Commit Graph

55158 Commits

Author SHA1 Message Date
Nick Hainke
17dd8c7305 libselinux: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:48 +01:00
Nick Hainke
45990ff76e mtd-utils: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:46 +01:00
Nick Hainke
79f3e6e2c1 libnfnetlink: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:45 +01:00
Nick Hainke
7ea924d74f libmnl: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:44 +01:00
Nick Hainke
91e65314a7 f2fs-tools: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:42 +01:00
Nick Hainke
5bc8e5a5a9 libnl: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:41 +01:00
Nick Hainke
f93795cd90 jansson: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:40 +01:00
Nick Hainke
2091a76d34 libusb: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:38 +01:00
Nick Hainke
8eca549bdc lldpd: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:37 +01:00
Nick Hainke
55c015ae4d strace: replace PKG_CPE_ID
Searching for strace in nvd.nist.gov/products/cpe/search [0] will result
in "cpe:/a:strace_project:strace". Replace the current PKG_CPE_ID with
it.

[0] - https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.2&keyword=strace

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:36 +01:00
Nick Hainke
5c238a44e9 ethtool: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:36:35 +01:00
Nick Hainke
3f6d66d984 tools/bc: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:35:02 +01:00
Nick Hainke
f9a502c721 libcap: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:34:52 +01:00
Nick Hainke
e7661c64c3 nettle: add PKG_CPE_ID
Add CPE ID for tracking CVEs.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 16:34:26 +01:00
Daniel Golle
98e2501de5 kernel: rework Huawei-compatible OEM SFP GE-T
This patch was added in 09b086eeca
("kernel: add quirk for Huawei-compatible OEM SFP GE-T"). Add patch
title, description and SoB to follow OpenWrt's developer guide for
working patches to prepare it for being sent upstream. This patch
should be discussed with Russell King and merged to Linux kernel.

Co-authored-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-06 16:32:01 +01:00
Josef Schlehofer
7e94a02cbe kernel: add support for HALNy HL-GSFP and other related fixes
It was reported on Turris forum [1] that HALNy HL-GSFP module does not
work as it should with kernel 5.15. Russell King prepared this patch
series, which fixes broken SFP module to work.

Compile and run tested with Turris Omnia.

[1] https://forum.turris.cz/t/hbl-turrisos-6-0-alpha2-halny-hl-gsfp-sfp-gpon-stick-problems/17547

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-09-06 16:26:23 +01:00
Felix Fietkau
09ea1db93b hostapd: rename hostapd multicast_to_unicast option to multicast_to_unicast_all
There are two feature currently altered by the multicast_to_unicast option.
1. bridge level multicast_to_unicast via IGMP snooping
2. hostapd/mac80211 config multicast_to_unicast setting

The hostapd/mac80211 setting has the side effect of converting *all* multicast
or broadcast traffic into per-station duplicated unicast traffic, which can
in some cases break expectations of various protocols.
It also has been observed to cause ARP lookup failure between stations
connected to the same interface.

The bridge level feature is much more useful, since it only covers actual
multicast traffic managed by IGMP, and it implicitly defaults to 1 already.

Renaming the hostapd/mac80211 option to multicast_to_unicast_all should avoid
unintentionally enabling this feature

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-06 12:15:48 +02:00
Petr Štetiar
88c9056a70 tools: remove xxd package
It shouldn't be needed anymore as we've now `scripts/xxdi.pl`, which
should be self contained and fully compatible `xxd -i` replacement.

Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-06 08:04:53 +02:00
Petr Štetiar
eae2fb8027 build: provide xxd -i with scripts/xxdi.pl
Dependency on xxd was added in commit c4dd2441e7 ("tools: add xxd
(from vim)") as U-Boot requires xxd to create the default environment
from an external file.

Later in commit 2b94aac7a1 ("tools: xxd: use more convenient source
tarball"), xxd from another source was used instead, but that source is
currently unavailable, so let's fix it by using simple xxdi.pl Perl
script instead.

Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-06 08:04:53 +02:00
Petr Štetiar
06e01e817e scripts: xxdi.pl: add xxd -i compat mode
So it can serve as a standalone drop in replacement for xxd utility used
currently mostly in U-Boot packages with `xxd -i` mode which outputs C
include file style, with aim for byte to byte identical output, so the
eventual difference in the generated output is easily spottable.

Fixes: #10555
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Jo-Philipp Wich <jo@mein.io> [perl-fu]
2022-09-06 08:04:53 +02:00
Jo-Philipp Wich
8b278a76d9 scripts: xxdi.pl: remove File::Slurp dependency
In order to make it more portable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-06 08:04:53 +02:00
Petr Štetiar
2117d04a3a scripts: add xxdi.pl
xxdi.pl is a Perl script that implements vim's 'xxd -i' mode so that
packages do not have to use all of vim just to get this functionality.

References: #10555
Source: 97a6bd5cee/xxdi.pl
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-06 08:04:53 +02:00
Daniel Golle
5788b494f9 mediatek: fix sysupgrade on MTK7986 rfba AP
A line in platform.sh was accidentally removed when adding support
for the Bananapi BPi-R3.
Re-add it to fix sysupgrade on the MTK7986 rfba AP.

Fixes: a96382c1bb ("mediatek: add support for Bananapi BPi-R3")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-06 03:29:47 +01:00
Nick Hainke
431526be7c ath79: move 5.15 testing kernel to common Makefile
All subtargets are using now 5.15 as testing kernel.
Move KERNEL_TESTING_PATCHVER:=5.15 to the common Makefile.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 02:57:35 +02:00
Nick Hainke
ae6bfb7d67 ath79: tiny: add 5.15 support for tiny subtarget
Tested on Ubiquiti Nanostation M5 XM with low_mem.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 02:57:29 +02:00
Nick Hainke
f54ac98f8c ath79: add low_mem to tiny image
Devices with SMALL_FLASH enabled have "SQUASHFS_BLOCK_SIZE=1024" in
their config. This significantly increases the cache memory required by
squashfs [0]. This commit enables low_mem leading to a much better
performance because the SQUASHFS_BLOCK_SIZE is reduced to 256.

Example Nanostation M5 (XM):
The image size increases by 128 KiB. However, the memory statisitcs look
much better:

Default tiny build:
------
MemTotal:          26020 kB
MemFree:            5648 kB
MemAvailable:       6112 kB
Buffers:               0 kB
Cached:             3044 kB

low_mem enabled:
-----
MemTotal:          26976 kB
MemFree:            6748 kB
MemAvailable:      11504 kB
Buffers:               0 kB
Cached:             7204 kB

[0] - 7e8af99cf5

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-06 02:57:21 +02:00
David Bauer
e16a0e7e88 ipq40xx: add support for Extreme Networks WS-AP3915i
Hardware
--------
Qualcomm IPQ4029 WiSoC
2T2R 802.11 abgn
2T2R 802.11 nac
Macronix MX25L25635E SPI-NOR (32M)
512M DDR3 RAM
1x Gigabit LAN
1x Cisco RJ-45 Console port
Settings: 115200 8N1

Installation
------------

1. Attach to the Console port. Power up the device and press the s key
   to interrupt autoboot.

2. The default username / password to the bootloader is admin / new2day

3. Update the bootcommand to allow loading OpenWrt.

   $ setenv ramboot_openwrt "setenv serverip 192.168.1.66;
     setenv ipaddr 192.168.1.1; tftpboot 0x86000000 openwrt-3915.bin;
     bootm"
   $ setenv boot_openwrt "sf probe;
     sf read 0x88000000 0x280000 0xc00000; bootm 0x88000000"
   $ setenv bootcmd "run boot_openwrt"
   $ saveenv

4. Download the OpenWrt initramfs image. Serve it using a TFTP server as
   "openwrt-3915.bin" at 192.1681.66.

5. Download & boot the OpenWrt initramfs image on the access point.

   $ run ramboot_openwrt

6. Wait for OpenWrt to start.

7. Download and transfer the sysupgrade image to the device using e.g.
   SCP.

8. Install OpenWrt to the device using "sysupgrade"

   $ sysupgrade -n /path/to/openwrt.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-09-06 02:55:05 +02:00
David Bauer
02f81494bb ipq-wifi: add Extreme Networks WS-AP3915i
Signed-off-by: David Bauer <mail@david-bauer.net>
2022-09-06 02:54:30 +02:00
Tomasz Maciej Nowak
4d8b42d8a7 ipq40xx: point to externally compiled dtbs in recipes
Adjusting dts will cause a rebuild of whole kernel as the buildroot
considers this a part of kernel source. It's a royal PITA when trying to
prepare support for new device, since this takes a lot of time on slower
systems. As it stands, buildroot itself, with own rule, also compiles
dtbs and the results are $(KDIR)/image-$(DEVICE_DTS).dtb. With setting
DEVICE_DTS_DIR to directory holding the device dts (similarly to some
other targets), buildroot doesn't consider changed dts as part of kernel
source and rebuilds only dtb. This really speeds up development. And
since the kernel built dts are no longer used, drop the paches adding
dtses to its build.

Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
2022-09-06 02:50:04 +02:00
Daniel Golle
ee035de0fd kernel: fix mvneta Ethernet after generic phylink validate
Import patches from Linux v5.16 and v5.17 to get 2500Base-X SFP working
again with mvneta driver after the generic phylink validate backport.

Fixes: aab466f422 ("kernel: backport generic phylink validate")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-05 14:05:50 +01:00
Felix Fietkau
0c8e5c35c7 mediatek: fix fallout after etron spinand backport
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-05 11:46:47 +02:00
Felix Fietkau
faf2b2193e build: export STAGING_DIR_HOST in toplevel make code
Fixes ncurses pkg-config check for menuconfig

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-05 11:17:19 +02:00
Daniel Danzberger
f32085fc0b airoha: Add new target platform
Airoha is a new ARM platform based on Cortex-A53 which has recently been
merged into linux-next.

Due to BootROM limitations on this platform, the Cortex-A53 can't run in
Aarch64 mode and code must be compiled for 32-Bit ARM.

This support is based mostly on those linux-next commits backported
for kernel 5.15.

Patches:
1 - platform support = linux-next
2 - clock driver = linux-next
3 - gpio driver = linux-next
4 - linux,usable-memory-range dts support = linux-next
5 - mtd spinand driver
6 - spi driver
7 - pci driver (kconfig only, uses mediatek PCI) = linux-next

Still missing:
- Ethernet driver
- Sysupgrade support

A.t.m there exists one subtarget EN7523 with only one evaluation
board.

The initramfs can be run with the following commands from u-boot:
-
u-boot> setenv bootfile \
	openwrt-airoha-airoha_en7523-evb-initramfs-kernel.bin
u-boot> tftpboot
u-boot> bootm 0x81800000
-

Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
2022-09-05 11:12:32 +02:00
Sander Vanheule
f1802b0db7 realtek: replace fix for spurious GPIO interrupts
8 and 16 bit writes to the GPIO peripheral are apparently not supported,
and only worked most of the time. This resulted in garbabe writes to the
interrupt mask registers, causing spurious unhandled interrupts, which
could lead to CPU lock-ups as these kept retriggering.

Instead of clearing these spurious interrupt when they occur, the
upstream patch will just make sure all register writes have the intended
result, so these don't happen at all.

Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-09-04 20:55:15 +02:00
Rafał Miłecki
b8f8c6f2dd bcm4908: fix Asus GT-AX6000 image
1. Include Linux DTB
2. Add 50991 variant (seems to differ by 1 PHY we don't support yet)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-09-03 20:43:07 +02:00
Daniel Golle
be555b9dd8 mediatek: mt7622: fix DTS compatible of UniFi 6 LR variants
Make sure the compatible string in DTS matches the now v1/v2
differentiated board name in target/linux/mediatek/image/mt7622.mk.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-03 02:27:59 +01:00
Nick Hainke
f1b5ed3143 uboot-envtools: update to 2022.07
Update to latest version.

Remove upstreamed patches:
- 100-fw_env-make-flash_io-take-buffer-as-an-argument.patch
- 101-fw_env-simplify-logic-code-paths-in-the-fw_env_open.patch
- 102-fw_env-add-fallback-to-Linux-s-NVMEM-based-access.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-02 23:13:53 +02:00
Josef Schlehofer
3a702f8733 kernel: build crypto md5/sha1/sha256 modules for powerpc
This builds and enables kernel optimized modules for mpc85xx target:
- CONFIG_CRYPTO_MD5_PPC [1]
- CONFIG_CRYPTO_SHA1_PPC_SPE [2]
- CONFIG_CRYPTO_SHA256_PPC_SPE [3]

Where it was possible, then use Signal Processing Engine, because
CONFIG_SPE is already enabled in mpc85xx config.

[1] https://cateee.net/lkddb/web-lkddb/CRYPTO_MD5_PPC.html
[2] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA1_PPC.html
[3] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA256_PPC_SPE.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2022-09-02 23:13:53 +02:00
Nick Hainke
392febc6f6 gdb: update to 12.1
Release Notes:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=gdb/NEWS;hb=gdb-12.1-release

Refresh patches:
- 110-shared_libgcc.patch
- 130-gdb-ctrl-c.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-02 23:13:53 +02:00
Nick Hainke
728740fe78 toolchain: gdb: update to 12.1
Release Notes:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob_plain;f=gdb/NEWS;hb=gdb-12.1-release

Refreshed patch:
- 120-fix-compile-flag-mismatch.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-09-02 21:57:33 +02:00
Ivan Pavlov
3d88f26d74 wolfssl: bump to 5.5.0
Remove upstreamed: 101-update-sp_rand_prime-s-preprocessor-gating-to-match.patch

Some low severity vulnerabilities fixed
OpenVPN compatibility fixed (broken in 5.4.0)
Other fixes && improvements

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
2022-09-02 21:56:25 +02:00
Rafał Miłecki
d51e990ff8 bcm4908: use upstream patches for Asus GT-AC5300 LEDs
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-09-02 21:47:51 +02:00
John Audia
f87175b303 kernel: bump 5.15 to 5.15.64
All patches automatically rebased

Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-09-02 21:21:31 +02:00
Martin Kennedy
7f4b4c29f3 mpc85xx: Drop pci aliases to avoid domain changes
As of upstream Linux commit 0fe1e96fef0a ("powerpc/pci: Prefer PCI
domain assignment via DT 'linux,pci-domain' and alias"), the PCIe
domain address is no longer numbered by the lowest 16 bits of the PCI
register address after a fallthrough. Instead of the fallthrough, the
enumeration process accepts the alias ID (as determined by
`of_alias_scan()`). This causes e.g.:

9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...

to become

0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11)
0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ...

... which then causes the sysfs path of the netdev to change,
invalidating the `wifi_device.path`s enumerated in
`/etc/config/wireless`.

One other solution might be to migrate the uci configuration, as was
done for mvebu in commit 0bd5aa89fc ("mvebu: Migrate uci config to
new PCIe path"). However, there are concerns that the sysfs path will
change once again once some upstream patches[^2][^3] are merged and
backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled).

Instead, remove the aliases and allow the fallthrough to continue for
now. We will provide a migration in a later release.

This was first reported as a Github issue[^1].

[^1]: https://github.com/openwrt/openwrt/issues/10530
[^2]: https://lore.kernel.org/linuxppc-dev/20220706104308.5390-1-pali@kernel.org/t/#u
[^3]: https://lore.kernel.org/linuxppc-dev/20220706101043.4867-1-pali@kernel.org/

Fixes: #10530
Tested-by: Martin Kennedy <hurricos@gmail.com>
[Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i]
Signed-off-by: Martin Kennedy <hurricos@gmail.com>
2022-09-02 21:21:31 +02:00
Claudiu Beznea
e9f12931e6 at91bootstrap: use sdmmc0 as booting media for sama5d27_som1_ek
Commit 0b7c66c ("at91bootstrap: add sama5d27_som1_eksd1_uboot as
default defconfig") changed default booting media for sama5d27_som1_ek
board w/o any reason. Changed it back to sdmmc0 as it is for all the
other Microchip supported distributions for this board (Buildroot,
Yocto Project). The initial commit cannot be cleanly reverted.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-09-02 20:43:51 +02:00
Claudiu Beznea
9a49788008 uboot-at91: use sdmmc0 as booting media for sama5d27_som1_ek
Commit adc69fe (""uboot-at91: changed som1 ek default defconfigs")
changed the booting media to sdmmc1 as default booting w/o any reason.
The Microchip releases for the rest of supported distributions (Buildroot,
Yocto Project) uses sdmmc0 as default booting media for this board.
Thus change it back to sdmmc0. With this remove references to sdmmc1
config. The initial commit cannot be cleanly reverted.

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2022-09-02 20:43:51 +02:00
Daniel Golle
6c302b9009 kernel: fix DSA mac_select_pcs backport
Backport commit from Linux 5.18 fixing phylink with DSA drivers which
do not provide mac_select_pcs yet.

Fixes: aab466f422 ("kernel: backport generic phylink validate")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-02 02:22:55 +01:00
Felix Fietkau
90f55f5bf1 unetd: update to the latest version
f5d02c32f811 pex: add support for sending endpoint notification from the wg port via raw socket
c3b1127236a0 ubus: add support for querying active networks
8ad119715168 ubus: add support for adding auth_connect hosts at runtime
26dc52789d41 network: add support for configuring extra peers via a separate json file
d7fb9e5b065b ubus: add reload command

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-01 20:42:08 +02:00
Felix Fietkau
23a7188ab4 unetd: fix handling of connect/tunnel list
change the type to array, so that uci lists can be used

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-01 20:42:08 +02:00
Jo-Philipp Wich
ab31ffc425 firewall4: update to latest Git HEAD
f5fcdcf cli: introduce test mode and refuse firewall restart on errors
a540f6d fw4: fix cosmetic issue with per-ruleset and per-table include paths
695e821 doc: fix swapped include positions in nftables.d README

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2022-09-01 12:39:05 +02:00