librecmc/librecmc.git
3 months agoscripts: Add GNU ftp mirror redirector for GNU and Savannah
Sahil Dhiman [Sat, 25 May 2024 09:57:12 +0000 (15:27 +0530)]
scripts: Add GNU ftp mirror redirector for GNU and Savannah

Add GNU's redirector which automatically redirect user to nearby online
mirror.

Signed-off-by: Sahil Dhiman <sahil@hopbox.in>
Link: https://github.com/openwrt/openwrt/pull/15557
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 6510eb3b5d612ea7a70c4a8d9b83639e3b46e221)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agoconfig: kernel: remove KASAN_EXTRA
Qingfang Deng [Fri, 7 Jun 2024 09:55:38 +0000 (17:55 +0800)]
config: kernel: remove KASAN_EXTRA

The option has been removed from the kernel since 5.1.

Signed-off-by: Qingfang Deng <dqfext@gmail.com>
(cherry picked from commit 60ea3d6d46954553b7b50460dfe6b86878fe5990)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agotools/sparse: fix compilation with GCC14
Rosen Penev [Fri, 14 Jun 2024 23:01:34 +0000 (16:01 -0700)]
tools/sparse: fix compilation with GCC14

Upstream backport.

Get rid of PKG_RELEASE as it's irrelevant to tools.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 253d777c968b8fd74e857bec4cd74267daae0010)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agoscripts/ext-toolchain: add missing libc library specs
Christian Marangi [Mon, 17 Jun 2024 11:19:52 +0000 (13:19 +0200)]
scripts/ext-toolchain: add missing libc library specs

Add missing libc library spec that weren't added to the ext-toolchain
script when the library were introduced in the packages libs toolchain
Makefile.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 8cad52a267bffe384a119f3e5ae1892e8580a981)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agohostapd: fix crash on interface setup failure
Felix Fietkau [Fri, 14 Jun 2024 12:43:39 +0000 (14:43 +0200)]
hostapd: fix crash on interface setup failure

Add a missing NULL pointer check when deleting beacons

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 3984fb0582083c5c0f511ed3a33eb17908eccb08)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agohostapd: use strdup on string passed to hostapd_add_iface
Felix Fietkau [Fri, 14 Jun 2024 12:17:57 +0000 (14:17 +0200)]
hostapd: use strdup on string passed to hostapd_add_iface

The data is modified within hostapd_add_iface

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 032d3fcf7a861b140435b6507b2b0b66361c92f8)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: crypto: remove FCRYPT from miscellany
Nathaniel Wesley Filardo [Thu, 20 Jun 2024 14:15:50 +0000 (15:15 +0100)]
kernel: crypto: remove FCRYPT from miscellany

It has its own dedicated knob

Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15761
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 7d71c03ab188a58d74d6cdbeabb38b70ead2c74b)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: Add kmod-mfd
Hauke Mehrtens [Sat, 29 Jun 2024 16:23:13 +0000 (18:23 +0200)]
kernel: Add kmod-mfd

Package the mfd-core.ko kernel module. It is selected by the
kmod-hwmon-gsc already.

Link: https://github.com/openwrt/openwrt/pull/15833
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 8b4fd1c0dece936dc2c79f2a17d824512e7e7df3)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: Add kmod-crypto-xxhash
Hauke Mehrtens [Sat, 29 Jun 2024 16:14:47 +0000 (18:14 +0200)]
kernel: Add kmod-crypto-xxhash

kxxhash_generic.ko is a soft dependency of kmod-fs-btrfs, but we did not
package it. Extract the kmod-lib-xxhash and then package
xxhash_generic.ko.

Link: https://github.com/openwrt/openwrt/pull/15833
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 2ebeda029490e308cc0e8f475e63280f960e74c4)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: Add kmod-crypto-blake2b
Hauke Mehrtens [Sat, 29 Jun 2024 15:38:46 +0000 (17:38 +0200)]
kernel: Add kmod-crypto-blake2b

The kmod-fs-btrfs package has a soft dependency to kmod-crypto-blake2b

The CONFIG_BTRFS_FS kernel build option selects CONFIG_CRYPTO_BLAKE2B,
but we did not package it before.

Link: https://github.com/openwrt/openwrt/pull/15833
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f89091bba6be483e66c5ac14c477621f74aef203)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: Fix kmod-lib-lz4 packaging
Hauke Mehrtens [Sat, 29 Jun 2024 15:54:49 +0000 (17:54 +0200)]
kernel: Fix kmod-lib-lz4 packaging

The kernel provides two variants of the lz4 compression a normal version
and a high compression mode version. The old kmod-lib-lz4 package
contained the normal version plus one part of the lz4hc version. There
was already code which selected the kmod-lib-lz4hc package which did
not exists.

I split this into 3 packages. kmod-lib-lz4 and kmod-lib-lz4hc for the
normal the and high compression algorithm which contain the specific
code and the kmod-lib-lz4-decompress which contains the common
decompressor.

New we are also packaging lz4hc.ko

Link: https://github.com/openwrt/openwrt/pull/15833
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit fac507606d75eec04762013582273468eea7ed92)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agokernel: Extract kmod-nf-dup-inet
Hauke Mehrtens [Sat, 29 Jun 2024 15:24:09 +0000 (17:24 +0200)]
kernel: Extract kmod-nf-dup-inet

The nf_dup_ipv4.ko and nf_dup_ipv6.ko kernel module were packaged by
kmod-ipt-tee and kmod-nft-dup-inet at the same time. Extract them into a
separate package used by both.

Link: https://github.com/openwrt/openwrt/pull/15833
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit b0953c4fbf1bb0ad0844febe991636d05884c194)
Link: https://github.com/openwrt/openwrt/pull/15898
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3 months agomac80211: Update to version 6.1.97-1
Hauke Mehrtens [Thu, 27 Jun 2024 23:32:46 +0000 (01:32 +0200)]
mac80211: Update to version 6.1.97-1

This updates mac80211 to version 6.1.97-1. This code is based on Linux
6.1.97 and contains all fixes included in the upstream wireless
subsystem from that kernel version. This includes many bugfixes and also
some security fixes.

The removed patches are already integrated in upstream Linux 6.1.97 or
in backports.

The following patches were integrated in upstream Linux:
   ath11k/0013-wifi-ath11k-synchronize-ath11k_mac_he_gi_to_nl80211_.patch
   ath11k/0035-wifi-ath11k-Use-platform_get_irq-to-get-the-interrup.patch
   ath11k/0036-wifi-ath11k-fix-SAC-bug-on-peer-addition-with-sta-ba.patch
   ath11k/0047-wifi-ath11k-fix-deinitialization-of-firmware-resourc.patch
   ath11k/0053-wifi-ath11k-fix-writing-to-unintended-memory-region.patch
   ath11k/0060-wifi-ath11k-Ignore-frags-from-uninitialized-peer-in-.patch
   ath11k/0065-wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch
   ath11k/0067-wifi-ath11k-Fix-SKB-corruption-in-REO-destination-ri.patch
   ath11k/0069-wifi-ath11k-fix-registration-of-6Ghz-only-phy-withou.patch
   ath11k/0080-wifi-ath11k-add-support-default-regdb-while-searchin.patch
   ath11k/0085-wifi-ath11k-fix-memory-leak-in-WMI-firmware-stats.patch
   ath11k/0086-wifi-ath11k-Add-missing-check-for-ioremap.patch
   ath11k/0096-wifi-ath11k-fix-boot-failure-with-one-MSI-vector.patch
   subsys/337-wifi-mac80211-fix-race-condition-on-enabling-fast-xm.patch

The following patches were integrated in upstream backports:
   ath11k/901-wifi-ath11k-pci-fix-compilation-in-5.16-and-older.patch
   build/080-resv_start_op.patch
   build/110-backport_napi_build_skb.patch

The following files are missing in backports, we do not have to remove
them any more. Some were already missing before some were removed in
this update:
   include/linux/cordic.h
   include/linux/crc8.h
   include/linux/eeprom_93cx6.h
   include/linux/wl12xx.h
   include/net/ieee80211.h
   backport-include/linux/bcm47xx_nvram.h
   include/linux/ath9k_platform.h
   include/net/bluetooth/

backports ships a dummy Mediatek wed header for older kernel versions.
We backported the feature in our kernel, remove the dummy header:
   backport-include/linux/soc/mediatek/mtk_wed.h

Remove header files for subsystems used form the mainline kernel:
   include/trace/events/qrtr.h
   include/net/rsi_91x.h
   backport-include/linux/platform_data/brcmnand.h

Link: https://github.com/openwrt/openwrt/pull/15827
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 months agokernel: mac80211 Remove patches for non-free devices we don't use / support.
RISCi_ATOM [Tue, 9 Jul 2024 16:57:51 +0000 (12:57 -0400)]
kernel: mac80211 Remove patches for non-free devices we don't use / support.

4 months agoiw: sync nl80211.h
Hauke Mehrtens [Mon, 1 Jul 2024 21:55:03 +0000 (23:55 +0200)]
iw: sync nl80211.h

Update the nl80211.h file in iw with the version from backports.

The files were out of sync already before the mac80211 update. If iw set
the NL80211_ATTR_WIPHY_ANTENNA_GAIN attribute the kernel assumed it set
the NL80211_ATTR_PUNCT_BITMAP attribute because the id was the same.

Link: https://github.com/openwrt/openwrt/pull/15827
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 months agotarget.mk: fix arm architecture level detection
Lu jicong [Tue, 2 Jul 2024 13:01:49 +0000 (21:01 +0800)]
target.mk: fix arm architecture level detection

Now kernel configs of armv6k CPUs don't include CONFIG_CPU_V6.
So armv6k CPUs cannot be detected as arm_v6.
Fix this by adding detection for CONFIG_CPU_V6K.

Signed-off-by: Lu jicong <jiconglu58@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15855
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit d55083fbcaea9cdd2ebc10a2d38989ad485a5357)

4 months agopackage/utils/secilc: drop PKG_CPE_ID
Fabrice Fontaine [Sat, 27 Apr 2024 15:50:05 +0000 (17:50 +0200)]
package/utils/secilc: drop PKG_CPE_ID

cpe:/a:selinuxproject:secilc is not a correct CPE ID for secilc:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:selinuxproject:secilc

Fixes: 9ee7c1ec60e23f25f5d275c6439ce93aec914e1c (secilc: adds new package)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15298
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 58a5877846e2913bed4fd982386797d7751f58f0)
Link: https://github.com/openwrt/openwrt/pull/15881
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 months agopackage/network/utils/iptables: fix PKG_CPE_ID
Fabrice Fontaine [Sat, 27 Apr 2024 15:25:58 +0000 (17:25 +0200)]
package/network/utils/iptables: fix PKG_CPE_ID

cpe:/a:netfilter:iptables is the correct CPE ID for iptables:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:netfilter:iptables

Fixes: c61a2395140d92cdd37d3d6ee43a765427e8e318 (add PKG_CPE_ID ids to package and tools)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15297
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 6e5edec159e2dc468607a5b9179f722857a38421)
Link: https://github.com/openwrt/openwrt/pull/15881
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 months agopackage/libs/libjson-c: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 26 Apr 2024 15:47:24 +0000 (17:47 +0200)]
package/libs/libjson-c: fix PKG_CPE_ID

cpe:/a:json-c:json-c is the correct CPE ID for libjson-c:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:json-c:json-c

Fixes: c61a2395140d92cdd37d3d6ee43a765427e8e318 (add PKG_CPE_ID ids to package and tools)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15292
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit a4f723e04ed245819fe320f472a4ff2b4eda00fb)
Link: https://github.com/openwrt/openwrt/pull/15881
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 months agopackage/network/services/dropbear: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 26 Apr 2024 14:09:32 +0000 (16:09 +0200)]
package/network/services/dropbear: fix PKG_CPE_ID

cpe:/a:dropbear_ssh_project:dropbear_ssh is the correct CPE ID for dropbear:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:dropbear_ssh_project:dropbear_ssh

Fixes: c61a2395140d92cdd37d3d6ee43a765427e8e318 (add PKG_CPE_ID ids to package and tools)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15290
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 289f811abb4ace7aa08ae7bf85c0d4f9460f0802)
Link: https://github.com/openwrt/openwrt/pull/15881
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 months agotoolchain/nasm: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 26 Apr 2024 08:41:15 +0000 (10:41 +0200)]
toolchain/nasm: fix PKG_CPE_ID

cpe:/a:nasm:netwide_assembler is the correct CPE ID for nasm:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:nasm:netwide_assembler

Fixes: bcf02c5d3123a99c717ca33f1d7c6250acf0f33f (toolchain: assign PKG_CPE_ID)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit e1ca08518e96ccf088119fbc9930c5e4beef86cc)
Link: https://github.com/openwrt/openwrt/pull/15881
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 months agotools/flex: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 26 Apr 2024 08:51:16 +0000 (10:51 +0200)]
tools/flex: fix PKG_CPE_ID

cpe:/a:westes:flex is the correct CPE ID for flex:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:westes:flex

Fixes: c61a2395140d92cdd37d3d6ee43a765427e8e318 (add PKG_CPE_ID ids to package and tools)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 832460b452d840451adf44713e90515fc61c88ab)
Link: https://github.com/openwrt/openwrt/pull/15881
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 months agotools/zlib: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 26 Apr 2024 08:59:58 +0000 (10:59 +0200)]
tools/zlib: fix PKG_CPE_ID

cpe:/a:zlib:zlib is the correct CPE ID for zlib:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:zlib:zlib

Fixes: c61a2395140d92cdd37d3d6ee43a765427e8e318 (add PKG_CPE_ID ids to package and tools)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit e9ecaade6f1f9bd821523a3b731bfaaf5ab5ca35)
Link: https://github.com/openwrt/openwrt/pull/15881
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 months agopackage/libs/pcre2: fix PKG_CPE_ID
Fabrice Fontaine [Fri, 26 Apr 2024 13:09:50 +0000 (15:09 +0200)]
package/libs/pcre2: fix PKG_CPE_ID

cpe:/a:pcre:pcre2 is the correct CPE ID for pcre2:
https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:pcre:pcre2

Fixes: c39b0646f3f2d96d40f601209859175af8537b6d (pcre2: import pcre2 from packages feed)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
(cherry picked from commit 27d1ebb46adfd58db9a8034336c2d85b41f617f9)
Link: https://github.com/openwrt/openwrt/pull/15881
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 months agoopenssl: conditionally disable engine section
Sean Khan [Sun, 9 Jun 2024 01:02:30 +0000 (21:02 -0400)]
openssl: conditionally disable engine section

Currently, the build option to enable/disable engine support isn't
reflected in the final '/etc/ssl/openssl.cnf' config. It assumes `engines`
is always enabled, producing an error whenever running any
commands in openssl util or programs that explicitly use settings
from '/etc/ssl/openssl.cnf'.

```
➤ openssl version
FATAL: Startup failure (dev note: apps_startup()) for openssl
307D1EA97F000000:error:12800067:lib(37):dlfcn_load:reason(103):crypto/dso/dso_dlfcn.c:118:filename(libengines.so):
Error loading shared library libengines.so: No such file or directory
307D1EA97F000000:error:12800067:lib(37):DSO_load:reason(103):crypto/dso/dso_lib.c:152:
307D1EA97F000000:error:0700006E:lib(14):module_load_dso:reason(110):crypto/conf/conf_mod.c:321:module=engines, path=engines
307D1EA97F000000:error:07000071:lib(14):module_run:reason(113):crypto/conf/conf_mod.c:266:module=engines
```

Build should check for the `CONFIG_OPENSSL_ENGINE` option, and comment out `engines`
if not explicitly enabled.

Example:
```
[openssl_init]
providers = provider_sect
```

After this change, openssl util works correctly.

```
➤ openssl version
OpenSSL 3.0.14 4 Jun 2024 (Library: OpenSSL 3.0.14 4 Jun 2024)
```

Signed-off-by: Sean Khan <datapronix@protonmail.com>
Link: https://github.com/openwrt/openwrt/pull/15661
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 31ec4515c3c14704d669156d87e2af5eeb5420e4)
Link: https://github.com/openwrt/openwrt/pull/15873
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 months agowolfssl: Update to 5.7.0
Hauke Mehrtens [Sun, 21 Apr 2024 15:46:55 +0000 (17:46 +0200)]
wolfssl: Update to 5.7.0

This fixes multiple security problems:
 * [High] CVE-2024-0901 Potential denial of service and out of bounds
   read. Affects TLS 1.3 on the server side when accepting a connection
   from a malicious TLS 1.3 client. If using TLS 1.3 on the server side
   it is recommended to update the version of wolfSSL used.

 * [Med] CVE-2024-1545 Fault Injection vulnerability in
   RsaPrivateDecryption function that potentially allows an attacker
   that has access to the same system with a victims process to perform
   a Rowhammer fault injection. Thanks to Junkai Liang, Zhi Zhang, Xin
   Zhang, Qingni Shen for the report (Peking University, The University
   of Western Australia)."

 * [Med] Fault injection attack with EdDSA signature operations. This
   affects ed25519 sign operations where the system could be susceptible
   to Rowhammer attacks. Thanks to Junkai Liang, Zhi Zhang, Xin Zhang,
   Qingni Shen for the report (Peking University, The University of
   Western Australia).

Size increased a little:
wolfssl 5.6.6:
516880 bin/packages/mips_24kc/base/libwolfssl5.6.6.e624513f_5.6.6-stable-r1_mips_24kc.ipk
wolfssl: 5.7.0:
519429 bin/packages/mips_24kc/base/libwolfssl5.7.0.e624513f_5.7.0-stable-r1_mips_24kc.ipk

(cherry picked from commit f475a44c03a303851959930030ab9e6acebb81a7)
Link: https://github.com/openwrt/openwrt/pull/15872
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
4 months agobase-files: minor fix to mmc_get_mac_ascii function
Rodrigo Balerdi [Sat, 6 Apr 2024 06:18:00 +0000 (03:18 -0300)]
base-files: minor fix to mmc_get_mac_ascii function

This is mostly a cosmetic cleanup. The absence of
the return statement was not causing any problems.

Signed-off-by: Rodrigo Balerdi <lanchon@gmail.com>
(cherry picked from commit 8cf4ac5195476356a14678ae72897e563881b15e)

4 months agobase-files: add mmc_get_mac_ascii function
Daniel Golle [Fri, 17 Nov 2023 00:02:05 +0000 (00:02 +0000)]
base-files: add mmc_get_mac_ascii function

Similar to the *_get_mac_binary function, also split the common parts
off mtd_get_mac_ascii into new get_mac_ascii function and introduce
mmc_get_mac_ascii which uses it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 45c85c1827d45f8041b8f270d80bf6fff328069c)

4 months agohostapd: bump PKG_RELEASE
David Bauer [Thu, 27 Jun 2024 20:59:50 +0000 (22:59 +0200)]
hostapd: bump PKG_RELEASE

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 89d705148553a19a9dc32191cc85aff7616cf536)

4 months agohostapd: don't ignore probe-requests with invalid DSSS params
David Bauer [Thu, 27 Jun 2024 20:58:56 +0000 (22:58 +0200)]
hostapd: don't ignore probe-requests with invalid DSSS params

Don't ignore probe requests which contain an invalid DS parameter for the
current operating channel.

As the comment outlines, the drop shall only apply if
dot11RadioMeasurementActivated is set to 1.

However, it was observed Linux clients (Debian 12 / NixOS 23.11)
with an Intel 8265 NIC may generate a probe request frame with
dot11RadioMeasurementActivated set to false and an invalid DSSS
parameter.

These were also dropped even though they should not have been. They
however should not have contained this parameter in the first place.

Don't drop Probe Requests which contain such an invalid field. This may
lead to more probe responses being sent, however it does fix very
frequent connection issues for these clients on 2.4 GHz.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 68e4cc9be5f6f485c2d3b00cf4e2f14e98aecee2)

4 months agokernel: Bump to 5.15.162
RISCi_ATOM [Tue, 9 Jul 2024 16:10:50 +0000 (12:10 -0400)]
kernel: Bump to 5.15.162

4 months agolibrecmc: Remove package feed v6.1-20240701
RISCi_ATOM [Mon, 1 Jul 2024 05:16:38 +0000 (01:16 -0400)]
librecmc: Remove package feed

Packages that were commonly found in the package feed have been moved
into the base repo.

4 months agolibrecmc: Remove targets with < 16M of flash
RISCi_ATOM [Mon, 1 Jul 2024 05:12:46 +0000 (01:12 -0400)]
librecmc: Remove targets with < 16M of flash

The intent is to add these targets back in the future.. but time
will tell.

4 months agoluci: Remove lemon binary from tree
RISCi_ATOM [Sat, 29 Jun 2024 18:25:36 +0000 (14:25 -0400)]
luci: Remove lemon binary from tree

4 months agolibrecmc: Bump version of v6.1
RISCi_ATOM [Sat, 29 Jun 2024 18:18:54 +0000 (14:18 -0400)]
librecmc: Bump version of v6.1

4 months agolibrecmc: Bring in packages from feed
RISCi_ATOM [Sat, 29 Jun 2024 18:16:16 +0000 (14:16 -0400)]
librecmc: Bring in packages from feed

Add in (most) packages that were traditionally found in
the package feed.

Pulled in from upstream *23.05 branch with the exception of avahi and
netatalk.

4 months agomdadm: update to 4.3
Rosen Penev [Sat, 18 May 2024 00:28:29 +0000 (17:28 -0700)]
mdadm: update to 4.3

Backport three patches, add one for GCC14, and add Alpine time_t patch for
musl.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
4 months agoopenssl: update to 3.0.14
John Audia [Wed, 5 Jun 2024 19:55:29 +0000 (15:55 -0400)]
openssl: update to 3.0.14

Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [04-Jun-2024]

* Fixed potential use after free after SSL_free_buffers() is called.
  [CVE-2024-4741]
* Fixed checking excessively long DSA keys or parameters may be very slow.
  [CVE-2024-4603]
* Fixed an issue where some non-default TLS server configurations can cause
  unbounded memory growth when processing TLSv1.3 sessions. An attacker may
  exploit certain server configurations to trigger unbounded memory growth that
  would lead to a Denial of Service.  [CVE-2024-2511]
* New atexit configuration switch, which controls whether the OPENSSL_cleanup
  is registered when libcrypto is unloaded. This can be used on platforms
  where using atexit() from shared libraries causes crashes on exit

Signed-off-by: John Audia <therealgraysky@proton.me>
Build system: x86/64
Build-tested: x86/64/AMD Cezanne

4 months agotools: tar: backport patch for paxlib shipped in tar
Christian Marangi [Wed, 12 Jun 2024 13:11:48 +0000 (15:11 +0200)]
tools: tar: backport patch for paxlib shipped in tar

Tar 1.34 ship an old version of paxlib with rtapelib.c that produce some
compilation warning. This library got updated in 1.35 but we still can't
use the new Tar version.

GCC 14 then made these compilarion warning errors.

Manually backport the fixes to rtapelib.c and patch the version shipped
in 1.34 to fix these compilation warning.

Fixes: #15692
Fixes: 2951e0a80e9f ("tools: tar: backport patches fixing broken --delete")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
5 months agotools/bzip2: Add cmake patch missing from commit 676bfcc813
RISCi_ATOM [Thu, 6 Jun 2024 15:33:33 +0000 (11:33 -0400)]
tools/bzip2: Add cmake patch missing from commit 676bfcc813

5 months agoadblock-fast: update to 1.1.2-1
RISCi_ATOM [Wed, 5 Jun 2024 22:16:30 +0000 (18:16 -0400)]
adblock-fast: update to 1.1.2-1

* move extra_command and EXTRA_HELP to the top of the init file
* add packageCompat variable for compatibility check with WebUI
* add OutputFilter variables for supported resolvers
* simplify adb_check with the use of OutputFilter variables
* add show_blocklist command to display currently blocked domains

5 months agoadblock: update 4.1.5-9
RISCi_ATOM [Wed, 5 Jun 2024 22:15:18 +0000 (18:15 -0400)]
adblock: update 4.1.5-9

5 months agotor: update to 0.4.8.11
RISCi_ATOM [Wed, 5 Jun 2024 22:08:39 +0000 (18:08 -0400)]
tor: update to 0.4.8.11

5 months agotools/bzip2: switch to cmake
RISCi_ATOM [Wed, 5 Jun 2024 22:04:11 +0000 (18:04 -0400)]
tools/bzip2: switch to cmake

Fixes portability issues
CMakeLists.txt is a stripped-down backport from bzip2 upstream

5 months agolibxslt: update to 1.1.39
RISCi_ATOM [Wed, 5 Jun 2024 19:46:21 +0000 (15:46 -0400)]
libxslt: update to 1.1.39

5 months agobpf-headers: fix use of netlink.h header
Christian Marangi [Wed, 18 Jan 2023 19:44:56 +0000 (20:44 +0100)]
bpf-headers: fix use of netlink.h header

netlink.h header have NL_SET_ERR_MSG_MOD that is tied to kmods. We don't
need kmods on bpf tools and this cause compilation error if the header
is included. Fix it by dropping NL_SET_ERR_MSG_MOD.

Link: https://github.com/openwrt/openwrt/pull/11825
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
5 months agoxdp-tools: fix compilation wrongly using host header
Christian Marangi [Wed, 18 Jan 2023 19:50:58 +0000 (20:50 +0100)]
xdp-tools: fix compilation wrongly using host header

Currently it's needed to have gcc-multilib on the host to correctly
compile xdp-tools. This is wrong and means that we are using host header
to compile a tool.

By some searching in how the makefile works it was discovered that
BPF_CFLAGS were not used and required to be appended to config.mk

Only one single header was added but we should include each BPF_CFLAGS
from bpf.mk. To make this some patching to bpf-header were required and
some patches to xdp-tools were required.
Also it's needed to pass the correct target to BPF_CFLAGS.

With the following changes xdp-tools can correctly compile with each
header from bpf-headers and should not use any host header.

Co-Developed-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Andre Heider <a.heider@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/11825
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
5 months agogettext-full: Fixup host build configuration args
RISCi_ATOM [Tue, 4 Jun 2024 16:06:15 +0000 (12:06 -0400)]
gettext-full: Fixup host build configuration args

5 months agolibxml2: update to 2.12.5
RISCi_ATOM [Tue, 4 Jun 2024 15:58:46 +0000 (11:58 -0400)]
libxml2: update to 2.12.5

Release Notes:
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5

Remove patch:
- 010-iconv.patch

Fixes: CVE-2024-25062

5 months agowifi-scripts: fix creation of IBSS in legacy (non-HT) mode
Alexandru Gagniuc [Wed, 3 Apr 2024 19:32:08 +0000 (14:32 -0500)]
wifi-scripts: fix creation of IBSS in legacy (non-HT) mode

When an IBBS interface is configured for IBSS legacy mode, wdev.htmode
is empty. This is empty string results in an empty positional argument
to the "ibbs join" command, for example:

    iw dev phy0-ibss0 ibss join crymesh 2412 '' fixed-freq beacon-interval 100

This empty argument is interpreted as an invalid HT mode by 'iw',
causing the entire command to fail and print a "usage" message:

    daemon.notice netifd: radio0 (4527): Usage:    iw [options] \
        dev <devname> ibss join <SSID> <freq in MHz> ...

Although nobody will ever need more than 640K of IBSS, explicitly use
"NOHT" if an HT mode is not given. This fixes the problem.

Fixes: e56c5f7b276a ("hostapd: add ucode support, use ucode for the main ubus object")
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [extend to cover more cases]
(cherry picked from commit cee9fcdb7350911f474544189817d25fd4070111)

5 months agotools: refresh all patches
Christian Marangi [Wed, 22 May 2024 10:41:10 +0000 (12:41 +0200)]
tools: refresh all patches

Refresh all tools patches now that tools/refresh correctly works.

CI now checks for them and actively complain if tools have unrefreshed
patches.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
5 months agoquilt.mk: don't error on refresh/update if patches doesn't exist
Christian Marangi [Mon, 25 Sep 2023 00:29:31 +0000 (02:29 +0200)]
quilt.mk: don't error on refresh/update if patches doesn't exist

The current code fails if we have package or host tools with no patches
to apply. The error printend is the following: (taking ubus as an
example)

make[2]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt/scripts/config'
make[2]: 'conf' is up to date.
make[2]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt/scripts/config'
make[1]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt'
make[2]: Entering directory '/home/ansuel/openwrt-ansuel/openwrt/package/system/ubus'
The source directory contains no quilt patches.
make[2]: *** [Makefile:81: quilt-check] Error 1
make[2]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt/package/system/ubus'
time: package/system/ubus/refresh#0.06#0.00#0.07
    ERROR: package/system/ubus failed to build.
make[1]: *** [package/Makefile:120: package/system/ubus/refresh] Error 1
make[1]: Leaving directory '/home/ansuel/openwrt-ansuel/openwrt'
make: *** [/home/ansuel/openwrt-ansuel/openwrt/include/toplevel.mk:232: package/ubus/refresh] Error 2

We exit 1 after saying that there are no patches because later in the
function quilt pop fails to execute.

Having no patches for a package and calling refresh should not be
a critical error and the function should just do nothing.

To handle this improve quilt.mk with the following addition.
- If we don't have any patch for the package, we print a warning and we
  create an empty series. This is useful to trick quilt and make it do
  nothing.
  We also create a status file .quilt_no_patch to detect in the other
  function that we don't have patches to handle.
- In refresh makefile target, we check if .quilt_no_patch exist and
  we skip quilt cleanup if this exist.
- In RefreshDir function we change the logic and now we delete the
  patches directory and not only the content. This is done as a cleanup
  to clean case with empty patches directory.
- In RefreshDir we check if .quilt_no_patch exist and we skip creating
  the patches directory and copying the refreshed patches.
- In RefreshDir we delete at the end any trace of .quilt_no_patch if
  present.

This is needed to support run like package/refresh that will run the
refresh process on any package present in the buildroot.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 9536446965e853231e34c4e5dc4cf13f838b9e90)

5 months agoquilt.mk: use CURDIR instead of ./ for PATCH_DIR and FILES_DIR
Christian Marangi [Mon, 25 Sep 2023 00:26:43 +0000 (02:26 +0200)]
quilt.mk: use CURDIR instead of ./ for PATCH_DIR and FILES_DIR

To better reference them for diagnostic use, reference the PATCH_DIR and
FILES_DIR with the absolute path instead of using ./ and reference by
the relative location.

No behaviour change intended.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit bb1bfb46020b38179ef97d30333c90ab00b71c97)

5 months agotools/padjffs2: use Host/Prepare/Default instead of raw commands
Christian Marangi [Wed, 22 May 2024 09:56:45 +0000 (11:56 +0200)]
tools/padjffs2: use Host/Prepare/Default instead of raw commands

Now that Host/Prepare/Default is always defined, we can use that instead
of using raw commands to move files from the src directory to
HOST_BUILD_DIR.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 01048c7456785bc4a45452c84d8f31635e1fa60b)

5 months agotools/missing-macros: install files from HOST_BUILD_DIR instead of src
Christian Marangi [Wed, 22 May 2024 09:53:52 +0000 (11:53 +0200)]
tools/missing-macros: install files from HOST_BUILD_DIR instead of src

Install files from HOST_BUILD_DIR instead of src. These files are now
correctly copied to HOST_BUILD_DIR and can be referenced from there.

(cherry picked from commit 46bcbe42236bbe058eaeb89a0d1a4f22926cfdf9)
[ rebased on top of openwrt-23.05 ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
5 months agohost-build: always define Host/Prepare/Default
Christian Marangi [Wed, 22 May 2024 09:38:49 +0000 (11:38 +0200)]
host-build: always define Host/Prepare/Default

We currently skip defining Host/Prepare/Default if HOST_UNPACK is not
defined.

This is mostly the case for Host packages that just provide files with
the src directory and don't need to be downloaded/extracted.

This was probably done lots of times ago due to quilt causing error as
the patches directory wasn't present.
This has changed now and quilt can correctly detect if no patches needs
to be applied (instead of terminating with error)

Always define Host/Prepare/Default to make tools/refresh correctly works
as HOST_QUILT is hardcoded enabled for this make target and will
complain for tool not prepared for quilt patches.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 725389b7c745b0fa68426986c9bca14171f16887)

5 months agowireless-regdb: update to 2024.05.08
Yuu Toriyama [Sat, 18 May 2024 22:08:37 +0000 (07:08 +0900)]
wireless-regdb: update to 2024.05.08

Changes:
  73529a8 Revert "wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)"
  87941e4 wireless-regdb: Update regulatory rules for Taiwan (TW) on 6GHz
  33797ae wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit 65c1f0d433e89c794a6d22dbe474666c241f9e7b)

5 months agokernel : Bump to 5.15.160
RISCi_ATOM [Tue, 4 Jun 2024 15:50:20 +0000 (11:50 -0400)]
kernel : Bump to 5.15.160

5 months agogengetopt: backport patch fixing support for c++17
Christian Marangi [Wed, 1 May 2024 13:42:57 +0000 (15:42 +0200)]
gengetopt: backport patch fixing support for c++17

Backport patch fixing support for c++17 that got merged upstream in
gengetopt.

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit a8bfdf2ed4d930ca5a31b5c4bc7061ad5ef11ba3)

5 months agolua: fix CVE-2014-5461
Rosen Penev [Sun, 11 Feb 2024 23:06:44 +0000 (15:06 -0800)]
lua: fix CVE-2014-5461

Patch taken from Debian.

Refresh patches

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 78b0106f7d5093641f68d37c041a5863eb9dd9a0)

5 months agotoolchain/gdb: backport patch for macOS to fix invalid range
Josef Schlehofer [Sun, 28 Apr 2024 21:04:03 +0000 (23:04 +0200)]
toolchain/gdb: backport patch for macOS to fix invalid range

With the recent macOS update to Ventura, it looks like gdb could not be
compiled with clang16 and newer version, because it fails with:
./../gdbsupport/enum-flags.h:95:52: error: integer value -1 is outside the valid range of values [0, 15] for this enumeration type [-Wenum-constexpr-conversion]
    integer_for_size<sizeof (T), static_cast<bool>(T (-1) < T (0))>::type
                                                   ^
./../gdbsupport/enum-flags.h:95:52: error: integer value -1 is outside the valid range of values [0, 1] for this enumeration type [-Wenum-constexpr-conversion]
./../gdbsupport/enum-flags.h:95:52: error: integer value -1 is outside the valid range of values [0, 3] for this enumeration type [-Wenum-constexpr-conversion]
./../gdbsupport/enum-flags.h:95:52: error: integer value -1 is outside the valid range of values [0, 3] for this enumeration type [-Wenum-constexpr-conversion]
4 errors generated.

- Upstream bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=30423

- Backported upstream commit:
https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ae61525fcf456ab395d55c45492a106d1275873a

Fixes: https://github.com/openwrt/openwrt/issues/15314

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15315
Signed-off-by: Robert Marko <robimarko@gmail.com>
5 months agoprocd: make mDNS TXT record parsing more solid
Christian Marangi [Mon, 29 Apr 2024 19:17:31 +0000 (21:17 +0200)]
procd: make mDNS TXT record parsing more solid

mDNS broadcast can't accept empty TXT record and would fail
registration.

Current procd_add_mdns_service checks only if the first passed arg is
empty but don't make any verification on the other args permittins
insertion of empty values in TXT record.

Example:

procd_add_mdns "blah" \
"tcp" "50" \
"1" \
"" \
"3"

Produce:

{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "", "3" ] } }

The middle empty TXT record should never be included as it's empty.

This can happen with scripts that make fragile parsing and include
variables even if they are empty.

Prevent this and make the TXT record more solid by checking every
provided TXT record and include only the non-empty ones.

The fixed JSON is the following:

{ "blah_50": { "service": "_blah._tcp.local", "port": 50, "txt": [ "1", "3" ] } }

Fixes: b0d9dcf84dd0 ("procd: update to latest git HEAD")
Reported-by: Paul Donald <newtwen@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/15331
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 4b043047132de0b3d90619d538f103af6153fa5a)

5 months agoRevert "uboot-sunxi: add missing type __u64"
Petr Štetiar [Mon, 30 Oct 2023 19:38:04 +0000 (19:38 +0000)]
Revert "uboot-sunxi: add missing type __u64"

This reverts commit 3cc57ba4627c9c7555f8ad86e4f78d86d8f9ddf0 as it
should be fixed in commit 78cbd5a57e11 ("tools: macOS: types.h: fix
missing unsigned types").

References: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit bc47613cf0215743cde641f962386d59b57a332a)

5 months agotools: macOS: types.h: fix missing unsigned types
Petr Štetiar [Mon, 30 Oct 2023 19:31:03 +0000 (19:31 +0000)]
tools: macOS: types.h: fix missing unsigned types

For some reason unsigned types were not added in commit 0a06fcf608dd
("build: fix kernel 5.4 on macos"), which led to bunch of hacks, like
commit 3cc57ba4627c ("uboot-sunxi: add missing type __u64") or
commit 997ff740dc44 ("uboot-mediatek: fix build on Mac OS X").

So lets add the missing unsigned types to workaround it in a bit more
maintainable way.

Fixes: #13833
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 4a8961f1dfba33b1e9a38dd0ecb3a8b03c46edbb)

5 months agotoolchain: kernel-headers: remove debugging env dump
Petr Štetiar [Thu, 20 Jul 2023 06:41:44 +0000 (08:41 +0200)]
toolchain: kernel-headers: remove debugging env dump

Remove debugging `env` dump left over as build environments might
contain some sensitive information, which then might leak into the build
logs.

Fixes: 2105acbe2804 ("kernel-headers: fix compile error caused by wrong host include path when the toolchain is already built")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit def41cf2bab825e46a31eb0a9ccf51288edfe27d)

5 months agotoolchain: kernel-headers: fix check target for external Git trees
Petr Štetiar [Thu, 20 Jul 2023 13:48:39 +0000 (15:48 +0200)]
toolchain: kernel-headers: fix check target for external Git trees

Executing following command currently fails:

 $ make toolchain/kernel-headers/{download,check} V=sc FIXUP=1
 ...
 include/kernel-version.mk:11: *** Missing kernel version/hash file for . Please create include/kernel-.  Stop.

So lets fix it by adding the necessary missing KERNEL_PATCHVER variable.

That additional kernel-build.mk include is needed to add another set of
missing variables:

 $ make toolchain/kernel-headers/{download,check} V=sc FIXUP=1
 ...
 Makefile:115: *** ERROR: Unknown pack format for file tmp/dl/.  Stop.

Fixes: 0765466a42f4 ("kernel: split kernel version to dedicated files")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 6b7f1ffbad732c5e1818f9387c02dda109c2748b)

6 months agonetifd: packet-steering: silence error on applying queue mask
Christian Marangi [Thu, 18 Apr 2024 10:40:18 +0000 (12:40 +0200)]
netifd: packet-steering: silence error on applying queue mask

Some queues can't be tweaked and return -ENOENT if it's not multiqueue.

Silence any error from echo to produce a more clean bootlog.

Fixes: #12095
Suggested-by: Andris PE <neandris@gmail.com>
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
6 months agonetifd: update to Git openwrt-23.05 (2024-01-04)
Felix Fietkau [Thu, 4 Jan 2024 12:46:34 +0000 (13:46 +0100)]
netifd: update to Git openwrt-23.05 (2024-01-04)

c739dee0a37b system-linux: refresh MAC address on DSA port conduit change
8587c074f1eb interface-ip: fix IPv4 route target masking
33d6c261aacb system-linux: fix bogus debug error messages on adding bridge members
0832e8f04778 wireless: add bridge_isolate option
5ca7a9058e98 bridge: fix reload on bridge vlan changes
be4ffb3b78bc bridge: rework config change pvid handling
923c4370a1d4 system-linux: set master early on apply settings
b9442415c785 system-linux: skip refreshing MAC on master change if custom MAC
b635a09cdadf system-linux: set pending to 0 on ifindex found or error for if_get_master
2bbe49c36224 device: Log error message if device initialization failed
2703f740a23e Revert "system-linux: set pending to 0 on ifindex found or error for if_get_master"
9cb0cb418303 system-linux: fix race condition in netlink socket error handing
c18cc79d5000 device: restore cleared flags on device down

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 months agoconfig: fix CONFIG_GDB appearing in main menuconfig menu
Robert Marko [Mon, 8 Apr 2024 20:05:19 +0000 (22:05 +0200)]
config: fix CONFIG_GDB appearing in main menuconfig menu

I noticed that CONFIG_GDB was suddenly appearing in the main menuconfig
menu despite the fact that it should be visible only when TOOLCHAINOPTS
is selected and under a dedicated menu.

After some trial and error, it seems that this was caused by the recent
addition of GCC_USE_DEFAULT_VERSION, and after even more trial and error
it gets fixed as soon GCC_USE_DEFAULT_VERSION is placed after GCC_VERSION.

So, lets simply put GCC_USE_DEFAULT_VERSION after GCC_VERSION.

Fixes: 501ef81040ba ("config: select KERNEL_WERROR if building with default GCC version")
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [rebased]
(cherry picked from commit 12b2cb2ec3f1366b65caa0dbbdd83846c1c88d4e)

6 months agoconfig: select KERNEL_WERROR if building with default GCC version
Daniel Golle [Sun, 7 Apr 2024 18:50:04 +0000 (19:50 +0100)]
config: select KERNEL_WERROR if building with default GCC version

[ during cherry-pick GCC version was changed to default GCC 12 version ]

At the moment we have to manually follow the default GCC version
also in config/Config-kernel.in. This tends to be forgotten at GCC
version bumps (just happened when switching from version 12 to 13).
Instead, introduce a hidden Kconfig symbol which implies KERNEL_WERROR
in toolchain/gcc/Config.in where it is visible for developers changing
the default version.

Also remove the explicit default on BUILDBOT to avoid a circular
dependency and also because buildbots anyway implicitly always select
the default GCC version.

Reference: https://github.com/openwrt/openwrt/pull/15064
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [GCC 12 default]
(cherry picked from commit 501ef81040baa2ee31de6dd9f75d619de0e4c9bc)

6 months agokernel: introduce KERNEL_WERROR config option
Petr Štetiar [Wed, 24 May 2023 07:46:45 +0000 (09:46 +0200)]
kernel: introduce KERNEL_WERROR config option

In commit b2d1eb717b65 ("generic: 5.15: enable Werror by default for
kernel compile") CONFIG_WERROR=y was enabled and all warnings/errors
reported with GCC 12 were fixed.

Keeping this in sync with past/future GCC versions is going to be uphill
battle, so lets introduce new KERNEL_WERROR config option, enable it by
default only for tested/known working combinations and on buildbots.

References: #12687
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ce8c639a6c539534be14a540e7c3e9933d3a34ef)

6 months agomac80211: backport some upstream EHT patches
Rafał Miłecki [Mon, 1 Apr 2024 20:59:10 +0000 (22:59 +0200)]
mac80211: backport some upstream EHT patches

Those changes are needed by Wi-Fi 7 drivers.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 months agounetd: update to Git HEAD (2024-03-31)
Felix Fietkau [Sun, 31 Mar 2024 17:57:03 +0000 (19:57 +0200)]
unetd: update to Git HEAD (2024-03-31)

52144f723bec pex: after receiving data update req, notify peer of local address/port
29aacb9386e0 pex: track indirect hosts (reachable via gateway) as peers without adding them to wg
48049524d4fc pex: do not send peer notifications for hosts with a gateway
12ac684ee22a pex: do not query for hosts with a gateway
203c88857354 pex: fix endian issues on config transfer
a29d45c71bca network: fix endian issue in converting port to network id
cbbe9d337a17 unet-cli: emit id by default
806457664ab6 unet-cli: strip initial newline in usage message

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a112ed4126c258a63698774b1e600584c1ccd5a8)

6 months agogettext-full: link libiconv when building host pkg
RISCi_ATOM [Fri, 19 Apr 2024 21:03:53 +0000 (17:03 -0400)]
gettext-full: link libiconv when building host pkg

On Fedora 40 system, some compile error happens when
building iconv-ostream.c. Linking to libiconv-full
fixes this.

Signed-off-by: Yanase Yuki <dev@zpc.st>
Picked from upstream 63dd14b906e9eb27bc878b95ac6777a3624b1135

6 months agokernel: Bump to 5.15.156
RISCi_ATOM [Fri, 19 Apr 2024 21:02:23 +0000 (17:02 -0400)]
kernel: Bump to 5.15.156

Patches removed upstream:

* target/linux/generic/backport-5.15/081-v5.17-regmap-allow-to-define-reg_update_bits-for-no-bus.patch

* target/linux/generic/backport-5.15/704-15-v5.19-net-mtk_eth_soc-move-MAC_MCR-setting-to-mac_finish.patch

* target/linux/generic/pending-5.15/737-net-ethernet-mtk_eth_soc-add-paths-and-SerDes-modes-.patch

Reworked:

* target/linux/generic/hack-5.15/221-module_exports.patch

7 months agotools/cpio: update to 2.15
Nick Hainke [Wed, 24 Jan 2024 12:18:53 +0000 (13:18 +0100)]
tools/cpio: update to 2.15

Release Notes:
https://lists.gnu.org/archive/html/info-gnu/2024-01/msg00006.html

Signed-off-by: Nick Hainke <vincent@systemli.org>
7 months agodnsmasq: Backport 2 upstream patches
Hauke Mehrtens [Mon, 18 Mar 2024 21:39:56 +0000 (22:39 +0100)]
dnsmasq: Backport 2 upstream patches

These two patches are fixing minor problems with DNSSEC found shortly
after the dnsmasq 2.90 release.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 28c87d7ecd142a31772572faac079b77163ceeca)

7 months agodnsmasq: reset PKG_RELEASE
Robert Marko [Wed, 13 Mar 2024 11:47:31 +0000 (12:47 +0100)]
dnsmasq: reset PKG_RELEASE

dnsmasq was recently updated to 2.90, but PKG_RELEASE was not reset to 1.

Fixes: 838a27f64f56 ("dnsmasq: version 2.90")
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 694e6477848eade21851ec27d90c173b373099fc)

7 months agodnsmasq: version 2.90
Nathaniel Wesley Filardo [Sun, 18 Feb 2024 13:12:10 +0000 (13:12 +0000)]
dnsmasq: version 2.90

Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).

Catch up our 200-ubus_dns.patch, too.

Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
(cherry picked from commit 838a27f64f56e75aae98a3ab2556856224d48d8b)

7 months agodnsmasq: mark global ubus context as closed after fork
Sven Eckelmann [Sat, 18 Nov 2023 15:29:09 +0000 (16:29 +0100)]
dnsmasq: mark global ubus context as closed after fork

If the dnsmasq process forks to handle TCP connections, it closes the ubus
context. But instead of changing the daemon wide pointer to NULL, only the
local variable was adjusted - and this portion of the code was even dropped
(dead store) by some optimizing compilers.

It makes more sense to change the daemon->ubus pointer because various
functions are already checking it for NULL. It is also the behavior which
ubus_destroy() implements.

Fixes: d8b33dad0bb7 ("dnsmasq: add support for monitoring and modifying dns lookup results via ubus")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 711dcb77630e96e75413b5cdbe3ddb5432f394f6)

7 months agoumdns: update to Git 7c675979 (2024-03-04)
Petr Štetiar [Mon, 4 Mar 2024 16:12:05 +0000 (16:12 +0000)]
umdns: update to Git 7c675979 (2024-03-04)

Backport of single commit 9040335e102 ("interface: fix interface memory
corruption").

Fixes: openwrt/openwrt/issues/14120
Signed-off-by: Petr Štetiar <ynezz@true.cz>
7 months agohostapd: fix 11r defaults when using WPA
Jesus Fernandez Manzano [Mon, 22 Jan 2024 12:46:14 +0000 (13:46 +0100)]
hostapd: fix 11r defaults when using WPA

802.11r can not be used when selecting WPA. It needs at least WPA2.

This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.

Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit cdc4c551755115e0e1047a0c90a658e6238e96ee)

7 months agohostapd: fix 11r defaults when using SAE
Jesus Fernandez Manzano [Mon, 22 Jan 2024 12:52:18 +0000 (13:52 +0100)]
hostapd: fix 11r defaults when using SAE

When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit e2f6bfb833a1ba099e1dcf0e569e4ef11c31c391)
Fixes: https://github.com/openwrt/luci/issues/6930
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
7 months agobuild: do not depend on $(STAGING_DIR)/.prepared when in SDK
Matthias Schiffer [Mon, 4 Mar 2024 22:45:15 +0000 (23:45 +0100)]
build: do not depend on $(STAGING_DIR)/.prepared when in SDK

The dependency can't be satisfied when building using the SDK, breaking
package builds. As the staging and bin dirs are distributed with the SDK
archive, ignoring the dependency is fine when SDK is set.

Fixes: fbb924abff8a ("build: add $(STAGING_DIR) and $(BIN_DIR) ...")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 2b46cbef8179b4a131bd008c520339441bc87c97)

7 months agobuild: add $(STAGING_DIR) and $(BIN_DIR) preparation to target and package subdir...
Matthias Schiffer [Thu, 1 Feb 2024 23:46:58 +0000 (00:46 +0100)]
build: add $(STAGING_DIR) and $(BIN_DIR) preparation to target and package subdir compile dependencies

In a pristine build, these directories are created as dependencies of
the tools subdir compile, however this step never runs when the tools
compile stamp already exists. Since commit ed6ba2801c0a ("tools: keep
stamp file in $(STAGING_DIR_HOST)"), this will happen after `make clean`:
$(STAGING_DIR) has been deleted, but the tools stamp still exists, so
the next build will fail because $(STAGING_DIR) has not been set up
correctly.

Fix builds after `make clean` by adding the preparation as dependencies
for the target and package directories as well.

Fixes: ed6ba2801c0a ("tools: keep stamp file in $(STAGING_DIR_HOST)")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit fbb924abff8af9e69ec90d7bf099046c24145b74)

7 months agoluci: Remove stray binary
RISCi_ATOM [Thu, 14 Mar 2024 14:33:18 +0000 (10:33 -0400)]
luci: Remove stray binary

7 months agokernel : Bump to 5.15.151
RISCi_ATOM [Thu, 14 Mar 2024 14:30:24 +0000 (10:30 -0400)]
kernel : Bump to 5.15.151

* removes dsmark support, as it was removed in 5.15.150

Effected patches:

ath79/patches-5.15/900-unaligned_access_hacks.patch : rewored for 5.15.149

8 months agogeneric l2tp: drop flow hash on forward
David Bauer [Mon, 26 Feb 2024 13:43:09 +0000 (14:43 +0100)]
generic l2tp: drop flow hash on forward

Drop the flow-hash of the skb when forwarding to the L2TP netdev.

This avoids the L2TP qdisc from using the flow-hash from the outer
packet, which is identical for every flow within the tunnel.

This does not affect every platform but is specific for the ethernet
driver. It depends on the platform including L4 information in the
flow-hash.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 35a5e62da7275a4a1423df6238340dd08eeff3c9)

8 months agogeneric vxlan: don't learn non-unicast L2 destinations
David Bauer [Sat, 17 Feb 2024 21:37:05 +0000 (22:37 +0100)]
generic vxlan: don't learn non-unicast L2 destinations

This patch avoids learning non-unicast targets in the vxlan FDB. They
are non-unicast and thus should be sent to the broadcast-IPv6 instead of
a unicast address

Link: https://lore.kernel.org/netdev/15ee0cc7-9252-466b-8ce7-5225d605dde8@david-bauer.net/
Link: https://github.com/freifunk-gluon/gluon/issues/3191
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 0985262fd0f0b9c33e1fb559e71c041379199a91)

8 months agowifi-scripts: Support HE Iftypes with multiple entries
Hauke Mehrtens [Sat, 17 Feb 2024 16:58:50 +0000 (17:58 +0100)]
wifi-scripts: Support HE Iftypes with multiple entries

With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
    HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5df7a78e821cbdcc3beb80150798712a4c00b00e)

8 months agobuild: add explicit --no-show-signature for git
Oto Šťáva [Fri, 16 Feb 2024 15:28:10 +0000 (16:28 +0100)]
build: add explicit --no-show-signature for git

When `log.showSignature` is set, it causes the `SOURCE_DATE_EPOCH` to
include a textual signature description on OpenPGP-signed commits,
because Git prints the description into stdout. This then causes some
scripts to fail because they cannot parse the date from the variable.

Adding an explicit `--no-show-signature` prevents the signatures from
being displayed even when one has Git configured to show them by
default, fixing the scripts.

Signed-off-by: Oto Šťáva <oto.stava@gmail.com>
(cherry picked from commit 1e93208bd2c605704b19fe8b04025c20c17e808d)

8 months agohostapd: fix FILS AKM selection with EAP-192
Eneas U de Queiroz [Sat, 3 Feb 2024 19:33:14 +0000 (16:33 -0300)]
hostapd: fix FILS AKM selection with EAP-192

Fix netifd hostapd.sh selection of FILS-SHA384 algorithm with eap-192.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 472312f83f886a0749672a634948726fda9c2401)

8 months agolinux: add dtb makefile target to targets list
Christian Marangi [Thu, 8 Feb 2024 22:04:55 +0000 (23:04 +0100)]
linux: add dtb makefile target to targets list

Add dtb makefile target to targets list to permit correct working of

make target/linux/dtb

Fixes: c47532b1ea7f ("kernel-build\eOnmk: add support for compiling only DTS")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit c4910e9cb37c626ab9f4a47579bc8ec8981cdf4a)

8 months agokernel-build.mk: add support for compiling only DTS
Christian Marangi [Wed, 7 Feb 2024 23:49:27 +0000 (00:49 +0100)]
kernel-build.mk: add support for compiling only DTS

Add support for compiling DTS for the selected target. This can be
useful for testing if the DTS correctly compile and doesn't produce any
error.

This adds a new make target. To compile only DTS use:

make target/linux/dtb

Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit c47532b1ea7f8459f05a223a71317a1461c6e750)

8 months agotoolchain: glibc: Update glibc 2.37 to recent HEAD
Hauke Mehrtens [Wed, 7 Feb 2024 20:30:52 +0000 (21:30 +0100)]
toolchain: glibc: Update glibc 2.37 to recent HEAD

512e30fd56 Revert "elf: Remove unused l_text_end field from struct link_map"
55d3dfadf8 Revert "elf: Always call destructors in reverse constructor order (bug 30785)"
8e20aedfd7 Revert "elf: Move l_init_called_next to old place of l_text_end in link map"
5014fb12f4 elf: Fix wrong break removal from 8ee878592c
874d418697 elf: Fix TLS modid reuse generation assignment (BZ 29039)
8bd00f5b6d x86-64: Fix the dtv field load for x32 [BZ #31184]
d052665f35 x86-64: Fix the tcb field load for x32 [BZ #31185]
0ca9ba3a9e NEWS: Mention bug fixes for 29039/30745/30843
9b90e763db getaddrinfo: translate ENOMEM to EAI_MEMORY (bug 31163)
bd9f194c34 libio: Check remaining buffer size in _IO_wdo_write (bug 31183)
8b8a3f0aaf sunrpc: Fix netname build with older gcc
97a4292aa4 syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6246)
67062eccd9 syslog: Fix heap buffer overflow in __vsyslog_internal (CVE-2023-6779)
2b58cba076 syslog: Fix integer overflow in __vsyslog_internal (CVE-2023-6780)
1d8bb622df i386: Use pthread_barrier for synchronization on tst-bz21269
32450f6e8d sysdeps: tst-bz21269: fix test parameter
f7e97cea20 sysdeps: tst-bz21269: handle ENOSYS & skip appropriately
d97929eadc sysdeps: tst-bz21269: fix -Wreturn-type
5bbe7e0da5 x86_64: Optimize ffsll function code size.
98ec3e004e sparc: Fix broken memset for sparc32 [BZ #31068]
2ce7abef67 sparc64: Remove unwind information from signal return stubs [BZ#31244]
18da90677c sparc: Fix sparc64 memmove length comparison (BZ 31266)
8b849f70b3 sparc: Remove unwind information from signal return stubs [BZ #31244]
eee7525d35 arm: Remove wrong ldr from _dl_start_user (BZ 31339)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2ef5714277ce32d0dc7d59e59f20591004f070c4)

8 months agowireless-regdb: update to 2024.01.23
Yuu Toriyama [Sat, 3 Feb 2024 19:09:14 +0000 (04:09 +0900)]
wireless-regdb: update to 2024.01.23

The maintainer and repository of wireless-regdb has changed.
    https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/

Changes:
    37dcea0 wireless-regdb: Update keys and maintainer information
    9e0aee6 wireless-regdb: Makefile: Reproducible signatures
    8c784a1 wireless-regdb: Update regulatory rules for China (CN)
    149c709 wireless-regdb: Update regulatory rules for Japan (JP) for December 2023
    bd69898 wireless-regdb: Update regulatory rules for Singapore (SG) for September 2023
    d695bf2 wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)
    4541300 wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
(cherry picked from commit b463737826eaa6c519eba93e13757a0cd3e09d47)

8 months agoopenssl: update to 3.0.13
Ivan Pavlov [Fri, 2 Feb 2024 05:46:52 +0000 (08:46 +0300)]
openssl: update to 3.0.13

Major changes between OpenSSL 3.0.12 and OpenSSL 3.0.13 [30 Jan 2024]

  * Fixed PKCS12 Decoding crashes
    ([CVE-2024-0727])
  * Fixed Excessive time spent checking invalid RSA public keys
    ([CVE-2023-6237])
  * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
    CPUs which support PowerISA 2.07
    ([CVE-2023-6129])
  * Fix excessive time spent in DH check / generation with large Q parameter
    value ([CVE-2023-5678])

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 44cd90c49a7457345c0fba186d5d762d3a04d854)

8 months agoucode: add libjson-c/host dependency
Chad Monroe [Tue, 16 Jan 2024 23:44:33 +0000 (15:44 -0800)]
ucode: add libjson-c/host dependency

ensure host libjson-c is built prior to ucode

Signed-off-by: Chad Monroe <chad@monroe.io>
(cherry picked from commit 5a3f6c50ef29c8b11fe6967e65277b8331be0ff0)

8 months agokernel: backport ethtool_puts
Rosen Penev [Sun, 17 Dec 2023 01:12:33 +0000 (17:12 -0800)]
kernel: backport ethtool_puts

Will be used for conversions in later commits and is a requirement for
PHY backports.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rmilecki: update commit message for 23.05]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 511c7ff03231752ea2adbdf7cc1af4be962c9b65)

8 months agombedtls: security bump to version 2.28.7
orangepizza [Mon, 29 Jan 2024 02:37:43 +0000 (11:37 +0900)]
mbedtls: security bump to version 2.28.7

This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for following security issues:

* Timing side channel in private key RSA operations (CVE-2024-23170)

  Mbed TLS is vulnerable to a timing side channel in private key RSA
  operations. This side channel could be sufficient for an attacker to
  recover the plaintext. A local attacker or a remote attacker who is
  close to the victim on the network might have precise enough timing
  measurements to exploit this. It requires the attacker to send a large
  number of messages for decryption.

* Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775)

  When writing x509 extensions we failed to validate inputs passed in to
  mbedtls_x509_set_extension(), which could result in an integer overflow,
  causing a zero-length buffer to be allocated to hold the extension. The
  extension would then be copied into the buffer, causing a heap buffer
  overflow.

Fixes: CVE-2024-23170, CVE-2024-23775
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
Signed-off-by: orangepizza <tjtncks@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [formal fixes]
(cherry picked from commit 920414ca8848fe1b430e436207b4f8c927819368)