diffconfig.sh runs ./scripts/config/conf, but it does not get built
with 'make {menu,x,n}config.  Call 'make ./scripts/config/conf' to
ensure it's been built before running it, aborting in case of failure.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>[removed Fixes: due revert]

The Zyxel EMG2926-Q10A is 99% the Zyxel NBG6716, but the bootloader
expects a different product name when flashing over TFTP. Also, the
EMG2926-Q10A always has 128 MiB of NAND flash whereas the NBG6716
reportedly can have either 128 MiB or 256 MiB.

Signed-off-by: Alex Henrie <alexhenrie24@gmail.com>

This commit fixes the package naming that was added by commit:
e1e4cbde

Signed-off-by: Florian Eckert <fe@dev.tdt.de>

The Sagem/Plusnet F@ST2704N has a red label in ethernet port 4. Its purpose is
to be used as Fibre/WAN with the stock firmware.

Configure the Eth4 as WAN.

Fixes: fbbb9777 (brcm63xx: Tune the network configuration for several
routers)

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>

the Aerohive HiveAP-330 and HiveAP-350 come equipped
with an TI TMP125 temperature chip. This patch wires
up the necessary support for this sensor and exposes
it through hwmon / thermal sensor framework. Upstream
support is coming, but it has to go through hwmon-next
first.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

The last remaining 5.4 target currently chokes because the
symbols haven't been disabled like for 5.10.

Fixes: 97158fe1 ("kernel: package ramoops pstore-ram crash log storage")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

Both struct net_device_path_ctx and struct net_device_path
are not available in 5.4. This causes an build error on the
bcm63xx target.

|mac80211/driver-ops.h: In function 'drv_net_fill_forward_path':
|driver-ops.h:1502:57: error: passing argument 4 of
|'local->ops->net_fill_forward_path' from incompatible pointer type
| [-Werror=incompatible-pointer-types]
| 1502 |                          ctx, path);
|      |                          ^~~
|      |                            |
|      |                         struct net_device_path_ctx *

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

  - Call pager with original LANG environment variable
  - Consistently complain early if no series file is found
  - Fix handling of symbolic links by several commands
  - Tighten the patch format parsing
  - Reuse the shell (performance)
  - Document the series file format further
  - Document that quilt loads /etc/quilt.quiltrc
  - configure: Make stat configurable
  - series: Minor optimizations
  - setup: Don't obey the settings of any englobing .pc
  - setup: Default to fast mode
  - quilt.el: Fix documentation of quilt-pc-directory
  - quilt.el: Load /etc/quilt.quiltrc if ~/.quiltrc doesn't exist
  - quilt.el: Fix quilt-editable when QUILT_PATCHES_PREFIX is set

Refresh patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[add changelog]
Signed-off-by: Paul Spooren <mail@aparcar.org>

This commits adds GitHub CI to check that all tools compile on both
Ubuntu and macOS. Since running in parrallel this should also detect
badly set depdendencies within tools/Makefile.

Signed-off-by: Paul Spooren <mail@aparcar.org>

This fixes problem with USB PHY not handling some USB 3.0 devices.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>

Add the following kconfig symbols (disabled):

CONFIG_DEFAULT_FQ
CONFIG_DEFAULT_CODEL
CONFIG_DEFAULT_SFQ

Also resort the config with the kconfig.pl script.

Fixes: f39872d9 ("kernel: generic: select the fq_codel qdisc by default")

Tested-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>

Define the kernel crash log storage ramoops/pstore feature
for R7800 and its sister XR500.

Reference to the ramoops admin guide in upstream Linux:
https://www.kernel.org/doc/html/v5.10/admin-guide/ramoops.html



Tested with R7800.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

Package the ability to log kernel crashes to 'ramoops' pstore
files into RAM in /sys/fs/pstore

Reference to the ramoops admin guide in upstream Linux:
https://www.kernel.org/doc/html/v5.10/admin-guide/ramoops.html



The files in RAM survive a warm reboot, but not a cold reboot.

Note: kmod-ramoops selects kmod-pstore and kmod-reed-solomon.

The feature can be used by selecting the kmod-ramoops and
adding a ramoops reserved-memory definition to the device DTS.
Example from R7800:

       reserved-memory {
                rsvd@5fe00000 {
                        reg = <0x5fe00000 0x200000>;
                        reusable;
                };

                ramoops@42100000 {
                        compatible = "ramoops";
                        reg = <0x42100000 0x40000>;
                        record-size = <0x4000>;
                        console-size = <0x4000>;
                        ftrace-size = <0x4000>;
                        pmsg-size = <0x4000>;
                };
        };

If no definition has been made in DTS, no crash log is stored
for the device.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(added CONFIG_EFI_VARS_PSTORE disable)

Previously, grub2 was hardcoded to always look on "hd0" for the
kernel.

This works well when the system only had a single disk.
But if there was a second disk/stick present, it may have look
on the wrong drive because of enumeration races.

This patch utilizes grub2 search function to look for a filesystem
with the label "kernel". This works thanks to existing setup in
scripts/gen_image_generic.sh. Which sets the "kernel" label on
both the fat and ext4 filesystem variants.

Signed-off-by: Jax Jiang <jax.jiang.007@gmail.com>
Suggested-by: Alberto Bursi <bobafetthotmail@gmail.com> (MX100 WA)
(word wrapped, slightly rewritten commit message, removed MX100 WA)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

This reverts all four commits
dbb45421 "bcm27xx: bcm2708: update defconfig"
332f6958 "bcm27xx: bcm2709: update defconfig"
a478202d "bcm27xx: bcm2710: update defconfig"
82da1dfd "bcm27xx: bcm2711: update defconfig"

this also highlighted an unrelated kconfig failure
that warrants investigation. But for now it is important
for the bcm27xx target to come back again.

|*
|* Restart config...
|*
|*
|* Allow override default queue discipline
|*
|Allow override default queue discipline (NET_SCH_DEFAULT) [Y/n/?] y
|  Default queuing discipline
|    1. Fair Queue (DEFAULT_FQ) (NEW)
|    2. Controlled Delay (DEFAULT_CODEL) (NEW)
|  > 3. Fair Queue Controlled Delay (DEFAULT_FQ_CODEL)
|    4. Stochastic Fair Queue (DEFAULT_SFQ) (NEW)
|    5. Priority FIFO Fast (DEFAULT_PFIFO_FAST)
|  choice[1-5?]:
|Error in reading or end of file.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>

Add support for SAMA7G5-EK board.
Hardware:
- SoC: SAMA7G5
- RAM: Aliance Memory AS4C256M16D3LC (4 Gbit DDR3L)
- SD/MMC: 1 standard 4bit SD Card interface
- USB: 1 Micro-AB host/device, 1 Type-A host, 1 Type-C host
- CAN: 2 interfaces
- Ethernet: 10/100 port, 1Gbps port
- Wi-Fi/BT: 1 optional interface
- Audio: 1 SPDIF RX port, 1 SPDIF TX port, 4 digital microphones
- Camera: 1 RPi CSI camera interface
- Debug: 1 J-Link-OB + CDC, 1 JTAG
- LEDs: 1 RGB
- Buttons: 4 push buttons
- Expansions: 1 RPi Expansion connector, 2 mikroBUS connectors
- Power management: 1 power management IC, 1 power consumption
  measurement device

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>

Add kernel support for SAMA7G5 by back-porting mainline kernel patches.
Among SAMA7G5 features could be remembered:
- ARM Cortex-A7
- double data rate multi-port dynamic RAM controller supporting DDR2,
  DDR3, DDR3L, LPDDR2, LPDDR3 up to 533MHz
- peripherals for audio, video processing
- 1 gigabit + 1 megabit Ethernet controllers
- 6 CAN controllers
- trust zone support
- DVFS for CPU
- criptography IPs

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>

Update uboot-at91 to linux4sam-2021.10 version.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>

AT91Bootstrap version 4 is available only for SAM9X60, SAMA5D2, SAMA5D3,
SAMA5D4, SAMA7G5. Thus use v4.0.1 for the above targets and v3.10.4 for
the rest of them. With the switch to v4 AT91Bootstrap binaries are now
on build/binaries. Take also this into account. Also, patches directory
is not needed anymore with the version update.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>

In the default shadow file, as visible in the failsafe mode, the user
root has value of `0` set in  the 3rd field, the date of last password
change. This setting means that the password needs to be changed the
next time the user will log in the system. `dropbear` server is ignoring
this setting but `openssh-server` tries to enforce it and fails in the
failsafe mode because the rootfs is R/O.

Disable the password aging feature for user root by setting the 3rd
filed empty.

Signed-off-by: Rucke Teg <rucketeg@protonmail.com>

Enable both the hunting-and-pecking loop and hash-to-element mechanisms
by default in OpenWRT with SAE.

Commercial Wi-Fi solutions increasingly frequently now ship with both
hunting-and-pecking and hash-to-element (H2E) enabled by default as this
is more secure and more performant than offering hunting-and-pecking
alone for H2E capable clients.

The hunting and pecking loop mechanism is inherently fragile and prone to
timing-based side channels in its design and is more computationally
intensive to perform. Hash-to-element (H2E) is its long-term
replacement to address these concerns.

For clients that only support the hunting-and-pecking loop mechanism,
this is still available to use by default.

For clients that in addition support, or were to require, the
hash-to-element (H2E) mechanism, this is then available for use.

Signed-off-by: Nick Lowe <nick.lowe@gmail.com>

Due to a limited grep pattern, subjects containing dots like `image.mk`
were falsely reported as problematic. Extend pattern to allow dots.

Signed-off-by: Paul Spooren <mail@aparcar.org>

All mirrors offer encrypted downloads, use it.

Signed-off-by: Paul Spooren <mail@aparcar.org>

Adding the feature flag automatically creates a a rootfs.tar.gz files
which can be used for Docker rootfs containers.

Signed-off-by: Paul Spooren <mail@aparcar.org>

This reverts commit c0849c1d as it seems
to introduce regression in config.buildinfo files produced at least by
buildbots:

 $ curl -s https://downloads.openwrt.org/snapshots/targets/ath79/generic/config.buildinfo | head -2
 make[3]: Entering directory '/builder/shared-workdir/build'
 make[3]: Leaving directory '/builder/shared-workdir/build'

References: https://github.com/openwrt/openwrt/issues/9297#issuecomment-1049719381


Signed-off-by: Petr Štetiar <ynezz@true.cz>

Backport fix for API breakage of SSL_get_verify_result() introduced in
v5.1.1-stable.  In v4.8.1-stable SSL_get_verify_result() used to return
X509_V_OK when used on LE powered sites or other sites utilizing
relaxed/alternative cert chain validation feature. After an update to
v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA
error and thus rendered all such connection attempts imposible:

 $ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org"
 Downloading 'https://letsencrypt.org'
 Connecting to 18.159.128.50:443
 Connection error: Invalid SSL certificate

Fixes: #9283
References: https://github.com/wolfSSL/wolfssl/issues/4879


Signed-off-by: Petr Štetiar <ynezz@true.cz>

fwtool is now always part of the sysupgrade stage2 ramdisk, so drop
the no longer needed RAMFS_COPY_BIN variable.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

Now that both, fw_printenv/fw_setenv and fwtool are always present
during stage2 sysupgrade, we no longer need to list them in
RAMFS_COPY_BIN and RAMFS_COPY_DATA in platform.sh.
Drop both variables as they are now unneeded.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

Not all targets create /var/lock or touch /var/lock/fw_printenv.lock in
their platform.sh. This is problematic as fw_printenv then fails in
case /var/lock/fw_printenv.lock has not been created by previous calls
to fw_printenv/fw_setenv before sysupgrade is run.

Targets using fw_printenv/fw_setenv during sysupgrade:
 * ath79/*
 * ipq40xx/*
 * ipq806x/*
 * kirkwood/*
 * layerscape/*
 * mediatek/mt7622
 * mvebu/*
 * ramips/*
 * realtek/*

Targets currently using additional steps in /lib/upgrade/platform.sh
to make sure /var/lock/fw_printenv.lock (or at least /var/lock)
actually exists:
 * ath79/* (openmesh devices)
 * ipq40xx/* (linksys devices)
 * ipq806x/* (linksys devices)
 * kirkwood/* (linksys devices)
 * layerscape/*
 * mvebu/cortexa9 (linksys devices)

Given that accessing the U-Boot environment during sysupgrade is not
uncommon and the situation across targets is currently quite diverse,
just make sure both tools as well fw_env.config are always copied to
the ramdisk used for sysupgrade. Also make sure /var/lock always
exists.

This now allows to remove copying of fw_printenv/fw_setenv as well as
fw_env.config, creation of /var/lock or even /var/lock/fw_printenv.lock
from lib/upgrade/platform.sh or files included there.

As the same applies also to 'fwtool' which is used by generic eMMC
sysupgrade, also always copy that to ramdisk.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

diffconfig.sh runs ./scripts/config/conf, but it does not get built
with 'make {menu,x,n}config.  Call 'make ./scripts/config/conf' to
ensure it's been built befpre running it.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

Toplevel Make is not aware about changes in the `scripts/config/*conf`
targets and this is causing issues for during update to that part of
build tree, where one needs to handle this manually by either force
rebuilding the targets or running `make config-clean`. Fix this by
forcing the rebuild if necessary.

Fixes: #9297
Signed-off-by: Petr Štetiar <ynezz@true.cz>

This uses uci to configure engines, by generating a list of enabled
engines in /var/etc/ssl/engines.cnf from engines configured in
/etc/config/openssl:

    config engine 'devcrypto'
            option enabled '1'

Currently the only options implemented are 'enabled', which defaults to
true and enables the named engine, and the 'force' option, that enables
the engine even if the init script thinks the engine does not exist.

The existence test is to check for either a configuration file
/etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file
/usr/lib/engines-1.1/%ENGINE%.so.

The engine list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped.  It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

This enables an engine during its package's installation, by adding it
to the engines list in /etc/ssl/engines.cnf.d/engines.cnf.

The engine build system was reworked, with the addition of an engine.mk
file that groups some of the engine packages' definitions, and could be
used by out of tree engines as well.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

This changes the configuration of engines from the global openssl.cnf to
files in the /etc/ssl/engines.cnf.d directory.  The engines.cnf file has
the list of enabled engines, while each engine has its own configuration
file installed under /etc/ssl/engines.cnf.d.

Patches were refreshed with --zero-commit.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>

AR933x based devices should include 'kmod-usb-chipidea2' for USB
support. Fixes: #9243.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>

The 'BOARDNAME' variable is part of target configuration and shouldn't
be part of a device's image recipe.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>

65b42032063f interface: add missing autorate-ingress options

Signed-off-by: Felix Fietkau <nbd@nbd.name>

Remove some (dead) debugging code from the Realtek timer to clean up the
sources of this driver.

Signed-off-by: Sander Vanheule <sander@svanheule.net>

The I/O base address for the timers was hardcoded into the driver,
or derived from the HW IRQ number as an even more horrible hack. All
supported SoC families have these timers, but with hardcoded addresses
the code cannot be reused right now.

Request the timer's base address from the DT specification, and store it
in a private struct for future reference.

Matching the second interrupt specifier, the address range for the
second timer is added to the DT specification.

Signed-off-by: Sander Vanheule <sander@svanheule.net>

The Realtek timer node for RTL930x doesn't have any child nodes, making
the use of '#address-cells' quite pointless. It is also not an interrupt
controller, meaning it makes no sense to define '#interrupt-cells'.

The I/O address for this node is also wrong, but this is hidden by the
fact that the driver associated with this node bypasses the usual DT
machinery and does it's own thing. Correct the address to have a sane
value, even though it isn't actually used.

Fixes: a75b9e3e ("realtek: Adding RTL930X sub-target")
Signed-off-by: Sander Vanheule <sander@svanheule.net>