d464187c policycoreutils: sestatus belongs to bin not sbin
d59932a7 policycoreutils: Resolve path in restorecon_xattr
5682c0d5 policycoreutils/fixfiles.8: add missing file systems and merge check and verify
57dd1f65 policycoreutils/setfiles: Drop unused nerr variable
be7f54cb setfiles: drop ABORT_ON_ERRORS and related code
9207823c setfiles: Do not abort on labeling error
c064d214 selinux_config(5): add a note that runtime disable is deprecated
8bc865e1 newrole: support cross-compilation with PAM and audit
ba2d6c10 fixfiles: correctly restore context of mountpoints
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
142826a3 libselinux: fix segfault in add_xattr_entry()
398d2cee libselinux: rename gettid() to something which never conflicts with the libc
8f0f0a28 selinux(8,5): Describe fcontext regular expressions
9cc6b5cf libselinux/getconlist: report failures
156dd0de libselinux: update getseuser
e2dca5df libselinux: accept const fromcon in get_context API
da4829d0 libselinux: Always close status page fd
45b15c22 selinux(8): explain that runtime disable is deprecated
3c16aaef selinux(8): mark up SELINUX values
c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable
db0f2f38 libselinux: Add build option to disable X11 backend
4a142ac4 libsepol: Bump libsepol.so version
d23342a9 libselinux: convert matchpathcon to selabel_lookup()
7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format.
f5d644c7 libselinux: Add additional log callback details in man page for auditing.
075f9cfe libselinux: Fix selabel_lookup() for the root dir.
a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices.
a63f93d8 libselinux: initialize last_policyload in selinux_status_open()
ef902db9 libselinux: safely access shared memory in selinux_status_updated()
9e4480b9 libselinux: Remove trailing slash on selabel_file lookups.
21fb5f20 libselinux: use full argument specifiers for security_check_context in man page
e7abd802 libselinux: fix build order
05bdc031 libselinux: use kernel status page by default
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails
6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf
0861c659 libsepol: Validate policydb values when reading binary policy
8f5409cf libsepol: Create function ebitmap_highest_set_bit()
0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete
32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast
4662bdc1 libsepol/cil: be more robust when encountering <src_info>
6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument
0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks
1b36ace2 libsepol: include header files in source files when matching declarations
1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check
72a88d75 libsepol: remove unused files
eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit
1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block
b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep
f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values()
5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums
34bd9a9d libsepol: destroy filename_trans list properly
bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer
b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails
228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit
a25d9104 libsepol/cil: constify some strings
e2d01842 libsepol/cil: propagate failure of cil_fill_list()
6c8fca10 libsepol/cil: do not add a stack variable to a list
38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias
3c357285 libsepol/cil: remove useless print statement
90809674 libsepol/cil: always destroy the lexer state
d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible
2aac859a libsepol/cil: Use the macro NODE() whenever possible
d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases()
9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve
e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node()
ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
89dab467 libsepol: free memory when realloc() fails
2d353bd5 libsepol/cil: Give error for more than one true or false block
4a142ac4 libsepol: Bump libsepol.so version
506c7b95 libsepol: Drop deprecated functions
ae58e84b libsepol: Get rid of the old and duplicated symbols
c97d63c6 libsepol: silence potential NULL pointer dereference warning
64387cb3 libsepol: drop confusing BUG_ON macro
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
a152653b libsepol/cil: Fix neverallow checking involving classmaps
734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy
685f577a libsepol/cil: Validate constraint expressions before adding to binary policy
8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS
42ae834a libsepol,checkpolicy: optimize storage of filename transitions
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Introduce new patch for automatically detecting RAM size.
Some boards have a different amount of RAM depending on the HW revision.
Therefore, automatically detecting the RAM size instead of hard-coding it will
reduce the number of device definitions.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The Sercomm AD1018 has a NAND flash. We recently added support for NANDs
in this target.
Use the internal NAND as additional storage.
Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
945d0d7 utils: fix C style in header file
2cfc26f inittab: detect active console from kernel if no console= specified
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fix: bpftools 5.11.2 does not compile on macOS, because the -m option
was placed between src and dst. Corrected by moving -m 644 before src.
Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
The pkgconfig file hardcodes a host library directory which cannot be
overridden by OpenWrt during builds. Use SED to fix this and potential
include directory problems, as is done with several other packages.
This fixes a strange issue intermittently seen building iproute2 on the
oxnas target:
iptables modules directory: /usr/lib/iptables
libc has setns: yes
SELinux support: no
libbpf support: no
libbpf version 0.3.0 is too low, please update it to at least 0.1.0
LIBBPF_FORCE=on set, but couldn't find a usable libbpf
Fixes: 2f0d672088 ("bpftools: add utility and library packages
supporting eBPF usage")
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
This was added recently and thus overlooked in 85b1f4d8ca
("treewide: remove execute bit and shebang from board.d files").
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The bootloader of many ipq806x boards seems to require the config node
of the FIT image to be 'config@1' (or a secific different value).
This requirement used to be implicitely satisfied because OpenWrt used
to also call the configuration node inside a FIT image 'config@1'.
However, as recent U-Boot now prohibits the use of the '@' symbol as
part of node names, this was changed by
commit 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
Explicitely restore the default name of the configuration node to
'config@1' on ipq806x.
(ipq807x is unaffected as DEVICE_DTS_CONFIG default is set
"config@hk01" in target/linux/ipq807x/image/Makefile)
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The bootloader of many ipq40xx boards seems to require the config node
of the FIT image to be 'config@1' (or a secific different value).
This requirement used to be implicitely satisfied because OpenWrt used
to also call the configuration node inside a FIT image 'config@1'.
However, as recent U-Boot now prohibits the use of the '@' symbol as
part of node names, this was changed by
commit 5ec60cbe9d ("scripts: mkits.sh: replace @ with - in nodes")
Explicitely restore the default name of the configuration node to
'config@1' on ipq40xx.
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The in-SoC RTC of the Bananapi R64 is more disruptive than useful
without a battery connected. Disable it to not have Linux use the
RTC provided time 2000-01-01 00:00:00 after power-loss.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Make packages depending on usb-serial selective, so we do not have
to add kmod-usb-serial manually for every device.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
So far, board.d files were having execute bit set and contained a
shebang. However, they are just sourced in board_detect, with an
apparantly unnecessary check for execute permission beforehand.
Replace this check by one for existance and make the board.d files
"normal" files, as would be expected in /etc anyway.
Note:
This removes an apparantly unused '#!/bin/sh /etc/rc.common' in
target/linux/bcm47xx/base-files/etc/board.d/01_network
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Enable testing kernel.
Fix compile errors by using new kernel APIs.
Fix fuzz by manually editing patches to ensure the code goes in the
right place.
For 721-NET-no-auto-carrier-off-support.patch, revert upstream commit
a307593a6 to keep the OpenWrt ralink driver operational.
Add mt7621-pci-phy patch to select REGMAP_MMIO as discussed in PR #3693
and #3952.
Run automatic quilt refresh on the rest.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
0098-disable_cm.patch is not needed because upstream fixed CM handling.
The rest are straightforward removals of upstreamed patches.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
This reverts commit b4aad29a1d.
This was accidentally folded into a single commit. Remove it and
apply it properly again.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Partially restore the wild-card matching for kmod-usb3 modules to fix
build on platforms without PCI which otherwise file, as seen on
buildbot:
ERROR: module '[...]/linux-5.4.102/drivers/usb/host/xhci-pci.ko' is missing.
modules/usb.mk:1675: recipe for target '[...]/kmod-usb3_5.4.102-1_mips_mips32.ipk' failed
Fixes: 7bda2e9aba ("kernel: fix kmod-usb3 dependencies")
Fixes: be23f9818a ("apm821xx: add support for kernel 5.10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
It appears to be an automatic Kconfig symbol that varies depending on
the host platform. There is no need to define it in target configs, so
filter it out.
Also sort config-filter entries alphabetically.
Cc: Adrian Schmutzler <mail@adrianschmutzler.de>
Cc: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Remove unneeded delcarations form package Makefile now that everything
comes from github.com/mtk-openwrt upstream.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Adding CONFIG_USB_XHCI_PCI_RENESAS to KCONFIG made it so it was set
for all targets that included kmod-usb3, not just the intended
apm821xx/nand. xhci-pci has a dependency on xhci-pci-renesas if
CONFIG_USB_XHCI_PCI_RENESAS is set, breaking kmod-usb3 builds on
Linux 5.10 on all other targets.
Rework the dependencies by breaking out xhci-hcd, xhci-mtk, and
xhci-pci-renesas into new hidden kernel modules and setting kmod-usb3
dependencies properly.
Tested by building mt7621 and apm821xx/nand with kmod-usb3 on Linux 5.10
Fixes: be23f981 ("apm821xx: add support for kernel 5.10")
Cc: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
DDR3_FLYBY has accidentally been set also for the 1-chip variant which
lead to broken, unbootable images. Fix that.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Enable testing kernel.
Delete upstreamed patches:
0098-disable_cm.patch can be dropped, upstream fixed CM handling.
Fix compile errors by using new kernel APIs.
Fix fuzz by manually editing patches to ensure the code goes in the
right place.
For 721-NET-no-auto-carrier-off-support.patch, revert upstream commit
a307593a6 to keep the OpenWrt ralink driver operational.
Add mt7621-pci-phy patch to select REGMAP_MMIO as discussed in PR #3693
and #3952.
Rename patches to follow the 3-digit classification from the OpenWrt
Developer Guide.
Run automatic quilt refresh.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
This patch copies over refreshed patches from 5.4.
- dropped crypto patches (they got upstreamed)
- dropped renesas USB 3 firmware loader (they got upstreamed)
- NAND now needs extra device-properties for ECC settings.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* allow MAC address from U-Boot env to be inhertied
* allow eMMC installation to succeed also without recovery present
on the SD Card.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Also add a new kconfig symbol (CONFIG_KCMP) to the generic config,
disabling the SYS_kcmp syscall (it was split from
CONFIG_CHECKPOINT_RESTORE, which is disabled by default, so the
previous behaviour is kept).
Removed (upstreamed) patches:
070-net-icmp-pass-zeroed-opts-from-icmp-v6-_ndo_send-bef.patch
081-wireguard-device-do-not-generate-ICMP-for-non-IP-pac.patch
082-wireguard-queueing-get-rid-of-per-peer-ring-buffers.patch
083-wireguard-kconfig-use-arm-chacha-even-with-no-neon.patch
830-v5.12-0002-usb-serial-option-update-interface-mapping-for-ZTE-P685M.patch
Manually rebased patches:
313-helios4-dts-status-led-alias.patch
104-powerpc-mpc85xx-change-P2020RDB-dts-file-for-OpenWRT.patch
Run tested:
ath79 (TL-WDR3600)
mvebu (Turris Omnia)
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
All necessary blobs are now contained in the upstream repository, no
more wild replacing of blobs needed.
This new version also contains new storage drivers for (SPI-)NAND which
already comes with support for FM35Q1GA, so that patch can be dropped
as well.
Tested on:
* Bananapi BPi-R64
- sdmmc-2ddr
- emmc-2ddr
* Linksys E8450
- snand-1ddr
All works fine (booting Bananapi BPi-R64 from SD Card does NOT require
a signed image, so patch arm-trusted-firmware-mediatek to allow doing
that).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
U-boot will reject all nodes with @ since commit:
79af75f777
This will cause the OpenWrt images to fail booting,
to rectify use the config-1 as default.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
U-boot will reject the nodes with @ for the address since
commit:
79af75f777
This in turn will cause the failure to boot with OpenWrt
generated images.
So, to rectify that simply replace @ with -.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cover also newly added rootfs@1 and initrd@1 nodes)
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
It's a BCM4906 based device (2 CPU cores). It has 512 MiB of RAM, 4 LAN
ports, 1 WAN port, 2 USB ports, NAND flash. WiFi unknown at this point.
Flashing is possible using CFE only, proper image will be worked on
later.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
From the original commit message:
"With GCC 10, building usbip triggers error for multiple definition
of 'udev_context', in:
- libsrc/vhci_driver.c:18 and
- libsrc/usbip_host_common.c:27.
Declare as extern the definition in libsrc/usbip_host_common.c."
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>