Commit Graph

19453 Commits

Author SHA1 Message Date
Hauke Mehrtens
987275f565 hostapd: backport fix for CVE-2023-52160
Fix a authentication bypass problem in WPA Enterprise client mode. See
here for details: https://www.top10vpn.com/research/wifi-vulnerabilities/
This problem was assigned CVE-2023-52160

This problem was fixed in upstream hostapd in June 2023. Hostapd used in
OpenWrt 23.05 and later already contains this fix..

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-02-22 21:50:16 +01:00
Hauke Mehrtens
2c67fff961 mac80211: Update to version 5.15.148-1
This update mac80211 to version 5.15.148-1. This includes multiple
bugfixes. Some of these bugfixes are fixing security relevant bugs.

The following patch was integrated into upstream Linux:
package/kernel/mac80211/patches/subsys/352-wifi-mac80211-fix-invalid-drv_sta_pre_rcu_remove-cal.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-02-01 21:53:12 +01:00
orangepizza
7f64f5b11a
mbedtls: security bump to version 2.28.7
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:

* Timing side channel in private key RSA operations (CVE-2024-23170)

  Mbed TLS is vulnerable to a timing side channel in private key RSA
  operations. This side channel could be sufficient for an attacker to
  recover the plaintext. A local attacker or a remote attacker who is
  close to the victim on the network might have precise enough timing
  measurements to exploit this. It requires the attacker to send a large
  number of messages for decryption.

* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)

  When writing x509 extensions we failed to validate inputs passed in to
  mbedtls_x509_set_extension(), which could result in an integer overflow,
  causing a zero-length buffer to be allocated to hold the extension. The
  extension would then be copied into the buffer, causing a heap buffer
  overflow.

Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
(cherry picked from commit 920414ca88)
(cherry picked from commit b5c728948c)
2024-01-29 09:45:00 +00:00
Jo-Philipp Wich
78d9e4c56f jsonfilter: update to Git HEAD (2024-01-23)
013b75ab0598 jsonfilter: drop legacy json-c support
594cfa86469c main: fix spurious premature parse aborts in array mode

Fixes: https://bugs.openwrt.org/?task_id=3683
Fixes: https://github.com/openwrt/openwrt/issues/8703
Fixes: https://github.com/openwrt/openwrt/issues/11649
Fixes: https://github.com/openwrt/openwrt/issues/12344
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 33f15dd6d4)
2024-01-23 09:10:03 +01:00
Christian Marangi
05f74354bd
lua5.3: fix typo calling lua53 instead of lua5.3 for Package Default
Fix typo calling lua53 instead of lua5.3 for Package Default definition.

This cause only missing description of the package and doesn't cause
any build regression.

Fixes: c52ca08d40 ("lua5.3: build shared library")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 25e215c14e)
[ fix conflict with changed URL value ]
2023-12-10 11:48:11 +01:00
Hauke Mehrtens
1f7ca927b7 OpenWrt v22.03.6: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-12-03 20:02:26 +01:00
Hauke Mehrtens
f372b715d4 OpenWrt v22.03.6: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-12-03 20:02:20 +01:00
Alexey Bartenev
e7b3414fd5 ramips: add support for SNR-CPE-W4N-MT router
General specification:
- SoC Type: MediaTek MT7620N (580MHz)
- ROM: 8 MB SPI-NOR (W25Q64FV)
- RAM: 64 MB DDR (M13S5121632A)
- Switch: MediaTek MT7530
- Ethernet: 5 ports - 5×100MbE (WAN, LAN1-4)
- Wireless 2.4 GHz: b/g/n
- Buttons: 1 button (RESET)
- Bootloader: U-Boot 1.1.3, MediaTek U-Boot: 5.0.0.5
- Power: 12 VDC, 1.0 A

Flash by the native uploader in 2 stages:
1. Use the native uploader to flash an initramfs image. Choose
 openwrt-ramips-mt7620-snr_cpe-w4n-mt-initramfs-kernel.bin file by
 "Administration/Management/Firmware update/Choose File" in vendor's
 web interface (ip: 192.168.1.10, login: Admin, password: Admin).
 Wait ~160 seconds.
2. Flash a sysupgrade image via the initramfs image. Choose
 openwrt-ramips-mt7620-snr_cpe-w4n-mt-squashfs-sysupgrade.bin
 file by "System/Backup/Flash Firmware/Flash image..." in
 LuCI web interface (ip: 192.168.1.1, login: root, no password).
 Wait ~240 seconds.

Flash by U-Boot TFTP method:
1. Configure your PC with IP 192.168.1.131
2. Set up TFTP server and put the
 openwrt-ramips-mt7620-snr_cpe-w4n-mt-squashfs-sysupgrade.bin
 image on your PC
3. Connect serial port (57600 8N1) and turn on the router.
 Then interrupt "U-Boot Boot Menu" by hitting 2 key (select "2:
 Load system code then write to Flash via TFTP.").
Press Y key when show "Warning!! Erase Linux in Flash then burn
 new one. Are you sure? (Y/N)"
Input device IP (192.168.1.1) ==:192.168.1.1
Input server IP (192.168.1.131) ==:192.168.1.131
Input Linux Kernel filename () ==:
openwrt-ramips-mt7620-snr_cpe-w4n-mt-squashfs-sysupgrade.bin
3. Wait ~120 seconds to complete flashing

Signed-off-by: Alexey Bartenev <41exey@proton.me>
(cherry picked from commit 7796c2d7ef)
[Fix merging conflict]
Signed-off-by: Alexey Bartenev <41exey@proton.me>
2023-11-21 00:43:17 +01:00
Nick Hainke
545807ddff wolfssl: update to 5.6.4
Releae Notes:
https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.4-stable

Remove upstreamed patch:
- 001-fix-detection-of-cut-tool-in-configure.ac.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit d83231603c)
2023-11-19 14:58:44 +01:00
Hauke Mehrtens
0c7c87a306 urngd: update to version 2023-11-01
Fix compilation with glibc

44365eb Deactivate _FORTIFY_SOURCE in jitterentropy-base.c

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d62726b1e4)
2023-11-19 14:58:44 +01:00
Hauke Mehrtens
72d940d811 mbedtls: Update to version 2.28.5
This fixes some minor security problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[Removed 100-x509-crt-verify-SAN-iPAddress.patch for 22.03]
(cherry picked from commit 9e1c5ad4b0)
2023-11-19 14:58:44 +01:00
Hauke Mehrtens
3af93be5a1 bsdiff: Add patches for CVEs
Add two patches from Debian fixing CVEs in the bsdiff application.
CVE-2014-9862: Heap vulnerability in bspatch
CVE-2020-14315: Memory Corruption Vulnerability in bspatch

Copied the patches from this location:
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/20-CVE-2014-9862.patch
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/33-CVE-2020-14315.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cac723e8b8)
2023-11-19 14:58:44 +01:00
Yuu Toriyama
b87913e21d wireless-regdb: update to 2023.09.01
Changes:
    9dc0800 wireless-regdb: Update regulatory rules for Philippines (PH)
    111ba89 wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines
    ae1421f wireless-regdb: Update regulatory info for Türkiye (TR)
    20e5b73 wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
    991b1ef wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 0e13363de6)
2023-11-19 14:58:44 +01:00
Christian Marangi
fcdecb5ba4
hostapd: permit also channel 7 for 2.5GHz to be set to HT40PLUS
Also channel 7 for 2.4GHz can be set to HT40PLUS. Permit this and add it
to the list of the channels.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b1c7b1bd67)
[ rework for openwrt-22.03 ]
2023-11-09 16:20:43 +01:00
Christian Marangi
64907f3c34
hostapd: fix broke noscan option for mesh
noscan option for mesh was broken and actually never applied.

This is caused by a typo where ssid->noscan value is check instead of
conf->noscan resulting in the logic swapped and broken.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1b5ea2e199)
[ rework for openwrt-22.03 ]
2023-11-09 16:18:58 +01:00
Christian Marangi
6e77f51b3a
mac80211: fix not set noscan option for wpa_supplicant
noscan option was changed to hostapd_noscan but the entry in
wpa_supplicant was never updated resulting in the noscan option actually
never set.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 1070fbce6e)
[ rework for openwrt-22.03 ]
2023-11-09 16:15:51 +01:00
Josef Schlehofer
f6fa7b5d43 openssl: update to version 1.1.1w
Fixes CVE:
CVE-2023-4807 [1]

[1]  https://mta.openssl.org/pipermail/openssl-announce/2023-September/000273.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2023-09-29 11:56:24 +02:00
Hauke Mehrtens
0a1dc007e4
treewide: Add extra CPE identifier
This adds some Common Platform Enumerations (CPE) identifiers which I
found.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-09-27 22:33:09 +02:00
Alexander Couzens
3a7143fc5a packages: assign PKG_CPE_ID for all missing packages
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has CPE id.

Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2023-09-27 17:29:14 +02:00
Felix Fietkau
8da4e8fb56 mt76: update to the latest version from the 22.03 branch
bdf8ea717007 mt76: mt7921: don't assume adequate headroom for SDIO headers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-09-12 09:16:42 +02:00
Rafał Miłecki
aeb1221784 urngd: update to the latest master
7aefb47 jitterentropy-rngd: update to the v1.2.0

What's interesting about jitterentropy-rngd v1.2.0 release is that it
bumps its copy of jitterentropy-library from v2.2.0 to the v3.0.0. That
bump includes a relevant commit 3130cd9 ("replace LSFR with SHA-3 256").

When initializing entropy jent calculates time delta. Time values are
obtained using clock_gettime() + CLOCK_REALTIME. There is no guarantee
from CLOCK_REALTIME of unique values and slow devices often return
duplicated ones.

A switch from jent_lfsr_time() to jent_hash_time() resulted in many less
cases of zero delta and avoids ECOARSETIME.

Long story short: on some system this fixes:
[    6.722725] urngd: jent-rng init failed, err: 2

This is important change for BCM53573 which doesn't include hwrng and
seems to have arch_timer running at 36,8 Hz.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c74b5e09e6)
2023-08-28 16:36:08 +02:00
Rafał Miłecki
687004139b uboot-bcm4908: update to the latest generic
4435700d18 Remove redundant YYLOC global declaration

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 57a8ea6d74)
2023-08-28 16:36:00 +02:00
Felix Fietkau
76b1e564d2 mt76: update to the latest version from the 22.03 branch
94eb0bc1374d wifi: mt76: testmode: use random payload for tx packets
f8ece810002b wifi: mt76: add rx_check callback for usb devices
67fbdb7bed90 wifi: mt76: mt7921e: fix race issue between reset and suspend/resume
a9b09dd2715f wifi: mt76: mt7921s: fix race issue between reset and suspend/resume
ee3eb0d6d52e wifi: mt76: mt7921u: fix race issue between reset and suspend/resume
9706ccef5447 wifi: mt76: mt7921u: remove unnecessary MT76_STATE_SUSPEND
74a29eb4f714 wifi: mt76: mt7921: move mt7921_rx_check and mt7921_queue_rx_skb in mac.c
f49e06c4cfce wifi: mt76: sdio: fix the deadlock caused by sdio->stat_work
322656141fa4 wifi: mt76: sdio: poll sta stat when device transmits data
dee0a3cbfb03 wifi: mt76: mt7915: fix an uninitialized variable bug
9dd7be2c5164 wifi: mt76: mt7921: fix use after free in mt7921_acpi_read()
0ad02c9a4512 wifi: mt76: sdio: add rx_check callback for sdio devices
fe85e5ccbaca wifi: mt76: sdio: fix transmitting packet hangs
206c7ebd7464 wifi: mt76: mt7615: add mt7615_mutex_acquire/release in mt7615_sta_set_decap_offload
bf79f5d73e4f wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup
c4132ab0bea2 wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv
52eec74986cf wifi: mt76: mt7663s: add rx_check callback
019ef069e754 wifi: mt76: mt76_usb.mt76u_mcu.burst is always false remove related code
0a392ca03db8 wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_[start, stop]_ap
fbb3554b6236 wifi: mt76: mt7921: add mt7921_mutex_acquire at mt7921_sta_set_decap_offload
b55a4eb2ee21 wifi: mt76: mt7921: fix the firmware version report
2d72c9a74011 wifi: mt76: move move mt76_sta_stats to mt76_wcid
873365b06c5c wifi: mt76: add PPDU based TxS support for WED device
0c64a80a61c2 wifi: mt76: connac: fix in comment
d11f971a452e wifi: mt76: mt7921: get rid of the false positive reset
2ac22300c7ac wifi: mt76: mt7915: fix mcs value in ht mode
5e45533e4ba2 wifi: mt76: fix uninitialized pointer in mt7921_mac_fill_rx
e06376af21dd wifi: mt76: mt7915: do not check state before configuring implicit beamform
0c0bda4aea05 wifi: mt76: mt7921: reset msta->airtime_ac while clearing up hw value
cddc4b43ea93 wifi: mt76: mt7921e: fix rmmod crash in driver reload test
ebbd68842ee0 wifi: mt76: mt7921: introduce Country Location Control support
763a1d90133b wifi: mt76: mt7921e: fix random fw download fail
e4fa68a9b3b3 linux-firmware: update firmware for MT7921 WiFi device
60fcf08fe659 linux-firmware: update firmware for MT7921 WiFi device
9d601f4eee8f linux-firmware: update firmware for MT7922 WiFi device
e49b6063fb4b wifi: mt76: move mt76_rate_power from core to mt76x02 driver code
3f27f6adb1ab wifi: mt76: mt76x02: simplify struct mt76x02_rate_power
c07f3d2d5ede wifi: mt76: mt7921: fix antenna signal are way off in monitor mode
9059a5de3bd0 wifi: mt76: Remove unused inline function mt76_wcid_mask_test()
d75f15ddeb90 wifi: mt76: mt7915: fix bounds checking for tx-free-done command
06df7e689294 wifi: mt76: mt7915: reserve 8 bits for the index of rf registers
ad3d0f8db00b wifi: mt76: mt7915: rework eeprom tx paths and streams init
66065073177b wifi: mt76: mt7915: deal with special variant of mt7916
b0114a0abb57 wifi: mt76: mt7915: rework testmode tx antenna setting
6dee964e1f36 wifi: mt76: connac: introduce mt76_connac_spe_idx()
48c116d92939 wifi: mt76: mt7915: add spatial extension index support
db6db4ded0fd wifi: mt76: mt7915: set correct antenna for radar detection on MT7915D
2b8f56a72d76 wifi: mt76: mt7915: fix mt7915_mac_set_timing()
d554a02554db wifi: mt76: mt7915: move wed init routines in mmio.c
676b10bb203f mt76: mt76x02: fix vht rate power array overrun
7df5b4514721 Revert "mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD"
1b80532eb55f wifi: mt76: mt7921: set MT_DRV_AMSDU_OFFLOAD for USB/SDIO
843955920e19 wifi: mt76: fix receiving LLC packets on mt7615/mt7915
148b7fa2329d wifi: mt76: fix rx checksum offload on mt7615/mt7915/mt7921
9dda9f709c7b wifi: mt76: mt7603: fix beacon interval after disabling a single vif
2cbd5df8cfd8 wifi: mt76: mt7603: fix tx filter/flush function
780ea78ba0ca wifi: mt76: mt7603: rework/fix rx pse hang check
283c46fd1d4f wifi: mt76: mt7603: improve watchdog reset reliablity
aa309b5c2a0a wifi: mt76: mt7603: improve stuck beacon handling
eb57b7e35f9b wifi: mt76: mt7603: add missing register initialization for MT7628
11f2efecb141 wifi: mt76: mt7603: disable A-MSDU tx support on MT7628
b144bd200519 ieee80211: add EHT 1K aggregation definitions
f27ff9a8fb63 mt76: adjust for ieee80211_is_bufferable_mmpdu API change
de38fe7d4cb3 wifi: mt76: ignore key disable commands

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2023-08-26 15:59:52 +02:00
Hauke Mehrtens
de29f15af1 openssl: bump to 1.1.1v
Major changes between OpenSSL 1.1.1u and OpenSSL 1.1.1v [1 Aug 2023]

    o Fix excessive time spent checking DH q parameter value (CVE-2023-3817)
    o Fix DH_check() excessive time with over sized modulus (CVE-2023-3446)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-08-12 11:46:51 +02:00
Hauke Mehrtens
8c7b03a2e1 firmware: intel-microcode: update to 20230808
Debian changelog:

intel-microcode (3.20230808.1) unstable; urgency=high

  * New upstream microcode datafile 20230808 (closes: #1043305)
    Mitigations for "Downfall" INTEL-SA-00828 (CVE-2022-40982),
    INTEL-SA-00836 (CVE-2023-23908) and INTEL-SA-00837 (CVE-2022-41804)
    * Updated microcodes:
      sig 0x00050653, pf_mask 0x97, 2023-03-23, rev 0x1000181, size 36864
      sig 0x00050654, pf_mask 0xb7, 2023-03-06, rev 0x2007006, size 44032
      sig 0x00050656, pf_mask 0xbf, 2023-03-17, rev 0x4003604, size 38912
      sig 0x00050657, pf_mask 0xbf, 2023-03-17, rev 0x5003604, size 38912
      sig 0x0005065b, pf_mask 0xbf, 2023-03-21, rev 0x7002703, size 30720
      sig 0x000606a6, pf_mask 0x87, 2023-03-30, rev 0xd0003a5, size 297984
      sig 0x000706e5, pf_mask 0x80, 2023-02-26, rev 0x00bc, size 113664
      sig 0x000806c1, pf_mask 0x80, 2023-02-27, rev 0x00ac, size 111616
      sig 0x000806c2, pf_mask 0xc2, 2023-02-27, rev 0x002c, size 98304
      sig 0x000806d1, pf_mask 0xc2, 2023-02-27, rev 0x0046, size 103424
      sig 0x000806e9, pf_mask 0xc0, 2023-02-22, rev 0x00f4, size 106496
      sig 0x000806e9, pf_mask 0x10, 2023-02-23, rev 0x00f4, size 105472
      sig 0x000806ea, pf_mask 0xc0, 2023-02-23, rev 0x00f4, size 105472
      sig 0x000806eb, pf_mask 0xd0, 2023-02-23, rev 0x00f4, size 106496
      sig 0x000806ec, pf_mask 0x94, 2023-02-26, rev 0x00f8, size 106496
      sig 0x000806f8, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1, size 572416
      sig 0x000806f7, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
      sig 0x000806f6, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
      sig 0x000806f5, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
      sig 0x000806f4, pf_mask 0x87, 2023-05-09, rev 0x2b0004b1
      sig 0x000806f8, pf_mask 0x10, 2023-05-15, rev 0x2c000271, size 605184
      sig 0x000806f6, pf_mask 0x10, 2023-05-15, rev 0x2c000271
      sig 0x000806f5, pf_mask 0x10, 2023-05-15, rev 0x2c000271
      sig 0x000806f4, pf_mask 0x10, 2023-05-15, rev 0x2c000271
      sig 0x00090672, pf_mask 0x07, 2023-04-18, rev 0x002e, size 220160
      sig 0x00090675, pf_mask 0x07, 2023-04-18, rev 0x002e
      sig 0x000b06f2, pf_mask 0x07, 2023-04-18, rev 0x002e
      sig 0x000b06f5, pf_mask 0x07, 2023-04-18, rev 0x002e
      sig 0x000906a3, pf_mask 0x80, 2023-04-18, rev 0x042c, size 219136
      sig 0x000906a4, pf_mask 0x80, 2023-04-18, rev 0x042c
      sig 0x000906e9, pf_mask 0x2a, 2023-02-23, rev 0x00f4, size 108544
      sig 0x000906ea, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 104448
      sig 0x000906eb, pf_mask 0x02, 2023-02-23, rev 0x00f4, size 106496
      sig 0x000906ec, pf_mask 0x22, 2023-02-23, rev 0x00f4, size 105472
      sig 0x000906ed, pf_mask 0x22, 2023-02-27, rev 0x00fa, size 106496
      sig 0x000a0652, pf_mask 0x20, 2023-02-23, rev 0x00f8, size 97280
      sig 0x000a0653, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
      sig 0x000a0655, pf_mask 0x22, 2023-02-23, rev 0x00f8, size 97280
      sig 0x000a0660, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 97280
      sig 0x000a0661, pf_mask 0x80, 2023-02-23, rev 0x00f8, size 96256
      sig 0x000a0671, pf_mask 0x02, 2023-02-26, rev 0x0059, size 104448
      sig 0x000b0671, pf_mask 0x32, 2023-06-06, rev 0x0119, size 210944
      sig 0x000b06a2, pf_mask 0xe0, 2023-06-06, rev 0x4119, size 216064
      sig 0x000b06a3, pf_mask 0xe0, 2023-06-06, rev 0x4119
      sig 0x000b06e0, pf_mask 0x11, 2023-04-12, rev 0x0011, size 136192
  * source: update symlinks to reflect id of the latest release, 20230808

intel-microcode (3.20230512.1) unstable; urgency=medium

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ced2854871)
2023-08-12 11:46:51 +02:00
Hauke Mehrtens
08a78203a8 linux-firmware: update to 20230804
7be2766 (tag: 20230804) Merge branch 'rb3-update' of https://github.com/lumag/linux-firmware
66c1db8 Merge https://github.com/pkshih/linux-firmware
5046942 Mellanox: Add new mlxsw_spectrum firmware xx.2012.1012
5c7b67f linux-firmware: Add URL for latest FW binaries for NXP BT chipsets
29f185d rtw89: 8851b: update firmware to v0.29.41.1
742bf57 qcom: sdm845: add RB3 sensors DSP firmware
253cc17 amdgpu: Update DMCUB for DCN314 & Yellow Carp
07f05b0 Merge branch 'dmc-adlp_2.20-mtl_2.13' of git://anongit.freedesktop.org/drm/drm-firmware
5a251ed Merge branch 'for-upstream' of https://github.com/CirrusLogic/linux-firmware
6c8ce49 ice: add LAG-supporting DDP package
fd6e13c i915: Update MTL DMC to v2.13
41e615c i915: Update ADLP DMC to v2.20
c8424cf cirrus: Add CS35L41 firmware for Dell Oasis Models
b6ea35f copy-firmware: Fix linking directories when using compression
0a51959 copy-firmware: Fix test: unexpected operator
b602d43 qcom: sc8280xp: LENOVO: remove directory sym link
e0bad5e qcom: sc8280xp: LENOVO: Remove execute bits
59fbffa amdgpu: update VCN 4.0.0 firmware
22fb12f amdgpu: add initial SMU 13.0.10 firmware
b3f512f amdgpu: add initial SDMA 6.0.3 firmware
b1a7d76 amdgpu: add initial PSP 13.0.10 firmware
d6d655a amdgpu: add initial GC 11.0.3 firmware
c782458 Merge branch 'v2.0.21961' of https://github.com/yunfei-mtk/linux_fw_10bit
ca9086f Merge branch 'dg2_mtl_guc_70.8' of git://anongit.freedesktop.org/drm/drm-firmware
0bc3126 linux-firmware: Update AMD fam17h cpu microcode
b250b32 linux-firmware: Update AMD cpu microcode
9dfcace amdgpu: update green sardine VCN firmware
b519832 amdgpu: update renoir VCN firmware
5f569aa amdgpu: update raven VCN firmware
868bb36 amdgpu: update raven2 VCN firmware
6fa9a17 amdgpu: update Picasso VCN firmware
cd52460 amdgpu: update DMCUB to v0.0.175.0 for various AMDGPU ASICs
4ef7581 Updated NXP SR150 UWB firmware
2514504 Merge branch 'for-upstream' of https://github.com/CirrusLogic/linux-firmware
45f5ebf wfx: update to firmware 3.16.1
f41d890 mediatek: Update mt8195 SCP firmware to support 10bit mode
6f3a37f i915: update DG2 GuC to v70.8.0
0ee23bd i915: update to GuC 70.8.0 and HuC 8.5.1 for MTL
1a76e8b cirrus: Add CS35L41 firmware for ASUS ROG 2023 Models
d3f6606 Partially revert "amdgpu: DMCUB updates for DCN 3.1.4 and 3.1.5"
8917650 linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
7d9af09 linux-firmware: update firmware for MT7922 WiFi device
0bab5df Merge tag 'iwlwifi-fw-2023-06-29' of http://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
3ec3817 linux-firmware: Update firmware file for Intel Bluetooth AX203
7db3ef9 linux-firmware: Update firmware file for Intel Bluetooth AX203
5684048 linux-firmware: Update firmware file for Intel Bluetooth AX211
3f7a24e linux-firmware: Update firmware file for Intel Bluetooth AX211
eb2c745 linux-firmware: Update firmware file for Intel Bluetooth AX210
4a3ff0a linux-firmware: Update firmware file for Intel Bluetooth AX200
1d1bad4 linux-firmware: Update firmware file for Intel Bluetooth AX201
db39dff Fix qcom ASoC tglp WHENCE entry
a687f89 Merge branch 'sc8280xp-audio-fw' of git://git.kernel.org/pub/scm/linux/kernel/git/srini/linux-firmware
9e0343c check_whence: Check link targets are valid
b255f5b iwlwifi: add new FWs from core80-39 release
fa5d30b iwlwifi: update cc/Qu/QuZ firmwares for core80-39 release
f9a35b3 qcom: Add Audio firmware for SC8280XP X13s

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit bfbb5ccf7a)
2023-08-12 11:46:51 +02:00
John Audia
68c6608c2d linux-firmware: update to 20230625
Change from git log --oneline:

ee91452d (tag: 20230625) Makefile, copy-firmware: support xz/zstd compressed firmware
ad2ce8be copy-firmware: silence the last shellcheck warnings
67bf50e7 copy-firmware: drop obsolete backticks, quote
77f31a80 copy-firmware: tweak sed invocation
40fa2b20 copy-firmware: quote deskdir and dirname
77f92e0b check_whence: error if symlinks are in-tree
f2671b1f check_whence: error if File: is actually a link
4b539e7a check_whence: strip quotation marks
32693d3b linux-firmware: wilc1000: update WILC1000 firmware to v16.0
109b23c5 ice: update ice DDP wireless_edge package to 1.3.10.0
ade163aa amdgpu: DMCUB updates for DCN 3.1.4 and 3.1.5
045b2136 amdgpu: update DMCUB to v0.0.172.0 for various AMDGPU ASICs
5a1842ce Merge branch 'rb3-update' of https://github.com/lumag/linux-firmware
2f81bd9f fix broken cirrus firmware symlinks
01a7a844 qcom: Update the microcode files for Adreno a630 GPUs.
94120467 qcom: sdm845: rename the modem firmware
1c599488 qcom: sdm845: update remoteproc firmware
1cd1c871 rtl_bt: Update RTL8852A BT USB firmware to 0xDAC7_480D
55e74485 rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225
9dbd8ec2 amdgpu: DMCUB updates for various AMDGPU asics
9a47adc7 Merge branch 'mtl_huc_v8.5.0' of git://anongit.freedesktop.org/drm/drm-firmware
eb3ae841 linux-firmware: update firmware for MT7922 WiFi device
5ce06b9e linux-firmware: update firmware for MT7921 WiFi device
2c50361c linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
185f49df linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
05f94af7 Merge branch 'v2.0.21478' of https://github.com/yunfei-mtk/linux_fw_scp
5de33fb4 i915: Add HuC v8.5.0 for MTL
795aea91 mediatek: Update mt8195 SCP firmware to support hevc
fc90c59b Merge branch 'db410c' of https://github.com/lumag/linux-firmware
9d4c9a52 qcom: apq8016: add Dragonboard 410c WiFi and modem firmware
1f9667eb Merge branch 'for-upstream' of http://git.chelsio.net/pub/git/linux-firmware
b544e2b0 Merge branch 'for-upstream' of https://github.com/CirrusLogic/linux-firmware
244d6b5c cirrus: Add firmware for new Asus ROG Laptops
d11ae984 brcm: Add symlinks from Pine64 devices to AW-CM256SM.txt
1c513ec7 amdgpu: Update GC 11.0.1 and 11.0.4
8449fcd0 Merge https://github.com/pkshih/linux-firmware
c10facaf rtw89: 8851b: add firmware v0.29.41.0
1ba3519e Merge branch 'dev-queue' of git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/firmware
2e775450 amdgpu: update yellow carp firmware for amd.5.5 release
5eccb3c1 amdgpu: update navi14 firmware for amd.5.5 release
c70d3c3b amdgpu: update navi12 firmware for amd.5.5 release
0e4f17cc amdgpu: update vega20 firmware for amd.5.5 release
413348f3 amdgpu: update vega12 firmware for amd.5.5 release
c167587d amdgpu: update navi10 firmware for amd.5.5 release
3c98630a amdgpu: update vega10 firmware for amd.5.5 release
d13ef0cb amdgpu: update PSP 13.0.11 firmware for amd.5.5 release
31f8f526 amdgpu: update GC 11.0.4 firmware for amd.5.5 release
f0ce7026 amdgpu: update SDMA 6.0.1 firmware for amd.5.5 release
47424464 amdgpu: update PSP 13.0.4 firmware for amd.5.5 release
60dc78a7 amdgpu: update GC 11.0.1 firmware for amd.5.5 release
ba70041c amdgpu: update 13.0.8 firmware for amd.5.5 release
9c48881f amdgpu: update GC 10.3.7 firmware for amd.5.5 release
bb4d7250 amdgpu: update vangogh firmware for amd.5.5 release
102a4138 amdgpu: update VCN 4.0.4 firmware for amd.5.5 release
a7fe4aa1 amdgpu: update SMU 13.0.7 firmware for amd.5.5 release
80b2d561 amdgpu: update PSP 13.0.7 firmware for amd.5.5 release
a5d7b4df amdgpu: update GC 11.0.2 firmware for amd.5.5 release
c1db00c5 amdgpu: update renoir firmware for amd.5.5 release
683c91f7 amdgpu: update VCN 4.0.0 firmware for amd.5.5 release
39d6fcc7 amdgpu: update SMU 13.0.0 firmware for amd.5.5 release
56832557 amdgpu: update PSP 13.0.0 firmware for amd.5.5 release
ffe1a41e amdgpu: update GC 11.0.0 firmware for amd.5.5 release
72d525d7 amdgpu: update green sardine firmware for amd.5.5 release
ceba765d amdgpu: update beige goby firmware for amd.5.5 release
95eb53c9 amdgpu: update dimgrey cavefish firmware for amd.5.5 release
909cef98 amdgpu: update arcturus firmware for amd.5.5 release
91251d16 amdgpu: update vcn 3.1.2 firmware for amd.5.5 release
9eaff866 amdgpu: update psp 13.0.5 firmware for amd.5.5 release
44772528 amdgpu: update GC 10.3.6 firmware for amd.5.5 release
3bffc9f8 amdgpu: update navy flounder firmware for amd.5.5 release
3b920773 amdgpu: update sienna cichlid firmware for amd.5.5 release
84d5550e amdgpu: update aldebaran firmware for amd.5.5 release
dcd30473 amdgpu: DMCUB updates for various AMDGPU asics
c9e4034a ice: update ice DDP comms package to 1.3.40.0
601c1813 Merge https://github.com/pkshih/linux-firmware
08b854f0 rtlwifi: Add firmware v6.0 for RTL8192FU
b72c69dd rtlwifi: Update firmware for RTL8188EU to v28.0
51290942 (tag: 20230515) Merge branch 'main' of https://github.com/CirrusLogic/linux-firmware

Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit a5005508f0)
2023-08-12 11:46:51 +02:00
Hauke Mehrtens
b62dacea14 mbedtls: Update to version 2.28.4
This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.4

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d773fe5411)
2023-08-12 11:46:51 +02:00
Hauke Mehrtens
df994cce96 mbedtls: Update to version 2.28.3
This only fixes minor problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.3

The 100-fix-compile.patch patch was merged upstream, see:
https://github.com/Mbed-TLS/mbedtls/issues/6243
https://github.com/Mbed-TLS/mbedtls/pull/7013

The code style of all files in mbedtls 2.28.3 was changed. I took a new
version of the 100-x509-crt-verify-SAN-iPAddress.patch patch from this
pull request: https://github.com/Mbed-TLS/mbedtls/pull/6475

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d679b15d31)
2023-08-12 11:46:51 +02:00
Adam Bailey
c29390b0f3 lua: fix integer overflow in LNUM patch
Safely detect integer overflow in try_addint() and try_subint().
Old code relied on undefined behavior, and recent versions of GCC on x86
optimized away the if-statements.
This caused integer overflow in Lua code instead of falling back to
floating-point numbers.

Signed-off-by: Adam Bailey <aebailey@gmail.com>
(cherry picked from commit 3a2e7c30d3)
2023-08-12 11:46:51 +02:00
Etienne Champetier
503aa7f9fb dropbear: add ed25519 for failsafe key
At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...

Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.

Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 6ac61dead9)
2023-08-12 11:46:51 +02:00
Nick Hainke
681baab5a7 wolfssl: update to 5.6.3
Release Notes:
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.0-stable
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.2-stable
- https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.3-stable

Refresh patch:
- 100-disable-hardening-check.patch

Backport patch:
- 001-fix-detection-of-cut-tool-in-configure.ac.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 0e83b5e6cc)
2023-08-12 11:46:51 +02:00
Hauke Mehrtens
1dbbd0fcf2 uhttpd: update to latest git HEAD
34a8a74 uhttpd/file: fix string out of buffer range on uh_defer_script

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7a6f6b8126)
2023-08-12 11:46:51 +02:00
Hauke Mehrtens
c1181a54b0 uhttpd: update to latest Git HEAD
47561aa mimetypes: add audio/video support for apple airplay
6341357 ucode: respect all arguments passed to send()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d14559e9df)
2023-08-12 11:46:51 +02:00
Hauke Mehrtens
419218af13 kernel: bump 5.10 to 5.10.190
All patches automatically rebased.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-08-11 23:17:31 +02:00
Christian Lamparter
80a6b0a917 ipq-wifi: fix upstream board-2.bin ZTE M289F snafu
The upstream board-2.bin file in the linux-firmware.git
repository for the QCA4019 contains a packed board-2.bin
for this device for both 2.4G and 5G wifis. This isn't
something that the ath10k driver supports.

Until this feature either gets implemented - which is
very unlikely -, or the upstream boardfile is mended
(both, the original submitter and ath10k-firmware
custodian have been notified). OpenWrt will go back
and use its own bespoke boardfile. This unfortunately
means that 2.4G and on some revisions the 5G WiFi is
not available in the initramfs image for this device.

qca9984 isn't affected.

Fixes: #12886
Reported-by: Christian Heuff <christian@heuff.at>
Debugged-by: Georgios Kourachanis <geo.kourachanis@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 75505c5ec7)
2023-07-04 22:11:53 +02:00
Christian Marangi
2034387af4
netfilter: fix typo in nf-socket and nf-tproxy kconfig
Fix a typo where the wrong KCONFIG was used and fix selecting the
correct kernel config option to use these packages.

Fixes: 4f443c885d ("netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3ebebf08be)
2023-06-23 17:47:53 +02:00
Jitao Lu
70e3f4e94d openssl: passing cflags to configure
openssl sets additional cflags in its configuration script. We need to
make it aware of our custom cflags to avoid adding conflicting cflags.

Fixes: #12866
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
(cherry picked from commit 51f57e7c2d)
2023-06-17 12:56:58 +02:00
Christian Marangi
17f6001853
restool: update source.codeaurora.org repository link
source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0a1ee53235)
2023-06-11 18:58:49 +02:00
Christian Marangi
ca669b7c07
ls-dpl: update source.codeaurora.org repository link
source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 52fd8d8ba3)
2023-06-11 18:58:43 +02:00
Hannu Nyman
4a9eb94b5f bpf-headers: fix compilation with LLVM_IAS=1
Linux 5.10.178 includes backported commits that break the compilation
of bpf-headers, as the compilation gets confused which assembler to use.
Caused by Linux upstream commits just before the .178 tag:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/?h=v5.10.178

2023-04-20	kbuild: check CONFIG_AS_IS_LLVM instead of LLVM_IAS
2023-04-20	kbuild: Switch to 'f' variants of integrated assembler flag
2023-04-20	kbuild: check the minimum assembler version in Kconfig

Explicitly use LLVM_IAS=1 to fix things.

Fixes #12748

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2023-06-10 15:52:19 +02:00
Hauke Mehrtens
afb4422702 openssl: bump to 1.1.1u
Major changes between OpenSSL 1.1.1t and OpenSSL 1.1.1u [30 May 2023]

    o Mitigate for very slow `OBJ_obj2txt()` performance with gigantic
      OBJECT IDENTIFIER sub-identities.  (CVE-2023-2650)
    o Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
    o Fixed handling of invalid certificate policies in leaf certificates
      (CVE-2023-0465)
    o Limited the number of nodes created in a policy tree ([CVE-2023-0464])

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2023-06-07 22:40:46 +02:00
Alexey Bartenev
656e411454 ramips: add support for Keenetic Lite III rev. A
General specification:
SoC Type: MediaTek MT7620N (580MHz)
ROM: 8 MB SPI-NOR (W25Q64FV)
RAM: 64 MB DDR (EM6AB160TSD-5G)
Switch: MediaTek MT7530
Ethernet: 5 ports - 5×100MbE (WAN, LAN1-4)
Wireless: 2.4 GHz (MediaTek RT5390): b/g/n
Buttons: 3 button (POWER, RESET, WPS)
Slide switch: 4 position (BASE, ADAPTER, BOOSTER, ACCESS POINT)
Bootloader: U-Boot 1.1.3
Power: 9 VDC, 0.6 A

MAC in stock:
|-	+			|
| LAN 	| RF-EEPROM + 0x04	|
| WLAN	| RF-EEPROM + 0x04	|
| WAN 	| RF-EEPROM + 0x28	|

OEM easy installation
1. Use a PC to browse to http://my.keenetic.net.
2. Go to the System section and open the Files tab.
3. Under the Files tab, there will be a list of system
files. Click on the Firmware file.
4. When a modal window appears, click on the Choose File
button and upload the firmware image.
5. Wait for the router to flash and reboot.

OEM installation using the TFTP method
1. Download the latest firmware image and rename it to
klite3_recovery.bin.
2. Set up a Tftp server on a PC (e.g. Tftpd32) and place the
firmware image to the root directory of the server.
3. Power off the router and use a twisted pair cable to connect
the PC to any of the router's LAN ports.
4. Configure the network adapter of the PC to use IP address
192.168.1.2 and subnet mask 255.255.255.0.
5. Power up the router while holding the reset button pressed.
6. Wait approximately for 5 seconds and then release the
reset button.
7. The router should download the firmware via TFTP and
complete flashing in a few minutes.
After flashing is complete, use the PC to browse to
http://192.168.1.1 or ssh to proceed with the configuration.

Signed-off-by: Alexey Bartenev <41exey@proton.me>
(cherry picked from commit dc79b51533)
2023-06-03 11:49:04 +02:00
Tianling Shen
ce32068bf2 ca-certificates: Update to version 20230311
Update the ca-certificates and ca-bundle package from version 20211016 to
version 20230311.

Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches.

Debian change-log entry [1]:
|[...]
|[ Đoàn Trần Công Danh ]
|* ca-certificates: compat with non-GNU mktemp (closes: #1000847)
|
|[ Ilya Lipnitskiy ]
|* certdata2pem.py: use UTC time when checking cert validity
|
|[ Julien Cristau ]
|* Update Mozilla certificate authority bundle to version 2.60
|   The following certificate authorities were added (+):
|   + "Autoridad de Certificacion Firmaprofesional CIF A62634068"
|   + "Certainly Root E1"
|   + "Certainly Root R1"
|   + "D-TRUST BR Root CA 1 2020"
|   + "D-TRUST EV Root CA 1 2020"
|   + "DigiCert TLS ECC P384 Root G5"
|   + "DigiCert TLS RSA4096 Root G5"
|   + "E-Tugra Global Root CA ECC v3"
|   + "E-Tugra Global Root CA RSA v3"
|   + "HARICA TLS ECC Root CA 2021"
|   + "HARICA TLS RSA Root CA 2021"
|   + "HiPKI Root CA - G1"
|   + "ISRG Root X2"
|   + "Security Communication ECC RootCA1"
|   + "Security Communication RootCA3"
|   + "Telia Root CA v2"
|   + "TunTrust Root CA"
|   + "vTrus ECC Root CA"
|   + "vTrus Root CA"
|  The following certificate authorities were removed (-):
|  - "Cybertrust Global Root" (expired)
|  - "EC-ACC"
|  - "GlobalSign Root CA - R2" (expired)
|  - "Hellenic Academic and Research Institutions RootCA 2011"
|  - "Network Solutions Certificate Authority"
|  - "Staat der Nederlanden EV Root CA" (expired)
|* Drop trailing space from debconf template causing misformatting
|  (closes: #980821)
|
|[ Wataru Ashihara ]
|* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244)
|[...]

[1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7c83b6ac86)
2023-05-28 19:51:52 +02:00
Christian Lamparter
f4e4f5553d firmware: intel-microcode: update to 20230512
Debian changelog:

intel-microcode (3.20230512.1) unstable; urgency=medium

  * New upstream microcode datafile 20230512 (closes: #1036013)
    * Includes fixes or mitigations for an undisclosed security issue
    * New microcodes:
      sig 0x000906a4, pf_mask 0x40, 2022-10-12, rev 0x0004, size 115712
      sig 0x000b06e0, pf_mask 0x01, 2022-12-19, rev 0x0010, size 134144
    * Updated microcodes:
      sig 0x00050653, pf_mask 0x97, 2022-12-21, rev 0x1000171, size 36864
      sig 0x00050654, pf_mask 0xb7, 2022-12-21, rev 0x2006f05, size 44032
      sig 0x00050656, pf_mask 0xbf, 2022-12-21, rev 0x4003501, size 37888
      sig 0x00050657, pf_mask 0xbf, 2022-12-21, rev 0x5003501, size 37888
      sig 0x0005065b, pf_mask 0xbf, 2022-12-21, rev 0x7002601, size 29696
      sig 0x000606a6, pf_mask 0x87, 2022-12-28, rev 0xd000390, size 296960
      sig 0x000706e5, pf_mask 0x80, 2022-12-25, rev 0x00ba, size 113664
      sig 0x000806a1, pf_mask 0x10, 2023-01-13, rev 0x0033, size 34816
      sig 0x000806c1, pf_mask 0x80, 2022-12-28, rev 0x00aa, size 110592
      sig 0x000806c2, pf_mask 0xc2, 2022-12-28, rev 0x002a, size 97280
      sig 0x000806d1, pf_mask 0xc2, 2022-12-28, rev 0x0044, size 102400
      sig 0x000806e9, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806e9, pf_mask 0x10, 2023-01-02, rev 0x00f2, size 105472
      sig 0x000806ea, pf_mask 0xc0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806eb, pf_mask 0xd0, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000806ec, pf_mask 0x94, 2022-12-26, rev 0x00f6, size 105472
      sig 0x000806f8, pf_mask 0x87, 2023-03-13, rev 0x2b000461, size 564224
      sig 0x000806f7, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f6, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f5, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f4, pf_mask 0x87, 2023-03-13, rev 0x2b000461
      sig 0x000806f8, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1, size 595968
      sig 0x000806f6, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000806f5, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000806f4, pf_mask 0x10, 2023-02-14, rev 0x2c0001d1
      sig 0x000906a3, pf_mask 0x80, 2023-02-14, rev 0x042a, size 218112
      sig 0x000906a4, pf_mask 0x80, 2023-02-14, rev 0x042a
      sig 0x000906e9, pf_mask 0x2a, 2022-12-26, rev 0x00f2, size 108544
      sig 0x000906ea, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
      sig 0x000906eb, pf_mask 0x02, 2022-12-26, rev 0x00f2, size 105472
      sig 0x000906ec, pf_mask 0x22, 2023-01-12, rev 0x00f2, size 104448
      sig 0x000906ed, pf_mask 0x22, 2023-02-05, rev 0x00f8, size 104448
      sig 0x000a0652, pf_mask 0x20, 2022-12-27, rev 0x00f6, size 96256
      sig 0x000a0653, pf_mask 0x22, 2023-01-01, rev 0x00f6, size 97280
      sig 0x000a0655, pf_mask 0x22, 2022-12-26, rev 0x00f6, size 96256
      sig 0x000a0660, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 97280
      sig 0x000a0661, pf_mask 0x80, 2022-12-26, rev 0x00f6, size 96256
      sig 0x000a0671, pf_mask 0x02, 2022-12-25, rev 0x0058, size 103424
      sig 0x000b0671, pf_mask 0x32, 2023-02-06, rev 0x0113, size 207872
      sig 0x000b06a2, pf_mask 0xc0, 2023-02-22, rev 0x4112, size 212992
      sig 0x000b06a3, pf_mask 0xc0, 2023-02-22, rev 0x4112
  * source: update symlinks to reflect id of the latest release, 20230512

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Tue, 16 May 2023 00:13:02 -0300

intel-microcode (3.20230214.1) unstable; urgency=medium

  * Non-maintainer upload.
  * New upstream microcode datafile 20230214
    - Includes Fixes for: (Closes: #1031334)
       - INTEL-SA-00700: CVE-2022-21216
       - INTEL-SA-00730: CVE-2022-33972
       - INTEL-SA-00738: CVE-2022-33196
       - INTEL-SA-00767: CVE-2022-38090
  * New Microcodes:
    sig 0x000806f4, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f4, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f5, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f5, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f6, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f6, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f7, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170
    sig 0x000806f8, pf_mask 0x10, 2022-12-19, rev 0x2c000170, size 600064
    sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181
    sig 0x000806f8, pf_mask 0x87, 2022-12-27, rev 0x2b000181, size 561152
    sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e
    sig 0x000b06a2, pf_mask 0xc0, 2022-12-08, rev 0x410e, size 212992
    sig 0x000b06a3, pf_mask 0xc0, 2022-12-08, rev 0x410e
  * Updated Microcodes:
    sig 0x00050653, pf_mask 0x97, 2022-08-30, rev 0x1000161, size 36864
    sig 0x00050656, pf_mask 0xbf, 2022-08-26, rev 0x4003303, size 37888
    sig 0x00050657, pf_mask 0xbf, 2022-08-26, rev 0x5003303, size 37888
    sig 0x0005065b, pf_mask 0xbf, 2022-08-26, rev 0x7002503, size 29696
    sig 0x000606a6, pf_mask 0x87, 2022-10-09, rev 0xd000389, size 296960
    sig 0x000606c1, pf_mask 0x10, 2022-09-23, rev 0x1000211, size 289792
    sig 0x000706a1, pf_mask 0x01, 2022-09-16, rev 0x003e, size 75776
    sig 0x000706a8, pf_mask 0x01, 2022-09-20, rev 0x0022, size 76800
    sig 0x000706e5, pf_mask 0x80, 2022-08-31, rev 0x00b8, size 113664
    sig 0x000806a1, pf_mask 0x10, 2022-09-07, rev 0x0032, size 34816
    sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x00090672, pf_mask 0x07, 2023-01-04, rev 0x002c, size 219136
    sig 0x00090675, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429
    sig 0x000906a3, pf_mask 0x80, 2023-01-11, rev 0x0429, size 218112
    sig 0x000906a4, pf_mask 0x80, 2023-01-11, rev 0x0429
    sig 0x000906c0, pf_mask 0x01, 2022-09-02, rev 0x24000024, size 20480
    sig 0x000a0671, pf_mask 0x02, 2022-08-31, rev 0x0057, size 103424
    sig 0x000b0671, pf_mask 0x32, 2022-12-19, rev 0x0112, size 207872
    sig 0x000b06f2, pf_mask 0x07, 2023-01-04, rev 0x002c
    sig 0x000b06f5, pf_mask 0x07, 2023-01-04, rev 0x002c

 -- Tobias Frost <tobi@debian.org>  Sun, 12 Mar 2023 18:16:50 +0100

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 8182c7edcb)
2023-05-27 22:05:14 +02:00
Linhui Liu
2c96dd6d4b firmware: intel-microcode: update to 20221108
Changelog:
  * New Microcodes:
    sig 0x000606c1, pf_mask 0x10, 2022-08-07, rev 0x1000201, size 286720
    sig 0x000b0671, pf_mask 0x32, 2022-09-07, rev 0x010e, size 204800

  * Updated Microcodes:
    sig 0x000706e5, pf_mask 0x80, 2022-08-02, rev 0x00b6, size 113664
    sig 0x000806c1, pf_mask 0x80, 2022-06-28, rev 0x00a6, size 110592
    sig 0x000806d1, pf_mask 0xc2, 2022-06-28, rev 0x0042, size 102400
    sig 0x000806ec, pf_mask 0x94, 2022-07-31, rev 0x00f4, size 105472
    sig 0x00090661, pf_mask 0x01, 2022-07-15, rev 0x0017, size 20480
    sig 0x00090672, pf_mask 0x07, 2022-09-19, rev 0x0026, size 218112
    sig 0x00090675, pf_mask 0x07, 2022-09-19, rev 0x0026
    sig 0x000b06f2, pf_mask 0x07, 2022-09-19, rev 0x0026
    sig 0x000b06f5, pf_mask 0x07, 2022-09-19, rev 0x0026
    sig 0x000906a3, pf_mask 0x80, 2022-09-19, rev 0x0424, size 217088
    sig 0x000906a4, pf_mask 0x80, 2022-09-19, rev 0x0424
    sig 0x000906ed, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 104448
    sig 0x000a0652, pf_mask 0x20, 2022-07-31, rev 0x00f4, size 96256
    sig 0x000a0653, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 97280
    sig 0x000a0655, pf_mask 0x22, 2022-07-31, rev 0x00f4, size 96256
    sig 0x000a0660, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 97280
    sig 0x000a0661, pf_mask 0x80, 2022-07-31, rev 0x00f4, size 96256
    sig 0x000a0671, pf_mask 0x02, 2022-08-02, rev 0x0056, size 103424

We need to update to this version because
https://ftp.debian.org/debian/pool/non-free/i/intel-microcode/intel-microcode_3.20220809.1.tar.xz
has been removed.

Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
(cherry picked from commit 340d3d84dc)
2023-05-27 22:05:14 +02:00
Christian Lamparter
3235300903 ipq-wifi: drop custom board-2.bins
The BDFs for all boards were upstreamed to the ath10k-firmware
repository and linux-firmware.git.

We switched to the upstream board-2.bin, hence the files can be removed
here.

Keep the ipq-wifi package in case new boards are added. It might take
some time till board-2.bins send upstream are merged.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-27 22:05:14 +02:00
Christian Lamparter
b5a5751706 ipq40xx: R619AC: replace space with - separator in variant string
Kalle:
"I see that variant has a space in it, does that work it correctly? My
original idea was that spaces would not be allowed, but didn't realise
to add a check for that."

Is this an easy change? Because the original author (Tim Davis) noted:
"You may substitute the & and space with something else saner if they
prove to be problematic."

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 3b3eaf31cb)
2023-05-27 22:05:14 +02:00
Daniel Golle
728afd14fa linux-firmware: move firmware file for mt7601u
The firmware file for mt7601u (MediaTek MT7601U Wireless MACs) has
been moved to the mediatek/ folder by commit
 8451c2b1 mt76xx: Move the old Mediatek WiFi firmware to mediatek

Address this by updating the location of the firmware file in our
linux-firmware Makefile generating the mt7601u-firmware package.

All other MediaTek Wi-Fi firmware files are supplied by OpenWrt's
own repository rather than being taken from linux-firmware.

Fixes: d53fe5d9ce ("linux-firmware: update to 20230515")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d26ecbcf95)
2023-05-27 22:05:14 +02:00
Daniel Golle
9466152ea8 linux-firmware: update to 20230515
Changes since 20230515:
51290942 Merge branch 'main' of https://github.com/CirrusLogic/linux-firmware
cc628d65 cirrus: Add firmware and tuning files for HP G10 series laptops
905d3265 linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
d1962891 WHENCE: Cleanup Realtek BT firmware provenance
6569484e linux-firmware: update firmware for MT7922 WiFi device
7d639e80 cnm: update chips&media wave521c firmware.
b8a56bf2 cirrus: Add firmware and tuning files for Lenovo ThinkPad P1 Gen 6
6c9e0ed5 check_whence: error on directory listed as File
05183b7b check_whence: error on duplicate file entries
c4423c91 WHENCE: comment out duplicate MediaTek firmware
2bc50f50 Merge branch 'mtl_guc_70.6.6' of git://anongit.freedesktop.org/drm/drm-firmware
192ee6d1 i915: Add GuC v70.6.6 for MTL
312c61f5 amdgpu: update DCN 3.1.6 DMCUB firmware
0061a2dd rtl_bt: Update RTL8852B BT USB firmware to 0xDBC6_B20F
1de22a39 rtl_bt: Update RTL8761B BT USB firmware to 0xDFC6_D922
dee0d4cd rtl_bt: Update RTL8761B BT UART firmware to 0x9DC6_D922
fab14965 Group all Conexant V4L devices together
e88bdbe4 rtl_nic: update firmware of USB devices
6536a964 linux-firmware: Update firmware file for Intel Bluetooth AX200
2ca17876 linux-firmware: Update firmware file for Intel Bluetooth AX201
7610656f linux-firmware: Update firmware file for Intel Bluetooth AX203
209ba083 linux-firmware: Update firmware file for Intel Bluetooth AX203
a2739f05 linux-firmware: Update firmware file for Intel Bluetooth AX211
1ee587d5 linux-firmware: Update firmware file for Intel Bluetooth AX211
40ba7eee linux-firmware: Update firmware file for Intel Bluetooth AX210
bcbbf6bf linux-firmware: update firmware for MT7981
507ee862 Merge branch 'main' of github.com:sampathnimmmala/bt_firmware
2c6be1a4 qca: Update firmware files for BT chip WCN6750
8451c2b1 mt76xx: Move the old Mediatek WiFi firmware to mediatek
53e48f93 rtl_bt: Add firmware and config files for RTL8851B
69143e8e linux-firmware: Update AMD cpu microcode
1c942e46 Merge branch 'for-upstream' of https://github.com/CirrusLogic/linux-firmware
45530bcb linux-firmware: add firmware for MT7981
0d02ce69 linux-firmware: update firmware for MT7921 WiFi device
2deb2d30 linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
9fdb844b linux-firmware: update qat firmware
74afc00d linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops
86da2ac9 Merge https://github.com/pkshih/linux-firmware
5d0d24b3 linux-firmware: update firmware for MT7916
0aea9cdf Merge branch 'ath10k-20230405' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/linux-firmware
9f7502f1 rtw89: 8852b: update format-1 fw to v0.29.29.1
b9c8e9f7 rtw89: 8852c: update fw to v0.27.56.13
d1dc3048 ath11k: WCN6855 hw2.0: update board-2.bin
8115bd84 ath11k: WCN6750 hw1.0: update to WLAN.MSL.1.0.1-01160-QCAMSLSWPLZ-1
7d2ab030 ath11k: QCN9074 hw1.0: update to WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
b58b0869 ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
0747362d ath11k: IPQ8074 hw2.0: update board-2.bin
7262bd5d ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
aa98ffa3 ath11k: IPQ6018 hw1.0: update board-2.bin
2c67adc9 ath10k: QCA99X0 hw2.0: update board-2.bin
a5dcb441 ath10k: QCA9984 hw1.0: update board-2.bin
d0731d40 ath10k: QCA9888 hw2.0: update board-2.bin
e13fedda ath10k: QCA6174 hw3.0: update board-2.bin
465dc284 ath10k: QCA4019 hw1.0: update board-2.bin
2e92a49f nvidia: update Tu10x and Tu11x signed firmware to support newer Turing HW
00258371 linux-firmware: update firmware for MT7922 WiFi device
33d8bf79 linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
87bb6c9a Merge tag 'iwlwifi-fw-2023-03-30' of http://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
956c1163 Merge branch 'mlimonci/update-dcn-3-1-4' of https://gitlab.freedesktop.org/superm1/linux-firmware
717e62eb linux-firmware: Amphion: Update vpu firmware
7bce2920 Merge https://github.com/pkshih/linux-firmware
78a8782a iwlwifi: add new FWs from core78-32 release
a91d0e78 iwlwifi: update 9000-family firmwares to core78-32
9ee24ce0 amdgpu: Update SDMA 6.0.1 firmware
7df2a1ae amdgpu: Add PSP 13.0.11 firmware
f098803d amdgpu: Update PSP 13.0.4 firmware
2cc9a4d0 amdgpu: Update GC 11.0.1 firmware
eb13e669 amdgpu: Update DCN 3.1.4 firmware
898b7def amdgpu: Add GC 11.0.4 firmware
e40a5b63 rtw88: 8822c: Update normal firmware to v9.9.15
bcdcfbcf linux-firmware: Update firmware file for Intel Bluetooth AX101
b422cdd6 linux-firmware: Update firmware file for Intel Bluetooth 9462
3e4c3b8d linux-firmware: Update firmware file for Intel Bluetooth 9462
6fcdb8e7 linux-firmware: Update firmware file for Intel Bluetooth 9560
46384d1c linux-firmware: Update firmware file for Intel Bluetooth 9560
1d797f86 linux-firmware: Update firmware file for Intel Bluetooth AX203
53c086b3 linux-firmware: Update firmware file for Intel Bluetooth AX203
9cc9745d linux-firmware: Update firmware file for Intel Bluetooth AX211
45319be8 linux-firmware: Update firmware file for Intel Bluetooth AX211
61d58194 linux-firmware: Update firmware file for Intel Bluetooth AX210
7f490a9a Merge branch 'dmc-adlp_2.19-mtl_2.12' of git://anongit.freedesktop.org/drm/drm-firmware
dcac1477 Merge branch 'mtk-20230315' of https://github.com/tinghan-shen/linux_fw_scp
1f82dd25 linux-firmware: add firmware files for NXP BT chipsets
49ad74b3 Merge https://github.com/pkshih/linux-firmware
2c07f017 rtw89: 8852b: update format-1 fw to v0.29.29.0
b50cf920 rtw89: 8852b: add format-1 fw v0.29.26.0
416a66ca rtw89: 8852b: rollback firmware to v0.27.32.1
a18a444b i915: Update MTL DMC to v2.12
4ee236db i915: Update ADLP DMC to v2.19
d0997ff6 mediatek: Update mt8192/mt8195 SCP firmware to support MM21 and MT21
c761dbe8 Merge tag 'iwlwifi-fw-2023-03-13' of http://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
5bc279fb iwlwifi: update core69 and core72 firmwares for So device

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d53fe5d9ce)
(removed MT7981 changes)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2023-05-27 22:05:14 +02:00