aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ltq-atm/ltq-ptm: add kernel 5.10 compatiblityMathias Kresin2023-03-273-0/+27
| | | | | | | | | | | | | The callback handling of the tasklet API was redesigned and the macros using the old syntax renamed to _OLD. The stuck queue is now passed to ndo_tx_timeout callback but not used so far. Signed-off-by: Mathias Kresin <dev@kresin.me> (cherry picked from commit 804c541446ab8e3fab11dba5d8fe07807af7fac5) [Add DECLARE_TASKLET handling for kernel 5.4.235 too] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: tcindex classifier has been retiredJohn Audia2023-03-272-3/+1
| | | | | | | https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/net/sched?h=v5.4.235&id=7a6fb69bbcb21e9ce13bdf18c008c268874f0480 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit fbfec3286e8bfce3a78749b7bcb67e658665f197)
* kernel: bump 5.4 to 5.4.234Hauke Mehrtens2023-03-275-6/+6
| | | | | | | Compile-tested: armvirt/64, lantiq/xrx200 Run-tested: armvirt/64 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* bcm4908: include usbport triggerRafał Miłecki2023-03-271-1/+2
| | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit cb2661844a5d54d44230ee564d4f17605a794a49)
* bcm4908: backport v6.4 pending DTS changesRafał Miłecki2023-03-279-1/+791
| | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit ffaabee9b8d9da7c15a50f52897ae5f70b40b4e7)
* ca-certificates: fix python3-cryptography woes in certdata2pem.pyChristian Lamparter2023-03-041-0/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch is a revert of the upstream patch to Debian's ca-certificate commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.") The reason is, that this change broke builds with the popular Ubuntu 20.04 LTS (focal) releases which are shipping with an older version of the python3-cryptography package that is not compatible. |Traceback (most recent call last): | File "certdata2pem.py", line 125, in <module> | cert = x509.load_der_x509_certificate(obj['CKA_VALUE']) |TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend' |make[5]: *** [Makefile:6: all] Error 1 ...or if the python3-cryptography was missing all together: |Traceback (most recent call last): | File "/certdata2pem.py", line 31, in <module> | from cryptography import x509 |ModuleNotFoundError: No module named 'cryptography' More concerns were raised by Jo-Philipp Wich: "We don't want the build to depend on the local system time anyway. Right now it seems to be just a warning but I could imagine that eventually certs are simply omitted of found to be expired at build time which would break reproducibility." Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697> Reported-by: Chen Minqiang <ptpt52@gmail.com> Reported-by: Shane Synan <digitalcircuit36939@gmail.com> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 25bc66eb40ea2c062940778fba601032b2579734)
* ca-certicficates: Update to version 20211016Christian Lamparter2023-03-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the ca-certificates and ca-bundle package from version 20210119 to version 20211016. Debian change-log entry [1]: |[...] |[ Julien Cristau ] |* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority | bundle to version 2.50 | The following certificate authorities were added (+): | + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS" | + "GlobalSign Root R46" | + "GlobalSign Root E46" | + "GLOBALTRUST 2020" | + "ANF Secure Server Root CA" | + "Certum EC-384 CA" | + "Certum Trusted Root CA" | The following certificate authorities were removed (-): | - "QuoVadis Root CA" | - "Sonera Class 2 Root CA" | - "GeoTrust Primary Certification Authority - G2" | - "VeriSign Universal Root Certification Authority" | - "Chambers of Commerce Root - 2008" | - "Global Chambersign Root - 2008" | - "Trustis FPS Root CA" | - "Staat der Nederlanden Root CA - G3" | * Blacklist expired root certificate "DST Root CA X3" (closes: #995432) |[...] [1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 7c99085bd69742f66207d61e9f2da5ec4f8f9d2f)
* kernel: support "linux,default-trigger" in leds-bcm63138Rafał Miłecki2023-03-011-0/+26
| | | | | | | | This driver is backported from the v6.0 which deals with "linux,default-trigger" in leds core. For kernel 5.4 we need leds-bcm63138 to read trigger on its own. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: Update to version 5.10.168-1Hauke Mehrtens2023-02-185-16/+16
| | | | | | | This update mac80211 to version 5.10.168-1. This includes multiple bugfixes. Some of these bugfixes are fixing security relevant bugs. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 5.4 to 5.4.231Hauke Mehrtens2023-02-1819-33/+33
| | | | | | | Compile-tested: x86/64 Run-tested: x86/64 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: bump to 1.1.1tJohn Audia2023-02-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes between 1.1.1s and 1.1.1t [7 Feb 2023] *) Fixed X.400 address type confusion in X.509 GeneralName. There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This vulnerability may allow an attacker who can provide a certificate chain and CRL (neither of which need have a valid signature) to pass arbitrary pointers to a memcmp call, creating a possible read primitive, subject to some constraints. Refer to the advisory for more information. Thanks to David Benjamin for discovering this issue. (CVE-2023-0286) This issue has been fixed by changing the public header file definition of GENERAL_NAME so that x400Address reflects the implementation. It was not possible for any existing application to successfully use the existing definition; however, if any application references the x400Address field (e.g. in dead code), note that the type of this field has changed. There is no ABI change. [Hugo Landau] *) Fixed Use-after-free following BIO_new_NDEF. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. (CVE-2023-0215) [Viktor Dukhovni, Matt Caswell] *) Fixed Double free after calling PEM_read_bio_ex. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. (CVE-2022-4450) [Kurt Roeckx, Matt Caswell] *) Fixed Timing Oracle in RSA Decryption. A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. (CVE-2022-4304) [Dmitry Belyavsky, Hubert Kario] Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 4ae86b3358a149a17411657b12103ccebfbdb11b) The original commit removed the upstreamed patch 010-padlock.patch, but it's not on OpenWrt 21.02, so it doesn't have to be removed. Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
* sunxi: fix wifi connection for Banana Pi M2 BerryJosef Schlehofer2023-02-171-1/+1
| | | | | | | | fixes the problem that the banana pi m2 berry cannot connect to wifi and cannot be used as an access point Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit ff2bb16730f629d54bde8ba85c75d8614741e3fd) Signed-off-by: LizenzFass78851 <82592556+LizenzFass78851@users.noreply.github.com>
* mpc85xx: Drop pci aliases to avoid domain changesMartin Kennedy2023-02-085-0/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As of upstream Linux commit 0fe1e96fef0a ("powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias"), the PCIe domain address is no longer numbered by the lowest 16 bits of the PCI register address after a fallthrough. Instead of the fallthrough, the enumeration process accepts the alias ID (as determined by `of_alias_scan()`). This causes e.g.: 9000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11) 9000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ... to become 0000:00:00.0 PCI bridge: Freescale Semiconductor Inc P1020E (rev 11) 0000:01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn ... ... which then causes the sysfs path of the netdev to change, invalidating the `wifi_device.path`s enumerated in `/etc/config/wireless`. One other solution might be to migrate the uci configuration, as was done for mvebu in commit 0bd5aa89fcf2 ("mvebu: Migrate uci config to new PCIe path"). However, there are concerns that the sysfs path will change once again once some upstream patches[^2][^3] are merged and backported (and `CONFIG_PPC_PCI_BUS_NUM_DOMAIN_DEPENDENT` is enabled). Instead, remove the aliases and allow the fallthrough to continue for now. We will provide a migration in a later release. This was first reported as a Github issue[^1]. [^1]: https://github.com/openwrt/openwrt/issues/10530 [^2]: https://lore.kernel.org/linuxppc-dev/20220706104308.5390-1-pali@kernel.org/t/#u [^3]: https://lore.kernel.org/linuxppc-dev/20220706101043.4867-1-pali@kernel.org/ Fixes: #10530 Tested-by: Martin Kennedy <hurricos@gmail.com> [Tested on the Aerohive HiveAP 330 and Extreme Networks WS-AP3825i] Signed-off-by: Martin Kennedy <hurricos@gmail.com> (cherry picked from commit 7f4b4c29f3489697dca7495216460d0ed5023e02) Signed-off-by: Fabian Bläse <fabian@blaese.de>
* kernel: bump 5.4 to 5.4.230Hauke Mehrtens2023-01-2894-213/+183
| | | | | | | Compile-tested: x86/64 Run-tested: x86/64 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: Reorder configurationHauke Mehrtens2023-01-281-9/+9
| | | | | | | | This was done by running these commands: ./scripts/kconfig.pl '+' target/linux/generic/config-5.4 /dev/null > target/linux/generic/config-5.4-new mv target/linux/generic/config-5.4-new target/linux/generic/config-5.4 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: expose (unhide) CONFIG_ASN1 as ksmbd requirementRafał Miłecki2023-01-251-0/+30
| | | | | | | | | | | | | | OpenWrt provides kmod-asn1-decoder for CONFIG_ASN1 but selecting it doesn't really work as expected. Kernel symbol is hidden and can be actually selected only as a dependency. That works well for in-kernel stuff but fails for external modules requiring ASN1 like ksmbd. Modify kernel Kconfig to make CONFIG_ASN1 always selectable. It's required to satisfy ksmbd dependencies cleanly (without hack like selecting unrelated modules). Link: http://lists.openwrt.org/pipermail/openwrt-devel/2023-January/040298.html Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* scripts/dl_github_archieve.py: fix generating unreproducible tarChristian Marangi2023-01-121-1/+1
| | | | | | | | | | | | | | | | Allign dl_github_archieve.py to 8252511dc0b5a71e9e64b96f233a27ad73e28b7f change. On supported system the sigid bit is applied to files and tar archieve that on tar creation. This cause unreproducible tar for these system and these bit should be dropped to produce reproducible tar. Add the missing option following the command options used in other scripts. Fixes: 75ab064d2b38 ("build: download code from github using archive API") Suggested-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Tested-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 5f1758ef14575df4e86896526b1c2035c231899e)
* opkg: add patch to avoid remove package repeatly with forceJosef Schlehofer2023-01-062-1/+37
| | | | | | | | | | | | | | | | This patch was taken from the OpenWrt-devel mailing list: https://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg59794.html It is included already in OpenWrt master branch and OpenWrt 22.03 release as it was included in opkg-lede repository: https://git.openwrt.org/?p=project/opkg-lede.git;a=commit;h=9c44557a776da993c2ab80cfac4dbd8d59807d01 However, it is not included in OpenWrt 21.02, where the same issue is happening. Fixes: CI for https://github.com/openwrt/packages/pull/20074 Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
* kernel: add kmod-nvme packageDaniel Golle2023-01-061-0/+23
| | | | | | | | | | | | | | | | | Add driver for NVM Express block devices, ie. PCIe connected SSDs. Targets which allow booting from NVMe (x86, maybe some mvebu boards come to mind) should have it built-in, so rootfs can be mounted from there. For targets without NVMe support in bootloader or BIOS/firmware it's sufficient to provide the kernel module package. On targets having the NVMe driver built-in the resulting kmod package is an empty dummy. In any case, depending on or installing kmod-nvme results in driver support being available (either because it was already built-in or because the relevant kernel modules are added and loaded). Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit dbe53352e38d20bb5245158b19d4ff810c209548)
* netfilter: remove no-op kconfig symbolsRui Salvaterra2023-01-062-8/+0
| | | | | | | | | | | | | | | These have long been obsolete. For reference, here's the Linux version where each symbol has been dropped: CONFIG_IP6_NF_QUEUE - 3.5 CONFIG_IP6_NF_TARGET_LOG - 3.4 CONFIG_IP_NF_MATCH_DSCP - 2.6.19 CONFIG_NF_CONNTRACK_IPV4 - 4.19 CONFIG_NF_CONNTRACK_IPV6 - 4.19 CONFIG_NF_CONNTRACK_RTCACHE - out-of-tree, superseded by flow offloading Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> (cherry picked from commit d7956c57284624f4bc7b905d192c81e1d34576fe)
* kernel: kmod-isdn4linux: Remove packageHauke Mehrtens2023-01-061-32/+0
| | | | | | | | The isdn4linux drivers and subsystem was removed in kernel 5.3, remove the kernel package also from OpenWrt. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit db55dea5fc047190af188f07018e99b0c7a4bdde)
* kernel: kmod-ipt-ulog: Remove packageHauke Mehrtens2023-01-063-38/+0
| | | | | | | | The ulog iptables target was removed with kernel 3.17, remove the kernel and also the iptables package in OpenWrt too. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 2a0284fb0325f07e79b9b4c58a7d280ba9999a39)
* kernel: kmod-w1-slave-ds2760: Remove packageHauke Mehrtens2023-01-061-17/+0
| | | | | | | | | | | The w1_ds2760.ko driver was merged into the ds2760_battery.ko driver. The driver was removed and this package was never build any more. This happened with kernel 4.19. Remove this unused package. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 5808973d141f488e06efe4749dbf651565fd5510)
* kenrel: kmod-rtc-pt7c4338: Remove packageHauke Mehrtens2023-01-061-16/+0
| | | | | | | | | | The rtc-pt7c4338.ko was never upstream under this name, the driver was removed from OpenWrt some years ago, remove the kmod-rtc-pt7c4338 package too. Fixes: 74d00a8c3849 ("kernel: split patches folder up into backport, pending and hack folders") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 5ccf4dcf8864c1d940b65067d8c6f7c4e5858ae2)
* kernel: build crypto md5/sha1/sha256 modules for powerpcJosef Schlehofer2023-01-061-1/+19
| | | | | | | | | | | | | | | | | This builds and enables kernel optimized modules for mpc85xx target: - CONFIG_CRYPTO_MD5_PPC [1] - CONFIG_CRYPTO_SHA1_PPC_SPE [2] - CONFIG_CRYPTO_SHA256_PPC_SPE [3] Where it was possible, then use Signal Processing Engine, because CONFIG_SPE is already enabled in mpc85xx config. [1] https://cateee.net/lkddb/web-lkddb/CRYPTO_MD5_PPC.html [2] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA1_PPC.html [3] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA256_PPC_SPE.html Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 3a702f8733ff371f30e9e3ba1e1aed5f4686b6b4)
* kernel: fix typo for tegra crypto-sha1 moduleJosef Schlehofer2023-01-061-1/+1
| | | | | | | | Fixes: e889489bedfd2830411bd0cf6564b8272aa9c254 ("kernel: build arm/neon-optimized sha1/512 modules") Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit f8f9d6901c6a7c85e6b18fba665175646fb53ec7)
* CI: build: fix external toolchain use with release tag testsChristian Marangi2023-01-041-1/+1
| | | | | | | | | | | | | | | When a new tag for a release is created, the just checkout repo from github actions will already have such tag locally created. This will result in git fetch --tags failing with error rejecting the remote tag with (would clobber existing tag). Add -f option to overwrite any local tags and always fetch them from remote. Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit f655923b362e9f2d70672eee9c1fa82550a145a6)
* layerscape: fix felix DSA driver compilationRafał Miłecki2023-01-031-0/+26
| | | | | | | | | | | | | | | It isn't used at the moment but let's fix it anyway. This fixes: CC drivers/net/dsa/ocelot/felix.o drivers/net/dsa/ocelot/felix.c:646:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int, enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types] .get_tag_protocol = felix_get_tag_protocol, ^~~~~~~~~~~~~~~~~~~~~~ for users enabling CONFIG_NET_DSA_MSCC_FELIX. Fixes: 1f5024aa73fc ("kernel: backport b53/bcm_sf2 changes from v5.6") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* realtek: update rtl83xx switch driver to the updated DSA APIRafał Miłecki2023-01-021-1/+3
| | | | | | | | | | | | | | | This fixes: CC drivers/net/dsa/rtl83xx/dsa.o drivers/net/dsa/rtl83xx/dsa.c:1274:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int, enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types] .get_tag_protocol = rtl83xx_get_tag_protocol, ^~~~~~~~~~~~~~~~~~~~~~~~ drivers/net/dsa/rtl83xx/dsa.c:1274:22: note: (near initialization for 'rtl83xx_switch_ops.get_tag_protocol') drivers/net/dsa/rtl83xx/dsa.c:1316:22: error: initialization of 'enum dsa_tag_protocol (*)(struct dsa_switch *, int, enum dsa_tag_protocol)' from incompatible pointer type 'enum dsa_tag_protocol (*)(struct dsa_switch *, int)' [-Werror=incompatible-pointer-types] .get_tag_protocol = rtl83xx_get_tag_protocol, ^~~~~~~~~~~~~~~~~~~~~~~~ Fixes: 1f5024aa73fc ("kernel: backport b53/bcm_sf2 changes from v5.6") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* rampis: fix Reference to non-existent node for GB-PC2Arınç ÜNAL2022-12-311-2/+1
| | | | | | | | | | | | | | | Fix cannot build: Reference to non-existent node or label "macaddr_factory_e000" dtb compilation error. The cherry-pick had to be reworked to use the old mtd-mac-address way as openwrt-21.02 still wasn't migrated to nvmem implementation. Fixes: d604032c2a50 ("ramips: fix GB-PC1 and GB-PC2 device support") Fixes: #11654 Fixes: #11385 Signed-off-by: Arınç ÜNAL <arinc.unal@arinc9.com> [ rework commit message, add more fixes tag ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* dnsmasq: Backport DHCPv6 server fix (CVE-2022-0934)Hauke Mehrtens2022-12-211-0/+179
| | | | | | | | | | | | This backports a commit from upstream dnsmasq to fix CVE-2022-0934. CVE-2022-0934 description: A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 002a99eccd75fb653163bae0a1132bd4f494e7ad)
* generic: 5.4: refresh kernel patchesChristian Marangi2022-12-1710-18/+18
| | | | | | Refresh kernel patches due to new spi nor patch. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* generic: add support for EON EN25QX128A spi nor flashChristian Marangi2022-12-161-0/+21
| | | | | | | | | | | Add support for EON EN25QX128A spi nor flash with no flags as it does support SFDP parsing. Fixes: #9442 Tested-by: Szabolcs Hubai <szab.hu@gmail.com> [ramips/mt7621: xiaomi_mi-router-4a-gigabit] (cherry picked from commit d7876daf6552a9f39bd5e0bf50b554e9406ec275) [ apply the same patch to 5.4 kernel ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* tools/mkimage: fix build on MacOS arm64Sergey V. Lobanov2022-12-091-0/+47
| | | | | | | | | | | | | Fixed -no-pie compilation warning on MacOS Fixed errors related to using absolute addressing on MacOS arm64 Based on upstream patch from Jessica Clarke and suggestions from Ronny Kotzschmar Link to original patch and discussion: https://github.com/u-boot/u-boot/commit/3b142045e8a7f0ab17b6099e9226296af45967d0 Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in> (cherry picked from commit 8261b85844a0018c6c79e10c1abb581aca102e45)
* CI: kernel: don't checkout and install feedsChristian Marangi2022-12-071-1/+0
| | | | | | | | We don't need to checkout feed and install feeds for kernel tests. This saves up to 2 minutes for each target kernel build test. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 925e2a155ee4d4cc792fbf68aa9666e32a1f649b)
* CI: build: skip sdk adapt to external toolchain on cache hitChristian Marangi2022-12-071-1/+1
| | | | | | | | | | | | | On cache hit, skip sdk adapt to external toolchain. This is needed because we cache the already extracted sdk and that is already adapted to be used as external toolchain. Rerunning the adap step will result in the test to fail for missing file as the file are already got wrapped to the external toolchain format. Fixes: 42f0ab028e2e ("CI: build: fix use of sdk as toolchain") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 99eaedfe3966b1ca812e8a962197cf91286247f7)
* kernel: backport b53/bcm_sf2 changes from v5.8Rafał Miłecki2022-12-079-4/+589
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: backport b53/bcm_sf2 changes from v5.7Rafał Miłecki2022-12-0723-28/+695
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: backport b53/bcm_sf2 changes from v5.6Rafał Miłecki2022-12-0729-75/+542
| | | | | | This b53 backport significantly stabilizes switch traffic performance. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: backport b53/bcm_sf2 changes from v5.5Rafał Miłecki2022-12-0716-30/+329
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* cmake: update to version 3.19.8Adam Konrad2022-12-061-2/+2
| | | | | | | | | | Updating CMake to latest patched version 3.19.8 which is fixing issue with ccache. Related issue: https://github.com/openwrt/openwrt/issues/8555 Compile-tested: arm64 Signed-off-by: Adam Konrad <git@adamkonrad.com>
* CI: build: fix use of sdk as toolchainChristian Marangi2022-12-061-0/+28
| | | | | | | | | | | | | | | | | | | | | | | The toolchain included in a sdk have a different format than an external toolchain tar. Since sdk is a more integrated setup doesn't use and include wrapper bin that use the external toolchain config and use an alternative and more standard way to include all the toolchain headers. External toolchain use wrapper.sh to append the configured include header when each tool is called. Fix the sdk toolchain by reverting their own sdk wrapper scripts and to simulate an external toolchain build copying what is done in the toolchain target makefile. This handle compilation error and warning caused by not using fortify header on building packages. Fixes: 006e52545d14 ("CI: build: add support to fallback to sdk for external toolchain") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 42f0ab028e2eae0d4e7acf9db7fd68b256f23503)
* toolchain: Select USE_SSTRIP with external musl toolchainHauke Mehrtens2022-12-062-2/+0
| | | | | | | | | | When we use the internal toolchain USE_SSTRIP will be selected by default for musl libc and USE_STRIP when glibc is used. Do the same when an external toolchain is used. USE_GLIBC will also be set for external toolchain builds based on the EXTERNAL_TOOLCHAIN_LIBC_USE_GLIBC setting. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 9403810c020cca136149973a3929bf77a1f501aa)
* sdk: expose binary strip settingsDavid Bauer2022-12-061-0/+46
| | | | | | | | Expose the SDK options for binary stripping to the menuconfig. This way, packages can easily be built with debug symbols using the SDK. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit bb817bb4b8b0b546a70e45bd907ebfeea2370dcd)
* CI: trigger check also on build and check-kernel-patches workflow changeChristian Marangi2022-12-042-0/+6
| | | | | | | | | | Since kernel and packages workflow now use a shared build workflow, they also need to react on changes on these shared workflow. Fix this and add these shared workflow to the event paths to check. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 644175c29ca11e0a008c58c82986045f738f5c6f)
* CI: build: fix matching for openwrt release branch for toolchain parsingChristian Marangi2022-12-041-6/+8
| | | | | | | | | | | | | | The current match logic doesn't handle test for push events related to stable release (example openwrt-22.03) but only fork with the related prefix (example openwrt-22.03-fixup) Fix wrong matching and while at it also add extra checks to other matching (check if the branch name actually start with the requested prefix) Fixes: e24a1e6f6d7f ("CI: build: add support for external toolchains from stable branch") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit e3cf2b84e5f8708ca17d931ef60746516c8a2fe4)
* CI: fix matching for openwrt release branch for container selectionChristian Marangi2022-12-042-8/+12
| | | | | | | | | | | | | | The current match logic doesn't handle test for push events related to stable release (example openwrt-22.03) but only fork with the related prefix (example openwrt-22.03-fixup) Fix wrong matching and while at it also add extra checks to other matching (check if the branch name actually start with the requested prefix) Fixes: abe8a4824210 ("CI: build: add support for per branch tools container") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 65c3d19c4b28ccac0d08d916de0ffa4c0e7b3dc2)
* CI: labeler: fix wrong label for pr targeting stable branchChristian Marangi2022-12-041-3/+3
| | | | | | | | | | The label used for stable branch is in the form of release/[0-9][0-9].[0-9][0-9] Currently we apply the name of the target branch as the label, fix this and correctly use the current label. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit af8bc8e51b6daef65c497522b67a1dd9d0cdab84)
* CI: add support to tag pr targeting stable branchChristian Marangi2022-12-041-0/+14
| | | | | | | | | Add support to tag pr targeting stable branch matching the simple regex of openwrt-[0-9][0-9].[0-9][0-9]. The tag that will be added will match the pr target branch. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit b67d284e93ee052e3ea3abb5d3dae55723ce0353)
* kernel: split kernel version to dedicated filesAnsuel Smith2022-12-042-2/+7
| | | | | | | | | | | | | Move the kernel versions and hash to dedicated files. This makes kernel bump quicker and fix some annoying problem with rebasing when multiple kernel bump are proposed. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> [Rebased on top of current master] Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> (cherry picked from commit 0765466a42f46f7357e260866a4284ed567bb7ad) Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [Rebased on top of current openwrt-21.02]