21253 Commits

Author SHA1 Message Date
Philip Prindeville
516a3176a6 base-files: Create /root w/ appropriate permissions
If /root is created with too permissive permissions, then sshd won't
trust the contents of /root/.ssh as being adequately protected.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-11-12 16:32:42 +01:00
Lech Perczak
a5ba28454b mac80211: ath9k-htc: support "chanbw" in debugfs
ath9k-htc USB-based adapters also support 5/10MHz channel bandwidth.
Move the code handling the features in debugfs to common-debug.c,
and create proper registration functions to use in debug.c and
htc_drv_debug.c, leaving only debugfs registration there.

While at that, refresh one patch that would conflict otherwise.

Tested on TP-Link Archer C7v2 (ath79) and TP-Link WN722Nv1 (AR9287)
and WN822Nv2 (AR7010+AR9287).

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-11-12 16:27:16 +01:00
Lech Perczak
bd6dc4bffa mac80211: ath9k-htc: support "eeprom" in debugfs
ath9k-htc USB-based adapterssupport 5/10MHz channel bandwidth, the
same as standard ath9k ones.
Move the code handling the features in debugfs to common-debug.c,
and create proper registration functions to use in debug.c and
htc_drv_debug.c, leaving only debugfs registration there.

While at that, refresh one patch that would conflict otherwise.

Tested on TP-Link Archer C7v2 (ath79) and TP-Link WN722Nv1 (AR9287)
and WN822Nv2 (AR7010+AR9287).

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-11-12 16:27:16 +01:00
Lech Perczak
10b130161d kernel: kmod-usb-serial-mos7720: support parallel port in MCS7715
In-kernel driver for MCS7715 USB-serial bridge has a bool option,
enabling support for parallel port on that chip - which is tied to the
same kernel module. Enable it and select kmod-ppdev, as the image size
increase is minimal and the package isn't bundled in the images by
default.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-11-12 15:37:33 +01:00
Christian Marangi
3d6b89c514
iptables: backport patch fixing bug with string module
Backport patch fixing critical bug with string module merged upstream.

Fixes: #13812
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-12 14:13:41 +01:00
Hannu Nyman
36b1dd75fd
ath10k-ct: Restore functionality after switch to 6.4 version
Adjust our local ath10k-ct patches to the change
from the -ct 6.2 version to 6.4.

This restores e.g. the LED functionality.

Fixes: 7d3651f1b9b ("ath10k-ct: switch to 6.4")
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2023-11-11 23:49:15 +01:00
Christian Marangi
8cce00bc9d
qca-ssdk: fix unsupported scenario with PORT1 not declared in switch bmp
Commit 947b44d9ae17 ("ipq807x: fix wrong define for LAN and WAN ess mask")
started fixing wrong switch_lan_bmp that defined lan there weren't
actually present. This displayed a fragility in the malibu phy init code
in qca-ssdk.

Add patch to fix this.

Quoting the patch detailed description:

I'm very confused by this and to me it's not clear the real usage of
this logic.

From what I can see the usage of this is EXTREMELY FRAGILE and results
in dangerous results if the OEM (or anyone that by chance try to
implement things in a logical manner) deviates from the default values
from the "magical template".

To be in more details. With QSDK 12.4, some tweaks were done to improve
autoneg and now on every call of port status, the phydev is tried to
add. This resulted in the call and log spam of an error with ports that
are actually not present on the system with qsdk reporting phydev is
NULL. This itself is not an error and printing the error is correct.

What is actually an error from ages is setting generic bitmap reporting
presence of port that are actually not present. This is very common on
OEM where the switch_lan_bmp is always a variant of 0x1e (that on bitmap
results in PORT1 PORT2 PORT3 PORT4 present) or 0x3e (PORT1 PORT2 PORT3
PORT4 PORT5). Reality is that many device are used as AP with one LAN
port or one WAN port. (or even exotic configuration with PORT1 not
present and PORT2 PORT3 PORT4 present (Xiaomi 3600)

With this finding one can say... ok nice, then lets update the DT and
set the correct bitmap...

Again world is a bad place and reality is that this cause wonderful
regression in some case of by extreme luck the first ever connected
port working and the rest of the switch dead.

The problem has been bisected to all the device that doesn't have the
PORT1 declared in any of the bitmap.

With this perfection in mind, on to the REAL problem.

malibu_phy_hw_init FOR SOME REASON, set a global variable first_phy_addr
to the first detected PHY addr that coincidentally is always PORT1.
PORT1 addr is 0x0. The entire code in malibu_phy use this variable to
derive the phy addrs in some function.

Declaring a bitmap where the PORT1 is missing (or worse PORT4 the only
one connected) result in first_phy_addr set to 1 or whatever phy addr is
detected first setting wrong value all over the init stage.

To fix this, just drop this variable and hardcode everything to assume
the first phy adrr is ALWAYS 0 and remove calculation and use define for
special case.

With the following change normal switch traffic is restored and ports
function is recovered.

Fixes: #13945
Fixes: 947b44d9ae17 ("ipq807x: fix wrong define for LAN and WAN ess mask")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-11 23:39:32 +01:00
Christian Marangi
a69367933d
netifd: update to Git HEAD (2023-11-11)
c739dee0a37b system-linux: refresh MAC address on DSA port conduit change

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-11 23:38:30 +01:00
Petr Štetiar
b7cf706539
debugcc: add licensing information
Information about package license is important, so lets add it.

Fixes: 79ee0d2ceead ("debugcc: add new package to debug IPQ based SoC clocks")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-11 06:11:25 +00:00
Christian Marangi
79ee0d2cee
debugcc: add new package to debug IPQ based SoC clocks
Add new package to debug IPQ clocks using debug regs and hardware
oscillator.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 21:16:09 +01:00
Robert Marko
8376eaaa28
dtc: add option for a static build
I find myself manually compiling dtc as a staticly linked binary rather
often while porting a new device to OpenWrt as dtc is rarely included in
various vendor modifications of OpenWrt.

So, since dtc offers a convenient meson option to build it as staticaly
linked binary, lets make it a compile time option.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-10 20:27:55 +01:00
Nick Hainke
d83231603c wolfssl: update to 5.6.4
Releae Notes:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.4-stable

Remove upstreamed patch:
- 001-fix-detection-of-cut-tool-in-configure.ac.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-11-10 19:28:27 +01:00
Felix Fietkau
d45d72a6da netifd: update to the latest version
eee02ccca8c8 device: add support to configure eee
bb28f6a291d9 wireless: fix sign comparison warning
35facc8306f5 wireless: fix premature removal of hotplug devices due to down state

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-10 15:37:42 +01:00
Christian Marangi
07b5b3978d
ipq-wifi: update to Git HEAD (2023-11-10)
0c2e810e71ed qcn9074: fix prpl Foundation Haze BDF for old mac80211 version

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 13:20:31 +01:00
Christian Marangi
01d675687c
base-files: add additional uci-defaults function for GRO and conduit
Add additional uci-defaults function for configuring GRO settings and
conduit for network devices.

Tweaking the GRO values might increase performance on some low spec
device that lack some offload feature on gmac.

Tweaking conduit interface is specific to DSA based devices and is
useful for multi-CPU scenario where one CPU is dedicated to one single
port.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 12:30:34 +01:00
Christian Marangi
da7ad22931
base-files: generalize ucidef_set_network_device
Generalize ucidef_set_network_device functions to use a more generic
_ucidef_set_network_device_common that takes as args the option and the
value to apply instead of hardcoding.

This is to reduce duplicated code in preparation for addition of
additional option for board.d usage.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 12:30:33 +01:00
Christian Marangi
1714087442
netifd: update to Git HEAD (2023-11-09)
841b05fbb91e system-linux: fix compilation error if IFLA_DSA_MASTER is not supported
5c9ecc1ff74f system-linux: make system_if_get_master_ifindex static
2dc7f450f3a2 system-linux: add option to configure DSA conduit device
838f815db5ef system-linux: add support for configurable GRO option

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-10 12:30:33 +01:00
Hannu Nyman
f79de8ec65 gdb: Update to 13.2
Update the devel/gdb package to version 13.2

* Remove the upstreamed patch 001-Add-support-for-readline-8.2.patch
* Adjust 130-gdb-ctrl-c.patch to upstream changes

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2023-11-10 08:39:38 +01:00
Isaev Ruslan
3763a6a075
ipq807x: add support for Yuncore AX880
SPECIFICATION:
    - Chipset:  IPQ8072A +QCN5054+QCN5024+QCA8081*2
    - Flash NOR-8MB AND NAND-128MB
    - RAM 1Gb DDR
    - IEEE 802.11:  802.11ax/ac/b/g/n
    - 4*4 2.4G Wi-Fi standard   802.11b/g/n/ax
    - 4*4 5.8G Wi-Fi Standard   802.11 a/n/ac/ax
    - 2x 1 Gbps Ethernet (QCA8081) with 802.3at PoE input support
    - 1x  Reset
    - 1x  Bluetooth(optional)
    - 1x  DC Port 12V 3A
    - 4x Antenna    IPEX Connector, 3dBi omni antennas
    - Data Rate:    3657Mbps ( 2.4G: 1182Mbps (11ax 4x4); 5.8G: 2475Mbps (11ax 4x4))
    - RF Power: 2.4g ≤ 20dBm; 5.8g ≤ 19dBm
    - LED light:    Sys; 5.8G wifi; 2.4G wifi; WAN; LAN
    - Max Power Consumption:    ≤ 22W
    - Size: 198mm * 198mm * 41.02mm

BACKUP YOUR STOCK FIRMWARE:
```
export device=ax880
mkdir -p /tmp/fw_dump_$device
cd /tmp/fw_dump_$device
dmesg > dmesg_$device.log
dtc -I fs /sys/firmware/devicetree/base > $device.dts
cat /proc/device-tree/model > model
cat /proc/mtd > proc_mtd
while read p; do
mtd_dev=$(echo $p | cut -d: -f1)
echo $mtd_dev
dd if=/dev/$mtd_dev of=$mtd_dev
done < proc_mtd
md5sum * > md5sum.log
tar -cvzf ../$device.tar.gz .
export sum=$(md5sum /tmp/$device.tar.gz | cut -d' ' -f1)
mv ../$device.tar.gz /tmp/${device}_${sum}.tar.gz
echo fw backup saved to: /tmp/${device}_${sum}.tar.gz
```
Upload your backup via tftp to the safe place.

INSTALLATION:
1. stock firmware web ui
Rename factory.bin fw image file to factory.ubin. Flash this image
like ordinary stock fw upgrade.

2. stock firmware telnet method
Enter telnet cli (login: root, password: 476t*_f0%g09y) and upload
 factory.bin fw image and rename it to factory.ubin
`cd /tmp && wget <your_web_server_ip>/factory.ubin`
`sysupgrade factory.ubin

3. initramfs method
    Put openwrt-ipq807x-generic-yuncore_ax880-initramfs-uImage.itb to your
    TFTP server and rename it to ax880.initram
    Enable serial console and enter to the u-boot cli.
    Exec these commands:
    `tftpboot <your_tftp_server_ip>:ax880.initram`
    `dhcp`

    When downloading is finished:
    `bootm`
    After booting the device, you need to upload to the device factory.ubi fw image.
    ```
    cd /tmp && wget <your_web_server_ip>/factory.ubi`
    export rootfs=$(cat /proc/mtd | grep rootfs | cut -d: -f1)
    export rootfs_1=$(cat /proc/mtd | grep rootfs_1 | cut -d: -f1)
    ubiformat /dev/${rootfs} -y -f factory.ubi
    ubiformat /dev/${rootfs_1} -y -f factory.ubi
    reboot
    ```

4. u-boot factory.ubi image method
    Put openwrt-ipq807x-generic-yuncore_ax880-squashfs-factory.ubi to your
    TFTP server and rename it to ax880.ubi
    Enter u-boot cli and exec these commands:
    `tftpboot <your_tftp_server_ip>:ax880.ubi`
    `dhcp`
    After downloading is finished:
    `flash rootfs`
    `flash rootfs_1`
    `reset`

5. u-boot factory.bin method
    Put openwrt-ipq807x-generic-yuncore_ax880-squashfs-factory.bin to your
    TFTP server and rename it to ax880.bin
    Enter u-boot cli and exec these commands:
    `tftpboot <your_tftp_server_ip>:ax880.bin`
    `dhcp`
    After downloading is finished:
    `imgaddr=$fileaddr && nand device 0`
    Erase rootfs memory:
    `nand erase 0x00000000 0x03400000`
    Write rootfs:
    `nand write $fileaddr 0x00000000 $filesize`
    Erase rootfs_1 memory:
    `nand erase 0x3c00000 0x3400000`
    Write rootfs_1
    `nand write $fileaddr 0x3c00000 $filesize`
    `reset`

STOCK FIRMWARE RECOVERY:
Boot initramfs image.
Upload your rootfs mtd partition to the device using scp or download
it from the device using wget.
Enter device ssh cli and exec:
```
cd /tmp && wget <your_web_server_ip>/mtd21`
export rootfs=$(cat /proc/mtd | grep rootfs | cut -d: -f1)
export rootfs_1=$(cat /proc/mtd | grep rootfs_1 | cut -d: -f1)
ubiformat /dev/${rootfs} -y -f /tmp/mtd21
ubiformat /dev/${rootfs_1} -y -f /tmp/mtd21
reboot
```

Signed-off-by: Isaev Ruslan <legale.legale@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2023-11-09 16:52:10 +01:00
Christian Marangi
05e516b12d
hostapd: refresh patches
Refresh patches for hostapd using make package/hostapd/refresh.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 16:07:55 +01:00
Christian Marangi
6c9ac57d58
hostapd: permit 40MHz in 802.1s only also for 2.4GHz g/n with noscan
Currently for 802.1s only, for wifi 2.4GHz in g/n mode, 40MHz is never
permitted.

This is probably due to the complexity of setting periodic check for the
intolerant bit. When noscan option is set, we ignore the presence of the
intoleran bit in near AP, so we can enable 40MHz and ignore any complex
logic for checking.

Fixes: #13112
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 15:58:38 +01:00
Christian Marangi
b1c7b1bd67
hostapd: permit also channel 7 for 2.5GHz to be set to HT40PLUS
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 15:58:37 +01:00
Christian Marangi
1b5ea2e199
hostapd: fix broke noscan option for mesh
noscan option for mesh was broken and actually never applied.

This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 15:58:37 +01:00
Christian Marangi
1070fbce6e
mac80211: fix not set noscan option for wpa_supplicant
noscan option was changed to hostapd_noscan but the entry in
wpa_supplicant was never updated resulting in the noscan option actually
never set.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-09 15:58:34 +01:00
Robert Marko
eea264fead
kernel: qca-ssdk: update to 12.4
Update SSDK version to 12.4, this fixes weird SFP port link up/downs
while there is no SFP module plugged in.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-11-09 13:21:55 +01:00
Jo-Philipp Wich
551963662b ucode: update to Git HEAD (2023-11-07)
0352a33 uloop: support new interval and signal APIs
1468cc4 syntax: don't treat `as` and `from` as reserved keywords

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-11-09 12:40:42 +01:00
Daniel Golle
c63e3c98e8 fstools: bump to git HEAD
3a07943 block: support skipping uuid check
 56a9b4e block: consider currently mounted root device first
 9cd09d4 block: try to find the root device on both / and /rom
 c1a8d95 block: support extroot on already mounted overlay

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-11-09 11:15:42 +00:00
Daniel Golle
d6a06acaa5 arm-trusted-firmware-mediatek: update to release 2023-10-13
Drop local patches now upstream.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-11-09 00:34:38 +00:00
Felix Fietkau
c2a30b6e01 hostapd: use rtnl to set up interfaces
In wpa_supplicant, set up wlan interfaces before adding them

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-08 12:46:29 +01:00
Felix Fietkau
531314260d wifi: fix applying mesh parameters when wpa_supplicant is in use
Apply them directly using nl80211 after setting up the interface.
Use the same method in wdev.uc as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-08 12:46:29 +01:00
Hauke Mehrtens
6aad5ab099 px5g-wolfssl: Fix permission of private key
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.

OpenSSL does this in the same way already.

With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.*
-rw-r--r--    1 root     root           749 Nov  6 23:14 /etc/uhttpd.crt
-rw-------    1 root     root           121 Nov  6 23:14 /etc/uhttpd.key

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-07 21:55:55 +01:00
Hauke Mehrtens
929c9a58c9 px5g-mbedtls: Fix permission of private key
Store the private key with read and write permission for the user only
and not with read permissions for everyone. This converts the
write_file() function from fopen() to open() because open allows to
specify the permission mask of the newly created file. It also adds and
fixes some existing error handling.

OpenSSL does this in the same way already.

With this change it looks like this:
root@OpenWrt:/# ls -al /etc/uhttpd.crt /etc/uhttpd.key
-rw-r--r--    1 root     root           519 Nov  6 22:58 /etc/uhttpd.crt
-rw-------    1 root     root           121 Nov  6 22:58 /etc/uhttpd.key

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-07 21:55:55 +01:00
Felix Fietkau
41d7439af5 netifd: update to the latest version
383753dd65ae device/bridge: support passing extra vlans in the device_set_state call
b6e75eafc1af device: send notifications for device events via ubus
cab415c7aefd bridge: add auth-required bridge members with auth_status=0 if vlan is enabled
827a02f0343c bridge: add support for configuring vlans for auth=1,auth_status=false
40ed7363caf2 device: fix build error on 32 bit systems
516ab774cc16 system-linux: fix race condition on bringing up wireless devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-11-07 13:36:54 +01:00
Hauke Mehrtens
a15eb1cda0 bpf-headers: Fix download URL with kernel 6.1
This fixes the download of the kernel 5.15 for the bpf-headers when
kernel 6.1 is build for the target.

Even if kernel 6.1 was selected for the target we still use kernel 5.15
for the bpf-headers. The download script tried to download the 5.15
kernel from the 6.x directory on kernel,org and this failed. Define
PKG_SOURCE_URL based on PKG_PATCHVER and not KERNEL_BASE like done in
kernel.mk.

Without this change it tries to download the kernel from this URL:
ttps://cdn.kernel.org/pub/linux/kernel/v6.x/linux-5.15.129.tar.xz

Fixes: #13190
Fixes: #13671
Fixes: #13814
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-06 23:20:14 +01:00
Hauke Mehrtens
3c17cdbc36 mbedtls: Activate secp521r1 curve by default
Activate the secp521r1 ecliptic curve by default. This curve is allowed
by the CA/Browser forum, see
https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-v2.0.1-redlined.pdf#page=110

This increases the size of libmbedtls12_2.28.5-1_aarch64_generic.ipk by
about 400 bytes:
Without:
252,696 libmbedtls12_2.28.5-1_aarch64_generic.ipk
With:
253,088 libmbedtls12_2.28.5-2_aarch64_generic.ipk

Fixes: #13774
Acked-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-06 23:04:00 +01:00
Daniel Golle
f8414f1a6f uboot-envtools: add environment config for MeiG SLT866
Add configuration to access U-Boot environment on MeiG SLT866.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2023-11-03 21:16:29 +00:00
Jo-Philipp Wich
5bb3b5d46c firewall4: update to latest Git HEAD
4101dd4 fw4: perform strict validation of zone and set names
a923c88 fw4: pass zone to templates whenever possible
597dc90 fw4: add support for zone log_limit
1874050 fw4: add log_limit to rules and redirects
19a8caf ruleset: dispatch ct states using verdict map
a5553da ruleset: reduce ksoftirqd load by refering to looopback by numeric id
de3483c tests: adjust zone log limit testcases
7392792 ruleset: do not emit redundant drop invalid rules
698a533 ruleset: apply egress MSS fixup later to apply final MTU before wire

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-11-03 15:55:15 +01:00
Christian Marangi
a0fa3a17a2
ath10k-ct: add patch fixing compilation error in debug
ath10k-ct based on kernel 6.4 doesn't have a fix present in previous
kernel. Add patch that port the compilation error fix from previous
kernel in the new 6.4 kernel.

Fixes: 7d3651f1b9be ("ath10k-ct: switch to 6.4")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2023-11-03 04:10:03 +01:00
Koen Vandeputte
7d3651f1b9
ath10k-ct: switch to 6.4
Switch to the latest version so we match as close as possible to
our own mac80211 version.

Run-time tested on hundreds of devices in the field for months now:
- qca988x (wave 1)
- qca4019 (wave 2)

Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-11-02 20:38:34 +01:00
Koen Vandeputte
8de3ee2e79
ath10k-ct: bump to latest upstream
92900bf("at10k-ct: fixup version info")

Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2023-11-02 20:38:34 +01:00
Philip Prindeville
ac199c57c5
dnsmasq: don't source functions.sh twice
It's already pulled in from /etc/rc.common.

Fixes: #13758

Fixes: 6b23836071b1 ("package: avoid the use of eval to parse ipcalc.sh output")

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2023-11-02 20:29:38 +01:00
Petr Štetiar
bc47613cf0
Revert "uboot-sunxi: add missing type __u64"
This reverts commit 3cc57ba4627c9c7555f8ad86e4f78d86d8f9ddf0 as it
should be fixed in commit 78cbd5a57e11 ("tools: macOS: types.h: fix
missing unsigned types").

References: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-02 20:20:56 +01:00
Petr Štetiar
f691830307
Revert "uboot-mediatek: fix build on Mac OS X"
This reverts commit 997ff740dc44045390680eaa30b6566d40bca322.
78cbd5apick as it should be fixed in commit 78cbd5a57e11 ("tools: macOS:
types.h: fix missing unsigned types").

References: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-02 20:20:56 +01:00
Jo-Philipp Wich
6f5f9a0218 ucode: update to latest Git HEAD
cfb24ea build: avoid redefining _FORTIFY_SOURCE
448c763 lib: enforce consistent `index()` behavior with empty needle argument
cdc0203 nl80211: fix maybe uninitialized variable
a69b5c8 vm: fix unused result warning
ea046bd build: enable source fortification by default

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2023-11-02 10:52:36 +01:00
Hauke Mehrtens
d62726b1e4 urngd: update to version 2023-11-01
Fix compilation with glibc

44365eb Deactivate _FORTIFY_SOURCE in jitterentropy-base.c

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-11-01 22:10:46 +01:00
Petr Štetiar
6dca88aa4a
hostapd: fix broken WPS on broadcom-wl and ath11k
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl/ath11k
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.

The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.

Bug: http://lists.infradead.org/pipermail/hostap/2022-January/040178.html
Bug-Debian: https://bugs.debian.org/1004524
Bug-ArchLinux: https://bugs.archlinux.org/task/73495
Upstream-Status: Changes Requested [https://patchwork.ozlabs.org/project/hostap/patch/20220130192200.10883-1-mail@david-bauer.net]
Reported-by: Étienne Morice <neon.emorice@mail.com>
Tested-by: Étienne Morice <neon.emorice@mail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-01 12:23:01 +00:00
Petr Štetiar
d604a07225
build: add CycloneDX SBOM JSON support
CycloneDX is an open source standard developed by the OWASP foundation.
It supports a wide range of development ecosystems, a comprehensive set
of use cases, and focuses on automation, ease of adoption, and
progressive enhancement of SBOMs (Software Bill Of Materials) throughout
build pipelines.

So lets add support for CycloneDX SBOM for packages and images
manifests.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2023-11-01 11:14:41 +00:00
Jianhui Zhao
3bbc1d5fba uboot-mediatek: fix determine the size of an uImage.FIT using 'imsz' or 'imszb'.
It must read the entire image for previous code of 'imsz' or 'imszb'.

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
Suggested-by: Chuanhong Guo <gch981213@gmail.com>
2023-10-31 22:12:30 +00:00
David Bauer
9a47688eee uqmi: update to latest HEAD
eea2924 uqmi: add slot number to uim-sim-status output

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-10-31 21:12:15 +01:00
David Bauer
39341f422f hostapd: fix OWE association with mbedtls
The code for hostapd-mbedtls did not work when used for OWE association.

When handling association requests, the buffer offsets and length
assumptions were incorrect, leading to never calculating the y point,
thus denying association.

Also when crafting the association response, the buffer contained the
trailing key-type.

Fix up both issues to adhere to the specification and make
hostapd-mbedtls work with the OWE security type.

Signed-off-by: David Bauer <mail@david-bauer.net>
2023-10-31 21:12:15 +01:00