| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hardware
--------
SOC: MediaTek MT7986
RAM: 1024MB DDR3
FLASH: 128MB SPI-NAND (Winbond)
WIFI: Mediatek MT7986 DBDC 802.11ax 2.4/5 GHz
ETH: Realtek RTL8221B-VB-CG 2.5 N-Base-T PHY with PoE
UART: 3V3 115200 8N1 (Pinout silkscreened / Do not connect VCC)
Installation
------------
1. Download the OpenWrt initramfs image. Copy the image to a TFTP server
2. Connect the TFTP server to the WAX220. Conect to the serial console,
interrupt the autoboot process by pressing '0' when prompted.
3. Download & Boot the OpenWrt initramfs image.
$ setenv ipaddr 192.168.2.1
$ setenv serverip 192.168.2.2
$ tftpboot openwrt.bin
$ bootm
4. Wait for OpenWrt to boot. Transfer the sysupgrade image to the device
using scp and install using sysupgrade.
$ sysupgrade -n <path-to-sysupgrade.bin>
Signed-off-by: Flole Systems <flole@flole.de>
Signed-off-by: Stefan Agner <stefan@agner.ch>
(cherry picked from commit 984786a2f7ec622c99e8c9cdada65d0ea0cf4e0b)
|
| |
|
|
|
|
|
| |
34a8a74 uhttpd/file: fix string out of buffer range on uh_defer_script
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7a6f6b812632a5983cd34ab5c41271d5d4de5fbf)
|
| |
|
|
|
|
|
|
| |
5211264 odhcpd: add support for dhcpv6_pd_min_len parameter
c6bff6f router: Add PREF64 (RFC 8781) support
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit acd9981b4ef750544202df9d9e2d0143a6dfd478)
|
| |
|
|
|
|
|
|
|
| |
Fix a typo where the wrong KCONFIG was used and fix selecting the
correct kernel config option to use these packages.
Fixes: 4f443c885ded ("netfilter: separate packages for kmod-ipt-socket and kmod-ipt-tproxy")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 3ebebf08be950a8a0f3bf5b2c3db910621f2cc21)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
ath10k does not report excessive loss in case of broken block-ack
sessions. The loss is communicated to the host-os, but ath10k does not
trigger a low-ack events by itself.
The mac80211 framework for loss detection however detects this
circumstance well in case of ath10k. So use it regardless of ath10k's
own loss detection mechanism.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit ed816f6ba8b5e3df609e5fc53f7bcb09bdaa16be)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hardware
========
CPU Qualcomm Atheros QCA9558
RAM 256MB DDR2
FLASH 2x 16M SPI-NOR (Macronix MX25L12805D)
WIFI Qualcomm Atheros QCA9558
Atheros AR9590
Installation
============
1. Attach to the serial console of the AP-105.
Interrupt autoboot and change the U-Boot env.
$ setenv rb_openwrt "setenv ipaddr 192.168.1.1;
setenv serverip 192.168.1.66;
netget 0x80060000 ap115.bin; go 0x80060000"
$ setenv fb_openwrt "bank 1;
cp.b 0xbf100040 0x80060000 0x10000; go 0x80060000"
$ setenv bootcmd "run fb_openwrt"
$ saveenv
2. Load the OpenWrt initramfs image on the device using TFTP.
Place the initramfs image as "ap105.bin" in the TFTP server
root directory, connect it to the AP and make the server reachable
at 192.168.1.66/24.
$ run rb_openwrt
3. Once OpenWrt booted, transfer the sysupgrade image to the device
using scp and use sysupgrade to install the firmware.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 1b467a902ec9b8bf29805c6928627e8bbad0f14c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds support for Beeline Smart Box TURBO+ (Serсomm S3 CQR) router.
Device specification
--------------------
SoC Type: MediaTek MT7621AT (880 MHz, 2 cores)
RAM (Nanya NT5CC64M16GP): 128 MiB
Flash (Macronix MX30LF1G18AC): 128 MiB
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7615N): a/n/ac, 4x4
Ethernet: 5 ports - 5×GbE (WAN, LAN1-4)
USB ports: 1xUSB3.0
Buttons: 2 button (reset, wps)
LEDs: Red, Green, Blue
Zigbee (EFR32MG1B232GG): 3.0
Stock bootloader: U-Boot 1.1.3
Power: 12 VDC, 1.5 A
Installation (fw 2.0.9)
-----------------------
1. Login to the web interface under SuperUser (root) credentials.
Password: SDXXXXXXXXXX, where SDXXXXXXXXXX is serial number of the
device written on the backplate stick.
2. Navigate to Setting -> WAN. Add:
Name - WAN1
Connection Type - Static
IP Address - 172.16.0.1
Netmask - 255.255.255.0
Save -> Apply. Set default: WAN1
3. Enable SSH and HTTP on WAN. Setting -> Remote control. Add:
Protocol - SSH
Port - 22
IP Address - 172.16.0.1
Netmask - 255.255.255.0
WAN Interface - WAN1
Save ->Apply
Add:
Protocol - HTTP
Port - 80
IP Address - 172.16.0.1
Netmask - 255.255.255.0
WAN interface - WAN1
Save -> Apply
4. Set up your PC ethernet:
Connection Type - Static
IP Address - 172.16.0.2
Netmask - 255.255.255.0
Gateway - 172.16.0.1
5. Connect PC using ethernet cable to the WAN port of the router
6. Connect to the router using SSH shell under SuperUser account
7. Make a mtd backup (optional, see related section)
8. Change bootflag to Sercomm1 and reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
reboot
9. Login to the router web interface under admin account
10. Remove dots from the OpenWrt factory image filename
11. Update firmware via web using OpenWrt factory image
Revert to stock
---------------
Change bootflag to Sercomm1 in OpenWrt CLI and then reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
mtd backup
----------
1. Set up a tftp server (e.g. tftpd64 for windows)
2. Connect to a router using SSH shell and run the following commands:
cd /tmp
for i in 0 1 2 3 4 5 6 7 8 9 10; do nanddump -f mtd$i /dev/mtd$i; \
tftp -l mtd$i -p 172.16.0.2; md5sum mtd$i >> mtd.md5; rm mtd$i; done
tftp -l mtd.md5 -p 171.16.0.2
Recovery
--------
Use sercomm-recovery tool.
Link: https://github.com/danitool/sercomm-recovery
MAC Addresses (fw 2.0.9)
------------------------
+-----+------------+---------+
| use | address | example |
+-----+------------+---------+
| LAN | label | *:e8 |
| WAN | label + 1 | *:e9 |
| 2g | label + 4 | *:ec |
| 5g | label + 5 | *:ed |
+-----+------------+---------+
The label MAC address was found in Factory 0x21000
Factory image format
--------------------
+---+-------------------+-------------+--------------------+
| # | Offset | Size | Description |
+---+-------------------+-------------+--------------------+
| 1 | 0x0 | 0x200 | Tag Header Factory |
| 2 | 0x200 | 0x100 | Tag Header Kernel1 |
| 3 | 0x300 | 0x100 | Tag Header Kernel2 |
| 4 | 0x400 | SIZE_KERNEL | Kernel |
| 5 | 0x400+SIZE_KERNEL | SIZE_ROOTFS | RootFS(UBI) |
+---+-------------------+-------------+--------------------+
Co-authored-by: Mikhail Zhilkin <csharper2005@gmail.com>
Signed-off-by: Maximilian Weinmann <x1@disroot.org>
(cherry picked from commit 8fcfb21b16e7537b9a871a1f67cb218c6be93149)
|
| |
|
|
|
|
|
|
|
| |
openssl sets additional cflags in its configuration script. We need to
make it aware of our custom cflags to avoid adding conflicting cflags.
Fixes: #12866
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
(cherry picked from commit 51f57e7c2dd2799e34036ec74b3436bf490fade0)
|
| |
|
|
|
|
|
|
|
| |
Some Broadcom MIPS devices require JFFS2 cleanmarkers to be present on the
kernel partition or the bootloader will identify the partition as corrupt and
won't boot the kernel.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 434df8df549a4d709be9eb19c0d2bd8abb4d4881)
|
| |
|
|
|
|
|
|
| |
Add new package for building bootloader for the SiFive U-series boards. Supported
boards at this stage are the HiFive Unleashed and HiFive Unmatched.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit 91406797f9d06c0008f0a8c2c8455abfb37bf28c)
|
| |
|
|
|
|
|
|
| |
Add "linux-riscv64-openwrt" into openssl configurations to enable building
on riscv64.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit a0840ecd5309921b62fcf5f563180ef8f955509e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OpenSBI is a form of a first-stage bootloader, which initializes
certain parts of an SoC and then passes on control to the second
stage bootloader i.e. an u-boot image.
We're introducing the package with release v1.2, which provides
SBI v0.3 and the SBI SRST extensions which helps to gracefully
reboot/shutdown various HiFive-U SoCs.
Tested on SiFive Unleashed and Unmatched boards.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit 944b13b3ee1d89e11a0121fbeeaa465ab1e25c3c)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add new package so we can use self-compiled bootloader during QEMU based
testing and development.
Backported fix[1] is needed for EFI boot from virtio devices.
1. https://patchwork.ozlabs.org/project/uboot/patch/20230424134946.v10.7.Ia5f5e39c882ac22b5f71c4d576941b34e868eeba@changeid/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b8e3fa2d1205213c71bc356744e9bed6cd8e69f9)
|
| |
|
|
|
|
|
| |
armvirt target has been renamed to armsr (Arm SystemReady).
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 203deef82cdcb2c4deb01e2a4cee62a600723320)
|
| |
|
|
|
|
|
| |
armvirt target has been renamed to armsr (Arm SystemReady)
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit c0bcfde58e751d674adfac51944df9e20ab978e4)
|
| |
|
|
|
|
|
|
| |
The armvirt target has been renamed to armsr (Arm SystemReady),
so the GRUB configuration also needs to change.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 4ce7d6c8885a0e1873011f8f48b67e2ecd18e43d)
|
| |
|
|
|
|
|
|
|
| |
The Amazon ENA network devices are also used on the
AWS Arm (Graviton) instance types, so move it from
the x86-only module file to the top level netdevices.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 3a7c8fd15e89237c8c9db62393d057f3a47429d2)
|
| |
|
|
|
|
|
|
| |
Simple error during copy/paste
Fixes: 2dbeb607251b ("kernel: add mdio-bus-mux support")
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 1e4bc13eaa3fdba897ca1721b2bfe9f2dbb30770)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This adds a separate package for EFI on Arm SystemReady
compatible machines. 32-bit Arm UEFI is supported as well.
It is very similar to x86-64 EFI setup, without the
need for BIOS backward compatibility and slightly
different default modules.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 8f29b1573ddf3b7ed7c53bee1a7d55e574806205)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Haze is prpl Foundation's reference board (WNC LVRP).
Board info:
- IPQ8072A SoC
- 2 GiB RAM
- 4 GiB eMMC
- 8MiB SPI NOR (MX25U6435F)
- 3x 1GigE ports (QCA8075)
- 1x 10GigE port (AQR113C)
- 1x SFP cage
- WiFi 6GHz 160MHz (QCN9074)
- WiFi 5GHz 80+80MHz (QCN5054)
- WiFi 2.4G (QCN5024)
- ARM Standard 20-pin 2.54mm/0.1" JTAG (1V8 !!!)
- Bluetooth v5.0 + EDR with integrated Class 1 PA (CYW20704)
- 1x M.2 B-key socket with PCIe 3.0
- 1x USB 3.0 port
- UART marked J6 is 4-pin 2.54mm/0.1" connector 3V3(arrow),RX,TX,GND (115200 8N1)
- Reset and WPS buttons
Flashing instructions:
1. From U-Boot boot OpenWrt using initramfs image:
IPQ807x# tftpboot openwrt-ipq807x-generic-prpl_haze-initramfs-uImage.itb && bootm
2. In OpenWrt running from initramfs execute sysupgrade:
root@OpenWrt:/# sysupgrade -n /tmp/openwrt-ipq807x-generic-prpl_haze-squashfs-sysupgrade.bin
Work in progress/known issues:
* SFP feature not implemented/tested
* M.2 feature not implemented/tested
* Bluetooth feature not implemented/tested
* 6GHz wireless should be working, but not tested
* MAC address assigments for LAN interfaces
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 2e910039dd7170fd28641e7686c376dba6f0d8a5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains following updates:
* ipq8074: update RegDB in new submitted BDF
* Revert "ipq8074: update RegDB in new submitted BDF"
* qcn9074: update RegDB in new submitted BDF
* ipq8074: update RegDB in new submitted BDF
* qca-wireless: ipq40xx: add BDFs for ZTE MF287+
* Add BDFs for prpl Foundation Haze board
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit c2bb9f055b252f167d58540bddb9e5e9586fa986)
|
| |
|
|
|
|
|
|
|
|
|
| |
0f73d32 ipq8074: update RegDB in new submitted BDF
a4cd21f ipq8074: add Compex WPQ873 BDF
c888dd0 qca-wireless: ipq40xx: Add BDFs for Eero Cento
6388ba9 ipq8074: update regdb for Netgear SXK80 BDF
77775d2 ipq8074: add Netgear SXK80
Signed-off-by: Antti Nykänen <antti.nykanen@nokia.com>
(cherry picked from commit 86e7614e0deb5e97083103600b045833c6517c6b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently kernel crashes when of_phy_connect has issues:
Unable to handle kernel access to user memory outside uaccess routines at virtual address 0000000000000308
...
pc : phy_attached_print+0x28/0x1b0
lr : phy_attached_info+0x14/0x20
...
Call trace:
phy_attached_print+0x28/0x1b0
phy_attached_info+0x14/0x20
nss_dp_adjust_link+0x544/0x6c4 [qca_nss_dp]
of_phy_connect returns either pointer or NULL, so can't be checked with
IS_ERR macro.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 38c7cf0e69aeefdec44d513307732e4daf7d9794)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
b09b316aeaf6 blobmsg: add blobmsg_parse_attr function
eac92a4d5d82 blobmsg: add blobmsg_parse_array_attr
ef5e8e38bd38 usock: fix poll return code check
6fc29d1c4292 jshn.sh: Add pretty-printing to json_dump
5893cf78da40 blobmsg: Don't do at run-time what can be done at compile-time
362951a2d96e uloop: fix uloop_run_timeout
75a3b870cace uloop: add support for integrating with a different event loop
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b6e0a24c492537e5bbfa015e2a3638ccc53c164b)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
412d03012f13 network: prevent adding endpoint routes for addresses on the network
faaf9cee6ef4 utils: fix ipv4 checksum issue
0e1c2fad3540 pex-msg: fix memory leak on fread fail in pex_msg_update_request_init
51be0ed659d0 host: fix crash parsing gateway when no endpoint is specified
ca17601dc24e wg-linux: add support for splitting netlink messages for allowed ips
7d3986b7a5a2 wg-linux: increase default messages size
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 7b1e8983365746876034534ef22004d423c390e0)
|
| |
|
|
|
|
|
|
|
|
|
| |
Synchronize the ath11k backports with the current ath-next tree.
This introduces support for MBSSID and EMA, adds factory test mode and
some new HTT stats.
Tested-by: Francisco G Luna <frangonlun@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit acde5271a68835f51185aae1b11343439a9d4cab)
|
| |
|
|
|
|
|
|
|
| |
Backport EMA beacon support from kernel 6.4.
It is required for MBSSID/EMA suport in ath11k that will follow.
Tested-by: Francisco G Luna <frangonlun@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 84b5735b4c59c8fcb3db647430a4ffd574fb10a3)
|
| |
|
|
|
|
|
|
|
|
| |
The MDIO bus multiplexing framework is used by some drivers
such as dwmac-sun8i.
As this is a per-driver requirement, set it to be hidden in the menu.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
(cherry picked from commit 2dbeb607251b75b506dcc8f1294cd9ed0bac9694)
|
| |
|
|
|
|
|
|
|
| |
source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 0a1ee5323549bfce30b4d42be2dcc461f694881c)
|
| |
|
|
|
|
|
|
|
| |
source.codeaurora.org project has been shut down and the nxp
repositories has been moved to github. Update the repository
link to the new location.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 52fd8d8ba3ed4d34ed1dbc9d14fc7754960a576d)
|
| |
|
|
|
|
|
|
|
| |
Update bootloader environment for BPi-R3 and BPi-R64 to adapt to new
device tree overlay mechanism now that support for multiple device
tree overlays has been added.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ec50d2d366fecb6f4bac2ae9d5cfa4aba9cf7bbc)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2023-2650 fix
Remove upstreamed patches
Major changes between OpenSSL 3.0.8 and OpenSSL 3.0.9 [30 May 2023]
* Mitigate for very slow OBJ_obj2txt() performance with gigantic OBJECT IDENTIFIER sub-identities. (CVE-2023-2650)
* Fixed buffer overread in AES-XTS decryption on ARM 64 bit platforms (CVE-2023-1255)
* Fixed documentation of X509_VERIFY_PARAM_add0_policy() (CVE-2023-0466)
* Fixed handling of invalid certificate policies in leaf certificates (CVE-2023-0465)
* Limited the number of nodes created in a policy tree (CVE-2023-0464)
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 6348850f10545aac70db94d3a9555a4f2eb84281)
|
| |
|
|
|
|
|
|
|
|
|
| |
Release Notes:
https://valgrind.org/docs/manual/dist.news.html
This improves support for the memory allocator used in musl libc 1.2.2
and later which is currently used by OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d85013460d47b538389b08506fda49e96a1968b5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Build and package kernel self-tests used for BPF testing, program and JIT
development. This package, together with the existing 'kmod-bpf-test', was
extensively used for past upstream Linux JIT submissions [1].
Currently this includes only 'test_verifier'; building 'test_progs' will
fail due to known endian limitations with bpftool skeletons.
[1]:https://lore.kernel.org/bpf/cover.1633392335.git.Tony.Ambardar@gmail.com
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 3886ea9b87c416c080078603fedea95bcc144442)
|
| |
|
|
|
|
|
|
|
|
|
| |
Set net.core.bpf_jit_kallsyms=1 in /etc/sysctl.d/10-default.conf.
For privileged users, this exports addresses of JIT-compiled programs to
appear in /proc/kallsyms when present, allowing their use for debugging
and in traces.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit b3aaede2a7b14f2be850db8ae0c826e2782a60e8)
|
| |
|
|
|
|
|
|
|
| |
Add support for the Xunlong Orange Pi R1 Plus LTS.
Manually generated of-platdata files to avoid swig dependency.
Tested-by: Volkan Yetik <no3iverson@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 37fed89166e6e21c20ef92b36106f7184a0476c6)
|
| |
|
|
|
|
|
|
| |
Add support for the Xunlong Orange Pi R1 Plus.
Manually generated of-platdata files to avoid swig dependency.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 043f8a4f5ecf00e8a62b5a5d48baba48e620ea6a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Built-in engine configs are added in libopenssl-conf/install stage
already, postinst/add_engine_config is just duplicating them, and
due to the lack of `config` header it results a broken uci config:
> uci: Parse error (invalid command) at line 3, byte 0
```
config engine 'devcrypto'
option enabled '1'
engine 'devcrypto'
option enabled '1'
option builtin '1'
```
Add `builtin` option in libopenssl-conf/install stage and remove
duplicate engine configuration in postinst/add_engine_config to
fix this issue.
Fixes: 0b70d55a64c39d ("openssl: make UCI config aware of built-in engines")
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a0d71934253f599f4ac651b1b3a429901049e802)
|
| |
|
|
|
|
|
| |
Fix typo of 'family' in a7e9445975
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 191742eb8ddc4353eedf71a327fb17a11c5a3a99)
|
| |
|
|
|
|
|
|
| |
It's only used on devices in mt7621 and mt7622 subtargets, so no reason
to compile it for others.
Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com>
(cherry picked from commit e81298463ed45cd03d45837c12f4c0a4b85f6cd4)
|
| |
|
|
|
|
|
| |
ec9dba721245 system-linux: fix memory leak in system_bridge_vlan_check
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 20ce21866e482c132df7085061f28dfdafc8a48a)
|
| |
|
|
|
|
|
|
| |
Fix the PKG_MIRROR_HASH value for netifd.
Fixes: d2ecaaca3404 ("netifd: update to version 2023-05-31")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 21f713d5abf86fc5639b41d7f4e7535a5538d63a)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Contains following changes:
* bridge: bridge_dump_info: add dumping of bridge attributes
* bridge: make it more clear why the config was applied
* cmake: fix build by reordering the cflags definitions
* treewide: fix multiple compiler warnings
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d2ecaaca3404a05ba65bb6756bc5fbd05389ed2f)
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
30d503a uci jsonfilter: pipe and leak
e13cb64 rpcd leds
144781f jsonfilter, luci, ubus
1210762 rpcd and all agents get fd's leaked
ab9227c rpcd
2f99e0e luci rpcd
b43aaf3 rpcd (enable/disable services) luci peeraddr
f20f03e rpcd
7bc74f6 rpcd reads all subj state and luci-bwc leaks
9634b17 adds inotify perms to anon_inode
3d3c17c adds bare anon_inode (linux 5.15)
7104b20 dnsmasq and luci
0de2c66 luci,rpcd, ucode, wpad
14f5cf9 luci and ucode
e3ce84c rpcd, ucode and cgiio loose ends
96a2401 misc updates
9fe0490 initscript: remove redundant rules
71bd77e allow all init scripts to log to logd
f697331 sandbox: make ttydev handling more robust
a471877 simplify pty tty console access
f738984 sandbox: also remove TIOSCTI from all ttydevs
Signed-off-by: Linhui Liu <liulinhui36@gmail.com>
(cherry picked from commit 4c5a9da8699a7982b8f03b28561f955d9d1313f1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the ca-certificates and ca-bundle package from version 20211016 to
version 20230311.
Use TAR_OPTIONS instead of hacking Build/Prepare, refresh patches.
Debian change-log entry [1]:
|[...]
|[ Đoàn Trần Công Danh ]
|* ca-certificates: compat with non-GNU mktemp (closes: #1000847)
|
|[ Ilya Lipnitskiy ]
|* certdata2pem.py: use UTC time when checking cert validity
|
|[ Julien Cristau ]
|* Update Mozilla certificate authority bundle to version 2.60
| The following certificate authorities were added (+):
| + "Autoridad de Certificacion Firmaprofesional CIF A62634068"
| + "Certainly Root E1"
| + "Certainly Root R1"
| + "D-TRUST BR Root CA 1 2020"
| + "D-TRUST EV Root CA 1 2020"
| + "DigiCert TLS ECC P384 Root G5"
| + "DigiCert TLS RSA4096 Root G5"
| + "E-Tugra Global Root CA ECC v3"
| + "E-Tugra Global Root CA RSA v3"
| + "HARICA TLS ECC Root CA 2021"
| + "HARICA TLS RSA Root CA 2021"
| + "HiPKI Root CA - G1"
| + "ISRG Root X2"
| + "Security Communication ECC RootCA1"
| + "Security Communication RootCA3"
| + "Telia Root CA v2"
| + "TunTrust Root CA"
| + "vTrus ECC Root CA"
| + "vTrus Root CA"
| The following certificate authorities were removed (-):
| - "Cybertrust Global Root" (expired)
| - "EC-ACC"
| - "GlobalSign Root CA - R2" (expired)
| - "Hellenic Academic and Research Institutions RootCA 2011"
| - "Network Solutions Certificate Authority"
| - "Staat der Nederlanden EV Root CA" (expired)
|* Drop trailing space from debconf template causing misformatting
| (closes: #980821)
|
|[ Wataru Ashihara ]
|* Make certdata2pem.py compatible with cryptography >= 35 (closes: #1008244)
|[...]
[1]: https://metadata.ftp-master.debian.org/changelogs/main/c/ca-certificates/ca-certificates_20230311_changelog
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7c83b6ac8656f9a3b005554d25857e8ed5faf3f6)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libselinux-3.5 fails to compile in Fedora 38 container due to the
following:
cc -O2 -I/openwrt/staging_dir/host/include -I/openwrt/staging_dir/hostpkg/include -I/openwrt/staging_dir/target-x86_64_musl/host/include -I../include -D_GNU_SOURCE -DNO_ANDROID_BACKEND -DUSE_PCRE2 -DPCRE2_CODE_UNIT_WIDTH=8 -I/openwrt/staging_dir/hostpkg/include -L/openwrt/staging_dir/host/lib -L/openwrt/staging_dir/hostpkg/lib -L/openwrt/staging_dir/target-x86_64_musl/host/lib -Wl,-rpath=/openwrt/staging_dir/hostpkg/lib -shared -o libselinux.so.1 avc.lo avc_internal.lo avc_sidtab.lo booleans.lo callbacks.lo canonicalize_context.lo checkAccess.lo check_context.lo checkreqprot.lo compute_av.lo compute_create.lo compute_member.lo compute_relabel.lo compute_user.lo context.lo deny_unknown.lo disable.lo enabled.lo fgetfilecon.lo freecon.lo freeconary.lo fsetfilecon.lo get_context_list.lo get_default_type.lo get_initial_context.lo getenforce.lo getfilecon.lo getpeercon.lo init.lo is_customizable_type.lo label.lo label_db.lo label_file.lo label_media.lo label_support.lo label_x.lo lgetfilecon.lo load_policy.lo lsetfilecon.lo mapping.lo matchmediacon.lo matchpathcon.lo policyvers.lo procattr.lo query_user_context.lo regex.lo reject_unknown.lo selinux_check_securetty_context.lo selinux_config.lo selinux_internal.lo selinux_restorecon.lo sestatus.lo setenforce.lo setexecfilecon.lo setfilecon.lo setrans_client.lo seusers.lo sha1.lo stringrep.lo validatetrans.lo -L/openwrt/staging_dir/hostpkg/lib -lpcre2-8 -lfts -ldl -Wl,-soname,libselinux.so.1,--version-script=libselinux.map,-z,defs,-z,relro
/usr/bin/ld: /openwrt/staging_dir/hostpkg/lib/libpcre2-8.a(pcre2_compile.c.o): relocation R_X86_64_32S against symbol `_pcre2_ucd_stage1_8' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: failed to set dynamic section sizes: bad value
So lets fix it by enabling build of host static library with the
position independent code option enabled.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 12494f5b8a7bb48cbf7b2fba7d17a53981173120)
|
| |
|
|
|
|
|
| |
Add kmod-nft-dup-inet package to allow packet duplication in ip/ip6/inet nftables family
Signed-off-by: Michał Kwiatek <michal@kwiatek.it>
(cherry picked from commit a7e9445975f832db887e6044d7e84220d2a68cf1)
|
