Commit Graph

55640 Commits

Author SHA1 Message Date
Nick Hainke
4f70380ff1 libtracefs: update to 1.5.0
Changes:
93f4d52 libtracefs: version 1.5
bc857db libtracefs: Add tracefs_u{ret}probe_alloc to generic man page
db55441 libtracefs: Add tracefs_debug_dir() to generic libtracefs man page
d2d5924 libtracefs: Add test instructions for openSUSE
4a7b475 libtracefs: Fix test suite typo
ee8c644 libtracefs: Add tracefs_tracer_available() helper
799d88e libtracefs: Add API to set custom tracing directory
1bb00d1 libtracefs: allow pthread inclusion overrideable in Makefile
04651d0 libtracefs sqlhist: Allow pointers to match longs
9de59a0 libtracefs: Remove double free attempt of new_event in tracefs_synth_echo_cmd()
0aaa86a libtracefs: Fix use after free in tracefs_synth_alloc()
d2d5340 libtracefs: Add missed_events to record
9aaa8b0 libtracefs: Set the number of CPUs in tracefs_local_events_system()
56a0ba0 libtracefs: Return negative number when tracefs_filter_string_append() fails
c5f849f libtracefs: Set the long size of the tep handle in tracefs_local_events_system()
5c8103e revert: 0de961e74f96 ("libtracefs: Set visibility of parser symbols as 'internal'")

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 20:22:54 +02:00
Nick Hainke
cef2ec62ab libtraceevent: update to 1.6.3
Changes:
fda4ad9 libtraceevent: version 1.6.3
d02a61e libtraceevent: Add man pages for tep_plugin_kvm_get/put_func()
6643bf9 libtraceevent: Have kvm_exit/enter be able to show guest function
a596299 libtraceevent: Add tep_print_field() to check-manpages.sh deprecated
065c9cd libtraceevent: Add man page documentation of tep_get_sub_buffer_size()
6e18ecc libtraceevent: Add man page for tep_plugin_add_option()
6738713 libtraceevent: Add some missing functions to generic libtraceevent man page
deefe29 libtraceevent: Include meta data functions in libtraceevent man pages
cf6dd2d libtraceevent: Add tep_get_function_count() to libtraceevent man page
5bfc11e libtraceevent: Add printk documentation to libtraceevent man page
65c767b libtraceevent: Update man page to reflect tep_is_pid_registered() rename
7cd173f libtraceevent: Add check-manpages.sh
fd6efc9 libtraceevent: Documentation: Correct typo in example
5c375b0 libtraceevent: Fixing linking to C++ code
7839fc2 libtraceevent: Makefile - set LIBS as conditional assignment
c5493e7 libtraceevent: Remove double assignment of val in eval_num_arg()
efd3289 libtraceevent: Add warnings if fields are outside the event

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 20:22:54 +02:00
Nick Hainke
d327466149 popt: update to 1.19
Add patch to fix compilation:
- 100-configure.ac-remove-require-gettext-version.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 20:22:54 +02:00
Nick Hainke
04119d7cce libcap: update to 2.66
4f96e67 Up the release version to 2.66
60ff008 Fix typos in the cap_from_text.3 man page.
281b6e4 Add captrace to .gitignore file
09a2c1d Add an example of using BPF kprobing to trace capability use.
26e3a09 Clean up getpcaps code.
fc804ac getpcaps: catch PID parsing errors.
fc437fd Fix an issue with bash displaying an error.
7db9589 Some more simplifications for building
27e801b Fix for "make clean ; make -j48 test"

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 20:22:54 +02:00
Aleksander Jan Bajkowski
fbd33d6164 lantiq: enable interrupts on second VPEs
This patch is needed to handle interrupts by the second VPE on the Lantiq
ARX100, xRX200, xRX300 and xRX330 SoCs. Switching some ICU interrupts to
the second VPE results in a hang. Currently, the vsmp_init_secondary()
function is responsible for enabling these interrupts. It only enables
Malta-specific interrupts (SW0, SW1, HW4 and HW5).

The MIPS core has 8 interrupts defined. On Lantiq SoCs, hardware
interrupts are wired to an ICU instance. Each VPE has an independent
instance of the ICU. The mapping of the ICU interrupts is shown below:
SW0(IP0) - IPI call,
SW1(IP1) - IPI resched,
HW0(IP2) - ICU 0-31,
HW1(IP3) - ICU 32-63,
HW2(IP4) - ICU 64-95,
HW3(IP5) - ICU 96-127,
HW4(IP6) - ICU 128-159,
HW5(IP7) - timer.

This patch enables all interrupt lines on the second VPE.

This problem affects multithreaded SoCs with a custom interrupt controller.
SOCs with 1004Kc core and newer use the MIPS GIC. At this point, I am aware
that the Realtek RTL839x and RTL930x SoCs may need a similar fix. In the
future, this may be replaced with some generic solution.

Tested on Lantiq xRX200.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2022-10-02 20:22:54 +02:00
Alexey Kosmakov
a664d39c5b ramips: add support for SNR SNR-CPE-ME2-Lite
SNR SNR-CPE-ME2-Lite is a 2.4/5 GHz band 11ac (Wi-Fi 5) router, based on MT7621A.

Specification:
    - SoC           : MediaTek MT7621A
    - RAM           : DDR3 128 MiB
    - Flash         : SPI-NOR 16 MiB
    - WLAN          : 2.4 GHz 2T2R (MediaTek MT7603E)
                      5 GHz 2T2R (MediaTek MT7613BE)
    - Ethernet      : 10/100/1000 Mbps x5
      - Switch      : MediaTek MT7530 (SoC)
    - UART          : through-hole on PCB
      - J4: 3.3V, GND, TX, RX
      - 57600n8
    - Power         : 12 VDC, 1.5 A

Flash instruction via WEB (firmware 1.10.4 and later)
    1. Boot SNR-CPE-ME2-Lite normally with "Router" mode
    2. Access to "http://192.168.1.1/" and open "Administration -> Management" page
    3. Select the OpenWrt factory image in "Firmware update" section and click "Update" button
    4. Wait ~120 seconds to complete flashing

Flash instruction via TFTP (all version):
    1. Boot SNR-CPE-ME2-Lite to recovery mode (hold the reset button while power on)
    2. Send firmware via TFTP client:
       TFTP Server address: 192.168.1.1
       TFTP Client address: 192.168.1.131
    3. Wait ~120 seconds to complete flashing

Signed-off-by: Alexey Kosmakov <a.kosmakov@nagtech.ru>
2022-10-02 20:21:55 +02:00
Mark King
bf5b1a53d4 ramips: enable LZMA loader to fix Linksys RE6500 boot
At some point after 21.02.3 and before 22.03.0, the size limits of the
Linksys RE6500 were reached and prevent booting from the 22.03.0 release
or builds of current SNAPSHOT. This patch allows builds of master to boot
again and has been tested on my device.

Fixes: #8577

Signed-off-by: Mark King <mark@vemek.co>
2022-10-02 20:21:55 +02:00
John Audia
eed0a31b90 kernel: bump 5.10 to 5.10.146
All patches automatically rebased.

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-10-02 20:21:55 +02:00
John Audia
8fe67fae1d kernel: bump 5.10 to 5.10.145
Manually rebased:
  hack-5.10/780-usb-net-MeigLink_modem_support.patch

Removed upstreamed:
  patches-5.10/110-gpio-mpc8xxx-Fix-support-for-IRQ_TYPE_LEVEL_LOW-flow.patch[1]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.145&id=24196210b198e8e39296e277bb93b362aa207775

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-10-02 20:21:55 +02:00
John Audia
e71a360f57 kernel: bump 5.15 to 5.15.71
Removed upstreamed:
  uml/patches-5.15/001-um-fix-default-console-kernel-parameter.patch[1]

All other patches automatically rebased

Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.71&id=e1dbe8a62098b20f5093cf75ade2f2dc9259b006

Signed-off-by: John Audia <therealgraysky@proton.me>
Compile-tested: mvebu/cortexa72 (RB5009UG+S+IN)
Run-tested: mvebu/cortexa72 (RB5009UG+S+IN)
2022-10-02 20:21:55 +02:00
John Audia
e1b009c1fe kernel: bump 5.15 to 5.15.70
Manually rebased:
  hack-5.15/780-usb-net-MeigLink_modem_support.patch

Removed upstreamed:
  patches-5.15/110-gpio-mpc8xxx-Fix-support-for-IRQ_TYPE_LEVEL_LOW-flow.patch[1]

All other patches automatically rebased.

Build system: x86_64
Build-tested: bcm2711/RPi4B, mt7622/RT3200
Run-tested: bcm2711/RPi4B, mt7622/RT3200

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.70&id=89cfddd416bac41ff35f37f928ed3d7fefef908e

Signed-off-by: John Audia <therealgraysky@proton.me>
2022-10-02 20:21:55 +02:00
Nick Hainke
39c8beae32 tools/cmake: update to 3.24.2
Release Notes:
https://www.kitware.com/cmake-3-24-2-is-available-for-download/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 20:21:55 +02:00
Nick Hainke
107f82292b tools/expat: switch to tar.xz to save bandwidth
The tar.xz download is a bit smaller. Use this download to save traffic.

Suggested-by: hardfalcon
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 16:16:07 +02:00
Nick Hainke
1b3a524e1d tools/expat: update to 2.4.9
Fixes CVE-2022-40674.

Release Notes:
https://github.com/libexpat/libexpat/blob/R_2_4_9/expat/Changes

Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-10-02 16:16:07 +02:00
Rosen Penev
875e17774b tools/meson: backport WSL2 fix
For some reason, Microsoft's Plan9 driver returns IOError on missing
file.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-10-02 16:05:32 +02:00
Santiago Piccinini
2ad949b11d ath79: fix LibreRouter-v1 watchdog and poe_pass
Watchdog and poe_passthrough gpios require the jtag disabled.

Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
2022-10-02 11:39:13 +02:00
Felix Fietkau
3968529285 mt76: update to the latest version
e4fa68a9b3b3 linux-firmware: update firmware for MT7921 WiFi device
60fcf08fe659 linux-firmware: update firmware for MT7921 WiFi device
9d601f4eee8f linux-firmware: update firmware for MT7922 WiFi device
e49b6063fb4b wifi: mt76: move mt76_rate_power from core to mt76x02 driver code
3f27f6adb1ab wifi: mt76: mt76x02: simplify struct mt76x02_rate_power
c07f3d2d5ede wifi: mt76: mt7921: fix antenna signal are way off in monitor mode
9059a5de3bd0 wifi: mt76: Remove unused inline function mt76_wcid_mask_test()
d75f15ddeb90 wifi: mt76: mt7915: fix bounds checking for tx-free-done command
06df7e689294 wifi: mt76: mt7915: reserve 8 bits for the index of rf registers
ad3d0f8db00b wifi: mt76: mt7915: rework eeprom tx paths and streams init
66065073177b wifi: mt76: mt7915: deal with special variant of mt7916
b0114a0abb57 wifi: mt76: mt7915: rework testmode tx antenna setting
6dee964e1f36 wifi: mt76: connac: introduce mt76_connac_spe_idx()
48c116d92939 wifi: mt76: mt7915: add spatial extension index support
db6db4ded0fd wifi: mt76: mt7915: set correct antenna for radar detection on MT7915D
2b8f56a72d76 wifi: mt76: mt7915: fix mt7915_mac_set_timing()
d554a02554db wifi: mt76: mt7915: move wed init routines in mmio.c
61ce40e65852 wifi: mt76: mt7915: enable wed for mt7986 chipset
584a96ec4a0f wifi: mt76: mt7915: enable wed for mt7986-wmac chipset
172d68b6253d mt76: mt76x02: fix vht rate power array overrun
72b87836d368 Revert "mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD"

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-10-01 17:22:26 +02:00
Sander Vanheule
918e774658 realtek: use correct CAUSEF_DC macro in prom.c
The workaround for an already-enabled R4K timer used a non-existent
macro CAUSE_DC. Fix compiling by using the actual macro CAUSEF_DC.

Fixes: b7aab19585 ("realtek: SMP handling of R4K timer interrupts")
Signed-off-by: Sander Vanheule <sander@svanheule.net>
2022-10-01 09:56:54 +02:00
Markus Stockhausen
b7aab19585 realtek: SMP handling of R4K timer interrupts
Until now there has been no good explanation why we mess with the R4K
timer on SMP. After extensive testing and looking at the SDK code it
becomes clear what it is all about.

When we disable the CEVT_R4K module (we will do with the new timer
driver) the R4K timer hardware still fires interrupts on the secondary
CPU. To get around this we have two options:

- Disable IRQ 7
- Stop the counter completely

This patch selects option two because this is the root of evil.. To be
on the safe side we will do it only in case the CEVT_R4K module is
disabled.

Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de>
2022-10-01 09:22:32 +02:00
Markus Stockhausen
2b12da1313 realtek: fix SMP startup
The scope of the SMP startup structure is wrong. It is created on the
stack and not as a global variable. This can lead to startup failures.

Fixes: 3f41360eb7 ("realtek: use upstream recommendation for CPU start")
Signed-off-by: Markus Stockhausen <markus.stockhausen@gmx.de
2022-10-01 09:22:32 +02:00
Olliver Schinagl
f1f97db627
realtek: Convert incorrect v5.10 patches
OpenWRT's developer guide prefers having actual patches so they an be
sent upstream more easily.

However, in this case, Adding proper fields also allows for `git am` to
properly function. Some of these patches are quite old, and lack much
traceable history.

This commit tries to rectify that, by digging in the history to find
where and how it was first added.

It is by no means perfect and also shows some patches that should have
been long gone.

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2022-10-01 02:47:57 +02:00
Olliver Schinagl
ba6096d04b
ath79: Convert incorrect 5.10 and 5.15 patches
OpenWRT's developer guide prefers having actual patches so they an be
sent upstream more easily.

However, in this case, Adding proper fields also allows for `git am` to
properly function. Some of these patches are quite old, and lack much
traceable history.

This commit tries to rectify that, by digging in the history to find
where and how it was first added.

It is by no means perfect and also shows some patches that should have
been long gone.

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2022-10-01 02:47:56 +02:00
Olliver Schinagl
d5bf46bbe8
generic: Convert incorrect generic/5.10 patches
OpenWRT's developer guide prefers having actual patches so they an be
sent upstream more easily.

However, in this case, Adding proper fields also allows for `git am` to
properly function. Some of these patches are quite old, and lack much
traceable history.

This commit tries to rectify that, by digging in the history to find
where and how it was first added.

It is by no means perfect and also shows some patches that should have
been long gone.

Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2022-10-01 02:47:56 +02:00
Christian Marangi
5d09118f8e
CI: use tools:latest container to speedup kernel workflow
Use tools:latest container with prebuilt host tools to speedup kernel
compilation in kernel workflow.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-10-01 02:13:49 +02:00
Christian Marangi
5428bdc2df
scripts/ext-tools: introduce new script to install prebuilt tools
Add a simple script to make it easier to install a prebuilt tools tar.
Currently it will be used by our tools container and kernel workflow on
github.

Simple script that take a tar that contains prebuilt host tools, extract
them and refresh the timestamps to skip recompilation of such host
tools.

By default it refresh timestamps of build_dir/host and
staging_dir/host/stamp.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-30 22:42:18 +02:00
Paul Spooren
25b65f548d
CI: create Docker container containing compiled tools
Currently each Kernel compilation takes about 30 minutes of which 20
minutes are used to compile our tools. While the toolchain is downloaded
and instantly ready the tools are missing.

This commit starts uploading a Docker container including compiled tools
which are ready to use. It is automatically updated whenever any tools
are changed.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-30 22:26:54 +02:00
Christian Marangi
ebabdff401
tools: add option BUILD_ALL_HOST_TOOLS to compile all host tools
Add option to compile all host tools even if not needed.
This can be useful to prepare a universal precompiled host tools
archive to use in another buildroot and speedup compilation.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-30 22:26:54 +02:00
Christian Marangi
53a08e3743
build: make find_md5 reproducible with AUTOREMOVE
While experimenting with the AUTOREMOVE option in search of a way to use
prebuilt host tools in different buildroot, it was discovered that the
md5 generated by find_md5 in depends.mk is not reproducible.

Currently the hash is generated by the path of the file in addition to
the file mod time. Out of confusion, probably, there was an idea that
such command was used on the package build_dir. Reality is that this
command is run on the package files. (Makefile, patches, src)

This is problematic because the package Makefile (for example) change at
each git clone and base the hash on the Makefile mtime doesn't really
reflect if the Makefile actually changes across a buildroot or not.

A better approach is to generate an hash of each file and then generate
an hash on the sort hash list. This way we remove the problem of git
clone setting a wrong mtime while keeping the integrity of checking if a
file changed for the package as any change will result in a different
hash.

Introduce a new kind of find_md5 function, find_md5_reproducible that
apply this new logic and limit it only with AUTOREMOVE option set to
prevent any kind of slowdown due to additional hash generation.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-30 22:26:51 +02:00
Rosen Penev
0e3d51ccae tools/cmake: fix compilation with host libzstd-dev
cmake's find_package looks at host paths first for some reason. Switch
to using pkgconfig for the search, matching other modules.

Fixes: 3848cf458e ("tools/cmake: Build without some included libs")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-30 13:12:42 -07:00
Paul Spooren
3b23227d43
CI: use buildbot container for building
Instead of using a fresh Linux installation which is setup every time
use the Buildbot container which is used for our own Buildbot
infrastructure, too.
While at it also tidy up the workflow to make it more consistent with
other workflow.

Signed-off-by: Paul Spooren <mail@aparcar.org>
Co-Developed-by: Christian Marangi <ansuelsmth@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
2022-09-30 17:20:24 +02:00
Bradford Zhang
e937663025
scripts/download.pl: add tsinghua and ustc mirrors
Add https://mirrors.tuna.tsinghua.edu.cn/ and https://mirrors.ustc.edu.cn/ mirrors into download.pl to speed up download in China.

Signed-off-by: Bradford Zhang <zyc@zyc.name>
2022-09-30 14:57:19 +02:00
Daniel Golle
ca0e7054d8 ramips: add led driver to UniFi FlexHD defaut package set
Add kmod-leds-ubnt-ledbar to the packages selected by default on the
UniFi FlexHD access point.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-30 13:29:58 +01:00
Daniel Golle
7bba6b6f63 ubnt-ledbar: make package available on other targets
As also ramips/mt7621 now has a user of the ubnt-ledbar driver, make
the package available on all targets by removing the dependency on
@TARGET_mediatek_mt7622.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-30 13:29:58 +01:00
Daniel Golle
0419f7dead mediatek: add support t-phy settings from efuse on MT7986
Import patches from mtk-openwrt-feeds (MTK SDK) to support reading
t-phy settings affecting PCIe as well as USB2 and USB3 from efuse.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-30 13:29:58 +01:00
Daniel Golle
b18b5a7ca3 mediatek: filogic: add efuse layout to mt7986a.dtsi
efuse is used to store board-specific settings of some of the in-SoC
peripherals. Add it to device tree, so it gets probed on boot and can
be accessed by other drivers.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-30 13:29:58 +01:00
Daniel Golle
243a2184f2 mediatek: add patch allowing 1-byte wide access to efuse
Allow byte-wise access to mtk-efuse as some drivers require that.
Patch imported from mtk-openwrt-feeds (MTK SDK).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-09-30 13:29:58 +01:00
Felix Fietkau
c7c7905bce kernel: fold lzma debloat patch into the patch adding the code
Reduces the number of hack patches

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-30 13:13:51 +02:00
Felix Fietkau
36f2ab4bfd kernel: move kernel image cmdline hack to the octeon target
It is the only remaining user of this hack

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-30 13:13:51 +02:00
Felix Fietkau
2e375e9b31 kernel: remove hack patch, move kirkwood specific kmods to target modules.mk
Tweaking the KCONFIG line of kmod-ata-marvell-sata makes the hack patch
unnecessary

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-30 12:59:19 +02:00
Felix Fietkau
4363faef8a kernel: move ubnt ledbar driver to a separate package
Simplifies the tree by removing a non-upstream kernel patch and related kconfig
symbols

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-30 11:28:51 +02:00
Felix Fietkau
a0a4cfd83b kernel: remove udp tunnel kconfig selection hack
The corresponding kmod package is marked as HIDDEN and selected by all
other kernel modules that need it, so the kconfig side will be in sync
without manual selection

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-30 11:28:51 +02:00
Felix Fietkau
eb07020de2 mac80211: fix decap offload for stations on AP_VLAN interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2022-09-30 11:28:51 +02:00
Rosen Penev
3848cf458e
tools/cmake: Build without some included libs
Saves a little bit of time when compiling cmake.

Added patches to fix searching liblzma and zlib. The issue is that
because pkgconfig is not used, the system libraries get used.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-29 19:33:17 +02:00
Rosen Penev
89df3589e6
tools/expat: build with autotools again
Allows to set expat as a dependency to cmake and save on compilation
time.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-29 19:33:17 +02:00
Rosen Penev
d602e7a969
tools/zlib: switch to configure script
A future commit will make tools/cmake use this.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2022-09-29 19:33:13 +02:00
Petr Štetiar
ec8fb542ec wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Tested-by: Kien Truong <duckientruong@gmail.com>
Reported-by: Kien Truong <duckientruong@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-29 07:53:56 +02:00
Petr Štetiar
a0cd133fde Revert "wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable release"
This reverts commit a596a8396b as I've
just discovered private email, that the issue has CVE-2022-39173
assigned so I'm going to reword the commit and push it again.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-29 07:53:12 +02:00
Petr Štetiar
8ad9a72cbe wolfssl: refresh patches
So they're tidy and apply cleanly.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-29 07:36:19 +02:00
Petr Štetiar
a596a8396b wolfssl: fix TLSv1.3 RCE in uhttpd by using latest 5.5.1-stable release
Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2022-09-29 07:36:19 +02:00
Rafał Miłecki
77d9cce604 bcm53xx: backport clk driver fix for DT nodes names
It allows dropping downstream patch renaming DT nodes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2022-09-29 05:51:25 +02:00