Switch to new nvmem binding.
Also fixes a issue that the MAC address assigned to lan/wan was
reversed on eMMC boards.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The config options that are enabled by default and where other default
packages depends on should not only be set if there is no .config file,
but also if the .config exists but the config option (e.g.
CONFIG_SECCOMP) is missing in the file.
This is relevant, for example, if you are working with .config templates
and then want to complete the configuration using make defconfig.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
The fix in commit 847fad476f ("target.mk: improve handling of default
enabled SECCOMP") unfortunately does not work for targets where the ARCH
variable is set in ./$(SUBTARGET)/target.mk.
To get this working, the ./$(SUBTARGET)/target.mk must be included
before the check.
Fixes: 847fad476f ("target.mk: improve handling of default enabled SECCOMP")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Also use env variables exported by export_fitblk_rootdev() in
platform_copy_config().
Fixes: 4448d6325f ("mediatek: make use of common uImage.FIT upgrade functions")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The function was moved to /lib/upgrade/fit.sh which is part of the fitblk
package. Remove it from /lib/upgrade/common.sh to safe space on boards
not using unified uImage.FIT images.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use export_fitblk_bootdev() in /lib/upgrade/fit.sh instead of now
deprecated fitblk_get_bootdev() function. Include /lib/upgrade/fit.sh
instead of /lib/upgrade/common.sh to allow removing the function there.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Move shell functions used for sysupgrade into /lib/upgrade/fit.sh.
Introduce improved fitblk boot device detection function which
works also in case ubiblock devices have not yet been created or
even UBI itself not yet being attached.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The target was marked source-only due do the broken Ethernet port on
some devices. With that fixed, it can be enabled again.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
The new cpsw-switch driver reserves VLAN 1 for internal use, which
conflicts with the default network configuration of OpenWrt.
Switch back to the older cpsw driver to make the network connection on
the affected devices (BeagleBone Black and AM335x EVM) usable again.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
Initramfs images are not supported by imagebuilder. With recent changes
to support Per Device Rootfs, we now generate an image and a vmlinux for
each Rootfs and these additional files are all shipped in the
imagebuilder tar.
Drop these new file and any vmlinux-initramfs as they are not used and
increase the final size of the imagebuilder archive.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This fixes multiple security problems:
* [Medium] CVE-2024-1544
Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls.
* [Medium] CVE-2024-5288
A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations.
* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS.
* [Low] CVE-2024-5991
In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked.
* [Medium] CVE-2024-5814
A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection.
* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received.
* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt.
Unset DISABLE_NLS to prevent setting the unsupported configuration
option --disable-nls which breaks the build now.
Link: https://github.com/openwrt/openwrt/pull/15948
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The eMMC chip used in a small batch of these devices has issues operating
in HS400 mode. Reducing to HS200 mode works around the problem and does
not cause any noticeable performance penalties as smaller chips are not fast
enough to saturate the bus. Root cause analysis is pending.
Signed-off-by: Chad Monroe <chad@monroe.io>
408c2cc libfstools: skip JFFS2 padding when BLOCKSIZE was given
013050f fstools: remove redundant F2FS_MINSIZE definition
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add entry for the BananaPi R3 mini to the platform_check_image()
function where it has been missing.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There is no point in hard-coding the UBI volume numbers as we are
dynamically looking up the volume by volume name in all cases by now.
Remove this relict as it causes problems without being useful for
anything.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
1. Rename function _do_env_set() to env_do_env_set().
2. Replace kwbimage hack with UBOOT_CUSTOMIZE_CONFIG:
"--disable TOOLS_KWBIMAGE" and "--disable TOOLS_LIBCRYPTO".
3. Disable CONFIG_CMD_BOOTEFI_BOOTMGR for all supported devices
because the newly added UEFI bootmenu entries doesn't work.
4. Enable CONFIG_VERSION_VARIABLE for the OpenWrt One.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
