Currently, the build option to enable/disable engine support isn't
reflected in the final '/etc/ssl/openssl.cnf' config. It assumes `engines`
is always enabled, producing an error whenever running any
commands in openssl util or programs that explicitly use settings
from '/etc/ssl/openssl.cnf'.
```
➤ openssl version
FATAL: Startup failure (dev note: apps_startup()) for openssl
307D1EA97F000000:error:12800067:lib(37):dlfcn_load:reason(103):crypto/dso/dso_dlfcn.c:118:filename(libengines.so):
Error loading shared library libengines.so: No such file or directory
307D1EA97F000000:error:12800067:lib(37):DSO_load:reason(103):crypto/dso/dso_lib.c:152:
307D1EA97F000000:error:0700006E:lib(14):module_load_dso:reason(110):crypto/conf/conf_mod.c:321:module=engines, path=engines
307D1EA97F000000:error:07000071:lib(14):module_run:reason(113):crypto/conf/conf_mod.c:266:module=engines
```
Build should check for the `CONFIG_OPENSSL_ENGINE` option, and comment out `engines`
if not explicitly enabled.
Example:
```
[openssl_init]
providers = provider_sect
```
After this change, openssl util works correctly.
```
➤ openssl version
OpenSSL 3.0.14 4 Jun 2024 (Library: OpenSSL 3.0.14 4 Jun 2024)
```
Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/15661
Signed-off-by: Robert Marko <robimarko@gmail.com>
224d497dd94f srec2bin: drop unused "dum" variable
6777b2d51961 uimage_sgehdr: use "char" type for header struct strings
81db3025aac5 uimage_sgehdr: drop unused "ltmp" variable
bd7fcc74b43e pc1crypt: make decrypt/encrypt functions take void * as argument
6ac44974185a linksys: add magic header generation tool for e8350 v1
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit 25bbefcdd9.
Only the Config-build.in change needed to be merged and this contains
leftover from previous revision of the feature.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Backport upstream patch for tim->virtual_map flex array warning for
invalid write.
This has been notice with the bump of ath10k-ct to version 6.7.
Link: https://github.com/openwrt/openwrt/pull/15760
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Old "interface" sections for bridges were mixing layer 2 and layer 3.
That syntax got deprecated and UCI section "device" is used for bridge
configuration now.
Backward compatibility may be dropped from netifd soon now so migrate
old configs using uci-defaults script.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
netifd supports more accurate "ports" option (instead of "ifname") for
years now. Relevant changes were even backported to OpenWrt 21.02. Add
uci-defaults script that translates config files using deprecated
syntax.
Identical commit f716c30241 ended up reverted back in 2021 by
80be798d4a due to breaking downgrades. With 19.07 support ended it
should no longer be an issue.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Backport RX timestamp flags patch needed for ath10k-ct to compile with
newer versions.
Link: https://github.com/openwrt/openwrt/pull/15735
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
LEDs support for ath10k has finally merged upstream hence replace it
with the upstream version.
Link: https://github.com/openwrt/openwrt/pull/15735
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
LEDs support for ath10k has finally merged upstream hence replace it
with the upstream version.
Link: https://github.com/openwrt/openwrt/pull/15735
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This reverts commit dc9c5d1ee7.
Additional file for ath10k-ct slipped in, revert for a better version
pushed later.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
LEDs support for ath10k has finally merged upstream hence replace it
with the upstream version.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
A small regress from the translation to shell.
Fixes#12921, originally fixed in #12925 (Github).
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
Link: https://github.com/openwrt/openwrt/pull/15430
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This commit makes the libquadmath library available to the GCC
toolchain. This library is important for libraries such as
Boost.charconv
Signed-off-by: Carlos Miguel Ferreira <carlosmf.pt@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15637
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Debian changelog:
intel-microcode (3.20240531.1) unstable; urgency=medium
* New upstream microcode datafile 20240531
* Fix unspecified functional issues on Pentium Silver N/J5xxx,
Celeron N/J4xxx
* Updated Microcodes:
sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800
* source: update symlinks to reflect id of the latest release, 20240531
-- Henrique de Moraes Holschuh <hmh@debian.org> Sat, 01 Jun 2024 11:49:47 -0300
intel-microcode (3.20240514.1) unstable; urgency=medium
* New upstream microcode datafile 20240514
* Mitigations for INTEL-SA-01051 (CVE-2023-45733)
Hardware logic contains race conditions in some Intel Processors may
allow an authenticated user to potentially enable partial information
disclosure via local access.
* Mitigations for INTEL-SA-01052 (CVE-2023-46103)
Sequence of processor instructions leads to unexpected behavior in
Intel Core Ultra Processors may allow an authenticated user to
potentially enable denial of service via local access.
* Mitigations for INTEL-SA-01036 (CVE-2023-45745, CVE-2023-47855)
Improper input validation in some Intel TDX module software before
version 1.5.05.46.698 may allow a privileged user to potentially enable
escalation of privilege via local access.
* Fix for unspecified functional issues on 4th gen and 5th gen Xeon
Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for
Core i3 N-series processors.
* Updated microcodes:
sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632
sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400
sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256
sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208
sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433
sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808
sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040
sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240
sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960
sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230
* source: update symlinks to reflect id of the latest release, 20240514
-- Henrique de Moraes Holschuh <hmh@debian.org> Thu, 16 May 2024 21:40:52 -0300
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Fix compilation warning:
./include/linux/export.h:29:22: error: passing argument 1 of 'class_create' from incompatible pointer type [-Werror=incompatible-pointer-types]
29 | #define THIS_MODULE (&__this_module)
| ~^~~~~~~~~~~~~~~
| |
| struct module *
/home/aleksander/workspace/openwrt/build_dir/target-mips_24kc_musl/linux-lantiq_xway/ltq-dsl-ar9/drv_dsl_cpe_api-3.24.4.4/src/common/drv_dsl_cpe_os_linux.c:1105:29: note: in expansion of macro 'THIS_MODULE'
1105 | dsl_class = class_create(THIS_MODULE, "dsl_cpe_api");
| ^~~~~~~~~~~
In file included from ./include/linux/device.h:31,
from ./include/linux/platform_device.h:13,
from ./include/linux/of_device.h:5,
from ./include/linux/of_platform.h:10,
from /home/aleksander/workspace/openwrt/build_dir/target-mips_24kc_musl/linux-lantiq_xway/ltq-dsl-ar9/drv_dsl_cpe_api-3.24.4.4/src/common/drv_dsl_cpe_os_linux.c:15:
./include/linux/device/class.h:230:54: note: expected 'const char *' but argument is of type 'struct module *'
230 | struct class * __must_check class_create(const char *name);
| ~~~~~~~~~~~~^~~~
/home/aleksander/workspace/openwrt/build_dir/target-mips_24kc_musl/linux-lantiq_xway/ltq-dsl-ar9/drv_dsl_cpe_api-3.24.4.4/src/common/drv_dsl_cpe_os_linux.c:1105:16: error: too many arguments to function 'class_>
1105 | dsl_class = class_create(THIS_MODULE, "dsl_cpe_api");
| ^~~~~~~~~~~~
./include/linux/device/class.h:230:29: note: declared here
230 | struct class * __must_check class_create(const char *name);
| ^~~~~~~~~~~~
cc1: all warnings being treated as errors
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
Fix compilation warning:
./include/linux/export.h:29:22: error: passing argument 1 of 'class_create' from incompatible pointer type [-Werror=incompatible-pointer-types]
29 | #define THIS_MODULE (&__this_module)
| ~^~~~~~~~~~~~~~~
| |
| struct module *
/home/aleksander/workspace/openwrt/build_dir/target-mips_24kc_musl/linux-lantiq_xway/ltq-adsl-mei-ar9/ltq-adsl-mei/drv_mei_cpe.c:2774:34: note: in expansion of macro 'THIS_MODULE'
2774 | dsl_class = class_create(THIS_MODULE, "ifx_mei");
| ^~~~~~~~~~~
In file included from ./include/linux/device.h:31,
from ./include/linux/dma-mapping.h:8,
from ./include/linux/skbuff.h:28,
from ./include/net/net_namespace.h:43,
from ./include/linux/netdevice.h:38,
from /home/aleksander/workspace/openwrt/build_dir/target-mips_24kc_musl/linux-lantiq_xway/ltq-adsl-mei-ar9/ltq-adsl-mei/drv_mei_cpe.c:39:
./include/linux/device/class.h:230:54: note: expected 'const char *' but argument is of type 'struct module *'
230 | struct class * __must_check class_create(const char *name);
| ~~~~~~~~~~~~^~~~
/home/aleksander/workspace/openwrt/build_dir/target-mips_24kc_musl/linux-lantiq_xway/ltq-adsl-mei-ar9/ltq-adsl-mei/drv_mei_cpe.c:2774:21: error: too many arguments to function 'class_create'
2774 | dsl_class = class_create(THIS_MODULE, "ifx_mei");
| ^~~~~~~~~~~~
./include/linux/device/class.h:230:29: note: declared here
230 | struct class * __must_check class_create(const char *name);
| ^~~~~~~~~~~~
cc1: all warnings being treated as errors
Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
All usages of mtd-cal-data have been removed. To avoid submissions that
rely on this deprecated behavior, remove it.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15671
Signed-off-by: Robert Marko <robimarko@gmail.com>
This reverts commit 80d1c353b7 with the
fix which won't break running systems. A logic error on how shell
handles && and || more the init process.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Currently, the apk utility lacks accessible help documentation, making
it cumbersome for human users:
apk-tools 3.0.0_pre20240519, compiled for x86_64.
ERROR: This apk-tools has been built without help
This absence of help forces users to delve into the apk's build
directory to understand its functionality. To enhance usability, we will
enable the help feature for the host build. The host environment can
accommodate the 3% increase in binary size for the added convenience.
On Ubuntu 22.04, x86_64 platform, the apk size increases by 17,816 bytes
(from 594,144 to 611,960 bytes), a 2.99% increase. This is a reasonable
trade-off for improved ergonomics.
Additionally fix the Lua host build dependency as apk-tools uses during
the build Lua to convert SCDOC manpages to apk-tools help messages.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Limit CONFIG_IPK_FILES_CHECKSUMS config to OPKG as APK have different
way to validate package integrity (apk audit)
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
For APK installation we don't have /usr/lib/opkg/info and user fixup are
handled dirrectly. Skip the script in such case.
Also remove this uci-defaults if we have CONFIG_USE_APK enabled.
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Don't install /usr/lib/opkg/info in package install as it doesn't make
sense and conflicts with APK installations.
Fixes: a377aa9ab5 ("add dropkey ssh keys and config files to the conffiles section (#2014)")
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
For non-overlay configuration we need checksum for config file that
weren't modified by the user. For OPKG in sysupgrade we check the status
file for the Conffiles: entry of every package. this entry contains
checksum for every static file that the package contains.
Provide the same info for APK by creating a conffiles_static file and
parse this file on sysupgrade for non-overlay configurations.
This is also used by the sysupgrade -u option to exclude non-changed
files from the final backup.
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Currently the build with USE_APK=y fails in package/libs/toolchain:
staging_dir/host/bin/fakeroot: line 182: staging_dir/host/bin/apk: No such file or directory
make[2]: *** [Makefile:758: bin/targets/mediatek/filogic/packages/libgcc1-13.2.0-r4.apk] Error 127
as commit d788ab376f ("build: add APK package build capabilities") added
dependency on apk in packaging step, but there is no host build
dependency defined, thus apk binary is missing when libgcc1 apk package is being
created. So lets fix it by adding explicit apk/host dependency to all
targets in the subdirectories.
Fixes: d788ab376f ("build: add APK package build capabilities")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[ rework logic to be more self contained ]
Link: https://github.com/openwrt/openwrt/pull/15543
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Since musl 1.2.5 update yafut would throw a warning about implicit
declaration of basename() but would still somehow compile.
However, trying to use it on a device will cause it to instantly
Segmentation fault.
So, to fix this lets update to the current upstream repository version
that has removed the use of basename() completely.
Link: https://github.com/openwrt/openwrt/pull/15685
Signed-off-by: Robert Marko <robimarko@gmail.com>
Select DRIVER_11AX_SUPPORT and KERNEL_RELAY also for kmod-mt7996 to
prevent build failure if only this driver is selected during build and
end up with (most) required hostap features (IEEE 802.11be rates are not
yet supported).
Reported-by: Arınç ÜNAL <arinc.unal@arinc9.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The 'kmod-stmmac-core' package is referenced by the following packages:
* kmod-dwmac-intel
* kmod-dwmac-imx
* kmod-dwmac-sun8i
The problem is that 'kmod-of-mdio' is not selectable for 'TARGET_x86'.
That means the package 'kmod-dwmac-intel' is not available on this
architecture and so the package 'kmod-dwmac-intel' could not be enabled.
To fix this remove the dependencies 'kmod-of-mdio' from 'kmod-stmmac-core'.
This is not needed on this level, because the modules 'kmod-of-mdio' is
already selected by the packages 'kmod-dwmac-imx' and 'kmod-dwmac-sun8i'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [04-Jun-2024]
* Fixed potential use after free after SSL_free_buffers() is called.
[CVE-2024-4741]
* Fixed checking excessively long DSA keys or parameters may be very slow.
[CVE-2024-4603]
* Fixed an issue where some non-default TLS server configurations can cause
unbounded memory growth when processing TLSv1.3 sessions. An attacker may
exploit certain server configurations to trigger unbounded memory growth that
would lead to a Denial of Service. [CVE-2024-2511]
* New atexit configuration switch, which controls whether the OPENSSL_cleanup
is registered when libcrypto is unloaded. This can be used on platforms
where using atexit() from shared libraries causes crashes on exit
Signed-off-by: John Audia <therealgraysky@proton.me>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne
This adds some compile fixes for linux 6.6 compatibility.
class_create now require only the name instead of the module ownership
reference.
Also the kernel enabled checks for enum.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
This adds some compile fixes for linux 6.6 compatibility.
class_create now require only the name instead of the module ownership
reference.
Also the kernel enabled checks for enum.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
struct u128 and u128_xor() was removed by upstream commit f413e724818c
("cyrpto/b128ops: Remove struct u128").
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
This fixes some compile warnings for linux 6.6.
Flushing system-wide workqueues is dangerous and will be forbidden.
Replace system_wq with local vectoring_wq.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Update to the latest upstream release to include recent improvements and
bugfixes, and simplify use of PKG_SOURCE_VERSION.
Link: https://github.com/libbpf/libbpf/releases/tag/v1.4.3
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Add two patches to fix compile errors being repeatedly seen on OpenWrt CI.
The first is an upstream backport to fix this i386-related error:
x86_64-openwrt-linux-musl-gcc -mcmodel=large -I./purgatory/include
-I./purgatory/arch/x86_64/include -I./util_lib/include -I./include -Iinclude
-I/builder/shared-workdir/build/sdk/staging_dir/toolchain-x86_64_gcc-13.3.0_musl/lib/gcc/x86_64-openwrt-linux-musl/13.3.0/include
-c -MD -o purgatory/arch/i386/entry32-16.o purgatory/arch/i386/entry32-16.S
purgatory/arch/i386/entry32-16.S: Assembler messages:
purgatory/arch/i386/entry32-16.S:23: Error: 64bit mode not supported on `i386'.
The second addresses an error using basename() on musl libc:
kexec/arch/i386/x86-linux-setup.c: In function 'add_edd_entry':
kexec/arch/i386/x86-linux-setup.c:332:20: warning: implicit declaration of function 'basename' [-Wimplicit-function-declaration]
332 | if (sscanf(basename(sysfs_name), "int13_dev%hhx", &devnum) != 1) {
| ^~~~~~~~
kexec/arch/i386/x86-linux-setup.c:332:20: warning: passing argument 1 of 'sscanf' makes pointer from integer without a cast [-Wint-conversion]
332 | if (sscanf(basename(sysfs_name), "int13_dev%hhx", &devnum) != 1) {
| ^~~~~~~~~~~~~~~~~~~~
| |
| int
...
Fixes: #14621
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
This reverts commit 17d8c5825e.
This commit is breaking init somehow, even the hostname is not set,
so until its fixed, revert it.
Signed-off-by: Robert Marko <robimarko@gmail.com>
When running unit tests this causes trouble since `/lib/config/uci.sh`
isn't available in those cases. Instead exit with a clean status fo the
unit test framework don't wrongly interpret things as an error.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The gpio is actually low active, fix it.
Fixes: 40e7fab9e4 ("mediatek: add Nokia EA0326GMP support")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
Link: https://github.com/openwrt/openwrt/pull/15651
Signed-off-by: Robert Marko <robimarko@gmail.com>