OSDN Git Service

immortalwrt/immortalwrt.git
3 days agor8125: bump to 9.009.01-1 openwrt-18.06
Tianling Shen [Wed, 22 Jun 2022 22:13:04 +0000 (06:13 +0800)]
r8125: bump to 9.009.01-1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 838f97a5f840a2d5cf73bfe252dcf0e3d63c62ed)

4 days agor8152: bump to 2.16.1
Tianling Shen [Tue, 21 Jun 2022 15:51:16 +0000 (23:51 +0800)]
r8152: bump to 2.16.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 51333e4cf5be36b5936e48add71a60423906c19a)
[removed upstreamed patch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
5 days agotools/libressl: update to version 3.4.3
Josef Schlehofer [Mon, 6 Jun 2022 20:08:42 +0000 (22:08 +0200)]
tools/libressl: update to version 3.4.3

Release notes:
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.3-relnotes.txt

```
It includes the following security fix:

    * A malicious certificate can cause an infinite loop.
      Reported by and fix from Tavis Ormandy and David Benjamin, Google.
```

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 25534d5cc20a807ff776fdb18847344167ce081d)

6 days agodefault-settings: update tencent ntp server
MkQtS [Sat, 18 Jun 2022 15:15:06 +0000 (23:15 +0800)]
default-settings: update tencent ntp server

see tencentyun's doc [1]

1. https://github.com/tencentyun/qcloud-documents/blob/master/product/%E8%AE%A1%E7%AE%97%E4%B8%8E%E7%BD%91%E7%BB%9C/%E4%BA%91%E6%9C%8D%E5%8A%A1%E5%99%A8/%E6%9C%80%E4%BD%B3%E5%AE%9E%E8%B7%B5/NTP%20%E6%9C%8D%E5%8A%A1/%E8%85%BE%E8%AE%AF%E4%BA%91%20NTP%20%E6%9C%8D%E5%8A%A1.md

(cherry picked from commit 0688e346d06452508345ec92e88bf6d2876e7b52)

8 days agor8168: bump to 8.050.03
Tianling Shen [Fri, 17 Jun 2022 17:03:08 +0000 (01:03 +0800)]
r8168: bump to 8.050.03

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit f3002993d248a8b5d50c71d3e4a0173cd4266e64)

10 days agonf-conntrack: allow querying conntrack info in nfqueue
Etan Kissling [Tue, 12 Jan 2021 23:54:08 +0000 (00:54 +0100)]
nf-conntrack: allow querying conntrack info in nfqueue

This allows libnetfilter_queue to access connection tracking information
by requesting NFQA_CFG_F_CONNTRACK. Connection tracking information is
provided in the NFQA_CT attribute.
CONFIG_NETFILTER_NETLINK_GLUE_CT enables the interaction between
nf_queue and nf_conntrack_netlink. Without this option, trying to access
connection tracking information results in "Operation not supported".

Signed-off-by: Etan Kissling <etan_kissling@apple.com>
[Backport to kernel 4.9, 4.14 and 4.19]
Signed-off-by: AmadeusGhost <amadeus@openjmu.xyz>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
10 days agolayerscape: armv8_64b: add missing Kconfig
Tianling Shen [Wed, 15 Jun 2022 11:32:03 +0000 (19:32 +0800)]
layerscape: armv8_64b: add missing Kconfig

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
12 days agokernel: bump to 4.9.317, 4.14.282, 4.19.246
Tianling Shen [Mon, 13 Jun 2022 20:58:05 +0000 (04:58 +0800)]
kernel: bump to 4.9.317, 4.14.282, 4.19.246

Refreshed all patches.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
12 days agowolfssl: make WOLFSSL_HAS_OPENVPN default to y
Eneas U de Queiroz [Wed, 8 Jun 2022 23:30:39 +0000 (20:30 -0300)]
wolfssl: make WOLFSSL_HAS_OPENVPN default to y

Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y.  When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it.  Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y.  This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.

Fixes: #9738

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d55f12cc7925b7d84af80015cbeb0422dd7e0b36)

12 days agosunxi/cortexa53: enable armv8-CE crypto algorithms
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
sunxi/cortexa53: enable armv8-CE crypto algorithms

This enables armv8 crypto extensions version of AES, GHASH, SHA1, and
CRC T10 algorithms in the kernel.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 9be35180f43a4916f53430d8c93437d33896e860)

12 days agoocteontx: add armv8-CE version of CRC T10
Eneas U de Queiroz [Wed, 20 Apr 2022 19:23:47 +0000 (16:23 -0300)]
octeontx: add armv8-CE version of CRC T10

Adds the crypto extensions version of the CRC T10 algorithm that is
already built into the kernel.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 1b94e4aab8ddbe5719f1e859e064c1c5dfa4587f)

12 days agomvebu/cortexa72: enable armv8-CE crypto algos
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
mvebu/cortexa72: enable armv8-CE crypto algos

This enables armv8 crypto extensions version of AES, GHASH, SHA1,
SHA256, and SHA512 algorithms in the kernel.

The choice of algorithms match the 32-bit versions that are enabled in
the target config-5.10 file, but were only used by the cortexa9
subtarget.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 06bb5ac1f2b62c3e10f24d7096e86f6368aaf41d)

12 days agomvebu/cortexa53: enable armv8-CE crypto algos
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
mvebu/cortexa53: enable armv8-CE crypto algos

This enables armv8 crypto extensions version of AES, GHASH, SHA1,
SHA256, and SHA512 algorithms in the kernel.

The choice of algorithms match the 32-bit versions that are enabled in
the target config-5.10 file, but were only used by the cortexa9
subtarget.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit f5167e11bf7e0a1a3675f0563423254005d0eb2d)
(cherry picked from commit ac328e7526e746daefc31ca67090b6d9b3a56ff6)

12 days agolayerscape/armv8_64b: enable armv8-CE crypto algos
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
layerscape/armv8_64b: enable armv8-CE crypto algos

This enables armv8 crypto extensions version of AES, GHASH, SHA256 and
CRC T10 algorithms in the kernel.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit eb33232420ea2537d8302d5ec121eed03db474d1)

12 days agobcm27xx/bcm2711: enable asm crypto algorithms
Eneas U de Queiroz [Tue, 17 May 2022 15:06:12 +0000 (12:06 -0300)]
bcm27xx/bcm2711: enable asm crypto algorithms

This enables arm64/neon version of AES, SHA256 and SHA512 algorithms in
the kernel.  bcm2711 does not support armv8 crypto extensions, so they
are not included.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7b6beb7489c750c0613153822ec1d5ba8a9ab388)

12 days agobcm27xx/bcm2710: enable asm crypto algorithms
Eneas U de Queiroz [Tue, 17 May 2022 15:00:41 +0000 (12:00 -0300)]
bcm27xx/bcm2710: enable asm crypto algorithms

This enables arm64/neon version of AES, SHA256 and SHA512 algorithms in
the kernel.  bcm2710 does not support armv8 crypto extensions, so they
are not included.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 38ebb210a9f4895cfade3580815d5c9a3eb1b7e4)

12 days agowolfssl: enable CPU crypto instructions
Eneas U de Queiroz [Tue, 19 Apr 2022 15:02:09 +0000 (12:02 -0300)]
wolfssl: enable CPU crypto instructions

This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures.  Add this to the hardware acceleration choice, since they
can't be enabled at the same time.

The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them.  There is no run-time detection of this for arm.

NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0a2edc2714dcda10be902c32525723ce2cbcb138)

12 days agowolfssl: add benchmark utility
Eneas U de Queiroz [Tue, 19 Apr 2022 21:23:05 +0000 (18:23 -0300)]
wolfssl: add benchmark utility

This packages the wolfssl benchmark utility.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 18fd12edb810f9dfbf8410bb81f639df052134cb)

12 days agowolfssl: don't change ABI because of hw crypto
Eneas U de Queiroz [Mon, 25 Apr 2022 12:09:23 +0000 (09:09 -0300)]
wolfssl: don't change ABI because of hw crypto

Enabling different hardware crypto acceleration should not change the
library ABI.  Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 677774d445ced1a56e73fe62df47b4eb66441721)

12 days agotools/ninja: update to 1.11.0
Rosen Penev [Tue, 17 May 2022 00:21:48 +0000 (17:21 -0700)]
tools/ninja: update to 1.11.0

Updated patchset to latest.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit a7be143646db9365f6ac8d5749a2dfef805789cb)

2 weeks agoexfat: Update to 5.19.1
Tianling Shen [Fri, 10 Jun 2022 21:42:50 +0000 (05:42 +0800)]
exfat: Update to 5.19.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit e72122a460e5e05bc548cd6846f018ad148d938c)
[Removed upstreamed patch]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 weeks agombedtls: mark as nonshared
Tianling Shen [Fri, 10 Jun 2022 16:25:22 +0000 (00:25 +0800)]
mbedtls: mark as nonshared

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 48383c2847dae61d81069315bcfbbc468a61c4cd)

2 weeks agokernel: crypto: add kmod-crypto-chacha20poly1305
Xu Wang [Fri, 27 May 2022 22:21:43 +0000 (22:21 +0000)]
kernel: crypto: add kmod-crypto-chacha20poly1305

Needed by strongSwan IPsec VPN for strongswan-mod-chapoly. Not to be confused with
kmod-crypto-LIB-chacha20poly1305, which is an 8-byte nonce version used
by wireguard.

Signed-off-by: Xu Wang <xwang1498@gmx.com>
(cherry picked from commit 197b672c40613a53a78a568a1957f2c23c343c1f)

2 weeks agodnsmasq: enable cache by default
Tianling Shen [Fri, 3 Jun 2022 15:13:26 +0000 (23:13 +0800)]
dnsmasq: enable cache by default

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 3272539aaa6b0b284c01594c188adf8a13ed679b)

3 weeks agofeeds: fix routing and telephony build
Tianling Shen [Tue, 31 May 2022 10:56:11 +0000 (18:56 +0800)]
feeds: fix routing and telephony build

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
3 weeks agomalta: use default OpenWrt network configuration
Hauke Mehrtens [Sat, 28 May 2022 12:32:08 +0000 (14:32 +0200)]
malta: use default OpenWrt network configuration

Currently malta configures the first Ethernet device as WAN interface.
If it finds a second one it will configure it as LAN.

This commit reverses it to match armvirt and x86. If there is only one
network device it will be configured as LAN device now. If we find two
network devices the 2. one will be WAN.

If no board.d network configuration is given it will be configured in
package/base-files/files/etc/board.d/99-default_network

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[minor typos]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit fb1ba922026a4b7d04ef5c8058f7890ed7b790e6)

3 weeks agoselinux-policy: update to version 1.2.3
Dominick Grift [Thu, 19 May 2022 16:50:16 +0000 (18:50 +0200)]
selinux-policy: update to version 1.2.3

86ca9c6 devstatus: prints to terminal
95de949 deal with /rom/dev/console label inconsistencies
ab6b6ee uci: hack to deal with potentially mislabeled char files
acf9172 dnsmasq this can't be right
021db5b luci-app-tinyproxy
cf3a9c4 support/secmark: removes duplicate loopback rules
eeb2610 dhcp servers: recv dhcp client packets
d5a5fc3 more support/secmark "fixes"
35d8604 update support secmark
4c155c0 packets these were caused by labeling issues with loopback
fad35a5 nftables reads routing table
f9c5a04 umurmur: kill an mumur instance that does not run as root
10a10c6 mmc stordev make this consistent
ab3ec5b Makefile: sort with LC_ALL=C
b34eaa5 fwenv rules
8c2960f adds rfkill nodedev and some mmc partitions to stordev
5a9ffe9 rcboot runs fwenv with a transition
9954bf6 dnsmasq in case of tcp
ab66468 dnsmasq try this
5bfcb88 dnsmasq stubby not sure why this is happening
863f549 luci not sure why it recv and send server packets
d5cddb0 uhttpd sends sigkill luci cgi
44cc04d stubby: it does not maintain anything in there
db730b4 Adds stubby
ccbcf0e tor simplify network access
a308065 tor basic
a9c0163 znc loose ends
327a9af acme: allow acme_cleanup.sh to restart znc
4015614 basic znc
7ef14a2 support/secmark: clarify some things
3107afe README: todo qrencode
943035a README and secmark doc
4c90937 ttyd: fix that socket leak again
3239adf dnsmasq icmp packets and fix a tty leak issue
b41d38f Makefile: optimize
95d05b1 sandbox dontaudit ttyd leak
0b7d670 rpcd: reads mtu
e754bf1 opkg-lists try this
35fb530 opkg-lists: custom
4328754 opkg try to address mislabeled /tmp/opkg-lists
3e2385c rcnftqos
95eae2d ucode
c86d366 luci diagnostics
e10b443 rpcd packets and wireguard/luci
a25e020 igmpproxt packets
0106f00 luci
dcef79c nftqos related
3c9bc90 related to nft-qos and luci
f8502d4 dnsmasq more related to /usr/lib/dnsmasq/dhcp-script.sh
29a4271 dnsmasq: related to /usr/lib/dnsmasq/dhcp-script.sh
0c5805a some nft-qos
1100b41 adds a label for /tmp/.ujailnoafile
e141a83 initscript: i labeled ujail procd.execfile
a3b0302 Makefile: adds a default target + packets target
6a3f8ef label usign as opkg and label fwtool and sysupgrade
04d1cc7 sysupgrade: i meant don't do the fc spec
763bec0 sysupgrade: dont do /tmp/sysupgrade.img
af2306f adds a failsafe.tmpfile and labels validate_firmware_image
5b15760 fwenv: comment doesnt make sense
370ac3b fwenv: executes shell
67e3fcb fwenv: adds fw_setsys
544d211 adds procd execfile module to label procd related exec files
99d5f13 rclocalconffile: treat /etc/rc.button like /etc/rc.local
4dfd662 label uclient-fetch the same as wget
75d8212 osreleasemiscfile: adds /etc/device_info
0c1f116 adds a rcbuttonconffile for /etc/rc.button (base-files)
ccd23f8 adds a syslog.conffile for /etc/syslog.conf (busybox)
f790600 adds a libattr.conffile for /etc/xattr.conf
fcc028e fwenv: adds fwsys
1255470 xtables: various iptables alternatives
a7c4035 Revert "sqm: runs xtables, so also allow nftables"
0d331c3 sqm: runs xtables, so also allow nftables
f34076b acme: will run nftables in the near future
6217046 allow ssl.read types to read /tmp/etc/ssl/engines.cnf
d0deea3 fixes dns packets
8399efc Revert "sandbox: see if dontauditing this affects things"
73d716a sandbox: see if dontauditing this affects things
b5ee097 sandbox: also allow readinherited dropbear pipes
12ee46b iwinfo traverses /tmp/run/wpa_supplicant
4a4d724 agent.cil: also reads inherited dropbear pipes
d48013f support/secmark: i tightened my dns packet policy
645ad9e dns packets redone
4790b25 dnsnetpacket: fix obj macro template
d9fafff redo dns packets
0a68498 ttyd: leaks a netlink route socket
1d2e6be .gitattributes: remove todo
e1bb954 usbutil: reads bus sysfile symlinks
d275a32 support/secmark: clean it up a little
af5ce12 Makefile: exclude packet types in default make target
3caacdf support/secmark: document tunable/boolean
e3dd3e6 invalidpacketselinuxbool: make it build-time again
54f0ccf odhcpd packet fix
4a864ba contrib/secmark: add a big FAT warning
bead937 contrib/secmark: adds note about secmark support
146ae16 netpacket remove test
2ce9899 dns packets, odhcp6c raw packet, 4123 ntpnts for netnod
070a45f chrony and unbound packets
eba894f rawip socket packets cannot be labeled
656ae0b adds isakmp (500), ipsec-nat-t (4500) and rawip packet types
35325db adds igmp packet type
5cf444c adds icmp packet type
2e41304 sandbox some more packet access for sandbox net
12caad6 packet accesses
b8eb9a8 adds a trunkload of packet types
a42a336 move rules related to invalid netpeers and ipsec associations
a9e40e0 xtables/nftables allow relabelto all packet types
aa5a52c README: adds item to wish list
3a96eec experiment: simple label based packet filtering
26d6f95 nftables reads/writes fw pipes

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit e01b1c22dfb669abb0ad14c83ec9b3e35ff3d15c)

3 weeks agoqos-gargoyle: fix missing ldflags
Tianling Shen [Mon, 30 May 2022 17:31:11 +0000 (01:31 +0800)]
qos-gargoyle: fix missing ldflags

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
3 weeks agotools: drop ucl and upx
Tianling Shen [Fri, 8 Apr 2022 22:32:21 +0000 (06:32 +0800)]
tools: drop ucl and upx

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit f92fd54dbbec56d0f0be9c5b70d31d6c6b4de92c)

3 weeks agolinux-firmware: take linux-firmware.git's qca99x0 boardfile
Christian Lamparter [Fri, 13 May 2022 20:07:59 +0000 (22:07 +0200)]
linux-firmware: take linux-firmware.git's qca99x0 boardfile

Kalle Valo managed to add the qca9980's boardfile in the
upstream repository. Sourcing the file from his repository
is no longer needed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 4ba7f6d9cbd74adc82ab3064cc4c9f6ec5eb51a6)

3 weeks agokernel: refresh sfp patch
Tianling Shen [Sun, 29 May 2022 11:28:09 +0000 (19:28 +0800)]
kernel: refresh sfp patch

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
3 weeks agofirewall: dos2unix
Tianling Shen [Sun, 29 May 2022 09:54:31 +0000 (17:54 +0800)]
firewall: dos2unix

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit dccc926e3220af620242c441a304db91b2f12b5a)

4 weeks agokernel: bump to 4.9.316, 4.14.281, 4.19.245
Tianling Shen [Fri, 27 May 2022 15:40:09 +0000 (23:40 +0800)]
kernel: bump to 4.9.316, 4.14.281, 4.19.245

Refreshed all patches.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agortl88x2bu: fix build on kernel 4.9
Tianling Shen [Fri, 27 May 2022 08:58:57 +0000 (16:58 +0800)]
rtl88x2bu: fix build on kernel 4.9

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agortl8821cu: fix build on kernel 4.9
Tianling Shen [Fri, 27 May 2022 08:55:46 +0000 (16:55 +0800)]
rtl8821cu: fix build on kernel 4.9

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agortl8812au-ac: fix build on kernel 4.9
Tianling Shen [Fri, 27 May 2022 08:52:00 +0000 (16:52 +0800)]
rtl8812au-ac: fix build on kernel 4.9

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agortl8192eu: fix build on kernel 4.9
Tianling Shen [Fri, 27 May 2022 08:44:01 +0000 (16:44 +0800)]
rtl8192eu: fix build on kernel 4.9

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agortl8189es: fix build on kernel 4.9
Tianling Shen [Fri, 27 May 2022 08:39:57 +0000 (16:39 +0800)]
rtl8189es: fix build on kernel 4.9

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agortl8188eu: fix build on kernel 4.9
Tianling Shen [Fri, 27 May 2022 08:33:15 +0000 (16:33 +0800)]
rtl8188eu: fix build on kernel 4.9

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agotreewide: use wpad-basic-openssl as default
Petr Štetiar [Mon, 27 Jul 2020 10:30:41 +0000 (12:30 +0200)]
treewide: use wpad-basic-openssl as default

In order to support SAE/WPA3-Personal in default images. Replace almost
all occurencies of wpad-basic and wpad-mini with wpad-basic-openssl for
consistency. Keep out ar71xx from the list as it won't be in the next
release and would only make backports harder.

Build-tested (build-bot settings):
ath79: generic, ramips: mt7620/mt76x8/rt305x, lantiq: xrx200/xway,
sunxi: a53

Signed-off-by: Petr Štetiar <ynezz@true.cz>
[rebase, extend commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a14f5bb4bd263c21e103f13279d0c2ff03e48fe5)
[use openssl variant]
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agomac80211: brcm: fix build for kernel < 4.13
Tianling Shen [Thu, 26 May 2022 11:15:39 +0000 (19:15 +0800)]
mac80211: brcm: fix build for kernel < 4.13

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agoutil-linux: update to 2.37.4
Tianling Shen [Thu, 26 May 2022 09:26:47 +0000 (17:26 +0800)]
util-linux: update to 2.37.4

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agoRevert "util-linux: update to 2.38"
Tianling Shen [Thu, 26 May 2022 09:25:42 +0000 (17:25 +0800)]
Revert "util-linux: update to 2.38"

This breaks build on kernel 4.9

This reverts commit dd7e948e00340fa14c972df7de38c7521e24203f.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agoRevert "util-linux: use meson to build"
Tianling Shen [Thu, 26 May 2022 09:24:32 +0000 (17:24 +0800)]
Revert "util-linux: use meson to build"

util-linux 2.37 doesn't support meson yet.

This reverts commit eab60d315feca87f453fc6c63fde169ea803c897.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agoutil-linux: add lsns
Oskari Rauta [Thu, 3 Mar 2022 02:57:08 +0000 (04:57 +0200)]
util-linux: add lsns

lsns lists system namespaces

Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
(cherry picked from commit ef4bf8b403205062ddb38ebe7b8c4951be346368)

4 weeks agoutil-linux: package ipcs command
Stijn Tintel [Fri, 27 Mar 2020 10:40:33 +0000 (12:40 +0200)]
util-linux: package ipcs command

Add a package for util-linux' ipcs command, to show information about
System V inter-process communication facilities.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 2c929f8105237d3ebd645ea4e3387585c139b6ab)

4 weeks agoutil-linux: add lslocks
Roman Azarenko [Tue, 25 Jan 2022 17:16:30 +0000 (18:16 +0100)]
util-linux: add lslocks

This change adds the "lslocks" utility from util-linux.

Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
(cherry picked from commit 5bd926efa99a0638e03e26ed50f1c44b196888da)

4 weeks agoutil-linux: Add taskset
Hauke Mehrtens [Wed, 19 Jan 2022 17:10:05 +0000 (18:10 +0100)]
util-linux: Add taskset

This adds the taskset application from util Linux.
It is already built, but not packaged yet.

Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 6ae657e459c8c62f4f844a17098d6cc75b81c91b)

4 weeks agofirewall: config: remove restictions on DHCPv6 allow rule
Tiago Gaspar [Wed, 4 May 2022 09:36:07 +0000 (10:36 +0100)]
firewall: config: remove restictions on DHCPv6 allow rule

Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.

Fixes: #5066

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 65258f5d6093809c541050256646795bc0a460a9)

4 weeks agofirewall3: fix locking issue
ZiMing Mo [Wed, 25 May 2022 08:13:40 +0000 (16:13 +0800)]
firewall3: fix locking issue

(cherry picked from commit c7a557861a7f6cb22d1a17dc01e8240c246b1f04)

4 weeks agofirewall4: remove
Tianling Shen [Mon, 23 May 2022 06:35:34 +0000 (14:35 +0800)]
firewall4: remove

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agoucode: remove
Tianling Shen [Mon, 23 May 2022 06:34:17 +0000 (14:34 +0800)]
ucode: remove

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
5 weeks agox86/geode: fix target file
Tianling Shen [Sat, 21 May 2022 09:44:46 +0000 (17:44 +0800)]
x86/geode: fix target file

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
5 weeks agoinclude/cmake.mk: add support for overriding the host install prefix
Felix Fietkau [Tue, 2 Nov 2021 17:08:47 +0000 (18:08 +0100)]
include/cmake.mk: add support for overriding the host install prefix

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a6a9f9be278e718f3f8a5cb7640dd8035cc802b9)

5 weeks agoconfig/Config-kernel.in: disable namespaces for small flash devices by default
Tianling Shen [Tue, 17 May 2022 08:36:15 +0000 (16:36 +0800)]
config/Config-kernel.in: disable namespaces for small flash devices by default

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
5 weeks agoconfig/Config-kernel.in: enable namespaces by default
Tianling Shen [Tue, 17 May 2022 08:34:48 +0000 (16:34 +0800)]
config/Config-kernel.in: enable namespaces by default

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
5 weeks agor8125: bump to 9.009.00
Tianling Shen [Fri, 29 Apr 2022 10:38:05 +0000 (18:38 +0800)]
r8125: bump to 9.009.00

Switched to GitHub codeload.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 5c11bf7327b186a2a7dfc90a66f8668f2a6f954e)

5 weeks agoath10k-ct: fix select dependency
Tianling Shen [Tue, 17 May 2022 07:33:43 +0000 (15:33 +0800)]
ath10k-ct: fix select dependency

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
5 weeks agowolfssl: bump to v5.3.0-stable
Eneas U de Queiroz [Tue, 10 May 2022 19:39:11 +0000 (16:39 -0300)]
wolfssl: bump to v5.3.0-stable

This is mostly a bug fix release, including two that were already
patched here:
- 300-fix-SSL_get_verify_result-regression.patch
- 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 73c1fe2890baa5c0bfa46f53c5387f5e47de1acb)

5 weeks agoopenssl: bump to 1.1.1o
Eneas U de Queiroz [Tue, 10 May 2022 23:34:57 +0000 (20:34 -0300)]
openssl: bump to 1.1.1o

This release comes with a security fix related to c_rehash.  OpenWrt
does not ship or use it, so it was not affected by the bug.

There is a fix for a possible crash in ERR_load_strings() when
configured with no-err, which OpenWrt does by default.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
5 weeks agoutil-linux: use meson to build
Rosen Penev [Sat, 30 Apr 2022 01:41:45 +0000 (18:41 -0700)]
util-linux: use meson to build

Compiles faster, is PIC by default, and does not have pkgconfig files
with wrong paths.

Add various fixes to it as it seems cross compilation was never tested.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 weeks agoutil-linux: update to 2.38
Rosen Penev [Mon, 2 May 2022 03:58:33 +0000 (20:58 -0700)]
util-linux: update to 2.38

Various fixes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 weeks agolinux-firmware: Update to version 20220509
Christian Lamparter [Fri, 13 May 2022 19:55:46 +0000 (21:55 +0200)]
linux-firmware: Update to version 20220509

git log --pretty=oneline --abbrev-commit 20220411..20220509 (sorted)

amdgpu:
480d6c2 amdgpu: update dcn_3_1_6_dmcub firmware
b4994be amdgpu: update gc_10_3_7_rlc firmware
61eb408 amdgpu: update psp_13_0_8 firmware
fcf9d8c amdgpu: update yellow carp DMCUB firmware

ath10k:
73743b8 ath10k: QCA4019 hw1.0: update board-2.bin
6ad0930 ath10k: QCA6174 hw3.0: update board-2.bin
729bd7f ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00288-QCARMSWPZ-1
9fce09f ath10k: QCA9888 hw2.0: update board-2.bin
b155d85 ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00156
44b8aee ath10k: QCA9984 hw1.0: update board-2.bin
4ad3bd3 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00156
1962cba ath10k: QCA99X0 hw2.0: add board-2.bin

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
5 weeks agoimage: drop unused 'BuildKernel/MkFIT'
Piotr Dymacz [Fri, 1 Apr 2022 15:35:42 +0000 (17:35 +0200)]
image: drop unused 'BuildKernel/MkFIT'

The 'MkFIT' recipe is no longer used across whole codebase.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
5 weeks agobuild: image: improve zip build recipe
Sungbo Eo [Sat, 4 Dec 2021 17:08:48 +0000 (02:08 +0900)]
build: image: improve zip build recipe

* clean before build
* specify executable path
* allow adding extra options for zip
* use basename of $@

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 446da706690a239dc7a454102db0b0a3b3a9d1ed)

5 weeks agobuild: image: use UTC for zip timestamp
Sungbo Eo [Sat, 12 Feb 2022 08:01:31 +0000 (17:01 +0900)]
build: image: use UTC for zip timestamp

Zip uses DOS timestamp for mtime which is stored in local time and hence
depends on the timezone of the build system. Force zip to use UTC timezone
to make image builds more reproducible.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit e42764cc5fa364e9fa553903c56191484738965e)

5 weeks agotools: zip: fetch SOURCE_DATE_EPOCH directly
Sungbo Eo [Sat, 12 Feb 2022 08:01:31 +0000 (17:01 +0900)]
tools: zip: fetch SOURCE_DATE_EPOCH directly

Remove "--mtime" option introduced in commit 18c9faa03211 ("tools: zip:
add option for reproducible archives") and instead fetch SOURCE_DATE_EPOCH
environment variable directly in the code.

Ref: https://sourceforge.net/p/infozip/patches/25/
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 39d06472eb93d72940b2728d33e2dafa2676e47b)

6 weeks agoarmvirt/64: change it to cortex-a53 instead of generic
Josef Schlehofer [Sun, 13 Dec 2020 14:02:36 +0000 (15:02 +0100)]
armvirt/64: change it to cortex-a53 instead of generic

Package architecture aarch64_generic [1] can be used just with three
devices. One is NanoPI R2S and then there are two development boards
from NXP. Let's change armvirt/64 to Cortex A53 (aarch64_cortex-a53)
[2]. It has wider support by multiple devices like NanoPI Neo Plus2/Core2,
ESPRESSObin, Pine64, and Raspberry Pi 2&3.

While looking at ARMvirt/32 it has set CPU_TYPE and CPU_SUBTYPE to be
arm_cortex-a15_neon-vfpv4 [3]. It has support to devices like
Linksys EA8500 v1, Linksys EA7500 v1, Netgear D7800, Netgear R7500 and so on.

Tested with:
qemu-system-aarch64 -m 1024 -smp 2 -cpu cortex-a57 -M virt -nographic \
-kernel openwrt-armvirt-64-Image-initramfs

Successfully compiled and booted.
Here goes the output:
root@OpenWrt:/# uname -a
Linux OpenWrt 5.4.82 #0 SMP Sun Dec 13 12:52:10 2020 aarch64 GNU/Linux
root@OpenWrt:/# cat /etc/openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='SNAPSHOT'
DISTRIB_REVISION='r15207-96fca0f807'
DISTRIB_TARGET='armvirt/64'
DISTRIB_ARCH='aarch64_cortex-a53'
DISTRIB_DESCRIPTION='OpenWrt SNAPSHOT r15207-96fca0f807'
DISTRIB_TAINTS='no-all'

Also, change BOARDNAME to be the same as it is in armvirt/32.

[1] https://openwrt.org/docs/techref/instructionset/aarch64_generic
[2] https://openwrt.org/docs/techref/instructionset/aarch64_cortex-a53
[3] https://openwrt.org/docs/techref/instructionset/arm_cortex-a15_neon-vfpv4

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 222dc0ad912370a620172a781a1c429dae01ab08)

6 weeks agotegra: correct cpu subtype
Tomasz Maciej Nowak [Wed, 18 Mar 2020 18:04:13 +0000 (19:04 +0100)]
tegra: correct cpu subtype

Tegra 2 processors have only 16 double-precision registers. The change
introduced by 8dcc1087602e ("toolchain: ARM: Fix toolchain compilation
for gcc 8.x") switched accidentally the toolchain for tegra target to cpu
type with 32 double-precision registers. This stems from gcc defaults
which assume "vfpv3-d32" if only "vfpv3" as mfpu is specified. That
change resulted in unusable image, in which kernel will kill userspace as
soon as it causing "Illegal instruction".

Ref: https://forum.openwrt.org/t/gcc-was-broken-on-mvebu-armada-370-device-after-commit-on-2019-03-25/43272
Fixes: 8dcc1087602e ("toolchain: ARM: Fix toolchain compilation for
gcc 8.x")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(cherry picked from commit 43d1d88510621801d66a0a7f46f4c4f44d89633a)

6 weeks agomvebu: cortexa9: correct cpu subtype
Tomasz Maciej Nowak [Wed, 18 Mar 2020 18:04:12 +0000 (19:04 +0100)]
mvebu: cortexa9: correct cpu subtype

Armada 370  processors have only 16 double-precision registers. The
change introduced by 8dcc1087602e ("toolchain: ARM: Fix toolchain
compilation for gcc 8.x") switched accidentally the toolchain for mvebu
cortexa9 subtarget to cpu type with 32 double-precision registers. This
stems from gcc defaults which assume "vfpv3-d32" if only "vfpv3" as mfpu
is specified. That change resulted in unusable image, in which kernel
will kill userspace as soon as it causing "Illegal instruction".

Ref: https://forum.openwrt.org/t/gcc-was-broken-on-mvebu-armada-370-device-after-commit-on-2019-03-25/43272
Fixes: 8dcc1087602e ("toolchain: ARM: Fix toolchain compilation for
gcc 8.x")
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(cherry picked from commit 2d61f8821c7cf99354e904139226c132554ba180)

6 weeks agoixp4xx: add missing Kconfig
Tianling Shen [Sat, 14 May 2022 06:14:23 +0000 (14:14 +0800)]
ixp4xx: add missing Kconfig

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 weeks agoixp4xx: add missing Kconfig
Tianling Shen [Sat, 14 May 2022 05:40:58 +0000 (13:40 +0800)]
ixp4xx: add missing Kconfig

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 weeks agokernel: sfp: fix build
Tianling Shen [Fri, 13 May 2022 13:05:31 +0000 (21:05 +0800)]
kernel: sfp: fix build

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 weeks agompc85xx: p1020: add missing Kconfig
Tianling Shen [Fri, 13 May 2022 11:56:49 +0000 (19:56 +0800)]
mpc85xx: p1020: add missing Kconfig

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 weeks agokernel/modules: sound: add Gateworks Avila SoC sound support for ipx4xx
Tianling Shen [Fri, 13 May 2022 11:52:46 +0000 (19:52 +0800)]
kernel/modules: sound: add Gateworks Avila SoC sound support for ipx4xx

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 weeks agokernel: generic: add missing Kconfig
Tianling Shen [Fri, 13 May 2022 11:45:38 +0000 (19:45 +0800)]
kernel: generic: add missing Kconfig

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 weeks agoramips: Deactivate NETGEAR WNCE2001 by default
Hauke Mehrtens [Sun, 29 Mar 2020 20:33:10 +0000 (22:33 +0200)]
ramips: Deactivate NETGEAR WNCE2001 by default

The root file system is getting too big for this device and this breaks
the ramips/rt305x build.

Do not build images for this board by default to fix this problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f46a3c7b14e68cc9f17c6257157c3ae42c5fb64e)

6 weeks agoocteontx: add missing Kconfig
Tianling Shen [Fri, 13 May 2022 11:27:58 +0000 (19:27 +0800)]
octeontx: add missing Kconfig

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 weeks agokernel: add missing symbol to kmod-qlcnic
Stijn Tintel [Thu, 22 Jul 2021 13:37:12 +0000 (16:37 +0300)]
kernel: add missing symbol to kmod-qlcnic

When the kmod-qlcnic package is built on targets that have
CONFIG_PCI_IOV enabled, the CONFIG_QLCNIC_SRIOV symbol is exposed.
Enable this symbol in the kmod package to fix its build.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 3cb22b277a312445bfe34f5e32626c4448f95b77)

6 weeks agokernel: qlcnic: add dependency to kmod-hwmon-core
Hauke Mehrtens [Sat, 1 May 2021 09:58:47 +0000 (11:58 +0200)]
kernel: qlcnic: add dependency to kmod-hwmon-core

QLCNIC_HWMON was activated when hwmon was set, but the dependency was
missing. This broke the build bot builds. Fix this by explicitly
activating HWMON support and adding a dependency.

Fixes: f88c64d28ccf ("kernel: netdev: add qlcnic")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 95b210e513d6d369444df41b522f749f1d848048)

6 weeks agoarmvirt: 64: add missing Kconfig
Tianling Shen [Fri, 13 May 2022 11:01:02 +0000 (19:01 +0800)]
armvirt: 64: add missing Kconfig

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 weeks agoath25: disable devices with 4M flash
Adrian Schmutzler [Sun, 6 Sep 2020 17:50:36 +0000 (19:50 +0200)]
ath25: disable devices with 4M flash

Devices with 4M flash are not built be default for 20.xx anymore.

Building them with buildbot settings does not work anymore anyway.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit ad22f6a8aae42131cadb06091c11f27571a2ce92)

6 weeks agort3883: disable build for rt-n56u by default
Tianling Shen [Fri, 8 Oct 2021 11:07:14 +0000 (19:07 +0800)]
rt3883: disable build for rt-n56u by default

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 1d1ba8d71131520de0174058e8f9d33cd21a7adc)

6 weeks agokernel: bump to 4.9.313, 4.14.278, 4.19.242
Tianling Shen [Fri, 13 May 2022 10:03:49 +0000 (18:03 +0800)]
kernel: bump to 4.9.313, 4.14.278, 4.19.242

Removed patches:
- bcm27xx/patches-4.19/950-0475-usb-xhci-Disable-the-XHCI-5-second-timeout.patch
    Should be fixed by upstream commit 1c713660c51f3bc64fc1c709ba2bfb358551f3da
      ("xhci: make xhci_handshake timeout for xhci_reset() adjustable").

Refreshed all patches.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 weeks agokernel/netdevices: i40e: depends on x86
Tianling Shen [Fri, 13 May 2022 09:57:59 +0000 (17:57 +0800)]
kernel/netdevices: i40e: depends on x86

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 weeks agokernel: Make kmod-usb-net-lan78xx depend on kmod-of-mdio
Hauke Mehrtens [Sat, 29 Jan 2022 16:32:42 +0000 (17:32 +0100)]
kernel: Make kmod-usb-net-lan78xx depend on kmod-of-mdio

kmod-usb-net-lan78xx depends on kmod-of-mdio when this package is
activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6cab21bd6d23407fb2dc4cf68015c4998839b5f7)

6 weeks agomvebu: fix build regression due to neon-asm ghash module
Christian Lamparter [Sat, 29 Feb 2020 12:57:09 +0000 (13:57 +0100)]
mvebu: fix build regression due to neon-asm ghash module

This patch fixes the regression caused by adding the NEON
variant of the ghash as the default ghash package package:

> ERROR: module '[...]/arch/arm/crypto/ghash-arm-ce.ko' is missing.
> modules/crypto.mk:286: recipe for target
>  '[...]/kmod-crypto-ghash_4.19.106-1_aarch64_cortex-a53.ipk' failed

This patch limits the scope to the ARM32/cortexa9 target of mvebu.

Fixes: 285df63efc70 ("kernel: build neon-asm version of ghash module")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 632a7b29972f0176fb621090e2bbab46a710a24c)

6 weeks agomediatek: remove crypto-hw-mtk package
Eneas U de Queiroz [Thu, 31 Mar 2022 13:38:49 +0000 (10:38 -0300)]
mediatek: remove crypto-hw-mtk package

The MediaTek's Crypto Engine module is only available for mt7623, in
which case it is built into the kernel.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
6 weeks agomtools: update to version 4.0.39
Daniel Golle [Fri, 15 Apr 2022 00:15:26 +0000 (01:15 +0100)]
mtools: update to version 4.0.39

Improvements since the 4.0.38 release are:
 - Rename strtoi to strosi (string to signed int). The strtoi
   function on BSD does something else (returns an intmax, not
   an int)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
6 weeks agolibmnl: update to 1.0.5
Nick Hainke [Tue, 5 Apr 2022 13:01:43 +0000 (15:01 +0200)]
libmnl: update to 1.0.5

Changes:

Duncan Roe (5):
      nlmsg: Fix a missing doxygen section trailer
      build: doc: "make" builds & installs a full set of man pages
      build: doc: get rid of the need for manual updating of Makefile
      build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
      src: doc: Fix messed-up Netlink message batch diagram

Fernando Fernandez Mancera (1):
      src: fix doxygen function documentation

Florian Westphal (1):
      libmnl: zero attribute padding

Guillaume Nault (1):
      callback: mark cb_ctl_array 'const' in mnl_cb_run2()

Kylie McClain (1):
      examples: nfct-daemon: Fix test building on musl libc

Laura Garcia Liebana (4):
      examples: add arp cache dump example
      examples: fix neigh max attributes
      examples: fix print line format
      examples: reduce LOCs during neigh attributes validation

Pablo Neira Ayuso (3):
      doxygen: remove EXPORT_SYMBOL from the output
      include: add MNL_SOCKET_DUMP_SIZE definition
      build: libmnl 1.0.5 release

Petr Vorel (1):
      examples: Add rtnl-addr-add.c

Stephen Hemminger (1):
      examples: rtnl-addr-dump: fix typo

igo95862 (1):
      doxygen: Fixed link to the git source tree on the website.

Signed-off-by: Nick Hainke <vincent@systemli.org>
6 weeks agolibnfnetlink: update to 1.0.2
Nick Hainke [Tue, 5 Apr 2022 13:26:24 +0000 (15:26 +0200)]
libnfnetlink: update to 1.0.2

Changes:

c63f193 bump version to 1.0.2
3cffa84 libnfnetlink: Check getsockname() return code
90ba679 include: Silence gcc warning in linux_list.h
bb4f6c8 Make it clear that this library is deprecated
e46569c Minimally resurrect doxygen documentation
5087de4 libnfnetlink: hide private symbols
62ca426 autogen: don't convert __u16 to u_int16_t
efa1d8e src: Use stdint types everywhere
7a1a07c include: Sync with kernel headers
7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings
94b68f3 configure: uclinux is also linux
617fe82 src: get source code license header in sync with current licensing terms
97a3960 build: resolve automake-1.12 warnings

Removed the patch 100-missing_include.patch, libnfnetlink compiles fine
with musl without this patch.

Signed-off-by: Nick Hainke <vincent@systemli.org>
7 weeks agoscripts/download.pl: drop broken mirror
Tianling Shen [Fri, 6 May 2022 14:10:58 +0000 (22:10 +0800)]
scripts/download.pl: drop broken mirror

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 02edeb14690c14bd7021b4be2270286bb4bb9108)

7 weeks agox86: drop duplicate sets
Tianling Shen [Mon, 2 May 2022 08:32:48 +0000 (16:32 +0800)]
x86: drop duplicate sets

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7014ff8199b296917c4957da37999db6adec58a6)

7 weeks agor8168: bump to 8.050.00
ZiMing Mo [Wed, 4 May 2022 09:20:06 +0000 (17:20 +0800)]
r8168: bump to 8.050.00

Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
(cherry picked from commit 662ff61b56101dbe3e7f8c4654cd4b8439d14120)

7 weeks agobase-files: simplify restorecon logic
Daniel Golle [Mon, 2 May 2022 20:07:16 +0000 (21:07 +0100)]
base-files: simplify restorecon logic

Remove forgotten redundant selinuxenabled call and skip the whole
thing in case $IPKG_INSTROOT is set as labels are anyway applied only
later on in fakeroot when squashfs is created.

Fixes: 6d7272852e ("base-files: add missing $IPKG_INSTROOT to restorecon call")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 7b07c3cff57f057d6780d34adeb23c06123732db)

7 weeks agoselinux-policy: update to version 1.1
Dominick Grift [Sat, 16 Apr 2022 13:10:39 +0000 (15:10 +0200)]
selinux-policy: update to version 1.1

try to clean up some labeling inconsistencies
iwinfo loose ends
ucode loose ends
Makefile: adjust mintesttgt (adds blockmount/blockd)
nftables: reads inherited netifd pipe
ucode: reads inherited netifd pipes
mountroot: fowner
sandbox: writes inherited dropbear pipes
unbound related to /tmp/etc/ssl
unbound loose ends
adds a sslconftmpfile for /tmp/etc/ssl
README: maintain a wish list in the README
iwinfo: netifd forgot write
gptfdisk loose ends
iwinfo: netifd wpad reads/writes inherited netifd fifo files
netifd (mac80211.sh) executes iwinfo
luci: executes wireguard
luci-cgi: audits xtables execute access
rcuhttpd: lists ssl certfile dirs
iwinfo, wifi,nftables usage of ttyd pty if available
urandomseed: seedrng needs cap_sys_admin
iwinfo iwinfo, nftables and some chronyd rules related to ntp nts server
nftables, wifi and adds iwinfo skel
nftables, rpcd, ucode
nftables, ucode and seedrng ucode, fw3/nftables, luci
adds ucode skel and some fw3/nftables related
urandomseed: some seedrng rules
fw3 adds some support for fw4
urandomseed: /etc/seedrng is for seed.credit
hotplugcal: runs ucode which is interpreter like
adds a nftables skeleton and makes xtables optional
agent: allow all agents to write inherited dropbear pipes
urandomseed: this seems to be replaced by seedrng
kmodloader: label /etc/modules.conf kmodloader.conffile
Revert "shelexecfile: remove auditallow rule"
Makefile: sort the modules to process by secilc
Moves back to git.defensec.nl
unbound odhcpd (ip) reads net proc
tcp dump
shelexecfile: remove auditallow rule
rrd.cil: fixes indent
Target rddtool from cgi-io instead of runnit it without transition
rrd.cil related
rrd, rpcd, cgiio clean ups related to luci-app-statistics
Rules for rrd files and luci-statistics
unboundcontrol ordering
Several missing permissions
blockmount, dnsmasq, hotplugcall, rpcd, unbound
adds mctp_socket (linux 5.15)
ip: forgot tc-tiny type transition to go along with the fc spec
ip: adds a fc spec for tc-tiny (called by sqm)
adds ttyACM fc spec and various assorted loose ends
.gitattributes: do not export the github workflows
workflow use selinux 3.3

project moved back to https://git.defensec.nl/selinux-policy.git

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 43794570986e33770d9039399d16a665f6c7c495)

7 weeks agobase-files: add missing $IPKG_INSTROOT to restorecon call
Daniel Golle [Mon, 2 May 2022 18:58:56 +0000 (19:58 +0100)]
base-files: add missing $IPKG_INSTROOT to restorecon call

Update to overlooked v2 version of Dominick Grift's patch.

Fixes: 5109bd164c ("base-files: address sed in-place without SELinux awareness")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6d7272852e0b2634b2fa93a131ea8659ec87f079)

7 weeks agobase-files: address sed in-place without SELinux awareness
Dominick Grift [Sun, 1 May 2022 17:54:04 +0000 (19:54 +0200)]
base-files: address sed in-place without SELinux awareness

sed(1) in busybox does not support this functionality:
https://git.savannah.gnu.org/cgit/sed.git/tree/sed/execute.c#n598

This causes /etc/group to become mislabeled when a package requests
that a uid/gid be added on OpenWrt with SELinux

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[move restorecon inside lock]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 5109bd164c8f2273329483f990188fb36cf3ad68)

7 weeks agomdadm: update to 4.2
Nick Hainke [Sun, 10 Apr 2022 07:00:59 +0000 (09:00 +0200)]
mdadm: update to 4.2

Refreshed patches:
- 100-cross_compile.patch

Manually refreshed patches:
- 200-reduce_size.patch

Removed patches:
- 101-mdadm.h-Undefine-dprintf-before-redefining.patch
- 102-Add-missing-include-file-sys-sysmacros.h.patch

Changes:

 e30ca260 Release mdadm-4.2
 8c80d305 Monitor: print message before quit for no array to monitor
 ced5fa8b mdadm: block creation with long names
 b71de056 Correct checking if file descriptors are valid
 b2e4f084 Incremental: Close unclosed mdfd in IncrementalScan()
 195d1d76 imsm: assert if there is migration but prev_map doesn't exist
 75f3ba25 imsm: free allocated memory in imsm_fix_size_mismatch
 bce0eab3 Release mdadm-4.2-rc3
 4389ce73 imsm: introduce helpers to manage file descriptors
 8e1a258e mdadm/Detail: Can't show container name correctly when unpluging disks
 a35aa68f mdadm/lib: Define a new helper function is_dev_alived
 1c66260d Fix 2 dc stream buffer
 d64a37b9 Assemble: apply sysfs rules
 5f6dedfb Fix potential overlap dest buffer
 a0422106 disallow create or grow clustered bitmap with writemostly set
 cf16a350 Fix buffer size warning for strcpy
 60815698 Refactor parse_num and use it to parse optarg.
 f7889e51 Fix error message when creating raid 4, 5 and 10
 54604768 mdadm: fix coredump of mdadm --monitor -r
 feeb2785 Utils: Change sprintf to snprintf
 b8bbf264 Release mdadm-4.2-rc2
 e6878148 Assemble: skip devices that don't match uuid instead of aborting the assembly.
 0663137c Add monitor delay parameter to mdadm.conf
 2b2c5668 tests: Avoid passing chunk size when creating RAID 1
 7d374a18 Fix memory leak after "mdadm --detail"
 92a647c8 Assemble: start dirty and degraded array.
 1c275381 imsm: fix num_data_stripes after raid0 takeover
 5b30a34a Add error handling for chunk size in RAID1
 3a85bf0e imsm: Fix possible memory leaks and refactor freeing struct dl
 ccd61ebf mdadm: Fix building errors
 601ffa78 Don't associate spares with other arrays during RAID Examine
 8d69bf14 Remove Spare drives line from details for external metadata
 7d8935cb imsm: correct offset for 4k disks in --examine output
 dca80fcd Use dev_open in validate geometry container
 f421731c mdadm/super1: It needs to specify int32 for bitmap_offset
 1f5d54a0 Manage: Call validate_geometry when adding drive to external container
 8662f92d imsm: Limit support to the lowest namespace
 fcebeb77 imsm: add devpath_to_char method
 7c798f87 imsm: add generic method to resolve "device" links
 0530e2e0 Prevent user from using --stop with ambiguous args
 83b3de77 Fix some building errors
 ff904202 imsm: change wrong size verification
 c11b1c3c Release mdadm-4.2-rc1
 aec01630 super-intel.c: Handle errors from calls to get_dev_sector_size()
 78c93b00 mdadm: fix growing containers
 af3396da Monitor: make libudev dependency optional
 f94df5cf imsm: support for third Sata controller
 d835518b imsm: nvme multipath support
 4036e7ee imsm: extend curr_migr_unit to u64
 bdbe7f81 Grow: Block reshape when external metadata and write-intent bitmap
 848d71c9 Create: Block automatic enabling bitmap for external metadata
 19ad203e imsm: Update-subarray for write-intent bitmap
 dc95f821 Add "bitmap" to allowed command-line values
 69d40de4 imsm: Adding a spare to an existing array with bitmap
 fbc42556 imsm: Write-intent bitmap support
 b554ab5c Enable bitmap support for external metadata
 b090e910 Modify mdstat parsing for volumes with the bitmap
 db537788 It should be FAILED when raid has not enough active disks
 c7b8547c imsm: add verbose flag to compare_super
 49b69533 mdmonitor: check if udev has finished events processing
 0d583954 Document PPL in man md
 2f86fda3 imsm: use saved fds during migration
 f7a6246b super1.c: avoid useless sync when bitmap switches from clustered to none
 e6561c4d super1: fix Floating point exception
 8818d4e7 Grow: be careful of corrupt dev_roles list
 4ae96c80 mdadm: fix reshape from RAID5 to RAID6 with backup file
 1fe2e100 mdadm/bitmap: locate bitmap calcuate bitmap position wrongly
 75562b57 Dump: get stat from a wrong metadata file when restoring metadata
 69068584 Incremental: Remove redundant spare movement logic
 a64f1263 udev: start grow service automatically
 b4a5ad49 Make target to install binaries only
 9c030dad mdadm/Detail: show correct state for clustered array
 ff6bb131 mdadm: Unify forks behaviour
 a8f3cfd5 imsm: limit support to first NVMe namespace
 ca4b156b Monitor: don't use default modes when creating a file
 b65c1f4a imsm: remove redundant calls to imsm_get_map
 895ffd99 imsm: update num_data_stripes according to dev_size
 ce559078 Create.c: close mdfd and generate uevent
 c3129b39 Detail: fix segfault during IMSM raid creation
 97b51a2c Super1: allow RAID0 layout setting to be removed.
 7f3b2d1d Check if other Monitor instance running before fork.
 cab9c67d mdmonitor: set small delay once
 007087d0 Monitor: stop notifing about containers.
 e2308733 Monitor: refresh mdstat fd after select
 2ce09172 Don't create bitmap for raid5 with journal disk
 64bf4dff Detail: show correct raid level when the array is inactive
 5f418455 manual: update --examine-badblocks
 5e592e1e mdadm/md.4: update path to in-kernel-tree documentation
 138a9e9b Specify nodes number when updating cluster nodes
 77b72fa8 mdadm/Grow: prevent md's fd from being occupied during delayed time
 bcf40dbb Update link to Intel page for IMSM
 8e41153c Use more secure HTTPS URLs
 2cf04330 Detect too-small device: error rather than underflow/crash
 7758ada9 Block overwriting existing links while manual assembly
 d92cee7b restripe: fix ignoring return value of ‘read’ and lseek
 7d90f760 Include count for \0 character when using strncpy to implement strdup.
 f4c8a605 uuid.c: split uuid stuffs from util.c
 03ab9763 Makefile: add EXTRAVERSION support
 3b7aae92 mdcheck: Log when done
 7b99edab Assemble.c: respect force flag.
 ec7d7cee clean up meaning of small typo
 5cfb79de Assemble: print error message if mdadm fails assembling with --uuid option
 12724c01 Manage, imsm: Write metadata before add
 1c294b5d Detail: adding sync status for cluster device
 185ec439 Monitor: improve check_one_sharer() for checking duplicated process
 e1b92ee0 udev: Ignore change event for imsm
 ba1b3bc8 imsm: show Subarray and Volume ID in --examine output
 e48aed3c imsm: support the Array Creation Time field in metadata
 9e449405 Detail: show correct bitmap info for cluster raid device
 06a6101c imsm: Correct minimal device size.
 45c43276 imsm: Remove --dump/--restore implementation
 3364781b imsm: pass subarray id to kill_subarray function
 fd38b8ea Remove the legacy whitespace
 2551061c mdadm.8: add note information for raid0 growing operation
 1e93d0d1 imsm: fill working_disks according to metadata.
 42e641ab Add support for Tebibytes
 4431efeb imsm: Update grow manual.
 e1512e7b mdcheck service can't start succesfully because of syntax error
 1a874930 Change warning message
 aced6fc9 Respect $(CROSS_COMPILE) when $(CC) is the default
 027c099f Assemble: add support for RAID0 layouts.
 329dfc28 Create: add support for RAID0 layouts.
 6da53c0e imsm: Change the way of printing nvme drives in detail-platform.
 b771faef imsm: return correct uuid for volume in detail
 4b31846f Remove unused code
 9cf361f8 Fix up a few formatting issues
 02af3793 Remove last traces of HOT_ADD_DISK
 1cc3965d Manage: Remove the legacy code for md driver prior to 0.90.03
 761e3bd9 super-intel: don't mark structs 'packed' unnecessarily
 85b83a79 SUSE-mdadm_env.sh: handle MDADM_CHECK_DURATION
 4ca799c5 mdcheck: use ${} to pass variable to mdcheck
 6636788a mdcheck: when mdcheck_start is enabled, enable mdcheck_continue too.
 1a1ced1e imsm: allow to specify second volume size
 b6180160 imsm: save current_vol number
 7bd59e79 udev: allow for udev attribute reading bug.
 61109314 Don't need to check recovery after re-add when no I/O writes to raid
 8063fd0f Init devlist as an array
 e53cb968 mdadm/md.4: add the descriptions for bitmap sysfs nodes
 2c2d9c48 mdadm: force a uuid swap on big endian
 43ebc910 mdadm: Introduce new array state 'broken' for raid0/linear
 fd5b09c9 mdadm: check value returned by snprintf against errors
 91c97c54 imsm: close removed drive fd.
 1a52f1fc udev: add --no-devices option for calling 'mdadm --detail'
 d11abe4b mdadm: add --no-devices to avoid component devices detail information
 452dc4d1 mdadm.h: include sysmacros.h unconditionally
 b0681598 mdadm: load default sysfs attributes after assemblation
 486720e0 super-intel: Use put_unaligned in split_ull
 7039d1f8 mdadm.h: Introduced unaligned {get,put}_unaligned{16,32}()
 a4f7290c super-intel: Fix issue with abs() being irrelevant
 4ec389e3 Enable probe_roms to scan more than 6 roms.
 ae7d61e3 mdmon: fix wrong array state when disk fails during mdmon startup
 3c9b46cf udev: Add udev rules to create by-partuuid for md device
 22dc741f Create: Block rounding size to max
 05501181 imsm: fix spare activation for old matrix arrays
 227aeaa8 add missing units to --examine
 2b57e4fe Assemble: Fix starting array with initial reshape checkpoint
 d2e11da4 mdmon: wait for previous mdmon to exit during takeover
 69d08478 mdmon: don't attempt to manage new arrays when terminating
 76b906d2 mdadm/tests: add one test case for failfast of raid1
 cab114c5 Fix reshape for decreasing data offset
 e3615ecb Detail.c: do not skip first character when calling xstrdup in Detail()
 ebf3be99 Fix spelling typos.
 9f421827 imsm: fix reshape for >2TB drives
 a4e96fd8 imsm: finish recovery when drive with rebuild fails
 757e5543 policy.c: Fix for compiler error
 467e6a1b policy.c: prevent NULL pointer referencing
 76d505de Grow: report correct new chunk size.
 085df422 Grow: avoid overflow in compute_backup_blocks()
 563ac108 Assemble: mask FAILFAST and WRITEMOSTLY flags when finding the most recent device
 d7a1fda2 imsm: update metadata correctly while raid10 double degradation
 7cd7e91a Monitor: add system timer to run --oneshot periodically
 4199d3c6 mdcheck: add systemd unit files to run mdcheck.
 cd72f9d1 policy: support devices with multiple paths.
 6b611284 Document PART-POLICY lines
 0833f9c3 Assemble: keep MD_DISK_FAILFAST and MD_DISK_WRITEMOSTLY flag

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit ab4eafbed974c6ead13b11a50b3032670c26540a)

7 weeks agof2fs-tools: fix resize.f2fs (#9800)
Kerma Gérald [Thu, 28 Apr 2022 22:08:09 +0000 (00:08 +0200)]
f2fs-tools: fix resize.f2fs (#9800)

resolve issue
- https://github.com/openwrt/openwrt/issues/9800
add the upstream patch:
- f2fs-tools.git/patch/?id=f056fbeff08d30a6d9acdb9e06704461ceee3500

Signed-off-by: Kerma Gérald <gandalf@gk2.net>
(cherry picked from commit 1aac1b36d3cf44c8bfa8d4a6d8df6e815fc06529)