x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)
It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit dfd695f4b9f364a7c7db646d2cada10fdf304f02)
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
value when verifying a MAC or AEAD tag. This hardens the library in
case the value leaks through a memory disclosure vulnerability. For
example, a memory disclosure vulnerability could have allowed a
man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
(out of memory). After that, calling mbedtls_ssl_session_free()
and mbedtls_ssl_free() would cause an internal session buffer to
be free()'d twice. CVE-2021-44732
The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 57f38e2c827e3be71d8b1709073e366afe011985)
Many changes were done in drivers/pinctrl/bcm/pinctrl-bcm2835.c between
5.4.171 and 5.4.179.
The following 3 patches do not apply any more:
* target/linux/bcm27xx/patches-5.4/950-0316-pinctrl-bcm2835-Add-support-for-BCM2711-pull-up-func.patch
This was already integrated in kernel v5.4-rc1, it was never needed.
* target/linux/bcm27xx/patches-5.4/950-0328-Revert-pinctrl-bcm2835-Pass-irqchip-when-adding-gpio.patch
* target/linux/bcm27xx/patches-5.4/950-0362-pinctrl-bcm2835-Change-init-order-for-gpio-hogs.patch
I think these were done to fix the problem which was really fixed in
commit 75278f1aff5e ("pinctrl: bcm2835: Change init order for gpio
hogs") from v5.4.175
target/linux/generic/backport-5.4/716-v5.5-net-sfp-move-fwnode-parsing-into-sfp-bus-layer.patch
Move fwnode_device_is_available to the same position as in kernel 5.10.
target/linux/layerscape/patches-5.4/302-dts-0083-arm64-ls1028a-qds-correct-bus-of-rtc.patch
Applied in commit 65816c1034769e714edb70f59a33bc5472d9e55f ("arm64: dts:
ls1028a-qds: move rtc node to the correct i2c bus")
Compile-tested: lantiq/xrx200, bcm27xx/bcm2710
Run-tested: lantiq/xrx200
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Device specifications:
======================
* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/200 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi (11n)
* 2T2R 5 GHz Wi-Fi (11ac)
* 4x GPIO-LEDs (3x wifi, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* TI tmp423 (package kmod-hwmon-tmp421) for temperature monitoring
* 2x ethernet
- eth0
+ AR8035 ethernet PHY (RGMII)
+ 10/100/1000 Mbps Ethernet
+ 802.3af POE
+ used as LAN interface
- eth1
+ AR8031 ethernet PHY (RGMII)
+ 10/100/1000 Mbps Ethernet
+ 18-24V passive POE (mode B)
+ used as WAN interface
* 12-24V 1A DC
* internal antennas
This device support is based on the partially working stub from commit
53c474abbdfe ("ath79: add new OF only target for QCA MIPS silicon").
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 1699c1dc7f26b332f868d338457abfbe716d6ba0)
This commit fixes commit "2999f810ff: build,IB: include kmods only in
local builds" which cause the local packages/ folder only to be added
for local builds but no longer for ImageBuilder created by the Buildbot.
The commits intention was to use remote kmods repositories rather than
storing them locally. Accidentally the entire handling of the local
`packages/` was removed.
Re-add the folder and include a README describing what it can be used
for.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 15e55a2190ba087679b24b8844a51a6e4d512cf3)
Fixes: #5068
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This enables the LEDs on the LAN interfaces.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 1b18195f59b09844ab8fdfd669bc506c25df111b)
Specification:
CPU: Allwinner H5, Quad-core Cortex-A53
DDR3 RAM: 512MB
Network: 10/100/1000M Ethernet x 2
USB Host: Type-A x 1
MicroSD Slot x 1
MicroUSB: for power input
Debug Serial Port: 3Pin pin-header
LED: WAN, LAN, SYS
KEY: Reset
Power Supply: DC 5V/2A
Installation:
Write the image to SD Card with dd.
Note:
1. OpenWrt currently does not support LED_FUNCTION, change back to the
previous practice (Consistent with NanoPi R1).
2. Since the upstream commit https://github.com/torvalds/linux/bbc4d71
("net: phy: realtek: fix rtl8211e rx/tx delay config"), we need to
change the phy-mode from rgmii to rgmii-id.
So set phy-mode for 5.4 and 5.10 respectively.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit fde68cb80941a60be93ece75e808b5b407d11cc8)
Merged in https://github.com/u-boot/u-boot/commit/e7510d2,
adjust back to the current 2020.04 version.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit e43eb16efe97a597a2ebaa9f549d1daec2c8c2ab)
945d0d7 utils: fix C style in header file
2cfc26f inittab: detect active console from kernel if no console= specified
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ffeb37047e85a5efd96890db12710e9d60b4b76a)
This adds conflicts between variants of libustream pacakge.
They provide the same file and thus it should not be possible to install
them side by side.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 219e17a35088a90eea664fbb4c66549d701a3cb4)
All buttons of the FritzBox 7360 family are active-low, not active-high.
Corrent the GPIO flag. This fixes release triggers upon push of a button.
Reported-by: Jan-Niklas Burfeind <git@aiyionpri.me>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 31545378641d45f5fac5ffc408a31b700b80121f)
Apply the same fix that was previously done for the Archer C7v5 to the
A7v5 as well to make the web UI accept our images again.
This is a backport of firmware-utils
commit 84dbf8ee49f522d3a4528763c9473cf3dd7c8c52.
Tested-by: Luflosi <luflosi@luflosi.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
It was reported that some rb912 boards (ar934x) have issues with some ethernet speeds.
Investigation shows that the board failed to adapt the ethernet pll values as shown here:
[ 5.284359] ag71xx 19000000.eth: failed to read pll-handle property
added custom prints in code and triggering a link switch:
[ 62.821446] Atheros AG71xx: fast reset
[ 62.826442] Atheros AG71xx: update pll 2
[ 62.830494] Atheros AG71xx: no pll regmap!
Comparison with another very similar board (rb922 - QCA955x) showed a missing
reference clock frequency in dts, which seems to cause a pll init issue.
Unfortunately, no errors are printed when this occurs.
Adding the frequency property fixes the pll init as it can be parsed now
by the ethernet driver.
[ 55.861407] Atheros AG71xx: fast reset
[ 55.866403] Atheros AG71xx: update pll 2
[ 55.870462] Atheros AG71xx: ath79_set_pllval: regmap: 0x81548000, pll_reg: 0x2c, pll_val: 0x02000000
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 2a000546187122c86143c97337af4d5beacc4908)
Adds support for GPON SFP modules based on the Realtek RTL8672 and
RTL9601C chips, including but not limited to:
* V-SOL V2801F
* C-Data FD511GX-RM0
* OPTON GP801R
* BAUDCOM BD-1234-SFM
* CPGOS03-0490 v2.0
* Ubiquiti U-Fiber Instant
* EXOT EGS1
Signed-off-by: Vladimir Markovets <abam_a@yahoo.com>
(cherry picked from commit f032601ed7d70fe1f468219b68750230b6ea1906)
This allows LEDs to be triggered by custom pattern and not just
predefined ones.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 507911f477cc29531a2fbdf364df42e7e4f3c696)
The name of the module is 'uleds', not 'leds-uleds'.
Signed-off-by: Evgeny Kolesnikov <evgenyz@gmail.com>
[improve commit title]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 3e9318f3c0be1ae14d9d4eb705b02e7441d5d26e)
The allows userspace LEDs to be created and controlled. This can be useful
for testing triggers and can also be used to implement virtual LEDs.
Signed-off-by: Keith T. Garner <kgarner@kgarner.com>
[squash fixup commit and improve option wording]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 6a37286c2add96dba42fdd285162228eb55a99f1)
The patch
PCI: aardvark: Don't touch PCIe registers if no card connected
was applied into Linux stable version 5.4.163.
Remove it from patches-5.4.
(It applied even though it was applied already, resulting in repeated
code.)
Fixes: 14940aee4566 ("kernel: bump 5.4 to 5.4.163")
Signed-off-by: Marek Behún <marek.behun@nic.cz>
This is a bugfix release. Changelog:
*) Avoid loading of a dynamic engine twice.
*) Fixed building on Debian with kfreebsd kernels
*) Prioritise DANE TLSA issuer certs over peer certs
*) Fixed random API for MacOS prior to 10.12
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit def9565be632b316c82ffc5a7b28c789e9df75b4)
Right now it includes bcm4908 variant only that is required by BCM4908
family devices with U-Boot.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f18288e26715f8cdef6c6d62a196dfd4ade8265e)
This is a requirement for backporting DT files defining such LEDs.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 85ad48c9579c0482c98fc6b69e885102511e9194)
BCM4908 devices with U-Boot use pkgtb firmware format. It's based on
U-Boot's FIT: DTB with configurations, images & embedded data.
This format contains bootfs, rootfs and optionally a first stage U-Boot
loader. Contained images need to be extracted & flashed.
Broadcom used two sets of firmwares: main & backup. It uses UBI volumes
"metadata1" & "metadata2" for storing U-Boot env variables with info
about flashed images.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5f05795aa7716879e46fabbd0c51ff20ef9f13bf)
It's very useful flag for handling various formats in sysupgrade. This
commit comes from the 1.34.0 release.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It's required by sysupgrade to access UBI metadata partitions.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 444b4ea4a479d76761ee4833cb340b442dac662a)
fdt* utils are needed by targets that use U-Boot FIT images for
sysupgrade. It includes all recent BCM4908 SoC routers as Broadcom
switched from CFE to U-Boot.
fdtget is required for extracting images (bootfs & rootfs) from
Broadcom's ITB. Extracted images can be then flashed to UBI volumes.
sysupgrade is core functionality so it needs dtc as part of base code
base.
Cc: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This results in setting format specific data (format info, extract
commands) in a single function. It should help maintaining sysupgrade
code.
This change has been tested on Asus GT-AC5300 and Netgear R8000P.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 30b168b9b8451d6165833cee75019ef7dbfd8a2e)
This helps managing LAN ports.
Ref: https://forum.openwrt.org/t/openwrt-21-02-0-second-release-candidate/98026/121
Fixes: 95b0c07a618f ("ipq40xx: add support for FritzBox 7530")
Cc: David Bauer <mail@david-bauer.net>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 3342d574be08db8926273678291497769d2365e9)
