This allows the network interface naming to be stable, free from any
possible interaction from external USB network devices that might
claim usb* interface names.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 7aeb837bf4)
r8127 is an out of tree driver provided by Realtek for RTL8127 devices.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit 851ea69d8e)
Changes between 3.0.15 and 3.0.16 [11 Feb 2025]
CVE-2024-13176[1] - Fixed timing side-channel in ECDSA signature
computation.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In
particular the NIST P-521 curve is affected. To be able to measure this
leak, the attacker process must either be located in the same physical
computer or must have a very fast network connection with low latency.
CVE-2024-9143[2] - Fixed possible OOB memory access with invalid
low-level GF(2^m) elliptic curve parameters.
Use of the low-level GF(2^m) elliptic curve APIs with untrusted explicit
values for the field polynomial can lead to out-of-bounds memory reads
or writes. Applications working with "exotic" explicit binary (GF(2^m))
curve parameters, that make it possible to represent invalid field
polynomials with a zero constant term, via the above or similar APIs,
may terminate abruptly as a result of reading or writing outside of
array bounds. Remote code execution cannot easily be ruled out.
1. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
2. https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
Build system: x86/64
Build-tested: bcm27xx/bcm2712
Run-tested: bcm27xx/bcm2712
Signed-off-by: John Audia <therealgraysky@proton.me>
Link: https://github.com/openwrt/openwrt/pull/17947
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit b4e6fd7b76)
(cherry picked from commit 3abbc15454)
Link: https://github.com/openwrt/openwrt/pull/19073
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
GCC15 has switched the C language default from GNU17 to GNU23[1] and this
causes builds to fail with:
In file included from mips-opc.c:29:
mips-opc.c: In function 'decode_mips_operand':
mips-formats.h:86:7: error: expected identifier or '(' before 'static_assert'
86 | static_assert[(1 << (SIZE)) == ARRAY_SIZE (MAP)]; \
| ^~~~~~~~~~~~~
mips-opc.c:214:15: note: in expansion of macro 'MAPPED_REG'
214 | case 'z': MAPPED_REG (0, 0, GP, reg_0_map);
| ^~~~~~~~~~
So, backport upstream fix for this[2] to fix compilation with GCC15.
Patch for 2.40 was manually refreshed as part of the S390 code does not
exist in 2.40 as it was added after it.
[1] https://gcc.gnu.org/gcc-15/porting_to.html#c23
[2] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=8ebe62f3f0d27806b1bf69f301f5e188b4acd2b4Fixes: #18678
Link: https://github.com/openwrt/openwrt/pull/18681
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit d3216173ab)
Link: https://github.com/openwrt/openwrt/pull/19065
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update b43-tools to the latest upstream version to fix a
compilation error with C23:
util.h:25:15: error: 'bool' cannot be defined via 'typedef'
25 | typedef _Bool bool;
| ^~~~
Changelog:
c6fc53f replace custom bool typedef with <stdbool.h>
dadf30c fix format warning in compilation
2fe10ea b43-fwdump: Fix forwarding of arguments to disassembler
Link: https://github.com/openwrt/openwrt/pull/18708
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit f8da45e25d)
Link: https://github.com/openwrt/openwrt/pull/19065
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently, we are filtering out images if DEFAULT:=n or BROKEN:=y are set,
so if you are building from scratch and want to build custom images that
are stripped down to fit, you must edit the image recipe or its just
filtered out.
So, to allow this behaviour when building from scratch as we can assume
that person doing that knows what they are attempting to do lets just limit
the filtering to ImageBuilder.
Fixes: f060615a78 ("image: respect DEFAULT and BROKEN when Default profile is selected")
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit d0d1f19068)
Currently, when you select the Default profile it does not honor DEFAULT:=n
nor BROKEN:=y in device profiles but rather just tries to build all of them.
This may work when building directly, but when using Image Builder it will
always fail since no kernel or anything else is present for devices that
have DEFAULT:=n or BROKEN:=Y set since those are skipped during build.
So, lets look for DEFAULT being set to "n" or BROKEN being set to "y" and
then remove clear _PROFILE_SET so they dont end up being marked for
installation.
Fixes: #18410
Link: https://github.com/openwrt/openwrt/pull/18814
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit f060615a78)
Device profiles that specify 'DEFAULT := n' are being included
in the imagebuilder metadata, specifically in .profiles.mk, even
though there is no kernel built for the device. This results in
'make info' showing the device as valid, but then 'make image
PROFILE=xxx' failing with 'No rule to make target xxx-kernel.bin ...'
We exclude these profiles from the imagebuilder, avoiding these
errors.
Fixes: https://github.com/openwrt/openwrt/issues/18410
Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18748
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit b88f3ebb33)
Update ca-certificates to version 20241223
* Update Mozilla certificate authority bundle to version 2.70.
The following certificate authorities were added (+):
+ Telekom Security TLS ECC Root 2020
+ Telekom Security TLS RSA Root 2023
+ FIRMAPROFESIONAL CA ROOT-A WEB
+ TWCA CYBER Root CA
+ SecureSign Root CA12
+ SecureSign Root CA14
+ SecureSign Root CA15
The following certificate authorities were removed (-):
- Security Communication Root CA (closes: #1063093)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Link: https://github.com/openwrt/openwrt/pull/18468
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit c79572210f)
Link: https://github.com/openwrt/openwrt/pull/18872
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update Mozilla certificate authority bundle to version 2.64
Signed-off-by: Seo Suchan <tjtncks@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/18872
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6b904fa95b)
Remove patch 620-net_sched-codel-do-not-defer-queue-length-update from openwrt-23.05 as well.
Patch is actually an ancient patch that somehow manage to be ported for 7 solid years.
This comes from [1] where a fix patch was proposed. Nobody notice that the proposed patch was actually rejected upstream in favor of [2]. And the upstream fix patch is present in kernel from version 4.18.
This means that we were actually fixing for a non existant bug and maybe introducing regression down the line.
Drop the patch for good as we already have a fix for it in flace for a long time.
[1] https://bugzilla.kernel.org/show_bug.cgi?id=109581
[2] torvalds/linux@35b42da
Automatic refresh:
target/linux/generic/hack-5.15/660-fq_codel_defaults.patch
Tested on ramips/mt7621
Signed-off-by: Antony Kolitsos <zeusomighty@hotmail.com>
Link: https://github.com/openwrt/openwrt/pull/18791
Signed-off-by: Robert Marko <robimarko@gmail.com>
b43aeb5 wireless-regdb: assert and correct maximum bandwidth within frequency difference
68588bf wireless-regdb: Update regulatory info for Syria (SY) for 2020
0dda57e wireless-regdb: Update regulatory info for Moldova (MD) on 6GHz for 2022
b19ab0b wireless-regdb: Update regulatory info for Azerbaijan (AZ) on 6GHz for 2024
f67f40d wireless-regdb: Update regulatory info for Oman (OM)
bd70876 wireless-regdb: Update regulatory rules for Armenia (AM) on 2.4 and 5 GHz
6c7cbcc wireless-regdb: Permit 320 MHz bandwidth in 6 GHz band in ETSI/CEPT
f9f6b30 wireless-regdb: Update regulatory rules for Austria (AT)
39b47ea wireless-regdb: Update regulatory info for Cayman Islands (KY) for 2024
3dd7ceb wireless-regdb: allow NO-INDOOR flag in db.txt
4d754a1 wireless-regdb: Update regulatory rules for Iran (IR) on both 2.4 and 5Ghz for 2021
8c8308a wireless-regdb: Update frequency range with NO-INDOOR for Oman (OM)
c2f11e2 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Rudy Andram <rmandrad@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/17957
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit da2cc98458)
python 3.13 removed the pipes module. Replace pipes by shlex. shlex was introduced into python in 3.3
Signed-off-by: Arne Zachlod <arne@nerdkeller.org>
Link: https://github.com/openwrt/openwrt/pull/18582
Signed-off-by: Robert Marko <robimarko@gmail.com>
As of kernel v5.15.179 kernel configuration fails without a
reference to BLOCK_LEGACY_AUTOLOAD, apparently as a consequence
of commit 3e9899c12d5ab3a8ce376bf4365175ea3dbaffc0 (backport of
6c0f5898836c05c6d850a750ed7940ba29e4e6c5), so add this symbol as
unset which is the same state the symbol has in the 6.6 kernel
config for 24.10.
Fixes: dfe1b5e82a ("kernel: Update to version 5.15.179")
Signed-off-by: Andrew MacIntyre <andymac@pcug.org.au>
Link: https://github.com/openwrt/openwrt/pull/18552
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fix compilation error for old stable version caused by
genlmsg_multicast_allns backport fix pushed middle version.
Version 5.15 version 0-169, 6.1 version 0-115, 6.6 version 0-58 have the
old genlmsg_multicast_allns version with flags variable.
Compiling backport project with these version result in a compilation
error. To handle this, introduce a backport function for the affected
kernel version.
Link: https://github.com/openwrt/openwrt/pull/18373
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 4039388149)
Do not verify the format of TLV. Leave that to lldpd.
These lldpd config entries:
config custom-tlv
list ports 'eth0'
option tlv 'replace oui 33,44,55 subtype 254 oui-info 55,55,55,55,55'
config custom-tlv
option tlv 'oui 33,44,44 subtype 232'
list ports 'br-lan'
list ports 'eth0'
config custom-tlv # oui-info truncated
option tlv 'add oui 33,44,33 subtype 66 oui-info 5555555555'
config custom-tlv
option tlv 'add oui 33,44,31 subtype 44'
config custom-tlv # invalid oui
option tlv 'add oui 3322 subtype 79'
config custom-tlv # invalid oui
option tlv 'oui 3312 subtype 74'
Produce the following lldpd.conf content:
configure ports eth0 lldp custom-tlv replace oui 33,44,55 subtype 254 oui-info 55,55,55,55,55
configure ports br-lan,eth0 lldp custom-tlv oui 33,44,44 subtype 232
configure lldp custom-tlv add oui 33,44,33 subtype 66 oui-info 5555555555
configure lldp custom-tlv add oui 33,44,31 subtype 44
configure lldp custom-tlv add oui 3322 subtype 79
configure lldp custom-tlv oui 3312 subtype 74
And lldpd (v1.0.13 on v22) logs the following:
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op replace oui 33:44:55 subtype fe
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:44 subtype e8
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:33 subtype 42
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c
Sat Mar 16 19:11:39 2024 daemon.info lldpd[10916]: custom TLV op add oui 33:44:31 subtype 2c
Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3322'
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command
Sat Mar 16 19:11:39 2024 daemon.warn lldpcli[10915]: invalid OUI value '3312'
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: an error occurred while executing last command
Sat Mar 16 19:11:39 2024 daemon.info lldpcli[10915]: lldpd should resume operations
( The last two TLV are invalid: their oui must be three hex bytes, comma
separated. Only the first hex byte of oui-info 5555555555 is used )
Depends on #14867 and its release version bump
Tested on: 22.03.6
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14872
(cherry picked from commit 8d1fe32c2c)
Link: https://github.com/openwrt/openwrt/pull/18344
Signed-off-by: Robert Marko <robimarko@gmail.com>
where csv = comma separated value(s)
Make the function more generic. Can use it for not only 'config'.
Now it can be used to parse interfaces for additional lldpd settings,
e.g. custom-tlv.
Tested on: 22.03.6
Signed-off-by: Paul Donald <newtwen+github@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/14872
(cherry picked from commit a015f59880)
Link: https://github.com/openwrt/openwrt/pull/18344
Signed-off-by: Robert Marko <robimarko@gmail.com>
Quoting the kconfig description for CONFIG_PCPU_DEV_REFCNT:
network device refcount are using per cpu variables if this option is
set. This can be forced to N to detect underflows (with a performance
drop).
This was introduced from kernel 5.13 and was wrongly set as disabled.
Some target actually enables it but this should be always enabled unless
refcount needs to be debugged (unlikely for production images)
Enable in generic and drop the entry in every other target.
Link: https://github.com/openwrt/openwrt/pull/18174
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit ea6f3e49d6)
[ adapt for kernel 5.15 ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
When a feed has submodules, all its submodules are fully cloned whereas
the feed itself is shallowed. Let's be consistent and perform shallow clones
as well for the submodules.
Signed-off-by: Cedric CHEDALEUX <cedric.chedaleux@orange.com>
Link: https://github.com/openwrt/openwrt/pull/18003
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 9ec32cfb27)
Link: https://github.com/openwrt/openwrt/pull/18168
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
When a feed is referenced with a specific commit (i.e. <git_url>^<sha1>),
a full clone was performed and a branch was created from the sha1
and named with the sha1. Other git clones operations are shallowed.
As Git does not support clone at a specific commit, let's first perform
a shallow clone to latest commit, then fetch the relevant commit and
finally checkout it (no more 'pseudo' branch).
It saves bandwith and significantly speeds up the feed update process.
Signed-off-by: Cedric CHEDALEUX <cedric.chedaleux@orange.com>
Link: https://github.com/openwrt/openwrt/pull/18003
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 32d0a57dc1)
Link: https://github.com/openwrt/openwrt/pull/18168
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
