aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* openssl: update to 3.0.12Hauke Mehrtens2023-10-262-3/+3
| | | | | | | | Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023] * Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363) Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit e4ebc7b5662d6436fcc84b8e1583204b96fb0503)
* bcm53xx: Linksys EA9200 nvram and 02_network fixesRani Hod2023-10-262-0/+2
| | | | | | | | | | | 1) clear nvram partialboots upon successful boot This behavior is already defined for EA9500; enabled for EA9200 too. 2) fix MAC address in board.d/02_network Use the correct nvram variable to derive lan/wan MAC address. Signed-off-by: Rani Hod <rani.hod@gmail.com> (cherry picked from commit 9c42d23c5f7aa2b7f80af96921b2d5476626b8c6)
* ramips: TP-link archer A6/C6 device tree updatesRani Hod2023-10-262-14/+41
| | | | | | | | | | | | | | | | | Set correct GPIO (10) for the WPS button. This matches GPIO settings in vendor GPL sources. Note that GPL sources also mention a USB indicator LED (GPIO 13) but the device has neither an external USB port nor a USB LED. In addition, prefixes (button-, led-) are added to relevant DT entries, as well as color and function specifications for LEDs. Closes: #13736 Reported-by: Waldemar Czabaj <kaball@wp.pl> Signed-off-by: Rani Hod <rani.hod@gmail.com> (added led mitigations for wifi leds) Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit fe5e4987776ef66c6788f70251dcbc0ca80a1c5f)
* CI: provide new required secret for S3 endpoint and bucket nameChristian Marangi2023-10-242-0/+4
| | | | | | | | Provide new required secret for S3 endpoint and bucket name to permit an easier migration to new services. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 881235c713fae8692190178561af4eb2dee4ead1)
* CI: generilize S3 secret keys name and rename to proper nameChristian Marangi2023-10-242-4/+4
| | | | | | | Generilize S3 secret keys and rename to make them not platform specific. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit f98dc5aa43e9d84b8ceef9414fd4f92e05c418d7)
* CI: drop unused reusable workflow and dockerfilesChristian Marangi2023-10-246-861/+0
| | | | | | | | Drop unused reusable workflow and dockerfiles now that we moved them to a dedicated repository. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 14293dd901e5fdb0fd242945b5916ccbb33ab328)
* CI: migrate each workflow to use reusable workflow from dedicated repoChristian Marangi2023-10-248-670/+22
| | | | | | | | | Migrate each workflow to use reusable workflow from dedicated repo to skip pushing CI related commits to openwrt and better track versioning of CI workflow. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 38cc09165fd11caa9599d960280bd91dbaba7a62)
* CI: build-tools: build all host toolsChristian Marangi2023-10-241-0/+1
| | | | | | | | Now that we build also core packages, we need more host tools. Compile all of them to reduce compile time on other actions. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit de9955a62f6aab6eafb2cfdffc4829ee97e69c04)
* CI: label-kernel: support compile testing kernel version and all targetChristian Marangi2023-10-241-10/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support to label-kernel for compiling testing kernel version and check patches. To trigger this special build appent :testing to the normal label. Example: - ci:kernel:ipq806x:generic:testing Test will fail if the requested target doesn't have a defined kernel testing version. Also add support for testing all target and subtarget. To trigger this some special pattern are added: - ci:kernel:all:all Trigger test for all target and subtarget - ci:kernel:all:first Trigger test for all target and the first subtarget in alphabetical order for the target. With these special case :testing can also be used and every target and subtarget that supports kernel testing version will be selected: - ci:kernel:all:all:testing Trigger test for all target and subtarget that have a kernel testing version defined. - ci:kernel:all:first:testing Trigger test for all target and the first subtarget in alphabetical order for the target that, if they have a kernel testing version defined. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 218deba503f38e2f44f5012baf96af91b3e00c6a)
* ci: build: verify downloaded toolchain tarballPetr Štetiar2023-10-241-2/+12
| | | | | | | | | | | | | CDNs are known to ship outdated or corrupted files, if it unpacks correctly, it necessarily doesn't mean, that we're using the desired content. So lets fix it by checking the tarball as well. I'm adding GPG checking explicitly, its not needed, but just double checking, that everything is working as expected on build infrastructure. Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 95dde523297c652072ee96ac32d22912a43ef761)
* ci: bump buildworker container to version v6Petr Štetiar2023-10-242-2/+2
| | | | | | | | | Its being used by buildbot workers, adds g++-multilib to fix node cross-compilation from a 64-bit build machine to 32-bit host. References: https://github.com/openwrt/buildbot/pull/7 Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 567784127e92ba6f9291adb1a546f567e50d9850)
* CI: kernel: test each subtarget on push eventsChristian Marangi2023-10-241-4/+6
| | | | | | | | Test each subtarget on push events to improve testing and to refresh ccache of each subtarget. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 5bafc4352fb543c03389b6237f0e2fe327f328fa)
* CI: add support for getting ccache cache from S3Christian Marangi2023-10-244-3/+124
| | | | | | | | | | | | | | | | | | | | | | Add support for getting ccache cache from S3. ccache is archieved in a tar and downloaded from S3 Cloud Storage. For push events, ccache is then uplodaed back to S3 to refresh and have a ccache cache always fresh. An additional workflow is added to upload files to an S3 Cloud Storage from artifacts uplodaed to github. The minio tool is used to upload files to S3. If the ccache can't be downloaded from s3, we fallback to github cache system. Also limit s3 upload to the openwrt repository since external fork won't have (obviously) the required secrtes to upload data to the S3 Cloud Storage. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit ebbc806d30502ff003ae7a19098c6afaaf1295a5)
* CI: build: limit cache save/delete only on push eventsChristian Marangi2023-10-241-2/+2
| | | | | | | | | | Limit ccache cache save/delete only on push events. Saving ccache cache for pull request will result in bloat and refreshing ccache is not possible due to security measure on enforcing read permission on pull_request events. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit ff66a7c1c0f012324c0d2d90f047e6976c4fba11)
* CI: coverity: disable ccache usageChristian Marangi2023-10-241-0/+1
| | | | | | | | Disable ccache usage for coverity workflow as it may cause side effect in the produced bins. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 2129ee1879f564a9992a6761d4c9e77077c48e95)
* CI: build: fix ccache cache usageChristian Marangi2023-10-241-1/+12
| | | | | | | | | | | | | | | CCache cache is currently broken due to a funny bug in ccache compiler type detection. It seems ccache compiler type detection is very fragile and with the use of external toolchain doesn't correctly detect the type. The type detected is set to other instead of gcc resulting in ccache complaining for unsupported compiler options. To handle this problem, force the compiler type to gcc to make ccache correctly work and speedup compilation. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit ae7b05328cf471780de8559fba845c4b564e059e)
* CI: build: add option to define custom ccache cache typeChristian Marangi2023-10-242-2/+6
| | | | | | | | | Add new input to define custom ccache cache type. This is useful to use a different ccache cache for some special workflow that may do more test than simple kernel compilation. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 07b52a8a25f261e3cee03f4980e4bc868e9ee5cc)
* CI: build: add option to disable use of ccacheChristian Marangi2023-10-241-5/+13
| | | | | | | | | Add option to disable use of ccache. This can be useful for some sensible test that should not use ccache as they can cause side effects of any sort. (example Coverity Scan) Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit b9a41c1e84067bcc63aac633b72e7dc808bfe6fe)
* CI: build: add job to remove previous ccache cache if already existChristian Marangi2023-10-248-0/+19
| | | | | | | | | | | Github Actions cache doesn't permit to overwrite cache if it does already exist. As a trick to refresh and have fresh ccache pool, delete the ccache cache if it does exist with the help of Github REST API. An additional permission is needed to access this API. Add this permittion to each user of the build workflow. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 203cc0a7ef0bbf3b5a19db3caa96e91963ec154c)
* CI: build: split cache ccache in separate restore and save jobsChristian Marangi2023-10-241-2/+9
| | | | | | | | | | Split caching ccache in separate restore and save jobs to always refresh the ccache across different runs. Currently if a key is restored, cache is not saved resulting in a less useful ccache that benefits from multiple runs. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 6321361c6b13a37b0cfa279a51a0cf8239a7852c)
* CI: ignore master branch for push eventsChristian Marangi2023-10-245-0/+10
| | | | | | | | | | | Due to problem with migrating from master to main as the default branch and downstream project still requiring the master branch to be present, we currently have for push events double CI runs, one for main and one for master. To solve this ignore any push event to the master branch for every workflow that react on push events. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit f5a5ce8822e9add9627ecb6ea289c8de2b8a76a9)
* CI: build: Add support to use container included external toolchainChristian Marangi2023-10-244-1/+23
| | | | | | | | Add support to use container included external toolchain and skip redownloading external sdk for each test. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 0fe5776f4a79a2b095912e258738e3203207e9dd)
* CI: push-containers: build and push container with external toolchainChristian Marangi2023-10-242-18/+146
| | | | | | | | Build and push container with external toolchain embedded in the container image. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit e1370cdd497a07612413106d707973155ad3004b)
* CI: build: add checks to test if toolchain container can be usedChristian Marangi2023-10-241-2/+18
| | | | | | | | | | | Add checks to test if toolchain container can be used. This is to handle case of new target or migration of any sort. If the toolchain container can't be found, the tools container is used instead. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 23a5c715a9296e828be5c32eadf68eacdb326a0a)
* CI: build: add option to configure container to useChristian Marangi2023-10-241-1/+4
| | | | | | | | Add option to configure container to use for build test. By default the tools container is used if no option is provided. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 803b0110485a12c1119a51044d17979795ede966)
* CI: build: package external toolchain after buildChristian Marangi2023-10-241-0/+26
| | | | | | | Package external toolchain after correct build. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit ce2e7c52f8ebc7ea92a1436ee2dbeecf149132dc)
* CI: build: drop redundant generate ccache hash jobChristian Marangi2023-10-241-9/+1
| | | | | | | | | | Drop redundant generare ccache hash job as that can be done by integrated github expressions to generate an hash. The only change is that the integrated way generate a sha256 hash instead of an md5 sum. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 457f6b0b9c07772f529a9714a974f3eb74f9b99d)
* image: Fix the CONFIG_EXTERNAL_CPIO logicLuca Barbato2023-10-241-1/+1
| | | | | | | | | Fix the qstrip call. Fixes: #13776. Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 330492a101cdb1608d1194496c1b620315ef8bd8)
* Revert "lantiq: xrx200: mark subtarget as source-only"Hauke Mehrtens2023-10-231-1/+1
| | | | | | | | | | | | | | | | | | | | This reverts commit 0c117e1f6ccbee684ea0589d9024ca9dec4679c9. Activate the lantiq/xrx200 target again. There are still some problems with the GSWIP, but it is not leaking packets to the wrong bridge in normal operations. It shows some error messages at configuration like these: [ 54.308861] gswip 1e108000.switch: port 5 failed to add ce:9d:84:d1:81:f0 vid 1 to fdb: -22 [ 54.325633] gswip 1e108000.switch: port 5 failed to add e8:de:27:95:c1:b4 vid 0 to fdb: -22 [ 54.351242] gswip 1e108000.switch: port 5 failed to add e8:de:27:95:c1:b4 vid 1 to fdb: -22 [ 54.358311] gswip 1e108000.switch: port 5 failed to delete ce:9d:84:d1:81:f0 vid 1 from fdb: -2 The problems are described in this pull request: https://github.com/openwrt/openwrt/pull/13200 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit e1aaa1defd2340be3544dc614f905795b4d52f81)
* apm821xx: WNDR4700: fix broken sysupgrade, factory imagesChristian Lamparter2023-10-211-2/+7
| | | | | | | | | | | | | | | | | | | | | prepend-dtb got extended to handle the Meraki devices too, the problem here was that the Netgear WNDR4700 expects an u-boot header in front of the DTB, whereas Meraki devices don't. Since the header was dropped, the WNDR4700's uboot started to complain: Bad Magic Number,it is forbidden to be written to flash!! when flashing the factory.img since it expects an u-boot header there. Fixes: 5dece2d9355a ("apm821xx: switch over from DTB_SIZE to DEVICE_DTC_FLAGS") Fixes: #13716 Reported-by: @kisgezenguz Reported-by: Tamas Szabo Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit d6a11833ad67c33ad10dadf396f6c30bb44ef30f)
* ipq40xx: wpj428: switch to zimage to fit kernel partitionLeon M. Busch-George2023-10-211-1/+1
| | | | | | | | | | | | | | | | Like with some other ipq40xx devices, the kernel image size for the WPJ428 is limited in stock u-boot. For that reason, the current release doesn't include an image for the board. By switching to the zImage format, the kernel image size is reduced which re-enables the build process. The image boots and behaved normally through a few days of testing. Before the switch to kernel version 6.1, it was possible to reduce the image size by enough when disabling UBIFS and its otherwise unneeded dependencies. Signed-off-by: Leon M. Busch-George <leon@georgemail.eu> (cherry picked from commit 2657e8cab7f3d621b66cfdd4e228da3b912af32a)
* ipq40xx: switch to performance governor by defaultKoen Vandeputte2023-10-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Doing a simple ping to my device shows this: 64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=2.00 ms 64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=2.02 ms 64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=1.68 ms 64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=1.91 ms 64 bytes from 10.0.253.101: icmp_seq=5 ttl=64 time=1.92 ms 64 bytes from 10.0.253.101: icmp_seq=6 ttl=64 time=2.04 ms Some users even report higher values on older kernels: 64 bytes from 192.168.1.10: seq=0 ttl=64 time=0.612 ms 64 bytes from 192.168.1.10: seq=1 ttl=64 time=2.852 ms 64 bytes from 192.168.1.10: seq=2 ttl=64 time=2.719 ms 64 bytes from 192.168.1.10: seq=3 ttl=64 time=2.741 ms 64 bytes from 192.168.1.10: seq=4 ttl=64 time=2.808 ms The problem is that the governor is set to Ondemand, which causes the CPU to clock all the way down to 48MHz in some cases. Switching to performance governor: 64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=0.528 ms 64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=0.561 ms 64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=0.633 ms 64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=0.526 ms In theory, using the Performance governor should increase power draw, but it looks like it really does not matter for this soc. Using a calibrated precision DC power supply (cpu idle): Ondemand 24.00V * 0.134A = 3.216 Watts 48.00V * 0.096A = 4.608 Watts Performance 24.00V * 0.135A = 3.240 Watts 48.00V * 0.096A = 4.608 Watts Let's simply switch to the Performance governor by default to fix the general jittery behaviour on devices using this soc. Tested on: MikroTik wAP ac Fixes: #13649 Reviewed-by: Robert Marko <robimarko@gmail.com> Reviewed-by: Thibaut VARÈNE <hacks@slashdirt.org> Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com> (cherry picked from commit b8e52852bd62236a2a84663b4592d221ebc64cb4)
* netifd: update to latest git HEADChristian Marangi2023-10-201-3/+3
| | | | | | | 5590a80e2566 config: fix incompatible with jshn network-device entry Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 53039bf7f5aa16d2f69394a86d04b8442c743e77)
* base-files: fix wrong ucidef_set_network_device_mac network-device entryMichael 'ASAP' Weinrich2023-10-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | The ucidef_set_network_device_* functions in uci-defaults.sh disagree on whether to use "network-device" or "network_device" in board.json. With the additional caveat that jshn will translate hyphens (-) into underscores (_). This casues problems in netifd which expected "network_device" causing boards which depend on assigning MACs in board.json via uci-defaults.sh (or jshn in general) to fail. This commit addresses the issue by using network_device in uci-defaults.sh. The bug was uncovered in the forums here: https://forum.openwrt.org/t/support-for-rtl838x-based-managed-switches/57875/2596 This was exposed by commit 4ebba8a05d09 ("realtek: add support for HPE 1920-8g-poe+") where the board_config_load call from 03_gpio introduced the key normalization by jshn. Fixes: 9290539ca9c7 ("base-files: allow setting device and bridge macs") Tested-by: Stijn Segers <foss@volatilesystems.org> Signed-off-by: Michael 'ASAP' Weinrich <michael@a5ap.net> [ improve commit title, description and fix wrong Tested-by tag ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 12bc79d6d521581e37a8b067ce8a562429aeefbd)
* armsr: preserve configuration during sysupgradeChristian Buschau2023-10-202-1/+21
| | | | | | | | | | | Copy configuration to boot partition (partition 1) instead of root partition (partition 2) because the root partition is not writable if it's a suqashfs image. Move configuration back to root during preinit. Fixes: https://github.com/openwrt/openwrt/issues/13695 Signed-off-by: Christian Buschau <cbuschau@d00t.de> (cherry picked from commit 67ce60c5f961c4248fa108cd0f949e2bade4536e)
* mbedtls: Update to version 2.28.5Hauke Mehrtens2023-10-152-5/+5
| | | | | | | | This fixes some minor security problems. Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 9e1c5ad4b0c99c45927ccd44504cd8fdbbd03bb0)
* ramips: fix ZyXEL NR7101 bricking typoBjørn Mork2023-10-151-1/+1
| | | | | | | | | | | A typo snuck in with the addition of Cudy M1800, changing "nr7101" to "nt7101". The result is a default network config for NR7101 without the only ethernet interface on the NR7101, thereby soft bricking it. Fixes: f6d394e9f2fd ("ramips: add support for Cudy M1800") Signed-off-by: Bjørn Mork <bjorn@mork.no> (cherry picked from commit 2e57028424d0e914490a80178cd729adb17ba09b)
* realtek: add support for HPE 1920-8g-poe+ (65W)Kevin Jilissen2023-10-143-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardware information: --------------------- - RTL8380 SoC - 8 Gigabit RJ45 PoE ports (built-in RTL8218B) - 2 SFP ports (built-in SerDes) - RJ45 RS232 port on front panel - 32 MiB NOR Flash - 128 MiB DDR3 DRAM - PT7A7514 watchdog - PoE chip - Fanless Known issues: --------------------- - PoE LEDs are uncontrolled. (Manual taken from f2f09bc) Booting initramfs image: ------------------------ - Prepare a FTP or TFTP server serving the OpenWrt initramfs image and connect the server to a switch port. - Connect to the console port of the device and enter the extended boot menu by typing Ctrl+B when prompted. - Choose the menu option "<3> Enter Ethernet SubMenu". - Set network parameters via the option "<5> Modify Ethernet Parameter". Enter the FTP/TFTP filename as "Load File Name" ("Target File Name" can be left blank, it is not required for booting from RAM). Note that the configuration is saved on flash, so it only needs to be done once. - Select "<1> Download Application Program To SDRAM And Run". Initial installation: --------------------- - Boot an initramfs image as described above, then use sysupgrade to install OpenWrt permanently. After initial installation, the bootloader needs to be configured to load the correct image file - Enter the extended boot menu again and choose "<4> File Control", then select "<2> Set Application File type". - Enter the number of the file "openwrt-kernel.bin" (should be 1), and use the option "<1> +Main" to select it as boot image. - Choose "<0> Exit To Main Menu" and then "<1> Boot System". NOTE: The bootloader on these devices can only boot from the VFS filesystem which normally spans most of the flash. With OpenWrt, only the first part of the firmware partition contains a valid filesystem, the rest is used for rootfs. As the bootloader does not know about this, you must not do any file operations in the bootloader, as this may corrupt the OpenWrt installation (selecting the boot image is an exception, as it only stores a flag in the bootloader data, but doesn't write to the filesystem). Example PoE config file (/etc/config/poe): --------------------- config global option budget '65' config port option enable '1' option id '1' option name 'lan8' option poe_plus '1' option priority '2' config port option enable '1' option id '2' option name 'lan7' option poe_plus '1' option priority '2' config port option enable '1' option id '3' option name 'lan6' option poe_plus '1' option priority '2' config port option enable '1' option id '4' option name 'lan5' option poe_plus '1' option priority '2' config port option enable '1' option id '5' option name 'lan4' option poe_plus '1' option priority '2' config port option enable '1' option id '6' option name 'lan3' option poe_plus '1' option priority '2' config port option enable '1' option id '7' option name 'lan2' option poe_plus '1' option priority '2' config port option enable '1' option id '8' option name 'lan1' option poe_plus '1' option priority '2' Signed-off-by: Kevin Jilissen <info@kevinjilissen.nl> (cherry picked from commit f4ee08677cdeefba7cfda40a830b6b747c6ea36e)
* realtek: rename hpe,1920-8g-poe to match hardwareKevin Jilissen2023-10-144-8/+9
| | | | | | | | | | | | | | There are two hardware models of the HPE 1920-8g-poe switch. The version currently in the repository is the model with a PoE budget of 180W. In preparation of the addition of the 65W model, the existing model is renamed to clarify the hardware version it targets. As suggested by Pawel, the 'SUPPORTED_DEVICES' includes the old target name to enable an upgrade path of builds with the old name. Suggested-by: Pawel Dembicki <paweldembicki@gmail.com> Signed-off-by: Kevin Jilissen <info@kevinjilissen.nl> (cherry picked from commit 987c96e88927094ff61e83870f872f0560d8e5c1)
* ath79: wpj563: enable 2nd USB controllerKoen Vandeputte2023-10-131-0/+8
| | | | | | | | | | | | | The compex WPJ563 actually has both usb controllers wired: usb0 --> pci-e slot usb1 --> pin header As the board exposes it for generic use, enable this controller too. fixes: #13650 Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com> (cherry picked from commit 9188c77cbee55a933d0fa75c74e175fbc52c556d)
* OpenWrt v23.05.0: revert to branch defaultsHauke Mehrtens2023-10-115-11/+9
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v23.05.0: adjust config defaultsv23.05.0Hauke Mehrtens2023-10-115-9/+11
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* bsdiff: Add patches for CVEsHauke Mehrtens2023-10-094-13/+433
| | | | | | | | | | | | | Add two patches from Debian fixing CVEs in the bsdiff application. CVE-2014-9862: Heap vulnerability in bspatch CVE-2020-14315: Memory Corruption Vulnerability in bspatch Copied the patches from this location: https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/20-CVE-2014-9862.patch https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/33-CVE-2020-14315.patch Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit cac723e8b8748938b8d80603578c60189fc32b24)
* kernel: bump 5.15 to 5.15.134John Audia2023-10-086-37/+6
| | | | | | | | | | | | | | | | | | Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.134 Removed upstreamed: generic/backport-5.15/894-Fix-up-backport-for-13619703038.patch[1] All other patches automatically rebased. 1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.134&id=d7acb7031758141225844bea073860b48fd92092 Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit ac3a5911daeaecc04c6ffd03027b6b75fa4472d2)
* kernel: bump 5.15 to 5.15.133John Audia2023-10-0815-181/+62
| | | | | | | | | | | | | | | | | | | Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.133 Removed upstreamed: bcm47xx/patches-5.15/101-v5.18-mtd-rawnand-brcmnand-Allow-SoC-to-provide-I-O-operations.patch[1] Cherry picked build fix.[2] All other patches automatically rebased. 1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.133&id=56cf9f446b331414a15ef0e8dedf23583ec2c427 2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.15/fix-up-backport-of-136191703038-interconnect-teach-l.patch Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 89895937dd4a24446b7bfd067398b4f7e73dc7b5)
* toolchain: glibc: Update glibc 2.37 to recent HEADHauke Mehrtens2023-10-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the following changes: b4f76ecc9e Ignore MAP_VARIABLE in tst-mman-consts.py f5d377c896 __check_pf: Add a cancellation cleanup handler [BZ #20975] 0e3e9dbb0e Document BZ #20975 fix e2974d26ce io: Fix record locking contants on 32 bit arch with 64 bit default time_t (BZ#30477) 3593050c27 io: Fix F_GETLK, F_SETLK, and F_SETLKW for powerpc64 8dcb1a5181 hppa: xfail debug/tst-ssp-1 when have-ssp is yes (gcc-12 and later) 0930ff8eb3 realloc: Limit chunk reuse to only growing requests [BZ #30579] 3f4b4e2cdd elf: _dl_find_object may return 1 during early startup (bug 30515) 260d4b742b nptl: Fix tst-cancel30 on sparc64 58f7431fd7 sparc: Fix la_symbind for bind-now (BZ 23734) 1caf955269 x86: Increase `non_temporal_threshold` to roughly `sizeof_L3 / 4` 80a8c858a5 x86: Fix slight bug in `shared_per_thread` cache size calculation. cc8243fb0b x86: Use `3/4*sizeof(per-thread-L3)` as low bound for NT threshold. f94ff95e93 x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745] 0d500bfdc0 hurd: Make exception subcode a long be26b29262 io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64 3d24d1903d elf: Do not run constructors for proxy objects a7e34a6675 elf: Always call destructors in reverse constructor order (bug 30785) bdb594afa5 elf: Remove unused l_text_end field from struct link_map 1a7cbe52c8 elf: Move l_init_called_next to old place of l_text_end in link map b752934602 CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode 6529a7466c (HEAD) getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) 79310b45af x86/dl-cacheinfo: remove unsused parameter from handle_amd 9d5c6e27ed x86: Fix for cache computation on AMD legacy cpus. 4473d1b87d Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843] 94ef701365 Document CVE-2023-4806 and CVE-2023-5156 in NEWS 2dfd8c77b5 i686: Regenerate ulps b4e23c75ae tunables: Terminate if end of input is reached (CVE-2023-4911) Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit e66eed033f9f9d27fc839d81d3a03d4fad1b9b5b)
* realtek: 5.15: rtl93xx: support 2500baseT and 5000baseT on USXGMII linksTobias Schramm2023-10-081-1/+4
| | | | | | | | | | | | | | | | | | The USXGMII implementation of Realtek switches can not only support 10GbE but also 2.5Gb and 5Gb on top of the usual data rates. Mark those as supported to allow them to be negotiated. This change has been tested on a ZyXEL XGS1250-12 with the following link partners: - NWA50AX Pro (2.5Gb) - RTL8152 USB NIC (2.5Gb) - AQC111 USB NIC (2.5Gb & 5Gb) Gbit and 10GbE has also been tested to still work fine with a variety of devices. Signed-off-by: Tobias Schramm <tobias@t-sys.eu> (cherry picked from commit cd56a682326f9de4d77ee3afb99d13d25c478c08)
* rtl83xx: fix STP by trapping BPDUsRudolf Vesely2023-10-081-1/+1
| | | | | | | | | | | | Fix Spanning Tree Protocol (STP) by changing COPY2CPU which currently makes switch to ignore Bridge Protocol Data Units (BPDUs). Tested on Zyxel GS1900-8, 24 and 48. Signed-off-by: Rudolf Vesely <i@rudolfvesely.com> [ improve commit description and add new line in different sections ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 41fcc617f94601072d304f2f68e12cf1dd058707)
* uqmi: added timeout to fix hanging qmi.shUwe Niethammer2023-10-081-0/+2
| | | | | | | | | | | Modems which are using qmi do not reply on the 1st sync but they do on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi supports a timeout parameter. Unfortunately qmi.sh didn't make use of this parameter. So qmi.sh is now invoking an early dummy access to unlock the modem Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de> (cherry picked from commit 32a696f9e419ebec5b166847a16a5a45d030acbd)
* yafut: add missing PKG_MIRROR_HASHChristian Marangi2023-10-081-0/+1
| | | | | | | | Add missing PKG_MIRROR_HASH. This is always needed as is used to generate and use a tar instead of git clone and validate the hash of it. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit a181b9f0f9269525319024f53d83c7efe9da544b)