ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2024-12-21 06:33:41 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
54,092 Commits 9 Branches 75 Tags 905 MiB
659bb7638d
Commit Graph

19218 Commits

Author SHA1 Message Date
Hauke Mehrtens
dfe5c23592 iwinfo: update to latest HEAD 
705d3b5 iwinfo: Add missing auth_suites mappings for WPA3

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cc2dfc5e4d)
 2022-08-14 21:06:53 +02:00
Hauke Mehrtens
1c7a167366 kernel: kmod-phy-smsc: Add new PHY 
This adds the SMSC PHY which is needed by the kmod-usb-net-smsc95xx
driver.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5b016a88f9)
 2022-08-14 00:29:19 +02:00
Hauke Mehrtens
fd4a354f3e kernel: kmod-phy-ax88796b: Add new PHY 
This adds the AX88796B PHY which is needed by the kmod-usb-net-asix
driver.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 712ff388bc)
 2022-08-14 00:29:19 +02:00
Hauke Mehrtens
13d66ef33f kernel: kmod-ipt-ulog: Remove package 
The ulog iptables target was removed with kernel 3.17, remove the kernel
and also the iptables package in OpenWrt too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2a0284fb03)
 2022-08-14 00:29:19 +02:00
Hauke Mehrtens
534e256c02 kernel: kmod-nft-nat6: Remove package 
The nft NAT packages for IPv4 and IPv6 were merged into the common
packages with kernel 5.1. The kmod-nft-nat6 package was empty in our
build, remove it.

Multiple kernel configuration options were also removed, remove them
from our generic kernel configuration too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b75425370d)
 2022-08-14 00:29:19 +02:00
Hauke Mehrtens
2a6fa77b77 kernel: ipt-ipset: Add ipset/ip_set_hash_ipmac.ko 
Add the ipset/ip_set_hash_ipmac.ko file. The CONFIG_IP_SET_HASH_IPMAC
KConfig option is already set by the package.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 6a2e9f3da6)
 2022-08-14 00:06:21 +02:00
Thomas Langer
fc05102d51 kernel: netsupport: kmod-sched: explicitly define included modules 
Change SCHED_MODULES_EXTRA to an explicit list of modules
instead of taking everything that is not filtered out.
This removes the need of updating the filter each time an extra
sch_*, act_* or similar is added with an own kmod definition.

Signed-off-by: Thomas Langer <tlanger@maxlinear.com>
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 1b956e66cc)
 2022-08-14 00:01:48 +02:00
Hauke Mehrtens
3b51f74a91 kernel: netsupport: kmod-sched: Add kmod-lib-textsearch dependency 
The CONFIG_NET_EMATCH_TEXT configuration option depends on the
kmod-lib-textsearch package.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 3cc878a8d3)
 2022-08-14 00:01:48 +02:00
Hauke Mehrtens
9727b71147 kernel: netsupport: kmod-sched: Remove sch_fq_codel and sch_fifo 
The sch_fq_codel.ko and the sch_fifo.ko are always compiled into the
kernel, they are activated in the generic kernel configuration. There is
no need to activate the build of these kernel modules in the kmod-sched*
packages.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 606e357bf8)
 2022-08-14 00:01:48 +02:00
Daniel Golle
0038e96c27 arm-trusted-firmware-mediatek: skip bad blocks on SPI-NAND (SNFI) 
Add patch to skip bad blocks when reading from SPI-NAND. This is needed
in case erase block(s) early in the flash inside the FIP area are bad
and hence need to be skipped in order to be able to boot on such damaged
chips.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c0109537d1)
 2022-08-12 22:47:39 +02:00
Florian Eckert
5c69416246 fstools: add uci fstab section to conffiles for package block-mount 
The command 'opkg search /etc/config/fstab' does not return a package
name for this config file. In order to know to which package this config
file belongs to, a 'conffiles' entry was made for this file to package
'block-mount'.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 885f04b305)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2022-08-12 22:46:51 +02:00
Vincent Pelletier
0855549b4b kernel: scale nf_conntrack_max more reasonably 
Use the kernel's built-in formula for computing this value.
The value applied by OpenWRT's sysctl configuration file does not scale
with the available memory, under-using hardware capabilities.
Also, that formula also influences net.netfilter.nf_conntrack_buckets,
which should improve conntrack performance in average (fewer connections
per hashtable bucket).

Backport upstream commit for its effect on the number of connections per
hashtable bucket.

Apply a hack patch to set the RAM size divisor to a more reasonable value (2048,
down from 16384) for our use case, a typical router handling several thousands
of connections.

Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 15fbb91666)
 2022-08-11 21:54:09 +01:00
Bruno Victal
0179ba7851 dnsmasq: fix jail_mount for serversfile 
Fix 'serversfile' option not being jail_mounted by the init script.

Signed-off-by: Bruno Victal <brunovictal@outlook.com>
(cherry picked from commit 0276fab649)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2022-08-10 15:06:30 +02:00
Petr Štetiar
707ec48ab3 zlib: backport null dereference fix 
The curl developers found test case that crashed in their testing when
using zlib patched against CVE-2022-37434, same patch we've backported
in commit 7df6795d4c ("zlib: backport fix for heap-based buffer
over-read (CVE-2022-37434)"). So we need to backport following patch in
order to fix issue introduced in that previous CVE-2022-37434 fix.

References: https://github.com/curl/curl/issues/9271
Fixes: 7df6795d4c ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f443e9de70)
 2022-08-09 08:12:46 +02:00
Petr Štetiar
5e0173de51 zlib: bump PKG_RELEASE after CVE fix 
Fixing missed bump of PKG_RELEASE while backporting commit 7561eab8e8
("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)")
as package in master is using AUTORELEASE.

Fixes: 7561eab8e8 ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
 2022-08-08 09:55:33 +02:00
Petr Štetiar
7561eab8e8 zlib: backport fix for heap-based buffer over-read (CVE-2022-37434) 
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow
in inflate in inflate.c via a large gzip header extra field. NOTE: only
applications that call inflateGetHeader are affected. Some common
applications bundle the affected zlib source code but may be unable to
call inflateGetHeader.

Fixes: CVE-2022-37434
References: https://github.com/ivd38/zlib_overflow
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 7df6795d4c)
 2022-08-08 09:46:36 +02:00
Hans Dedecker
1f9d603141 odhcpd: update to git HEAD 
860ca90 odhcpd: Support for Option NTP and SNTP
83e14f4 router: advertise removed addresses as invalid in 3 consecutive RAs

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 73c6d8fd04)
 2022-08-07 12:38:55 +02:00
Andre Heider
39ac29a68a uboot-mvebu: update to v2022.07 
- Release announcement:
https://lore.kernel.org/u-boot/20220711134339.GV1146598@bill-the-cat/

- Changes between 2022.04 and 2022.07:
https://source.denx.de/u-boot/u-boot/-/compare/v2022.04...v2022.07?from_project_id=531

Remove one upstreamed patch and add patch to fix issue with sunxi tool
as it uses function from newer version libressl (3.5.0).

Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [Turris Omnia]
(cherry picked from commit 24bf6813bad98a8eba5430ed5e4da89d54797274)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[Improve commit message]
 2022-08-06 22:25:43 +02:00
Wenli Looi
247ef07540 ramips: support fw_printenv for Netgear WAX202 
Config partition contains uboot env for the first 0x20000 bytes.
The rest of the partition contains other data including the device MAC
address and the password printed on the label.

Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
(cherry picked from commit 0bfe1cfbb1)
 2022-08-06 22:25:13 +02:00
Chen Minqiang
62fff4e1e6 umdns: add missing syscall to seccomp filter 
There is some syscall missing:
'getdents64'
'getrandom'
'statx'
'newfstatat'

Found with:
'mkdir /etc/umdns; ln -s /tmp/1.json /etc/umdns/; utrace /usr/sbin/umdns'

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
(cherry picked from commit 31cca8f8d3)
 2022-08-06 22:25:07 +02:00
Oleg S
ecf0dc7055 ramips: Add support command fw_setsys for Xiaomi routers 
The system parameters are contained in the Bdata partition.
To use the fw_setsys command, you need to create a file
fw_sys.config.
This file is created after calling the functions
ubootenv_add_uci_sys_config and ubootenv_add_app_config.

Signed-off-by: Oleg S <remittor@gmail.com>
[ wrapped commit description to 72 char ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6c7e337c80)
 2022-08-06 22:24:42 +02:00
Roland Barenbrug
bd9bb13012 ltq-vdsl-app: Fix counter overflow resulting in negative values 
The re-transmit counters can overflow the 32 bit representation resulting
in negative values being displayed. Background being that the numbers are
treated at some point as signed INT rather than unsigned INT.
Change the counters from 32 bit to 64 bit, should provide sufficient room
to avoid any overflow. Not the nicest solution but it works

Fixes: #10077
Signed-off-by: Roland Barenbrug <roland@treslong.com>
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit 456b9029d7)
 2022-08-06 22:24:39 +02:00
Mark Mentovai
daa73dc681 libmnl: fix build when bash is not located at /bin/bash 
This fixes the libmnl build on macOS, which ships with an outdated bash
at /bin/bash. During the OpenWrt build, a modern host bash is built and
made available at staging_dir/host/bin/bash, which is present before
/bin/bash in the build's PATH.

This is similar to 8f7ce3aa6d, presently appearing at
package/kernel/mac80211/patches/build/001-fix_build.patch.

Signed-off-by: Mark Mentovai <mark@mentovai.com>
(cherry picked from commit beeb49740b)
 2022-08-05 15:24:57 +02:00
Hauke Mehrtens
596efe1356 OpenWrt v22.03.0-rc6: revert to branch defaults 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2022-08-01 00:05:33 +02:00
Hauke Mehrtens
f1ff3fd95c OpenWrt v22.03.0-rc6: adjust config defaults 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2022-08-01 00:05:27 +02:00
Hauke Mehrtens
042d558536 mac80211: Update to version 5.15.58-1 
This updates mac80211 to version 5.15.58-1 which is based on kernel
5.15.58.
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3aa18f71f9)
 2022-07-31 17:12:47 +02:00
John Audia
c9cc3189ed wolfssl: fix math library build 
Apply upstream patch[1] to fix breakage around math libraries.
This can likely be removed when 5.5.0-stable is tagged and released.

Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B

1. https://github.com/wolfSSL/wolfssl/pull/5390

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit c2aa816f28)
 2022-07-31 17:12:47 +02:00
Dávid Benko
535f4a5bff odhcp6c: update to latest git HEAD 
9212bfc odhcp6c: fix IA discard when T1 > 0 and T2 = 0

Signed-off-by: Dávid Benko <davidbenko@davidbenko.dev>
(cherry picked from commit f920908626)
 2022-07-31 17:12:47 +02:00
Michael Pratt
5a7bcd6977 firewall3: update file hash 
the hash and timestamp of the remote copy of the archive
has changed since last bump
meaning the remote archive copy was recreated

Signed-off-by: Michael Pratt <mcpratt@pm.me>
(cherry picked from commit ba7da73680)
 2022-07-31 17:12:47 +02:00
Claudiu Beznea
c5f0eab222 uboot-at91: fix build on buildbots 
Buidbots are throwing the following compile error:

In file included from tools/aisimage.c:9:
include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
            ^~~~~~~~~~~~~~~
compilation terminated.

Fix it by passing `UBOOT_MAKE_FLAGS` variable to make.

Suggested-by: Petr Štetiar <ynezz@true.cz>
Fixes: 6d5611af28 ("uboot-at91: update to linux4sam-2022.04")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
(cherry picked from commit 95a24b5479)
 2022-07-31 17:12:47 +02:00
Claudiu Beznea
972b833e91 uboot-at91: update to linux4sam-2022.04 
Update uboot-at91 to linux4sam-2022.04. As linux4sam-2022.04 is based on
U-Boot v2022.01 which contains commit
93b196532254 ("Makefile: Only build dtc if needed") removed also the DTC
variable passed to MAKE to force the compilation of DTC.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
(cherry picked from commit 6d5611af28)
 2022-07-31 17:12:47 +02:00
Claudiu Beznea
39810995fb at91bootstrap: update at91bootstrap v4 targets to v4.0.3 
Update AT91Bootstrap v4 capable targets to v4.0.3.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
(cherry picked from commit 859f5f9aec)
 2022-07-31 17:12:47 +02:00
Jo-Philipp Wich
8b6b73d0e8 wolfssl: make shared again 
Disable the usage of target specific CPU crypto instructions by default
to allow the package being shared again. Since WolfSSL does not offer
a stable ABI or a long term support version suitable for OpenWrt release
timeframes, we're forced to frequently update it which is greatly
complicated by the package being nonshared.

People who want or need CPU crypto instruction support can enable it in
menuconfig while building custom images for the few platforms that support
them.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 0063e3421d)
 2022-07-30 17:22:16 +02:00
Rafał Miłecki
e0d3dc5de1 uboot-bcm4908: include SoC in output files 
This fixes problem of overwriting BCM4908 U-Boot and DTB files by
BCM4912 ones. That bug didn't allow booting BCM4908 devices.

Fixes: f4c2dab544 ("uboot-bcm4908: add BCM4912 build")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a8e1e30543)
 2022-07-28 00:50:13 +02:00
Christian Lamparter
f2c12b8940 layerscape: update PKG_HASH / PKG_MIRROR_HASH 
The change of the PKG_VERSION caused the hash of the package to
change. This is because the PKG_VERSION is present in the
internal directory structure of the archive.

Fixes: 038d5bdab1 ("layerscape: use semantic versions for LSDK")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit e879cccaa2)
(cherry picked from commit d4391ef073)
 2022-07-23 00:11:21 +02:00
Christian Lamparter
bddfd3f7ed sdk: add spidev-test to the bundle of userspace sources 
moves and extends the current facilities, which have been
added some time ago for the the usbip utility, to support
more utilites that are shipped with the Linux kernel tree
to the SDK.

this allows to drop all the hand-waving and code for
failed previous attempts to mitigate the SDK build failures.

Fixes: bdaaf66e28 ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit b479db9062)
 2022-07-22 22:26:26 +02:00
Hauke Mehrtens
a1068f77c9 wolfssl: Do not activate HW acceleration on armvirt by default 
The armvirt target is also used to run OpenWrt in lxc on other targets
like a Raspberry Pi. If we set WOLFSSL_HAS_CPU_CRYPTO by default the
wolfssl binray is only working when the CPU supports the hardware crypto
extension.

Some targets like the Raspberry Pi do not support the ARM CPU crypto
extension, compile wolfssl without it by default. It is still possible
to activate it in custom builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d1b5d17d03)
 2022-07-20 18:12:52 +02:00
Jianhui Zhao
dbe19b1041 libpcap: fix PKG_CONFIG_DEPENDS for rpcapd 
This fix allows trigger a rerun of Build/Configure when
rpcapd was selected.

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
(cherry picked from commit 6902af4f30)
 2022-07-20 18:12:52 +02:00
Pascal Ernster
a12eb71c88 wolfssl: WOLFSSL_HAS_WPAS requires WOLFSSL_HAS_DH 
Without this, WOLFSSL_HAS_DH can be disabled even if WOLFSSL_HAS_WPAS is
enabled, resulting in an "Anonymous suite requires DH" error when trying
to compile wolfssl.

Signed-off-by: Pascal Ernster <git@hardfalcon.net>
Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 21825af2da)
 2022-07-20 18:12:52 +02:00
Rui Salvaterra
cb9a69807e firewall3: bump to latest git HEAD 
4cd7d4f Revert "firewall3: support table load on access on Linux 5.15+"
50979cc firewall3: remove unnecessary fw3_has_table

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry-picked from commit 435d7a052b)
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
 2022-07-19 21:30:56 +02:00
Josef Schlehofer
a8001815a6 opkg: update to 2022-02-24 
Changes:
9c44557 opkg_remove: avoid remove pkg repeatly with option --force-removal-of-dependent-packages
2edcfad libopkg: set 'const' attribute for argv

This should fix the CI error in the packages repository, which happens with perl.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit e21fea9289)
 2022-07-17 15:15:11 +02:00
Christian Lamparter
479890083d firmware: intel-microcode: update to 20220510 
Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>:

 * New upstream microcode datafile 20220419
  * Fixes errata APLI-11 in Atom E3900 series processors
  * Updated Microcodes:
    sig 0x000506ca, pf_mask 0x03, 2021-11-16, rev 0x0028, size 16384

 * New upstream microcode datafile 20220510
  * Fixes INTEL-SA-000617, CVE-2022-21151:
    Processor optimization removal or modification of security-critical
    code may allow an authenticated user to potentially enable information
    disclosure via local access (closes: #1010947)
  * Fixes several errata (functional issues) on Xeon Scalable, Atom C3000,
    Atom E3900
  * New Microcodes:
    sig 0x00090672, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    sig 0x00090675, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    sig 0x000906a3, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
    sig 0x000906a4, pf_mask 0x80, 2022-03-24, rev 0x041c, size 212992
    sig 0x000b06f2, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
    sig 0x000b06f5, pf_mask 0x03, 2022-03-03, rev 0x001f, size 212992
  * Updated Microcodes:
    sig 0x00030679, pf_mask 0x0f, 2019-07-10, rev 0x090d, size 52224
    sig 0x000406e3, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 106496
    sig 0x00050653, pf_mask 0x97, 2021-11-13, rev 0x100015d, size 34816
    sig 0x00050654, pf_mask 0xb7, 2021-11-13, rev 0x2006d05, size 43008
    sig 0x00050656, pf_mask 0xbf, 2021-12-10, rev 0x4003302, size 37888
    sig 0x00050657, pf_mask 0xbf, 2021-12-10, rev 0x5003302, size 37888
    sig 0x0005065b, pf_mask 0xbf, 2021-11-19, rev 0x7002501, size 29696
    sig 0x000506c9, pf_mask 0x03, 2021-11-16, rev 0x0048, size 17408
    sig 0x000506e3, pf_mask 0x36, 2021-11-12, rev 0x00f0, size 109568
    sig 0x000506f1, pf_mask 0x01, 2021-12-02, rev 0x0038, size 11264
    sig 0x000606a6, pf_mask 0x87, 2022-03-30, rev 0xd000363, size 294912
    sig 0x000706a1, pf_mask 0x01, 2021-11-22, rev 0x003a, size 75776
    sig 0x000706a8, pf_mask 0x01, 2021-11-22, rev 0x001e, size 75776
    sig 0x000706e5, pf_mask 0x80, 2022-03-09, rev 0x00b0, size 112640
    sig 0x000806a1, pf_mask 0x10, 2022-03-26, rev 0x0031, size 34816
    sig 0x000806c1, pf_mask 0x80, 2022-02-01, rev 0x00a4, size 109568
    sig 0x000806c2, pf_mask 0xc2, 2021-12-07, rev 0x0026, size 97280
    sig 0x000806d1, pf_mask 0xc2, 2021-12-07, rev 0x003e, size 102400
    sig 0x000806e9, pf_mask 0x10, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000806e9, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000806ea, pf_mask 0xc0, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000806eb, pf_mask 0xd0, 2021-11-15, rev 0x00f0, size 105472
    sig 0x000806ec, pf_mask 0x94, 2021-11-17, rev 0x00f0, size 105472
    sig 0x00090661, pf_mask 0x01, 2022-02-03, rev 0x0016, size 20480
    sig 0x000906c0, pf_mask 0x01, 2022-02-19, rev 0x24000023, size 20480
    sig 0x000906e9, pf_mask 0x2a, 2021-11-12, rev 0x00f0, size 108544
    sig 0x000906ea, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
    sig 0x000906eb, pf_mask 0x02, 2021-11-12, rev 0x00f0, size 105472
    sig 0x000906ec, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 104448
    sig 0x000906ed, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 104448
    sig 0x000a0652, pf_mask 0x20, 2021-11-16, rev 0x00f0, size 96256
    sig 0x000a0653, pf_mask 0x22, 2021-11-15, rev 0x00f0, size 97280
    sig 0x000a0655, pf_mask 0x22, 2021-11-16, rev 0x00f0, size 96256
    sig 0x000a0660, pf_mask 0x80, 2021-11-15, rev 0x00f0, size 96256
    sig 0x000a0661, pf_mask 0x80, 2021-11-16, rev 0x00f0, size 96256
    sig 0x000a0671, pf_mask 0x02, 2022-03-09, rev 0x0053, size 103424

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 2747a94f09)
 2022-07-17 14:28:31 +02:00
Dustin Lundquist
c5ee4b7863 openssl: bump to 1.1.1q 
Changes between 1.1.1p and 1.1.1q [5 Jul 2022]

  *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
     implementation would not encrypt the entirety of the data under some
     circumstances.  This could reveal sixteen bytes of data that was
     preexisting in the memory that wasn't written.  In the special case of
     "in place" encryption, sixteen bytes of the plaintext would be revealed.

     Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
     they are both unaffected.
     (CVE-2022-2097)
     [Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]

Signed-off-by: Dustin Lundquist <dustin@null-ptr.net>
(cherry picked from commit 3899f68b54)
 2022-07-17 14:28:31 +02:00
Eneas U de Queiroz
ade7c6db1e
wolfssl: bump to 5.4.0 
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.

The patch fixing x86 aesni build has been merged upstream.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 9710fe70a6)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
 2022-07-16 22:26:51 +02:00
Eneas U de Queiroz
4fb05e45df
wolfssl: re-enable AES-NI by default for x86_64 
Apply an upstream patch that removes unnecessary CFLAGs, avoiding
generation of incompatible code.

Commit 0bd5367233 is reverted so the
accelerated version builds by default on x86_64.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 639419ec4f)
 2022-07-15 07:03:31 +02:00
Felix Fietkau
ec9f82fa18 mac80211: fix AQL issue with multicast traffic 
Exclude multicast from pending AQL budget

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 9f1d622328)
 2022-07-13 10:36:16 +02:00
Hauke Mehrtens
f854de6ada OpenWrt v22.03.0-rc5: revert to branch defaults 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2022-07-06 23:01:51 +02:00
Hauke Mehrtens
0345c613ba OpenWrt v22.03.0-rc5: adjust config defaults 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2022-07-06 23:01:47 +02:00
Andre Heider
5c7aed8b1e openssl: bump to 1.1.1p 
Changes between 1.1.1o and 1.1.1p [21 Jun 2022]

  *) In addition to the c_rehash shell command injection identified in
     CVE-2022-1292, further bugs where the c_rehash script does not
     properly sanitise shell metacharacters to prevent command injection have been
     fixed.

     When the CVE-2022-1292 was fixed it was not discovered that there
     are other places in the script where the file names of certificates
     being hashed were possibly passed to a command executed through the shell.

     This script is distributed by some operating systems in a manner where
     it is automatically executed.  On such operating systems, an attacker
     could execute arbitrary commands with the privileges of the script.

     Use of the c_rehash script is considered obsolete and should be replaced
     by the OpenSSL rehash command line tool.
     (CVE-2022-2068)
     [Daniel Fiala, Tomáš Mráz]

  *) When OpenSSL TLS client is connecting without any supported elliptic
     curves and TLS-1.3 protocol is disabled the connection will no longer fail
     if a ciphersuite that does not use a key exchange based on elliptic
     curves can be negotiated.
     [Tomáš Mráz]

Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit eb7d2abbf0)
 2022-07-04 23:40:43 +02:00
Daniel Golle
fa56db5ccc
uboot-mediatek: update UniFi 6 LR board name 
Select matching U-Boot for both v1 and v2 variants.

Fixes: 15a02471bb ("mediatek: new target mt7622-ubnt-unifi-6-lr-v1")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2caa03ec86)
 2022-07-04 19:58:08 +01:00