Signed-off-by: NFelix Fietkau <nbd@nbd.name>
(cherry-picked from commit 4947623d)

This is needed for the ECC controller to access FDM data
Signed-off-by: NFelix Fietkau <nbd@nbd.name>
(cherry-picked from commit 73b2a4ca)

Avoid flooding the log with the message below by increasing the log
level to debug:

  mt7621-nand 1e003000.nand: Using programmed access timing: 31c07388
Signed-off-by: NStijn Tintel <stijn@linux-ipv6.be>
(cherry-picked from commit 89c19592)

The patch was rejected by upstream. The mtk_nand driver should be
modified to support the mt7621 flash controller instead. As there is no
newer version to backport, or no upstream version to fix bugs, let's
move the driver to the files dir under the ramips target. This makes it
easier to make changes to the driver while waiting for mt7621 support to
land in mtk_nand.
Signed-off-by: NStijn Tintel <stijn@linux-ipv6.be>
(cherry-picked from commit 2f2e81a4)

Change the partition name accordingly. Same behavior as mtdsplit_uimage
Signed-off-by: NFelix Fietkau <nbd@nbd.name>
(cherry-picked from commit 62fd9f97)

kernel spi-nand driver leaves this field empty and let mtd set it later.
Signed-off-by: NChuanhong Guo <gch981213@gmail.com>
(cherry-picked from commit 6fa50e26)

This can be used for sectors that are not physically damaged
Signed-off-by: NFelix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2a8a333e)

This NAND flash remapping method is used on newer MediaTek devices with NAND
flash.
Signed-off-by: NFelix Fietkau <nbd@nbd.name>
(cherry-picked from commit 06382d1a)

Pass errors to caller instead
Signed-off-by: NFelix Fietkau <nbd@nbd.name>
(cherry-picked from commit be1f2b4d)

Copy from the previously mapped block (in case it was remapped already)
Signed-off-by: NFelix Fietkau <nbd@nbd.name>
(cherry-picked from commit 7d1e2be1)

Used by the mapping implementation to indicate that no backing block is
available
Signed-off-by: NFelix Fietkau <nbd@nbd.name>
(cherry-picked from commit b4c7f8c5)

Keep a separate source file per variant
Signed-off-by: NFelix Fietkau <nbd@nbd.name>
(cherry-picked from commit 601c7b4a)

Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>

Everywhere else the device is referred to as WS-AP3805i,
only the model name wrongly only said AP3805i.
Signed-off-by: NTom Herbers <mail@tomherbers.de>
(cherry picked from commit 7d6032f3)

Devices with SMALL_FLASH enabled have "SQUASHFS_BLOCK_SIZE=1024" in
their config. This significantly increases the cache memory required by
squashfs [0]. This commit enables low_mem leading to a much better
performance because the SQUASHFS_BLOCK_SIZE is reduced to 256.

Example Nanostation M5 (XM):
The image size increases by 128 KiB. However, the memory statisitcs look
much better:

Default tiny build:
------
MemTotal:          26020 kB
MemFree:            5648 kB
MemAvailable:       6112 kB
Buffers:               0 kB
Cached:             3044 kB

low_mem enabled:
-----
MemTotal:          26976 kB
MemFree:            6748 kB
MemAvailable:      11504 kB
Buffers:               0 kB
Cached:             7204 kB

[0] - https://github.com/freifunk-gluon/gluon/commit/7e8af99cf504ca1dc389f282a0c94f4a911571beSigned-off-by: NNick Hainke <vincent@systemli.org>
(cherry picked from commit f54ac98f)

ath79 has was bumped to 5.10. With this, as with every kernel change,
the kernel has become larger. However, although the kernel gets bigger,
there are still enough flash resources. But the RAM reaches its capacity
limits. The tiny image comes with fewer kernel flags enabled and
fewer daemons.

Improves: 15aa53d7 ("ath79: switch to Kernel 5.10")
Tested-by: NRobert Foss <me@robertfoss.se>
Signed-off-by: NNick Hainke <vincent@systemli.org>
(cherry picked from commit f4415f76)

Fixes: cae4d089 ("kernel: backport mtd dynamic partition patch")
Signed-off-by: NRafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a5265497)

As wolfSSL is having hard time maintaining ABI compatibility between
releases, we need to manually force rebuild of packages depending on
libwolfssl and thus force their upgrade. Otherwise due to the ABI
handling we would endup with possibly two libwolfssl libraries in the
system, including the patched libwolfssl-5.5.1, but still have
vulnerable services running using the vulnerable libwolfssl-5.4.0.

So in order to propagate update of libwolfssl to latest stable release
done in commit ec8fb542 ("wolfssl: fix TLSv1.3 RCE in uhttpd by
using 5.5.1-stable (CVE-2022-39173)") which fixes several remotely
exploitable vulnerabilities, we need to bump PKG_RELEASE of all
packages using wolfSSL library.
Signed-off-by: NPetr Štetiar <ynezz@true.cz>
(cherry picked from commit f1b7e143)

Fixes denial of service attack and buffer overflow against TLS 1.3
servers using session ticket resumption. When built with
--enable-session-ticket and making use of TLS 1.3 server code in
wolfSSL, there is the possibility of a malicious client to craft a
malformed second ClientHello packet that causes the server to crash.

This issue is limited to when using both --enable-session-ticket and TLS
1.3 on the server side. Users with TLS 1.3 servers, and having
--enable-session-ticket, should update to the latest version of wolfSSL.

Thanks to Max at Trail of Bits for the report and "LORIA, INRIA, France"
for research on tlspuffin.

Complete release notes https://github.com/wolfSSL/wolfssl/releases/tag/v5.5.1-stable

Fixes: CVE-2022-39173
Fixes: https://github.com/openwrt/luci/issues/5962
References: https://github.com/wolfSSL/wolfssl/issues/5629Tested-by: NKien Truong <duckientruong@gmail.com>
Reported-by: NKien Truong <duckientruong@gmail.com>
Signed-off-by: NPetr Štetiar <ynezz@true.cz>
(cherry picked from commit ec8fb542)

So they're tidy and apply cleanly.
Signed-off-by: NPetr Štetiar <ynezz@true.cz>
(cherry picked from commit 8ad9a72c)

Remove upstreamed: 101-update-sp_rand_prime-s-preprocessor-gating-to-match.patch

Some low severity vulnerabilities fixed
OpenVPN compatibility fixed (broken in 5.4.0)
Other fixes && improvements
Signed-off-by: NIvan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 3d88f26d)

All patches automatically rebased.
Signed-off-by: NJohn Audia <therealgraysky@proton.me>
(cherry picked from commit eed0a31b)

Manually rebased:
  hack-5.10/780-usb-net-MeigLink_modem_support.patch

Removed upstreamed:
  patches-5.10/110-gpio-mpc8xxx-Fix-support-for-IRQ_TYPE_LEVEL_LOW-flow.patch[1]

All other patches automatically rebased.

1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.145&id=24196210b198e8e39296e277bb93b362aa207775Signed-off-by: NJohn Audia <therealgraysky@proton.me>
(cherry picked from commit 8fe67fae)

All patches automatically rebased.
Signed-off-by: NJohn Audia <therealgraysky@proton.me>
(cherry picked from commit eff4f8b2)

The device has only 1 WAN + 3 LAN ports. Remove "lan4" interface
corresponding to the non-existing port.
Signed-off-by: NMatthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 149fc3a2)

If you would like to compile the newest version of U-boot together with the stable
OpenWrt version, which does not have LibreSSL >= 3.5, which was updated
in the master branch by commit 5451b03b
("tools/libressl: bump to v3.5.3"), then you need these two patches to
fix it. They are backported from U-boot repository.

This should be backported to stable OpenWrt versions.
Reported-by: NMichal Vasilek <michal.vasilek@nic.cz>
Signed-off-by: NJosef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 185541f5)

This issue was reported by @paper42, who is using Void Linux with musl
to compile OpenWrt and its packages and found out it is not possible to
compile U-boot for Turris Omnia (neither any other).

It fixes following output:
```
  HOSTCC  tools/kwboot
tools/kwboot.c: In function 'kwboot_tty_change_baudrate':
tools/kwboot.c:662:6: error: 'struct termios' has no member named 'c_ospeed'
  662 |   tio.c_ospeed = tio.c_ispeed = baudrate;
      |      ^
tools/kwboot.c:662:21: error: 'struct termios' has no member named 'c_ispeed'
  662 |   tio.c_ospeed = tio.c_ispeed = baudrate;
      |                     ^
tools/kwboot.c:690:31: error: 'struct termios' has no member named 'c_ospeed'
  690 |  if (!_is_within_tolerance(tio.c_ospeed, baudrate, 3))
      |                               ^
tools/kwboot.c:693:31: error: 'struct termios' has no member named 'c_ispeed'
  693 |  if (!_is_within_tolerance(tio.c_ispeed, baudrate, 3))
      |
```
Tested-by: NMichal Vasilek <michal.vasilek@nic.cz>
Signed-off-by: NJosef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit 9c747295)

At some point after 21.02.3 and before 22.03.0, the size limits of the
Linksys RE6500 were reached and prevent booting from the 22.03.0 release
or builds of current SNAPSHOT. This patch allows builds of master to boot
again and has been tested on my device.

Fixes: #8577
Signed-off-by: NMark King <mark@vemek.co>
(cherry picked from commit bf5b1a53)

For some reason, Microsoft's Plan9 driver returns IOError on missing
file.
Signed-off-by: NRosen Penev <rosenp@gmail.com>
(cherry picked from commit 875e1777)

Debian's changelog by Henrique de Moraes Holschuh <hmh@debian.org>:

  * New upstream microcode datafile 20220809
    * Fixes INTEL-SA-00657, CVE-2022-21233
      Stale data from APIC leaks SGX memory (AEPIC leak)
    * Fixes unspecified errata (functional issues) on Xeon Scalable
    * Updated Microcodes:
      sig 0x00050653, pf_mask 0x97, 2022-03-14, rev 0x100015e, size 34816
      sig 0x00050654, pf_mask 0xb7, 2022-03-08, rev 0x2006e05, size 44032
      sig 0x000606a6, pf_mask 0x87, 2022-04-07, rev 0xd000375, size 293888
      sig 0x000706a1, pf_mask 0x01, 2022-03-23, rev 0x003c, size 75776
      sig 0x000706a8, pf_mask 0x01, 2022-03-23, rev 0x0020, size 75776
      sig 0x000706e5, pf_mask 0x80, 2022-03-17, rev 0x00b2, size 112640
      sig 0x000806c2, pf_mask 0xc2, 2022-03-19, rev 0x0028, size 97280
      sig 0x000806d1, pf_mask 0xc2, 2022-03-28, rev 0x0040, size 102400
      sig 0x00090672, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x00090675, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x000906a3, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
      sig 0x000906a4, pf_mask 0x80, 2022-06-15, rev 0x0421, size 216064
      sig 0x000a0671, pf_mask 0x02, 2022-03-17, rev 0x0054, size 103424
      sig 0x000b06f2, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
      sig 0x000b06f5, pf_mask 0x03, 2022-06-07, rev 0x0022, size 216064
Signed-off-by: NChristian Lamparter <chunkeey@gmail.com>
(cherry picked from commit bb73828b)

When building with an external toolcahin with musl also include
./include/fortify by default. This is also done when we build with the
internal toolchain using musl libc.

Without this extra include the fortify source feature is not working
when using an external musl toolchain. All binaries were compiled
without fortify source when an external musl toolchain was used. All
binaries release done by the OpenWrt project use the internal toolcahin
where fortify source is working.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b21ddbfa)

When we use the internal toolchain USE_SSTRIP will be selected by
default for musl libc and USE_STRIP when glibc is used. Do the same when
an external toolchain is used. USE_GLIBC will also be set for external
toolchain builds based on the EXTERNAL_TOOLCHAIN_LIBC_USE_GLIBC setting.
Signed-off-by: NHauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9403810c)

Openwrt now supports only glibc and musl. Add support for musl and
rework the libc check to handle the new config flags and correctly
compile package basend on that.
Signed-off-by: NChristian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 7be01fe1)

Openwrt generate info.mk that contains the libc type. For probe_cc check
if the file exist and parse directly it for LIBC type.
Signed-off-by: NChristian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 75311977)

Currently we never call probe_cc before config generation, this cause
the script to never actually detect the correct libc type.
Call probe_cc before config generation to correctl set the .config file.
Signed-off-by: NChristian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit ddeabc75)

It can be useful to overwrite an already generated config.
Option are simply added at the end of the config and make defconfig
will overwrite the relevant option with the new one.
Signed-off-by: NChristian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit f4dd18ca)

The parsed prefix in print_config is wrong and this produce broken
generated .config that won't work with any external toolchain.

Currently the prefix from a CC of

'arm-openwrt-linux-muslgnueabi-gcc-12.1.0'

produce a prefix

'arm-openwrt-linux-muslgnueabi-gcc-'

This is wrong as the real prefix should be

'arm-openwrt-linux-muslgnueabi-'

This is probably caused by a change in how the toolchain is now handled
that now append also the gcc version. Probably in ancient days the
version wasn't part of the name and the prefix generation stripped the
'-gcc' instead of the gcc version.

Fix this and correctly strip the gcc version and the gcc suffix to
correctly call toolchain bins.
Signed-off-by: NChristian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 53c29326)

Don't add wrapped bin to the TARGET_PATH as it does cause compilation
error.

cmake.mk will use the "command -v" and will use the wrapped bin instead
of the external toolchain bin as they have the same name and command
will select the first result.
Signed-off-by: NChristian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit a90eabf6)

When using the OpenWrt toolchain as an external toolchain the build
failed due to missing LTO support. By choosing the GCC wrappers of
the tools this commit makes sure that the LTO-enabled executables
are being used.
Signed-off-by: NVincent Wiemann <vincent.wiemann@ironai.com>
[ wrap the commit description to 72 char ]
Signed-off-by: NChristian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 2555ffb4)