ExternalVendorCode/openwrt
1
0
Fork 0
mirror of https://github.com/openwrt/openwrt.git synced 2025-03-23 04:25:21 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
63,448 Commits 9 Branches 80 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
John Audia f4801cffc3 firmware: intel-microcode: update to 20250211 
Debian Changelogs from 20240531:

 local access.
    - Mitigations for INTEL-SA-01079 (CVE-2024-23918)
      Potential security vulnerabilities in some Intel Xeon processors
      using Intel SGX may allow escalation of privilege.  Intel disclosed
      that some processor models were already fixed by a previous
      microcode update.
    - Updated mitigations for INTEL-SA-01097 (CVE-2024-24968)
      Improper finite state machines (FSMs) in hardware logic in some
      Intel Processors may allow an privileged user to potentially enable a
      denial of service via local access.
    - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
      A potential security vulnerability in the Running Average Power Limit
      (RAPL) interface for some Intel Processors may allow information
      disclosure.  Added mitigations for more processor models.
  * Updated Microcodes:
    sig 0x000806f8, pf_mask 0x87, 2024-06-20, rev 0x2b000603, size 588800
    sig 0x000806f7, pf_mask 0x87, 2024-06-20, rev 0x2b000603
    sig 0x000806f6, pf_mask 0x87, 2024-06-20, rev 0x2b000603
    sig 0x000806f5, pf_mask 0x87, 2024-06-20, rev 0x2b000603
    sig 0x000806f4, pf_mask 0x87, 2024-06-20, rev 0x2b000603
    sig 0x00090672, pf_mask 0x07, 2024-05-29, rev 0x0037, size 224256
    sig 0x00090675, pf_mask 0x07, 2024-05-29, rev 0x0037
    sig 0x000b06f2, pf_mask 0x07, 2024-05-29, rev 0x0037
    sig 0x000b06f5, pf_mask 0x07, 2024-05-29, rev 0x0037
    sig 0x000906a3, pf_mask 0x80, 2024-06-03, rev 0x0435, size 223232
    sig 0x000906a4, pf_mask 0x80, 2024-06-03, rev 0x0435
    sig 0x000a06a4, pf_mask 0xe6, 2024-08-02, rev 0x0020, size 138240
    sig 0x000b06a2, pf_mask 0xe0, 2024-05-29, rev 0x4123, size 220160
    sig 0x000b06a3, pf_mask 0xe0, 2024-05-29, rev 0x4123
    sig 0x000b06a8, pf_mask 0xe0, 2024-05-29, rev 0x4123
    sig 0x000c06f2, pf_mask 0x87, 2024-06-20, rev 0x21000283, size 560128
    sig 0x000c06f1, pf_mask 0x87, 2024-06-20, rev 0x21000283
  * source: update symlinks to reflect id of the latest release, 20241112
  * Update changelog for 3.20240910.1 and 3.20240813.1 with new information:
    INTEL-SA-1103 was addressed by 3.20240813.1 for some processor models,
    and not by 3.20240910. INTEL-SA-1079 was addressed by 3.20240910.1 for
    some processor models.

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 14 Nov 2024 15:37:40 -0300

intel-microcode (3.20241029.1) UNRELEASED; urgency=medium

  * New upstream microcode datafile 20241029
    - Not relevant for operating system microcode updates
    - Only when loaded from firmware, this update fixes the critical,
      potentially hardware-damaging errata RPL061: Incorrect Internal
      Voltage Request on Raptor Lake (Core 13th/14th gen) Intel
      processors.
  * Updated Microcodes:
    sig 0x000b0671, pf_mask 0x32, 2024-08-29, rev 0x012b, size 211968

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 14 Nov 2024 14:49:03 -0300

intel-microcode (3.20240910.1) unstable; urgency=medium

  * New upstream microcode datafile 20240910 (closes: #1081363)
    - Mitigations for INTEL-SA-01097 (CVE-2024-24968)
      Improper finite state machines (FSMs) in hardware logic in some
      Intel Processors may allow an privileged user to potentially enable a
      denial of service via local access.
    - Fixes for unspecified functional issues on several processor models
    - The processor voltage limit issue on Core 13rd/14th gen REQUIRES A
      FIRMWARE UPDATE.  It is present in this release for sig 0xb0671, but
      THE VOLTAGE ISSUE FIX ONLY WORKS WHEN THE MICROCODE UPDATE IS LOADED
      THROUGH THE FIT TABLE IN FIRMWARE.  Contact your system vendor for a
      firmware update that includes the appropriate microcode update for
      your processor.
  * Updated Microcodes:
    sig 0x00090672, pf_mask 0x07, 2024-02-22, rev 0x0036, size 224256
    sig 0x00090675, pf_mask 0x07, 2024-02-22, rev 0x0036
    sig 0x000b06f2, pf_mask 0x07, 2024-02-22, rev 0x0036
    sig 0x000b06f5, pf_mask 0x07, 2024-02-22, rev 0x0036
    sig 0x000906a3, pf_mask 0x80, 2024-02-22, rev 0x0434, size 222208
    sig 0x000906a4, pf_mask 0x80, 2024-02-22, rev 0x0434
    sig 0x000a06a4, pf_mask 0xe6, 2024-06-17, rev 0x001f, size 137216
    sig 0x000b0671, pf_mask 0x32, 2024-07-18, rev 0x0129, size 215040
    sig 0x000b06a2, pf_mask 0xe0, 2024-02-22, rev 0x4122, size 220160
    sig 0x000b06a3, pf_mask 0xe0, 2024-02-22, rev 0x4122
    sig 0x000b06a8, pf_mask 0xe0, 2024-02-22, rev 0x4122
    sig 0x000b06e0, pf_mask 0x19, 2024-03-25, rev 0x001a, size 138240
  * Update changelog for 3.20240813.1 with new information
  * Update changelog for 3.20240514.1 with new information
  * source: update symlinks to reflect id of the latest release, 20240910

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 21 Sep 2024 16:40:07 -0300

intel-microcode (3.20240813.2) unstable; urgency=high

  * Merge changes from intel-microcode/3.20240531.1+nmu1, which were left out
    from 3.20240813.1 by an oversight, regressing merged-usr. Closes: #1060200

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Sat, 17 Aug 2024 11:31:32 -0300

intel-microcode (3.20240813.1) unstable; urgency=medium

  * New upstream microcode datafile 20240813 (closes: #1078742)
    - Mitigations for INTEL-SA-01083 (CVE-2024-24853)
      Incorrect behavior order in transition between executive monitor and SMI
      transfer monitor (STM) in some Intel Processors may allow a privileged
      user to potentially enable escalation of privilege via local access.
    - Mitigations for INTEL-SA-01118 (CVE-2024-25939)
      Mirrored regions with different values in 3rd Generation Intel Xeon
      Scalable Processors may allow a privileged user to potentially enable
      denial of service via local access.
    - Mitigations for INTEL-SA-01100 (CVE-2024-24980)
      Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel
      Xeon Processors may allow a privileged user to potentially enable
      escalation of privilege via local access.
    - Mitigations for INTEL-SA-01038 (CVE-2023-42667)
      Improper isolation in the Intel Core Ultra Processor stream cache
      mechanism may allow an authenticated user to potentially enable
      escalation of privilege via local access.  Intel disclosed that some
      processor models were already fixed by the previous microcode update.
    - Mitigations for INTEL-SA-01046 (CVE-2023-49141)
      Improper isolation in some Intel Processors stream cache mechanism may
      allow an authenticated user to potentially enable escalation of
      privilege via local access.  Intel disclosed that some processor models
      were already fixed by the previous microcode update.
    - Mitigations for INTEL-SA-01079 (CVE-2024-23918)
      Potential security vulnerabilities in some Intel Xeon processors
      using Intel SGX may allow escalation of privilege.  Intel released this
      information during the full disclosure for the 20241112 update.
      Processor signatures 0x606a6 and 0x606c1.
    - Mitigations for INTEL-SA-01103 (CVE-2024-23984)
      A potential security vulnerability in the Running Average Power Limit
      (RAPL) interface for some Intel Processors may allow information
      disclosure. Intel released this information during the full disclosure
      for the 20240910 update.  Processor signatures 0x5065b, 0x606a6,
      0x606c1.
    - Fix for unspecified functional issues on several processor models
    - Fix for errata TGL068/ADL075/ICL088/... "Processor may hang during a
      microcode update".  It is not clear which processors were fixed by this
      release, or by one of the microcode updates from 2024-05.
    - Mitigations for INTEL-SA-01213 (CVE-2024-36293)
      Improper access control in the EDECCSSA user leaf function for some
      Intel Processors with Intel SGX may allow an authenticated user to
      potentially enable denial of service via local access.  Intel released
      this information during the full disclosure for the 20250211 update.
      Processor signature 0x906ec (9th Generation Intel Core processor).
  * Updated microcodes:
    sig 0x00050657, pf_mask 0xbf, 2024-03-01, rev 0x5003707, size 39936
    sig 0x0005065b, pf_mask 0xbf, 2024-04-01, rev 0x7002904, size 30720
    sig 0x000606a6, pf_mask 0x87, 2024-04-01, rev 0xd0003e7, size 308224
    sig 0x000606c1, pf_mask 0x10, 2024-04-03, rev 0x10002b0, size 300032
    sig 0x000706e5, pf_mask 0x80, 2024-02-15, rev 0x00c6, size 114688
    sig 0x000806c1, pf_mask 0x80, 2024-02-15, rev 0x00b8, size 112640
    sig 0x000806c2, pf_mask 0xc2, 2024-02-15, rev 0x0038, size 99328
    sig 0x000806d1, pf_mask 0xc2, 2024-02-15, rev 0x0052, size 104448
    sig 0x000806e9, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 106496
    sig 0x000806e9, pf_mask 0x10, 2024-02-01, rev 0x00f6, size 106496
    sig 0x000806ea, pf_mask 0xc0, 2024-02-01, rev 0x00f6, size 105472
    sig 0x000806eb, pf_mask 0xd0, 2024-02-01, rev 0x00f6, size 106496
    sig 0x000806ec, pf_mask 0x94, 2024-02-05, rev 0x00fc, size 106496
    sig 0x00090661, pf_mask 0x01, 2024-04-05, rev 0x001a, size 20480
    sig 0x000906ea, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 105472
    sig 0x000906eb, pf_mask 0x02, 2024-02-01, rev 0x00f6, size 106496
    sig 0x000906ec, pf_mask 0x22, 2024-02-01, rev 0x00f8, size 106496
    sig 0x000906ed, pf_mask 0x22, 2024-02-05, rev 0x0100, size 106496
    sig 0x000a0652, pf_mask 0x20, 2024-02-01, rev 0x00fc, size 97280
    sig 0x000a0653, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 98304
    sig 0x000a0655, pf_mask 0x22, 2024-02-01, rev 0x00fc, size 97280
    sig 0x000a0660, pf_mask 0x80, 2024-02-01, rev 0x00fe, size 97280
    sig 0x000a0661, pf_mask 0x80, 2024-02-01, rev 0x00fc, size 97280
    sig 0x000a0671, pf_mask 0x02, 2024-03-07, rev 0x0062, size 108544
    sig 0x000a06a4, pf_mask 0xe6, 2024-04-15, rev 0x001e, size 137216
  * source: update symlinks to reflect id of the latest release, 20240813
  * postinst, postrm: switch to dpkg-trigger to run update-initramfs

 -- Henrique de Moraes Holschuh <hmh@debian.org>  Thu, 15 Aug 2024 14:41:50 -0300

Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/18197
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2025-03-15 10:09:29 +01:00
.devcontainer/ci-env
devcontainer: Add development environment for gihub codespace
2023-10-30 23:34:26 +01:00
.github
CI: labeler: Add qualcommbe target
2025-02-09 21:04:19 +01:00
.vscode
meta: VS Code: add "Git: Always Sign Off" setting
2024-10-03 17:18:51 +02:00
config
kernel: Add KERNEL_DCB (Data Center Bridging)
2025-03-09 17:05:26 +01:00
include
kernel: bump 6.6 to 6.6.82
2025-03-13 00:08:36 +01:00
LICENSES
LICENSES: include all used licenses in LICENSES directory
2021-02-14 19:21:38 +01:00
package
firmware: intel-microcode: update to 20250211
2025-03-15 10:09:29 +01:00
scripts
scripts/feeds: shallow clone submodules
2025-03-04 12:00:19 +01:00
target
mediatek: filogic: openwrt-one: drop kmod-nvme
2025-03-14 11:23:57 +00:00
toolchain
build: conditionally build llvm bpf toolchain by default
2025-02-07 11:16:08 +01:00
tools
tools/coreutils: update to 9.6
2025-03-13 22:37:45 +01:00
.gitattributes
.gitattributes: ignore some whitespace "violations" in .patch files
2024-12-12 11:01:56 +01:00
.gitignore
gitignore: ignore local APK keys
2024-05-17 22:03:06 +03:00
BSDmakefile
Config.in
build: scripts/config - update to kconfig-v5.14
2022-02-19 13:10:01 +01:00
COPYING
COPYING: add COPYING file to specify project licenses
2021-02-14 19:21:38 +01:00
feeds.conf.default
feeds.conf.default: enable video feed by default
2024-12-05 01:34:01 +00:00
Makefile
build: include tests/Makefile if available
2024-06-17 17:51:31 +02:00
README.md
README: replace "MacOSX" with "macOS"
2024-04-01 18:46:30 +02:00
rules.mk
build: use lazy evaluation for NPROC to speed up metadata dump
2025-01-14 14:04:53 +01:00

README.md

OpenWrt logo

OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application. For developers, OpenWrt is the framework to build an application without having to build a complete firmware around it; for users this means the ability for full customization, to use the device in ways never envisioned.

Sunshine!

Download

Built firmware images are available for many architectures and come with a package selection to be used as WiFi home router. To quickly find a factory image usable to migrate from a vendor stock firmware to OpenWrt, try the Firmware Selector.

If your device is supported, please follow the Info link to see install instructions or consult the support resources listed below.

An advanced user may require additional or specific package. (Toolchain, SDK, ...) For everything else than simple firmware download, try the wiki download page:

Development

To build your own firmware you need a GNU/Linux, BSD or macOS system (case sensitive filesystem required). Cygwin is unsupported because of the lack of a case sensitive file system.

Requirements

You need the following tools to compile OpenWrt, the package names vary between distributions. A complete list with distribution specific packages is found in the Build System Setup documentation.

binutils bzip2 diff find flex gawk gcc-6+ getopt grep install libc-dev libz-dev
make4.1+ perl python3.7+ rsync subversion unzip which

Quickstart

  1. Run ./scripts/feeds update -a to obtain all the latest package definitions defined in feeds.conf / feeds.conf.default

  2. Run ./scripts/feeds install -a to install symlinks for all obtained packages into package/feeds/

  3. Run make menuconfig to select your preferred configuration for the toolchain, target system & firmware packages.

  4. Run make to build your firmware. This will download all sources, build the cross-compile toolchain and then cross-compile the GNU/Linux kernel & all chosen applications for your target system.

Related Repositories

The main repository uses multiple sub-repositories to manage packages of different categories. All packages are installed via the OpenWrt package manager called opkg. If you're looking to develop the web interface or port packages to OpenWrt, please find the fitting repository below.

  • LuCI Web Interface: Modern and modular interface to control the device via a web browser.

  • OpenWrt Packages: Community repository of ported packages.

  • OpenWrt Routing: Packages specifically focused on (mesh) routing.

  • OpenWrt Video: Packages specifically focused on display servers and clients (Xorg and Wayland).

Support Information

For a list of supported devices see the OpenWrt Hardware Database

Documentation

Support Community

  • Forum: For usage, projects, discussions and hardware advise.
  • Support Chat: Channel #openwrt on oftc.net.

Developer Community

License

OpenWrt is licensed under GPL-2.0

Description
This repository is a mirror of https://git.openwrt.org/openwrt/openwrt.git It is for reference only and is not active for check-ins. We will continue to accept Pull Requests here. They will be merged via staging trees then into openwrt.git.
Readme 1,003 MiB
Languages
C 61.6%
Makefile 18.8%
Shell 6.6%
Roff 6.5%
Perl 2.4%
Other 3.9%