Several devices provide U-Boot versions with only gzip compressed kernel
support (e.g. Realtek switches). This compression method produces larger
images than lzma. To save space on flash and avoid going the hard way with
lzma-loader we can make use of enhanced gzip tool based on libdeflate
compression library from https://github.com/ebiggers/libdeflate. It
keeps 100% deflate/gzip compatibility while improving compression ratio.
The image can be unpacked by the default inflate routines inside U-Boot.
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
[Switched to v1.15 and made it work with cmake]
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Rosen Penev <rosenp@gmail.com>
Reviewed-by: Sander Vanheule <sander@svanheule.net>
* kernel: bump 5.15 to 5.15.86
Removed upstreamed:
pending-5.15/101-Use-stddefs.h-instead-of-compiler.h.patch[1]
ipq60xx/patches-5.15/0171-arm64-dts-qcom-ipq6018-cp01-c1-use-BLSPI1-pins.patch
ipq806x/patches-5.15/122-01-clk-qcom-clk-krait-fix-wrong-div2-functions.patch[2]
ipq60xx/patches-5.15/0139-arm64-dts-qcom-Correct-QMP-PHY-child-node-name.patch
ipq60xx/patches-5.15/0005-v5.16-arm64-dts-qcom-Correct-QMP-PHY-child-node-name.patch
ipq807x/patches-5.15/0004-v5.16-arm64-dts-qcom-Correct-QMP-PHY-child-node-name.patch
bcm27xx/patches-5.15/950-0198-drm-fourcc-Add-packed-10bit-YUV-4-2-0-format.patch[3]
Manually rebased:
ramips/patches-5.15/100-PCI-mt7621-Add-MediaTek-MT7621-PCIe-host-controller-.patch[4]
Added patch/backported:
ramips/patches-5.15/107-PCI-mt7621-Add-sentinel-to-quirks-table.patch[5]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.86&id=c160505c9b574b346031fdf2c649d19e7939ca11
2. Cannot find in the stable tree but it is here: a051e10bfc
3. ec1727f89e
4. Quilt gave this output when I applied the patch to rebase it:
% quilt push -f
Applying patch platform/100-PCI-mt7621-Add-MediaTek-MT7621-PCIe-host-controller-.patch
patching file arch/mips/ralink/Kconfig
patching file drivers/pci/controller/Kconfig
patching file drivers/pci/controller/Makefile
patching file drivers/staging/Kconfig
patching file drivers/staging/Makefile
patching file drivers/staging/mt7621-pci/Kconfig
patching file drivers/staging/mt7621-pci/Makefile
patching file drivers/staging/mt7621-pci/TODO
patching file drivers/staging/mt7621-pci/mediatek,mt7621-pci.txt
patching file drivers/staging/mt7621-pci/pci-mt7621.c
Hunk #1 FAILED at 1.
Not deleting file drivers/staging/mt7621-pci/pci-mt7621.c as content differs from patch
1 out of 1 hunk FAILED -- saving rejects to file drivers/staging/mt7621-pci/pci-mt7621.c.rej
patching file drivers/pci/controller/pcie-mt7621.c
Applied patch platform/100-PCI-mt7621-Add-MediaTek-MT7621-PCIe-host-controller-.patch (forced; needs refresh)
Upon inspecting drivers/staging/mt7621-pci/pci-mt7621.c.rej, it seems that
the original patch wants to delete drivers/staging/mt7621-pci/pci-mt7621.c
but upstream's version was not an exact match. I opted to delete that file
and need some feedback. Was that the correct course of action?
5. Suggestion by hauke: 19098934f9
"This patch is in upstream kernel, but it was backported to the old
staging driver in kernel 5.15."
Build system: x86_64
Build-tested: bcm2711/RPi4B, filogic/xiaomi_redmi-router-ax6000-ubootmod
Run-tested: bcm2711/RPi4B, filogic/xiaomi_redmi-router-ax6000-ubootmod
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
* oxnas: sata_oxnas: use ata_link_err
Kernel 5.15.86 has backported ("ata: libata: move ata_{port,link,dev}_dbg
to standard pr_XXX() macros") and this is now causing compilation errors
for oxnas SATA driver due to usage of ata_link_printk().
Upstream has migrated to using the appropriate
ata_link_{err, warn, notice, info} calls a while ago so its not affected.
Lets do the same for oxnas SATA driver and use ata_link_err() instead of
ata_link_printk().
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
Co-authored-by: John Audia <therealgraysky@proton.me>
Co-authored-by: Robert Marko <robimarko@gmail.com>
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Fixes the following CVEs:
* CVE-2022-46393: Fix potential heap buffer overread and overwrite in
DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
* CVE-2022-46392: An adversary with access to precise enough information
about memory accesses (typically, an untrusted operating system
attacking a secure enclave) could recover an RSA private key after
observing the victim performing a single private-key operation if the
window size used for the exponentiation was 3 or smaller.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
libpath.so uses host path in ld script causing other packages fail to
cross compile, e.g. perl:
"ld: cannot find /usr/lib/libbsd.so.0.11.6: No such file or directory"
Signed-off-by: Xuefer H <xuefer@gmail.com>
It has been brought to my attention that recently added WCN6855 firmware
is broken as it is getting stripped during building due to being 2 ELF
binaries.
I am sure WCN6750 and any other ELF binaries are having the same issue,
so since stripping firmware binaries is clearly unwanted disable it.
Fixes: b4d3694f81f4 ("linux-firmware: package ath11k consumer cards firmware")
Signed-off-by: Robert Marko <robimarko@gmail.com>
Revert backported upstream commits 421f8663b3a7 and 8d820bc9d12b, which have
introduced a regression in BCMGENET kconfig that disabled the network driver
for the Raspberry Pi.
Fixes: 0c405bceba11 ("kernel: bump 5.15 to 5.15.85")
Fixes: e9008223268c ("kernel: bump 5.15 to 5.15.84")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
WCN6855 exists in 2 HW revisions, but both use the same FW so upstream
just has a symlink for hw2.1 to hw2.0 that I forgot to make.
Fixes: b4d3694f81f4 ("linux-firmware: package ath11k consumer cards firmware")
Signed-off-by: Robert Marko <robimarko@gmail.com>
* uhttpd: update to latest Git HEAD
e3395cd ucode: initialize search path before VM init
8cb3f85 ucode: initialize default library search path
188dea2 utils: accept '?' as path terminator in uh_path_match()
c5eac5d file: support using dynamic script handlers as error pages
290ff88 relay: trigger close if in header read state with pending data
f9db538 ucode: ignore exit exceptions
8ba0b64 cmake: use variables and find_library for dependency
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: use acme hotplug
Reload uhttpd after certificates are renewed with acme.
Reviewed-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Glen Huang <i@glenhuang.com>
* uhttpd: use procd to reload on acme renew
Calling /etc/init.d/uhttpd reload directly in the acme hotplug script
can inadvertently start a stopped instance.
Signed-off-by: Glen Huang <i@glenhuang.com>
* uhttpd: update to latest Git HEAD
2397755 client: fix incorrectly emitting HTTP 413 for certain content lengths
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Glen Huang <i@glenhuang.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Jo-Philipp Wich <jo@mein.io>
Co-authored-by: Glen Huang <i@glenhuang.com>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Most relevant feature for openwrt in this release, supports dynamically
removing hosts from 'hostsdir' supplied host files.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The pwmchip_remove() function returns void now. Fix a compile problem in
the drivers/pwm/pwm-mediatek-ramips.c driver.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In the build of the ramips/mt76x8 target the user gets asked about these
two configuration options, add them to the generic kernel configuration.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The CONFIG_DRM_XEN_FRONTEND configuration symbol is also used by the
layerscape target, move it to the generic kernel configuration.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* rules: fix broken commitcount on alpine system
To generate commitcount we use grep --max-count. This is not present on
alpine grep and cause wrong generation. Use -m as it's just the short
version of --max-count and more portable.
Fixes: #11200
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* image-commands.mk: Be consistent in command invocation
Most/all other tools use the staging dir prefix, gzip should as well.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Acked-by: Christian Marangi <ansuelsmth@gmail.com>
* image: fix device profile specific COMPILE targets
Commit a01d23e75 ("image: always rebuild kernel loaders")
is a step in the right direction, but exposed some issues
and regressions in the makefile.
Some of the files made by device specific COMPILE targets
start with an "append" command (i.e. >> instead of > redirection)
and if the file already exists, the target file is the
input to itself before the first recipe-specified input.
Fixes: a01d23e75 ("image: always rebuild kernel loaders")
Fixes: a7fb589e8 ("image: always rebuild kernel loaders")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
* trusted-firmware-a.mk: use correct CPE ID
There are 2 different CPE IDs on the NVD website:
cpe:/a:arm:trusted_firmware-a
cpe:/o:arm:arm_trusted_firmware
The ID as currently used in trusted-firmware-a.mk does not exist. The
CPE ID using the arm_trusted_firmware product name only lists a few
records for versions 2.2 and 2.3 on the NVD site. The CPE ID using the
trusted_firmware-a product name lists many more records, and actually
has a CVE linked to it. Therefore, use the CPE ID using the
trusted_firmware-a product name.
Fixes: 104d60fe94ce ("trusted-firmware-a.mk: add PKG_CPE_ID")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* fritz-tools: fritz_tffs_nand: exclude oob code when disabled
Skip unnecessary stuff if checking the oob data is disabled.
Signed-off-by: Andre Heider <a.heider@gmail.com>
* fritz-tools: fritz_tffs_nand: get rid of struct tffs_sectors
This doesn't help and "[0]" gets in the way of bounds checks.
Signed-off-by: Andre Heider <a.heider@gmail.com>
* fritz-tools: fritz_tffs_nand: cache already read sector ids
This speeds up the tool significantly, especially when using the "-a"
argument.
Signed-off-by: Andre Heider <a.heider@gmail.com>
* iproute2: add missing libbpf dependency
This patch adds libbpf to the dependencies of tc-mod-iptables.
The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491
LIBBPF_FORCE=on set, but couldn't find a usable libbpf
The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.
Fixes: #9491
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iproute2: update to 6.0.0
Release Notes:
https://lore.kernel.org/netdev/20221004082610.56b04719@hermes.local/t/
Remove upstreamed patch:
- 010-ipstats-Add-param.h-for-musl.patch
Refreshed:
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 170-ip_tiny.patch
- 190-fix-nls-rpath-link.patch
- 200-drop_libbsd_dependency.patch
- 300-selinux-configurable.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
* iproute2: update to 6.1.0
Announcement:
https://lore.kernel.org/netdev/20221214094130.7b11ec2e@hermes.local/T/#t
Refresh patch:
- 170-ip_tiny.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
* tools/xz: update to 5.2.10
Update to latest version.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* Revert "Revert "tools/upx: remove (#10622)""
This reverts commit d3e16f203a.
* kernel: Make use of KERNEL_MAKE
Make use of KERNEL_MAKE in kernel packages were easily possible.
This moves some more code to common places and reduces the number of
lines.
It is defined like this:
KERNEL_MAKE = $(MAKE) $(KERNEL_MAKEOPTS)
KERNEL_MAKEOPTS = -C $(LINUX_DIR) $(KERNEL_MAKE_FLAGS)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: gcc: backport patches to fix build with glibc 2.36
glibc 2.36 changed the definition of enum fsconfig_command, it now
collides with the same definition from sys/mount.h. Remove the include
of linux/fs.h This still compiled with musl too.
This backports a patch which is already in the stable branch of GCC 11
and GCC 12.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: glibc: Update to glibc 2.36
This updates to glibc to version 2.36.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools/llvm: update to 15.0.6
Release Notes:
https://discourse.llvm.org/t/llvm-15-0-0-release/65099https://discourse.llvm.org/t/llvm-15-0-1-released/65380https://discourse.llvm.org/t/llvm-15-0-2-released/65695https://discourse.llvm.org/t/llvm-15-0-3-released/66036https://discourse.llvm.org/t/llvm-15-0-4-released/66337https://discourse.llvm.org/t/llvm-15-0-5-release/66616https://discourse.llvm.org/t/llvm-15-0-6-released/66899
Remove HOST_BUILD_PARALLEL as it's default now.
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Co-authored-by: Christian Marangi <ansuelsmth@gmail.com>
Co-authored-by: Olliver Schinagl <oliver@schinagl.nl>
Co-authored-by: Michael Pratt <mcpratt@pm.me>
Co-authored-by: Stijn Tintel <stijn@linux-ipv6.be>
Co-authored-by: Andre Heider <a.heider@gmail.com>
Co-authored-by: Kien Truong <duckientruong@gmail.com>
Co-authored-by: Nick Hainke <vincent@systemli.org>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Several sunxi devices come with multiple mmc devices. On such devices,
the mmc device order is unpredictable, so using /dev/mmcblk0p2 as root
device doesn't always work, which results in unbootable devices.
For the Banana Pi BPI-R3 in the mediatek target, this has been solved by
defining aliases for the mmc devices in the DTS. Ideally we would do the
same here, but for sunxi-a64 we already use UUID probing, so let's start
with that (5f2ff607e286 ("uboot-sunxi: a64: allow booting directly from
eMMC")).
Since we're building and including u-boot in each supported device
image, and this method has been proven to work fine for a64, let's just
change the default u-boot env file to do the same.
Fixes: e6d9f6fdff ("sunxi: add support for FriendlyARM NanoPi R1")
Co-authored-by: Karl Palsson <karlp@etactica.com>
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
[use UUID in default u-boot env, rewrite commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
nvmem_cell_read return a pointer error when an error occurs. Currently
we convert the pointer error to an int while the rest of the function
return a void* and expcet an error pointer. Fix this PTR_ERR msuse
fixing compilation warning.
Fixes the following compilation warning:
net/ethernet/eth.c: In function 'nvmem_cell_get_mac_address':
net/ethernet/eth.c:547:24: warning: returning 'long int' from a function with return type 'void *' makes pointer from integer without a cast [-Wint-conversion]
547 | return PTR_ERR(mac);
| ^~~~~~~~~~~~
net/ethernet/eth.c: In function 'nvmem_cell_get_mac_address_ascii':
net/ethernet/eth.c:564:24: warning: returning 'long int' from a function with return type 'void *' makes pointer from integer without a cast [-Wint-conversion]
564 | return PTR_ERR(mac_ascii);
| ^~~~~~~~~~~~~~~~~~
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
The patch enabling hardware flow offloading support on the MT7623 SoC
has been merged upstream as of Linux 5.13. Remove our local patch which
wrongly got forward-ported and now actually enables hardware flow
offloading for the MT2701 SoC family (unsupported in OpenWrt).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* kernel: bump 5.10 to 5.10.160
No patches affected by this update.
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
* kernel: bump 5.15 to 5.15.84
Signed-off-by: John Audia <therealgraysky@proton.me>
* kernel: bump 5.4 to 5.4.228
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Co-authored-by: John Audia <therealgraysky@proton.me>
