This adds the following changes:
b4f76ecc9e Ignore MAP_VARIABLE in tst-mman-consts.py
f5d377c896 __check_pf: Add a cancellation cleanup handler [BZ #20975]
0e3e9dbb0e Document BZ #20975 fix
e2974d26ce io: Fix record locking contants on 32 bit arch with 64 bit default time_t (BZ#30477)
3593050c27 io: Fix F_GETLK, F_SETLK, and F_SETLKW for powerpc64
8dcb1a5181 hppa: xfail debug/tst-ssp-1 when have-ssp is yes (gcc-12 and later)
0930ff8eb3 realloc: Limit chunk reuse to only growing requests [BZ #30579]
3f4b4e2cdd elf: _dl_find_object may return 1 during early startup (bug 30515)
260d4b742b nptl: Fix tst-cancel30 on sparc64
58f7431fd7 sparc: Fix la_symbind for bind-now (BZ 23734)
1caf955269 x86: Increase `non_temporal_threshold` to roughly `sizeof_L3 / 4`
80a8c858a5 x86: Fix slight bug in `shared_per_thread` cache size calculation.
cc8243fb0b x86: Use `3/4*sizeof(per-thread-L3)` as low bound for NT threshold.
f94ff95e93 x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745]
0d500bfdc0 hurd: Make exception subcode a long
be26b29262 io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64
3d24d1903d elf: Do not run constructors for proxy objects
a7e34a6675 elf: Always call destructors in reverse constructor order (bug 30785)
bdb594afa5 elf: Remove unused l_text_end field from struct link_map
1a7cbe52c8 elf: Move l_init_called_next to old place of l_text_end in link map
b752934602 CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode
6529a7466c (HEAD) getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806)
79310b45af x86/dl-cacheinfo: remove unsused parameter from handle_amd
9d5c6e27ed x86: Fix for cache computation on AMD legacy cpus.
4473d1b87d Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
94ef701365 Document CVE-2023-4806 and CVE-2023-5156 in NEWS
2dfd8c77b5 i686: Regenerate ulps
b4e23c75ae tunables: Terminate if end of input is reached (CVE-2023-4911)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e66eed033f)
The USXGMII implementation of Realtek switches can not only support
10GbE but also 2.5Gb and 5Gb on top of the usual data rates.
Mark those as supported to allow them to be negotiated.
This change has been tested on a ZyXEL XGS1250-12 with the following link
partners:
- NWA50AX Pro (2.5Gb)
- RTL8152 USB NIC (2.5Gb)
- AQC111 USB NIC (2.5Gb & 5Gb)
Gbit and 10GbE has also been tested to still work fine with a variety of
devices.
Signed-off-by: Tobias Schramm <tobias@t-sys.eu>
(cherry picked from commit cd56a68232)
Fix Spanning Tree Protocol (STP) by changing COPY2CPU which currently
makes switch to ignore Bridge Protocol Data Units (BPDUs).
Tested on Zyxel GS1900-8, 24 and 48.
Signed-off-by: Rudolf Vesely <i@rudolfvesely.com>
[ improve commit description and add new line in different sections ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 41fcc617f9)
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi
supports a timeout parameter. Unfortunately qmi.sh didn't make use of
this parameter. So qmi.sh is now invoking an early dummy access to
unlock the modem
Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
(cherry picked from commit 32a696f9e4)
Add missing PKG_MIRROR_HASH. This is always needed as is used to
generate and use a tar instead of git clone and validate the hash of it.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit a181b9f0f9)
Refresh containers also on modify of cmake options in the include file.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b40c0b54bd)
Fix concurrency group for push-containers workflow to handle running on
different branches.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 4c2eab1c27)
This condition was introduced in commit 51c8f76612 ("realtek: Improve
MAC config handling for all SoCs") to correctly report the speed of the
internal serdes ports as 10G, but instead makes all ports read 10G
because the or-operator should have been an and-operator.
Fixes: #9953
Fixes: 51c8f76612 ("realtek: Improve MAC config handling for all SoCs")
Signed-off-by: Peter Körner <git@mazdermind.de>
[ wrap comment to 72 column and improve commit ref ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 9fb5082e25)
A bug report in the forum found that the MR70X lists four LAN ports in LuCI
while it has only three. This adds the device to the network setup file
to fix the issue.
Identified-by: Forum User "Lexeyko"
Signed-off-by: Andreas Böhler <dev@aboehler.at>
Recent hostapd changes just edited the ucode files. It is required to
bump the PKG_RELEASE to include the newest changes in the latest builds.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 91d2ead3c3)
If the full interface is restarted while bringing up an AP, it can trigger a
wpa_supplicant interface start before wpa_supplicant is notified of the
allocated mac addresses.
Fix this by moving the iface_update_supplicant_macaddr call to just after
the point where mac addresses are allocated.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit abceef120d)
The reset button was missing from the Enterasys WS-AP3715i DTS.
Add the node required for making the reset button work.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 0e8641d3b0)
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has a CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining tools which have a CPE ID.
Not every tool has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Ensure that the iface disable in uc_hostapd_iface_start also clears the ACS
state.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f1bb528ae7)
Label MAC detection does not work properly, as MAC address is assigned
on preinit. Thus, remove the label-mac definition.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit cd14b17cb0)
Commit d5a05e69ac6e4 ("net: stmmac: Use hrtimer for TX coalescing") causes
high CPU usage due to hrtimer raw spin locks.
Fixes: #11676
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
[ renumber and rename revert patch ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
While refactoring support for the MF287 series, an entry in platform.sh
was overlooked - this fixes sysupgrade on this devices.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 964b576fc1)
-DREDIS_STORAGE_BACKEND=OFF option is ignored due to missing \
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit b61ac68b67)
Changes between 3.0.10 and 3.0.11 [19 Sep 2023]
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows. ([CVE-2023-4807])
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit bfd54529fa)
This is needed for ksh/bash style process substitution such as
<(command) and >(command) which was introduced in ash as of busybox
version 1.34.0 to work.
Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
(cherry picked from commit fdce970dbb)
Changes:
9dc0800 wireless-regdb: Update regulatory rules for Philippines (PH)
111ba89 wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines
ae1421f wireless-regdb: Update regulatory info for Türkiye (TR)
20e5b73 wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
991b1ef wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 0e13363de6)
Since kernel 5.13 this is needed to enable USB ports on all devices in
subtarget. Previously TF-A and COMPHY driver might have set up this PHY,
but not anymore.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit eac1928430)
Turn the "gpio-restart" node into a "gpio-export" node for all MF287
variants, similar to the MF287 Pro. Unfortunately, there doesn't seem to be
a "power button blocker" GPIO for the MF287 and MF287 Plus, so a modem
reset always triggers a system reset.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 053f8f92d1)
The ZTE MF287 requires a different board calibration file for ath10k than
the ZTE MF287+. The two devices receive their own DTS, thus the device tree
is slightly refactored.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 9c7578d560)
The patch refresh accidentally moved the hostapd_ucode_free_iface call to
the wrong function
Fixes: e9722aef9e ("hostapd: fix a crash when disabling an interface during channel list update")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3a5ad6e3d7)
Ethernet LED assignments were incorrectly swapped. Fix the assignment
logic so the correct LED is illuminated for the LAN LEDs.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 8037417744)
Some users have their routers configured to supply a DHCP range that
includes the local interface address.
That worked with dnsmasq because it automatically skips the local
address.
Re-enable those existing configurations for the release and hint at
possible future problems.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ wrap commit description and remove unecessary text ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Allow grace period for DFS available after shutting down beacons on the channel
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 16889141d9)
Without it, a lot of authentication modes fail without obvious error messages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 560965d582)
db3934d2f740 scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support
Support the following values for the different WPA3 Enterprise modes:
- wpa3-mixed: WPA3 Enterprise transitional mode
This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
This uses only GCMP-256 ciphers
Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8c03dc962f)
WPA3 Enterprise-transitional requires optional MFP support and SHA1+SHA256
WPA3 Enterprise-only requires SHA1 support disabled and mandatory MFP.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b63df6ce5d)
Use the SHA384 variant to account for longer keys with more security
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f0d1349b52)