aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* kernel: limit crypto-hw-ccp to the x86Rafał Miłecki2021-04-141-0/+1
| | | | | | | | | | | | | | | CRYPTO_DEV_CCP depends on X86 or ARM64 CRYPTO_DEV_CCP_DD depends on CPU_SUP_AMD or ARM64 Compiling this driver makes sense for x86 mainly. If one day support for ARM64 board with AMD Secure Processor gets added this package may be updated. Trying to build this package on bcm4908 was causing: ERROR: module 'build_dir/target-aarch64_cortex-a53_musl/linux-bcm4908_generic/linux-5.4.110/drivers/crypto/ccp/ccp-crypto.ko' is missing. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit cb3fb45ed1262355e8c31d8e522f411169ee6df8)
* kernel: crypto: format "crypto-hw-ccp" dependenciesRafał Miłecki2021-04-141-1/+8
| | | | | | | | Use multiples lines for better readability and sort lines. Suggested-by: Stijn Tintel <stijn@linux-ipv6.be> Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 107111adbba16328f9853a4d89db4a103b20118c)
* libnfnetlink: quote $(FPIC) on command linePhilip Prindeville2021-04-121-2/+2
| | | | | | | | | | | When $(FPIC) gets expanded on the command line (for instance when setting environment variables for libtool, configure, or make) we can't count on it not needing quoting (i.e. it could contain multiple flags separated with spaces). Fixes: dc31191ec3e5 ("build: make sure asm gets built with -DPIC") Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> (cherry picked from commit 7fae64cc065738b73a1dddc2fc28adde36c1ae3d)
* mt76: update to the latest versionFelix Fietkau2021-04-111-3/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 6a3cf95733e2 mt76: fix tx skb error handling in mt76_dma_tx_queue_skb ab9045153343 mt76: mt7915: only modify tx buffer list after allocating tx token id 7e1eff676257 mt76: mt7915: fix unused 'mode' variable 8a2e22fcbf69 mt76: mt7921: fix suspend/resume sequence 27a54e8b687f mt76: mt7921: fix memory leak in mt7921_coredump_work c267322f0bdb mt76: mt7921: switch to new api for hardware beacon filter [v2 update] fd2c59d9ba46 mt76: mt7921: fixup rx bitrate statistics [v2 update] bfa8d5a6a9a1 mt76: adjust to upstream API for enabling threaded NAPI 1706fb6c48e8 mt76: mt7663s: fix rx buffer refcounting c5aca6692c41 mt76: mt7615: enable hw rx-amsdu de-aggregation 9002b0b30aed mt76: mt7615: add rx checksum offload support 8e3f5bfe74f6 mt76: mt7615: add support for rx decapsulation offload 8e3bba8bd3ef mt76: mt7615: fix memory leak in mt7615_coredump_work 760adce29100 mt76: mt7921: fix aggr length histogram 84229a51845a mt76: mt7915: fix aggr len debugfs node 10a95da23cb7 mt76: mt7921: remove unneeded semicolon 2856dc8fb57e mt76: mt7921: fix stats register definitions 1b245e57549d mt76: mt7615: fix TSF configuration 1a2e2965b62b mt76: mt7615: remove hdr->fw_ver check f60ec1b9473d mt76: mt7615: fix mib stats counter reporting to mac80211 8a5b036af48f mt76: mt7915: fix mib stats counter reporting to mac80211 ee6dbcc64f6d mt76: connac: fix kernel warning adding monitor interface e46dd240ce72 mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list ddf95ead3bb3 mt76: mt7921: get rid of mt7921_sta_rc_update routine fd2a51ea9dc8 mt76: mt7921: fix the base of PCIe interrupt 28f53d074bb0 mt76: mt7921: fix the base of the dynamic remap 8d737632b57f mt76: mt7921: check mcu returned values in mt7921_start 5ff25c915e62 mt76: mt7915: add missing capabilities for DBDC 58dd3f26c099 mt76: mt7615: fix CSA notification for DBDC 76f4959107ac mt76: mt7615: stop ext_phy queue when mac reset happens 7de0a0654054 mt76: mt7915: fix CSA notification for DBDC e9e418fc7eb0 mt76: mt7915: stop ext_phy queue when mac reset happens 477b78301879 mt76: mt7915: fix PHY mode for DBDC 37b4dc0f7595 mt76: mt76x0u: Add support for TP-Link T2UHP(UN) v1 29a04583aecb mt76: mt7915: fix rxrate reporting a4307e6ba054 mt76: mt7915: fix txrate reporting 256f324f8fcd mt76: mt7915: check mcu returned values in mt7915_ops 638b112188a5 mt76: mt7615: check mcu returned values in mt7615_ops 975cccfa96da mt76: mt7663: fix when beacon filter is being applied aafe972e95b2 mt76: mt7663s: make all of packets 4-bytes aligned in sdio tx aggregation 0d5b1a702715 mt76: mt7663s: fix the possible device hang in high traffic 00628061b546 mt76: mt7615: add missing capabilities for DBDC 2303e1844afd mt76: mt7915: fix possible deadlock while mt7915_register_ext_phy() 6e2b9d258306 mt76: mt7921: reduce mcu timeouts for suspend, offload and hif_ctrl msg 3cf5afc02955 mt76: introduce mcu_reset function pointer in mt76_mcu_ops structure 9af9622df549 mt76: mt7921: introduce mt7921_run_firmware utility routine. e12c44a7e165 mt76: mt7921: introduce __mt7921_start utility routine 7b56d5bf6ea0 mt76: dma: introduce mt76_dma_queue_reset routine a80e50098b51 mt76: dma: export mt76_dma_rx_cleanup routine e0708e296e27 mt76: mt7921: add wifi reset support 87e09e8482cf mt76: mt7921: remove leftovers from dbdc configuration cc933b3669f7 mt76: mt7921: remove redundant check on type ca22cc221ae7 linux-firmware: add firmware for MT7921 0b6c9a043f78 mt76: move de-amsdu buffer per-phy 48a905e23791 mt76: mt7615: fix CSA event format fbef8bba038f mt76: mt7921: remove duplicated macros in mcu.h 6886b57a1534 mt76: connac: introcuce mt76_sta_cmd_info data structure e529e8afe22a mt76: mt7921: properly configure rcpi adding a sta to the fw e4d522776804 mt76: mt7921: fix airtime reporting be2f67e8d3cb mt76: mt7915: fix key set/delete issue 09a1befde4b7 mt76: fix potential DMA mapping leak f66f8f41d47b mt76: mt7915: refresh repeater entry MAC address when setting BSSID 035e2f6f1ddf mt76: mt7921: get rid of mt7921_mac_wtbl_lmac_addr ee29cd5f3a6a mt76: mt7615: only enable DFS test knobs for mt7615 9a98b1a6f9c2 mt76: mt7615: cleanup mcu tx queue in mt7615_dma_reset() 3bd285424e7b mt76: mt7622: trigger hif interrupt for system reset bf6d9ee4acd1 mt76: mt7615: keep mcu_add_bss_info enabled till interface removal 115b74282314 mt76: mt7915: keep mcu_add_bss_info enabled till interface removal 57432e701d1a mt76: mt7915: cleanup mcu tx queue in mt7915_dma_reset() a519c49a6a42 mt76: mt7615: 0-terminate firmware log messages 4a22f2ffae2e mt76: mt7915: 0-terminate firmware log messages b8609066893a mt76: mt7615: fix chip reset on MT7622 and MT7663e 465dda65ee84 mt7615,mt7915: replace fw log 0-terminating code with wiphy info length limit 62b13f5352b8 mt76: mt7921: fix key set/delete issue 0ff3a336a8d8 mt7615,mt7915: fix a compiler warning 113ba8a81d54 mt76: mt7615: remove redundant dev_err call in mt7622_wmac_probe() be1ab3b9ae7c mt76: mt7921: fix typo in mt7921_pci_resume 4e22f0dc934b mt76: mt7915: fix txpower init for TSSI off chips e66a0b9b8d66 mt76: mt7615: always wake the device in mt7615_remove_interface 38f656768a90 mt76: mt7921: always wake the device in mt7921_remove_interface 6ee4770de083 mt76: mt7921: rework mt7921_mcu_debug_msg_event routine e578b4b8d56a mt76: mt7615: fix .add_beacon_offload() f8c6c7cbf10f mt76: mt7915: fix mt7915_mcu_add_beacon 7d35b7a15d1d mt76: mt7915: add wifi subsystem reset 04122c89749d mt76: fix rx amsdu subframe processing 5e764ec9bece mt76: mt7921: introduce MT_WFDMA_DUMMY_CR definition cf0badbc0497 mt76: mt7921: fix inappropriate WoW setup with the missing ARP informaiton f32a4e15f5b2 mt76: mt7921: fix the dwell time control 54f52771a04a mt76: mt7921: fix kernel crash when the firmware fails to download 97189d2a045b mt76: mt7921: fix the insmod hangs dcdbd7c89cf5 mt76: mt7921: fix MT_PCIE_MAC_INT_ENABLE access 813db729c02f mt76: mt7921: reduce the data latency during hw scan 028b7152b1a9 mt76: mt7921: remove 80+80 MHz support capabilities 7714dc914df6 mt76: report Rx timestamp ffd4cf15fa0e mt76: mt7915: add mmio.c fe8717dd573a mt76: mt7615: add missing SPDX tag in mmio.c 6b293c411d22 mt76: mt7615: always add rx header translation tlv when adding stations bf45b30d8919 add missing file Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 8cc013981d2a017a4604e696e4ec19c846f2c230)
* mac80211: add client mode connection monitor fixFelix Fietkau2021-04-111-0/+31
| | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit dfdb28c24aa60cf057ec45cbc11ab48ba2655f53)
* mac80211: support rx timestamps for HE ratesFelix Fietkau2021-04-111-0/+134
| | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 7d8e14e44f76e18d1696565569ec50ccdce963b3)
* kernel: bump 5.4 to 5.4.111Hauke Mehrtens2021-04-111-1/+1
| | | | | | | | | | | | | | | | | | | | | Refreshed all patches. The following patches were manually changed: * 610-netfilter_match_bypass_default_checks.patch * 611-netfilter_match_bypass_default_table.patch * 802-can-0002-can-rx-offload-fix-long-lines.patch * 802-can-0003-can-rx-offload-can_rx_offload_compare-fix-typo.patch * 802-can-0004-can-rx-offload-can_rx_offload_irq_offload_timestamp-.patch * 802-can-0005-can-rx-offload-can_rx_offload_reset-remove-no-op-fun.patch * 802-can-0006-can-rx-offload-Prepare-for-CAN-FD-support.patch * 802-can-0018-can-flexcan-use-struct-canfd_frame-for-CAN-classic-f.patch The can-dev.ko model was moved in the upstream kernel. Compile-tested on: x86/64, armvirt/64, ath79/generic Runtime-tested on: x86/64, armvirt/64, ath79/generic Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* iproute2: fix libbpf detection with NLS enabledTony Ambardar2021-04-102-1/+21
| | | | | | | | | | | | | | | | | | Upstream iproute2 detects libbpf using a one-line $CC test-compile, which normally ignores LDFLAGS. With NLS enabled however, LDFLAGS includes an "rpath-link" linker option needed to resolve libintl.so. Its absence causes both the compile and libbpf detection to fail: ld: warning: libintl.so.8, needed by libbpf.so, not found (try using -rpath or -rpath-link) ld: libelf.so.1: undefined reference to `libintl_dgettext' collect2: error: ld returned 1 exit status Fix this by directly including $LDFLAGS in the test-compile command. Reported-by: Ian Cooper <iancooper@hotmail.com> Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit aab3a04ce87c27996b7ce9ea306db8c6eed86941)
* binutils: fix libbfd missing DSO dependency if NLS enabledTony Ambardar2021-04-101-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | The libbfd package definition uses $(ICONV_DEPENDS) and $(INTL_DEPENDS) but links against neither, leading to libbfd detection failures in other packages (e.g. bpftools) and on-target relocation problems with libintl.so: root@OpenWrt:/# ldd /usr/lib/libbfd.so ldd (0x77db6000) libc.so => ldd (0x77db6000) libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77c6d000) Error relocating /usr/lib/libbfd.so: libintl_dgettext: symbol not found Add NLS-conditional linking of "libintl" to fix this. Also remove libbfd package dependency $(ICONV_DEPENDS) which is not used during building or linking. Tested with QEMU on malta/be32, after building all packages from binutils, bpftools and iproute2, using different libc options musl and glibc. Fixes: 08e817569630 ("binutils: use nls.mk to fix libbfd link errors in other packages") Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit 9a59f62f613b1ca774032ccd80c51c74491b142c)
* bpftools: drop unneeded libintl linking for NLSTony Ambardar2021-04-101-5/+1
| | | | | | | | | There is no direct linking of libintl from bpftools, only secondary linking through libelf, so remove "-lintl" from TARGET_LDFLAGS. Fixes: 5582fbd6135f ("bpftools: support NLS, fix ppc build and update to 5.8.9") Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit c8c638a19b63bf6c3bf8094aebd8fde6feda36ba)
* iproute2: separate tc into tiny and full variantsTony Ambardar2021-04-101-27/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change was investigated previously [1] but not deemed necessary. With the recent addition [2] of modern BPF loader support, however, tc gained dependencies on libelf and libbpf, with a larger installation footprint. Similar to ip-tiny/ip-full, split tc into tc-full and tc-tiny variants, where the latter excludes the eBPF loader, uses a smaller executable, and avoids libelf and libbpf package dependencies. Both variants provide the 'tc' virtual package, with tc-tiny as the default. The previous tc package included a loadable module for iptables actions. Separate this out into a common package, tc-mod-iptables, which both variants depend on. Some package sizes on mips_24kc: Before: 148343 tc_5.11.0-1_mips_24kc.ipk After: 144833 tc-full_5.11.0-2_mips_24kc.ipk 138430 tc-tiny_5.11.0-2_mips_24kc.ipk (and no libelf or libbpf) 4115 tc-mod-iptables_5.11.0-2_mips_24kc.ipk Also fix up some Makefile indentation. [1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447619962 [2] b048a305a3d3 ("iproute2: update to 5.11.0") Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit 72885e9608d9c0fa06abce6bdb6dd054c2116eb7)
* kernel/modules: relocate teql hotplug from iproute2 to kmod-schedTony Ambardar2021-04-103-2/+7
| | | | | | | | | | | | | | | The link equalizer sch_teql.ko of package kmod-sched relies on a hotplug script historically included in iproute2's tc package. In previous discussion [1], consensus was the hotplug script is best located together with the module in kmod-sched, but this change was deferred at the time. Relocate the hotplug script now. This change also simplifies adding a tc variant for minimal size with reduced functionality. [1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447923636 Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit 863ce4f15f74a674f01ab47f445b362c113b113b)
* iproute2: add missing limits.h includesTony Ambardar2021-04-101-0/+45
| | | | | | | | | | | | | | | | This patch has been submitted upstream to fix an error reported by a few users. One instance seen using gcc 10.2.0, binutils 2.35.1 and musl 1.1.24: bpf_glue.c: In function 'get_libbpf_version': bpf_glue.c:46:11: error: 'PATH_MAX' undeclared (first use in this function); did you mean 'AF_MAX'? 46 | char buf[PATH_MAX], *s; | ^~~~~~~~ | AF_MAX Reported-by: Rui Salvaterra <rsalvaterra@gmail.com> Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit 10ffefe60299637bc592ec4ef0dde93e0e2e8344)
* iproute2: update to 5.11.0Tony Ambardar2021-04-1011-29/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The latest iproute2 version brings various improvements and fixes: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0 In particular, ip and tc now use libbpf as the standard way to load BPF programs, rather than the old, limited custom loader. This allows more consistent and featureful BPF program handling e.g. support for global initialized variables. Also fix a longstanding problem with iproute2 builds where unneeded DSO dependencies are added to most utilities, bloating their installation footprint. From research and testing, explicitly using a "--as-needed" linker flag avoids the issue. Update accordingly and drop extra package dependencies from Makefile. Additional build and packaging updates include: - install missing development header to iproute2/bpf_elf.h - propagate OpenWrt verbose flag during build - update and refresh patches Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10. All iproute2 packages were built and installed to the test image. Some regression testing using ip-full and tc was successfully performed to exercise several kmods, tc modules, and simple BPF programs. Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit b048a305a3d3cbb5375e32757e70aa129b4c7c4f)
* wireguard-tools: depend on kmod-wireguardIlya Lipnitskiy2021-04-101-1/+4
| | | | | | | | | | | | | | | | To the vast majority of the users, wireguard-tools are not useful without the underlying kernel module. The cornercase of only generating keys and not using the secure tunnel is something that won't be done on an embedded OpenWrt system often. On the other hand, maintaining a separate meta-package only for this use case introduces extra complexity. WireGuard changes for Linux 5.10 remove the meta-package. So let's make wireguard-tools depend on kmod-wireguard to make WireGuard easier to use without having to install multiple packages. Fixes: ea980fb9 ("wireguard: bump to 20191226") Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> (cherry picked from commit cbcddc9f318607881799e329b327a68c4e76d5cb)
* kernel: fix kmod-wireguard package fieldsIlya Lipnitskiy2021-04-101-4/+2
| | | | | | | | | | Use NETWORK_SUPPORT_MENU like all other modules in netsupport.mk. Drop SECTION and CATEGORY fields as they are set by default and to match other packages in netsupport.mk. Use better TITLE for kmod-wireguard (taken from upstream drivers/net/Kconfig). Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> (cherry picked from commit 0b53d6f7fa8cc35cec5b22e1c64a2407fab6dfe3)
* wireguard-tools: bump to 1.0.20210223Jason A. Donenfeld2021-04-101-2/+2
| | | | | | | Simple version bump with accumulated fixes. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> (cherry picked from commit e0f7f5bbce0d03e5192b5dad5a24fcb8566da97f)
* kernel: migrate wireguard into the kernel treeIlya Lipnitskiy2021-04-103-89/+184
| | | | | | | | | | | | On Linux 5.4, build WireGuard from backports. Linux 5.10 contains wireguard in-tree. Add in-kernel crypto libraries required by WireGuard along with arch-specific optimizations. Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> (cherry picked from commit 06351f1bd0455abacb700db5098bb798f66948fc) (cherry picked from commit 464451d9ab824c2ed62f7da33f0a965f562714c8)
* firmware-utils: bcm4908img: convert into a packageRafał Miłecki2021-04-083-0/+1056
| | | | | | | | | | | bcm4908img is a tool managing BCM4908 platform images. It's used for creating them as well as checking, modifying and extracting data from. It's required by both: host (for building firmware images) and target (for sysupgrade purposes). Make it a host/target package. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 9b4fc4cae9fa0cd0cd9060e1c9d33320c3249ced)
* mac80211: merge a few pending tx related fixesFelix Fietkau2021-04-043-0/+142
| | | | | | | Improve performance and fix potential mgmt tx hangs/warnings Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 571aedbc6cbb7a9bfc96bcad543a39d158925cbc)
* mac80211: backport upstream patches for driver disconnectFelix Fietkau2021-04-046-15/+593
| | | | | | | Needed for an mt76 update Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 5dc501507222b38d731b89c3311d8253b73dd0e7)
* build: use -nostdinc and -isystem in NOSTDINC_FLAGS for out-of-tree kernel ↵Felix Fietkau2021-04-044-4/+8
| | | | | | | | | modules This resolves issues uncovered by musl updates Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 9ac47ee46918c45b91f4e4d1fa76b1e26b9d57fe)
* libunwind: Add MIPS64 dep checkDonald Hoskins2021-03-291-1/+1
| | | | | | | | | | | | libunwind dependency check does not allow for MIPS64 arch. Add MIPS64 awareness. libunwind seems to support MIPS64 without issues, it was limited by the dep arch check in the Makefile. Used to compile Suricata6/Rust locally without issue. Signed-off-by: Donald Hoskins <grommish@gmail.com> (cherry picked from commit ea6d4bdde20a3fecbfc44b99f53373e1d0666e34)
* bpftools: fix libbpf pkgconfig fileTony Ambardar2021-03-291-0/+4
| | | | | | | | | | | | | | | | | | | | | | The pkgconfig file hardcodes a host library directory which cannot be overridden by OpenWrt during builds. Use SED to fix this and potential include directory problems, as is done with several other packages. This fixes a strange issue intermittently seen building iproute2 on the oxnas target: iptables modules directory: /usr/lib/iptables libc has setns: yes SELinux support: no libbpf support: no libbpf version 0.3.0 is too low, please update it to at least 0.1.0 LIBBPF_FORCE=on set, but couldn't find a usable libbpf Fixes: 2f0d672088c3 ("bpftools: add utility and library packages supporting eBPF usage") Reported-by: Russell Senior <russell@personaltelco.net> Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit 9e64e4ce26719ea81637b0e3d9754bd5190f0c21)
* ppp: compile fix: unset FILTER variable in MakefileEike Ritter2021-03-291-0/+12
| | | | | | | | | | | | | | | | | If the environment variable FILTER is set before compilation, compilation of the ppp-package will fail with the error message Package ppp is missing dependencies for the following libraries: libpcap.so.1 The reason is that the OpenWrt-patch for the Makefile only comments out the line FILTER=y. Hence the pcap-library will be dynamically linked if the environment variable FILTER is set elsewhere, which causes compilation to fail. The fix consists on explicitly unsetting the variable FILTER instead. Signed-off-by: Eike Ritter <git@rittere.co.uk> (cherry picked from commit 46cd0765d0c585dc0b48c8c0a3f116ef83cd580f)
* busybox: udhcpc, allow zero length dhcp optionsRussell Senior2021-03-291-0/+49
| | | | | | | This patch skips zero length DHCP options instead of failing. Signed-off-by: Russell Senior <russell@personaltelco.net> (cherry picked from commit 1c0436507156dc136d9e2668507817395434109e)
* firewall3: update to latest git HEADTony Ambardar2021-03-291-3/+3
| | | | | | | | | | | | | | | | This includes several improvements and fixes: 61db17e rules: fix device and chain usage for DSCP/MARK targets 7b844f4 zone: avoid duplicates in devices list c2c72c6 firewall3: remove last remaining sprintf() 12f6f14 iptables: fix serializing multiple weekdays 00f27ab firewall3: fix duplicate defaults section detection e8f2d8f ipsets: allow blank/commented lines with loadfile 8c2f9fa fw3: zones: limit zone names to 11 bytes 78d52a2 options: fix parsing of boolean attributes Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit 0d75aa27d4093625c85f2d2233dd5392a7e2aa32)
* packages: kernel: add gpio-nxp-74hc153Mauri Sandberg2021-03-273-0/+327
| | | | | | | | | | | | | | | | | | | | | NXP 74HC153 is a GPIO expander. Its original source cide sits in ar71xx architecture tree. It has been slightly modified to get GPIO pin configuration from the device tree rather than a MACH file. Changes to the source file: - Remove struct nxp_74hc153_config - in nxp_74hc153_probe(), fetch GPIO configuration from device tree - allow GPIO framework decide the base number by passing -1 to it - remove support for kernel versions below 4.5.0 - add OF device compatibility string Create a package for inclusion in image. References: https://lore.kernel.org/linux-gpio/545111184.50061.1615922388276@ichabod.co-bxl/ Signed-off-by: Mauri Sandberg <sandberg@mailfence.com> [added link to driver usptreaming work in progress] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 6a6f9e73dd65f9201bee911d2fae8595f86c093b)
* openssl: bump to 1.1.1kEneas U de Queiroz2021-03-272-24/+23
| | | | | | | | | | | | | This version fixes 2 security vulnerabilities, among other changes: - CVE-2021-3450: problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 0bd0de7d43b3846ad0d7006294e1daaadfa7b532)
* mwlwifi: add PKG_FLAGS:=nonsharedDaniel Golle2021-03-241-0/+1
| | | | | | | | | This should fix the problem of mwlwifi-firmware-* not being found when using the ImageBuilder. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 9b3aaf1cdb873cc2a7b2f2ef4e72ddb716afba38) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: add logging for configuration importFlorian Eckert2021-03-221-0/+1
| | | | | | | Make sysupgrade backup import more verbose. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (cherry picked from commit fdbdbe8eaaa6aa3acacdcb3ae1308b2a2055fc39)
* uhttpd: update to git HEADHauke Mehrtens2021-03-211-4/+4
| | | | | | | 15346de client: Always close connection with request body in case of error Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 1170655f8b792b34f899350cb0272ad94bb2d3e2)
* uhttpd: Execute uci commit and reload_config onceHauke Mehrtens2021-03-211-4/+6
| | | | | | | | | Instead of doing uci commit and reload_config for each setting do it only once when one of these options was changed. This should make it a little faster when both conditions are taken. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 501221af542b5154fbf8788f8426bc7f5443764a)
* uhttpd: Reload config after uhttpd-mod-ubus was addedHauke Mehrtens2021-03-212-1/+3
| | | | | | | | | | | | | Without this change the config is only committed, but the uhttpd daemon is not reloaded. This reload is needed to apply the config. Without the reload of uhttpd, the ubus server is not available over http and returns a Error 404. This caused problems when installing luci on the snapshots and accessing it without reloading uhttpd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit d25d281fd6686bda67636f6c1df918145b6cb738)
* mbedtls: update to 2.16.10Magnus Kroken2021-03-212-13/+13
| | | | | | | | | | | | | | | | | | | | This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. Security fixes: * Fix a buffer overflow in mbedtls_mpi_sub_abs() * Fix an errorneous estimation for an internal buffer in mbedtls_pk_write_key_pem() * Fix a stack buffer overflow with mbedtls_net_poll() and mbedtls_net_recv_timeout() * Guard against strong local side channel attack against base64 tables by making access aceess to them use constant flow code Full release announcement: https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10 Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit dbde2bcf60b5d5f54501a4b440f25fe7d02fbe5d)
* bcm63xx-cfe: update to the latest masterRafał Miłecki2021-03-171-3/+3
| | | | | | | d035016 tp-link: rename to tplink to match DT vendor prefix Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 4d961436c490800237fdca177b782a82aa300c32)
* bcm63xx-cfe: update to the latest masterRafał Miłecki2021-03-171-3/+3
| | | | | | | | 3fb6f1c tp-link: c2300-v1: add cferam file 79f9578 sercomm: vox-2.5: add cferam file Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit ac39c4bd6000aa435905f4e97a241f582a50c0f8)
* rpcd: update to git HEADDaniel Golle2021-03-151-3/+3
| | | | | | | | d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations ccb7517 sys: packagelist: drop ABI version from package name (cherry picked from commit da339a6d3f78f86bb653f29dd1d1aea8351bfdad) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: update to git HEADDaniel Golle2021-03-151-3/+3
| | | | | | | | | | | d71856a pkg: pass-through ABIVersion to status file d3a63b3 libopkg: add option to strip ABI versions from listed names 5936c4f libopkg: pkg_hash: prefer original packages to satisfy dependencies (cherry squashed from commit 6a7a1f1c64cb307aef561b66956d32867b119a24, commit 988ed0080284903d1fe4851c5ae8f1238bc61da2 and commit b5f6d20560b71025d376cb3052f1d1c2e92b409d) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to version v0.8Daniel Golle2021-03-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a857b45 resolv/locale: eventually this should be more efficient 11ed281 some more optimization 764a475 add redundant calls to file.search_conffile_dirs() 7d4558e fs: treat devtmpfs that same as tmpfs 81b677e adds irqbalance skeleton 5506244 irqbalance rules cc96cd8 adds usbutil and gtpfdisk skels 01e2a55 some fsck, gptfdisk, mkfs and usbutil rules d6d1e7d usbutil: output to terminal da576fa fsck, gptfdisk and usbutil rules 09b39e9 unbound 241a029 hotplugcall: allow dac_read_search (is a subset of dac_override) af0fe90 adds label for tcsh 160f79e adds tcpdump 6d02b96 adds coreutil execfile for busybox alternatives ac54884 coreutilexecfile: these are known to require privileges, so exclude 8cb3b66 adds chrootexecfile 6d329d3 this saves 9KiB and its a bit more robust 88e2425 move addpart/delpart/partx to gptfdisk.cil 261012d ntphotplug: reads ubox data files 0473ace various 740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10) bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31 cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes 07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all) 8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap b8156cd adds a note about how i forgot to target blockd 6e82ab8 adds blockd and related 254ff43 Makefile: exclude blockd from mintesttgt 4dc6bc2 pppd update related and unbound-odhcp rules 3d7da7a igmpproxy tidy some loose ends c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf 5a18967 adds igmpproxy skeleton 7e6a218 logread: support resolving dns names e39ca8b netifd: add support for /etc/udhcpc.user 7952bd0 odhcp6c: support /etc/odhcp6c.user ba0eb4e swconfig, fwenv, agent 4556b8a pppd cosmetic 9324d9d pppd: sends AT commands to model using /dev/ttyUSBN 417b14a ttydev: add some more ttyUSB ed739dc example: dont depend on policycoreutils 97613f9 dropbear: using dropbear as scp: dns name resolving 12c193b dropbear tcp connect ssh ports for scp c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional 8c5de35 this is a bug 8d5c463 uhttpd rcboot rcdnsmasq 094266e hostapd and wpa_supplicant aef0bd7 mountroot: maintains /tmp/sysupgrade.tar 24f0406 dropbear: allow it to read tmp.fs files 2901433 firstboot mkfsf2fs rcboot 2c4afb7 blockmount mmc 465ca98 adds industrial i/o (iio) nodedev 82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon 7df78bd ubus: "support" older ubusd versions that run as root 4458bce swconfig: allow using terminal (to print output) e8d606d sslcert: openssl linked: this shaves off 200 bytes 93afffb jshn ntpdhotplug 0b847f0 wpad: reads /etc/ssl/openssl.cnf f14ee34 indent fix a0c7cad mtd, uhttpd, ubus and ntpdhotplug d74f98f adds a not about checkreqprot requirement in some scenarios affacce example: add policycoreutils-setfiles for make check 4f944dc kmodloader and fwenv: efe36a3 netifd: adds a comment/reminder 581b087 more fw_printenv loose ends 30177a4 fw_setenv: needs mtd write access to set and delete env da28f4c fw_printenv: some minor clean ups a062053 fw_printenv missing rules 244ba5f blockmount: extroot and /rwm 0745a6a squid: allow squid to run sslcrtd with domain transition b851df6 squid fix 8c55acd squid: adds certfile and allow connect http but... b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid) 5ff39bd squid: forgot about luci 5366c97 squid/rcsquid some basic fill in 8743da6 squid skeleton 687a43b adds squid 3128 port to httpproxy port Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry squashed from commit 3ffc30f05aef1a72bc16af8665032164b152fc15 and commit 41a8f093fb26f372fc94e0016cf544ac65718b0b) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* checkpolicy: update to version 3.2Dominick Grift2021-03-151-3/+3
| | | | | | | | | 521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1 42ae834a libsepol,checkpolicy: optimize storage of filename transitions Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 49edc4d17f241bca2a566dfdee0a64538b046cd7) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* secilc: update to version 3.2Dominick Grift2021-03-151-3/+3
| | | | | | | | | | | | | | | 49ff851c secilc: fixes cil_role_statements.md example 03881703 secilc/docs: add custom color theme 4c8d6094 secilc/docs: add syntax highlighting for secil 057d72af secilc/docs: use fenced code blocks for cil examples e8bcdb84 cil_network_labeling_statements: fixes nodecon examples eefa5511 cil_access_vector_rules: allowx, auditallowx and dontauditx fixes 9e9b8103 secilc/docs: document expandtypeattribute fbe1e526 Update the cil docs to match the current behaviour. Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 0b58ebcfe215c2456b752042e80268fe1ec6173a) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* policycoreutils: update to version 3.2Dominick Grift2021-03-151-8/+8
| | | | | | | | | | | | | | | | d464187c policycoreutils: sestatus belongs to bin not sbin d59932a7 policycoreutils: Resolve path in restorecon_xattr 5682c0d5 policycoreutils/fixfiles.8: add missing file systems and merge check and verify 57dd1f65 policycoreutils/setfiles: Drop unused nerr variable be7f54cb setfiles: drop ABORT_ON_ERRORS and related code 9207823c setfiles: Do not abort on labeling error c064d214 selinux_config(5): add a note that runtime disable is deprecated 8bc865e1 newrole: support cross-compilation with PAM and audit ba2d6c10 fixfiles: correctly restore context of mountpoints Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 68934a5704be61e952c6ce04573bb54577b26680) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsemanage: update to version 3.2Dominick Grift2021-03-151-3/+3
| | | | | | | | | | | | | | c35919a7 libsemanage: sync filesystem with sandbox 5b05e829 Revert "libsemanage/genhomedircon: check usepasswd" edae9275 libsemanage: Free contents of modkey in semanage_direct_remove ce46daab libsemanage/genhomedircon: check usepasswd 6ebb35d2 libsemanage: Bump libsemanage.so version c08b73d7 libsemanage: Drop deprecated functions b46406de libsemanage: Remove legacy and duplicate symbols Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 4670492ad72e54e0608ef5f92d7066c1c7fa8f45) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libselinux: update to version 3.2Dominick Grift2021-03-151-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 142826a3 libselinux: fix segfault in add_xattr_entry() 398d2cee libselinux: rename gettid() to something which never conflicts with the libc 8f0f0a28 selinux(8,5): Describe fcontext regular expressions 9cc6b5cf libselinux/getconlist: report failures 156dd0de libselinux: update getseuser e2dca5df libselinux: accept const fromcon in get_context API da4829d0 libselinux: Always close status page fd 45b15c22 selinux(8): explain that runtime disable is deprecated 3c16aaef selinux(8): mark up SELINUX values c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable db0f2f38 libselinux: Add build option to disable X11 backend 4a142ac4 libsepol: Bump libsepol.so version d23342a9 libselinux: convert matchpathcon to selabel_lookup() 7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format. f5d644c7 libselinux: Add additional log callback details in man page for auditing. 075f9cfe libselinux: Fix selabel_lookup() for the root dir. a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices. a63f93d8 libselinux: initialize last_policyload in selinux_status_open() ef902db9 libselinux: safely access shared memory in selinux_status_updated() 9e4480b9 libselinux: Remove trailing slash on selabel_file lookups. 21fb5f20 libselinux: use full argument specifiers for security_check_context in man page e7abd802 libselinux: fix build order 05bdc031 libselinux: use kernel status page by default Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit b1fc2b5b0be61d994d6a0429fd78331c0c57639a) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsepol: update to version 3.2Dominick Grift2021-03-151-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails 6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf 0861c659 libsepol: Validate policydb values when reading binary policy 8f5409cf libsepol: Create function ebitmap_highest_set_bit() 0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete 32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast 4662bdc1 libsepol/cil: be more robust when encountering <src_info> 6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument 0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks 1b36ace2 libsepol: include header files in source files when matching declarations 1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check 72a88d75 libsepol: remove unused files eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit 1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values() 5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums 34bd9a9d libsepol: destroy filename_trans list properly bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails 228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit a25d9104 libsepol/cil: constify some strings e2d01842 libsepol/cil: propagate failure of cil_fill_list() 6c8fca10 libsepol/cil: do not add a stack variable to a list 38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias 3c357285 libsepol/cil: remove useless print statement 90809674 libsepol/cil: always destroy the lexer state d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible 2aac859a libsepol/cil: Use the macro NODE() whenever possible d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases() 9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node() ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_* 89dab467 libsepol: free memory when realloc() fails 2d353bd5 libsepol/cil: Give error for more than one true or false block 4a142ac4 libsepol: Bump libsepol.so version 506c7b95 libsepol: Drop deprecated functions ae58e84b libsepol: Get rid of the old and duplicated symbols c97d63c6 libsepol: silence potential NULL pointer dereference warning 64387cb3 libsepol: drop confusing BUG_ON macro 521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1 a152653b libsepol/cil: Fix neverallow checking involving classmaps 734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy 685f577a libsepol/cil: Validate constraint expressions before adding to binary policy 8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS 42ae834a libsepol,checkpolicy: optimize storage of filename transitions Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 2a1bdde0d05dd97aa58da546d15197409d481bb3) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* busybox: backport fixes for 1.33.0Hannu Nyman2021-03-133-1/+67
| | | | | | | | | Backport two fixes for 1.33.0 * history file storing * traceroute command option parsing Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> (cherry picked from commit c1f3c52564fdec85394e7c338f56df0943ce8b10)
* uboot-envtools: adjust compile patch to version v2021.01Ronny Kotzschmar2021-03-011-2/+2
| | | | | | | | with u-boot v2020.07 some variables have been renamed so this patch needs to be adjusted otherwise at least with macOS as build system there are build errors Signed-off-by: Ronny Kotzschmar <ro.ok@me.com> (cherry picked from commit 547a932ee97d95a966bae947a84140556d07c3ce)
* uboot-sunxi: add missing type __u64Georgi Valkov2021-03-011-0/+10
| | | | | | | | | | | | | | | | Non Linux systems e.g. macOS lack the __u64 type and produce build errors: In file included from tools/aisimage.c:9: In file included from include/image.h:19: In file included from ./arch/arm/include/asm/byteorder.h:29: In file included from include/linux/byteorder/little_endian.h:13: include/linux/types.h:146:9: error: unknown type name '__u64'; did you mean '__s64'? typedef __u64 __bitwise __le64; Resolved by declaring __u64 in include/linux/types.h Build tested on macOS and Ubuntu. Signed-off-by: Georgi Valkov <gvalkov@abv.bg> (cherry picked from commit 3cc57ba4627c9c7555f8ad86e4f78d86d8f9ddf0)
* hostapd: P2P: Fix a corner case in peer addition based on PD RequestStefan Lippers-Hollmann2021-03-011-0/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | p2p_add_device() may remove the oldest entry if there is no room in the peer table for a new peer. This would result in any pointer to that removed entry becoming stale. A corner case with an invalid PD Request frame could result in such a case ending up using (read+write) freed memory. This could only by triggered when the peer table has reached its maximum size and the PD Request frame is received from the P2P Device Address of the oldest remaining entry and the frame has incorrect P2P Device Address in the payload. Fix this by fetching the dev pointer again after having called p2p_add_device() so that the stale pointer cannot be used. This fixes the following security vulnerabilities/bugs: - CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> (cherry picked from commit 1ca5de13a153061feae260864d73d96f7c463785)