Upstream in commit 3e1e58d64c3d ("net: add generic selftest support") in
version 5.13 added generic selftests module and usb-net-asix already
depends on it, in version 5.18 via commit 1710b52d7c13 ("net: usb:
smsc95xx: add generic selftest support") it will be used by
usb-net-smsc95xx as well.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This fixes a security problem in ksmbd. It currently has the
ZDI-CAN-18259 ID assigned, but no CVE yet.
Backported from:
8824b7af40cc4f3b5a6a
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Make it possible to setup default WAN interface for devices with built-in LTE
modems, using QMI or MBIM.
Signed-off-by: Andrey Butirsky <butirsky@gmail.com>
Reviewed-by: Lech Perczak <lech.perczak@gmail.com>
These will be used to give WLAN PHYs a specific name based on path specified
in board.json. The platform board.d script can assign a specific order based
on available slots (PCIe slots, WMAC device) and device tree configuration.
This helps with maintaining config compatibility in case the device path
changes due to kernel upgrades.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add a separate firmware package to avoid installing the MT7615 firmware
on all MT7622 target devices by default. Now we only add MT7615 firmware
packages for devices that use MT7615E. This commit also removes the
explicit dependency on kmod-mt7615e to refine the package dependency.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
The mt7915e driver supports MT7915, MT7916 and MT7986 chips. And Only
MT7915 series chips need the MT7915 firmware. To save storage, extract
them from the common code package and create a new package to provide
the firmware.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
The kmod-mt7615-common package does not contain any code that
related to mt7915e Wi-Fi6 driver, so remove it.
Tested on ramips/mt7621: SIM SIMAX1800T
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
* mpc85xx: add support for cpu type 8548
8540 cpu type corresponds to e500v1 core while
8548 cpu type corresponds to e500v2 core
See https://www.nxp.com/products/processors-and-microcontrollers/legacy-mpu-mcus/powerquicc-processors:POWERQUICC_HOME#powerquicc-iii-mpc85xx
and https://www.nxp.com/docs/en/application-note/AN2807.pdf .
Co-authored-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Co-authored-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
* tree-wide: Do not use package librt and libpthread
The libraries libpthread, libdl, libutil, libanl have been integrated
into the libc library in version 2.34. it is not needed to explicitly
link them any more.
Most of the functions have been moved from the librt.so into libc.so
some time ago already.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain/binutils: backport stable patches
Add the patches with real changes from the binutils 2.39 stable branch.
I am not aware that we ran into any of these problems, but I think it is
better to take the existing stable patches.
They were exported like this:
git format-patch binutils-2_39...origin/binutils-2_39-branch
I removed the patches changing the version numbers only.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain/binutils: switch to version 2.39 by default
This was build tested with all core packages on all targets
successfully.
This was run tested on the following systems:
* lantiq/xrx200 musl
* sunxi/cortex53 musl
* x86/64 musl
* x86/64 glibc
Some trusted firmware arm builds needed some fixes to build with
binutils 2.39, this was merged before.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools: Improve diffability/maintainability
There's no purpose to squish multiple tools into a single line (and
spread those out over multiple lines). It might look 'nice' in certain
conditions, but it's annoying to maintain.
For example, but not limited to:
* adding/removing tools, causes hard to read diffs
* Duplicates are harder to spot
* Sorting can not be (easily?) automated
With this proposed change, the above annoyances go away. Inserting a new
tool can be done with a single line-change-diff, sorting can be done by
any editor (in vi, select, :sort for example) and dupes are much easier
to spot.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
* rules: drop -Wno-error additional flags from default TARGET_CFLAGS
We currently enable -Wno-error=unused-but-set-variable and
-Wno-error=unused-result by default on every compile package.
While this is (relatively) unharmful, we should follow other project
direction and starts enforcing good code quality. For example the linux
kernel recently started to enforce Wall by default and clean code is
mandatory for inclusion.
Drop for good these flags and and make it mandatory to correctly handle
return values at least with a warning log if they are not strictly error
condition.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* bridger: update to the latest version
def7755c459d add missing copyright headers
f68307fd96d7 add hairpin mode support
9ee8f433ba4e nl: do not pass NDA_VLAN with vid=0
978c1f9eed07 add support for the bridge port isolated flag
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Šimon Bořek <simon.borek@nic.cz>
Co-authored-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Co-authored-by: Pali Rohár <pali@kernel.org>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Olliver Schinagl <oliver@schinagl.nl>
Co-authored-by: Christian Marangi <ansuelsmth@gmail.com>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Fixes the following CVEs:
* CVE-2022-46393: Fix potential heap buffer overread and overwrite in
DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
* CVE-2022-46392: An adversary with access to precise enough information
about memory accesses (typically, an untrusted operating system
attacking a secure enclave) could recover an RSA private key after
observing the victim performing a single private-key operation if the
window size used for the exponentiation was 3 or smaller.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
libpath.so uses host path in ld script causing other packages fail to
cross compile, e.g. perl:
"ld: cannot find /usr/lib/libbsd.so.0.11.6: No such file or directory"
Signed-off-by: Xuefer H <xuefer@gmail.com>
It has been brought to my attention that recently added WCN6855 firmware
is broken as it is getting stripped during building due to being 2 ELF
binaries.
I am sure WCN6750 and any other ELF binaries are having the same issue,
so since stripping firmware binaries is clearly unwanted disable it.
Fixes: b4d3694f81f4 ("linux-firmware: package ath11k consumer cards firmware")
Signed-off-by: Robert Marko <robimarko@gmail.com>
WCN6855 exists in 2 HW revisions, but both use the same FW so upstream
just has a symlink for hw2.1 to hw2.0 that I forgot to make.
Fixes: b4d3694f81f4 ("linux-firmware: package ath11k consumer cards firmware")
Signed-off-by: Robert Marko <robimarko@gmail.com>
* uhttpd: update to latest Git HEAD
e3395cd ucode: initialize search path before VM init
8cb3f85 ucode: initialize default library search path
188dea2 utils: accept '?' as path terminator in uh_path_match()
c5eac5d file: support using dynamic script handlers as error pages
290ff88 relay: trigger close if in header read state with pending data
f9db538 ucode: ignore exit exceptions
8ba0b64 cmake: use variables and find_library for dependency
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: use acme hotplug
Reload uhttpd after certificates are renewed with acme.
Reviewed-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Glen Huang <i@glenhuang.com>
* uhttpd: use procd to reload on acme renew
Calling /etc/init.d/uhttpd reload directly in the acme hotplug script
can inadvertently start a stopped instance.
Signed-off-by: Glen Huang <i@glenhuang.com>
* uhttpd: update to latest Git HEAD
2397755 client: fix incorrectly emitting HTTP 413 for certain content lengths
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Glen Huang <i@glenhuang.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Jo-Philipp Wich <jo@mein.io>
Co-authored-by: Glen Huang <i@glenhuang.com>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Most relevant feature for openwrt in this release, supports dynamically
removing hosts from 'hostsdir' supplied host files.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* rules: fix broken commitcount on alpine system
To generate commitcount we use grep --max-count. This is not present on
alpine grep and cause wrong generation. Use -m as it's just the short
version of --max-count and more portable.
Fixes: #11200
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* image-commands.mk: Be consistent in command invocation
Most/all other tools use the staging dir prefix, gzip should as well.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Acked-by: Christian Marangi <ansuelsmth@gmail.com>
* image: fix device profile specific COMPILE targets
Commit a01d23e75 ("image: always rebuild kernel loaders")
is a step in the right direction, but exposed some issues
and regressions in the makefile.
Some of the files made by device specific COMPILE targets
start with an "append" command (i.e. >> instead of > redirection)
and if the file already exists, the target file is the
input to itself before the first recipe-specified input.
Fixes: a01d23e75 ("image: always rebuild kernel loaders")
Fixes: a7fb589e8 ("image: always rebuild kernel loaders")
Signed-off-by: Michael Pratt <mcpratt@pm.me>
* trusted-firmware-a.mk: use correct CPE ID
There are 2 different CPE IDs on the NVD website:
cpe:/a:arm:trusted_firmware-a
cpe:/o:arm:arm_trusted_firmware
The ID as currently used in trusted-firmware-a.mk does not exist. The
CPE ID using the arm_trusted_firmware product name only lists a few
records for versions 2.2 and 2.3 on the NVD site. The CPE ID using the
trusted_firmware-a product name lists many more records, and actually
has a CVE linked to it. Therefore, use the CPE ID using the
trusted_firmware-a product name.
Fixes: 104d60fe94ce ("trusted-firmware-a.mk: add PKG_CPE_ID")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* fritz-tools: fritz_tffs_nand: exclude oob code when disabled
Skip unnecessary stuff if checking the oob data is disabled.
Signed-off-by: Andre Heider <a.heider@gmail.com>
* fritz-tools: fritz_tffs_nand: get rid of struct tffs_sectors
This doesn't help and "[0]" gets in the way of bounds checks.
Signed-off-by: Andre Heider <a.heider@gmail.com>
* fritz-tools: fritz_tffs_nand: cache already read sector ids
This speeds up the tool significantly, especially when using the "-a"
argument.
Signed-off-by: Andre Heider <a.heider@gmail.com>
* iproute2: add missing libbpf dependency
This patch adds libbpf to the dependencies of tc-mod-iptables.
The package tc-mod-iptables is missing libbpf as a dependency,
which leads to the build failure described in bug #9491
LIBBPF_FORCE=on set, but couldn't find a usable libbpf
The build dependency is already automatically added because some other
packages from iproute2 depend on libbpf, but bpftools has multiple build
variants. With multiple build variants none gets build by default and
the build system will not build bpftools before iproute2.
Fixes: #9491
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iproute2: update to 6.0.0
Release Notes:
https://lore.kernel.org/netdev/20221004082610.56b04719@hermes.local/t/
Remove upstreamed patch:
- 010-ipstats-Add-param.h-for-musl.patch
Refreshed:
- 140-keep_libmnl_optional.patch
- 145-keep_libelf_optional.patch
- 150-keep_libcap_optional.patch
- 155-keep_tirpc_optional.patch
- 170-ip_tiny.patch
- 190-fix-nls-rpath-link.patch
- 200-drop_libbsd_dependency.patch
- 300-selinux-configurable.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
* iproute2: update to 6.1.0
Announcement:
https://lore.kernel.org/netdev/20221214094130.7b11ec2e@hermes.local/T/#t
Refresh patch:
- 170-ip_tiny.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
* tools/xz: update to 5.2.10
Update to latest version.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* Revert "Revert "tools/upx: remove (#10622)""
This reverts commit d3e16f203a.
* kernel: Make use of KERNEL_MAKE
Make use of KERNEL_MAKE in kernel packages were easily possible.
This moves some more code to common places and reduces the number of
lines.
It is defined like this:
KERNEL_MAKE = $(MAKE) $(KERNEL_MAKEOPTS)
KERNEL_MAKEOPTS = -C $(LINUX_DIR) $(KERNEL_MAKE_FLAGS)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: gcc: backport patches to fix build with glibc 2.36
glibc 2.36 changed the definition of enum fsconfig_command, it now
collides with the same definition from sys/mount.h. Remove the include
of linux/fs.h This still compiled with musl too.
This backports a patch which is already in the stable branch of GCC 11
and GCC 12.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: glibc: Update to glibc 2.36
This updates to glibc to version 2.36.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools/llvm: update to 15.0.6
Release Notes:
https://discourse.llvm.org/t/llvm-15-0-0-release/65099https://discourse.llvm.org/t/llvm-15-0-1-released/65380https://discourse.llvm.org/t/llvm-15-0-2-released/65695https://discourse.llvm.org/t/llvm-15-0-3-released/66036https://discourse.llvm.org/t/llvm-15-0-4-released/66337https://discourse.llvm.org/t/llvm-15-0-5-release/66616https://discourse.llvm.org/t/llvm-15-0-6-released/66899
Remove HOST_BUILD_PARALLEL as it's default now.
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Co-authored-by: Christian Marangi <ansuelsmth@gmail.com>
Co-authored-by: Olliver Schinagl <oliver@schinagl.nl>
Co-authored-by: Michael Pratt <mcpratt@pm.me>
Co-authored-by: Stijn Tintel <stijn@linux-ipv6.be>
Co-authored-by: Andre Heider <a.heider@gmail.com>
Co-authored-by: Kien Truong <duckientruong@gmail.com>
Co-authored-by: Nick Hainke <vincent@systemli.org>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Several sunxi devices come with multiple mmc devices. On such devices,
the mmc device order is unpredictable, so using /dev/mmcblk0p2 as root
device doesn't always work, which results in unbootable devices.
For the Banana Pi BPI-R3 in the mediatek target, this has been solved by
defining aliases for the mmc devices in the DTS. Ideally we would do the
same here, but for sunxi-a64 we already use UUID probing, so let's start
with that (5f2ff607e286 ("uboot-sunxi: a64: allow booting directly from
eMMC")).
Since we're building and including u-boot in each supported device
image, and this method has been proven to work fine for a64, let's just
change the default u-boot env file to do the same.
Fixes: e6d9f6fdff ("sunxi: add support for FriendlyARM NanoPi R1")
Co-authored-by: Karl Palsson <karlp@etactica.com>
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
[use UUID in default u-boot env, rewrite commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* firmware-utils: bump to git HEAD
Adds support for building TP-Link CPE605v1 factory images
bd856eff4850 tplink-safeloader: add TP-Link CPE605 v1 Support
Signed-off-by: Sander Vanheule <sander@svanheule.net>
* firmware-utils: fix archive checksum
PKG_SOURCE_DATE was modified after updating PKG_MIRROR_HASH, causing the
latter to change. This results in a warning during builds and rejected
downloads.
Fixes: 232879a7b7f8 ("firmware-utils: bump to git HEAD")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
* libtracefs: update to 1.6.2
378a9dd libtracefs: version 1.6.2
e6daa60 libtracefs: Add unit test to test mounting of tracefs_{tracing,debug}_dir()
32acbbf libtracefs: Have tracefs_{tracing,debug}_dir() mount {tracefs,debugfs} if not mounted
Signed-off-by: Nick Hainke <vincent@systemli.org>
* ethtool: add PKG_CPE_ID
Add CPE ID for tracking CVEs.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* ethtool: update to 6.0
Release Notes:
https://lwn.net/Articles/910841/
Signed-off-by: Nick Hainke <vincent@systemli.org>
* strace: update to 6.1
Release Notes:
https://github.com/strace/strace/releases/tag/v6.1
Signed-off-by: Nick Hainke <vincent@systemli.org>
* trace-cmd: update to v3.1.5
Update to latest release.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* libtraceevent: update to 1.7.0
Update to latest release.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* libtracefs: update to 1.6.3
Update to latest release.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* tools/bash: update to 5.2.15
Update to the latest released version.
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
* tools/ccache: update to 4.7.4
Release Notes:
https://ccache.dev/releasenotes.html#_ccache_4_7_3https://ccache.dev/releasenotes.html#_ccache_4_7_4
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
* tools/libressl: update to 3.7.0
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.0-relnotes.txthttps://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1-relnotes.txthttps://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.0-relnotes.txt
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
* tools/mpc: update to 1.3.1
Version 1.3.1 new features:
Bug fix: It is again possible to include mpc.h without including stdio.h.
Version 1.3.0 new features:
New function: mpc_agm
New rounding modes "away from zero", indicated by the letter "A" and corresponding to MPFR_RNDA on the designated real or imaginary part.
New experimental ball arithmetic.
New experimental function: mpc_eta_fund
Bug fixes:
mpc_asin for asin(z) with small |Re(z)| and tiny |Im(z)|
mpc_pow_fr: sign of zero part of result when the base has up to sign the same real and imaginary part, and the exponent is an even positive integer
mpc_fma: the returned int value was incorrect in some cases (indicating whether the rounded real/imaginary parts were smaller/equal/greater than the exact values), but the computed complex value was correct.
Remove the unmaintained Makefile.vc; build files for Visual Studio are maintained independently by Brian Gladman.
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
* tools/patchelf: update to 0.17.0
Update to the latest released version.
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Signed-off-by: Sander Vanheule <sander@svanheule.net>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Co-authored-by: Sander Vanheule <sander@svanheule.net>
Co-authored-by: Nick Hainke <vincent@systemli.org>
Co-authored-by: Linhui Liu <liulinhui36@gmail.com>
Get rid of drivers that are either limited to 802.11b/g or don't even support
cfg80211/mac80211. Most of these are either limited to boards that we don't even
support anymore because of firmware size, or were only used for custom hacks by
a really small number of users in the past.
Let's get rid of those to reduce the maintenance effort and the number of useless
packages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
libxxhash is now available in the OpenWrt package feed and gdb will link
against it if gdb finds this library. Explicitly deactivate the usage
of xxhash.
This should fix the build of gdb in build bots.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Two WS2812B (NeoPixel) clones are used in Xiaomi Redmi AX6000 as
indicator lights. Add a driver for controlling it using SPI MOSI.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
enable option `CONFIG_CRYPTO_LZ4HC` to match default kernel config
this only adds the `lz4hc_compress` module, and has no effect on the
`lz4_decompress` module which already supports any flavor
Signed-off-by: Tony Butler <spudz76@gmail.com>
The ulog iptables target was removed with kernel 3.17, remove the kernel
and also the iptables package in OpenWrt too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commit e8b542960921 included an unintended change and we now call
scan_wifi before a network reload.
Restore the original behaviour and call scan_wifi only after a network
reload.
Fixes: e8b542960921 ("base-files: wifi: tidy up the reconf code")
Signed-off-by: Bob Cantor <bobc@confidesk.com>
Commit b82cc8071366 included an unintended change and we now call
scan_wifi before a network reload.
Restore the original behaviour and call scan_wifi only after a network
reload.
Fixes: b82cc8071366 ("base-files: wifi: swap the order of some ubus calls")
Signed-off-by: Bob Cantor <bobc@confidesk.com>
The currently used shell expansion doesn't seem to exist [0] and also
does not work. This surely was not intended, so lets allow default
naming to actually work.
[0]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html
Fixes: be09c5a3cd65 ("base-files: add board.d support for bridge device")
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
In the default shadow file, as visible in the failsafe mode, the user
root has value of `0` set in the 3rd field, the date of last password
change. This setting means that the password needs to be changed the
next time the user will log in the system. `dropbear` server is ignoring
this setting but `openssh-server` tries to enforce it and fails in the
failsafe mode because the rootfs is R/O.
Disable the password aging feature for user root by setting the 3rd
filed empty.
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
fgrep is deprecated and replaced by grep -F. The latter is used
throughout the tree whereas this is the only usage of the former.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The zoneinfo packages are not installed per default so neither
/tmp/localtime nor /tmp/TZ is generated.
This patch mostly reverts the previous fix and instead incooperates a
solution suggested by Jo.
Fixes "base-files: fix zoneinfo support " 8af62ed
Signed-off-by: Paul Spooren <mail@aparcar.org>
The system init script currently sets /tmp/localinfo when zoneinfo is
populated. However, zoneinfo has spaces in it whereas the actual files
have _ instead of spaces. This made the if condition never return true.
Example failure when removing the if condition:
/tmp/localtime -> /usr/share/zoneinfo/America/Los Angeles
This file does not exist. America/Los_Angeles does.
Ran through shfmt -w -ci -bn -sr -s
Signed-off-by: Rosen Penev <rosenp@gmail.com>
OpenWrt uses a lot of (b)ash scripts for initial setup. This isn't the
best solution as they almost never consider syncing files / data. Still
this is what we have and we need to try living with it.
Without proper syncing OpenWrt can easily get into an inconsistent state
on power cut. It's because:
1. Actual (flash) inode and data writes are not synchronized
2. Data writeback can take up to 30 seconds (dirty_expire_centisecs)
3. ubifs adds extra 5 seconds (dirty_writeback_centisecs) "delay"
Some possible cases (examples) for new files:
1. Power cut during 5 seconds after write() can result in all data loss
2. Power cut happening between 5 and 35 seconds after write() can result
in empty file (inode flushed after 5 seconds, data flush queued)
Above affects e.g. uci-defaults. After executing some migration script
it may get deleted (whited out) without generated data getting actually
written. Power cut will result in missing data and deleted file.
There are three ways of dealing with that:
1. Rewriting all user-space init to proper C with syncs
2. Trying bash hacks (like creating tmp files & moving them)
3. Adding sync and hoping for no power cut during critical section
This change introduces the last solution that is the simplest. It
reduces time during which things may go wrong from ~35 seconds to
probably less than a second. Of course it applies only to IO operations
performed before /etc/init.d/boot . It's probably the stage when the
most new files get created.
All later changes are usually done using smarter C apps (e.g. busybox or
uci) that creates tmp files and uses rename() that is expected to be
atomic.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
* package: sync with upstream
Removed: package/libs/libselinux/bcm27xx-userland (Already in package/utils/bcm27xx-userland)
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
* uclibc++: remove
No package here depends on it. Furthermore, uClibc++ is a fairly buggy
C++ library and seems to be relatively inactive upstream.
It also lacks proper support for modern C++11 features.
The main benefit of it is size: 66.6 KB vs 287.3 KB on mips24kc. Static
linking and LTO can help bring the size down of packages that need it.
Added warning message to uclibc++.mk
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* target: sync with upstream
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
* toolchain: gcc: Remove gcc 10.x support
This compiler is old and was never used by default in OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ucode: update to latest Git HEAD
46d93c9 tests: fixup testcases
4c654df types: adjust double printing format
eac2add compiler: fix bytecode for logical assignments of properties
3903b18 fs: add `realpath()` function
8366102 math: add isnan() function
eef83d3 tests: relax sleep() test
394e901 lib: uc_json(): accept trailing whitespace when parsing strings
1867c8b uloop: terminate parent uloop in task child processes
d2cc003 uci: auto-load package in `ctx.foreach()` and `ctx.get_first()`
6c5ee53 compiler: ensure that arrow functions with block bodies return no value
fdc9b6a compiler: fix `??=`, `||=` and `&&=` logical assignment semantics
88dcca7 add cmake to install requires for debian
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: update to latest Git HEAD
700a925 fw4: prevent null access when no ipsets are defined
6443ec7 config: drop input traffic by default
119ee1a ruleset: drop ctstate invalid traffic for masq-enabled zones
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ustream-ssl: update to Git version 2022-12-07
9217ab4 ustream-openssl: Disable renegotiation in TLSv1.2 and earlier
2ce1d48 ci: fix building with i.MX6 SDK
584f1f6 ustream-openssl: wolfSSL: provide detailed information in debug builds
aa8c48e cmake: add a possibility to set library version
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools/mpfr: import patch fixing macro bug
Co-authored-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Co-authored-by: Rosen Penev <rosenp@gmail.com>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Jo-Philipp Wich <jo@mein.io>
Co-authored-by: Nick Hainke <vincent@systemli.org>
This fixes CVE-2022-1304:
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.
This issue leads to a segmentation fault and possibly arbitrary code
execution via a specially crafted filesystem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 5.15 to 5.15.81
Manually rebased:
backport-5.15/715-v6.0-net-ethernet-mtk_eth_soc-add-the-capability-to-run-m.patch
hack-5.15/645-netfilter-connmark-introduce-set-dscpmark.patch[1]
All other patches automatically rebased
Signed-off-by: John Audia <therealgraysky@proton.me>
Co-authored-by: John Audia <therealgraysky@proton.me>
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.
Suggested-by: Steffen Pfendtner <s.pfendtner@ads-tec.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Backport an upstream patch to make libunwind build on ppc64, and add
powerpc64 to the dependencies.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
Changes:
1bb4162 libnl-3.7.0 release
897ec9c route: act: Allow full set of actions on gact,skbedit,mirred
00e46f1 Use print() function in both Python 2 and Python 3
083c1b6 sriov: fix setting ce_mask when parsing VF stat counter
2e9a4f7 Fix typos and errors
cc87ad2 changelog: update URL to git history
bde0b4c changelog: fix typos in ChangeLog
44988e6 route: format recently added code with clang-format
df6e38b route/act: add NAT action
7304c42 route: format recently added code with clang-format
f8eb218 cls: flower: extend flower API
e5dc111 flower: use correct attribute when filling out flags
df6058c tests: merge branch 'th/test-link'
9772c1d tests: add unit tests for creating links
4713b76 github: run unit tests several times and directly
8025547 github: export NLTST_SEED_RAND= to randomize unit tests
7efeca2 tests: add test utils
f6f4d36 tests: reformat unit test files with clang-format
135a706 utils: add _NL_AUTO_DEFINE_FCN_STRUCT() macro
0ea11be utils: add _nl_thread_local macro
9b04936 route: fix crash caused by parse_multipath() by wrong free()
2effffe route/link: Set the cache ops when cloning a link
5ecd56c route/link: add lock around rtnl_link_af_ops_put()
e1a077a route/link: avoid accessing af_ops after af_free() in rtnl_link_set_family()
3f4f1dd xfrm/sa: fix reference counters of sa selector addresses
d3c783f all: merge branch 'th/coverity-fixes'
23a75c5 xfrm: fix uninitalized variables in build_xfrm_ae_message()
d52dbcb route: fix check for NULL in nh_encap_dump()
1f61096 route/qdisc/mqprio: fix bufferoverflow and argument checking in rtnl_qdisc_mqprio_set_*()
f918c3a route/sriov: fix buffer overflow in rtnl_link_sriov_parse_vflist()
d4c7972 all: fix "-Wformat" warnings for nl_dump*()
6b2f238 netlink/utils.h: mark nl_dump() with __attribute__((format(printf,a,b)))
d3bd278 netlink/utils.h: add internal _nl_attribute_printf macro for public headers
a30b26d socket: workaround undefined behavior coverity warning in generate_local_port()
8acf6d5 nl-pktloc-lookup: fix buffer overflow when printing alignment
bf3585f route/link/sriov: fix initializing vlans in rtnl_link_sriov_clone()
dd06d22 route/qdisc/netem: fix bogus "%" in format string netem_dump_details()
f50a802 route/u32: fix u32_dump_details() to print data
fa79ee3 link/vrf: avoid coverity warning in rtnl_link_vrf_set_tableid() about CONSTANT_EXPRESSION_RESULT
31380f8 utils: suppress coverity warning in nl_cli_load_module() about leaked handle
aa398b5 route/ip6vti,ip6gre: fix printing invalid data in ip6{vti,gre}_dump_details()
40683cc netlink/private: add internal helper utils
6615dc0 route/link: workaround coverity warning about leak in rtnl_link_set_type()
ff5ef61 all: avoid coverity warnings about assigning variable but not using it
f58a3c0 route/mdb: check parser error in mdb_msg_parser() for nested MDBA_MDB attribute
46506d3 route/mdb: add and use rtnl_mdb_entry_free() internal helper method
46e85d2 route/mdb: fix leak in mdb_msg_parser()
b0641dd route/mdb: add _nl_auto_rtnl_mdb cleanup macro
d544105 route/mdb: fix buffer overflow in mdb_msg_parser()
4d12b63 tests: silently ignore EACCES for setting uid_map for test namespace
ec712a4 tests: cleanup unshare_user() and use _nltst_fclose()
85e3c5d tests: add _assert_nltst_netns() helper
39e4d8d github: test out-of-tree build and "--disable-static"
d63e473 github: build documentation in CI test
fa7f97f build: avoid building check-direct with --disable-static
8c741a7 tools: fix aborting on failure in "tools/build_release.sh" script
e2aa409 doc: fix markup error in "doc/route.txt"
4f3b4f9 doc: fix python2-ism in "doc/resolve-asciidoc-refs.py"
Signed-off-by: Nick Hainke <vincent@systemli.org>
bh_event_add_var can be called by multiple threads concurrently,
so it shall not use a static char buffer
Signed-off-by: Andrey Erokhin <a.erokhin@inango-systems.com>
* firmware: intel-microcode: update to 20220809
Debian's changelog by Henrique de Moraes Holschuh <hmh@debian.org>:
* New upstream microcode datafile 20220809
* Fixes INTEL-SA-00657, CVE-2022-21233
Stale data from APIC leaks SGX memory (AEPIC leak)
* Fixes unspecified errata (functional issues) on Xeon Scalable
* Updated Microcodes:
sig 0x00050653, pf_mask 0x97, 2022-03-14, rev 0x100015e, size 34816
sig 0x00050654, pf_mask 0xb7, 2022-03-08, rev 0x2006e05, size 44032
sig 0x000606a6, pf_mask 0x87, 2022-04-07, rev 0xd000375, size 293888
sig 0x000706a1, pf_mask 0x01, 2022-03-23, rev 0x003c, size 75776
sig 0x000706a8, pf_mask 0x01, 2022-03-23, rev 0x0020, size 75776
sig 0x000706e5, pf_mask 0x80, 2022-03-17, rev 0x00b2, size 112640
sig 0x000806c2, pf_mask 0xc2, 2022-03-19, rev 0x0028, size 97280
sig 0x000806d1, pf_mask 0xc2, 2022-03-28, rev 0x0040, size 102400
sig 0x00090672, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
sig 0x00090675, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
sig 0x000906a3, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
sig 0x000906a4, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
sig 0x000a0671, pf_mask 0x02, 2022-03-17, rev 0x0054, size 103424
sig 0x000b06f2, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
sig 0x000b06f5, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* bcm27xx-gpu-fw: update to latest version
Multiple firmware fixes needed for kernel updates.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm27xx-gpu-fw: update to latest version
Latest GPU FW contains multiple fixes and improvements.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm63xx-cfe: update to the latest master
e5050f3 linksys: ea9500-v2: add cferam file
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* nat46: fix translation of ICMP protocols parameter problem and unreachable
9b3a819 nat46-core: Fix translation of ICMP protocols parameter problem and unreachable (#27)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nat46: update to latest git HEAD
1fdf2a3 Fix kernel panic due to device deletion (#29)
e7b48d1 add the mutex lock for create/delete/config/insert nat46 devices to fix nat46 module crash issues. (#28)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nat46: update to latest git HEAD
d9bc161 nat46-core: Fix typo since day one (#31)
840e235 Fix coverity issues observed so far (#30)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* nat46: update to git HEAD
95ca1c3 nat46-core: ignore IPv4 options when translating packets
39778c2 add a module argument to ignore TOS translate for IPv4
9a36ee1 add a module argument to ignore TOS translate for IPv4
79190a8 add a module argument to ignore TOS translate for IPv4
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mwlwifi: fix 5.15 kernel support
Fix compilation and usage under kernel 5.15 for the mwlwifi driver.
For detailed description of changes, check individual patches.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
* rtl8812au-ct: Fix compile
Replace the extern inline with a static inline. With extern inline the
compiler will generate the function in all compile units including this
file which breaks linking later.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Christian Lamparter <chunkeey@gmail.com>
Co-authored-by: Álvaro Fernández Rojas <noltari@gmail.com>
Co-authored-by: Rafał Miłecki <rafal@milecki.pl>
Co-authored-by: Hans Dedecker <dedeckeh@gmail.com>
Co-authored-by: Robert Marko <robert.marko@sartura.hr>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Some copper SFP modules come with Marvell's 88E1xxx PHY and need this
module to function. Package it, so users can easily install this PHY
driver and use e.g. FINISAR CORP. FCLF-8521-3-HC SFP.
Without marvell PHY driver:
sfp sfp2: module FINISAR CORP. FCLF-8521-3-HC rev A sn XXXXXXX dc XXXXXX
mt7530 mdio-bus:1f sfp2: validation with support 0000000,00000000,00000000 failed: -22
sfp sfp2: sfp_add_phy failed: -22
With marvell PHY driver:
sfp sfp2: module FINISAR CORP. FCLF-8521-3-HC rev A sn XXXXXXX dc XXXXXX
mt7530 mdio-bus:1f sfp2: switched to inband/sgmii link mode
mt7530 mdio-bus:1f sfp2: PHY [i2c:sfp2:16] driver [Marvell 88E1111] (irq=POLL)
mt7530 mdio-bus:1f sfp2: Link is Up - 1Gbps/Full - flow control rx/tx
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fix mmc_write_vol hush script used by many boards to avoid timeouts on
slow SD cards:
Instead of erasing a complete partition, only erase blocks for the
to-be-written image when writing to MMC.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add kernel package 'mt7916-firmware' with firmware files for MT7916E devices.
These share the same driver as the MT7915 chipset, but use their own firmware.
Tested using a pair of AsiaRF AW7916-NPD cards.
Signed-off-by: Andrew Powers-Holmes <aholmes@omnom.net>
The 'fxload' tool contained in the examples provided with libusb is
actually useful and turns out to be the only way to load firmware into
some rather ancient EZ-USB microcontrollers made by Cypress (formerly
Anchor Chips).
The original 'fxload' tool from hotplug-linux has been abandonned long
ago and requires usbfs to be mounted in /proc/bus/usb/ (like it was in
Linux 2.4...).
Hence the best option is to package the modern 'fxload' from the libusb
examples which (unsurprisingly) uses libusb and works on modern
systems.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
This backports a commit which fixes a use after free bug in awk.
CVE-2022-30065 description:
A use-after-free in Busybox 1.35-x's awk applet leads to denial of
service and possibly code execution when processing a crafted awk
pattern in the copyvar function.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.
CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
*) Fixed a regression introduced in 1.1.1r version not refreshing the
certificate data to be signed before signing the certificate.
[Gibeom Gwon]
Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
*) Fixed the linux-mips64 Configure target which was missing the
SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
platform.
[Adam Joseph]
*) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
causing incorrect results in some cases as a result.
[Paul Dale]
*) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
report correct results in some cases
[Matt Caswell]
*) Fixed a regression introduced in 1.1.1o for re-signing certificates with
different key sizes
[Todd Short]
*) Added the loongarch64 target
[Shi Pujin]
*) Fixed a DRBG seed propagation thread safety issue
[Bernd Edlinger]
*) Fixed a memory leak in tls13_generate_secret
[Bernd Edlinger]
*) Fixed reported performance degradation on aarch64. Restored the
implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
32-bit lane assignment in CTR mode") for 64bit targets only, since it is
reportedly 2-17% slower and the silicon errata only affects 32bit targets.
The new algorithm is still used for 32 bit targets.
[Bernd Edlinger]
*) Added a missing header for memcmp that caused compilation failure on some
platforms
[Gregor Jasny]
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
Signed-off-by: John Audia <therealgraysky@proton.me>
