aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* ramips: fix 5g mac for TOTOLINK X5000RChuanhong Guo2023-03-271-0/+4
| | | | | | | | | | There's no valid mac address for the second band in the eeprom. The vendor fw uses 2.4G mac + 4 as the mac for 5G radio. Do the same in our firmware. Fixes: 23be410b3d ("ramips: add support for TOTOLINK X5000R") Signed-off-by: Chuanhong Guo <gch981213@gmail.com> (cherry picked from commit 212632540043cc9b911c2efb86156479f2710836)
* ramips: add support for Mercusys MR70XDavid Bauer2023-03-243-4/+183
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardware ======== - SoC: MediaTek MT7621AT (880MHz, Duel-Core) - RAM: DDR3 128MB - Flash: Winbond W25Q128JV (SPI-NOR 16MB) - WiFi: MediaTek MT7915D (2.4GHz, 5GHz, DBDC) - Ethernet: MediaTek MT7530 (WAN x1, LAN x3, SoC) - UART: >TX RX GND 3v3 (115200 8N1, J1) Do not connect 3v3. TX is marked with an arrow. Installation ============ Flash factory image. This can be done using stock web ui. Revert to stock firmware ======================== Flash stock firmware via OEM Web UI Recovery mode. Web UI Recovery method ====================== 1. Unplug the router 2. Plug in and hold reset button 5~10 secs 3. Set your computer IP address manually to 192.168.1.x / 255.255.255.0 4. Flash image with web browser to 192.168.1.1 Co-authored-by: Robert Senderek <robert.senderek@10g.pl> Co-authored-by: Yoonji Park <koreapyj@dcmys.kr> Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 47de2c686291e69afc9f443e27e1dfd11ed5fbe7)
* firmware-utils: tplink-safeloader: add Mercusys MR70XDavid Bauer2023-03-242-1/+96
| | | | Signed-off-by: David Bauer <mail@david-bauer.net>
* ramips: fix Archer AX23 WiFi MAC address conflictDavid Bauer2023-03-211-4/+1
| | | | | | | | | | | The original claim about conflicting MAC addresses is wrong. mac80211 does increment the first octet and sets the LA bit. This means our "workaround" actually leads to the issue while incrementing the last octet is safe. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit d52870125d57d39e73e6c305dd36fad44fe4a773)
* ramips: add support for TP-Link Archer AX23 v1David Bauer2023-03-214-0/+223
| | | | | | | | | | | | | | | | | | | | | | | | | | Hardware -------- CPU: MediaTek MT7621 DAT RAM: 128MB DDR3 (integrated) FLASH: 16MB SPI-NOR () WiFi: MediaTek MT7905 + MT7975 (2.4 / 5 DBDC) 802.11ax SERIAL: 115200 8N1 LEDs - (3V3 - GND - RX - TX) - ETH ports Installation ------------ Upload the factory image using the Web-UI. Web-Recovery ------------ The router supports a HTTP recovery mode by holding the reset-button when powering on. The interface is reachable at 192.168.0.1 and supports installation using the factory image. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 7dceef5ee554ec4ab5d2dd2ff999f4a60bf2e0f4)
* firmware-utils: tplink-safeloader: add TP-Link Archer AX23 v1David Bauer2023-03-151-0/+122
| | | | Signed-off-by: David Bauer <mail@david-bauer.net>
* mpc85xx: add support for Watchguard Firebox T10David Bauer2023-03-1010-1/+410
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardware -------- SoC: Freescale P1010 RAM: 512MB FLASH: 1 MB SPI-NOR 512 MB NAND ETH: 3x Gigabite Ethernet (Atheros AR8033) SERIAL: Cisco RJ-45 (115200 8N1) RTC: Battery-Backed RTC (I2C) Installation ------------ 1. Patch U-Boot by dumping the content of the SPI-Flash using a SPI programmer. The SHA1 hash for the U-Boot password is currently unknown. A tool for patching U-Boot is available at https://github.com/blocktrron/t10-uboot-patcher/ You can also patch the unknown password yourself. The SHA1 hash is E597301A1D89FF3F6D318DBF4DBA0A5ABC5ECBEA 2. Interrupt the bootmenu by pressing CTRL+C. A password prompt appears. The patched password is '1234' (without quotation marks) 3. Download the OpenWrt initramfs image. Copy it to a TFTP server reachable at 10.0.1.13/24 and rename it to uImage. 4. Connect the TFTP server to ethernet port 0 of the Watchguard T10. 5. Download and boot the initramfs image by entering "tftpboot; bootm;" in U-Boot. 6. After OpenWrt booted, create a UBI volume on the old data partition. The "ubi" mtd partition should be mtd7, check this using $ cat /proc/mtd Create a UBI partition by executing $ ubiformat /dev/mtd7 -y 7. Increase the loadable kernel-size of U-Boot by executing $ fw_setenv SysAKernSize 800000 8. Transfer the OpenWrt sysupgrade image to the Watchguard T10 using scp. Install the image by using sysupgrade: $ sysupgrade -n <path-to-sysupgrade> Note: The LAN ports of the T10 are 1 & 2 while 0 is WAN. You might have to change the ethernet-port. 9. OpenWrt should now boot from the internal NAND. Enjoy. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 35f6d795134e9b089c4e763a7f58cba7d4e15e42)
* generic: remove patch for unused kernel versionDavid Bauer2023-03-051-21/+0
| | | | | | | | Remove this stray patch, as OpenWrt 22.03 does not target kernel 5.15. Fixes commit b18a0d0b92963 ("generic: add support for EON EN25QX128A spi nor flash") Signed-off-by: David Bauer <mail@david-bauer.net>
* generic: MIPS: Add barriers between dcache & icache flushesDavid Bauer2023-03-051-0/+71
| | | | | | | | | | | | | | | This fixes spurious boot-errors with some ath79 MIPS 74Kc boards such as the AC Lite as well as Archer C7 v2. The missing barrier leads to the icache flush being executed before the dcache writeback, which results in the CPU executing the dummy infinite loop in tlbmiss_handler_setup_pgd. Applying this patch from upstream ensures the dcache is written back before flushing the icache. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 26bc8f68767e1ec6e33a84ef397e4c38d5968462)
* kernel: fix mtk dsa tag paddingFelix Fietkau2023-03-031-3/+2
| | | | | | | | | | The padding intended to avoid corrupted non-zero padding payload was accidentally adding too many padding bytes, tripping up some setups. Fix this by using eth_skb_pad instead. Fixes #11942. Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 9307c27539805de021fb7163f6ad6dc08992331b)
* kernel: can: fix MCP251x CAN controller module autoloadTim Harvey2023-02-261-1/+1
| | | | | | | Fix autoload module name for can-mcp251x kmod. Signed-off-by: Tim Harvey <tharvey@gateworks.com> (cherry picked from commit 29d02d8ce584fa7e420204e04dde1e17e14e009c)
* kernel: bump 5.10 to 5.10.168John Audia2023-02-1816-37/+37
| | | | | | | | | | | | | | | | | | | | | Manually rebased: backport-5.10/804-v5.14-0001-nvmem-core-allow-specifying-of_node.patch Removed upstreamed: generic-backport/807-v5.17-0003-nvmem-core-Fix-a-conflict-between-MTD-and-NVMEM-on-w.patch[1] All other patches automatically rebased. 1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.168&id=34ec4c7831c416ac56619477f1701986634a7efc Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 461072fc7b3d8fa77347a884fe5d36c81f660da8) [Refresh on OpenWrt 22.03] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 5.10 to 5.10.167John Audia2023-02-181-2/+2
| | | | | | | | | | | All patches automatically rebased. Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 712681458a65736d3fc625bb9c481c31b23c1f97)
* openssl: bump to 1.1.1tJohn Audia2023-02-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes between 1.1.1s and 1.1.1t [7 Feb 2023] *) Fixed X.400 address type confusion in X.509 GeneralName. There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This vulnerability may allow an attacker who can provide a certificate chain and CRL (neither of which need have a valid signature) to pass arbitrary pointers to a memcmp call, creating a possible read primitive, subject to some constraints. Refer to the advisory for more information. Thanks to David Benjamin for discovering this issue. (CVE-2023-0286) This issue has been fixed by changing the public header file definition of GENERAL_NAME so that x400Address reflects the implementation. It was not possible for any existing application to successfully use the existing definition; however, if any application references the x400Address field (e.g. in dead code), note that the type of this field has changed. There is no ABI change. [Hugo Landau] *) Fixed Use-after-free following BIO_new_NDEF. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. (CVE-2023-0215) [Viktor Dukhovni, Matt Caswell] *) Fixed Double free after calling PEM_read_bio_ex. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. (CVE-2022-4450) [Kurt Roeckx, Matt Caswell] *) Fixed Timing Oracle in RSA Decryption. A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. (CVE-2022-4304) [Dmitry Belyavsky, Hubert Kario] Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 4ae86b3358a149a17411657b12103ccebfbdb11b) The original commit removed the upstreamed patch 010-padlock.patch, but it's not on OpenWrt 22.03, so it doesn't have to be removed. Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
* bpf: ignore missing LLVM bins on package for non compile stepsChristian Marangi2023-02-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | To download a package the LLVM bins are not strictly needed. Currently with an example run of make package/bridger/download V=s, the build fail with make[2]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger' bash: line 1: /home/ansuel/openwrt-ansuel/openwrt/staging_dir/host/llvm-bpf/bin/clang: No such file or directory bash: line 1: [: : integer expression expected /home/ansuel/openwrt-ansuel/openwrt/include/bpf.mk:71: *** ERROR: LLVM/clang version too old. Minimum required: 12, found: . Stop. make[2]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt/package/network/services/bridger' time: package/network/services/bridger/download#0.04#0.00#0.06 ERROR: package/network/services/bridger failed to build. This is wrong since it may be needed to download the required packages first and then compile them later. Fix this by ignoring the LLVM bin check on non compile steps. Tested-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 116c73fd71c75e38c4d707dc5a74e6993874098f)
* bpf: check llvm version only when usedHauke Mehrtens2023-02-091-0/+2
| | | | | | | | | | | | | unetd always includes $(INCLUDE_DIR)/bpf.mk. This file always checks if the LLVM version is supported in CLANG_VER_VALID. unetd only needs bpf when UNETD_VXLAN_SUPPORT is set. It fails when UNETD_VXLAN_SUPPORT is not set and llvm is not installed. Fix it by only checking the LLVM version when a LLVM toolchain is available. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit c58177b5dcb3461efef0adefe570dd8a8d966ec4)
* at91: sam9x,sama5: fix racy SD card image generationPetr Štetiar2023-02-082-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | We've few low spec (make -j3) build workers attached to the 22.03 buildbot instance which from time to time exhibit following build failure during image generation (shortened for brewity): + dd bs=512 if=root.ext4 of=openwrt-22.03...sdcard.img.gz.img dd: failed to open 'root.ext4': No such file or directory Thats happening likely due to the fact, that on buildbots we've `TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem image in the SD card image target dependency chain: make_ext4fs -L rootfs ... root.ext4+pkg=68b329da and that hardcoded `root.ext4` image filename becomes available from other Make targets in the later stages. So lets fix this issue by using IMAGE_ROOTFS Make variable which should contain proper path to the root filesystem image. Fixing remaining subtargets ommited in commit 5c3679e39b61 ("at91: sama7: fix racy SD card image generation"). Fixes: 5c3679e39b61 ("at91: sama7: fix racy SD card image generation") Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 3b669bc3f32f7594f38187a284a65ca2c35a0121)
* at91: sama7: fix racy SD card image generationPetr Štetiar2023-02-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | We've few low spec (make -j3) build workers attached to the 22.03 buildbot instance which from time to time exhibit following build failure during image generation: + dd bs=512 if=root.ext4 of=openwrt-22.03-snapshot-r20028-43d71ad93e-at91-sama7-microchip_sama7g5-ek-ext4-sdcard.img.gz.img seek=135168 conv=notrunc dd: failed to open 'root.ext4': No such file or directory Thats likely due to the fact, that on buildbots we've `TARGET_PER_DEVICE_ROOTFS=y` which produces differently named filesystem image in the SD card image target dependency chain: make_ext4fs -L rootfs ... root.ext4+pkg=68b329da and that hardcoded root.ext4 becomes available from other target in the later stages. So lets fix this issue by using IMAGE_ROOTFS Make variable which should contain proper path to the root filesystem image. Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 5c3679e39b615ff29c9315f810e8e15775cc2d01)
* mac80211: Update to version 5.15.92-1Hauke Mehrtens2023-02-081-3/+3
| | | | | | | This update mac80211 to version 5.15.92-1. This includes multiple bugfixes. Some of these bugfixes are fixing security relevant bugs. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 5.10 to 5.10.166John Audia2023-02-0520-63/+63
| | | | | | | | | | | All patches automatically rebased. Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 50324b949b91cfb70ced3869b09b895e45a5ae37)
* ramips: mt7621-dts: fix phy-mode of external phy on GB-PC2Arınç ÜNAL2023-02-031-1/+1
| | | | | | | | | The phy-mode property must be defined on the MAC instead of the PHY. Define phy-mode under gmac1 which the external phy is connected to. Tested-by: Petr Louda <petr.louda@outlook.cz> Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com> (cherry picked from commit 5155200f97adaeaaac7b752b5a6a5e41cba3db6a)
* octeontx: add sqaushfs and ramdisk to featuresTim Harvey2023-02-031-1/+1
| | | | | | | | Add squashfs and ramdisk to features as these are commonly used images for the octeontx. Signed-off-by: Tim Harvey <tharvey@gateworks.com> (cherry picked from commit af5635e6ca12d3be275560a58ac6e2793e218fcd)
* ath79: add LTE packages for GL-XE300Tom Herbers2023-02-031-1/+2
| | | | | | | | | | | | | | | | | | Add LTE packages required for operating the LTE modems shipped with the GL-XE300. Example configuration for an unauthenticated dual-stack APN: network.wwan0=interface network.wwan0.proto='qmi' network.wwan0.device='/dev/cdc-wdm0' network.wwan0.apn='internet' network.wwan0.auth='none' network.wwan0.delay='10' network.wwan0.pdptype='IPV4V6' Signed-off-by: Tom Herbers <mail@tomherbers.de> (cherry picked from commit 67f283be4430ebfb46be6c00fcc7c12a6adabce3)
* ath79: add label-mac-device for GL-XE300Tom Herbers2023-02-031-0/+4
| | | | | | | | This adds an label-mac-device alias which refrences the mac which is printed on the Label of the device. Signed-off-by: Tom Herbers <mail@tomherbers.de> (cherry picked from commit f83f5f8452edd3115aacf333b0038da89639a218)
* ath79: add LTE led for GL.iNet GL-XE300Leo Soares2023-02-031-0/+1
| | | | | | | | | This commit adds the LTE led for GL.iNet GL-XE300 to the default leds config. Signed-off-by: Leo Soares <leo@hyper.ag> (cherry picked from commit 35a0f2b00c44a43ad087327f0cbdb1c9c5e60c49) Signed-off-by: Tom Herbers <mail@tomherbers.de>
* kernel: backport some mv88e6xxx devlink patchesEtienne Champetier2023-01-313-0/+374
| | | | | | This should help debug mv88e6xxx issues Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
* kernel: bump 5.10 to 5.10.165John Audia2023-01-289-12/+12
| | | | | | | | | | | All patches automatically rebased. Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 257e9fc57cf2c0391f8d99c25e82d75b73695c8a)
* kernel: bump 5.10 to 5.10.164John Audia2023-01-286-9/+9
| | | | | | | | | | | All patches automatically rebased Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 9c3954bc46fce58a0f2dbe8bf6d3f507cfcd1dfb)
* kernel: bump 5.10 to 5.10.163John Audia2023-01-2878-217/+151
| | | | | | | | | | | | | | | | | Removed upstreamed: generic/101-Use-stddefs.h-instead-of-compiler.h.patch[1] bcm27xx/patches-5.10/950-0194-drm-fourcc-Add-packed-10bit-YUV-4-2-0-format.patch All patches automatically rebased. 1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.163&id=ddd2bb08bd99b7ee4442fbbe0f9b80236fdd71d2 Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 2835df54ab84a8709057df156932497b19cda449)
* kernel: bump 5.10 to 5.10.162John Audia2023-01-282-3/+3
| | | | | | | | | | | All patches automatically rebased. Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 2621ddb0bef7f5f8eedc49437dfa23b66e810af6)
* mac80211: use 802.11ax iw modesDavid Bauer2023-01-281-3/+3
| | | | | | | | | | | This adds missing HE modes to mac80211_prepare_ht_modes. Previously mesh without wpa_supplicant would be initialized with 802.11g /NO-HT only, as this method did not parse channel bandwidth for HE operation. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit a63430eac33ceb1dbf96d3667e2a0f2e04ba391f)
* kernel: mtk-bmt: fix usage of _oob_readChuanhong Guo2023-01-251-2/+8
| | | | | | | | | _oob_read returns number of bitflips on success while bbt_nand_read should return 0. Fixes: 2d49e49b18 ("mediatek: bmt: use generic mtd api") Signed-off-by: Chuanhong Guo <gch981213@gmail.com> (cherry picked from commit f183ce35b8ea2fd991ac489fb223b09a1ecb4db0)
* tools/mkimage: build uboot with NO_SDL=1Christian Marangi2023-01-221-0/+1
| | | | | | | | | From uboot Documentation for uboot-2022.01 for tools-only we can build with NO_SDL=1 to skip installing the sdl2 package. Follow this to fix compilation error on macos Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* lantiq: xrx200: Fix wifi LED on o2 box 6431Florian Maurer2023-01-202-1/+1
| | | | | | | | Wifi LED did not work using phy0radio, which somehow slipped through in the previous testing Signed-off-by: Florian Maurer <f.maurer@outlook.de> (cherry picked from commit 2e3d1edf59109d6329a00d90b1e953261d602af5)
* mbedtls: move source modification to patchDavid Bauer2023-01-182-3/+15
| | | | | | | | Patch the mbedtls source instead of modifying the compile-targets in the prepare buildstep within OpenWrt. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 00f1463df7e690862403208082f71fb4741baf02)
* Revert "toolchaini/gcc: fix libstdc++ dual abi model"Petr Štetiar2023-01-181-1/+1
| | | | | | | | | This reverts commit c0b4303d2e2f4a9e1d4684fd584e6b6548666f0f as it was reported, that it breaks all packages depending on libstdcpp due to changed ABI. References: https://github.com/openwrt/packages/issues/20340 Signed-off-by: Petr Štetiar <ynezz@true.cz>
* dosfstools: switch to AC_CHECK_LIBDavid Bauer2023-01-161-0/+28
| | | | | | | | | This fixes spurious build-errors on OpenWrt, where the AM_ICONV macro is undefined while invoking autoconfig. Later in the build, the ICONV LDOPTIONS are set to @LIBICONV@, failing the build. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 9300a20dcce2217b121bd2020cc1a4ea41fa4475)
* tools/dosfstools: fix PKG_SOURCEStijn Tintel2023-01-161-2/+2
| | | | | | | | | Both mirrors provided in the Makefile only serve gzipped tarballs. Fixes: #10871 Fixes: 9edfe7dd13d9 ("source: Switch to xz for packages and tools where possible") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit bd911b45389b3da299948b457a1fc645febd2248)
* toolchaini/gcc: fix libstdc++ dual abi modelIvan Maslov2023-01-161-1/+1
| | | | | | | | | | | libstdcxx-dual-abi needs to be enabled to actually support C++11 ABI. Enable the config flag to also permit support of .NET 6 development on OpenWrt. Signed-off-by: Ivan Maslov <avenger_msoft@mail.ru> [ reword commit description and title ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 3c06a344e9c7c03c49c9153342e68a5390651323)
* scripts/dl_github_archieve.py: fix generating unreproducible tarChristian Marangi2023-01-121-1/+1
| | | | | | | | | | | | | | | | Allign dl_github_archieve.py to 8252511dc0b5a71e9e64b96f233a27ad73e28b7f change. On supported system the sigid bit is applied to files and tar archieve that on tar creation. This cause unreproducible tar for these system and these bit should be dropped to produce reproducible tar. Add the missing option following the command options used in other scripts. Fixes: 75ab064d2b38 ("build: download code from github using archive API") Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Tested-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 5f1758ef14575df4e86896526b1c2035c231899e)
* ksmbd: Fix ZDI-CAN-18259Hauke Mehrtens2023-01-113-1/+100
| | | | | | | | | | | | This fixes a security problem in ksmbd. It currently has the ZDI-CAN-18259 ID assigned, but no CVE yet. Backported from: https://github.com/cifsd-team/ksmbd/commit/8824b7af409f51f1316e92e9887c2fd48c0b26d6 https://github.com/cifsd-team/ksmbd/commit/cc4f3b5a6ab4693aba94a45cc073188df4d67175 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 76c67fcc66116381c69439f20159b636573080ba)
* ksmbd: update to 3.4.6Nick Hainke2023-01-072-55/+2
| | | | | | | | | | | | | | | | | | | Release Announcement: https://github.com/cifsd-team/ksmbd/releases/tag/3.4.6 Remove upstreamed: - 10-fix-build-on-kernel-5.15.52-or-higher.patch This fixes the following security bugs: * CVE-2022-47938, ZDI-22-1689 * CVE-2022-47939, ZDI-22-1690 (patch was already backported before) * CVE-2022-47940, ZDI-22-1691 * CVE-2022-47941, ZDI-22-1687 * CVE-2022-47942, ZDI-22-1688 * CVE-2022-47943, ZDI-CAN-17817 Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry picked from commit 78cbcc77cc33638b185f85c0e40daee1906a2c3c)
* lantiq-xrx200: fix wan LED on o2 box 6431Florian Maurer2023-01-061-1/+4
| | | | | | | | | | | | | The WIFI LED already worked for me with the latest openwrt 22.03 version. Wifi LED did not with an older 22.x version (in gluon - there phy0radio did nothing but phy0tpt did show activity the WAN interface has the name "wan" and not "pppoe-wan" on this device fixes #7757 (and FS#2987) Signed-off-by: Florian Maurer <f.maurer@outlook.de> (cherry picked from commit 0820d620123a03b6db6642acb6e950d22ffb030f) Signed-off-by: Jan-Niklas Burfeind <git@aiyionpri.me>
* CI: build: fix external toolchain use with release tag testsChristian Marangi2023-01-041-1/+1
| | | | | | | | | | | | | | | When a new tag for a release is created, the just checkout repo from github actions will already have such tag locally created. This will result in git fetch --tags failing with error rejecting the remote tag with (would clobber existing tag). Add -f option to overwrite any local tags and always fetch them from remote. Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit f655923b362e9f2d70672eee9c1fa82550a145a6)
* OpenWrt v22.03.3: revert to branch defaultsHauke Mehrtens2023-01-035-11/+9
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v22.03.3: adjust config defaultsv22.03.3Hauke Mehrtens2023-01-035-9/+11
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Do not build brcmsmac on bcm47xx_legacyHauke Mehrtens2023-01-031-1/+1
| | | | | | | | | | brcmsmac needs bcma. bcma is build into the kernel for the other bcm47xx subtargets, but not for the legacy target because it only uses ssb. We could build bcma as a module for bcm47xx_legacy, but none of these old devices uses a wifi card supported by brcsmac. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit cb7d662dac897dd7df6ba6ba60417db822bd68f2)
* uml: fix 5.10 buildChristian Lamparter2023-01-031-0/+32
| | | | | | | | | | | | | | the 5.10 uml build currently breaks with: /usr/bin/ld: arch/um/os-Linux/signal.o: in function `sigusr1_handler': arch/um/os-Linux/signal.c:141: undefined reference to `uml_pm_wake' But there's an upstream fix for this. Backport the fix for now but also let upstream know so it finds its way through the -stable releases. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 8bea5edf89e57c32b98620540a457441f5f8ddeb)
* kernel: Add missing kernel configuration optionsHauke Mehrtens2023-01-035-4/+3
| | | | | | | This fixes compile of the bmips target. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit f620eb70f1a10385c33a9833e1c97d8c7fef0093)
* gdb: Do not link against xxhashHauke Mehrtens2023-01-021-0/+1
| | | | | | | | | | | libxxhash is now available in the OpenWrt package feed and gdb will link against it if gdb finds this library. Explicitly deactivate the usage of xxhash. This should fix the build of gdb in build bots. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit a442974cfa89c7182c37b3b422b2d49319e2b339)