| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add two patches from Debian fixing CVEs in the bsdiff application.
CVE-2014-9862: Heap vulnerability in bspatch
CVE-2020-14315: Memory Corruption Vulnerability in bspatch
Copied the patches from this location:
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/20-CVE-2014-9862.patch
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/33-CVE-2020-14315.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cac723e8b8748938b8d80603578c60189fc32b24)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.134
Removed upstreamed:
generic/backport-5.15/894-Fix-up-backport-for-13619703038.patch[1]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.134&id=d7acb7031758141225844bea073860b48fd92092
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit ac3a5911daeaecc04c6ffd03027b6b75fa4472d2)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.133
Removed upstreamed:
bcm47xx/patches-5.15/101-v5.18-mtd-rawnand-brcmnand-Allow-SoC-to-provide-I-O-operations.patch[1]
Cherry picked build fix.[2] All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.133&id=56cf9f446b331414a15ef0e8dedf23583ec2c427
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.15/fix-up-backport-of-136191703038-interconnect-teach-l.patch
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 89895937dd4a24446b7bfd067398b4f7e73dc7b5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the following changes:
b4f76ecc9e Ignore MAP_VARIABLE in tst-mman-consts.py
f5d377c896 __check_pf: Add a cancellation cleanup handler [BZ #20975]
0e3e9dbb0e Document BZ #20975 fix
e2974d26ce io: Fix record locking contants on 32 bit arch with 64 bit default time_t (BZ#30477)
3593050c27 io: Fix F_GETLK, F_SETLK, and F_SETLKW for powerpc64
8dcb1a5181 hppa: xfail debug/tst-ssp-1 when have-ssp is yes (gcc-12 and later)
0930ff8eb3 realloc: Limit chunk reuse to only growing requests [BZ #30579]
3f4b4e2cdd elf: _dl_find_object may return 1 during early startup (bug 30515)
260d4b742b nptl: Fix tst-cancel30 on sparc64
58f7431fd7 sparc: Fix la_symbind for bind-now (BZ 23734)
1caf955269 x86: Increase `non_temporal_threshold` to roughly `sizeof_L3 / 4`
80a8c858a5 x86: Fix slight bug in `shared_per_thread` cache size calculation.
cc8243fb0b x86: Use `3/4*sizeof(per-thread-L3)` as low bound for NT threshold.
f94ff95e93 x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745]
0d500bfdc0 hurd: Make exception subcode a long
be26b29262 io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64
3d24d1903d elf: Do not run constructors for proxy objects
a7e34a6675 elf: Always call destructors in reverse constructor order (bug 30785)
bdb594afa5 elf: Remove unused l_text_end field from struct link_map
1a7cbe52c8 elf: Move l_init_called_next to old place of l_text_end in link map
b752934602 CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode
6529a7466c (HEAD) getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806)
79310b45af x86/dl-cacheinfo: remove unsused parameter from handle_amd
9d5c6e27ed x86: Fix for cache computation on AMD legacy cpus.
4473d1b87d Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
94ef701365 Document CVE-2023-4806 and CVE-2023-5156 in NEWS
2dfd8c77b5 i686: Regenerate ulps
b4e23c75ae tunables: Terminate if end of input is reached (CVE-2023-4911)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e66eed033f9f9d27fc839d81d3a03d4fad1b9b5b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The USXGMII implementation of Realtek switches can not only support
10GbE but also 2.5Gb and 5Gb on top of the usual data rates.
Mark those as supported to allow them to be negotiated.
This change has been tested on a ZyXEL XGS1250-12 with the following link
partners:
- NWA50AX Pro (2.5Gb)
- RTL8152 USB NIC (2.5Gb)
- AQC111 USB NIC (2.5Gb & 5Gb)
Gbit and 10GbE has also been tested to still work fine with a variety of
devices.
Signed-off-by: Tobias Schramm <tobias@t-sys.eu>
(cherry picked from commit cd56a682326f9de4d77ee3afb99d13d25c478c08)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix Spanning Tree Protocol (STP) by changing COPY2CPU which currently
makes switch to ignore Bridge Protocol Data Units (BPDUs).
Tested on Zyxel GS1900-8, 24 and 48.
Signed-off-by: Rudolf Vesely <i@rudolfvesely.com>
[ improve commit description and add new line in different sections ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 41fcc617f94601072d304f2f68e12cf1dd058707)
|
| |
|
|
|
|
|
|
|
|
|
| |
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi
supports a timeout parameter. Unfortunately qmi.sh didn't make use of
this parameter. So qmi.sh is now invoking an early dummy access to
unlock the modem
Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
(cherry picked from commit 32a696f9e419ebec5b166847a16a5a45d030acbd)
|
| |
|
|
|
|
|
|
| |
Add missing PKG_MIRROR_HASH. This is always needed as is used to
generate and use a tar instead of git clone and validate the hash of it.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit a181b9f0f9269525319024f53d83c7efe9da544b)
|
| |
|
|
|
|
|
| |
Backport patch merged upstream adding quirk for SFP GPON-ONU-34-20BI.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 86dadeba482e2ed41f1ccc95fc7739d85a5709c0)
|
| |
|
|
|
|
|
| |
Refresh containers also on modify of cmake options in the include file.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b40c0b54bde81243974cada51cb9a44736c773b3)
|
| |
|
|
|
|
|
|
| |
Fix concurrency group for push-containers workflow to handle running on
different branches.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 4c2eab1c27defd154adcd0c4454248112815ffcc)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This condition was introduced in commit 51c8f7661244 ("realtek: Improve
MAC config handling for all SoCs") to correctly report the speed of the
internal serdes ports as 10G, but instead makes all ports read 10G
because the or-operator should have been an and-operator.
Fixes: #9953
Fixes: 51c8f7661244 ("realtek: Improve MAC config handling for all SoCs")
Signed-off-by: Peter Körner <git@mazdermind.de>
[ wrap comment to 72 column and improve commit ref ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 9fb5082e258ac4672dc69636e5eb79f426defac8)
|
| |
|
|
|
|
|
|
|
| |
A bug report in the forum found that the MR70X lists four LAN ports in LuCI
while it has only three. This adds the device to the network setup file
to fix the issue.
Identified-by: Forum User "Lexeyko"
Signed-off-by: Andreas Böhler <dev@aboehler.at>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
| |
Recent hostapd changes just edited the ucode files. It is required to
bump the PKG_RELEASE to include the newest changes in the latest builds.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 91d2ead3c3bf75b279f861ad5d11b64bf31478f0)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If the full interface is restarted while bringing up an AP, it can trigger a
wpa_supplicant interface start before wpa_supplicant is notified of the
allocated mac addresses.
Fix this by moving the iface_update_supplicant_macaddr call to just after
the point where mac addresses are allocated.
Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit abceef120d57bf066941882630a76788eb4985a9)
|
| |
|
|
|
|
|
|
| |
The reset button was missing from the Enterasys WS-AP3715i DTS.
Add the node required for making the reset button work.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 0e8641d3b08bf8b9eac8e3338faf11cc058a5124)
|
| |
|
|
|
|
|
| |
This adds some Common Platform Enumerations (CPE) identifiers which I
found.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
| |
Vulnerabilities of musl libc are tracked as
cpe:/a:musl-libc:musl
Signed-off-by: Arne Zachlod <arne@nerdkeller.org>
|
| |
|
|
|
|
|
|
|
| |
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has a CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
| |
|
|
|
|
|
|
|
| |
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining tools which have a CPE ID.
Not every tool has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
| |
|
|
|
|
|
|
|
| |
The PKG_CPE_ID links to NIST CPE version 2.2.
Assign PKG_CPE_ID to all remaining package which have a CPE ID.
Not every package has CPE id.
Related: https://github.com/openwrt/packages/issues/8534
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
| |
|
|
|
|
|
| |
Use the wdev config with the generated MAC address
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 0c43a48735959245f18d79a6e908d3b45cff0a94)
|
| |
|
|
|
|
|
|
| |
Ensure that the iface disable in uc_hostapd_iface_start also clears the ACS
state.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f1bb528ae7631c60b95499b7e8a1948c3e6a42f0)
|
| |
|
|
|
|
|
|
| |
Label MAC detection does not work properly, as MAC address is assigned
on preinit. Thus, remove the label-mac definition.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit cd14b17cb00cda45819739aa63422a090e3f80e1)
|
| |
|
|
|
|
|
|
|
|
| |
Commit d5a05e69ac6e4 ("net: stmmac: Use hrtimer for TX coalescing") causes
high CPU usage due to hrtimer raw spin locks.
Fixes: #11676
Signed-off-by: Oskari Lemmela <oskari@lemmela.net>
[ renumber and rename revert patch ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.132
Removed upstreamed:
bcm53xx/patches-5.15/037-v6.6-0006-ARM-dts-BCM53573-Add-cells-sizes-to-PCIe-node.patch[1]
bcm53xx/patches-5.15/037-v6.6-0007-ARM-dts-BCM53573-Use-updated-spi-gpio-binding-proper.patch[2]
bcm53xx/patches-5.15/037-v6.6-0008-ARM-dts-BCM5301X-Extend-RAM-to-full-256MB-for-Linksy.patch[3]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.132&id=b35f3ca1877e024887df205ede952863d65dad36
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.132&id=2840d9b9c8750be270fb1153ccd5b983cbb5d592
3. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.132&id=f086e859ddc252c32f0438edff241859c0f022ce
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit ac422c9788fbb3510b1fddaefc8816bea6601479)
[Refresh on top of OpenWrt 23.05]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.131
All patches automatically rebased.
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 58bb5e147ae50391c29c53890f47e3a5420bbfad)
[Refresh on top of OpenWrt 23.05]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
| |
While refactoring support for the MF287 series, an entry in platform.sh
was overlooked - this fixes sysupgrade on this devices.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 964b576fc133019d0379983df597e4eb343cd635)
|
| |
|
|
|
|
|
| |
-DREDIS_STORAGE_BACKEND=OFF option is ignored due to missing \
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit b61ac68b67427ce2eb2c81fa647a21d88ddd2a82)
|
| |
|
|
|
|
|
|
| |
Changes between 3.0.10 and 3.0.11 [19 Sep 2023]
* Fix POLY1305 MAC implementation corrupting XMM registers on Windows. ([CVE-2023-4807])
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit bfd54529fac075eeb70f2408042e0da03b5ec8cc)
|
| |
|
|
|
|
|
|
|
| |
This is needed for ksh/bash style process substitution such as
<(command) and >(command) which was introduced in ash as of busybox
version 1.34.0 to work.
Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
(cherry picked from commit fdce970dbb47a6f91b08bdac21a098e77926549f)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changes:
9dc0800 wireless-regdb: Update regulatory rules for Philippines (PH)
111ba89 wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines
ae1421f wireless-regdb: Update regulatory info for Türkiye (TR)
20e5b73 wireless-regdb: Update regulatory rules for Australia (AU) for June 2023
991b1ef wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 0e13363de6879a1a8b7d4d2739c92122f2df693e)
|
| |
|
|
|
|
|
|
|
|
| |
Since kernel 5.13 this is needed to enable USB ports on all devices in
subtarget. Previously TF-A and COMPHY driver might have set up this PHY,
but not anymore.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Tested-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit eac192843030d16046a0d603284c2b4c89822431)
|
| |
|
|
|
|
|
|
|
|
| |
Turn the "gpio-restart" node into a "gpio-export" node for all MF287
variants, similar to the MF287 Pro. Unfortunately, there doesn't seem to be
a "power button blocker" GPIO for the MF287 and MF287 Plus, so a modem
reset always triggers a system reset.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 053f8f92d1395fa5d33b0b8f2fef44a4b926c112)
|
| |
|
|
|
|
|
|
|
| |
The ZTE MF287 requires a different board calibration file for ath10k than
the ZTE MF287+. The two devices receive their own DTS, thus the device tree
is slightly refactored.
Signed-off-by: Andreas Böhler <dev@aboehler.at>
(cherry picked from commit 9c7578d560708c040dc04d0db37ef682db58f6b5)
|
| |
|
|
|
|
|
|
|
| |
The patch refresh accidentally moved the hostapd_ucode_free_iface call to
the wrong function
Fixes: e9722aef9e84 ("hostapd: fix a crash when disabling an interface during channel list update")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3a5ad6e3d74da713c0fc7d63b8026a56d16e198b)
|
| |
|
|
|
|
|
| |
Needed for wired 802.1x
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit fd6d7aafb2c3d335a3d192c308ffdace8d292e9f)
|
| |
|
|
|
|
|
|
| |
Ethernet LED assignments were incorrectly swapped. Fix the assignment
logic so the correct LED is illuminated for the LAN LEDs.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 80374177449ab7fadcf7c9cd9693cc0e92feba8d)
|
| |
|
|
|
|
|
| |
Avoid crashing if the interface has already been removed
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 4145ff4d8a29c1c7a1569bb06fa4d1fe9808c94f)
|
| |
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit e9722aef9e84110331706f74f7de0942c8d657ed)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some users have their routers configured to supply a DHCP range that
includes the local interface address.
That worked with dnsmasq because it automatically skips the local
address.
Re-enable those existing configurations for the release and hint at
possible future problems.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
[ wrap commit description and remove unecessary text ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
| |
7a58b995fdbe wireless: update prev_config on SET_DATA notify
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit f52e008d045302976d2ff40f35e91b84a5678d12)
|
| |
|
|
|
|
|
| |
Improves reliability in error handling
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a511480368a03f754aa6ce7887633247a07ea166)
|
| |
|
|
|
|
|
| |
Allow grace period for DFS available after shutting down beacons on the channel
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 16889141d99d3ec1410f3b4dc22de4022dbe9057)
|
| |
|
|
|
|
|
|
|
|
|
| |
f429bd94f99e system-linux: switch to new ETHTOOL_xLINKSETTINGS API
1a07f1dff32b make_ethtool_modes_h.sh: apply anti-bashism
3d425f16d6a6 wireless: rework and fix vlan/station config reload handling
88a3a9e2be07 wireless: clean up prev_config handling
afcd3825dad9 wireless: dynamically enable/disable virtual interfaces base on network interface autostart
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a33f1d35155cf9579065ed76bd17e991d165170e)
|
| |
|
|
|
|
|
| |
Without it, a lot of authentication modes fail without obvious error messages
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 560965d5826626e3be8c1f1db194db43cc7002cf)
|
| |
|
|
|
|
|
| |
It is no longer used
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b0501d380f65ae9f82173b35b820c9c6adb92493)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
db3934d2f740 scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support
Support the following values for the different WPA3 Enterprise modes:
- wpa3-mixed: WPA3 Enterprise transitional mode
This supports EAP with both SHA1 and SHA-256, with optional MFP
- wpa3: WPA3 Enterprise only mode
This supports only SHA256 with mandatory MFP
- wpa3-192: WPA3 Enterprise with mandatory 192 bit support
This uses only GCMP-256 ciphers
Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode.
It seems that even leaving in optional 192 bit support breaks auth on some
clients, including iOS devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 8c03dc962f8e10f9fef0877a0f8d8235f619ef7d)
|
