Robert Marko [Thu, 26 Sep 2024 22:30:44 +0000 (00:30 +0200)]
tools: bzip2: use static lib and tools
Currently, bzip2 is built with a dynamically linked library on which all
of the bzip2 tools depend on.
However, when trying to use the staging dir bzip2 during building on
Fedora 40 the following error appers:
staging_dir/host/bin/bzip2: error while loading shared libraries: libbz2.so.1.0: cannot open shared object file: No such file or directory
Looking into it, the binary is dynamically linked:
$ ldd staging_dir/host/bin/bzip2
linux-vdso.so.1 (0x00007f5ebd9ff000)
libbz2.so.1.0 => not found
libc.so.6 => /lib64/libc.so.6 (0x00007f5ebd7f5000)
/lib64/ld-linux-x86-64.so.2 (0x00007f5ebda01000)
libbz2.so.1.0 is installed into staging_dir/lib but that directory is not
evaluated for the required libraries and Fedora only ships:
/usr/lib64/libbz2.so.1
/usr/lib64/libbz2.so.1.0.8
Thus it cannot find the libbz2 that bzip2 is linked against and thus
trying to use bzip2 will fail and stop compilation as it is used for
bzip2 compressed tarballs.
So, to avoid OpenWrt compiled bzip2 to even attempt to load a required
library from the host we can just static compile libbz2 and bzip2.
Paul Spooren [Mon, 12 Feb 2024 15:59:50 +0000 (16:59 +0100)]
build: align SOURCE path for build system and SDK
Building a package in the build system or the SDK results in different
values for the `SOURCE` property, it's either `packages/<package name>`
or `feeds/base/<package name>`. The reason is that the SDK handles
`openwrt.git` as an external feed called while the build system contains
the *base* packages directly.
Since packages created with either method are (ideally) the same (bit
for bit), align the content of SOURCE. To do so this commit creates a
symlink from `feeds/base` to `$(TOPDIR)/package` and adopts the SOURCE
when building from inside the build system.
This version bump contains one patch improving compatibility with recent
vendor firmware versions:
- commit f3b636d0ee47 ("tplink-safeloader: bump EAP610-V3 compat_level")
With commit a22d359fa56fe0 VLAN handling was fixed for kernel 6.6.
This restored network connectivity of the devices. For easy testing
backport the fix for 5.15 too.
The sysupgrade-tar image build is not defined for this target, do not
add a build instruction for it. The build system will use the definition
from the dna_valokuitu-plus-ex400 board and the build will fail.
This fixes the build of the ramips target.
Fixes: 665c2154ef12 ("ramips: add basic support for tp-link er605-v2") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 746e894877e5130a7d5227cd90f90dfe18cc274b)
David Bauer [Sat, 14 Sep 2024 17:10:10 +0000 (19:10 +0200)]
ipq40xx: add PoE passthrough GPIO
Add the GPIO pin of the PoE passthrough switch on the Aruba AP-303H.
Power is activated when the pin is low. It enables a PSE chip, so power
is only supplied to downstream devices when they are 802.3af/at
compliant devices.
Ensure you use a sufficient power supply when chaining a consuming
device after the AP.
Paul Donald [Mon, 22 Apr 2024 13:17:33 +0000 (15:17 +0200)]
lldpd: fix reload bug: advertisements shall default to on
Because these capability advertisements default to on in lldpd, they
became absent at reload, and not restart, due to how the reload logic
works ( keep daemon running, send unconfigured and then the new config
via socket ), and it was not evident unless you happened to be looking
for it (e.g. via pcap or tcpdump). It was also not evident from the
manpage ( have now sent patches upstream ).
At reload time, the unconfigure logic disabled them unless they were
explicitly enabled (compare with other settings where 'unconfigure' just
resets them). Now they default to on/enabled at init time, and are
explicitly 'unconfigure'd at startup if the user disables them via:
Paul Donald [Fri, 12 Apr 2024 19:27:56 +0000 (21:27 +0200)]
lldpd: extended interface(s) parsing to handle patterns
For interface type parameters, the man page documents patterns:
```
*,!eth*,!!eth1
uses all interfaces, except interfaces starting with "eth",
but including "eth1".
```
* Renamed `_ifname` to `_l2dev`.
* get the l2dev via network_get_physdev (and not l3dev)
* Glob pattern `*` is also valid - use noglob for this
The net result is that now interface 'names' including globs '*' and '!'
inversions are included in the generated lldpd configs.
Temporarily `set -o noglob` and then `set +o noglob` to disable & enable
globbing respectively, because when we pass `*` as an interface choice,
other file and pathnames get sucked in from where the init script runs,
and the `*` never makes it to lldpd.
Paul Donald [Tue, 2 Apr 2024 11:42:20 +0000 (13:42 +0200)]
lldpd: fix restart
Redirection broke in 5364fe0f01ca ("lldpd: shellcheck fixes")
redirects to /dev/null shall be handled correctly (i.e. last).
This fixes these errors on `/etc/init.d/lldpd reload`:
2024-03-16T20:39:00 [WARN/lldpctl] unknown command from argument 1: `/dev/null`
2024-03-16T20:39:00 [WARN/lldpctl] unknown command from argument 1: `/dev/null`
2024-03-16T20:39:00 [WARN/lldpctl] unknown command from argument 1: `/dev/null`
2024-03-16T20:39:00 [WARN/lldpctl] unknown command from argument 1: `/dev/null`
Tested-on: 22.03.6 Fixes: 5364fe0f01ca ("lldpd: shellcheck fixes") Signed-off-by: Paul Donald <newtwen+github@gmail.com>
[ improve commit description, add fixes tag ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 8cf1dce428b11740d8335d167b9c1f297d1752d0) Link: https://github.com/openwrt/openwrt/pull/15299 Signed-off-by: Robert Marko <robimarko@gmail.com>
The lldpd man page says that "configure lldp tx-interval" can
specify an interval value in milliseconds by appending a "ms" suffix to
the figure. Thus mandating string handling, and not integer comparison.
Stephen Howell [Sat, 16 Dec 2023 22:32:19 +0000 (22:32 +0000)]
lldpd: Init config read on reload
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.
The file contains the the /usr/lib path from the toolchain directory and
not from the target directory. The /usr/lib directory for the toolchain
is empty and the shared library is not in the specified paths. On RISCV
the linker of util-linux was finding the libncursesw.so in my host
system, tried to link against it and failed. Fix the .pc file.
This updates mac80211 to version 6.1.110-1. This code is based on Linux
6.1.110 and contains all fixes included in the upstream wireless
subsystem from that kernel version. This includes many bugfixes and also
some security fixes.
The removed patches are already integrated in upstream Linux 6.1.110.
The following patches were integrated in upstream Linux:
subsys/311-v6.2-wifi-mac80211-fix-and-simplify-unencrypted-drop-chec.patch
subsys/312-v6.3-wifi-cfg80211-move-A-MSDU-check-in-ieee80211_data_to.patch
subsys/313-v6.3-wifi-cfg80211-factor-out-bridge-tunnel-RFC1042-heade.patch
subsys/314-v6.3-wifi-mac80211-remove-mesh-forwarding-congestion-chec.patch
subsys/315-v6.3-wifi-mac80211-fix-receiving-A-MSDU-frames-on-mesh-in.patch
subsys/316-v6.3-wifi-mac80211-add-a-workaround-for-receiving-non-sta.patch
subsys/321-mac80211-fix-mesh-forwarding.patch
subsys/322-wifi-mac80211-fix-mesh-path-discovery-based-on-unica.patch
subsys/329-wifi-mac80211-fix-receiving-mesh-packets-in-forwardi.patch
subsys/339-wifi-cfg80211-fix-receving-mesh-packets-without-RFC1.patch
subsys/350-v6.3-wifi-mac80211-Allow-NSS-change-only-up-to-capability.patch
subsys/351-v6.9-wifi-mac80211-track-capability-opmode-NSS-separately.patch
This contains a fix for:
CVE-2024-45157:
Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
Removed because they are upstream:
generic/pending-5.15/110-v6.3-0001-spidev-Add-Silicon-Labs-EM3581-device-compatible.patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=bff165a3993683daddf3f00563960e7675966f91
Adapt kernel configuration for newly added option
CONFIG_ARM64_ERRATUM_3194386.
The leddev_list_lock attribute changed from rwlock_t to spinlock_t in:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=590304b798a3b89e716b6b564f8ad14bc9373d93
Ubiquiti has a set of UniFi 802.11ax (Wi-Fi 6) AP devices. All models
include "U6" in their names and also have code names with no special
characters (including spaces).
Use proper full names for those devices. Names in OpenWrt/DTS code may
need updating too but it can be handled later.
Cc: Elbert Mai <code@elbertmai.com> Cc: Daniel Golle <daniel@makrotopia.org> Cc: Henrik Riomar <henrik.riomar@gmail.com> Cc: David Bauer <mail@david-bauer.net> Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 74879140a1aa0b8a8c237e0b67e94c3508e2e249)
base-files: fix merge of passwd/shadow/group lines with trailing colons
Empty trailing fields get lost when the lines are split and merged again
at colons, resulting in unparsable entries. Only use the split fields for
matching against the other file, but emit the original line unchanged
to fix the issue.
Fixes: de7ca7dafadf ("base-files: merge /etc/passwd et al at sysupgrade config restore") Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 9bbaa6f2c0419739fb85d48d0f527cb1622946ee)
Another instance of files in build_dir symlinking to staging_dir. While
the symlinks do not currently cause any bugs in the libtool package,
such symlinks were found to make the build more fragile, as writing to
the symlink may accidentally modify the shared file in staging_dir. Pass
--copy to bootstrap to disable the symlinking.
include: autotools: do not symlink files in autoreconf
In Gluon's Github Actions CI, we were occasionally seeing bizarre build
errors that looked like a config.sub file had been corrupted, or changed
while it was being executed.
The cause turned out to be an interaction of the symlinks created by
autoreconf (pointing from individual tools' build dirs into
`staging_dir/host/share/automake-1.16`) and OpenWrt's host-build.mk,
which replaced config.guess and config.sub *after* autoreconf. The
result was that the replacement of these files ended up following the
symlinks and writing the files in `staging_dir/host/share/automake-1.16`
instead of a package's build dir. This could cause other packages' builds
to fail if they were currently executing the scripts while they were
being written.
To fix this, disable autoreconf's symlinking feature, so that modifying
these files in a package's build directory can't accidentally affect the
staged versions.
Sarah Maedel [Wed, 28 Aug 2024 09:27:05 +0000 (11:27 +0200)]
hostapd: fix anqp_3gpp_cell_net list delimiter
This patch fixes the list delimiter between 3GPP networks
passed to hostapd.
> list iw_anqp_3gpp_cell_net '262,001'
> list iw_anqp_3gpp_cell_net '262,002'
When passing a list of "iw_anqp_3gpp_cell_net" parameters via UCI,
hostapd would crash at startup:
> daemon.err hostapd: Line 73: Invalid anqp_3gpp_cell_net: 262,001:262,002
Using a semicolon as a delimiter, hostapd will start as expected.
Tianling Shen [Wed, 7 Aug 2024 18:53:51 +0000 (02:53 +0800)]
mediatek: increase phy assert time for jdcloud re-cp-03
According to RTL8221B's datasheet, the PHY requires at least 10ms
for assert and 68ms (recommended) for de-assert. So increase the
assert/de-assert time to 15ms and 68ms respectively.
Bjørn Mork [Tue, 28 Mar 2023 11:32:29 +0000 (13:32 +0200)]
kernel: ubootenv-nvram: driver for RAM backed environments
The vendor U-Boot implementaion on Telenor branded ZyXEL EX5700
devices does not store its environment on flash. It is instead
kept in a memory region. This is persistent over reboots, but
not over power cycling.
The dual partition failsafe system used by the vendor U-Boot
requires the OS to modify a variable in this memory environment.
This driver allows the ordinary uboot-envtools to access a
memory region like it was a partition on NOR flash.
The specific vendor U-Boot adds a "no-map" /reserved-memory
section and a top level /ubootenv node pointing to the memory
environment. The driver uses this device specific fact to
locate the region. The matching and probing code will likely
have to be adjusted for any other devices to be supported.
Rany Hany [Wed, 31 Jul 2024 17:16:55 +0000 (17:16 +0000)]
hostapd: fix SAE H2E security vulnerability
This patch backports fixes for a security vulnerability impacting the
hostapd implementation of SAE H2E.
As upgrading hostapd would require more testing, the second mitigation
step which involves backporting several patches was adopted as outlined
in the official advisory[1].
An explanation of the impact of the vulnerability is provided from the
advisory[1]:
This vulnerability allows the attacker to downgrade the negotiated group
to another enabled group if both the AP and STA have enabled SAE H2E and
multiple groups. It should be noted that the H2E option is not enabled
by default and the attack is not applicable to the default option, i.e.,
hunting-and-pecking, since it does not have any downgrade protection for
group negotiation. In addition, the default configuration for enabled
SAE groups in hostapd is to enable only a single group, so the
vulnerability is not applicable unless hostapd has been explicitly
configured to enable more groups for SAE.
projects / thirdparty / openwrt.git / log
