aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* rpcd: update to git HEADDaniel Golle2021-03-151-3/+3
| | | | | | | | d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations ccb7517 sys: packagelist: drop ABI version from package name (cherry picked from commit da339a6d3f78f86bb653f29dd1d1aea8351bfdad) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* opkg: update to git HEADDaniel Golle2021-03-151-3/+3
| | | | | | | | | | | d71856a pkg: pass-through ABIVersion to status file d3a63b3 libopkg: add option to strip ABI versions from listed names 5936c4f libopkg: pkg_hash: prefer original packages to satisfy dependencies (cherry squashed from commit 6a7a1f1c64cb307aef561b66956d32867b119a24, commit 988ed0080284903d1fe4851c5ae8f1238bc61da2 and commit b5f6d20560b71025d376cb3052f1d1c2e92b409d) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to version v0.8Daniel Golle2021-03-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a857b45 resolv/locale: eventually this should be more efficient 11ed281 some more optimization 764a475 add redundant calls to file.search_conffile_dirs() 7d4558e fs: treat devtmpfs that same as tmpfs 81b677e adds irqbalance skeleton 5506244 irqbalance rules cc96cd8 adds usbutil and gtpfdisk skels 01e2a55 some fsck, gptfdisk, mkfs and usbutil rules d6d1e7d usbutil: output to terminal da576fa fsck, gptfdisk and usbutil rules 09b39e9 unbound 241a029 hotplugcall: allow dac_read_search (is a subset of dac_override) af0fe90 adds label for tcsh 160f79e adds tcpdump 6d02b96 adds coreutil execfile for busybox alternatives ac54884 coreutilexecfile: these are known to require privileges, so exclude 8cb3b66 adds chrootexecfile 6d329d3 this saves 9KiB and its a bit more robust 88e2425 move addpart/delpart/partx to gptfdisk.cil 261012d ntphotplug: reads ubox data files 0473ace various 740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10) bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31 cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes 07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all) 8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap b8156cd adds a note about how i forgot to target blockd 6e82ab8 adds blockd and related 254ff43 Makefile: exclude blockd from mintesttgt 4dc6bc2 pppd update related and unbound-odhcp rules 3d7da7a igmpproxy tidy some loose ends c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf 5a18967 adds igmpproxy skeleton 7e6a218 logread: support resolving dns names e39ca8b netifd: add support for /etc/udhcpc.user 7952bd0 odhcp6c: support /etc/odhcp6c.user ba0eb4e swconfig, fwenv, agent 4556b8a pppd cosmetic 9324d9d pppd: sends AT commands to model using /dev/ttyUSBN 417b14a ttydev: add some more ttyUSB ed739dc example: dont depend on policycoreutils 97613f9 dropbear: using dropbear as scp: dns name resolving 12c193b dropbear tcp connect ssh ports for scp c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional 8c5de35 this is a bug 8d5c463 uhttpd rcboot rcdnsmasq 094266e hostapd and wpa_supplicant aef0bd7 mountroot: maintains /tmp/sysupgrade.tar 24f0406 dropbear: allow it to read tmp.fs files 2901433 firstboot mkfsf2fs rcboot 2c4afb7 blockmount mmc 465ca98 adds industrial i/o (iio) nodedev 82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon 7df78bd ubus: "support" older ubusd versions that run as root 4458bce swconfig: allow using terminal (to print output) e8d606d sslcert: openssl linked: this shaves off 200 bytes 93afffb jshn ntpdhotplug 0b847f0 wpad: reads /etc/ssl/openssl.cnf f14ee34 indent fix a0c7cad mtd, uhttpd, ubus and ntpdhotplug d74f98f adds a not about checkreqprot requirement in some scenarios affacce example: add policycoreutils-setfiles for make check 4f944dc kmodloader and fwenv: efe36a3 netifd: adds a comment/reminder 581b087 more fw_printenv loose ends 30177a4 fw_setenv: needs mtd write access to set and delete env da28f4c fw_printenv: some minor clean ups a062053 fw_printenv missing rules 244ba5f blockmount: extroot and /rwm 0745a6a squid: allow squid to run sslcrtd with domain transition b851df6 squid fix 8c55acd squid: adds certfile and allow connect http but... b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid) 5ff39bd squid: forgot about luci 5366c97 squid/rcsquid some basic fill in 8743da6 squid skeleton 687a43b adds squid 3128 port to httpproxy port Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry squashed from commit 3ffc30f05aef1a72bc16af8665032164b152fc15 and commit 41a8f093fb26f372fc94e0016cf544ac65718b0b) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* checkpolicy: update to version 3.2Dominick Grift2021-03-151-3/+3
| | | | | | | | | 521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1 42ae834a libsepol,checkpolicy: optimize storage of filename transitions Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 49edc4d17f241bca2a566dfdee0a64538b046cd7) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* secilc: update to version 3.2Dominick Grift2021-03-151-3/+3
| | | | | | | | | | | | | | | 49ff851c secilc: fixes cil_role_statements.md example 03881703 secilc/docs: add custom color theme 4c8d6094 secilc/docs: add syntax highlighting for secil 057d72af secilc/docs: use fenced code blocks for cil examples e8bcdb84 cil_network_labeling_statements: fixes nodecon examples eefa5511 cil_access_vector_rules: allowx, auditallowx and dontauditx fixes 9e9b8103 secilc/docs: document expandtypeattribute fbe1e526 Update the cil docs to match the current behaviour. Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 0b58ebcfe215c2456b752042e80268fe1ec6173a) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* policycoreutils: update to version 3.2Dominick Grift2021-03-151-8/+8
| | | | | | | | | | | | | | | | d464187c policycoreutils: sestatus belongs to bin not sbin d59932a7 policycoreutils: Resolve path in restorecon_xattr 5682c0d5 policycoreutils/fixfiles.8: add missing file systems and merge check and verify 57dd1f65 policycoreutils/setfiles: Drop unused nerr variable be7f54cb setfiles: drop ABORT_ON_ERRORS and related code 9207823c setfiles: Do not abort on labeling error c064d214 selinux_config(5): add a note that runtime disable is deprecated 8bc865e1 newrole: support cross-compilation with PAM and audit ba2d6c10 fixfiles: correctly restore context of mountpoints Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 68934a5704be61e952c6ce04573bb54577b26680) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsemanage: update to version 3.2Dominick Grift2021-03-151-3/+3
| | | | | | | | | | | | | | c35919a7 libsemanage: sync filesystem with sandbox 5b05e829 Revert "libsemanage/genhomedircon: check usepasswd" edae9275 libsemanage: Free contents of modkey in semanage_direct_remove ce46daab libsemanage/genhomedircon: check usepasswd 6ebb35d2 libsemanage: Bump libsemanage.so version c08b73d7 libsemanage: Drop deprecated functions b46406de libsemanage: Remove legacy and duplicate symbols Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 4670492ad72e54e0608ef5f92d7066c1c7fa8f45) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libselinux: update to version 3.2Dominick Grift2021-03-151-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 142826a3 libselinux: fix segfault in add_xattr_entry() 398d2cee libselinux: rename gettid() to something which never conflicts with the libc 8f0f0a28 selinux(8,5): Describe fcontext regular expressions 9cc6b5cf libselinux/getconlist: report failures 156dd0de libselinux: update getseuser e2dca5df libselinux: accept const fromcon in get_context API da4829d0 libselinux: Always close status page fd 45b15c22 selinux(8): explain that runtime disable is deprecated 3c16aaef selinux(8): mark up SELINUX values c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable db0f2f38 libselinux: Add build option to disable X11 backend 4a142ac4 libsepol: Bump libsepol.so version d23342a9 libselinux: convert matchpathcon to selabel_lookup() 7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format. f5d644c7 libselinux: Add additional log callback details in man page for auditing. 075f9cfe libselinux: Fix selabel_lookup() for the root dir. a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices. a63f93d8 libselinux: initialize last_policyload in selinux_status_open() ef902db9 libselinux: safely access shared memory in selinux_status_updated() 9e4480b9 libselinux: Remove trailing slash on selabel_file lookups. 21fb5f20 libselinux: use full argument specifiers for security_check_context in man page e7abd802 libselinux: fix build order 05bdc031 libselinux: use kernel status page by default Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit b1fc2b5b0be61d994d6a0429fd78331c0c57639a) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libsepol: update to version 3.2Dominick Grift2021-03-151-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails 6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf 0861c659 libsepol: Validate policydb values when reading binary policy 8f5409cf libsepol: Create function ebitmap_highest_set_bit() 0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete 32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast 4662bdc1 libsepol/cil: be more robust when encountering <src_info> 6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument 0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks 1b36ace2 libsepol: include header files in source files when matching declarations 1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check 72a88d75 libsepol: remove unused files eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit 1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values() 5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums 34bd9a9d libsepol: destroy filename_trans list properly bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails 228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit a25d9104 libsepol/cil: constify some strings e2d01842 libsepol/cil: propagate failure of cil_fill_list() 6c8fca10 libsepol/cil: do not add a stack variable to a list 38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias 3c357285 libsepol/cil: remove useless print statement 90809674 libsepol/cil: always destroy the lexer state d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible 2aac859a libsepol/cil: Use the macro NODE() whenever possible d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases() 9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node() ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_* 89dab467 libsepol: free memory when realloc() fails 2d353bd5 libsepol/cil: Give error for more than one true or false block 4a142ac4 libsepol: Bump libsepol.so version 506c7b95 libsepol: Drop deprecated functions ae58e84b libsepol: Get rid of the old and duplicated symbols c97d63c6 libsepol: silence potential NULL pointer dereference warning 64387cb3 libsepol: drop confusing BUG_ON macro 521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1 a152653b libsepol/cil: Fix neverallow checking involving classmaps 734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy 685f577a libsepol/cil: Validate constraint expressions before adding to binary policy 8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS 42ae834a libsepol,checkpolicy: optimize storage of filename transitions Signed-off-by: Dominick Grift <dominick.grift@defensec.nl> (cherry picked from commit 2a1bdde0d05dd97aa58da546d15197409d481bb3) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* busybox: backport fixes for 1.33.0Hannu Nyman2021-03-133-1/+67
| | | | | | | | | Backport two fixes for 1.33.0 * history file storing * traceroute command option parsing Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> (cherry picked from commit c1f3c52564fdec85394e7c338f56df0943ce8b10)
* uboot-envtools: adjust compile patch to version v2021.01Ronny Kotzschmar2021-03-011-2/+2
| | | | | | | | with u-boot v2020.07 some variables have been renamed so this patch needs to be adjusted otherwise at least with macOS as build system there are build errors Signed-off-by: Ronny Kotzschmar <ro.ok@me.com> (cherry picked from commit 547a932ee97d95a966bae947a84140556d07c3ce)
* uboot-sunxi: add missing type __u64Georgi Valkov2021-03-011-0/+10
| | | | | | | | | | | | | | | | Non Linux systems e.g. macOS lack the __u64 type and produce build errors: In file included from tools/aisimage.c:9: In file included from include/image.h:19: In file included from ./arch/arm/include/asm/byteorder.h:29: In file included from include/linux/byteorder/little_endian.h:13: include/linux/types.h:146:9: error: unknown type name '__u64'; did you mean '__s64'? typedef __u64 __bitwise __le64; Resolved by declaring __u64 in include/linux/types.h Build tested on macOS and Ubuntu. Signed-off-by: Georgi Valkov <gvalkov@abv.bg> (cherry picked from commit 3cc57ba4627c9c7555f8ad86e4f78d86d8f9ddf0)
* hostapd: P2P: Fix a corner case in peer addition based on PD RequestStefan Lippers-Hollmann2021-03-011-0/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | p2p_add_device() may remove the oldest entry if there is no room in the peer table for a new peer. This would result in any pointer to that removed entry becoming stale. A corner case with an invalid PD Request frame could result in such a case ending up using (read+write) freed memory. This could only by triggered when the peer table has reached its maximum size and the PD Request frame is received from the P2P Device Address of the oldest remaining entry and the frame has incorrect P2P Device Address in the payload. Fix this by fetching the dev pointer again after having called p2p_add_device() so that the stale pointer cannot be used. This fixes the following security vulnerabilities/bugs: - CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request") Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> (cherry picked from commit 1ca5de13a153061feae260864d73d96f7c463785)
* zlib: properly split patchesAdrian Schmutzler2021-02-254-502/+501
| | | | | | | | | | | This package had two patches (with two headers etc.) in one file, which would have quilt merging them during a refresh. Separate these patches into two files, as the original intent seems to be having them separate. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 221eefaf6b301043c491aab8815fcfa24e8a5583)
* openssl: update package sourcesDavid Bauer2021-02-241-3/+5
| | | | | | | | | | | | | OpenSSL downloads itself are distributed using Akamai CDN, so use these sources as the highest priority. Remove a stale mirror which seems to be offline for a longer time already. Add fallbacks to the old release path also for the mirrors. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 10e84bde369d7cfb60d6ac6ee5c7211474bd4179)
* wolfssl: fix Ed25519 typo in config promptChristian Lamparter2021-02-241-1/+1
| | | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 09e66112f1ea9f5838ce80533f3850523dc30230)
* wolfssl: bump to v4.7.0-stableEneas U de Queiroz2021-02-245-92/+4
| | | | | | | | | | | | | | | Biggest fix for this version is CVE-2021-3336, which has already been applied here. There are a couple of low severity security bug fixes as well. Three patches are no longer needed, and were removed; the one remaining was refreshed. This tool shows no ABI changes: https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0 Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d1dfb577f1c0d5b1f1fa35000c9ad7abdb7d10ed)
* arm-trusted-firmware-mediatek: bring back packageDaniel Golle2021-02-241-47/+99
| | | | | | | | | | | * use binary provided by MediaTek to work-around 'bromimage' issue * use @OPENWRT mirror for blobs * refactor Makefile * add mt7622 1c variants (using binaries provided by MTK) (cherry picked from commit 068c82039f5192a79e2139db42fdc734702da5a3 and commit 9cd089dbbfe07b61590dd214957bc21bfdc7fd5d) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* tfa-layerscape: build fiptool againAdrian Schmutzler2021-02-212-3/+8
| | | | | | | | | | | | | | | | | | The ls-ddr-phy package needs fiptool options that are not available via the version from arm-trusted-firmware-tools. This breaks build for layerscape with the recently added LX2160a: create: unrecognized option '--ddr-immem-udimm-1d' Use the tfa-layerscape variant again for now, but rename it to fiptool-layerscape to indicate that it's a specific variant. This reverts 84bc7d31e0a8 ("tfa-layerscape: don't build fiptool"). Fixes: f59d7aab2a37 ("layerscape: add ddr-phy package") Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 910b5d669f907656c6af14242db2482be6a79323)
* openwrt-keyring: add OpenWrt 21.02 GPG/usign keysPetr Štetiar2021-02-201-3/+3
| | | | | | | | 49283916005d usign: add 21.02 release build pubkey bc4d80f064f2 gpg: add OpenWrt 21.02 signing key Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 1bf6d70e60fdb45d81a8f10b90904cef38c73f70)
* hostapd: backport ignoring 4addr mode enabling errorRaphaël Mélotte2021-02-203-38/+79
| | | | | | | | | | | | | | | | | | | | | This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore 4addr mode enabling error if it was already enabled") which fixes same issue as in the current fix contained in '130-wpa_supplicant-multi_ap_roam.patch', but in a different way: nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on an interface that is in a bridge and has 4addr mode already enabled. This operation would not have been necessary in the first place and this failure results in disconnecting, e.g., when roaming from one backhaul BSS to another BSS with Multi AP. Avoid this issue by ignoring the nl80211 command failure in the case where 4addr mode is being enabled while it has already been enabled. Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be> [bump PKG_RELEASE, more verbose commit description] Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit fb860b4e418c28a0f388f215e5acce103dcee1bf)
* layerscape: add LX2160ARDB (Rev2.0 silicon) board supportYangbo Lu2021-02-197-3/+59
| | | | | | | | | | | | | | | | | | | | | | | The QorIQ LX2160A reference design board provides a comprehensive platform that enables design and evaluation of the LX2160A processor. - Enables network intelligence with the next generation Datapath (DPPA2) which provides differentiated offload and a rich set of IO, including 10GE, 25GE, 40GE, and PCIe Gen4 - Delivers unprecedented efficiency and new virtualized networks - Supports designs in 5G packet processing, network function virtualization, storage controller, white box switching, network interface cards, and mobile edge computing - Supports all three LX2 family members (16-core LX2160A; 12-core LX2120A; and 8-core LX2080A) Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com> [use AUTORELEASE, add dtb to firmware part] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 80dcd14abeed8cd808b92bb307964dbaeb252144)
* layerscape: add ddr-phy packageYangbo Lu2021-02-191-0/+50
| | | | | | | | | | Add ddr-phy package for layerscape. Currently only LX2160ARDB requires the package. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com> [use AUTORELEASE] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit f59d7aab2a374d27abfdc50348d855db5560db8f)
* layerscape: add FRWY-LS1046A board supportYangbo Lu2021-02-195-3/+51
| | | | | | | | | | | | | | | | | | | | The LS1046A Freeway board (FRWY) is a high-performance computing, evaluation, and development platform that supports the QorIQ LS1046A architecture processor capable of support more than 32,000 CoreMark performance. The FRWY-LS1046A board supports the QorIQ LS1046A processor, onboard DDR4 memory, multiple Gigabit Ethernet, USB3.0 and M2_Type_E interfaces for Wi-Fi. The FRWY-LS1046A-TP includes the Coral Tensor Flow Processing Unit that offloads AI/ML inferencing from the CPU to provide significant boost for AI/ML applications. The FRWY-LS1046A-TP includes one M.2 TPU module and more modules can easily be added including USB versions of the module to scale the AI/ML performance. Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com> [rebase, use AUTORELEASE, fix sorting, add dtb to firmware part] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 2c2d77bd3bd4691c5f8f1760b9ef16f96f345255)
* cypress-firmware: fix PKG_SOURCE_URLÁlvaro Fernández Rojas2021-02-191-1/+1
| | | | | | | Download link has been moved. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry-picked from commit 7febba3e50)
* bcm27xx-userland: update to latest versionÁlvaro Fernández Rojas2021-02-192-77/+2
| | | | | | | Adds some fixes and removes upstreamed patch. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry-picked from commit 1d3a9b1c00)
* bcm27xx-gpu-fw: update to latest versionÁlvaro Fernández Rojas2021-02-191-15/+15
| | | | | | | This is needed to add support for CM4 and RPI 400. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry-picked from commit f41e653da9)
* openssl: bump to 1.1.1jEneas U de Queiroz2021-02-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes 4 security vulnerabilities/bugs: - CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support SSLv2, but the affected functions still exist. Considered just a bug. - CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. - CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. - Fixed SRP_Calc_client_key so that it runs in constant time. This could be exploited in a side channel attack to recover the password. The 3 CVEs above are currently awaiting analysis. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 482c9ff289c65480c8e7340e1740db24c62f91df)
* build: reorder more BuildPackages lines to deal with ABI_VERSIONFelix Fietkau2021-02-167-11/+13
| | | | | | | | After the ABI version rework, packages need to be declared in the order of their dependencies, so that dependent packages will use the right ABI version Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 75455b75a7ee)
* ath10k-ct: switch to 5.10Álvaro Fernández Rojas2021-02-167-103/+79
| | | | | | | | Let's switch to 5.10 now that mac80211 has been updated. Runtime-tested on ipq806x (Netgear R7800). Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com> (cherry-picked from commit a5c4c40476)
* OpenWrt v21.02: set branch defaultsAlexander Couzens2021-02-161-1/+1
| | | | Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* util-linux: move libuuid BuildPackage line further up to fix ABI versioningFelix Fietkau2021-02-161-1/+3
| | | | | | | After the ABI version rework, packages need to be declared in the order of their dependencies, so that dependent packages will use the right ABI version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: Update to version 5.10.16-1Hauke Mehrtens2021-02-1512-185/+19
| | | | | | The removed patches were applied upstream. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Refresh patches againHauke Mehrtens2021-02-1514-110/+124
| | | | | | | A wrong quilt configuration was used last time. Fixes: ed1e234d87fc ("mac80211: refresh patches") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libubox: update to the latest version, set ABI_VERSION dynamicallyFelix Fietkau2021-02-151-6/+8
| | | | | | 2537be018587 cmake: add a possibility to set library version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: use libtool patch for PKG_ABI_VERSIONFelix Fietkau2021-02-151-1/+1
| | | | | | Makes it unnecessary to patch .so files after build Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: use build system variable to specify ABI versionFelix Fietkau2021-02-151-4/+5
| | | | | | This removes the need to patch it afterwards Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: use dynamic ABI_VERSION depending on the configuration and package ↵Felix Fietkau2021-02-151-1/+3
| | | | | | version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: use PKG_ABI_VERSIONFelix Fietkau2021-02-151-1/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* odhcpd: setup dhcpv4 server automagicallyDaniel Golle2021-02-152-6/+26
| | | | | | | | | | Automatically setup dhcpv4 server just like it's done for dhcpv6. To select whether odhcpd or dnsmasq are serving DHCPv4 requests there still is the 'maindhcp' option. To make things less confusing, make sure things really work out-of-the-box in case dnsmasq is not even installed at the time the uci-defaults script is being run. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "wolfssl: use dynamic ABI_VERSION depending on the configuration and ↵Hauke Mehrtens2021-02-151-3/+1
| | | | | | | | | | | | | | | | package version" This fixes the build on MIPS BE like ath25 and ath79 target. We get this error message when linking libwolfssl: mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so when searching for -lwolfssl mips-openwrt-linux-musl/bin/ld: cannot find -lwolfssl collect2: error: ld returned 1 exit status This reverts commit 2591c83b3406c16d3c1cd2dc7fa59c3c1b901d3c. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "libubox: use PKG_ABI_VERSION"Hauke Mehrtens2021-02-151-4/+1
| | | | | | | | | | | | This fixes the build on MIPS BE like ath25 and ath79 target. We get this error message when linking libubox: mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags' mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so when searching for -lubox This reverts commit f421fefa8a34319c5ff5dcc1af39d6311ec1ad1e. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "uboot-imx6: bump to 2021.01 release"Petr Štetiar2021-02-143-11/+24
| | | | | | | | This reverts commit 50a5a8993d15fe090fdbf10fc25aba3f78c47d40 as the bump to 2021.01 unveiled issue with missing swig host tool needed for mx6cuboxi's SPL. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* ath9k: fix transmitting to stations in dynamic SMPS modeFelix Fietkau2021-02-141-0/+49
| | | | | | | | | | When transmitting to a receiver in dynamic SMPS mode, all transmissions that use multiple spatial streams need to be sent using CTS-to-self or RTS/CTS to give the receiver's extra chains some time to wake up. This fixes the tx rate getting stuck at <= MCS7 for some clients, especially Intel ones, which make aggressive use of SMPS. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mt76: update to the latest versionFelix Fietkau2021-02-142-86/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 261d184cebdc mt76: introduce mt76_vif data structure 50349a8664ef mt76: mt76_connac: create mcu library c88859180c51 mt76: mt76_connac: move hw_scan and sched_scan routine in mt76_connac_mcu module 9856236ab4f9 mt76: mt76_connac: move WoW and suspend code in mt76_connac_mcu module 2da59aacdd50 mt76: mt76_connac: move pm data struct in mt76_connac.h 16be142e40fe mt76: mt76_connac: move pm utility routines in mt76_connac_lib module c4ccfc66347d mt76: mt7921: add MAC support 8ecf3a50e7ad mt76: mt7921: add MCU support 92c1717f9a55 mt76: mt7921: add DMA support 1cecf9c3da8b mt76: mt7921: add EEPROM support a9e68410b9ba mt76: mt7921: add ieee80211_ops 39d6f4851b06 mt76: mt7921: introduce mt7921e support 9f37baecf5d6 mt76: mt7921: add debugfs support b16cf6e26998 mt76: mt7921: introduce schedule scan support 5aa798ee56c7 mt76: mt7921: introduce 802.11 PS support in sta mode e67d5216f16d mt76: mt7921: introduce support for hardware beacon filter cb99bf4655f9 mt76: mt7921: introduce beacon_loss mcu event 71f9f09ee987 mt76: mt7921: introduce PM support 2beb9c9530d4 mt76: mt7921: rely on mt76_connac_mcu common library 59e682497d12 mt76: mt7921: rely on mt76_connac_mcu module for sched_scan and hw_scan 1ccf6a9c60cd mt76: mt7921: rely on mt76_connac_mcu module for suspend and WoW support f8d1ec5e6e11 mt76: mt7921: introduce Runtime PM support 633a1cbd8f4e mt76: mt7921: introduce regdomain notifier support 0d95c6ad1745 mt76: mt7921: enable MSI interrupts 5f4f6792fb37 mt76: mt7921: add coredump support 47eb00e13450 mt76: mt7663: introduce coredump support 26658849a465 mt76: mt7615: fix key set/delete issues b0ba039bc2ef mt76: mt7615: fix tx skb dma unmap 892f74d37e88 mt76: mt7915: fix tx skb dma unmap 2659f6c6ea23 mt76: mt7615: support loading EEPROM for MT7613BE b09cc8644529 mt76: dma: do not report truncated frames to mac80211 ae6473f1d2af mt76: mt7921: enable random mac addr during scanning b59e3677476d mt76: mt7921: remove unnecessary variable 781911f167aa mt76: mt7921: removed unused definitions in mcu.h 994893d38d51 mt76: always use WTBL_MAX_SIZE for tlv allocation e6c0948ada07 mt76: mt76x0: disable GTK offloading a75302bcbfe1 mt76: connac: always check return value from mt76_connac_mcu_alloc_wtbl_req 8da10d6f9251 mt76: mt7915: always check return value from mt7915_mcu_alloc_wtbl_req 80a87412e9e9 mt76: mt7915: fix uninitialized variable in mt7915_tm_set_tx_cont() c7d98fc35865 mt76: use PCI_VENDOR_ID_MEDIATEK to avoid open coded b5228e75e422 mt76: mt7921: switch to new api for hardware beacon filter 73fce2cbfa41 mt76: connac: fix up the setting for ht40 mode in mt76_connac_mcu_uni_add_bss 2e2cb71901e8 mt76: mt7921: fixup rx bitrate statistics 2d7b1d72b43b mt76: mt7921: add flush operation 96b4c9874e16 mt76: mt7921: fix uninitialized pointer access in mt7921_get_wtbl_info 4492d801cbb5 mt76: connac: update sched_scan cmd usage 200c1b1c234b mac80211: rename csa counters to countdown counters 0d7564d0d899 mt76: add support for 802.3 rx frames 4c0811c647b9 mt76: mt7915: enable hw rx-amsdu de-aggregation 4b7a68634ff6 mt76: mt7915: add rx checksum offload support 289cd7804587 mt76: mt7915: add support for rx decapsulation offload Signed-off-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: use dynamic ABI_VERSION depending on the configuration and package ↵Felix Fietkau2021-02-141-1/+3
| | | | | | version Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: use PKG_ABI_VERSIONFelix Fietkau2021-02-141-1/+4
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix a regression in processing rx statsFelix Fietkau2021-02-141-0/+28
| | | | | | | A logic error caused rx rate update to be missed for any driver not using fast-rx Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: refresh patchesFelix Fietkau2021-02-1412-102/+92
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: add minstrel performance improvementsFelix Fietkau2021-02-142-0/+181
| | | | | | Reduce fluctuations in rate selection / statistics Signed-off-by: Felix Fietkau <nbd@nbd.name>