These two patches are fixing minor problems with DNSSEC found shortly
after the dnsmasq 2.90 release.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 28c87d7ecd)
dnsmasq was recently updated to 2.90, but PKG_RELEASE was not reset to 1.
Fixes: 838a27f64f ("dnsmasq: version 2.90")
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 694e647784)
Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).
Catch up our 200-ubus_dns.patch, too.
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
(cherry picked from commit 838a27f64f)
If the dnsmasq process forks to handle TCP connections, it closes the ubus
context. But instead of changing the daemon wide pointer to NULL, only the
local variable was adjusted - and this portion of the code was even dropped
(dead store) by some optimizing compilers.
It makes more sense to change the daemon->ubus pointer because various
functions are already checking it for NULL. It is also the behavior which
ubus_destroy() implements.
Fixes: d8b33dad0b ("dnsmasq: add support for monitoring and modifying dns lookup results via ubus")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 711dcb7763)
Debian changelog:
intel-microcode (3.20240312.1) unstable; urgency=medium
* New upstream microcode datafile 20240312 (closes: #1066108)
- Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
Protection mechanism failure of bus lock regulator for some Intel
Processors may allow an unauthenticated user to potentially enable
denial of service via network access.
- Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
Non-transparent sharing of return predictor targets between contexts in
some Intel Processors may allow an authorized user to potentially
enable information disclosure via local access. Affects SGX as well.
- Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
Information exposure through microarchitectural state after transient
execution from some register files for some Intel Atom Processors and
E-cores of Intel Core Processors may allow an authenticated user to
potentially enable information disclosure via local access. Enhances
VERW instruction to clear stale register buffers. Affects SGX as well.
Requires kernel update to be effective.
- Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
Processors when using Intel SGX or Intel TDX may allow a privileged
user to potentially enable escalation of privilege via local access.
NOTE: effective only when loaded by firmware. Allows SMM firmware to
attack SGX/TDX.
- Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
Incorrect calculation in microcode keying mechanism for some Intel
Xeon D Processors with Intel SGX may allow a privileged user to
potentially enable information disclosure via local access.
* Fixes for other unspecified functional issues on many processors
* Updated microcodes:
sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
* New microcodes:
sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
* source: update symlinks to reflect id of the latest release, 20240312
* changelog, debian/changelog: fix typos
-- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 12 Mar 2024 20:28:17 -0300
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7b911a9c49)
The ubootmod bootlaoder for EX5601-T0 uses two partitions
in ubi to store enviroment variables. so proper config
is needed.
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit 2a0805fd3d)
Flash procedure is described in next commit.
TLDR:
Copy preloader and uboot to /tmp and write them in the mtd.
This will also require new UBI partition and
volumes to boot openwrt.
mtd write /tmp/openwrt-mediatek-filogic-zyxel_ex5601-t0-ubootmod-preloader.bin bl2
mtd write /tmp/openwrt-mediatek-filogic-zyxel_ex5601-t0-ubootmod-bl31-uboot.fip fip
Changelist:
- Added profile for 4k+256 SPI NAND_TYPE
- Added basic Zyxel EX5601-T0 uboot profile
Backported from hitech95 branch:
- Button RESET pin fix
- Button WPS pin fix
Signed-off-by: Valerio 'ftp21' Mancini <ftp21@ftp21.eu>
Signed-off-by: Nicolò Veronese <nicveronese@gmail.com>
(cherry picked from commit a9cf87027e)
dsmark support was removed in kernel 5.15.150 and 6.1.80. Remove it from
the kmod package as well
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit bd6b37f463)
It was announced [1] that the original staging repositories are no longer
used for staging of new firmware binaries. And that the old repository will
be removed [2] in June 2024.
The ath11k-firmware package must therefore point to the new repository
before the old one is no longer accessible.
[1] https://lore.kernel.org/r/bac97f31-4a70-4c4c-8179-4ede0b32f869@quicinc.com
[2] 8d2cc160f3
Signed-off-by: Sven Eckelmann <sven@narfation.org>
802.11r can not be used when selecting WPA. It needs at least WPA2.
This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.
Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit cdc4c55175)
When using WPA3-SAE or WPA2/WPA3 Personal Mixed, we can not use
ft_psk_generate_local because it will break FT for SAE. Instead
use the r0kh and r1kh configuration approach.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit e2f6bfb833)
Fixes: https://github.com/openwrt/luci/issues/6930
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The dependency can't be satisfied when building using the SDK, breaking
package builds. As the staging and bin dirs are distributed with the SDK
archive, ignoring the dependency is fine when SDK is set.
Fixes: fbb924abff ("build: add $(STAGING_DIR) and $(BIN_DIR) ...")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 2b46cbef81)
This adds packages for the Realtek RTL8723DE/RTL8821CE
firmware to be used with the rtw88 driver.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 4e268803d0)
The RTW88 PCI/USB driver uses the same firmware,
so add firmware dependencies.
Also CI report that:
Package kmod-rtw88-usb is missing dependencies for the following libraries:
usbcore.ko
This commit fixes it.
Fixes: 3538a19 ("mac80211: split rtw88 configuration for each supported chip")
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit 16cff054f1)
Kernel 6.1 has introduced support for RTW8822BU network adapter, which
is an USB variant of the rtw8822b 802.11ac chipset family.
Build and install the corresponding module in the rtw88 package
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
(cherry picked from commit 12ef0be4fe)
Current rtw88 build configuration builds modules for all chips supported by
rtw88 driver family. This brings the following issues:
- adding a chip with a different bus is not convenient (all chips currently
depends on PCI)
- some features requirements are not relevant for all chips in family (eg
802.11AC is enforced but RTW88-8723DE is only a 802.11b/g/n chip)
Remove those constraints/issues by adding one module build option per
supported chip, and add intermediate options to properly cascade
dependencies.
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
(cherry picked from commit 3538a19c6e)
In a pristine build, these directories are created as dependencies of
the tools subdir compile, however this step never runs when the tools
compile stamp already exists. Since commit ed6ba2801c ("tools: keep
stamp file in $(STAGING_DIR_HOST)"), this will happen after `make clean`:
$(STAGING_DIR) has been deleted, but the tools stamp still exists, so
the next build will fail because $(STAGING_DIR) has not been set up
correctly.
Fix builds after `make clean` by adding the preparation as dependencies
for the target and package directories as well.
Fixes: ed6ba2801c ("tools: keep stamp file in $(STAGING_DIR_HOST)")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit fbb924abff)
asterisk-chan-lantiq is by now the only user of the VMMC interface.
And asterisk runs as user 'asterisk' which doesn't give it permission
to open the /dev/vmmc* devices.
Introduce a new user group 'vmmc' and give permission to access the
/dev/vmmc* devices to that group.
Another commit for asterisk-chan-lantiq will add the 'asterisk' user
to that group.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 37bbed6f95)
Synchronize the ath11k backports with upstream linux.
Most of them are changes in kernel 6.5, the rest are
fixes for the ath11k_pci. The most important one is
"Revert 'wifi: ath11k: Enable threaded NAPI'", which
fixes the problem that QCN9074 cannot be used after
restarting on the x86 platform.
[ 23.462718] ath11k_pci 0000:02:00.0: failed to vdev 0 create peer for AP: -110
[ 28.503020] ath11k_pci 0000:02:00.0: Timeout in receiving vdev delete response
Changes to ipq8074 coldboot part pick from commit
b33bfcf ("mac80211: ath11k: sync with ath-next").
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
With mac80211_hwsim I have seen such entries in OpenWrt 22.03:
HE Iftypes: managed, AP
The mac80211.sh script did not detect the entry and failed. Allow
arbitrary other entries before to fix this problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5df7a78e82)
