From 29b26c467d9c3bb3f56efc6f1307c3bc5cac04f6 Mon Sep 17 00:00:00 2001 From: Tom Herbers Date: Thu, 6 Oct 2022 14:18:03 +0200 Subject: [PATCH 1/2] modules: update openwrt f579b8538b ath79: add low_mem to tiny image 4b5bd15091 ath79: move ubnt-xm to tiny 977f6f36a0 kernel: fix possible mtd NULL pointer dereference 562894b39d treewide: fix security issues by bumping all packages using libwolfssl ce59843662 wolfssl: fix TLSv1.3 RCE in uhttpd by using 5.5.1-stable (CVE-2022-39173) 3d2be75b0c wolfssl: refresh patches 0c8425bf11 wolfssl: bump to 5.5.0 2c49ad36fb kernel: bump 5.10 to 5.10.146 f04515e7bd kernel: bump 5.10 to 5.10.145 a91f391b59 kernel: bump 5.10 to 5.10.144 25747a4c04 ramips: fix switch setup for ASUS RT-AX53U 23d23038dd uboot-mvebu: backport LibreSSL patches for older version of LibreSSL 1ff2993edb uboot-mvebu: backport patch to fix compilation on non glibc system d30ddfbac4 ramips: enable LZMA loader to fix Linksys RE6500 boot ed905fce58 tools/meson: backport WSL2 fix e5ab159fbf firmware: intel-microcode: update to 20220809 938ae92675 toolchain: Include ./include/fortify for external musl toolchain 8f72f5e4c0 toolchain: Select USE_SSTRIP with external musl toolchain 4ad6925a9e scripts: ext-toolchain: add support for musl 65bd632069 scripts: ext-toolchain: add support for info.mk in probe_cc b0622d1221 scripts: ext-toolchain: actually probe libc type on config generation d1a6c35591 scripts: ext-toolchain: add option to overwrite config 24cf766dfe scripts: ext-toolchain: fix wrong prefix in print_config generation 18a88668b8 rules_mk: don't include wrapped bin with external toolchains 29927e347a rules_mk: use gcc versions for external toolchain cd117f0596 bcm53xx: backport clk driver fix for DT nodes names 9dc46d6549 ath79: fix LibreRouter-v1 watchdog and poe_pass 0cb3a616e4 build: fix warnings from grep 463fe05d9e Makefile: fix stray \ warnings with grep-3.8 25d8b9cad6 build: fix issues with targets installed via feeds 74eeee1698 build: fix including modules.mk for targets pulled in from feeds dafac183f3 mpc85xx: add patch to fix gpio mpc8xxx 7707b47c72 ramips: fix fw_setsys f3ffb04a43 kernel: add missing symbol 2a6346725a bcm4908: fix -EPROBE_DEFER support in bcm4908_enet 700f5d2990 kernel: update U-Boot NVMEM driver acc78a9cf6 bcm4908: backport mtd parser for Broadcom's U-Boot partition --- modules | 2 +- ...t7621-make-DSA-images-swconfig-upgradable.patch | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/modules b/modules index 25928cfd..3fc0a16c 100644 --- a/modules +++ b/modules @@ -2,7 +2,7 @@ GLUON_FEEDS='packages routing gluon' OPENWRT_REPO=https://github.com/openwrt/openwrt.git OPENWRT_BRANCH=openwrt-22.03 -OPENWRT_COMMIT=b472753d79ab014c799f28aac99e698e5caf0b19 +OPENWRT_COMMIT=f579b8538b72ed4ea9b53e7ed1cffe651e90ffeb PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git PACKAGES_PACKAGES_BRANCH=openwrt-22.03 diff --git a/patches/openwrt/0004-ramips-mt7621-make-DSA-images-swconfig-upgradable.patch b/patches/openwrt/0004-ramips-mt7621-make-DSA-images-swconfig-upgradable.patch index c4314f9d..c65aeb46 100644 --- a/patches/openwrt/0004-ramips-mt7621-make-DSA-images-swconfig-upgradable.patch +++ b/patches/openwrt/0004-ramips-mt7621-make-DSA-images-swconfig-upgradable.patch @@ -3,7 +3,7 @@ Date: Sun, 5 Jun 2022 23:43:38 +0200 Subject: ramips-mt7621: make DSA images swconfig upgradable diff --git a/target/linux/ramips/image/mt7621.mk b/target/linux/ramips/image/mt7621.mk -index 8860be11b8c879c067901cf6642a133b27b1e3b2..f8a846cfc67c306fedfbdb2bd2056fa3d6aa1b61 100644 +index c07ab39afdebd38b7e1764b86eaceb4e2108768c..635e1a0b006347197751d8850feed3c30202a1ea 100644 --- a/target/linux/ramips/image/mt7621.mk +++ b/target/linux/ramips/image/mt7621.mk @@ -172,7 +172,6 @@ endef @@ -22,7 +22,7 @@ index 8860be11b8c879c067901cf6642a133b27b1e3b2..f8a846cfc67c306fedfbdb2bd2056fa3 $(Device/seama) SEAMA_SIGNATURE := wrgac13_dlink.2013gui_dir860lb LOADER_TYPE := bin -@@ -1226,7 +1224,6 @@ endef +@@ -1227,7 +1225,6 @@ endef TARGET_DEVICES += mts_wg430223 define Device/netgear_ex6150 @@ -30,7 +30,7 @@ index 8860be11b8c879c067901cf6642a133b27b1e3b2..f8a846cfc67c306fedfbdb2bd2056fa3 DEVICE_VENDOR := NETGEAR DEVICE_MODEL := EX6150 DEVICE_PACKAGES := kmod-mt76x2 -@@ -1238,7 +1235,6 @@ endef +@@ -1239,7 +1236,6 @@ endef TARGET_DEVICES += netgear_ex6150 define Device/netgear_sercomm_nand @@ -38,7 +38,7 @@ index 8860be11b8c879c067901cf6642a133b27b1e3b2..f8a846cfc67c306fedfbdb2bd2056fa3 $(Device/uimage-lzma-loader) BLOCKSIZE := 128k PAGESIZE := 2048 -@@ -1421,7 +1417,6 @@ endef +@@ -1422,7 +1418,6 @@ endef TARGET_DEVICES += netgear_wax202 define Device/netgear_wndr3700-v5 @@ -46,7 +46,7 @@ index 8860be11b8c879c067901cf6642a133b27b1e3b2..f8a846cfc67c306fedfbdb2bd2056fa3 $(Device/netgear_sercomm_nor) $(Device/uimage-lzma-loader) IMAGE_SIZE := 15232k -@@ -1745,7 +1740,6 @@ endef +@@ -1746,7 +1741,6 @@ endef TARGET_DEVICES += tplink_tl-wpa8631p-v3 define Device/ubnt_edgerouter_common @@ -54,7 +54,7 @@ index 8860be11b8c879c067901cf6642a133b27b1e3b2..f8a846cfc67c306fedfbdb2bd2056fa3 $(Device/uimage-lzma-loader) DEVICE_VENDOR := Ubiquiti IMAGE_SIZE := 256768k -@@ -2142,7 +2136,6 @@ endef +@@ -2143,7 +2137,6 @@ endef TARGET_DEVICES += zbtlink_zbt-wg2626 define Device/zbtlink_zbt-wg3526-16m @@ -62,7 +62,7 @@ index 8860be11b8c879c067901cf6642a133b27b1e3b2..f8a846cfc67c306fedfbdb2bd2056fa3 $(Device/uimage-lzma-loader) IMAGE_SIZE := 16064k DEVICE_VENDOR := Zbtlink -@@ -2155,7 +2148,6 @@ endef +@@ -2156,7 +2149,6 @@ endef TARGET_DEVICES += zbtlink_zbt-wg3526-16m define Device/zbtlink_zbt-wg3526-32m From 32e7cf941a3de2054414daed6164d7c9b88aaecb Mon Sep 17 00:00:00 2001 From: Tom Herbers Date: Thu, 6 Oct 2022 14:18:13 +0200 Subject: [PATCH 2/2] modules: update packages 5df363db7 libgd: avoid recursive and redundant dependencies 24ad5359f tor: update to 0.4.7.10 1a070a289 expat: update to 2.4.9 2f2989e3e lighttpd: remove deprecated modules f9515613f node: bump to v16.17.1 7869127db https-dns-proxy: add settings for canary domains a4a6411e1 https-dns-proxy: bugfix: prevent canary domains duplicates f624e41f3 treewide: fix security issues by bumping all packages using libwolfssl ea8108a31 Revert "treewide: fix security issues by bumping all packages using libwolfssl" 0ddec62e6 treewide: fix security issues by bumping all packages using libwolfssl 2d061d1cb openvpn: explicitly disable engine parameter for openssl variant 0c670f870 openvpn: update to 2.5.7 50ae0353a openvpn: update to 2.5.6 8377e516e rtty: update to 8.0.1 7acb46001 php8: update to 8.1.11 52ddf2f0b nextdns: initialize nextdns from /etc/uci-defaults eddc92a17 dnslookup: Update to 1.8.0 356534dd4 simple-adblock: allow domains bugfix & canary domains support de00aad59 https-dns-proxy: uci wrappers & iCloud canary domains b0e693092 bandwidthd: fix format warnings a9423d894 unbound: update to version 1.16.3 d053da000 simple-adblock: update to 1.9.1-1 bc1598892 curl: bugfix: github source url eed717e6e pdns-recursor: update to 4.7.3 8df44cb6e libs/cjson: bump to 1.7.15 44f898f98 pagekite: add patchs for 64bit time d5aa9d76e mosquitto: bump to 2.0.15 4419a76ba mosquitto: add missing 'persistence' section in config 376f1afdd poemgr: update to latest HEAD 1eea84cca poemgr: fix conffiles path 5092dbd14 adblock: update 4.1.4-5 3f9a88d21 adblock: add lightswitch05 blocklist source 0247d720e hping3: add new package be7e4f8e3 snowflake: run snowflake-proxy with procd-ujail 8c028f4fd snowflake: add package aaedc165d squid: fix compilation with libxml (fixes #19099) e563fe383 gatling: add package gatling 81c068840 gg: Update to 0.2.11 40106c7dc yq: Update to 4.27.5 05d1265cb xray-core: Update to 1.6.0 8a2bd2754 lighttpd: update to lighttpd 1.4.67 release hash 4df5d1348 tang: update directory f50dc54f2 Revert "jose: remove libjose" 9550d45fd Revert "jose: fix static library usage" 5a02ae2fe knot-resolver: update to 5.5.3 88257a87a libtorrent-rasterbar: Update to 2.0.7 954dd3b90 dockerd: Update to v20.10.18 a2defb8a6 docker: Update to v20.10.18 78949c659 libnetwork: Update to 0dde5c8 for Docker v20.10.18 3ffff095c containerd: Update to v1.6.8 for Docker v20.10.18 3ef01e4dd runc: Update to v1.1.4 for Docker v20.10.18 1e329ed5e libxml2: update to 2.10.2 c4d8769c8 curl: update to 7.85.0 --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index 3fc0a16c..88d97c0a 100644 --- a/modules +++ b/modules @@ -6,7 +6,7 @@ OPENWRT_COMMIT=f579b8538b72ed4ea9b53e7ed1cffe651e90ffeb PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git PACKAGES_PACKAGES_BRANCH=openwrt-22.03 -PACKAGES_PACKAGES_COMMIT=91d060fd94dd1be4610dd26828e71fa23455da64 +PACKAGES_PACKAGES_COMMIT=5df363db70d25f406e6d92f906e1414eae38dafd PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git PACKAGES_ROUTING_BRANCH=openwrt-22.03