aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* refpolicy: fix path to setfiles and checkpolicyPaul Spooren2020-09-301-3/+2
| | | | | | | | Directly set path via MAKE vars instead of defning TESTTOOLS. This way setfiles, which is required by the ImageBuilder, ends up in /host/bin while checkpolicy can stay in hostpkg/bin. Signed-off-by: Paul Spooren <mail@aparcar.org>
* uboot-rockchip: update NanoPi R2S patchesDavid Bauer2020-09-304-123/+191
| | | | | | | | Update the patches required for the NanoPi R2S to match the DTS accepted for upstream Linux. The U-Boot patch meanwhile is still pending upstream. Signed-off-by: David Bauer <mail@david-bauer.net>
* mac80211: add support for specifying a per-device scan listFelix Fietkau2020-09-292-0/+3
| | | | | | | This is useful to bring up multiple client mode interfaces on a single channel much faster without having to scan through a lot of channels Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: backport sched_set_fifo_lowFelix Fietkau2020-09-291-0/+32
| | | | | | This is needed for newer mt76 updates Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: another fix for the sta connection monitorFelix Fietkau2020-09-291-5/+37
| | | | | | Make the code more closely match the original behavior Signed-off-by: Felix Fietkau <nbd@nbd.name>
* refpolicy: mark as architecture independentDaniel Golle2020-09-291-1/+2
| | | | | | | Use PKGARCH:=all to declare this package to be free of any architecture dependent code. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* policycoreutils: install to host/bin not hostpkgPaul Spooren2020-09-291-1/+1
| | | | | | | | By installing policycoreutils to host/bin it is also available within the ImageBuilder and SDK, allowing to correctly label both filesystems and packages. Signed-off-by: Paul Spooren <mail@aparcar.org>
* ath10k-firmware: package Wave1 from linux-firmwareDavid Bauer2020-09-282-4/+4
| | | | | | | | | | The firmware for Wave1 chips was updated to the latest release 10.2.4-1.0-00047 at the end of 2019 (commit 513d70cc50b). Package firmware for these chips from linux-firmware. This avoids downloading the ath10k-firmware repository. Signed-off-by: David Bauer <mail@david-bauer.net>
* openssl: bump to 1.1.1hEneas U de Queiroz2020-09-283-5/+5
| | | | | | This is a bug-fix release. Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* uboot-envtools: ath79: add support for ALFA Network N5QPiotr Dymacz2020-09-281-0/+1
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* uboot-envtools: ath79: add support for ALFA Network N2QPiotr Dymacz2020-09-281-0/+1
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* uboot-envtools: ath79: add support for ALFA Network R36APiotr Dymacz2020-09-281-0/+1
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* uboot-envtools: ath79: add support for Samsung WAM250Piotr Dymacz2020-09-281-0/+1
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* uboot-envtools: ath79: add support for Wallys DR531Piotr Dymacz2020-09-281-0/+3
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* uboot-envtools: ath79: add support for ALFA Network AP121FEPiotr Dymacz2020-09-281-0/+1
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* libsepol: break out chkcon utilityDaniel Golle2020-09-271-0/+18
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* policycoreutils: fix host utils rpath and bin directoryDaniel Golle2020-09-271-4/+6
| | | | | | | | | 'setfiles' and others should be installed to $(STAGING_DIR_HOSTPKG)/bin rather than $(...)/sbin which isn't in PATH. Also using -Wl,-rpath to set library search location instead of setting LD_LIBRARY_PATH when calling setfiles in image.mk. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* build: define PWM_SUPPORT arch feature flagChristian Lamparter2020-09-251-0/+16
| | | | | | | | | | As the PWM has its own sub-system in the Linux kernel, I think it should be handled in the same way as GPIO, RTC, PCI... This patch introduces a specific feature flag "pwm" and the "leds-pwm" kernel module as the first customer. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ipq40xx: Add support for Linksys MR8300 (Dallas)Hans Geiblinger2020-09-254-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Linksys MR8300 is based on QCA4019 and QCA9888 and provides three, independent radios. NAND provides two, alternate kernel/firmware images with fail-over provided by the OEM U-Boot. Hardware Highlights: SoC: IPQ4019 at 717 MHz (4 CPUs) RAM: 512MB RAM SoC: Qualcomm IPQ4019 at 717 MHz (4 CPUs) RAM: 512M DDR3 FLASH: 256 MB NAND (Winbond W29N02GV, 8-bit parallel) ETH: Qualcomm QCA8075 (4x GigE LAN, 1x GigE Internet Ethernet Jacks) BTN: Reset and WPS USB: USB3.0, single port on rear with LED SERIAL: Serial pads internal (unpopulated) LED: Four status lights on top + USB LED WIFI1: 2x2:2 QCA4019 2.4 GHz radio on ch. 1-14 WIFI2: 2x2:2 QCA4019 5 GHz radio on ch. 36-64 WIFI3: 2x2:2 QCA9888 5 GHz radio on ch. 100-165 Support is based on the already supported EA8300. Key differences: EA8300 has 256MB RAM where MR8300 has 512MB RAM. MR8300 has a revised top panel LED setup. Installation: "Factory" images may be installed directly through the OEM GUI using URL: https://ip-of-router/fwupdate.html (Typically 192.168.1.1) Signed-off-by: Hans Geiblinger <cybrnook2002@yahoo.com> [copied Hardware-highlights from EA8300. Fixed alphabetical order. fixed commit subject, removed bogus unit-address of keys, fixed author (used Signed-off-By to From:) ] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ipq40xx: add support for Luma Home WRTQ-329ACNTomasz Maciej Nowak2020-09-253-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Luma Home WRTQ-329ACN, also known as Luma WiFi System, is a dual-band wireless access point. Specification SoC: Qualcomm Atheros IPQ4018 RAM: 256 MB DDR3 Flash: 2 MB SPI NOR 128 MB SPI NAND WIFI: 2.4 GHz 2T2R integrated 5 GHz 2T2R integrated Ethernet: 2x 10/100/1000 Mbps QCA8075 USB: 1x 2.0 Bluetooth: 1x 4.0 CSR8510 A10, connected to USB bus LEDS: 16x multicolor LEDs ring, controlled by MSP430G2403 MCU Buttons: 1x GPIO controlled EEPROM: 16 Kbit, compatible with AT24C16 UART: row of 4 holes marked on PCB as J19, starting count from the side of J19 marking on PCB 1. GND, 2. RX, 3. TX, 4. 3.3V baud: 115200, parity: none, flow control: none The device supports OTA or USB flash drive updates, unfotunately they are signed. Until the signing key is known, the UART access is mandatory for installation. The difficult part is disassembling the casing, there are a lot of latches holding it together. Teardown Prepare three thin, but sturdy, prying tools. Place the device with back of it facing upwards. Start with the wall having a small notch. Insert first tool, until You'll feel resistance and keep it there. Repeat the procedure for neighbouring walls. With applying a pressure, one edge of the back cover should pop up. Now carefully slide one of the tools to free the rest of the latches. There's no need to solder pins to the UART holes, You can use hook clips, but wiring them outside the casing, will ease debuging and recovery if problems occur. Installation 1. Prepare TFTP server with OpenWrt initramfs image. 2. Connect to UART port (don't connect the voltage pin). 3. Connect to LAN port. 4. Power on the device, carefully observe the console output and when asked quickly enter the failsafe mode. 5. Invoke 'mount_root'. 6. After the overlayfs is mounted run: fw_setenv bootdelay 3 This will allow to access U-Boot shell. 7. Reboot the device and when prompted to stop autoboot, hit any key. 8. Adjust "ipaddr" and "serverip" addresses in U-Boot environment, use 'setenv' to do that, then run following commands: tftpboot 0x84000000 <openwrt_initramfs_image_name> bootm 0x84000000 and wait till OpenWrt boots. 9. In OpenWrt command line run following commands: fw_setenv openwrt "setenv mtdids nand1=spi_nand; setenv mtdparts mtdparts=spi_nand:-(ubi); ubi part ubi; ubi read 0x84000000 kernel; bootm 0x84000000" fw_setenv bootcmd "run openwrt" 10. Transfer OpenWrt sysupgrade image to /tmp directory and flash it with: ubirmvol /dev/ubi0 -N ubi_rootfs sysupgrade -v -n /tmp/<openwrt_sysupgrade_image_name> 11. After flashing, the access point will reboot to OpenWrt, then it's ready for configuration. Reverting to OEM firmware 1. Execute installation guide steps: 1, 2, 3, 7, 8. 2. In OpenWrt command line run following commands: ubirmvol /dev/ubi0 -N rootfs_data ubirmvol /dev/ubi0 -N rootfs ubirmvol /dev/ubi0 -N kernel ubirename /dev/ubi0 kernel1 kernel ubi_rootfs1 ubi_rootfs ubimkvol /dev/ubi0 -S 34 -N kernel1 ubimkvol /dev/ubi0 -S 320 -N ubi_rootfs1 ubimkvol /dev/ubi0 -S 264 -N rootfs_data fw_setenv bootcmd bootipq 3. Reboot. Known issues The LEDs ring doesn't have any dedicated driver or application to control it, the only available option atm is to manipulate it with 'i2cset' command. The default action after applying power to device is spinning blue light. This light will stay active at all time. To disable it install 'i2c-tools' with opkg and run: i2cset -y 2 0x48 3 1 0 0 i The light will stay off until next cold boot. Additional information After completing 5. step from installation guide, one can disable asking for root password on OEM firmware by running: sed -e 's/root:x:/root::/' -i /etc/passwd This is useful for investigating the OEM firmware. One can look at the communication between the stock firmware and the vendor's cloud servers or as a way of making a backup of both flash chips. The root password seems to be constant across all sold devices. This is output of 'led_ctl' from OEM firmware to illustrate possibilities of LEDs ring: Usage: led_ctl [status | upgrade | force_upgrade | version] led_ctl solid COLOR <brightness> led_ctl single COLOR INDEX <brightness 0 - 15> led_ctl spinning COLOR <period 1 - 16 (lower = faster)> led_ctl fill COLOR <period 1 - 16 (lower = faster)> ( default is 5 ) led_ctl flashing COLOR <on dur 1 - 128> <off dur 1 - 128> (default is 34) ( default is 34 ) led_ctl pulsing COLOR COLOR: red, green, blue, yellow, purple, cyan, white Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl> [squash "ipq-wifi: add BDFs for Luma Home WRTQ-329ACN" into commit, changed ubi volumes for easier integration, slightly reworded commit message, changed ubi volume layout to use standard names all around] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* dnsmasq: fix handling ignore condition for dnssecYousong Zhou2020-09-252-1/+2
| | | | | | | | | | It should return false to indicate that the option should not be ignored Fixes 064dc1e8 ("dnsmasq: abort when dnssec requested but not available") Reported-by: Sami Olmari <sami@olmari.fi> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* dnsmasq: support tftp_unique_root in /etc/config/dhcpW. Michael Petullo2020-09-242-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | The TFTP server provided by dnsmasq supports serving a select boot image based on the client's MAC or IP address. This allows an administrator to activate this feature in /etc/config/dhcp. Here is an example /etc/config/dhcp that configures dnsmasq with --tftp-unique-root=mac: ... config dnsmasq option enable_tftp 1 option tftp_root /usr/libexec/tftpboot option tftp_unique_root mac config boot router option serveraddress 192.168.1.1 option servername tftp.example.com option filename openwrt-initramfs-kernel.bin ... With this configuration, dnsmasq will serve /usr/libexec/tftpboot/00-11-22-33-44-55/openwrt-initramfs-kernel.bin to the client with MAC address 00:11:22:33:44:55. Signed-off-by: W. Michael Petullo <mike@flyn.org>
* vxlan: fix rsc config optionHans Dedecker2020-09-242-3/+3
| | | | | | Fix route short circuit config option; fixes commit 036221ce5a899eb99ef1c1623fc9460af00a69e7 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* vxlan: add extra config optionsHans Dedecker2020-09-232-3/+25
| | | | | | | | | | | | | | | | | Add config options: srcportmin/srcportmax : range of port numbers to use as UDP source ports to communicate to the remote VXLAN tunnel endpoint ageing : lifetime in seconds of FDB entries learnt by the kernel maxaddress : maximum number of FDB entries learning : enable/disable entering unknown source link layer addresses and IP addresses into the VXLAN device FDB. rsc : enable/disable route short circuit proxy : enable/disable ARP proxy l2miss : enable/disable netlink LLADDR miss notifications l3miss : enable/disable netlink IP ADDR miss notifications gbp : enable/disable the Group Policy extension Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: add support for Linksys EA7300 v2J. Scott Heppler2020-09-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This submission relied heavily on the work of Santiago Rodriguez-Papa <contact at rodsan.dev> Specifications: * SoC: MediaTek MT7621A (880 MHz 2c/4t) * RAM: Winbond W632GG6MB-12 (256M DDR3-1600) * Flash: Winbond W29N01HVSINA (128M NAND) * Eth: MediaTek MT7621A (10/100/1000 Mbps x5) * Radio: MT7603E/MT7615N (2.4 GHz & 5 GHz) 4 antennae: 1 internal and 3 non-deatachable * USB: 3.0 (x1) * LEDs: White (x1 logo) Green (x6 eth + wps) Orange (x5, hardware-bound) * Buttons: Reset (x1) WPS (x1) Installation: Flash factory image through GUI. This might fail due to the A/B nature of this device. When flashing, OEM firmware writes over the non-booted partition. If booted from 'A', flashing over 'B' won't work. To get around this, you should flash the OEM image over itself. This will then boot the router from 'B' and allow you to flash OpenWRT without problems. Reverting to factory firmware: Hard-reset the router three times to force it to boot from 'B.' This is where the stock firmware resides. To remove any traces of OpenWRT from your router simply flash the OEM image at this point. Signed-off-by: J. Scott Heppler <shep971@centurylink.net>
* mt76: update to the latest versionFelix Fietkau2020-09-231-3/+3
| | | | | | | | | 73301065ac32 mt76: mt7615: reduce maximum VHT MPDU length to 7991 8c47ed12c2be mt76: mt7915: add offchannel condition in switch channel command 1449e602fa10 mt76: Convert to DEFINE_SHOW_ATTRIBUTE b22977c2727d mt76: mt7663s: remove max_tx_fragments limitation Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: update sta connection monitor regression fixFelix Fietkau2020-09-231-15/+27
| | | | | | Reset the connection monitor on all acked frames Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: ubus: make (B)SSID optional for neighbor reportDavid Bauer2020-09-222-10/+25
| | | | | | | | | | | Make the BSSID and SSID fields optional when configuring a neighbor report into hostapd. Both options can now be an empty string. For the BSSID, the first 6 byte are copied from the neighbor report. For the SSID, the SSID for the affected hostapd BSS is used. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: ubus: send notification instead of eventDavid Bauer2020-09-222-12/+13
| | | | | | | | | | | Rafal Milecki pointed out that ubus events are meant for low-level ubus events only (e.g. addition or removal of an object). Higher level events should happen as notifications on the ubus object itself. Dispatch BSS events on the main hostapd ubus object instead of publishing them as ubus events. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: ubus: fix infinite loop when configuring RRM NRDavid Bauer2020-09-212-3/+2
| | | | | | | The return-code was set, however it was never returned, nor was the loop interrupted. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: send procd event on BSS updateDavid Bauer2020-09-212-4/+36
| | | | | | | Dispatch ubus events also to procd in order to trigger service reloads on hostapd updates. Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: send ubus event on BSS updateDavid Bauer2020-09-212-2/+24
| | | | | | | | | | | hostapd will emit a ubus event with the eventname hostapd.<ifname>.<event> when adding, removing or reloading a BSS. This way, services which install state (for example the RMM neighbor list) can on-demand reinstall this information for the BSS without polling this state. Signed-off-by: David Bauer <mail@david-bauer.net>
* odhcpd: number UCI defaults scriptStijn Segers2020-09-211-1/+1
| | | | | | | | | UCI defaults scripts are supposed to be numbered, but odhcpd's lacked numbering, which turned out to mess up my custom scripts numbered 9[0-9]_*. The idea is to have high number (custom) scripts executed last. Jow confirmed numbering is the default case, not the exception (thanks). Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* policycoreutils: fix ALTERNATIVES install locationDaniel Golle2020-09-211-1/+1
| | | | | Fixes: 7817c831ef ("policycoreutils: break into smaller packages") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* policycoreutils: break into smaller packagesDaniel Golle2020-09-211-45/+110
| | | | | | | | Instead of vaguely describing dependencies in the package description actually split-up into individual packages, each with their dependencies expressed accurately. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* libselinux: split utility packages and add PKG_LICENSEDaniel Golle2020-09-211-14/+73
| | | | | | | | Split utility packages similar to coreutils in packages feed, adding ALTERNATIVES for those which are also provided by busybox-selinux. Also add missing license information. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mac80211: fix regression in station connection monitor optimizationFelix Fietkau2020-09-211-0/+26
| | | | | | | | | When the nulldata frame was acked, the probe send count needs to be reset, otherwise it will keep increasing until the connection is considered dead, even though it fine. Reported-by: Georgi Valkov <gvalkov@abv.bg> Signed-off-by: Felix Fietkau <nbd@nbd.name>
* zram-swap: explicitly use mkswap/swapon/swapoff from /sbinRui Salvaterra2020-09-202-11/+11
| | | | | | | | | | | | | The required BusyBox applets are enabled by default, so we can rely on them being present in the system. This way, we make sure there are no conflicts with less featured variants of these same applets which might also be present in the system. Fixes: 0bd7dfa3ed60 ("zram-swap: enable swap discard") Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> [wrap commit description] Signed-off-by: David Bauer <mail@david-bauer.net>
* mac80211: select the first available channel for 5GHz interfacesDavide Fioravanti2020-09-201-2/+2
| | | | | | | | | | Some 5GHz wifi interfaces, especially in Tri-band routers, can't use channel 36. In these cases, the default configuration for 5GHz interfaces, once enabled, doesn't work. This patch selects the first non-disabled channel for 5GHz interfaces. Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
* mediatek: mt7623n-preloader: add preloader for Banana Pi R64David Woodhouse2020-09-191-0/+22
| | | | | | | | | | | | We want to be able to make full system images for this system too, just as we now can for the MT7623 platforms. The package directory (mt7623n) is now a bit misnamed as it's overly specific, but the precise set of platforms which we support this way is evolving and we'll fix it up when the dust settles and we know what nomenclature makes most sense. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
* arm-trusted-firmware-mvebu: add support for espressobinAndre Heider2020-09-181-21/+145
| | | | | | | | | | | | | | | | | | | | | | | | | Use build variants to cover all 11 hardware options [0]: espressobin-512mb espressobin-v3-v5-1gb-1cs espressobin-v3-v5-1gb-1cs-emmc espressobin-v3-v5-1gb-2cs espressobin-v3-v5-1gb-2cs-emmc espressobin-v3-v5-2gb espressobin-v3-v5-2gb-emmc espressobin-v7-1gb espressobin-v7-1gb-emmc espressobin-v7-2gb espressobin-v7-2gb-emmc CLOCKSPRESET is set to CPU_800_DDR_800 for all builds, which is the only stable configuration. That actually matches what Globalscale shipped as CPU_1000_DDR_800 combined with kernel versions < v4.19.42. [1][2]. [0] https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/plat/marvell/armada/build.rst [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8db82563451f976597ab7b282ec655e4390a4088 [2] https://forum.armbian.com/topic/10335-espressobin-update-to-585-results-in-kernel-panic/?tab=comments#comment-79916 Signed-off-by: Andre Heider <a.heider@gmail.com>
* arm-trusted-firmware-mvebu: update a3700-utilsAndre Heider2020-09-181-3/+3
| | | | | | | | | | Update to current head of the branch A3700_utils-armada-18.12-fixed: 0967979 ddr: Add DDR3 2CS layout for EspressoBin v5 2GB board 486523e ddr: fix typo for ESPRESSObin 2GB layout 490b2b3 TBB: Fix building for Crypto++ 6.0 and later 0141dd1 TBB: Split INCDIR from LIBDIR Signed-off-by: Andre Heider <a.heider@gmail.com>
* arm-trusted-firmware-mvebu: update to v2.3Andre Heider2020-09-182-8/+30
| | | | | | | Switch to release tarballs and add missing license information while here. Signed-off-by: Andre Heider <a.heider@gmail.com>
* arm-trusted-firmware-mvebu: install to own subdirAndre Heider2020-09-181-1/+3
| | | | | | | | | Lift the dependency on the build order, where flash-image.bin may be missing from the u-boot dir. While at it, also install the uart images for rescue purposes. Signed-off-by: Andre Heider <a.heider@gmail.com>
* arm-trusted-firmware-mvebu: fix compiler spamAndre Heider2020-09-181-0/+2
| | | | | | | Gets rid of these warnings: cc1: note: someone does not honour COPTS correctly, passed 0 times Signed-off-by: Andre Heider <a.heider@gmail.com>
* arm-trusted-firmware-mvebu: reuse default prepare targetAndre Heider2020-09-181-2/+1
| | | | | | Don't wipe internal state files, fixes e.g. refreshing patches. Signed-off-by: Andre Heider <a.heider@gmail.com>
* uboot-mvebu: add support for espressobinAndre Heider2020-09-186-0/+663
| | | | | | | This builds two u-boot binaries: one for boards without eMMC and one with. Signed-off-by: Andre Heider <a.heider@gmail.com>
* uboot-mvebu: update to v2020.10-rc4Andre Heider2020-09-185-52/+9
| | | | | | | | TODO: switch to release v2020.10 once released. Remove one merged patch, refresh the rest. Signed-off-by: Andre Heider <a.heider@gmail.com>
* bpftools: support NLS, fix ppc build and update to 5.8.9Tony Ambardar2020-09-186-33/+72
| | | | | | | | | | | | | | | | | With global NLS support enabled (CONFIG_BUILD_NLS), the linked libelf.so and libbfd.so libraries will depend on libintl.so. Import the nls.mk helper to set library prefixes and flags accordingly, and also conditionally add "-lintl" as link-time library. Fix a build error on ppc due to a EDEADLOCK redefinition in errno.h. Use upstream stable kernel 5.8.9, and fix overriding of feature detection to only allow/hide detected features. Also refresh existing patches. Fixes: 2f0d672088 ("bpftools: add utility and library packages supporting eBPF usage") Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* firmware: intel-microcode: update to 20200616Tan Zien2020-09-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | intel-microcode (3.20200616.1) * New upstream microcode datafile 20200616 + Downgraded microcodes (to a previously shipped revision): sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3, * This update *removes* the SRBDS mitigations from the above processors * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2 intel-microcode (3.20200609.2) * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression * Microcode rollbacks (closes: LP#1883002) sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS * Avoid hangs on boot on (some?) Skylake-U/Y processors, * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading, just in case. Note that Debian does not do late loading by itself. Refer to LP#1883002 for the report, 0x806ec hangs upon late load. intel-microcode (3.20200609.1) * SECURITY UPDATE * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending on the processor model * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and L1DCES mitigations, plus mitigations described in the changelog entry for package release 3.20191112.1. * Expect some performance impact, the mitigations are enabled by default. A Linux kernel update will be issued that allows one to selectively disable the mitigations. * New upstream microcode datafile 20200609 * Implements mitigation for CVE-2020-0543 Special Register Buffer Data Sampling (SRBDS), INTEL-SA-00320, CROSSTalk * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling (VRDS), INTEL-SA-00329 * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling (L1DCES), INTEL-SA-00329 * Known to fix the regression introduced in release 2019-11-12 (sig 0x50564, rev. 0x2000065), which would cause several systems with Skylake Xeon, Skylake HEDT processors to hang while rebooting * Updated Microcodes: sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552 sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456 sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528 sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600 sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336 sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448 sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768 sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816 sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224 sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224 sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448 sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424 sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424 sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400 sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424 * Restores the microcode-level fixes that were reverted by release 3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT) intel-microcode (3.20200520.1) * New upstream microcode datafile 20200520 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432 sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456 intel-microcode (3.20200508.1) * New upstream microcode datafile 20200508 + Updated Microcodes: sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520 * Likely fixes several critical errata on IceLake-U/Y causing system hangs intel-microcode (3.20191115.2) * Microcode rollbacks (closes: #946515, LP#1854764): sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792 * Avoids hangs on warm reboots (cold boots work fine) on HEDT and Xeon processors with signature 0x50654. intel-microcode (3.20191115.1) * New upstream microcode datafile 20191115 + Updated Microcodes: sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376 sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376 sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352 sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352 sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352 sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352 sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328 sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352 sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328 sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352 sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136 intel-microcode (3.20191113.1) * New upstream microcode datafile 20191113 + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details Adds microcode update for CFL-S (Coffe Lake Desktop) INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117 + Updated Microcodes (previously removed): sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 intel-microcode (3.20191112.1) * New upstream microcode datafile 20191112 + SECURITY UPDATE - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135 - Implements TA Indirect Sharing mitigation, and improves the MDS mitigation (VERW) - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271, CVE-2019-11139 - Fixes SGX vulnerabilities and errata (including CVE-2019-0117) + CRITICAL ERRATA FIXES - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except Ice Lake), causes a 0-3% typical perforance hit (can be as bad as 10%). But ensures the processor will actually jump where it should, so don't even *dream* of not applying this fix. - Fixes AVX SHUF* instruction implementation flaw erratum + Removed Microcodes: sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304 + New Microcodes: sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992 sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200 sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040 sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752 sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400 sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136 + Updated Microcodes: sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376 sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816 sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200 sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376 sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728 sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328 sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352 sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328 sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352 sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352 sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352 sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352 sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328 + Updated Microcodes (previously removed): sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768 Signed-off-by: Tan Zien <nabsdh9@gmail.com>