aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* treewide: fix security issues by bumping all packages using libwolfsslPetr Štetiar2022-10-044-4/+4
| | | | | | | | | | | | | | | | | | As wolfSSL is having hard time maintaining ABI compatibility between releases, we need to manually force rebuild of packages depending on libwolfssl and thus force their upgrade. Otherwise due to the ABI handling we would endup with possibly two libwolfssl libraries in the system, including the patched libwolfssl-5.5.1, but still have vulnerable services running using the vulnerable libwolfssl-5.4.0. So in order to propagate update of libwolfssl to latest stable release done in commit ec8fb542ec3e4 ("wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely exploitable vulnerabilities, we need to bump PKG_RELEASE of all packages using wolfSSL library. Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit f1b7e1434f66a3cb09cb9e70b40add354a22e458)
* wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173)Petr Štetiar2022-10-041-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Fixes denial of service attack and buffer overflow against TLS 1.3 servers using session ticket resumption. When built with --enable-session-ticket and making use of TLS 1.3 server code in wolfSSL, there is the possibility of a malicious client to craft a malformed second ClientHello packet that causes the server to crash. This issue is limited to when using both --enable-session-ticket and TLS 1.3 on the server side. Users with TLS 1.3 servers, and having --enable-session-ticket, should update to the latest version of wolfSSL. Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France" for research on tlspuffin. Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable Fixes: CVE-2022-39173 Fixes: https://github.com/openwrt/luci/issues/5962 References: https://github.com/wolfSSL/wolfssl/issues/5629 Tested-by: Kien Truong <duckientruong@gmail.com> Reported-by: Kien Truong <duckientruong@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit ec8fb542ec3e4f584444a97de5ac05dbc2a9cde5)
* wolfssl: refresh patchesPetr Štetiar2022-10-042-3/+3
| | | | | | | So they're tidy and apply cleanly. Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 8ad9a72cbed07643c7a8e4febbea71c7122b29a4)
* wolfssl: bump to 5.5.0Ivan Pavlov2022-10-044-28/+5
| | | | | | | | | | | Remove upstreamed: 101-update-sp_rand_prime-s-preprocessor-gating-to-match.patch Some low severity vulnerabilities fixed OpenVPN compatibility fixed (broken in 5.4.0) Other fixes && improvements Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> (cherry picked from commit 3d88f26d74f7771b808082cef541ed8286c40491)
* uboot-mvebu: backport LibreSSL patches for older version of LibreSSLJosef Schlehofer2022-10-032-0/+55
| | | | | | | | | | | | | | If you would like to compile the newest version of U-boot together with the stable OpenWrt version, which does not have LibreSSL >= 3.5, which was updated in the master branch by commit 5451b03b7ceb2315445c683fe174e28bbdd49c2f ("tools/libressl: bump to v3.5.3"), then you need these two patches to fix it. They are backported from U-boot repository. This should be backported to stable OpenWrt versions. Reported-by: Michal Vasilek <michal.vasilek@nic.cz> Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 185541f50ff59c0a5e0663ad612f0f5eb31926cf)
* uboot-mvebu: backport patch to fix compilation on non glibc systemJosef Schlehofer2022-10-031-0/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This issue was reported by @paper42, who is using Void Linux with musl to compile OpenWrt and its packages and found out it is not possible to compile U-boot for Turris Omnia (neither any other). It fixes following output: ``` HOSTCC tools/kwboot tools/kwboot.c: In function 'kwboot_tty_change_baudrate': tools/kwboot.c:662:6: error: 'struct termios' has no member named 'c_ospeed' 662 | tio.c_ospeed = tio.c_ispeed = baudrate; | ^ tools/kwboot.c:662:21: error: 'struct termios' has no member named 'c_ispeed' 662 | tio.c_ospeed = tio.c_ispeed = baudrate; | ^ tools/kwboot.c:690:31: error: 'struct termios' has no member named 'c_ospeed' 690 | if (!_is_within_tolerance(tio.c_ospeed, baudrate, 3)) | ^ tools/kwboot.c:693:31: error: 'struct termios' has no member named 'c_ispeed' 693 | if (!_is_within_tolerance(tio.c_ispeed, baudrate, 3)) | ``` Tested-by: Michal Vasilek <michal.vasilek@nic.cz> Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 9c7472950b01c5b3a461f4e29b3b62bac9e35b46)
* firmware: intel-microcode: update to 20220809Christian Lamparter2022-10-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Debian's changelog by Henrique de Moraes Holschuh <hmh@debian.org>: * New upstream microcode datafile 20220809 * Fixes INTEL-SA-00657, CVE-2022-21233 Stale data from APIC leaks SGX memory (AEPIC leak) * Fixes unspecified errata (functional issues) on Xeon Scalable * Updated Microcodes: sig 0x00050653, pf_mask 0x97, 2022-03-14, rev 0x100015e, size 34816 sig 0x00050654, pf_mask 0xb7, 2022-03-08, rev 0x2006e05, size 44032 sig 0x000606a6, pf_mask 0x87, 2022-04-07, rev 0xd000375, size 293888 sig 0x000706a1, pf_mask 0x01, 2022-03-23, rev 0x003c, size 75776 sig 0x000706a8, pf_mask 0x01, 2022-03-23, rev 0x0020, size 75776 sig 0x000706e5, pf_mask 0x80, 2022-03-17, rev 0x00b2, size 112640 sig 0x000806c2, pf_mask 0xc2, 2022-03-19, rev 0x0028, size 97280 sig 0x000806d1, pf_mask 0xc2, 2022-03-28, rev 0x0040, size 102400 sig 0x00090672, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064 sig 0x00090675, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064 sig 0x000906a3, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064 sig 0x000906a4, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064 sig 0x000a0671, pf_mask 0x02, 2022-03-17, rev 0x0054, size 103424 sig 0x000b06f2, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064 sig 0x000b06f5, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064 Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit bb73828b89def128f26ae1cdff0d08569d261f1b)
* build: fix issues with targets installed via feedsFelix Fietkau2022-09-271-3/+4
| | | | | | | | - fix including modules.mk when a target is being replaced - fix calling make targets from target/linux Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 3a8825ad6acbf18b2b472ace56be58868af78be7)
* build: fix including modules.mk for targets pulled in from feedsFelix Fietkau2022-09-271-1/+2
| | | | | | Fixes: ebc36ebb2349 ("scripts/feeds: install targets to target/linux/feeds and support overriding") Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 00094efec33f07c9dc16cce23be492430c40b3cc)
* ramips: fix fw_setsysWenli Looi2022-09-231-1/+1
| | | | | | | | | | This change was included in the original pull request but later omitted for some reason: https://github.com/openwrt/openwrt/pull/4936 Signed-off-by: Wenli Looi <wlooi@ucalgary.ca> (cherry picked from commit 4cccea02a60aee0dd77c4db35672c92e2fe384a1)
* mac80211: rt2x00: experimental improvements for MT7620 wifiDaniel Golle2022-09-1924-483/+1411
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Serge Vasilugin reports: To improve mt7620 built-in wifi performance some changes: 1. Correct BW20/BW40 switching (see comments with mark (1)) 2. Correct TX_SW_CFG1 MAC reg from v3 of vendor driver see https://gitlab.com/dm38/padavan-ng/-/blob/master/trunk/proprietary/rt_wifi/rtpci/3.0.X.X/mt76x2/chips/rt6352.c#L531 3. Set bbp66 for all chains. 4. US_CYC_CNT init based on Programming guide, default value was 33 (pci), set chipset bus clock with fallback to cpu clock/3. 5. Don't overwrite default values for mt7620. 6. Correct some typos. 7. Add support for external LNA: a) RF and BBP regs never be corrected for this mode b) eLNA is driven the same way as ePA with mt7620's pin PA but vendor driver explicitly pin PA to gpio mode (for forrect calibration?) so I'm not sure that request for pa_pin in dts-file will be enough First 5 changes (really 2) improve performance for boards w/o eLNA/ePA. Changes 7 add support for eLNA Configuration w/o eLAN/ePA and with eLNA show results tx/rx (from router point of view) for each stream: 35-40/30-35 Mbps for HT20 65-70/60-65 Mbps for HT40 Yes. Max results for 2T2R client is 140-145/135-140 with peaks 160/150, It correspond to mediatek driver results. Boards with ePA untested. Reported-by: Serge Vasilugin <vasilugin@yandex.ru> Signed-off-by: Daniel Golle <daniel@makrotopia.org> [directly include v3 of the patchset submitted upstream] (cherry picked from commit 31a6605de04218e1c04bd5c2436c24d7d1c07506) (cherry picked from commit e785ca05e9f0502894772f5df92192b816ba5d7c) (cherry picked from commit 412fcf3d4400f84551f3ead0514834c62d94a251)
* mac80211: rt2x00: fix typoSungbo Eo2022-09-192-5/+3
| | | | | | | Add missing semicolon and refresh patches. Signed-off-by: Sungbo Eo <mans0n@gorani.run> (cherry picked from commit d826c91704d2baa5e389c225791740e4c61d62c4)
* mac80211: add patch descriptions to rt2x00 patchesDaniel Golle2022-09-186-1/+76
| | | | | | | | Prepare patches for sending upstream by adding patch descriptions generated from the original OpenWrt commits adding each patch. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit d4feb66048f6a8f387eedfb162a1184cdae9d756)
* kernel: modules: package kmod-crypto-essivDaniel Golle2022-09-181-0/+12
| | | | | | | Package kernel module providing ESSIV support for block encryption. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 4133102898502c9bb453e8603b6c891aa103bce4)
* wireless-regdb: update to 2022-08-12Nick Hainke2022-09-171-2/+2
| | | | | | | | | | Changes: 9dc9c89 wireless-regdb: update regulatory database based on preceding changes 442bc25 wireless-regdb: update 5 GHz rules for PK and add 60 GHz rule daee7f3 wireless-regdb: add 5 GHz rules for GY Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry picked from commit 1d2d69c810261308652a577fc136e7327e0e1358)
* kernel: build crypto md5/sha1/sha256 modules for powerpcJosef Schlehofer2022-09-171-1/+19
| | | | | | | | | | | | | | | | | This builds and enables kernel optimized modules for mpc85xx target: - CONFIG_CRYPTO_MD5_PPC [1] - CONFIG_CRYPTO_SHA1_PPC_SPE [2] - CONFIG_CRYPTO_SHA256_PPC_SPE [3] Where it was possible, then use Signal Processing Engine, because CONFIG_SPE is already enabled in mpc85xx config. [1] https://cateee.net/lkddb/web-lkddb/CRYPTO_MD5_PPC.html [2] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA1_PPC.html [3] https://cateee.net/lkddb/web-lkddb/CRYPTO_SHA256_PPC_SPE.html Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> (cherry picked from commit 3a702f8733ff371f30e9e3ba1e1aed5f4686b6b4)
* mac80211: backport tx queueing bugfixes add a bug fix for a rare crashFelix Fietkau2022-09-154-0/+171
| | | | | | | | | | Re-introduce the queue wake fix that was reverted due to a regression, but this time with the follow-up fixes that take care of the regression. Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 9a93b62f315ad4c9f021c414ed80ba337ab4a01e) (cherry-picked from commit 8b804cae5e039142bc63896a75f15146eca3bebc) (cherry-picked from commit 8b06e06832ebe757246582b65306ad2a2537741f)
* mt76: update to the latest versionFelix Fietkau2022-09-061-3/+3
| | | | | | | d70546462b7b mt76: fix 5 GHz connection regression on mt76x0/mt76x2 Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 33c11442b2fc60313a2d3196c9b01cf9b0931305)
* hostapd: rename hostapd multicast_to_unicast option to multicast_to_unicast_allFelix Fietkau2022-09-061-5/+5
| | | | | | | | | | | | | | | | | | | | | There are two feature currently altered by the multicast_to_unicast option. 1. bridge level multicast_to_unicast via IGMP snooping 2. hostapd/mac80211 config multicast_to_unicast setting The hostapd/mac80211 setting has the side effect of converting *all* multicast or broadcast traffic into per-station duplicated unicast traffic, which can in some cases break expectations of various protocols. It also has been observed to cause ARP lookup failure between stations connected to the same interface. The bridge level feature is much more useful, since it only covers actual multicast traffic managed by IGMP, and it implicitly defaults to 1 already. Renaming the hostapd/mac80211 option to multicast_to_unicast_all should avoid unintentionally enabling this feature Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 09ea1db93b53d2c1e4a081f20fbbddd4bffd451d)
* OpenWrt v22.03.0: revert to branch defaultsHauke Mehrtens2022-09-031-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v22.03.0: adjust config defaultsv22.03.0Hauke Mehrtens2022-09-031-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-mediatek: mt7622: suppress unwanted pinctrl warningDaniel Golle2022-09-033-6/+47
| | | | | | | Import patch which removes the default pinctrl of uart0 to suppress the unwanted warning. Apply also to downstream boards. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: backport fix for unstable UART on MT7622Daniel Golle2022-09-031-0/+26
| | | | | | | | | | | | | Import pending patch "arm: dts: mt7622: force high-speed mode for uart" from Weijie Gao <weijie.gao@mediatek.com> fixing the UART problems on MT7622 which made it hard to use the U-Boot menu on devices with this SoC. This patch is also contained in commit c09eb08dad ("uboot-mediatek: add support for MT798x platforms") in the development branch. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-mediatek: no compression means IH_COMP_NONEDaniel Golle2022-09-034-4/+121
| | | | | | | | | | | Treat missing compression node in FIT image as IH_COMP_NONE. This is implicentely already happening in most places, but for now was still triggering an annoying warning about initramfs compression being obsolete despite compression note being absent. Fix this. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 0a18456ffc25d6a26911fca6f9079090243c2284)
* uboot-mediatek: fix factory reset on UBIDaniel Golle2022-09-032-2/+2
| | | | | | | | Truncating a UBI volume using `ubi write 0x0 volname 0x0` results in segfault on newer U-Boot. Write 1MB of 0s instead. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit d118cbdfece181994a96d1bcb1868bd807d481bf)
* uboot-envtools: mt7622: use 4k sectors for UniFi 6 LR (ubootmod)Daniel Golle2022-09-031-1/+1
| | | | | | | | | Use 4k sectors when accessing the U-Boot environment on the 64MiB SPI-NOR flash chip found in the UniFi 6 LR. The speeds up environment write access as only 4kB instead of 64kB have to be written. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit f0adf253fdcf78ce005dad9652b405a4ad2726e6)
* uboot-mediatek: fix Ubiquiti UniFi 6 LR U-Boot modDaniel Golle2022-09-031-20/+8
| | | | | | | | Image names as well as the calculation of the padded image size did not work as intended. Fix that. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 0bc8889e7b4f19d7e33a9be6c3db918fed051501)
* at91bootstrap: use sdmmc0 as booting media for sama5d27_som1_ekClaudiu Beznea2022-09-021-7/+1
| | | | | | | | | | | Commit 0b7c66c ("at91bootstrap: add sama5d27_som1_eksd1_uboot as default defconfig") changed default booting media for sama5d27_som1_ek board w/o any reason. Changed it back to sdmmc0 as it is for all the other Microchip supported distributions for this board (Buildroot, Yocto Project). The initial commit cannot be cleanly reverted. Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com> (cherry picked from commit e9f12931e60ee291cd7d2c8fd19a14682dae0197)
* uboot-at91: use sdmmc0 as booting media for sama5d27_som1_ekClaudiu Beznea2022-09-021-3/+3
| | | | | | | | | | | | Commit adc69fe (""uboot-at91: changed som1 ek default defconfigs") changed the booting media to sdmmc1 as default booting w/o any reason. The Microchip releases for the rest of supported distributions (Buildroot, Yocto Project) uses sdmmc0 as default booting media for this board. Thus change it back to sdmmc0. With this remove references to sdmmc1 config. The initial commit cannot be cleanly reverted. Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com> (cherry picked from commit 9a49788008c18fd4fe6fefe9697962c102fb14c6)
* firewall4: update to latest Git HEADJo-Philipp Wich2022-09-011-3/+3
| | | | | | | | | f5fcdcf cli: introduce test mode and refuse firewall restart on errors a540f6d fw4: fix cosmetic issue with per-ruleset and per-table include paths 695e821 doc: fix swapped include positions in nftables.d README Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit ab31ffc425b59afc102f8a3275791c153f39c8f4)
* ucode: update to latest Git HEADJo-Philipp Wich2022-08-311-3/+3
| | | | | | | | | 344fa9e lib: extend render() to support function values 89452b2 lib: improve getenv() and split() implementations Signed-off-by: Jo-Philipp Wich <jo@mein.io> [fix commit subject] (cherry picked from commit c6d6306827e9296faad26981996825ce3e90259d)
* mac80211: disable ft-over-ds by defaultFelix Fietkau2022-08-301-1/+1
| | | | | | | | | Testing has shown it to be very unreliable in variety of configurations. It is not mandatory, so let's disable it by default until we have a better solution. Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 2984a0420649733662ff95b0aff720b8c2c19f8a)
* mbedtls: update to version 2.28.1Hauke Mehrtens2022-08-283-24/+46
| | | | | | | | | | | | Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1 This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. The build problem was reported upstream: https://github.com/Mbed-TLS/mbedtls/issues/6243 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit f3870546a544c39c6fde2e7e014394aa085d8057)
* iptables: default to ip(6)tables-nft when using buildrootEtienne Champetier2022-08-281-2/+2
| | | | | | | | | 35fec487e30f05c81bd135326a993dad7f861812 fixed opkg usage, but when using buildroot we were still defaulting to ip(6)tables-legacy Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> (cherry picked from commit 0c8d7e34ab35f6b41f034fd94fec740970e0125b)
* hostapd: fix WPA3 enterprise keys and ciphersJoerg Werner2022-08-261-3/+10
| | | | | | | | | WPA3 enterprise requires group_mgmt_cipher=BIP-GMAC-256 and if 802.11r is active also wpa_key_mgmt FT-EAP-SHA384. This commit also requires corresponding changes in netifd. Signed-off-by: Joerg Werner <schreibubi@gmail.com> (cherry picked from commit 9fbb76c0470fd54f1f34909b1098d0f76078878f)
* iwinfo: update to latest HEADHauke Mehrtens2022-08-261-3/+3
| | | | | | | 0dad3e6 Add support for CCMP-256 and GCMP-256 ciphers Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit cc6a323e2328176b732b13f1f09745354270cd39)
* iproute2: Fix KERNEL_INCLUDE in SDKHauke Mehrtens2022-08-261-1/+1
| | | | | | | | | | | | | | | | | | In the SDK the folder $(LINUX_DIR)/user_headers/include does not exist, but it more or less contains the same content as $(LINUX_DIR)/include/uapi which also exists in the SDK. Since iproute2 commit 1d819dcc741e ("configure: fix parsing issue on include_dir option") it checks if this folder exists and aborts the build if it does not exists. https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1d819dcc741e25958190e31f8186c940713fa0a8 With this commit the KERNEL_INCLUDE variable points to a valid folder with the kernel include headers. I am not sure if they are actually needed because the build worked before even with an invalid path. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 60738fedede1746922a8b227f24ad5c733661585)
* umbim: bump to git HEADHauke Mehrtens2022-08-261-3/+3
| | | | | | | 146bc77 umbim: fix invalid mbim message string encoding Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 90bedc411b1e98e9adf668dde09f8eafe4490344)
* mt76: update to the latest versionFelix Fietkau2022-08-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | 9485e3b47066 mt76: remove q->qid e5674c4aa402 mt76: mt7921: enable HW beacon filter not depending on PM flag 7fd299e3c921 mt76: mt7921: enable HW beacon filter in the initialization stage d5459efaaf14 mt76: mt7921: make mt7921_pci_driver static b8304b456e23 mt76: connac: move tx initialization/cleanup in mt76_connac module 6e0d7077486c mt76: mt7921: reduce log severity levels for informative messages cb80da974fe6 mt76: mt7921: reduce the mutex lock scope during reset a2d61f4f4063 mt76: mt7915 add ht mpdu density 08ea730c1130 mt76: add len parameter to __mt76_mcu_msg_alloc signature 60ef85fa352c mt76: introduce MT_RXQ_BAND2 and MT_RXQ_BAND2_WA in mt76_rxq_id 8ccbb38ca6e6 mt76: add phy_idx in mt76_rx_status eb19ac83c07e mt76: introduce phys array in mt76_dev structure 30887591e3ab mt76: add phy_idx to mt76_wcid 4bf8c20a9524 mt76: convert MT_TX_HW_QUEUE_EXT_PHY to MT_TX_HW_QUEUE_PHY e6c6bf8cee09 mt76: get rid of mt76_wcid_hw routine 120f73ad992a mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() 111e92cf8c22 mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() 13bedd62ff4a mt76: connac: introduce mt76_connac_reg_map structure 5ec78e1ec43d wifi: mt76: fix reading current per-tid starting sequence number for aggregation Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit ec7d32f3769fbd815f72a7471e4bb7a07aee359d)
* netifd: update to the latest versionFelix Fietkau2022-08-251-3/+3
| | | | | | | 76d2d41b7355 interface: fix use-after-free bug when rewriting resolv.conf Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 31648c4b59add5b1cb441073a46c80ab768b588c)
* netifd: update to git HEADHauke Mehrtens2022-08-251-3/+3
| | | | | | | | 87fbefd interface: support "zone" config option bfa039c netifd: fix WPA3 enterprise ciphers Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry-picked from commit 8008816a2ceeb7e66d27d9882685933bb9df4c76)
* rpcd: bump version to 2022-08-24Petr Štetiar2022-08-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | gcc 10 with -O2 reports following: In function ‘strncpy’, inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:244:4: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function ‘strncpy’, inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:227:4: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Since it is not possible to avoid truncation by strncpy, it is necessary to make sure the result of strncpy is properly NUL-terminated and the NUL must be inserted explicitly, after strncpy has returned. References: #10442 Reported-by: Alexey Smirnov <s.alexey@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 34ddd2e545f068e4684ecce98c1da3a6c7c9b04a)
* rpcd: update to latest Git HEADJo-Philipp Wich2022-08-251-3/+3
| | | | | | | ae5afea ucode: parse ucode plugin scripts in raw mode, init search path Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 66a360206e341abdd1e5560e9cb522d8e453b095)
* uhttpd: update to latest Git HEADJo-Philipp Wich2022-08-251-3/+3
| | | | | | | | | | | | | e3395cd ucode: initialize search path before VM init 8cb3f85 ucode: initialize default library search path 188dea2 utils: accept '?' as path terminator in uh_path_match() c5eac5d file: support using dynamic script handlers as error pages 290ff88 relay: trigger close if in header read state with pending data f9db538 ucode: ignore exit exceptions 8ba0b64 cmake: use variables and find_library for dependency Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 4ee77cfcfadcd2b28678a1f3e8e78383b0b21963)
* ucode: update to latest Git HEADJo-Philipp Wich2022-08-251-4/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bcdd2cb examples: add module search path initialization and freeing ee1946f ubus: fix GCC strncpy() truncation warning 131d99c lib: introduce three new functions call(), loadstring() and loadfile() 8e8dae0 lib: introduce helper function for indenting error messages 476f02b lib: simplify include_path() d84b53a source: avoid null pointer access in uc_source_runpath_set() c43a54f types: gracefully handle unpatched upvalues in ucv_free() e2fb11a README.md: document gc() function b41cb2d main: introduce -g flag to allow enabling periodic gc from cli 85d7885 lib: implement gc() 47528f0 vm: support automatic periodic GC runs 381cc75 types: treat vm->exports as GC roots fcc49e6 compiler: add import statement support for dynamic extensions c9442f1 vm: introduce new I_DYNLOAD opcode b6fd8a2 lib: internally expose new uc_require_library() helper a486adc vm: don't treat offset 0 special for exceptions 41ccd19 compiler: don't treat offset 0 special at syntax errors b4a3f68 compiler: improve formatting of nested syntax error messages 5d5dadc program: remove now unused uc_program_export_lookup() 304995b compiler: rework export index allocation 506cc37 compiler: fix deriving module path from source runpath 54b7fac compiler: enforce stricter module compilation rules d62e372 vm: don't initialize upvalues for module functions b856602 program: add serialization and deserialization for module function flag d7d1bde compiler: add a flag denoting module functions 156d584 treewide: unexport libucode internal functions 10e056d compiler: add support for import/export statements 862e49d compiler: resolve predeclared upvalues 78dfb08 compiler: require a name in function declarations afd78c1 compiler: fix reported source position in inc/dec operator error e1c3db0 tests: run_tests.sh: substitute dynamic test directory path in output 3c168b5 vm, cli: move search path into global configuration structure d85bc71 vm: introduce import and export opcodes 365782e vm: honor constant flag of objects and arrays 6becc64 vm: transparently resolve upvalue references 3418967 vm: gracefully handle unresolved upvalues 50cf572 program: add function to globally lookup exported name c441f65 program: add infrastructure to handle multiple sources per program 2322468 program: fix reporting source position of first instruction 9c9a9ec program: fix en/decoding debuginfo upvalue slots in precompiled bytecode 41114a0 source: add tracking of exported symbols 70ae304 lib: honor constant flag of arrays 3c104f5 types: resolve upvalue references on stringification 3a6f9cb types: add ability to mark array and object values as constant b738f3a lexer: recognize module related keywords 03c8e4b lexer: rewrite token scanner fd433aa lexer: fix parsing with disabled block left stripping 557577a rtnl: fix parsing/creation of IFLA_AF_SPEC RTA for the AF_BRIDGE family 35c6b73 compiler: fix stack mismatch on continue statements nested in switches f673096 uloop: end uloop on exceptions in managed code 2e5426c ubus: end uloop on exceptions in managed code c024270 rtnl: expose IFLA_STATS64 contents d3c58c0 rtnl: expose ifinfomsg.ifi_change member c4dde50 rtnl: update NETLINK_GET_STRICT_CHK socket flag with every request 7ef0d02 nl80211: fix NL80211_SURVEY_INFO_NOISE datatype 9a2e592 compiler: fix stack mismatch on nonmatching switch statements with locals 03c8ca5 nl80211: recognize further NL80211_STA_INFO_* NLAs a1ed566 struct: add optional offset argument to `unpack()` 230e595 rtnl: fix segmentation fault on parsing linkinfo RTA without data 523566d rtnl: zero request message headers 56be30d rtnl: fix premature netlink reply receive abort 1347440 rtnl: avoid stray "netlink: %d bytes leftover after parsing attributes." 44b0a3b struct: fix packing `*` format after other repeated formats Also package uloop binding module which has been introduced by a previous ucode update and introduce a host build with the basic set of modules. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 3446d32616efad335c4eeeafc2f542089839bf20)
* nftables: fix parsing date expressionsJo-Philipp Wich2022-08-252-1/+45
| | | | | | | | | Musl libc does not support the non-POSIX "%F" format for strptime() so replace all occurrences of it with an equivalent "%Y-%m-%d" format. Fixes: #10419 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit e6e4f979999393825370e9db9fe04d75cb01acf2)
* firewall4: update to latest Git HEADJo-Philipp Wich2022-08-251-3/+3
| | | | | | | | | | a4484d4 fw4: support automatic includes ca7e3a1 fw4: honour enabled option of include sections 5a02f74 tests: add missing fs.stat) mock data for `nf_conntrack_dummy` 111a7f7 fw4: don't inherit zone family from ct helpers Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit fe86b2ffaaf6059250e3ba0a9e1436312415e23f)
* mac80211: parse the correct set of HE capabilities for AP modeSultan Alsawaf2022-08-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | It is common for 802.11ax NICs to support more than just AP mode, which results in there being a distinct set of HE capabilities for each mode. As (bad) luck would have it, iw prints out info for each HE mode in sequential order according to `enum nl80211_iftype`, and AP mode isn't always first. As a result, the wrong set of HE capabilities can be parsed if an AP NIC supports station (managed) mode or any other mode preceding AP mode, since only the first set of HE capabilities printed by iw is parsed from awk's output. This has a noticeable impact on beamforming for example, since managed mode usually doesn't have beamformer capabilities enabled, while AP mode does. Hostapd won't be set up with the configs to enable beamformer capabilities in this scenario, causing hostapd to disable beamforming to HE stations even when it's supported by the AP. Always parse the correct set of HE capabilities for AP mode to fix this. This is achieved by trimming all of iw's output prior to the AP mode capabilities, which ensures that the first set of HE capabilities are always for AP mode. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> (cherry picked from commit f338f76a66a50d201ae57c98852aa9c74e9e278a)
* base-files: add mtd_get_mac_encrypted_arcadyan functionMikhail Zhilkin2022-08-191-0/+31
| | | | | | | | | | Some Arcadyan devices (e.g. MTS WG430223) keep their config in encrypted mtd. This adds mtd_get_mac_encrypted_arcadyan() function to get the MAC address from the encrypted partition. Function uses uencrypt utility for decryption (and openssl if the uencrypt wasn't found). Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com> (cherry picked from commit 12c971bc26ac0ff04257bc475fff6fa68068c6c0)
* uencrypt: add package to decrypt WG4хх223 configEneas U de Queiroz2022-08-193-0/+194
| | | | | | | | | This adds a simple AES-128-CBC encryption/decryption program using either wolfSSL or OpenSSL as backend to decrypt Arcadyan WG4xx223 configuration partitions. The ipk size is 3,355 bytes. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit bc43ad88ed18722c0621fd6dfef0ff68268f4e14)