Commit Graph

21128 Commits

Author SHA1 Message Date
Nick Hainke
a42075435a binutils: update to 2.42
Refresh patch:
- 001-replace-attribute_const.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-02-12 23:41:03 +01:00
Sander Vanheule
6f83a708c8 base-files: move uci_set_poe() to uci-defaults.sh
PoE devices in the realtek target have the possibility to add PSE info
to the board description via 02_network. Make this available for all
targets, by moving the uci_set_poe() function to the globally available
uci-default.sh script.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2024-02-12 20:46:51 +01:00
Christian Marangi
dfc1e8cfee
qca-ssdk: drop deprecated Xiaomi LEDs quirk patch
Drop deprecated Xiaomi LEDs quirk patches as they are not needed anymore
as LEDs are now supported by the upstream qca807x driver.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-02-11 21:15:31 +01:00
Christian Marangi
c8aded65c1
qca-ssdk: add patch to support detection of PSGMII mode for PHY
If a PHY doesn't use the integrated driver, SSDK use poll the phydev to
get the real PHY mode. qca807x use PSGMII as PHY mode and this specific
mode is not detected in qca SSDK while used in the entire driver.

Add support for it in the hsl_port_phydev_interface_mode_status_get
function used to translate PHY mode to the internal SSDK value.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-02-11 21:12:29 +01:00
Christian Marangi
8d7f747757
qca-ssdk: disable Malibu PHY in favor of upstream version
Disable Malibu PHY driver in Qca SSDK in favor of the upstream version.
The same workaround are applied and the version upstream is just a drop
in replacement and is well tested from the ipq40xx target.

Also using the upstream version permits further support for LEDs.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-02-11 21:09:34 +01:00
Shiji Yang
3b74ae780c uboot-envtools: backport some usefull patches from v2024.04-rc1
Highlights:
- Silence small page read warning.
- Autodetect NAND erase size and env sectors.

Signed-off-by: Shiji Yang <yangshiji66@qq.com>
2024-02-11 10:48:59 +01:00
Robert Marko
a79efe4cdf
qca-ssdk: add support for ipq60xx
IPQ60xx uses a different codename for SSDK, so lets pass the correct one
as otherwise SSDK asumes we are building for the old MIPS SoC-s.

Signed-off-by: Robert Marko <robimarko@gmail.com>
[ drop outdated commit description info ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-02-09 14:01:51 +01:00
Nick Hainke
5a016cc3af uboot-envtools: update to 2024.01
Update to latest version.

Refresh patches:
- 002-Revert-tools-env-use-run-to-store-lockfile.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-02-09 13:55:18 +01:00
Felix Fietkau
2b4941a6f1 wifi-scripts: fix fullmac phy detection
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.

Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-09 12:18:59 +01:00
Konstantin Demin
3f96246e97 dropbear: better handle interfaces
- introduce 'DirectInterface' option to bind exactly to specified interface;
  fixes #9666 and late IPv4/IPv6 address assignment
- option 'DirectInterface' takes precedence over 'Interface'
- improve interface/address handling,
  e.g. verify count of listening endpoints due to dropbear limit (10 for now)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
865ae1c10c dropbear: better handle receive window size
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog

improves f95eecfb

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
05100d8651 dropbear: adjust file permissions
runtime:
- adjust ownership/permissions while starting dropbear
build time:
- correct file permissions for preseed files in $(TOPDIR)/files/etc/dropbear/ (if any)

closes #10849

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
a97e0dad6e dropbear: 'rsakeyfile' -> 'keyfile' transition
end users should have done this since OpenWrt 19.07.
if they didn't do this yet - perform auto-transition.

schedule 'rsakeyfile' removal for next year release.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
ff1ccd85e8 dropbear: failsafe: handle all supported key types
dropbear may be configured and compiled with support for different host key types

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
55218bcedb dropbear: minor config reorder
move DROPBEAR_ASKPASS under DROPBEAR_DBCLIENT (in all meanings)

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
c87a192386 dropbear: split U2F/FIDO support
these options allow one to configure U2F/FIDO support in more granular way

inspired by upstream commit aa6559db

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
bf900e02c7 dropbear: add option to enable modern crypto only
reduces binary/package size and increases overall performance

also:
- adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
  to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
88c8053d47 dropbear: adjust allowed shell list
this takes an effect only if getusershell(3) is missing

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
7f6fcaa3bf dropbear: honor CONFIG_TARGET_INIT_PATH
fixes 65256aee

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
2d9a0be307 dropbear: disable two weak kex/mac algorithms
hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms.
A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1]

It has no place in a potentially internet-facing daemon like dropbear.
Upstream has acknowledged this and offered this solution to disable
these two until this is made to be the default in the next release
of dropbear next year. [2]

1. https://www.openssh.com/txt/release-8.2
2. https://github.com/mkj/dropbear/issues/138

Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
0b277f8659 dropbear: minor config clarification
- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
  and DROPBEAR_DBCLIENT_AGENTFORWARD:
  describe why and where it should be disabled

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
fa849fd411 dropbear: better object cleanup
improves b78aae79

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
f2b2293663 dropbear: allow more complex configuration
- switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists:
  this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG
  which is more likely to be than values with commas;
  use $(comma) variable for values with commas.
- sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list.
- allow DB_OPT_COMMON to have values with commas.
- allow to replace multiline definitions in sysoptions.h.

improves e1bd9645

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
b5cde26048 dropbear: cherry-pick upstream patches
critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)

various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels

adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Konstantin Demin
d4dfb566e2 dropbear: bump to 2022.83
- update dropbear to latest stable 2022.83;
  for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop patches:
  - 001-fix-MAX_UNAUTH_CLIENTS-regression.patch
- rework patches:
  - 901-bundled-libs-cflags.patch
- refresh remaining patches

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2024-02-09 09:13:05 +00:00
Stephen Howell
d274867c21 lldpd: add option to force EDP
allow EDP support if compiled and add force EDP option

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
8b2d02e48c lldpd: only use snmp options when compiled in
prevent SNMP options being passed unless lldpd supports them

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
1b36d44323 lldpd: Update Makefile package release
increment Makefile package release to reflect changes to init script

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
a5f715da71 lldpd: add option for tx delay and tx hold
add option to set LLDP transmit delay, hold timers to set update frequency

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
4159acceeb lldpd: add option to set system platform
add option to override system platform instead of using kernel name

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:37 +02:00
Stephen Howell
4ac134aa78 lldpd: add option to force SONMP enabled
add option to force SONMP to be enabled even when no peer detected

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
1be2088a52 lldpd: add option to force FDP on
add option to force FDP when no peers detected

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
b67182008f lldpd: set CDP version and allow forcing CDP on
add option to specify CDPv1 or CDPv2 and separately enable or force each

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
61dbe756d8 lldpd: allow disabling LLDP protcol
add option to allow LLDP disabling while using other supported protocols

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
ac771313eb lldpd: add portidsubtype option
add option portidsubtype to correct port identifiers and descriptions

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
c98ee4dbb3 lldpd: add agent-type option
add option to set agent-type to control propogation

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
24176a6bdd lldpd: add LLDP MED options
add option to enable LLDP MED fast-start and set fast-start timer

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
1753498b01 lldpd: option to disable LLDP-MED inventory TLV
add option to disable LLDP-MED inventory TLV transmission

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
058f284b1a lldpd: Init adds no-version option
add option to disable advertising kernel version

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
ac3ed75309 lldpd: Allow neighbour filtering
add filter option to init script.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
064b4999ad lldpd: LLDPD binds to only specified interfaces
Bind to the configured system interfaces only. Switchport interfaces
are no longer ignored and uci interface values for LLDPD are honored.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Stephen Howell
e483c247dc lldpd: Init config read on reload
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.

Signed-off-by: Stephen Howell <howels@allthatwemight.be>
2024-02-08 12:35:36 +02:00
Nick Hainke
21ca43d28a strace: update to 6.7
Release Notes:
https://github.com/strace/strace/releases/tag/v6.7

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-02-07 20:13:06 +01:00
Florian Eckert
c6fabd0bc3 base-files/leds: add setting the LED color via uci
Add the possibility that colored LEDs can also be configured via the uci.

config led 'led1'
	option name '<name>'
	option sysfs '<path>'
	option trigger 'default-on'
	option default '1'
-->	option color_{$color} '<0-255>'

The supported names of the variable "${color}" for the selected LED can be
queried in the file with the name 'multi_index'.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2024-02-07 15:34:43 +01:00
Florian Eckert
3aa812d8be base-files/leds: merging code sequences that belongs together
Setting the trigger and checking whether the trigger can be set belong
together and should not be interrupted by other lines of code.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2024-02-07 15:34:43 +01:00
Florian Eckert
102855b3c1 base-files/leds: save led color value if available
There are monochrome LEDs that can only display one color. However, there
are also LEDs that can display multiple colors. This can be tested in the
led subsystem of the kernel if the files 'multi_index' and 'multi_intensity'
are present in the folder '/sys/class/leds/<ledname>'.

Until now it was not possible to reset the default color. This commit adds
the missing information in the file '/var/run/led.state' so that the bootup
color can be seen on the LED again when the LED configuration has been changed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2024-02-07 15:34:43 +01:00
Nick Hainke
1c02b874fa kexec-tools: update to 2.0.28
Release Notes:
- https://www.spinics.net/lists/kexec/msg32139.html
- https://www.spinics.net/lists/kexec/msg33447.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
2024-02-06 12:10:05 +01:00
Felix Fietkau
4cd8ae67c5 wifi-scripts: fix copy&paste issue in metadata
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-02-06 10:47:22 +01:00
Álvaro Fernández Rojas
c9e6045032 kernel: modules: video: add missing video-mem2mem symbol
v4l2-mem2mem.ko needs CONFIG_V4L2_MEM2MEM_DEV symbol.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-02-05 18:25:16 +01:00
Álvaro Fernández Rojas
ee79da92dc kernel: modules: video: add missing video-videobuf2 symbol
videobuf2-v4l2.ko needs CONFIG_VIDEOBUF2_V4L2 symbol.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2024-02-05 18:25:16 +01:00