Update ca-certificates to version 20241223
* Update Mozilla certificate authority bundle to version 2.70.
The following certificate authorities were added (+):
+ Telekom Security TLS ECC Root 2020
+ Telekom Security TLS RSA Root 2023
+ FIRMAPROFESIONAL CA ROOT-A WEB
+ TWCA CYBER Root CA
+ SecureSign Root CA12
+ SecureSign Root CA14
+ SecureSign Root CA15
The following certificate authorities were removed (-):
- Security Communication Root CA (closes: #1063093)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/18468
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit c79572210f)
r8127 is an out of tree driver provided by Realtek for RTL8127 devices.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 851ea69d8e)
For WIFI7 devices (such as mt7925e), the dev width is currently
always "20 MHz (no HT)" in monitor mode.
Add EHT and HE160 support to iw_htmode to fix this issue.
Additionally, the following changes are made:
1. Set iw_htmode to 160MHz for VHT160. The reason for the current
VHT160 setting is unclear and seems to have been in place for
over a decade (ibss_htmode [1]). If anyone knows its impact,
please inform me so I can restore it.
2. Modify MHZ to MHz. The original matching table in the current
iw tool uses MHz. Although the match is case-insensitive,
correcting this won't hurt.
[1]: 768d09be87
Signed-off-by: Ming Kuang <ming@imkuang.com>
Link: https://github.com/openwrt/openwrt/pull/18319
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 86eb1c0b5a)
The ath10k dt-binding property "qcom,coexist-support" was
explicitly defined as type uint8 since upstream commit
ed09c61eb19d ("dt-bindings: net: Convert ath10k to YAML").
Therefore, this hack patch no longer makes sense.
Link: ed09c61eb1
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/18393
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit da13174aa1)
**Huasifei WH3000 eMMC / Fudy MT3000**
Portable Wi-Fi 6 travel router based on MediaTek MT7981A SoC.
MT7981B+MT7976CN+RTL8221B Dual Core 1.3GHZ
**Specifications**
SoC: Filogic 820 MT7981A (1.3GHz)
RAM: DDR4 1GB
Flash: eMMC 8GB
WiFi: 2.4GHz and 5GHz with 3 antennas
Ethernet:
1x WAN (10/100/1000M)
1x LAN (10/100/1000/2500M)
USB: 1x USB 3.0 port
Two buttons: power/reset and mode (BTN_0)
LEDS: blue, red, blue+red=pink
UART: 3.3V, TX, RX, GND / 115200 8N1
**Installation via U-Boot rescue**
1. Set static IP 192.168.1.2 on your computer and default route as 192.168.1.1
2. Connect to the WAN port and hold the reset button while booting the device.
3. Wait for the LED to blink 5 times, and release the reset button.
4. Open U-boot web page on your browser at http://192.168.1.1
5. Select the OpenWRT sysupgrade image, upload it, and start the upgrade.
6. Wait for the router to flash the new firmware.
7. Wait for the router to reboot itself.
**Installation via sysupgrade**
Just flash sysupgrade file via [LuCI upgrade page](http://192.168.1.1/cgi-bin/luci/admin/system/flash) without saving the settings.
**Installation via SSH**
Upload the file to the router `/tmp` directory, `ssh root@192.168.1.1` and issue a command:
```
sysupgrade -n /tmp/openwrt-mediatek-filogic-huasifei_wh3000-emmc-squashfs-sysupgrade.bin
```
**Factory MAC**
You can find your Factory MAC which is mentioned on the box at `/dev/mmcblck0p2` partition `factory` starting from `0x4`
```
dd if=/dev/mmcblk0p2 bs=1 skip=4 count=6 | hexdump -C
```
**Enlarging a partition**
Though device has 8GB eMMC, it uses only 2GB `/dev/mmcblck0p6` as `rootfs` for `/rom` and `/overlay` leaving `/dev/mmcblck0p7` as empty unused space.
```
sgdisk -p /dev/mmcblk0
```
```
Disk /dev/mmcblk0: 15269888 sectors, 7.3 GiB
Sector size (logical/physical): 512/512 bytes
Disk identifier (GUID): 2BD17853-102B-4500-AA1A-8A21D4D7984D
Partition table holds up to 128 entries
Main partition table begins at sector 2 and ends at sector 33
First usable sector is 34, last usable sector is 14942174
Partitions will be aligned on 1024-sector boundaries
Total free space is 11197 sectors (5.5 MiB)
Number Start (sector) End (sector) Size Code Name
1 8192 9215 512.0 KiB 8300 u-boot-env
2 9216 13311 2.0 MiB 8300 factory
3 13312 21503 4.0 MiB 8300 fip
4 21504 29695 4.0 MiB 8300 config
5 29696 62463 16.0 MiB 8300 kernel
6 62464 4256767 2.0 GiB 8300 rootfs
7 4257792 14940159 5.1 GiB 8300
```
You can fix that by loading into `initramfs-kernel`, deleting empty `mmcblck0p7` partition and resizing `mmcblck0p6`
```
sysupgrade -F /tmp/openwrt-initramfs-kernel.bin
```
Install and run cfdisk
```
opkg update && opkg install cfdisk
cfdisk /dev/mmcblck0
```
- Select `mmcblck0p7` -> Delete
- Select `mmcblck0p6` -> Resize -> Write -> yes -> Quit
You will not see any difference in `cat /proc/partitions` after that but just flash a `sysupgrade` and you'll get the whole 7.3GB space for the `/overlay`.
Co-developed-by: hecatae <horus.ra@gmail.com>
Signed-off-by: Fil Dunsky <filipp.dunsky@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18220
(cherry picked from commit 99ea96c297)
Link: https://github.com/openwrt/openwrt/pull/18434
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This PR adds support for netis NX31 router.
Specification
-------------
- SoC : MediaTek MT7981BA dual-core ARM Cortex-A53 1.3 GHz
- RAM : 256 MiB DDR3
- Flash : SPI-NAND 128 MiB (ESMT)
- WLAN : MediaTek MT7976CN dual-band WiFi 6
- 2.4 GHz : b/g/n/ax, MIMO 2x2
- 5 GHz : a/n/ac/ax, MIMO 2x2
- Ethernet : 10/100/1000 Mbps x3 (LAN, MediaTek MT7531AE)
10/100/1000 Mbps x1 (WAN, SoC internal phy)
- USB : No
- Buttons : Mesh, Reset
- LEDs : 1x Power (blue), unmanaged
1x Status (blue), gpio-controlled
1x WiFi 2.4 GHz (blue), gpio-controlled
1x WiFi 5 GHz (blue), gpio-controlled
3x LAN activity (blue), switch-controlled
1x WAN activity (blue), gpio-controlled
- Power : 12 VDC, 1 A
Installation
------------
1. Connect to the router using ssh (user: admin, pass: web interface
password)
2. Make mtd backup:
cat /dev/mtd0 | gzip -1 -c > /tmp/mtd0_spi0.0.bin.gz
cat /dev/mtd1 | gzip -1 -c > /tmp/mtd1_BL2.bin.gz
cat /dev/mtd2 | gzip -1 -c > /tmp/mtd2_u-boot-env.bin.gz
cat /dev/mtd3 | gzip -1 -c > /tmp/mtd3_Factory.bin.gz
cat /dev/mtd4 | gzip -1 -c > /tmp/mtd4_FIP.bin.gz
cat /dev/mtd5 | gzip -1 -c > /tmp/mtd5_ubi.bin.gz
3. Download mtd backup from the /tmp dir of the router to your PC using
scp protocol
4. Upload OpenWrt 'bl31-uboot.fip', 'preloader.bin' images to the /tmp
dir of the router using scp protocol
5. Write FIP and BL2 (replace bootloader):
mtd write /tmp/openwrt-mediatek-filogic-netis_nx31-bl31-uboot.fip FIP
mtd write /tmp/openwrt-mediatek-filogic-netis_nx31-preloader.bin BL2
6. Place OpenWrt
'openwrt-mediatek-filogic-netis_nx31-initramfs-recovery.itb' image on
the tftp server (IP: 192.168.1.254)
7. Erase 'ubi' partition and reboot the router:
mtd erase ubi
reboot
8. U-Boot automatically boot OpenWrt recovery image from tftp server to
the RAM
9. Upload OpenWrt 'sysupgrade.itb' image to the /tmp dir of the router
(IP: 192.168.1.1) using scp protocol
10. Connect to the router using ssh and run:
sysupgrade -n openwrt-mediatek-filogic-netis_nx31-squashfs-sysupgrade.itb
Return to stock
---------------
1. Unpack stock BL2 and FIP partitions backup
2. Upload stock BL2 and FIP partitions backup to the /tmp dir of the
router using scp protocol
3. Connect to the router using ssh and run:
apk update && apk add kmod-mtd-rw
insmod mtd-rw i_want_a_brick=1
mtd unlock BL2
mtd unlock FIP
4. Restore backup:
mtd write /tmp/mtd4_FIP.bin FIP
mtd write /tmp/mtd1_BL2.bin BL2
5. Erase ubi and reboot:
mtd erase ubi
reboot
6. Power off the router
7. Press Reset button and power on the router. Release the button after
~10 sec
8. Navigate to U-Boot recovery web server (http://192.168.1.1/) and
upload the OEM firmware
Recovery
--------
1. Place OpenWrt
'openwrt-mediatek-filogic-netis_nx31-initramfs-recovery.itb' image on
the tftp server (IP: 192.168.1.254)
2. Press “Reset” button and power on the router. After ~10 sec release
the button.
3. Use OpenWrt initramfs system for recovery
MAC addresses
-------------
+---------+-------------------+-----------+
| | MAC | Algorithm |
+---------+-------------------+-----------+
| LAN | dc:xx:xx:d1:xx:18 | label |
| WAN | dc:xx:xx:d1:xx:1a | label+2 |
| WLAN 2g | de:xx:xx:11:xx:19 | |
| WLAN 5g | de:xx:xx:71:xx:19 | |
+---------+-------------------+-----------+
The LAN MAC was found in 'Factory', 0x1fef20
The WAN MAC was found in 'Factory', 0x1fef26
The WLAN 2g/5g MAC prototype was found in 'Factory', 0x4
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18324
(cherry picked from commit d8002cb627)
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18438
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Backport two commits to resolve issues with ath1kk causing it to fail
driver registration on iommuless systems with DRAM outside of 32bit
addressing such as a 4GiB imx8mm:
commit 1bcd20981834 ("wifi: ath11k: Fix DMA buffer allocation
to resolve SWIOTLB issues")
commit eeadc6baf8b3 ("wifi: ath11k: Use dma_alloc_noncoherent
for rx_tid buffer allocation")
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Link: https://github.com/openwrt/openwrt/pull/17751
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit fa50e53aa9)
This allows the network interface naming to be stable, free from any
possible interaction from external USB network devices that might
claim usb* interface names.
(This was a real problem I encountered with a nanopi R6S device and
an external rtl8152 usb3 network controller - the USB controller would
claim the eth1 name, causing much confusion).
Signed-off-by: Michel Lespinasse <michel@lespinasse.org>
Link: https://github.com/openwrt/openwrt/pull/17638
(cherry picked from commit effcb6e4c3)
Link: https://github.com/openwrt/openwrt/pull/18347
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fix compilation error for old stable version caused by
genlmsg_multicast_allns backport fix pushed middle version.
Version 5.15 version 0-169, 6.1 version 0-115, 6.6 version 0-58 have the
old genlmsg_multicast_allns version with flags variable.
Compiling backport project with these version result in a compilation
error. To handle this, introduce a backport function for the affected
kernel version.
Link: https://github.com/openwrt/openwrt/pull/18373
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 4039388149)
Do not verify the format of TLV. Leave that to lldpd.
These lldpd config entries:
config custom-tlv
list ports 'eth0'
option tlv 'replace oui 33,44,55 subtype 254 oui-info 55,55,55,55,55'
config custom-tlv
option tlv 'oui 33,44,44 subtype 232'
list ports 'br-lan'
list ports 'eth0'
config custom-tlv # oui-info truncated
option tlv 'add oui 33,44,33 subtype 66 oui-info 5555555555'
config custom-tlv
option tlv 'add oui 33,44,31 subtype 44'
config custom-tlv # invalid oui
option tlv 'add oui 3322 subtype 79'
config custom-tlv # invalid oui
option tlv 'oui 3312 subtype 74'
Produce the following lldpd.conf content:
configure ports eth0 lldp custom-tlv replace oui 33,44,55 subtype 254 oui-info 55,55,55,55,55
configure ports br-lan,eth0 lldp custom-tlv oui 33,44,44 subtype 232
configure lldp custom-tlv add oui 33,44,33 subtype 66 oui-info 5555555555
configure lldp custom-tlv add oui 33,44,31 subtype 44
configure lldp custom-tlv add oui 3322 subtype 79
configure lldp custom-tlv oui 3312 subtype 74
And lldpd (v1.0.13 on v22) logs the following:
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op replace oui 33:44:55 subtype fe
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:44 subtype e8
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c
Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3322'
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command
Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3312'
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: lldpd should resume operations
( The last two TLV are invalid: their oui must be three hex bytes, comma
separated. Only the first hex byte of oui-info 5555555555 is used )
Depends on #14867 and its release version bump
Tested on: 22.03.6
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14872
(cherry picked from commit 8d1fe32c2c)
Link: https://github.com/openwrt/openwrt/pull/18343
Signed-off-by: Robert Marko <robimarko@gmail.com>
Apparently U-Boot will discard whole node if requested pin function is
unknown to the driver. This resulted in inability to interact with
U-Boot on the said board, as U-Boot always assumed the recovery key
pressed and issued recovery procedure. Log snippet:
button_gpio gpio-keys: pinctrl_select_state_full: pinctrl_config_one: err=-38
reset button found
button pushed, resetting environment
Recovery procedure also booted recovery image, which didn't affect much
the 23.05.x release, since the root fs argument was valid, so changes
persisted. But as 24.10.x hit with fitblk, the board will boot only
recovery image (initramfs) because of default bootargs will reset on each
boot and U-Boot provided bootargs took precedence.
Fixes: 42eeb22450 ("uboot-mediatek: fix factory/reset button")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Link: https://patchwork.ozlabs.org/project/openwrt/patch/20250304164507.60511-1-tmn505@terefe.re/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f8a2e1c68b)
Debian Changelogs from 20240531:
local access.
- Mitigations for INTEL-SA-01079 (CVE-2024-23918)
Potential security vulnerabilities in some Intel Xeon processors
using Intel SGX may allow escalation of privilege. Intel disclosed
that some processor models were already fixed by a previous
microcode update.
- Updated mitigations for INTEL-SA-01097 (CVE-2024-24968)
Improper finite state machines (FSMs) in hardware logic in some
Intel Processors may allow an privileged user to potentially enable a
denial of service via local access.
- Mitigations for INTEL-SA-01103 (CVE-2024-23984)
A potential security vulnerability in the Running Average Power Limit
(RAPL) interface for some Intel Processors may allow information
disclosure. Added mitigations for more processor models.
* Updated Microcodes:
sig 0x000806f8, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800
sig 0x000806f7, pf_mask 0x87, 2024-06-20, rev 0x2b000603
sig 0x000806f6, pf_mask 0x87, 2024-06-20, rev 0x2b000603
sig 0x000806f5, pf_mask 0x87, 2024-06-20, rev 0x2b000603
sig 0x000806f4, pf_mask 0x87, 2024-06-20, rev 0x2b000603
sig 0x00090672, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256
sig 0x00090675, pf_mask 0x07, 2024-05-29, rev 0x0037
sig 0x000b06f2, pf_mask 0x07, 2024-05-29, rev 0x0037
sig 0x000b06f5, pf_mask 0x07, 2024-05-29, rev 0x0037
sig 0x000906a3, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232
sig 0x000906a4, pf_mask 0x80, 2024-06-03, rev 0x0435
sig 0x000a06a4, pf_mask 0xe6, 2024-08-02, rev 0x0020, size 138240
sig 0x000b06a2, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160
sig 0x000b06a3, pf_mask 0xe0, 2024-05-29, rev 0x4123
sig 0x000b06a8, pf_mask 0xe0, 2024-05-29, rev 0x4123
sig 0x000c06f2, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128
sig 0x000c06f1, pf_mask 0x87, 2024-06-20, rev 0x21000283
* source: update symlinks to reflect id of the latest release, 20241112
* Update changelog for 3.20240910.1 and 3.20240813.1 with new information:
INTEL-SA-1103 was addressed by 3.20240813.1 for some processor models,
and not by 3.20240910. INTEL-SA-1079 was addressed by 3.20240910.1 for
some processor models.
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 14 Nov 2024 15:37:40 -0300
intel-microcode (3.20241029.1) UNRELEASED; urgency=medium
* New upstream microcode datafile 20241029
- Not relevant for operating system microcode updates
- Only when loaded from firmware, this update fixes the critical,
potentially hardware-damaging errata RPL061: Incorrect Internal
Voltage Request on Raptor Lake (Core 13th/14th gen) Intel
processors.
* Updated Microcodes:
sig 0x000b0671, pf_mask 0x32, 2024-08-29, rev 0x012b, size 211968
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 14 Nov 2024 14:49:03 -0300
intel-microcode (3.20240910.1) unstable; urgency=medium
* New upstream microcode datafile 20240910 (closes: #1081363)
- Mitigations for INTEL-SA-01097 (CVE-2024-24968)
Improper finite state machines (FSMs) in hardware logic in some
Intel Processors may allow an privileged user to potentially enable a
denial of service via local access.
- Fixes for unspecified functional issues on several processor models
- The processor voltage limit issue on Core 13rd/14th gen REQUIRES A
FIRMWARE UPDATE. It is present in this release for sig 0xb0671, but
THE VOLTAGE ISSUE FIX ONLY WORKS WHEN THE MICROCODE UPDATE IS LOADED
THROUGH THE FIT TABLE IN FIRMWARE. Contact your system vendor for a
firmware update that includes the appropriate microcode update for
your processor.
* Updated Microcodes:
sig 0x00090672, pf_mask 0x07, 2024-02-22, rev 0x0036, size 224256
sig 0x00090675, pf_mask 0x07, 2024-02-22, rev 0x0036
sig 0x000b06f2, pf_mask 0x07, 2024-02-22, rev 0x0036
sig 0x000b06f5, pf_mask 0x07, 2024-02-22, rev 0x0036
sig 0x000906a3, pf_mask 0x80, 2024-02-22, rev 0x0434, size 222208
sig 0x000906a4, pf_mask 0x80, 2024-02-22, rev 0x0434
sig 0x000a06a4, pf_mask 0xe6, 2024-06-17, rev 0x001f, size 137216
sig 0x000b0671, pf_mask 0x32, 2024-07-18, rev 0x0129, size 215040
sig 0x000b06a2, pf_mask 0xe0, 2024-02-22, rev 0x4122, size 220160
sig 0x000b06a3, pf_mask 0xe0, 2024-02-22, rev 0x4122
sig 0x000b06a8, pf_mask 0xe0, 2024-02-22, rev 0x4122
sig 0x000b06e0, pf_mask 0x19, 2024-03-25, rev 0x001a, size 138240
* Update changelog for 3.20240813.1 with new information
* Update changelog for 3.20240514.1 with new information
* source: update symlinks to reflect id of the latest release, 20240910
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 21 Sep 2024 16:40:07 -0300
intel-microcode (3.20240813.2) unstable; urgency=high
* Merge changes from intel-microcode/3.20240531.1+nmu1, which were left out
from 3.20240813.1 by an oversight, regressing merged-usr. Closes: #1060200
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 17 Aug 2024 11:31:32 -0300
intel-microcode (3.20240813.1) unstable; urgency=medium
* New upstream microcode datafile 20240813 (closes: #1078742)
- Mitigations for INTEL-SA-01083 (CVE-2024-24853)
Incorrect behavior order in transition between executive monitor and SMI
transfer monitor (STM) in some Intel Processors may allow a privileged
user to potentially enable escalation of privilege via local access.
- Mitigations for INTEL-SA-01118 (CVE-2024-25939)
Mirrored regions with different values in 3rd Generation Intel Xeon
Scalable Processors may allow a privileged user to potentially enable
denial of service via local access.
- Mitigations for INTEL-SA-01100 (CVE-2024-24980)
Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
Xeon Processors may allow a privileged user to potentially enable
escalation of privilege via local access.
- Mitigations for INTEL-SA-01038 (CVE-2023-42667)
Improper isolation in the Intel Core Ultra Processor stream cache
mechanism may allow an authenticated user to potentially enable
escalation of privilege via local access. Intel disclosed that some
processor models were already fixed by the previous microcode update.
- Mitigations for INTEL-SA-01046 (CVE-2023-49141)
Improper isolation in some Intel Processors stream cache mechanism may
allow an authenticated user to potentially enable escalation of
privilege via local access. Intel disclosed that some processor models
were already fixed by the previous microcode update.
- Mitigations for INTEL-SA-01079 (CVE-2024-23918)
Potential security vulnerabilities in some Intel Xeon processors
using Intel SGX may allow escalation of privilege. Intel released this
information during the full disclosure for the 20241112 update.
Processor signatures 0x606a6 and 0x606c1.
- Mitigations for INTEL-SA-01103 (CVE-2024-23984)
A potential security vulnerability in the Running Average Power Limit
(RAPL) interface for some Intel Processors may allow information
disclosure. Intel released this information during the full disclosure
for the 20240910 update. Processor signatures 0x5065b, 0x606a6,
0x606c1.
- Fix for unspecified functional issues on several processor models
- Fix for errata TGL068/ADL075/ICL088/... "Processor may hang during a
microcode update". It is not clear which processors were fixed by this
release, or by one of the microcode updates from 2024-05.
- Mitigations for INTEL-SA-01213 (CVE-2024-36293)
Improper access control in the EDECCSSA user leaf function for some
Intel Processors with Intel SGX may allow an authenticated user to
potentially enable denial of service via local access. Intel released
this information during the full disclosure for the 20250211 update.
Processor signature 0x906ec (9th Generation Intel Core processor).
* Updated microcodes:
sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936
sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720
sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224
sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032
sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688
sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640
sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328
sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448
sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496
sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496
sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472
sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496
sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496
sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480
sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472
sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496
sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496
sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496
sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280
sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304
sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280
sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280
sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280
sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544
sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216
* source: update symlinks to reflect id of the latest release, 20240813
* postinst, postrm: switch to dpkg-trigger to run update-initramfs
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 15 Aug 2024 14:41:50 -0300
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/18197
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f4801cffc3)
d8b43985e4d7 ubus: fix token_create policy
7326459bd743 ubus: dump service information on network_get
6c9c8fbd8128 service: add @all as alias for all members, unless defined differently
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 84909c62c8)
Add support for Genexis Pulse EX400 / Inteno Pulse EX400. A branded
variant for the Finnish ISP DNA has already been added in fea2264d9f
(ramips: mt7621: Add DNA Valokuitu Plus EX400, 2023-07-31). This commit
adds support for the generic variants with Inteno and Genexis branding.
Inteno changed its name to Genexis and both brandings exist.
In terms of electronics, there is no difference between the DNA-branded
version and other brandings. LED markings on the case are different,
though. While the DNA-version has a "software-update" LED, the other
versions have a WPS LED. To reduce user confusion, create a separate
image.
Add the different device-tree with the different LED and rename things
to work the same way for both variants.
Specifications:
- Device: Genexis Pulse EX400 / Inteno Pulse EX400
- SoC: MT7621A
- Flash: 256 MB NAND
- RAM: 256 MB
- Ethernet: Built-in, 2 x 1 GbE
- Wifi: MT7603 2.4 GHz 2x2 MIMO, MT7615 5 GHz 4x4 MU-MIMO
- USB: 1x 2.0
- LEDs (GPIO): green/red status, green WPS
- LEDs (SX9512, unsupported): Broadband, Wi-Fi 2.4G, Wi-Fi 5G
- Buttons (GPIO): Reset
- Buttons (SX9512, unsupported): Wi-Fi 2.4G, Wi-Fi 5G, WPS
MAC addresses:
- LAN: U-Boot 'ethaddr' (label)
- WAN: label + 1
- 2.4 GHz: label + 6
- 5 GHz: label + 7
Serial:
There is a black block connector next to the red ethernet connector. It
is accessible also through holes in the casing.
Pinout (TTL 3.3V)
+---+---+
|Tx |Rx |
+---+---+
|Vcc|Gnd|
+---+---+
Firmware:
The vendor firmware is a fork of OpenWrt (Reboot) with a kernel version
4.4.93. The flash is arranged as below and there is a dual boot
mechanism alternating between rootfs_0 and rootfs_1.
+-------+------+------+-----------+-----------+
| | env1 | env2 | rootfs_0 | rootfs_1 |
| +------+------+-----------+-----------+
| | UBI volumes |
+-------+-------------------------------------+
|U-Boot | UBI |
+-------+-------------------------------------+
|mtd0 | mtd1 |
+-------+-------------------------------------+
| NAND |
+---------------------------------------------+
In OpenWrt rootfs_0 will be used as a boot partition that will contain the
kernel and the dtb. The squashfs rootfs and overlay are standard OpenWrt
behaviour.
+-------+------+------+-----------+--------+------------+
| | env1 | env2 | rootfs_0 | rootfs | rootfs_data|
| +------+------+-----------+--------+------------+
| | UBI volumes |
+-------+-----------------------------------------------+
|U-Boot | UBI |
+-------+-----------------------------------------------+
|mtd0 | mtd1 |
+-------+-----------------------------------------------+
| NAND |
+-------------------------------------------------------+
U-boot:
With proper serial access, booting can be halted to U-boot by pressing
any key. TFTP and flash writes are available, but only the first one has
been tested.
NOTE: Recovery mode can be accessed by holding down the reset button while
powering on the device. The led 'Update' will show a solid green light
once ready. A web server will be running at 192.168.1.1:80 and it will
allow flashing a firmware package. You can cycle between rootfs_0 and
rootfs_1 by pressing the reset button once.
Root password:
With the vendor web UI create a backup of your settings and download the
archive to your computer. Within the archive in the file
/etc/shadow replace the password hash for root with that of a password you
know. Restore the configuration with the vendor web UI and you will have
changed the root password.
SSH access:
You might need to enable the SSH service for LAN interface as by default
it's enabled for WAN only.
Installing OpenWrt:
With the vendor web UI, or from the U-Boot recovery UI, install the
OpenWrt factory image. Alternatively, ssh to the device and use
sysupgrade -n from cli.
Finalize by installing the OpenWrt sysupgrade image to get a fully
functioning system.
Reverting to the vendor firmware:
Boot with OpenWrt initramfs image
- Remove volumes rootfs_0, rootfs and rootfs_data and create vendor
volumes.
ubirmvol /dev/ubi0 -n 2
ubirmvol /dev/ubi0 -n 3
ubirmvol /dev/ubi0 -n 4
ubimkvol /dev/ubi0 -N rootfs_0 -S 990
ubimkvol /dev/ubi0 -N rootfs_1 -S 990
Power off and enter to the U-boot recovery to install the vendor
firmware.
Signed-off-by: Andreas Gnau <andreas.gnau@iopsys.eu>
Link: https://github.com/openwrt/openwrt/pull/17551
(cherry picked from commit 3e7337feea)
Link: https://github.com/openwrt/openwrt/pull/18238
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is an industrial 4G router equipped with OpenWrt 14.07 OEM
customized version
WARNING: The original firmware device tree is common to multiple
boards, and the device tree name is H9350. This submitted device
tree is a modified version, which deletes the non-this-device parts
and adds GPIO watchdog.
Specification:
- SoC: MediaTek MT7620A
- Flash: 16 MB
- RAM: 128 MB
- Power: DC 5V-36V 1.5A
- Ethernet: 1x WAN, 4x LAN (10/100 Mbps)
- Wireless radio: 802.11n 2.4g-only
- LED:
System/Power (RUN): GPIO/26 active-low
Ethernet: 1x WAN, 4x LAN
Modem 1: GPIO/66 active-low
RF 1 (Modem 1 Signal): GPIO/67 active-low
Modem 2: GPIO 71 active-low
RF 2 (Modem 2 Signal): GPIO/24 active-low
WLAN: GPIO/72 active-low
WPS: GPIO/12 active-low
- Button:
WPS / RESET: GPIO/34 active-low
- UART: 1x UART on PCB - 115200 8N1
- GPIO Watchdog: GPIO/62 mode=toggle timeout=1s
- PCIe: 2x miniPCIe for modem
- SIM Slots: 2x SIM Slots
Issue:
- No factory partition, eeprom is located
at /lib/firmware/mt7620a.eeprom
Flash instruction:
Using UART:
1. Configure PC with a static IP address and setup an TFTP server.
2. Put rootfs into the tftp directory.
3. Connect the UART line as described on the PCB.
4. Power up the device and press Ctrl+C to break auto boot.
5. Use `system 6` command and follow the instruction to set device
and tftp server IP address and input the rootfs file name.
U-boot will then load the rootfs and write it into
the flash.
6. Use `system 1` command and follow the instruction to set device
and tftp server IP address and input the firmware file name.
U-boot will then load the firmware once.
7. Login to LuCI and use LuCI upgrade firmware.
Original Firmware Dump / More details:
https://blog.gov.cooking/archives/research-hongdian-h8922-and-flash.html
Signed-off-by: Coia Prant <coiaprant@gmail.com>
Tested-by: Coia Prant <coiaprant@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17472
Link: https://github.com/openwrt/openwrt/pull/18221
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6a1bdcf545)
This board is also as known as SuperElectron ZN-M5 and ZN-M8. However,
for ZN-M5 and ZN-M8, there's another version uses ZX279128 as CPU
chip, which is unsupported.
You can check it in "高级设置" > "系统日志" > "内核日志" page from webUI.
Hardware specification:
SoC: MediaTek MT7981B 2x A53
Flash: 128 MB SPI-NAND
RAM: 256MB
Ethernet: 4x 10/100/1000 Mbps
Switch: MediaTek MT7531AE
WiFi: MediaTek MT7976C
Button: Reset, WPS
Power: DC 12V 1A
Stock layout flash instructions:
Login into webUI and upload sysupgrade firmware in "系统管理" > "升级固件" page.
Remember to unselect "保留配置" ("Keep configurations") first before doing that.
OpenWrt U-Boot layout flash instructions:
1. Flash stock layout firmware first.
2. Connect to the device via SSH, and backup everything,
especially 'Factory' partition.
3. Unlock MTD partitions:
opkg update && opkg install kmod-mtd-rw
insmod mtd-rw i_want_a_brick=1
4. Write new BL2 and FIP:
mtd write openwrt-mediatek-filogic-cmcc_a10-ubootmod-preloader.bin BL2
mtd write openwrt-mediatek-filogic-cmcc_a10-ubootmod-bl31-uboot.fip FIP
5. Set static IP on your PC:
IP 192.168.1.254/24, GW 192.168.1.1
6. Serve OpenWrt initramfs image using TFTP server.
7. Cut off the power and re-engage, wait for TFTP recovery to complete.
8. After OpenWrt has booted, perform sysupgrade.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/18121
(cherry picked from commit 96c6608346)
[sync uboot defconfigs with 24.10 branch, change apk to opkg]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/18218
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Trying to tcpdump DSA conduits results in errors such as
"unsupported DSA tag: mtk".
Backport two commits adding support for various DSA tags to libpcap.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit fad94e8cda)
Currently, enabling USB, BT or Netfilter support after initial compilation
will not trigger a rebuild, so add the missing PKG_CONFIG_DEPENDS so
that rebuild gets triggered.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit fe37574be6)
`ucv_array_set` releases the array's reference to the object being cleared.
If this is the last reference to the object, it will be freed, making our
pointer `val` invalid.
To avoid this, we need to obtain our own reference to the object so we
can safely return `val`.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
(cherry picked from commit 6a10da2934)
Since `wpa_ucode_registry_add` collects its own reference to the values added, the
two functions `hostapd_ucode_bss_get_uval` and `hostapd_ucode_iface_get_uval` would
sometimes return a referenced object (from `uc_resource_new`) and sometimes return
an unreferenced object (from `wpa_ucode_registry_get`). Now, both functions always
return a referenced object.
This change also indirectly fixes `hostapd_ucode_bss_get_uval`, ensuring it now
always returns a referenced object.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 7729f96093)
Remove extra ucv_get calls when passing a referenced value to an object
without using it further.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 22eaf18647)
This fixes a common reference counting bug typically along the lines of:
```
uc_value_push(ucv_get(ucv_string_new(...)));
```
This would leave our new string with a reference count of 2, one from
the construction of the string, the other from `ucv_get`. This would
prevent the strings from being correctly cleaned up when it goes out
of scope.
Signed-off-by: Matthew Cather <mattbob4@gmail.com>
(cherry picked from commit f79968ee0f)
75a236be122a service: add missing null pointer check
f5341f327539 ubus: add api for generating and validating security tokens
3fab99eab4d5 add udebug support
28d86bd30e97 pex: only respond to update requests when we have network data
8e6f37cc361e pex-msg: ignore no-data responses if version is zero
12e6cf7f63e1 pex: create pex host from update responses
edc8fdae463a ubus: show the local addresses in network status
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit ce68f61cb6)
ethtool since version 6.9 introduced support for getting/setting RSS
input transformation supported in Linux since version 6.8.
The now changed kernel ioctl ABI, however, cannot be detected from
userland, and ethtool since version 6.9 simply assumes that a previously
reserved field is now used to set the input transformation.
Unfortunately the default value RXH_XFRM_NO_CHANGE (0xff) used by ethtool
userland creates an incompatibility with older kernels which cannot be
resolved easily without introducing even more ABI breakage.
Work-around the issue and fix support for --set-rxfh and --set-rxfh-indir
ethtool userland tool commands by making the support for input_xfrm
conditional on compile time, and keep it disabled for Linux 6.6.
Fixes: 8c2dcd1518 ("ethtool: update to 6.10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Tested-by: Stijn Segers <foss@volatilesystems.org>
(cherry picked from commit 3a7467ffde)
Version 6.11 - October 8, 2024
* Feature: cmis: print active and inactive firmware versions
* Feature: flash transceiver module firmware (--flash-module-firmware)
* Feature: add T1BRR 10Mb/s mode to link mode tables
* Feature: support for disabling netlink from command line
* Fix: fix lanes parameter format specifier
* Fix: add missing clause 33 PSE manual description
* Fix: qsf: Better handling of Page A2h netlink read failure
* Fix: rss: retrieve ring count using ETHTOOL_GRXRINGS ioctl (-x)
* Misc: man page formatting fix
* changelog here: https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/commit/NEWS?id=c0ea4b70c71334ef038f7a3416b228a50dada406
Tested on gl.inet MT6000, retrieve ring count is now working
Signed-off-by: Andrea Pesaresi <andreapesaresi82@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17607
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 9454331b7f)
Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
CVE-2024-13176[1] - Fixed timing side-channel in ECDSA signature
computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In
particular the NIST P-521 curve is affected. To be able to measure this
leak, the attacker process must either be located in the same physical
computer or must have a very fast network connection with low latency.
CVE-2024-9143[2] - Fixed possible OOB memory access with invalid
low-level GF(2^m) elliptic curve parameters.
Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit
values for the field polynomial can lead to out-of-bounds memory reads
or writes. Applications working with "exotic" explicit binary (GF(2^m))
curve parameters, that make it possible to represent invalid field
polynomials with a zero constant term, via the above or similar APIs,
may terminate abruptly as a result of reading or writing outside of
array bounds. Remote code execution cannot easily be ruled out.
1. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
2. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/17947
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit b4e6fd7b76)
b43aeb5 wireless-regdb: assert and correct maximum bandwidth within frequency difference
68588bf wireless-regdb: Update regulatory info for Syria (SY) for 2020
0dda57e wireless-regdb: Update regulatory info for Moldova (MD) on 6GHz for 2022
b19ab0b wireless-regdb: Update regulatory info for Azerbaijan (AZ) on 6GHz for 2024
f67f40d wireless-regdb: Update regulatory info for Oman (OM)
bd70876 wireless-regdb: Update regulatory rules for Armenia (AM) on 2.4 and 5 GHz
6c7cbcc wireless-regdb: Permit 320 MHz bandwidth in 6 GHz band in ETSI/CEPT
f9f6b30 wireless-regdb: Update regulatory rules for Austria (AT)
39b47ea wireless-regdb: Update regulatory info for Cayman Islands (KY) for 2024
3dd7ceb wireless-regdb: allow NO-INDOOR flag in db.txt
4d754a1 wireless-regdb: Update regulatory rules for Iran (IR) on both 2.4 and 5Ghz for 2021
8c8308a wireless-regdb: Update frequency range with NO-INDOOR for Oman (OM)
c2f11e2 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Rudy Andram <rmandrad@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17957
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit da2cc98458)
