Changes:
1bb4162 libnl-3.7.0 release
897ec9c route: act: Allow full set of actions on gact,skbedit,mirred
00e46f1 Use print() function in both Python 2 and Python 3
083c1b6 sriov: fix setting ce_mask when parsing VF stat counter
2e9a4f7 Fix typos and errors
cc87ad2 changelog: update URL to git history
bde0b4c changelog: fix typos in ChangeLog
44988e6 route: format recently added code with clang-format
df6e38b route/act: add NAT action
7304c42 route: format recently added code with clang-format
f8eb218 cls: flower: extend flower API
e5dc111 flower: use correct attribute when filling out flags
df6058c tests: merge branch 'th/test-link'
9772c1d tests: add unit tests for creating links
4713b76 github: run unit tests several times and directly
8025547 github: export NLTST_SEED_RAND= to randomize unit tests
7efeca2 tests: add test utils
f6f4d36 tests: reformat unit test files with clang-format
135a706 utils: add _NL_AUTO_DEFINE_FCN_STRUCT() macro
0ea11be utils: add _nl_thread_local macro
9b04936 route: fix crash caused by parse_multipath() by wrong free()
2effffe route/link: Set the cache ops when cloning a link
5ecd56c route/link: add lock around rtnl_link_af_ops_put()
e1a077a route/link: avoid accessing af_ops after af_free() in rtnl_link_set_family()
3f4f1dd xfrm/sa: fix reference counters of sa selector addresses
d3c783f all: merge branch 'th/coverity-fixes'
23a75c5 xfrm: fix uninitalized variables in build_xfrm_ae_message()
d52dbcb route: fix check for NULL in nh_encap_dump()
1f61096 route/qdisc/mqprio: fix bufferoverflow and argument checking in rtnl_qdisc_mqprio_set_*()
f918c3a route/sriov: fix buffer overflow in rtnl_link_sriov_parse_vflist()
d4c7972 all: fix "-Wformat" warnings for nl_dump*()
6b2f238 netlink/utils.h: mark nl_dump() with __attribute__((format(printf,a,b)))
d3bd278 netlink/utils.h: add internal _nl_attribute_printf macro for public headers
a30b26d socket: workaround undefined behavior coverity warning in generate_local_port()
8acf6d5 nl-pktloc-lookup: fix buffer overflow when printing alignment
bf3585f route/link/sriov: fix initializing vlans in rtnl_link_sriov_clone()
dd06d22 route/qdisc/netem: fix bogus "%" in format string netem_dump_details()
f50a802 route/u32: fix u32_dump_details() to print data
fa79ee3 link/vrf: avoid coverity warning in rtnl_link_vrf_set_tableid() about CONSTANT_EXPRESSION_RESULT
31380f8 utils: suppress coverity warning in nl_cli_load_module() about leaked handle
aa398b5 route/ip6vti,ip6gre: fix printing invalid data in ip6{vti,gre}_dump_details()
40683cc netlink/private: add internal helper utils
6615dc0 route/link: workaround coverity warning about leak in rtnl_link_set_type()
ff5ef61 all: avoid coverity warnings about assigning variable but not using it
f58a3c0 route/mdb: check parser error in mdb_msg_parser() for nested MDBA_MDB attribute
46506d3 route/mdb: add and use rtnl_mdb_entry_free() internal helper method
46e85d2 route/mdb: fix leak in mdb_msg_parser()
b0641dd route/mdb: add _nl_auto_rtnl_mdb cleanup macro
d544105 route/mdb: fix buffer overflow in mdb_msg_parser()
4d12b63 tests: silently ignore EACCES for setting uid_map for test namespace
ec712a4 tests: cleanup unshare_user() and use _nltst_fclose()
85e3c5d tests: add _assert_nltst_netns() helper
39e4d8d github: test out-of-tree build and "--disable-static"
d63e473 github: build documentation in CI test
fa7f97f build: avoid building check-direct with --disable-static
8c741a7 tools: fix aborting on failure in "tools/build_release.sh" script
e2aa409 doc: fix markup error in "doc/route.txt"
4f3b4f9 doc: fix python2-ism in "doc/resolve-asciidoc-refs.py"
Signed-off-by: Nick Hainke <vincent@systemli.org>
bh_event_add_var can be called by multiple threads concurrently,
so it shall not use a static char buffer
Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
* firmware: intel-microcode: update to 20220809
Debian's changelog by Henrique de Moraes Holschuh <hmh@debian.org>:
* New upstream microcode datafile 20220809
* Fixes INTEL-SA-00657, CVE-2022-21233
Stale data from APIC leaks SGX memory (AEPIC leak)
* Fixes unspecified errata (functional issues) on Xeon Scalable
* Updated Microcodes:
sig 0x00050653, pf_mask 0x97, 2022-03-14, rev 0x100015e, size 34816
sig 0x00050654, pf_mask 0xb7, 2022-03-08, rev 0x2006e05, size 44032
sig 0x000606a6, pf_mask 0x87, 2022-04-07, rev 0xd000375, size 293888
sig 0x000706a1, pf_mask 0x01, 2022-03-23, rev 0x003c, size 75776
sig 0x000706a8, pf_mask 0x01, 2022-03-23, rev 0x0020, size 75776
sig 0x000706e5, pf_mask 0x80, 2022-03-17, rev 0x00b2, size 112640
sig 0x000806c2, pf_mask 0xc2, 2022-03-19, rev 0x0028, size 97280
sig 0x000806d1, pf_mask 0xc2, 2022-03-28, rev 0x0040, size 102400
sig 0x00090672, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
sig 0x00090675, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
sig 0x000906a3, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
sig 0x000906a4, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
sig 0x000a0671, pf_mask 0x02, 2022-03-17, rev 0x0054, size 103424
sig 0x000b06f2, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
sig 0x000b06f5, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* bcm27xx-gpu-fw: update to latest version
Multiple firmware fixes needed for kernel updates.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm27xx-gpu-fw: update to latest version
Latest GPU FW contains multiple fixes and improvements.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm63xx-cfe: update to the latest master
e5050f3 linksys: ea9500-v2: add cferam file
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* nat46: fix translation of ICMP protocols parameter problem and unreachable
9b3a819 nat46-core: Fix translation of ICMP protocols parameter problem and unreachable (#27)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nat46: update to latest git HEAD
1fdf2a3 Fix kernel panic due to device deletion (#29)
e7b48d1 add the mutex lock for create/delete/config/insert nat46 devices to fix nat46 module crash issues. (#28)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nat46: update to latest git HEAD
d9bc161 nat46-core: Fix typo since day one (#31)
840e235 Fix coverity issues observed so far (#30)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nat46: update to git HEAD
95ca1c3 nat46-core: ignore IPv4 options when translating packets
39778c2 add a module argument to ignore TOS translate for IPv4
9a36ee1 add a module argument to ignore TOS translate for IPv4
79190a8 add a module argument to ignore TOS translate for IPv4
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mwlwifi: fix 5.15 kernel support
Fix compilation and usage under kernel 5.15 for the mwlwifi driver.
For detailed description of changes, check individual patches.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
* rtl8812au-ct: Fix compile
Replace the extern inline with a static inline. With extern inline the
compiler will generate the function in all compile units including this
file which breaks linking later.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Christian Lamparter <chunkeey@gmail.com>
Co-authored-by: Álvaro Fernández Rojas <noltari@gmail.com>
Co-authored-by: Rafał Miłecki <rafal@milecki.pl>
Co-authored-by: Hans Dedecker <dedeckeh@gmail.com>
Co-authored-by: Robert Marko <robert.marko@sartura.hr>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Some copper SFP modules come with Marvell's 88E1xxx PHY and need this
module to function. Package it, so users can easily install this PHY
driver and use e.g. FINISAR CORP. FCLF-8521-3-HC SFP.
Without marvell PHY driver:
sfp sfp2: module FINISAR CORP. FCLF-8521-3-HC rev A sn XXXXXXX dc XXXXXX
mt7530 mdio-bus:1f sfp2: validation with support 0000000,00000000,00000000 failed: -22
sfp sfp2: sfp_add_phy failed: -22
With marvell PHY driver:
sfp sfp2: module FINISAR CORP. FCLF-8521-3-HC rev A sn XXXXXXX dc XXXXXX
mt7530 mdio-bus:1f sfp2: switched to inband/sgmii link mode
mt7530 mdio-bus:1f sfp2: PHY [i2c:sfp2:16] driver [Marvell 88E1111] (irq=POLL)
mt7530 mdio-bus:1f sfp2: Link is Up - 1Gbps/Full - flow control rx/tx
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fix mmc_write_vol hush script used by many boards to avoid timeouts on
slow SD cards:
Instead of erasing a complete partition, only erase blocks for the
to-be-written image when writing to MMC.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add kernel package 'mt7916-firmware' with firmware files for MT7916E devices.
These share the same driver as the MT7915 chipset, but use their own firmware.
Tested using a pair of AsiaRF AW7916-NPD cards.
Signed-off-by: Andrew Powers-Holmes <aholmes@omnom.net>
The 'fxload' tool contained in the examples provided with libusb is
actually useful and turns out to be the only way to load firmware into
some rather ancient EZ-USB microcontrollers made by Cypress (formerly
Anchor Chips).
The original 'fxload' tool from hotplug-linux has been abandonned long
ago and requires usbfs to be mounted in /proc/bus/usb/ (like it was in
Linux 2.4...).
Hence the best option is to package the modern 'fxload' from the libusb
examples which (unsurprisingly) uses libusb and works on modern
systems.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
This backports a commit which fixes a use after free bug in awk.
CVE-2022-30065 description:
A use-after-free in Busybox 1.35-x's awk applet leads to denial of
service and possibly code execution when processing a crafted awk
pattern in the copyvar function.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.
CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
