Commit Graph

51254 Commits

Author SHA1 Message Date
Tony Ambardar
736edf9dea kernel: add missing config symbols for 5.10
Update generic config to add missing options that prompt during builds.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-14 17:52:49 +00:00
Álvaro Fernández Rojas
ecc058b6a0 bmips: minor ethernet driver cleanups and fixes
Add some minor ethernet driver cleanups and fixes to improve code quality.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-03-14 16:21:27 +01:00
Álvaro Fernández Rojas
4a81b00a05 bmips: reorganize patches
Rename and reorganize backported patches.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-03-14 16:21:27 +01:00
Hauke Mehrtens
e6ba970b6e realtek: Add ZyXEL GS1900-8
The ZyXEL GS1900-8 is a 8 port switch without any PoE functionality or
SFP ports, but otherwise similar to the other GS1900 switches.

Specifications
--------------
* Device:    ZyXEL GS1900-8 v1.2
* SoC:       Realtek RTL8380M 500 MHz MIPS 4KEc
* Flash:     Macronix MX25L12835F 16 MiB
* RAM:       Nanya NT5TU128M8GE-AC 128 MiB DDR2 SDRAM
* Ethernet:  8x 10/100/1000 Mbit
* LEDs:      1 PWR LED (green, not configurable)
             1 SYS LED (green, configurable)
             8 ethernet port status LEDs (green, SoC controlled)
* Buttons:   1 on-off glide switch at the back (not configurable)
             1 reset button at the right side, behind the air-vent
               (not configurable)
             1 reset button on front panel (configurable)
* Power      12V 1A barrel connector
* UART:      1 serial header (JP2) with populated standard pin connector on
             the left side of the PCB, towards the back. Pins are labelled:
             + VCC (3.3V)
             + TX (really RX)
             + RX (really TX)
             + GND
             the labelling is done from the usb2serial connector's point of
             view, so RX/ TX are mixed up.

Serial connection parameters for both devices: 115200 8N1.

Installation
------------
Instructions are identical to those for the GS1900-10HP and GS1900-8HP.

* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs
  image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
  space bar, and enable the network:
  > rtk network on
* Since the GS1900-10HP is a dual-partition device, you want to keep the
  OEM firmware on the backup partition for the time being. OpenWrt can
  only boot off the first partition anyway (hardcoded in the DTS). To
  make sure we are manipulating the first partition, issue the following
  commands:
  > setsys bootpartition 0
  > savesys
* Download the image onto the device and boot from it:
  > tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-8-initramfs-kernel.bin
  > bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
  > sysupgrade /tmp/openwrt-realtek-generic-zyxel_gs1900-8-squashfs-sysupgrade.bin

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-14 15:07:30 +01:00
Hauke Mehrtens
c6c8d597e1 realtek: Add generic zyxel_gs1900 image definition
Add a new common device definition for the Zyxel GS1900 line of
switches.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-03-14 15:03:00 +01:00
Dominick Grift
41a8f093fb selinux-policy: update to version v0.8
3d7da7a igmpproxy tidy some loose ends
c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf
5a18967 adds igmpproxy skeleton
7e6a218 logread: support resolving dns names
e39ca8b netifd: add support for /etc/udhcpc.user
7952bd0 odhcp6c: support /etc/odhcp6c.user
ba0eb4e swconfig, fwenv, agent
4556b8a pppd cosmetic
9324d9d pppd: sends AT commands to model using /dev/ttyUSBN
417b14a ttydev: add some more ttyUSB
ed739dc example: dont depend on policycoreutils
97613f9 dropbear: using dropbear as scp: dns name resolving
12c193b dropbear tcp connect ssh ports for scp
c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional
8c5de35 this is a bug
8d5c463 uhttpd rcboot rcdnsmasq
094266e hostapd and wpa_supplicant
aef0bd7 mountroot: maintains /tmp/sysupgrade.tar
24f0406 dropbear: allow it to read tmp.fs files
2901433 firstboot mkfsf2fs rcboot
2c4afb7 blockmount mmc
465ca98 adds industrial i/o (iio) nodedev
82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon
7df78bd ubus: "support" older ubusd versions that run as root
4458bce swconfig: allow using terminal (to print output)
e8d606d sslcert: openssl linked: this shaves off 200 bytes
93afffb jshn ntpdhotplug
0b847f0 wpad: reads /etc/ssl/openssl.cnf
f14ee34 indent fix
a0c7cad mtd, uhttpd, ubus and ntpdhotplug
d74f98f adds a not about checkreqprot requirement in some scenarios
affacce example: add policycoreutils-setfiles for make check
4f944dc kmodloader and fwenv:
efe36a3 netifd: adds a comment/reminder
581b087 more fw_printenv loose ends
30177a4 fw_setenv: needs mtd write access to set and delete env
da28f4c fw_printenv: some minor clean ups
a062053 fw_printenv missing rules
244ba5f blockmount: extroot and /rwm
0745a6a squid: allow squid to run sslcrtd with domain transition
b851df6 squid fix
8c55acd squid: adds certfile and allow connect http but...
b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid)
5ff39bd squid: forgot about luci
5366c97 squid/rcsquid some basic fill in
8743da6 squid skeleton
687a43b adds squid 3128 port to httpproxy port

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-14 12:56:46 +00:00
Álvaro Fernández Rojas
28dcb74de3 bmips: add experimental ethernet support
This adds experimental ethernet support for BCM6318, BCM6328, BCM6362, BCM6368
and BCM63268.
BCM6358 needs a different driver, so there's no support for now.

Working devices:
- Comtrend AR-5315u
- Comtrend AR-5387un
- Comtrend VR-3025u
- Comtrend VR-3032u

Not working devices:
- Netgear DGND3700 v2 (no idea on how the external switch is connected)
- Huawei HG556a ver B (BCM6358 needs a separate driveer)

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-03-14 12:05:17 +01:00
Tony Ambardar
bf4aa0c6a2 tools/libelf: remove unneeded host library
This old ELF library dating to 2009 used to be necessary on MacOS but
is not required for building the kernel or tools since [1]. On Linux
systems, libelf is already an OpenWRT build-system prerequisite [2].

Presence of the older library can mask or conflict with the system libelf
and lead to build errors, as seen compiling Linux kernels since v5.8 or
host tools such as dwarves (e.g. pahole).

Remove the unnecessary tools/libelf library and avoid the related issues.

[1] 5f8e587240 ("build: force disable stack validation during kernel build
                 on non-linux systems")
[2] https://openwrt.org/docs/guide-developer/build-system/install-buildsystem#prerequisites

Tested-by: Rosen Penev <rosenp@gmail.com> (Linux)
Tested-by: Georgi Valkov <gvalkov@abv.bg> (MacOS)
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-13 22:20:02 +00:00
Tony Ambardar
29e2be69c4 elfutils: remove host build from target package
Commit f4da28c301 ("elfutils: Add host build") supplied a libelf host
library to fix a glib2 host build error, but this need was later removed
by b6212c8769 ("glib2: don't use libelf during host build").

More importantly, there are already two sources for libelf host libraries:
OpenWRT build prerequisites [1] and tools/libelf. A third is not needed.

Ref [1]: https://openwrt.org/docs/guide-developer/build-system/install-buildsystem#prerequisites

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2021-03-13 21:33:22 +00:00
Hannu Nyman
c1f3c52564 busybox: backport fixes for 1.33.0
Backport two fixes for 1.33.0
* history file storing
* traceroute command option parsing

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2021-03-13 21:18:02 +01:00
Daniel Golle
79b6a4bd3c
uboot-mediatek: import fix for AHCI and enable SATA
Import patch form Frank Wunderlich <frank-w@public-files.de> to fix
build of MediaTek AHCI SATA driver.
Enable that driver on Bananapi BPi-R64.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-13 20:16:03 +00:00
Daniel González Cabanelas
b0235c0d8d mvebu: LS421DE: make cosmetics changes in dts file
Make some cosmetic changes in the Buffalo LinkStation LS421DE NAS:
  - Delete pointless #xxx-cells
  - bootargs: replace earlyprintk with earlycon and remove unneeded args.
  - Separate pinmux nodes with empty lines.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
2021-03-13 20:15:29 +00:00
Alin Nastac
8704d138df xfrm: simplify the check for necessary kernel support
[ -d /sys/module/xfrm_interface ] is enough to check if
CONFIG_XFRM_INTERFACE support was enabled in kernel.

Signed-off-by: Alin Nastac <alin.nastac@technicolor.com>
2021-03-13 20:59:22 +01:00
Alin Nastac
65ca980b48 vti: use alternative way to check if kernel support is enabled
When necessary support is built in kernel, vti protocol support is
not enabled in netifd.

Signed-off-by: Alin Nastac <alin.nastac@technicolor.com>
2021-03-13 20:59:11 +01:00
Alin Nastac
8a35ebe375 gre: use alternative way to check if kernel support is enabled
When necessary support is built in kernel, gre protocol support is
not enabled in netifd.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2021-03-13 20:58:55 +01:00
Kabuli Chana
1cd098784e kernel: bump 5.10 to 5.10.23
update kernel to 5.10.23, rebase patches, deleted upstreamed patch:

target/linux/generic/backport-5.10/830-v5.12-0001-net-usb-qmi_wwan-support-ZTE-P685M-modem.patch

compile / test - mvebu / mamba, rango

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
[refresh again]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-03-13 17:06:42 +01:00
John Audia
e7fa97b326 kernel: bump 5.4 to 5.4.105
Ran update_kernel.sh in a fresh clone without any existing toolchains.

Removed upstreamed generic-backports:
  830-v5.12-0001-net-usb-qmi_wwan-support-ZTE-P685M-modem.patch
  831-v5.9-usbip-tools-fix-build-error-for-multiple-definition.patch
  755-v5.8-net-dsa-add-GRO-support-via-gro_cells.patch

Build system: x86_64
Build-tested: ipq806x/R7800
Run-tested: ipq806x/R7800

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
[squash patches]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-03-13 17:06:35 +01:00
Daniel Golle
1a7ef2c3cf
mediatek: image: don't use 'M' unit as dd may not support that
dd on Mac OS X apparently fails when using 'M' unit for bs.
dd: bs: illegal numeric value
Use 'k' unit instead for 'pad-to' to fix that.

Reported-by: Georgi Valkov <gvalkov@abv.bg>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-13 15:36:57 +00:00
Daniel Golle
997ff740dc
uboot-mediatek: fix build on Mac OS X
Copy patch added to uboot-sunxi by commit 3cc57ba462
("uboot-sunxi: add missing type __u64") also to uboot-mediatek.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-13 13:41:04 +00:00
Rafał Miłecki
9530b9bb78 bcm47xx: make WGT634U NVRAM patch apply again
Fixes: 1c48eee5b2 ("kernel: backport Broadcom NVRAM driver cleanups")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-03-12 21:09:11 +01:00
Felix Fietkau
3d1ea0d77f kernel: add compatibility with upstream threaded NAPI patch
Enable threading if dev->threaded is set. This will be used to bring mt76 back
in sync with upstream

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-03-12 20:23:52 +01:00
Felix Fietkau
0d5bf53197 kernel: update 5.10 flow offload patches
Includes PPPoE support and VLAN related fixes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-03-12 20:23:52 +01:00
Rafał Miłecki
e90e75b12c kernel: add pending mtd patches adding NVMEM support
It's meant to provide upstream support for mtd & NVMEM. It's required
e.g. for reading MAC address from mtd partition content. It seems to be
in a final shape so it's worth testing.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-03-12 18:49:46 +01:00
Rafał Miłecki
deceb03993 kernel: move mtd ofpart accepted patch
Move upstream patch to the backport directory.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-03-12 18:32:01 +01:00
Rafał Miłecki
b2b75e1939 kernel: add two more missed 5.10 backports
Those were added to 5.4 but missed while introducing 5.10 kernel.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-03-12 18:31:58 +01:00
Rafał Miłecki
baf04eed02 bcm53xx: initialize NVRAM from NVMEM driver
NVRAM access may be needed early in boot process. Reading it using mtd
happens quite late in the init process. Add NVRAM initialization to the
NVMEM driver which comes up early and depends on IO mapping only.

This is required by Linksys devices which use NVRAM content for proper
partitioning (detecting current firmware partition).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-03-12 18:22:18 +01:00
Rafał Miłecki
1c48eee5b2 kernel: backport Broadcom NVRAM driver cleanups
Refactoring of bcm47xx_nvram driver. It's used by bcm47xx and bcm53xx.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-03-12 18:08:41 +01:00
Álvaro Fernández Rojas
36b404a226 bmips: switch to upstream bcm2835-rng reset patch
This patch has been accepted upstream.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-03-12 14:29:51 +01:00
Daniel Golle
0183ee2eb9
uboot-mediatek: update configs for MT7622 devies
* make sure USB 2.0 works (useful for UEFI-booting eg. memtest86)
 * include more useful U-Boot config options on BPi-R64.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-12 00:18:58 +00:00
Bjørn Mork
ba220ad2fd realtek: drop ethtool log noise
Demote a number of debugging printk's to pr_debug to avoid log
nosie.  Several of these functions are called as a result of
userspace activity.  This can cause a lot of log noise when
userspace does periodic polling.

Most of this could probably be removed completely, but let's
keep it for now since these drivers are still in development.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-03-12 00:46:00 +02:00
Daniel Golle
9dfc2b3ca4
uboot-mediatek: update to 2021.04-rc3 with MediaTek's patches
MediaTek published their current U-Boot patchset on github:
https://github.com/mtk-openwrt/u-boot/commits/mtksoc

Import the platform patches from there (`00-mtk-*.patch`), arrange,
them nicely, drop no longer needed local patches and rebase on top of
U-Boot 2021.04-rc3.

Tested and works well on Linksys E8450 (snand-1ddr) as well as
Bananapi BPi-R64 (sdmmc-2ddr, emmc-2ddr).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-11 16:24:53 +00:00
Daniel Golle
e2cffbb805
arm-trusted-firmware-mediatek: update to 2021-03-10
Most prominently this adds changes which allow replacing the binary-
only 'bromimage' tool by U-Boot's 'mkimage' (see previous commit).
This fixes build on non-Linux and/or non-x86 platforms.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-11 16:24:48 +00:00
Daniel Golle
ce19e8fa43
tools: mkimage: add patches for 64-bit MediaTek BootROM
Add patches for mkimage to allow using it instead of the binary-only
'bromimage' tool to generate bl2 for MT7622.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-11 16:24:20 +00:00
Daniel Golle
da339a6d3f
rpcd: update to git HEAD
d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations
 ccb7517 sys: packagelist: drop ABI version from package name

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-11 00:39:16 +00:00
Daniel Golle
b5f6d20560
opkg: update to git HEAD
d71856a pkg: pass-through ABIVersion to status file

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-11 00:39:09 +00:00
Rafał Miłecki
01b1b37528 bcm53xx: backport NVMEM NVRAM driver
It supports NVRAM access described using DT binding. Right now NVRAM
data is exposed using /sys/bus/nvmem/ only.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-03-10 23:23:47 +01:00
Rafał Miłecki
af8a49a4be Revert "bcm53xx: add support for reading NVRAM based on DT mapping"
This reverts commit b0376462c1. Those
changes were rejected and were replaced with an NVMEM driver.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-03-10 22:29:15 +01:00
Hans Dedecker
0ef3c58ac8 glibc: update to latest 2.33 commit (BZ #27462, BZ #27318, BZ #27389)
a151f2e05a nscd: Fix double free in netgroupcache [BZ #27462]
ee9f98d9ca x86: Set minimum x86-64 level marker [BZ #27318]
3e880d7337 nss: Re-enable NSS module loading after chroot [BZ #27389]
71b2463f61 x86: Add CPU-specific diagnostics to ld.so --list-diagnostics
a1eb3915e7 x86: Automate generation of PREFERRED_FEATURE_INDEX_1 bitfield
33dc1dd602 ld.so: Implement the --list-diagnostics option
8d4241b897 string: Work around GCC PR 98512 in rawmemchr
6efa2d44c8 S390: Add new hwcap values.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-03-10 20:56:50 +01:00
Rui Salvaterra
130118f7aa netifd: add a udhcpc.user placeholder script
Document the existence of this feature. This allows the user to execute a script
at each DHCPv4 event. This is useful, for example, as an ad-hoc way to update a
DDNS entry when (and only when) required.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-03-10 20:16:22 +01:00
Rui Salvaterra
b4f3d93b5f odhcp6c: add a odhcp6c.user placeholder script
Document the existence of this feature. This allows the user to execute a script
at each DHCPv6 event. This is useful, for example, as an ad-hoc way to update a
DDNS entry when (and only when) required.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-03-10 20:16:06 +01:00
Paul Spooren
fc5b101c06 include: store ABIVersion in Packages index
With the existence of ABI versions there is no clean way to determine
the package name without an attached ABI version. The Packages index is
stored on device to know what packages are installed.

The ABIVersion was recently removed in c921650382 "build: drop ABI
version from metadata", while ABI versions still exists. This becomes a
problem if a user tries to export installed packages via `ubus call
rpcd-sys packagelist` which would return package names including the ABI
version. Trying to find these packages in a later release with changes
ABI version is impossible.

This commits adds the `ABIVersion` field again. Knowing both the
combined (SourceName + ABIVersion) and the `ABIVersion` it is possible
to calculate the package `SourceName` without storing it in the
on-device package list.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-03-08 19:04:35 -10:00
Daniel Golle
bff84f3e8e arm-trusted-firmware-mediatek: fix typo SPI-SNAND -> SPI-NAND
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-08 21:27:35 +00:00
Dominick Grift
49edc4d17f checkpolicy: update to version 3.2
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
42ae834a libsepol,checkpolicy: optimize storage of filename transitions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-08 21:27:35 +00:00
Dominick Grift
0b58ebcfe2 secilc: update to version 3.2
49ff851c secilc: fixes cil_role_statements.md example
03881703 secilc/docs: add custom color theme
4c8d6094 secilc/docs: add syntax highlighting for secil
057d72af secilc/docs: use fenced code blocks for cil examples
e8bcdb84 cil_network_labeling_statements: fixes nodecon examples
eefa5511 cil_access_vector_rules: allowx, auditallowx and dontauditx fixes
9e9b8103 secilc/docs: document expandtypeattribute
fbe1e526 Update the cil docs to match the current behaviour.

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-08 21:27:35 +00:00
Dominick Grift
68934a5704 policycoreutils: update to version 3.2
d464187c policycoreutils: sestatus belongs to bin not sbin
d59932a7 policycoreutils: Resolve path in restorecon_xattr
5682c0d5 policycoreutils/fixfiles.8: add missing file systems and merge check and verify
57dd1f65 policycoreutils/setfiles: Drop unused nerr variable
be7f54cb setfiles: drop ABORT_ON_ERRORS and related code
9207823c setfiles: Do not abort on labeling error
c064d214 selinux_config(5): add a note that runtime disable is deprecated
8bc865e1 newrole: support cross-compilation with PAM and audit
ba2d6c10 fixfiles: correctly restore context of mountpoints

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-08 21:27:35 +00:00
Dominick Grift
4670492ad7 libsemanage: update to version 3.2
c35919a7 libsemanage: sync filesystem with sandbox
5b05e829 Revert "libsemanage/genhomedircon: check usepasswd"
edae9275 libsemanage: Free contents of modkey in semanage_direct_remove
ce46daab libsemanage/genhomedircon: check usepasswd
6ebb35d2 libsemanage: Bump libsemanage.so version
c08b73d7 libsemanage: Drop deprecated functions
b46406de libsemanage: Remove legacy and duplicate symbols

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-08 21:27:35 +00:00
Dominick Grift
b1fc2b5b0b libselinux: update to version 3.2
142826a3 libselinux: fix segfault in add_xattr_entry()
398d2cee libselinux: rename gettid() to something which never conflicts with the libc
8f0f0a28 selinux(8,5): Describe fcontext regular expressions
9cc6b5cf libselinux/getconlist: report failures
156dd0de libselinux: update getseuser
e2dca5df libselinux: accept const fromcon in get_context API
da4829d0 libselinux: Always close status page fd
45b15c22 selinux(8): explain that runtime disable is deprecated
3c16aaef selinux(8): mark up SELINUX values
c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable
db0f2f38 libselinux: Add build option to disable X11 backend
4a142ac4 libsepol: Bump libsepol.so version
d23342a9 libselinux: convert matchpathcon to selabel_lookup()
7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format.
f5d644c7 libselinux: Add additional log callback details in man page for auditing.
075f9cfe libselinux: Fix selabel_lookup() for the root dir.
a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices.
a63f93d8 libselinux: initialize last_policyload in selinux_status_open()
ef902db9 libselinux: safely access shared memory in selinux_status_updated()
9e4480b9 libselinux: Remove trailing slash on selabel_file lookups.
21fb5f20 libselinux: use full argument specifiers for security_check_context in man page
e7abd802 libselinux: fix build order
05bdc031 libselinux: use kernel status page by default

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-08 21:27:35 +00:00
Dominick Grift
2a1bdde0d0 libsepol: update to version 3.2
a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails
6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf
0861c659 libsepol: Validate policydb values when reading binary policy
8f5409cf libsepol: Create function ebitmap_highest_set_bit()
0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete
32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast
4662bdc1 libsepol/cil: be more robust when encountering <src_info>
6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument
0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks
1b36ace2 libsepol: include header files in source files when matching declarations
1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check
72a88d75 libsepol: remove unused files
eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit
1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block
b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep
f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values()
5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums
34bd9a9d libsepol: destroy filename_trans list properly
bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer
b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails
228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit
a25d9104 libsepol/cil: constify some strings
e2d01842 libsepol/cil: propagate failure of cil_fill_list()
6c8fca10 libsepol/cil: do not add a stack variable to a list
38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias
3c357285 libsepol/cil: remove useless print statement
90809674 libsepol/cil: always destroy the lexer state
d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible
2aac859a libsepol/cil: Use the macro NODE() whenever possible
d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases()
9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve
e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node()
ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
89dab467 libsepol: free memory when realloc() fails
2d353bd5 libsepol/cil: Give error for more than one true or false block
4a142ac4 libsepol: Bump libsepol.so version
506c7b95 libsepol: Drop deprecated functions
ae58e84b libsepol: Get rid of the old and duplicated symbols
c97d63c6 libsepol: silence potential NULL pointer dereference warning
64387cb3 libsepol: drop confusing BUG_ON macro
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
a152653b libsepol/cil: Fix neverallow checking involving classmaps
734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy
685f577a libsepol/cil: Validate constraint expressions before adding to binary policy
8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS
42ae834a libsepol,checkpolicy: optimize storage of filename transitions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-03-08 21:27:35 +00:00
Álvaro Fernández Rojas
76d5677c75 bmips: automatically detect RAM size
Introduce new patch for automatically detecting RAM size.
Some boards have a different amount of RAM depending on the HW revision.
Therefore, automatically detecting the RAM size instead of hard-coding it will
reduce the number of device definitions.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-03-08 17:48:45 +01:00
Álvaro Fernández Rojas
a128904723 bmips: improve CPU frequency patch
Fixes BCM6358 address and calculations.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2021-03-08 17:48:45 +01:00