| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e4ebc7b5662d6436fcc84b8e1583204b96fb0503)
|
|
|
|
|
|
|
|
|
|
|
| |
1) clear nvram partialboots upon successful boot
This behavior is already defined for EA9500; enabled for EA9200 too.
2) fix MAC address in board.d/02_network
Use the correct nvram variable to derive lan/wan MAC address.
Signed-off-by: Rani Hod <rani.hod@gmail.com>
(cherry picked from commit 9c42d23c5f7aa2b7f80af96921b2d5476626b8c6)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set correct GPIO (10) for the WPS button. This matches GPIO settings in
vendor GPL sources. Note that GPL sources also mention a USB indicator
LED (GPIO 13) but the device has neither an external USB port nor a USB LED.
In addition, prefixes (button-, led-) are added to relevant DT entries,
as well as color and function specifications for LEDs.
Closes: #13736
Reported-by: Waldemar Czabaj <kaball@wp.pl>
Signed-off-by: Rani Hod <rani.hod@gmail.com>
(added led mitigations for wifi leds)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit fe5e4987776ef66c6788f70251dcbc0ca80a1c5f)
|
|
|
|
|
|
|
|
| |
Provide new required secret for S3 endpoint and bucket name to permit an
easier migration to new services.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 881235c713fae8692190178561af4eb2dee4ead1)
|
|
|
|
|
|
|
| |
Generilize S3 secret keys and rename to make them not platform specific.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f98dc5aa43e9d84b8ceef9414fd4f92e05c418d7)
|
|
|
|
|
|
|
|
| |
Drop unused reusable workflow and dockerfiles now that we moved them to
a dedicated repository.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 14293dd901e5fdb0fd242945b5916ccbb33ab328)
|
|
|
|
|
|
|
|
|
| |
Migrate each workflow to use reusable workflow from dedicated repo to
skip pushing CI related commits to openwrt and better track versioning
of CI workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 38cc09165fd11caa9599d960280bd91dbaba7a62)
|
|
|
|
|
|
|
|
| |
Now that we build also core packages, we need more host tools. Compile
all of them to reduce compile time on other actions.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit de9955a62f6aab6eafb2cfdffc4829ee97e69c04)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support to label-kernel for compiling testing kernel version and
check patches. To trigger this special build appent :testing to the
normal label.
Example:
- ci:kernel:ipq806x:generic:testing
Test will fail if the requested target doesn't have a defined kernel
testing version.
Also add support for testing all target and subtarget. To trigger this
some special pattern are added:
- ci:kernel:all:all
Trigger test for all target and subtarget
- ci:kernel:all:first
Trigger test for all target and the first subtarget in alphabetical
order for the target.
With these special case :testing can also be used and every target and
subtarget that supports kernel testing version will be selected:
- ci:kernel:all:all:testing
Trigger test for all target and subtarget that have a kernel testing
version defined.
- ci:kernel:all:first:testing
Trigger test for all target and the first subtarget in alphabetical
order for the target that, if they have a kernel testing version
defined.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 218deba503f38e2f44f5012baf96af91b3e00c6a)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CDNs are known to ship outdated or corrupted files, if it unpacks
correctly, it necessarily doesn't mean, that we're using the desired
content. So lets fix it by checking the tarball as well.
I'm adding GPG checking explicitly, its not needed, but just double
checking, that everything is working as expected on build
infrastructure.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 95dde523297c652072ee96ac32d22912a43ef761)
|
|
|
|
|
|
|
|
|
| |
Its being used by buildbot workers, adds g++-multilib to fix node
cross-compilation from a 64-bit build machine to 32-bit host.
References: https://github.com/openwrt/buildbot/pull/7
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 567784127e92ba6f9291adb1a546f567e50d9850)
|
|
|
|
|
|
|
|
| |
Test each subtarget on push events to improve testing and to refresh
ccache of each subtarget.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 5bafc4352fb543c03389b6237f0e2fe327f328fa)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for getting ccache cache from S3.
ccache is archieved in a tar and downloaded from S3 Cloud Storage.
For push events, ccache is then uplodaed back to S3 to refresh and have
a ccache cache always fresh.
An additional workflow is added to upload files to an S3 Cloud Storage
from artifacts uplodaed to github. The minio tool is used to upload
files to S3.
If the ccache can't be downloaded from s3, we fallback to github cache
system.
Also limit s3 upload to the openwrt repository since external fork won't
have (obviously) the required secrtes to upload data to the S3 Cloud
Storage.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ebbc806d30502ff003ae7a19098c6afaaf1295a5)
|
|
|
|
|
|
|
|
|
|
| |
Limit ccache cache save/delete only on push events. Saving ccache
cache for pull request will result in bloat and refreshing ccache is not
possible due to security measure on enforcing read permission on
pull_request events.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ff66a7c1c0f012324c0d2d90f047e6976c4fba11)
|
|
|
|
|
|
|
|
| |
Disable ccache usage for coverity workflow as it may cause side effect
in the produced bins.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 2129ee1879f564a9992a6761d4c9e77077c48e95)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CCache cache is currently broken due to a funny bug in ccache compiler
type detection. It seems ccache compiler type detection is very fragile
and with the use of external toolchain doesn't correctly detect the
type.
The type detected is set to other instead of gcc resulting in ccache
complaining for unsupported compiler options.
To handle this problem, force the compiler type to gcc to make ccache
correctly work and speedup compilation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ae7b05328cf471780de8559fba845c4b564e059e)
|
|
|
|
|
|
|
|
|
| |
Add new input to define custom ccache cache type. This is useful to use
a different ccache cache for some special workflow that may do more test
than simple kernel compilation.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 07b52a8a25f261e3cee03f4980e4bc868e9ee5cc)
|
|
|
|
|
|
|
|
|
| |
Add option to disable use of ccache. This can be useful for some
sensible test that should not use ccache as they can cause side effects
of any sort. (example Coverity Scan)
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b9a41c1e84067bcc63aac633b72e7dc808bfe6fe)
|
|
|
|
|
|
|
|
|
|
|
| |
Github Actions cache doesn't permit to overwrite cache if it does
already exist. As a trick to refresh and have fresh ccache pool,
delete the ccache cache if it does exist with the help of Github REST
API. An additional permission is needed to access this API. Add this
permittion to each user of the build workflow.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 203cc0a7ef0bbf3b5a19db3caa96e91963ec154c)
|
|
|
|
|
|
|
|
|
|
| |
Split caching ccache in separate restore and save jobs to always refresh
the ccache across different runs. Currently if a key is restored, cache
is not saved resulting in a less useful ccache that benefits from
multiple runs.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6321361c6b13a37b0cfa279a51a0cf8239a7852c)
|
|
|
|
|
|
|
|
|
|
|
| |
Due to problem with migrating from master to main as the default branch
and downstream project still requiring the master branch to be present,
we currently have for push events double CI runs, one for main and one
for master. To solve this ignore any push event to the master branch for
every workflow that react on push events.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f5a5ce8822e9add9627ecb6ea289c8de2b8a76a9)
|
|
|
|
|
|
|
|
| |
Add support to use container included external toolchain and skip
redownloading external sdk for each test.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0fe5776f4a79a2b095912e258738e3203207e9dd)
|
|
|
|
|
|
|
|
| |
Build and push container with external toolchain embedded in the
container image.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit e1370cdd497a07612413106d707973155ad3004b)
|
|
|
|
|
|
|
|
|
|
|
| |
Add checks to test if toolchain container can be used.
This is to handle case of new target or migration of any sort.
If the toolchain container can't be found, the tools container is used
instead.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 23a5c715a9296e828be5c32eadf68eacdb326a0a)
|
|
|
|
|
|
|
|
| |
Add option to configure container to use for build test.
By default the tools container is used if no option is provided.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 803b0110485a12c1119a51044d17979795ede966)
|
|
|
|
|
|
|
| |
Package external toolchain after correct build.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ce2e7c52f8ebc7ea92a1436ee2dbeecf149132dc)
|
|
|
|
|
|
|
|
|
|
| |
Drop redundant generare ccache hash job as that can be done by
integrated github expressions to generate an hash.
The only change is that the integrated way generate a sha256 hash
instead of an md5 sum.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 457f6b0b9c07772f529a9714a974f3eb74f9b99d)
|
|
|
|
|
|
|
|
|
| |
Fix the qstrip call.
Fixes: #13776.
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
(cherry picked from commit 330492a101cdb1608d1194496c1b620315ef8bd8)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 0c117e1f6ccbee684ea0589d9024ca9dec4679c9.
Activate the lantiq/xrx200 target again.
There are still some problems with the GSWIP, but it is not leaking
packets to the wrong bridge in normal operations.
It shows some error messages at configuration like these:
[ 54.308861] gswip 1e108000.switch: port 5 failed to add ce:9d:84:d1:81:f0 vid 1 to fdb: -22
[ 54.325633] gswip 1e108000.switch: port 5 failed to add e8:de:27:95:c1:b4 vid 0 to fdb: -22
[ 54.351242] gswip 1e108000.switch: port 5 failed to add e8:de:27:95:c1:b4 vid 1 to fdb: -22
[ 54.358311] gswip 1e108000.switch: port 5 failed to delete ce:9d:84:d1:81:f0 vid 1 from fdb: -2
The problems are described in this pull request:
https://github.com/openwrt/openwrt/pull/13200
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e1aaa1defd2340be3544dc614f905795b4d52f81)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
prepend-dtb got extended to handle the Meraki devices too,
the problem here was that the Netgear WNDR4700 expects an
u-boot header in front of the DTB, whereas Meraki devices
don't.
Since the header was dropped, the WNDR4700's uboot started
to complain:
Bad Magic Number,it is forbidden to be written to flash!!
when flashing the factory.img since it expects an u-boot
header there.
Fixes: 5dece2d9355a ("apm821xx: switch over from DTB_SIZE to DEVICE_DTC_FLAGS")
Fixes: #13716
Reported-by: @kisgezenguz
Reported-by: Tamas Szabo
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit d6a11833ad67c33ad10dadf396f6c30bb44ef30f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Like with some other ipq40xx devices, the kernel image size for the WPJ428
is limited in stock u-boot. For that reason, the current release doesn't
include an image for the board.
By switching to the zImage format, the kernel image size is reduced which
re-enables the build process. The image boots and behaved normally through
a few days of testing.
Before the switch to kernel version 6.1, it was possible to reduce the
image size by enough when disabling UBIFS and its otherwise unneeded
dependencies.
Signed-off-by: Leon M. Busch-George <leon@georgemail.eu>
(cherry picked from commit 2657e8cab7f3d621b66cfdd4e228da3b912af32a)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Doing a simple ping to my device shows this:
64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=2.00 ms
64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=2.02 ms
64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=1.68 ms
64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=1.91 ms
64 bytes from 10.0.253.101: icmp_seq=5 ttl=64 time=1.92 ms
64 bytes from 10.0.253.101: icmp_seq=6 ttl=64 time=2.04 ms
Some users even report higher values on older kernels:
64 bytes from 192.168.1.10: seq=0 ttl=64 time=0.612 ms
64 bytes from 192.168.1.10: seq=1 ttl=64 time=2.852 ms
64 bytes from 192.168.1.10: seq=2 ttl=64 time=2.719 ms
64 bytes from 192.168.1.10: seq=3 ttl=64 time=2.741 ms
64 bytes from 192.168.1.10: seq=4 ttl=64 time=2.808 ms
The problem is that the governor is set to Ondemand, which causes
the CPU to clock all the way down to 48MHz in some cases.
Switching to performance governor:
64 bytes from 10.0.253.101: icmp_seq=1 ttl=64 time=0.528 ms
64 bytes from 10.0.253.101: icmp_seq=2 ttl=64 time=0.561 ms
64 bytes from 10.0.253.101: icmp_seq=3 ttl=64 time=0.633 ms
64 bytes from 10.0.253.101: icmp_seq=4 ttl=64 time=0.526 ms
In theory, using the Performance governor should increase power draw,
but it looks like it really does not matter for this soc.
Using a calibrated precision DC power supply (cpu idle):
Ondemand
24.00V * 0.134A = 3.216 Watts
48.00V * 0.096A = 4.608 Watts
Performance
24.00V * 0.135A = 3.240 Watts
48.00V * 0.096A = 4.608 Watts
Let's simply switch to the Performance governor by default
to fix the general jittery behaviour on devices using this soc.
Tested on: MikroTik wAP ac
Fixes: #13649
Reviewed-by: Robert Marko <robimarko@gmail.com>
Reviewed-by: Thibaut VARÈNE <hacks@slashdirt.org>
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(cherry picked from commit b8e52852bd62236a2a84663b4592d221ebc64cb4)
|
|
|
|
|
|
|
| |
5590a80e2566 config: fix incompatible with jshn network-device entry
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 53039bf7f5aa16d2f69394a86d04b8442c743e77)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ucidef_set_network_device_* functions in uci-defaults.sh disagree
on whether to use "network-device" or "network_device" in board.json.
With the additional caveat that jshn will translate hyphens (-) into
underscores (_). This casues problems in netifd which expected
"network_device" causing boards which depend on assigning MACs in
board.json via uci-defaults.sh (or jshn in general) to fail.
This commit addresses the issue by using network_device in
uci-defaults.sh.
The bug was uncovered in the forums here:
https://forum.openwrt.org/t/support-for-rtl838x-based-managed-switches/57875/2596
This was exposed by commit 4ebba8a05d09 ("realtek: add support for HPE
1920-8g-poe+") where the board_config_load call from 03_gpio introduced
the key normalization by jshn.
Fixes: 9290539ca9c7 ("base-files: allow setting device and bridge macs")
Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Michael 'ASAP' Weinrich <michael@a5ap.net>
[ improve commit title, description and fix wrong Tested-by tag ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 12bc79d6d521581e37a8b067ce8a562429aeefbd)
|
|
|
|
|
|
|
|
|
|
|
| |
Copy configuration to boot partition (partition 1) instead of root
partition (partition 2) because the root partition is not writable if
it's a suqashfs image.
Move configuration back to root during preinit.
Fixes: https://github.com/openwrt/openwrt/issues/13695
Signed-off-by: Christian Buschau <cbuschau@d00t.de>
(cherry picked from commit 67ce60c5f961c4248fa108cd0f949e2bade4536e)
|
|
|
|
|
|
|
|
| |
This fixes some minor security problems.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9e1c5ad4b0c99c45927ccd44504cd8fdbbd03bb0)
|
|
|
|
|
|
|
|
|
|
|
| |
A typo snuck in with the addition of Cudy M1800, changing
"nr7101" to "nt7101". The result is a default network config
for NR7101 without the only ethernet interface on the NR7101,
thereby soft bricking it.
Fixes: f6d394e9f2fd ("ramips: add support for Cudy M1800")
Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit 2e57028424d0e914490a80178cd729adb17ba09b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hardware information:
---------------------
- RTL8380 SoC
- 8 Gigabit RJ45 PoE ports (built-in RTL8218B)
- 2 SFP ports (built-in SerDes)
- RJ45 RS232 port on front panel
- 32 MiB NOR Flash
- 128 MiB DDR3 DRAM
- PT7A7514 watchdog
- PoE chip
- Fanless
Known issues:
---------------------
- PoE LEDs are uncontrolled.
(Manual taken from f2f09bc)
Booting initramfs image:
------------------------
- Prepare a FTP or TFTP server serving the OpenWrt initramfs image and
connect the server to a switch port.
- Connect to the console port of the device and enter the extended
boot menu by typing Ctrl+B when prompted.
- Choose the menu option "<3> Enter Ethernet SubMenu".
- Set network parameters via the option "<5> Modify Ethernet Parameter".
Enter the FTP/TFTP filename as "Load File Name" ("Target File Name"
can be left blank, it is not required for booting from RAM). Note that
the configuration is saved on flash, so it only needs to be done once.
- Select "<1> Download Application Program To SDRAM And Run".
Initial installation:
---------------------
- Boot an initramfs image as described above, then use sysupgrade to
install OpenWrt permanently. After initial installation, the
bootloader needs to be configured to load the correct image file
- Enter the extended boot menu again and choose "<4> File Control",
then select "<2> Set Application File type".
- Enter the number of the file "openwrt-kernel.bin" (should be 1), and
use the option "<1> +Main" to select it as boot image.
- Choose "<0> Exit To Main Menu" and then "<1> Boot System".
NOTE: The bootloader on these devices can only boot from the VFS
filesystem which normally spans most of the flash. With OpenWrt, only
the first part of the firmware partition contains a valid filesystem,
the rest is used for rootfs. As the bootloader does not know about this,
you must not do any file operations in the bootloader, as this may
corrupt the OpenWrt installation (selecting the boot image is an
exception, as it only stores a flag in the bootloader data, but doesn't
write to the filesystem).
Example PoE config file (/etc/config/poe):
---------------------
config global
option budget '65'
config port
option enable '1'
option id '1'
option name 'lan8'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '2'
option name 'lan7'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '3'
option name 'lan6'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '4'
option name 'lan5'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '5'
option name 'lan4'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '6'
option name 'lan3'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '7'
option name 'lan2'
option poe_plus '1'
option priority '2'
config port
option enable '1'
option id '8'
option name 'lan1'
option poe_plus '1'
option priority '2'
Signed-off-by: Kevin Jilissen <info@kevinjilissen.nl>
(cherry picked from commit f4ee08677cdeefba7cfda40a830b6b747c6ea36e)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two hardware models of the HPE 1920-8g-poe switch. The version
currently in the repository is the model with a PoE budget of 180W. In
preparation of the addition of the 65W model, the existing model is
renamed to clarify the hardware version it targets.
As suggested by Pawel, the 'SUPPORTED_DEVICES' includes the old target
name to enable an upgrade path of builds with the old name.
Suggested-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Kevin Jilissen <info@kevinjilissen.nl>
(cherry picked from commit 987c96e88927094ff61e83870f872f0560d8e5c1)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The compex WPJ563 actually has both usb controllers wired:
usb0 --> pci-e slot
usb1 --> pin header
As the board exposes it for generic use, enable this controller too.
fixes: #13650
Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
(cherry picked from commit 9188c77cbee55a933d0fa75c74e175fbc52c556d)
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add two patches from Debian fixing CVEs in the bsdiff application.
CVE-2014-9862: Heap vulnerability in bspatch
CVE-2020-14315: Memory Corruption Vulnerability in bspatch
Copied the patches from this location:
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/20-CVE-2014-9862.patch
https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/33-CVE-2020-14315.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cac723e8b8748938b8d80603578c60189fc32b24)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.134
Removed upstreamed:
generic/backport-5.15/894-Fix-up-backport-for-13619703038.patch[1]
All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.134&id=d7acb7031758141225844bea073860b48fd92092
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit ac3a5911daeaecc04c6ffd03027b6b75fa4472d2)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.133
Removed upstreamed:
bcm47xx/patches-5.15/101-v5.18-mtd-rawnand-brcmnand-Allow-SoC-to-provide-I-O-operations.patch[1]
Cherry picked build fix.[2] All other patches automatically rebased.
1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.133&id=56cf9f446b331414a15ef0e8dedf23583ec2c427
2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.15/fix-up-backport-of-136191703038-interconnect-teach-l.patch
Build system: x86_64
Build-tested: ramips/tplink_archer-a6-v3
Run-tested: ramips/tplink_archer-a6-v3
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit 89895937dd4a24446b7bfd067398b4f7e73dc7b5)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds the following changes:
b4f76ecc9e Ignore MAP_VARIABLE in tst-mman-consts.py
f5d377c896 __check_pf: Add a cancellation cleanup handler [BZ #20975]
0e3e9dbb0e Document BZ #20975 fix
e2974d26ce io: Fix record locking contants on 32 bit arch with 64 bit default time_t (BZ#30477)
3593050c27 io: Fix F_GETLK, F_SETLK, and F_SETLKW for powerpc64
8dcb1a5181 hppa: xfail debug/tst-ssp-1 when have-ssp is yes (gcc-12 and later)
0930ff8eb3 realloc: Limit chunk reuse to only growing requests [BZ #30579]
3f4b4e2cdd elf: _dl_find_object may return 1 during early startup (bug 30515)
260d4b742b nptl: Fix tst-cancel30 on sparc64
58f7431fd7 sparc: Fix la_symbind for bind-now (BZ 23734)
1caf955269 x86: Increase `non_temporal_threshold` to roughly `sizeof_L3 / 4`
80a8c858a5 x86: Fix slight bug in `shared_per_thread` cache size calculation.
cc8243fb0b x86: Use `3/4*sizeof(per-thread-L3)` as low bound for NT threshold.
f94ff95e93 x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745]
0d500bfdc0 hurd: Make exception subcode a long
be26b29262 io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64
3d24d1903d elf: Do not run constructors for proxy objects
a7e34a6675 elf: Always call destructors in reverse constructor order (bug 30785)
bdb594afa5 elf: Remove unused l_text_end field from struct link_map
1a7cbe52c8 elf: Move l_init_called_next to old place of l_text_end in link map
b752934602 CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode
6529a7466c (HEAD) getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806)
79310b45af x86/dl-cacheinfo: remove unsused parameter from handle_amd
9d5c6e27ed x86: Fix for cache computation on AMD legacy cpus.
4473d1b87d Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]
94ef701365 Document CVE-2023-4806 and CVE-2023-5156 in NEWS
2dfd8c77b5 i686: Regenerate ulps
b4e23c75ae tunables: Terminate if end of input is reached (CVE-2023-4911)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e66eed033f9f9d27fc839d81d3a03d4fad1b9b5b)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The USXGMII implementation of Realtek switches can not only support
10GbE but also 2.5Gb and 5Gb on top of the usual data rates.
Mark those as supported to allow them to be negotiated.
This change has been tested on a ZyXEL XGS1250-12 with the following link
partners:
- NWA50AX Pro (2.5Gb)
- RTL8152 USB NIC (2.5Gb)
- AQC111 USB NIC (2.5Gb & 5Gb)
Gbit and 10GbE has also been tested to still work fine with a variety of
devices.
Signed-off-by: Tobias Schramm <tobias@t-sys.eu>
(cherry picked from commit cd56a682326f9de4d77ee3afb99d13d25c478c08)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix Spanning Tree Protocol (STP) by changing COPY2CPU which currently
makes switch to ignore Bridge Protocol Data Units (BPDUs).
Tested on Zyxel GS1900-8, 24 and 48.
Signed-off-by: Rudolf Vesely <i@rudolfvesely.com>
[ improve commit description and add new line in different sections ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 41fcc617f94601072d304f2f68e12cf1dd058707)
|
|
|
|
|
|
|
|
|
|
|
| |
Modems which are using qmi do not reply on the 1st sync but they do
on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi
supports a timeout parameter. Unfortunately qmi.sh didn't make use of
this parameter. So qmi.sh is now invoking an early dummy access to
unlock the modem
Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de>
(cherry picked from commit 32a696f9e419ebec5b166847a16a5a45d030acbd)
|
|
|
|
|
|
|
|
| |
Add missing PKG_MIRROR_HASH. This is always needed as is used to
generate and use a tar instead of git clone and validate the hash of it.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit a181b9f0f9269525319024f53d83c7efe9da544b)
|