Commit Graph

20256 Commits

Author SHA1 Message Date
Paul Spooren
218ce40cd7 build: generate index.json
The index.json file lies next to Packages index files and contains a
json dict with the package architecture and a dict of package names and
versions.

This can be used for downstream project to know what packages in which
versions are available.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2023-05-09 23:56:49 +02:00
Olliver Schinagl
3da70c6469 base-files: Do not break on non-eth ports
When using OpenWRT with DSA and 'lan' ports, we could get an empty
`next_eth`. This is of course not desirable, as this causes `sh: out of
range` errors when trying to determine which one would be greater.

It turns out, that we don't even need this check at all because, when
looking for all existin eth*s on a system, and take the highest index
and then iterate a set of devices and rename to eth${highest_index+n},
it is guaranteed that there will be no conflict.

Fixes: b688bf83f9 ("base-files: rename ethernet devs on known boards")
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2023-05-09 22:54:38 +02:00
Christoph Krapp
e882af2850 ramips: add support for Linksys RE7000
Hardware specification:

- SoC: MediaTek MT7621AT (880 MHz)
- Flash: 16 MB (Macronix MX25L12835FM2I-10G)
- RAM: 128 MB (Nanya NT5CC64M16GP-DI)
- WLAN 2.4 GHz: 2x2 MediaTek MT7603EN
- WLAN 5 GHz: 2x2 MediaTek MT7615N
- Ethernet: 1x 10/100/1000 Mbps
- LED: Power, Wifi, WPS
- Button: Reset, WPS
- UART: 1:VCC, 2:GND, 3:TX, 4:RX (from LAN port)
  Serial console @ 57600,8n1

Flash instructions:

Connect to serial console and start up the device. As the bootloader got
locked you need to type in a password to unlock U-Boot access.
When you see the following output on the console:

relocate_code Pointer at: 87f1c000

type in the super secure password:

1234567890

Then select TFTP boot from RAM by selecting option 1 in the boot menu.
As Linksys decided to leave out a basic TFTP configuration you need to
set server- & client ip as well as the image filename the device will
search for. You need to use the initramfs openwrt image for the TFTP
boot process.

Once openwrt has booted up, upload the sysupgrade image via scp and run
sysupgrade as normal.

Signed-off-by: Christoph Krapp <achterin@gmail.com>
2023-05-09 11:52:53 +02:00
Aleksander Jan Bajkowski
f348871700 kernel: other: limit mhi-pci-generic to devices with PCI support
Kmod-mhi-pci-generic supports Qualcomm modems over PCIe bus. On targets
without PCI support, this package is empty. Symbol CONFIG_MHI_BUS_PCI_GENERIC
depends on CONFIG_PCI.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2023-05-09 11:40:59 +02:00
Aleksander Jan Bajkowski
e51dd77386 kernel: other: limit serial-8250-exar to devices with PCI support
Kmod-serial-8250-exar supports Serial cards connected via PCIe bus. On targets
without PCI support, this package is empty.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2023-05-09 11:40:59 +02:00
Aleksander Jan Bajkowski
1827b313f7 kernel: i2c: limit i2c-designware-pci to devices with PCI support
Kmod-i2c-designware-pci supports Synopsys I2C over PCIe bus. On targets
without PCI support, this package is empty. Symbol CONFIG_I2C_DESIGNWARE_PCI
depends on CONFIG_PCI.

Signed-off-by: Aleksander Jan Bajkowski <olek2@wp.pl>
2023-05-09 11:40:59 +02:00
Tianling Shen
b95c214683 uboot-rockchip: add ROC-RK3328-CC support
Add support for the Firefly ROC-RK3328-CC.
Manually generated of-platdata files to avoid swig dependency.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2023-05-09 13:30:22 +08:00
Wojciech Dubowik
7700a6f826 tfa-layerscape: Add ls1028ardb support
Support TF-a for NXP LS1028ARDB reference board.

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch>
2023-05-07 14:50:50 +02:00
Wojciech Dubowik
b812844c43 uboot-layerscape: Add ls1028ardb support
Support uboot for NXP LS1028ARDB reference board. GIC V3 has to
be disabled in the uboot config to allow booting upstream kernels.
This patch can be dropped once uboot is updated to 2022.04 version
to nxp-qoriq github lf-6.1.1 branch.

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch>
2023-05-07 14:50:50 +02:00
Wojciech Dubowik
29149a9b35 uboot-layerscape: Don't fixup kaslr seed when no node
There seems to be a difference in firmware calling convention
between upstream and NXP kernels. On some cpus like ls1028
it will hang on firmware secure get random when using LF uboot
with upstream kernel. Instead of commenting it out, don't call
get radnom seed when "kaslr-seed" is not present in device tree.

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch>
2023-05-07 14:50:50 +02:00
Wojciech Dubowik
ca81441769 ls-rcw: Add ls1028ardb support
Support RCW for NXP LS1028ARDB reference board.

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@protonmail.ch>
2023-05-07 14:50:50 +02:00
Maximilian Weinmann
ecdb24814f ramips: add support for SNR-CPE-ME1
SNR-CPE-ME1 is a wireless WiFi 5 router manufactured by SNR/NAG company.

Specification:
    - SoC           : MediaTek MT7621A
    - RAM           : DDR3 256 MiB
    - Flash         : SPI-NOR 16 MiB (GD25Q128CSIG)
    - WLAN          : 2.4 GHz (MediaTek MT7603EN)
                      5 GHz (MediaTek MT7610EN)
    - Ethernet      : 10/100/1000 Mbps x5
      - Switch      : MediaTek MT7530 (in SoC)
    - USB           : 3.0 x1
    - UART          : through-hole on PCB
      - [J4] 3.3V, RX, TX, GND (57600n8)
    - Power         : 12 VDC, 2 A

Flash instruction via TFTP:
    1. Boot SNR-CPE-ME1 to recovery mode
        (hold the reset button while power on)
    2. Send firmware via TFTP client:
       TFTP Server address: 192.168.1.1
       TFTP Client address: 192.168.1.131
    3. Wait ~120 seconds to complete flashing
    4. Do sysupgrade using web-interface

Signed-off-by: Maximilian Weinmann <x1@disroot.org>
2023-05-07 14:44:54 +02:00
Lech Perczak
1108f6cb8b umbim: allow forcing DHCP/DHCPv6 configuration
To support the widest variety of modems, allow restoring previous
behaviour of configuring the link throug means of DHCP(v6) exclusively.
Change the default value of "dhcp" and "dhcpv6" UCI options to "auto",
while keeping the default behaviour of "prefer out-of-band configuration",
intact. Setting "dhcp" or "dhcpv6" to boolean 1 will now force using
DHCP and DHCPv6, respectively.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-05-07 14:36:58 +02:00
Nick Hainke
12b96757e5 iproute2: update to 6.3.0
Release Notes:
https://lore.kernel.org/netdev/20230427090253.7a92616b@hermes.local/T/

Signed-off-by: Nick Hainke <vincent@systemli.org>
2023-05-07 14:31:58 +02:00
Kabuli Chana
08cc6bc664 mwlwifi: update to version 10.3.9.1-20230429
resolve disconnect issue, upstream PR412

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2023-05-06 14:53:55 +02:00
Robert Marko
15abf8d18b
mac80211: ath11k: sync with ath-next
Synchronize the ath11k backports with the current ath-next tree.

This replaces the 160MHz with the upstreamed one, fixes 6GHz only WIPHY
registration, allows SAR usage on WCN6750 and plenty of REO fixes.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2023-05-06 07:15:57 +02:00
Yuu Toriyama
97d20525b2
wireless-regdb: update to 2023.05.03
Changes:
  43f81b4 wireless-regdb: update regulatory database based on preceding changes
  66f245d wireless-regdb: Update regulatory rules for Hong Kong (HK)
  e78c450 wireless-regdb: update regulatory rules for India (IN)
  1647bb6 wireless-regdb: Update regulatory rules for Russia (RU). Remove DFS requirement.
  c076f21 Update regulatory info for Russia (RU) on 6GHz

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
2023-05-04 06:08:24 +02:00
Michael Pratt
d167adbc44
gettext-full: bootstrap to local gnulib source
Using the local gnulib source during autogen.sh
allows for fine-grained control over the macros
and source files for use with gettext
but part of gnulib instead of gettext,
without having to wait for a release
or deal with gnulib as a git submodule.

This is an alternative to running autoreconf.

It also removes the need to patch macros
in the case where there is a conflict
between the source and our aclocal directory.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-05-04 06:07:31 +02:00
Michael Pratt
d95d5d2a3a
gettext-full: link to local libxml2
Some users have reported that gettext builds
are attempting to link to libxml2
while it was supposed to be configured
to use it's own built-in substitute.

Configure gettext to require and link
to our local libxml2 explicitly.

Add a patch to revert upstream commit 87927a4e2
which forces libtextstyle to use the built-in libxml,
no matter what the configuration is,
making that option configurable again
after the configure script is regenerated.

Reported-by: Tianling Shen <cnsztl@immortalwrt.org>
Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-05-04 06:07:30 +02:00
Michael Pratt
f7fbe77115
gettext-full: set gperf as build prerequisite
Require gperf to be built before gettext.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-05-04 06:07:29 +02:00
Michael Pratt
9b0b46985c
libxml2: add from packages feed
Add libxml2 which can be used to build gettext
instead of the old built-in substitute for it.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-05-04 06:07:29 +02:00
Michael Pratt
2070a2ca27
gperf: add from packages feed
Add gperf which is required for building gettext
after using the autogen.sh script.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-05-04 06:07:29 +02:00
Michael Pratt
ca8577f930
gettext-full: override SUBDIRS variable with Makefile
Instead of editing the SUBDIRS variable with a patch,
it can be overriden at the end of the command line when invoking Make.

This tool has a series of recursive Makefiles in each subdirectory,
therefore SUBDIRS is set to a pattern of Make functions
so that the result is variable depending on the current subdirectory
that Make is being invoked in.

Some of the subdirectories don't have a Makefile and are just storing files
for another subdirectory Makefile target,
therefore we have to place a fake Makefile that does nothing.

Signed-off-by: Michael Pratt <mcpratt@pm.me>
2023-05-04 06:07:29 +02:00
Chukun Pan
6c9b526e84 uboot-mediatek: fixes build when nmbm enabled
The image_header_t typedef has been removed from
uboot v2023.01 [1], replaced with legacy struct.

[1] f3543e6944

Fixes: 3d5c542 ("uboot-mediatek: update to U-Boot 2023.01")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2023-05-02 18:17:09 +01:00
Chukun Pan
ab8ead3e2d uboot-mediatek: fix CONFIG_TEXT_BASE variable
CONFIG_SYS_TEXT_BASE has been renamed to CONFIG_TEXT_BASE
in uboot v2023.01 [1], fixes all this variable.

[1] 984639039f

Fixes: 3d5c5427 ("uboot-mediatek: update to U-Boot 2023.01")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2023-05-02 18:17:09 +01:00
Chukun Pan
5b0b464e49 uboot-mediatek: remove duplicate config in mt7986
Some config was written twice by mistake, fix it.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2023-05-02 18:17:09 +01:00
Andreas Böhler
28df7f7ff2 ramips: mt7621: add support for ZyXEL WSM20
The ZyXEL WSM20 aka Multy M1 is a cheap mesh router system by ZyXEL
based on the MT7621 CPU.

Specifications
==============

SoC: MediaTek MT7621AT (880MHz)
RAM: 256MiB
Flash: 128MiB NAND
Wireless: 802.11ax (2x2 MT7915E DBDC)
Ethernet: 4x 10/100/1000 (MT7530)
Button: 1x WPS, 1x Reset, 1x LED On/Off
LED: 7 LEDs (3x white, 2x red, 2x green)

MAC address assignment
======================

The MAC address assignment follows stock: The label MAC address is the LAN
MAC address, the WAN address is read from flash.

The WiFi MAC addresses are set in userspace to label MAC + 1 and label MAC
+ 2.

Installation (web interface)
============================

The device is cloud-managed, but there is a hidden local firmware upgrade
page in the OEM web interface. The device has to be registered in the
cloud in order to be able to access this page.

The system has a dual firmware design, there is no way to tell which
firmware is currently booted. Therefore, an -initramfs version is flashed
first.

1. Log into the OEM web GUI
2. Access the hidden upgrade page by navigating to
   https://192.168.212.1/gui/#/main/debug/firmwareupgrade
3. Upload the -initramfs-kernel.bin file and flash it
4. Wait for OpenWrt to boot and log in via SSH
5. Transfer the sysupgrade file via SCP
6. Run sysupgrade to install the image
7. Reboot and enjoy

NB: If the initramfs version was installed in RAS2, the sysupgrade script
sets the boot number to the first partition. A backup has to be performed
manually in case the OEM firwmare should be kept.

Installation (UART method)
==========================

The UART method is more difficult, as the boot loader does not have a
timeout set. A semi-working stock firmware is required to configure it:

1. Attach UART
2. Boot the stock firmware until the message about failsafe mode appears
3. Enter failsafe mode by pressing "f" and "Enter"
4. Type "mount_root"
5. Run "fw_setenv bootmenu_delay 3"
6. Reboot, U-Boot now presents a menu
7. The -initramfs-kernel.bin image can be flashed using the menu
8. Run the regular sysupgrade for a permanent installation

Changing the partition to boot is a bit cumbersome in U-Boot, as there is
no menu to select it. It can only be checked using mstc_bootnum. To change
it, issue the following commands in U-Boot:

   nand read 1800000 53c0000 800
   mw.b 1800004 1 1
   nand erase 53c0000 800
   nand write 1800000 53c0000 800

This selects FW1. Replace "mw.b 1800004 1 1" by "mw.b 1800004 2 1" to
change to the second slot.

Back to stock
=============

It is possible to flash back to stock, but a OEM firmware upgrade is
required. ZyXEL does not provide the link on its website, but the link
can be acquired from the OEM web GUI by analyzing the transferred JSON
objects.

It is then a matter of writing the firmware to Kernel2 and setting the
boot partition to FW2:

   mtd write zyxel.bin Kernel2
   echo -ne "\x02" | dd of=/dev/mtdblock7 count=1 bs=1 seek=4 conv=notrunc

Signed-off-by: Andreas Böhler <dev@aboehler.at>
Credits to forum users Annick and SirLouen for their initial work on this
device
2023-04-29 21:53:34 +02:00
Lech Perczak
d256ab7309 umbim: include MBIM-provided DNS servers also with DHCP mode
In MBIM interfaces, DNS servers may be provided out-of-band regardless
whether DHCP is used for configuration, or not. Move the DNS
configuration outside "if" blocks to support that.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
aa7873a9e6 umbim: extract common code from static and dhcp(v6) setup procedure
Beginnings and endings of sub-interface creation procedure were
literally duplicates - extract them outside if "if" blocks

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
e4db21b413 umbim: handle MTU configuration
Allow setting interface MTU through UCI. If this is not set,
use MBIM-provided MTU, if provided through control channel.
If separate MTUs are provided for IPv4 and IPv6, apply larger of them.
This is very unlikely and possible only for IPv4v6 dual-stack configuration.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
2bfbc2dbd8 umbim: delegate RFC7278 IPv6 prefixes from OOB config
Delegate prefixes received through MBIM control channel the same way, as
would be done through DHCP, according to RFC7278.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
9808b09b91 umbim: drop IP configuration parsing using 'eval'
Finally, when new helper is in use, drop old IP configuration parser.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
c13a1b412b umbim: support multiple-valued configuration fields
MBIM supports multiple values for IP address and DNS server, and such
configuration is available through output of MBIM. Use new helper
method to support adding multiple addresses and DNS servers to static
interfaces for both IPv4 and IPv6.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
f01fff63fb umbim: add "_proto_mbim_get_field" helper
Add a new helper to extract IP configuration from umbim output. This is
required to extract fields which can possibly have multiple values,
namely IP addresses and DNS servers, and get rid of primitive parser
using 'eval' builtin without support for this.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
5f873df8d4 umbim: log output of 'config' step
Display full configuration obtained using MBIM control channel in the
log, from umbim output verbatim, for easier troubleshooting, and in
preparation for parser refactoring.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:05 +02:00
Lech Perczak
9ddbcd73d8 umbim: pass ipXtable to child interfaces
Inspired by commti e51aa699f7, allow setting specific routing tables
via ip4table and ip6table options, by passing them on child interfaces
created by MBIM protocol handler.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
e2655e0a6b umbim: respect 'Enable IPv6 negotiation' option
Don't bring IPv6 part of interface up if it's disabled,
or system does not support it.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
ca8df8a992 umbim: use static config by default, fallback to DHCP
Finally, inspired by ModemManager's logic, make static configuration
obtained through MBIM control channel, preferred.
If IP configuration is not available this way, fallback to DHCP(v6) if
enabled, else do not create a sub-interface for unavailable IP type.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
464d81fe4a umbim: separate DHCPv6 configuration from DHCP(v4)
Now, that sub-interface setup is split by IP type, and separate checks
are performed for DHCP selection, it is possible to control DHCP on v4
an v6 sub-interfaces instantly. Add "dhcpv6" variable, akin to QMI
option, to control behaviour of DHCPv6 separately from IPv4 option,
which is required for some mobile operators.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
03692dee73 umbim: restructure IPv4/IPv6 handling
Check whether interface is configured per IP type, not per DHCP. This is
preparation to allow fallback to DHCP if static IP configuration is not
available, which is the default option for MBIM modems

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
c1e0d07744 umbim: inherit firewall zone membership from parent interface
Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.
Inspired by 64bb88841f.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
c84bf89b3a umbim: inherit "peerdns" option from parent interface
MBIM protocol handler should intherit "peerdns" options from parent
interface on sub-interfaces, otherwise upstream DNS servers are applied
regardless of configuration.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
9bb4b9a968 umbim: use IP configuration provided by MBIM by default
Previously, DHCP was used. According to MBIM Specification v1.0 errata 1 [1],
section 10.5.20, MBIM_CID_IP_CONFIGURATION,
if MBIM information element containing IP configuration is available,
host shall use it, and fall back to in-band mechanisms to acquire it therwise -
therefore make static configuration the default.

[1] https://www.usb.org/document-library/mobile-broadband-interface-model-v10-errata-1-and-adopters-agreement

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
356a6f0eee umbim: detect actual connection IP type
Current implementation needlessly creates both IPv4 and IPv6
sub-interfaces for single-stack IP types. Limit this only to selected IP
type. While at that, ensure that IP type is also passed to umbim during
"connect" phase. In addition, detect the actual established connection
type returned by umbim and set up subinterfaces according to that,
not to requested configuration. While at that, allow empty IP type explicitly,
interpreted as "any" according to MBIM specification.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
da84eddedb umbim: fail connect step immediately
Subsequent calls to 'umbim connect' do not have any effect if a failure
occured, and in such case an infinite loop without timeout is created,
leading to possibility of interface stuck at connecting forever.
Drop this loop, and issue MBIM disconnect properly, so netifd can
restart from scratch.
This issue can be observed with Sierra EM7455 at changing APN, which
causes network re-registration by default, and a MBIM transaction
timeout, which is resolved on next interface bringup by netifd.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Lech Perczak
0be14c622b umbim: connect session for only the selected PDP type
Previous implementation automatically set up connections for both IPv4
and IPv6, even if one of them isn't supported. Respect the "pdptype"
option in the same way, as it is done for QMI or NCM, and only start the
respective PDN sessions, if set.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Martin Schiller
512bb17f3e umbim: add support for non-dhcp mode
There are mbim compatible wwan modules available which do not support
the dhcp autoconfiguration. (e.g. gemalto Cinterion ELS81)

This adds the possibility to get the configuration parameters from mbim.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2023-04-29 21:33:04 +02:00
Eneas U de Queiroz
1c5cafa3eb openssl: fix low-severity CVE-2023-1255
This applies commit 02ac9c94 to fix this OpenSSL Security Advisory
issued on 20th April 2023[1]:

Input buffer over-read in AES-XTS implementation on 64 bit ARM
(CVE-2023-1255)
==============================================================

Severity: Low

Issue summary: The AES-XTS cipher decryption implementation for 64 bit
ARM platform contains a bug that could cause it to read past the input
buffer, leading to a crash.

Impact summary: Applications that use the AES-XTS algorithm on the 64
bit ARM platform can crash in rare circumstances. The AES-XTS algorithm
is usually used for disk encryption.

The AES-XTS cipher decryption implementation for 64 bit ARM platform
will read past the end of the ciphertext buffer if the ciphertext size
is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the
memory after the ciphertext buffer is unmapped, this will trigger a
crash which results in a denial of service.

If an attacker can control the size and location of the ciphertext
buffer being decrypted by an application using AES-XTS on 64 bit ARM,
the application is affected. This is fairly unlikely making this issue a
Low severity one.

1. https://www.openssl.org/news/secadv/20230420.txt

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2023-04-29 12:33:44 +02:00
Glen Huang
e1c0bda3fc kernel: crypto: crypto-rng: select SHA512 for >= 5.14.0
drbg swtiched to use HMAC(SHA-512) since 5.14.0
5261cdf457

Signed-off-by: Glen Huang <me@glenhuang.com>
2023-04-29 12:30:30 +02:00
Álvaro Fernández Rojas
1e8b318ebe broadcom-sprom: update to latest version
Replaces SPROMs with the ones from bmips fixups to prevent errors such as:
https://github.com/openwrt/openwrt/pull/11474#issuecomment-1524235591

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2023-04-27 17:46:12 +02:00