Jesus Fernandez Manzano [Mon, 22 Jan 2024 12:46:14 +0000 (13:46 +0100)]
hostapd: fix 11r defaults when using WPA
802.11r can not be used when selecting WPA. It needs at least WPA2.
This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.
Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit
cdc4c551755115e0e1047a0c90a658e6238e96ee)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Jesus Fernandez Manzano [Mon, 22 Jan 2024 12:52:18 +0000 (13:52 +0100)]
hostapd: fix 11r defaults when using SAE
When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit
e2f6bfb833a1ba099e1dcf0e569e4ef11c31c391)
Fixes: https://github.com/openwrt/luci/issues/6930
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Konstantin Demin [Tue, 9 Jan 2024 00:40:01 +0000 (03:40 +0300)]
dropbear: cherry-pick upstream patches
critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)
various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels
adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit
b5cde260487eae86db1661a53e5e5e0823936aab)
[Only add the patches fixing security problems]
Tested-by: Stijn Segers <foss@volatilesystems.org>
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Christian Lamparter [Sun, 2 Jun 2024 13:54:14 +0000 (15:54 +0200)]
firmware: intel-microcode: update to
20240531
Debian changelog:
intel-microcode (3.
20240531.1) unstable; urgency=medium
* New upstream microcode datafile
20240531
* Fix unspecified functional issues on Pentium Silver N/J5xxx,
Celeron N/J4xxx
* Updated Microcodes:
sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800
* source: update symlinks to reflect id of the latest release,
20240531
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 01 Jun 2024 11:49:47 -0300
intel-microcode (3.
20240514.1) unstable; urgency=medium
* New upstream microcode datafile
20240514
* Mitigations for INTEL-SA-01051 (CVE-2023-45733)
Hardware logic contains race conditions in some Intel Processors may
allow an authenticated user to potentially enable partial information
disclosure via local access.
* Mitigations for INTEL-SA-01052 (CVE-2023-46103)
Sequence of processor instructions leads to unexpected behavior in
Intel Core Ultra Processors may allow an authenticated user to
potentially enable denial of service via local access.
* Mitigations for INTEL-SA-01036 (CVE-2023-45745, CVE-2023-47855)
Improper input validation in some Intel TDX module software before
version 1.5.05.46.698 may allow a privileged user to potentially enable
escalation of privilege via local access.
* Fix for unspecified functional issues on 4th gen and 5th gen Xeon
Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for
Core i3 N-series processors.
* Updated microcodes:
sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632
sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400
sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256
sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208
sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433
sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808
sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040
sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240
sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960
sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230
* source: update symlinks to reflect id of the latest release,
20240514
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 16 May 2024 21:40:52 -0300
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
7d9b9762c95f5630857d8b08567fc1d72eb23217)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Christian Lamparter [Thu, 14 Mar 2024 06:13:37 +0000 (07:13 +0100)]
firmware: intel-microcode: update to
20240312
Debian changelog:
intel-microcode (3.
20240312.1) unstable; urgency=medium
* New upstream microcode datafile
20240312 (closes: #
1066108)
- Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
Protection mechanism failure of bus lock regulator for some Intel
Processors may allow an unauthenticated user to potentially enable
denial of service via network access.
- Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
Non-transparent sharing of return predictor targets between contexts in
some Intel Processors may allow an authorized user to potentially
enable information disclosure via local access. Affects SGX as well.
- Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
Information exposure through microarchitectural state after transient
execution from some register files for some Intel Atom Processors and
E-cores of Intel Core Processors may allow an authenticated user to
potentially enable information disclosure via local access. Enhances
VERW instruction to clear stale register buffers. Affects SGX as well.
Requires kernel update to be effective.
- Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
Processors when using Intel SGX or Intel TDX may allow a privileged
user to potentially enable escalation of privilege via local access.
NOTE: effective only when loaded by firmware. Allows SMM firmware to
attack SGX/TDX.
- Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
Incorrect calculation in microcode keying mechanism for some Intel
Xeon D Processors with Intel SGX may allow a privileged user to
potentially enable information disclosure via local access.
* Fixes for other unspecified functional issues on many processors
* Updated microcodes:
sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
* New microcodes:
sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
* source: update symlinks to reflect id of the latest release,
20240312
* changelog, debian/changelog: fix typos
-- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 12 Mar 2024 20:28:17 -0300
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
7b911a9c492f3db50fe97311b8cee9850acf03ad)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Christian Lamparter [Fri, 8 Mar 2024 20:16:44 +0000 (21:16 +0100)]
firmware: intel-microcode: update to
20231114
Debian changelog:
intel-microcode (3.
20231114.1) unstable; urgency=medium
* New upstream microcode datafile
20231114 (closes: #
1055962)
Mitigations for "reptar", INTEL-SA-00950 (CVE-2023-23583)
Sequence of processor instructions leads to unexpected behavior for some
Intel(R) Processors, may allow an authenticated user to potentially enable
escalation of privilege and/or information disclosure and/or denial of
service via local access.
Note: "retvar" on 4th gen Xeon Scalable (sig 0x806f8 pfm 0x87), 12th gen
Core mobile (sig 0x906a4 pfm 0x80), 13th gen Core desktop (sig 0xb0671 pfm
0x01) were already mitigated by a previous microcode update.
* Fixes for unspecified functional issues
* Updated microcodes:
sig 0x000606a6, pf_mask 0x87, 2023-09-01, rev 0xd0003b9, size 299008
sig 0x000606c1, pf_mask 0x10, 2023-09-08, rev 0x1000268, size 290816
sig 0x000706e5, pf_mask 0x80, 2023-09-03, rev 0x00c2, size 113664
sig 0x000806c1, pf_mask 0x80, 2023-09-07, rev 0x00b4, size 111616
sig 0x000806c2, pf_mask 0xc2, 2023-09-07, rev 0x0034, size 98304
sig 0x000806d1, pf_mask 0xc2, 2023-09-07, rev 0x004e, size 104448
sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0, size 572416
sig 0x000806f8, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
sig 0x000806f7, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
sig 0x000806f6, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
sig 0x000806f5, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
sig 0x000806f4, pf_mask 0x87, 2023-06-16, rev 0x2b0004d0
sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290, size 605184
sig 0x000806f8, pf_mask 0x10, 2023-06-26, rev 0x2c000290
sig 0x000806f6, pf_mask 0x10, 2023-06-26, rev 0x2c000290
sig 0x000806f5, pf_mask 0x10, 2023-06-26, rev 0x2c000290
sig 0x000806f4, pf_mask 0x10, 2023-06-26, rev 0x2c000290
sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032, size 222208
sig 0x00090672, pf_mask 0x07, 2023-06-07, rev 0x0032
sig 0x00090675, pf_mask 0x07, 2023-06-07, rev 0x0032
sig 0x000b06f2, pf_mask 0x07, 2023-06-07, rev 0x0032
sig 0x000b06f5, pf_mask 0x07, 2023-06-07, rev 0x0032
sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430, size 220160
sig 0x000906a3, pf_mask 0x80, 2023-06-07, rev 0x0430
sig 0x000906a4, pf_mask 0x80, 2023-06-07, rev 0x0430
sig 0x000906a4, pf_mask 0x40, 2023-05-05, rev 0x0005, size 117760
sig 0x000a0671, pf_mask 0x02, 2023-09-03, rev 0x005d, size 104448
sig 0x000b0671, pf_mask 0x32, 2023-08-29, rev 0x011d, size 210944
sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c, size 216064
sig 0x000b06a2, pf_mask 0xe0, 2023-08-30, rev 0x411c
sig 0x000b06a3, pf_mask 0xe0, 2023-08-30, rev 0x411c
sig 0x000b06e0, pf_mask 0x11, 2023-06-26, rev 0x0012, size 136192
* Updated 2023-08-08 changelog entry:
Mitigations for "retvar" on a few processors, refer to the 2023-11-14
entry for details. This information was disclosed in 2023-11-14.
* source: update symlinks to reflect id of the latest release,
20231114
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 16 Nov 2023 08:09:43 -0300
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit
7241a91c948066e9062729a043944fd313826753)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Florian Eckert [Wed, 19 Jul 2023 09:54:25 +0000 (11:54 +0200)]
.gitignore: ignore link if target is included from feed
If an out of tree target is included via a feed, then there is a link with
the name 'feed' in the target directory. Do not show this link in git.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit
13e7a2d19f4545170a8deaab03411bc37182f7c4)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rosen Penev [Sun, 11 Feb 2024 23:06:44 +0000 (15:06 -0800)]
lua: fix CVE-2014-5461
Patch taken from Debian.
Refresh patches
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
78b0106f7d5093641f68d37c041a5863eb9dd9a0)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Yuu Toriyama [Sat, 18 May 2024 22:08:37 +0000 (07:08 +0900)]
wireless-regdb: update to 2024.05.08
Changes:
73529a8 Revert "wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)"
87941e4 wireless-regdb: Update regulatory rules for Taiwan (TW) on 6GHz
33797ae wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit
65c1f0d433e89c794a6d22dbe474666c241f9e7b)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Paweł Owoc [Mon, 18 Mar 2024 20:53:51 +0000 (21:53 +0100)]
mac80211: add missing config for third 160MHz width for 5GHz radio
Without this configuration it is not possible to run the radio using HE160 on channels 149-177.
Fixes: #14906
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
(cherry picked from commit
a91b79fd04d58e711273d08e0b1246942b2eec98)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 21 Apr 2024 15:40:09 +0000 (17:40 +0200)]
mbedtls: Update to 2.28.8
This contains a fix for:
CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
API mishandles shared memory.
(cherry picked from commit
360ac07eb933feaf29bb031f788f0bf81c473be7)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 7 Jul 2024 21:56:40 +0000 (23:56 +0200)]
kernel: bump 5.10 to 5.10.221
No manual changes needed.
Link: https://github.com/openwrt/openwrt/pull/15902
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 21 Apr 2024 15:46:55 +0000 (17:46 +0200)]
wolfssl: Update to 5.7.0
This fixes multiple security problems:
* [High] CVE-2024-0901 Potential denial of service and out of bounds
read. Affects TLS 1.3 on the server side when accepting a connection
from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
it is recommended to update the version of wolfSSL used.
* [Med] CVE-2024-1545 Fault Injection vulnerability in
RsaPrivateDecryption function that potentially allows an attacker
that has access to the same system with a victims process to perform
a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
Zhang, Qingni Shen for the report (Peking University, The University
of Western Australia)."
* [Med] Fault injection attack with EdDSA signature operations. This
affects
ed25519 sign operations where the system could be susceptible
to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
Qingni Shen for the report (Peking University, The University of
Western Australia).
Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk
(cherry picked from commit
f475a44c03a303851959930030ab9e6acebb81a7)
Link: https://github.com/openwrt/openwrt/pull/15874
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Nick Hainke [Wed, 27 Dec 2023 13:21:46 +0000 (14:21 +0100)]
wolfssl: update to 5.6.6
Release Notes:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable
Refresh patches:
- 100-disable-hardening-check.patch
Fixes: CVE-2023-6935 CVE-2023-6936 CVE-2023-6937
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
511578c128121326a3c48fdb35e4e62f96dc7b9d)
Link: https://github.com/openwrt/openwrt/pull/15874
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 30 Jun 2024 14:25:44 +0000 (16:25 +0200)]
kernel: bump 5.10 to 5.10.220
No manual changes needed.
Link: https://github.com/openwrt/openwrt/pull/15843
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Thu, 4 Jul 2024 20:47:31 +0000 (22:47 +0200)]
ksmbd: Support kernel 5.10.220
In kernel 5.10.220 many file system related patches were backported. One
of them changed the signature of vfs_rename(). Extend the version check
for 5.10.220.
Link: https://github.com/openwrt/openwrt/pull/15843
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Thu, 4 Jul 2024 20:45:40 +0000 (22:45 +0200)]
cryptodev-linux: Support kernel 5.10.220
In kernel 5.10.220 many file system related patches were backported. One
of them removed ksys_close(). Extend the version check for 5.10.220.
Link: https://github.com/openwrt/openwrt/pull/15843
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Daniel Golle [Sun, 27 Mar 2022 13:48:15 +0000 (14:48 +0100)]
kernel: 5.15: add missing Kconfig symbols for NFS
Add new Kconfig symbols for NFSv4.1 and NFSv4.2 to kmod-nfs-common and
kmod-nfsd.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit
f667277dd03ca0c93137b915c839a11a051d9220)
Link: https://github.com/openwrt/openwrt/pull/15843
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 29 Jun 2024 16:44:24 +0000 (18:44 +0200)]
kernel: bump 5.10 to 5.10.219
Removed upstreamed:
bcm27xx/patches-5.10/950-0006-smsx95xx-fix-crimes-against-truesize.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=
c3dc80f63326261fc991ac87a79d82a2e138bbb9
Link: https://github.com/openwrt/openwrt/pull/15843
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Ryan Castellucci [Mon, 6 May 2024 14:12:10 +0000 (15:12 +0100)]
ipq40xx: eap1300: add eap1300ext as alt model
The EnGenius EAP1300 and EAP1300EXT use identical boards and firmware
(as flashed) from the vendor.
As with the EAP1300, the EAP1300EXT requires a specific firmware version
to flash OpenWRT. Unfortunately, the required firmware is truncated on
the vendor's website.
A working file can be created as follows:
```
curl \
https://www.engeniustech.com/wp_firmware/eap1300-all-v3.5.3.5_c1.9.04.bin \
| perl -pe 's/\x09EAP1300_A/\x0cEAP1300EXT_A/' \
> eap1300ext-all-v3.5.3.5_c1.9.04.bin
```
The file should have sha256:
`
58a1197a426139a12b03fd432334e677124cbe3384349bd7337f2ee71f1dcfd4`.
Please see commit
2b4ac79 for further
details.
The vendor firmware must be decrypted before it can be flashed from
OpenWRT. A tool able to do that is available from:
https://github.com/ryancdotorg/enfringement/blob/main/decrypt.py
Signed-off-by: Ryan Castellucci <code@ryanc.org>
(cherry picked from commit
85f6f882232367b64c7933fb4856fdf4999c6aae)
Hauke Mehrtens [Sun, 26 May 2024 18:05:50 +0000 (20:05 +0200)]
kernel: bump 5.10 to 5.10.218
No manual changes needed.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 26 May 2024 16:50:23 +0000 (18:50 +0200)]
kernel: bump 5.10 to 5.10.217
Removed because they are upstream:
bcm27xx/patches-5.10/950-0334-net-bcmgenet-Reset-RBUF-on-first-open.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=
1fb7ab9a6e3eb4ea71a02b8b27fe2a95cc1213af
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rany Hany [Sun, 5 May 2024 22:39:58 +0000 (01:39 +0300)]
mediatek: fix broken PCIe caused by update to 5.15.158
The patch "710-pci-pcie-mediatek-add-support-for-coherent-DMA.patch"
makes use of "syscon_regmap_lookup_by_phandle" which requires that
"syscon" be in the compatible list.
Without this patch, PCIe probe will fail with the following error:
[ 1.287467] mtk-pcie
1a143000.pcie: host bridge /pcie@
1a143000 ranges:
[ 1.294019] mtk-pcie
1a143000.pcie: Parsing ranges property...
[ 1.299901] mtk-pcie
1a143000.pcie: MEM 0x0020000000..0x0027ffffff -> 0x0020000000
[ 1.307954] mtk-pcie
1a143000.pcie: missing hifsys node
[ 1.313185] mtk-pcie: probe of
1a143000.pcie failed with error -22
Fixes: 01c58a0d2a ("kernel: bump 5.15 to 5.15.158")
Signed-off-by: Rany Hany <rany_hany@riseup.net>
(cherry picked from commit
8607372b410fbb24b08de97ff5941341d0870d6f)
Hauke Mehrtens [Sat, 11 May 2024 21:49:10 +0000 (23:49 +0200)]
kernel: bump 5.10 to 5.10.216
Removed because they are upstream:
generic/backport-5.10/702-v5.19-01-arm64-dts-mediatek-mt7622-add-support-for-coherent-D.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=
57ff09043fa1e5ed53c7bb33da595a84a1b7d4c5
generic/backport-5.10/702-v5.19-04-arm64-dts-mediatek-mt7622-introduce-nodes-for-Wirele.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=
136c8e0169dfda05dc1b882aba88f89c0c2fa169
Manually adapted:
generic/pending-5.10/680-NET-skip-GRO-for-foreign-MAC-addresses.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Christian Marangi [Mon, 29 Apr 2024 19:17:31 +0000 (21:17 +0200)]
procd: make mDNS TXT record parsing more solid
mDNS broadcast can't accept empty TXT record and would fail
registration.
Current procd_add_mdns_service checks only if the first passed arg is
empty but don't make any verification on the other args permittins
insertion of empty values in TXT record.
Example:
procd_add_mdns "blah" \
"tcp" "50" \
"1" \
"" \
"3"
Produce:
{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "", "3" ] } }
The middle empty TXT record should never be included as it's empty.
This can happen with scripts that make fragile parsing and include
variables even if they are empty.
Prevent this and make the TXT record more solid by checking every
provided TXT record and include only the non-empty ones.
The fixed JSON is the following:
{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "3" ] } }
Fixes: b0d9dcf84dd0 ("procd: update to latest git HEAD")
Reported-by: Paul Donald <newtwen@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15331
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
4b043047132de0b3d90619d538f103af6153fa5a)
Robert Marko [Fri, 29 Mar 2024 17:57:03 +0000 (18:57 +0100)]
tools: b43-tools: fix compilation with GCC14
GCC14 no longer treats integer types and pointer types as equivalent in
assignments (including implied assignments of function arguments and return
values), and instead fails the compilation with a type error.
So, as a workaround lets disable the newly introduced error
-Werror=int-conversion and just make it print a warning to enable compiling
with GCC14 as Fedora 40 now defaults to it.
(cherry picked from commit
0c96d20bf9fba6d814efa88c6fb08a5df094103a)
Link: https://github.com/openwrt/openwrt/pull/15309
Signed-off-by: Robert Marko <robimarko@gmail.com>
Robert Marko [Sat, 27 Apr 2024 11:55:46 +0000 (13:55 +0200)]
tools/coreutils: fix compilation on macOS 14
Current coreutils 8.32 in 22.03 will fail to compile when using macOS 14 with:
depbase=`echo lib/obstack.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
gcc -I. -I./lib -Ilib -I./lib -Isrc -I./src -I/Volumes/OpenWrt/openwrt/staging_dir/host/include -O2 -I/Volumes/OpenWrt/openwrt/staging_dir/host/include -MT lib/obstack.o -MD -MP -MF $depbase.Tpo -c -o lib/obstack.o lib/obstack.c &&\
mv -f $depbase.Tpo $depbase.Po
lib/obstack.c:351:31: error: incompatible function pointer types initializing 'void (*)(void) __attribute__((noreturn))' with an expression of type 'void (void)' [-Wincompatible-function-pointer-types]
__attribute_noreturn__ void (*obstack_alloc_failed_handler) (void)
^
1 error generated.
Backporting gnulib commit ("obstack: Fix a clang warning") fixes this.
Fixes: #15270
Signed-off-by: Robert Marko <robimarko@gmail.com>
Robert Marko [Sat, 27 Apr 2024 11:41:11 +0000 (13:41 +0200)]
tools/cpio: fix compilation on macOS 14
Current cpio 2.13 in 22.03 will fail to compile when using macOS 14 with:
gcc -DHAVE_CONFIG_H -I. -I.. -I/Volumes/OpenWrt/openwrt/staging_dir/host/include -O2 -I/Volumes/OpenWrt/openwrt/staging_dir/host/include -MT obstack.o -MD -MP -MF .deps/obstack.Tpo -c -o obstack.o obstack.c
obstack.c:351:31: error: incompatible function pointer types initializing 'void (*)(void) __attribute__((noreturn))' with an expression of type 'void (void)' [-Wincompatible-function-pointer-types]
__attribute_noreturn__ void (*obstack_alloc_failed_handler) (void)
^
1 error generated.
make[7]: *** [Makefile:1586: obstack.o] Error 1
Backporting gnulib commit ("obstack: Fix a clang warning") fixes this.
Fixes: #15270
Signed-off-by: Robert Marko <robimarko@gmail.com>
Robert Marko [Sat, 27 Apr 2024 11:01:18 +0000 (13:01 +0200)]
tools/sed: fix compilation on macOS 14
Current sed 4.8 in 22.03 will fail to compile when using macOS 14 with:
depbase=`echo lib/obstack.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
gcc -DHAVE_CONFIG_H -I. -I. -I./lib -I./lib -I./sed -I/Volumes/OpenWrt/openwrt/staging_dir/host/include -O2 -I/Volumes/OpenWrt/openwrt/staging_dir/host/include -MT lib/obstack.o -MD -MP -MF $depbase.Tpo -c -o lib/obstack.o lib/obstack.c &&\
mv -f $depbase.Tpo $depbase.Po
lib/obstack.c:351:31: error: incompatible function pointer types initializing 'void (*)(void) __attribute__((noreturn))' with an expression of type 'void (void)' [-Wincompatible-function-pointer-types]
__attribute_noreturn__ void (*obstack_alloc_failed_handler) (void)
^
1 error generated.
make[5]: *** [Makefile:2781: lib/obstack.o] Error 1
Backporting gnulib commit ("obstack: Fix a clang warning") fixes this.
Fixes: #15270
Signed-off-by: Robert Marko <robimarko@gmail.com>
Robert Marko [Sat, 27 Apr 2024 11:28:29 +0000 (13:28 +0200)]
CI: tools: macOS: sync with shared-actions for macOS 14
Now that GH has changed their runner to macOS 14 current recipe will fail
so lets sync the required changes for macOS 14.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Zoltan HERPAI [Tue, 16 Apr 2024 22:42:56 +0000 (00:42 +0200)]
sunxi: fix network bringup on Olinuxino Micro boards
It's the A13-based Olinuxino Micro which has only wireless interfaces. The
A20-based board is a fully-fledged one which has an ethernet interface.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit
3ed8927cf5d7eb78d1427151cfa83bd535634d47)
Yuu Toriyama [Sat, 3 Feb 2024 19:09:14 +0000 (04:09 +0900)]
wireless-regdb: update to 2024.01.23
The maintainer and repository of wireless-regdb has changed.
https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/
Changes:
37dcea0 wireless-regdb: Update keys and maintainer information
9e0aee6 wireless-regdb: Makefile: Reproducible signatures
8c784a1 wireless-regdb: Update regulatory rules for China (CN)
149c709 wireless-regdb: Update regulatory rules for Japan (JP) for December 2023
bd69898 wireless-regdb: Update regulatory rules for Singapore (SG) for September 2023
d695bf2 wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)
4541300 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit
b463737826eaa6c519eba93e13757a0cd3e09d47)
Hauke Mehrtens [Tue, 2 Apr 2024 23:39:35 +0000 (01:39 +0200)]
mac80211: Update to 5.15.153-1
Update mac80211 to version based on kernel 5.15.153.
This contains multiple bugfixes.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 13 Apr 2024 16:57:59 +0000 (18:57 +0200)]
kernel: bump 5.10 to 5.10.215
Manually adapted the following patch:
octeontx/patches-5.10/0004-PCI-add-quirk-for-Gateworks-PLX-PEX860x-switch-with-.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Fri, 29 Mar 2024 16:34:32 +0000 (17:34 +0100)]
kernel: bump 5.10 to 5.10.214
Removed because similar version is upstream:
x86/patches-5.10/020-x86-Fix-compile-problem.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=
cc6ddd6fa93eb59ac6f63158a6466e45ad0ca94c
Manually adapted the following patch:
mediatek/patches-5.10/100-dts-update-mt7622-rfb1.patch
Add new configuration symbols for tegra target.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Zoltan HERPAI [Thu, 28 Mar 2024 12:41:32 +0000 (13:41 +0100)]
bcm47xx: fix switch setup for Linksys WRT320N v1
WRT320N V1 is not detected by the initial network configuration script.
The switch remains unconfigured and WAN/LAN VLANs are not created.
This adds the correct setup for the device.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Hauke Mehrtens [Tue, 26 Mar 2024 00:17:53 +0000 (01:17 +0100)]
kernel: bump 5.10 to 5.10.213
Removed because it is upstream:
generic/backport-5.10/081-net-next-regmap-allow-to-define-reg_update_bits-for-no-bus.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=
915848be2f1b24d8043aace414bc5f8174a13c0e
Manual changes needed:
bcm27xx/patches-5.10/950-0030-lan78xx-Enable-LEDs-and-auto-negotiation.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 3 Mar 2024 18:59:25 +0000 (19:59 +0100)]
x86: Fix compile problem with kernel 5.10.211
Fix a compile problem in upstream kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 3 Mar 2024 11:34:19 +0000 (12:34 +0100)]
kernel: Remove unused schedulers
These schedulers were removed in kernel 5.15.150 and 6.1.180.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
cd450923ab066ce35e8ce55340e66986f14a42d8)
Hauke Mehrtens [Sat, 2 Mar 2024 20:01:35 +0000 (21:01 +0100)]
kernel: bump 5.10 to 5.10.211
Removed because it is upstream:
bcm53xx/patches-5.15/037-v6.6-0004-ARM-dts-BCM53573-Drop-nonexistent-default-off-LED-tr.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=
ef6128a1bafe90ceb14d71cd0e69f44f00ec8b0a
Manually adapted the following patch:
bcm53xx/patches-5.10/038-v6.2-0004-ARM-dts-broadcom-align-LED-node-names-with-dtschema.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
John Audia [Sun, 3 Mar 2024 14:49:03 +0000 (09:49 -0500)]
kernel: Remove dsmark support
dsmark support was removed in kernel 5.15.150 and 6.1.80. Remove it from
the kmod package as well
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit
bd6b37f463d0530b887e052860207448c82d6ee2)
Hauke Mehrtens [Sat, 2 Mar 2024 18:17:28 +0000 (19:17 +0100)]
kernel: bump 5.10 to 5.10.210
All patches refreshed automatically.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 17 Feb 2024 16:58:50 +0000 (17:58 +0100)]
wifi-scripts: Support HE Iftypes with multiple entries
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
5df7a78e821cbdcc3beb80150798712a4c00b00e)
Hauke Mehrtens [Sun, 3 Jul 2022 16:24:58 +0000 (18:24 +0200)]
mac80211: Add DRIVER_11AX_SUPPORT dependency to mac80211-hwsim and iwlwifi
The mac80211-hwsim and the Intel iwlwifi driver support ieee80211ax, add
the missing DRIVER_11AX_SUPPORT dependency too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
576b62712fa7552f4fa30b67b47004745fee5287)
Hauke Mehrtens [Tue, 13 Feb 2024 21:50:12 +0000 (22:50 +0100)]
hostapd: backport fix for CVE-2023-52160
Fix a authentication bypass problem in WPA Enterprise client mode. See
here for details: https://www.top10vpn.com/research/wifi-vulnerabilities/
This problem was assigned CVE-2023-52160
This problem was fixed in upstream hostapd in June 2023. Hostapd used in
OpenWrt 23.05 and later already contains this fix..
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Wed, 7 Feb 2024 22:09:47 +0000 (23:09 +0100)]
toolchain: Update glibc 2.34 to recent HEAD
f95fe70608 elf: Fix TLS modid reuse generation assignment (BZ 29039)
ba52b325c4 x86-64: Fix the dtv field load for x32 [BZ #31184]
2143fcd540 x86-64: Fix the tcb field load for x32 [BZ #31185]
43ac0f94f1 NEWS: Mention bug fixes for 29039/30745/30843
a08677d389 x86_64: Optimize ffsll function code size.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Oto Šťáva [Fri, 16 Feb 2024 15:28:10 +0000 (16:28 +0100)]
build: add explicit --no-show-signature for git
When `log.showSignature` is set, it causes the `SOURCE_DATE_EPOCH` to
include a textual signature description on OpenPGP-signed commits,
because Git prints the description into stdout. This then causes some
scripts to fail because they cannot parse the date from the variable.
Adding an explicit `--no-show-signature` prevents the signatures from
being displayed even when one has Git configured to show them by
default, fixing the scripts.
Signed-off-by: Oto Šťáva <oto.stava@gmail.com>
(cherry picked from commit
1e93208bd2c605704b19fe8b04025c20c17e808d)
Hauke Mehrtens [Sat, 27 Jan 2024 23:24:42 +0000 (00:24 +0100)]
mac80211: Update to version 5.15.148-1
This update mac80211 to version 5.15.148-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.
The following patch was integrated into upstream Linux:
package/kernel/mac80211/patches/subsys/352-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Lech Perczak [Sun, 21 Jan 2024 23:34:34 +0000 (00:34 +0100)]
ath79: add Ubiquiti Rocket M XW as alternate name to Bullet M XW
Ubiquiti Rocket M XW is a single-band, 2x2:2 external Wi-Fi AP, with optional
GPS receiver, with two external RP-SMA antenna connections, based on
AR9342 SoC. Two band variants exists, for 2.4GHz and 5GHz band, usable
with the same image.
Specs:
- CPU: Atheros AR9342 MIPS SoC at 535MHz
- RAM: 64MB DDR400
- ROM: 8MB SPI-NOR in SO16W package, MX25L6408E
- Wi-Fi Atheros AR9342 built-in 2x2:2 radio
- Ethernet: Atheros AR8035 PHY, limited to 100Mbps speeds due to
magnetics
- Power: 24V passive PoE input.
Installation: please refer to Ubiquiti Bullet M2HP for documentation.
The device runs with exactly same image as the Bullet, and after fixes
in preceding commit, is fully functional again. Add the alternative name
to the build system.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit
54387fddead1094774187cedfe07cc8a47f5fe2c)
Lech Perczak [Sun, 21 Jan 2024 23:14:16 +0000 (00:14 +0100)]
ath79: ubnt-bullet-m-xw: fix Ethernet PHY traffic
Since commit
6f2e1b7485f0 ("ath79: disable delays on AT803X config init")
Ubiquiti XW boards equipped with AR8035 PHY suffered from lack of
outbound traffic on the Ethernet port. This was caused by the fact, the
U-boot has set this during boot and it wasn't reset by the PHY driver,
and the corresponding setting in device tree was wrong.
Set the 'phy-mode = "rgmii-txid"' at the ð0, and drop this property
from PHY node, as it is not parsed there. This causes the device to
connect using Ethernet once again.
Fixes: db4b6535f837 ("ath79: Add support for Ubiquity Bullet M (XW)")
Fixes: 6f2e1b7485f0 ("ath79: disable delays on AT803X config init")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit
a9b2ba4d7ba06e1ac4ff7da3eb9b4038b94d9fbb)
Lech Perczak [Thu, 4 Jan 2024 00:22:26 +0000 (01:22 +0100)]
ath79: ubnt,bullet-m-xw: set PHY max-speed to 100Mbps
Onboard AR8035 PHY supports 1000Base-T operation, but onboard
Ethernet magnetics do not. Reduce advertised link speeds to 100Mbps and
lower.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit
d406777fb14c84e82f51bab059631af70cf6d5c9)
orangepizza [Mon, 29 Jan 2024 02:37:43 +0000 (11:37 +0900)]
mbedtls: security bump to version 2.28.7
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:
* Timing side channel in private key RSA operations (CVE-2024-23170)
Mbed TLS is vulnerable to a timing side channel in private key RSA
operations. This side channel could be sufficient for an attacker to
recover the plaintext. A local attacker or a remote attacker who is
close to the victim on the network might have precise enough timing
measurements to exploit this. It requires the attacker to send a large
number of messages for decryption.
* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)
When writing x509 extensions we failed to validate inputs passed in to
mbedtls_x509_set_extension(), which could result in an integer overflow,
causing a zero-length buffer to be allocated to hold the extension. The
extension would then be copied into the buffer, causing a heap buffer
overflow.
Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
(cherry picked from commit
920414ca8848fe1b430e436207b4f8c927819368)
(cherry picked from commit
b5c728948c976f0614c85aa5418af3a44424b511)
Jo-Philipp Wich [Tue, 23 Jan 2024 08:07:16 +0000 (09:07 +0100)]
jsonfilter: update to Git HEAD (2024-01-23)
013b75ab0598 jsonfilter: drop legacy json-c support
594cfa86469c main: fix spurious premature parse aborts in array mode
Fixes: https://bugs.openwrt.org/?task_id=3683
Fixes: https://github.com/openwrt/openwrt/issues/8703
Fixes: https://github.com/openwrt/openwrt/issues/11649
Fixes: https://github.com/openwrt/openwrt/issues/12344
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
33f15dd6d41873b02eb8895b8886763659f1390c)
Hauke Mehrtens [Sun, 21 Jan 2024 11:49:29 +0000 (12:49 +0100)]
kernel: bump 5.10 to 5.10.208
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.207
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.208
All patches automatically rebased.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Rafał Miłecki [Thu, 2 Nov 2023 08:08:54 +0000 (09:08 +0100)]
bcm53xx: add the latest fix version of brcm_nvram
It was just sent for upstream.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
943bd3c9f6244c928cd168302d638a6a218fd4e6)
Rafał Miłecki [Thu, 18 Jan 2024 09:26:36 +0000 (10:26 +0100)]
bcm53xx: backport brcm_nvram changes needed for fix patch
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Sun, 14 May 2023 10:08:09 +0000 (12:08 +0200)]
kernel: use upstream firmware patch for Broadcom's NVRAM
This replaces our 2 downstream patches.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
ecd9abc8c08288789af0b5ea245b29cf60a86519)
David Bauer [Thu, 11 Jan 2024 12:05:39 +0000 (13:05 +0100)]
ath79: read back reset register
Read back the reset register in order to flush the cache. This fixes
spurious reboot hangs on TP-Link TL-WDR3600 and TL-WDR4300 with Zentel
DRAM chips.
This issue was fixed in the past, but switching to the reset-driver
specific implementation removed the cache barrier which was previously
implicitly added by reading back the register in question.
Link: freifunk-gluon/gluon#2904
Link: openwrt#13043
Link: https://dev.archive.openwrt.org/ticket/17839
Link:
f8a7bfe1cb2c ("MIPS: ath79: fix system restart")
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit
2fe8ecd880396b5ae25fe9583aaa1d71be0b8468)
Hauke Mehrtens [Mon, 8 Jan 2024 00:39:10 +0000 (01:39 +0100)]
kernel: bump 5.10 to 5.10.206
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.206
All patches automatically rebased.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 7 Jan 2024 22:38:20 +0000 (23:38 +0100)]
kernel: bump 5.10 to 5.10.203
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.203
Removed upstreamed:
backport-5.10/610-v5.13-10-netfilter-nftables-update-table-flags-from-the-commi.patch
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.203&id=
7d1d3f1134254f5fae926f79fc0d94e3d7e2e452
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Lech Perczak [Fri, 15 Dec 2023 16:25:05 +0000 (17:25 +0100)]
raimps: mtk_eth_soc: drop rst_esw from ESW driver
The ESW core needs to be reset together with FE core, so after the
relevant reset controller lines are moved under FE, drop rst_esw and all
related code, which would not execute anyway, because rst_esw would be
NULL. While at that, ensure that if reset line for EPHY cannot be
claimed, a proper error message is reported.
Fixes: 60fadae62b64 ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Co-developed-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
[Split out of the bigger commit, provide commit mesage, refactor error
handling]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit
f393ffcac163926bf9dbbda47c25cc7809952609)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Maxim Anisimov [Sun, 10 Dec 2023 15:40:39 +0000 (16:40 +0100)]
ramips: dts: mt7628an: reset FE and ESW cores together
Failing to do so will cause the DMA engine to not initialize properly
and fail to forward packets between them, and in some cases will cause
spurious transmission with size exceeding allowed packet size, causing a
kernel panic.
Fixes: 60fadae62b64 ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
[Provide commit description, split into logical changes]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit
f87b66507e9245e6e02dbc76e2e7b27c9e0bf364)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Lech Perczak [Mon, 11 Dec 2023 23:25:02 +0000 (00:25 +0100)]
ramips: dts: rt5350: reset FE and ESW cores together
Failing to do so will cause the DMA engine to not initialize properly
and fail to forward packets between them, and in some cases will cause
spurious transmission with size exceeding allowed packet size, causing a
kernel panic.
This is behaviour of downstream driver as well, however I
haven't observed bug reports about this SoC in the wild, so this
commit's purpose is to align this chip with all other SoC's - MT7620
were already using this arrangement.
Fixes: #9284
Fixes: 60fadae62b64 ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit
fc92fecfc7ddf19bbfd7d1305a29c666f00543af)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Lech Perczak [Mon, 11 Dec 2023 23:22:04 +0000 (00:22 +0100)]
ramips: dts: rt3050: reset FE and ESW cores together
Failing to do so will cause the DMA engine to not initialize properly
and fail to forward packets between them, and in some cases will cause
spurious transmission with size exceeding allowed packet size, causing a
kernel panic.
This is behaviour of downstream driver as well, however I
haven't observed bug reports about this SoC in the wild, so this
commit's purpose is to align this chip with all other SoC's - MT7620
were already using this arrangement.
Fixes: 60fadae62b64 ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit
c5a399f372535886582f89f3da624ae7465c8ff4)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Maxim Anisimov [Fri, 8 Dec 2023 05:34:30 +0000 (08:34 +0300)]
ramips: dts: rt3352: reset FE and ESW cores together
Failing to do so will cause the DMA engine to not initialize properly
and fail to forward packets between them, and in some cases will cause
spurious transmission with size exceeding allowed packet size, causing a
kernel panic.
Fixes: 60fadae62b64 ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
[Provide commit description, split into logical changes]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit
8d75b1de0ff7b9e9e0138f822a5475bb8ad7fedf)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Maxim Anisimov [Sun, 10 Dec 2023 15:27:32 +0000 (16:27 +0100)]
ramips: mtk_eth_soc: wait longer after FE core reset to settle
Enabling the FE core too early causes the system to hang during boot
uncondtionally, after the reset is released. Increate it to 1-1.2ms
range.
Fixes: 60fadae62b64 ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
[Split previous commit, provide rationale]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit
7eb0458c1f7e4f681b16d2721cfc3fcb69774c95)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Lech Perczak [Fri, 15 Dec 2023 16:15:47 +0000 (17:15 +0100)]
ramips: mtk_eth_soc: allow multiple resets
Use devm_reset_control_array_get_exclusive to register multiple
reset lines in FE driver. This is required to reattach ESW reset to FE
driver again, based on device tree bindings.
While at that, remove unused fe_priv.rst_ppe field, and add error
message if getting the reset fails.
Fixes: 60fadae62b64 ("ramips: ethernet: ralink: move reset of the esw into the esw instead of fe")
Co-developed-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
Signed-off-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com>
[Split out of the bigger commit, provide commit mesage, refactor error
handling]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit
3f1be8edee29fe79fc33c88cbd9d647a490410e5)
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Christian Marangi [Sun, 10 Dec 2023 10:43:45 +0000 (11:43 +0100)]
lua5.3: fix typo calling lua53 instead of lua5.3 for Package Default
Fix typo calling lua53 instead of lua5.3 for Package Default definition.
This cause only missing description of the package and doesn't cause
any build regression.
Fixes: c52ca08d4008 ("lua5.3: build shared library")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
25e215c14ee6c9f3d54cd1da46a48d9ffe6b254e)
[ fix conflict with changed URL value ]
Hauke Mehrtens [Sun, 3 Dec 2023 19:02:26 +0000 (20:02 +0100)]
OpenWrt v22.03.6: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sun, 3 Dec 2023 19:02:20 +0000 (20:02 +0100)]
OpenWrt v22.03.6: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Sat, 25 Nov 2023 18:17:14 +0000 (19:17 +0100)]
kernel: bump 5.10 to 5.10.201
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.201
Removed upstreamed:
x86/patches-5.10/120-hwrng-geode-fix-accessing-registers.patch[1]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.201&id=
ffb3483c4b0bff1951e4020b9d73e4c13bf7fe93
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Alexey Bartenev [Mon, 7 Aug 2023 06:18:23 +0000 (02:18 -0400)]
ramips: add support for SNR-CPE-W4N-MT router
General specification:
- SoC Type: MediaTek MT7620N (580MHz)
- ROM: 8 MB SPI-NOR (W25Q64FV)
- RAM: 64 MB DDR (M13S5121632A)
- Switch: MediaTek MT7530
- Ethernet: 5 ports - 5×100MbE (WAN, LAN1-4)
- Wireless 2.4 GHz: b/g/n
- Buttons: 1 button (RESET)
- Bootloader: U-Boot 1.1.3, MediaTek U-Boot: 5.0.0.5
- Power: 12 VDC, 1.0 A
Flash by the native uploader in 2 stages:
1. Use the native uploader to flash an initramfs image. Choose
openwrt-ramips-mt7620-snr_cpe-w4n-mt-initramfs-kernel.bin file by
"Administration/Management/Firmware update/Choose File" in vendor's
web interface (ip: 192.168.1.10, login: Admin, password: Admin).
Wait ~160 seconds.
2. Flash a sysupgrade image via the initramfs image. Choose
openwrt-ramips-mt7620-snr_cpe-w4n-mt-squashfs-sysupgrade.bin
file by "System/Backup/Flash Firmware/Flash image..." in
LuCI web interface (ip: 192.168.1.1, login: root, no password).
Wait ~240 seconds.
Flash by U-Boot TFTP method:
1. Configure your PC with IP 192.168.1.131
2. Set up TFTP server and put the
openwrt-ramips-mt7620-snr_cpe-w4n-mt-squashfs-sysupgrade.bin
image on your PC
3. Connect serial port (57600 8N1) and turn on the router.
Then interrupt "U-Boot Boot Menu" by hitting 2 key (select "2:
Load system code then write to Flash via TFTP.").
Press Y key when show "Warning!! Erase Linux in Flash then burn
new one. Are you sure? (Y/N)"
Input device IP (192.168.1.1) ==:192.168.1.1
Input server IP (192.168.1.131) ==:192.168.1.131
Input Linux Kernel filename () ==:
openwrt-ramips-mt7620-snr_cpe-w4n-mt-squashfs-sysupgrade.bin
3. Wait ~120 seconds to complete flashing
Signed-off-by: Alexey Bartenev <41exey@proton.me>
(cherry picked from commit
7796c2d7ef5ff465c8c75ee294b0b5fb3165f4b9)
[Fix merging conflict]
Signed-off-by: Alexey Bartenev <41exey@proton.me>
Rosen Penev [Tue, 27 Sep 2022 22:35:41 +0000 (15:35 -0700)]
tools: fix firmware-utils depends
When firmware-utils was converted to use cmake, the dependency was not
updated.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
b71affaf8bec62e3c12298b9ac399ef51cedcac7)
Rosen Penev [Sat, 24 Sep 2022 23:57:40 +0000 (16:57 -0700)]
tools/cmake: Build without some included libs
Saves a little bit of time when compiling cmake.
Added patches to fix searching liblzma and zlib. The issue is that
because pkgconfig is not used, the system libraries get used.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
3848cf458ef998fc9971edd6a01cc9cdb43fbef9)
Rosen Penev [Sun, 25 Sep 2022 00:11:52 +0000 (17:11 -0700)]
tools/expat: build with autotools again
Allows to set expat as a dependency to cmake and save on compilation
time.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
89df3589e6237e5ad9b5cdd9f87c82987b200e37)
Rosen Penev [Sun, 25 Sep 2022 07:22:24 +0000 (00:22 -0700)]
tools/zlib: switch to configure script
A future commit will make tools/cmake use this.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit
d602e7a969922121800e8f24d81cecdaab3aae75)
Hauke Mehrtens [Sun, 19 Nov 2023 13:42:24 +0000 (14:42 +0100)]
kernel: bump 5.10 to 5.10.200
All patches automatically rebased.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Nick Hainke [Fri, 10 Nov 2023 08:01:56 +0000 (09:01 +0100)]
wolfssl: update to 5.6.4
Releae Notes:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.4-stable
Remove upstreamed patch:
- 001-fix-detection-of-cut-tool-in-configure.ac.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit
d83231603c60a1df7d0530c8766f0b71c6553b44)
Hauke Mehrtens [Wed, 1 Nov 2023 21:10:46 +0000 (22:10 +0100)]
urngd: update to version 2023-11-01
Fix compilation with glibc
44365eb Deactivate _FORTIFY_SOURCE in jitterentropy-base.c
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
d62726b1e44f785d543e4625b19ca1f628adda6c)
Hauke Mehrtens [Fri, 13 Oct 2023 22:37:34 +0000 (00:37 +0200)]
mbedtls: Update to version 2.28.5
This fixes some minor security problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[Removed 100-x509-crt-verify-SAN-iPAddress.patch for 22.03]
(cherry picked from commit
9e1c5ad4b0c99c45927ccd44504cd8fdbbd03bb0)
Hauke Mehrtens [Sat, 7 Oct 2023 19:07:20 +0000 (21:07 +0200)]
bsdiff: Add patches for CVEs
Add two patches from Debian fixing CVEs in the bsdiff application.
CVE-2014-9862: Heap vulnerability in bspatch
CVE-2020-14315: Memory Corruption Vulnerability in bspatch
Copied the patches from this location:
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/20-CVE-2014-9862.patch
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/33-CVE-2020-14315.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit
cac723e8b8748938b8d80603578c60189fc32b24)
Yuu Toriyama [Sat, 2 Sep 2023 07:21:09 +0000 (16:21 +0900)]
wireless-regdb: update to 2023.09.01
Changes:
9dc0800 wireless-regdb: Update regulatory rules for Philippines (PH)
111ba89 wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines
ae1421f wireless-regdb: Update regulatory info for Türkiye (TR)
20e5b73 wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
991b1ef wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit
0e13363de6879a1a8b7d4d2739c92122f2df693e)
Tomasz Maciej Nowak [Wed, 16 Aug 2023 18:28:01 +0000 (20:28 +0200)]
ath79: image: allow changing kernel option in mkubntimage
Backport didn't include changes to mkubntimage invocation, which allowed
to pass arguments. This in result produces broken routerstation factory
images, which have kernel embedded as kernel partition instead of LZMA
loader.
Fixes: #13260
Fixes: 8e09f9ffc3cc ("ath79: switch some RedBoot based devices to OKLI loader")
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Christian Marangi [Sun, 12 Nov 2023 18:14:46 +0000 (19:14 +0100)]
scripts/dump-target-info.pl: add new function to DUMP devices
Add new function to dump-targer-info.pl to DUMP devices provided a
matching target/subtarget.
Example:
./scripts/dump-targer-info.pl devices ipq806x/generic
will produce the sorted list of devices defined in the following format:
device_id device_name
Devices may have alternative names, the script will dump each
alternative name in the same line of device_id.
Following the pattern:
device_id "PRIMARY DEVICE NAME" "ALT0 DEVICE NAME" "ALT1 DEVICE NAME" ...
Example:
tplink_ad7200 "TP-Link AD7200 v1/v2" "TP-Link Talon AD7200 v1/v2"
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
943c153cdd695904b9b7fe44800fc3546644973e)
Petr Štetiar [Thu, 15 Jun 2023 14:11:27 +0000 (16:11 +0200)]
treewide: fix shell errors during dump stage
Fixes following issues:
bash: -c: line 1: `echo
1686820180<LINUX_VERMAGIC> | /staging_dir/host/bin/mkhash md5 | cut -b1-8'
bash: -c: line 1: `echo
1686820180<LINUX_VERMAGIC> | /staging_dir/host/bin/mkhash md5 | sed -E 's/(.{8})(.{4})(.{4})(.{4})(.{10})../\1-\2-\3-\4-\500/''
bash: -c: line 1: syntax error near unexpected token `|'
bash: line 1: *1024*1024: syntax error: operand expected (error token is "*1024*1024")
bash: line 1: (64 + ): syntax error: operand expected (error token is ")")
expr: syntax error: missing argument after '+'
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
8fc496be860192f8bd1f16913657626014c8863f)
[ fix merge conflicts, adapt to 22.03 ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Petr Štetiar [Thu, 15 Jun 2023 14:11:26 +0000 (16:11 +0200)]
scan.mk: do not silence output of dump phase
Make it easier to spot currently hidden issues:
$ make defconfig V=sc
...
Collecting target info: target/linux/airohabash: -c: line 1: syntax error near unexpected token `|'
bash: -c: line 1: `echo
1686815253<LINUX_VERMAGIC> | staging_dir/host/bin/mkhash md5 | cut -b1-8'
bash: -c: line 1: syntax error near unexpected token `|'
bash: -c: line 1: `echo
1686815253<LINUX_VERMAGIC> | staging_dir/host/bin/mkhash md5 | sed -E 's/(.{8})(.{4})(.{4})(.{4})(.{10})../\1-\2-\3-\4-\500/''
...
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit
b522da5b16c7e5952d364b933b921786198f9fe5)
Christian Marangi [Sun, 12 Nov 2023 15:15:07 +0000 (16:15 +0100)]
scripts/getver.sh: prevent asking for negative rev-parse
With the case of asking an invalid version that is too big, getver.sh
might return an invalid output in the form of HEAD~-
2260475641.
This is caused by BASE_REV - GET_REV using a negative number.
Prevent this by checking if BASE_REV - GET_REV actually return 0 or a
positive number and set REV variable accordingly. With the following
change, invalid revision number will result in unknown printed instead
of the invalid HEAD~-NUMBERS output.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
9e49e0a6c4535d345084cc62c594be5cad23b911)
Christian Marangi [Wed, 8 Nov 2023 15:48:05 +0000 (16:48 +0100)]
hostapd: permit also channel 7 for 2.5GHz to be set to HT40PLUS
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
b1c7b1bd67ca40289dfb7acd03e12ce43618d548)
[ rework for openwrt-22.03 ]
Christian Marangi [Wed, 8 Nov 2023 15:46:12 +0000 (16:46 +0100)]
hostapd: fix broke noscan option for mesh
noscan option for mesh was broken and actually never applied.
This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
1b5ea2e199fcf391f88afd0322de449459399be4)
[ rework for openwrt-22.03 ]
Christian Marangi [Wed, 8 Nov 2023 15:44:38 +0000 (16:44 +0100)]
mac80211: fix not set noscan option for wpa_supplicant
noscan option was changed to hostapd_noscan but the entry in
wpa_supplicant was never updated resulting in the noscan option actually
never set.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit
1070fbce6e496da2dacf17c6e842a4369c4be71b)
[ rework for openwrt-22.03 ]
Jeffery To [Wed, 31 May 2023 13:58:34 +0000 (21:58 +0800)]
build: export GIT_CEILING_DIRECTORIES for package builds
A package may run git as part of its build process, and if the package
source code is not from a git checkout, then git may traverse up the
directory tree to find buildroot's repository directory (.git).
For instance, Poetry Core, a Python build backend, will read the
contents of .gitignore for paths to exclude when creating a Python
package. If it finds buildroot's .gitignore file, then Poetry Core will
exclude all of the package's files[1].
This exports GIT_CEILING_DIRECTORIES for both package and host builds so
that git will not traverse beyond $(BUILD_DIR)/$(BUILD_DIR_HOST).
[1]: https://github.com/python-poetry/poetry/issues/5547
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit
f597f34f3afa7bba8a2606490617688f1cea5a44)
Rafał Miłecki [Mon, 6 Nov 2023 12:28:56 +0000 (13:28 +0100)]
bcm53xx: refresh kernel config
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hauke Mehrtens [Sat, 28 Oct 2023 12:07:50 +0000 (14:07 +0200)]
kernel: bump 5.10 to 5.10.199
All patches automatically rebased.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Hauke Mehrtens [Fri, 27 Oct 2023 18:52:53 +0000 (20:52 +0200)]
kernel: bump 5.10 to 5.10.198
All patches automatically rebased.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Andrey Erokhin [Wed, 22 Mar 2023 15:27:01 +0000 (16:27 +0100)]
toolchain: gcc: backport v11.3.0 fix for false positive VLA params warnings
If the vla parameter has a const specifier, the compiler will warn about
mismatched bounds:
$ cat mwe.c
extern void mwe(const int len, char buf[len]);
void mwe(const int len, char buf[len]) {}
$ make CFLAGS=-Wvla-parameter mwe.o
cc -Wvla-parameter -c -o mwe.o mwe.c
mwe.c:2:30: warning: argument 2 of type ‘char[len]’ declared with mismatched bound ‘len’ [-Wvla-parameter]
2 | void mwe(const int len, char buf[len]) {}
| ~~~~~^~~~~~~~
mwe.c:1:37: note: previously declared as ‘char[len]’ with bound ‘len’
1 | extern void mwe(const int len, char buf[len]);
| ~~~~~^~~~~~~~
On some code bases it might result in a lot of false positive warnings,
which can indeed be easily disabled, but on the other this workaround
might hide some real issues, so lets rather fix the compiler and make it
more reliable.
References: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101289
Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [commit message]
Shiji Yang [Fri, 14 Jul 2023 15:09:55 +0000 (23:09 +0800)]
ath79: increase the rfkill debounce interval for TP-Link Archer C7 v2
Due to circuit issue or silicon defect, sometimes the WiFi switch button
of the Archer C7 v2 can be accidentally triggered multiple times in one
second. This will cause WiFi to be unexpectedly shut down and trigger
'irq 23: nobody cared'[1] warning. Increasing the key debounce interval
to 1000 ms can fix this issue. This patch also add the missing rfkill
key label.
[1] Warning Log:
```
[87765.218511] irq 23: nobody cared (try booting with the "irqpoll" option)
[87765.225331] CPU: 0 PID: 317 Comm: irq/23-keys Not tainted 5.15.118 #0
...
[87765.486246] handlers:
[87765.488543] [<
85257547>] 0x800c29a0 threaded [<
5c6328a2>] 0x80ffe0b8 [gpio_button_hotplug@
4cf73d00+0x1a00]
[87765.498364] Disabling IRQ #23
```
Fixes: https://github.com/openwrt/openwrt/issues/13010
Fixes: https://github.com/openwrt/openwrt/issues/12167
Fixes: https://github.com/openwrt/openwrt/issues/11191
Fixes: https://github.com/openwrt/openwrt/issues/7835
Tested-by: Hans Hasert
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
(cherry picked from commit
e32f70e7066c3110694851eced3301f50019693b)
Rafał Miłecki [Thu, 26 Oct 2023 05:12:36 +0000 (07:12 +0200)]
bcm53xx: backport 1 more late DT patch accepted for v6.7
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
732ae343ffb3ad19978b75a8105d55f5e6d1d435)
Rafał Miłecki [Fri, 13 Oct 2023 11:25:33 +0000 (13:25 +0200)]
bcm53xx: disable unused switch ports in downstream patch
This makes Linux use correct switch ports again.
Fixes: e3d0c7097ee6 ("bcm53xx: backport DT changes from v6.5")
Fixes: https://github.com/openwrt/openwrt/issues/13548
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
a912ee74d6ca08020933dcdb9ce791e74244c25b)
Rafał Miłecki [Tue, 24 Oct 2023 05:40:37 +0000 (07:40 +0200)]
bcm53xx: backport DT changes queued for v6.7
Among other changes this commit makes Linux use correct switch ports
again.
Fixes: e3d0c7097ee6 ("bcm53xx: backport DT changes from v6.5")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
a67af19bc84e98588c307af9b08686bde9dd38d5)
Rafał Miłecki [Fri, 13 Oct 2023 10:57:35 +0000 (12:57 +0200)]
bcm53xx: simplify patch adding switch ports
We now have all raw ports defined in bcm-ns.dtsi. Leave only lables in
custom device files.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit
08ce0c76d7d7daad5e9382d51960d69f4b8b8f3a)