Commit Graph

54266 Commits

Author SHA1 Message Date
Hauke Mehrtens
12acecd114 OpenWrt v22.03.2: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-15 14:46:15 +02:00
Hauke Mehrtens
ea845f76ea OpenWrt v22.03.2: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-15 14:45:57 +02:00
Jo-Philipp Wich
9a599fee93 firewall4: update to latest Git HEAD
4fbf6d7 ruleset.uc: log forwarded traffic not matched by zone policies
c7201a3 main.uc: reintroduce set reload restriction
756f1e2 ruleset: fix emitting set_mark/set_xmark rules with masks
3db4741 ruleset: properly handle zone names starting with a digit
43d8ef5 fw4: fix formatting of default log prefix
592ba45 main.uc: remove uneeded/wrong set reload restrictions
b0a6bff tests: fix testcases
145e159 fw4: recognize `option log` and `option counter` in `config nat` sections
ce050a8 fw4: fall back to device if l3_device is not available in ifstatus

Fixes: #10639, #10965
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit fdfa9d8f7469626d2dc8e4b46a6ad56a3b27c16b)
2022-10-15 00:44:41 +02:00
Jo-Philipp Wich
30de1b5031 ucode: update to latest Git HEAD
4ae7072 fs: use `getline()` for line wise read operations
21ace5e lexer: fixes for regex literal parsing
00965fa lib: implement slice() function
76d396d main: implement print mode
7bbba78 compiler: optimize function return opcode generation
a45f2a3 lexer: improve regex literal handling
d64d5d6 vm: maintain export symbol tables per program
f4b4ded uloop: task: gracefully handle absent output callback
a58fe47 ubus: hold reference to underlying connection until deferred is concluded
e23b58a lib: uc_system(): retry waitpid() on EINTR
cc4eb79 ubus: support obtaining numeric error code
01c412c ubus: add toplevel constants for ubus status codes
8e240fa ubus: allow object method call handlers to return a numeric status code
5cdddd3 lib: add limit support to split() and replace()
0ba9c3e fs: add optional third permission argument to fs.open()
c1f7b3b lib: remove fixed capture group limit in match() and regex replace()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commits 639754e36d
 and 5110dcb1fa)
2022-10-15 00:43:22 +02:00
Jo-Philipp Wich
fa4ec03993 rpcd: update to latest Git HEAD
8c852b6 ucode: write ucode runtime exceptions to stderr
e80d0b2 ucode: pass-through `ubus_rpc_session` argument
0d02243 ucode: initialize module search path early

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commits 94129cbefb
 and db17c75271)
2022-10-15 00:42:05 +02:00
Matthias Schiffer
a7fb589e8a image: always rebuild kernel loaders
Kernel loaders like the lzma-loader currently don't track changes to
their sources. This can lead to an old version of a loader to be used
when a build tree is not clean between builds.

As the loaders are tiny and the build times are insignificant, simply
force rebuilding them on every build to avoid this problem.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit a01d23e755)
2022-10-14 23:15:30 +02:00
Matthias Schiffer
5db6914f7c mpc85xx: p1010: make TP-Link WDR4900 v1 build again
Add the spi-loader as a pre-kernel stage, so we can lift the kernel size
limit.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 2fa53c9214)
2022-10-14 23:15:20 +02:00
Matthias Schiffer
f7a43e4606 mpc85xx: add SPI kernel loader for TP-Link TL-WDR4900 v1
Similar to the lzma-loader on our MIPS targets, the spi-loader acts as
a second-stage loader that will then load and start the actual kernel.
As the TL-WDR4900 uses SPI-NOR and the P1010 family does not have support
for memory mapping of this type of flash, this loader needs to contain a
basic driver for the FSL ESPI controller.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit a296055b82)
2022-10-14 23:15:12 +02:00
David Bauer
c1fcca50ba ramips: fix ZyXEL NWA55AXE model name
The model name was missing a letter.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 9c8605dee2)
2022-10-14 23:14:50 +02:00
David Bauer
2050bc4f64 ramips: add support for ZyXEL NWA50AX / NWA55AXE
Hardware
--------
CPU:    Mediatek MT7621
RAM:    256M DDR3
FLASH:  128M NAND
ETH:    1x Gigabit Ethernet
WiFi:   Mediatek MT7915 (2.4/5GHz 802.11ax 2x2 DBDC)
BTN:    1x Reset (NWA50AX only)
LED:    1x Multi-Color (NWA50AX only)

UART Console
------------
NWA50AX:
Available below the rubber cover next to the ethernet port.
NWA55AXE:
Available on the board when disassembling the device.

Settings: 115200 8N1

Layout:

<12V> <LAN> GND-RX-TX-VCC

Logic-Level is 3V3. Don't connect VCC to your UART adapter!

Installation Web-UI
-------------------
Upload the Factory image using the devices Web-Interface.

As the device uses a dual-image partition layout, OpenWrt can only
installed on Slot A. This requires the current active image prior
flashing the device to be on Slot B.

If the currently installed image is started from Slot A, the device will
flash OpenWrt to Slot B. OpenWrt will panic upon first boot in this case
and the device will return to the ZyXEL firmware upon next boot.

If this happens, first install a ZyXEL firmware upgrade of any version
and install OpenWrt after that.

Installation TFTP
-----------------
This installation routine is especially useful in case
 * unknown device password (NWA55AXE lacks reset button)
 * bricked device

Attach to the UART console header of the device. Interrupt the boot
procedure by pressing Enter.

The bootloader has a reduced command-set available from CLI, but more
commands can be executed by abusing the atns command.

Boot a OpenWrt initramfs image available on a TFTP server at
192.168.1.66. Rename the image to owrt.bin

 $ atnf owrt.bin
 $ atna 192.168.1.88
 $ atns "192.168.1.66; tftpboot; bootm"

Upon booting, set the booted image to the correct slot:

 $ zyxel-bootconfig /dev/mtd10 get-status
 $ zyxel-bootconfig /dev/mtd10 set-image-status 0 valid
 $ zyxel-bootconfig /dev/mtd10 set-active-image 0

Copy the OpenWrt ramboot-factory image to the device using scp.
Write the factory image to NAND and reboot the device.

 $ mtd write ramboot-factory.bin firmware
 $ reboot

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit a0b7fef0ff)
2022-10-14 23:14:50 +02:00
Uwe Kleine-König
bc8e24c654
busybox: nslookup: ensure unique transaction IDs for the DNS queries
On machines with a coarse monotonic clock (here: TP-Link RE200 powered
by a MediaTek MT7620A) it can happen that the two DNS requests (for A
and AAAA) share the same transaction ID. If this happens the second
reply is wrongly dropped and nslookup reports "No answer".

Fix this by ensuring that the transaction IDs are unique.

Signed-off-by: Uwe Kleine-König <uwe@kleine-koenig.org>
(cherry picked from commit 63e5ba8e69)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-10-14 21:10:54 +02:00
Felix Fietkau
f1de43d0a0 mac80211: backport security fixes
This mainly affects scanning and beacon parsing, especially with MBSSID enabled

Fixes: CVE-2022-41674
Fixes: CVE-2022-42719
Fixes: CVE-2022-42720
Fixes: CVE-2022-42721
Fixes: CVE-2022-42722
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 26f400210d)
2022-10-13 15:10:56 +02:00
Koen Vandeputte
a077c6da98 mac80211: merge upstream fixes
fetched from upstream kernel v5.15.67

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry-picked from commit aa9be386d4)
2022-10-13 15:09:12 +02:00
Felix Fietkau
b6487c3ccc ramips: skip bbt scan on mt7621
reduces unnecessary flash reads and speeds up boot time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 55e8d52157)
2022-10-10 18:14:30 +02:00
Felix Fietkau
33457ebf0b ramips: enable support for mtk_bmt in the nand flash driver
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 4947623d6c)
2022-10-10 18:14:26 +02:00
Felix Fietkau
cc8326443d ramips: mt7621_nand: initialize ECC_FDMADDR
This is needed for the ECC controller to access FDM data

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 73b2a4ca03)
2022-10-10 18:14:22 +02:00
Stijn Tintel
1918404b1d ramips: mt7621_nand: reduce log verbosity
Avoid flooding the log with the message below by increasing the log
level to debug:

  mt7621-nand 1e003000.nand: Using programmed access timing: 31c07388

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry-picked from commit 89c1959251)
2022-10-10 18:14:18 +02:00
Stijn Tintel
07ea71c7b7 ramips: move mt7621_nand driver to files
The patch was rejected by upstream. The mtk_nand driver should be
modified to support the mt7621 flash controller instead. As there is no
newer version to backport, or no upstream version to fix bugs, let's
move the driver to the files dir under the ramips target. This makes it
easier to make changes to the driver while waiting for mt7621 support to
land in mtk_nand.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry-picked from commit 2f2e81a4ea)
2022-10-10 18:14:14 +02:00
Felix Fietkau
fb31038e1f kernel: mtdsplit: support UBI after FIT images
Change the partition name accordingly. Same behavior as mtdsplit_uimage

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 62fd9f9709)
2022-10-10 14:32:28 +02:00
Chuanhong Guo
329b1543f3 kernel: mtk_bmt: skip bitflip check if threshold isn't set
kernel spi-nand driver leaves this field empty and let mtd set it later.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry-picked from commit 6fa50e26e7)
2022-10-10 12:58:41 +02:00
Felix Fietkau
42c8610efc kernel: mtk_bmt: add debugfs file to attempt repair of remapped sectors
This can be used for sectors that are not physically damaged

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2a8a333ee9)
2022-10-10 12:58:36 +02:00
Felix Fietkau
bb5d415b19 kernel: add support for mediatek NMBM flash mapping support
This NAND flash remapping method is used on newer MediaTek devices with NAND
flash.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 06382d1af7)
2022-10-10 12:58:29 +02:00
Felix Fietkau
737ee934d2 kernel: mtk_bmt: on error, do not attempt to remap out-of-range blocks
Pass errors to caller instead

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit be1f2b4d9d)
2022-10-10 12:58:25 +02:00
Felix Fietkau
a78fd5bbb6 kernel: mtk_bmt: fix block copying on remap with bmt v2
Copy from the previously mapped block (in case it was remapped already)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 7d1e2be160)
2022-10-10 12:58:22 +02:00
Felix Fietkau
0c21f06ef7 kernel: mtk_bmt: allow get_mapping_block to return an error
Used by the mapping implementation to indicate that no backing block is
available

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit b4c7f8c5f7)
2022-10-10 12:58:18 +02:00
Felix Fietkau
a2ce32579f kernel: split up mtk_bmt driver code
Keep a separate source file per variant

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 601c7b4adb)
2022-10-10 12:58:14 +02:00
Hauke Mehrtens
c2d55b73d9 OpenWrt v22.03.1: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-09 19:32:23 +02:00
Hauke Mehrtens
eca6fc6ea0 OpenWrt v22.03.1: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2022-10-09 19:32:19 +02:00
Tom Herbers
2853b6d652 ath79: fix model name of Extreme Networks WS-AP3805i
Everywhere else the device is referred to as WS-AP3805i,
only the model name wrongly only said AP3805i.

Signed-off-by: Tom Herbers <mail@tomherbers.de>
(cherry picked from commit 7d6032f310)
2022-10-08 01:34:56 +02:00
Nick Hainke
f579b8538b ath79: add low_mem to tiny image
Devices with SMALL_FLASH enabled have "SQUASHFS_BLOCK_SIZE=1024" in
their config. This significantly increases the cache memory required by
squashfs [0]. This commit enables low_mem leading to a much better
performance because the SQUASHFS_BLOCK_SIZE is reduced to 256.

Example Nanostation M5 (XM):
The image size increases by 128 KiB. However, the memory statisitcs look
much better:

Default tiny build:
------
MemTotal:          26020 kB
MemFree:            5648 kB
MemAvailable:       6112 kB
Buffers:               0 kB
Cached:             3044 kB

low_mem enabled:
-----
MemTotal:          26976 kB
MemFree:            6748 kB
MemAvailable:      11504 kB
Buffers:               0 kB
Cached:             7204 kB

[0] - 7e8af99cf5

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit f54ac98f8c)
2022-10-05 21:50:01 +02:00
Nick Hainke
4b5bd15091 ath79: move ubnt-xm to tiny
ath79 has was bumped to 5.10. With this, as with every kernel change,
the kernel has become larger. However, although the kernel gets bigger,
there are still enough flash resources. But the RAM reaches its capacity
limits. The tiny image comes with fewer kernel flags enabled and
fewer daemons.

Improves: 15aa53d7ee ("ath79: switch to Kernel 5.10")

Tested-by: Robert Foss <me@robertfoss.se>
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit f4415f7635)
2022-10-05 21:50:01 +02:00
Rafał Miłecki
977f6f36a0 kernel: fix possible mtd NULL pointer dereference
Fixes: cae4d089bc ("kernel: backport mtd dynamic partition patch")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a5265497a4)
2022-10-04 12:43:01 +02:00
Petr Štetiar
562894b39d treewide: fix security issues by bumping all packages using libwolfssl
As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542ec ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f1b7e1434f)
2022-10-04 10:11:08 +02:00
Petr Štetiar
ce59843662 wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ec8fb542ec)
2022-10-04 10:11:08 +02:00
Petr Štetiar
3d2be75b0c wolfssl: refresh patches
So they're tidy and apply cleanly.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8ad9a72cbe)
2022-10-04 10:11:08 +02:00
Ivan Pavlov
0c8425bf11 wolfssl: bump to 5.5.0
Remove upstreamed: 101-update-sp_rand_prime-s-preprocessor-gating-to-match.patch

Some low severity vulnerabilities fixed
OpenVPN compatibility fixed (broken in 5.4.0)
Other fixes && improvements

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 3d88f26d74)
2022-10-04 10:11:08 +02:00
John Audia
2c49ad36fb kernel: bump 5.10 to 5.10.146
All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit eed0a31b90)
2022-10-04 00:03:27 +02:00
John Audia
f04515e7bd kernel: bump 5.10 to 5.10.145
Manually rebased:
  hack-5.10/780-usb-net-MeigLink_modem_support.patch

Removed upstreamed:
  patches-5.10/110-gpio-mpc8xxx-Fix-support-for-IRQ_TYPE_LEVEL_LOW-flow.patch[1]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.145&id=24196210b198e8e39296e277bb93b362aa207775

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 8fe67fae1d)
2022-10-04 00:03:27 +02:00
John Audia
a91f391b59 kernel: bump 5.10 to 5.10.144
All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit eff4f8b2f0)
2022-10-04 00:03:27 +02:00
Matthias Schiffer
25747a4c04 ramips: fix switch setup for ASUS RT-AX53U
The device has only 1 WAN + 3 LAN ports. Remove "lan4" interface
corresponding to the non-existing port.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 149fc3a269)
2022-10-03 19:51:50 +02:00
Josef Schlehofer
23d23038dd uboot-mvebu: backport LibreSSL patches for older version of LibreSSL
If you would like to compile the newest version of U-boot together with the stable
OpenWrt version, which does not have LibreSSL >= 3.5, which was updated
in the master branch by commit 5451b03b7c
("tools/libressl: bump to v3.5.3"), then you need these two patches to
fix it. They are backported from U-boot repository.

This should be backported to stable OpenWrt versions.

Reported-by: Michal Vasilek <michal.vasilek@nic.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 185541f50f)
2022-10-03 19:51:50 +02:00
Josef Schlehofer
1ff2993edb uboot-mvebu: backport patch to fix compilation on non glibc system
This issue was reported by @paper42, who is using Void Linux with musl
to compile OpenWrt and its packages and found out it is not possible to
compile U-boot for Turris Omnia (neither any other).

It fixes following output:
```
  HOSTCC  tools/kwboot
tools/kwboot.c: In function 'kwboot_tty_change_baudrate':
tools/kwboot.c:662:6: error: 'struct termios' has no member named 'c_ospeed'
  662 |   tio.c_ospeed = tio.c_ispeed = baudrate;
      |      ^
tools/kwboot.c:662:21: error: 'struct termios' has no member named 'c_ispeed'
  662 |   tio.c_ospeed = tio.c_ispeed = baudrate;
      |                     ^
tools/kwboot.c:690:31: error: 'struct termios' has no member named 'c_ospeed'
  690 |  if (!_is_within_tolerance(tio.c_ospeed, baudrate, 3))
      |                               ^
tools/kwboot.c:693:31: error: 'struct termios' has no member named 'c_ispeed'
  693 |  if (!_is_within_tolerance(tio.c_ispeed, baudrate, 3))
      |
```

Tested-by: Michal Vasilek <michal.vasilek@nic.cz>
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 9c7472950b)
2022-10-03 19:51:50 +02:00
Mark King
d30ddfbac4 ramips: enable LZMA loader to fix Linksys RE6500 boot
At some point after 21.02.3 and before 22.03.0, the size limits of the
Linksys RE6500 were reached and prevent booting from the 22.03.0 release
or builds of current SNAPSHOT. This patch allows builds of master to boot
again and has been tested on my device.

Fixes: #8577

Signed-off-by: Mark King <mark@vemek.co>
(cherry picked from commit bf5b1a53d4)
2022-10-03 19:51:50 +02:00
Rosen Penev
ed905fce58 tools/meson: backport WSL2 fix
For some reason, Microsoft's Plan9 driver returns IOError on missing
file.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 875e17774b)
2022-10-03 19:51:50 +02:00
Christian Lamparter
e5ab159fbf firmware: intel-microcode: update to 20220809
Debian's changelog by Henrique de Moraes Holschuh <hmh@debian.org>:

  * New upstream microcode datafile 20220809
    * Fixes INTEL-SA-00657, CVE-2022-21233
      Stale data from APIC leaks SGX memory (AEPIC leak)
    * Fixes unspecified errata (functional issues) on Xeon Scalable
    * Updated Microcodes:
      sig 0x00050653, pf_mask 0x97, 2022-03-14, rev 0x100015e, size 34816
      sig 0x00050654, pf_mask 0xb7, 2022-03-08, rev 0x2006e05, size 44032
      sig 0x000606a6, pf_mask 0x87, 2022-04-07, rev 0xd000375, size 293888
      sig 0x000706a1, pf_mask 0x01, 2022-03-23, rev 0x003c, size 75776
      sig 0x000706a8, pf_mask 0x01, 2022-03-23, rev 0x0020, size 75776
      sig 0x000706e5, pf_mask 0x80, 2022-03-17, rev 0x00b2, size 112640
      sig 0x000806c2, pf_mask 0xc2, 2022-03-19, rev 0x0028, size 97280
      sig 0x000806d1, pf_mask 0xc2, 2022-03-28, rev 0x0040, size 102400
      sig 0x00090672, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x00090675, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x000906a3, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
      sig 0x000906a4, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
      sig 0x000a0671, pf_mask 0x02, 2022-03-17, rev 0x0054, size 103424
      sig 0x000b06f2, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x000b06f5, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit bb73828b89)
2022-10-03 19:51:50 +02:00
Hauke Mehrtens
938ae92675 toolchain: Include ./include/fortify for external musl toolchain
When building with an external toolcahin with musl also include
./include/fortify by default. This is also done when we build with the
internal toolchain using musl libc.

Without this extra include the fortify source feature is not working
when using an external musl toolchain. All binaries were compiled
without fortify source when an external musl toolchain was used. All
binaries release done by the OpenWrt project use the internal toolcahin
where fortify source is working.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b21ddbfa18)
2022-10-03 19:51:50 +02:00
Hauke Mehrtens
8f72f5e4c0 toolchain: Select USE_SSTRIP with external musl toolchain
When we use the internal toolchain USE_SSTRIP will be selected by
default for musl libc and USE_STRIP when glibc is used. Do the same when
an external toolchain is used. USE_GLIBC will also be set for external
toolchain builds based on the EXTERNAL_TOOLCHAIN_LIBC_USE_GLIBC setting.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9403810c02)
2022-10-03 19:51:49 +02:00
Christian Marangi
4ad6925a9e scripts: ext-toolchain: add support for musl
Openwrt now supports only glibc and musl. Add support for musl and
rework the libc check to handle the new config flags and correctly
compile package basend on that.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 7be01fe13b)
2022-10-03 17:40:26 +02:00
Christian Marangi
65bd632069 scripts: ext-toolchain: add support for info.mk in probe_cc
Openwrt generate info.mk that contains the libc type. For probe_cc check
if the file exist and parse directly it for LIBC type.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 75311977f5)
2022-10-03 17:40:26 +02:00
Christian Marangi
b0622d1221 scripts: ext-toolchain: actually probe libc type on config generation
Currently we never call probe_cc before config generation, this cause
the script to never actually detect the correct libc type.
Call probe_cc before config generation to correctl set the .config file.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ddeabc75eb)
2022-10-03 17:40:26 +02:00