From 1276db918b086d5b1db7e6c81d19402b7c3a91ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Thu, 25 Mar 2021 08:01:08 +0100 Subject: [PATCH 1/4] README: add install command to build requirements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In commit 8c8496435a9d ("build: add GNU install to prerequisites") new dependency was added, but addition to README was omitted. Fixes: 8c8496435a9d ("build: add GNU install to prerequisites") Signed-off-by: Petr Štetiar --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0581a94a09..55a6b9bd30 100644 --- a/README.md +++ b/README.md @@ -25,8 +25,8 @@ the [Build System Setup](https://openwrt.org/docs/guide-developer/build-system/i documentation. ``` -gcc-6+ binutils bzip2 flex python3.6+ perl make4.1+ find grep diff unzip gawk getopt -subversion libz-dev libc-dev rsync which +binutils bzip2 diff find flex gawk gcc-6+ getopt grep install libc-dev libz-dev +make4.1+ perl python3.6+ rsync subversion unzip which ``` ### Quickstart From 0bd0de7d43b3846ad0d7006294e1daaadfa7b532 Mon Sep 17 00:00:00 2001 From: Eneas U de Queiroz Date: Fri, 26 Mar 2021 14:46:29 -0300 Subject: [PATCH 2/4] openssl: bump to 1.1.1k This version fixes 2 security vulnerabilities, among other changes: - CVE-2021-3450: problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Signed-off-by: Eneas U de Queiroz --- package/libs/openssl/Makefile | 6 +-- ...o-make-the-dev-crypto-engine-dynamic.patch | 43 +++++++++---------- 2 files changed, 24 insertions(+), 25 deletions(-) diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile index 436abfd94c..7ab4c6ccd0 100644 --- a/package/libs/openssl/Makefile +++ b/package/libs/openssl/Makefile @@ -9,9 +9,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssl PKG_BASE:=1.1.1 -PKG_BUGFIX:=j +PKG_BUGFIX:=k PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX) -PKG_RELEASE:=2 +PKG_RELEASE:=1 PKG_USE_MIPS16:=0 ENGINES_DIR=engines-1.1 @@ -26,7 +26,7 @@ PKG_SOURCE_URL:= \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \ ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/old/$(PKG_BASE)/ -PKG_HASH:=aaf2fcb575cdf6491b98ab4829abf78a3dec8402b8b81efc8f23c00d443981bf +PKG_HASH:=892a0875b9872acd04a9fde79b1f943075d5ea162415de3047c327df33fbaee5 PKG_LICENSE:=OpenSSL PKG_LICENSE_FILES:=LICENSE diff --git a/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch b/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch index 71dc5bf99b..ea3f8fb8a7 100644 --- a/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch +++ b/package/libs/openssl/patches/430-e_devcrypto-make-the-dev-crypto-engine-dynamic.patch @@ -116,7 +116,7 @@ diff --git a/crypto/engine/eng_devcrypto.c b/engines/e_devcrypto.c similarity index 95% rename from crypto/engine/eng_devcrypto.c rename to engines/e_devcrypto.c -index 0d420e50aa..3fcd81de7a 100644 +index 2c1b52d572..eff1ed3a7d 100644 --- a/crypto/engine/eng_devcrypto.c +++ b/engines/e_devcrypto.c @@ -7,7 +7,7 @@ @@ -152,22 +152,6 @@ index 0d420e50aa..3fcd81de7a 100644 /* * cipher/digest status & acceleration definitions -@@ -341,6 +343,7 @@ static int cipher_ctrl(EVP_CIPHER_CTX *ctx, int type, int p1, void* p2) - struct cipher_ctx *to_cipher_ctx; - - switch (type) { -+ - case EVP_CTRL_COPY: - if (cipher_ctx == NULL) - return 1; -@@ -702,7 +705,6 @@ static int digest_init(EVP_MD_CTX *ctx) - SYSerr(SYS_F_IOCTL, errno); - return 0; - } -- - return 1; - } - @@ -1058,7 +1060,7 @@ static const ENGINE_CMD_DEFN devcrypto_cmds[] = { OPENSSL_MSTR(DEVCRYPTO_USE_SOFTWARE) "=allow all drivers, " OPENSSL_MSTR(DEVCRYPTO_REJECT_SOFTWARE) @@ -177,7 +161,7 @@ index 0d420e50aa..3fcd81de7a 100644 ENGINE_CMD_FLAG_NUMERIC}, #endif -@@ -1166,55 +1168,70 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) +@@ -1166,32 +1168,22 @@ static int devcrypto_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void)) * *****/ @@ -201,10 +185,12 @@ index 0d420e50aa..3fcd81de7a 100644 +static int open_devcrypto(void) { - ENGINE *e = NULL; + int fd; + + if (cfd >= 0) + return 1; - - if ((cfd = open("/dev/crypto", O_RDWR, 0)) < 0) { ++ + if ((fd = open("/dev/crypto", O_RDWR, 0)) < 0) { #ifndef ENGINE_DEVCRYPTO_DEBUG if (errno != ENOENT) #endif @@ -213,6 +199,19 @@ index 0d420e50aa..3fcd81de7a 100644 + return 0; } + #ifdef CRIOGET +@@ -1199,35 +1191,61 @@ void engine_load_devcrypto_int() + fprintf(stderr, "Could not create crypto fd: %s\n", strerror(errno)); + close(fd); + cfd = -1; +- return; ++ return 0; + } + close(fd); + #else + cfd = fd; + #endif + - if ((e = ENGINE_new()) == NULL - || !ENGINE_set_destroy_function(e, devcrypto_unload)) { - ENGINE_free(e); @@ -278,7 +277,7 @@ index 0d420e50aa..3fcd81de7a 100644 /* * Asymmetric ciphers aren't well supported with /dev/crypto. Among the BSD * implementations, it seems to only exist in FreeBSD, and regarding the -@@ -1237,23 +1254,36 @@ void engine_load_devcrypto_int() +@@ -1250,23 +1268,36 @@ void engine_load_devcrypto_int() */ #if 0 # ifndef OPENSSL_NO_RSA @@ -324,7 +323,7 @@ index 0d420e50aa..3fcd81de7a 100644 ENGINE_free(e); return; } -@@ -1262,3 +1292,22 @@ void engine_load_devcrypto_int() +@@ -1275,3 +1306,22 @@ void engine_load_devcrypto_int() ENGINE_free(e); /* Loose our local reference */ ERR_clear_error(); } From 64eaf633ff7f9280e04e65ae290eb8b65dd9e021 Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Wed, 24 Mar 2021 16:18:08 +0000 Subject: [PATCH 3/4] x86/base-files: add support for Sophos SG/XG-105 This adds detection of the Sophos SG-105 and Sophos XG-105 models and assignment of ethernet ports these models have to LAN/WAN. Signed-off-by: Stan Grishin --- target/linux/x86/base-files/etc/board.d/02_network | 3 +++ target/linux/x86/base-files/lib/preinit/01_sysinfo | 8 ++++++++ 2 files changed, 11 insertions(+) diff --git a/target/linux/x86/base-files/etc/board.d/02_network b/target/linux/x86/base-files/etc/board.d/02_network index 8d10c637e8..581daf49b6 100644 --- a/target/linux/x86/base-files/etc/board.d/02_network +++ b/target/linux/x86/base-files/etc/board.d/02_network @@ -11,6 +11,9 @@ case "$(board_name)" in pc-engines-apu1|pc-engines-apu2|pc-engines-apu3) ucidef_set_interfaces_lan_wan "eth1 eth2" "eth0" ;; +sophos-sg-105|sophos-xg-105) + ucidef_set_interfaces_lan_wan "eth0 eth2 eth3" "eth1" + ;; traverse-technologies-geos) ucidef_set_interface_lan "eth0 eth1" ucidef_add_atm_bridge "0" "35" "llc" "bridged" diff --git a/target/linux/x86/base-files/lib/preinit/01_sysinfo b/target/linux/x86/base-files/lib/preinit/01_sysinfo index b608d4edab..682ce4a5bb 100644 --- a/target/linux/x86/base-files/lib/preinit/01_sysinfo +++ b/target/linux/x86/base-files/lib/preinit/01_sysinfo @@ -22,6 +22,14 @@ do_sysinfo_x86() { product="apu1" break ;; + "Sophos:SG"|"Sophos:XG") + case "$(cat /sys/devices/virtual/dmi/id/product_version 2>/dev/null)" in + 105*) + product="${product}-105" + break + ;; + esac + ;; "Supermicro:Super Server") continue ;; From d71424a085e1d5dcc57c5d64dd2a651433944432 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Fri, 26 Mar 2021 21:56:26 +0100 Subject: [PATCH 4/4] mt76: update to the latest version 6886b57a1534 mt76: connac: introcuce mt76_sta_cmd_info data structure e529e8afe22a mt76: mt7921: properly configure rcpi adding a sta to the fw e4d522776804 mt76: mt7921: fix airtime reporting be2f67e8d3cb mt76: mt7915: fix key set/delete issue 09a1befde4b7 mt76: fix potential DMA mapping leak f66f8f41d47b mt76: mt7915: refresh repeater entry MAC address when setting BSSID 035e2f6f1ddf mt76: mt7921: get rid of mt7921_mac_wtbl_lmac_addr ee29cd5f3a6a mt76: mt7615: only enable DFS test knobs for mt7615 9a98b1a6f9c2 mt76: mt7615: cleanup mcu tx queue in mt7615_dma_reset() 3bd285424e7b mt76: mt7622: trigger hif interrupt for system reset bf6d9ee4acd1 mt76: mt7615: keep mcu_add_bss_info enabled till interface removal 115b74282314 mt76: mt7915: keep mcu_add_bss_info enabled till interface removal 57432e701d1a mt76: mt7915: cleanup mcu tx queue in mt7915_dma_reset() a519c49a6a42 mt76: mt7615: 0-terminate firmware log messages 4a22f2ffae2e mt76: mt7915: 0-terminate firmware log messages b8609066893a mt76: mt7615: fix chip reset on MT7622 and MT7663e Signed-off-by: Felix Fietkau --- package/kernel/mt76/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package/kernel/mt76/Makefile b/package/kernel/mt76/Makefile index aa6619e78f..b031a227fd 100644 --- a/package/kernel/mt76/Makefile +++ b/package/kernel/mt76/Makefile @@ -8,9 +8,9 @@ PKG_LICENSE_FILES:= PKG_SOURCE_URL:=https://github.com/openwrt/mt76 PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2021-03-18 -PKG_SOURCE_VERSION:=fbef8bba038f5aff755e383025f0a8b34879aa5c -PKG_MIRROR_HASH:=987826653cd8722671263c218a9f3cdf5b0bc0e24accf66fe68e1138f9c694b2 +PKG_SOURCE_DATE:=2021-03-26 +PKG_SOURCE_VERSION:=b8609066893a399b6aabe4df2e80eed52336fc69 +PKG_MIRROR_HASH:=af0729f1b0829c7665f5c5c8e9e8a20207ddc534cfa2566538d446515afcdd7d PKG_MAINTAINER:=Felix Fietkau PKG_BUILD_PARALLEL:=1