John Audia [Tue, 7 Feb 2023 19:56:52 +0000 (14:56 -0500)]
openssl: bump to 1.1.1t
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
*) Fixed X.400 address type confusion in X.509 GeneralName.
There is a type confusion vulnerability relating to X.400 address processing
inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
vulnerability may allow an attacker who can provide a certificate chain and
CRL (neither of which need have a valid signature) to pass arbitrary
pointers to a memcmp call, creating a possible read primitive, subject to
some constraints. Refer to the advisory for more information. Thanks to
David Benjamin for discovering this issue. (CVE-2023-0286)
This issue has been fixed by changing the public header file definition of
GENERAL_NAME so that x400Address reflects the implementation. It was not
possible for any existing application to successfully use the existing
definition; however, if any application references the x400Address field
(e.g. in dead code), note that the type of this field has changed. There is
no ABI change.
[Hugo Landau]
*) Fixed Use-after-free following BIO_new_NDEF.
The public API function BIO_new_NDEF is a helper function used for
streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
be called directly by end user applications.
The function receives a BIO from the caller, prepends a new BIO_f_asn1
filter BIO onto the front of it to form a BIO chain, and then returns
the new head of the BIO chain to the caller. Under certain conditions,
for example if a CMS recipient public key is invalid, the new filter BIO
is freed and the function returns a NULL result indicating a failure.
However, in this case, the BIO chain is not properly cleaned up and the
BIO passed by the caller still retains internal pointers to the previously
freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
then a use-after-free will occur. This will most likely result in a crash.
(CVE-2023-0215)
[Viktor Dukhovni, Matt Caswell]
*) Fixed Double free after calling PEM_read_bio_ex.
The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
data. If the function succeeds then the "name_out", "header" and "data"
arguments are populated with pointers to buffers containing the relevant
decoded data. The caller is responsible for freeing those buffers. It is
possible to construct a PEM file that results in 0 bytes of payload data.
In this case PEM_read_bio_ex() will return a failure code but will populate
the header argument with a pointer to a buffer that has already been freed.
If the caller also frees this buffer then a double free will occur. This
will most likely lead to a crash.
The functions PEM_read_bio() and PEM_read() are simple wrappers around
PEM_read_bio_ex() and therefore these functions are also directly affected.
These functions are also called indirectly by a number of other OpenSSL
functions including PEM_X509_INFO_read_bio_ex() and
SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
internal uses of these functions are not vulnerable because the caller does
not free the header argument if PEM_read_bio_ex() returns a failure code.
(CVE-2022-4450)
[Kurt Roeckx, Matt Caswell]
*) Fixed Timing Oracle in RSA Decryption.
A timing based side channel exists in the OpenSSL RSA Decryption
implementation which could be sufficient to recover a plaintext across
a network in a Bleichenbacher style attack. To achieve a successful
decryption an attacker would have to be able to send a very large number
of trial messages for decryption. The vulnerability affects all RSA padding
modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
(CVE-2022-4304)
[Dmitry Belyavsky, Hubert Kario]
bpf: ignore missing LLVM bins on package for non compile steps
To download a package the LLVM bins are not strictly needed.
Currently with an example run of make package/bridger/download V=s, the
build fail with
make[2]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
bash: line 1: /home/ansuel/openwrt-ansuel/openwrt/staging_dir/host/llvm-bpf/bin/clang: No such file or directory
bash: line 1: [: : integer expression expected
/home/ansuel/openwrt-ansuel/openwrt/include/bpf.mk:71: *** ERROR: LLVM/clang version too old. Minimum required: 12, found: . Stop.
make[2]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger'
time: package/network/services/bridger/download#0.04#0.00#0.06
ERROR: package/network/services/bridger failed to build.
This is wrong since it may be needed to download the required packages
first and then compile them later.
Fix this by ignoring the LLVM bin check on non compile steps.
Tested-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 116c73fd71c75e38c4d707dc5a74e6993874098f)
Hauke Mehrtens [Wed, 26 Oct 2022 21:05:31 +0000 (23:05 +0200)]
bpf: check llvm version only when used
unetd always includes $(INCLUDE_DIR)/bpf.mk. This file always checks if
the LLVM version is supported in CLANG_VER_VALID. unetd only needs bpf
when UNETD_VXLAN_SUPPORT is set. It fails when UNETD_VXLAN_SUPPORT is
not set and llvm is not installed.
Fix it by only checking the LLVM version when a LLVM toolchain is
available.
We've few low spec (make -j3) build workers attached to the 22.03
buildbot instance which from time to time exhibit following build
failure during image generation (shortened for brewity):
+ dd bs=512 if=root.ext4 of=openwrt-22.03...sdcard.img.gz.img
dd: failed to open 'root.ext4': No such file or directory
Thats happening likely due to the fact, that on buildbots we've
`TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem
image in the SD card image target dependency chain:
and that hardcoded `root.ext4` image filename becomes available from
other Make targets in the later stages. So lets fix this issue by using
IMAGE_ROOTFS Make variable which should contain proper path to the root
filesystem image.
Petr Štetiar [Tue, 3 Jan 2023 11:44:51 +0000 (12:44 +0100)]
at91: sama7: fix racy SD card image generation
We've few low spec (make -j3) build workers attached to the 22.03
buildbot instance which from time to time exhibit following build
failure during image generation:
+ dd bs=512 if=root.ext4 of=openwrt-22.03-snapshot-r20028-43d71ad93e-at91-sama7-microchip_sama7g5-ek-ext4-sdcard.img.gz.img seek=135168 conv=notrunc
dd: failed to open 'root.ext4': No such file or directory
Thats likely due to the fact, that on buildbots we've
`TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem
image in the SD card image target dependency chain:
and that hardcoded root.ext4 becomes available from other target in the
later stages. So lets fix this issue by using IMAGE_ROOTFS Make variable
which should contain proper path to the root filesystem image.
David Bauer [Mon, 16 Jan 2023 00:30:29 +0000 (01:30 +0100)]
dosfstools: switch to AC_CHECK_LIB
This fixes spurious build-errors on OpenWrt, where the AM_ICONV macro
is undefined while invoking autoconfig. Later in the build, the ICONV
LDOPTIONS are set to @LIBICONV@, failing the build.
Stijn Tintel [Wed, 14 Dec 2022 18:11:45 +0000 (20:11 +0200)]
tools/dosfstools: fix PKG_SOURCE
Both mirrors provided in the Makefile only serve gzipped tarballs.
Fixes: #10871 Fixes: 9edfe7dd13d9 ("source: Switch to xz for packages and tools where possible") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit bd911b45389b3da299948b457a1fc645febd2248)
Ivan Maslov [Sat, 29 Jan 2022 20:11:30 +0000 (23:11 +0300)]
toolchaini/gcc: fix libstdc++ dual abi model
libstdcxx-dual-abi needs to be enabled to actually support C++11 ABI.
Enable the config flag to also permit support of .NET 6 development on
OpenWrt.
Signed-off-by: Ivan Maslov <avenger_msoft@mail.ru>
[ reword commit description and title ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3c06a344e9c7c03c49c9153342e68a5390651323)
scripts/dl_github_archieve.py: fix generating unreproducible tar
Allign dl_github_archieve.py to 8252511dc0b5a71e9e64b96f233a27ad73e28b7f
change. On supported system the sigid bit is applied to files and tar
archieve that on tar creation. This cause unreproducible tar for these
system and these bit should be dropped to produce reproducible tar.
Add the missing option following the command options used in other
scripts.
Fixes: 75ab064d2b38 ("build: download code from github using archive API") Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Tested-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5f1758ef14575df4e86896526b1c2035c231899e)
Florian Maurer [Thu, 5 Jan 2023 14:29:24 +0000 (15:29 +0100)]
lantiq-xrx200: fix wan LED on o2 box 6431
The WIFI LED already worked for me with the latest openwrt 22.03 version.
Wifi LED did not with an older 22.x version (in gluon - there phy0radio did nothing but phy0tpt did show activity
the WAN interface has the name "wan" and not "pppoe-wan" on this device
CI: build: fix external toolchain use with release tag tests
When a new tag for a release is created, the just checkout repo from
github actions will already have such tag locally created.
This will result in git fetch --tags failing with error rejecting the
remote tag with (would clobber existing tag).
Add -f option to overwrite any local tags and always fetch them from
remote.
Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f655923b362e9f2d70672eee9c1fa82550a145a6)
Hauke Mehrtens [Sat, 24 Dec 2022 13:39:17 +0000 (14:39 +0100)]
mac80211: Do not build brcmsmac on bcm47xx_legacy
brcmsmac needs bcma. bcma is build into the kernel for the other bcm47xx
subtargets, but not for the legacy target because it only uses ssb. We
could build bcma as a module for bcm47xx_legacy, but none of these old
devices uses a wifi card supported by brcsmac.
Hauke Mehrtens [Sat, 17 Dec 2022 21:10:39 +0000 (22:10 +0100)]
gdb: Do not link against xxhash
libxxhash is now available in the OpenWrt package feed and gdb will link
against it if gdb finds this library. Explicitly deactivate the usage
of xxhash.
Allow forced flashing of a factory firmware image, after checking for the
correct FIT magic header and Linksys board-specific footer. Details of the
footer are already described in scripts/linksys-image.sh.
This is convenient as it avoids using a TFTP server or OEM GUI, and allows
restoring OEM firmware or installing a "breaking" OpenWrt update (e.g DSA
migration and kernel repartition) directly from the command line.
Devices supported at this time include EA6350v3, EA8300, MR8300 and WHW01.
Reviewed-by: Robert Marko <robimarko@gmail.com> Tested-by: Wyatt Martin <wawowl@gmail.com> # WHW01 Tested-by: Tony Ambardar <itugrok@yahoo.com> # EA6350v3 Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 6fc334cbdc2b1716786768c545b761b338962b43)
Hauke Mehrtens [Sat, 31 Dec 2022 18:32:41 +0000 (19:32 +0100)]
treewide: Trigger reinstall of all wolfssl dependencies
The ABI of the wolfssl library changed a bit between version 5.5.3 and
5.5.4. This release update will trigger a rebuild of all packages which
are using wolfssl to make sure they are adapted to the new ABI.
Hauke Mehrtens [Thu, 29 Dec 2022 20:26:28 +0000 (21:26 +0100)]
mbedtls: update to version 2.28.2
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Fixes the following CVEs:
* CVE-2022-46393: Fix potential heap buffer overread and overwrite in
DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
* CVE-2022-46392: An adversary with access to precise enough information
about memory accesses (typically, an untrusted operating system
attacking a secure enclave) could recover an RSA private key after
observing the victim performing a single private-key operation if the
window size used for the exponentiation was 3 or smaller.
$(STAGING_DIR_HOST)/bin/gzip is not available in openwrt-22.03. The
change broke the build because the build process could not find this
file. For example ath79/generic netgear_wndap360 was affected.
Stijn Tintel [Tue, 20 Dec 2022 18:04:53 +0000 (20:04 +0200)]
trusted-firmware-a.mk: use correct CPE ID
There are 2 different CPE IDs on the NVD website:
cpe:/a:arm:trusted_firmware-a
cpe:/o:arm:arm_trusted_firmware
The ID as currently used in trusted-firmware-a.mk does not exist. The
CPE ID using the arm_trusted_firmware product name only lists a few
records for versions 2.2 and 2.3 on the NVD site. The CPE ID using the
trusted_firmware-a product name lists many more records, and actually
has a CVE linked to it. Therefore, use the CPE ID using the
trusted_firmware-a product name.
ath79: image: don't depend on other COMPILE targets
A device COMPILE target should not depend on another COMPILE.
Otherwise race condition may happen.
The loader is very small. Compiling it twice shouldn't
have a huge impact.
Michael Pratt [Tue, 22 Nov 2022 00:37:39 +0000 (00:37 +0000)]
image: fix device profile specific COMPILE targets
Commit a01d23e75 ("image: always rebuild kernel loaders")
is a step in the right direction, but exposed some issues
and regressions in the makefile.
Some of the files made by device specific COMPILE targets
start with an "append" command (i.e. >> instead of > redirection)
and if the file already exists, the target file is the
input to itself before the first recipe-specified input.
To generate commitcount we use grep --max-count. This is not present on
alpine grep and cause wrong generation. Use -m as it's just the short
version of --max-count and more portable.
Hauke Mehrtens [Wed, 14 Dec 2022 15:29:16 +0000 (16:29 +0100)]
kernel: Make KERNEL_MAKEOPTS recursively expanded
KERNEL_MAKEOPTS will get expanded when it is used and not when it is
defined in the kernel.mk file now. This fixes problems finding dependent
kernel modules when it is used by a kernel module package.
Without this change the build of packages which depend on other out of
tree modules failed when they used KERNEL_MAKE because some symbols could
not be found. This happened because KERNEL_MAKE_FLAGS which contains a
"if $(__package_mk)" was evaluated where KERNEL_MAKEOPTS was defined
and not when the KERNEL_MAKE was used. For packages which included
kernel.mk before package.mk we saw this problem. One workaround
was to use the correct include order and the other one was to not
use KERNEL_MAKE_FLAGS, but copy its content.
Tony Butler [Fri, 9 Dec 2022 11:13:16 +0000 (03:13 -0800)]
lantiq: vr9: include usb driver for fritz 7430
Reported by user: missing driver for USB; add to image definition
https://github.com/openwrt/openwrt/issues/11326
Resolves: #11326
Signed-off-by: Tony Butler <spudz76@gmail.com> Acked-by: Aleksander Jan Bajkowski <olek2@wp.pl>
(cherry picked from commit 9a1ab8aa0398f93360bf54d81bcd332cd413c03f)
Hauke Mehrtens [Wed, 21 Dec 2022 13:25:46 +0000 (14:25 +0100)]
toolchain: Update glibc 2.34 to recent HEAD
This adds the following changes: a88f07f71f stdlib: Remove attr_write from mbstows if dst is NULL [BZ: 29265] 4bc889c01c stdlib: Fixup mbstowcs NULL __dst handling. [BZ #29279] 1fcc7bfee2 alpha: Fix generic brk system call emulation in __brk_call (bug 29490) 68507377f2 socket: Check lengths before advancing pointer in CMSG_NXTHDR 536ddc5c02 elf: Call __libc_early_init for reused namespaces (bug 29528) 2a44960cbc Apply asm redirections in stdio.h before first use [BZ #27087] b41c535f46 Apply asm redirections in wchar.h before first use 2b3d020055 nscd: Fix netlink cache invalidation if epoll is used [BZ #29415] bc5cb538e5 elf: Run tst-audit-tlsdesc, tst-audit-tlsdesc-dlopen everywhere 2ff6775ad3 elf: Fix hwcaps string size overestimation f50a6c843a gconv: Use 64-bit interfaces in gconv_parseconfdir (bug 29583) 1a3afdfe31 resolv: Add tst-resolv-byaddr for testing reverse lookup 6a833d798e resolv: Add tst-resolv-aliases 4d2e67d6e5 resolv: Add internal __res_binary_hnok function bb8adbba4f resolv: Add the __ns_samebinaryname function c288e032ae resolv: Add internal __ns_name_length_uncompressed function e7c03f4765 resolv: Add DNS packet parsing helpers geared towards wire format d9c979abf9 nss_dns: Split getanswer_ptr from getanswer_r 32e5db3768 nss_dns: Rewrite _nss_dns_gethostbyaddr2_r and getanswer_ptr 7267341ec1 nss_dns: Remove remnants of IPv6 address mapping 9abc40d9b5 nss_dns: Rewrite getanswer_r to match getanswer_ptr (bug 12154, bug 29305) c36e7cca35 nss_dns: In gaih_getanswer_slice, skip strange aliases (bug 12154) 480c820493 resolv: Add new tst-resolv-invalid-cname 2def56a349 nss_dns: Rewrite _nss_dns_gethostbyname4_r using current interfaces 044755e2fa resolv: Fix building tst-resolv-invalid-cname for earlier C standards a2e259014f Avoid extra load with CAS in __pthread_mutex_lock_full [BZ #28537] ed8300c054 Avoid extra load with CAS in __pthread_mutex_clocklock_common [BZ #28537] a6b81f605d Add LLL_MUTEX_READ_LOCK [BZ #28537] 6bcfbee727 Move assignment out of the CAS condition 43760d33d7 nptl: Effectively skip CAS in spinlock loop 04efdcfac4 sysdeps: Add 'get_fast_jitter' interace in fast-jitter.h ea69248445 nptl: Add backoff mechanism to spinlock loop 95f5089d4a x86: include BMI1 and BMI2 in x86-64-v3 level 414fc856ff x86-64: Require BMI2 for AVX2 str(n)casecmp implementations e1561d8cf0 x86-64: Require BMI2 for AVX2 strcmp implementation b9cbb8dd48 x86-64: Require BMI2 for AVX2 strncmp implementation 67e863742d x86-64: Require BMI2 for AVX2 wcs(n)cmp implementations 94b9c1b640 x86-64: Require BMI2 for AVX2 (raw|w)memchr implementations 36d6b9be3d x86-64: Require BMI2 and LZCNT for AVX2 memrchr implementation e570b865b5 x86-64: Require BMI1/BMI2 for AVX2 strrchr and wcsrchr implementations e3976287b2 nscd: Drop local address tuple variable [BZ #29607] c95ef423d7 nss: Implement --no-addrconfig option for getent 16c7ed6e68 nss: Fix tst-nss-files-hosts-long on single-stack hosts (bug 24816) d5313bcb7e nss: Use shared prefix in IPv4 address in tst-reload1 9f55d2e7c4 elf: Do not completely clear reused namespace in dlmopen (bug 29600) ca5df79545 linux: Fix generic struct_stat for 64 bit time (BZ# 29657) f42d871b22 Makerules: fix MAKEFLAGS assignment for upcoming make-4.4 [BZ# 29564] 675ba1f361 mktime: improve heuristic for ca-1986 Indiana DST 6e8044e910 Fix memmove call in vfprintf-internal.c:group_number 291d440206 Allow #pragma GCC in headers in conformtest 86a701a204 regex: copy back from Gnulib fa5044f1e3 regex: fix buffer read overrun in search [BZ#28470] 06afa5e09f io: Fix ftw internal realloc buffer (BZ #28126) deea6ab1bc io: Fix use-after-free in ftw [BZ #26779] d57cdc1b5a Linux: Support __IPC_64 in sysvctl *ctl command arguments (bug 29771) 75b0edb7ef Update NEWS file in the right place 691f70b84a elf: Fix rtld-audit trampoline for aarch64 e3255e7d21 x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591] 309c4708ac elf: Fix wrong fscanf usage on tst-pldd 42b9d7def8 Allow for unpriviledged nested containers 405b8ae135 elf: Fix wrong fscanf usage on tst-pldd a1c12fdf3f _Static_assert needs two arguments for compatibility with GCC before 9 a4217408a3 Apply asm redirections in syslog.h before first use [BZ #27087]
Jo-Philipp Wich [Thu, 15 Dec 2022 23:27:02 +0000 (00:27 +0100)]
rpcd: update to latest Git HEAD
7de4820 iwinfo: add "hwmodes_text" to the info output b3f530b iwinfo: clean up rpc_iwinfo_call_hw_ht_mode() c46ad61 iwinfo: reuse infos provided by libiwinfo 6c5e900 iwinfo: constify string map arg for rpc_iwinfo_call_int()
Jo-Philipp Wich [Thu, 15 Dec 2022 23:18:08 +0000 (00:18 +0100)]
iwinfo: update to latest Git HEAD
8d15809 cli: print current HT mode 8f86dd6 cli: use IWINFO_HTMODE_COUNT f36b72b cli: use IWINFO_KMGMT_NAMES 91be7e0 cli: use IWINFO_CIPHER_NAMES 49b6ec9 cli: fix printing the scan channel width b1c8873 cli: fix marking the active channel 9e14e64 utils: add iwinfo_band2ghz() and iwinfo_ghz2band() helpers e084781 utils: add helper functions to get names by values d09a77a utils: add iwinfo_htmode_is_{ht|vht|he} helpers 8752977 utils: add and use iwinfo_format_hwmodes() 02f433e lib: add IWINFO_80211_COUNT and IWINFO_80211_NAMES 1d30df1 lib: add IWINFO_BAND_COUNT and IWINFO_BAND_NAMES aefd0ef lib: use common IWINFO_CIPHER_NAMES strings a5b30de lib: add IWINFO_OPMODE_COUNT and use it for IWINFO_OPMODE_NAMES 9f29e79 lib: constify and fixup the string array definitions fddc015 nl80211: mark frequencies where HE operation in not allowed 6d50a7c nl80211: add support for HE htmodes 4ba5713 nl80211: properly get available bands for the hwmode 91b2ada nl80211: update the kernel header nl80211.h 3f619a5 nl80211: fix frequency/channel conversion for the 6G band a77d915 nl80211: don't guess if a name is an ifname c27ce71 devices: add usb device MediaTek MT7921AU 14f864e nl80211: add ability to describe USB devices a5a75fd nl80211: remove ancient wpa_supplicant ctrl socket path dd4e1ff nl80211: fix wpa supplicant ctrl socket permissions d638163 fix -Wdangling-else warnings 4aa6c5a fix -Wreturn-type warning 3112726 fix -Wpointer-sign warning ebd5f84 fix -Wmaybe-uninitialized warning 5469898 fix -Wunused-variable warnings 462b679 fix -Wduplicate-decl-specifier warnings ccaabb4 fix -Wformat-truncation warnings 50380db enable useful compiler warnings via -Wall
Felix Fietkau [Thu, 22 Sep 2022 13:23:54 +0000 (15:23 +0200)]
iwinfo: update to the latest version
46f04f3808e8 devices: add MediaTek MT7986 WiSoC b3e08c8b5a8f ops: make support for wireless extensions optional 1f695d9c7f82 nl80211: allow phy names that don't start with 'phy' b7f9f06e1594 nl80211: fix phy/netdev index lookup 4a43b0d40ba5 nl80211: look up the phy name instead of assuming name == phy<idx>
Stijn Tintel [Tue, 17 May 2022 17:50:31 +0000 (20:50 +0300)]
kernel: add missing symbol for bcm27xx
When KERNEL_PERF_EVENTS is enabled in OpenWrt, the RPI_AXIPERF symbol is
exposed. Add a build option for it to fix build failures with
KERNEL_PERF_EVENTS enabled.
Hauke Mehrtens [Sun, 7 Aug 2022 11:24:59 +0000 (13:24 +0200)]
kernel: kmod-net-rtl8192su: Remove package
The R8712U driver depends on cfg80211. cfg80211 is provided by mac80211
backports, we can not build any in kernel drivers which depend on
cfg80211 which is an out of tree module in OpenWrt.
The cfg80211 dependency was added with kernel 5.9.
We could add rtl8192su to backports and build it from there.
Martin Schiller [Wed, 2 Nov 2022 06:41:04 +0000 (07:41 +0100)]
kernel: further cleanup of xfrm[4|6]_mode*
In my commit da5c45f4d886 ("kernel: remove handling of xfrm[4|6]_mode_*
modules") I missed a few default config options and description entries.
Those should be gone as well.
Fixes: da5c45f4d886 ("kernel: remove handling of xfrm[4|6]_mode_* modules") Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 1e028ac51e4d033cc1a8a06850ca8c6469206761)
Add package supporting Bluetooth HCI interfaces connected over SDIO.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[pepe2k@gmail.com: dropped rfkill dependency, other minor text fixes] Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit fb7547684538e5501c4b91ed62e5f66832e4d9bc)
David Bauer [Fri, 9 Dec 2022 00:58:03 +0000 (01:58 +0100)]
ath79: fix Teltonika RUT230 v1 MAC assignment
The MAC-Address setup for the Teltonika RUT230 v1 was swapped for the
LAN / WAN ports. Also the Label-MAC was assigned incorrect, as the WiFi
MAC is printed on the case as part of the SSID, however only the LAN
MAC-Address is designated as a MAC-Address.
Wavlink WS-WN572HP3 4G is an 802.11ac
dual-band outdoor router with LTE support.
Specifications;
* Soc: MT7621DAT
* RAM: 128MiB
* Flash: NOR 16MiB GD-25Q128ESIG3
* Wi-Fi:
* MT7613BEN: 5GHz
* MT7603EN: 2.4GHz
* Ethernet: 2x 1GbE
* USB: None - only used internally
* LTE Modem: Quectel EC200T-EU
* UART: 115200 baud
* LEDs:
* 7 blue at the front
* 1 Power
* 2 LAN / WAN
* 1 Status
* 3 RSSI (annotated 4G)
* 1 green at the bottom (4G LED)
* Buttons: 1 reset button
Installation:
* press and hold the reset button while powering on the device
* keep it pressed for ten seconds
* connect to 192.168.10.1 via webbrowser (chromium/chrome works, at
least Firefox 106.0.3 does not)
* upload the sysupgrade image, confirm the checksum, wait 2 minutes
until the device reboots
Revert to stock firmware:
* same as installation but use the recovery image for WL-WN572HP3
Hauke Mehrtens [Thu, 8 Dec 2022 00:15:11 +0000 (01:15 +0100)]
ustream-ssl: update to Git version 2022-12-07
9217ab4 ustream-openssl: Disable renegotiation in TLSv1.2 and earlier 2ce1d48 ci: fix building with i.MX6 SDK 584f1f6 ustream-openssl: wolfSSL: provide detailed information in debug builds aa8c48e cmake: add a possibility to set library version
CI: build: skip sdk adapt to external toolchain on cache hit
On cache hit, skip sdk adapt to external toolchain. This is needed because we
cache the already extracted sdk and that is already adapted to be used
as external toolchain.
Rerunning the adap step will result in the test to fail for missing file
as the file are already got wrapped to the external toolchain format.
Fixes: 42f0ab028e2e ("CI: build: fix use of sdk as toolchain") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 99eaedfe3966b1ca812e8a962197cf91286247f7)
The toolchain included in a sdk have a different format than an external
toolchain tar.
Since sdk is a more integrated setup doesn't use and include wrapper bin
that use the external toolchain config and use an alternative and more
standard way to include all the toolchain headers.
External toolchain use wrapper.sh to append the configured include
header when each tool is called.
Fix the sdk toolchain by reverting their own sdk wrapper scripts and to
simulate an external toolchain build copying what is done in the
toolchain target makefile.
This handle compilation error and warning caused by not using fortify
header on building packages.
Fixes: 006e52545d14 ("CI: build: add support to fallback to sdk for external toolchain") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 42f0ab028e2eae0d4e7acf9db7fd68b256f23503)
Hauke Mehrtens [Mon, 5 Dec 2022 23:17:35 +0000 (00:17 +0100)]
e2fsprogs: Fix CVE-2022-1304
This fixes CVE-2022-1304:
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5.
This issue leads to a segmentation fault and possibly arbitrary code
execution via a specially crafted filesystem.
Hannu Nyman [Tue, 6 Dec 2022 08:36:56 +0000 (10:36 +0200)]
mvebu: disable also wrt32x due to broken switch
WRT32x has identical hardware as WRT3200ACM,
so handle the devices identically.
Reference to:
* FCC approval: WRT32x is a new name for WRT3200ACM hardware
https://fccid.io/Q87-WRT3200ACM#Grant-TCB-5
FCC IDENTIFIER: | Q87-WRT3200ACM
C2PC: - Adding a new model name: WRT32X;
* Linux switch definition:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=2716777b4f21649fb907b4a4fb96e1c8d0a5ec16
MV88E6176 is mostly compatible to MV88E6352 and is documented
in the same functional specification. Add support for it.
Fixes: a0bae2fef8 "mvebu: cortexa9: disable devices using broken mv88e6176 switch" Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Catalin Toda [Fri, 15 Jul 2022 17:18:23 +0000 (10:18 -0700)]
kernel: netconsole: add network console logging support
Accessing the console on many devices is difficult.
netconsole eases debugging on devices that crash
after the network is up.
Reference to the netconsole documentation in upstream Linux:
<https://www.kernel.org/doc/html/latest/networking/netconsole.html>
|
|netconsole=[+][src-port]@[src-ip]/[<dev>],[tgt-port]@<tgt-ip>/[tgt-macaddr]
|
| where
| + if present, enable extended console support
| src-port source for UDP packets (defaults to 6665)
| src-ip source IP to use (interface address)
| dev network interface (eth0)
| tgt-port port for logging agent (6666)
| tgt-ip IP address for logging agent
| tgt-macaddr ethernet MAC address for logging agent (broadcast)
OpenWrt specific notes:
OpenWrt's device userspace scripts are attaching the network
interface (i.e. eth0) to a (virtual) bridge (br-lan) device.
This will cause netconsole to report:
|network logging stopped on interface eth0 as it is joining a master device
(and unfortunately the traffic/logs to stop at this point)
As a workaround, the netconsole module can be manually loaded
again after the bridge has been setup with:
One way of catching errors before the handoff, try to
append the /etc/modules.conf file with the following extra line:
options netconsole netconsole=@/eth0,@192.168.1.x/MA:C...
and install the kmod-netconsole (=y) into the base image.
Signed-off-by: Catalin Toda <catalinii@yahoo.com>
(Added commit message from PR, added links to documentation) Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 488b25f5ac5028923f67e3beade92dab0c2591f1)
projects / thirdparty / openwrt.git / log
