diff --git a/include/meson.mk b/include/meson.mk index 102e74b542..7d67dcf298 100644 --- a/include/meson.mk +++ b/include/meson.mk @@ -65,6 +65,7 @@ define Meson/CreateNativeFile -e "s|@CXX@|$(foreach BIN,$(HOSTCXX),'$(BIN)',)|" \ -e "s|@PKGCONFIG@|$(PKG_CONFIG)|" \ -e "s|@CMAKE@|$(STAGING_DIR_HOST)/bin/cmake|" \ + -e "s|@PYTHON@|$(STAGING_DIR_HOST)/bin/python3|" \ -e "s|@CFLAGS@|$(foreach FLAG,$(HOST_CFLAGS) $(HOST_CPPFLAGS),'$(FLAG)',)|" \ -e "s|@CXXFLAGS@|$(foreach FLAG,$(HOST_CXXFLAGS) $(HOST_CPPFLAGS),'$(FLAG)',)|" \ -e "s|@LDFLAGS@|$(foreach FLAG,$(HOST_LDFLAGS),'$(FLAG)',)|" \ @@ -82,6 +83,7 @@ define Meson/CreateCrossFile -e "s|@NM@|$(TARGET_NM)|" \ -e "s|@PKGCONFIG@|$(PKG_CONFIG)|" \ -e "s|@CMAKE@|$(STAGING_DIR_HOST)/bin/cmake|" \ + -e "s|@PYTHON@|$(STAGING_DIR_HOST)/bin/python3|" \ -e "s|@CFLAGS@|$(foreach FLAG,$(TARGET_CFLAGS) $(EXTRA_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS),'$(FLAG)',)|" \ -e "s|@CXXFLAGS@|$(foreach FLAG,$(TARGET_CXXFLAGS) $(EXTRA_CXXFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS),'$(FLAG)',)|" \ -e "s|@LDFLAGS@|$(foreach FLAG,$(TARGET_LDFLAGS) $(EXTRA_LDFLAGS),'$(FLAG)',)|" \ diff --git a/package/boot/grub2/Makefile b/package/boot/grub2/Makefile index f78b1c895e..c4cc43de2e 100644 --- a/package/boot/grub2/Makefile +++ b/package/boot/grub2/Makefile @@ -122,28 +122,28 @@ define Package/grub2/install -O i386-pc \ -c $(PKG_BUILD_DIR)/grub-early.cfg \ -o $(STAGING_DIR_IMAGE)/grub2/gpt-core.img \ - at_keyboard biosdisk boot chain configfile fat linux ls part_gpt reboot serial vga + at_keyboard biosdisk boot chain configfile fat linux ls part_gpt reboot search serial vga $(STAGING_DIR_HOST)/bin/grub-mkimage \ -d $(PKG_BUILD_DIR)/grub-core \ -p /boot/grub \ -O i386-pc \ -c ./files/grub-early.cfg \ -o $(STAGING_DIR_IMAGE)/grub2/generic-core.img \ - at_keyboard biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial vga + at_keyboard biosdisk boot chain configfile ext2 linux ls part_msdos reboot search serial vga $(STAGING_DIR_HOST)/bin/grub-mkimage \ -d $(PKG_BUILD_DIR)/grub-core \ -p /boot/grub \ -O i386-pc \ -c ./files/grub-early.cfg \ -o $(STAGING_DIR_IMAGE)/grub2/eltorito.img \ - at_keyboard biosdisk boot chain configfile iso9660 linux ls part_msdos reboot serial test vga + at_keyboard biosdisk boot chain configfile iso9660 linux ls part_msdos reboot search serial test vga $(STAGING_DIR_HOST)/bin/grub-mkimage \ -d $(PKG_BUILD_DIR)/grub-core \ -p /boot/grub \ -O i386-pc \ -c ./files/grub-early.cfg \ -o $(STAGING_DIR_IMAGE)/grub2/legacy-core.img \ - biosdisk boot chain configfile ext2 linux ls part_msdos reboot serial vga + biosdisk boot chain configfile ext2 linux ls part_msdos reboot search serial vga endef define Package/grub2-efi/install diff --git a/package/emortal/autocore/files/arm/tempinfo b/package/emortal/autocore/files/arm/tempinfo index 76e16e2a29..22877a7e44 100755 --- a/package/emortal/autocore/files/arm/tempinfo +++ b/package/emortal/autocore/files/arm/tempinfo @@ -1,19 +1,21 @@ #!/bin/sh -mt76_path="/sys/class/ieee80211/phy0/hwmon0/temp1_input" -if [ -e "${mt76_path}" ]; then - mt76_temp=" $(awk -F ': ' '{print $2}' "${mt76_path}")°C" -fi +IEEE_PATH="/sys/class/ieee80211" +THERMAL_PATH="/sys/class/thermal" if grep -Eq "ipq40xx|ipq806x" "/etc/openwrt_release"; then - wifi_temp="$(awk '{printf("%.1f°C ", $0 / 1000)}' /sys/class/ieee80211/phy*/device/hwmon/hwmon*/temp1_input | awk '$1=$1')" + wifi_temp="$(awk '{printf("%.1f°C ", $0 / 1000)}' "$IEEE_PATH"/phy*/device/hwmon/hwmon*/temp1_input | awk '$1=$1')" else - wifi_temp="$(awk '{printf("%.1f°C ", $0 / 1000)}' /sys/class/ieee80211/phy*/hwmon*/temp1_input | awk '$1=$1')" + wifi_temp="$(awk '{printf("%.1f°C ", $0 / 1000)}' "$IEEE_PATH"/phy*/hwmon*/temp1_input | awk '$1=$1')" fi if grep -q "ipq40xx" "/etc/openwrt_release"; then + if [ -e "$IEEE_PATH/phy0/hwmon0/temp1_input" ]; then + mt76_temp=" $(awk -F ': ' '{print $2}' "$IEEE_PATH/phy0/hwmon0/temp1_input")°C" + fi + echo -n "WiFi:${mt76_temp} ${wifi_temp}" else - cpu_temp="$(awk '{printf("%.1f°C", $0 / 1000)}' /sys/class/thermal/thermal_zone0/temp)" + cpu_temp="$(awk '{printf("%.1f°C", $0 / 1000)}' "$THERMAL_PATH/thermal_zone0/temp")" echo -n "CPU: ${cpu_temp}, WiFi: ${wifi_temp}" fi diff --git a/package/emortal/autocore/files/generic/cpuinfo b/package/emortal/autocore/files/generic/cpuinfo index 171be9db35..e92c0afc41 100755 --- a/package/emortal/autocore/files/generic/cpuinfo +++ b/package/emortal/autocore/files/generic/cpuinfo @@ -1,46 +1,61 @@ #!/bin/sh -cpu_arch="$(grep "model name" "/proc/cpuinfo" | head -n1 | awk -F ': ' '{print $2}' | xargs)" -[ -z "${cpu_arch}" ] && cpu_arch="?" -if grep -q "x86" "/etc/openwrt_release"; then - cpu_cores="$(grep "core id" "/proc/cpuinfo" | sort -u | wc -l)C $(grep -c "processor" "/proc/cpuinfo")T" -else - cpu_cores="$(grep -c "processor" "/proc/cpuinfo")" -fi +. /etc/openwrt_release -if grep -q "bcm27xx" "/etc/openwrt_release"; then - cpu_freq="$(expr $(vcgencmd measure_clock arm | awk -F '=' '{print $2}') / 1000000)Mhz" -elif grep -q "bcm53xx" "/etc/openwrt_release"; then - cpu_freq="$(nvram get clkfreq | awk -F ',' '{print $1}')MHz" -elif grep -q "mvebu" "/etc/openwrt_release"; then - cpu_freq="$(grep "BogoMIPS" "/proc/cpuinfo" | sed -n "1p" | awk -F ': ' '{print $2}')MHz" -elif grep -q "x86" "/etc/openwrt_release"; then - cpu_freq="$(grep "MHz" "/proc/cpuinfo" | head -n1 | awk -F ': ' '{print $2}')MHz" -elif [ -e "/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_cur_freq" ]; then - cpu_freq="$(awk '{printf("%.fMHz", $0 / 1000)}' "/sys/devices/system/cpu/cpufreq/policy0/cpuinfo_cur_freq")" -fi -if ! grep -q "x86" "/etc/openwrt_release" && [ -e "/sys/devices/system/cpu/cpufreq/policy4/cpuinfo_cur_freq" ]; then - big_cpu_freq="$(awk '{printf("%.fMHz ", $0 / 1000)}' "/sys/devices/system/cpu/cpufreq/policy4/cpuinfo_cur_freq")" -fi +CPUINFO_PATH="/proc/cpuinfo" +CPUFREQ_PATH="/sys/devices/system/cpu/cpufreq" +THERMAL_PATH="/sys/class/thermal" -if grep -q "bcm27xx" "/etc/openwrt_release"; then - cpu_temp="$(vcgencmd measure_temp | awk -F '=' '{print $2}' | awk -F "'" '{print $1}')°C" -elif grep -q "x86" "/etc/openwrt_release"; then +cpu_arch="$(awk -F ': ' '/model name/ {print $2}' "$CPUINFO_PATH" | head -n1)" +[ -n "${cpu_arch}" ] || cpu_arch="?" + +case "$DISTRIB_TARGET" in +"x86"/*) + cpu_cores="$(grep "core id" "$CPUINFO_PATH" | sort -u | wc -l)C $(grep -c "processor" "$CPUINFO_PATH")T" ;; +*) + cpu_cores="$(grep -c "processor" "$CPUINFO_PATH")" ;; +esac + +case "$DISTRIB_TARGET" in +"bcm27xx"/*) + cpu_freq="$(( $(vcgencmd measure_clock arm | awk -F '=' '{print $2}') / 1000000 ))Mhz" ;; +"bcm53xx"/*) + cpu_freq="$(nvram get clkfreq | awk -F ',' '{print $1}')MHz" ;; +"mvebu"/*) + cpu_freq="$(awk -F ': ' '/BogoMIPS/ {print $2}' "$CPUINFO_PATH" | head -n1)MHz" ;; +"x86"/*) + cpu_freq="$(awk -F ': ' '/MHz/ {print $2}' "$CPUINFO_PATH" | head -n1)MHz" + ;; +*) + [ ! -e "$CPUFREQ_PATH/policy0/cpuinfo_cur_freq" ] || \ + cpu_freq="$(awk '{printf("%.fMHz", $0 / 1000)}' "$CPUFREQ_PATH/policy0/cpuinfo_cur_freq")" + [ ! -e "$CPUFREQ_PATH/policy4/cpuinfo_cur_freq" ] || \ + big_cpu_freq="$(awk '{printf("%.fMHz ", $0 / 1000)}' "$CPUFREQ_PATH/policy4/cpuinfo_cur_freq")" + ;; +esac + +case "$DISTRIB_TARGET" in +"bcm27xx"/*) + cpu_temp="$(vcgencmd measure_temp | awk -F '=' '{print $2}' | awk -F "'" '{print $1}')°C" ;; +"x86"/*) # Intel cpu_temp="$(sensors "coretemp-*" 2>"/dev/null" | grep -E "(Package id |Core )" | grep -Eo "\+[0-9.]*°C" | head -n1 | tr -d "+")" # AMD - [ -z "${cpu_temp}" ] && cpu_temp="$(sensors "k*temp-*" 2>"/dev/null" | grep "Tdie" | head -n1 | awk '{print $2}' | tr -d "+")" -else - [ -e "/sys/class/thermal/thermal_zone0/temp" ] && \ - cpu_temp="$(awk '{printf("%.1f°C", $0 / 1000)}' /sys/class/thermal/thermal_zone0/temp)" -fi + [ -n "${cpu_temp}" ] || cpu_temp="$(sensors "k*temp-*" 2>"/dev/null" | awk '/Tdie/ {print $2}' | head -n1 | tr -d "+")" + ;; +*) + [ ! -e "$THERMAL_PATH/thermal_zone0/temp" ] || \ + cpu_temp="$(awk '{printf("%.1f°C", $0 / 1000)}' "$THERMAL_PATH/thermal_zone0/temp")" + ;; +esac -if [ -z "${cpu_freq}" ] && [ -z "${cpu_temp}" ]; then - echo -n "${cpu_arch} x ${cpu_cores}" -elif [ -z "${cpu_temp}" ] || grep -Eq "ipq|mt7622" "/etc/openwrt_release"; then - echo -n "${cpu_arch} x ${cpu_cores} (${cpu_freq})" -elif [ -z "${cpu_freq}" ]; then - echo -n "${cpu_arch} x ${cpu_cores} (${cpu_temp})" +if [ -z "$big_cpu_freq$cpu_freq" ] && [ -n "$cpu_temp" ]; then + echo -n "$cpu_arch x $cpu_cores ($cpu_temp)" +elif [ -z "$cpu_temp" ] && [ -n "$big_cpu_freq$cpu_freq" ] || \ + grep -Eq "ipq|mt7622" "/etc/openwrt_release"; then + echo -n "$cpu_arch x $cpu_cores ($big_cpu_freq$cpu_freq)" +elif [ -n "$cpu_temp" ] && [ -n "$big_cpu_freq$cpu_freq" ]; then + echo -n "$cpu_arch x $cpu_cores ($big_cpu_freq$cpu_freq, ${cpu_temp})" else - echo -n "${cpu_arch} x ${cpu_cores} (${big_cpu_freq}${cpu_freq}, ${cpu_temp})" + echo -n "$cpu_arch x $cpu_cores" fi diff --git a/package/emortal/autocore/files/x86/autocore b/package/emortal/autocore/files/x86/autocore index 5864cb2b27..1fcb9dc755 100755 --- a/package/emortal/autocore/files/x86/autocore +++ b/package/emortal/autocore/files/x86/autocore @@ -7,24 +7,24 @@ start() { rfc=4096 threads="$(grep -c "processor" "/proc/cpuinfo")" - sysctl -w net.core.rps_sock_flow_entries="$(expr "$rfc" \* "$threads")" >"/dev/null" 2>&1 + sysctl -w net.core.rps_sock_flow_entries="$(( rfc * threads ))" for fileRps in /sys/class/net/eth*/queues/rx-*/rps_cpus do - echo "$threads" > "$fileRps" >"/dev/null" 2>&1 + echo "$threads" > "$fileRps" done for fileRfc in /sys/class/net/eth*/queues/rx-*/rps_flow_cnt do - echo "$rfc" > "$fileRfc" >"/dev/null" 2>&1 + echo "$rfc" > "$fileRfc" done uci set network.@globals[0].packet_steering="1" uci commit network - for i in $(ip address | grep -E 'eth[0-9]+' | awk -F ': ' '{print $2}' | xargs) + for i in $(ip address | awk -F ': ' '/eth[0-9]+/ {print $2}' | xargs) do - ( + { ethtool -K "$i" rx-checksum on ethtool -K "$i" tx-checksum-ip-generic on || { ethtool -K "$i" tx-checksum-ipv4 on @@ -34,6 +34,6 @@ start() { ethtool -K "$i" gso on ethtool -K "$i" tso on ethtool -K "$i" ufo on - ) >"/dev/null" 2>&1 + } done -} +} >"/dev/null" 2>&1 diff --git a/package/firmware/intel-microcode/Makefile b/package/firmware/intel-microcode/Makefile index 7f8d5adf7c..e6f730fcb2 100644 --- a/package/firmware/intel-microcode/Makefile +++ b/package/firmware/intel-microcode/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=intel-microcode -PKG_VERSION:=20210608 +PKG_VERSION:=20220207 PKG_RELEASE:=1 -PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).2.tar.xz +PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).1.tar.xz PKG_SOURCE_URL:=@DEBIAN/pool/non-free/i/intel-microcode/ -PKG_HASH:=fbf82688ffd0d87b352a35c57bd097ea014f0ad32c9c8f9629725c1b43d1c84d -PKG_BUILD_DIR:=$(BUILD_DIR)/intel-microcode-3.$(PKG_VERSION).2 +PKG_HASH:=42f2ab3c14bda745ec64008cde5c0f416f32f40e838a9df04cf5ddf5fc87498b +PKG_BUILD_DIR:=$(BUILD_DIR)/intel-microcode-3.$(PKG_VERSION).1 PKG_BUILD_DEPENDS:=iucode-tool/host diff --git a/package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c b/package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c index fcaf7f59de..2b39ec8f3b 100644 --- a/package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c +++ b/package/kernel/gpio-button-hotplug/src/gpio-button-hotplug.c @@ -107,7 +107,7 @@ static struct bh_map button_map[] = { static __printf(3, 4) int bh_event_add_var(struct bh_event *event, int argv, const char *format, ...) { - static char buf[128]; + char buf[128]; char *s; va_list args; int len; diff --git a/package/libs/wolfssl/Makefile b/package/libs/wolfssl/Makefile index 8ad9f804b6..fbdb71cf34 100644 --- a/package/libs/wolfssl/Makefile +++ b/package/libs/wolfssl/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=wolfssl -PKG_VERSION:=5.1.1-stable +PKG_VERSION:=5.2.0-stable PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION) -PKG_HASH:=d3e0544dbe7e9587c0f6538cdc671b6492663bb7a4281819538abe6c99cdbd92 +PKG_HASH:=409b4646c5f54f642de0e9f3544c3b83de7238134f5b1ff93fb44527bf119d05 PKG_FIXUP:=libtool PKG_INSTALL:=1 diff --git a/package/libs/wolfssl/patches/100-disable-hardening-check.patch b/package/libs/wolfssl/patches/100-disable-hardening-check.patch index 79d0d6f759..7e473b390b 100644 --- a/package/libs/wolfssl/patches/100-disable-hardening-check.patch +++ b/package/libs/wolfssl/patches/100-disable-hardening-check.patch @@ -1,6 +1,6 @@ --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h -@@ -2346,7 +2346,7 @@ extern void uITRON4_free(void *p) ; +@@ -2338,7 +2338,7 @@ extern void uITRON4_free(void *p) ; #endif /* warning for not using harden build options (default with ./configure) */ diff --git a/package/libs/wolfssl/patches/200-ecc-rng.patch b/package/libs/wolfssl/patches/200-ecc-rng.patch index 78ff4b1f4a..f1f156a8ae 100644 --- a/package/libs/wolfssl/patches/200-ecc-rng.patch +++ b/package/libs/wolfssl/patches/200-ecc-rng.patch @@ -11,7 +11,7 @@ RNG regardless of the built settings for wolfssl. --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c -@@ -11647,21 +11647,21 @@ void wc_ecc_fp_free(void) +@@ -11655,21 +11655,21 @@ void wc_ecc_fp_free(void) #endif /* FP_ECC */ @@ -37,7 +37,7 @@ RNG regardless of the built settings for wolfssl. --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h -@@ -647,10 +647,8 @@ WOLFSSL_API +@@ -650,10 +650,8 @@ WOLFSSL_API void wc_ecc_fp_free(void); WOLFSSL_LOCAL void wc_ecc_fp_init(void); diff --git a/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch b/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch index 9651c03af6..d6e7998744 100644 --- a/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch +++ b/package/libs/wolfssl/patches/300-fix-SSL_get_verify_result-regression.patch @@ -1,4 +1,4 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From 87e43dd63ba429297e439f2dfd1ee8b45981e18b Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Sat, 12 Feb 2022 00:34:24 +0100 Subject: [PATCH] Reported in ZD13631 @@ -10,11 +10,9 @@ References: https://github.com/wolfSSL/wolfssl/issues/4879 src/internal.c | 3 +++ 1 file changed, 3 insertions(+) -diff --git a/src/internal.c b/src/internal.c -index 0dded42a76c4..f5814d30607c 100644 --- a/src/internal.c +++ b/src/internal.c -@@ -12372,6 +12372,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, +@@ -12342,6 +12342,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* } ret = 0; /* clear errors and continue */ diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index d518de3f70..eaf14c5533 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2020.81 -PKG_RELEASE:=2 +PKG_VERSION:=2022.82 +PKG_RELEASE:=$(AUTORELEASE) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ - http://matt.ucc.asn.au/dropbear/releases/ \ + https://matt.ucc.asn.au/dropbear/releases/ \ https://dropbear.nl/mirror/releases/ -PKG_HASH:=48235d10b37775dbda59341ac0c4b239b82ad6318c31568b985730c788aac53b +PKG_HASH:=3a038d2bbc02bf28bbdd20c012091f741a3ec5cbe460691811d714876aad75d1 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE @@ -42,7 +42,7 @@ ifneq ($(DUMP),1) endif define Package/dropbear/Default - URL:=http://matt.ucc.asn.au/dropbear/ + URL:=https://matt.ucc.asn.au/dropbear/ endef define Package/dropbear/config @@ -130,8 +130,10 @@ DB_OPT_COMMON = \ DB_OPT_CONFIG = \ DROPBEAR_CURVE25519|CONFIG_DROPBEAR_CURVE25519|1|0 \ DROPBEAR_ED25519|CONFIG_DROPBEAR_ED25519|1|0 \ + DROPBEAR_SK_ED25519|CONFIG_DROPBEAR_ED25519|1|0 \ DROPBEAR_CHACHA20POLY1305|CONFIG_DROPBEAR_CHACHA20POLY1305|1|0 \ DROPBEAR_ECDSA|CONFIG_DROPBEAR_ECC|1|0 \ + DROPBEAR_SK_ECDSA|CONFIG_DROPBEAR_ECC|1|0 \ DROPBEAR_ECDH|CONFIG_DROPBEAR_ECC|1|0 \ !!DROPBEAR_ECC_384|CONFIG_DROPBEAR_ECC_FULL|1|0 \ !!DROPBEAR_ECC_521|CONFIG_DROPBEAR_ECC_FULL|1|0 \ diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch b/package/network/services/dropbear/patches/100-pubkey_path.patch index af3fbb336b..0403198062 100644 --- a/package/network/services/dropbear/patches/100-pubkey_path.patch +++ b/package/network/services/dropbear/patches/100-pubkey_path.patch @@ -1,34 +1,50 @@ --- a/svr-authpubkey.c +++ b/svr-authpubkey.c -@@ -386,14 +386,19 @@ static int checkpubkey(const char* keyal - goto out; - } +@@ -77,6 +77,13 @@ static void send_msg_userauth_pk_ok(cons + const unsigned char* keyblob, unsigned int keybloblen); + static int checkfileperm(char * filename); -- /* we don't need to check pw and pw_dir for validity, since -- * its been done in checkpubkeyperms. */ -- len = strlen(ses.authstate.pw_dir); -- /* allocate max required pathname storage, -- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -- filename = m_malloc(len + 22); -- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -- ses.authstate.pw_dir); -+ if (ses.authstate.pw_uid != 0) { -+ /* we don't need to check pw and pw_dir for validity, since -+ * its been done in checkpubkeyperms. */ -+ len = strlen(ses.authstate.pw_dir); -+ /* allocate max required pathname storage, -+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -+ filename = m_malloc(len + 22); -+ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -+ ses.authstate.pw_dir); -+ } else { -+ filename = m_malloc(30); -+ strncpy(filename, "/etc/dropbear/authorized_keys", 30); -+ } ++static const char * const global_authkeys_dir = "/etc/dropbear"; ++static const int n_global_authkeys_dir = 14; /* + 1 extra byte */ ++static const char * const user_authkeys_dir = ".ssh"; ++static const int n_user_authkeys_dir = 5; /* + 1 extra byte */ ++static const char * const authkeys_file = "authorized_keys"; ++static const int n_authkeys_file = 16; /* + 1 extra byte */ ++ + /* process a pubkey auth request, sending success or failure message as + * appropriate */ + void svr_auth_pubkey(int valid_user) { +@@ -439,14 +446,21 @@ static int checkpubkey(const char* keyal + if (checkpubkeyperms() == DROPBEAR_FAILURE) { + TRACE(("bad authorized_keys permissions, or file doesn't exist")) + } else { +- /* we don't need to check pw and pw_dir for validity, since +- * its been done in checkpubkeyperms. */ +- len = strlen(ses.authstate.pw_dir); +- /* allocate max required pathname storage, +- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ +- filename = m_malloc(len + 22); +- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", +- ses.authstate.pw_dir); ++ if (ses.authstate.pw_uid == 0) { ++ len = n_global_authkeys_dir + n_authkeys_file; ++ filename = m_malloc(len); ++ snprintf(filename, len, "%s/%s", global_authkeys_dir, authkeys_file); ++ } else { ++ /* we don't need to check pw and pw_dir for validity, since ++ * its been done in checkpubkeyperms. */ ++ len = strlen(ses.authstate.pw_dir); ++ /* allocate max required pathname storage, ++ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ ++ len += n_user_authkeys_dir + n_authkeys_file + 1; ++ filename = m_malloc(len); ++ snprintf(filename, len, "%s/%s/%s", ses.authstate.pw_dir, ++ user_authkeys_dir, authkeys_file); ++ } - #if DROPBEAR_SVR_MULTIUSER - /* open the file as the authenticating user. */ -@@ -474,27 +479,36 @@ static int checkpubkeyperms() { + authfile = fopen(filename, "r"); + if (!authfile) { +@@ -520,27 +534,41 @@ static int checkpubkeyperms() { goto out; } @@ -37,47 +53,51 @@ - len += 22; - filename = m_malloc(len); - strlcpy(filename, ses.authstate.pw_dir, len); -- ++ if (ses.authstate.pw_uid == 0) { ++ if (checkfileperm(global_authkeys_dir) != DROPBEAR_SUCCESS) { ++ goto out; ++ } + - /* check ~ */ - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; - } -+ if (ses.authstate.pw_uid == 0) { -+ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ } else { -+ /* allocate max required pathname storage, -+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -+ len += 22; ++ len = n_global_authkeys_dir + n_authkeys_file; + filename = m_malloc(len); -+ strlcpy(filename, ses.authstate.pw_dir, len); -+ -+ /* check ~ */ -+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -+ goto out; -+ } - /* check ~/.ssh */ - strlcat(filename, "/.ssh", len); - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; - } -+ /* check ~/.ssh */ -+ strlcat(filename, "/.ssh", len); ++ snprintf(filename, len, "%s/%s", global_authkeys_dir, authkeys_file); + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { + goto out; + } ++ } else { ++ /* check ~ */ ++ if (checkfileperm(ses.authstate.pw_dir) != DROPBEAR_SUCCESS) { ++ goto out; ++ } - /* now check ~/.ssh/authorized_keys */ - strlcat(filename, "/authorized_keys", len); - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; ++ /* allocate max required pathname storage, ++ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ ++ len += n_user_authkeys_dir + n_authkeys_file + 1; ++ filename = m_malloc(len); ++ ++ /* check ~/.ssh */ ++ snprintf(filename, len, "%s/%s", ses.authstate.pw_dir, user_authkeys_dir); ++ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { ++ goto out; ++ } ++ + /* now check ~/.ssh/authorized_keys */ -+ strlcat(filename, "/authorized_keys", len); ++ snprintf(filename, len, "%s/%s/%s", ses.authstate.pw_dir, ++ user_authkeys_dir, authkeys_file); + if (checkfileperm(filename) != DROPBEAR_SUCCESS) { + goto out; + } diff --git a/package/network/services/dropbear/patches/110-change_user.patch b/package/network/services/dropbear/patches/110-change_user.patch index 1dd67948af..04d1df3fde 100644 --- a/package/network/services/dropbear/patches/110-change_user.patch +++ b/package/network/services/dropbear/patches/110-change_user.patch @@ -1,6 +1,6 @@ --- a/svr-chansession.c +++ b/svr-chansession.c -@@ -954,12 +954,12 @@ static void execchild(const void *user_d +@@ -985,12 +985,12 @@ static void execchild(const void *user_d /* We can only change uid/gid as root ... */ if (getuid() == 0) { diff --git a/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch b/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch index 5e736320cc..d7f589801d 100644 --- a/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch +++ b/package/network/services/dropbear/patches/130-ssh_ignore_x_args.patch @@ -1,11 +1,13 @@ --- a/cli-runopts.c +++ b/cli-runopts.c -@@ -299,6 +299,8 @@ void cli_getopts(int argc, char ** argv) - debug_trace = 1; +@@ -325,6 +325,10 @@ void cli_getopts(int argc, char ** argv) + case 'b': + next = &bind_arg; break; - #endif + case 'x': ++ /* compatibility with openssh cli ++ * ("-x" disables X11 forwarding) */ + break; - case 'F': - case 'e': - #if !DROPBEAR_USER_ALGO_LIST + default: + fprintf(stderr, + "WARNING: Ignoring unknown option -%c\n", c); diff --git a/package/network/services/dropbear/patches/140-disable_assert.patch b/package/network/services/dropbear/patches/140-disable_assert.patch index 8c3ae7f119..af01573dee 100644 --- a/package/network/services/dropbear/patches/140-disable_assert.patch +++ b/package/network/services/dropbear/patches/140-disable_assert.patch @@ -1,6 +1,6 @@ --- a/dbutil.h +++ b/dbutil.h -@@ -75,7 +75,11 @@ int m_str_to_uint(const char* str, unsig +@@ -80,7 +80,11 @@ int m_snprintf(char *str, size_t size, c #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} /* Dropbear assertion */ diff --git a/package/network/services/dropbear/patches/160-lto-jobserver.patch b/package/network/services/dropbear/patches/160-lto-jobserver.patch index 1ba7dd6f44..fd80b986ae 100644 --- a/package/network/services/dropbear/patches/160-lto-jobserver.patch +++ b/package/network/services/dropbear/patches/160-lto-jobserver.patch @@ -1,6 +1,6 @@ --- a/Makefile.in +++ b/Makefile.in -@@ -198,17 +198,17 @@ dropbearkey: $(dropbearkeyobjs) +@@ -200,17 +200,17 @@ dropbearkey: $(dropbearkeyobjs) dropbearconvert: $(dropbearconvertobjs) dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile @@ -22,7 +22,7 @@ # multi-binary compilation. -@@ -219,7 +219,7 @@ ifeq ($(MULTI),1) +@@ -221,7 +221,7 @@ ifeq ($(MULTI),1) endif dropbearmulti$(EXEEXT): $(HEADERS) $(MULTIOBJS) $(LIBTOM_DEPS) Makefile diff --git a/package/network/services/dropbear/patches/600-allow-blank-root-password.patch b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch index b138862ca3..07ae022763 100644 --- a/package/network/services/dropbear/patches/600-allow-blank-root-password.patch +++ b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch @@ -1,6 +1,6 @@ --- a/svr-auth.c +++ b/svr-auth.c -@@ -125,7 +125,7 @@ void recv_msg_userauth_request() { +@@ -124,7 +124,7 @@ void recv_msg_userauth_request() { AUTH_METHOD_NONE_LEN) == 0) { TRACE(("recv_msg_userauth_request: 'none' request")) if (valid_user diff --git a/package/network/services/dropbear/patches/900-configure-hardening.patch b/package/network/services/dropbear/patches/900-configure-hardening.patch index ab1361f6ae..4f806f8b25 100644 --- a/package/network/services/dropbear/patches/900-configure-hardening.patch +++ b/package/network/services/dropbear/patches/900-configure-hardening.patch @@ -1,6 +1,6 @@ --- a/configure.ac +++ b/configure.ac -@@ -70,53 +70,6 @@ AC_ARG_ENABLE(harden, +@@ -74,53 +74,6 @@ AC_ARG_ENABLE(harden, if test "$hardenbuild" -eq 1; then AC_MSG_NOTICE(Checking for available hardened build flags:) diff --git a/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch b/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch index b774a38b1a..f078814403 100644 --- a/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch +++ b/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch @@ -21,7 +21,7 @@ Signed-off-by: Petr Štetiar --- a/signkey.c +++ b/signkey.c -@@ -657,8 +657,12 @@ int buf_verify(buffer * buf, sign_key *k +@@ -646,8 +646,12 @@ int buf_verify(buffer * buf, sign_key *k sigtype = signature_type_from_name(type_name, type_name_len); m_free(type_name); diff --git a/package/system/iucode-tool/Makefile b/package/system/iucode-tool/Makefile index b8227ed4a1..d7c85b2d42 100644 --- a/package/system/iucode-tool/Makefile +++ b/package/system/iucode-tool/Makefile @@ -9,13 +9,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=iucode-tool PKG_VERSION:=2.3.1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=iucode-tool_$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://gitlab.com/iucode-tool/releases/raw/latest PKG_HASH:=12b88efa4d0d95af08db05a50b3dcb217c0eb2bfc67b483779e33d498ddb2f95 PKG_BUILD_DEPENDS:=USE_UCLIBC:argp-standalone USE_MUSL:argp-standalone +HOST_BUILD_DEPENDS:=HOST_OS_MACOS:argp-standalone/host PKG_MAINTAINER:=Zoltan HERPAI PKG_LICENSE:=GPL-2.0 @@ -41,6 +42,18 @@ define Package/iucode-tool/install $(INSTALL_BIN) $(PKG_BUILD_DIR)/iucode_tool $(1)/usr/bin/ endef +# List of build hosts with working cpuid.h +IUT_NATIVE_HOST_OS_ARCH := \ + linux/x86_64 linux/amd64 linux/i386 linux/i686 + +IUT_HOST_OS_ARCH := $(call tolower,$(HOST_OS))/$(HOST_ARCH) + +# Use cpuid.h compat header if build host does not have working cpuid.h +ifeq ($(filter $(IUT_HOST_OS_ARCH),$(IUT_NATIVE_HOST_OS_ARCH)),) +HOST_CFLAGS += \ + -I$(HOST_BUILD_DIR)/cpuid-compat +endif + define Host/Install $(INSTALL_BIN) $(HOST_BUILD_DIR)/iucode_tool $(STAGING_DIR_HOST)/bin/iucode_tool endef diff --git a/package/system/iucode-tool/patches/200_add-cpuid-compatibility-header-to-build-on-non-x86.patch b/package/system/iucode-tool/patches/200_add-cpuid-compatibility-header-to-build-on-non-x86.patch new file mode 100644 index 0000000000..900f3596f8 --- /dev/null +++ b/package/system/iucode-tool/patches/200_add-cpuid-compatibility-header-to-build-on-non-x86.patch @@ -0,0 +1,31 @@ +From a21e75da32c0016f1575ea29775565934a67660d Mon Sep 17 00:00:00 2001 +From: "Sergey V. Lobanov" +Date: Sat, 5 Feb 2022 13:10:23 +0300 +Subject: [PATCH] Add cpuid compatibility header to build on non-x86 hosts + +Signed-off-by: Sergey V. Lobanov +--- + cpuid-compat/cpuid.h | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + create mode 100644 cpuid-compat/cpuid.h + +--- /dev/null ++++ b/cpuid-compat/cpuid.h +@@ -0,0 +1,17 @@ ++// SPDX-License-Identifier: GPL-2.0-or-later ++/* ++ * cpuid compatibility header to build iucode-tool on non-x86 hosts ++ * ++ * Copyright (C) 2022 Sergey V. Lobanov ++ */ ++ ++#ifdef __APPLE__ ++# include ++#endif ++ ++static __inline int __get_cpuid (unsigned int leaf, ++ unsigned int *eax, unsigned int *ebx, ++ unsigned int *ecx, unsigned int *edx) ++{ ++ return 0; ++} diff --git a/scripts/download.pl b/scripts/download.pl index cb105cc916..ddb41290d0 100755 --- a/scripts/download.pl +++ b/scripts/download.pl @@ -200,6 +200,9 @@ foreach my $mirror (@ARGV) { # use OpenWrt source server directly } elsif ($mirror =~ /^\@DEBIAN\/(.+)$/) { push @mirrors, "https://mirrors.tencent.com/debian/$1"; + push @mirrors, "https://mirrors.aliyun.com/debian/$1"; + # push @mirrors, "https://mirrors.tuna.tsinghua.edu.cn/debian/$1"; + # push @mirrors, "https://mirrors.ustc.edu.cn/debian/$1"; push @mirrors, "https://ftp.debian.org/debian/$1"; push @mirrors, "https://mirror.leaseweb.com/debian/$1"; push @mirrors, "https://mirror.netcologne.de/debian/$1"; @@ -259,6 +262,7 @@ foreach my $mirror (@ARGV) { } foreach my $dir (@extra) { # push @mirrors, "https://mirrors.ustc.edu.cn/kernel.org/$dir"; + # push @mirrors, "https://mirror.iscas.ac.cn/kernel.org/$dir"; push @mirrors, "https://cdn.kernel.org/pub/$dir"; push @mirrors, "https://download.xs4all.nl/ftp.kernel.org/pub/$dir"; push @mirrors, "https://mirrors.mit.edu/kernel/$dir"; @@ -268,8 +272,8 @@ foreach my $mirror (@ARGV) { push @mirrors, "ftp://www.mirrorservice.org/sites/ftp.kernel.org/pub/$dir"; } } elsif ($mirror =~ /^\@GNOME\/(.+)$/) { + # push @mirrors, "https://mirrors.ustc.edu.cn/gnome/sources/$1"; push @mirrors, "https://download.gnome.org/sources/$1"; - push @mirrors, "https://mirrors.ustc.edu.cn/gnome/sources/$1"; push @mirrors, "https://mirror.csclub.uwaterloo.ca/gnome/sources/$1"; push @mirrors, "http://ftp.acc.umu.se/pub/GNOME/sources/$1"; push @mirrors, "http://ftp.kaist.ac.kr/gnome/sources/$1"; diff --git a/scripts/gen_image_generic.sh b/scripts/gen_image_generic.sh index 17888eac60..5e37224736 100755 --- a/scripts/gen_image_generic.sh +++ b/scripts/gen_image_generic.sh @@ -31,10 +31,11 @@ dd if="$ROOTFSIMAGE" of="$OUTPUT" bs=512 seek="$ROOTFSOFFSET" conv=notrunc if [ -n "$GUID" ]; then [ -n "$PADDING" ] && dd if=/dev/zero of="$OUTPUT" bs=512 seek="$((ROOTFSOFFSET + ROOTFSSIZE))" conv=notrunc count="$sect" - mkfs.fat -n kernel -C "$OUTPUT.kernel" -S 512 "$((KERNELSIZE / 1024))" - mcopy -s -i "$OUTPUT.kernel" "$KERNELDIR"/* ::/ + mkfs.fat --invariant -n kernel -C "$OUTPUT.kernel" -S 512 "$((KERNELSIZE / 1024))" + [ "$SOURCE_DATE_EPOCH" ] && find "$KERNELDIR"/ -mindepth 1 -execdir touch -hcd "@${SOURCE_DATE_EPOCH}" "{}" + + LC_ALL=C mcopy -m -s -i "$OUTPUT.kernel" "$KERNELDIR"/* ::/ else - make_ext4fs -J -L kernel -l "$KERNELSIZE" "$OUTPUT.kernel" "$KERNELDIR" + make_ext4fs -J -L kernel -l "$KERNELSIZE" ${SOURCE_DATE_EPOCH:+-T ${SOURCE_DATE_EPOCH}} "$OUTPUT.kernel" "$KERNELDIR" fi dd if="$OUTPUT.kernel" of="$OUTPUT" bs=512 seek="$KERNELOFFSET" conv=notrunc rm -f "$OUTPUT.kernel" diff --git a/scripts/json_add_image_info.py b/scripts/json_add_image_info.py index 23033f9fc4..4608996f02 100755 --- a/scripts/json_add_image_info.py +++ b/scripts/json_add_image_info.py @@ -44,7 +44,7 @@ file_info = { "target": "{}/{}".format(getenv("TARGET"), getenv("SUBTARGET")), "version_code": getenv("VERSION_CODE"), "version_number": getenv("VERSION_NUMBER"), - "source_date_epoch": getenv("SOURCE_DATE_EPOCH"), + "source_date_epoch": int(getenv("SOURCE_DATE_EPOCH")), "profiles": { device_id: { "image_prefix": getenv("DEVICE_IMG_PREFIX"), diff --git a/target/imagebuilder/files/Makefile b/target/imagebuilder/files/Makefile index a16de90ebb..70e3a0cb55 100644 --- a/target/imagebuilder/files/Makefile +++ b/target/imagebuilder/files/Makefile @@ -27,6 +27,7 @@ include $(INCLUDE_DIR)/rootfs.mk include $(INCLUDE_DIR)/version.mk export REVISION +export SOURCE_DATE_EPOCH define Helptext Available Commands: diff --git a/tools/cmake/Makefile b/tools/cmake/Makefile index f0af6dfeaa..4391586b2d 100644 --- a/tools/cmake/Makefile +++ b/tools/cmake/Makefile @@ -13,7 +13,7 @@ PKG_CPE_ID:=cpe:/a:kitware:cmake PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/Kitware/CMake/releases/download/v$(PKG_VERSION)/ \ - https://cmake.org/files/v3.19/ + https://cmake.org/files/v3.22/ PKG_HASH:=9f8469166f94553b6978a16ee29227ec49a2eb5ceb608275dec40d8ae0d1b5a0 HOST_BUILD_PARALLEL:=1 diff --git a/tools/meson/Makefile b/tools/meson/Makefile index cd5af31cff..e2ea3d285c 100644 --- a/tools/meson/Makefile +++ b/tools/meson/Makefile @@ -1,11 +1,11 @@ include $(TOPDIR)/rules.mk PKG_NAME:=meson -PKG_VERSION:=0.61.2 +PKG_VERSION:=0.61.4 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/mesonbuild/meson/releases/download/$(PKG_VERSION) -PKG_HASH:=0233a7f8d959079318f6052b0939c27f68a5de86ba601f25c9ee6869fb5f5889 +PKG_HASH:=4e3733ddc66bac38e38c63b739c9b8b8fc5a866de5333396b0c85c2b144ddee9 PKG_MAINTAINER:=Andre Heider PKG_LICENSE:=Apache-2.0 diff --git a/tools/meson/files/openwrt-cross.txt.in b/tools/meson/files/openwrt-cross.txt.in index 56aa393d63..ec4b027f1b 100644 --- a/tools/meson/files/openwrt-cross.txt.in +++ b/tools/meson/files/openwrt-cross.txt.in @@ -6,6 +6,7 @@ strip = '@STRIP@' nm = '@NM@' pkgconfig = '@PKGCONFIG@' cmake = '@CMAKE@' +python = '@PYTHON@' [built-in options] c_args = [@CFLAGS@] diff --git a/tools/meson/files/openwrt-native.txt.in b/tools/meson/files/openwrt-native.txt.in index eba63c00b1..48e09ece2c 100644 --- a/tools/meson/files/openwrt-native.txt.in +++ b/tools/meson/files/openwrt-native.txt.in @@ -3,6 +3,7 @@ c = [@CC@] cpp = [@CXX@] pkgconfig = '@PKGCONFIG@' cmake = '@CMAKE@' +python = '@PYTHON@' [built-in options] c_args = [@CFLAGS@]