There are two known options:
1) The Luci-based UI.
2) Press and hold the reset button during power up.
The router will request 'recovery.bin' from a TFTP server at
192.168.1.88.
Both options require a signed firmware binary.
The openwrt image supplied by cudy is signed and can be used to
install unsigned images.
R4 & R5 need to be shorted (0-100Ω) for the UART to work.
Signed-off-by: Leon M. George <leon@georgemail.eu>
[remove non-required switch-port node - remove trgmii phy-mode] Signed-off-by: David Bauer <mail@david-bauer.net>
Georgi Vlaev [Fri, 31 Jul 2020 11:02:21 +0000 (14:02 +0300)]
ramips: add support for TP-Link Archer C6U v1 (EU)
This patch adds support for TP-Link Archer C6U v1 (EU).
The device is also known in some market as Archer C6 v3.
This patch supports only Archer C6U v1 (EU).
Install the OpenWrt factory image for C6U is from the
TP-Link web interface.
1) Go to "Advanced/System Tools/Firmware Update".
2) Click "Browse" and upload the OpenWrt factory image:
openwrt-ramips-mt7621-tplink_archer-c6u-v1-squashfs-factory.bin.
3) Click the "Upgrade" button, and select "Yes" when prompted.
Recovery to stock firmware:
--------------------------
The C6U bootloader has a failsafe mode that provides a web
interface (running at 192.168.0.1) for reverting back to the
stock TP-Link firmware. The failsafe interface is triggered
from the serial console or on failed kernel boot. Unfortunately,
there's no key combination that enables the failsafe mode. This
gives us two options for recovery:
1) Recover using the serial console (J1 header).
The recovery interface can be selected by hitting 'x' when
prompted on boot.
2) Trigger the bootloader failsafe mode.
A more dangerous option is force the bootloader into
recovery mode by erasing the OpenWrt partition from the
OpenWrt's shell - e.g "mtd erase firmware". Please be
careful, since erasing the wrong partition can brick
your device.
MAC addresses:
-------------
OEM firmware configuration:
D8:07:B6:xx:xx:83 : 5G
D8:07:B6:xx:xx:84 : LAN (label)
D8:07:B6:xx:xx:84 : 2.4G
D8:07:B6:xx:xx:85 : WAN
Signed-off-by: Georgi Vlaev <georgi.vlaev@konsulko.com>
Device Configuration & Serial Port Pins
---------------------------------------
ETH Ports: LAN4 LAN3 LAN2 LAN1 WAN
_______________________
| |
Serial Pins: | VCC GND TXD RXD |
|_____________________|
LEDs: Power Wifi2G Wifi5G LAN WAN
Build Output
------------
The build will generate following set of files
[1] openwrt-ramips-mt7621-tplink_archer-a6-v3-initramfs-kernel.bin
[2] openwrt-ramips-mt7621-tplink_archer-a6-v3-squashfs-factory.bin
[3] openwrt-ramips-mt7621-tplink_archer-a6-v3-squashfs-sysupgrade.bin
How to Use - Flashing from TP-Link Web Interface
------------------------------------------------
* Go to "Advanced/System Tools/Firmware Update".
* Click "Browse" and upload the OpenWrt factory image: factory.bin[2]
* Click the "Upgrade" button, and select "Yes" when prompted.
TFTP Booting
------------
Setup a TFTP boot server with address 192.168.0.5.
While starting U-boot press '4' key to stop autoboot.
Copy the initramfs-kernel.bin[1] to TFTP server folder, rename as test.bin
From u-boot command prompt run tftpboot followed by bootm.
Recovery
--------
Archer A6 V3 has recovery page activated if SPI booting from flash fails.
Recovery page can be activated from serial console only.
Press 'x' while u-boot is starting
Note: TFTP boot can be activated only from u-boot serial console.
Device recovery address: 192.168.0.1
Piotr Dymacz [Wed, 26 May 2021 10:36:30 +0000 (12:36 +0200)]
imx6: image: drop BOOT_SCRIPT and fix DEVICE_NAME
This fixes Gateworks Ventana 'DEVICE_NAME' variable which value wasn't
adjusted during migration to common 'vendor_model' image naming scheme
(fixes: FS#3825).
Furthermore, drop unused 'Build/boot-scr' recipe, get rid of redundant
'BOOT_SCRIPT' variable (use already provided 'DEVICE_NAME' instead) and
drop custom 'DEVICE_NAME' variable from SolidRun CuBox-i image recipe
(use default one instead).
Fixes: cbc8bcfbaa ("imx6: image: use vendor_model scheme") Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
8fab0c9 iw: fix ftm_request missing arguments segfault e816fbc iw: fix mgmt dump missing arguments segfault 5d9d1b8 iw: Fix timestamp output on 32-bit architectures 4b25ae3 iw: fix pointer arithmetic in __print_he_capa c3df363 iw: add option to print human readable event time cd64525 iw: print ctrl port tx status event 0ba98b9 iw: use correct type in policy check for mesh 9e38dee iw: scan: fixup HE caps whitespace 17e8564 iw: scan: parse HE capabilities 5735e58 iw: util: factor out HE capability parser 6d8d507 iw: scan: add extension tag parsing b4e1ec4 man: update wikipage URL, reformat SEE ALSO section c56036a iw: enable 80MHz support for 6GHz band 11s mesh fa72728 iw: handle positive error codes gracefully 7ba9093 iw: scan: add flag for scanning colocated ap 5ec60ed iw: Add 'coloc' and 'flush' options to sched_scan f8ade75 iw: update wikipage URL b6f2dac iw: Add support for specifying the 160MHz bandwidth when setting the channel/frequency
Nick Hainke [Wed, 19 May 2021 20:39:35 +0000 (22:39 +0200)]
opkg: use $(PROJECT_GIT), $(AUTORELEASE) and SPDX
1) Use SPDX license headers to be machine readable.
2) Update copyright to 2021.
3) Use $(PROJECT_GIT) instead of manually specifying the git url.
4) Use $(AUTORELEASE) to automatically set the correct PKG_RELEASE.
Before this commit the make target would always include "modules",
resulting in a MODPOST and a complete Module.symvers file. Since this
commit a MODPOST of the kernel modules is not guaranteed for kernels <
5.10. This results in some broken SDKs in which external packages that
depend on exported symbols from kernel modules fail to compile.
Adding "modules" back to the calls to the CompileImage defines fixes the
regression. For kernels > 5.10 this is not needed, but it doesn't cause
any harm either.
Tested with kernels 5.4.x and 5.10.x.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
INAGAKI Hiroshi [Sun, 23 May 2021 11:30:58 +0000 (20:30 +0900)]
base-files: fix configuration generation of network if "bridge" exists
After the commit 43fc720657c6e3b30c6ed89d7227ee6e646c158b
("base-files: generate "device UCI type section for bridge"), the wrong
network configuration is generated for the devices that already have the
bridge device section for VLAN, such as the devices in realtek target.
As a result, the bridge device by additional "device" section is
specified to the "ports" option in the "bridge-vlan" section and netifd
shuts down the switch and the ethernet when the network service started.
Fixes: 43fc720657 ("base-files: generate "device" UCI type section for bridge") Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
[rmilecki: use $ports for generate_bridge_vlan argument] Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Hauke Mehrtens [Sun, 2 May 2021 22:35:38 +0000 (00:35 +0200)]
treewide: Mark packages nonshared if they depend on @TARGET_
This marks all packages which depend on a target with @TARGET nonshared.
If they are not marked nonshared they would be build by the SDK build
and if this happens with a different SDK, then the SDK from the target
the package depends on, the package would not be added to the index.
This should fix the image builder for some of these packages.
This should fix the image builder at least for bcm27xx/bcm2710 and
bcm4908/generic.
David Adair [Fri, 14 May 2021 23:04:27 +0000 (16:04 -0700)]
ccache: Build with ENABLE_DOCUMENTATION=OFF
This adjusts the Makefile to use the new option to turn off the
doc builds. It will not cause any problems except a warning
about unused options if combined with a ccache source missing
the upstream patch.
Since a config setting is required to re-enable the doc build this
is equivalent to unconditionally disabling the docs if the config
setting is not created.
Karl Palsson [Mon, 17 May 2021 00:38:03 +0000 (00:38 +0000)]
prereq-build: g++ formatting and consistency fixes
Remove \n that mangles output, and fix inconsistent version name check.
Example before:
Build dependency: Please install the GNU C++ Compiler (g++) 6 or later
Build dependency: \nPlease reinstall the GNU C++ Compiler (4.8 or later) - it appears to be broken
Build dependency: Please install ncurses. (Missing libncurses.so or ncurses.h)
kexec-tools: add patch to fix issue with appended DTB and zImage on ARM
This patch fixes a recently found problem when a zImage passed to
kexec-tools contains an appended DTB. In that case kexec boot fails because
the decompressor wrongly tries to use the non-existing appended DTB instaed
of the one passed in the register r2.
CONFIG_CRYPTO_PCOMP and CONFIG_CRYPTO_PCOMP2 have been removed in upstream commit[1].
This symbol doesn't exist since kernel 4.6 and this package is empty.
Ivan Pavlov [Wed, 5 May 2021 15:23:19 +0000 (18:23 +0300)]
wolfssl: add support for OpenVPN
Support for wolfSSL has been upstreamed to the master OpenVPN branch
in f6dca235ae560597a0763f0c98fcc9130b80ccf4, so we can use wolfSSL
directly in OpenVPN. So no more needed differnt SSL engine for OpenVPN
in systems based on wolfSSL library
Compiled && tested on ramips/mt7620, ramips/mt7621
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Ruslan Isaev [Mon, 10 May 2021 14:56:59 +0000 (14:56 +0000)]
fakeroot: Alpine linux libc.musl build error fix
Prevent build error on Alpine Linux host:
libfakeroot.c error: conflicting types for 'id_t'
Error relocating openwrt/staging_dir/host/lib/libfakeroot.so: SEND_GET_XATTR: symbol not found
Signed-off-by: Ruslan Isaev <legale.legale@gmail.com>
Ansuel Smith [Tue, 11 May 2021 22:13:04 +0000 (00:13 +0200)]
ipq806x: reduce pci IO space to 64k
With some talk with the ARM maintainer, it was notice that enlarging the limit
to the current value is VERY wrong and clash with other memory.
A better solution would be to reduce the IO space from 1MB to 64K as probably
it's a long lasting typo and even x86 arch doesn't have a IO space that big.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Removed/code was included upstream and therefore redundant:
ramips/patches-5.4/999-fix-pci-init-mt7620.patch
All other patches automatically rebased.
* update_kernel.sh did not flag this yet it was included in 5.4.119[1], as a
result of the rebase, I removed my testing lines since I did not go back to
test built or to run test 5.4.119 with the removed patch present.
David Bauer [Wed, 5 May 2021 23:53:49 +0000 (01:53 +0200)]
hostapd: wolfssl: add RNG to EC key
Since upstream commit 6467de5a8840 ("Randomize z ordinates in
scalar mult when timing resistant") WolfSSL requires a RNG for
the EC key when built hardened which is the default.
Set the RNG for the EC key to fix connections for OWE clients.
David Bauer [Wed, 5 May 2021 23:48:04 +0000 (01:48 +0200)]
wolfssl: always export wc_ecc_set_rng
Since commit 6467de5a8840 ("Randomize z ordinates in scalar
mult when timing resistant") wolfssl requires a RNG for an EC
key when the hardened built option is selected.
wc_ecc_set_rng is only available when built hardened, so there
is no safe way to install the RNG to the key regardless whether
or not wolfssl is compiled hardened.
Always export wc_ecc_set_rng so tools such as hostapd can install
RNG regardless of the built settings for wolfssl.
Dirk Neukirchen [Thu, 20 May 2021 08:39:35 +0000 (10:39 +0200)]
grub2: disable liblzma dependency
Florian Ekert reported:
"I have build a fresh master branch recently, Since your last change [1]
on grub2, I have now a new dependency on liblzma for the install package
grub2-editenv.
This is a hotfix but I dont´t think this is the final solution, because lzma is provided by the package xz.
And This is maintained in the package feed [not the core]"
Dirk stated & offered his patch to disable liblzma and thus resolve the
'out of core dependency' problem:
"LZMA is used in mkimage.c
disabling it prints
Without liblzma (no support for XZ-compressed mips images) (explicitly disabled)
(see configure.ac)
liblzma is autodetected so this issue was present but hidden somehow
[unsure: grep/image generation does not use grub with that option]
OpenWrt does not use that feature currently
[!] some scripts and examples use --compression=xz or -C xz and those will break
grub has an internal xzlib for different "lzma" functionality
(ext. LIBLZMA from XZ (GRUB_COMPRESSION_XZ) vs. GRUB_COMPRESSION_LZMA)"
Signed-off-by: Dirk Neukirchen <plntyk.lede@plntyk.name>
[include Florian's description of how problem 1st encountered]
[bump package release] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Piotr Dymacz [Thu, 1 Apr 2021 22:52:56 +0000 (00:52 +0200)]
uboot-envtools: support uci-default config also per subtargets
The current version of 'uboot-envtools' package generates dedicated
uci-default file only per target. This change makes it possible to
use subtarget-specific files, with name pattern: 'target_subtarget'
(example: 'ath79_nand'). The subtarget-specific files will take
precedence over target-specific one.
Piotr Dymacz [Fri, 8 Jan 2021 11:18:32 +0000 (12:18 +0100)]
imx6: image: cleanup image recipes
- drop unused 'UBOOT' variable from 'Device/apalis' recipe
- fix 'KERNEL_SUFFIX' for 'Device/cubox-i' (should be '-zImage')
- drop redundant 'DEVICE_{VENDOR,MODEL}' from 'Device/ventana-large'
- other, minor fixes
Rafał Miłecki [Thu, 20 May 2021 08:32:18 +0000 (10:32 +0200)]
base-files: generate bridge device sections with br- name prefix
Missing br- prefix could result in name conflict between DSA port
interface and bridge interface. Some devices with just one LAN port use
"lan" interface name for DSA port. Trying to create bridge with the same
"lan" name was failing.
Reported-by: David Bauer <mail@david-bauer.net> Fixes: 43fc720657c6 ("base-files: generate "device" UCI type section for bridge") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
/etc/syslog.conf is used by sysklogd, and /etc/crontabs is used
by crond, both features of busybox. Given this, ownership for
these files should be bound to busybox, especially if one day
there's a way to do an in-place opkg update of busybox.
There's also the busybox provided syslogd which uses this file
if CONFIG_BUSYBOX_FEATURE_SYSLOGD_CFG is set.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Nick Hainke [Wed, 12 May 2021 18:36:58 +0000 (20:36 +0200)]
busybox: remove nslookup_lede/openwrt.patch
The nslookup_lede/openwrt applet was introduced in de5b8e5. It was
introduced because:
Add a new LEDE nslookup applet which is compatible with musl libc
and providing more features like ability to specify query type.
In contrast to busybox' builtin nslookup applet, this variant does
not rely on libc resolver internals but uses explicit send logic
and the libresolv primitives to parse received DNS responses.
In busybox this applet is added in 0dd3be8. In particular, this commit
introduces the variable NSLOOKUP_BIG. We set the default to true and
so nothing changes.
Paul Spooren [Thu, 13 May 2021 21:57:45 +0000 (23:57 +0200)]
busybox: show reproducible timestamp
On login busybox shows a timestamp per default contianing the build
date. Since the build date isn't reproducible per default this behaviour
was disabled by default via 34df4d40 "busybox: disable timestamp in
version".
This commit modifies busybox so that the printed timestamp reproducible
using SOURCE_DATE_EPOCH and therefore shouldn't be disabled anymore.
Rafał Miłecki [Sat, 15 May 2021 19:06:27 +0000 (21:06 +0200)]
base-files: generate "device" UCI type section for bridge
This switches from the old way of defining bridges in an "interface" UCI
section type (that should be used for layer 3 only). From now a defualt
board switch will have its own "device" UCI section type. It's a new &
preferred way of defining L2 devices.
Paul Spooren [Tue, 18 May 2021 13:36:10 +0000 (15:36 +0200)]
busybox: use $(AUTORELEASE) and SPDX
use AUTORELEASE since BusyBox is often updaten and PKG_RELEASE is not
consistently bumped. Also use SPDX license headers to be machine
readable and bump the copyright year to 2021.
Felix Fietkau [Tue, 18 May 2021 10:52:31 +0000 (12:52 +0200)]
netifd: update to the latest version
02dd2f2df7cb fix unannotated fall-through warnings 3052f2f67686 extdev: remove unused function 2a97fd006c3b device: add support for configuring devices with external auth handler 87e469be0c08 wireless: fix memory corruption bug when using vlans/station entries in the config 7277764bf817 bridge: rename "ifname" attribute to "ports"
Giulio Lorenzo [Tue, 6 Oct 2020 12:14:31 +0000 (14:14 +0200)]
ath79: add support for ZiKing CPE46B
ZiKing CPE46B is a POE outdoor 2.4ghz device with an integrated directional
antenna. It is low cost and mostly available via Aliexpress, references can
be found at:
- https://forum.openwrt.org/t/anddear-ziking-cpe46b-ar9331-ap121/60383
- https://git.lsd.cat/g/openwrt-cpe46b
Specifications:
- Atheros AR9330
- 32MB of RAM
- 8MB of flash (SPI NOR)
- 1 * 2.4ghz integrated antenna
- 2 * 10/100/1000 ethernet ports (1 POE)
- 3 * Green LEDs controlled by the SoC
- 3 * Green LEDs controlled via GPIO
- 1 * Reset Button controlled via GPIO
- 1 * 4 pin serial header on the PCB
- Outdoor packaging
Flashing instruction:
You can use sysupgrade image directly in vendor firmware which is based
on OpenWrt/LEDE. In case of issues with the vendor GUI, the vendor
Telnet console is vulnerable to command injection and can be used to gain
a shell directly on the OEM OpenWrt distribution.
Signed-off-by: Giulio Lorenzo <salveenee@mortemale.org>
[fix whitespaces, drop redundant uart status and serial0, drop
num-chipselects, drop 0x1002 MAC address for wmac] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
COMFAST CF-E375AC is a ceiling mount AP with PoE support,
based on Qualcomm/Atheros QCA9563 + QCA9886 + QCA8337.
Short specification:
2x 10/100/1000 Mbps Ethernet, with PoE support
128MB of RAM (DDR2)
16 MB of FLASH
3T3R 2.4 GHz, 802.11b/g/n
2T2R 5 GHz, 802.11ac/n/a, wave 2
built-in 5x 3 dBi antennas
output power (max): 500 mW (27 dBm)
1x RGB LED, 1x button
built-in watchdog chipset
Flash instruction:
1) Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.
2) TFTP
2.1) Set a tftp server on your machine with a fixed IP address of
192.168.1.10. A place the sysupgrade as firmware_auto.bin.
2.2) boot the device with an ethernet connection on fixed ip route
2.3) wait a few seconds and try to login via ssh
3) TFTP trough Bootloader
3.1) open the device case and get a uart connection working
3.2) stop the autoboot process and test connection with serverip
3.3) name the sysupgrade image firmware.bin and run firmware_upg
MAC addresses:
Though the OEM firmware has four adresses in the usual locations,
it appears that the assigned addresses are just incremented in a
different way:
Dan Brown [Wed, 12 May 2021 12:48:01 +0000 (14:48 +0200)]
octeon: add new target and support for Ubiquiti EdgeRouter 6P
Ubiquiti EdgeRouter 6P is 6 port router with similar
specifications as the EdgeRouter 4, support for which was added
in commit dd651e54cc5eadba480a56a7d2c18471e560f491
There are five 10/100/1000 Mbps RJ/Copper ports and
one 1000 Mbps SFP port.
SoC: Octeon Cavium 7130 (Cavium 3) at 1000MHz
Memory: 1GiB DDR3
Flash: 2x2M chips with uboots (chainloaded) + 512K eeprom
LEDs: 1x for power status (white/blue, controllable)
and 6x for ethernet and SFP ports (no control over them)
Buttons: 1x Reset
Serial: 1x RJ45 port on front panel. 115200 baud, 8N1
USB: 1x USB3.0 on front panel
MII: 1x QSGMII from SoC
PHY: 1x Vitesse VSC8504 of which 4 ports are used (phys 4-7)
1x Vitesse VSC8514 of which 2 ports are used (phys 8-9)
Network port mapping
- eth0 on device maps to lan0 and phy5
- eth1 on device maps to lan1 and phy6
- eth2 on device maps to lan2 and phy7
- eth3 on device maps to lan3 and phy8
- eth4 on device maps to lan4 and phy9
- eth5 (SFP) on device maps to lan5 and phy4
What is not working:
- There is no port status available before it goes up
- SFP have no additional status and presented as no different from eth
- Power-over-ethernet (passive) support has not been tested
How to flash the firmware:
- copy openwrt-octeon-ubnt_edgerouter-6p-initramfs-kernel.bin and
openwrt-octeon-ubnt_edgerouter-6p-squashfs-sysupgrade.tar to
USB flash drive that is formatted to vfat/fat32
- connect USB flash drive to EdgeRouter 6P front USB port
- connect serial cable using front RJ45 port (115200 baud, 8N1)
- connect power to cable to EdgeRouter 6P
- connect terminal to the console to see uboot boot process
- interrupt boot by pressing button(s) on your keyboard to log
in to the uboot
- detect usb connected flash drives by typing to the console:
usb start
- after drive is detected load initramfs+kernel to the memory by typing:
fatload usb 0:1 0x20000000 openwrt-octeon-ubnt_edgerouter-6p-initramfs-kernel.bin
- after initramfs+kernel is loaded to the memory load it by typing:
bootoctlinux 0 numcores=4 endbootargs mem=0
- boot process should finish and you will be greeted with console
after pressing enter
- create directory to mount usb flash drive to by typing:
mkdir /tmp/sda
- mount flash drive to that directory by typing:
mount /dev/sda1 /tmp/sda
- flash firmware to router internal storage by typing:
sysupgrade /tmp/sda/openwrt-octeon-ubnt_edgerouter-6p-squashfs-sysupgrade.tar
- device will reboot and after it gets up you will have
edgerouter 6p running openwrt
Signed-off-by: Dan Brown <danbrown@gmail.com>
[reorder/squash patches, move ethernet@0 to DTS, share image setup] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Dan Brown [Sat, 15 May 2021 21:40:50 +0000 (23:40 +0200)]
octeon: create shared DTSI for Ubiquiti E300 platform
EdgeRouter 4 and upcoming EdgeRouter 6P and 12 have similar setup,
so create a shared DTSI to prevent duplicate code.
Signed-off-by: Dan Brown <danbrown@gmail.com>
[reorder/squash commits, add description, move ethernet@0 to DTS] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Florian Eckert [Wed, 3 Feb 2021 09:24:02 +0000 (10:24 +0100)]
base-files: change logging for upgrade on fwtool
Remove vn call in favour of v call. This commit serves as preparation
for removing the v function call.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[alter slightly to prevent double space after colon] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Piotr Dymacz [Sun, 16 May 2021 21:48:04 +0000 (23:48 +0200)]
ramips: fix SUPPORTED_DEVICES for ALFA Network devices
Vendor firmware expects model name without manufacturer name inside
'supported_devices' part of metadata. This allows direct upgrade to
OpenWrt from vendor's GUI.
Stijn Tintel [Fri, 14 May 2021 14:11:42 +0000 (17:11 +0300)]
grub2: bump to 2.06-rc1
When building GRUB with binutils 2.35.2 or later, an error occurs due to
a section .note.gnu.property that is placed at an offset such that
objcopy needs to pad the img file with zeros. This in turn causes the
following error: "error: Decompressor is too big.".
The fix accepted by upstream patches a python script that isn't executed
at all when building GRUB with OpenWrt buildroot. There's another patch
that patches the files generated by that python script directly, but by
including it we would deviate further from upstream. Instead of doing
that, simply bump to the latest release candidate.
As one of the fixes for the CVEs causes grub to crash on some x86
hardware using legacy BIOS when compiled with -O2, filter -O2 and
-O3 out of TARGET_CFLAGS.
Fixes the following CVEs:
- CVE-2020-14372
- CVE-2020-25632
- CVE-2020-25647
- CVE-2020-27749
- CVE-2020-27779
- CVE-2021-3418
- CVE-2021-20225
- CVE-2021-20233
projects / thirdparty / openwrt.git / log
