Synchronize official source code #118
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The vendor U-Boot has enabled signature verification, so add a custom U-Boot build for OpenWrt. Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit 6fa4fbb)
Hardware specification: SoC: MediaTek MT7986A 4x A53 Flash: 128GB eMMC RAM: 1GB DDR4 Ethernet: 4x 1GbE, 1x 2.5GbE (RTL8221B) Switch: MediaTek MT7531AE WiFi: MediaTek MT7976C Button: Reset, Joylink Power: DC 12V 2A Flash instructions: 1. Download and flash the vendor migration firmware via webUI: https://firmware.download.immortalwrt.eu.org/cnsztl/mediatek/filogic/openwrt-mediatek-mt7986-jdcloud_re-cp-03-vendor-migration.bin (Default address is 192.168.68.1, user root, no password) 2. After device has booted up, write new GPT table: dd if=openwrt-mediatek-filogic-jdcloud_re-cp-03-gpt.bin of=/dev/mmcblk0 bs=512 seek=0 count=34 conv=fsync 3. Erase and write new BL2: echo 0 > /sys/block/mmcblk0boot0/force_ro dd if=/dev/zero of=/dev/mmcblk0boot0 bs=512 count=8192 conv=fsync dd if=openwrt-mediatek-filogic-jdcloud_re-cp-03-preloader.bin of=/dev/mmcblk0boot0 bs=512 conv=fsync 4. Erase and write new FIP: dd if=/dev/zero of=/dev/mmcblk0 bs=512 seek=13312 count=8192 conv=fsync dd if=openwrt-mediatek-filogic-jdcloud_re-cp-03-bl31-uboot.fip of=/dev/mmcblk0 bs=512 seek=13312 conv=fsync 5. Set static IP on your PC: IP 192.168.1.254/24, GW 192.168.1.1 6. Serve OpenWrt initramfs image using TFTP server. 7. Cut off the power and re-engage, wait for TFTP recovery to complete. 8. After OpenWrt has booted, perform sysupgrade. 9. Additionally, if you want to have eMMC recovery boot feature: (Don't worry! You will always have TFTP recovery boot feature.) dd if=openwrt-mediatek-filogic-jdcloud_re-cp-03-initramfs-recovery.itb of=/dev/mmcblk0p4 bs=512 conv=fsync Signed-off-by: Tianling Shen <[email protected]> (cherry picked from commit c0c3234)
The vendor uboot requires special fit verification. So add a custom uboot build for this device. Signed-off-by: Chukun Pan <[email protected]> (cherry picked from commit 0170666)
Hardware specification:
SoC: MediaTek MT7986A 4x A53
Flash: ESMT F50L1G41LB 128MB
RAM: W632GU6NB DDR3 256MB
Ethernet: 1x 2.5G + 4x 1G
WiFi1: MT7975N 2.4GHz 4T4R
WiFi2: MT7975PN 5GHz 4T4R
Button: Reset, WPS
Power: DC 12V 2A
Flash instructions:
1. Connect to the router using ssh or telnet,
username: useradmin, password is the web
login password of the router.
2. Use scp to upload bl31-uboot.fip and flash:
"mtd write xxx-preloader.bin spi0.0"
"mtd write xxx-bl31-uboot.fip FIP"
"mtd erase ubi"
3. Connect to the router via the Lan port,
set a static ip of your PC.
(ip 192.168.1.254, gateway 192.168.1.1)
4. Download initramfs image, reboot router,
waiting for tftp recovery to complete.
5. After openwrt boots up, perform sysupgrade.
Note:
1. Back up all mtd partitions before flashing.
Signed-off-by: Chukun Pan <[email protected]>
(cherry picked from commit 4ae474a)
Signed-off-by: David Bauer <[email protected]> (cherry picked from commit 36f7ece)
This fixes WARN_ONs when using AP_VLANs after station removal. The flush call passed AP_VLAN vif to driver, but because these vifs are virtual and not registered with drivers, we need to translate to the correct AP vif first. Fixes: openwrt#12420 Signed-off-by: Oldřich Jedlička <[email protected]> [Rename to 360-wifi-mac80211-do-not-pass-ap_vlan-vif-pointer-to-dri.patch] (cherry picked from commit 3e73878) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
Fix length in ethernet header Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit 8f7be2a) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
Without this configuration it is not possible to run the radio using HE160 on channels 149-177. Fixes: openwrt#14906 Signed-off-by: Paweł Owoc <[email protected]> (cherry picked from commit a91b79f) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
The nf_dup_ipv4.ko and nf_dup_ipv6.ko kernel module were packaged by kmod-ipt-tee and kmod-nft-dup-inet at the same time. Extract them into a separate package used by both. Link: openwrt#15833 Signed-off-by: Christian Marangi <[email protected]> (cherry picked from commit b0953c4) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
The kernel provides two variants of the lz4 compression a normal version and a high compression mode version. The old kmod-lib-lz4 package contained the normal version plus one part of the lz4hc version. There was already code which selected the kmod-lib-lz4hc package which did not exists. I split this into 3 packages. kmod-lib-lz4 and kmod-lib-lz4hc for the normal the and high compression algorithm which contain the specific code and the kmod-lib-lz4-decompress which contains the common decompressor. New we are also packaging lz4hc.ko Link: openwrt#15833 Signed-off-by: Christian Marangi <[email protected]> (cherry picked from commit fac5076) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
The kmod-fs-btrfs package has a soft dependency to kmod-crypto-blake2b The CONFIG_BTRFS_FS kernel build option selects CONFIG_CRYPTO_BLAKE2B, but we did not package it before. Link: openwrt#15833 Signed-off-by: Christian Marangi <[email protected]> (cherry picked from commit f89091b) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
kxxhash_generic.ko is a soft dependency of kmod-fs-btrfs, but we did not package it. Extract the kmod-lib-xxhash and then package xxhash_generic.ko. Link: openwrt#15833 Signed-off-by: Christian Marangi <[email protected]> (cherry picked from commit 2ebeda0) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
Package the mfd-core.ko kernel module. It is selected by the kmod-hwmon-gsc already. Link: openwrt#15833 Signed-off-by: Christian Marangi <[email protected]> (cherry picked from commit 8b4fd1c) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
It has its own dedicated knob Signed-off-by: Nathaniel Wesley Filardo <[email protected]> Link: openwrt#15761 Signed-off-by: Robert Marko <[email protected]> (cherry picked from commit 7d71c03) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
The data is modified within hostapd_add_iface Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit 032d3fc) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
Add a missing NULL pointer check when deleting beacons Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit 3984fb0) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
Add missing libc library spec that weren't added to the ext-toolchain script when the library were introduced in the packages libs toolchain Makefile. Signed-off-by: Christian Marangi <[email protected]> (cherry picked from commit 8cad52a) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
Upstream backport. Get rid of PKG_RELEASE as it's irrelevant to tools. Signed-off-by: Rosen Penev <[email protected]> (cherry picked from commit 253d777) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
Debian changelog:
intel-microcode (3.20240531.1) unstable; urgency=medium
* New upstream microcode datafile 20240531
* Fix unspecified functional issues on Pentium Silver N/J5xxx,
Celeron N/J4xxx
* Updated Microcodes:
sig 0x000706a1, pf_mask 0x01, 2024-04-19, rev 0x0042, size 76800
* source: update symlinks to reflect id of the latest release, 20240531
-- Henrique de Moraes Holschuh <[email protected]> Sat, 01 Jun 2024 11:49:47 -0300
intel-microcode (3.20240514.1) unstable; urgency=medium
* New upstream microcode datafile 20240514
* Mitigations for INTEL-SA-01051 (CVE-2023-45733)
Hardware logic contains race conditions in some Intel Processors may
allow an authenticated user to potentially enable partial information
disclosure via local access.
* Mitigations for INTEL-SA-01052 (CVE-2023-46103)
Sequence of processor instructions leads to unexpected behavior in
Intel Core Ultra Processors may allow an authenticated user to
potentially enable denial of service via local access.
* Mitigations for INTEL-SA-01036 (CVE-2023-45745, CVE-2023-47855)
Improper input validation in some Intel TDX module software before
version 1.5.05.46.698 may allow a privileged user to potentially enable
escalation of privilege via local access.
* Fix for unspecified functional issues on 4th gen and 5th gen Xeon
Scalable, 12th, 13th and 14th gen Intel Core processors, as well as for
Core i3 N-series processors.
* Updated microcodes:
sig 0x000806f8, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0, size 581632
sig 0x000806f7, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f6, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f5, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f4, pf_mask 0x87, 2024-02-05, rev 0x2b0005c0
sig 0x000806f8, pf_mask 0x10, 2024-02-05, rev 0x2c000390, size 614400
sig 0x000806f6, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x000806f5, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x000806f4, pf_mask 0x10, 2024-02-05, rev 0x2c000390
sig 0x00090672, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256
sig 0x00090675, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035
sig 0x000906a3, pf_mask 0x80, 2023-12-05, rev 0x0433, size 222208
sig 0x000906a4, pf_mask 0x80, 2023-12-05, rev 0x0433
sig 0x000906a4, pf_mask 0x40, 2023-12-07, rev 0x0007, size 119808
sig 0x000b0671, pf_mask 0x32, 2024-01-25, rev 0x0123, size 215040
sig 0x000b06e0, pf_mask 0x11, 2023-12-07, rev 0x0017, size 138240
sig 0x000c06f2, pf_mask 0x87, 2024-02-05, rev 0x21000230, size 552960
sig 0x000c06f1, pf_mask 0x87, 2024-02-05, rev 0x21000230
* source: update symlinks to reflect id of the latest release, 20240514
-- Henrique de Moraes Holschuh <[email protected]> Thu, 16 May 2024 21:40:52 -0300
Signed-off-by: Christian Lamparter <[email protected]>
(cherry picked from commit 7d9b976)
Link: openwrt#15898
Signed-off-by: Hauke Mehrtens <[email protected]>
Select DRIVER_11AX_SUPPORT and KERNEL_RELAY also for kmod-mt7996 to prevent build failure if only this driver is selected during build and end up with (most) required hostap features (IEEE 802.11be rates are not yet supported). Reported-by: Arınç ÜNAL <[email protected]> Signed-off-by: Daniel Golle <[email protected]> (cherry picked from commit 83311b7) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
The option has been removed from the kernel since 5.1. Signed-off-by: Qingfang Deng <[email protected]> (cherry picked from commit 60ea3d6) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
The option CONFIG_SND_DRIVERS is activated by default in the generic configuration, do not deactivate it for tegra. This fixes the build of the kmod-sound-dummy package on tegra. (cherry picked from commit 21213c8) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
Add GNU's redirector which automatically redirect user to nearby online mirror. Signed-off-by: Sahil Dhiman <[email protected]> Link: openwrt#15557 Signed-off-by: Robert Marko <[email protected]> (cherry picked from commit 6510eb3) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
A newer version, rtl8821aefw_29.bin, has been available for over 7 years [1]. Let's use it. [1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=f70e4df2b384d21e36a7c30a591639592692e0ec Signed-off-by: Rui Salvaterra <[email protected]> (cherry picked from commit 2b8e875) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
uid/gid range should be limited to 16bit unsigned integer range to avoid "wraparound" issues with permissions where jffs2 is employed for storage and chown 65536 (first auto-created user) becomes equivalent to chown 0 Fixes: openwrt#13927 Signed-off-by: Thomas Winkler <[email protected]> (cherry picked from commit 140b48a) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
keylen and ivlen are of type long and not size_t. (cherry picked from commit 0fd9acb) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
This contains a fix for: CVE-2024-28960: An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory. (cherry picked from commit 360ac07) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
On some setup failures, iface->bss can be NULL Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit 1ee5b7e) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
Fixes build on macOS Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit 4ef13c4) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
Not having a journal by default is a major "gotcha". Because openwrt does not fsck on boot, a power loss without journaling can result in a dirty filesystem that openwrt will mount as read-only which requires intervention to restore the router to working order. Signed-off-by: Jordan Woyak <[email protected]> (cherry picked from commit f9f2426) Link: openwrt#15898 Signed-off-by: Hauke Mehrtens <[email protected]>
Update the deprecated license information from GPL-2.0 to GPL-2.0-only as written in the COPYING file of the linux source tree. Also add the 'COPYING' file to the PKG_LICENSE_FILES variable. Signed-off-by: Florian Eckert <[email protected]> (cherry picked from commit 8798261) Link: openwrt#15918 Signed-off-by: Hauke Mehrtens <[email protected]>
The firmware blobs have all different licenses from the different manufacturers of the binary blobs. This information is contained in the upstream 'linux-firmware' repositroy. This commit extends the package handling so that this information can be added as an additional argument during packages generation. Signed-off-by: Florian Eckert <[email protected]> (cherry picked from commit 5c14de1) Link: openwrt#15918 Signed-off-by: Hauke Mehrtens <[email protected]>
Where it is clear which lincense the firmware package has, the missing information are added. Signed-off-by: Florian Eckert <[email protected]> Signed-off-by: Petr Štetiar <[email protected]> [backport] (cherry picked from commit 535d487) Link: openwrt#15918 Signed-off-by: Hauke Mehrtens <[email protected]>
increase size of ifmsh->mbss_changed Signed-off-by: Felix Fietkau <[email protected]> (cherry picked from commit 20bd350) Link: openwrt#15836 [Moved the patch to the end of the patch queue] Signed-off-by: Hauke Mehrtens <[email protected]>
In the past few years, we have received several reports about SPI Flash not working properly. This is caused by excessively fast clock frequency. It's really annoying to fix them one by one. Let's reduce these aggressive frequencies to 50 MHz. This is a safe and suggested value in the vendor SDK. Signed-off-by: Shiji Yang <[email protected]> (cherry picked from commit 73eeac4) Link: openwrt#15919 Signed-off-by: Hauke Mehrtens <[email protected]>
Changes: 2a768c4 wireless-regdb: Update regulatory rules for Mongolia (MN) on 6GHz 04875d9 wireless-regdb: Update regulatory rules for Saudi Arabia (SA) on 6GHz b7bced8 wireless-regdb: Update regulatory rules for South Africa (ZA) on 6GHz 7bc8615 wireless-regdb: Update regulatory info for Thailand (TH) on 6GHz f901fa9 wireless-regdb: Update regulatory info for Malaysia (MY) for 2022 d72d288 wireless-regdb: Update regulatory info for Morocco (MA) on 6GHz 414face wireless-regdb: Update regulatory info for Chile (CL) on 6GHz 1156a08 wireless-regdb: Update regulatory info for Mexico (MX) on 6GHz cc6cf7c wireless-regdb: Update regulatory info for Iceland (IS) on 6GHz ce03cc0 wireless-regdb: Update regulatory info for Mauritius(MU) on 6GHz 7e37778 wireless-regdb: Update regulatory info for Argentina (AR) on 6GHz 56f3a43 wireless-regdb: Update regulatory info for United Arab Emirates (AE) on 6GHz 3cb8b91 wireless-regdb: Update regulatory info for Colombia (CO) on 6GHz 3682ce5 wireless-regdb: Update regulatory info for Costa Rica (CR) for 2021 dd4ffe7 wireless-regdb: Update regulatory info for Dominican Republic (DO) on 6GHz f8ef7da wireless-regdb: Update regulatory info for Liechtenstein (LI) on 6GHz a9ecabe wireless-regdb: Update regulatory info for Jordan (JO) for 2022 5a9fdad wireless-regdb: Update regulatory info for Kenya (KE) for 2022 19326c3 wireless-regdb: Update regulatory info for Macao (MO) for 2024 4838054 wireless-regdb: update regulatory database based on preceding changes Link: openwrt#15921 Signed-off-by: Hauke Mehrtens <[email protected]> (cherry picked from commit 0a24fd9)
…7-11)
96f74b5be829 ubus: make ubus_context first in uc_ubus_connection_t
7e5830edfb38 nl80211: fix datatype of NL80211_BAND_IFTYPE_ATTR_HE_CAP_{MAC,PHY} attrs
5c8fd34bac42 nl80211: fix parsing of NL80211_BAND_ATTR_VHT_MCS_SET attribute
e8d4e4fe967d nl80211: fix decoding of NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET attribute
30a3f7ad0433 rtnl: store callback in listener registry only on success
9cbe8294909f rtnl: optimize reception of rtnl events
534417132e18 rtnl: increase event socket rx buffer size limit to 1 MiB
3f9811d2f7b7 compiler: close upvalues on loop control statements
ee4af9b55cb4 vm: rework object iteration
a275399dd8e2 uci: refactor uci.changes() to match documentation
1220992631d5 ubus: automatically clear error information
d6fd94014eea uci: automatically clear error information
99837f280b61 uloop: automatically clear error information
ba3855ae3775 lib: fix documentation typo for `pop()` function
be767ae197ba vm: rework `in` operator semantics
4ade84e8fb81 ubus: add explicit support for deferring incoming requests
cfe137be068a uci: remove incorrectly documentated reorder() parameter
e8d78a26da0c lib: introduce socket library
a0ad1d127ae6 build: fix symbol and library detection
674f65ee551d jsdoc: disable default module titles
a33d16a86493 socket: rework error handling
e2b81d869222 uloop: add documentation
953f36c96e8a socket: make socket.send() accept non-string data
f211d5ac666f ubus: fix uc_ubus_have_uloop for eloop+uloop combination
0662de64bd1f socket: add AF_PACKET socket type support
b594ff8a2841 socket: remove leftover debug code
0d823e702bfe socket: fix addrinfo() with omitted service argument
8cf816d615fd socket: fix potential memory leak in connect()
8f5f231d66cd socket: optimize poll() argument handling
36f106056069 socket: remove wrong documentation fragment
525fca224012 socket: uv_to_sockaddr(): fix length calculation for AF_UNIX addresses
3938645ad9e3 socket: support IPv6 addresses in struct conversion routines
3a586dc7ddbe socket: improve uc_socket_connect() behavior
7b269f1cd3d2 socket: improve uc_socket_listen() behavior
fc6f2b89febf socket: handle further socket option value types
d6f25797dad1 socket: add IPv6 socket options
7611487b9a05 socket: implement recvmsg(), sendmsg() and cmsg support
d2e44bfa8b54 core-lib: improved documentation
e0bab40c8578 fs: add truncate() file method
5d305cfb2ab7 fs: add lock() file method
8b0318f7fabe lib: introduce zlib library
73644a036f5a nl80211: move access to tb array out of uc_nl_convert_attr and below
6e3cf83a77a7 nl80211: add support for multi-attribute arrays
6ff24d5488a9 nl80211: update nl80211.h to latest wireless-next
abc2aef28641 nl80211: add wiphy multi-radio support
Fixes: https://github.com/jow-/ucode/issues/186
Fixes: https://github.com/jow-/ucode/issues/187
Fixes: https://github.com/jow-/ucode/issues/188
Fixes: https://github.com/jow-/ucode/issues/193
Signed-off-by: Jo-Philipp Wich <[email protected]>
With upstream accepted "mac-base" binding there is no need for a downstream "mac-address-ascii" workaround anymore. Signed-off-by: Rafał Miłecki <[email protected]> (cherry picked from commit daaa0c1) Link: openwrt#15917
The MAC address assigned to lan/wan was reversed. Fixes: 6e51ff8 ("mediatek: add support for JDCloud RE-CP-03") Signed-off-by: Tianling Shen <[email protected]>
Make sure patch sequence number is unique by moving patch 440-add-jdcloud_re-cp-03.patch -> 441-add-jdcloud_re-cp-03.patch Signed-off-by: Daniel Golle <[email protected]> (cherry picked from commit 2302a7c)
Sometimes the mmc deivce may come up later than kernel attempts to mount rootfs, resulting kernel panic. Enable rootwait to fix it. Signed-off-by: Tianling Shen <[email protected]>
Hardware:
SoC: MT7981b
RAM: 256 MB
Flash: 128 MB SPI NAND
Ethernet:
1x 2.5Gbps (rtl8221b)
1x 1Gbps (integrated phy)
WiFi: 2x2 MT7981
Buttons: Reset, WPS
LED: 1x multicolor
Solder on UART:
- remove rubber ring on the bottom
- remove screws
- pull up the cylinder, maybe help by push on an ethernet socket with a screwdriver
- remove the (3) screws holding the board in the frame
- remove the board from the frame to get to the screws for the silver, flat heat shield
- remove the (3) screws holding the heat shield
- solder UART pins to the back of the board
- make sure to have the pins point out on side with the black, finned heat spread
- the markings for the pins are going to be below the silver heat shield
- Vcc is not needed
If you don't intend on using the UART outside of the installation process, you might not
want to solder:
- carefully scrape off the thin layer of epoxy on the holes (not the copper)
- place your pin header with the UART attached in the holes
- the pins, starting with the one closest to the socket:
- Vcc (not required)
- GND
- RX
- TX
- either wedge the header or hold it with your fingers so that the pins stay in contact with the board
Installation (UART):
- attach an Ethernet cable to the 1Gbps port (black) on the router
- hold the reset button while powering the router
- press CTRL-C or wait for the timeout to get to the U-Boot prompt
- prepare a TFTP server on the network to supply ..-initramfs-kernel.bin
- use 'tftpboot' in the U-Boot shell to pull the image
- boot the image using 'bootm'
- push the ..-sysupgrade to the router using your preferred method
- perform the upgrade with 'sysupgrade -n'
There is a recovery mechanism that involves fetching a file called 'recovery.bin' but that is not understood yet.
Signed-off-by: Leon M. Busch-George <[email protected]>
(cherry picked from commit 20e4a18)
The vendor U-Boot on the Cudy M3000 and the Yuncore AX835 assign random mac addresses on boot and set the 'local-mac-address' property which prevents Openwrt from assigning the correct address from evmem. This patch removes the alias for ethernet0 so that U-Boot doesn't add the property, removes the workaround from 02_network, and adds back the nvmem definition for the M3000. Signed-off-by: Leon M. Busch-George <[email protected]> (cherry picked from commit a55ab9e)
This fixes multiple security problems: * [Medium] CVE-2024-1544 Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. * [Medium] CVE-2024-5288 A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. * [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. * [Low] CVE-2024-5991 In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. * [Medium] CVE-2024-5814 A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. * [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. * [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. Unset DISABLE_NLS to prevent setting the unsupported configuration option --disable-nls which breaks the build now. Link: openwrt#15948 Signed-off-by: Hauke Mehrtens <[email protected]> (cherry picked from commit 3a0232f)
Testing OpenWrt is important, and there is a test suite in the making. For maximum convenience and minimal CI over-usage, make it simple to run tests locally. The main Makefile now attempts to include `tests/Makefile` and silently fails if it doesn't. While the test suite[1] is still young, it provides good examples of how to test things around OpenWrt: starting with shell scripts using `bats`[2], followed by QEMU tests, and finally real device tests using LabGrid[3]. This could lead to the creation of the best OpenWrt version yet. Please consult the `openwrt-tests.git` README.md for details on the setup. Once installed you may run commands like the following: * make tests/shell # run shell tests * make tests/x86-64 # run and test x86/64 in QEMU [1]: http://github.com/aparcar/openwrt-tests/ [2]: https://bats-core.readthedocs.io [3]: https://labgrid.readthedocs.io Signed-off-by: Paul Spooren <[email protected]> Link: openwrt#15647 Signed-off-by: Christian Marangi <[email protected]> (cherry picked from commit a8ff0c1)
Signed-off-by: Hauke Mehrtens <[email protected]>
Signed-off-by: Hauke Mehrtens <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Thanks for your contribution to OpenWrt!
To help keep the codebase consistent and readable,
and to help people review your contribution,
we ask you to follow the rules you find in the wiki at this link
https://openwrt.org/submitting-patches
Please remove this message before posting the pull request.