Commit Graph

50427 Commits

Author SHA1 Message Date
Hans Dedecker
d52c5c081e glibc: update to latest 2.33 commit
db32fc27e7 test-container: Always copy test-specific support files [BZ #27537]
79c6be6a0a nptl: Remove private futex optimization [BZ #27304]
f90d6b0484 pthread_once hangs when init routine throws an exception [BZ #18435]
dd8023c2ac elf: ld.so --help calls _dl_init_paths without a main map [BZ #27577]
ea5a537e87 elf: Always set l in _dl_init_paths (bug 23462)
64f6c287ad x86: Handle _SC_LEVEL1_ICACHE_LINESIZE [BZ #27444]
32b9280f1d io: Return EBAFD for negative file descriptor on fstat (BZ #27559)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 956490ad6a)
2021-03-21 14:01:10 +01:00
Hauke Mehrtens
31bca5f256 archs38: Add CONFIG_HZ=100
This kernel config option was missing and resulted in a question when
building.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 047b7621bb)
2021-03-19 18:01:55 +01:00
Hans Dedecker
d148fb1603 glibc: update to latest 2.33 commit (BZ #27462, BZ #27318, BZ #27389)
a151f2e05a nscd: Fix double free in netgroupcache [BZ #27462]
ee9f98d9ca x86: Set minimum x86-64 level marker [BZ #27318]
3e880d7337 nss: Re-enable NSS module loading after chroot [BZ #27389]
71b2463f61 x86: Add CPU-specific diagnostics to ld.so --list-diagnostics
a1eb3915e7 x86: Automate generation of PREFERRED_FEATURE_INDEX_1 bitfield
33dc1dd602 ld.so: Implement the --list-diagnostics option
8d4241b897 string: Work around GCC PR 98512 in rawmemchr
6efa2d44c8 S390: Add new hwcap values.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 0ef3c58ac8)
2021-03-18 23:01:53 +01:00
Rafał Miłecki
192486ac74 bcm53xx: backport first 5.13 DTS changes
This adds NVMEM bindings that are needed for proper booting on Linksys
devices.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 98d456a14e)
2021-03-17 23:38:46 +01:00
Rafał Miłecki
761df5c4cf bcm47xx: make WGT634U NVRAM patch apply again
Fixes: 1c48eee5b2 ("kernel: backport Broadcom NVRAM driver cleanups")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9530b9bb78)
2021-03-17 23:38:46 +01:00
Rafał Miłecki
20fe0e66f3 bcm53xx: initialize NVRAM from NVMEM driver
NVRAM access may be needed early in boot process. Reading it using mtd
happens quite late in the init process. Add NVRAM initialization to the
NVMEM driver which comes up early and depends on IO mapping only.

This is required by Linksys devices which use NVRAM content for proper
partitioning (detecting current firmware partition).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit baf04eed02)
2021-03-17 23:38:46 +01:00
Rafał Miłecki
946bfd59a6 kernel: backport Broadcom NVRAM driver cleanups
Refactoring of bcm47xx_nvram driver. It's used by bcm47xx and bcm53xx.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1c48eee5b2)
2021-03-17 23:38:46 +01:00
Rafał Miłecki
3ce0d62b39 bcm53xx: backport NVMEM NVRAM driver
It supports NVRAM access described using DT binding. Right now NVRAM
data is exposed using /sys/bus/nvmem/ only.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 01b1b37528)
2021-03-17 23:38:46 +01:00
Rafał Miłecki
d523f61135 bcm53xx: backport more upstream dts stuff from kernel 5.11
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8078d89a53)
2021-03-17 23:38:41 +01:00
Rafał Miłecki
7d03fdb004 bcm53xx: group dts backports by upstream kernel version
It's a simple renaming thing.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d0ee398c36)
2021-03-17 23:26:12 +01:00
Rafał Miłecki
15d142262a bcm4908: backport recent bcm_sf2 changes
One 5.12 link fix and 5.13 crossbar support.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e1b4fd52a8)
2021-03-17 21:24:24 +01:00
Rafał Miłecki
86eb3de66e bcm4908: backport recent bcm4908_enet changes
This includes 5.12 fix and 5.13 improvements.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7091e31230)
2021-03-17 21:24:24 +01:00
Rafał Miłecki
763f0bab3e bcm4908: backport first PHY 5.13 patches
1. Upstream accepted version of Kconfig change
2. Documentation binding fix

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit d7c8ca4d0b)
2021-03-17 21:24:24 +01:00
Rafał Miłecki
b18fe2ecc4 bcm4908: use accepted 5.13 DTS patches
Some patches were slightly cleaned up. One things worth mentioning is
that adding:
phy-mode = "rgmii"
broke SF2 driver. It made it access random register breaking switch
setup.

That's why this commit also adds a quick sf2 fix.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 05dbfe616d)
2021-03-17 21:24:24 +01:00
Rafał Miłecki
6a217d6d72 kernel: add pending mtd patches adding NVMEM support
It's meant to provide upstream support for mtd & NVMEM. It's required
e.g. for reading MAC address from mtd partition content. It seems to be
in a final shape so it's worth testing.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e90e75b12c)
2021-03-17 21:24:22 +01:00
Rafał Miłecki
c8b415035c kernel: move mtd ofpart accepted patch
Move upstream patch to the backport directory.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit deceb03993)
2021-03-17 21:23:56 +01:00
Rafał Miłecki
bc2c3d99c8 bcm4908: prepare to support TP-Link Archer C2300 V1
It's a BCM4906 based device (2 CPU cores). It has 512 MiB of RAM, 4 LAN
ports, 1 WAN port, 2 USB ports, NAND flash. WiFi unknown at this point.

Flashing is possible using CFE only, proper image will be worked on
later.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8d24da1470)
2021-03-17 21:23:46 +01:00
Rafał Miłecki
058e4c57aa bcm63xx-cfe: update to the latest master
d035016 tp-link: rename to tplink to match DT vendor prefix

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4d961436c4)
2021-03-17 21:23:45 +01:00
Rafał Miłecki
217687c7ec bcm63xx-cfe: update to the latest master
3fb6f1c tp-link: c2300-v1: add cferam file
79f9578 sercomm: vox-2.5: add cferam file

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ac39c4bd60)
2021-03-17 21:23:45 +01:00
Rafał Miłecki
543007917a kernel: add the latest mtd patch extending ofpart parser
This adds the latest version of ofpart commit. It hopefully
1. Doesn't break compilation
2. Doesn't break partitioning
(this time).

It's required to implement fixed partitioning with some quirks. It's
required by bcm53xx, bcm4908, kirkwood, lantiq and mvebu.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7a7b2fd809)
2021-03-17 21:23:38 +01:00
Rafał Miłecki
67df3a829b bcm4908: backport Ethernet driver fixes from the 5.12
The most noticeable one is fix for RX stopping on high traffic.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit acbea54bc2)
2021-03-17 21:22:29 +01:00
Rafał Miłecki
08bbe361e0 bcm4908: add bcm_sf2 fixes for the 5th GPHY
This allows using the last integrated PHY (and so e.g. WAN port on the
ASUS GT-AC5300).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ad8b759fd1)
2021-03-17 21:22:29 +01:00
Paul Spooren
69b77dc3b4 build,ib: add STRIP_ABI option for manifest
The ImageBuilder `make manifest` prints all installed packages. This
function can be used to create a list of package and corresponding
package versions before attempting image creation.

When called with `--strip-abi` OPKG can automatically strip attached
ABIVersions from package names. Make this function accessible for the
ImageBuilder by adding a `STRIP_ABI` variable.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 0f7cd97f81)
2021-03-16 11:05:26 -10:00
Hauke Mehrtens
f82e7e96a0 kernel: bump 5.4 to 5.4.105
Refreshed all patches.

The following patches were applied upstream:
* 755-v5.8-net-dsa-add-GRO-support-via-gro_cells.patch
* 831-v5.9-usbip-tools-fix-build-error-for-multiple-definition.patch

Compile-tested on: x86_64, ipq40xx, ath79
Runtime-tested on: x86_64, ipq40xx, ath79

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-16 00:31:16 +01:00
Daniel Golle
60275454fb rpcd: update to git HEAD
d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations
 ccb7517 sys: packagelist: drop ABI version from package name

(cherry picked from commit da339a6d3f)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Daniel Golle
55a43e1ab0 opkg: update to git HEAD
d71856a pkg: pass-through ABIVersion to status file
 d3a63b3 libopkg: add option to strip ABI versions from listed names
 5936c4f libopkg: pkg_hash: prefer original packages to satisfy dependencies

(cherry squashed from commit 6a7a1f1c64,
commit 988ed00802 and
commit b5f6d20560)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Paul Spooren
67166fabda include: store ABIVersion in Packages index
With the existence of ABI versions there is no clean way to determine
the package name without an attached ABI version. The Packages index is
stored on device to know what packages are installed.

The ABIVersion was recently removed in c921650382 "build: drop ABI
version from metadata", while ABI versions still exists. This becomes a
problem if a user tries to export installed packages via `ubus call
rpcd-sys packagelist` which would return package names including the ABI
version. Trying to find these packages in a later release with changes
ABI version is impossible.

This commits adds the `ABIVersion` field again. Knowing both the
combined (SourceName + ABIVersion) and the `ABIVersion` it is possible
to calculate the package `SourceName` without storing it in the
on-device package list.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit fc5b101c06)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Daniel Golle
9a5f385732 selinux-policy: update to version v0.8
a857b45 resolv/locale: eventually this should be more efficient
 11ed281 some more optimization
 764a475 add redundant calls to file.search_conffile_dirs()
 7d4558e fs: treat devtmpfs that same as tmpfs
 81b677e adds irqbalance skeleton
 5506244 irqbalance rules
 cc96cd8 adds usbutil and gtpfdisk skels
 01e2a55 some fsck, gptfdisk, mkfs and usbutil rules
 d6d1e7d usbutil: output to terminal
 da576fa fsck, gptfdisk and usbutil rules
 09b39e9 unbound
 241a029 hotplugcall: allow dac_read_search (is a subset of dac_override)
 af0fe90 adds label for tcsh
 160f79e adds tcpdump
 6d02b96 adds coreutil execfile for busybox alternatives
 ac54884 coreutilexecfile: these are known to require privileges, so exclude
 8cb3b66 adds chrootexecfile
 6d329d3 this saves 9KiB and its a bit more robust
 88e2425 move addpart/delpart/partx to gptfdisk.cil
 261012d ntphotplug: reads ubox data files
 0473ace various
 740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10)
 bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31
 cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes
 07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all)
 8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap
 b8156cd adds a note about how i forgot to target blockd
 6e82ab8 adds blockd and related
 254ff43 Makefile: exclude blockd from mintesttgt
 4dc6bc2 pppd update related and unbound-odhcp rules
 3d7da7a igmpproxy tidy some loose ends
 c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf
 5a18967 adds igmpproxy skeleton
 7e6a218 logread: support resolving dns names
 e39ca8b netifd: add support for /etc/udhcpc.user
 7952bd0 odhcp6c: support /etc/odhcp6c.user
 ba0eb4e swconfig, fwenv, agent
 4556b8a pppd cosmetic
 9324d9d pppd: sends AT commands to model using /dev/ttyUSBN
 417b14a ttydev: add some more ttyUSB
 ed739dc example: dont depend on policycoreutils
 97613f9 dropbear: using dropbear as scp: dns name resolving
 12c193b dropbear tcp connect ssh ports for scp
 c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional
 8c5de35 this is a bug
 8d5c463 uhttpd rcboot rcdnsmasq
 094266e hostapd and wpa_supplicant
 aef0bd7 mountroot: maintains /tmp/sysupgrade.tar
 24f0406 dropbear: allow it to read tmp.fs files
 2901433 firstboot mkfsf2fs rcboot
 2c4afb7 blockmount mmc
 465ca98 adds industrial i/o (iio) nodedev
 82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon
 7df78bd ubus: "support" older ubusd versions that run as root
 4458bce swconfig: allow using terminal (to print output)
 e8d606d sslcert: openssl linked: this shaves off 200 bytes
 93afffb jshn ntpdhotplug
 0b847f0 wpad: reads /etc/ssl/openssl.cnf
 f14ee34 indent fix
 a0c7cad mtd, uhttpd, ubus and ntpdhotplug
 d74f98f adds a not about checkreqprot requirement in some scenarios
 affacce example: add policycoreutils-setfiles for make check
 4f944dc kmodloader and fwenv:
 efe36a3 netifd: adds a comment/reminder
 581b087 more fw_printenv loose ends
 30177a4 fw_setenv: needs mtd write access to set and delete env
 da28f4c fw_printenv: some minor clean ups
 a062053 fw_printenv missing rules
 244ba5f blockmount: extroot and /rwm
 0745a6a squid: allow squid to run sslcrtd with domain transition
 b851df6 squid fix
 8c55acd squid: adds certfile and allow connect http but...
 b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid)
 5ff39bd squid: forgot about luci
 5366c97 squid/rcsquid some basic fill in
 8743da6 squid skeleton
 687a43b adds squid 3128 port to httpproxy port

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry squashed from commit 3ffc30f05a
and commit 41a8f093fb)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
8a317fbb9a checkpolicy: update to version 3.2
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
42ae834a libsepol,checkpolicy: optimize storage of filename transitions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 49edc4d17f)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
22cc999731 secilc: update to version 3.2
49ff851c secilc: fixes cil_role_statements.md example
03881703 secilc/docs: add custom color theme
4c8d6094 secilc/docs: add syntax highlighting for secil
057d72af secilc/docs: use fenced code blocks for cil examples
e8bcdb84 cil_network_labeling_statements: fixes nodecon examples
eefa5511 cil_access_vector_rules: allowx, auditallowx and dontauditx fixes
9e9b8103 secilc/docs: document expandtypeattribute
fbe1e526 Update the cil docs to match the current behaviour.

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 0b58ebcfe2)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
0526d5bb17 policycoreutils: update to version 3.2
d464187c policycoreutils: sestatus belongs to bin not sbin
d59932a7 policycoreutils: Resolve path in restorecon_xattr
5682c0d5 policycoreutils/fixfiles.8: add missing file systems and merge check and verify
57dd1f65 policycoreutils/setfiles: Drop unused nerr variable
be7f54cb setfiles: drop ABORT_ON_ERRORS and related code
9207823c setfiles: Do not abort on labeling error
c064d214 selinux_config(5): add a note that runtime disable is deprecated
8bc865e1 newrole: support cross-compilation with PAM and audit
ba2d6c10 fixfiles: correctly restore context of mountpoints

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 68934a5704)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
c47b8c0568 libsemanage: update to version 3.2
c35919a7 libsemanage: sync filesystem with sandbox
5b05e829 Revert "libsemanage/genhomedircon: check usepasswd"
edae9275 libsemanage: Free contents of modkey in semanage_direct_remove
ce46daab libsemanage/genhomedircon: check usepasswd
6ebb35d2 libsemanage: Bump libsemanage.so version
c08b73d7 libsemanage: Drop deprecated functions
b46406de libsemanage: Remove legacy and duplicate symbols

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 4670492ad7)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
5cc1af92b2 libselinux: update to version 3.2
142826a3 libselinux: fix segfault in add_xattr_entry()
398d2cee libselinux: rename gettid() to something which never conflicts with the libc
8f0f0a28 selinux(8,5): Describe fcontext regular expressions
9cc6b5cf libselinux/getconlist: report failures
156dd0de libselinux: update getseuser
e2dca5df libselinux: accept const fromcon in get_context API
da4829d0 libselinux: Always close status page fd
45b15c22 selinux(8): explain that runtime disable is deprecated
3c16aaef selinux(8): mark up SELINUX values
c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable
db0f2f38 libselinux: Add build option to disable X11 backend
4a142ac4 libsepol: Bump libsepol.so version
d23342a9 libselinux: convert matchpathcon to selabel_lookup()
7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format.
f5d644c7 libselinux: Add additional log callback details in man page for auditing.
075f9cfe libselinux: Fix selabel_lookup() for the root dir.
a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices.
a63f93d8 libselinux: initialize last_policyload in selinux_status_open()
ef902db9 libselinux: safely access shared memory in selinux_status_updated()
9e4480b9 libselinux: Remove trailing slash on selabel_file lookups.
21fb5f20 libselinux: use full argument specifiers for security_check_context in man page
e7abd802 libselinux: fix build order
05bdc031 libselinux: use kernel status page by default

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit b1fc2b5b0b)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
51159bcfd1 libsepol: update to version 3.2
a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails
6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf
0861c659 libsepol: Validate policydb values when reading binary policy
8f5409cf libsepol: Create function ebitmap_highest_set_bit()
0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete
32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast
4662bdc1 libsepol/cil: be more robust when encountering <src_info>
6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument
0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks
1b36ace2 libsepol: include header files in source files when matching declarations
1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check
72a88d75 libsepol: remove unused files
eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit
1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block
b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep
f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values()
5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums
34bd9a9d libsepol: destroy filename_trans list properly
bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer
b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails
228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit
a25d9104 libsepol/cil: constify some strings
e2d01842 libsepol/cil: propagate failure of cil_fill_list()
6c8fca10 libsepol/cil: do not add a stack variable to a list
38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias
3c357285 libsepol/cil: remove useless print statement
90809674 libsepol/cil: always destroy the lexer state
d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible
2aac859a libsepol/cil: Use the macro NODE() whenever possible
d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases()
9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve
e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node()
ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
89dab467 libsepol: free memory when realloc() fails
2d353bd5 libsepol/cil: Give error for more than one true or false block
4a142ac4 libsepol: Bump libsepol.so version
506c7b95 libsepol: Drop deprecated functions
ae58e84b libsepol: Get rid of the old and duplicated symbols
c97d63c6 libsepol: silence potential NULL pointer dereference warning
64387cb3 libsepol: drop confusing BUG_ON macro
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
a152653b libsepol/cil: Fix neverallow checking involving classmaps
734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy
685f577a libsepol/cil: Validate constraint expressions before adding to binary policy
8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS
42ae834a libsepol,checkpolicy: optimize storage of filename transitions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 2a1bdde0d0)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:15 +00:00
Ilya Lipnitskiy
94077a2f12 ramips: rename mtk-hsdma to hsdma-mt7621
Follows upstream rename:
https://lore.kernel.org/driverdev-devel/20210130034507.2115280-1-ilya.lipnitskiy@gmail.com/

Fixes ramips builds on 5.4.102

Cc: John Audia <graysky@archlinux.us>
Cc: David Bauer <mail@david-bauer.net>
Cc: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 58ad113087)
2021-03-15 10:32:53 -10:00
Felix Fietkau
1eb1d5e0bb kernel: add compatibility with upstream threaded NAPI patch
Enable threading if dev->threaded is set. This will be used to bring mt76 back
in sync with upstream

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 3d1ea0d77f)
2021-03-14 20:41:58 +01:00
Hannu Nyman
e17e212b51 busybox: backport fixes for 1.33.0
Backport two fixes for 1.33.0
* history file storing
* traceroute command option parsing

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit c1f3c52564)
2021-03-13 21:20:17 +01:00
Daniel González Cabanelas
3b6c93298c bcm63xx: AD1018-nor: add NAND flash
The Sercomm AD1018 has a NAND flash. We recently added support for NANDs
in this target.

Use the internal NAND as additional storage.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
(cherry-picked from commit a48ef37747)
2021-03-08 12:46:46 +01:00
Hauke Mehrtens
8b3d879861 kernel: bump 5.4 to 5.4.102
Refreshed all patches.

Compile-tested on: ath79, lantiq, ipq40xx, x86_64
Runtime-tested on: ipq40xx, x86_64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-06 15:51:54 +01:00
Rui Salvaterra
7e1ab3b746 kernel: backport GCC 10 usbip build fix for 5.4
From the original commit message:

"With GCC 10, building usbip triggers error for multiple definition
of 'udev_context', in:
- libsrc/vhci_driver.c:18 and
- libsrc/usbip_host_common.c:27.

Declare as extern the definition in libsrc/usbip_host_common.c."

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 0eef8402ee)
2021-03-05 14:54:35 +01:00
Daniel González Cabanelas
5601da24a8 kernel: b53: update the BCM5365 UID
BCM63XX internal PHYs and BCM5365 SoC internal switch are both using the
same phy_driver->phy_id, causing conflicts and unnecessary probes. E.g
the BCM63XX phy internal IRQ is lost on the first probe.

The full BCM5365 UID is 0x00406370.

Use an additional byte to mask the BCM5365 UID to avoid duplicate driver
phy_id's. This will fix the IRQ issue in internal BCM63XX PHYs and avoid
more conflicts in the future.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
(merge both cherry-picked commits)
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry-picked from commits cbcac4fde8 and cfa43f8119)
2021-03-05 12:23:25 +01:00
Álvaro Fernández Rojas
bdb18e0f84 bcm27xx: bcm2711: disable HW_RANDOM_BCM2835
This driver is only present on BCM2708, BCM2709 and BCM2710.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry-picked from commit bac74aff5e)
2021-03-05 12:16:04 +01:00
Petr Štetiar
ceb6869cd9 build: add which command to build requirements
`which` utility is not shipped by default for example on recent Arch
Linux and then any steps relying on its presence fails, like for example
following Python3 prereq build check:

 $ python3 --version
 Python 3.9.1

 $ make
 /bin/sh: line 1: which: command not found
 ...
 Checking 'python3'... failed.

So make `which` utility host build requirement.

References: PR#3820 FS#3525
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 13069b1a1d)
2021-03-03 23:03:25 +01:00
Clemens Fruhwirth
27c5db998c Revert "build: replace which with Bash command built-in"
This reverts commit c7aec47e5e.

The original commit replaces 'which' with 'command'. Sadly most of
them are not equivalent and for 'which -a', there is no easy
replacements that would not reimplement PATH parsing logic. Hence
revert. Keeping a dependency on which is absolutely fine.

Signed-off-by: Clemens Fruhwirth <clemens@endorphin.org>
(cherry picked from commit 1f5e722486)
2021-03-03 23:02:30 +01:00
Petr Štetiar
a29b398324 build: fix checks for GCC11
Fedora 34 already uses GCC11.

Reported-by: Marcin Juszkiewicz <marcin-openwrt@juszkiewicz.com.pl>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cae69d5581)
2021-03-03 23:01:18 +01:00
Perry Melange
ff6b36b954 feeds.conf.default: remove freifunk feed
The freifunk feed is being removed becasue
a) it is an external project and the OpenWrt team does not have access to it.
b) upon original addition of the feed, there was only a very weak tendency for
the addition.
c) there is a general lack of interest in the freifunk repo to review and/or
merge pull requests.
d) as far as can be found, all projects which use the freifunk feed have their
own make system and self-maintained feeds list.  They do not use the
feeds.conf.default from the openwrt repo.

more information can be read at the following links:

http://lists.openwrt.org/pipermail/openwrt-devel/2021-February/033807.html
https://github.com/freifunk/openwrt-packages/issues/37

Signed-off-by: Perry Melange <isprotejesvalkata@gmail.com>
(cherry picked from commit 20caa68fec)
2021-03-03 22:59:04 +01:00
Ronny Kotzschmar
e4d061cd1a uboot-envtools: adjust compile patch to version v2021.01
with u-boot v2020.07 some variables have been renamed so this patch needs to be adjusted
otherwise at least with macOS as build system there are build errors

Signed-off-by: Ronny Kotzschmar <ro.ok@me.com>
(cherry picked from commit 547a932ee9)
2021-03-01 21:50:08 +01:00
Georgi Valkov
e9e2310c6a uboot-sunxi: add missing type __u64
Non Linux systems e.g. macOS lack the __u64 type and produce build errors:
In file included from tools/aisimage.c:9:
In file included from include/image.h:19:
In file included from ./arch/arm/include/asm/byteorder.h:29:
In file included from include/linux/byteorder/little_endian.h:13:
include/linux/types.h:146:9: error: unknown type name '__u64'; did you mean '__s64'?
typedef __u64 __bitwise __le64;

Resolved by declaring __u64 in include/linux/types.h
Build tested on macOS and Ubuntu.

Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
(cherry picked from commit 3cc57ba462)
2021-03-01 21:49:55 +01:00
Pawel Dembicki
59ba79d675 mpc85xx: p2020: fix cfi-nor detection
At this moment p2020rdb has broken images, because NOR memory connected
to eLBC bus isn't detected.

In 642b1e8dbed7 linux tree commit, config dependencies of MTD_PHYSMAP_OF
was changed and now MTD_PHYSMAP is required.

This patch adds MTD_PHYSMAP option to kernel config in p2020 subtarget
and fix booting of p2020rdb.

Fixes: 13b1db795f ("mpc85xx: add support for kernel 5.4")

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
(cherry picked from commit 76649fd06d)
2021-03-01 21:49:55 +01:00
Stefan Lippers-Hollmann
7b6ee74ee9 hostapd: P2P: Fix a corner case in peer addition based on PD Request
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.

Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.

This fixes the following security vulnerabilities/bugs:

- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
  in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
  discovery requests. It could result in denial of service or other
  impact (potentially execution of arbitrary code), for an attacker
  within radio range.

Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 1ca5de13a1)
2021-03-01 21:49:55 +01:00