Commit Graph

58788 Commits

Author SHA1 Message Date
Robert Marko
7deb73e6ed
qualcommax: fixup patch numbering
It seems that I forgot one zero in the patch numbering while marking these
as backports, so lets fix it.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-08 00:11:03 +01:00
Hauke Mehrtens
6aad5ab099 px5g-wolfssl: Fix permission of private key
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.

OpenSSL does this in the same way already.

With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.*
-rw-r--r--    1 root     root           749 Nov  6 23:14 /etc/uhttpd.crt
-rw-------    1 root     root           121 Nov  6 23:14 /etc/uhttpd.key

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-07 21:55:55 +01:00
Hauke Mehrtens
929c9a58c9 px5g-mbedtls: Fix permission of private key
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.

OpenSSL does this in the same way already.

With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r--    1 root     root           519 Nov  6 22:58 /etc/uhttpd.crt
-rw-------    1 root     root           121 Nov  6 22:58 /etc/uhttpd.key

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-07 21:55:55 +01:00
Rafał Miłecki
7a8424827f rockchip: refresh kernel config
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-07 13:39:40 +01:00
Rafał Miłecki
585360f0c0 gemini: refresh kernel config
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-07 13:39:40 +01:00
Rafał Miłecki
f784fe88a6 sifiveu: refresh kernel config
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-07 13:39:40 +01:00
Rafał Miłecki
34dbd02c12 qoriq: refresh kernel config
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-07 13:39:40 +01:00
Felix Fietkau
41d7439af5 netifd: update to the latest version
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-07 13:36:54 +01:00
Hauke Mehrtens
a15eb1cda0 bpf-headers: Fix download URL with kernel 6.1
This fixes the download of the kernel 5.15 for the bpf-headers when
kernel 6.1 is build for the target.

Even if kernel 6.1 was selected for the target we still use kernel 5.15
for the bpf-headers. The download script tried to download the 5.15
kernel from the 6.x directory on kernel,org and this failed. Define
PKG_SOURCE_URL based on PKG_PATCHVER and not KERNEL_BASE like done in
kernel.mk.

Without this change it tries to download the kernel from this URL:
ttps://cdn.kernel.org/pub/linux/kernel/v6.x/linux-5.15.129.tar.xz

Fixes: #13190
Fixes: #13671
Fixes: #13814
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-06 23:20:14 +01:00
Hauke Mehrtens
3c17cdbc36 mbedtls: Activate secp521r1 curve by default
Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110

This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk

Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-06 23:04:00 +01:00
Rafał Miłecki
f6e35efbfe bcm53xx: refresh kernel config for 6.1
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-06 13:25:59 +01:00
Petr Štetiar
c4259a6586
image: fix image generation within ImageBuilder
Changes introduced in commit d604a07225 ("build: add CycloneDX SBOM
JSON support") broke ImageBuilder:

  Cannot open '/openwrt-imagebuilder-ath79-generic.Linux-x86_64/tmp/.packageinfo': No such file or directory

So lets fix it by wrapping the BOM generation behind condition of IB
feature check.

Fixes: #13881
Fixes: d604a07225 ("build: add CycloneDX SBOM JSON support")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-06 08:59:03 +00:00
David Bauer
ae500e62e2 mediatek: add label-mac for GL.iNet GL-MT3000
The MAC-address of gmac0 matches the one printed on the bottom label.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-11-03 23:06:33 +01:00
Łukasz M
5a603c7a31 mediatek: mt7981: improve fan behaviour
This doubles the number of cooling-levels.
In addition the fan is turned on with a low speed at lower temperatures
and with a higher speed at higher temperatures.
This also attempts to reduce the likelihood of constant start-stop actions.

The change only affects the GL.iNet MT3000 and has been tested with it.

Signed-off-by: Łukasz M <lukasz1992m@gmail.com>
2023-11-03 23:06:07 +01:00
Lech Perczak
0c47bdb902 ath79: support Fortinet FAP-220-B
Fortinet FAP-220-B is a dual-radio, dual-band 802.11n enterprise managed
access point with PoE input and single gigabit Ethernet interface.

Hardware highlights:
Power: 802.3af PoE input on Ethernet port, +12V input on 5.5/2.1mm DC jack.
SoC: Atheros AR7161 (MIPS 24kc at 680MHz)
RAM: 64MB DDR400
Flash: 16MB SPI-NOR
Wi-Fi 1: Atheros AR9220 2T2R 802.11abgn (dual-band)
Wi-Fi 2: Atheros AR9223 2T2R 802.11bgn (single-band)
Ethernet: Atheros AR8021 single gigabit Phy (RGMII)
Console: External RS232 port using Cisco 8P8C connector (9600-8-N-1)
USB: Single USB 2.0 host port
LEDs: Power (single colour, green), Wi-Fi 1, Wi-Fi 2, Ethernet, Mode, Status
(dual-colour, green and yellow)
Buttons: reset button hidden in bottom grill,
  in the top row, 2nd column from the right.
Label MAC address: eth0

FCC ID: TVE-220102

Serial port pinout:
3 - TxD
4 - GND
6 - RxD

Installation: The same methods apply as for already supported FAP-221-B.

For both methods, a backup of flash partitions is recommended, as stock firmware
is not freely available on the internet.

(a) Using factory image:

1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "factory" image in TFTP root
6. Power on the device
7. Break boot sequence by pressing "Ctrl+C"
8. Press "G". The console will ask you for device IP, server IP, and filename.
   Enter them appropriately.
   The defaults are:
   Server IP: 192.168.1.1 # Update accordingly
   Device IP: 192.168.1.2 # Update accordingly
   Image file: image.out # Use for example: openwrt-ath79-generic-fortinet_fap-220-b-squashfs-factory.bin
9. The device will load the firmware over TFTP, and verify it. When
   verification passes, press "D" to continue installation. The device
   will reboot on completion.

(b) Using initramfs + sysupgrade
1. Connect console cable to the console port
2. Connect Ethernet interface to your PC
3. Start preferred terminal at 9600-8-N-1
4. Have a TFTP server running on the PC.
5. Put the "initramfs" image in TFTP root
6. Power on the device.
7. Break boot sequence by pressing "Ctrl+C"
8. Enter hidden U-boot shell by pressing "K". The password is literal "1".
9. Load the initramfs over TFTP:

   > setenv serverip 192.168.1.1 # Your PC IP
   > setenv ipaddr 192.168.1.22 # Device IP, both have to share a subnet.
   > tftpboot 81000000 openwrt-ath79-generic-fortinet_fap-220-b-initramfs-kernel.bin
   > bootm 81000000

10. (Optional) Copy over contents of at least "fwconcat0", "loader", and "fwconcat1"
    partitions, to allow restoring factory firmware in future:

    # cat /dev/mtd1 > /tmp/mtd1_fwconcat0.bin
    # cat /dev/mtd2 > /tmp/mtd2_loader.bin
    # cat /dev/mtd3 > /tmp/mtd3_fwconcat1.bin

    and then SCP them over to safety at your PC.

11. When the device boots, copy over the sysupgrade image, and execute
    normal upgrade:

    # sysupgrade openwrt-ath79-generic-fortinet_fap-220-b-squashfs-sysupgrade.bin

Return to stock firmware:
1. Boot initramfs image as per initial installation up to point 9
2. Copy over the previously backed up contents over network
3. Write the backed up contents back:

   # mtd write /tmp/mtd1_fwconcat0.bin fwconcat0
   # mtd write /tmp/mtd2_loader.bin loader
   # mtd write /tmp/mtd3_fwconcat1.bin fwconcat1

4. Erase the reserved partition:

   # mtd erase reserved

5. Reboot the device

Quirks and known issues:
- The power LED blinking pattern is disrupted during boot, probably due
  to very slow serial console, which prints a lot during boot compared
  to stock FW.
- "mac-address-ascii" device tree binding cannot yet be used for address
  stored in U-boot partition, because it expects the colons as delimiters,
  which this address lacks. Addresses found in ART partition are used
  instead.
- Due to using kmod-owl-loader, the device will lack wireless interfaces
  while in initramfs, unless you compile it in.
- The device heats up A LOT on the bottom, even when idle. It even
  contains a warning sticker there.
- Stock firmware uses a fully read-write filesystem for its rootfs.
- Stock firmware loads a lot of USB-serial converter drivers for use
  with built-in host, probably meant for hosting modem devices.
- U-boot build of the device is stripped of all branding, despite that
  evidence of it (obviously) being U-boot can be found in the binary.
- The user can break into hidden U-boot shell using key "K" after
  breaking boot sequence. The password is "1" (without quotes).
- Telnet is available by default, with login "admin", without password.
  The same is true for serial console, both drop straight to the Busybox
  shell.
- The web interface drops to the login page again, after successfull
  login.
- Whole image authentication boils down to comparing a device ID against
  one stored in U-boot.
- And this device is apparently made by a security company.

Big thanks for Michael Pratt for providing support for FAP-221-B, which
shares the entirety of image configuration with this device, this saved
me a ton of work.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-11-03 23:06:07 +01:00
Lech Perczak
6c12c88d2e ath79: image: extract common part for Fortinet FAP series
In preparation for FAP-220-B support, extract the common part of image
recipe for FAP-221-B.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-11-03 23:06:07 +01:00
Lech Perczak
c6a090dbf6 ath79: dts: fortinet_loader: extract common part
In preparation for FAP-220-B support, rename ar934x_fortinet_loader.dtsi
to arxxxx_fortinet_loader.dtsi, to avoid confusion, as FAP-220-B shares
flash layout with FAP-221-B exactly despite different SoC.

While at that, add a label to U-boot partition to allow for nvmem MAC
binding in future.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-11-03 23:06:07 +01:00
Ilya Katsnelson
2c22589782 build: replace true with a custom noop script
`true` might be a shell built-in, or simply not accessible in the hardcoded locations.
Replace it with a custom script that does nothing.

Signed-off-by: Ilya Katsnelson <me@0upti.me>
2023-11-03 23:06:07 +01:00
Mikhail Zhilkin
45a50a06fb treewide: fix MERCUSYS brand spelling
This commit fixes MERCUSYS brand spelling. The proper name is capitalized.

Link: https://www.mercusys.com/
Link: https://github.com/torvalds/linux/blob/master/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c#L7779

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2023-11-03 23:06:07 +01:00
Patryk Kowalczyk
0c3f4bd85e filogic: fix wifi eeprom filename for tuf-ax6000
The router use mt7986_eeprom_mt7976_dual.bin

Fixes: d522ccecb2 ("filogic: add support for ASUS TUF AX6000")

Signed-off-by: Patryk Kowalczyk <patryk@kowalczyk.ws>
2023-11-03 23:06:07 +01:00
Daniel Golle
bc335f2967 ramips: add support for MeiG SLT866 4G CPE
Hardware:
 - SoC: Mediatek MT7621 (MT7621AT)
 - Flash: 32 MiB SPI-NOR (Macronix MX25L25635E)
 - RAM: 128 MiB
 - Ethernet: Built-in, 2 x 1GbE
 - 3G/4G Modem: MEIG SLM828 (currently only supported with ModemManager)
 - SLIC: Si32185 (unsupported)
 - Power: 12V via barrel connector
 - Wifi 2.4GHz: Mediatek MT7603BE 802.11b/g/b
 - Wifi 5GHz: Mediatek MT7613BE 802.11ac/n/a
 - LEDs: 8x (7 controllable)
 - Buttons: 2x (RESET, WPS)

Installing OpenWrt:
 - sysupgrade image is compatible with vendor firmware.

Recovery:
 - Connect to any of the Ethernet ports, configure local IP:
   10.10.10.3/24 (or 192.168.10.19/24, depending on OEM)
 - Provide firmware file named 'mt7621.img' on TFTP server.
 - Hold down both, RESET and WPS, then power on the board.
 - Watch network traffic using tcpdump or wireshark in realtime to
   observe progress of device requesting firmware. Once download has
   completed, release both buttons and wait until firmware comes up.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-11-03 21:16:29 +00:00
Daniel Golle
f8414f1a6f uboot-envtools: add environment config for MeiG SLT866
Add configuration to access U-Boot environment on MeiG SLT866.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-11-03 21:16:29 +00:00
Daniel Golle
7db87d7c68 kernel: support reading hex MAC address from NVMEM
In addition to binary and ASCII-formatted MAC addresses, add support
for processing hexadecimal encoded MAC addresses from NVMEM.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-11-03 21:16:29 +00:00
Daniel Golle
f32baf6a65 kernel: add support MeigLink SLM828 modem
Another Qualcomm-based USB-connected modem, offering endpoints
 0 : rndis_host (link to voip subsystem listening on 169.254.5.100)
 1 : rndis_host (?)
 2 : option (?)
 3 : option (at)
 4 : option (at)
 5 : option (?)
 6 : GobiNet (qmi)
 7 : ?

Add support for this modem in rndis_host, option and qmi_wwan driver
which allows the modem to be used with ModemManager.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-11-03 21:16:29 +00:00
Jo-Philipp Wich
5bb3b5d46c firewall4: update to latest Git HEAD
4101dd4 fw4: perform strict validation of zone and set names
a923c88 fw4: pass zone to templates whenever possible
597dc90 fw4: add support for zone log_limit
1874050 fw4: add log_limit to rules and redirects
19a8caf ruleset: dispatch ct states using verdict map
a5553da ruleset: reduce ksoftirqd load by refering to looopback by numeric id
de3483c tests: adjust zone log limit testcases
7392792 ruleset: do not emit redundant drop invalid rules
698a533 ruleset: apply egress MSS fixup later to apply final MTU before wire

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-11-03 15:55:15 +01:00
John Audia
7285f7744f kernel: bump 6.1 to 6.1.61
Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.61

Removed upstreamed:
  generic/backport-6.1/814-v6.6-0018-nvmem-imx-correct-nregs-for-i.MX6SLL.patch[1]
  generic/backport-6.1/814-v6.6-0019-nvmem-imx-correct-nregs-for-i.MX6UL.patch[2]
  generic/backport-6.1/814-v6.6-0020-nvmem-imx-correct-nregs-for-i.MX6ULL.patch[3]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.1.61&id=b90b8633ef62314f3a5f5675106e6dcdec981b6f
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.1.61&id=37495846b1efc23c1767b17ddd6645cc0ccb9946
3. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.1.61&id=116671d25915b913374ccdb2956b5fdaff939dc9

Build system: x86/64
Build-tested: x86/64/AMD Cezanne
Run-tested: x86/64/AMD Cezanne

Signed-off-by: John Audia <therealgraysky@proton.me>
2023-11-03 13:02:30 +01:00
Paul Spooren
74edd9e19a firmware-utils: bump to git HEAD
ba5bc4e add dlink-sge-image for D-Link devices by SGE

Signed-off-by: Paul Spooren <mail@aparcar.org>
2023-11-03 09:54:17 +01:00
Christian Marangi
a0fa3a17a2
ath10k-ct: add patch fixing compilation error in debug
ath10k-ct based on kernel 6.4 doesn't have a fix present in previous
kernel. Add patch that port the compilation error fix from previous
kernel in the new 6.4 kernel.

Fixes: 7d3651f1b9 ("ath10k-ct: switch to 6.4")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-03 04:10:03 +01:00
Mikhail Zhilkin
1cb85e1251
ramips: fix wrong permissions on dts files
This commit fixes wrong permissions on dts files. Before the commit these
dts files are executable:
   -rwxrwxr-x mt7620a_dlink_dir-806a-b1.dts
   -rwxrwxr-x mt7621_wavlink_wl-wn573hx1.dts

Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
2023-11-02 20:42:53 +01:00
Koen Vandeputte
7d3651f1b9
ath10k-ct: switch to 6.4
Switch to the latest version so we match as close as possible to
our own mac80211 version.

Run-time tested on hundreds of devices in the field for months now:
- qca988x (wave 1)
- qca4019 (wave 2)

Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-11-02 20:38:34 +01:00
Koen Vandeputte
8de3ee2e79
ath10k-ct: bump to latest upstream
92900bf("at10k-ct: fixup version info")

Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-11-02 20:38:34 +01:00
Philip Prindeville
ac199c57c5
dnsmasq: don't source functions.sh twice
It's already pulled in from /etc/rc.common.

Fixes: #13758

Fixes: 6b23836071 ("package: avoid the use of eval to parse ipcalc.sh output")

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-11-02 20:29:38 +01:00
Sandro Jäckel
86ca7199df
build: fix pkg-config detection when inside of a nix-shell
The output of command_all when inside a nix-shell looks like the below
where /usr does not match:

 ➜ scripts/command_all.sh pkg-config
/nix/store/ifr6srqgpvygd5vp14748d109ri31isv-pkg-config-wrapper-0.29.2/bin/pkg-config

Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
2023-11-02 20:26:32 +01:00
Robert Marko
5cdf152b28
qualcommax: ipq807x: move subtarget specific kernel options
Currently, qualcommax target contains the full kernel config for the
ipq807x subtarget, but since I am working on ipq60xx as well it makes
sense to split out the ipq807x specific kernel options to subtarget
config.

ipq60xx will use the same approach and use subtarget config.

Should result in the same end kernel config, verified by comparing the
generated kernel .config.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-02 20:25:33 +01:00
Petr Štetiar
bc47613cf0
Revert "uboot-sunxi: add missing type __u64"
This reverts commit 3cc57ba462 as it
should be fixed in commit 78cbd5a57e11 ("tools: macOS: types.h: fix
missing unsigned types").

References: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-02 20:20:56 +01:00
Petr Štetiar
f691830307
Revert "uboot-mediatek: fix build on Mac OS X"
This reverts commit 997ff740dc.
78cbd5apick as it should be fixed in commit 78cbd5a57e11 ("tools: macOS:
types.h: fix missing unsigned types").

References: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-02 20:20:56 +01:00
Petr Štetiar
4a8961f1df
tools: macOS: types.h: fix missing unsigned types
For some reason unsigned types were not added in commit 0a06fcf608
("build: fix kernel 5.4 on macos"), which led to bunch of hacks, like
commit 3cc57ba462 ("uboot-sunxi: add missing type __u64") or
commit 997ff740dc ("uboot-mediatek: fix build on Mac OS X").

So lets add the missing unsigned types to workaround it in a bit more
maintainable way.

Fixes: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-02 20:20:53 +01:00
Sandro Jäckel
376f1c80a9 build: use long hashes when generating feed.buildinfo
Short hashes are not guaranteed to be unambiguous forever and could
collide if the repo grows over time. Git also estimates how many
characters are roughly required to prevent such a collision and slowly
increases the amount of characters beginning from 6, OpenWrt is already
at 8. Lets use the full hash the have a predictable length and keep
hashes unambiguous forever.

Signed-off-by: Sandro Jäckel <sandro.jaeckel@gmail.com>
2023-11-02 12:40:44 +01:00
Jo-Philipp Wich
6f5f9a0218 ucode: update to latest Git HEAD
cfb24ea build: avoid redefining _FORTIFY_SOURCE
448c763 lib: enforce consistent `index()` behavior with empty needle argument
cdc0203 nl80211: fix maybe uninitialized variable
a69b5c8 vm: fix unused result warning
ea046bd build: enable source fortification by default

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-11-02 10:52:36 +01:00
Rafał Miłecki
943bd3c9f6 bcm53xx: add the latest fix version of brcm_nvram
It was just sent for upstream.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2023-11-02 09:23:44 +01:00
Hauke Mehrtens
d62726b1e4 urngd: update to version 2023-11-01
Fix compilation with glibc

44365eb Deactivate _FORTIFY_SOURCE in jitterentropy-base.c

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-01 22:10:46 +01:00
Felix Fietkau
f95a8f8769 tools/elfutils: fix missing _ in auxv info alias
Fixes dwarves compile issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-01 19:20:35 +01:00
Felix Fietkau
17a5f1c81f tools/elfutils: disable bzlib support
It is not needed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-01 18:37:50 +01:00
Felix Fietkau
5364163e77 tools/elfutils: add -fPIC to fix linker errors (#13841)
Resolves issues with building PIE binaries that link against libdw or libelf

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-01 17:45:25 +01:00
Petr Štetiar
280d9dd758
ci: add workflow for automated GitHub release
Implement a GitHub Actions workflow for automated project releases.

The workflow triggers on Git tags, ensuring that a GitHub release is
created whenever a new tag is pushed.

That new release is going to be created in draft and pre-release mode
and needs to be manually promoted to the proper release, once its
decided, that its good enough and prepared.

This is a start of a streamlined and consistent release process for
GitHub, reducing manual intervention.

Acked-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-01 12:26:18 +00:00
Petr Štetiar
6dca88aa4a
hostapd: fix broken WPS on broadcom-wl and ath11k
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl/ath11k
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.

The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.

Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
Bug-Debian: https://bugs.debian.org/1004524
Bug-ArchLinux: https://bugs.archlinux.org/task/73495
Upstream-Status: Changes Requested [https://patchwork.ozlabs.org/project/hostap/patch/20220130192200.10883-1-mail@david-bauer.net]
Reported-by: Étienne Morice <neon.emorice@mail.com>
Tested-by: Étienne Morice <neon.emorice@mail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-01 12:23:01 +00:00
Petr Štetiar
d604a07225
build: add CycloneDX SBOM JSON support
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.

So lets add support for CycloneDX SBOM for packages and images
manifests.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-01 11:14:41 +00:00
Petr Štetiar
649655f427
package-dumpinfo,metadata: add ABI version information to package index
There is no standard for ABI versioning, so its not possible to find out
from `libext2fs2`, `libiwinfo20230701` or `libss2` package names if
thats just package name or package name with ABI version included. To
help with the decision, lets make ABI version aviable in package index.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-01 11:14:40 +00:00
Petr Štetiar
8562c65ff8
package-metadata: add CPE information to JSON package manifests
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.

In order for the information to be processed further, it should also be
available in JSON package manifests.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-01 11:14:39 +00:00
Petr Štetiar
33b3fea702
package-dumpinfo: add CPE information to package index
Common Platform Enumeration (CPE) is a structured naming scheme for
information technology systems, software, and packages.

In order for the information to be processed further, it should also be
available in package index files.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-01 11:14:38 +00:00