diff --git a/package/base-files/files/bin/config_generate b/package/base-files/files/bin/config_generate index 967ef1b100..f5367fbe3b 100755 --- a/package/base-files/files/bin/config_generate +++ b/package/base-files/files/bin/config_generate @@ -114,9 +114,17 @@ generate_network() { add network device set network.@device[-1].name='br-$1' set network.@device[-1].type='bridge' - set network.@device[-1].macaddr='$macaddr' EOF for port in $ports; do uci add_list network.@device[-1].ports="$port"; done + [ -n "$macaddr" ] && { + for port in $ports; do + uci -q batch <<-EOF + add network device + set network.@device[-1].name='$port' + set network.@device[-1].macaddr='$macaddr' + EOF + done + } device=br-$1 type= macaddr="" diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 53cd932d1f..030a0224f5 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl PKG_VERSION:=4.7.0-stable -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) diff --git a/package/libs/wolfssl/patches/200-ecc-rng.patch b/package/libs/wolfssl/patches/200-ecc-rng.patch new file mode 100644 index 0000000000..2d33c06209 --- /dev/null +++ b/package/libs/wolfssl/patches/200-ecc-rng.patch @@ -0,0 +1,50 @@ +Since commit 6467de5a8840 ("Randomize z ordinates in scalar +mult when timing resistant") wolfssl requires a RNG for an EC +key when the hardened built option is selected. + +wc_ecc_set_rng is only available when built hardened, so there +is no safe way to install the RNG to the key regardless whether +or not wolfssl is compiled hardened. + +Always export wc_ecc_set_rng so tools such as hostapd can install +RNG regardless of the built settings for wolfssl. + +--- a/wolfcrypt/src/ecc.c ++++ b/wolfcrypt/src/ecc.c +@@ -10293,21 +10293,21 @@ void wc_ecc_fp_free(void) + + #endif /* FP_ECC */ + +-#ifdef ECC_TIMING_RESISTANT + int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng) + { + int err = 0; + ++#ifdef ECC_TIMING_RESISTANT + if (key == NULL) { + err = BAD_FUNC_ARG; + } + else { + key->rng = rng; + } ++#endif + + return err; + } +-#endif + + #ifdef HAVE_ECC_ENCRYPT + +--- a/wolfssl/wolfcrypt/ecc.h ++++ b/wolfssl/wolfcrypt/ecc.h +@@ -584,10 +584,8 @@ WOLFSSL_API + void wc_ecc_fp_free(void); + WOLFSSL_LOCAL + void wc_ecc_fp_init(void); +-#ifdef ECC_TIMING_RESISTANT + WOLFSSL_API + int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng); +-#endif + + WOLFSSL_API + int wc_ecc_set_curve(ecc_key* key, int keysize, int curve_id); diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index bd2a7c96ad..0779421b8d 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_RELEASE:=32 +PKG_RELEASE:=33 PKG_SOURCE_URL:=http://w1.fi/hostap.git PKG_SOURCE_PROTO:=git diff --git a/package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch b/package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch new file mode 100644 index 0000000000..89d111e991 --- /dev/null +++ b/package/network/services/hostapd/patches/802-wolfssl-init-RNG-with-ECC-key.patch @@ -0,0 +1,48 @@ +From 21ce83b4ae2b9563175fdb4fc4312096cc399cf8 Mon Sep 17 00:00:00 2001 +From: David Bauer +Date: Wed, 5 May 2021 00:44:34 +0200 +Subject: [PATCH] wolfssl: add RNG to EC key + +Since upstream commit 6467de5a8840 ("Randomize z ordinates in +scalar mult when timing resistant") WolfSSL requires a RNG for +the EC key when built hardened which is the default. + +Set the RNG for the EC key to fix connections for OWE clients. + +Signed-off-by: David Bauer +--- + src/crypto/crypto_wolfssl.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/crypto/crypto_wolfssl.c b/src/crypto/crypto_wolfssl.c +index 2e4bf8962..ed2528159 100644 +--- a/src/crypto/crypto_wolfssl.c ++++ b/src/crypto/crypto_wolfssl.c +@@ -1303,6 +1303,7 @@ int ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, + + struct crypto_ec { + ecc_key key; ++ WC_RNG rng; + mp_int a; + mp_int prime; + mp_int order; +@@ -1357,6 +1358,8 @@ struct crypto_ec * crypto_ec_init(int group) + return NULL; + + if (wc_ecc_init(&e->key) != 0 || ++ wc_InitRng(&e->rng) != 0 || ++ wc_ecc_set_rng(&e->key, &e->rng) != 0 || + wc_ecc_set_curve(&e->key, 0, curve_id) != 0 || + mp_init(&e->a) != MP_OKAY || + mp_init(&e->prime) != MP_OKAY || +@@ -1388,6 +1391,7 @@ void crypto_ec_deinit(struct crypto_ec* e) + mp_clear(&e->order); + mp_clear(&e->prime); + mp_clear(&e->a); ++ wc_FreeRng(&e->rng); + wc_ecc_free(&e->key); + os_free(e); + } +-- +2.31.1 + diff --git a/scripts/json_overview_image_info.py b/scripts/json_overview_image_info.py index 8dbd24af2d..db47fd9e42 100755 --- a/scripts/json_overview_image_info.py +++ b/scripts/json_overview_image_info.py @@ -18,19 +18,33 @@ work_dir = Path(getenv("WORK_DIR")) output = {} + +def get_initial_output(image_info): + # preserve existing profiles.json + if output_path.is_file(): + profiles = json.loads(output_path.read_text()) + if profiles["version_code"] == image_info["version_code"]: + return profiles + return image_info + + for json_file in work_dir.glob("*.json"): image_info = json.loads(json_file.read_text()) + if not output: - output.update(image_info) + output = get_initial_output(image_info) + + # get first and only profile in json file + device_id, profile = next(iter(image_info["profiles"].items())) + if device_id not in output["profiles"]: + output["profiles"][device_id] = profile else: - # get first (and only) profile in json file - device_id = next(iter(image_info["profiles"].keys())) - if device_id not in output["profiles"]: - output["profiles"].update(image_info["profiles"]) - else: - output["profiles"][device_id]["images"].append( - image_info["profiles"][device_id]["images"][0] - ) + output["profiles"][device_id]["images"].extend(profile["images"]) + +# make image lists unique by name, keep last/latest +for device_id, profile in output.get("profiles", {}).items(): + profile["images"] = list({e["name"]: e for e in profile["images"]}.values()) + if output: default_packages, output["arch_packages"] = run( diff --git a/target/linux/ath79/patches-5.4/700-at803x-force-ar8033-features.patch b/target/linux/ath79/patches-5.4/700-at803x-force-ar8033-features.patch new file mode 100644 index 0000000000..cfbcaa148d --- /dev/null +++ b/target/linux/ath79/patches-5.4/700-at803x-force-ar8033-features.patch @@ -0,0 +1,25 @@ +PHY capabilities are currently read from the fiber status page, thus +Linux won't advertise 10 / 100 Base-T operation modes, effectively +limiting operation to 1000 Base-T. + +Statically set the PHYs capabilities, avoiding autodetection. + +The issue itself is properly fixed kernel upstream, however backporting +efforts to OpenWrt master resulted in breaking the fiber operation for +another target. + +This is currently only known to be necessary for the Ubiquiti +UniFi AC series, so enabling it in the ath79 target should not +break somewhere else. + +--- a/drivers/net/phy/at803x.c ++++ b/drivers/net/phy/at803x.c +@@ -497,7 +497,7 @@ static struct phy_driver at803x_driver[] + .get_wol = at803x_get_wol, + .suspend = at803x_suspend, + .resume = at803x_resume, +- /* PHY_GBIT_FEATURES */ ++ .features = PHY_GBIT_FEATURES, + .read_status = at803x_read_status, + .aneg_done = at803x_aneg_done, + .ack_interrupt = &at803x_ack_interrupt, diff --git a/target/linux/bcm4908/Makefile b/target/linux/bcm4908/Makefile index ce5f230ca6..bbe5030b65 100644 --- a/target/linux/bcm4908/Makefile +++ b/target/linux/bcm4908/Makefile @@ -22,6 +22,7 @@ KERNELNAME:=Image dtbs DEFAULT_PACKAGES += \ bcm4908img \ + kmod-gpio-button-hotplug \ kmod-usb-ohci kmod-usb2 kmod-usb3 $(eval $(call BuildTarget)) diff --git a/target/linux/bcm4908/patches-5.4/170-net-broadcom-bcm4908_enet-reset-DMA-rings-sw-indexes.patch b/target/linux/bcm4908/patches-5.4/170-net-broadcom-bcm4908_enet-reset-DMA-rings-sw-indexes.patch new file mode 100644 index 0000000000..7e82230f9a --- /dev/null +++ b/target/linux/bcm4908/patches-5.4/170-net-broadcom-bcm4908_enet-reset-DMA-rings-sw-indexes.patch @@ -0,0 +1,43 @@ +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Tue, 22 Jun 2021 07:05:04 +0200 +Subject: [PATCH] net: broadcom: bcm4908_enet: reset DMA rings sw indexes + properly +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Resetting software indexes in bcm4908_dma_alloc_buf_descs() is not +enough as it's called during device probe only. Driver resets DMA on +every .ndo_open callback and it's required to reset indexes then. + +This fixes inconsistent rings state and stalled traffic after interface +down & up sequence. + +Fixes: 4feffeadbcb2 ("net: broadcom: bcm4908enet: add BCM4908 controller driver") +Signed-off-by: Rafał Miłecki +--- + drivers/net/ethernet/broadcom/bcm4908_enet.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/net/ethernet/broadcom/bcm4908_enet.c ++++ b/drivers/net/ethernet/broadcom/bcm4908_enet.c +@@ -174,9 +174,6 @@ static int bcm4908_dma_alloc_buf_descs(s + if (!ring->slots) + goto err_free_buf_descs; + +- ring->read_idx = 0; +- ring->write_idx = 0; +- + return 0; + + err_free_buf_descs: +@@ -303,6 +300,9 @@ static void bcm4908_enet_dma_ring_init(s + + enet_write(enet, ring->st_ram_block + ENET_DMA_CH_STATE_RAM_BASE_DESC_PTR, + (uint32_t)ring->dma_addr); ++ ++ ring->read_idx = 0; ++ ring->write_idx = 0; + } + + static void bcm4908_enet_dma_uninit(struct bcm4908_enet *enet)