Commit Graph

60725 Commits

Author SHA1 Message Date
Ulrich Stark
7cb161ae84 qualcommax: IPQ807x: ZyXEL NBG7815: Fix random Wifi MAC
For this particualar device we get random MAC's for Wifi on each (re-)boot.
This is because art partition/pre caldata do not contain valid MAC addresses.

As we have now a new/better approach with ath11k_patch_mac we can use it for
this device too.

I'm using this approach for like two weeks and its working flawlessly.

Signed-off-by: Ulrich Stark <pwned-pixel@posteo.de>

qualcommax: IPQ807x: ZyXEL NBG7815: Fix random Wifi MAC
Changing order to 3/phy0/5G-1, 2/phy1/2G, 4/phy2/5G-2.

Signed-off-by: Ulrich Stark <pwned-pixel@posteo.de>
2024-04-27 12:01:07 +02:00
Paul Donald
01cdeb531b ustp: update to Git HEAD (2023-05-29)
a85a5bc83bde netif_utils: correctly close fd on read error

Signed-off-by: Paul Donald <newtwen+github@gmail.com>
2024-04-27 11:40:04 +02:00
Ryan Salsbury
026fbd650a ipq40xx: fix USB on Aruba AP-303H
Enable USB 3.0 controller, disable USB 2.0 controller.

The USB 2.0 port on the AP-303H is actually connected to the USB 3.0
controller's HS phy. Enable the HS phy only, since the SS lanes are not
brought out to the connector.

Signed-off-by: Ryan Salsbury <ryanrs@gmail.com>
2024-04-27 11:27:32 +02:00
Ryan Salsbury
4c5cb58805
ipq40xx: use nvmem ethernet MACs on Aruba AP-303H
Use NVMEM to assign "factory sticker" MAC address to WAN ethernet
interface. Set LAN address to sticker + 1.

Signed-off-by: Ryan Salsbury <ryanrs@gmail.com>
2024-04-27 11:23:29 +02:00
Daniel Golle
a8dde7e5bd generic: 6.1, 6.6: remove patch which breaks WAN on MT7621
Importing pending patch "net: dsa: mt7530: move MT753X_MTRAP operations
for MT7530" broke WAN connectivity on most MT7621 which use PHY-muxing
to hook up either port 0 or port 4 to GMAC1.

Remove it for now until the author submits a fixed version.

Fixes: https://github.com/openwrt/openwrt/issues/15279
Fixes: https://github.com/openwrt/openwrt/issues/15273
Fixes: d40691a5fb ("generic: 6.1, 6.6: mt7530: import pending patches")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2024-04-27 03:19:03 +01:00
Stijn Tintel
2c0cec1eb0 kernel: move mv88e6xxx fix to generic backports
The backports introduced in commit d40756563c ("kernel: backport
phylink changes from mainline Linux") broke the mv88e6xxx DSA driver.
A backport to fix this was added to the kirkwood target, but as it is
used in multiple targets, and there's a kmod package for it, the fix
should be in generic backports.

This fixes the switch on the WatchGuard Firebox M300 when running the
6.1 testing kernel.

There is no need to backport the fix for the 6.6 kernel, as it was
included in 6.6.5.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2024-04-26 19:56:19 +03:00
Stijn Tintel
f434643857 perf: fix build on PowerPC
Building perf's intel-pt-decoder fails on both PPC32 and PPC64:

/home/stijn/Development/OpenWrt/openwrt/staging_dir/toolchain-powerpc64_e5500_gcc-13.2.0_musl/lib/gcc/powerpc64-openwrt-linux-musl/13.2.0/../../../../powerpc64-openwrt-linux-musl/bin/ld.bfd:
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-powerpc64_e5500_musl/linux-qoriq_generic/linux-6.1.86/tools/
perf-target-powerpc64_e5500_musl/perf-in.o: in function `insn_set_byte':
/home/stijn/Development/OpenWrt/openwrt/build_dir/target-powerpc64_e5500_musl/linux-qoriq_generic/linux-6.1.86/tools/perf/util/intel-pt-decoder/../../../arch/x86/include/asm/insn.h:64:
undefined reference to `__le32_to_cpu'

Add NO_AUXTRACE=1 to MAKE_FLAGS for LINUX_KARCH powerpc, which disables
build of intel-pt-decoder on both PPC32 and PPC64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2024-04-26 15:19:48 +03:00
Christian Marangi
f10d55df9e
ipq-wifi: update to Git HEAD (2024-04-26)
fab9e29f6b92 ipq6018: update regdb in TPLink EAP610-Outdoor BDF
6d02b65fadf3 ipq8074: update RegDB in new submitted BDF
644ba9ea2e66 ipq6018: update RegDB in new submitted BDF

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-26 13:28:09 +02:00
Christian Marangi
0bb8d68de5
ipq40xx: set DEVICE_DTS_DIR to /qcom by default
Set DEVICE_DTS_DIR to /qcom by default instead of limiting it to
TESTING_KERNEL since we moved 6.6 to default version.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-26 12:52:31 +02:00
Christian Marangi
b0dae2098a
ipq806x: set DEVICE_DTS_DIR to /qcom by default
Set DEVICE_DTS_DIR to /qcom by default instead of limiting it to
TESTING_KERNEL since we moved 6.6 to default version.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-26 12:52:31 +02:00
Felix Fietkau
61c846ea7c bcm53xx: update 600-net-disable-GRO-by-default.patch after recent GRO change
Fixes build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-26 12:42:43 +02:00
Christian Marangi
2d5509f529
ipq40xx: drop 6.1 support
Drop support for ipq40xx for kernel 6.1.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-26 12:30:42 +02:00
Christian Marangi
414646ef6c
ipq40xx: switch default to 6.6
Switch default kernel version for ipq40xx to 6.6.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-26 12:30:01 +02:00
Christian Marangi
a04b7cbc40
ipq806x: drop 6.1 support
Drop support for ipq806x for kernel 6.1.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-26 12:27:21 +02:00
Christian Marangi
fd36d4a7ab
ipq806x: switch default to 6.6
Switch default kernel version for ipq806x to 6.6.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2024-04-26 12:26:53 +02:00
Felix Fietkau
366544083e ath79: update 900-unaligned_access_hacks.patch after recent GRO change
Fixes build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-26 12:24:46 +02:00
Zoltan HERPAI
4e9f0e5be4 sunxi: update the 6.6 DTS_DIR hack
Update and simplify the 6.1 vs. 6.6 DTS_DIR hack until 6.1 support is gone.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-04-26 11:07:43 +02:00
Felix Fietkau
7ebcf2fb9c netifd: add flow steering mode to the packet steering script
This allows directing processing of locally received packets to the CPUs
of the tasks receiving them

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-26 06:31:27 +02:00
Felix Fietkau
c4d394c6cc netifd: add a packet steering mode matching the old script
This spreads packet processing across all cores

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-26 06:31:27 +02:00
Felix Fietkau
b5c53848c3 kernel: improve GRO performance
For packets not belonging to a local socket, use fraglist GRO instead of
regular GRO. This make segmenting packets very cheap and avoids the need for
selectively disabling GRO

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-26 06:31:27 +02:00
Felix Fietkau
98834a4c3f kernel: backport flow offload pppoe fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2024-04-26 06:31:27 +02:00
Michael Pratt
1991bfb814 tools/elfutils: refresh portability patch for macOS
Quilt refresh combined two sets of changes to the same file.

The switch from using libgen.h to dirname.h because of function poisoning
from gnulib's import of basename() was added as a new patch hunk instead
of an edit to the original one.

The original patch hunk was to fix build errors on an earlier version of
elfutils before the "dirname" module was being imported to fix further
build errors with the 0.191 version.

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Michael Pratt
ddb7177c57 tools/elfutils: remove no-op copy of tdestroy()
A false tdestroy() function was added in order to make elfutils build on
macOS again. A previous commit added declarations for a real version of
tdestroy() into gnulib, which is already imported, as well as the
preprocessor flags and the triggers for the Makefile.am conditional in
order to include the source to be built.

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Michael Pratt
20ed56ec8b tools/elfutils: use locally declared static reallocarray()
On macOS, stdlib.h in the standard include paths does not provide
reallocarray() while both elfutils and gnulib do, however they are
declared differently, leading to an error:

  ./system.h:101:1: error: static declaration of 'reallocarray' follows non-static declaration
  reallocarray (void *ptr, size_t nmemb, size_t size)

A normal "configure && make" build cycle results in both declarations
being enabled as a result of both elfutils and gnulib having completely
separate configure checks where gnulib uses an internal placeholder symbol
HAVE_REALLOCARRAY, and elfutils uses a standard autoconf macro
HAVE_DECL_REALLOCARRAY.

Fix this by excluding the import of the reallocarray module which causes
gnulib checks in the configure stage to not even consider whether to
declare reallocarray later on, so the decision is only between the
standard include stdlib.h and the elfutils header.

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Michael Pratt
43be319823 tools/elfutils: organize gnulib import build stage
Organize the Makefile lines involved in gnulib importing and its
workarounds. It improves readability and keeps git history organized.

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Michael Pratt
7a4df7825e tools/elfutils: override SUBDIRS variable of Makefile
Instead of editing the SUBDIRS variable with a patch, it can be overriden
at the end of the command line when invoking Make.

This tool has a series of recursive Makefiles in each subdirectory,
therefore SUBDIRS is set to a pattern of Make functions so that the result
is variable depending on the current subdirectory that Make is being
invoked in.

It's not necessary to have gnulib-cache.m4 in EXTRA_DIST since we don't
need to re-import after packaging this in the SDK, so get rid of the
entire patch hunk for ./Makefile.am

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Tony Ambardar
b6f025b424 tools/elfutils: update to 1.91
Release Notes:
https://sourceware.org/pipermail/elfutils-devel/2024q1/006876.html

Manually refresh:
- 100-portability.patch

Change:
- replace libgen.h with gnulib "dirname" module for compilation errors:
    In file included from ./../libdw/libdwP.h:38,
                     from eblobjnote.c:42:
    /usr/include/libgen.h:35:9: error: attempt to use poisoned "basename"
       35 | #define basename        __xpg_basename
          |         ^

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Co-Developed-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Michael Pratt
44625e9d95 tools/coreutils: update to 9.5
Update to latest stable release.

The following commits in gnulib caused a conflict in locally bootstrapped
coreutils with stable gnulib:

  8f4b4e52c991de2233b471f8e35a068866b31f01
  2749234203959df8d72cd8638d4e00a9fff450db

A module (strftime) was marked deprecated and replaced by another module
(nstrftime) in the version of gnulib that coreutils was released with
compared to the stable branch that we use for importing. Conflicts from
the previous version of coreutils are now gone, so other imported headers
are now good.

Refresh patch:
 - 000-bootstrap.patch

Remove upstreamed patch:
 - 001-bootstrap-sync.patch

Link: https://lists.gnu.org/archive/html/coreutils/2024-03/msg00132.html
Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Michael Pratt
0489436506 tools/coreutils: update to 9.4
Update to latest stable release.

Add configure option to disable support for the Year 2038 problem.
(for now, as some versions of GCC do not yet support it)

Syncing bootstrap script fails, backport an upstream patch which can be
removed at next coreutils update.

Several headers from the stable gnulib branch cause build failure because
the changes in the imported versions are incompatible with the Makefile
that gets generated for coreutils. This version of coreutils was released
after being bootstrapped and autoreconf'ed with a significantly different
version of gnulib compared to our local gnulib, so skip importing them
(and restore the backup).

While at it, organize restoring the originally shipped version of files
into a Make foreach function.

Refresh patch:
- 000-bootstrap.patch

New patch:
- 001-bootstrap-sync.patch

Link: https://lists.gnu.org/archive/html/coreutils/2023-08/msg00099.html
Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Michael Pratt
41bc16dcc4 tools/bison: hardcode path to m4 with STAGING_DIR_HOST
Force bison to ignore the M4 environment variable and hardcode it to the
locally built m4 during build operations using the relocatable path
variable STAGING_DIR_HOST.

This allows bison to continue to function while we are forcefully avoiding
autoreconf and other autoconf and automake-like operations by giving a
fake path to m4 with the M4 environment variable.

The specific path can still be overridden independently from the
environment within the line of invocation that runs bison by setting
STAGING_DIR_HOST within the command, so document this in the help printout.

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Tony Ambardar
098bde1f3e gettext-full: update to 0.22.5
Release Announcement:
https://savannah.gnu.org/news/?group_id=425

Refresh:
- 200-libunistring-missing-link.patch

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Michael Pratt
eb726c90be tools/gnulib: make tdestroy() fully portable
The tdestroy() function, which is a GNU extension to the standard C
library, is defined in gnulib in tsearch.c but is missing it's
corresponding declaration in search.in.h by being completely missing...

This patch is large but upstreamable, including all of the macros and
conditionals and configure checks that upstream GNU would expect for
portable support, like using the @@ placeholder/substitution method to
determine whether or not to have declarations based on whether or not
tdestroy() is already declared within the standard headers of the default
include paths.

There were also some typedefs and aliases missing, along with the warnings
and preprocessor exceptions that need to be added for consistency with the
usage of the rest of the functions in the files.

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Michael Pratt
5ade7ee60e tools/gnulib: add macros to skip reallocarray() functions
For modules that depend on the reallocarray module, like ialloc, xalloc,
and safe-alloc, it was not possible to skip importing the reallocarray
module as they all contained at least one function that called
reallocarray() and would cause build failure if the host system didn't
declare it.

This upstreamable patch adds macros that toggle whether to define
functions that depend on reallocarray() based on whether the reallocarray
module is being imported.

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Tony Ambardar
4de8c0e1d8 tools/gnulib: update to branch stable-202401
Patches refreshed automatically.

Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Michael Pratt
cdd56fc893 tools/missing-macros: add symlinks to makeinfo
There are other wrapper scripts released with makeinfo like texi2pdf which
are required by the build prerequisites of some tools, and have a similar
purpose and usage.

Let the makeinfo perl script handle all of these cases.

It's worth mentioning that "texi2any" is the actual program and "makeinfo"
is one of it's aliases. From upstream GNU:

  makeinfo: texi2any
	rm -f $@
	-$(LN_S) texi2any $@

Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Michael Pratt
5a028a8d73 host-build: fix stampfile name substitution per installed binaries
A funny bug was discovered where if the buildroot's path
has the name of the build target within it, it will also be substituted
along with the stampfile's name for each program,
causing an attempt to touch a file in a directory that doesn't exist.

...
...
touch: cannot touch '/Volumes/touch/openwrt/staging_dir/host/stamp/.touch_installed': No such file or directory
touch: cannot touch '/Volumes/ln/openwrt/staging_dir/host/stamp/.ln_installed': No such file or directory
touch: cannot touch '/Volumes/chown/openwrt/staging_dir/host/stamp/.chown_installed': No such file or directory
make[2]: *** [Makefile:50: /Volumes/coreutils/openwrt/staging_dir/host/stamp/.coreutils_installed] Error 1
...
...

Split up the path with $(dir) and $(notdir) before substitution to fix
the syntax.

Reported-by: Georgi Valkov <gvalkov@gmail.com>
Tested-by: Georgi Valkov <gvalkov@gmail.com> # MacOS
Signed-off-by: Michael Pratt <mcpratt@pm.me>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2024-04-25 21:33:51 +02:00
Tim Lunn
99eb0d0e33 uboot-envtools: add env settings for Edgerouter-X
uboot-envtools is currently missing config for Edgerouter-X
and its not immediately obvious what settings to manually
apply.

Provide default configuration for envtools on Edgerouter-X.

Signed-off-by: Tim Lunn <tim@feathertop.org>
2024-04-25 21:33:16 +02:00
Zoltan HERPAI
ee4e69cc35 sunxi: 6.6: set testing kernel
Allow selecting 6.6 as testing kernel on sunxi.

Runtime-tested:
 - Linksprite pcDuino (cortexa8)
 - Olimex A20 Micro (cortexa7)
 - Pine64 SoM (cortexa53)

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-04-25 16:34:25 +02:00
Zoltan HERPAI
7de163d58b sunxi: 6.6: refresh patches
Refresh kernel patches.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-04-25 16:34:25 +02:00
Zoltan HERPAI
82df12e98a sunxi: update image Makefile to reflect updated DTS structure in 6.6
For the ARM arch on 6.6, DTS files are moved into their vendor directories,
mimicking arm64. Reflect this in the image Makefile.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-04-25 16:34:25 +02:00
Zoltan HERPAI
9122474226 sunxi: 6.6: refresh kernel configs
Refresh kernel config.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-04-25 16:34:25 +02:00
Zoltan HERPAI
438dc54936 sunxi: 6.6: remove upstreamed patches
Remove patches that have been upstreamed.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-04-25 16:34:25 +02:00
Zoltan HERPAI
9e348da477 kernel/sunxi: Restore kernel files for v6.1
This is an automatically generated commit which aids following Kernel patch history,
as git will see the move and copy as a rename thus defeating the purpose.

See: https://lists.openwrt.org/pipermail/openwrt-devel/2023-October/041673.html
for the original discussion.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-04-25 16:34:25 +02:00
Zoltan HERPAI
3c69b9a818 kernel/sunxi: Create kernel files for v6.6 (from v6.1)
This is an automatically generated commit.

When doing `git bisect`, consider `git bisect --skip`.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-04-25 16:34:25 +02:00
Zoltan HERPAI
2d838f3f93 mxs: drop 6.1 support
Now that 6.6 is the default, remove the 6.1 config and the hack that
was required for the arm32 DTS dir change.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-04-25 14:33:22 +02:00
Zoltan HERPAI
dbe9084adb mxs: switch default to 6.6
Switch the default kernel to 6.6.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2024-04-25 14:31:59 +02:00
Martin Kennedy
84a48ce400 mpc85xx: fix address config for ws-ap3825i
In commit 6a8b831593 ("mpc85xx: p1010: change wrapper address of
simple image devices"), we adjusted the wrapper address in the recipe
code for all mpc85xx simpleimage devices, including the Extreme
Networks WS-AP3825i. However, we did not also adjust the
KERNEL_LOADADDR and KERNEL_ENTRY config values for this board. This
broke the simpleimage wrapper loader, causing GitHub issue #15237.

Adjust those config values so we go back to pointing at the right
address. We don't exactly need the memory, but it's also not exactly a
punishment in this case.

Run-tested on a ws-ap3825i.

Fixes: commit 6a8b831593 ("mpc85xx: p1010: change wrapper address of
simple image devices")

Tested-by: Martin Kennedy <hurricos@gmail.com>

Signed-off-by: Martin Kennedy <hurricos@gmail.com>
2024-04-25 03:00:17 +03:00
Linus Walleij
9c8f2d7c2d modules: Add kernel module for MV88E6xxx DSA switch
This adds a kernel module package for the Marvell
MV88E6XXX DSA switch and a separate module package for
the DSA tagger since it can in theory be used by multiple
DSA switches. Enable both DSA and EDSA tags in the
tagger.

We can't just compile this in because just a few devices
has this DSA, and it depends on e.g. the I2C and SFP
to be loaded as modules first.

We have no examples of DSA switches being packaged as
modules before, all seem to be compiled in, but it
actually works just fine to do this.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2024-04-24 23:15:58 +02:00
Hauke Mehrtens
f475a44c03 wolfssl: Update to 5.7.0
This fixes multiple security problems:
 * [High] CVE-2024-0901 Potential denial of service and out of bounds
   read. Affects TLS 1.3 on the server side when accepting a connection
   from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
   it is recommended to update the version of wolfSSL used.

 * [Med] CVE-2024-1545 Fault Injection vulnerability in
   RsaPrivateDecryption function that potentially allows an attacker
   that has access to the same system with a victims process to perform
   a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
   Zhang, Qingni Shen for the report (Peking University, The University
   of Western Australia)."

 * [Med] Fault injection attack with EdDSA signature operations. This
   affects ed25519 sign operations where the system could be susceptible
   to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
   Qingni Shen for the report (Peking University, The University of
   Western Australia).

Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-24 23:01:03 +02:00
Hauke Mehrtens
360ac07eb9 mbedtls: Update to 2.28.8
This contains a fix for:
CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x
before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto
API mishandles shared memory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2024-04-24 22:24:11 +02:00