Automatically rebased: 100-Configure-afalg-support.patch
Changes between 3.5.0 and 3.5.1:
Fix x509 application adds trusted use instead of rejected use.
Issue summary: Use of -addreject option with the openssl x509 application
adds a trusted use instead of a rejected use for a certificate.
Impact summary: If a user intends to make a trusted certificate rejected
for a particular use it will be instead marked as trusted for that use.
(CVE-2025-4575)
Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
alert being received. Older versions of OpenSSL failed with DTLS if a
no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation.
We have now restored the original behaviour and brought DTLS back into line
with TLS.
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/19283
Signed-off-by: Robert Marko <robimarko@gmail.com>
27839f854a58 ubusd: make txq_len field signed
b35b2bc63e8e ubusd: treat EACCES on write like EAGAIN
713e9d19b2b6 ubusd: retry write on EINTR
8bb523ab20e0 ubusd: fix txq_len accounting
b1b783c74742 ubusd: add another tx attempt on enqueueing the first message for a client
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The same function is used twice, so let's make it common.
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18818
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Functions ubootenv_add_mtd, ubootenv_add_sys_mtd and ubootenv_add_mmc
can be shared so make them common.
Signed-off-by: Paweł Owoc <frut3k7@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18818
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently, uboot-envtools is being built for a (shared) instruction
set (phase2 in buildbots) instead of target-specific (phase1 in builbots).
So the package does not contain the uci-defaults file specific for each
target_subtarget. (Only the fortunate target with coincidentally the same
instruction set and target as the SDK chosen by the buildbot will have the
uci-defaults file.)
This commit sets the nonshared flag correctly in the Makefile so that
uboot-envtools is built for the target-specific (phase 1).
This is done by using the PKGFLAGS variable which is intended for
per-binary flags (instead of PKG_FLAGS which has a global scope), as
stated in some old commits 349e7b635e[1], 2d7eaf2e15[2], 064e7c8f00[3] and
2cb75cd8b9[4].
While at here, use PKG_URL, instead of URL, which is intended for global
scope. As stated in commit e32edf712b[5].
[1] 349e7b635e
[2] 2d7eaf2e15
[3] 064e7c8f00
[4] 2cb75cd8b9
[5] e32edf712bFixes: #19040
Fixes: 46e376c ("uboot-tools: migrate uboot-envtools to uboot-tools")
Signed-off-by: Mario Andrés Pérez <mapb_@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/19180
Signed-off-by: Robert Marko <robimarko@gmail.com>
This will allow more flexibility in using PHY drivers as kmods.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
Link: https://github.com/openwrt/openwrt/pull/18435
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add support for Maxlinear GPHY module. Also add support for
kmod-polynomial, which is a dependency for this module.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18435
Signed-off-by: Robert Marko <robimarko@gmail.com>
The IgniteNet SunSpot AC Wave2 uses the standard smem-assigned partition
for its bootloader environment.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The qcomsmem MTD partition parser converts all partition names to
lower case while the vendor solution uses upper case names, which
often made their way into OpenWrt as labels in 'fixed-partitions'
(probably due to contributors and reviewers being unaware of the
qcomsmem parsers).
Use case-insensitive matching of the 'APPSBLENV' name to make
ubootenv_mtdinfo() work in both cases.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The IgniteNet SunSpot AC Wave2 comes with 2x QCA9994 ath10k chips
connected to the IPQ8068 SoC via PCIe.
Add board-2.bin for both radios on this board.
3ac4a64 qca9984: add BDFs for IgniteNet SS-W2-AC2600
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Override via RSNE is a relatively new feature, which can be used to enable
WPA3 features in a way that is invisible to older clients.
Use it by default to mask the GCMP-256 cipher from older clients, since
there are compatibility issues with existing devices.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes status information and scanning on extra BSS interfaces when operating
on multi-radio devices.
Reported-by: Chad Monroe <chad.monroe@adtran.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
glibc 2.39 has removed libcrypt completely.
solution: build libxcrypt with glibc compatibility.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19160
Signed-off-by: Robert Marko <robimarko@gmail.com>
On commit 3010ab8 ("base-files: add update_alternatives function") was
implemented the function to handle ALTERNATIVES when using APK (OPKG
handle it internally) but in commit bcc6415 ("base-files: add
compatibility for APK and OPKG") was only called when adding a package,
so call it also when removing packages.
While we are here, check for a more specific *.alternatives files instead
of *.list, and remove redundant "filelist" variable definition.
Fixes: bcc6415 ("base-files: add compatibility for APK and OPKG")
Fixes: https://github.com/openwrt/openwrt/issues/19090
Fixes: https://github.com/openwrt/openwrt/issues/16991
Reported-and-tested-by: Eric Fahlgren <ericfahlgren@gmail.com>
Signed-off-by: Mario Andrés Pérez <mapb_@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/19093
Signed-off-by: Robert Marko <robimarko@gmail.com>
9389775ceb47 rpc-sys: update packagelist call to handle apk abiversion tag
ed0d01e4360b file: linkstat to get link stat info
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19211
Signed-off-by: Robert Marko <robimarko@gmail.com>
Add support for Check Point V-81 to add/edit bootcmd variables for
booting OpenWrt.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16904
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for Check Point V-80 to add/edit bootcmd variables for
booting OpenWrt.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16904
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add support for the tar archive compressed by gzip to emmc_upgrade_tar()
function.
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16904
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
1. No need to explicitly call the defaults
2. There is efficient way how to set PKG_BUILD_DIR,
which allows to drop PKG_SOURCE_DIR.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19105
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In the development history of Intel's drivers, the i40evf driver was later
renamed the iavf driver. For example, some documents mention that
Intel® Network Connections Software Version 24.0 renamed the i40evf
and ixlv drivers to iavf. In subsequent versions, the i40evf driver was
gradually removed, and its functions were taken over by the iavf driver.
In the Linux system, relevant configuration instructions also exist. For
instance, the User Guide for X722 Onboard Network Card states that the
i40evf driver module should be disabled, and the iavf driver should be
installed and used.
blamed commit: 5d81b28a82
Signed-off-by: xiao bo <peterwillcn@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/19197
Signed-off-by: Robert Marko <robimarko@gmail.com>
The stm32-dfsdm-adc module depends on it (kernel 6.12).
Signed-off-by: Thomas Richard <thomas.richard@bootlin.com>
Link: https://github.com/openwrt/openwrt/pull/18740
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The memory mapped TPM interface (TIS) can be used for
emulated or virtualized TPM instances with QEMU and
a simulation package like swtpm.
On QEMU the device will appear in the device tree
with a "tcg,tpm-tis-mmio" compatible.
For example:
qemu-system-aarch64 -machine virt -cpu max \
-bios u-boot.bin \
-nographic \
.... \
-hda openwrt-armsr-armv8-combined-efi.img \
-chardev socket,id=chrtpm,path=/tmp/mytpm/swtpm-sock \
-tpmdev emulator,id=tpm0,chardev=chrtpm \
-device tpm-tis-device,tpmdev=tpm0
Signed-off-by: Mathew McBride <matt@traverse.com.au>
Link: https://github.com/openwrt/openwrt/pull/19188
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This file is a leftover of cns3xxx target which has been dropped
in commit a9790dff53 ("cns3xxx: drop target").
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
Link: https://github.com/openwrt/openwrt/pull/19191
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Ensure that hapd->own_addr is set properly, since hostapd_setup_bss
only handles it for secondary BSS interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
