Commit Graph

51311 Commits

Author SHA1 Message Date
Paul Spooren
491b784141 build: generate index.json
The index.json file lies next to Packages index files and contains a
json dict with the package architecture and a dict of package names and
versions.

This can be used for downstream project to know what packages in which
versions are available.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 218ce40cd7)
2023-05-11 13:15:02 +02:00
Hauke Mehrtens
6a12ecbd6d OpenWrt v21.02.7: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-27 23:08:19 +02:00
Hauke Mehrtens
57a6d97ddf OpenWrt v21.02.7: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-04-27 23:08:10 +02:00
Eneas U de Queiroz
f8282da11e
openssl: fix CVE-2023-464 and CVE-2023-465
Apply two patches fixing low-severity vulnerabilities related to
certificate policies validation:

- Excessive Resource Usage Verifying X.509 Policy Constraints
  (CVE-2023-0464)
  Severity: Low
  A security vulnerability has been identified in all supported versions
  of OpenSSL related to the verification of X.509 certificate chains
  that include policy constraints.  Attackers may be able to exploit
  this vulnerability by creating a malicious certificate chain that
  triggers exponential use of computational resources, leading to a
  denial-of-service (DoS) attack on affected systems.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

- Invalid certificate policies in leaf certificates are silently ignored
  (CVE-2023-0465)
  Severity: Low
  Applications that use a non-default option when verifying certificates
  may be vulnerable to an attack from a malicious CA to circumvent
  certain checks.
  Invalid certificate policies in leaf certificates are silently ignored
  by OpenSSL and other certificate policy checks are skipped for that
  certificate.  A malicious CA could use this to deliberately assert
  invalid certificate policies in order to circumvent policy checking on
  the certificate altogether.
  Policy processing is disabled by default but can be enabled by passing
  the `-policy' argument to the command line utilities or by calling the
  `X509_VERIFY_PARAM_set1_policies()' function.

Note: OpenSSL also released a fix for low-severity security advisory
CVE-2023-466.  It is not included here because the fix only changes the
documentation, which is not built nor included in any OpenWrt package.

Due to the low-severity of these issues, there will be not be an
immediate new release of OpenSSL.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-17 10:15:36 -03:00
Daniel Golle
34d2883b9d kernel: backport fix for recently introduced UBI bug
Import commit "ubi: Fix failure attaching when vid_hdr offset equals to
(sub)page size" which did not yet make it to stable upstream Linux trees.

Fixes: #12232
Fixes: #12339
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit aad34818b5)
2023-04-15 03:34:22 +01:00
Matthias Schiffer
e63b8443ab
uclient: update to Git version 2023-04-13
007d94546749 uclient: cancel state change timeout in uclient_disconnect()
644d3c7e13c6 ci: improve wolfSSL test coverage
dc54d2b544a1 tests: add certificate check against letsencrypt.org

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 4f1c2e8dee)
2023-04-13 20:55:09 +02:00
Daniel Golle
f6a41570a5 OpenWrt v21.02.6: revert to branch defaults
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-09 23:38:42 +01:00
Daniel Golle
9f213a85e2 OpenWrt v21.02.6: adjust config defaults
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-04-09 23:38:36 +01:00
Paul Spooren
bc99ce5b22 imagebuilder: allow to specific ROOTFS_PARTSIZE
Setting this options modifies the rootfs size of created images. When
installing a large number of packages it may become necessary to
increase the size to have enough storage.

This option is only useful for supported devices, i.e. with an attached
SD Card or installed on a hard drive.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 7b7edd25a5)
2023-04-09 14:28:16 +02:00
Felix Fietkau
cbe73ea33d kernel: remove obsolete netfilter tcp window size check bypass patch
On any currently supported hardware, the performance impact should not
matter anymore.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 75e78bcaab)
2023-03-30 14:18:04 +02:00
Felix Fietkau
32621086c3 mac80211, mt76: add fixes for recently discovered security issues
Fixes CVE-2022-47522

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d54c91bd9a)
2023-03-30 12:24:52 +02:00
Daniel González Cabanelas
2541ca616d ipq40xx: Linksys MR8300: fix the USB port power
The USB port on the MR8300 randomly fails to feed bus-powered devices.

This is caused by a misconfigured pinmux. The GPIO68 should be used to
enable the USB power (active low), but it's inside the NAND pinmux.

This GPIO pin was found in the original firmware at a startup script in
both MR8300 and EA8300. Therefore apply the fix for both boards.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit ed64c33235)
Signed-off-by: Steffen Scheib <steffen@scheib.me>
2023-03-29 22:19:27 +02:00
Hauke Mehrtens
5e69c097f7 kernel: bump 5.4 to 5.4.238
Compile-tested: armvirt/64, lantiq/xrx200
Run-tested: armvirt/64, lantiq/xrx200

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-29 16:31:21 +02:00
Mathias Kresin
8e12360fcf lantiq: ltq-tapi: add kernel 5.10 compatiblity
Due to SCHED_FIFO being a broken scheduler model, all users of
sched_setscheduler() are converted to sched_set_fifo_low() upstream and
sched_setscheduler() is no longer exported.

The callback handling of the tasklet API was redesigned and the macros
using the old syntax renamed to _OLD.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit 31f3f79700)
[Add DECLARE_TASKLET handling for kernel 5.4.235 too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-29 16:31:21 +02:00
Mathias Kresin
3d93d2cea5 ltq-atm/ltq-ptm: add kernel 5.10 compatiblity
The callback handling of the tasklet API was redesigned and the macros
using the old syntax renamed to _OLD.

The stuck queue is now passed to ndo_tx_timeout callback but not used so
far.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit 804c541446)
[Add DECLARE_TASKLET handling for kernel 5.4.235 too]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-27 18:42:28 +02:00
John Audia
a4f065a646 kernel: tcindex classifier has been retired
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.4.235&id=7a6fb69bbcb21e9ce13bdf18c008c268874f0480

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit fbfec3286e)
2023-03-27 18:42:28 +02:00
Hauke Mehrtens
122e0c7fed kernel: bump 5.4 to 5.4.234
Compile-tested: armvirt/64, lantiq/xrx200
Run-tested: armvirt/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-03-27 18:42:03 +02:00
Rafał Miłecki
c874aa40c2 bcm4908: include usbport trigger
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cb2661844a)
2023-03-27 09:36:04 +02:00
Rafał Miłecki
13bd05efd7 bcm4908: backport v6.4 pending DTS changes
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ffaabee9b8)
2023-03-27 09:36:01 +02:00
Christian Lamparter
23c86d44bc ca-certificates: fix python3-cryptography woes in certdata2pem.py
This patch is a revert of the upstream patch to Debian's ca-certificate
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")

The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.

|Traceback (most recent call last):
|  File "certdata2pem.py", line 125, in <module>
|    cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1

...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
|  File "/certdata2pem.py", line 31, in <module>
|    from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'

More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."

Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 25bc66eb40)
2023-03-04 13:09:12 +01:00
Christian Lamparter
f67f60b809 ca-certicficates: Update to version 20211016
Update the ca-certificates and ca-bundle package from version 20210119 to
version 20211016.

Debian change-log entry [1]:
|[...]
|[ Julien Cristau ]
|* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
|    bundle to version 2.50
|    The following certificate authorities were added (+):
|    + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
|    + "GlobalSign Root R46"
|    + "GlobalSign Root E46"
|    + "GLOBALTRUST 2020"
|    + "ANF Secure Server Root CA"
|    + "Certum EC-384 CA"
|    + "Certum Trusted Root CA"
|    The following certificate authorities were removed (-):
|    - "QuoVadis Root CA"
|    - "Sonera Class 2 Root CA"
|    - "GeoTrust Primary Certification Authority - G2"
|    - "VeriSign Universal Root Certification Authority"
|    - "Chambers of Commerce Root - 2008"
|    - "Global Chambersign Root - 2008"
|    - "Trustis FPS Root CA"
|    - "Staat der Nederlanden Root CA - G3"
|  * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
|[...]

[1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7c99085bd6)
2023-03-04 13:09:12 +01:00
Rafał Miłecki
f86f8e5684 kernel: support "linux,default-trigger" in leds-bcm63138
This driver is backported from the v6.0 which deals with
"linux,default-trigger" in leds core. For kernel 5.4 we need
leds-bcm63138 to read trigger on its own.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-03-01 08:54:33 +01:00
Hauke Mehrtens
8d995b3bd7 mac80211: Update to version 5.10.168-1
This update mac80211 to version 5.10.168-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-02-18 19:22:17 +01:00
Hauke Mehrtens
23ad680a34 kernel: bump 5.4 to 5.4.231
Compile-tested: x86/64
Run-tested: x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-02-18 19:18:13 +01:00
John Audia
dbbf5c2a1d openssl: bump to 1.1.1t
Changes between 1.1.1s and 1.1.1t [7 Feb 2023]

  *) Fixed X.400 address type confusion in X.509 GeneralName.

     There is a type confusion vulnerability relating to X.400 address processing
     inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
     but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
     vulnerability may allow an attacker who can provide a certificate chain and
     CRL (neither of which need have a valid signature) to pass arbitrary
     pointers to a memcmp call, creating a possible read primitive, subject to
     some constraints. Refer to the advisory for more information. Thanks to
     David Benjamin for discovering this issue. (CVE-2023-0286)

     This issue has been fixed by changing the public header file definition of
     GENERAL_NAME so that x400Address reflects the implementation. It was not
     possible for any existing application to successfully use the existing
     definition; however, if any application references the x400Address field
     (e.g. in dead code), note that the type of this field has changed. There is
     no ABI change.
     [Hugo Landau]

  *) Fixed Use-after-free following BIO_new_NDEF.

     The public API function BIO_new_NDEF is a helper function used for
     streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
     to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
     be called directly by end user applications.

     The function receives a BIO from the caller, prepends a new BIO_f_asn1
     filter BIO onto the front of it to form a BIO chain, and then returns
     the new head of the BIO chain to the caller. Under certain conditions,
     for example if a CMS recipient public key is invalid, the new filter BIO
     is freed and the function returns a NULL result indicating a failure.
     However, in this case, the BIO chain is not properly cleaned up and the
     BIO passed by the caller still retains internal pointers to the previously
     freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
     then a use-after-free will occur. This will most likely result in a crash.
     (CVE-2023-0215)
     [Viktor Dukhovni, Matt Caswell]

  *) Fixed Double free after calling PEM_read_bio_ex.

     The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
     decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
     data. If the function succeeds then the "name_out", "header" and "data"
     arguments are populated with pointers to buffers containing the relevant
     decoded data. The caller is responsible for freeing those buffers. It is
     possible to construct a PEM file that results in 0 bytes of payload data.
     In this case PEM_read_bio_ex() will return a failure code but will populate
     the header argument with a pointer to a buffer that has already been freed.
     If the caller also frees this buffer then a double free will occur. This
     will most likely lead to a crash.

     The functions PEM_read_bio() and PEM_read() are simple wrappers around
     PEM_read_bio_ex() and therefore these functions are also directly affected.

     These functions are also called indirectly by a number of other OpenSSL
     functions including PEM_X509_INFO_read_bio_ex() and
     SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
     internal uses of these functions are not vulnerable because the caller does
     not free the header argument if PEM_read_bio_ex() returns a failure code.
     (CVE-2022-4450)
     [Kurt Roeckx, Matt Caswell]

  *) Fixed Timing Oracle in RSA Decryption.

     A timing based side channel exists in the OpenSSL RSA Decryption
     implementation which could be sufficient to recover a plaintext across
     a network in a Bleichenbacher style attack. To achieve a successful
     decryption an attacker would have to be able to send a very large number
     of trial messages for decryption. The vulnerability affects all RSA padding
     modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
     (CVE-2022-4304)
     [Dmitry Belyavsky, Hubert Kario]

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 4ae86b3358)

The original commit removed the upstreamed patch 010-padlock.patch, but
it's not on OpenWrt 21.02, so it doesn't have to be removed.

Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
2023-02-18 16:16:44 +01:00
Josef Schlehofer
e8896779da sunxi: fix wifi connection for Banana Pi M2 Berry
fixes the problem that the banana pi m2 berry cannot connect to wifi and cannot be used as an access point

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit ff2bb16730)
Signed-off-by: LizenzFass78851 <82592556+LizenzFass78851@users.noreply.github.com>
2023-02-17 19:32:16 +01:00
Martin Kennedy
0d4a0250df mpc85xx: Drop pci aliases to avoid domain changes
As of upstream Linux commit 0fe1e96fef0a ("powerpc/pci: Prefer PCI
domain assignment via DT 'linux,pci-domain' and alias"), the PCIe
domain address is no longer numbered by the lowest 16 bits of the PCI
register address after a fallthrough. Instead of the fallthrough, the
enumeration process accepts the alias ID (as determined by
`of_alias_scan()`). This causes e.g.:

9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...

to become

0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...

... which then causes the sysfs path of the netdev to change,
invalidating the `wifi_device.path`s enumerated in
`/etc/config/wireless`.

One other solution might be to migrate the uci configuration, as was
done for mvebu in commit 0bd5aa89fc ("mvebu: Migrate uci config to
new PCIe path"). However, there are concerns that the sysfs path will
change once again once some upstream patches[^2][^3] are merged and
backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled).

Instead, remove the aliases and allow the fallthrough to continue for
now. We will provide a migration in a later release.

This was first reported as a Github issue[^1].

[^1]: https://github.com/openwrt/openwrt/issues/10530
[^2]: https://lore.kernel.org/linuxppc-dev/20220706104308.5390-1-pali@kernel.org/t/#u
[^3]: https://lore.kernel.org/linuxppc-dev/20220706101043.4867-1-pali@kernel.org/

Fixes: #10530
Tested-by: Martin Kennedy <hurricos@gmail.com>
[Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i]
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
(cherry picked from commit 7f4b4c29f3)
Signed-off-by: Fabian Bläse <fabian@blaese.de>
2023-02-08 09:40:05 +01:00
Hauke Mehrtens
4292832a6a kernel: bump 5.4 to 5.4.230
Compile-tested: x86/64
Run-tested: x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 19:26:47 +01:00
Hauke Mehrtens
ac7386a15d kernel: Reorder configuration
This was done by running these commands:
./scripts/kconfig.pl '+' target/linux/generic/config-5.4 /dev/null > target/linux/generic/config-5.4-new
mv target/linux/generic/config-5.4-new target/linux/generic/config-5.4

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-01-28 19:26:32 +01:00
Rafał Miłecki
944265347a kernel: expose (unhide) CONFIG_ASN1 as ksmbd requirement
OpenWrt provides kmod-asn1-decoder for CONFIG_ASN1 but selecting it
doesn't really work as expected. Kernel symbol is hidden and can be
actually selected only as a dependency. That works well for in-kernel
stuff but fails for external modules requiring ASN1 like ksmbd.

Modify kernel Kconfig to make CONFIG_ASN1 always selectable. It's
required to satisfy ksmbd dependencies cleanly (without hack like
selecting unrelated modules).

Link: http://lists.openwrt.org/pipermail/openwrt-devel/2023-January/040298.html
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-01-25 12:01:16 +01:00
Christian Marangi
8b46a263ab
scripts/dl_github_archieve.py: fix generating unreproducible tar
Allign dl_github_archieve.py to 8252511dc0
change. On supported system the sigid bit is applied to files and tar
archieve that on tar creation. This cause unreproducible tar for these
system and these bit should be dropped to produce reproducible tar.

Add the missing option following the command options used in other
scripts.

Fixes: 75ab064d2b ("build: download code from github using archive API")
Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5f1758ef14)
2023-01-12 15:00:55 +01:00
Josef Schlehofer
1b6e9b3f64 opkg: add patch to avoid remove package repeatly with force
This patch was taken from the OpenWrt-devel mailing list:
https://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg59794.html

It is included already in OpenWrt master branch and OpenWrt 22.03
release as it was included in opkg-lede repository:
https://git.openwrt.org/?p=project/opkg-lede.git;a=commit;h=9c44557a776da993c2ab80cfac4dbd8d59807d01

However, it is not included in OpenWrt 21.02, where the same issue is
happening.

Fixes: CI for https://github.com/openwrt/packages/pull/20074

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2023-01-06 17:34:46 +01:00
Daniel Golle
cdd9bee370 kernel: add kmod-nvme package
Add driver for NVM Express block devices, ie. PCIe connected SSDs.

Targets which allow booting from NVMe (x86, maybe some mvebu boards come
to mind) should have it built-in, so rootfs can be mounted from there.
For targets without NVMe support in bootloader or BIOS/firmware it's
sufficient to provide the kernel module package.

On targets having the NVMe driver built-in the resulting kmod package
is an empty dummy. In any case, depending on or installing kmod-nvme
results in driver support being available (either because it was already
built-in or because the relevant kernel modules are added and loaded).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit dbe53352e3)
2023-01-06 17:30:51 +01:00
Rui Salvaterra
39868a87d4 netfilter: remove no-op kconfig symbols
These have long been obsolete. For reference, here's the Linux version where
each symbol has been dropped:

CONFIG_IP6_NF_QUEUE - 3.5
CONFIG_IP6_NF_TARGET_LOG - 3.4
CONFIG_IP_NF_MATCH_DSCP - 2.6.19
CONFIG_NF_CONNTRACK_IPV4 - 4.19
CONFIG_NF_CONNTRACK_IPV6 - 4.19
CONFIG_NF_CONNTRACK_RTCACHE - out-of-tree, superseded by flow offloading

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit d7956c5728)
2023-01-06 17:29:09 +01:00
Hauke Mehrtens
0f423804f6 kernel: kmod-isdn4linux: Remove package
The isdn4linux drivers and subsystem was removed in kernel 5.3, remove
the kernel package also from OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit db55dea5fc)
2023-01-06 17:26:45 +01:00
Hauke Mehrtens
66fa45ecef kernel: kmod-ipt-ulog: Remove package
The ulog iptables target was removed with kernel 3.17, remove the kernel
and also the iptables package in OpenWrt too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2a0284fb03)
2023-01-06 17:23:25 +01:00
Hauke Mehrtens
e6b1094b8d kernel: kmod-w1-slave-ds2760: Remove package
The w1_ds2760.ko driver was merged into the ds2760_battery.ko driver.
The driver was removed and this package was never build any more.
This happened with kernel 4.19.

Remove this unused package.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5808973d14)
2023-01-06 17:23:25 +01:00
Hauke Mehrtens
ab9025769b kenrel: kmod-rtc-pt7c4338: Remove package
The rtc-pt7c4338.ko was never upstream under this name, the driver was
removed from OpenWrt some years ago, remove the kmod-rtc-pt7c4338
package too.

Fixes: 74d00a8c38 ("kernel: split patches folder up into backport, pending and hack folders")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5ccf4dcf88)
2023-01-06 17:23:25 +01:00
Josef Schlehofer
3e0faf2866 kernel: build crypto md5/sha1/sha256 modules for powerpc
This builds and enables kernel optimized modules for mpc85xx target:
- CONFIG_CRYPTO_MD5_PPC [1]
- CONFIG_CRYPTO_SHA1_PPC_SPE [2]
- CONFIG_CRYPTO_SHA256_PPC_SPE [3]

Where it was possible, then use Signal Processing Engine, because
CONFIG_SPE is already enabled in mpc85xx config.

[1] https://cateee.net/lkddb/web-lkddb/CRYPTO_MD5_PPC.html
[2] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA1_PPC.html
[3] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA256_PPC_SPE.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 3a702f8733)
2023-01-06 17:17:07 +01:00
Josef Schlehofer
8e548ac9bd kernel: fix typo for tegra crypto-sha1 module
Fixes: e889489bed ("kernel: build
arm/neon-optimized sha1/512 modules")

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit f8f9d6901c)
2023-01-06 17:14:40 +01:00
Christian Marangi
e819523f90
CI: build: fix external toolchain use with release tag tests
When a new tag for a release is created, the just checkout repo from
github actions will already have such tag locally created.

This will result in git fetch --tags failing with error rejecting the
remote tag with (would clobber existing tag).

Add -f option to overwrite any local tags and always fetch them from
remote.

Fixes: e24a1e6f6d ("CI: build: add support for external toolchains from stable branch")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f655923b36)
2023-01-04 19:35:17 +01:00
Rafał Miłecki
ee1eda7c7d layerscape: fix felix DSA driver compilation
It isn't used at the moment but let's fix it anyway.

This fixes:
  CC      drivers/net/dsa/ocelot/felix.o
drivers/net/dsa/ocelot/felix.c:646:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int,  enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types]
  .get_tag_protocol = felix_get_tag_protocol,
                      ^~~~~~~~~~~~~~~~~~~~~~

for users enabling CONFIG_NET_DSA_MSCC_FELIX.

Fixes: 1f5024aa73 ("kernel: backport b53/bcm_sf2 changes from v5.6")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-01-03 11:00:30 +01:00
Rafał Miłecki
f5646ae0b9 realtek: update rtl83xx switch driver to the updated DSA API
This fixes:
  CC      drivers/net/dsa/rtl83xx/dsa.o
drivers/net/dsa/rtl83xx/dsa.c:1274:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int,  enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types]
  .get_tag_protocol = rtl83xx_get_tag_protocol,
                      ^~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/dsa/rtl83xx/dsa.c:1274:22: note: (near initialization for 'rtl83xx_switch_ops.get_tag_protocol')
drivers/net/dsa/rtl83xx/dsa.c:1316:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int,  enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types]
  .get_tag_protocol = rtl83xx_get_tag_protocol,
                      ^~~~~~~~~~~~~~~~~~~~~~~~

Fixes: 1f5024aa73 ("kernel: backport b53/bcm_sf2 changes from v5.6")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-01-02 17:43:31 +01:00
Arınç ÜNAL
76c9c2b113
rampis: fix Reference to non-existent node for GB-PC2
Fix cannot build: Reference to non-existent node or label
"macaddr_factory_e000" dtb compilation error.

The cherry-pick had to be reworked to use the old mtd-mac-address way as
openwrt-21.02 still wasn't migrated to nvmem implementation.

Fixes: d604032c2a ("ramips: fix GB-PC1 and GB-PC2 device support")
Fixes: #11654
Fixes: #11385
Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com>
[ rework commit message, add more fixes tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-12-31 13:56:59 +01:00
Hauke Mehrtens
18f05da13d
dnsmasq: Backport DHCPv6 server fix (CVE-2022-0934)
This backports a commit from upstream dnsmasq to fix CVE-2022-0934.

CVE-2022-0934 description:
A single-byte, non-arbitrary write/use-after-free flaw was found in
dnsmasq. This flaw allows an attacker who sends a crafted packet
processed by dnsmasq, potentially causing a denial of service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 002a99eccd)
2022-12-21 13:53:51 +01:00
Christian Marangi
b119562a07
generic: 5.4: refresh kernel patches
Refresh kernel patches due to new spi nor patch.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-12-17 02:45:43 +01:00
Christian Marangi
12861e01ee
generic: add support for EON EN25QX128A spi nor flash
Add support for EON EN25QX128A spi nor flash with no flags as it does
support SFDP parsing.

Fixes: #9442
Tested-by: Szabolcs Hubai <szab.hu@gmail.com> [ramips/mt7621: xiaomi_mi-router-4a-gigabit]
(cherry picked from commit d7876daf65)
[ apply the same patch to 5.4 kernel ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-12-16 22:34:00 +01:00
Sergey V. Lobanov
784565b6a0
tools/mkimage: fix build on MacOS arm64
Fixed -no-pie compilation warning on MacOS
Fixed errors related to using absolute addressing on MacOS arm64

Based on upstream patch from Jessica Clarke and suggestions from Ronny Kotzschmar

Link to original patch and discussion:
3b142045e8

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit 8261b85844)
2022-12-09 03:25:49 +01:00
Christian Marangi
295c612a4a
CI: kernel: don't checkout and install feeds
We don't need to checkout feed and install feeds for kernel tests. This
saves up to 2 minutes for each target kernel build test.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 925e2a155e)
2022-12-07 18:18:33 +01:00
Christian Marangi
50ad1e5619
CI: build: skip sdk adapt to external toolchain on cache hit
On cache hit, skip sdk adapt to external toolchain. This is needed because we
cache the already extracted sdk and that is already adapted to be used
as external toolchain.

Rerunning the adap step will result in the test to fail for missing file
as the file are already got wrapped to the external toolchain format.

Fixes: 42f0ab028e ("CI: build: fix use of sdk as toolchain")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 99eaedfe39)
2022-12-07 18:18:25 +01:00