Merge Mainline

Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
2022-04-14 10:34:23 +08:00
parent 2dcee33de9 062547c724
commit 3ab4809413
30 changed files with 236 additions and 143 deletions
--- a/include/meson.mk
+++ b/include/meson.mk
@@ -65,6 +65,7 @@ define Meson/CreateNativeFile
 		-e "s|@CXX@|$(foreach BIN,$(HOSTCXX),'$(BIN)',)|" \
 		-e "s|@PKGCONFIG@|$(PKG_CONFIG)|" \
 		-e "s|@CMAKE@|$(STAGING_DIR_HOST)/bin/cmake|" \
+		-e "s|@PYTHON@|$(STAGING_DIR_HOST)/bin/python3|" \
 		-e "s|@CFLAGS@|$(foreach FLAG,$(HOST_CFLAGS) $(HOST_CPPFLAGS),'$(FLAG)',)|" \
 		-e "s|@CXXFLAGS@|$(foreach FLAG,$(HOST_CXXFLAGS) $(HOST_CPPFLAGS),'$(FLAG)',)|" \
 		-e "s|@LDFLAGS@|$(foreach FLAG,$(HOST_LDFLAGS),'$(FLAG)',)|" \
@@ -82,6 +83,7 @@ define Meson/CreateCrossFile
 		-e "s|@NM@|$(TARGET_NM)|" \
 		-e "s|@PKGCONFIG@|$(PKG_CONFIG)|" \
 		-e "s|@CMAKE@|$(STAGING_DIR_HOST)/bin/cmake|" \
+		-e "s|@PYTHON@|$(STAGING_DIR_HOST)/bin/python3|" \
 		-e "s|@CFLAGS@|$(foreach FLAG,$(TARGET_CFLAGS) $(EXTRA_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS),'$(FLAG)',)|" \
 		-e "s|@CXXFLAGS@|$(foreach FLAG,$(TARGET_CXXFLAGS) $(EXTRA_CXXFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS),'$(FLAG)',)|" \
 		-e "s|@LDFLAGS@|$(foreach FLAG,$(TARGET_LDFLAGS) $(EXTRA_LDFLAGS),'$(FLAG)',)|" \
--- a/package/boot/grub2/Makefile
+++ b/package/boot/grub2/Makefile
@@ -122,28 +122,28 @@ define Package/grub2/install
 		-O i386-pc \
 		-c $(PKG_BUILD_DIR)/grub-early.cfg \
 		-o $(STAGING_DIR_IMAGE)/grub2/gpt-core.img \
-		at_keyboard biosdisk boot chain configfile fat linux ls part_gpt reboot serial vga
+		at_keyboard biosdisk boot chain configfile fat linux ls part_gpt reboot search serial vga
 	$(STAGING_DIR_HOST)/bin/grub-mkimage \
 		-d $(PKG_BUILD_DIR)/grub-core \
 		-p /boot/grub \
 		-O i386-pc \
 		-c ./files/grub-early.cfg \
 		-o $(STAGING_DIR_IMAGE)/grub2/generic-core.img \
-		at_keyboard biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial vga
+		at_keyboard biosdisk boot chain configfile ext2 linux ls part_msdos reboot search serial vga
 	$(STAGING_DIR_HOST)/bin/grub-mkimage \
 		-d $(PKG_BUILD_DIR)/grub-core \
 		-p /boot/grub \
 		-O i386-pc \
 		-c ./files/grub-early.cfg \
 		-o $(STAGING_DIR_IMAGE)/grub2/eltorito.img \
-		at_keyboard biosdisk boot chain configfile iso9660 linux ls part_msdos reboot serial test vga
+		at_keyboard biosdisk boot chain configfile iso9660 linux ls part_msdos reboot search serial test vga
 	$(STAGING_DIR_HOST)/bin/grub-mkimage \
 		-d $(PKG_BUILD_DIR)/grub-core \
 		-p /boot/grub \
 		-O i386-pc \
 		-c ./files/grub-early.cfg \
 		-o $(STAGING_DIR_IMAGE)/grub2/legacy-core.img \
-		biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial vga
+		biosdisk boot chain configfile ext2 linux ls part_msdos reboot search serial vga
 endef

 define Package/grub2-efi/install
--- a/package/emortal/autocore/files/arm/tempinfo
+++ b/package/emortal/autocore/files/arm/tempinfo
@@ -1,19 +1,21 @@
 #!/bin/sh

-mt76_path="/sys/class/ieee80211/phy0/hwmon0/temp1_input"
-if [ -e "${mt76_path}" ]; then
-	mt76_temp=" $(awk -F ': ' '{print $2}' "${mt76_path}")°C"
-fi
+IEEE_PATH="/sys/class/ieee80211"
+THERMAL_PATH="/sys/class/thermal"

 if grep -Eq "ipq40xx|ipq806x" "/etc/openwrt_release"; then
-	wifi_temp="$(awk '{printf("%.1f°C ", $0 / 1000)}' /sys/class/ieee80211/phy*/device/hwmon/hwmon*/temp1_input | awk '$1=$1')"
+	wifi_temp="$(awk '{printf("%.1f°C ", $0 / 1000)}' "$IEEE_PATH"/phy*/device/hwmon/hwmon*/temp1_input | awk '$1=$1')"
 else
-	wifi_temp="$(awk '{printf("%.1f°C ", $0 / 1000)}' /sys/class/ieee80211/phy*/hwmon*/temp1_input | awk '$1=$1')"
+	wifi_temp="$(awk '{printf("%.1f°C ", $0 / 1000)}' "$IEEE_PATH"/phy*/hwmon*/temp1_input | awk '$1=$1')"
 fi

 if grep -q "ipq40xx" "/etc/openwrt_release"; then
+	if [ -e "$IEEE_PATH/phy0/hwmon0/temp1_input" ]; then
+		mt76_temp=" $(awk -F ': ' '{print $2}' "$IEEE_PATH/phy0/hwmon0/temp1_input")°C"
+	fi
+
 	echo -n "WiFi:${mt76_temp} ${wifi_temp}"
 else
-	cpu_temp="$(awk '{printf("%.1f°C", $0 / 1000)}' /sys/class/thermal/thermal_zone0/temp)"
+	cpu_temp="$(awk '{printf("%.1f°C", $0 / 1000)}' "$THERMAL_PATH/thermal_zone0/temp")"
 	echo -n "CPU: ${cpu_temp}, WiFi: ${wifi_temp}"
 fi
--- a/package/emortal/autocore/files/generic/cpuinfo
+++ b/package/emortal/autocore/files/generic/cpuinfo
@@ -1,46 +1,61 @@
 #!/bin/sh

-cpu_arch="$(grep "model name" "/proc/cpuinfo" | head -n1 | awk -F ': ' '{print $2}' | xargs)"
-[ -z "${cpu_arch}" ] && cpu_arch="?"
-if grep -q "x86" "/etc/openwrt_release"; then
-	cpu_cores="$(grep "core id" "/proc/cpuinfo" | sort -u | wc -l)C $(grep -c "processor" "/proc/cpuinfo")T"
-else
-	cpu_cores="$(grep -c "processor" "/proc/cpuinfo")"
-fi
+. /etc/openwrt_release

-if grep -q "bcm27xx" "/etc/openwrt_release"; then
-	cpu_freq="$(expr $(vcgencmd measure_clock arm | awk -F '=' '{print $2}') / 1000000)Mhz"
-elif grep -q "bcm53xx" "/etc/openwrt_release"; then
-	cpu_freq="$(nvram get clkfreq | awk -F ',' '{print $1}')MHz"
-elif grep -q "mvebu" "/etc/openwrt_release"; then
-	cpu_freq="$(grep "BogoMIPS" "/proc/cpuinfo" | sed -n "1p" | awk -F ': ' '{print $2}')MHz"
-elif grep -q "x86" "/etc/openwrt_release"; then
-	cpu_freq="$(grep "MHz" "/proc/cpuinfo" | head -n1 | awk -F ': ' '{print $2}')MHz"
-elif [ -e "/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_cur_freq" ]; then
-	cpu_freq="$(awk '{printf("%.fMHz", $0 / 1000)}' "/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_cur_freq")"
-fi
-if ! grep -q "x86" "/etc/openwrt_release" && [ -e "/sys/devices/system/cpu/cpufreq/policy4/cpuinfo_cur_freq" ]; then
-	big_cpu_freq="$(awk '{printf("%.fMHz ", $0 / 1000)}' "/sys/devices/system/cpu/cpufreq/policy4/cpuinfo_cur_freq")"
-fi
+CPUINFO_PATH="/proc/cpuinfo"
+CPUFREQ_PATH="/sys/devices/system/cpu/cpufreq"
+THERMAL_PATH="/sys/class/thermal"

-if grep -q "bcm27xx" "/etc/openwrt_release"; then
-	cpu_temp="$(vcgencmd measure_temp | awk -F '=' '{print $2}' | awk -F "'" '{print $1}')°C"
-elif grep -q "x86" "/etc/openwrt_release"; then
+cpu_arch="$(awk -F ': ' '/model name/ {print $2}' "$CPUINFO_PATH" | head -n1)"
+[ -n "${cpu_arch}" ] || cpu_arch="?"
+
+case "$DISTRIB_TARGET" in
+"x86"/*)
+	cpu_cores="$(grep "core id" "$CPUINFO_PATH" | sort -u | wc -l)C $(grep -c "processor" "$CPUINFO_PATH")T" ;;
+*)
+	cpu_cores="$(grep -c "processor" "$CPUINFO_PATH")" ;;
+esac
+
+case "$DISTRIB_TARGET" in
+"bcm27xx"/*)
+	cpu_freq="$(( $(vcgencmd measure_clock arm | awk -F '=' '{print $2}') / 1000000 ))Mhz" ;;
+"bcm53xx"/*)
+	cpu_freq="$(nvram get clkfreq | awk -F ',' '{print $1}')MHz" ;;
+"mvebu"/*)
+	cpu_freq="$(awk -F ': ' '/BogoMIPS/ {print $2}' "$CPUINFO_PATH" | head -n1)MHz" ;;
+"x86"/*)
+	cpu_freq="$(awk -F ': ' '/MHz/ {print $2}' "$CPUINFO_PATH" | head -n1)MHz"
+	;;
+*)
+	[ ! -e "$CPUFREQ_PATH/policy0/cpuinfo_cur_freq" ] || \
+		cpu_freq="$(awk '{printf("%.fMHz", $0 / 1000)}' "$CPUFREQ_PATH/policy0/cpuinfo_cur_freq")"
+	[ ! -e "$CPUFREQ_PATH/policy4/cpuinfo_cur_freq" ] || \
+		big_cpu_freq="$(awk '{printf("%.fMHz ", $0 / 1000)}' "$CPUFREQ_PATH/policy4/cpuinfo_cur_freq")"
+	;;
+esac
+
+case "$DISTRIB_TARGET" in
+"bcm27xx"/*)
+	cpu_temp="$(vcgencmd measure_temp | awk -F '=' '{print $2}' | awk -F "'" '{print $1}')°C" ;;
+"x86"/*)
 	# Intel
 	cpu_temp="$(sensors "coretemp-*" 2>"/dev/null" | grep -E "(Package id |Core )" | grep -Eo "\+[0-9.]*°C" | head -n1 | tr -d "+")"
 	# AMD
-	[ -z "${cpu_temp}" ] && cpu_temp="$(sensors "k*temp-*" 2>"/dev/null" | grep "Tdie" | head -n1 | awk '{print $2}' | tr -d "+")"
-else
-	[ -e "/sys/class/thermal/thermal_zone0/temp" ] && \
-		cpu_temp="$(awk '{printf("%.1f°C", $0 / 1000)}' /sys/class/thermal/thermal_zone0/temp)"
-fi
+	[ -n "${cpu_temp}" ] || cpu_temp="$(sensors "k*temp-*" 2>"/dev/null" | awk '/Tdie/ {print $2}' | head -n1 | tr -d "+")"
+	;;
+*)
+	[ ! -e "$THERMAL_PATH/thermal_zone0/temp" ] || \
+		cpu_temp="$(awk '{printf("%.1f°C", $0 / 1000)}' "$THERMAL_PATH/thermal_zone0/temp")"
+	;;
+esac

-if [ -z "${cpu_freq}" ] && [ -z "${cpu_temp}" ]; then
-	echo -n "${cpu_arch} x ${cpu_cores}"
-elif [ -z "${cpu_temp}" ] || grep -Eq "ipq|mt7622" "/etc/openwrt_release"; then
-	echo -n "${cpu_arch} x ${cpu_cores} (${cpu_freq})"
-elif [ -z "${cpu_freq}" ]; then
-	echo -n "${cpu_arch} x ${cpu_cores} (${cpu_temp})"
+if [ -z "$big_cpu_freq$cpu_freq" ] && [ -n "$cpu_temp" ]; then
+	echo -n "$cpu_arch x $cpu_cores ($cpu_temp)"
+elif [ -z "$cpu_temp" ] && [ -n "$big_cpu_freq$cpu_freq" ] || \
+		grep -Eq "ipq|mt7622" "/etc/openwrt_release"; then
+	echo -n "$cpu_arch x $cpu_cores ($big_cpu_freq$cpu_freq)"
+elif [ -n "$cpu_temp" ] && [ -n "$big_cpu_freq$cpu_freq" ]; then
+	echo -n "$cpu_arch x $cpu_cores ($big_cpu_freq$cpu_freq, ${cpu_temp})"
 else
-	echo -n "${cpu_arch} x ${cpu_cores} (${big_cpu_freq}${cpu_freq}, ${cpu_temp})"
+	echo -n "$cpu_arch x $cpu_cores"
 fi
--- a/package/emortal/autocore/files/x86/autocore
+++ b/package/emortal/autocore/files/x86/autocore
@@ -7,24 +7,24 @@ start() {
 	rfc=4096
 	threads="$(grep -c "processor" "/proc/cpuinfo")"

-	sysctl -w net.core.rps_sock_flow_entries="$(expr "$rfc" \* "$threads")" >"/dev/null" 2>&1
+	sysctl -w net.core.rps_sock_flow_entries="$(( rfc * threads ))"

 	for fileRps in /sys/class/net/eth*/queues/rx-*/rps_cpus
 	do
-		echo "$threads" > "$fileRps" >"/dev/null" 2>&1
+		echo "$threads" > "$fileRps"
 	done

 	for fileRfc in /sys/class/net/eth*/queues/rx-*/rps_flow_cnt
 	do
-		echo "$rfc" > "$fileRfc" >"/dev/null" 2>&1
+		echo "$rfc" > "$fileRfc"
 	done

 	uci set network.@globals[0].packet_steering="1"
 	uci commit network

-	for i in $(ip address | grep -E 'eth[0-9]+' | awk -F ': ' '{print $2}' | xargs)
+	for i in $(ip address | awk -F ': ' '/eth[0-9]+/ {print $2}' | xargs)
 	do
-		(
+		{
 			ethtool -K "$i" rx-checksum on
 			ethtool -K "$i" tx-checksum-ip-generic on || {
 				ethtool -K "$i" tx-checksum-ipv4 on
@@ -34,6 +34,6 @@ start() {
 			ethtool -K "$i" gso on
 			ethtool -K "$i" tso on
 			ethtool -K "$i" ufo on
-		) >"/dev/null" 2>&1
+		}
 	done
-}
+} >"/dev/null" 2>&1
--- a/package/firmware/intel-microcode/Makefile
+++ b/package/firmware/intel-microcode/Makefile
@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=intel-microcode
-PKG_VERSION:=20210608
+PKG_VERSION:=20220207
 PKG_RELEASE:=1

-PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).2.tar.xz
+PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).1.tar.xz
 PKG_SOURCE_URL:=@DEBIAN/pool/non-free/i/intel-microcode/
-PKG_HASH:=fbf82688ffd0d87b352a35c57bd097ea014f0ad32c9c8f9629725c1b43d1c84d
-PKG_BUILD_DIR:=$(BUILD_DIR)/intel-microcode-3.$(PKG_VERSION).2
+PKG_HASH:=42f2ab3c14bda745ec64008cde5c0f416f32f40e838a9df04cf5ddf5fc87498b
+PKG_BUILD_DIR:=$(BUILD_DIR)/intel-microcode-3.$(PKG_VERSION).1

 PKG_BUILD_DEPENDS:=iucode-tool/host

--- a/package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c
+++ b/package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c
@@ -107,7 +107,7 @@ static struct bh_map button_map[] = {
 static __printf(3, 4)
 int bh_event_add_var(struct bh_event *event, int argv, const char *format, ...)
 {
-	static char buf[128];
+	char buf[128];
 	char *s;
 	va_list args;
 	int len;
--- a/package/libs/wolfssl/Makefile
+++ b/package/libs/wolfssl/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=wolfssl
-PKG_VERSION:=5.1.1-stable
+PKG_VERSION:=5.2.0-stable
 PKG_RELEASE:=$(AUTORELEASE)

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
-PKG_HASH:=d3e0544dbe7e9587c0f6538cdc671b6492663bb7a4281819538abe6c99cdbd92
+PKG_HASH:=409b4646c5f54f642de0e9f3544c3b83de7238134f5b1ff93fb44527bf119d05

 PKG_FIXUP:=libtool
 PKG_INSTALL:=1
--- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch
+++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch
@@ -1,6 +1,6 @@
 --- a/wolfssl/wolfcrypt/settings.h
 +++ b/wolfssl/wolfcrypt/settings.h
-@@ -2346,7 +2346,7 @@ extern void uITRON4_free(void *p) ;
+@@ -2338,7 +2338,7 @@ extern void uITRON4_free(void *p) ;
 #endif
 
 /* warning for not using harden build options (default with ./configure) */
--- a/package/libs/wolfssl/patches/200-ecc-rng.patch
+++ b/package/libs/wolfssl/patches/200-ecc-rng.patch
@@ -11,7 +11,7 @@ RNG regardless of the built settings for wolfssl.

 --- a/wolfcrypt/src/ecc.c
 +++ b/wolfcrypt/src/ecc.c
-@@ -11647,21 +11647,21 @@ void wc_ecc_fp_free(void)
+@@ -11655,21 +11655,21 @@ void wc_ecc_fp_free(void)
 
 #endif /* FP_ECC */
 
@@ -37,7 +37,7 @@ RNG regardless of the built settings for wolfssl.
 
 --- a/wolfssl/wolfcrypt/ecc.h
 +++ b/wolfssl/wolfcrypt/ecc.h
-@@ -647,10 +647,8 @@ WOLFSSL_API
+@@ -650,10 +650,8 @@ WOLFSSL_API
 void wc_ecc_fp_free(void);
 WOLFSSL_LOCAL
 void wc_ecc_fp_init(void);
--- a/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch
+++ b/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch
@@ -1,4 +1,4 @@
-From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From 87e43dd63ba429297e439f2dfd1ee8b45981e18b Mon Sep 17 00:00:00 2001
 From: Juliusz Sosinowicz <juliusz@wolfssl.com>
 Date: Sat, 12 Feb 2022 00:34:24 +0100
 Subject: [PATCH] Reported in ZD13631
@@ -10,11 +10,9 @@ References: https://github.com/wolfSSL/wolfssl/issues/4879
 src/internal.c | 3 +++
 1 file changed, 3 insertions(+)

-diff --git a/src/internal.c b/src/internal.c
-index 0dded42a76c4..f5814d30607c 100644
 --- a/src/internal.c
 +++ b/src/internal.c
-@@ -12372,6 +12372,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx,
+@@ -12342,6 +12342,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte*
                             }
 
                             ret = 0; /* clear errors and continue */
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=dropbear
-PKG_VERSION:=2020.81
-PKG_RELEASE:=2
+PKG_VERSION:=2022.82
+PKG_RELEASE:=$(AUTORELEASE)

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
-	http://matt.ucc.asn.au/dropbear/releases/ \
+	https://matt.ucc.asn.au/dropbear/releases/ \
 	https://dropbear.nl/mirror/releases/
-PKG_HASH:=48235d10b37775dbda59341ac0c4b239b82ad6318c31568b985730c788aac53b
+PKG_HASH:=3a038d2bbc02bf28bbdd20c012091f741a3ec5cbe460691811d714876aad75d1

 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
@@ -42,7 +42,7 @@ ifneq ($(DUMP),1)
 endif

 define Package/dropbear/Default
-  URL:=http://matt.ucc.asn.au/dropbear/
+  URL:=https://matt.ucc.asn.au/dropbear/
 endef

 define Package/dropbear/config
@@ -130,8 +130,10 @@ DB_OPT_COMMON = \
 DB_OPT_CONFIG = \
 	DROPBEAR_CURVE25519|CONFIG_DROPBEAR_CURVE25519|1|0 \
 	DROPBEAR_ED25519|CONFIG_DROPBEAR_ED25519|1|0 \
+	DROPBEAR_SK_ED25519|CONFIG_DROPBEAR_ED25519|1|0 \
 	DROPBEAR_CHACHA20POLY1305|CONFIG_DROPBEAR_CHACHA20POLY1305|1|0 \
 	DROPBEAR_ECDSA|CONFIG_DROPBEAR_ECC|1|0 \
+	DROPBEAR_SK_ECDSA|CONFIG_DROPBEAR_ECC|1|0 \
 	DROPBEAR_ECDH|CONFIG_DROPBEAR_ECC|1|0 \
 	!!DROPBEAR_ECC_384|CONFIG_DROPBEAR_ECC_FULL|1|0 \
 	!!DROPBEAR_ECC_521|CONFIG_DROPBEAR_ECC_FULL|1|0 \
--- a/package/network/services/dropbear/patches/100-pubkey_path.patch
+++ b/package/network/services/dropbear/patches/100-pubkey_path.patch
@@ -1,34 +1,50 @@
 --- a/svr-authpubkey.c
 +++ b/svr-authpubkey.c
-@@ -386,14 +386,19 @@ static int checkpubkey(const char* keyal
- 		goto out;
- 	}
+@@ -77,6 +77,13 @@ static void send_msg_userauth_pk_ok(cons
+ 		const unsigned char* keyblob, unsigned int keybloblen);
+ static int checkfileperm(char * filename);
 
-	/* we don't need to check pw and pw_dir for validity, since
-	 * its been done in checkpubkeyperms. */
-	len = strlen(ses.authstate.pw_dir);
-	/* allocate max required pathname storage,
-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
-	filename = m_malloc(len + 22);
-	snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
-				ses.authstate.pw_dir);
-+	if (ses.authstate.pw_uid != 0) {
-+		/* we don't need to check pw and pw_dir for validity, since
-+		 * its been done in checkpubkeyperms. */
-+		len = strlen(ses.authstate.pw_dir);
-+		/* allocate max required pathname storage,
-+		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
-+		filename = m_malloc(len + 22);
-+		snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
-+					ses.authstate.pw_dir);
-+	} else {
-+		filename = m_malloc(30);
-+		strncpy(filename, "/etc/dropbear/authorized_keys", 30);
-+	}
+static const char * const global_authkeys_dir = "/etc/dropbear";
+static const int        n_global_authkeys_dir = 14; /* + 1 extra byte */
+static const char * const user_authkeys_dir = ".ssh";
+static const int        n_user_authkeys_dir = 5; /* + 1 extra byte */
+static const char * const authkeys_file = "authorized_keys";
+static const int        n_authkeys_file = 16; /* + 1 extra byte */
+
+ /* process a pubkey auth request, sending success or failure message as
+  * appropriate */
+ void svr_auth_pubkey(int valid_user) {
+@@ -439,14 +446,21 @@ static int checkpubkey(const char* keyal
+ 	if (checkpubkeyperms() == DROPBEAR_FAILURE) {
+ 		TRACE(("bad authorized_keys permissions, or file doesn't exist"))
+ 	} else {
+-		/* we don't need to check pw and pw_dir for validity, since
+-		 * its been done in checkpubkeyperms. */
+-		len = strlen(ses.authstate.pw_dir);
+-		/* allocate max required pathname storage,
+-		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-		filename = m_malloc(len + 22);
+-		snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
+-					ses.authstate.pw_dir);
+		if (ses.authstate.pw_uid == 0) {
+			len = n_global_authkeys_dir + n_authkeys_file;
+			filename = m_malloc(len);
+			snprintf(filename, len, "%s/%s", global_authkeys_dir, authkeys_file);
+		} else {
+			/* we don't need to check pw and pw_dir for validity, since
+			 * its been done in checkpubkeyperms. */
+			len = strlen(ses.authstate.pw_dir);
+			/* allocate max required pathname storage,
+			 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+			len += n_user_authkeys_dir + n_authkeys_file + 1;
+			filename = m_malloc(len);
+			snprintf(filename, len, "%s/%s/%s", ses.authstate.pw_dir,
+			        user_authkeys_dir, authkeys_file);
+		}
 
- #if DROPBEAR_SVR_MULTIUSER
- 	/* open the file as the authenticating user. */
-@@ -474,27 +479,36 @@ static int checkpubkeyperms() {
+ 		authfile = fopen(filename, "r");
+ 		if (!authfile) {
+@@ -520,27 +534,41 @@ static int checkpubkeyperms() {
 		goto out;
 	}
 
@@ -37,47 +53,51 @@
 -	len += 22;
 -	filename = m_malloc(len);
 -	strlcpy(filename, ses.authstate.pw_dir, len);
-
+	if (ses.authstate.pw_uid == 0) {
+		if (checkfileperm(global_authkeys_dir) != DROPBEAR_SUCCESS) {
+			goto out;
+		}
+ 
 -	/* check ~ */
 -	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
 -		goto out;
 -	}
-+	if (ses.authstate.pw_uid == 0) {
-+		if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
-+			goto out;
-+		}
-+		if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
-+			goto out;
-+		}
-+	} else {
-+		/* allocate max required pathname storage,
-+		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
-+		len += 22;
+		len = n_global_authkeys_dir + n_authkeys_file;
 +		filename = m_malloc(len);
-+		strlcpy(filename, ses.authstate.pw_dir, len);
-+
-+		/* check ~ */
-+		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
-+			goto out;
-+		}
 
 -	/* check ~/.ssh */
 -	strlcat(filename, "/.ssh", len);
 -	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
 -		goto out;
 -	}
-+		/* check ~/.ssh */
-+		strlcat(filename, "/.ssh", len);
+		snprintf(filename, len, "%s/%s", global_authkeys_dir, authkeys_file);
 +		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
 +			goto out;
 +		}
+	} else {
+		/* check ~ */
+		if (checkfileperm(ses.authstate.pw_dir) != DROPBEAR_SUCCESS) {
+			goto out;
+		}
 
 -	/* now check ~/.ssh/authorized_keys */
 -	strlcat(filename, "/authorized_keys", len);
 -	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
 -		goto out;
+		/* allocate max required pathname storage,
+		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+		len += n_user_authkeys_dir + n_authkeys_file + 1;
+		filename = m_malloc(len);
+
+		/* check ~/.ssh */
+		snprintf(filename, len, "%s/%s", ses.authstate.pw_dir, user_authkeys_dir);
+		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+			goto out;
+		}
+
 +		/* now check ~/.ssh/authorized_keys */
-+		strlcat(filename, "/authorized_keys", len);
+		snprintf(filename, len, "%s/%s/%s", ses.authstate.pw_dir,
+		         user_authkeys_dir, authkeys_file);
 +		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
 +			goto out;
 +		}
--- a/package/network/services/dropbear/patches/110-change_user.patch
+++ b/package/network/services/dropbear/patches/110-change_user.patch
@@ -1,6 +1,6 @@
 --- a/svr-chansession.c
 +++ b/svr-chansession.c
-@@ -954,12 +954,12 @@ static void execchild(const void *user_d
+@@ -985,12 +985,12 @@ static void execchild(const void *user_d
 	/* We can only change uid/gid as root ... */
 	if (getuid() == 0) {
 
--- a/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch
+++ b/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch
@@ -1,11 +1,13 @@
 --- a/cli-runopts.c
 +++ b/cli-runopts.c
-@@ -299,6 +299,8 @@ void cli_getopts(int argc, char ** argv)
- 					debug_trace = 1;
+@@ -325,6 +325,10 @@ void cli_getopts(int argc, char ** argv)
+ 				case 'b':
+ 					next = &bind_arg;
 					break;
- #endif
 +				case 'x':
+					/* compatibility with openssh cli
+					 * ("-x" disables X11 forwarding) */
 +					break;
- 				case 'F':
- 				case 'e':
- #if !DROPBEAR_USER_ALGO_LIST
+ 				default:
+ 					fprintf(stderr,
+ 						"WARNING: Ignoring unknown option -%c\n", c);
--- a/package/network/services/dropbear/patches/140-disable_assert.patch
+++ b/package/network/services/dropbear/patches/140-disable_assert.patch
@@ -1,6 +1,6 @@
 --- a/dbutil.h
 +++ b/dbutil.h
-@@ -75,7 +75,11 @@ int m_str_to_uint(const char* str, unsig
+@@ -80,7 +80,11 @@ int m_snprintf(char *str, size_t size, c
 #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
 
 /* Dropbear assertion */
--- a/package/network/services/dropbear/patches/160-lto-jobserver.patch
+++ b/package/network/services/dropbear/patches/160-lto-jobserver.patch
@@ -1,6 +1,6 @@
 --- a/Makefile.in
 +++ b/Makefile.in
-@@ -198,17 +198,17 @@ dropbearkey: $(dropbearkeyobjs)
+@@ -200,17 +200,17 @@ dropbearkey: $(dropbearkeyobjs)
 dropbearconvert: $(dropbearconvertobjs)
 
 dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile
@@ -22,7 +22,7 @@
 
 
 # multi-binary compilation.
-@@ -219,7 +219,7 @@ ifeq ($(MULTI),1)
+@@ -221,7 +221,7 @@ ifeq ($(MULTI),1)
 endif
 
 dropbearmulti$(EXEEXT): $(HEADERS) $(MULTIOBJS) $(LIBTOM_DEPS) Makefile
--- a/package/network/services/dropbear/patches/600-allow-blank-root-password.patch
+++ b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch
@@ -1,6 +1,6 @@
 --- a/svr-auth.c
 +++ b/svr-auth.c
-@@ -125,7 +125,7 @@ void recv_msg_userauth_request() {
+@@ -124,7 +124,7 @@ void recv_msg_userauth_request() {
 				AUTH_METHOD_NONE_LEN) == 0) {
 		TRACE(("recv_msg_userauth_request: 'none' request"))
 		if (valid_user
--- a/package/network/services/dropbear/patches/900-configure-hardening.patch
+++ b/package/network/services/dropbear/patches/900-configure-hardening.patch
@@ -1,6 +1,6 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -70,53 +70,6 @@ AC_ARG_ENABLE(harden,
+@@ -74,53 +74,6 @@ AC_ARG_ENABLE(harden,
 
 if test "$hardenbuild" -eq 1; then
 	AC_MSG_NOTICE(Checking for available hardened build flags:)
--- a/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
+++ b/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
@@ -21,7 +21,7 @@ Signed-off-by: Petr Štetiar <ynezz@true.cz>

 --- a/signkey.c
 +++ b/signkey.c
-@@ -657,8 +657,12 @@ int buf_verify(buffer * buf, sign_key *k
+@@ -646,8 +646,12 @@ int buf_verify(buffer * buf, sign_key *k
 	sigtype = signature_type_from_name(type_name, type_name_len);
 	m_free(type_name);
 
--- a/package/system/iucode-tool/Makefile
+++ b/package/system/iucode-tool/Makefile
@@ -9,13 +9,14 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=iucode-tool
 PKG_VERSION:=2.3.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=iucode-tool_$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://gitlab.com/iucode-tool/releases/raw/latest
 PKG_HASH:=12b88efa4d0d95af08db05a50b3dcb217c0eb2bfc67b483779e33d498ddb2f95

 PKG_BUILD_DEPENDS:=USE_UCLIBC:argp-standalone USE_MUSL:argp-standalone
+HOST_BUILD_DEPENDS:=HOST_OS_MACOS:argp-standalone/host

 PKG_MAINTAINER:=Zoltan HERPAI <wigyori@uid0.hu>
 PKG_LICENSE:=GPL-2.0
@@ -41,6 +42,18 @@ define Package/iucode-tool/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/iucode_tool $(1)/usr/bin/
 endef

+# List of build hosts with working cpuid.h
+IUT_NATIVE_HOST_OS_ARCH := \
+	linux/x86_64 linux/amd64 linux/i386 linux/i686
+
+IUT_HOST_OS_ARCH := $(call tolower,$(HOST_OS))/$(HOST_ARCH)
+
+# Use cpuid.h compat header if build host does not have working cpuid.h
+ifeq ($(filter $(IUT_HOST_OS_ARCH),$(IUT_NATIVE_HOST_OS_ARCH)),)
+HOST_CFLAGS += \
+	-I$(HOST_BUILD_DIR)/cpuid-compat
+endif
+
 define Host/Install
 	$(INSTALL_BIN) $(HOST_BUILD_DIR)/iucode_tool $(STAGING_DIR_HOST)/bin/iucode_tool
 endef
--- a/package/system/iucode-tool/patches/200_add-cpuid-compatibility-header-to-build-on-non-x86.patch
+++ b/package/system/iucode-tool/patches/200_add-cpuid-compatibility-header-to-build-on-non-x86.patch
@@ -0,0 +1,31 @@
+From a21e75da32c0016f1575ea29775565934a67660d Mon Sep 17 00:00:00 2001
+From: "Sergey V. Lobanov" <sergey@lobanov.in>
+Date: Sat, 5 Feb 2022 13:10:23 +0300
+Subject: [PATCH] Add cpuid compatibility header to build on non-x86 hosts
+
+Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
+---
+ cpuid-compat/cpuid.h | 17 +++++++++++++++++
+ 1 file changed, 17 insertions(+)
+ create mode 100644 cpuid-compat/cpuid.h
+
+--- /dev/null
+++ b/cpuid-compat/cpuid.h
+@@ -0,0 +1,17 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ *  cpuid compatibility header to build iucode-tool on non-x86 hosts
+ *
+ *  Copyright (C) 2022       Sergey V. Lobanov <sergey@lobanov.in>
+ */
+
+#ifdef __APPLE__
+# include <limits.h>
+#endif
+
+static __inline int __get_cpuid (unsigned int leaf,
+              unsigned int *eax, unsigned int *ebx,
+              unsigned int *ecx, unsigned int *edx)
+{
+    return 0;
+}
--- a/scripts/download.pl
+++ b/scripts/download.pl
@@ -200,6 +200,9 @@ foreach my $mirror (@ARGV) {
 		# use OpenWrt source server directly
 	} elsif ($mirror =~ /^\@DEBIAN\/(.+)$/) {
 		push @mirrors, "https://mirrors.tencent.com/debian/$1";
+		push @mirrors, "https://mirrors.aliyun.com/debian/$1";
+		# push @mirrors, "https://mirrors.tuna.tsinghua.edu.cn/debian/$1";
+		# push @mirrors, "https://mirrors.ustc.edu.cn/debian/$1";
 		push @mirrors, "https://ftp.debian.org/debian/$1";
 		push @mirrors, "https://mirror.leaseweb.com/debian/$1";
 		push @mirrors, "https://mirror.netcologne.de/debian/$1";
@@ -259,6 +262,7 @@ foreach my $mirror (@ARGV) {
 		}
 		foreach my $dir (@extra) {
 			# push @mirrors, "https://mirrors.ustc.edu.cn/kernel.org/$dir";
+			# push @mirrors, "https://mirror.iscas.ac.cn/kernel.org/$dir";
 			push @mirrors, "https://cdn.kernel.org/pub/$dir";
 			push @mirrors, "https://download.xs4all.nl/ftp.kernel.org/pub/$dir";
 			push @mirrors, "https://mirrors.mit.edu/kernel/$dir";
@@ -268,8 +272,8 @@ foreach my $mirror (@ARGV) {
 			push @mirrors, "ftp://www.mirrorservice.org/sites/ftp.kernel.org/pub/$dir";
 		}
 	} elsif ($mirror =~ /^\@GNOME\/(.+)$/) {
+		# push @mirrors, "https://mirrors.ustc.edu.cn/gnome/sources/$1";
 		push @mirrors, "https://download.gnome.org/sources/$1";
-		push @mirrors, "https://mirrors.ustc.edu.cn/gnome/sources/$1";
 		push @mirrors, "https://mirror.csclub.uwaterloo.ca/gnome/sources/$1";
 		push @mirrors, "http://ftp.acc.umu.se/pub/GNOME/sources/$1";
 		push @mirrors, "http://ftp.kaist.ac.kr/gnome/sources/$1";
--- a/scripts/gen_image_generic.sh
+++ b/scripts/gen_image_generic.sh
@@ -31,10 +31,11 @@ dd if="$ROOTFSIMAGE" of="$OUTPUT" bs=512 seek="$ROOTFSOFFSET" conv=notrunc

 if [ -n "$GUID" ]; then
    [ -n "$PADDING" ] && dd if=/dev/zero of="$OUTPUT" bs=512 seek="$((ROOTFSOFFSET + ROOTFSSIZE))" conv=notrunc count="$sect"
-    mkfs.fat -n kernel -C "$OUTPUT.kernel" -S 512 "$((KERNELSIZE / 1024))"
-    mcopy -s -i "$OUTPUT.kernel" "$KERNELDIR"/* ::/
+    mkfs.fat --invariant -n kernel -C "$OUTPUT.kernel" -S 512 "$((KERNELSIZE / 1024))"
+    [ "$SOURCE_DATE_EPOCH" ] && find "$KERNELDIR"/ -mindepth 1 -execdir touch -hcd "@${SOURCE_DATE_EPOCH}" "{}" +
+    LC_ALL=C mcopy -m -s -i "$OUTPUT.kernel" "$KERNELDIR"/* ::/
 else
-    make_ext4fs -J -L kernel -l "$KERNELSIZE" "$OUTPUT.kernel" "$KERNELDIR"
+    make_ext4fs -J -L kernel -l "$KERNELSIZE" ${SOURCE_DATE_EPOCH:+-T ${SOURCE_DATE_EPOCH}} "$OUTPUT.kernel" "$KERNELDIR"
 fi
 dd if="$OUTPUT.kernel" of="$OUTPUT" bs=512 seek="$KERNELOFFSET" conv=notrunc
 rm -f "$OUTPUT.kernel"
--- a/scripts/json_add_image_info.py
+++ b/scripts/json_add_image_info.py
@@ -44,7 +44,7 @@ file_info = {
    "target": "{}/{}".format(getenv("TARGET"), getenv("SUBTARGET")),
    "version_code": getenv("VERSION_CODE"),
    "version_number": getenv("VERSION_NUMBER"),
-    "source_date_epoch": getenv("SOURCE_DATE_EPOCH"),
+    "source_date_epoch": int(getenv("SOURCE_DATE_EPOCH")),
    "profiles": {
        device_id: {
            "image_prefix": getenv("DEVICE_IMG_PREFIX"),
--- a/target/imagebuilder/files/Makefile
+++ b/target/imagebuilder/files/Makefile
@@ -27,6 +27,7 @@ include $(INCLUDE_DIR)/rootfs.mk

 include $(INCLUDE_DIR)/version.mk
 export REVISION
+export SOURCE_DATE_EPOCH

 define Helptext
 Available Commands:
--- a/tools/cmake/Makefile
+++ b/tools/cmake/Makefile
@@ -13,7 +13,7 @@ PKG_CPE_ID:=cpe:/a:kitware:cmake

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/Kitware/CMake/releases/download/v$(PKG_VERSION)/ \
-		https://cmake.org/files/v3.19/
+		https://cmake.org/files/v3.22/
 PKG_HASH:=9f8469166f94553b6978a16ee29227ec49a2eb5ceb608275dec40d8ae0d1b5a0

 HOST_BUILD_PARALLEL:=1
--- a/tools/meson/Makefile
+++ b/tools/meson/Makefile
@@ -1,11 +1,11 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=meson
-PKG_VERSION:=0.61.2
+PKG_VERSION:=0.61.4

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/mesonbuild/meson/releases/download/$(PKG_VERSION)
-PKG_HASH:=0233a7f8d959079318f6052b0939c27f68a5de86ba601f25c9ee6869fb5f5889
+PKG_HASH:=4e3733ddc66bac38e38c63b739c9b8b8fc5a866de5333396b0c85c2b144ddee9

 PKG_MAINTAINER:=Andre Heider <a.heider@gmail.com>
 PKG_LICENSE:=Apache-2.0
--- a/tools/meson/files/openwrt-cross.txt.in
+++ b/tools/meson/files/openwrt-cross.txt.in
@@ -6,6 +6,7 @@ strip = '@STRIP@'
 nm = '@NM@'
 pkgconfig = '@PKGCONFIG@'
 cmake = '@CMAKE@'
+python = '@PYTHON@'

 [built-in options]
 c_args = [@CFLAGS@]
--- a/tools/meson/files/openwrt-native.txt.in
+++ b/tools/meson/files/openwrt-native.txt.in
@@ -3,6 +3,7 @@ c = [@CC@]
 cpp = [@CXX@]
 pkgconfig = '@PKGCONFIG@'
 cmake = '@CMAKE@'
+python = '@PYTHON@'

 [built-in options]
 c_args = [@CFLAGS@]