Merge Official Source

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2025-01-09 02:43:53 +08:00 · 2021-06-22 15:25:54 +08:00 · 2021-06-22 15:25:54 +08:00 · e8492b9f83
commit e8492b9f83
parent 02c745a2fa 1247a6bb35
9 changed files with 201 additions and 12 deletions
--- a/package/base-files/files/bin/config_generate
+++ b/package/base-files/files/bin/config_generate
@ -114,9 +114,17 @@ generate_network() {
 			add network device
 			set network.@device[-1].name='br-$1'
 			set network.@device[-1].type='bridge'
 			set network.@device[-1].macaddr='$macaddr'
 		EOF
 		for port in $ports; do uci add_list network.@device[-1].ports="$port"; done
 		[ -n "$macaddr" ] && {
 			for port in $ports; do
 				uci -q batch <<-EOF
 					add network device
 					set network.@device[-1].name='$port'
 					set network.@device[-1].macaddr='$macaddr'
 				EOF
 			done
 		}
 		device=br-$1
 		type=
 		macaddr=""
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=wolfssl
 PKG_VERSION:=4.7.0-stable
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
--- a/package/libs/wolfssl/patches/200-ecc-rng.patch
+++ b/package/libs/wolfssl/patches/200-ecc-rng.patch
@ -0,0 +1,50 @@
 Since commit 6467de5a8840 ("Randomize z ordinates in scalar
 mult when timing resistant") wolfssl requires a RNG for an EC
 key when the hardened built option is selected.
 wc_ecc_set_rng is only available when built hardened, so there
 is no safe way to install the RNG to the key regardless whether
 or not wolfssl is compiled hardened.
 Always export wc_ecc_set_rng so tools such as hostapd can install
 RNG regardless of the built settings for wolfssl.
 --- a/wolfcrypt/src/ecc.c
 +++ b/wolfcrypt/src/ecc.c
@@ -10293,21 +10293,21 @@ void wc_ecc_fp_free(void)
 #endif /* FP_ECC */
 -#ifdef ECC_TIMING_RESISTANT
 int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng)
 {
     int err = 0;
 +#ifdef ECC_TIMING_RESISTANT
     if (key == NULL) {
         err = BAD_FUNC_ARG;
     }
     else {
         key->rng = rng;
     }
 +#endif
     return err;
 }
 -#endif
 #ifdef HAVE_ECC_ENCRYPT
 --- a/wolfssl/wolfcrypt/ecc.h
 +++ b/wolfssl/wolfcrypt/ecc.h
@@ -584,10 +584,8 @@ WOLFSSL_API
 void wc_ecc_fp_free(void);
 WOLFSSL_LOCAL
 void wc_ecc_fp_init(void);
 -#ifdef ECC_TIMING_RESISTANT
 WOLFSSL_API
 int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);
 -#endif
 WOLFSSL_API
 int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id);
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@ -7,7 +7,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=hostapd
-PKG_RELEASE:=32
+PKG_RELEASE:=33
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git
--- a/package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch
+++ b/package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch
@ -0,0 +1,48 @@
 From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001
 From: David Bauer <mail@david-bauer.net>
 Date: Wed, 5 May 2021 00:44:34 +0200
 Subject: [PATCH] wolfssl: add RNG to EC key
 Since upstream commit 6467de5a8840 ("Randomize z ordinates in
 scalar mult when timing resistant") WolfSSL requires a RNG for
 the EC key when built hardened which is the default.
 Set the RNG for the EC key to fix connections for OWE clients.
 Signed-off-by: David Bauer <mail@david-bauer.net>
 ---
 src/crypto/crypto_wolfssl.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c
 index 2e4bf8962..ed2528159 100644
 --- a/src/crypto/crypto_wolfssl.c
 +++ b/src/crypto/crypto_wolfssl.c
@@ -1303,6 +1303,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R,
 struct crypto_ec {
 	ecc_key key;
 +	WC_RNG rng;
 	mp_int a;
 	mp_int prime;
 	mp_int order;
@@ -1357,6 +1358,8 @@ struct crypto_ec * crypto_ec_init(int group)
 		return NULL;
 	if (wc_ecc_init(&e->key) != 0 ||
 +	    wc_InitRng(&e->rng) != 0 ||
 +	    wc_ecc_set_rng(&e->key, &e->rng) != 0 ||
 	    wc_ecc_set_curve(&e->key, 0, curve_id) != 0 ||
 	    mp_init(&e->a) != MP_OKAY ||
 	    mp_init(&e->prime) != MP_OKAY ||
@@ -1388,6 +1391,7 @@ void crypto_ec_deinit(struct crypto_ec* e)
 	mp_clear(&e->order);
 	mp_clear(&e->prime);
 	mp_clear(&e->a);
 +	wc_FreeRng(&e->rng);
 	wc_ecc_free(&e->key);
 	os_free(e);
 }
 -- 
 2.31.1
--- a/scripts/json_overview_image_info.py
+++ b/scripts/json_overview_image_info.py
@ -18,19 +18,33 @@ work_dir = Path(getenv("WORK_DIR"))
 output = {}
 def get_initial_output(image_info):
    # preserve existing profiles.json
    if output_path.is_file():
        profiles = json.loads(output_path.read_text())
        if profiles["version_code"] == image_info["version_code"]:
            return profiles
    return image_info
 for json_file in work_dir.glob("*.json"):
    image_info = json.loads(json_file.read_text())
    if not output:
-        output.update(image_info)
+        output = get_initial_output(image_info)
-    else:
+
-        # get first (and only) profile in json file
+    # get first and only profile in json file
-        device_id = next(iter(image_info["profiles"].keys()))
+    device_id, profile = next(iter(image_info["profiles"].items()))
    if device_id not in output["profiles"]:
-            output["profiles"].update(image_info["profiles"])
+        output["profiles"][device_id] = profile
    else:
-            output["profiles"][device_id]["images"].append(
+        output["profiles"][device_id]["images"].extend(profile["images"])
-                image_info["profiles"][device_id]["images"][0]
+
-            )
+# make image lists unique by name, keep last/latest
 for device_id, profile in output.get("profiles", {}).items():
    profile["images"] = list({e["name"]: e for e in profile["images"]}.values())
 if output:
    default_packages, output["arch_packages"] = run(
--- a/target/linux/ath79/patches-5.4/700-at803x-force-ar8033-features.patch
+++ b/target/linux/ath79/patches-5.4/700-at803x-force-ar8033-features.patch
@ -0,0 +1,25 @@
 PHY capabilities are currently read from the fiber status page, thus
 Linux won't advertise 10 / 100 Base-T operation modes, effectively
 limiting operation to 1000 Base-T.
 Statically set the PHYs capabilities, avoiding autodetection.
 The issue itself is properly fixed kernel upstream, however backporting
 efforts to OpenWrt master resulted in breaking the fiber operation for
 another target.
 This is currently only known to be necessary for the Ubiquiti
 UniFi AC series, so enabling it in the ath79 target should not
 break somewhere else.
 --- a/drivers/net/phy/at803x.c
 +++ b/drivers/net/phy/at803x.c
@@ -497,7 +497,7 @@ static struct phy_driver at803x_driver[]
 	.get_wol		= at803x_get_wol,
 	.suspend		= at803x_suspend,
 	.resume			= at803x_resume,
 -	/* PHY_GBIT_FEATURES */
 +	.features		= PHY_GBIT_FEATURES,
 	.read_status		= at803x_read_status,
 	.aneg_done		= at803x_aneg_done,
 	.ack_interrupt		= &at803x_ack_interrupt,
--- a/target/linux/bcm4908/Makefile
+++ b/target/linux/bcm4908/Makefile
@ -22,6 +22,7 @@ KERNELNAME:=Image dtbs
 DEFAULT_PACKAGES += \
 	bcm4908img \
 	kmod-gpio-button-hotplug \
 	kmod-usb-ohci kmod-usb2 kmod-usb3
 $(eval $(call BuildTarget))
--- a/target/linux/bcm4908/patches-5.4/170-net-broadcom-bcm4908_enet-reset-DMA-rings-sw-indexes.patch
+++ b/target/linux/bcm4908/patches-5.4/170-net-broadcom-bcm4908_enet-reset-DMA-rings-sw-indexes.patch
@ -0,0 +1,43 @@
 From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
 Date: Tue, 22 Jun 2021 07:05:04 +0200
 Subject: [PATCH] net: broadcom: bcm4908_enet: reset DMA rings sw indexes
 properly
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 Resetting software indexes in bcm4908_dma_alloc_buf_descs() is not
 enough as it's called during device probe only. Driver resets DMA on
 every .ndo_open callback and it's required to reset indexes then.
 This fixes inconsistent rings state and stalled traffic after interface
 down & up sequence.
 Fixes: 4feffeadbcb2 ("net: broadcom: bcm4908enet: add BCM4908 controller driver")
 Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
 ---
 drivers/net/ethernet/broadcom/bcm4908_enet.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 --- a/drivers/net/ethernet/broadcom/bcm4908_enet.c
 +++ b/drivers/net/ethernet/broadcom/bcm4908_enet.c
@@ -174,9 +174,6 @@ static int bcm4908_dma_alloc_buf_descs(s
 	if (!ring->slots)
 		goto err_free_buf_descs;
 -	ring->read_idx = 0;
 -	ring->write_idx = 0;
 -
 	return 0;
 err_free_buf_descs:
@@ -303,6 +300,9 @@ static void bcm4908_enet_dma_ring_init(s
 	enet_write(enet, ring->st_ram_block + ENET_DMA_CH_STATE_RAM_BASE_DESC_PTR,
 		   (uint32_t)ring->dma_addr);
 +
 +	ring->read_idx = 0;
 +	ring->write_idx = 0;
 }
 static void bcm4908_enet_dma_uninit(struct bcm4908_enet *enet)