OSDN Git Service

immortalwrt/immortalwrt.git
27 hours agoipq40xx: add RT-AC2200 alternative name to RT-AC42U/RT-ACRH17 openwrt-21.02
Ray Wang [Mon, 4 Apr 2022 02:29:18 +0000 (10:29 +0800)]
ipq40xx: add RT-AC2200 alternative name to RT-AC42U/RT-ACRH17

RT-AC2200 is the same device with a different name. The OEM firmwares have the same MD5.

Signed-off-by: Ray Wang <raywang777@foxmail.com>
(cherry picked from commit 3204906569768cabcbedb5eaa3a11e2fcb18cd48)

27 hours agoipq40xx: rename RT-AC42U WLAN/LAN LEDs
Sungbo Eo [Sun, 16 Jan 2022 16:55:37 +0000 (01:55 +0900)]
ipq40xx: rename RT-AC42U WLAN/LAN LEDs

Assign LED numbers properly by adding function-enumerator property in DTS.

While at it, remove default trigger of LAN LEDs as it will be handled in
01_leds anyway.

Fixes: 51b9aef553a8 ("ipq40xx: add support for ASUS RT-ACRH17/RT-AC42U")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 266b5c83c32c13dbd05f0d6f251815cbe6f55621)

27 hours agoipq40xx: add support for ASUS RT-ACRH17/RT-AC42U
Joshua Roys [Thu, 30 Dec 2021 20:25:03 +0000 (15:25 -0500)]
ipq40xx: add support for ASUS RT-ACRH17/RT-AC42U

SOC: IPQ4019
CPU: Quad-core ARMv7 Processor [410fc075] revision 5 (ARMv7), cr=10c5387d
DRAM: 256 MB
NAND: 128 MiB Macronix MX30LF1G18AC
ETH: Qualcomm Atheros QCA8075 Gigabit Switch (4x LAN, 1x WAN)
USB: 1x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1: Qualcomm Atheros QCA4019 2.4GHz 802.11bgn 2x2:2
WLAN2: Qualcomm Atheros QCA9984 5GHz 802.11nac 4x4:4
INPUT: 1x WPS, 1x Reset
LEDS: Status, WIFI1, WIFI2, WAN (red & blue), 4x LAN

This board is very similar to the RT-ACRH13/RT-AC58U. It must be flashed
with an intermediary initramfs image, the jffs2 ubi volume deleted, and
then finally a sysupgrade with the final image performed.

Signed-off-by: Joshua Roys <roysjosh@gmail.com>
(added ALT0)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 51b9aef553a82cbc80c12e13a4011d4d2e29fde4)

4 days agowolfssl: disable AES-NI by default for x86_64
Eneas U de Queiroz [Tue, 21 Jun 2022 18:21:44 +0000 (15:21 -0300)]
wolfssl: disable AES-NI by default for x86_64

WolfSSL is crashing with an illegal opcode in some x86_64 CPUs that have
AES instructions but lack other extensions that are used by WolfSSL
when AES-NI is enabled.

Disable the option by default for now until the issue is properly fixed.
People can enable them in a custom build if they are sure it will work
for them.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0bd536723303ccd178e289690d073740c928bb34)

8 days agor8125: bump to 9.009.01-1
Tianling Shen [Wed, 22 Jun 2022 22:13:04 +0000 (06:13 +0800)]
r8125: bump to 9.009.01-1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 838f97a5f840a2d5cf73bfe252dcf0e3d63c62ed)

9 days agor8152: bump to 2.16.1
Tianling Shen [Tue, 21 Jun 2022 15:51:16 +0000 (23:51 +0800)]
r8152: bump to 2.16.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 51333e4cf5be36b5936e48add71a60423906c19a)

10 days agoMerge Official Source
Tianling Shen [Mon, 20 Jun 2022 20:40:03 +0000 (04:40 +0800)]
Merge Official Source

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
11 days agoramips: fix booting on ZyXEL NBG-419N v2
Piotr Dymacz [Mon, 23 May 2022 15:50:19 +0000 (17:50 +0200)]
ramips: fix booting on ZyXEL NBG-419N v2

This fixes a well known "LZMA ERROR 1" error, reported previously on
numerous of other devices from 'ramips' target.

Fixes: #9842
Fixes: #8964

Reported-by: Juergen Hench <jurgen.hench@gmail.com>
Tested-by: Juergen Hench <jurgen.hench@gmail.com>
Signed-off-by: Demetris Ierokipides <ierokipides.dem@gmail.com>
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit fd72e595c2b2a46bab8cbc7e9415fbfeae7b5b0d)

11 days agomediatek: mt7623: fixes kconfig for hwcrypto
Chukun Pan [Fri, 10 Jun 2022 15:54:40 +0000 (23:54 +0800)]
mediatek: mt7623: fixes kconfig for hwcrypto

The MediaTek's Crypto Engine driver has been replaced with the upstream
Inside Secure's SafeXcel cryptographic engine driver, however kconfig
has not been changed accordingly, this commit fixes it.

Fixes: 127ad76 ("mediatek: switch over to extended upstream eip97
driver")

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
11 days agomediatek: remove crypto-hw-mtk package
Eneas U de Queiroz [Thu, 31 Mar 2022 13:38:49 +0000 (10:38 -0300)]
mediatek: remove crypto-hw-mtk package

The MediaTek's Crypto Engine module is only available for mt7623, in
which case it is built into the kernel.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 3f2d0703b60357e3ff1865783335be9f51528eb8)

11 days agodefault-settings: update tencent ntp server
MkQtS [Sat, 18 Jun 2022 15:15:06 +0000 (23:15 +0800)]
default-settings: update tencent ntp server

see tencentyun's doc [1]

1. https://github.com/tencentyun/qcloud-documents/blob/master/product/%E8%AE%A1%E7%AE%97%E4%B8%8E%E7%BD%91%E7%BB%9C/%E4%BA%91%E6%9C%8D%E5%8A%A1%E5%99%A8/%E6%9C%80%E4%BD%B3%E5%AE%9E%E8%B7%B5/NTP%20%E6%9C%8D%E5%8A%A1/%E8%85%BE%E8%AE%AF%E4%BA%91%20NTP%20%E6%9C%8D%E5%8A%A1.md

(cherry picked from commit 0688e346d06452508345ec92e88bf6d2876e7b52)

12 days agoramips: fix RT-AC57U button level
David Bauer [Sat, 18 Jun 2022 18:46:33 +0000 (20:46 +0200)]
ramips: fix RT-AC57U button level

Both buttons on the RT-AC57U are active-low. Fix the GPIO flag for the
WPS cutton to fix button behavior.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 535b0c70b1c466733b009144f81f5207f1ecd311)

13 days agor8168: bump to 8.050.03
Tianling Shen [Fri, 17 Jun 2022 17:03:08 +0000 (01:03 +0800)]
r8168: bump to 8.050.03

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit f3002993d248a8b5d50c71d3e4a0173cd4266e64)

2 weeks agotools/ninja: update to 1.11.0
Rosen Penev [Tue, 17 May 2022 00:21:48 +0000 (17:21 -0700)]
tools/ninja: update to 1.11.0

Updated patchset to latest.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit a7be143646db9365f6ac8d5749a2dfef805789cb)

2 weeks agomtk-eip93: bump to latest git HEAD
AmadeusGhost [Tue, 26 Apr 2022 15:19:01 +0000 (23:19 +0800)]
mtk-eip93: bump to latest git HEAD

(cherry picked from commit 7fc2fd764114b639a59609442d3b1fbc42a9a1f6)

2 weeks agoexfat: Update to 5.19.1
Tianling Shen [Fri, 10 Jun 2022 21:42:50 +0000 (05:42 +0800)]
exfat: Update to 5.19.1

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit e72122a460e5e05bc548cd6846f018ad148d938c)

2 weeks agosunxi/cortexa53: enable armv8-CE crypto algorithms
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
sunxi/cortexa53: enable armv8-CE crypto algorithms

This enables armv8 crypto extensions version of AES, GHASH, SHA1, and
CRC T10 algorithms in the kernel.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 9be35180f43a4916f53430d8c93437d33896e860)

2 weeks agoocteontx: add armv8-CE version of CRC T10
Eneas U de Queiroz [Wed, 20 Apr 2022 19:23:47 +0000 (16:23 -0300)]
octeontx: add armv8-CE version of CRC T10

Adds the crypto extensions version of the CRC T10 algorithm that is
already built into the kernel.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 1b94e4aab8ddbe5719f1e859e064c1c5dfa4587f)

2 weeks agomvebu/cortexa72: enable armv8-CE crypto algos
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
mvebu/cortexa72: enable armv8-CE crypto algos

This enables armv8 crypto extensions version of AES, GHASH, SHA1,
SHA256, and SHA512 algorithms in the kernel.

The choice of algorithms match the 32-bit versions that are enabled in
the target config-5.10 file, but were only used by the cortexa9
subtarget.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 06bb5ac1f2b62c3e10f24d7096e86f6368aaf41d)

2 weeks agomvebu/cortexa53: enable armv8-CE crypto algos
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
mvebu/cortexa53: enable armv8-CE crypto algos

This enables armv8 crypto extensions version of AES, GHASH, SHA1,
SHA256, and SHA512 algorithms in the kernel.

The choice of algorithms match the 32-bit versions that are enabled in
the target config-5.10 file, but were only used by the cortexa9
subtarget.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit f5167e11bf7e0a1a3675f0563423254005d0eb2d)

2 weeks agolayerscape/armv8_64b: enable armv8-CE crypto algos
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
layerscape/armv8_64b: enable armv8-CE crypto algos

This enables armv8 crypto extensions version of AES, GHASH, SHA256 and
CRC T10 algorithms in the kernel.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit eb33232420ea2537d8302d5ec121eed03db474d1)

2 weeks agobcm4908: enable armv8-CE crypto algorithms
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
bcm4908: enable armv8-CE crypto algorithms

This enables armv8 crypto extensions version of AES and GHASH algorithms
in the kernel.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit b2cb87bc98e8d7b5f29899b8b966990e200cfe44)

2 weeks agobcm27xx/bcm2711: enable asm crypto algorithms
Eneas U de Queiroz [Tue, 17 May 2022 15:06:12 +0000 (12:06 -0300)]
bcm27xx/bcm2711: enable asm crypto algorithms

This enables arm64/neon version of AES, SHA256 and SHA512 algorithms in
the kernel.  bcm2711 does not support armv8 crypto extensions, so they
are not included.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7b6beb7489c750c0613153822ec1d5ba8a9ab388)

2 weeks agobcm27xx/bcm2710: enable asm crypto algorithms
Eneas U de Queiroz [Tue, 17 May 2022 15:00:41 +0000 (12:00 -0300)]
bcm27xx/bcm2710: enable asm crypto algorithms

This enables arm64/neon version of AES, SHA256 and SHA512 algorithms in
the kernel.  bcm2710 does not support armv8 crypto extensions, so they
are not included.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 38ebb210a9f4895cfade3580815d5c9a3eb1b7e4)

2 weeks agombedtls: mark as nonshared
Tianling Shen [Fri, 10 Jun 2022 16:25:22 +0000 (00:25 +0800)]
mbedtls: mark as nonshared

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 48383c2847dae61d81069315bcfbbc468a61c4cd)

2 weeks agowolfssl: enable CPU crypto instructions
Eneas U de Queiroz [Tue, 19 Apr 2022 15:02:09 +0000 (12:02 -0300)]
wolfssl: enable CPU crypto instructions

This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures.  Add this to the hardware acceleration choice, since they
can't be enabled at the same time.

The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them.  There is no run-time detection of this for arm.

NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0a2edc2714dcda10be902c32525723ce2cbcb138)

2 weeks agowolfssl: add benchmark utility
Eneas U de Queiroz [Tue, 19 Apr 2022 21:23:05 +0000 (18:23 -0300)]
wolfssl: add benchmark utility

This packages the wolfssl benchmark utility.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 18fd12edb810f9dfbf8410bb81f639df052134cb)

2 weeks agowolfssl: don't change ABI because of hw crypto
Eneas U de Queiroz [Mon, 25 Apr 2022 12:09:23 +0000 (09:09 -0300)]
wolfssl: don't change ABI because of hw crypto

Enabling different hardware crypto acceleration should not change the
library ABI.  Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 677774d445ced1a56e73fe62df47b4eb66441721)

3 weeks agorealtek: Remove dnsmasq and odhcpd-ipv6only from default
Hauke Mehrtens [Fri, 25 Mar 2022 12:57:40 +0000 (13:57 +0100)]
realtek: Remove dnsmasq and odhcpd-ipv6only from default

Do not include the dnsmasq and odhcpd-ipv6only package by default any
more. These services are not needed on a switch. If someone needs this
it is still possible to use opkg or image builder to add them.

This decreases the compressed image size by about 165KBytes.

Tested-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2acebbdcaafbdfd3f677052c28bc0af04c6b5ab8)

3 weeks agodnsmasq: enable cache by default
Tianling Shen [Fri, 3 Jun 2022 15:13:26 +0000 (23:13 +0800)]
dnsmasq: enable cache by default

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 3272539aaa6b0b284c01594c188adf8a13ed679b)

4 weeks agokernel: check dst of flow offloading table
Ritaro Takenaka [Wed, 25 May 2022 06:55:48 +0000 (15:55 +0900)]
kernel: check dst of flow offloading table

Flow offload dst can become invalid after the route cache is created.
dst_check() in packet path is necessary to prevent packet drop.

Signed-off-by: Ritaro Takenaka <ritarot634@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agotools/cmake: update to 3.21.6
Tianling Shen [Tue, 31 May 2022 10:13:58 +0000 (18:13 +0800)]
tools/cmake: update to 3.21.6

Refreshed patches.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agotools/cmake: update to 3.21.3
Rosen Penev [Tue, 5 Oct 2021 01:30:33 +0000 (18:30 -0700)]
tools/cmake: update to 3.21.3

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 297cb8c147fe66503c3772fdf46caa01ee2fb161)

4 weeks agotools/cmake: fix download url
leo chung [Thu, 31 Mar 2022 02:58:29 +0000 (10:58 +0800)]
tools/cmake: fix download url

fix the cmake.org download url

Signed-off-by: leo chung <gewalalb@gmail.com>
(cherry picked from commit 56f091d4677feb693d37959a3fa4af845dcce82e)

4 weeks agotools/cmake: add MAKE config variable
Rosen Penev [Thu, 10 Feb 2022 01:15:14 +0000 (17:15 -0800)]
tools/cmake: add MAKE config variable

Makes sure that Ninja from staging_dir is used and nowhere else.

Reported by reproducible builds project. Builds have been failing ever
since tools/cmake started using Ninja.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0d25db7f17efbf5ab539508dd0a5d1eb739a1c43)

4 weeks agotools/cmake: update to 3.21.2
Rosen Penev [Thu, 2 Sep 2021 02:32:36 +0000 (19:32 -0700)]
tools/cmake: update to 3.21.2

Refreshed patches.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit eef7f9ea37366c93039b386ca8e438b26a199214)

4 weeks agotools/cmake: update to 3.20.3 + build with Ninja
Rosen Penev [Fri, 18 Jun 2021 06:08:50 +0000 (23:08 -0700)]
tools/cmake: update to 3.20.3 + build with Ninja

Compile with Ninja. Ninja compiles faster and is more stable with
parallel builds. Routines copied from cmake.mk.

Speed improves from:

Executed in 127.47 secs fish external
usr time 17.02 mins 446.00 micros 17.02 mins
sys time 1.18 mins 40.00 micros 1.18 mins

to:

Executed in 118.91 secs fish external
usr time 17.28 mins 499.00 micros 17.28 mins
sys time 1.13 mins 45.00 micros 1.13 mins

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 5cff6c1abbcb134395bbe032cb5ea9d1c74ec891)

4 weeks agofirewall: dos2unix
Tianling Shen [Sun, 29 May 2022 09:54:31 +0000 (17:54 +0800)]
firewall: dos2unix

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
4 weeks agoinclude/cmake.mk: add support for overriding the host install prefix
Felix Fietkau [Tue, 2 Nov 2021 17:08:47 +0000 (18:08 +0100)]
include/cmake.mk: add support for overriding the host install prefix

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit a6a9f9be278e718f3f8a5cb7640dd8035cc802b9)

4 weeks agoinclude/cmake.mk: fix host builds with CMAKE_BINARY_SUBDIR
Felix Fietkau [Sun, 17 Oct 2021 15:01:23 +0000 (17:01 +0200)]
include/cmake.mk: fix host builds with CMAKE_BINARY_SUBDIR

Use it in the same way as for target builds

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 1c07eab9f81f1ee99cc2ae36596bda81c12d5dbc)

5 weeks agotarget: use wpad-basic-openssl by default
Tianling Shen [Wed, 25 May 2022 14:38:44 +0000 (22:38 +0800)]
target: use wpad-basic-openssl by default

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
5 weeks agofirewall3: fix locking issue
ZiMing Mo [Wed, 25 May 2022 08:13:40 +0000 (16:13 +0800)]
firewall3: fix locking issue

5 weeks agolibmnl: update to 1.0.5
Nick Hainke [Tue, 5 Apr 2022 13:01:43 +0000 (15:01 +0200)]
libmnl: update to 1.0.5

Changes:

Duncan Roe (5):
      nlmsg: Fix a missing doxygen section trailer
      build: doc: "make" builds & installs a full set of man pages
      build: doc: get rid of the need for manual updating of Makefile
      build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
      src: doc: Fix messed-up Netlink message batch diagram

Fernando Fernandez Mancera (1):
      src: fix doxygen function documentation

Florian Westphal (1):
      libmnl: zero attribute padding

Guillaume Nault (1):
      callback: mark cb_ctl_array 'const' in mnl_cb_run2()

Kylie McClain (1):
      examples: nfct-daemon: Fix test building on musl libc

Laura Garcia Liebana (4):
      examples: add arp cache dump example
      examples: fix neigh max attributes
      examples: fix print line format
      examples: reduce LOCs during neigh attributes validation

Pablo Neira Ayuso (3):
      doxygen: remove EXPORT_SYMBOL from the output
      include: add MNL_SOCKET_DUMP_SIZE definition
      build: libmnl 1.0.5 release

Petr Vorel (1):
      examples: Add rtnl-addr-add.c

Stephen Hemminger (1):
      examples: rtnl-addr-dump: fix typo

igo95862 (1):
      doxygen: Fixed link to the git source tree on the website.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit c3b738933981de601389794152534628b04555dc)

5 weeks agolibnfnetlink: update to 1.0.2
Nick Hainke [Tue, 5 Apr 2022 13:26:24 +0000 (15:26 +0200)]
libnfnetlink: update to 1.0.2

Changes:

c63f193 bump version to 1.0.2
3cffa84 libnfnetlink: Check getsockname() return code
90ba679 include: Silence gcc warning in linux_list.h
bb4f6c8 Make it clear that this library is deprecated
e46569c Minimally resurrect doxygen documentation
5087de4 libnfnetlink: hide private symbols
62ca426 autogen: don't convert __u16 to u_int16_t
efa1d8e src: Use stdint types everywhere
7a1a07c include: Sync with kernel headers
7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings
94b68f3 configure: uclinux is also linux
617fe82 src: get source code license header in sync with current licensing terms
97a3960 build: resolve automake-1.12 warnings

Removed the patch 100-missing_include.patch, libnfnetlink compiles fine
with musl without this patch.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit aecf088b3792d556c717510304729fa542ceb770)

6 weeks agoMerge Official Source
Tianling Shen [Fri, 20 May 2022 09:39:45 +0000 (17:39 +0800)]
Merge Official Source

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 weeks agobuild: do not override DESTDIR for cmake ninja host builds
Felix Fietkau [Sat, 12 Jun 2021 12:32:41 +0000 (14:32 +0200)]
build: do not override DESTDIR for cmake ninja host builds

The full prefix is already passed to cmake

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 18430a34e6a287aaf6f13a110a3202dcac3b3d1a)

6 weeks agotools: build ninja before ccache to fix the build order
Felix Fietkau [Sat, 12 Jun 2021 12:24:40 +0000 (14:24 +0200)]
tools: build ninja before ccache to fix the build order

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit fa0aea53b2f1dccc2073efac8020151960d25513)

6 weeks agotools: fix dependencies of cmake packages
Felix Fietkau [Sat, 12 Jun 2021 10:40:02 +0000 (12:40 +0200)]
tools: fix dependencies of cmake packages

Make cmake depend on ninja, so that other cmake based tools also depend on it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d45baa860ffc79ae1cf68fceb94990e39bb06bab)

6 weeks agobuild: use ninja for cmake packages by default
Felix Fietkau [Thu, 10 Jun 2021 12:01:04 +0000 (14:01 +0200)]
build: use ninja for cmake packages by default

Speed goes from:

Executed in     178.08 secs     fish            external
usr time        20.16 mins      509.00 micros   20.16 mins
sys time        2.88 mins       39.00 micros    2.88 mins

To:

Executed in     175.90 secs     fish            external
usr time        20.19 mins      0.00 micros     20.19 mins
sys time        2.85 mins       497.00 micros   2.85 mins

Tested with "time make -j 12" on AMD Ryzen 3600

When building individual packages, the build time difference is often
significantly bigger than that.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 0c7c24d40aedcee25d5243e25a87d38246be128b)

6 weeks agopackage: fix cmake packages build with ninja
Rosen Penev [Sun, 6 Jun 2021 21:24:43 +0000 (14:24 -0700)]
package: fix cmake packages build with ninja

+= is needed for CMAKE_OPTIONS.

mt76 needs Ninja disabled as the kernel stuff uses normal make.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 09de28090cfb3fb605e6f4b452503a4ec2c6c43f)

6 weeks agobuild: add ninja build tool and make it available for cmake
Felix Fietkau [Sun, 6 Jun 2021 12:31:01 +0000 (14:31 +0200)]
build: add ninja build tool and make it available for cmake

ninja is faster at building cmake packages than make, and according to reports
also more reliable at handling parallel builds
This commit includes a patch that adds GNU make jobserver support, in order to
allow more precise control over the number of parallel tasks

Enable parallel build by default for packages using ninja

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 97258f53634d7237a2962aec3387f011047ce83b)

6 weeks agoRevert "r8152: drop led configuration patch"
Tianling Shen [Wed, 18 May 2022 04:05:07 +0000 (12:05 +0800)]
Revert "r8152: drop led configuration patch"

This doesn't make sense at all. For more details see comments in the
original commit.

This reverts commit 4a22f9ad8ae5b9102cf7af68efeacd5a81848bf3.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
6 weeks agor8152: drop led configuration patch
AmadeusGhost [Sat, 7 May 2022 15:30:02 +0000 (23:30 +0800)]
r8152: drop led configuration patch

This makes those annoying loud noises go away, and this
commit should not be reverted. If you have any questions,
please contact the manufacturer.

6 weeks agorockchip: fixes pcie eth compatible for r4s
AmadeusGhost [Tue, 3 May 2022 15:40:10 +0000 (23:40 +0800)]
rockchip: fixes pcie eth compatible for r4s

Use the standard pci device binding to fixes this.

Signed-off-by: AmadeusGhost <amadeus@immortalwrt.org>
6 weeks agokernel: bump 5.4 to 5.4.194
Hauke Mehrtens [Tue, 17 May 2022 21:33:27 +0000 (21:33 +0000)]
kernel: bump 5.4 to 5.4.194

Compile-tested: lantiq/xrx200, armvirt/64
Run-tested: lantiq/xrx200, armvirt/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 weeks agokernel: bump 5.4 to 5.4.192
Hauke Mehrtens [Tue, 10 May 2022 18:34:09 +0000 (18:34 +0000)]
kernel: bump 5.4 to 5.4.192

Compile-tested: armvirt/64
Run-tested: armvirt/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 weeks agokernel: bump 5.4 to 5.4.191
Hauke Mehrtens [Mon, 9 May 2022 18:18:20 +0000 (18:18 +0000)]
kernel: bump 5.4 to 5.4.191

Merged upstream:
 apm821xx/patches-5.4/150-ata-sata_dwc_460ex-Fix-crash-due-to-OOB-write.patch

Similar patch merged upstream:
 bcm27xx/patches-5.4/950-0210-usb-xhci-Disable-the-XHCI-5-second-timeout.patch

Manually adapted:
 layerscape/patches-5.4/801-audio-0008-Revert-ASoC-Remove-dev_err-usage-after-platform_get_.patch

Compile-tested: armvirt/64
Run-tested: armvirt/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
6 weeks agorockchip/armv8: enable armv8-CE crypto algorithms
Eneas U de Queiroz [Wed, 20 Apr 2022 18:26:32 +0000 (15:26 -0300)]
rockchip/armv8: enable armv8-CE crypto algorithms

This enables armv8 crypto extensions version of AES, GHASH, and CRC T10
algorithms in the kernel.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit eef8fbec8f63ac0686f87ff5735cab21884fa273)

6 weeks agorockchip: drm-rockchip: fix Kconfig
Tianling Shen [Tue, 17 May 2022 09:17:44 +0000 (17:17 +0800)]
rockchip: drm-rockchip: fix Kconfig

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 6957f13eea1eb8e71c20795a9e0b03de045a7cf9)

6 weeks agor8125: bump to 9.009.00
Tianling Shen [Fri, 29 Apr 2022 10:38:05 +0000 (18:38 +0800)]
r8125: bump to 9.009.00

Switched to GitHub codeload.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 5c11bf7327b186a2a7dfc90a66f8668f2a6f954e)

6 weeks agowolfssl: bump to v5.3.0-stable
Eneas U de Queiroz [Tue, 10 May 2022 19:39:11 +0000 (16:39 -0300)]
wolfssl: bump to v5.3.0-stable

This is mostly a bug fix release, including two that were already
patched here:
- 300-fix-SSL_get_verify_result-regression.patch
- 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 73c1fe2890baa5c0bfa46f53c5387f5e47de1acb)

6 weeks agoopenssl: bump to 1.1.1o
Eneas U de Queiroz [Tue, 10 May 2022 23:34:57 +0000 (20:34 -0300)]
openssl: bump to 1.1.1o

This release comes with a security fix related to c_rehash.  OpenWrt
does not ship or use it, so it was not affected by the bug.

There is a fix for a possible crash in ERR_load_strings() when
configured with no-err, which OpenWrt does by default.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7a5ddc0d06895bde7538d78c8dad2c863d70f946)

6 weeks agoMerge Official Source
Tianling Shen [Tue, 17 May 2022 07:23:08 +0000 (15:23 +0800)]
Merge Official Source

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
7 weeks agoscripts/download.pl: drop broken mirror
Tianling Shen [Fri, 6 May 2022 14:10:58 +0000 (22:10 +0800)]
scripts/download.pl: drop broken mirror

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 02edeb14690c14bd7021b4be2270286bb4bb9108)

8 weeks agox86: drop duplicate sets
Tianling Shen [Mon, 2 May 2022 08:32:48 +0000 (16:32 +0800)]
x86: drop duplicate sets

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 7014ff8199b296917c4957da37999db6adec58a6)

8 weeks agofirewall: config: remove restictions on DHCPv6 allow rule
Tiago Gaspar [Wed, 4 May 2022 09:36:07 +0000 (10:36 +0100)]
firewall: config: remove restictions on DHCPv6 allow rule

Remove restrictions on source and destination addresses, which aren't
specified on RFC8415, and for some reason in openwrt are configured
to allow both link-local and ULA addresses.
As cleared out in issue #5066 there are some ISPs that use Gloabal
Unicast addresses, so fix this rule to allow them.

Fixes: #5066

Signed-off-by: Tiago Gaspar <tiagogaspar8@gmail.com>
[rebase onto firewall3, clarify subject, bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 65258f5d6093809c541050256646795bc0a460a9)

8 weeks agor8168: bump to 8.050.00
ZiMing Mo [Wed, 4 May 2022 09:20:06 +0000 (17:20 +0800)]
r8168: bump to 8.050.00

Signed-off-by: ZiMing Mo <msylgj@immortalwrt.org>
(cherry picked from commit 662ff61b56101dbe3e7f8c4654cd4b8439d14120)

8 weeks agoath79: drop orphan csac detection
Tianling Shen [Wed, 4 May 2022 06:57:06 +0000 (14:57 +0800)]
ath79: drop orphan csac detection

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
8 weeks agoMerge Official Source
Tianling Shen [Wed, 4 May 2022 06:56:03 +0000 (14:56 +0800)]
Merge Official Source

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
8 weeks agokernel: mtdsplit: fix typo error
Ikko Ashimine [Mon, 2 May 2022 10:01:37 +0000 (19:01 +0900)]
kernel: mtdsplit: fix typo error

occured -> occurred

2 months agoramips: zbt-wg2626: Add the reset gpio for PCIe port 1
Alban Bedel [Sat, 30 Apr 2022 08:42:33 +0000 (10:42 +0200)]
ramips: zbt-wg2626: Add the reset gpio for PCIe port 1

The 2.4GHz interface doesn't come up properly with the log showing:

    mt7621-pci 1e140000.pcie: pcie1 no card, disable it (RST & CLK)

As seen on other MT7621 boards this is caused by a missing reset GPIO.
The MT7621 dtsi set GPIO 19 as PCIe reset GPIO, which on this board
reset the 5GHz interface on port 0. Add GPIO 8 to the PCIe reset GPIO
list to also reset the 2.4GHz interface on port 1.

Signed-off-by: Alban Bedel <albeu@free.fr>
(cherry picked from commit f953a1a4bfba2fa70c12bb80938aa66481a673b6)

2 months agofstools: enable any device with non-MTD rootfs_data volume
lean [Sat, 19 Jun 2021 11:26:22 +0000 (19:26 +0800)]
fstools: enable any device with non-MTD rootfs_data volume

Fixes: #673

2 months agoipq40xx: fix ar40xx driver
Nick Hainke [Mon, 18 Apr 2022 13:04:25 +0000 (15:04 +0200)]
ipq40xx: fix ar40xx driver

This commit is completely based on the work of adron-s:
https://github.com/openwrt/openwrt/pull/4721#issuecomment-1101108651

The commit fixes the data corruption on TX packets. Packets are
transmitted, but their contents are replaced with zeros. This error is
caused by the lack of guard (50 ms) intervals between calibration phases.
This error is treated by adding mdelay(50) to the calibration function
code. In the original qca-ssda code [0], these mdelays were existing, but
in the ar41xx.c they are gone.

Tested on:
- Fritz!Box 4040
- Fritz!Box 7530
- Mikrotik SXTsq 5AC
- ZyXEL NBG6617

- [0] https://git.codelinaro.org/clo/qsdk/oss/lklm/qca-ssdk/-/blob/NHSS.QSDK.11.4/src/init/ssdk_init.c#L2072

Suggested-by: Serhii Serhieiev <adron@mstnt.com>
Reviewed-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit ab7e53e5cce703c7a62efbe1d41fb94c2228a178)
[Deleted 5.10 from commit title]
Signed-off-by: Nick Hainke <vincent@systemli.org>
2 months agox86: use vendor driver of r8152 for better compatibility
Tianling Shen [Fri, 29 Apr 2022 10:20:53 +0000 (18:20 +0800)]
x86: use vendor driver of r8152 for better compatibility

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit b3e29a647845180a481e5097bbf8aecf9e3337f2)

2 months agoMerge Offcial Source
Tianling Shen [Thu, 28 Apr 2022 03:07:50 +0000 (11:07 +0800)]
Merge Offcial Source

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 months agox86: remove `kmod-i40evf` from default sets
Tianling Shen [Thu, 28 Apr 2022 03:01:56 +0000 (11:01 +0800)]
x86: remove `kmod-i40evf` from default sets

This package was deprecated already.

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit a6b659ff5d27aab5bd08e09dc97c935c566f8449)

2 months agoiwinfo: drop obsolete patch
Jo-Philipp Wich [Wed, 27 Apr 2022 10:24:35 +0000 (12:24 +0200)]
iwinfo: drop obsolete patch

Fixes: 01cc5e195d ("iwinfo: update to latest Git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2 months agoiwinfo: update to latest HEAD
David Bauer [Tue, 26 Apr 2022 22:53:11 +0000 (00:53 +0200)]
iwinfo: update to latest HEAD

dc6847e iwinfo: nl80211: omit A-hwmode on non-5GHz hardware

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f757a8a09885e3c8bb76371e037b8c0731111980)

2 months agohostapd: refresh patches
David Bauer [Sun, 24 Apr 2022 23:11:32 +0000 (01:11 +0200)]
hostapd: refresh patches

Signed-off-by: David Bauer <mail@david-bauer.net>
2 months agohostapd: add ubus link-measurements notifications
David Bauer [Thu, 31 Mar 2022 20:39:04 +0000 (22:39 +0200)]
hostapd: add ubus link-measurements notifications

Notify external ubus subscribers of received link-measurement reports.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f6445cfa1acb32676723c49da3e3158b64a4b3d2)

2 months agohostapd: add ubus method for requesting link measurements
David Bauer [Tue, 29 Mar 2022 22:31:26 +0000 (00:31 +0200)]
hostapd: add ubus method for requesting link measurements

Add a ubus method to request link-measurements from connected STAs.

In addition to the STAs address, the used and maximum transmit power can
be provided by the external process for the link-measurement. If they
are not provided, 0 is used as the default value.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 965aa33a18c76bb2d5a1eeb0cfa01501b08e784a)

2 months agohostapd: add support for enabling link measurements
David Bauer [Thu, 31 Mar 2022 16:06:02 +0000 (18:06 +0200)]
hostapd: add support for enabling link measurements

Allow external processes to enable advertisement of link-measurement RRM
capability.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2ca5c3da04c3f05a7477ae484768e03d4ca30711)

2 months agoiwinfo: update to latest HEAD
David Bauer [Sun, 24 Apr 2022 21:09:09 +0000 (23:09 +0200)]
iwinfo: update to latest HEAD

a479b9b devices: remove whitespace
562d015 iwinfo: nl80211: fix hwmode parsing for multi-band NICs

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 46980294f66ab07b79f9037758a7ea94072340df)

2 months agoiwinfo: update to latest Git head
Josef Schlehofer [Thu, 17 Mar 2022 23:07:50 +0000 (00:07 +0100)]
iwinfo: update to latest Git head

Changelog:
90bfbb9 devices: Add Cypress CYW43455
234075b devices: fix AMD RZ608 format
0e2a318 devices: add AMD RZ608 device-id

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 013b0435641ab12d9a896c29c213d90da64bc623)

2 months agoiwinfo: update to latest Git HEAD
Jo-Philipp Wich [Sun, 11 Jul 2021 13:59:48 +0000 (15:59 +0200)]
iwinfo: update to latest Git HEAD

a0a0e02 iwinfo: rename hardware.txt to devices.txt

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit c13d7c82aa4cd2cbf1f61bad857cd01b795318e3)

2 months agoiwinfo: update to the latest version
Felix Fietkau [Mon, 28 Jun 2021 13:44:51 +0000 (15:44 +0200)]
iwinfo: update to the latest version

c9b1672f5a83 nl80211: fix path compatibility issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 019eca154557e2e2fefa67b4430cab622035c382)

2 months agoiwinfo: update to the latest version
Felix Fietkau [Thu, 10 Jun 2021 06:52:28 +0000 (08:52 +0200)]
iwinfo: update to the latest version

aa0e3c4bbe12 iwinfo: nl80211: add support for printing the device path for a phy
dd6d6d2dec35 iwinfo: nl80211: use new path lookup function for nl80211_phy_idx_from_uci_path
268bb26d2e2a iwinfo: nl80211: support looking up phy by path=.. and macaddr=...
c0414642fead iwinfo: nl80211: fix typo

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from commit 6e8475bbd0c841043c1187fb5a42d835071ad502)

2 months agosunxi: add opp table for nanopi r1s-h5
Tianling Shen [Mon, 25 Apr 2022 03:26:55 +0000 (11:26 +0800)]
sunxi: add opp table for nanopi r1s-h5

Fixes: #680

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 months agoautomount: skip some partition
lean [Sun, 3 Apr 2022 05:24:18 +0000 (13:24 +0800)]
automount: skip some partition

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit cb7067660611bf85d207e2a91b95d0fc9d806dac)

2 months agorockchip: disable UHS modes for NanoPi R4S
David Bauer [Tue, 25 Jan 2022 20:46:54 +0000 (21:46 +0100)]
rockchip: disable UHS modes for NanoPi R4S

The NanoPi R4S leaves the SD card in 1.8V signalling when rebooting
while U-Boot requires the card to be in 3.3V mode.

Remove UHS support from the SD controller so the card remains in 3.3V
mode. This reduces transfer speeds but ensures a reboot whether from
userspace or following a kernel panic is always working.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 2b583ab8a74a6bd41f1c9629b3b66ba561d6fceb)

2 months agox86: add PVE image build
Tianling Shen [Thu, 17 Jun 2021 12:33:55 +0000 (20:33 +0800)]
x86: add PVE image build

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit c9344d6a6a424d7152fc8d01f9a09eed5912487a)

2 months agoimage: let mksquashfs4 use all processors
Stijn Tintel [Sat, 19 Feb 2022 15:54:22 +0000 (17:54 +0200)]
image: let mksquashfs4 use all processors

Drop the -processors argument from the mksquashfs4 call, so it will use
all available processors. This dramatically reduces the time to create
squashfs filesystems.

The times below are observed when building an image for my main router,
the WatchGuard Firebox M300 (qoriq target):

Before:
real    4m45,973s

After:
real    0m23,497s

With this commit `mksquashfs` may use more cores than defined via `-j`.
This is the same behaviour as for archive creation of ImageBuilder, SDK
or toolchain. There is no trivial way to limit `mksquashfs` CPU core
usage to the amount of "free" make jobs since two running `mksquashfs`
instances would each run with the total allowed number (-j) of threads.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
[extended reasoning in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit df2ae8826ced4f374bcb693b44d8a113ad150d70)

2 months agox86: added support to generate VHDX images
Oldřich Jedlička [Sat, 9 Jan 2021 21:23:09 +0000 (22:23 +0100)]
x86: added support to generate VHDX images

Added support to generate dynamic-sized VHDX images for Hyper-V.
Compile-tested on x86 and run-tested on Windows 10 21H2 (Hyper-V).

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
(cherry picked from commit fd4ad6cae88d009e9560e4ee902bf20a5b42d36e)

2 months agoca-certificates: fix python3-cryptography woes in certdata2pem.py
Christian Lamparter [Wed, 1 Dec 2021 14:01:23 +0000 (15:01 +0100)]
ca-certificates: fix python3-cryptography woes in certdata2pem.py

This patch is a revert of the upstream patch to Debian's ca-certificate
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")

The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.

|Traceback (most recent call last):
|  File "certdata2pem.py", line 125, in <module>
|    cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1

...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
|  File "/certdata2pem.py", line 31, in <module>
|    from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'

More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."

Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 25bc66eb40ea2c062940778fba601032b2579734)

2 months agoca-certicficates: Update to version 20211016
Christian Lamparter [Sun, 28 Nov 2021 01:31:54 +0000 (02:31 +0100)]
ca-certicficates: Update to version 20211016

Update the ca-certificates and ca-bundle package from version 20210119 to
version 20211016.

Debian change-log entry [1]:
|[...]
|[ Julien Cristau ]
|* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
|    bundle to version 2.50
|    The following certificate authorities were added (+):
|    + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
|    + "GlobalSign Root R46"
|    + "GlobalSign Root E46"
|    + "GLOBALTRUST 2020"
|    + "ANF Secure Server Root CA"
|    + "Certum EC-384 CA"
|    + "Certum Trusted Root CA"
|    The following certificate authorities were removed (-):
|    - "QuoVadis Root CA"
|    - "Sonera Class 2 Root CA"
|    - "GeoTrust Primary Certification Authority - G2"
|    - "VeriSign Universal Root Certification Authority"
|    - "Chambers of Commerce Root - 2008"
|    - "Global Chambersign Root - 2008"
|    - "Trustis FPS Root CA"
|    - "Staat der Nederlanden Root CA - G3"
|  * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
|[...]

[1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7c99085bd69742f66207d61e9f2da5ec4f8f9d2f)

2 months agoMerge Official Source
Tianling Shen [Fri, 22 Apr 2022 01:16:00 +0000 (09:16 +0800)]
Merge Official Source

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 months agoImmortalWrt v21.02.0: revert to branch defaults
Tianling Shen [Thu, 21 Apr 2022 23:11:47 +0000 (07:11 +0800)]
ImmortalWrt v21.02.0: revert to branch defaults

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 months agoImmortalWrt v21.02.0: adjust config defaults v21.02.0
Tianling Shen [Thu, 21 Apr 2022 23:11:47 +0000 (07:11 +0800)]
ImmortalWrt v21.02.0: adjust config defaults

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2 months agox86: grub2: search for the "kernel" filesystem on all disks
Jax Jiang [Thu, 10 Feb 2022 17:46:55 +0000 (01:46 +0800)]
x86: grub2: search for the "kernel" filesystem on all disks

Previously, grub2 was hardcoded to always look on "hd0" for the
kernel.

This works well when the system only had a single disk.
But if there was a second disk/stick present, it may have look
on the wrong drive because of enumeration races.

This patch utilizes grub2 search function to look for a filesystem
with the label "kernel". This works thanks to existing setup in
scripts/gen_image_generic.sh. Which sets the "kernel" label on
both the fat and ext4 filesystem variants.

Signed-off-by: Jax Jiang <jax.jiang.007@gmail.com>
Suggested-by: Alberto Bursi <bobafetthotmail@gmail.com> (MX100 WA)
(word wrapped, slightly rewritten commit message, removed MX100 WA)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 1050e66c8f7c67ab8b3d1895e2559f03baeb2345)

2 months agowolfssl: fix compilation with /dev/crypto
Eneas U de Queiroz [Wed, 13 Apr 2022 13:30:15 +0000 (10:30 -0300)]
wolfssl: fix compilation with /dev/crypto

This is trivial fix of a duplicate definition of 'int ret'.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit df622768da10f36ceeb20346b4c4ee4eb9a8a9ad)