| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added the new configuration options:
CONFIG_HARDEN_BRANCH_HISTORY=y
CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY=y
Manually adapted:
target/linux/generic/hack-5.4/220-gc_sections.patch
Compile-tested: lantiq/xrx200, armvirt/64
Run-tested: lantiq/xrx200, armvirt/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When using external targets there is a symlink being created for the
target under target/linux which then becomes dangling under Image
Builder. Fix it by dereferencing the possible symlink.
Tested on IB with external target, ipq40xx and mvebu.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 621f39d1f438bf95dbae667c575926fa16a6d797)
(cherry picked from commit ec9af870f3278f75549836b469baefa260e2ed41)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When upgrading a TP-Link Archer C5 v1 from ar71xx to ath79,
the 5ghz radio stops working because the device path changed.
Same has been done for the Archer C7 before:
commit e19506f20618 ("ath79: migrate Archer C7 5GHz radio device paths")
Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
(cherry picked from commit c6eb63d48f942f1e54737ed182776cf9a08de542)
|
| |
|
|
|
|
|
|
|
|
| |
The label has the MAC address of eth0, not the WLAN PHY address. We can
merge the definition back into ar7241_ubnt_unifi.dtsi, as both DTS
derived from it use the same interface for their label MAC addresses
after all.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit aee9ccf5c1b536189ebee8c232273657334da843)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ticerex on the OpenWrt Forum reported a gnarly crash when
he was using Samsung 840 and 850 EVOs with his MyBook Live:
| BUG: Kernel NULL pointer dereference at 0x00000000
| Faulting instruction address: 0xc03ed4b8
| Oops: Kernel access of bad area, sig: 11 [#1]
| BE PAGE_SIZE=4K PowerPC 44x Platform
| CPU: 0 PID: 362 Comm: scsi_eh_1 Not tainted 5.4.163 #0
| NIP: c03ed4b8 LR: c03d27e8 CTR: c03ed36c
| REGS: cfa59950 TRAP: 0300 Not tainted (5.4.163)
| MSR: 00021000 <CE,ME> CR: 42000222 XER: 00000000
| DEAR: 00000000 ESR: 00000000
| GPR00: c03d27e8 cfa59a08 cfa55fe0 00000000 0fa46bc0 [...]
| [..]
| NIP [c03ed4b8] sata_dwc_qc_issue+0x14c/0x254
| LR [c03d27e8] ata_qc_issue+0x1c8/0x2dc
| Call Trace:
| [cfa59a08] [c003f4e0] __cancel_work_timer+0x124/0x194 (unreliable)
| [cfa59a78] [c03d27e8] ata_qc_issue+0x1c8/0x2dc
| [cfa59a98] [c03d2b3c] ata_exec_internal_sg+0x240/0x524
| [cfa59b08] [c03d2e98] ata_exec_internal+0x78/0xe0
| [cfa59b58] [c03d30fc] ata_read_log_page.part.38+0x1dc/0x204
| [cfa59bc8] [c03d324c] ata_identify_page_supported+0x68/0x130
| [...]
This turned out this is an issue with upstream changing
ATA_TAG_INTERNAL's value from 31 to 32 during 4.18 release.
Update "SATA_DWC_QCMD_MAX" to account for that.
Link: https://forum.openwrt.org/t/my-book-live-duo-reboot-loop/122464
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 5ac672cfab60e90ab8a0bf3491fa2a27619d22d6)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This backports the following upstream Linux patches
net: sfp: add mode quirk for GPON module Ubiquiti U-Fiber Instant
net: sfp: relax bitrate-derived mode check
net: sfp: cope with SFPs that set both LOS normal and LOS inverted
for 5.4 for mvebu platform.
This fixes GPON modules:
Ubiquiti U-Fiber Instant SFP GPON
VSOL V2801F
CarlitoxxPro CPGOS03-0490 v2.0
Signed-off-by: Marek Behún <marek.behun@nic.cz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Drop package: cypress-firmware-4359-pcie
This binary is no longer provided and there are not many details what
happened.
2. Drop package: cypress-firmware-4359-sdio
This binary is no longer provided, but in this case, to compare it with
PCIe package mention as first, there was added
support in Linux-firmware [1], but no sign of firmware file.
4. Drop package: cypress-firmware-89459-pcie [2]
According to Infineon: "CYW89459 is an automotive Wi-Fi chip which is not
supported in the broad market community."
[1] https://patchwork.kernel.org/project/linux-wireless/patch/20191211235253.2539-6-smoch@web.de/
[2] https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/the-wifi-driver-for-CYW89459-in-linux4-14-98-2-3-00/m-p/138971
Fixes: 7ca7e0b22de6e629f5df12b8a935a168073bcca3 ("cypress-firmware:
update it to version 5.4.18-2021_0812")
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 8c66bf89d1e8e67d8a3537e164bb7d9669259c08)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Binary files were renamed to cyfmac from brcmfmac, but the files needs
to be on the router with the previous naming
[ 6.656165] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
[ 6.665182] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.bin failed with error -2
[ 6.674928] brcmfmac mmc1:0001:1: Falling back to sysfs fallback for: brcm/brcmfmac43455-sdio.bin
- Cypress were acquired by Infineon Technologies
Thus change the project URL and switch to download files from their
GitHub repository. This is much better than the previous solution, which
requires finding new threads on their community forum about new driver
updates, and it will be necessary to change the URL each time.
Unfortunately, it seems that there is not published changelog, but
according to this forum thread [1], be careful by opening the link from
solution since it contains ending bracket ), it brings fixes for various
security vulnerabilities, which were fixed in 7_45_234.
Fixes:
- FragAttacks
- Kr00k
Also add LICENSE file
Run tested on Seeedstudio router powered by Raspberry Pi 4 CM with
package cypress-firmware-43455-sdio.
Before:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[ 6.895050] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Mar 23 2020 02:20:01 version 7.45.206 (r725000 CY) FWID 01-febaba43
After:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[ 6.829805] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID 01-996384e2
[1] https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/Outdated-brcmfmac-firmware-for-Raspberry-Pi-4-in-OpenWrt-21-02-1/m-p/331593#M2269
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 7ca7e0b22de6e629f5df12b8a935a168073bcca3)
|
| |
|
|
|
|
|
|
|
|
| |
The OCEDO Raccoon had significant packet-loss with cables longer than 50
meter. Disabling EEE restores normal operation.
Also change the ethernet config to reduce loss on sub-1G links.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 4551bfd91f31be5987727c77e58333fa06ba3acd)
|
| |
|
|
|
|
|
|
|
|
|
| |
Required to allow sysupgrades from OpenWrt 19.07.
Closes #7071
Fixes: 98fbf2edc021 ("ath79: move TPLINK_HWID/_HWREV to parent for tplink-safeloader")
Tested-by: J. Burfeind <git@aiyionpri.me>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 8ba71f1f6f2359f9cf54201e9fc037df33f123c0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tavis has just reported, that he was recently trying to track down a
reproducible crash in a compressor. Believe it or not, it really was a
bug in zlib-1.2.11 when compressing (not decompressing!) certain inputs.
Tavis has reported it upstream, but it turns out the issue has been
public since 2018, but the patch never made it into a release. As far as
he knows, nobody ever assigned it a CVE.
Suggested-by: Tavis Ormandy <taviso@gmail.com>
References: https://www.openwall.com/lists/oss-security/2022/03/24/1
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b3aa2909a79aeff20d594160b207a89dc807c033)
(cherry picked from commit 3965dda0fa70dc9408f1a2e55a3ddefde78bd50e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a20-olinuxino-lime2 is currently having hard time with link detection of
certain 1000Mbit partners due to usage of generic PHY driver, probably
due to following missing workaround introduced in upstream in commit
3aed3e2a143c ("net: phy: micrel: add Asym Pause workaround"):
The Micrel KSZ9031 PHY may fail to establish a link when the Asymmetric
Pause capability is set. This issue is described in a Silicon Errata
(DS80000691D or DS80000692D), which advises to always disable the
capability. This patch implements the workaround by defining a KSZ9031
specific get_feature callback to force the Asymmetric Pause capability
bit to be cleared.
This fixes issues where the link would not come up at boot time, or when
the Asym Pause bit was set later on.
As a20-olinuxino-lime2 has Micrel KSZ9031RNXCC-TR Gigabit PHY since
revision H, so we need to use Micrel PHY driver on those devices.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ffa1088f63267f817a3adf34c84b8e8089b1a938)
|
| |
|
|
|
|
|
|
|
|
| |
uDPU has 2 LM75 compatible temperature sensors, so include the driver for
them by default in order to utilize them.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [rebase]
(cherry picked from commit a8b2d3590329386d0ae6873460b2d5126f63ddaa)
(cherry picked from commit b9e90935db8e0c0166c80fc6e5e50755282e9e0b)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
uDPU provides a FIT based initramfs, but currently gets stuck after U-boot
starts the kernel at "Starting kernel..".
It is due to the load address being too low, so increase it in order to get
the initramfs booting again.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
(cherry picked from commit 80f21e53360d52d493c51a4a263d9b7607b7494e)
(cherry picked from commit d65269a732d82ca9d084c89d6ca05d125d4ab629)
|
| |
|
|
|
|
|
| |
The label has the MAC address of eth0, not the WLAN PHY address.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 2a02b7049966dc77ae9519ca165f29b75e0dbf0e)
|
| |
|
|
|
|
|
|
|
| |
This firmware should only be used for mobile devices (e.g. laptops), where
AP mode functionality is typically not used. This firmware supports a lot
of power saving offload functionality at the expense of AP mode support.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a1ac8728f80314c574201013e7fea58536c2b3ee)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[ backport of master commit fbe2c3feaa4ef5747a691cb4c808925b024ff450 ]
Backport patches
381a730182f1 ("net: dsa: Move VLAN filtering syncing out of dsa_switch_bridge_leave")
108dc8741c20 ("net: dsa: Avoid cross-chip syncing of VLAN filtering")
from upstream (currently in net-next) to fix null-pointer dereference.
Signed-off-by: Marek Behún <marek.behun@nic.cz>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [master commit detail]
|
| |
|
|
|
|
|
|
|
|
|
| |
Add the STAs extended capabilities to the ubus STA information. This
way, external daemons can be made aware of a STAs capabilities.
This field is of an array type and contains 0 or more bytes of a STAs
advertised extended capabilities.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 6f787239771044ed7eeaf22301c543b699f25cb4)
|
| |
|
|
|
|
|
| |
Include the current operation class to hostapd get_status interface.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2a31e9ca975d99b6216b2979a825f07253c8947e)
|
| |
|
|
|
|
|
|
|
|
|
| |
Add the beacon interval to hostapd status output. This allows external
services to discover the beacon interval for a specific VAP.
This way, external wireless management daemons can correctly calculate
fields containing TBTT value from absolute time-values.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 3ba98468424db1f081818982dfa2a07ab85ae136)
|
| |
|
|
|
| |
Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
(cherry picked from commit cde154c8712255d13658317b116d4fc341ed89f2)
|
| |
|
|
|
|
|
|
|
|
| |
Imports a function from iw to convert frequencies to channel numbers.
Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
[fix potential out of bounds read]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 398df6275674b637bc950e4f946f84c2bc5e09ff)
|
| |
|
|
|
|
|
|
|
|
| |
To allow steering daemons to be aware of the STA-decided transition
target, publish WNM transition responses to ubus. This way, steerings
daemons can learn about STA-chosen targets and send a better selection
of transition candidates.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit a3de42e72ce349c14263737c5d6ec7b00397cf14)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The existing wnm_disassoc_imminent ubus method only supports issuing a
bss transition request with the disassoc imminent flag set.
For use-cases, where the client is requested to roam to another BSS
without a pending disassoc, this existing method is not suitable.
Add a new bss_transition_request ubus method, which provides a more
universal way to dispatch a transition request. It takes the following
arguments:
Required:
addr: String - MAC-address of the STA to send the request to (colon-seperated)
Optional:
abridged - Bool - Indicates if the abridged flag is set
disassociation_imminent: Bool - Whether or not the disassoc_imminent
flag is set
disassociation_timer: I32 - number of TBTTs after which the client will
be disassociated
validity_period: I32 - number of TBTTs after which the beacon
candidate list (if included) will be invalid
neighbors: blob-array - Array of strings containing neighbor reports as
hex-string
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 0eed96ca5d86bdc4158c8ef6814893bc2a3dc467)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a bugfix release. Changelog:
*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
forever for non-prime moduli. (CVE-2022-0778)
*) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
(RFC 5489) to the list of ciphersuites providing Perfect Forward
Secrecy as required by SECLEVEL >= 3.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit e17c6ee62770005e398364ee5d955c9a8ab6f016)
|
| |
|
|
|
|
|
|
|
|
| |
This fixes:
bash: xxd: command not found
on hosts without xxd installed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9dbca6bf6e6e088afd18fb532ed9135c21aec1cc)
Fixes: 45b3f2aa0f57 ("uboot-bcm4908: add package with BCM4908 U-Boot")
|
| |
|
|
|
|
|
|
| |
Don't download all of vim just to build xxd. Use a tight tarball
containing only xxd sources instead.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 2b94aac7a128c9d9f4343af2265b362e8b5d5013)
|
| |
|
|
|
|
|
|
|
|
|
| |
U-Boot requires xxd to create the default environment from an external
file as done in uboot-mediatek.
Build xxd (only, not the rest of vim) as part of tools to make sure it
is present on the buildhost.
Reported-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c4dd2441e7875c9550820f8380b3e41ca619ef27)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenWrt uses a lot of (b)ash scripts for initial setup. This isn't the
best solution as they almost never consider syncing files / data. Still
this is what we have and we need to try living with it.
Without proper syncing OpenWrt can easily get into an inconsistent state
on power cut. It's because:
1. Actual (flash) inode and data writes are not synchronized
2. Data writeback can take up to 30 seconds (dirty_expire_centisecs)
3. ubifs adds extra 5 seconds (dirty_writeback_centisecs) "delay"
Some possible cases (examples) for new files:
1. Power cut during 5 seconds after write() can result in all data loss
2. Power cut happening between 5 and 35 seconds after write() can result
in empty file (inode flushed after 5 seconds, data flush queued)
Above affects e.g. uci-defaults. After executing some migration script
it may get deleted (whited out) without generated data getting actually
written. Power cut will result in missing data and deleted file.
There are three ways of dealing with that:
1. Rewriting all user-space init to proper C with syncs
2. Trying bash hacks (like creating tmp files & moving them)
3. Adding sync and hoping for no power cut during critical section
This change introduces the last solution that is the simplest. It
reduces time during which things may go wrong from ~35 seconds to
probably less than a second. Of course it applies only to IO operations
performed before /etc/init.d/boot . It's probably the stage when the
most new files get created.
All later changes are usually done using smarter C apps (e.g. busybox or
uci) that creates tmp files and uses rename() that is expected to be
atomic.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
(cherry picked from commit 9851d4b6ce6e89d164a04803817625a9041b060a)
|
| |
|
|
|
|
|
| |
This is a step forward in adding support for devices with U-Boot.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 34fd5e325af5cbcb64696c9b4b1660f22299790f)
|
| |
|
|
|
|
|
|
| |
New BCM4908 devices come with U-Boot instead of CFE. Firmwares for such
devices has to include U-Boot.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0d45e1ea96ef29649f080c54f99fb1c80482421b)
|
| |
|
|
|
|
|
|
|
| |
This driver is needed to boot from CompactFlash on the Siemens Futro S400.
The device has an AMD NX1500 CPU, which seems to be unsupported by the
geode subtarget, so it must use legacy.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit c8350dfb3cdee7653744bbb4ee3b0ac1b015912c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Create "rootfs_data" dynamicaly
U-Boot firmware images can contain only 2 UBI volumes: bootfs (container
with U-Boot + kernel + DTBs) and rootfs (e.g. squashfs). There is no way
to include "rootfs_data" UBI volume or make firmware file tell U-Boot to
create one.
For that reason "rootfs_data" needs to be created dynamically. Use
preinit script to handle that. Fire it right before "mount_root" one.
2. Relate "rootfs_data" to flashed firmware
As already explained flashing new firmware with U-Boot will do nothing
to the "rootfs_data". It could result in new firmware reusing old
"rootfs_data" overlay UBI volume and its file. Users expect a clean
state after flashing firmware (even if flashing the same one).
Solve that by reading flash counter of running firmware and storing it
in "rootfs_data" UBI volume. Every mismatch will result in wiping old
data.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 93259e8ca261c7965618fe11c2d385638da5cfa6)
|
| |
|
|
|
|
|
| |
This fixes problem with USB PHY not handling some USB 3.0 devices.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0dbcefdd5229daacf6cd4c9996b8e6f31c90ffd1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For debugging purposes, we need to know if users are using modified
U-boot versions or not. Currently, the U-boot version is somehow
stripped. This is a little bit problematic when there are
backported/wip/to-upstream patches.
To make it more confusing, there was (before this commit) two U-boot
versioning. U-boot compiled by OpenWrt build bots are missing ``Build:``
This is also the case when the U-boot is compiled locally.
Example:
```
U-Boot SPL 2022.01 (Jan 27 2022 - 00:24:34 +0000)
U-Boot 2022.01 (Jan 27 2022 - 00:24:34 +0000)
```
On the other hand, if you run full build, you can at least see, where it
was compiled. Notice added ``Build:``.
Example:
```
U-Boot 2022.01 (Jan 27 2022 - 00:24:34 +0000), Build: jenkins-turris-os-packages-burstlab-omnia-216
```
In both cases, it is not clear to U-boot developers if it is an unmodified
build. This is also caused that there is a missing ``.git`` file from
U-boot folder, and so there is no history. It leads to that it can not
contain suffix ``-dirty`` (uncommitted modifications) or even something
else like number of commits, etc. [1]
When U-boot is compiled as it should be, the version should look like
this: ``U-Boot 2022.04-rc1-01173-g278195ea1f (Feb 11 2022 - 14:46:50 +0100)``
The date is not changed daily when there are new OpenWrt builds.
This commit adds OpenWrt specific version, which could be verified by
using strings.
```
$ strings bin/targets/mvebu/cortexa9/u-boot-omnia/u-boot-spl.kwb | grep -E "OpenWrt*"
U-Boot SPL 2022.01-OpenWrt-r18942+54-cbfce92367 (Feb 21 2022 - 13:17:34 +0000)
arm-openwrt-linux-muslgnueabi-gcc (OpenWrt GCC 11.2.0 r18942+54-cbfce92367) 11.2.0
2022.01-OpenWrt-r18942+54-cbfce92367
U-Boot 2022.01-OpenWrt-r18942+54-cbfce92367 (Feb 21 2022 - 13:17:34 +0000)
```
[1] https://u-boot.readthedocs.io/en/latest/develop/version.html
Reported-by: Pali Rohár <pali@kernel.org>
Suggested-by: Karel Kočí <karel.koci@nic.cz>
[rebased for OpenWrt 21.02]
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit d6aa9d9e071d9f23ed26f5142991bc66aefe20f5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.2-relnotes.txt
```
It includes the following security fix
* In some situations the X.509 verifier would discard an error on an
unverified certificate chain, resulting in an authentication bypass.
Thanks to Ilya Shipitsin and Timo Steinlein for reporting.
```
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 495c4f4e197166a6fa997d4620ca6c241e3abd45)
|
| |
|
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 03bb3412a2b8bf8ac69e062ea9fd88e2c6c6fb57)
|
| |
|
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f78ad901e1ce07c42a9f5e670c39dbdcea15eb87)
|
| |
|
|
|
|
|
| |
Fix wrong FPIC variable usage. Fixes compilation under sparc64 host.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit bf4dbbb55e2b8e23f186e1334f1e9ce6a3a8ddfe)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The following patch was integrated upstream:
target/linux/bcm4908/patches-5.4/180-i2c-brcmstb-fix-support-for-DSL-and-CM-variants.patch
All other updated automatically.
The new config option CONFIG_BPF_UNPRIV_DEFAULT_OFF is now handled too.
Compile-tested on: lantiq/xrx200, armvirt/64
Runtime-tested on: lantiq/xrx200, armvirt/64
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
From version 2021.09 U-Boot will fixup Turris Omnia's DTB before
booting, separating U-Boot's environment into separate MTD partition
"u-boot-env" [1].
Check if "u-boot-env" MTD partition exists and set the uci defaults
accordingly.
[1] https://lists.denx.de/pipermail/u-boot/2021-July/455017.html
Signed-off-by: Marek Behún <marek.behun@nic.cz>
(cherry picked from commit 713be7543909b79fbbccdea297e306cb3d3adb0c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following warning message during image building process:
Finalizing root filesystem...
root-ipq806x/lib/upgrade/asrock.sh: line 1: /lib/functions.sh: No such file or directory
Enabling boot
root-ipq806x/lib/upgrade/asrock.sh: line 1: /lib/functions.sh: No such file or directory
Enabling bootcount
Fixes #9350
Fixes: 98b86296e67d ("ipq806x: add support for ASRock G10")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit fc317a190c930c9c338bd07c2e323b6b9eaa1f07)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 13a185bf8acb67da4a68873e560876c0e60b1a87.
There was a report that one A1004ns device fails to detect its flash
chip correctly:
[ 1.470297] spi-nor spi0.0: unrecognized JEDEC id bytes: e0 10 0c 40 10 08
[ 1.484110] spi-nor: probe of spi0.0 failed with error -2
It also uses a different flash chip model:
* in my hand: Winbond W25Q128FVSIG (SOIC-8)
* reported: Macronix MX25L12845EMI-10G (SOP-16)
Reducing spi-max-frequency solved the detection failure. Hence revert.
Reported-by: Koasing <koasing@gmail.com>
Tested-by: Koasing <koasing@gmail.com>
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 9968a909c248169064446ed40e66d18986d93d11)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The offending commit caused the configuration file to contain:
radius_auth_req_attr=
radius_acct_req_attr=
which cause hostapd to add an ATTR of type 0 into the messages.
hostapd: RADIUS message: code=4 (Accounting-Request) identifier=0 length=93
hostapd: Attribute 40 (Acct-Status-Type) length=6
hostapd: Value: 7
hostapd: Attribute 30 (Called-Station-Id) length=28
hostapd: Value: 'C4-41-1E-F5-2D-55:OpenWifi'
hostapd: Attribute 61 (NAS-Port-Type) length=6
hostapd: Value: 19
hostapd: Attribute 0 (?Unknown?) length=3 <----------------
hostapd: Attribute 55 (Event-Timestamp) length=6
hostapd: Value: 1622726457
hostapd: Attribute 41 (Acct-Delay-Time) length=6
hostapd: Value: 0
hostapd: Attribute 44 (Acct-Session-Id) length=18
hostapd: Value: '9B5961E7235AAEC6'
Closes: #9315
Fixes: ce7a17041486 ("hostapd: add additional radius options")
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [pkg version bump]
(cherry picked from commit 96e9c81aabe9e14d6ec75c3f238c4ca7389b92a8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following error while executing the init script on the buildhost:
Enabling boot
./etc/init.d/bootcount: line 5: /lib/upgrade/asrock.sh: No such file or directory
Enabling bootcount
While at it fix following shellcheck issue:
base-files/etc/init.d/bootcount line 11:
if [ $? -eq 0 ]; then
^-- SC2181: Check exit code directly with e.g. 'if mycmd;', not indirectly with $?.
Fixes: #9345
Cc: Ansuel Smith <ansuelsmth@gmail.com>
Cc: Pawel Dembicki <paweldembicki@gmail.com>
Cc: Christian Lamparter <chunkeey@gmail.com>
Fixes: 98b86296e67d ("ipq806x: add support for ASRock G10")
References: https://gitlab.com/ynezz/openwrt/-/jobs/1243290743#L1444
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ce8af0ace04bb43e8156940c771b4058fa83d27a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport fix for API breakage of SSL_get_verify_result() introduced in
v5.1.1-stable. In v4.8.1-stable SSL_get_verify_result() used to return
X509_V_OK when used on LE powered sites or other sites utilizing
relaxed/alternative cert chain validation feature. After an update to
v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA
error and thus rendered all such connection attempts imposible:
$ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org"
Downloading 'https://letsencrypt.org'
Connecting to 18.159.128.50:443
Connection error: Invalid SSL certificate
Fixes: #9283
References: https://github.com/wolfSSL/wolfssl/issues/4879
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b9251e3b407592f3114e739231088c3d27663c4c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's reported that current memory detection code occasionally detects
larger memory under some bootloaders.
Current memory detection code tests whether address space wraps around
on KSEG0, which is unreliable because it's cached.
Rewrite memory size detection to perform the same test on KSEG1 instead.
While at it, this patch also does the following two things:
1. use a fixed pattern instead of a random function pointer as the magic
value.
2. add an additional memory write and a second comparison as part of the
test to prevent possible smaller memory detection result due to
leftover values in memory.
Fixes: 6d91ddf517 ("ramips: mt7621: add support for memory detection")
Reported-by: Rui Salvaterra <rsalvaterra@gmail.com>
Tested-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 2f024b79331141e2a62c9bf3601c803b26bde77b)
[backport for OpenWrt 21.02 as it was reproducible with Kernel 5.4, see [1]]
[1]: https://forum.openwrt.org/t/113081
Tested-by: Dimitri Souza <dimitri.souza@gmail.com> [mt7621/archer-c6-v3]
Signed-off-by: Szabolcs Hubai <szab.hu@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport of commit 7a560a1a5769 ("iwinfo: add 802.11ax HE support").
enables 802.11ax capability detection through ubus in OpenWrt 21.02
(e.g. with MT7915E 802.11ax PCI Express Wireless Network Adapter)
Signed-off-by: Šimon Bořek <simon.borek@nic.cz>
[commit message facelift, use openwrt-21.02 branch]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
