Rafał Miłecki [Tue, 24 Oct 2023 05:40:37 +0000 (07:40 +0200)]
bcm53xx: backport DT changes queued for v6.7
Among other changes this commit makes Linux use correct switch ports
again.
Fixes: fff279f4a712 ("bcm53xx: backport DT changes from v6.5")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
a67af19bc84e98588c307af9b08686bde9dd38d5)
Rafał Miłecki [Fri, 13 Oct 2023 10:57:35 +0000 (12:57 +0200)]
bcm53xx: simplify patch adding switch ports
We now have all raw ports defined in bcm-ns.dtsi. Leave only lables in
custom device files.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
08ce0c76d7d7daad5e9382d51960d69f4b8b8f3a)
Rani Hod [Sat, 30 Sep 2023 19:22:13 +0000 (22:22 +0300)]
bcm53xx: build a single device per profile
So far every build of a single bcm53xx Target Profile (it means: when
NOT using CONFIG_TARGET_MULTI_PROFILE) resulted in all target devices
images being built. Now it only builds the one matching selected
profile.
Fixes: #13572
Suggested-by: Jonas Gorski <jonas.gorski@gmail.com>
Signed-off-by: Rani Hod <rani.hod@gmail.com>
[rmilecki: update commit subject + body & move PROFILES line]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
802a5f5cb4a7b42d25e82b787d7ab1323a20183f)
Arınç ÜNAL [Thu, 10 Aug 2023 12:23:09 +0000 (15:23 +0300)]
bcm53xx: add support for ASUS RT-AC3100
ASUS RT-AC3100 is ASUS RT-AC88U without the external switch.
OpenWrt forum users effortless and ktmakwana have confirmed that there are
revisions with either 4366b1 or 4366c0 wireless chips.
Therefore, include firmware for 4366b1 along with 4366c0. This way, all
hardware revisions of the router will be supported by having brcmfmac use
the firmware file for the wireless chip it detects.
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit
2214bab3503981fe6168746acd13044a9d5e89e7)
Arınç ÜNAL [Thu, 10 Aug 2023 12:23:08 +0000 (15:23 +0300)]
bcm53xx: backport DT changes for ASUS RT-AC3100 queued for v6.6
Backport the patch that adds the DT for ASUS RT-AC3100.
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
(cherry picked from commit
b7ee8c9f83ea0e3b861e6b71b08ed7a62066d149)
Koen Vandeputte [Tue, 12 Sep 2023 13:38:27 +0000 (15:38 +0200)]
ipq40xx: switch to performance governor by default
Doing a simple ping to my device shows this:
64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=2.00 ms
64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=2.02 ms
64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=1.68 ms
64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=1.91 ms
64 bytes from 10.0.253.101: icmp_seq=5 ttl=64 time=1.92 ms
64 bytes from 10.0.253.101: icmp_seq=6 ttl=64 time=2.04 ms
Some users even report higher values on older kernels:
64 bytes from 192.168.1.10: seq=0 ttl=64 time=0.612 ms
64 bytes from 192.168.1.10: seq=1 ttl=64 time=2.852 ms
64 bytes from 192.168.1.10: seq=2 ttl=64 time=2.719 ms
64 bytes from 192.168.1.10: seq=3 ttl=64 time=2.741 ms
64 bytes from 192.168.1.10: seq=4 ttl=64 time=2.808 ms
The problem is that the governor is set to Ondemand, which causes
the CPU to clock all the way down to 48MHz in some cases.
Switching to performance governor:
64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=0.528 ms
64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=0.561 ms
64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=0.633 ms
64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=0.526 ms
In theory, using the Performance governor should increase power draw,
but it looks like it really does not matter for this soc.
Using a calibrated precision DC power supply (cpu idle):
Ondemand
24.00V * 0.134A = 3.216 Watts
48.00V * 0.096A = 4.608 Watts
Performance
24.00V * 0.135A = 3.240 Watts
48.00V * 0.096A = 4.608 Watts
Let's simply switch to the Performance governor by default
to fix the general jittery behaviour on devices using this soc.
Tested on: MikroTik wAP ac
Fixes: #13649
Reviewed-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(cherry picked from commit
b8e52852bd62236a2a84663b4592d221ebc64cb4)
Koen Vandeputte [Fri, 13 Oct 2023 15:47:11 +0000 (17:47 +0200)]
ath79: wpj563: enable 2nd USB controller
The compex WPJ563 actually has both usb controllers wired:
usb0 --> pci-e slot
usb1 --> pin header
As the board exposes it for generic use, enable this controller too.
fixes: #13650
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(cherry picked from commit
9188c77cbee55a933d0fa75c74e175fbc52c556d)
Hauke Mehrtens [Fri, 11 Aug 2023 20:45:40 +0000 (22:45 +0200)]
openssl: bump to 1.1.1v
Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023]
o Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
de29f15af173e9434d11a00ffcf437bd6bc97727)
Hauke Mehrtens [Wed, 7 Jun 2023 20:37:47 +0000 (22:37 +0200)]
openssl: bump to 1.1.1u
Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]
o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
o Fixed handling of invalid certificate policies in leaf certificates
(CVE-2023-0465)
o Limited the number of nodes created in a policy tree ([CVE-2023-0464])
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
afb442270211c00282cecf323d568aa88391a32c)
Hauke Mehrtens [Sun, 24 Sep 2023 18:16:21 +0000 (20:16 +0200)]
treewide: Add extra CPE identifier
This adds some Common Platform Enumerations (CPE) identifiers which I
found.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Arne Zachlod [Wed, 13 Sep 2023 16:20:03 +0000 (18:20 +0200)]
toolchain: musl: add PKG_CPE_ID
Vulnerabilities of musl libc are tracked as
cpe:/a:musl-libc:musl
Signed-off-by: Arne Zachlod <arne@nerdkeller.org>
Alexander Couzens [Mon, 18 Sep 2023 22:23:40 +0000 (00:23 +0200)]
toolchain: assign PKG_CPE_ID
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has a CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Alexander Couzens [Mon, 18 Sep 2023 22:10:03 +0000 (00:10 +0200)]
tools: assign PKG_CPE_ID
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining tools which have a CPE ID.
Not every tool has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Alexander Couzens [Mon, 18 Sep 2023 20:53:14 +0000 (22:53 +0200)]
packages: assign PKG_CPE_ID for all missing packages
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Jonas Gorski [Sat, 9 Sep 2023 10:44:42 +0000 (12:44 +0200)]
x86: geode: fix hwrng register accesses
When the membase and pci_dev pointer were moved to a new struct in priv,
the actual membase users were left untouched, and they started reading
out arbitrary memory behind the struct instead of registers. This
unfortunately turned the RNG into a constant number generator, depending
on the content of what was at that offset.
To fix this, update geode_rng_data_{read,present}() to also get the
membase via amd_geode_priv, and properly read from the right addresses
again.
Closes #13417.
Reported-by: Timur I. Davletshin <timur.davletshin@gmail.com>
Tested-by: Timur I. Davletshin <timur.davletshin@gmail.com>
Suggested-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit
09d13cd8d87cc50fde67bbe81c6cca4b799b2724)
Rafał Miłecki [Tue, 25 Jul 2023 07:51:35 +0000 (09:51 +0200)]
urngd: update to the latest master
7aefb47 jitterentropy-rngd: update to the v1.2.0
What's interesting about jitterentropy-rngd v1.2.0 release is that it
bumps its copy of jitterentropy-library from v2.2.0 to the v3.0.0. That
bump includes a relevant commit
3130cd9 ("replace LSFR with SHA-3 256").
When initializing entropy jent calculates time delta. Time values are
obtained using clock_gettime() + CLOCK_REALTIME. There is no guarantee
from CLOCK_REALTIME of unique values and slow devices often return
duplicated ones.
A switch from jent_lfsr_time() to jent_hash_time() resulted in many less
cases of zero delta and avoids ECOARSETIME.
Long story short: on some system this fixes:
[ 6.722725] urngd: jent-rng init failed, err: 2
This is important change for BCM53573 which doesn't include hwrng and
seems to have arch_timer running at 36,8 Hz.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
c74b5e09e692839b39c8325b5f8dc5f2a3b3896c)
Rafał Miłecki [Sat, 29 Jul 2023 15:02:28 +0000 (17:02 +0200)]
bcm53xx: backport more DT changes queued for v6.6
Those sort out BCM53573 Ethernet info finally.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
ca8868a51127f6081a524d47eab937b90af0bf05)
Rafał Miłecki [Sun, 23 Jul 2023 20:41:18 +0000 (22:41 +0200)]
bcm53xx: add BCM53573 Ethernet fix sent upstream for v6.6
It seems that DSA-based b53 driver never worked with BCM53573 SoCs and
BCM53125.
In case of swconfig-based b53 this fixes a regression. Switching bgmac
from using mdiobus_register() to of_mdiobus_register() resulted in MDIO
device (BCM53125) having of_node set (see of_mdiobus_register_phy()).
That made downstream b53 driver read invalid data from DT and broke
Ethernet support.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
79fd3e62b4910731c13692b2daa2083e0f95c023)
Tomasz Maciej Nowak [Tue, 11 Jul 2023 14:09:49 +0000 (16:09 +0200)]
sdk: rename README + update Makefile
'help' target fails not finding a file, so follow up on a change[2] made
as a fix for main README[1].
1.
d0113711a31f ("README: port to 21st century")
2.
751486b31fd9 ("build: fix README.md reference after rename")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit
2d5f7035cf45801158bed6f5d0ac0de0002c1810)
(cherry picked from commit
e9911f10e482f3174f745a36c0c9fd7964758caf)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Tomasz Maciej Nowak [Tue, 11 Jul 2023 14:06:21 +0000 (16:06 +0200)]
ib: split out processing user provided packages
Some device recipes remove default target packages. If user tries to add
them back they will be ignored, since packages list is processed in one
go. Process the device recipe packages first and do user ones later, so
additions won't get filtered out.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit
e40b9a7fa002154e85459791101a0444d99dfb86)
Rafał Miłecki [Fri, 14 Jul 2023 10:35:26 +0000 (12:35 +0200)]
bcm53xx: backport DT changes queued for v6.6
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
37ff916af789911fdefb802ce9903e866eb82435)
Rafał Miłecki [Tue, 11 Jul 2023 08:30:08 +0000 (10:30 +0200)]
bcm53xx: backport DT changes from v6.5
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
8674b41c0d84f09e14bf8ebe08e1d6dc6ac5fa64)
Rafał Miłecki [Mon, 10 Jul 2023 09:38:23 +0000 (11:38 +0200)]
kernel: bgmac: fix regressed support for BCM53573 SoCs
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
d54f3b2cfdbd34aa61ca67fd590eebfdf3db51cf)
Rafał Miłecki [Mon, 27 Feb 2023 09:46:14 +0000 (09:46 +0000)]
kernel: fix bgmac support for BCM5358
Fix two long-standing regressions.
Fixes: https://github.com/openwrt/openwrt/issues/8278
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
5e48c534f7c6b3a861f4a2dbb81d7bfcd9606f61)
Rafał Miłecki [Mon, 8 Nov 2021 14:55:40 +0000 (15:55 +0100)]
bcm47xx: fix bgmac regression present in 5.4 kernel
This fixes:
[ 2.548098] bgmac_bcma bcma0:1: Failed to register fixed PHY device
[ 2.554584] bgmac_bcma bcma0:1: Cannot connect to phy
and downstream (swconfig-based) b53 driver failing to load.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
6cdac994012003065a7040ceba3186f80db3cdbe)
Rafał Miłecki [Thu, 7 Oct 2021 09:29:52 +0000 (11:29 +0200)]
kernel: backport bgmac upstream commits from 5.15 / for 5.16
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
fd71ef34b75c81646d17d21d80dc3a5b5e2e6bb8)
Álvaro Fernández Rojas [Wed, 14 Jun 2023 21:27:29 +0000 (23:27 +0200)]
bcm63xx: fix NETGEAR DGND3700v2 boot loop
The DGND3700v2 renames the cferam bootloader from cferam to cfeXXX, where XXX
is the number of firmware upgrades performed by the bootloader. Other bcm63xx
devices rename cferam.000 to cferam.XXX, but this device is special because
the cferam name isn't changed on the first firmware flashing but it's changed
on the subsequent ones.
Therefore, we need to look for "cfe" instead of "cferam" to properly detect
the cferam partition and fix the bootlop.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit
cdfcac6e246de9f237d1425e498db3f34ddebbaf)
Álvaro Fernández Rojas [Wed, 14 Jun 2023 21:21:34 +0000 (23:21 +0200)]
kernel: mtd: bcm-wfi: add cferam name support
Some devices rename cferam bootloader using specific patterns and don't follow
broadcom standards for renaming cferam files. This requires supporting
different cferam file names.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit
8813edd8d9695d4e3939fdaa3c530c682f91de11)
Paul Spooren [Tue, 9 May 2023 19:39:58 +0000 (21:39 +0200)]
build: generate index.json
The index.json file lies next to Packages index files and contains a
json dict with the package architecture and a dict of package names and
versions.
This can be used for downstream project to know what packages in which
versions are available.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
218ce40cd738f3373438aab82467807a8707fb9c)
Hauke Mehrtens [Thu, 27 Apr 2023 21:08:18 +0000 (23:08 +0200)]
OpenWrt v21.02.7: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Thu, 27 Apr 2023 21:08:10 +0000 (23:08 +0200)]
OpenWrt v21.02.7: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Eneas U de Queiroz [Tue, 4 Apr 2023 18:39:56 +0000 (15:39 -0300)]
openssl: fix CVE-2023-464 and CVE-2023-465
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:
- Excessive Resource Usage Verifying X.509 Policy Constraints
(CVE-2023-0464)
Severity: Low
A security vulnerability has been identified in all supported versions
of OpenSSL related to the verification of X.509 certificate chains
that include policy constraints. Attackers may be able to exploit
this vulnerability by creating a malicious certificate chain that
triggers exponential use of computational resources, leading to a
denial-of-service (DoS) attack on affected systems.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
- Invalid certificate policies in leaf certificates are silently ignored
(CVE-2023-0465)
Severity: Low
Applications that use a non-default option when verifying certificates
may be vulnerable to an attack from a malicious CA to circumvent
certain checks.
Invalid certificate policies in leaf certificates are silently ignored
by OpenSSL and other certificate policy checks are skipped for that
certificate. A malicious CA could use this to deliberately assert
invalid certificate policies in order to circumvent policy checking on
the certificate altogether.
Policy processing is disabled by default but can be enabled by passing
the `-policy' argument to the command line utilities or by calling the
`X509_VERIFY_PARAM_set1_policies()' function.
Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466. It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.
Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Daniel Golle [Sat, 15 Apr 2023 00:35:17 +0000 (01:35 +0100)]
kernel: backport fix for recently introduced UBI bug
Import commit "ubi: Fix failure attaching when vid_hdr offset equals to
(sub)page size" which did not yet make it to stable upstream Linux trees.
Fixes: #12232
Fixes: #12339
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
aad34818b50029e07ed9221ae46f9770d6e29785)
Matthias Schiffer [Thu, 13 Apr 2023 18:51:05 +0000 (20:51 +0200)]
uclient: update to Git version 2023-04-13
007d94546749 uclient: cancel state change timeout in uclient_disconnect()
644d3c7e13c6 ci: improve wolfSSL test coverage
dc54d2b544a1 tests: add certificate check against letsencrypt.org
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit
4f1c2e8deef10e9ca34ceff5a096e62aaa668e90)
Daniel Golle [Sun, 9 Apr 2023 22:38:42 +0000 (23:38 +0100)]
OpenWrt v21.02.6: revert to branch defaults
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 9 Apr 2023 22:38:36 +0000 (23:38 +0100)]
OpenWrt v21.02.6: adjust config defaults
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Paul Spooren [Sun, 12 Mar 2023 15:56:41 +0000 (16:56 +0100)]
imagebuilder: allow to specific ROOTFS_PARTSIZE
Setting this options modifies the rootfs size of created images. When
installing a large number of packages it may become necessary to
increase the size to have enough storage.
This option is only useful for supported devices, i.e. with an attached
SD Card or installed on a hard drive.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit
7b7edd25a571568438c886529d3443054e02f55f)
Felix Fietkau [Thu, 30 Mar 2023 12:18:04 +0000 (14:18 +0200)]
kernel: remove obsolete netfilter tcp window size check bypass patch
On any currently supported hardware, the performance impact should not
matter anymore.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
75e78bcaab847557ce1782eb2dea9dff9a029171)
Felix Fietkau [Wed, 29 Mar 2023 15:54:19 +0000 (17:54 +0200)]
mac80211, mt76: add fixes for recently discovered security issues
Fixes CVE-2022-47522
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit
d54c91bd9ab3c54ee06923eafbd67047816a37e4)
Daniel González Cabanelas [Thu, 16 Feb 2023 22:04:20 +0000 (23:04 +0100)]
ipq40xx: Linksys MR8300: fix the USB port power
The USB port on the MR8300 randomly fails to feed bus-powered devices.
This is caused by a misconfigured pinmux. The GPIO68 should be used to
enable the USB power (active low), but it's inside the NAND pinmux.
This GPIO pin was found in the original firmware at a startup script in
both MR8300 and EA8300. Therefore apply the fix for both boards.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit
ed64c3323590e3c9fa8b423bf37689023a7a101f)
Signed-off-by: Steffen Scheib <steffen@scheib.me>
Hauke Mehrtens [Mon, 27 Mar 2023 14:44:54 +0000 (16:44 +0200)]
kernel: bump 5.4 to 5.4.238
Compile-tested: armvirt/64, lantiq/xrx200
Run-tested: armvirt/64, lantiq/xrx200
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mathias Kresin [Sun, 27 Dec 2020 16:25:25 +0000 (17:25 +0100)]
lantiq: ltq-tapi: add kernel 5.10 compatiblity
Due to SCHED_FIFO being a broken scheduler model, all users of
sched_setscheduler() are converted to sched_set_fifo_low() upstream and
sched_setscheduler() is no longer exported.
The callback handling of the tasklet API was redesigned and the macros
using the old syntax renamed to _OLD.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit
31f3f797004ad318a1de88ec9cfdece523ee46d9)
[Add DECLARE_TASKLET handling for kernel 5.4.235 too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Mathias Kresin [Sun, 27 Dec 2020 18:42:24 +0000 (19:42 +0100)]
ltq-atm/ltq-ptm: add kernel 5.10 compatiblity
The callback handling of the tasklet API was redesigned and the macros
using the old syntax renamed to _OLD.
The stuck queue is now passed to ndo_tx_timeout callback but not used so
far.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit
804c541446ab8e3fab11dba5d8fe07807af7fac5)
[Add DECLARE_TASKLET handling for kernel 5.4.235 too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
John Audia [Sat, 11 Mar 2023 15:42:26 +0000 (10:42 -0500)]
kernel: tcindex classifier has been retired
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.4.235&id=
7a6fb69bbcb21e9ce13bdf18c008c268874f0480
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
fbfec3286e8bfce3a78749b7bcb67e658665f197)
Hauke Mehrtens [Mon, 27 Mar 2023 00:17:03 +0000 (02:17 +0200)]
kernel: bump 5.4 to 5.4.234
Compile-tested: armvirt/64, lantiq/xrx200
Run-tested: armvirt/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rafał Miłecki [Thu, 16 Mar 2023 21:01:51 +0000 (22:01 +0100)]
bcm4908: include usbport trigger
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
cb2661844a5d54d44230ee564d4f17605a794a49)
Rafał Miłecki [Thu, 16 Mar 2023 19:28:47 +0000 (20:28 +0100)]
bcm4908: backport v6.4 pending DTS changes
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
ffaabee9b8d9da7c15a50f52897ae5f70b40b4e7)
Christian Lamparter [Wed, 1 Dec 2021 14:01:23 +0000 (15:01 +0100)]
ca-certificates: fix python3-cryptography woes in certdata2pem.py
This patch is a revert of the upstream patch to Debian's ca-certificate
commit
033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")
The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.
|Traceback (most recent call last):
| File "certdata2pem.py", line 125, in <module>
| cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1
...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
| File "/certdata2pem.py", line 31, in <module>
| from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'
More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."
Link: <https://github.com/openwrt/openwrt/commit/
7c99085bd697>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
25bc66eb40ea2c062940778fba601032b2579734)
Christian Lamparter [Sun, 28 Nov 2021 01:31:54 +0000 (02:31 +0100)]
ca-certicficates: Update to version
20211016
Update the ca-certificates and ca-bundle package from version
20210119 to
version
20211016.
Debian change-log entry [1]:
|[...]
|[ Julien Cristau ]
|* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
| bundle to version 2.50
| The following certificate authorities were added (+):
| + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
| + "GlobalSign Root R46"
| + "GlobalSign Root E46"
| + "GLOBALTRUST 2020"
| + "ANF Secure Server Root CA"
| + "Certum EC-384 CA"
| + "Certum Trusted Root CA"
| The following certificate authorities were removed (-):
| - "QuoVadis Root CA"
| - "Sonera Class 2 Root CA"
| - "GeoTrust Primary Certification Authority - G2"
| - "VeriSign Universal Root Certification Authority"
| - "Chambers of Commerce Root - 2008"
| - "Global Chambersign Root - 2008"
| - "Trustis FPS Root CA"
| - "Staat der Nederlanden Root CA - G3"
| * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
|[...]
[1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
7c99085bd69742f66207d61e9f2da5ec4f8f9d2f)
Rafał Miłecki [Wed, 1 Mar 2023 07:52:26 +0000 (08:52 +0100)]
kernel: support "linux,default-trigger" in leds-bcm63138
This driver is backported from the v6.0 which deals with
"linux,default-trigger" in leds core. For kernel 5.4 we need
leds-bcm63138 to read trigger on its own.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hauke Mehrtens [Sun, 29 Jan 2023 18:05:52 +0000 (19:05 +0100)]
mac80211: Update to version 5.10.168-1
This update mac80211 to version 5.10.168-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 12 Feb 2023 23:56:17 +0000 (00:56 +0100)]
kernel: bump 5.4 to 5.4.231
Compile-tested: x86/64
Run-tested: x86/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
John Audia [Tue, 7 Feb 2023 19:56:52 +0000 (14:56 -0500)]
openssl: bump to 1.1.1t
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
4ae86b3358a149a17411657b12103ccebfbdb11b)
The original commit removed the upstreamed patch 010-padlock.patch, but
it's not on OpenWrt 21.02, so it doesn't have to be removed.
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
Josef Schlehofer [Sat, 1 May 2021 06:51:12 +0000 (08:51 +0200)]
sunxi: fix wifi connection for Banana Pi M2 Berry
fixes the problem that the banana pi m2 berry cannot connect to wifi and cannot be used as an access point
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
ff2bb16730f629d54bde8ba85c75d8614741e3fd)
Signed-off-by: LizenzFass78851 <82592556+LizenzFass78851@users.noreply.github.com>
Martin Kennedy [Tue, 30 Aug 2022 00:47:24 +0000 (20:47 -0400)]
mpc85xx: Drop pci aliases to avoid domain changes
As of upstream Linux commit
0fe1e96fef0a ("powerpc/pci: Prefer PCI
domain assignment via DT 'linux,pci-domain' and alias"), the PCIe
domain address is no longer numbered by the lowest 16 bits of the PCI
register address after a fallthrough. Instead of the fallthrough, the
enumeration process accepts the alias ID (as determined by
`of_alias_scan()`). This causes e.g.:
9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
to become
0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...
... which then causes the sysfs path of the netdev to change,
invalidating the `wifi_device.path`s enumerated in
`/etc/config/wireless`.
One other solution might be to migrate the uci configuration, as was
done for mvebu in commit
0bd5aa89fcf2 ("mvebu: Migrate uci config to
new PCIe path"). However, there are concerns that the sysfs path will
change once again once some upstream patches[^2][^3] are merged and
backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled).
Instead, remove the aliases and allow the fallthrough to continue for
now. We will provide a migration in a later release.
This was first reported as a Github issue[^1].
[^1]: https://github.com/openwrt/openwrt/issues/10530
[^2]: https://lore.kernel.org/linuxppc-dev/
20220706104308.5390-1-pali@kernel.org/t/#u
[^3]: https://lore.kernel.org/linuxppc-dev/
20220706101043.4867-1-pali@kernel.org/
Fixes: #10530
Tested-by: Martin Kennedy <hurricos@gmail.com>
[Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i]
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
(cherry picked from commit
7f4b4c29f3489697dca7495216460d0ed5023e02)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Hauke Mehrtens [Sat, 28 Jan 2023 18:09:19 +0000 (19:09 +0100)]
kernel: bump 5.4 to 5.4.230
Compile-tested: x86/64
Run-tested: x86/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 28 Jan 2023 18:25:32 +0000 (19:25 +0100)]
kernel: Reorder configuration
This was done by running these commands:
./scripts/kconfig.pl '+' target/linux/generic/config-5.4 /dev/null > target/linux/generic/config-5.4-new
mv target/linux/generic/config-5.4-new target/linux/generic/config-5.4
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rafał Miłecki [Mon, 23 Jan 2023 12:23:29 +0000 (13:23 +0100)]
kernel: expose (unhide) CONFIG_ASN1 as ksmbd requirement
OpenWrt provides kmod-asn1-decoder for CONFIG_ASN1 but selecting it
doesn't really work as expected. Kernel symbol is hidden and can be
actually selected only as a dependency. That works well for in-kernel
stuff but fails for external modules requiring ASN1 like ksmbd.
Modify kernel Kconfig to make CONFIG_ASN1 always selectable. It's
required to satisfy ksmbd dependencies cleanly (without hack like
selecting unrelated modules).
Link: http://lists.openwrt.org/pipermail/openwrt-devel/2023-January/040298.html
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Christian Marangi [Thu, 12 Jan 2023 13:46:58 +0000 (14:46 +0100)]
scripts/dl_github_archieve.py: fix generating unreproducible tar
Allign dl_github_archieve.py to
8252511dc0b5a71e9e64b96f233a27ad73e28b7f
change. On supported system the sigid bit is applied to files and tar
archieve that on tar creation. This cause unreproducible tar for these
system and these bit should be dropped to produce reproducible tar.
Add the missing option following the command options used in other
scripts.
Fixes: 75ab064d2b38 ("build: download code from github using archive API")
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
5f1758ef14575df4e86896526b1c2035c231899e)
Josef Schlehofer [Mon, 12 Dec 2022 22:08:05 +0000 (23:08 +0100)]
opkg: add patch to avoid remove package repeatly with force
This patch was taken from the OpenWrt-devel mailing list:
https://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg59794.html
It is included already in OpenWrt master branch and OpenWrt 22.03
release as it was included in opkg-lede repository:
https://git.openwrt.org/?p=project/opkg-lede.git;a=commit;h=
9c44557a776da993c2ab80cfac4dbd8d59807d01
However, it is not included in OpenWrt 21.02, where the same issue is
happening.
Fixes: CI for https://github.com/openwrt/packages/pull/20074
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Daniel Golle [Tue, 26 Jul 2022 08:17:07 +0000 (10:17 +0200)]
kernel: add kmod-nvme package
Add driver for NVM Express block devices, ie. PCIe connected SSDs.
Targets which allow booting from NVMe (x86, maybe some mvebu boards come
to mind) should have it built-in, so rootfs can be mounted from there.
For targets without NVMe support in bootloader or BIOS/firmware it's
sufficient to provide the kernel module package.
On targets having the NVMe driver built-in the resulting kmod package
is an empty dummy. In any case, depending on or installing kmod-nvme
results in driver support being available (either because it was already
built-in or because the relevant kernel modules are added and loaded).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
dbe53352e38d20bb5245158b19d4ff810c209548)
Rui Salvaterra [Wed, 28 Apr 2021 12:54:17 +0000 (13:54 +0100)]
netfilter: remove no-op kconfig symbols
These have long been obsolete. For reference, here's the Linux version where
each symbol has been dropped:
CONFIG_IP6_NF_QUEUE - 3.5
CONFIG_IP6_NF_TARGET_LOG - 3.4
CONFIG_IP_NF_MATCH_DSCP - 2.6.19
CONFIG_NF_CONNTRACK_IPV4 - 4.19
CONFIG_NF_CONNTRACK_IPV6 - 4.19
CONFIG_NF_CONNTRACK_RTCACHE - out-of-tree, superseded by flow offloading
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
d7956c57284624f4bc7b905d192c81e1d34576fe)
Hauke Mehrtens [Sun, 7 Aug 2022 13:13:36 +0000 (15:13 +0200)]
kernel: kmod-isdn4linux: Remove package
The isdn4linux drivers and subsystem was removed in kernel 5.3, remove
the kernel package also from OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
db55dea5fc047190af188f07018e99b0c7a4bdde)
Hauke Mehrtens [Sun, 7 Aug 2022 12:31:59 +0000 (14:31 +0200)]
kernel: kmod-ipt-ulog: Remove package
The ulog iptables target was removed with kernel 3.17, remove the kernel
and also the iptables package in OpenWrt too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
2a0284fb0325f07e79b9b4c58a7d280ba9999a39)
Hauke Mehrtens [Sun, 7 Aug 2022 11:32:31 +0000 (13:32 +0200)]
kernel: kmod-w1-slave-ds2760: Remove package
The w1_ds2760.ko driver was merged into the ds2760_battery.ko driver.
The driver was removed and this package was never build any more.
This happened with kernel 4.19.
Remove this unused package.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
5808973d141f488e06efe4749dbf651565fd5510)
Hauke Mehrtens [Sun, 7 Aug 2022 12:42:01 +0000 (14:42 +0200)]
kenrel: kmod-rtc-pt7c4338: Remove package
The rtc-pt7c4338.ko was never upstream under this name, the driver was
removed from OpenWrt some years ago, remove the kmod-rtc-pt7c4338
package too.
Fixes: 74d00a8c3849 ("kernel: split patches folder up into backport, pending and hack folders")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
5ccf4dcf8864c1d940b65067d8c6f7c4e5858ae2)
Josef Schlehofer [Tue, 30 Aug 2022 07:02:32 +0000 (09:02 +0200)]
kernel: build crypto md5/sha1/sha256 modules for powerpc
This builds and enables kernel optimized modules for mpc85xx target:
- CONFIG_CRYPTO_MD5_PPC [1]
- CONFIG_CRYPTO_SHA1_PPC_SPE [2]
- CONFIG_CRYPTO_SHA256_PPC_SPE [3]
Where it was possible, then use Signal Processing Engine, because
CONFIG_SPE is already enabled in mpc85xx config.
[1] https://cateee.net/lkddb/web-lkddb/CRYPTO_MD5_PPC.html
[2] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA1_PPC.html
[3] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA256_PPC_SPE.html
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
3a702f8733ff371f30e9e3ba1e1aed5f4686b6b4)
Josef Schlehofer [Tue, 30 Aug 2022 06:51:37 +0000 (08:51 +0200)]
kernel: fix typo for tegra crypto-sha1 module
Fixes: e889489bedfd2830411bd0cf6564b8272aa9c254 ("kernel: build
arm/neon-optimized sha1/512 modules")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit
f8f9d6901c6a7c85e6b18fba665175646fb53ec7)
Christian Marangi [Wed, 4 Jan 2023 18:26:16 +0000 (19:26 +0100)]
CI: build: fix external toolchain use with release tag tests
When a new tag for a release is created, the just checkout repo from
github actions will already have such tag locally created.
This will result in git fetch --tags failing with error rejecting the
remote tag with (would clobber existing tag).
Add -f option to overwrite any local tags and always fetch them from
remote.
Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
f655923b362e9f2d70672eee9c1fa82550a145a6)
Rafał Miłecki [Tue, 3 Jan 2023 07:34:43 +0000 (07:34 +0000)]
layerscape: fix felix DSA driver compilation
It isn't used at the moment but let's fix it anyway.
This fixes:
CC drivers/net/dsa/ocelot/felix.o
drivers/net/dsa/ocelot/felix.c:646:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int, enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types]
.get_tag_protocol = felix_get_tag_protocol,
^~~~~~~~~~~~~~~~~~~~~~
for users enabling CONFIG_NET_DSA_MSCC_FELIX.
Fixes: 1f5024aa73fc ("kernel: backport b53/bcm_sf2 changes from v5.6")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Mon, 2 Jan 2023 16:26:56 +0000 (17:26 +0100)]
realtek: update rtl83xx switch driver to the updated DSA API
This fixes:
CC drivers/net/dsa/rtl83xx/dsa.o
drivers/net/dsa/rtl83xx/dsa.c:1274:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int, enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types]
.get_tag_protocol = rtl83xx_get_tag_protocol,
^~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/dsa/rtl83xx/dsa.c:1274:22: note: (near initialization for 'rtl83xx_switch_ops.get_tag_protocol')
drivers/net/dsa/rtl83xx/dsa.c:1316:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int, enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types]
.get_tag_protocol = rtl83xx_get_tag_protocol,
^~~~~~~~~~~~~~~~~~~~~~~~
Fixes: 1f5024aa73fc ("kernel: backport b53/bcm_sf2 changes from v5.6")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Arınç ÜNAL [Sat, 31 Dec 2022 12:41:53 +0000 (13:41 +0100)]
rampis: fix Reference to non-existent node for GB-PC2
Fix cannot build: Reference to non-existent node or label
"macaddr_factory_e000" dtb compilation error.
The cherry-pick had to be reworked to use the old mtd-mac-address way as
openwrt-21.02 still wasn't migrated to nvmem implementation.
Fixes: d604032c2a50 ("ramips: fix GB-PC1 and GB-PC2 device support")
Fixes: #11654
Fixes: #11385
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
[ rework commit message, add more fixes tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Hauke Mehrtens [Tue, 1 Nov 2022 14:17:03 +0000 (15:17 +0100)]
dnsmasq: Backport DHCPv6 server fix (CVE-2022-0934)
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.
CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
002a99eccd75fb653163bae0a1132bd4f494e7ad)
Christian Marangi [Fri, 16 Dec 2022 21:34:12 +0000 (22:34 +0100)]
generic: 5.4: refresh kernel patches
Refresh kernel patches due to new spi nor patch.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Fri, 14 Oct 2022 19:00:39 +0000 (21:00 +0200)]
generic: add support for EON EN25QX128A spi nor flash
Add support for EON EN25QX128A spi nor flash with no flags as it does
support SFDP parsing.
Fixes: #9442
Tested-by: Szabolcs Hubai <szab.hu@gmail.com> [ramips/mt7621: xiaomi_mi-router-4a-gigabit]
(cherry picked from commit
d7876daf6552a9f39bd5e0bf50b554e9406ec275)
[ apply the same patch to 5.4 kernel ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Sergey V. Lobanov [Thu, 2 Dec 2021 16:02:23 +0000 (19:02 +0300)]
tools/mkimage: fix build on MacOS arm64
Fixed -no-pie compilation warning on MacOS
Fixed errors related to using absolute addressing on MacOS arm64
Based on upstream patch from Jessica Clarke and suggestions from Ronny Kotzschmar
Link to original patch and discussion:
https://github.com/u-boot/u-boot/commit/
3b142045e8a7f0ab17b6099e9226296af45967d0
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit
8261b85844a0018c6c79e10c1abb581aca102e45)
Christian Marangi [Wed, 7 Dec 2022 17:12:31 +0000 (18:12 +0100)]
CI: kernel: don't checkout and install feeds
We don't need to checkout feed and install feeds for kernel tests. This
saves up to 2 minutes for each target kernel build test.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
925e2a155ee4d4cc792fbf68aa9666e32a1f649b)
Christian Marangi [Wed, 7 Dec 2022 17:09:18 +0000 (18:09 +0100)]
CI: build: skip sdk adapt to external toolchain on cache hit
On cache hit, skip sdk adapt to external toolchain. This is needed because we
cache the already extracted sdk and that is already adapted to be used
as external toolchain.
Rerunning the adap step will result in the test to fail for missing file
as the file are already got wrapped to the external toolchain format.
Fixes: 42f0ab028e2e ("CI: build: fix use of sdk as toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
99eaedfe3966b1ca812e8a962197cf91286247f7)
Rafał Miłecki [Wed, 7 Dec 2022 08:57:47 +0000 (09:57 +0100)]
kernel: backport b53/bcm_sf2 changes from v5.8
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Wed, 7 Dec 2022 08:48:32 +0000 (09:48 +0100)]
kernel: backport b53/bcm_sf2 changes from v5.7
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Wed, 7 Dec 2022 08:37:08 +0000 (09:37 +0100)]
kernel: backport b53/bcm_sf2 changes from v5.6
This b53 backport significantly stabilizes switch traffic performance.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Wed, 7 Dec 2022 08:26:11 +0000 (09:26 +0100)]
kernel: backport b53/bcm_sf2 changes from v5.5
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Adam Konrad [Sun, 27 Nov 2022 04:23:20 +0000 (22:23 -0600)]
cmake: update to version 3.19.8
Updating CMake to latest patched version 3.19.8 which is fixing issue with ccache.
Related issue: https://github.com/openwrt/openwrt/issues/8555
Compile-tested: arm64
Signed-off-by: Adam Konrad <git@adamkonrad.com>
Christian Marangi [Mon, 5 Dec 2022 22:23:04 +0000 (23:23 +0100)]
CI: build: fix use of sdk as toolchain
The toolchain included in a sdk have a different format than an external
toolchain tar.
Since sdk is a more integrated setup doesn't use and include wrapper bin
that use the external toolchain config and use an alternative and more
standard way to include all the toolchain headers.
External toolchain use wrapper.sh to append the configured include
header when each tool is called.
Fix the sdk toolchain by reverting their own sdk wrapper scripts and to
simulate an external toolchain build copying what is done in the
toolchain target makefile.
This handle compilation error and warning caused by not using fortify
header on building packages.
Fixes: 006e52545d14 ("CI: build: add support to fallback to sdk for external toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
42f0ab028e2eae0d4e7acf9db7fd68b256f23503)
Hauke Mehrtens [Sun, 11 Sep 2022 22:29:00 +0000 (00:29 +0200)]
toolchain: Select USE_SSTRIP with external musl toolchain
When we use the internal toolchain USE_SSTRIP will be selected by
default for musl libc and USE_STRIP when glibc is used. Do the same when
an external toolchain is used. USE_GLIBC will also be set for external
toolchain builds based on the EXTERNAL_TOOLCHAIN_LIBC_USE_GLIBC setting.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
9403810c020cca136149973a3929bf77a1f501aa)
David Bauer [Fri, 20 Nov 2020 02:03:54 +0000 (03:03 +0100)]
sdk: expose binary strip settings
Expose the SDK options for binary stripping to the menuconfig. This
way, packages can easily be built with debug symbols using the SDK.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
bb817bb4b8b0b546a70e45bd907ebfeea2370dcd)
Christian Marangi [Sun, 4 Dec 2022 19:58:11 +0000 (20:58 +0100)]
CI: trigger check also on build and check-kernel-patches workflow change
Since kernel and packages workflow now use a shared build workflow, they
also need to react on changes on these shared workflow.
Fix this and add these shared workflow to the event paths to check.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
644175c29ca11e0a008c58c82986045f738f5c6f)
Christian Marangi [Sun, 4 Dec 2022 19:36:11 +0000 (20:36 +0100)]
CI: build: fix matching for openwrt release branch for toolchain parsing
The current match logic doesn't handle test for push events related to
stable release (example openwrt-22.03) but only fork with the related
prefix (example openwrt-22.03-fixup)
Fix wrong matching and while at it also add extra checks to other
matching (check if the branch name actually start with the requested
prefix)
Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
e3cf2b84e5f8708ca17d931ef60746516c8a2fe4)
Christian Marangi [Sun, 4 Dec 2022 19:28:28 +0000 (20:28 +0100)]
CI: fix matching for openwrt release branch for container selection
The current match logic doesn't handle test for push events related to
stable release (example openwrt-22.03) but only fork with the related
prefix (example openwrt-22.03-fixup)
Fix wrong matching and while at it also add extra checks to other
matching (check if the branch name actually start with the requested
prefix)
Fixes: abe8a4824210 ("CI: build: add support for per branch tools container")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
65c3d19c4b28ccac0d08d916de0ffa4c0e7b3dc2)
Christian Marangi [Thu, 1 Dec 2022 00:46:03 +0000 (01:46 +0100)]
CI: labeler: fix wrong label for pr targeting stable branch
The label used for stable branch is in the form of
release/[0-9][0-9].[0-9][0-9]
Currently we apply the name of the target branch as the label, fix this
and correctly use the current label.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
af8bc8e51b6daef65c497522b67a1dd9d0cdab84)
Christian Marangi [Tue, 29 Nov 2022 18:53:23 +0000 (19:53 +0100)]
CI: add support to tag pr targeting stable branch
Add support to tag pr targeting stable branch matching the simple regex
of openwrt-[0-9][0-9].[0-9][0-9]. The tag that will be added will match
the pr target branch.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
b67d284e93ee052e3ea3abb5d3dae55723ce0353)
Ansuel Smith [Mon, 10 Jan 2022 16:02:30 +0000 (17:02 +0100)]
kernel: split kernel version to dedicated files
Move the kernel versions and hash to dedicated files.
This makes kernel bump quicker and fix some annoying
problem with rebasing when multiple kernel bump are proposed.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[Rebased on top of current master]
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit
0765466a42f46f7357e260866a4284ed567bb7ad)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[Rebased on top of current openwrt-21.02]
Christian Marangi [Wed, 7 Sep 2022 21:50:36 +0000 (23:50 +0200)]
build: handle directory with whitespace in AUTOREMOVE clean
Package with whitespace in their build directory are not correctly
removed when CONFIG_AUTOREMOVE is enabled. This is caused by xargs that
use whitespace as delimiters. To handle this use \0 as the delimiter and
set find to use \0 as the delimiter.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
dccee21792b89031bcd801030de403f195d80278)
Christian Marangi [Mon, 28 Nov 2022 15:12:13 +0000 (16:12 +0100)]
CI: build: add support to fallback to sdk for external toolchain
Add support to use sdk as external toolchain if the packaged external
toolchain tar is not found on openwrt servers for build shared workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
b59ac2a7d0ff427419e86bd38dea3d8910dd7926)
Christian Marangi [Mon, 28 Nov 2022 11:44:01 +0000 (12:44 +0100)]
CI: build: add support for external toolchains from stable branch
Add support to use external toolchains from stable branch if we are
testing commit targeting stable openwrt branch in kernel and packages
workflow.
With pr the target branch is parsed and the right toolchain is used.
To use the stable toolchain for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9]- (example openwrt-21.02-fixup)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
e24a1e6f6d7f08fb766eb11b8008f8fc5b72d072)
Christian Marangi [Sun, 27 Nov 2022 18:53:08 +0000 (19:53 +0100)]
CI: build: add support for per branch tools container
Add support in build shared workflow for per branch tools container.
With pr the target branch is parsed and the right container is used.
To use the stable container for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9]- (example openwrt-21.02-fixup)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
abe8a4824210966e0899724bf4561a89216a1e36)
Christian Marangi [Sun, 27 Nov 2022 18:45:38 +0000 (19:45 +0100)]
CI: tools: support per branch tools container
Add support to push per branch container tools.
For anything not official stick to latest tag that correspond to test
run from master.
If we are testing something for one of the openwrt stable branch, parse
the branch name or the tag and push dedicated tools containers.
To use the stable container for local testing the branch needs to have
the prefix openwrt-[0-9][0-9].[0-9][0-9] (example openwrt-21.02-fixup)
Any branch that will match this pattern openwrt-[0-9][0-9].[0-9][0-9]
will refresh the tools container with the matching tag.
(example branch openwrt-22.03 -> tools:openwrt-22.03)
(example branch openwrt-22.03-test -> tools:openwrt-22.03)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
75550771ae76fbcab4160e10b73287f918727384)
Hauke Mehrtens [Sat, 3 Dec 2022 02:04:40 +0000 (03:04 +0100)]
CI: Build all boards and testing kernel
This adds options to build all boards of a selected target and an
additional option to build the testing kernel instead of the normal
kernel. This can be used by other trigger work flows.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
cf361b85097216538dfac5ad7b22050390b0bc67)
Hauke Mehrtens [Sat, 5 Nov 2022 13:27:11 +0000 (14:27 +0100)]
CI: Allow building with internal toolchain
This adds an option to build with internal toolchain. This can be used
to build targets which are currently not build by the OpenWrt build bots
and which needs their own toolchain build for every build.
Building the toolchain takes about 30 minutes compared to using the
external toolchain which takes some seconds.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
08f5283392674fe874c7f441128319263ce0d171)
Hauke Mehrtens [Tue, 1 Nov 2022 18:10:01 +0000 (19:10 +0100)]
CI: Extract the OpenWrt building to own sub workflow
Extract the building of OpenWrt into an own workflow which is then
triggered by the kernel.yml and packages.yml workflow with different
inputs. This allows us to share much of the code of the workflow.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
7c406a5f0837b0bfc293b723932695176a8ef6fe)