is capitalized.

Link: https://www.mercusys.com/
Link: https://github.com/torvalds/linux/blob/master/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c#L7779



Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
(cherry picked from commit 45a50a06)

Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110



This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk

Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3c17cdbc)

Changes introduced in commit d604a072 ("build: add CycloneDX SBOM
JSON support") broke ImageBuilder:

  Cannot open '/openwrt-imagebuilder-ath79-generic.Linux-x86_64/tmp/.packageinfo': No such file or directory

So lets fix it by wrapping the BOM generation behind condition of IB
feature check.

Fixes: #13881
Fixes: d604a072 ("build: add CycloneDX SBOM JSON support")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit c4259a65)

Some packages (like wavemon >= 0.9.4) depend on libnl-cli. Add support
for this part of the lib. libnl-cli itself depends on libnl-genl and
libnl-nf. On MIPS, this component adds 81kB.

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(punctuation correction and reorganisation of commit message)
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 4bdd1c1a)

The MAC-address of gmac0 matches the one printed on the bottom label.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit ae500e62)