netfilter: move nf-log modules into separate packages
Both legacy iptables and nftables require nf-log modules for rule logging,
so move them into a separate package both firewall implementations can
depend on.
Changes:
new features:
- qsort_r function (POSIX-future)
- pthread_getname_np extension function
- hard float on SPE FPU for powerpc-sf
- SEEK_DATA and SEEK_HOLE exposed in unistd.h (Linux extensions)
compatibility:
- free now preserves errno (POSIX-future requirement)
- setjmp is declared explicitly with returns_twice for non-GCC compilers
- macro version of isascii is no longer defined for C++
- dynamic linker now tolerates zero-length LOAD segments
- epoll_[p]wait is now a cancellation point
- pwd/grp functions no longer fail on systems without AF_UNIX support
- POSIX TZ parsing is stricter to allow more names to fallback to files
- NULL is now defined as nullptr when used in C++11 or later
- gettext now accepts null pointer as argument
bugs fixed:
- old regression in wcwidth of Hangul combining (vowel/final) letters
- duplocale used wrong malloc when malloc was replaced (1.2.2 regression)
- fmaf rounded wrong on archs without FE_TOWARDZERO (all softfloat archs)
- popen didn't honor requirement not to leak other popen pipe fds to child
- aligned_alloc and variants crashed on allocation failure
- dl_iterate_phdr reported incorrect module TLS pointers
- mishandling of some inputs in acoshf and expm1f and functions using them
- potentially wrong-sign zero in cproj functions at infinity
- multiple bugs in legacy function cuserid
- minor posix_spawn file actions API conformance issues
- pthread_setname_np fd leak
- out-of-bound read in zoneinfo handling with distant-past times
- out-of-tree builds lacked generated debug cfi for x86 asm
arch-specific bugs fixed:
- powerpc (32-bit) struct shmid_ds layout was wrong for some fields
- time64 struct layout was wrong in sound ioctl fallback (32-bit archs)
In addition it contains the following improvements:
* protect stack canary from leak via read-as-string by zeroing second byte
* fix excessively slow TLS performance on some mips models
- CVE-2022-25640: A TLS v1.3 server who requires mutual authentication
can be bypassed. If a malicious client does not send the
certificate_verify message a client can connect without presenting a
certificate even if the server requires one.
- CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS
v1.3 server can have its certificate heck bypassed. If the sig_algo in
the certificate_verify message is different than the certificate
message checking may be bypassed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Generate FAT filesystem for EFI boot in a reproducible way:
* use '--invariant' option of mkfs.fat
* set timestamps of all files to SOURCE_DATE_EPOCH
* make sure files are ordered locale-independent
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This updates mac80211 to version 5.15.33-1 which is based on kernel
5.15.33.
The removed patches were applied upstream.
This new release contains many fixes which were merged into the upstream
Linux kernel.
This also contains the following new drivers which are needed for ath11k:
* net/qrtr/
* drivers/bus/mhi/
Daniel Golle [Sat, 9 Apr 2022 23:55:21 +0000 (00:55 +0100)]
imagebuilder: export SOURCE_DATE_EPOCH to environment
Export SOURCE_DATE_EPOCH to environment so filesystem and image
creation tools will make use of it.
Fixes reproducibility of images generated with the ImageBuilder.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sat, 9 Apr 2022 21:00:50 +0000 (22:00 +0100)]
trusted-firmware-a.mk: make sure include directory exists
ARM Trusted Firmware builds do not depend on any target libraries as
they are bare-metal builds. However, the compiler aborts due to
-Werror=missing-include-dirs if the include dir doesn't exists and this
can happen when building with parallelisation as that makes it likely
for arm-trusted-firmware-* to be build very early before any of the
libraries which would implicitely create the directory.
Fix this by making sure the include dir exists before building.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This commit add some enabled symbols to generic config.
LTO is only supported by clang compiler and therefore should
be disabled in the generic config instead of duplicating this
symbol in each target. CONFIG_LTO_NONE do this job.
The second group of symbols is enabled by the options available
in the generic config and is therefore added here:
* CONFIG_AF_UNIX_OOB is selected by CONFIG_NET && CONFIG_UNIX,
* CONFIG_BINARY_PRINTF is selected by CONFIG_BPF_SYSCALL,
* CONFIG_NET_SOCK_MSG is selected by CONFIG_BPF_SYSCALL && CONFIG_NET.
The other symbols are disabled and should be in the generic config.
This commit also removes these symbols from subtargets.
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Joe Mullally [Mon, 30 Aug 2021 21:35:05 +0000 (22:35 +0100)]
ath79: Move TPLink WPA8630Pv2 to ath79-tiny target
These devices only have 6MiB available for firmware, which is not
enough for recent release images, so move these to the tiny target.
Note for users sysupgrading from the previous ath79-generic snapshot
images:
The tiny target kernel has a 4Kb flash erase block size instead
of the generic target's 64kb. This means the JFFS2 overlay partition
containing settings must be reformatted with the new block size or else
there will be data corruption.
To do this, backup your settings before upgrading, then during the
sysupgrade, de-select "Keep Settings". On the CLI, use "sysupgrade -n".
If you forget to do this and your system becomes unstable after
upgrading, you can do this to format the partition and recover:
* Reboot
* Press RESET when Power LED blinks during boot to enter Failsafe mode
* SSH to 192.168.1.1
* Run "firstboot" and reboot
Signed-off-by: Joe Mullally <jwmullally@gmail.com> Tested-by: Robert Högberg <robert.hogberg@gmail.com>
- update dropbear to latest stable 2022.82;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- use $(AUTORELEASE) in PKG_RELEASE
- use https for all uris
- refresh all patches
- rewrite patches:
- 100-pubkey_path.patch
- 130-ssh_ignore_x_args.patch
Nick Hainke [Tue, 5 Apr 2022 13:01:43 +0000 (15:01 +0200)]
libmnl: update to 1.0.5
Changes:
Duncan Roe (5):
nlmsg: Fix a missing doxygen section trailer
build: doc: "make" builds & installs a full set of man pages
build: doc: get rid of the need for manual updating of Makefile
build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
src: doc: Fix messed-up Netlink message batch diagram
Fernando Fernandez Mancera (1):
src: fix doxygen function documentation
Florian Westphal (1):
libmnl: zero attribute padding
Guillaume Nault (1):
callback: mark cb_ctl_array 'const' in mnl_cb_run2()
Kylie McClain (1):
examples: nfct-daemon: Fix test building on musl libc
Laura Garcia Liebana (4):
examples: add arp cache dump example
examples: fix neigh max attributes
examples: fix print line format
examples: reduce LOCs during neigh attributes validation
Pablo Neira Ayuso (3):
doxygen: remove EXPORT_SYMBOL from the output
include: add MNL_SOCKET_DUMP_SIZE definition
build: libmnl 1.0.5 release
Petr Vorel (1):
examples: Add rtnl-addr-add.c
Stephen Hemminger (1):
examples: rtnl-addr-dump: fix typo
igo95862 (1):
doxygen: Fixed link to the git source tree on the website.
Nick Hainke [Tue, 5 Apr 2022 13:26:24 +0000 (15:26 +0200)]
libnfnetlink: update to 1.0.2
Changes:
c63f193 bump version to 1.0.2 3cffa84 libnfnetlink: Check getsockname() return code 90ba679 include: Silence gcc warning in linux_list.h bb4f6c8 Make it clear that this library is deprecated e46569c Minimally resurrect doxygen documentation 5087de4 libnfnetlink: hide private symbols 62ca426 autogen: don't convert __u16 to u_int16_t efa1d8e src: Use stdint types everywhere 7a1a07c include: Sync with kernel headers 7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings 94b68f3 configure: uclinux is also linux 617fe82 src: get source code license header in sync with current licensing terms 97a3960 build: resolve automake-1.12 warnings
Removed the patch 100-missing_include.patch, libnfnetlink compiles fine
with musl without this patch.
Jo-Philipp Wich [Tue, 22 Mar 2022 19:26:59 +0000 (20:26 +0100)]
ucode: update to latest Git HEAD
33f1e0b treewide: move json-c compat shims into internal header file e0e9431 vm: move unhandled exception reporting out of `uc_vm_execute_chunk()` 2b59140 vm: fix callframe double free on unhanded exceptions 7d7e950 main: abort when failing to load a preload library 1032a67 lib: let `json()` accept input objects implementing `read()` method 5ee68d5 fs: implement `fs.readfile()` and `fs.writefile()` df6b861 ci: debian: change path before attempting to invoke Git operations dfaf05a ci: debian: automatically update changelog from Git tag 34f3c45 ci: fix YAML syntax of Debian workflow e956bcf fs: fix off-by-one in fs.dirname() function 6fc4b6c .gitignore: fix overmatching patterns, blacklist cram .venv 7c2e082 build: remove legacy json-c check 77942af build: add polyfills for older libjson-c versions 0b4aaa3 CI: build Debian package f404285 debian: Add package definition a37f654 types: fix escape sequence encoding of high byte values in JSON strings aae5312 Update README.md 8134e25 build: fix symlink install target 87c7296 treewide: replace some leftover "utpl" occurrences, update .gitignore 7d27ad5 build: only stage ucc symlink if compile support is enabled 171402f lib: add date and time related functions 8b5dc60 lib: provide API function to obtain stdlib function implementations eb0d2f1 main: turn ucode into multicall executable 28ee7e1 uloop: add support for tasks 753dea9 CI: build on macOS 668c5c0 lib: add argument position support (`%m$`) to `sprintf()` and `printf()` ab46fdf treewide: remove legacy json-c include directives b8f49b1 tests: 21_regex_literals: generalize syntax error test case fd2e5e7 tests: 16_sort: fix logic flaw exposed on OS X 2c71bf2 tests: run_tests.sh: pass dummy value to `-T` flag 55c4a90 lib: disallow zero padding for %s formats 0d05cb5 tests: run_tests.sh: use greadlink if available 271e520 resolv: make OS X compatible d13c320 fs: avoid Linux specific sys/sysmacros.h include on OS X 33397a3 uloop: use execvp() on OS X bafdc8f lib: add naive sigtimedwait() stub for OS X ada1585 build: consolidate CMakeLists.txt and cover OS X deviations befbb69 include: add OS X compatible endian.h header 49838a8 include: rename include guards to avoid clashes with system headers 91f65de nl80211: add missing attributes and correct some attribute flags b4a1fd5 lib: adjust require(), render() and include() raw mode semantics 4618807 main: rework CLI frontend 73dcd78 lib: fix potential integer underflow on empty render output c402551 vm: fix crash on object literals with non-string computed properties efe8a02 syntax: support add new operators 078d686 ubus: add event support 6c66c83 ubus: refactor error and argument handling 1cb04f9 ubus: add object publishing, notify and subscribe support 0e85974 uloop: clear errno before integer conversion attempts 05bd7ed types: treat resource type prototypes as GC roots a2a26ca lib: introduce uloop binding 6b6d01f vm: release this context on exception in managed method call 1af23a9 tests: fix proto() testcase 4ce69a8 fs: implement access(), mkstemp(), file.flush() and proc.flush()
David Bauer [Tue, 29 Mar 2022 22:31:26 +0000 (00:31 +0200)]
hostapd: add ubus method for requesting link measurements
Add a ubus method to request link-measurements from connected STAs.
In addition to the STAs address, the used and maximum transmit power can
be provided by the external process for the link-measurement. If they
are not provided, 0 is used as the default value.
The sama7 sub target does not have USB support, the feature should not
be activated there. OpenWrt can automatically detect if the target
supports USB by using the scripts/target-metadata.pl script. With the
automatic detection USB support will only get activated on subtargest
which actually support USB like sam9x and sama5.
Remove the configuration options which are building modules for the sub
target configuration.
These kernel modules are not packaged. Kernel options should only be
build as a module when they are selected by a kmod package and not by
setting them to =m in the target kernel configuration.
Felix Fietkau [Thu, 7 Apr 2022 10:23:52 +0000 (12:23 +0200)]
mt76: update to the latest version
5beb87716e70 mt76: dma: add wrapper macro for accessing queue registers e0bc736d5617 mt76: add support for overriding the device used for DMA mapping b8c842daa081 mt76: make number of tokens configurable dynamically 87a962e0608f mt76: mt7915: add Wireless Ethernet Dispatch support 2accb74e6be3 mt76: mt7915: fix using null pointer when wfsys on e5227f2f3120 mt76: mt7921: Fix the error handling path of mt7921_pci_probe() ec0e9f4da32f mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup 5a87be892ba7 mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector fe441e5d3dcf mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set f3ddfe886283 mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate 2a0d370cb5fe mt76: mt7915: use 0xff to initialize bitrate_mask in mt7915_init_bitrate_mask 506bb0605e3e mt76: mt7921: Add AP mode support
Piotr Dymacz [Wed, 6 Apr 2022 21:07:55 +0000 (23:07 +0200)]
bcm27xx: include 'rtc' in target's 'FEATURES'
There are many ways to add external RTC to Raspberry Pi boards. Let's
include support for this for the whole target and while at it, sort
features alphabetically.
Fixes: #9594 Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Fri, 1 Apr 2022 13:11:36 +0000 (15:11 +0200)]
imx: image: use 'u-boot-dtb.img' filename for SPL payload
For targets in U-Boot which were migrated to DM, the correct binary
image filename will be 'u-boot-dtb.img'. For backward compatibility,
keep support for both files and use the one which was generated with
our 'uboot-imx' package.
See also 'CONFIG_SPL_FS_LOAD_PAYLOAD_NAME' and 'CONFIG_OF_CONTROL' in
mainline U-Boot sources.
Petr Štetiar [Fri, 1 Apr 2022 13:11:35 +0000 (15:11 +0200)]
imx: bootscript-apalis: make it working with U-Boot 2022.01
Upstream in commit 8b9c0cb46471 ("apalis_imx6: boot env configuration
updates") removed emmc legacy wrappers, but so far didn't included any
replacements. Fix it by simply defining the missing variables and UUID
gathering directly into the boot script.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[pepe2k@gmail.com: updated commit title for 2022.01] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Piotr Dymacz [Fri, 1 Apr 2022 13:11:34 +0000 (15:11 +0200)]
uboot-imx: bump to 2022.01 release
Two patches were removed because of the changes introduced in upstream:
1. 110-mx6cuboxi-mmc-fallback.patch
Looks like similar changes were introduced in 6c3fbf3e456c ("mx6cuboxi:
customize board_boot_order to access eMMC").
2. 111-mx6cuboxi_defconfig-force-mmc-boot.patch
The 'CONFIG_SPL_FORCE_MMC_BOOT' was removed in 15aec318ef03 ("Revert
"imx: Introduce CONFIG_SPL_FORCE_MMC_BOOT to force MMC boot on falcon
mode").
Daniel Golle [Wed, 6 Apr 2022 18:59:52 +0000 (19:59 +0100)]
libselinux: add missing host-build dependency on libsepol/host
The host-build of libselinux requires libsepol/host.
Add the libsepol/host to HOST_BUILD_DEPENDS to allow build on hosts
which don't have libsepol installed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Problem exist when dnsmasq is exclusively bind to particular interface.
After reconfiguring or restarting this interface, its index changes, but
dnsmasq uses the old one. When this problem occurs, dnsmasq does not
listen on the correct interface so DHCP does not work, and clients do not
get an IP address. Procd netdev param can be added to restart dnsmasq when
the interface index is changed.
Signed-off-by: Valentyn Datsko <valikk.d@gmail.com>
[combined into a single &&-connected statement] Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Felix Fietkau [Wed, 6 Apr 2022 12:09:34 +0000 (14:09 +0200)]
bridger: add bridge forwarding accelerator
This package uses BPF to create a fast path which improves bridging performance
by bypassing the bridge layer. It also supports creating tc offload rules for
hardware that supports it.
Hardware offload support can be used with MT7622 + MT7915 once it is merged
MHI WWAN CTRL allows QCOM-based PCIe modems to expose different modem
control protocols/ports to userspace, including AT, MBIM, QMI, DIAG
and FIREHOSE. These protocols can be accessed directly from userspace
(e.g. AT commands) or via libraries/tools (e.g. libmbim, libqmi, libqcdm)
Paul Spooren [Wed, 30 Mar 2022 00:43:17 +0000 (01:43 +0100)]
CI: usability improvements for tools
* Always store build logs
* Store .config as an artifact
* Rename job to `tools-{ os }` for log archive without spaces
* Run CI job on changes to the CI file itself
The WatchGuard Firebox M200 and M300 use a Marvell 88e1543 PHY for the
first 3 ethernet ports. This PHY is supported by the Marvell Alaska PHY
driver, so enable it.
Daniel Golle [Sun, 3 Apr 2022 15:19:31 +0000 (16:19 +0100)]
kernel: load device-mapper early on boot
Previously commit openwrt/packages@3abb7cb ("lvm2: Added script and updated Makefile[...]")
couldn't actually work and allow rootfs_data to be stored on a LVM2 as
the necessary kernel modules had not been loaded at this point.
Fix this by loading device-mapper modules early at boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Donald Hoskins [Fri, 1 Apr 2022 04:30:53 +0000 (00:30 -0400)]
octeon: Introduce 5.15 testing kernel
octeon/patches-5.10 -> octeon/patches-5.15
Removed 140-octeon_e300_support.patch as E300 support appears to be upstreamed.
Reworked 130-add_itus_support.patch to compensate for the upstreaming of E300
octeon/config-5.15
The following Kernel Symbols were ADDED:
Line 5: +CONFIG_AF_UNIX_OOB=y
Line 6: +CONFIG_AHCI_OCTEON=y
Line 9: +CONFIG_ARCH_KEEP_MEMBLOCK=y
Line 16: +CONFIG_ATA=y
Line 17: +CONFIG_BINARY_PRINTF=y
Line 29: +CONFIG_CPU_R4K_FPU=y
Line 45: +CONFIG_FWNODE_MDIO=y
Line 51: +CONFIG_GENERIC_FIND_FIRST_BIT=y
Line 59: +CONFIG_GLOB=y
Line 61: +CONFIG_GPIO_CDEV=y
Line 77: +CONFIG_LTO_NONE=y
Line 85: +CONFIG_MIPS_FP_SUPPORT=y
Line 93: +CONFIG_NET_SELFTESTS=y
Line 94: +CONFIG_NET_SOCK_MSG=y
Line 105: +CONFIG_PATA_OCTEON_CF=y
Line 106: +CONFIG_PATA_TIMINGS=y
Line 114: +CONFIG_PTP_1588_CLOCK_OPTIONAL=y
Line 121: +CONFIG_SATA_AHCI_PLATFORM=y
Line 122: +CONFIG_SATA_HOST=y
Line 124: +CONFIG_SCSI_COMMON=y
Line 132: +CONFIG_SOCK_RX_QUEUE_MAPPING=y
Line 157: +CONFIG_USB_XHCI_HCD=y
Line 158: +CONFIG_USB_XHCI_PLATFORM=y
The following kernel symbols were REMOVED:
Line 21: -CONFIG_BLK_SCSI_REQUEST=y
Line 37: -CONFIG_ENABLE_MUST_CHECK=y
Line 69: -CONFIG_HOLES_IN_ZONE=y
Line 102: -CONFIG_OF_NET=y
Line 140: -CONFIG_SYS_SUPPORTS_HUGETLBFS=y
Compiled for Itus Shield, Boots successfully, continuing to test
for existing 5.10 memory leak.
Signed-off-by: Donald Hoskins <grommish@gmail.com>
[refresh patches] Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Use the kernel's built-in formula for computing this value.
The value applied by OpenWRT's sysctl configuration file does not scale
with the available memory, under-using hardware capabilities.
Also, that formula also influences net.netfilter.nf_conntrack_buckets,
which should improve conntrack performance in average (fewer connections
per hashtable bucket).
Backport upstream commit for its effect on the number of connections per
hashtable bucket.
Apply a hack patch to set the RAM size divisor to a more reasonable value (2048,
down from 16384) for our use case, a typical router handling several thousands
of connections.
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com> Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Petr Štetiar [Fri, 1 Apr 2022 05:38:43 +0000 (07:38 +0200)]
Revert "ipq40xx: stop chromium sub-target builds on the buildbots"
This reverts commit 35d2bbc29ba7f802706bf65585aeb8808fcac622 as we
believe we found that it is indeed an openssl issue, where openssl is
trying to use getrandom(2), but fails because this particular builder
has an ancient kernel without that syscall. We didn't get to the bottom
of why openssl doesn't fall back to something like /dev/random.
projects / thirdparty / openwrt.git / log
