Merge Official Source

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>

.gitattributes

@@ -1 +1,2 @@
 * -text
+*.patch whitespace=-indent-with-non-tab,-space-before-tab,-tab-in-indent,-trailing-space

package/base-files/files/bin/config_generate

@@ -312,7 +312,8 @@ generate_static_system() {
 		delete system.@system[0]
 		add system system
 		set system.@system[-1].hostname='ImmortalWrt'
-		set system.@system[-1].timezone='UTC'
+		set system.@system[-1].timezone='GMT0'
+		set system.@system[-1].zonename='UTC'
 		set system.@system[-1].ttylogin='0'
 		set system.@system[-1].log_size='128'
 		set system.@system[-1].urandom_seed='0'

package/base-files/files/etc/init.d/done

@@ -5,6 +5,7 @@ START=95
 boot() {
 	mount_root done
 	rm -f /sysupgrade.tgz && sync
+	rm -f /tmp/sysupgrade.tar && sync
 
 	# process user commands
 	[ -f /etc/rc.local ] && {

package/base-files/files/etc/init.d/led

@@ -51,6 +51,7 @@ load_led() {
 	local delayon
 	local delayoff
 	local interval
+	local brightness
 
 	config_get sysfs $1 sysfs
 	config_get name $1 name "$sysfs"
@@ -67,6 +68,7 @@ load_led() {
 	config_get message $1 message ""
 	config_get gpio $1 gpio "0"
 	config_get_bool inverted $1 inverted "0"
+	config_get brightness $1 brightness
 
 	[ "$2" ] && [ "$sysfs" != "$2" ] && return
 
@@ -105,7 +107,8 @@ load_led() {
 			echo 0 >/sys/class/leds/${sysfs}/brightness
 
 		[ $default = 1 ] &&
-			cat /sys/class/leds/${sysfs}/max_brightness > /sys/class/leds/${sysfs}/brightness
+			[ -z "$brightness" ] && brightness=$(cat /sys/class/leds/${sysfs}/max_brightness)
+			echo $brightness > /sys/class/leds/${sysfs}/brightness
 
 		led_color_set "$1" "$sysfs"
 

package/base-files/files/etc/init.d/system

@@ -9,8 +9,8 @@ validate_system_section() {
 		'hostname:string:OpenWrt' \
 		'conloglevel:uinteger' \
 		'buffersize:uinteger' \
-		'timezone:string:UTC' \
-		'zonename:string'
+		'timezone:string:GMT0' \
+		'zonename:string:UTC'
 }
 
 system_config() {

package/network/config/firewall/Makefile

@@ -9,7 +9,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=firewall
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git

package/network/config/firewall/files/firewall.config

@@ -140,7 +140,7 @@ config rule
 	option proto		udp
 	option family		ipv4
 	option target		REJECT
-	option enabled		false
+	option enabled		0
 
 # include a file with users custom iptables rules
 config include

package/network/config/wifi-scripts/files-ucode/lib/netifd/wireless/mac80211.sh

@@ -302,7 +302,7 @@ function setup() {
 			if (mode != "ap")
 				data.config.noscan = true;
 			validate('iface', v.config);
-			iface.prepare(v.config, data.phy + data.phy_suffix, data.config.num_global_macaddr);
+			iface.prepare(v.config, data.phy + data.phy_suffix, data.config.num_global_macaddr, data.config.macaddr_base);
 			netifd.set_vif(k, v.config.ifname);
 			break;
 		}

package/network/config/wifi-scripts/files-ucode/usr/share/schema/wireless.wifi-device.json

@@ -490,6 +490,10 @@
 			"type": "alias",
 			"default": "bssid"
 		},
+		"macaddr_base": {
+			"type": "string",
+			"description": "Base MAC address used for deriving interface MAC addresses"
+		},
 		"max_amsdu": {
 			"description": "Maximum A-MSDU length of 7935 octects (3839 octets if option set to 0)",
 			"type": "boolean",

package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc

@@ -285,8 +285,8 @@ function iface_vlan(interface, config, vlans) {
 
 	if (!config.vlan_possible || !config.dynamic_vlan)
 		return;
-
-	config.vlan_no_bridge = !config.vlan_bridge;
+	
+	set_default(config, 'vlan_no_bridge', !config.vlan_bridge);
 
 	append_vars(config, [
 		'dynamic_vlan', 'vlan_naming', 'vlan_bridge', 'vlan_no_bridge',

package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/common.uc

@@ -109,8 +109,6 @@ export function dump_network(file) {
 	if (file)
 		fs.writefile(file, config_data);
 
-	printf('%s\n', config_data);
-
 	return config_data;
 };
 

package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc

@@ -17,8 +17,8 @@ let phy_capabilities = {};
 /* make sure old style UCI and hwmode and newer band properties are correctly resolved */
 function set_device_defaults(config) {
 	/* validate the hw mode */
-	if (config.hwmode in [ '11a', '11b', '11g', '11ad' ])
-		config.hw_mode = substr(config.hwmode, 2);
+	if (config.hw_mode in [ '11a', '11b', '11g', '11ad' ])
+		config.hw_mode = substr(config.hw_mode, 2);
 	else if (config.channel > 14)
 		config.hw_mode = 'a';
 	else
@@ -478,7 +478,7 @@ function generate(config) {
 	device_rates(config);
 
 	/* beacon */
-	append_vars(config, [ 'beacon_int', 'beacon_rate', 'rnr_beacon', 'mbssid'  ]);
+	append_vars(config, [ 'beacon_int', 'beacon_rate', 'rnr_beacon' ]);
 
 	/* wpa_supplicant co-exist */
 	append_vars(config, [ 'noscan' ]);
@@ -510,6 +510,9 @@ function generate(config) {
 	}
 	device_htmode_append(config);
 
+	if (config.ieee80211ax || config.ieee80211be)
+		append_vars(config, [ 'mbssid' ]);
+
 	/* 6G power mode */
 	if (config.band != '6g')
 		append_vars(config, [ 'reg_power_type' ]);
@@ -541,6 +544,8 @@ export function setup(data) {
 
 	if (data.config.num_global_macaddr)
 		append('\n#num_global_macaddr', data.config.num_global_macaddr);
+	if (data.config.macaddr_base)
+		append('\n#macaddr_base', data.config.macaddr_base);
 
 	for (let k, interface in data.interfaces) {
 		if (interface.config.mode != 'ap')

package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/iface.uc

@@ -6,7 +6,7 @@ import * as fs from 'fs';
 export function parse_encryption(config) {
 	let encryption = split(config.encryption, '+', 2);
 
-	config.wpa_pairwise = (config.hwmode == 'ad') ? 'GCMP' : 'CCMP';
+	config.wpa_pairwise = (config.hw_mode == 'ad') ? 'GCMP' : 'CCMP';
 
 	switch(encryption[1]){
 	case 'tkip+aes':
@@ -101,7 +101,7 @@ export function wpa_key_mgmt(config) {
 		if (config.wpa >= 2 && config.ieee80211r)
 			append_value(config, 'wpa_key_mgmt', 'FT-EAP');
 		if (config.ieee80211w)
-			append_value(config, 'wpa_key_mgmt', 'WPA-EAP--SHA256');
+			append_value(config, 'wpa_key_mgmt', 'WPA-EAP-SHA256');
 		break;
 
 	case 'eap192':
@@ -178,9 +178,9 @@ function macaddr_random() {
 }
 
 let mac_idx = 0;
-export function prepare(data, phy, num_global_macaddr) {
+export function prepare(data, phy, num_global_macaddr, macaddr_base) {
 	if (!data.macaddr) {
-		let pipe = fs.popen(`ucode /usr/share/hostap/wdev.uc ${phy} get_macaddr id=${mac_idx} num_global=${num_global_macaddr} mbssid=${data.mbssid ?? 0}`);
+		let pipe = fs.popen(`ucode /usr/share/hostap/wdev.uc ${phy} get_macaddr id=${mac_idx} num_global=${num_global_macaddr} mbssid=${data.mbssid ?? 0} macaddr_base=${macaddr_base}`);
 
 		data.macaddr = trim(pipe.read("all"), '\n');
 		pipe.close();

package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc

@@ -182,9 +182,11 @@ export function generate(config_list, data, interface) {
 		return 1;
 	}
 
-	interface.config.country = data.config.country;
+	interface.config.country = data.config.country_code;
 	interface.config.beacon_int = data.config.beacon_int;
 
+	append_vars(interface.config, [ 'country', 'beacon_int' ]);
+
 	setup_sta(data.config, interface.config);
 
 	let file_name = `/var/run/wpa-supplicant-${interface.config.ifname}.conf`;
@@ -219,6 +221,7 @@ export function setup(config, data) {
 		config,
 		defer: true,
 		num_global_macaddr: data.config.num_global_macaddr,
+		macaddr_base: data.config.macaddr_base ?? "",
 	});
 
 	if (ret)
@@ -233,5 +236,6 @@ export function start(data) {
 		phy: data.phy,
 		radio: data.config.radio,
 		num_global_macaddr: data.config.num_global_macaddr,
+		macaddr_base: data.config.macaddr_base ?? "",
 	});
 };

package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh

@@ -337,7 +337,7 @@ hostapd_common_add_bss_config() {
 
 	config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds
 	config_add_int r0_key_lifetime reassociation_deadline
-	config_add_string mobility_domain r1_key_holder
+	config_add_string mobility_domain r1_key_holder rxkh_file
 	config_add_array r0kh r1kh
 
 	config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout
@@ -430,9 +430,36 @@ hostapd_set_psk() {
 	local ifname="$1"
 
 	rm -f /var/run/hostapd-${ifname}.psk
+	case "$auth_type" in
+		psk|psk-sae) ;;
+		*) return ;;
+	esac
 	for_each_station hostapd_set_psk_file ${ifname}
 }
 
+hostapd_set_sae_file() {
+	local ifname="$1"
+	local vlan="$2"
+	local vlan_id=""
+
+	json_get_vars mac vid key
+	set_default mac "ff:ff:ff:ff:ff:ff"
+	[ -n "$mac" ] && mac="|mac=$mac"
+	[ -n "$vid" ] && vlan_id="|vlanid=$vid"
+	printf '%s%s%s\n' "${key}" "${mac}" "${vlan_id}" >> /var/run/hostapd-${ifname}.sae
+}
+
+hostapd_set_sae() {
+	local ifname="$1"
+
+	rm -f /var/run/hostapd-${ifname}.sae
+	case "$auth_type" in
+		sae|psk-sae) ;;
+		*) return ;;
+	esac
+	for_each_station hostapd_set_sae_file ${ifname}
+}
+
 append_iw_roaming_consortium() {
 	[ -n "$1" ] && append bss_conf "roaming_consortium=$1" "$N"
 }
@@ -567,7 +594,7 @@ hostapd_set_bss_options() {
 
 	wireless_vif_parse_encryption
 
-	local bss_conf bss_md5sum ft_key
+	local bss_conf bss_md5sum ft_key rxkhs
 	local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt
 
 	json_get_vars \
@@ -688,7 +715,7 @@ hostapd_set_bss_options() {
 			wps_not_configured=1
 		;;
 		psk|sae|psk-sae)
-			json_get_vars key wpa_psk_file
+			json_get_vars key wpa_psk_file sae_password_file
 			if [ "$ppsk" -ne 0 ]; then
 				json_get_vars auth_secret auth_port
 				set_default auth_port 1812
@@ -699,15 +726,20 @@ hostapd_set_bss_options() {
 				append bss_conf "wpa_psk=$key" "$N"
 			elif [ ${#key} -ge 8 ] && [ ${#key} -le 63 ]; then
 				append bss_conf "wpa_passphrase=$key" "$N"
-			elif [ -n "$key" ] || [ -z "$wpa_psk_file" ]; then
+			elif [ -n "$key" ] || [ -z "$wpa_psk_file" ] || [ -z "$sae_password_file" ]; then
 				wireless_setup_vif_failed INVALID_WPA_PSK
 				return 1
 			fi
 			[ -z "$wpa_psk_file" ] && set_default wpa_psk_file /var/run/hostapd-$ifname.psk
-			[ -n "$wpa_psk_file" ] && {
+			[ -n "$wpa_psk_file" ] && [ "$auth_type" = "psk" -o "$auth_type" = "psk-sae" ] && {
 				[ -e "$wpa_psk_file" ] || touch "$wpa_psk_file"
 				append bss_conf "wpa_psk_file=$wpa_psk_file" "$N"
 			}
+			[ -z "$sae_password_file" ] && set_default sae_password_file /var/run/hostapd-$ifname.sae
+			[ -n "$sae_password_file" ] && [ "$auth_type" = "sae" -o "$auth_type" = "psk-sae" ] && {
+				[ -e "$sae_password_file" ] || touch "$sae_password_file"
+				append bss_conf "sae_password_file=$sae_password_file" "$N"
+			}
 			[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"
 
 			set_default dynamic_vlan 0
@@ -951,7 +983,7 @@ hostapd_set_bss_options() {
 			append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
 
 			if [ "$ft_psk_generate_local" -eq "0" ]; then
-				json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push
+				json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push rxkh_file
 				json_get_values r0kh r0kh
 				json_get_values r1kh r1kh
 
@@ -973,12 +1005,20 @@ hostapd_set_bss_options() {
 				append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
 				append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
 
-				for kh in $r0kh; do
-					append bss_conf "r0kh=${kh//,/ }" "$N"
-				done
-				for kh in $r1kh; do
-					append bss_conf "r1kh=${kh//,/ }" "$N"
-				done
+				if [ -z "$rxkh_file" ]; then
+					set_default rxkh_file /var/run/hostapd-$ifname.rxkh
+					[ -e "$rxkh_file" ] && rm -f "$rxkh_file"
+					touch "$rxkh_file"
+
+					for kh in $r0kh; do
+						append rxkhs "r0kh=${kh//,/ }" "$N"
+					done
+					for kh in $r1kh; do
+						append rxkhs "r1kh=${kh//,/ }" "$N"
+					done
+					echo "$rxkhs" > "$rxkh_file"
+				fi
+				append bss_conf "rxkh_file=$rxkh_file" "$N"
 			fi
 		fi
 

package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh

@@ -30,6 +30,7 @@ drv_mac80211_init_device_config() {
 	config_add_string tx_burst
 	config_add_string distance
 	config_add_string ifname_prefix
+	config_add_string macaddr_base
 	config_add_int radio beacon_int chanbw frag rts
 	config_add_int rxantenna txantenna txpower min_tx_power
 	config_add_int num_global_macaddr multiple_bssid
@@ -530,6 +531,7 @@ ${hostapd_noscan:+noscan=1}
 ${tx_burst:+tx_queue_data2_burst=$tx_burst}
 ${multiple_bssid:+mbssid=$multiple_bssid}
 #num_global_macaddr=$num_global_macaddr
+#macaddr_base=$macaddr_base
 $base_cfg
 
 EOF
@@ -577,7 +579,7 @@ mac80211_generate_mac() {
 	local phy="$1"
 	local id="${macidx:-0}"
 
-	wdev_tool "$phy$phy_suffix" get_macaddr id=$id num_global=$num_global_macaddr mbssid=${multiple_bssid:-0}
+	wdev_tool "$phy$phy_suffix" get_macaddr id=$id num_global=$num_global_macaddr mbssid=${multiple_bssid:-0} macaddr_base=${macaddr_base}
 }
 
 get_board_phy_name() (
@@ -669,7 +671,7 @@ mac80211_set_ifname() {
 mac80211_prepare_vif() {
 	json_select config
 
-	json_get_vars ifname mode ssid wds powersave macaddr enable wpa_psk_file vlan_file
+	json_get_vars ifname mode ssid wds powersave macaddr enable wpa_psk_file sae_password_file vlan_file
 
 	[ -n "$ifname" ] || {
 		local prefix;
@@ -702,7 +704,12 @@ mac80211_prepare_vif() {
 
 
 	[ "$mode" == "ap" ] && {
+		json_select config
+		wireless_vif_parse_encryption
+		json_select ..
+
 		[ -z "$wpa_psk_file" ] && hostapd_set_psk "$ifname"
+		[ -z "$sae_password_file" ] && hostapd_set_sae "$ifname"
 		[ -z "$vlan_file" ] && hostapd_set_vlan "$ifname"
 	}
 
@@ -934,6 +941,7 @@ wpa_supplicant_set_config() {
 	json_add_string phy "$phy"
 	json_add_int radio "$radio"
 	json_add_int num_global_macaddr "$num_global_macaddr"
+	json_add_string macaddr_base "$macaddr_base"
 	json_add_boolean defer 1
 	local data="$(json_dump)"
 
@@ -980,7 +988,7 @@ wpa_supplicant_start() {
 
 	[ -n "$wpa_supp_init" ] || return 0
 
-	ubus_call wpa_supplicant config_set '{ "phy": "'"$phy"'", "radio": '"$radio"', "num_global_macaddr": '"$num_global_macaddr"' }' > /dev/null
+	ubus_call wpa_supplicant config_set '{ "phy": "'"$phy"'", "radio": '"$radio"', "num_global_macaddr": '"$num_global_macaddr"', "macaddr_base": "'"$macaddr_base"'" }' > /dev/null
 }
 
 mac80211_setup_supplicant() {
@@ -1018,7 +1026,7 @@ mac80211_setup_vif() {
 			json_get_vars $MP_CONFIG_INT $MP_CONFIG_BOOL $MP_CONFIG_STRING
 			wireless_vif_parse_encryption
 			[ -z "$htmode" ] && htmode="NOHT";
-			if wpa_supplicant -vmesh; then
+			if [ -x /usr/sbin/wpa_supplicant ] && wpa_supplicant -vmesh; then
 				mac80211_setup_supplicant || failed=1
 			else
 				mac80211_setup_mesh
@@ -1107,7 +1115,7 @@ drv_mac80211_setup() {
 		rxantenna txantenna \
 		frag rts beacon_int:100 htmode \
 		num_global_macaddr:1 multiple_bssid \
-		ifname_prefix
+		ifname_prefix macaddr_base
 	json_get_values basic_rate_list basic_rate
 	json_get_values scan_list scan_list
 	json_select ..

package/network/config/wifi-scripts/files/usr/share/hostap/common.uc

@@ -213,7 +213,9 @@ const phy_proto = {
 		if (!base_mask)
 			return null;
 
-		if (base_mask == "00:00:00:00:00:00" &&
+		if (data.macaddr_base)
+			base_addr = data.macaddr_base;
+		else if (base_mask == "00:00:00:00:00:00" &&
 		    (radio_idx > 0 || idx >= num_global)) {
 			let addrs = split(phy_sysfs_file(phy, "addresses"), "\n");
 

package/network/services/dnsmasq/files/dhcp-script.sh

@@ -8,6 +8,15 @@ json_init
 json_add_array env
 hotplugobj=""
 
+oldIFS=$IFS
+IFS=$'\n'
+for var in $(env); do
+	if [ "${var}" != "${var#DNSMASQ_}" ]; then
+		json_add_string "" "${var%%=*}=${var#*=}"
+	fi
+done
+IFS=$oldIFS
+
 case "$1" in
 	add | del | old | arp-add | arp-del)
 		json_add_string "" "MACADDR=$2"

package/network/services/dnsmasq/files/dnsmasq.init

@@ -20,7 +20,7 @@ BASEDHCPSTAMPFILE="/var/run/dnsmasq"
 DHCPBOGUSHOSTNAMEFILE="/usr/share/dnsmasq/dhcpbogushostname.conf"
 RFC6761FILE="/usr/share/dnsmasq/rfc6761.conf"
 DHCPSCRIPT="/usr/lib/dnsmasq/dhcp-script.sh"
-DHCPSCRIPT_DEPENDS="/usr/share/libubox/jshn.sh /usr/bin/jshn /bin/ubus"
+DHCPSCRIPT_DEPENDS="/usr/share/libubox/jshn.sh /usr/bin/jshn /bin/ubus /usr/bin/env"
 
 DNSMASQ_DHCP_VER=4
 

package/network/services/dropbear/files/dropbear.init

@@ -8,7 +8,6 @@ STOP=50
 USE_PROCD=1
 PROG=/usr/sbin/dropbear
 NAME=dropbear
-PIDCOUNT=0
 
 extra_command "killclients" "Kill ${NAME} processes except servers and yourself"
 
@@ -298,8 +297,7 @@ dropbear_instance()
 		break
 	done
 
-	PIDCOUNT="$(( ${PIDCOUNT} + 1))"
-	local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
+	local pid_file="/var/run/${NAME}.${1}.pid"
 
 	procd_open_instance
 	procd_set_param command "$PROG" -F -P "$pid_file"

package/network/services/hostapd/files/hostapd.uc

@@ -10,6 +10,8 @@ hostapd.data.pending_config = {};
 hostapd.data.file_fields = {
 	vlan_file: true,
 	wpa_psk_file: true,
+	sae_password_file: true,
+	rxkh_file: true,
 	accept_mac_file: true,
 	deny_mac_file: true,
 	eap_user_file: true,
@@ -279,6 +281,7 @@ function iface_macaddr_init(phydev, config, macaddr_list)
 {
 	let macaddr_data = {
 		num_global: config.num_global_macaddr ?? 1,
+		macaddr_base: config.macaddr_base,
 		mbssid: config.mbssid ?? 0,
 	};
 
@@ -349,6 +352,64 @@ function bss_reload_psk(bss, config, old_config)
 	hostapd.printf(`Reload WPA PSK file for bss ${config.ifname}: ${ret}`);
 }
 
+function normalize_rxkhs(txt)
+{
+	const pat = {
+		sep: "\x20",
+		mac: "([[:xdigit:]]{2}:?){5}[[:xdigit:]]{2}",
+		r0kh_id: "[\x21-\x7e]{1,48}",
+		r1kh_id: "([[:xdigit:]]{2}:?){5}[[:xdigit:]]{2}",
+		key: "[[:xdigit:]]{32,}",
+		r0kh: function() {
+			return "r0kh=" + this.mac + this.sep + this.r0kh_id;
+		},
+		r1kh: function() {
+			return "r1kh=" + this.mac + this.sep + this.r1kh_id;
+		},
+		rxkh: function() {
+			return "(" + this.r0kh() + "|" + this.r1kh() + ")" + this.sep + this.key;
+		},
+	};
+
+	let rxkhs = filter(
+		split(txt, "\n"), (line) => match(line, regexp("^" + pat.rxkh() + "$"))
+	) ?? [];
+
+	rxkhs = map(rxkhs, function(k) {
+		k = split(k, " ", 3);
+		k[0] = lc(k[0]);
+		if(match(k[0], /^r1kh/)) {
+			k[1] = lc(k[1]);
+		}
+		if(!k[2] = hostapd.rkh_derive_key(k[2])) {
+			return;
+		}
+		return join(" ", k);
+	});
+
+	return join("\n", sort(filter(rxkhs, length)));
+}
+
+function bss_reload_rxkhs(bss, config, old_config)
+{
+	let bss_rxkhs = join("\n", sort(split(bss.ctrl("GET_RXKHS"), "\n")));
+	let bss_rxkhs_hash = hostapd.sha1(bss_rxkhs);
+
+	if (is_equal(config.hash.rxkh_file, bss_rxkhs_hash)) {
+		if (is_equal(old_config.hash.rxkh_file, config.hash.rxkh_file))
+			return;
+	}
+
+	old_config.hash.rxkh_file = config.hash.rxkh_file;
+	if (!is_equal(old_config, config))
+		return;
+
+	let ret = bss.ctrl("RELOAD_RXKHS");
+	ret ??= "failed";
+
+	hostapd.printf(`Reload RxKH file for bss ${config.ifname}: ${ret}`);
+}
+
 function remove_file_fields(config)
 {
 	return filter(config, (line) => !hostapd.data.file_fields[split(line, "=")[0]]);
@@ -365,6 +426,7 @@ function bss_remove_file_fields(config)
 	for (let key in config.hash)
 		new_cfg.hash[key] = config.hash[key];
 	delete new_cfg.hash.wpa_psk_file;
+	delete new_cfg.hash.sae_password_file;
 	delete new_cfg.hash.vlan_file;
 
 	return new_cfg;
@@ -649,6 +711,7 @@ function iface_reload_config(name, phydev, config, old_config)
 		}
 
 		bss_reload_psk(bss, config.bss[i], bss_list_cfg[i]);
+		bss_reload_rxkhs(bss, config.bss[i], bss_list_cfg[i]);
 		if (is_equal(config.bss[i], bss_list_cfg[i]))
 			continue;
 
@@ -748,6 +811,8 @@ function iface_load_config(phy, radio, filename)
 
 		if (val[0] == "#num_global_macaddr")
 			config[substr(val[0], 1)] = int(val[1]);
+		else if (val[0] == "#macaddr_base")
+			config[substr(val[0], 1)] = val[1];
 		else if (val[0] == "mbssid")
 			config[val[0]] = int(val[1]);
 
@@ -775,8 +840,13 @@ function iface_load_config(phy, radio, filename)
 			continue;
 		}
 
-		if (hostapd.data.file_fields[val[0]])
-			bss.hash[val[0]] = hostapd.sha1(readfile(val[1]));
+		if (hostapd.data.file_fields[val[0]]) {
+			if (val[0] == "rxkh_file") {
+				bss.hash[val[0]] = hostapd.sha1(normalize_rxkhs(readfile(val[1])));
+			} else {
+				bss.hash[val[0]] = hostapd.sha1(readfile(val[1]));
+			}
+		}
 
 		push(bss.data, line);
 	}

package/network/services/hostapd/files/wpa_supplicant.uc

@@ -68,7 +68,7 @@ function prepare_config(config, radio)
 	return { config };
 }
 
-function set_config(config_name, phy_name, radio, num_global_macaddr, config_list)
+function set_config(config_name, phy_name, radio, num_global_macaddr, macaddr_base, config_list)
 {
 	let phy = wpas.data.config[config_name];
 
@@ -83,6 +83,7 @@ function set_config(config_name, phy_name, radio, num_global_macaddr, config_lis
 
 	phy.radio = radio;
 	phy.num_global_macaddr = num_global_macaddr;
+	phy.macaddr_base = macaddr_base;
 
 	let values = [];
 	for (let config in config_list)
@@ -106,7 +107,10 @@ function start_pending(phy_name)
 	}
 
 	let macaddr_list = wpas.data.macaddr_list[phy_name];
-	phydev.macaddr_init(macaddr_list, { num_global: phy.num_global_macaddr });
+	phydev.macaddr_init(macaddr_list, {
+		num_global: phy.num_global_macaddr,
+		macaddr_base: phy.macaddr_base,
+	});
 
 	for (let ifname in phy.data)
 		iface_start(phydev, phy.data[ifname]);
@@ -210,6 +214,7 @@ let main_obj = {
 			phy: "",
 			radio: 0,
 			num_global_macaddr: 0,
+			macaddr_base: "",
 			config: [],
 			defer: true,
 		},
@@ -221,7 +226,7 @@ let main_obj = {
 			wpas.printf(`Set new config for phy ${phy}`);
 			try {
 				if (req.args.config)
-					set_config(phy, req.args.phy, req.args.radio, req.args.num_global_macaddr, req.args.config);
+					set_config(phy, req.args.phy, req.args.radio, req.args.num_global_macaddr, req.args.macaddr_base, req.args.config);
 
 				if (!req.args.defer)
 					start_pending(phy);

package/network/services/hostapd/src/src/ap/ucode.c

@@ -817,12 +817,52 @@ out:
 	ucv_put(val);
 }
 
+static uc_value_t *
+uc_wpa_rkh_derive_key(uc_vm_t *vm, size_t nargs)
+{
+#ifdef CONFIG_IEEE80211R_AP
+	u8 oldkey[16];
+	char *oldkey_hex;
+	u8 key[SHA256_MAC_LEN];
+	size_t key_len = sizeof(key);
+	char key_hex[2 * ARRAY_SIZE(key) + 1];
+	uc_value_t *val = uc_fn_arg(0);
+	int i;
+
+	if (ucv_type(val) != UC_STRING)
+		return NULL;
+
+	oldkey_hex = ucv_string_get(val);
+
+	if (!hexstr2bin(oldkey_hex, key, key_len))
+		return ucv_string_new_length(oldkey_hex, 2 * ARRAY_SIZE(key));
+
+	if (hexstr2bin(oldkey_hex, oldkey, sizeof(oldkey))) {
+		wpa_printf(MSG_ERROR, "Invalid RxKH key: '%s'", oldkey_hex);
+		return NULL;
+	}
+
+	if (hmac_sha256_kdf(oldkey, sizeof(oldkey), "FT OLDKEY", NULL, 0, key, key_len) < 0) {
+		wpa_printf(MSG_ERROR, "Invalid RxKH key: '%s'", oldkey_hex);
+		return NULL;
+	}
+
+	for (i = 0; i < ARRAY_SIZE(key); i++)
+		sprintf(key_hex + 2 * i, "%02x", key[i]);
+
+	return ucv_string_new_length(key_hex, 2 * ARRAY_SIZE(key));
+#else
+	return NULL;
+#endif
+}
+
 int hostapd_ucode_init(struct hapd_interfaces *ifaces)
 {
 	static const uc_function_list_t global_fns[] = {
 		{ "printf",	uc_wpa_printf },
 		{ "getpid", uc_wpa_getpid },
 		{ "sha1", uc_wpa_sha1 },
+		{ "rkh_derive_key", uc_wpa_rkh_derive_key },
 		{ "freq_info", uc_wpa_freq_info },
 		{ "add_iface", uc_hostapd_add_iface },
 		{ "remove_iface", uc_hostapd_remove_iface },

package/network/services/hostapd/src/src/utils/ucode.c

@@ -3,6 +3,7 @@
 #include "utils/eloop.h"
 #include "crypto/crypto.h"
 #include "crypto/sha1.h"
+#include "crypto/sha256.h"
 #include "common/ieee802_11_common.h"
 #include <linux/netlink.h>
 #include <linux/genetlink.h>

package/network/services/umdns/Makefile

@@ -12,9 +12,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/mdnsd.git
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2024-09-17
-PKG_SOURCE_VERSION:=fbaca4b6f530d4b2f361ee15c266aa19a708242b
-PKG_MIRROR_HASH:=e3fc47a019ea54722b8d7dfc8158307a9fb4a9d18945a1a6794616e3b80d5d3b
+PKG_SOURCE_DATE:=2024-12-11
+PKG_SOURCE_VERSION:=93458ac90911b84c7279070cd350405d203b702d
+PKG_MIRROR_HASH:=6e6fe777d19da744116579be612590e1b41a9ef2c8ff2afeaea942d6b3da49ef
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=LGPL-2.1

package/network/utils/comgt/files/ncm.sh

@@ -28,12 +28,13 @@ proto_ncm_init_config() {
 proto_ncm_setup() {
 	local interface="$1"
 
-	local manufacturer initialize setmode connect finalize devname devpath ifpath
+	local connect context_type devname devpath finalize ifpath initialize manufacturer setmode
 
-	local device ifname  apn auth username password pincode delay mode pdptype profile $PROTO_DEFAULT_OPTIONS
-	json_get_vars device ifname apn auth username password pincode delay mode pdptype sourcefilter delegate profile $PROTO_DEFAULT_OPTIONS
+	local delegate sourcefilter $PROTO_DEFAULT_OPTIONS
+	json_get_vars delegate sourcefilter $PROTO_DEFAULT_OPTIONS
 
-	local context_type
+	local apn auth delay device ifname mode password pdptype pincode profile username
+	json_get_vars apn auth delay device ifname mode password pdptype pincode profile username
 
 	[ "$metric" = "" ] && metric="0"
 

package/network/utils/umbim/files/lib/netifd/proto/mbim.sh

@@ -46,10 +46,14 @@ _proto_mbim_setup() {
 	local tid=2
 	local ret
 
-	local device apn pincode delay auth username password allow_roaming allow_partner
-	local dhcp dhcpv6 pdptype ip4table ip6table mtu $PROTO_DEFAULT_OPTIONS
-	json_get_vars device apn pincode delay auth username password allow_roaming allow_partner
-	json_get_vars dhcp dhcpv6 sourcefilter delegate pdptype ip4table ip6table mtu $PROTO_DEFAULT_OPTIONS
+	local allow_partner allow_roaming apn auth delay device password pincode username
+	json_get_vars allow_partner allow_roaming apn auth delay device password pincode username
+
+	local dhcp dhcpv6 pdptype
+	json_get_vars dhcp dhcpv6 pdptype
+
+	local delegate ip4table ip6table mtu sourcefilter $PROTO_DEFAULT_OPTIONS
+	json_get_vars delegate ip4table ip6table mtu sourcefilter $PROTO_DEFAULT_OPTIONS
 
 	[ ! -e /proc/sys/net/ipv6 ] && ipv6=0 || json_get_var ipv6 ipv6
 

package/network/utils/uqmi/files/lib/netifd/proto/qmi.sh

@@ -34,17 +34,20 @@ proto_qmi_init_config() {
 
 proto_qmi_setup() {
 	local interface="$1"
-	local dataformat connstat plmn_mode mcc mnc
-	local device apn v6apn auth username password pincode delay modes pdptype
-	local profile v6profile dhcp dhcpv6 autoconnect plmn timeout mtu $PROTO_DEFAULT_OPTIONS
-	local ip4table ip6table
-	local cid_4 pdh_4 cid_6 pdh_6
-	local ip_6 ip_prefix_length gateway_6 dns1_6 dns2_6
+
+	local connstat dataformat mcc mnc plmn_mode
+	local cid_4 cid_6 pdh_4 pdh_6
+	local dns1_6 dns2_6 gateway_6 ip_6 ip_prefix_length
 	local profile_pdptype
 
-	json_get_vars device apn v6apn auth username password pincode delay modes
-	json_get_vars pdptype profile v6profile dhcp dhcpv6 sourcefilter delegate autoconnect plmn ip4table
-	json_get_vars ip6table timeout mtu $PROTO_DEFAULT_OPTIONS
+	local delegate ip4table ip6table mtu sourcefilter $PROTO_DEFAULT_OPTIONS
+	json_get_vars delegate ip4table ip6table mtu sourcefilter $PROTO_DEFAULT_OPTIONS
+
+	local apn auth delay device modes password pdptype pincode username v6apn
+	json_get_vars apn auth delay device modes password pdptype pincode username v6apn
+
+	local profile v6profile dhcp dhcpv6 autoconnect plmn timeout
+	json_get_vars profile v6profile dhcp dhcpv6 autoconnect plmn timeout
 
 	[ "$timeout" = "" ] && timeout="10"
 

package/system/procd/Makefile

@@ -12,9 +12,9 @@ PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=$(PROJECT_GIT)/project/procd.git
-PKG_MIRROR_HASH:=56c5f71da3f68036c63ae59d01992785e74027726da5973297895985cd27c215
-PKG_SOURCE_DATE:=2024-11-13
-PKG_SOURCE_VERSION:=7330fa55c5211eb7b3c675d1c7b8281b69b53553
+PKG_MIRROR_HASH:=2c9eb493618e3a695d329cbf7379a165d4c2366a6e00edc63db3271aa059a294
+PKG_SOURCE_DATE:=2024-12-11
+PKG_SOURCE_VERSION:=e2f05deb93949f447d397e8cd3a341bc8e53cd38
 CMAKE_INSTALL:=1
 
 PKG_LICENSE:=GPL-2.0

rules.mk

@@ -342,9 +342,11 @@ ifneq ($(CONFIG_CCACHE),)
   TARGET_CXX:= ccache $(TARGET_CXX)
   HOSTCC:= ccache $(HOSTCC)
   HOSTCXX:= ccache $(HOSTCXX)
+  export CCACHE_NOHASHDIR:=true
+  export CCACHE_NOCOMPRESS:=true
   export CCACHE_BASEDIR:=$(TOPDIR)
   export CCACHE_DIR:=$(if $(call qstrip,$(CONFIG_CCACHE_DIR)),$(call qstrip,$(CONFIG_CCACHE_DIR)),$(TOPDIR)/.ccache)
-  export CCACHE_COMPILERCHECK:=%compiler% -dumpmachine; %compiler% -dumpversion
+  export CCACHE_COMPILERCHECK:=%compiler% -v -c
 endif
 
 TARGET_CONFIGURE_OPTS = \

target/linux/ipq40xx/files-6.6/arch/arm/boot/dts/qcom/qcom-ipq4018-fritzbox-4040.dts

@@ -151,6 +151,8 @@
 	pinctrl-0 = <&spi_0_pins>;
 	pinctrl-names = "default";
 	status = "okay";
+	/delete-property/ dmas;
+	/delete-property/ dma-names;
 	cs-gpios = <&tlmm 54 GPIO_ACTIVE_HIGH>;
 
 	flash@0 {

target/linux/ipq40xx/files-6.6/arch/arm/boot/dts/qcom/qcom-ipq4019-wia3300-20.dts

@@ -68,11 +68,6 @@
 		};
 	};
 
-	output-usb-power {
-		compatible = "regulator-output";
-		vout-supply = <&reg_usb>;
-	};
-
 	reg_usb: regulator-usb {
 		compatible = "regulator-fixed";
 
@@ -419,6 +414,8 @@
 
 &usb2_hs_phy {
 	status = "okay";
+
+	phy-supply = <&reg_usb>;
 };
 
 &watchdog {

target/linux/ipq40xx/generic/config-default

@@ -3,5 +3,4 @@ CONFIG_MTD_UBI_BEB_LIMIT=20
 CONFIG_MTD_UBI_BLOCK=y
 CONFIG_MTD_UBI_NVMEM=y
 CONFIG_MTD_UBI_WL_THRESHOLD=4096
-CONFIG_REGULATOR_USERSPACE_CONSUMER=y
 CONFIG_UBIFS_FS=y

target/linux/mediatek/image/filogic.mk

@@ -592,6 +592,8 @@ TARGET_DEVICES += cmcc_rax3000m
 define Device/comfast_cf-e393ax
   DEVICE_VENDOR := COMFAST
   DEVICE_MODEL := CF-E393AX
+  DEVICE_ALT0_VENDOR := COMFAST
+  DEVICE_ALT0_MODEL := CF-E395AX
   DEVICE_DTS := mt7981a-comfast-cf-e393ax
   DEVICE_DTS_DIR := ../dts
   DEVICE_DTC_FLAGS := --pad 4096

target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/firmware/11-ath11k-caldata

@@ -15,7 +15,13 @@ case "$FIRMWARE" in
 	cambiumnetworks,xe3-4)
 		caldata_extract "0:ART" 0x1000 0x10000
 		;;
-	linksys,mr7350|\
+	linksys,mr7350)
+		caldata_extract "0:art" 0x1000 0x10000
+		addr=$(mtd_get_mac_ascii devinfo hw_mac_addr)
+		ath11k_patch_mac $(macaddr_add $addr 2) 0
+		ath11k_patch_mac $(macaddr_add $addr 1) 1
+		ath11k_set_macflag
+		;;
 	netgear,wax214)
 		caldata_extract "0:art" 0x1000 0x10000
 		;;

target/linux/qualcommax/ipq60xx/base-files/etc/hotplug.d/ieee80211/11_fix_wifi_mac

@@ -1,18 +0,0 @@
-[ "$ACTION" == "add" ] || exit 0
-
-PHYNBR=${DEVPATH##*/phy}
-
-[ -n $PHYNBR ] || exit 0
-
-. /lib/functions.sh
-. /lib/functions/system.sh
-
-board=$(board_name)
-
-case "$board" in
-	linksys,mr7350)
-		addr=$(mtd_get_mac_ascii devinfo hw_mac_addr)
-		[ "$PHYNBR" = "0" ] && macaddr_add $addr 2 > /sys${DEVPATH}/macaddress
-		[ "$PHYNBR" = "1" ] && macaddr_add $addr 1 > /sys${DEVPATH}/macaddress
-		;;
-esac

target/linux/qualcommax/ipq60xx/base-files/etc/init.d/bootcount

@@ -12,4 +12,3 @@ boot() {
 	;;
 	esac
 }
-