From 72421d973e3e49a140d302cd42a2ecbdca59d6b0 Mon Sep 17 00:00:00 2001 From: Michel Thill Date: Tue, 23 Jan 2024 20:16:48 +0100 Subject: [PATCH 01/10] realtek: d-link dgs-1210-10p improve sfp support The current dts file of dgs-1210-10p doesn't support link states for the sfp ports (they are always up). This patch tries to give better support for this and was run tested on dgs-1210-10p. It was already commited to the main branch. Signed-off-by: Michel Thill (cherry picked from commit 135e10762077d96a976c0b00311ce95e77082a5d) --- .../dts-5.15/rtl8382_d-link_dgs-1210-10p.dts | 56 ++++++++++++++++++- 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/target/linux/realtek/dts-5.15/rtl8382_d-link_dgs-1210-10p.dts b/target/linux/realtek/dts-5.15/rtl8382_d-link_dgs-1210-10p.dts index 16934ede3b..1aef88afd4 100644 --- a/target/linux/realtek/dts-5.15/rtl8382_d-link_dgs-1210-10p.dts +++ b/target/linux/realtek/dts-5.15/rtl8382_d-link_dgs-1210-10p.dts @@ -7,6 +7,42 @@ compatible = "d-link,dgs-1210-10p", "realtek,rtl838x-soc"; model = "D-Link DGS-1210-10P"; + /* i2c of the left SFP cage: port 9 */ + i2c0: i2c-gpio-0 { + compatible = "i2c-gpio"; + sda-gpios = <&gpio1 6 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>; + scl-gpios = <&gpio1 7 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>; + i2c-gpio,delay-us = <2>; + #address-cells = <1>; + #size-cells = <0>; + }; + + sfp0: sfp-p9 { + compatible = "sff,sfp"; + i2c-bus = <&i2c0>; + los-gpio = <&gpio1 9 GPIO_ACTIVE_HIGH>; + mod-def0-gpio = <&gpio1 8 GPIO_ACTIVE_LOW>; + tx-disable-gpio = <&gpio1 11 GPIO_ACTIVE_HIGH>; + }; + + /* i2c of the right SFP cage: port 10 */ + i2c1: i2c-gpio-1 { + compatible = "i2c-gpio"; + sda-gpios = <&gpio1 1 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>; + scl-gpios = <&gpio1 2 (GPIO_ACTIVE_HIGH | GPIO_OPEN_DRAIN)>; + i2c-gpio,delay-us = <2>; + #address-cells = <1>; + #size-cells = <0>; + }; + + sfp1: sfp-p10 { + compatible = "sff,sfp"; + i2c-bus = <&i2c1>; + los-gpio = <&gpio1 4 GPIO_ACTIVE_HIGH>; + mod-def0-gpio = <&gpio1 3 GPIO_ACTIVE_LOW>; + tx-disable-gpio = <&gpio1 12 GPIO_ACTIVE_HIGH>; + }; + keys { compatible = "gpio-keys-polled"; poll-interval = <20>; @@ -86,8 +122,24 @@ SWITCH_PORT(13, 6, internal) SWITCH_PORT(14, 7, internal) SWITCH_PORT(15, 8, internal) - SWITCH_SFP_PORT(24, 9, rgmii-id) - SWITCH_SFP_PORT(26, 10, rgmii-id) + + port@24 { + reg = <24>; + label = "lan9"; + phy-handle = <&phy24>; + phy-mode = "1000base-x"; + managed = "in-band-status"; + sfp = <&sfp0>; + }; + + port@26 { + reg = <26>; + label = "lan10"; + phy-handle = <&phy26>; + phy-mode = "1000base-x"; + managed = "in-band-status"; + sfp = <&sfp1>; + }; port@28 { ethernet = <ðernet0>; From c55aaa7c9a98e7c0a5e1ea8293a534dc5b395cf3 Mon Sep 17 00:00:00 2001 From: Lech Perczak Date: Sun, 17 Dec 2023 18:25:55 +0100 Subject: [PATCH 02/10] ath79: generic: disable SPI-NOR write protect unconditionally Kernel 5.15 introduced a significant change to spi-nor subsystem [1], which would the SPI-NOR core to no longer unprotect the Flash chips if their protection bits are non-volatile, which is the case for MX25L6405D and MX25L12805D, used in Ubiquiti XW and WA lines of devices [2]. However, their bootloader forcibly enables this protection before continuing to boot, making the kernel not unprotect the flash upon boot, causing JFFS2 to be unable write to the filesystem. Because sysupgrade seems to unlock the flash explicitly, the upgrade will work, but the system will be unable to save configrationm showing the following symptom in the kernel log: [ 86.168016] jffs2_scan_eraseblock(): End of filesystem marker found at 0x0 [ 86.192344] jffs2_build_filesystem(): unlocking the mtd device... [ 86.192443] done. [ 86.200669] jffs2_build_filesystem(): erasing all blocks after the end marker... [ 86.220646] jffs2: Newly-erased block contained word 0x19852003 at offset 0x001e0000 [ 86.292388] jffs2: Newly-erased block contained word 0x19852003 at offset 0x001d0000 [ 86.324867] jffs2: Newly-erased block contained word 0x19852003 at offset 0x001c0000 [ 86.355316] jffs2: Newly-erased block contained word 0x19852003 at offset 0x001b0000 [ 86.402855] jffs2: Newly-erased block contained word 0x19852003 at offset 0x001a0000 Disable the write protection unconditionally for ath79/generic subtarget, so the XW and WA devices can function again. However, this is only a stopgap solution - it probably should be investigated if there is a way to selectively unlock the area used by rootfs_data - but given the lock granularity, this seems unlikely. With this patch in place, rootfs_data partition on my Nanostation Loco M5 XW is writable again. Fixes: #12882 Fixes: #13750 Fixes: 579703f38c14 ("ath79: switch to 5.15 as default kernel") Link: http://www.infradead.org/pipermail/linux-mtd/2020-October/082805.html Link: https://forum.openwrt.org/t/powerbeam-m5-xw-configuration-loss-after-reboot/141925 Signed-off-by: Lech Perczak (cherry picked from commit f024f4b1b0380b3b2e18115bd8e4f35393fccc70) Signed-off-by: Lech Perczak --- target/linux/ath79/generic/config-default | 2 ++ 1 file changed, 2 insertions(+) diff --git a/target/linux/ath79/generic/config-default b/target/linux/ath79/generic/config-default index 06f264b626..09ea9d93d7 100644 --- a/target/linux/ath79/generic/config-default +++ b/target/linux/ath79/generic/config-default @@ -14,6 +14,8 @@ CONFIG_LEDS_RESET=y CONFIG_MARVELL_PHY=y CONFIG_MICREL_PHY=y CONFIG_MTD_REDBOOT_PARTS=y +CONFIG_MTD_SPI_NOR_SWP_DISABLE=y +# CONFIG_MTD_SPI_NOR_SWP_DISABLE_ON_VOLATILE is not set CONFIG_MTD_SPLIT_EVA_FW=y CONFIG_NVMEM_SYSFS=y CONFIG_NVMEM_U_BOOT_ENV=y From ac97ea1079fb35a387d8c47fc05fb0f83f4594fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Fern=C3=A1ndez=20Rojas?= Date: Wed, 17 Jan 2024 10:39:37 +0100 Subject: [PATCH 03/10] bcm27xx: config: update documentation links MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The documentation links have changed and are no longer valid. (cherry picked from commit 189838517e88dc5b519433949c945959d17b89f7) Signed-off-by: Álvaro Fernández Rojas --- target/linux/bcm27xx/image/config.txt | 2 +- target/linux/bcm27xx/image/distroconfig.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/target/linux/bcm27xx/image/config.txt b/target/linux/bcm27xx/image/config.txt index f8ca1bf2d4..db35d72ab7 100644 --- a/target/linux/bcm27xx/image/config.txt +++ b/target/linux/bcm27xx/image/config.txt @@ -4,7 +4,7 @@ ################################################################################ # For overclocking and various other settings, see: -# https://www.raspberrypi.org/documentation/configuration/config-txt/README.md +# https://www.raspberrypi.com/documentation/computers/config_txt.html ################################################################################ # OpenWrt config diff --git a/target/linux/bcm27xx/image/distroconfig.txt b/target/linux/bcm27xx/image/distroconfig.txt index 103c5d2e82..b09e5b8466 100644 --- a/target/linux/bcm27xx/image/distroconfig.txt +++ b/target/linux/bcm27xx/image/distroconfig.txt @@ -5,7 +5,7 @@ # Restore PL011 (ttyAMA0) to GPIOs 14 & 15, instead of Mini UART (ttyS0). # Mini UART is disabled by default unless "enable_uart=1" is specified, # which changes the core frequency to a fixed value and impacts performance. -# See https://www.raspberrypi.org/documentation/configuration/uart.md +# See https://www.raspberrypi.com/documentation/computers/configuration.html#mini-uart-and-cpu-core-frequency [pi0w] dtoverlay=disable-bt [pi3] From 5a4389f6abd15e9f8e966231a9850abb3c1c4c34 Mon Sep 17 00:00:00 2001 From: Yangyu Chen Date: Tue, 19 Dec 2023 03:21:53 +0800 Subject: [PATCH 04/10] bcm27xx: 5.15: turn on cpu erratum for A72 and disable A53 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The original configuration might be copied from bcm2710 which uses cortex A53 rather than A72 in BCM2711, without errata might be harmful to system stability and security. Signed-off-by: Yangyu Chen (cherry picked from commit d549809c05997116823c1a1486d79cb8bda689b9) Signed-off-by: Álvaro Fernández Rojas --- target/linux/bcm27xx/bcm2711/config-5.15 | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/target/linux/bcm27xx/bcm2711/config-5.15 b/target/linux/bcm27xx/bcm2711/config-5.15 index e18728e49d..42e749a883 100644 --- a/target/linux/bcm27xx/bcm2711/config-5.15 +++ b/target/linux/bcm27xx/bcm2711/config-5.15 @@ -19,14 +19,8 @@ CONFIG_ARM64_4K_PAGES=y CONFIG_ARM64_CNP=y CONFIG_ARM64_CRYPTO=y CONFIG_ARM64_EPAN=y -CONFIG_ARM64_ERRATUM_819472=y -CONFIG_ARM64_ERRATUM_824069=y -CONFIG_ARM64_ERRATUM_826319=y -CONFIG_ARM64_ERRATUM_827319=y -CONFIG_ARM64_ERRATUM_832075=y -CONFIG_ARM64_ERRATUM_843419=y +CONFIG_ARM64_ERRATUM_1319367=y CONFIG_ARM64_HW_AFDBM=y -CONFIG_ARM64_LD_HAS_FIX_ERRATUM_843419=y CONFIG_ARM64_PAGE_SHIFT=12 CONFIG_ARM64_PAN=y CONFIG_ARM64_PA_BITS=48 From e05659ef59efa14091bd5e59efedec0ad565a484 Mon Sep 17 00:00:00 2001 From: Marty Jones Date: Sun, 24 Dec 2023 19:03:31 -0500 Subject: [PATCH 05/10] bcm27xx-userland: update to latest version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is the last update for bcm27xx-userland as it has been deprecated but funcional up to raspberry pi 5. 96a7334 README: Update to make it clear that most code in this repo is deprecated 3c97f76 userland: dtoverlay: /boot/firmware is a valid path 153a235 Assorted clang static analysis fixes eca070c bcm_host: Update kms/fkms check for pi5 06a7618 dtoverlay: Support bcm2712 as a platform 0489c07 dtoverlay: Add dtoverlay_first/next_subnode a1c7f81 dtoverlay: Support literal assignments of path strings 44a3953 raspivid: Also flush PTS file if flush is enabled cc1ca18 userland: dtoverlay: Use os_prefix if set 9d5250f libfdt: Add null-ptr check for prop-data to resolve clang --analyzer warning 50527c6 mmal: Only include Videocore components if not running on Videocore df245ea tvservice: Update unsupported message to recommend kmsprint de0cfe8 dtoverlay: Fix clang warnings 0182f05 dtoverlay: Fix various compiler warnings 2a6306b dtoverlay: Fix path rebasing and exports d1e92d7 dtoverlay: Add support for string escape sequences b1ee39e gencmd: Add a fallback to mailbox interface if vchiq is not available 54fd97a hello_pi: Fix some build issues Signed-off-by: Marty Jones (cherry picked from commit 3df664101a18cf835c97ce5f0fbcc6357a16c101) Signed-off-by: Álvaro Fernández Rojas --- package/utils/bcm27xx-userland/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/utils/bcm27xx-userland/Makefile b/package/utils/bcm27xx-userland/Makefile index 9d7f6dd822..402c3dcd64 100644 --- a/package/utils/bcm27xx-userland/Makefile +++ b/package/utils/bcm27xx-userland/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=bcm27xx-userland -PKG_VERSION:=c4fd1b8986c6d6d4ae5cd51e65a8bbeb495dfa4e +PKG_VERSION:=96a7334ae9d5fc9db7ac92e59852377df63f1848 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/raspberrypi/userland/tar.gz/$(PKG_VERSION)? -PKG_HASH:=ab8a5b27c34cf1b97de87b895448a6355229f73b679866b47c51a723273cc8ae +PKG_HASH:=557ee8390de5db1ed90386c1ba0221e7f6f9dd87e858a00a34be3b1f9ede193f PKG_FLAGS:=nonshared From 1da896f706dbb240f99b8679a7401ccf81204dc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Fern=C3=A1ndez=20Rojas?= Date: Tue, 16 Jan 2024 11:58:01 +0100 Subject: [PATCH 06/10] bcm27xx-gpu-fw: update to latest version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit raspberrypi/firmware is about 40G, so getting the full history log isn't an option. There have been multiple improvements and also support for the RPi 5 has been added. (cherry picked from commit e8f55817015112608155a6463ca2d8f5b4ca37b2) Signed-off-by: Álvaro Fernández Rojas --- package/kernel/bcm27xx-gpu-fw/Makefile | 30 +++++++++++++------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/package/kernel/bcm27xx-gpu-fw/Makefile b/package/kernel/bcm27xx-gpu-fw/Makefile index b3323c8b28..048dd0d3a9 100644 --- a/package/kernel/bcm27xx-gpu-fw/Makefile +++ b/package/kernel/bcm27xx-gpu-fw/Makefile @@ -2,8 +2,8 @@ include $(TOPDIR)/rules.mk include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=bcm27xx-gpu-fw -PKG_VERSION:=2022-05-16 -PKG_RELEASE:=3673be308132de102fdff491d1333d9d0f823557 +PKG_VERSION:=2024-01-11 +PKG_RELEASE:=0968de28716a9b1f106b8492646d0ed0a2800152 PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/$(PKG_NAME)/rpi-firmware-$(PKG_RELEASE) @@ -26,7 +26,7 @@ define Download/bootcode_bin FILE:=$(RPI_FIRMWARE_FILE)-bootcode.bin URL:=$(RPI_FIRMWARE_URL) URL_FILE:=bootcode.bin - HASH:=69309823da13dc96b89e3d82b44f820e4f84efa79d207adad2c8784559794f03 + HASH:=af603ebd97e7b692c30195563f7b25656eb05d57838cf1a715ebb470d1614ce4 endef $(eval $(call Download,bootcode_bin)) @@ -34,7 +34,7 @@ define Download/fixup_dat FILE:=$(RPI_FIRMWARE_FILE)-fixup.dat URL:=$(RPI_FIRMWARE_URL) URL_FILE:=fixup.dat - HASH:=921f56c62ad1995addb984b156c869202dc5d46bbe9ebcbd02c20f0def9058e3 + HASH:=c28ea955e672e374016dca61d63afa026490f0473a98115908586ab48e324aeb endef $(eval $(call Download,fixup_dat)) @@ -42,7 +42,7 @@ define Download/fixup_cd_dat FILE:=$(RPI_FIRMWARE_FILE)-fixup_cd.dat URL:=$(RPI_FIRMWARE_URL) URL_FILE:=fixup_cd.dat - HASH:=83a985aa0d73844786f3b3bf674826c520212f6f72fc6a890f2ebb5f87de5d8c + HASH:=3cf1aef5f596ca106203ed5dac9ad45e85929ec55ce44c813588645e174442ec endef $(eval $(call Download,fixup_cd_dat)) @@ -50,7 +50,7 @@ define Download/fixup_x_dat FILE:=$(RPI_FIRMWARE_FILE)-fixup_x.dat URL:=$(RPI_FIRMWARE_URL) URL_FILE:=fixup_x.dat - HASH:=8b00b00678adafe01e087240d156dbc87822e745b269be4f282596b69265cd1e + HASH:=56525c8feabde1ab86f36bb09bc55171659b2993f94132cf81ffc4293d62269d endef $(eval $(call Download,fixup_x_dat)) @@ -58,7 +58,7 @@ define Download/fixup4_dat FILE:=$(RPI_FIRMWARE_FILE)-fixup4.dat URL:=$(RPI_FIRMWARE_URL) URL_FILE:=fixup4.dat - HASH:=ef2b5d2a0a95ca48e00a1ce78b7650ee9e947cc1c588704c8ae30c1623122e2f + HASH:=615f8595801bf52373039f73ad5ad9513f83400d355eb1b2c075c7ae907e927c endef $(eval $(call Download,fixup4_dat)) @@ -66,7 +66,7 @@ define Download/fixup4cd_dat FILE:=$(RPI_FIRMWARE_FILE)-fixup4cd.dat URL:=$(RPI_FIRMWARE_URL) URL_FILE:=fixup4cd.dat - HASH:=83a985aa0d73844786f3b3bf674826c520212f6f72fc6a890f2ebb5f87de5d8c + HASH:=3cf1aef5f596ca106203ed5dac9ad45e85929ec55ce44c813588645e174442ec endef $(eval $(call Download,fixup4cd_dat)) @@ -74,7 +74,7 @@ define Download/fixup4x_dat FILE:=$(RPI_FIRMWARE_FILE)-fixup4x.dat URL:=$(RPI_FIRMWARE_URL) URL_FILE:=fixup4x.dat - HASH:=a6c4e30ada5a00fe7de83c460638ca824647651bb4a3644b8c65d7ba1d9f2d2b + HASH:=6d27a4b8ecb78cef9e1f03751b4aaec5ce8749d36988f381145a8a41dbf164ae endef $(eval $(call Download,fixup4x_dat)) @@ -82,7 +82,7 @@ define Download/start_elf FILE:=$(RPI_FIRMWARE_FILE)-start.elf URL:=$(RPI_FIRMWARE_URL) URL_FILE:=start.elf - HASH:=5455c148f4b8b04c553809bd22b995ee49ba5279ca3848df8bde6f80a388f7e0 + HASH:=e8348e88522e7a1d0e2b0944ab66d7d8f4f30da98f326e2b3c123522e45f71b2 endef $(eval $(call Download,start_elf)) @@ -90,7 +90,7 @@ define Download/start_cd_elf FILE:=$(RPI_FIRMWARE_FILE)-start_cd.elf URL:=$(RPI_FIRMWARE_URL) URL_FILE:=start_cd.elf - HASH:=168c0a9178d5a3b4bd89ef770826a85b4ea3132560ba3600c212c0cec4c575c6 + HASH:=c9b4de3f12bec7808868b898c49f656b5378ddc315f12ccab83d6519bad51680 endef $(eval $(call Download,start_cd_elf)) @@ -98,7 +98,7 @@ define Download/start_x_elf FILE:=$(RPI_FIRMWARE_FILE)-start_x.elf URL:=$(RPI_FIRMWARE_URL) URL_FILE:=start_x.elf - HASH:=30c6a7f32a25185053ca3ca9e4bcfe932246ed42a1b7c37f8803209f93d86404 + HASH:=0b5c06c109984361eeed0ab14d146f686d8aa8da2025689b887e9cb098636db9 endef $(eval $(call Download,start_x_elf)) @@ -106,7 +106,7 @@ define Download/start4_elf FILE:=$(RPI_FIRMWARE_FILE)-start4.elf URL:=$(RPI_FIRMWARE_URL) URL_FILE:=start4.elf - HASH:=be8bbff41dba2749b7b0e812f0a9d87a9122d18508f7b5ff3cd20f303d15bc07 + HASH:=fedc4ecd72c9d21018e210240dcd2e41a8bb5f936fb5674c3351f2a447a22203 endef $(eval $(call Download,start4_elf)) @@ -114,7 +114,7 @@ define Download/start4cd_elf FILE:=$(RPI_FIRMWARE_FILE)-start4cd.elf URL:=$(RPI_FIRMWARE_URL) URL_FILE:=start4cd.elf - HASH:=000372e9cf6815ade595948dbd6328665f2a535eeee44e74b0ec8e56b6fbbf90 + HASH:=ea22282a77666801378137a651e7e0b17cc186f63cdbdc8b9bb98749cd12b256 endef $(eval $(call Download,start4cd_elf)) @@ -122,7 +122,7 @@ define Download/start4x_elf FILE:=$(RPI_FIRMWARE_FILE)-start4x.elf URL:=$(RPI_FIRMWARE_URL) URL_FILE:=start4x.elf - HASH:=48895858f7936570dfab44c67bdcb0357ac8fcd630162c36ac9ed8f2de85c038 + HASH:=c509e73a9cba7af3223dea885f58294bd04845e822aa3d6278500fa4dcdb112f endef $(eval $(call Download,start4x_elf)) From 6b7c4739c407588865aaa0d6868cf6bfe216a987 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Sun, 26 Nov 2023 21:24:28 +0100 Subject: [PATCH 07/10] base-files: execute package's "postinst" after executing uci-defaults MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Allow "postinst" scripts to perform extra actions after applying all kind of fixups implemented using uci-defaults. This is needed e.g. by uhttpd-mod-ubus which after installation in a running systems needs to: 1. Update uhttpd config using its uci-defaults script 2. Reload uhttpd While this approach makes sense there is a risk it'll blow up some corner case postinst usages. There is only 1 way to find out. Cc: Hauke Mehrtens Signed-off-by: Rafał Miłecki (cherry picked from commit b799dd3c705dfd95745cdd94b13d1cd2ad2367a6) --- package/base-files/files/lib/functions.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/package/base-files/files/lib/functions.sh b/package/base-files/files/lib/functions.sh index 4b1b838572..50aed53b06 100644 --- a/package/base-files/files/lib/functions.sh +++ b/package/base-files/files/lib/functions.sh @@ -262,11 +262,6 @@ default_postinst() { add_group_and_user "${pkgname}" - if [ -f "$root/usr/lib/opkg/info/${pkgname}.postinst-pkg" ]; then - ( . "$root/usr/lib/opkg/info/${pkgname}.postinst-pkg" ) - ret=$? - fi - if [ -d "$root/rootfs-overlay" ]; then cp -R $root/rootfs-overlay/. $root/ rm -fR $root/rootfs-overlay/ @@ -292,6 +287,11 @@ default_postinst() { rm -f /tmp/luci-indexcache fi + if [ -f "$root/usr/lib/opkg/info/${pkgname}.postinst-pkg" ]; then + ( . "$root/usr/lib/opkg/info/${pkgname}.postinst-pkg" ) + ret=$? + fi + local shell="$(command -v bash)" for i in $(grep -s "^/etc/init.d/" "$root$filelist"); do if [ -n "$root" ]; then From 1ca61b7b376e135f4a3e08c500e98563f66aa202 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= Date: Wed, 27 Dec 2023 16:20:45 +0100 Subject: [PATCH 08/10] uhttpd: handle reload after uhttpd-mod-ubus installation using postinst MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use postinst script to reload service instead of uci-defaults hack. It's possible thanks to recent base-files change that executes postinst after uci-defaults. This fixes support for uhttpd customizations. It's possible (again) to adjust uhttpd config with custom uci-defaults before it gets started. Cc: Hauke Mehrtens Fixes: d25d281fd668 ("uhttpd: Reload config after uhttpd-mod-ubus was added") Ref: b799dd3c705d ("base-files: execute package's "postinst" after executing uci-defaults") Signed-off-by: Rafał Miłecki (cherry picked from commit 1f11a4e28336c07aca61dd3b4fef01ef872a362d) --- package/network/services/uhttpd/Makefile | 9 ++++++++- package/network/services/uhttpd/files/ubus.default | 6 ------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/package/network/services/uhttpd/Makefile b/package/network/services/uhttpd/Makefile index 02a02405fd..37117bf911 100644 --- a/package/network/services/uhttpd/Makefile +++ b/package/network/services/uhttpd/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=uhttpd -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL=$(PROJECT_GIT)/project/uhttpd.git @@ -107,6 +107,13 @@ define Package/uhttpd-mod-ubus/install $(INSTALL_DATA) ./files/ubus.default $(1)/etc/uci-defaults/00_uhttpd_ubus endef +define Package/uhttpd-mod-ubus/postinst +#!/bin/sh +if [ -z "$${IPKG_INSTROOT}" ]; then + /etc/init.d/uhttpd reload +fi +endef + define Package/uhttpd-mod-ucode/install $(INSTALL_DIR) $(1)/usr/lib $(INSTALL_BIN) $(PKG_BUILD_DIR)/uhttpd_ucode.so $(1)/usr/lib/ diff --git a/package/network/services/uhttpd/files/ubus.default b/package/network/services/uhttpd/files/ubus.default index 474016c1c5..d0a218a0ad 100644 --- a/package/network/services/uhttpd/files/ubus.default +++ b/package/network/services/uhttpd/files/ubus.default @@ -1,17 +1,11 @@ #!/bin/sh -commit=0 - if [ -z "$(uci -q get uhttpd.main.ubus_prefix)" ]; then uci set uhttpd.main.ubus_prefix=/ubus - commit=1 fi [ "$(uci -q get uhttpd.main.ubus_socket)" = "/var/run/ubus.sock" ] && { uci set uhttpd.main.ubus_socket='/var/run/ubus/ubus.sock' - commit=1 } -[ "$commit" = 1 ] && uci commit uhttpd && /etc/init.d/uhttpd reload - exit 0 From b0f3fd550b1e9dd5149e18ffd5f47edc570f21a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20=C5=A0tetiar?= Date: Thu, 29 Jun 2023 14:29:02 +0200 Subject: [PATCH 09/10] ipq807x: prpl-haze: fix sysupgrade flashing from bootloader MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While flashing sysupgrade image from U-Boot, then the rootfs_data overlay filesystem formatting is left for the fstools during firstboot, but that wont work as mkfs.f2fs is missing in the sysupgrade image: mount_root: overlay filesystem in /dev/loop0 has not been formatted yet mount_root: no usable overlay filesystem found, using tmpfs overlay sh: mkfs.f2fs: not found Filesystem Size Used Available Use% Mounted on /dev/loop0 139.6M 46.9M 92.6M 34% /overlay Number Start (sector) End (sector) Size Code Name 20 98850 406349 150.1 MiB FFFF rootfs So lets fix it by adding f2fs support to the sysupgrade image. Signed-off-by: Petr Štetiar (cherry picked from commit ba415af5706f0369e4d299e4dfe50541a4a8056b) --- target/linux/ipq807x/image/generic.mk | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/linux/ipq807x/image/generic.mk b/target/linux/ipq807x/image/generic.mk index fb991156d5..104a667894 100644 --- a/target/linux/ipq807x/image/generic.mk +++ b/target/linux/ipq807x/image/generic.mk @@ -103,7 +103,8 @@ define Device/prpl_haze DEVICE_MODEL := Haze DEVICE_DTS_CONFIG := config@hk09 SOC := ipq8072 - DEVICE_PACKAGES += ath11k-firmware-qcn9074 ipq-wifi-prpl_haze kmod-ath11k-pci + DEVICE_PACKAGES += ath11k-firmware-qcn9074 ipq-wifi-prpl_haze kmod-ath11k-pci \ + mkf2fs f2fsck kmod-fs-f2fs endef TARGET_DEVICES += prpl_haze From b5c728948c976f0614c85aa5418af3a44424b511 Mon Sep 17 00:00:00 2001 From: orangepizza Date: Mon, 29 Jan 2024 11:37:43 +0900 Subject: [PATCH 10/10] mbedtls: security bump to version 2.28.7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for following security issues: * Timing side channel in private key RSA operations (CVE-2024-23170) Mbed TLS is vulnerable to a timing side channel in private key RSA operations. This side channel could be sufficient for an attacker to recover the plaintext. A local attacker or a remote attacker who is close to the victim on the network might have precise enough timing measurements to exploit this. It requires the attacker to send a large number of messages for decryption. * Buffer overflow in mbedtls_x509_set_extension() (CVE-2024-23775) When writing x509 extensions we failed to validate inputs passed in to mbedtls_x509_set_extension(), which could result in an integer overflow, causing a zero-length buffer to be allocated to hold the extension. The extension would then be copied into the buffer, causing a heap buffer overflow. Fixes: CVE-2024-23170, CVE-2024-23775 References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/ References: https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/ Signed-off-by: orangepizza Signed-off-by: Petr Štetiar [formal fixes] (cherry picked from commit 920414ca8848fe1b430e436207b4f8c927819368) --- package/libs/mbedtls/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/libs/mbedtls/Makefile b/package/libs/mbedtls/Makefile index 246b21a853..ad13bbe846 100644 --- a/package/libs/mbedtls/Makefile +++ b/package/libs/mbedtls/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=mbedtls -PKG_VERSION:=2.28.5 +PKG_VERSION:=2.28.7 PKG_RELEASE:=2 PKG_BUILD_FLAGS:=no-mips16 gc-sections no-lto PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=849e86b626e42ded6bf67197b64aa771daa54e2a7e2868dc67e1e4711959e5e3 +PKG_HASH:=1df6073f0cf6a4e1953890bf5e0de2a8c7e6be50d6d6c69fa9fefcb1d14e981a PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE_FILES:=gpl-2.0.txt