diff options
| author | PÁLI Gábor János <pali.gabor@gmail.com> | 2024-03-16 13:33:00 +0100 |
|---|---|---|
| committer | PÁLI Gábor János <pali.gabor@gmail.com> | 2024-03-16 13:44:13 +0100 |
| commit | d7e702dd5529860e3d97a84e387bad95573f5894 (patch) | |
| tree | e4c8bff35d942fadd35d2cd76a93ca4994fb55cb | |
| parent | f9967eae7a169b920daedecbc176c792d516f471 (diff) | |
| download | freebsd-wifibox-alpine-d7e702dd5529860e3d97a84e387bad95573f5894.zip | |
Update to Linux 6.6 & 6.8, and Alpine 3.19
- Update dhcpcd to 10.0.5
- Update iptables to 1.8.10
- Update linux-lts to 6.6.22
- Update linux-edge to 6.8.1
- Update openrc 0.52.1
- Update mDNSResponder to 2200.80.16
- Update rtl8821ce to snapshot of 20240120
- Update rtw88 to snapshot of 20231024
- Resolve driver conflict between rtw88 and rtl8821ce
- Update rtw89 to snapshot of 20240310
- Update socat to 1.8.0.0
- Import security fixes for wpa_supplicant
45 files changed, 1280 insertions, 353 deletions
diff --git a/aports/base-layout/APKBUILD b/aports/base-layout/APKBUILD index 90ff6d2..fe07fb6 100644 --- a/aports/base-layout/APKBUILD +++ b/aports/base-layout/APKBUILD @@ -2,7 +2,7 @@ pkgname=baselayout # base: alpine-baselayout, alpine-baselayout-data pkgver=3.4.3 -pkgrel=1 # base: 1 +pkgrel=2 # base: 2 pkgdesc="Base dir structure and init scripts" url="https://git.alpinelinux.org/cgit/aports/tree/main/alpine-baselayout" arch="noarch" diff --git a/aports/broadcom-wl-edge/APKBUILD b/aports/broadcom-wl-edge/APKBUILD index 2646d58..5cbcfde 100644 --- a/aports/broadcom-wl-edge/APKBUILD +++ b/aports/broadcom-wl-edge/APKBUILD @@ -2,7 +2,7 @@ pkgname=broadcom-wl-edge pkgver=6.30.223.271 -pkgrel=13 +pkgrel=06080010000 pkgdesc='Broadcom 802.11 Linux STA wireless driver (edge)' arch="x86_64" url='https://www.broadcom.com/support/download-search/?pf=Wireless+LAN+Infrastructure' diff --git a/aports/broadcom-wl/APKBUILD b/aports/broadcom-wl/APKBUILD index 1728b3b..ace42ff 100644 --- a/aports/broadcom-wl/APKBUILD +++ b/aports/broadcom-wl/APKBUILD @@ -2,7 +2,7 @@ pkgname=broadcom-wl pkgver=6.30.223.271 -pkgrel=13 +pkgrel=06060220000 pkgdesc='Broadcom 802.11 Linux STA wireless driver' arch="x86_64" url='https://www.broadcom.com/support/download-search/?pf=Wireless+LAN+Infrastructure' diff --git a/aports/busybox/0031-ash-initialize-basepf.buf-in-ash.patch b/aports/busybox/0031-ash-initialize-basepf.buf-in-ash.patch new file mode 100644 index 0000000..51e5301 --- /dev/null +++ b/aports/busybox/0031-ash-initialize-basepf.buf-in-ash.patch @@ -0,0 +1,58 @@ +From ed4a24dfd10539e144ed4b7de008f8791d09a551 Mon Sep 17 00:00:00 2001 +From: zhuyan <zhuyan34@huawei.com> +Date: Tue, 29 Aug 2023 20:50:32 +0800 +Subject: [PATCH] ash: initialize basepf.buf in ash +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When I planned to print the command in read_line_input, I found that after +the system started, the command printed for the first time was always +garbled. + +After analysis, it is found that in the init() function of ash, the +variable basepf.buf is not initialized after applying for memory, resulting +in garbled initial data. Then assign it to the global variable +g_parsefile->buf in ash.c, and then pass g_parsefile->buf to the parameter +command of the function read_line_input in the function preadfd(), and +finally cause it to be garbled when the command is printed by +read_line_input. + +The call stack is as follows: + #0 read_line_input (st=0xb6fff220, prompt=0xb6ffc910 "\\[\\033[32m\\]\\h \\w\\[\\033[m\\] \\$ ", command=command@entry=0xb6ffc230 "P\325\377\266P\325\377\266", maxsize=maxsize@entry=1024) at libbb/lineedit.c:2461 + #1 0x0043ef8c in preadfd () at shell/ash.c:10812 + #2 preadbuffer () at shell/ash.c:10914 + #3 pgetc () at shell/ash.c:10997 + #4 0x00440c20 in pgetc_eatbnl () at shell/ash.c:11039 + #5 0x00440cbc in xxreadtoken () at shell/ash.c:13157 + #6 0x00440f40 in readtoken () at shell/ash.c:13268 + #7 0x00441234 in list (nlflag=nlflag@entry=1) at shell/ash.c:11782 + #8 0x004420e8 in parsecmd (interact=<optimized out>) at shell/ash.c:13344 + #9 0x00442c34 in cmdloop (top=top@entry=1) at shell/ash.c:13549 + #10 0x00444e4c in ash_main (argc=<optimized out>, argv=0x444e4c <ash_main+1328>) at shell/ash.c:14747 + #11 0x00407954 in run_applet_no_and_exit (applet_no=9, name=<optimized out>, argv=0xbefffd34) at libbb/appletlib.c:1024 + #12 0x00407b68 in run_applet_and_exit (name=0xbefffe56 "ash", argv=0x9) at libbb/appletlib.c:1047 + #13 0x00407f88 in main (argc=<optimized out>, argv=0xbefffd34) at libbb/appletlib.c:1181 + +Fixes: 82dd14a510ca ("ash: use CONFIG_FEATURE_EDITING_MAX_LEN") + +Signed-off-by: zhuyan <zhuyan34@huawei.com> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net> +--- + shell/ash.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/shell/ash.c b/shell/ash.c +index e1d93da73..771fc8bf9 100644 +--- a/shell/ash.c ++++ b/shell/ash.c +@@ -14484,7 +14484,7 @@ static NOINLINE void + init(void) + { + /* we will never free this */ +- basepf.next_to_pgetc = basepf.buf = ckmalloc(IBUFSIZ); ++ basepf.next_to_pgetc = basepf.buf = ckzalloc(IBUFSIZ); + basepf.linno = 1; + + sigmode[SIGCHLD - 1] = S_DFL; /* ensure we install handler even if it is SIG_IGNed */ diff --git a/aports/busybox/0032-install-Fix-chown-resetting-suid-sgid-bits-from-chmo.patch b/aports/busybox/0032-install-Fix-chown-resetting-suid-sgid-bits-from-chmo.patch new file mode 100644 index 0000000..795275f --- /dev/null +++ b/aports/busybox/0032-install-Fix-chown-resetting-suid-sgid-bits-from-chmo.patch @@ -0,0 +1,53 @@ +From 6d22c9abc29d43e919e819ff004fcd84a90de60b Mon Sep 17 00:00:00 2001 +From: Nero <nero@w1r3.net> +Date: Sat, 23 Sep 2023 11:50:04 +0000 +Subject: [PATCH] install: Fix chown resetting suid/sgid bits from chmod +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since Linux 2.2.13, chown(2) resets the suid/gid bits for all users. +This patch changes the ordering so that chmod gets called after chown. + +This behavior follows GNU coreutils. + +Signed-off-by: Nero <nero@w1r3.net> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + coreutils/install.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/coreutils/install.c b/coreutils/install.c +index c0f1c538a..00f8be87e 100644 +--- a/coreutils/install.c ++++ b/coreutils/install.c +@@ -244,6 +244,15 @@ int install_main(int argc, char **argv) + } + } + ++ /* Set the user and group id */ ++ /* (must be before chmod, or else chown may clear suid/gid bits) */ ++ if ((opts & (OPT_OWNER|OPT_GROUP)) ++ && lchown(dest, uid, gid) == -1 ++ ) { ++ bb_perror_msg("can't change %s of %s", "ownership", dest); ++ ret = EXIT_FAILURE; ++ } ++ + /* Set the file mode (always, not only with -m). + * GNU coreutils 6.10 is not affected by umask. */ + if (chmod(dest, mode) == -1) { +@@ -254,13 +263,6 @@ int install_main(int argc, char **argv) + if (use_default_selinux_context) + setdefaultfilecon(dest); + #endif +- /* Set the user and group id */ +- if ((opts & (OPT_OWNER|OPT_GROUP)) +- && lchown(dest, uid, gid) == -1 +- ) { +- bb_perror_msg("can't change %s of %s", "ownership", dest); +- ret = EXIT_FAILURE; +- } + next: + if (ENABLE_FEATURE_CLEAN_UP && isdir) + free(dest); diff --git a/aports/busybox/0033-find-fix-xdev-depth-and-delete.patch b/aports/busybox/0033-find-fix-xdev-depth-and-delete.patch new file mode 100644 index 0000000..4cd8d9b --- /dev/null +++ b/aports/busybox/0033-find-fix-xdev-depth-and-delete.patch @@ -0,0 +1,230 @@ +From e49db109bba7ff0b84fe7ba4f1f08405a6b72419 Mon Sep 17 00:00:00 2001 +From: Dominique Martinet <dominique.martinet@atmark-techno.com> +Date: Fri, 27 Oct 2023 06:42:35 +0900 +Subject: [PATCH] find: fix -xdev -depth (and -delete) + +find -xdev with -depth would check for same_fs after the subdirectory +has been processed (because the check is done in the file/dir action, +which is evaluated too late in the -depth case) +This renders `find -xdev -delete` useless, as reported in 2012 here: +https://bugs.busybox.net/show_bug.cgi?id=5756 + +The bug report suggested adding an extra hook, which would be required +if we were to keep the current xdev approach that allows all filesystems +given in argument, but GNU findutils and OpenBSD find actually stop on +the first filesystem boundary e.g. for the following tree: + +$ find test -exec stat --format "%d %n" {} + +27 test +27 test/file +59 test/tmpfs +27 test/tmpfs/bind +27 test/tmpfs/bind/file +59 test/tmpfs/file +(Where 'test/tmpfs' is a tmpfs, and 'test/tmpfs/bind' is a bind mount +to a neighboring directory in the same filesystem as 'test' -- also +tested with a symlink and -follow for openbsd which has no bind mount) + +Then `find test test/tmpfs -xdev` does not print test/tmpfs/bind/file. + +This makes the implementation much simpler (although it's a bit ugly to +carry the parent st_dev as an argument to the function) and smaller +code, and would allow for easy addition of rm/cp --one-file-system if +we want to do that later. + +Note: this also no longer stores the stat result in 'status' in +recursive_action1 as that was not used and doing this saves 10 bytes + +function old new delta +recursive_action1 361 385 +24 +parse_params 1503 1510 +7 +recursive_action 63 65 +2 +fileAction 206 127 -79 +find_main 520 417 -103 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 3/2 up/down: 33/-182) Total: -149 bytes + text data bss dec hex filename + 78267 1582 1552 81401 13df9 busybox_old + 78118 1582 1552 81252 13d64 busybox_unstripped +--- + findutils/find.c | 44 ++-------------------------------------- + include/libbb.h | 1 + + libbb/recursive_action.c | 19 ++++++++++------- + 3 files changed, 15 insertions(+), 49 deletions(-) + +diff --git a/findutils/find.c b/findutils/find.c +index bb6ad31e5edc..e88fbd3ba3bf 100644 +--- a/findutils/find.c ++++ b/findutils/find.c +@@ -488,7 +488,6 @@ struct globals { + #endif + action ***actions; + smallint need_print; +- smallint xdev_on; + smalluint exitstatus; + recurse_flags_t recurse_flags; + IF_FEATURE_FIND_EXEC_PLUS(unsigned max_argv_len;) +@@ -988,26 +987,10 @@ static int FAST_FUNC fileAction( + struct stat *statbuf) + { + int r; +- int same_fs = 1; +- +-#if ENABLE_FEATURE_FIND_XDEV +- if (S_ISDIR(statbuf->st_mode) && G.xdev_count) { +- int i; +- for (i = 0; i < G.xdev_count; i++) { +- if (G.xdev_dev[i] == statbuf->st_dev) +- goto found; +- } +- //bb_error_msg("'%s': not same fs", fileName); +- same_fs = 0; +- found: ; +- } +-#endif + + #if ENABLE_FEATURE_FIND_MAXDEPTH + if (state->depth < G.minmaxdepth[0]) { +- if (same_fs) +- return TRUE; /* skip this, continue recursing */ +- return SKIP; /* stop recursing */ ++ return TRUE; /* skip this, continue recursing */ + } + if (state->depth > G.minmaxdepth[1]) + return SKIP; /* stop recursing */ +@@ -1024,11 +1007,6 @@ static int FAST_FUNC fileAction( + return SKIP; + } + #endif +- /* -xdev stops on mountpoints, but AFTER mountpoit itself +- * is processed as usual */ +- if (!same_fs) { +- return SKIP; +- } + + /* Cannot return 0: our caller, recursive_action(), + * will perror() and skip dirs (if called on dir) */ +@@ -1266,7 +1244,7 @@ static action*** parse_params(char **argv) + #if ENABLE_FEATURE_FIND_XDEV + else if (parm == OPT_XDEV) { + dbg("%d", __LINE__); +- G.xdev_on = 1; ++ G.recurse_flags |= ACTION_XDEV; + } + #endif + #if ENABLE_FEATURE_FIND_MAXDEPTH +@@ -1685,24 +1663,6 @@ int find_main(int argc UNUSED_PARAM, char **argv) + G.actions = parse_params(&argv[firstopt]); + argv[firstopt] = NULL; + +-#if ENABLE_FEATURE_FIND_XDEV +- if (G.xdev_on) { +- struct stat stbuf; +- +- G.xdev_count = firstopt; +- G.xdev_dev = xzalloc(G.xdev_count * sizeof(G.xdev_dev[0])); +- for (i = 0; argv[i]; i++) { +- /* not xstat(): shouldn't bomb out on +- * "find not_exist exist -xdev" */ +- if (stat(argv[i], &stbuf) == 0) +- G.xdev_dev[i] = stbuf.st_dev; +- /* else G.xdev_dev[i] stays 0 and +- * won't match any real device dev_t +- */ +- } +- } +-#endif +- + for (i = 0; argv[i]; i++) { + if (!recursive_action(argv[i], + G.recurse_flags,/* flags */ +diff --git a/include/libbb.h b/include/libbb.h +index 5d0fe924eed1..d903330cccb0 100644 +--- a/include/libbb.h ++++ b/include/libbb.h +@@ -512,6 +512,7 @@ enum { + ACTION_DEPTHFIRST = (1 << 3), + ACTION_QUIET = (1 << 4), + ACTION_DANGLING_OK = (1 << 5), ++ ACTION_XDEV = (1 << 6), + }; + typedef uint8_t recurse_flags_t; + typedef struct recursive_state { +diff --git a/libbb/recursive_action.c b/libbb/recursive_action.c +index b1c4bfad7ccf..d4b40afdead3 100644 +--- a/libbb/recursive_action.c ++++ b/libbb/recursive_action.c +@@ -62,13 +62,15 @@ static int FAST_FUNC true_action(struct recursive_state *state UNUSED_PARAM, + * ACTION_FOLLOWLINKS mainly controls handling of links to dirs. + * 0: lstat(statbuf). Calls fileAction on link name even if points to dir. + * 1: stat(statbuf). Calls dirAction and optionally recurse on link to dir. ++ * ++ * If ACTION_XDEV, stop on different filesystem _after_ it has been processed + */ + +-static int recursive_action1(recursive_state_t *state, const char *fileName) ++static int recursive_action1(recursive_state_t *state, const char *fileName, dev_t parentDev) + { + struct stat statbuf; + unsigned follow; +- int status; ++ int status = TRUE; + DIR *dir; + struct dirent *next; + +@@ -76,8 +78,7 @@ static int recursive_action1(recursive_state_t *state, const char *fileName) + if (state->depth == 0) + follow = ACTION_FOLLOWLINKS | ACTION_FOLLOWLINKS_L0; + follow &= state->flags; +- status = (follow ? stat : lstat)(fileName, &statbuf); +- if (status < 0) { ++ if ((follow ? stat : lstat)(fileName, &statbuf) < 0) { + #ifdef DEBUG_RECURS_ACTION + bb_error_msg("status=%d flags=%x", status, state->flags); + #endif +@@ -114,6 +115,10 @@ static int recursive_action1(recursive_state_t *state, const char *fileName) + return TRUE; + } + ++ /* skip cross devices -- we still need to process action */ ++ if ((state->flags & ACTION_XDEV) && parentDev != 0 && statbuf.st_dev != parentDev) ++ goto skip_recurse; ++ + dir = opendir(fileName); + if (!dir) { + /* findutils-4.1.20 reports this */ +@@ -121,7 +126,6 @@ static int recursive_action1(recursive_state_t *state, const char *fileName) + /* To trigger: "find -exec rm -rf {} \;" */ + goto done_nak_warn; + } +- status = TRUE; + while ((next = readdir(dir)) != NULL) { + char *nextFile; + int s; +@@ -132,7 +136,7 @@ static int recursive_action1(recursive_state_t *state, const char *fileName) + + /* process every file (NB: ACTION_RECURSE is set in flags) */ + state->depth++; +- s = recursive_action1(state, nextFile); ++ s = recursive_action1(state, nextFile, statbuf.st_dev); + if (s == FALSE) + status = FALSE; + free(nextFile); +@@ -146,6 +150,7 @@ static int recursive_action1(recursive_state_t *state, const char *fileName) + } + closedir(dir); + ++skip_recurse: + if (state->flags & ACTION_DEPTHFIRST) { + if (!state->dirAction(state, fileName, &statbuf)) + goto done_nak_warn; +@@ -177,5 +182,5 @@ int FAST_FUNC recursive_action(const char *fileName, + state.fileAction = fileAction ? fileAction : true_action; + state.dirAction = dirAction ? dirAction : true_action; + +- return recursive_action1(&state, fileName); ++ return recursive_action1(&state, fileName, 0); + } +-- +2.39.2 + diff --git a/aports/busybox/0034-udhcp-Avoid-leaking-uninitialized-stale-data.patch b/aports/busybox/0034-udhcp-Avoid-leaking-uninitialized-stale-data.patch new file mode 100644 index 0000000..d61c5fb --- /dev/null +++ b/aports/busybox/0034-udhcp-Avoid-leaking-uninitialized-stale-data.patch @@ -0,0 +1,75 @@ +From e265c8d4c039729f2a68f3b1fb589c13c38d86f8 Mon Sep 17 00:00:00 2001 +From: Russ Dill <russ.dill@gmail.com> +Date: Mon, 2 Oct 2023 12:34:50 -0700 +Subject: [PATCH] udhcp: Avoid leaking uninitialized/stale data + +I noticed a commit in connman: + +"gdhcp: Avoid leaking stack data via unitiialized variable" [1] + +Since gdhcp is just BusyBox udhcp with the serial numbers filed off, I +checked if BusyBox udhcp has a related issue. + +The issue is that the get_option logic assumes any data within the +memory area of the buffer is "valid". This reduces the complexity of the +function at the cost of reading past the end of the actually received +data in the case of specially crafted packets. This is not a problem +for the udhcp_recv_kernel_packet data path as the entire memory +area is zeroed. However, d4/d6_recv_raw_packet does not zero the +memory. + +Note that a related commit [2] is not required as we are zeroing +any data that can be read by the get_option function. + +[1] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=a74524b3e3fad81b0fd1084ffdf9f2ea469cd9b1 +[2] https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=58d397ba74873384aee449690a9070bacd5676fa + +function old new delta +d4_recv_raw_packet 484 497 +13 +d6_recv_raw_packet 216 228 +12 +.rodata 105390 105381 -9 +------------------------------------------------------------------------------ +(add/remove: 0/0 grow/shrink: 2/1 up/down: 25/-9) Total: 16 bytes + +Signed-off-by: Russ Dill <russ.dill@gmail.com> +Cc: Colin Wee <cwee@tesla.com> +Cc: Denys Vlasenko <vda.linux@googlemail.com> +Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> +--- + networking/udhcp/d6_dhcpc.c | 1 + + networking/udhcp/dhcpc.c | 3 ++- + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/networking/udhcp/d6_dhcpc.c b/networking/udhcp/d6_dhcpc.c +index cdd06188e..a72fd31bd 100644 +--- a/networking/udhcp/d6_dhcpc.c ++++ b/networking/udhcp/d6_dhcpc.c +@@ -961,6 +961,7 @@ static NOINLINE int d6_recv_raw_packet(struct in6_addr *peer_ipv6, struct d6_pac + d6_dump_packet(&packet.data); + + bytes -= sizeof(packet.ip6) + sizeof(packet.udp); ++ memset(d6_pkt, 0, sizeof(*d6_pkt)); + memcpy(d6_pkt, &packet.data, bytes); + return bytes; + } +diff --git a/networking/udhcp/dhcpc.c b/networking/udhcp/dhcpc.c +index 200a2fb8a..07e2eadfe 100644 +--- a/networking/udhcp/dhcpc.c ++++ b/networking/udhcp/dhcpc.c +@@ -966,7 +966,7 @@ static NOINLINE int d4_recv_raw_packet(struct dhcp_packet *dhcp_pkt, int fd) + check = packet.udp.check; + packet.udp.check = 0; + if (check && check != inet_cksum(&packet, bytes)) { +- log1s("packet with bad UDP checksum received, ignoring"); ++ log1s("packet with bad UDP checksum, ignoring"); + return -2; + } + skip_udp_sum_check: +@@ -981,6 +981,7 @@ static NOINLINE int d4_recv_raw_packet(struct dhcp_packet *dhcp_pkt, int fd) + udhcp_dump_packet(&packet.data); + + bytes -= sizeof(packet.ip) + sizeof(packet.udp); ++ memset(dhcp_pkt, 0, sizeof(*dhcp_pkt)); + memcpy(dhcp_pkt, &packet.data, bytes); + return bytes; + } diff --git a/aports/busybox/APKBUILD b/aports/busybox/APKBUILD index 633f898..23b4d17 100644 --- a/aports/busybox/APKBUILD +++ b/aports/busybox/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=busybox pkgver=1.36.1 -pkgrel=1 # base: 2 +pkgrel=2 # base: 15 pkgdesc="Size optimized toolbox of many common UNIX utilities" url="https://busybox.net/" arch="all" @@ -59,11 +59,14 @@ source="https://busybox.net/downloads/busybox-$pkgver.tar.bz2 acpid.logrotate config default.script + udhcpc.conf $_openrc_files $_mdev_openrc_files " # secfixes: +# 1.36.1-r2: +# - CVE-2022-48174 # 1.35.0-r17: # - CVE-2022-30065 # 1.35.0-r7: @@ -163,15 +166,12 @@ package() { "$pkgdir"/etc/udhcpc ln -s /media/etc/udhcpd.conf "$pkgdir"/etc + install -Dm644 "$srcdir"/udhcpc.conf "$pkgdir"/etc/udhcpc/udhcpc.conf + cat >"$pkgdir"/etc/securetty <<EOF console ttyS0 EOF - cat >"$pkgdir"/etc/udhcpc/udhcpc.conf <<EOF -RESOLV_CONF="/tmp/resolv.conf" -UDHCPD_CONF_TEMPLATE="/etc/udhcpd.conf" -UDHCPD_CONF="/tmp/udhcpd.conf" -EOF # script for udhcpc install -Dm755 "$srcdir"/default.script \ @@ -217,8 +217,9 @@ d3bd84c42487de573c0c5165a847fd233ddcd4d53a61b1e03c30a46b6dba3993e741f12daf167b83 5f8c1a848f28aff2b28085950c561e1a51dfcea043da455e3daf9b960025dd8789ecfe43370553cb727d4ec239aa23c42e3ae5f6ef1cd5768d69c80c31b8f39e 0029-awk-fix-use-after-realloc-CVE-2021-42380-closes-1560.patch 28748a431718f270b2d0023d09f059e6a32501afb9fd243c4b127fec28bc9312ffb7fdcc1563544a2cb29bed66383ecfea7957d557f7b21402ec3bdb6938004f 0030-shell-avoid-segfault-on-0-0-0-09J-.-Closes-15216.patch aa93095e20de88730f526c6f463cef711b290b9582cdbd8c1ba2bd290019150cbeaa7007c2e15f0362d5b9315dd63f60511878f0ea05e893f4fdfb4a54af3fb1 acpid.logrotate -b1e13a736eaf8a621b648d97c2526fe72215a5bfb13277a58c7d631bcee08cbcea20dd3d11ea8a97e545ec137adc41bd75f5f6dcbcfae96934fe6b3d14c94b46 config +b0b65c0b2955bc4ff7848df58eedec7807c48abf0c3c4f057276068a706568385fdce94b7a68ea9845d11dc7c0d410adc34545d8aa1926b18704db82e4def246 config 6c1d25c733fd9ac6ba7d3c7f474c836fbfd41d8f1753ec9c21c08d57cd6249023a0b16f81da4d2ec5d56d14509f7ba1fffadf691504f0670f90017aaf1ed564b default.script +21fbd1fbe2e77922c5d465aace694cf69835a159361eb56571780d67168338bf34565f48158303ce39438fe03ffee2f64f9637e97c3d0a74fd25b0c200b1e392 udhcpc.conf fcb532233fd7ba8cad302d037b88cff00ee8b96b37c90b34fc823479208cf7cdda48818c972ce2c4703b7283fd58e99ba8a724818f884f3b09eaa7e2d6ffad21 acpid.initd 34c6f3197064bb91619b899b28a201bd4d920b18bded3845440b2cb36dc6f16cabf447c96878349b16e46c30184cbe48bac00a01c5f7cf1be038c0b7136064c5 crond.confd f3a104095c659eef79925e8df850cdac499f6c7756fb9647088a24b98dc72f37413c3869da6113bcc578c2178c1c2e5ab8d31a50ad2e472c06aaf408e8924d6a crond.initd diff --git a/aports/busybox/config b/aports/busybox/config index efab056..e98a24c 100644 --- a/aports/busybox/config +++ b/aports/busybox/config @@ -53,7 +53,7 @@ CONFIG_EXTRA_CFLAGS="" CONFIG_EXTRA_LDFLAGS="" CONFIG_EXTRA_LDLIBS="" # CONFIG_USE_PORTABLE_CODE is not set -CONFIG_STACK_OPTIMIZATION_386=y +# CONFIG_STACK_OPTIMIZATION_386 is not set CONFIG_STATIC_LIBGCC=y # @@ -239,7 +239,7 @@ CONFIG_FEATURE_DATE_ISOFMT=y CONFIG_FEATURE_DATE_COMPAT=y # CONFIG_DD is not set # CONFIG_FEATURE_DD_SIGNAL_HANDLING is not set -# CONFIG_FEATURE_DD_THIRD_STATUS_LINE is not set +CONFIG_FEATURE_DD_THIRD_STATUS_LINE=y # CONFIG_FEATURE_DD_IBS_OBS is not set # CONFIG_FEATURE_DD_STATUS is not set CONFIG_DF=y @@ -420,7 +420,7 @@ CONFIG_CMP=y CONFIG_DIFF=y CONFIG_FEATURE_DIFF_LONG_OPTIONS=y CONFIG_FEATURE_DIFF_DIR=y -CONFIG_ED=y +# CONFIG_ED is not set # CONFIG_PATCH is not set CONFIG_SED=y # CONFIG_VI is not set @@ -1148,7 +1148,7 @@ CONFIG_ASH_MAIL=y CONFIG_ASH_ECHO=y CONFIG_ASH_PRINTF=y CONFIG_ASH_TEST=y -CONFIG_ASH_SLEEP=y +# CONFIG_ASH_SLEEP is not set CONFIG_ASH_HELP=y CONFIG_ASH_GETOPTS=y CONFIG_ASH_CMDCMD=y diff --git a/aports/busybox/udhcpc.conf b/aports/busybox/udhcpc.conf new file mode 100644 index 0000000..909bb9d --- /dev/null +++ b/aports/busybox/udhcpc.conf @@ -0,0 +1,3 @@ +RESOLV_CONF="/tmp/resolv.conf" +UDHCPD_CONF_TEMPLATE="/etc/udhcpd.conf" +UDHCPD_CONF="/tmp/udhcpd.conf" diff --git a/aports/dhcpcd/APKBUILD b/aports/dhcpcd/APKBUILD index c42cbfb..b6cf318 100644 --- a/aports/dhcpcd/APKBUILD +++ b/aports/dhcpcd/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=dhcpcd -pkgver=10.0.2 -pkgrel=0 # base: 1 +pkgver=10.0.5 +pkgrel=0 # base: 0 pkgdesc="RFC2131 compliant DHCP client" url="https://roy.marples.name/projects/dhcpcd" arch="all" @@ -9,8 +9,6 @@ license="BSD-2-Clause" makedepends="linux-headers bsd-compat-headers" install= source="$pkgname-$pkgver.tar.gz::https://github.com/NetworkConfiguration/dhcpcd/archive/refs/tags/v$pkgver.tar.gz - $pkgname-seccomp-toggle-1.patch::https://github.com/NetworkConfiguration/dhcpcd/commit/8b65e2d6c7da1688df00753f872d8805631e07cb.diff - $pkgname-seccomp-toggle-2.patch::https://github.com/NetworkConfiguration/dhcpcd/commit/43c4b1b57264b7b2d565a517b32b6e80c06c89e0.diff busybox-logger.patch dhcpcd.initd 99-udhcpd.conf @@ -48,9 +46,7 @@ package() { } sha512sums=" -eaf557a27f2223705cbfedf142ef45289eeb55056ceb9a90b760408db32c7e639e8f7c07a1ef5ec6f66ffc53971f5302f200ca522a6cd0ab76c4b0d70a3c2a59 dhcpcd-10.0.2.tar.gz -bb0d703b4a5142a218e17d320a56537de5f787b119564724fe0c9d5ee5ff84b7e2711b6f1c8e20f338cfbdcfec22f94971db187ce0af5876b9f4322ec94bb8b9 dhcpcd-seccomp-toggle-1.patch -6ffc69820142f70e9e8290c69c533970b0ac5a58a7deef75e8ca8da1f2ee7d52418af2962356c58ae5e4e34541e8ceb2f2fe2af81302fb31164209d4223c18da dhcpcd-seccomp-toggle-2.patch +8926a2b0c0d1f6f0798c24372e8b7881e0cc01970633d70f806bd11866239df8d43a3a5a9d0160fa78a2850ad133d9acba1143bb11eb88c1ed475e7cc658c979 dhcpcd-10.0.5.tar.gz b6bdaac9fc0d5d2d7e8c5e30d1a45db1cff2284d01f92f8821b2f03aaff4e0dbd8cbfbced96d8d9d934dc11f22b792a8345d634d8e4e3b84f43016b7e866e302 busybox-logger.patch 7fb44b82a6fa25ee6249fc4835853a4c1fc7d327653efabd9fde303b1f306b3aa6956b2621b55a24fc007ec7ad878ce50e7418ebff0b17fece76e2fdd9e5190d dhcpcd.initd c3d551505e22e253bed29fda5c4766ab8b23f14883df0c342b04c835f7ed50d90714a053c86b281bb9924fd9a83cdc6015ecc51217852f0ab2c63058b5d625a5 99-udhcpd.conf diff --git a/aports/forwarding/APKBUILD b/aports/forwarding/APKBUILD index 1c28f9f..20952bb 100644 --- a/aports/forwarding/APKBUILD +++ b/aports/forwarding/APKBUILD @@ -2,7 +2,7 @@ pkgname=forwarding pkgver=0.1.0 -pkgrel=2 +pkgrel=3 pkgdesc="Forwarding management service for Wifibox" url="https://github.com/pgj/freebsd-wifibox-alpine" arch="all" diff --git a/aports/hostapd/APKBUILD b/aports/hostapd/APKBUILD index 68fc159..7f34316 100644 --- a/aports/hostapd/APKBUILD +++ b/aports/hostapd/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=hostapd pkgver=2.10 -pkgrel=3 # base: 6 +pkgrel=4 # base: 6 pkgdesc="daemon for wireless software access points" url="https://w1.fi/hostapd/" arch="all" diff --git a/aports/ifupdown-ng/APKBUILD b/aports/ifupdown-ng/APKBUILD index a523fa4..b5760c2 100644 --- a/aports/ifupdown-ng/APKBUILD +++ b/aports/ifupdown-ng/APKBUILD @@ -2,7 +2,7 @@ pkgname=ifupdown-ng pkgver=0.12.1 -pkgrel=1 # base: 2 +pkgrel=2 # base: 4 pkgdesc="tools for managing network configuration" url="https://github.com/ifupdown-ng/ifupdown-ng" arch="all" diff --git a/aports/iptables/APKBUILD b/aports/iptables/APKBUILD index dcd5234..b9a34a7 100644 --- a/aports/iptables/APKBUILD +++ b/aports/iptables/APKBUILD @@ -1,15 +1,14 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=iptables -pkgver=1.8.9 -pkgrel=1 # base: 2 +pkgver=1.8.10 +pkgrel=0 # base: 3 pkgdesc="Linux kernel firewall, NAT and packet mangling tools" url="https://www.netfilter.org/projects/iptables/index.html" arch="all" license="GPL-2.0-or-later" makedepends="libnftnl-dev bison flex autoconf automake" source="https://www.netfilter.org/projects/iptables/files/iptables-$pkgver.tar.xz - format-security.patch use-sh-iptables-apply.patch iptables.initd iptables.confd @@ -57,10 +56,9 @@ package() { } sha512sums=" -e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70 iptables-1.8.9.tar.xz -9501cd8572d37a680d46ee0b1e95ede3b3d79ff5e347ca32afb0e5e16b3717ed085c96d2214a3b2e08e10619c3295561d86e18089f18026b7ef20daeeb094587 format-security.patch +71e6ed2260859157d61981a4fe5039dc9e8d7da885a626a4b5dae8164c509a9d9f874286b9468bb6a462d6e259d4d32d5967777ecefdd8a293011ae80c00f153 iptables-1.8.10.tar.xz ac78898c2acbe66ed8d32a06f41ff08cde7c22c3df6dfec6bc89a912d2cef2bde730de19d25a5407886d567cb0972a0b7bde7e6b18a34c4511495b4dad3b90ad use-sh-iptables-apply.patch -a37c17a5382c756fcfb183af73af2283f0d09932c5a767241cbab5d784738f6f587f287a0cdf13b4fa74724ecd3a2063a9689ccee84c1bda02e730f63480f74d iptables.initd +e82fcf10e9fffba37b7e4a11bc901b57d60214f5de4865c61df4add04057b9cb2c1d159b2af809b22e017197f2717b330f05a34a7e97589f48de65606060b1db iptables.initd 85bb1660c2452fdede5ae0a483489a3648a8b327ea658839a1ad8c6405f6526bdf842a62d4df3f6e3cbbb9ad59137d37b39266cee21e252814191964d4c50f44 iptables.confd 1783557fea7350ab43b050e632ccd62eb490f1f2b3ad48e7e3fd53cc66c1a9b93c8df4dd692aca3a0d17658f53eb8b668e60055b113fa3091319f81294a1783b ip6tables.confd " diff --git a/aports/iptables/format-security.patch b/aports/iptables/format-security.patch deleted file mode 100644 index 432aac9..0000000 --- a/aports/iptables/format-security.patch +++ /dev/null @@ -1,31 +0,0 @@ -Patch-Source: https://git.netfilter.org/iptables/patch/?id=ed4082a7405a5838c205a34c1559e289949200cc --- -From ed4082a7405a5838c205a34c1559e289949200cc Mon Sep 17 00:00:00 2001 -From: Phil Sutter <phil@nwl.cc> -Date: Thu, 12 Jan 2023 14:38:44 +0100 -Subject: extensions: NAT: Fix for -Werror=format-security - -Have to pass either a string literal or format string to xt_xlate_add(). - -Fixes: f30c5edce0413 ("extensions: Merge SNAT, DNAT, REDIRECT and MASQUERADE") -Signed-off-by: Phil Sutter <phil@nwl.cc> ---- - extensions/libxt_NAT.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/extensions/libxt_NAT.c b/extensions/libxt_NAT.c -index da9f2201..2a634398 100644 ---- a/extensions/libxt_NAT.c -+++ b/extensions/libxt_NAT.c -@@ -424,7 +424,7 @@ __NAT_xlate(struct xt_xlate *xl, const struct nf_nat_range2 *r, - if (r->flags & NF_NAT_RANGE_PROTO_OFFSET) - return 0; - -- xt_xlate_add(xl, tgt); -+ xt_xlate_add(xl, "%s", tgt); - if (strlen(range_str)) - xt_xlate_add(xl, " to %s", range_str); - if (r->flags & NF_NAT_RANGE_PROTO_RANDOM) { --- -cgit v1.2.3 - diff --git a/aports/iptables/iptables.initd b/aports/iptables/iptables.initd index 0f906ee..2cc4227 100644 --- a/aports/iptables/iptables.initd +++ b/aports/iptables/iptables.initd @@ -8,22 +8,26 @@ description_save="Save firewall state" description_panic="Drop all packets" description_reload="Reload configuration" -extra_commands="save panic" +extra_commands="check save panic" extra_started_commands="reload" iptables_name=${SVCNAME} -if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then - iptables_name="iptables" -fi +case "$iptables_name" in + iptables|ip6tables) ;; + *) iptables_name="iptables" ;; +esac iptables_bin="/sbin/${iptables_name}" case ${iptables_name} in - iptables) iptables_proc="/proc/net/ip_tables_names" - iptables_save=${IPTABLES_SAVE} - sysctl_ipfwd=net.ipv4.ip_forward;; - ip6tables) iptables_proc="/proc/net/ip6_tables_names" - iptables_save=${IP6TABLES_SAVE} - sysctl_ipfwd=net.ipv6.conf.all.forwarding;; + iptables) + #shellcheck disable=SC2153 + iptables_save="${IPTABLES_SAVE}" + sysctl_ipfwd=net.ipv4.ip_forward + ;; + ip6tables) + iptables_save="${IP6TABLES_SAVE}" + sysctl_ipfwd=net.ipv6.conf.all.forwarding + ;; esac depend() { @@ -43,18 +47,15 @@ set_table_policy() { esac local chain for chain in ${chains} ; do - ${iptables_bin} -w 5 -t ${table} -P ${chain} ${policy} + ${iptables_bin} --wait 5 --table "${table}" --policy "${chain}" "${policy}" done } -checkkernel() { - if [ ! -e ${iptables_proc} ] ; then - eerror "Your kernel lacks ${iptables_name} support, please load" - eerror "appropriate modules and try again." - return 1 - fi - return 0 +get_tables() { + # shellcheck disable=SC2086 + ${iptables_bin}-save | /bin/sed -n 's/^\*//p' } + checkconfig() { if [ ! -f ${iptables_save} ] ; then eerror "Not starting ${iptables_name}. First create some rules then run:" @@ -67,6 +68,7 @@ checkconfig() { start() { checkconfig || return 1 ebegin "Loading ${iptables_name} state and starting firewall" + # shellcheck disable=SC2086 ${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" eend $? if yesno "${IPFORWARD}"; then @@ -85,51 +87,73 @@ stop() { if yesno "${SAVE_ON_STOP}"; then save || return 1 fi - checkkernel || return 1 ebegin "Stopping firewall" local a - for a in $(cat ${iptables_proc}) ; do - set_table_policy $a ACCEPT + for a in $(get_tables) ; do + set_table_policy "$a" ACCEPT - ${iptables_bin} -w 5 -F -t $a - ${iptables_bin} -w 5 -X -t $a + ${iptables_bin} --wait 5 --flush --table "$a" + ${iptables_bin} --wait 5 --delete-chain --table "$a" done eend $? } reload() { - checkkernel || return 1 + checkrules || return 1 ebegin "Flushing firewall" local a - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -w 5 -F -t $a - ${iptables_bin} -w 5 -X -t $a + for a in $(get_tables) ; do + ${iptables_bin} --wait 5 --flush --table "$a" + ${iptables_bin} --wait 5 --delete-chain --table "$a" done eend $? start } +checkrules() { + ebegin "Checking rules" + # shellcheck disable=SC2086 + ${iptables_bin}-restore --test ${SAVE_RESTORE_OPTIONS} < "${iptables_save}" + eend $? +} + +check() { + # Short name for users of init.d script. + checkrules +} + save() { ebegin "Saving ${iptables_name} state" checkpath -fm 0600 "${iptables_save}" - ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}" - eend $? + local exitcode tmp + + tmp="$(mktemp)" + # shellcheck disable=SC2086 + ${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${tmp}" + exitcode=$? + if [ "$exitcode" -eq 0 ]; then + # command succeeded, so overwrite + mv "${tmp}" "${iptables_save}" + else + ewarn "${iptables_bin}-save failed!" + rm -f "${tmp}" + fi + eend $exitcode } panic() { - checkkernel || return 1 - if service_started ${iptables_name}; then - rc-service ${iptables_name} stop + if service_started "${iptables_name}"; then + rc-service "${iptables_name}" stop fi local a ebegin "Dropping all packets" - for a in $(cat ${iptables_proc}) ; do - ${iptables_bin} -w 5 -F -t $a - ${iptables_bin} -w 5 -X -t $a + for a in $(get_tables) ; do + ${iptables_bin} --wait 5 --flush --table "$a" + ${iptables_bin} --wait 5 --delete-chain --table "$a" - set_table_policy $a DROP + set_table_policy "$a" DROP done eend $? } diff --git a/aports/linux-edge/APKBUILD b/aports/linux-edge/APKBUILD index 23a85a8..518aeb6 100644 --- a/aports/linux-edge/APKBUILD +++ b/aports/linux-edge/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=linux-edge -pkgver=6.5.4 +pkgver=6.8.1 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=$pkgver;; @@ -160,7 +160,7 @@ _dev() { } sha512sums=" -1b59dc5e65d4922c3217a8c8f19022dfd6595ae89747861d825bfeb51a4ae6c85449d05db69635a712bef7b355b80318195665582d8933b1fed6ba582f6ff257 linux-6.5.tar.xz -369d48e90db776e88d44501809c9b3045315d39e72887d2bd70c355bd454e2514d187237069cb856891b8d71d8b5787214805e18cfd60f29644300f8dcd18df1 config-edge.x86_64 -cb5935b12082580895017d956edb8a7e8bf6effdf8f9ca0e2f9d938295760202098303db1e15537389d582c094d29457bea3bca5f8746f40673ac5a424dac7c6 patch-6.5.4.xz +5c4eb4aa1d3f7d1ea01c0f7ddeadacdece6e144fd4bdfc16b2b925d3e10dc04de3a6db69320b79a96c3560052616f001d2c09e7a1bb4f7b731e2380a7ecce068 linux-6.8.tar.xz +cf75485c89e50674bbadfc83089deead0ccb25ea1358cdb2d025f445e0986d8549bb2c6b5ecf1fcfad420dae0a9208c725064377b10d7de96c896fb17d92a247 config-edge.x86_64 +33ddb70a2df5ce51e23a82616e02197e4b812e0c094d0c88dd6ea6e2f00d843c2ff124fc15548e0ae3853fc1a6ea605e6b94eff7aa49a34961d7b20b7d27ff6c patch-6.8.1.xz " diff --git a/aports/linux-edge/config-edge.x86_64 b/aports/linux-edge/config-edge.x86_64 index 1e8032a..d0e5076 100644 --- a/aports/linux-edge/config-edge.x86_64 +++ b/aports/linux-edge/config-edge.x86_64 @@ -1,24 +1,25 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 6.5.4 Kernel Configuration +# Linux/x86_64 6.8.1 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (Alpine 12.2.1_git20220924-r10) 12.2.1 20220924" +CONFIG_CC_VERSION_TEXT="gcc (Alpine 13.2.1_git20231014) 13.2.1 20231014" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=120201 +CONFIG_GCC_VERSION=130201 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y -CONFIG_AS_VERSION=24000 +CONFIG_AS_VERSION=24100 CONFIG_LD_IS_BFD=y -CONFIG_LD_VERSION=24000 +CONFIG_LD_VERSION=24100 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y +CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y CONFIG_TOOLS_SUPPORT_RELR=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y -CONFIG_PAHOLE_VERSION=0 +CONFIG_PAHOLE_VERSION=125 CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y @@ -152,8 +153,10 @@ CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_HAS_INT128=y CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" -CONFIG_GCC11_NO_ARRAY_BOUNDS=y +CONFIG_GCC10_NO_ARRAY_BOUNDS=y CONFIG_CC_NO_ARRAY_BOUNDS=y +CONFIG_GCC_NO_STRINGOP_OVERFLOW=y +CONFIG_CC_NO_STRINGOP_OVERFLOW=y CONFIG_ARCH_SUPPORTS_INT128=y # CONFIG_CGROUPS is not set CONFIG_NAMESPACES=y @@ -198,14 +201,13 @@ CONFIG_AIO=y CONFIG_IO_URING=y CONFIG_ADVISE_SYSCALLS=y CONFIG_MEMBARRIER=y +CONFIG_RSEQ=y +CONFIG_CACHESTAT_SYSCALL=y CONFIG_KALLSYMS=y # CONFIG_KALLSYMS_SELFTEST is not set # CONFIG_KALLSYMS_ALL is not set CONFIG_KALLSYMS_BASE_RELATIVE=y CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y -CONFIG_RSEQ=y -CONFIG_CACHESTAT_SYSCALL=y -# CONFIG_EMBEDDED is not set CONFIG_HAVE_PERF_EVENTS=y # @@ -217,6 +219,15 @@ CONFIG_PERF_EVENTS=y CONFIG_SYSTEM_DATA_VERIFICATION=y # CONFIG_PROFILING is not set + +# +# Kexec and crash features +# +CONFIG_CRASH_CORE=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +# end of Kexec and crash features # end of General setup CONFIG_64BIT=y @@ -266,6 +277,7 @@ CONFIG_GENERIC_CPU=y CONFIG_X86_INTERNODE_CACHE_SHIFT=6 CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_TSC=y +CONFIG_X86_HAVE_PAE=y CONFIG_X86_CMPXCHG64=y CONFIG_X86_CMOV=y CONFIG_X86_MINIMUM_CPU_FAMILY=64 @@ -306,7 +318,7 @@ CONFIG_X86_16BIT=y CONFIG_X86_ESPFIX64=y CONFIG_X86_VSYSCALL_EMULATION=y # CONFIG_X86_IOPL_IOPERM is not set -# CONFIG_MICROCODE is not set +CONFIG_MICROCODE=y # CONFIG_X86_MSR is not set # CONFIG_X86_CPUID is not set # CONFIG_X86_5LEVEL is not set @@ -329,6 +341,7 @@ CONFIG_CC_HAS_IBT=y CONFIG_X86_INTEL_TSX_MODE_OFF=y # CONFIG_X86_INTEL_TSX_MODE_ON is not set # CONFIG_X86_INTEL_TSX_MODE_AUTO is not set +# CONFIG_X86_USER_SHADOW_STACK is not set # CONFIG_EFI is not set # CONFIG_HZ_100 is not set # CONFIG_HZ_250 is not set @@ -336,9 +349,16 @@ CONFIG_X86_INTEL_TSX_MODE_OFF=y CONFIG_HZ_1000=y CONFIG_HZ=1000 CONFIG_SCHED_HRTICK=y -# CONFIG_KEXEC is not set -# CONFIG_KEXEC_FILE is not set -# CONFIG_CRASH_DUMP is not set +CONFIG_ARCH_SUPPORTS_KEXEC=y +CONFIG_ARCH_SUPPORTS_KEXEC_FILE=y +CONFIG_ARCH_SUPPORTS_KEXEC_PURGATORY=y +CONFIG_ARCH_SUPPORTS_KEXEC_SIG=y +CONFIG_ARCH_SUPPORTS_KEXEC_SIG_FORCE=y +CONFIG_ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG=y +CONFIG_ARCH_SUPPORTS_KEXEC_JUMP=y +CONFIG_ARCH_SUPPORTS_CRASH_DUMP=y +CONFIG_ARCH_SUPPORTS_CRASH_HOTPLUG=y +CONFIG_ARCH_HAS_GENERIC_CRASHKERNEL_RESERVATION=y CONFIG_PHYSICAL_START=0x1000000 # CONFIG_RELOCATABLE is not set CONFIG_PHYSICAL_ALIGN=0x200000 @@ -358,7 +378,6 @@ CONFIG_FUNCTION_PADDING_CFI=11 CONFIG_FUNCTION_PADDING_BYTES=16 # CONFIG_SPECULATION_MITIGATIONS is not set CONFIG_ARCH_HAS_ADD_PAGES=y -CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y # # Power management and ACPI options @@ -448,11 +467,11 @@ CONFIG_AS_SHA1_NI=y CONFIG_AS_SHA256_NI=y CONFIG_AS_TPAUSE=y CONFIG_AS_GFNI=y +CONFIG_AS_WRUSS=y # # General architecture-dependent options # -CONFIG_CRASH_CORE=y CONFIG_GENERIC_ENTRY=y # CONFIG_KPROBES is not set CONFIG_JUMP_LABEL=y @@ -567,6 +586,7 @@ CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y CONFIG_ARCH_HAS_ELFCORE_COMPAT=y CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y CONFIG_DYNAMIC_SIGFRAME=y +CONFIG_ARCH_HAS_HW_PTE_YOUNG=y CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y # @@ -604,6 +624,7 @@ CONFIG_BLOCK=y # CONFIG_BLOCK_LEGACY_AUTOLOAD is not set # CONFIG_BLK_DEV_BSGLIB is not set # CONFIG_BLK_DEV_INTEGRITY is not set +CONFIG_BLK_DEV_WRITE_MOUNTED=y # CONFIG_BLK_DEV_ZONED is not set # CONFIG_BLK_WBT is not set # CONFIG_BLK_SED_OPAL is not set @@ -659,15 +680,15 @@ CONFIG_COREDUMP=y # CONFIG_SWAP is not set # -# SLAB allocator options +# Slab allocator options # -# CONFIG_SLAB_DEPRECATED is not set CONFIG_SLUB=y CONFIG_SLAB_MERGE_DEFAULT=y # CONFIG_SLAB_FREELIST_RANDOM is not set # CONFIG_SLAB_FREELIST_HARDENED is not set # CONFIG_SLUB_STATS is not set -# end of SLAB allocator options +# CONFIG_RANDOM_KMALLOC_CACHES is not set +# end of Slab allocator options # CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set # CONFIG_COMPAT_BRK is not set @@ -675,11 +696,13 @@ CONFIG_SPARSEMEM=y CONFIG_SPARSEMEM_EXTREME=y CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y CONFIG_SPARSEMEM_VMEMMAP=y -CONFIG_ARCH_WANT_OPTIMIZE_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_DAX_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP=y CONFIG_HAVE_FAST_GUP=y CONFIG_EXCLUSIVE_SYSTEM_RAM=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y # CONFIG_MEMORY_HOTPLUG is not set +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y CONFIG_COMPACTION=y @@ -687,6 +710,7 @@ CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 # CONFIG_PAGE_REPORTING is not set CONFIG_MIGRATION=y CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y +CONFIG_PCP_BATCH_SCALE_MAX=5 CONFIG_PHYS_ADDR_T_64BIT=y # CONFIG_KSM is not set CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 @@ -713,6 +737,7 @@ CONFIG_VM_EVENT_COUNTERS=y # # CONFIG_DMAPOOL_TEST is not set CONFIG_ARCH_HAS_PTE_SPECIAL=y +CONFIG_MEMFD_CREATE=y CONFIG_SECRETMEM=y # CONFIG_ANON_VMA_NAME is not set # CONFIG_USERFAULTFD is not set @@ -730,6 +755,7 @@ CONFIG_LOCK_MM_AND_FIND_VMA=y CONFIG_NET=y CONFIG_NET_INGRESS=y CONFIG_NET_EGRESS=y +CONFIG_NET_XGRESS=y CONFIG_SKB_EXTENSIONS=y # @@ -798,6 +824,7 @@ CONFIG_TCP_CONG_CUBIC=y CONFIG_DEFAULT_CUBIC=y # CONFIG_DEFAULT_RENO is not set CONFIG_DEFAULT_TCP_CONG="cubic" +CONFIG_TCP_SIGPOOL=y CONFIG_TCP_MD5SIG=y CONFIG_IPV6=m # CONFIG_IPV6_ROUTER_PREF is not set @@ -1011,7 +1038,6 @@ CONFIG_IP6_NF_TARGET_NPT=m CONFIG_NF_DEFRAG_IPV6=y # CONFIG_NF_CONNTRACK_BRIDGE is not set -# CONFIG_BPFILTER is not set # CONFIG_IP_DCCP is not set # CONFIG_IP_SCTP is not set # CONFIG_RDS is not set @@ -1288,6 +1314,7 @@ CONFIG_DEV_COREDUMP=y # CONFIG_DEBUG_DEVRES is not set # CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set # CONFIG_TEST_ASYNC_DRIVER_PROBE is not set +CONFIG_GENERIC_CPU_DEVICES=y CONFIG_GENERIC_CPU_AUTOPROBE=y CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_DMA_SHARED_BUFFER=y @@ -1303,6 +1330,11 @@ CONFIG_MHI_BUS=m # CONFIG_MHI_BUS_EP is not set # end of Bus devices +# +# Cache Drivers +# +# end of Cache Drivers + CONFIG_CONNECTOR=y CONFIG_PROC_EVENTS=y @@ -1325,6 +1357,11 @@ CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y # CONFIG_GOOGLE_FIRMWARE is not set # +# Qualcomm firmware drivers +# +# end of Qualcomm firmware drivers + +# # Tegra firmware driver # # end of Tegra firmware driver @@ -1377,6 +1414,7 @@ CONFIG_VIRTIO_BLK=y # CONFIG_DW_XDATA_PCIE is not set # CONFIG_PCI_ENDPOINT_TEST is not set # CONFIG_XILINX_SDFEC is not set +# CONFIG_NSM is not set # CONFIG_C2PORT is not set # @@ -1396,8 +1434,6 @@ CONFIG_EEPROM_93CX6=m # Altera FPGA firmware download module (requires I2C) # # CONFIG_INTEL_MEI is not set -# CONFIG_INTEL_MEI_ME is not set -# CONFIG_INTEL_MEI_TXE is not set # CONFIG_VMWARE_VMCI is not set # CONFIG_GENWQE is not set # CONFIG_ECHO is not set @@ -1495,6 +1531,7 @@ CONFIG_E1000=y # CONFIG_ICE is not set # CONFIG_FM10K is not set # CONFIG_IGC is not set +# CONFIG_IDPF is not set # CONFIG_JME is not set # CONFIG_NET_VENDOR_LITEX is not set # CONFIG_NET_VENDOR_MARVELL is not set @@ -1592,8 +1629,6 @@ CONFIG_ATH11K_PCI=m CONFIG_ATH12K=m # CONFIG_ATH12K_DEBUG is not set CONFIG_WLAN_VENDOR_ATMEL=y -CONFIG_ATMEL=m -CONFIG_PCI_ATMEL=m CONFIG_WLAN_VENDOR_BROADCOM=y CONFIG_B43=m CONFIG_B43_BCMA=y @@ -1630,8 +1665,6 @@ CONFIG_BRCMFMAC_PROTO_MSGBUF=y CONFIG_BRCMFMAC_PCIE=y # CONFIG_BRCM_TRACING is not set # CONFIG_BRCMDBG is not set -CONFIG_WLAN_VENDOR_CISCO=y -CONFIG_AIRO=m CONFIG_WLAN_VENDOR_INTEL=y CONFIG_IPW2100=m # CONFIG_IPW2100_MONITOR is not set @@ -1666,9 +1699,6 @@ CONFIG_IWLWIFI_OPMODE_MODULAR=y # CONFIG_WLAN_VENDOR_INTERSIL is not set CONFIG_WLAN_VENDOR_MARVELL=y -CONFIG_LIBERTAS=m -# CONFIG_LIBERTAS_DEBUG is not set -CONFIG_LIBERTAS_MESH=y CONFIG_LIBERTAS_THINFIRM=m # CONFIG_LIBERTAS_THINFIRM_DEBUG is not set CONFIG_MWIFIEX=m @@ -1679,6 +1709,7 @@ CONFIG_MT76_CORE=m CONFIG_MT76_LEDS=y CONFIG_MT76x02_LIB=m CONFIG_MT76_CONNAC_LIB=m +CONFIG_MT792x_LIB=m CONFIG_MT76x0_COMMON=m CONFIG_MT76x0E=m CONFIG_MT76x2_COMMON=m @@ -1690,6 +1721,8 @@ CONFIG_MT7915E=m CONFIG_MT7921_COMMON=m CONFIG_MT7921E=m CONFIG_MT7996E=m +CONFIG_MT7925_COMMON=m +CONFIG_MT7925E=m CONFIG_WLAN_VENDOR_MICROCHIP=y CONFIG_WLAN_VENDOR_PURELIFI=y CONFIG_WLAN_VENDOR_RALINK=y @@ -1867,7 +1900,6 @@ CONFIG_SERIAL_CORE_CONSOLE=y CONFIG_SERIAL_NONSTANDARD=y # CONFIG_MOXA_INTELLIO is not set # CONFIG_MOXA_SMARTIO is not set -# CONFIG_SYNCLINK_GT is not set # CONFIG_N_HDLC is not set # CONFIG_N_GSM is not set # CONFIG_NOZOMI is not set @@ -1929,6 +1961,7 @@ CONFIG_PTP_1588_CLOCK_OPTIONAL=y # # Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. # +# CONFIG_PTP_1588_CLOCK_MOCK is not set # end of PTP clock support # CONFIG_PINCTRL is not set @@ -1950,7 +1983,6 @@ CONFIG_HWMON=y # CONFIG_SENSORS_K10TEMP is not set # CONFIG_SENSORS_FAM15H_POWER is not set # CONFIG_SENSORS_APPLESMC is not set -# CONFIG_SENSORS_DELL_SMM is not set # CONFIG_SENSORS_I5K_AMB is not set # CONFIG_SENSORS_F71805F is not set # CONFIG_SENSORS_F71882FG is not set @@ -2115,7 +2147,6 @@ CONFIG_BCMA_DRIVER_PCI=y # CONFIG_MFD_RDC321X is not set # CONFIG_MFD_SM501 is not set # CONFIG_MFD_SYSCON is not set -# CONFIG_MFD_TI_AM335X_TSCADC is not set # CONFIG_MFD_TQMX86 is not set # CONFIG_MFD_VX855 is not set # end of Multifunction device drivers @@ -2134,16 +2165,12 @@ CONFIG_BCMA_DRIVER_PCI=y # # Graphics support # +# CONFIG_AUXDISPLAY is not set # CONFIG_AGP is not set # CONFIG_VGA_SWITCHEROO is not set # CONFIG_DRM is not set # -# ARM devices -# -# end of ARM devices - -# # Frame buffer Devices # # CONFIG_FB is not set @@ -2275,7 +2302,6 @@ CONFIG_RTC_DRV_CMOS=y # CONFIG_RTC_DRV_M48T35 is not set # CONFIG_RTC_DRV_M48T59 is not set # CONFIG_RTC_DRV_MSM6242 is not set -# CONFIG_RTC_DRV_BQ4802 is not set # CONFIG_RTC_DRV_RP5C01 is not set # @@ -2301,7 +2327,6 @@ CONFIG_SYNC_FILE=y # CONFIG_DMABUF_SYSFS_STATS is not set # end of DMABUF options -# CONFIG_AUXDISPLAY is not set # CONFIG_UIO is not set # CONFIG_VFIO is not set # CONFIG_VIRT_DRIVERS is not set @@ -2311,6 +2336,7 @@ CONFIG_VIRTIO_PCI_LIB=y CONFIG_VIRTIO_PCI_LIB_LEGACY=y CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_ADMIN_LEGACY=y CONFIG_VIRTIO_PCI_LEGACY=y # CONFIG_VIRTIO_BALLOON is not set CONFIG_VIRTIO_INPUT=y @@ -2333,8 +2359,8 @@ CONFIG_X86_PLATFORM_DEVICES=y # CONFIG_ACPI_WMI is not set # CONFIG_ACERHDF is not set # CONFIG_ACER_WIRELESS is not set -# CONFIG_AMD_PMC is not set # CONFIG_AMD_HSMP is not set +# CONFIG_AMD_WBRF is not set # CONFIG_ADV_SWBUTTON is not set # CONFIG_ASUS_WIRELESS is not set # CONFIG_X86_PLATFORM_DRIVERS_DELL is not set @@ -2347,7 +2373,6 @@ CONFIG_X86_PLATFORM_DEVICES=y # CONFIG_SENSORS_HDAPS is not set # CONFIG_INTEL_ATOMISP2_PM is not set # CONFIG_INTEL_SAR_INT1092 is not set -# CONFIG_INTEL_PMC_CORE is not set # # Intel Speed Select Technology interface support @@ -2375,7 +2400,6 @@ CONFIG_X86_PLATFORM_DEVICES=y # CONFIG_INTEL_SCU_PLATFORM is not set # CONFIG_SIEMENS_SIMATIC_IPC is not set # CONFIG_WINMATE_FM07_KEYS is not set -CONFIG_P2SB=y # CONFIG_COMMON_CLK is not set # CONFIG_HWSPINLOCK is not set @@ -2454,6 +2478,31 @@ CONFIG_QCOM_QMI_HELPERS=m # end of Xilinx SoC drivers # end of SOC (System On Chip) specific Drivers +# +# PM Domains +# + +# +# Amlogic PM Domains +# +# end of Amlogic PM Domains + +# +# Broadcom PM Domains +# +# end of Broadcom PM Domains + +# +# i.MX PM Domains +# +# end of i.MX PM Domains + +# +# Qualcomm PM Domains +# +# end of Qualcomm PM Domains +# end of PM Domains + # CONFIG_PM_DEVFREQ is not set # CONFIG_EXTCON is not set # CONFIG_MEMORY is not set @@ -2492,6 +2541,7 @@ CONFIG_QCOM_QMI_HELPERS=m # # Performance monitor support # +# CONFIG_DWC_PCIE_PMU is not set # end of Performance monitor support # CONFIG_RAS is not set @@ -2507,14 +2557,7 @@ CONFIG_QCOM_QMI_HELPERS=m # CONFIG_DAX is not set CONFIG_NVMEM=y CONFIG_NVMEM_SYSFS=y - -# -# Layout Types -# -# CONFIG_NVMEM_LAYOUT_SL28_VPD is not set -# CONFIG_NVMEM_LAYOUT_ONIE_TLV is not set -# end of Layout Types - +# CONFIG_NVMEM_LAYOUTS is not set # CONFIG_NVMEM_RMEM is not set # @@ -2539,6 +2582,7 @@ CONFIG_NVMEM_SYSFS=y # CONFIG_DCACHE_WORD_ACCESS=y # CONFIG_VALIDATE_FS_PARSER is not set +CONFIG_FS_IOMAP=y # CONFIG_EXT2_FS is not set # CONFIG_EXT3_FS is not set # CONFIG_EXT4_FS is not set @@ -2549,6 +2593,7 @@ CONFIG_DCACHE_WORD_ACCESS=y # CONFIG_BTRFS_FS is not set # CONFIG_NILFS2_FS is not set # CONFIG_F2FS_FS is not set +# CONFIG_BCACHEFS_FS is not set CONFIG_FS_POSIX_ACL=y CONFIG_EXPORTFS=y # CONFIG_EXPORTFS_BLOCK_OPS is not set @@ -2603,11 +2648,11 @@ CONFIG_TMPFS=y CONFIG_TMPFS_POSIX_ACL=y CONFIG_TMPFS_XATTR=y # CONFIG_TMPFS_INODE64 is not set +# CONFIG_TMPFS_QUOTA is not set CONFIG_HUGETLBFS=y +# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set CONFIG_HUGETLB_PAGE=y CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y -# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set -CONFIG_MEMFD_CREATE=y CONFIG_ARCH_HAS_GIGANTIC_PAGE=y # CONFIG_CONFIGFS_FS is not set # end of Pseudo filesystems @@ -2753,6 +2798,13 @@ CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y # CONFIG_ZERO_CALL_USED_REGS is not set # end of Memory initialization +# +# Hardening of kernel data structures +# +# CONFIG_LIST_HARDENED is not set +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# end of Hardening of kernel data structures + CONFIG_RANDSTRUCT_NONE=y # end of Kernel hardening options # end of Security options @@ -2824,14 +2876,12 @@ CONFIG_CRYPTO_AES=y # CONFIG_CRYPTO_ADIANTUM is not set # CONFIG_CRYPTO_CHACHA20 is not set CONFIG_CRYPTO_CBC=y -# CONFIG_CRYPTO_CFB is not set CONFIG_CRYPTO_CTR=y # CONFIG_CRYPTO_CTS is not set -# CONFIG_CRYPTO_ECB is not set +CONFIG_CRYPTO_ECB=y # CONFIG_CRYPTO_HCTR2 is not set # CONFIG_CRYPTO_KEYWRAP is not set # CONFIG_CRYPTO_LRW is not set -# CONFIG_CRYPTO_OFB is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set # end of Length-preserving ciphers and modes @@ -2902,7 +2952,9 @@ CONFIG_CRYPTO_DRBG_HMAC=y # CONFIG_CRYPTO_DRBG_CTR is not set CONFIG_CRYPTO_DRBG=y CONFIG_CRYPTO_JITTERENTROPY=y -# CONFIG_CRYPTO_JITTERENTROPY_TESTINTERFACE is not set +CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKS=64 +CONFIG_CRYPTO_JITTERENTROPY_MEMORY_BLOCKSIZE=32 +CONFIG_CRYPTO_JITTERENTROPY_OSR=1 # end of Random number generation # @@ -3035,13 +3087,13 @@ CONFIG_ZSTD_DECOMPRESS=y CONFIG_XZ_DEC=y CONFIG_XZ_DEC_X86=y CONFIG_XZ_DEC_POWERPC=y -CONFIG_XZ_DEC_IA64=y CONFIG_XZ_DEC_ARM=y CONFIG_XZ_DEC_ARMTHUMB=y CONFIG_XZ_DEC_SPARC=y # CONFIG_XZ_DEC_MICROLZMA is not set CONFIG_XZ_DEC_BCJ=y # CONFIG_XZ_DEC_TEST is not set +CONFIG_XARRAY_MULTI=y CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y CONFIG_HAS_IOPORT=y @@ -3051,6 +3103,7 @@ CONFIG_NEED_SG_DMA_LENGTH=y CONFIG_NEED_DMA_MAP_STATE=y CONFIG_ARCH_DMA_ADDR_T_64BIT=y CONFIG_SWIOTLB=y +# CONFIG_SWIOTLB_DYNAMIC is not set # CONFIG_DMA_API_DEBUG is not set CONFIG_SGL_ALLOC=y CONFIG_DQL=y @@ -3069,9 +3122,13 @@ CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y CONFIG_ARCH_HAS_COPY_MC=y CONFIG_ARCH_STACKWALK=y CONFIG_STACKDEPOT=y +CONFIG_STACKDEPOT_MAX_FRAMES=64 CONFIG_SBITMAP=y +# CONFIG_LWQ_TEST is not set # end of Library routines +CONFIG_FIRMWARE_TABLE=y + # # Kernel hacking # @@ -3098,7 +3155,7 @@ CONFIG_DEBUG_MISC=y # # Compile-time checks and compiler options # -CONFIG_AS_HAS_NON_CONST_LEB128=y +CONFIG_AS_HAS_NON_CONST_ULEB128=y CONFIG_DEBUG_INFO_NONE=y # CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set # CONFIG_DEBUG_INFO_DWARF4 is not set @@ -3231,12 +3288,9 @@ CONFIG_STACKTRACE=y # CONFIG_DEBUG_PLIST is not set # CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_NOTIFIERS is not set -# CONFIG_BUG_ON_DATA_CORRUPTION is not set # CONFIG_DEBUG_MAPLE_TREE is not set # end of Debug kernel data structures -# CONFIG_DEBUG_CREDENTIALS is not set - # # RCU Debugging # diff --git a/aports/linux-lts/0004-objtool-respect-AWK-setting.patch b/aports/linux-lts/0004-objtool-respect-AWK-setting.patch new file mode 100644 index 0000000..7c04574 --- /dev/null +++ b/aports/linux-lts/0004-objtool-respect-AWK-setting.patch @@ -0,0 +1,26 @@ +From dc34b09b20b7aa88ca55742a113d223f33c09c32 Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Tue, 28 Nov 2023 14:22:46 +0100 +Subject: [PATCH 4/5] objtool: respect AWK setting + +AWK= is not passed on as an makefile argument so we need pass it as an env. +--- + tools/objtool/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/objtool/Makefile b/tools/objtool/Makefile +index 83b100c1e7f6..6ccddfa6de4f 100644 +--- a/tools/objtool/Makefile ++++ b/tools/objtool/Makefile +@@ -42,7 +42,7 @@ OBJTOOL_CFLAGS += $(if $(elfshdr),,-DLIBELF_USE_DEPRECATED) + # Always want host compilation. + HOST_OVERRIDES := CC="$(HOSTCC)" LD="$(HOSTLD)" AR="$(HOSTAR)" + +-AWK = awk ++AWK ?= awk + MKDIR = mkdir + + ifeq ($(V),1) +-- +2.43.0 + diff --git a/aports/linux-lts/APKBUILD b/aports/linux-lts/APKBUILD index 6338162..b3b604c 100644 --- a/aports/linux-lts/APKBUILD +++ b/aports/linux-lts/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=linux-lts -pkgver=6.1.54 +pkgver=6.6.22 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=$pkgver;; @@ -12,11 +12,11 @@ url="https://www.kernel.org" depends= _depends_dev="perl gmp-dev mpc1-dev mpfr-dev elfutils-dev bash flex bison zstd" makedepends="$_depends_dev sed installkernel bc linux-headers linux-firmware-any openssl-dev>3 mawk - diffutils findutils zstd pahole>=1.25 python3" + diffutils findutils zstd pahole>=1.25 python3 gcc>=13.1.1_git20230624" options="!strip" install= source="https://cdn.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.tar.xz - awk.patch + 0004-objtool-respect-AWK-setting.patch config-lts.x86_64 " subpackages="$pkgname-dev:_dev:$CBUILD_ARCH" @@ -161,8 +161,8 @@ _dev() { } sha512sums=" -6ed2a73c2699d0810e54753715635736fc370288ad5ce95c594f2379959b0e418665cd71bc512a0273fe226fe90074d8b10d14c209080a6466498417a4fdda68 linux-6.1.tar.xz -3816cfc8dd14d1c5ced05bbf19b099472c9bbbd1abced32cbb4b6b5baecfaa28c345e4e522648837d98e5bc7c311810cae9160f4c91019bb857a3857076b8e0e awk.patch -005a39a389103fb4515ee8d8cb74092afaf7a1c2d871189fe7296aba4e272485afa574aa9fde5f9d35e97fda3e5930556ad68d83726b5a26e0c0df9fa35c84d4 config-lts.x86_64 -adf488c3d4ef31d011501f91474d9863fc95f402dc2dca5a07a8a9a38101775916d8442962a64e6353152f10e79410bc7a6b2a2eb84e9be993ca2c2334fbb5f9 patch-6.1.54.xz +458b2c34d46206f9b4ccbac54cc57aeca1eaecaf831bc441e59701bac6eadffc17f6ce24af6eadd0454964e843186539ac0d63295ad2cc32d112b60360c39a35 linux-6.6.tar.xz +2956050bb332411d00a285e9656618f2e34b631492bbc19bef54d83a6e91b8531f4e18830b9313cfe52fbf8a8ca6fb76cf55b3ddd146ca3b977046cf2fd10cad 0004-objtool-respect-AWK-setting.patch +05b1850bbb4debab6a22b810142caafc29e8b1f0331dc85e0be9ec92c08273224605473f3101059e96d2ba73c56a22b27d81909e2297754a92631ce68594b195 config-lts.x86_64 +c8fa43287ef9b4c3e08d9b89f927b2220c3cd7d62b2643f6f098daee2fcfbc9d42a417f449cc311fea960651ba97a4c8cf823baaaa27024611874ee6bf466f86 patch-6.6.22.xz " diff --git a/aports/linux-lts/awk.patch b/aports/linux-lts/awk.patch deleted file mode 100644 index b73f69b..0000000 --- a/aports/linux-lts/awk.patch +++ /dev/null @@ -1,15 +0,0 @@ -tools/objtool does not pass AWK= as an makefile argument so we need pass it as an env. - -diff --git a/tools/objtool/Makefile b/tools/objtool/Makefile -index 92ce4fc..cfedb0c 100644 ---- a/tools/objtool/Makefile -+++ b/tools/objtool/Makefile -@@ -37,7 +37,7 @@ LDFLAGS += $(LIBELF_LIBS) $(LIBSUBCMD) $(KBUILD_HOSTLDFLAGS) - elfshdr := $(shell echo '$(pound)include <libelf.h>' | $(CC) $(CFLAGS) -x c -E - | grep elf_getshdr) - CFLAGS += $(if $(elfshdr),,-DLIBELF_USE_DEPRECATED) - --AWK = awk -+AWK ?= awk - - SUBCMD_CHECK := n - SUBCMD_ORC := n diff --git a/aports/linux-lts/config-lts.x86_64 b/aports/linux-lts/config-lts.x86_64 index 4726d34..0bfd154 100644 --- a/aports/linux-lts/config-lts.x86_64 +++ b/aports/linux-lts/config-lts.x86_64 @@ -1,20 +1,22 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 6.1.54 Kernel Configuration +# Linux/x86_64 6.6.22 Kernel Configuration # -CONFIG_CC_VERSION_TEXT="gcc (Alpine 12.2.1_git20220924-r10) 12.2.1 20220924" +CONFIG_CC_VERSION_TEXT="gcc (Alpine 13.2.1_git20231014) 13.2.1 20231014" CONFIG_CC_IS_GCC=y -CONFIG_GCC_VERSION=120201 +CONFIG_GCC_VERSION=130201 CONFIG_CLANG_VERSION=0 CONFIG_AS_IS_GNU=y -CONFIG_AS_VERSION=24000 +CONFIG_AS_VERSION=24100 CONFIG_LD_IS_BFD=y -CONFIG_LD_VERSION=24000 +CONFIG_LD_VERSION=24100 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y +CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y +CONFIG_TOOLS_SUPPORT_RELR=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y CONFIG_PAHOLE_VERSION=0 @@ -68,7 +70,6 @@ CONFIG_HARDIRQS_SW_RESEND=y CONFIG_IRQ_DOMAIN=y CONFIG_IRQ_DOMAIN_HIERARCHY=y CONFIG_GENERIC_MSI_IRQ=y -CONFIG_GENERIC_MSI_IRQ_DOMAIN=y CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y CONFIG_GENERIC_IRQ_RESERVATION_MODE=y CONFIG_IRQ_FORCED_THREADING=y @@ -135,14 +136,12 @@ CONFIG_TASK_IO_ACCOUNTING=y # CONFIG_TINY_RCU=y # CONFIG_RCU_EXPERT is not set -CONFIG_SRCU=y CONFIG_TINY_SRCU=y # end of RCU Subsystem # CONFIG_IKCONFIG is not set # CONFIG_IKHEADERS is not set CONFIG_LOG_BUF_SHIFT=18 -CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y # @@ -167,7 +166,6 @@ CONFIG_NAMESPACES=y # CONFIG_NET_NS is not set # CONFIG_CHECKPOINT_RESTORE is not set # CONFIG_SCHED_AUTOGROUP is not set -# CONFIG_SYSFS_DEPRECATED is not set CONFIG_RELAY=y # CONFIG_BLK_DEV_INITRD is not set # CONFIG_BOOT_CONFIG is not set @@ -175,6 +173,7 @@ CONFIG_RELAY=y CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_LD_ORPHAN_WARN=y +CONFIG_LD_ORPHAN_WARN_LEVEL="warn" CONFIG_SYSCTL=y CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_HAVE_PCSPKR_PLATFORM=y @@ -201,11 +200,12 @@ CONFIG_IO_URING=y CONFIG_ADVISE_SYSCALLS=y CONFIG_MEMBARRIER=y CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_SELFTEST is not set # CONFIG_KALLSYMS_ALL is not set CONFIG_KALLSYMS_BASE_RELATIVE=y CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y CONFIG_RSEQ=y -# CONFIG_EMBEDDED is not set +CONFIG_CACHESTAT_SYSCALL=y CONFIG_HAVE_PERF_EVENTS=y # @@ -217,6 +217,15 @@ CONFIG_PERF_EVENTS=y CONFIG_SYSTEM_DATA_VERIFICATION=y # CONFIG_PROFILING is not set + +# +# Kexec and crash features +# +CONFIG_CRASH_CORE=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +# end of Kexec and crash features # end of General setup CONFIG_64BIT=y @@ -238,7 +247,6 @@ CONFIG_ARCH_MAY_HAVE_PC_FDC=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_ARCH_HAS_CPU_RELAX=y CONFIG_ARCH_HIBERNATION_POSSIBLE=y -CONFIG_ARCH_NR_GPIO=1024 CONFIG_ARCH_SUSPEND_POSSIBLE=y CONFIG_AUDIT_ARCH=y CONFIG_ARCH_SUPPORTS_UPROBES=y @@ -250,7 +258,6 @@ CONFIG_CC_HAS_SANE_STACKPROTECTOR=y # Processor type and features # # CONFIG_SMP is not set -CONFIG_X86_FEATURE_NAMES=y # CONFIG_X86_MPPARSE is not set # CONFIG_GOLDFISH is not set # CONFIG_X86_CPU_RESCTRL is not set @@ -308,12 +315,12 @@ CONFIG_X86_16BIT=y CONFIG_X86_ESPFIX64=y CONFIG_X86_VSYSCALL_EMULATION=y # CONFIG_X86_IOPL_IOPERM is not set -# CONFIG_MICROCODE is not set +CONFIG_MICROCODE=y +# CONFIG_MICROCODE_LATE_LOADING is not set # CONFIG_X86_MSR is not set # CONFIG_X86_CPUID is not set # CONFIG_X86_5LEVEL is not set CONFIG_X86_DIRECT_GBPAGES=y -# CONFIG_AMD_MEM_ENCRYPT is not set CONFIG_ARCH_SPARSEMEM_ENABLE=y CONFIG_ARCH_SPARSEMEM_DEFAULT=y CONFIG_ARCH_PROC_KCORE_TEXT=y @@ -332,6 +339,7 @@ CONFIG_CC_HAS_IBT=y CONFIG_X86_INTEL_TSX_MODE_OFF=y # CONFIG_X86_INTEL_TSX_MODE_ON is not set # CONFIG_X86_INTEL_TSX_MODE_AUTO is not set +# CONFIG_X86_USER_SHADOW_STACK is not set # CONFIG_EFI is not set # CONFIG_HZ_100 is not set # CONFIG_HZ_250 is not set @@ -339,12 +347,19 @@ CONFIG_X86_INTEL_TSX_MODE_OFF=y CONFIG_HZ_1000=y CONFIG_HZ=1000 CONFIG_SCHED_HRTICK=y -# CONFIG_KEXEC is not set -# CONFIG_KEXEC_FILE is not set -# CONFIG_CRASH_DUMP is not set +CONFIG_ARCH_SUPPORTS_KEXEC=y +CONFIG_ARCH_SUPPORTS_KEXEC_FILE=y +CONFIG_ARCH_SUPPORTS_KEXEC_PURGATORY=y +CONFIG_ARCH_SUPPORTS_KEXEC_SIG=y +CONFIG_ARCH_SUPPORTS_KEXEC_SIG_FORCE=y +CONFIG_ARCH_SUPPORTS_KEXEC_BZIMAGE_VERIFY_SIG=y +CONFIG_ARCH_SUPPORTS_KEXEC_JUMP=y +CONFIG_ARCH_SUPPORTS_CRASH_DUMP=y +CONFIG_ARCH_SUPPORTS_CRASH_HOTPLUG=y CONFIG_PHYSICAL_START=0x1000000 # CONFIG_RELOCATABLE is not set CONFIG_PHYSICAL_ALIGN=0x200000 +# CONFIG_ADDRESS_MASKING is not set CONFIG_LEGACY_VSYSCALL_XONLY=y # CONFIG_LEGACY_VSYSCALL_NONE is not set # CONFIG_CMDLINE_BOOL is not set @@ -355,9 +370,11 @@ CONFIG_HAVE_LIVEPATCH=y CONFIG_CC_HAS_SLS=y CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_CC_HAS_ENTRY_PADDING=y +CONFIG_FUNCTION_PADDING_CFI=11 +CONFIG_FUNCTION_PADDING_BYTES=16 # CONFIG_SPECULATION_MITIGATIONS is not set CONFIG_ARCH_HAS_ADD_PAGES=y -CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y # # Power management and ACPI options @@ -402,6 +419,7 @@ CONFIG_HAVE_ACPI_APEI_NMI=y # CONFIG_ACPI_DPTF is not set # CONFIG_ACPI_CONFIGFS is not set # CONFIG_ACPI_PFRUT is not set +# CONFIG_ACPI_FFH is not set # CONFIG_PMIC_OPREGION is not set CONFIG_X86_PM_TIMER=y @@ -445,11 +463,12 @@ CONFIG_AS_AVX512=y CONFIG_AS_SHA1_NI=y CONFIG_AS_SHA256_NI=y CONFIG_AS_TPAUSE=y +CONFIG_AS_GFNI=y +CONFIG_AS_WRUSS=y # # General architecture-dependent options # -CONFIG_CRASH_CORE=y CONFIG_GENERIC_ENTRY=y # CONFIG_KPROBES is not set CONFIG_JUMP_LABEL=y @@ -492,7 +511,9 @@ CONFIG_HAVE_PERF_USER_STACK_DUMP=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y CONFIG_MMU_GATHER_MERGE_VMAS=y +CONFIG_MMU_LAZY_TLB_REFCOUNT=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_ARCH_HAS_NMI_SAFE_THIS_CPU_OPS=y CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y CONFIG_HAVE_CMPXCHG_LOCAL=y CONFIG_HAVE_CMPXCHG_DOUBLE=y @@ -572,6 +593,9 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y CONFIG_HAVE_GCC_PLUGINS=y # CONFIG_GCC_PLUGINS is not set +CONFIG_FUNCTION_ALIGNMENT_4B=y +CONFIG_FUNCTION_ALIGNMENT_16B=y +CONFIG_FUNCTION_ALIGNMENT=16 # end of General architecture-dependent options CONFIG_RT_MUTEXES=y @@ -653,12 +677,13 @@ CONFIG_COREDUMP=y # # SLAB allocator options # -# CONFIG_SLAB is not set +# CONFIG_SLAB_DEPRECATED is not set CONFIG_SLUB=y CONFIG_SLAB_MERGE_DEFAULT=y # CONFIG_SLAB_FREELIST_RANDOM is not set # CONFIG_SLAB_FREELIST_HARDENED is not set # CONFIG_SLUB_STATS is not set +# CONFIG_RANDOM_KMALLOC_CACHES is not set # end of SLAB allocator options # CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set @@ -667,10 +692,13 @@ CONFIG_SPARSEMEM=y CONFIG_SPARSEMEM_EXTREME=y CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_DAX_VMEMMAP=y +CONFIG_ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP=y CONFIG_HAVE_FAST_GUP=y CONFIG_EXCLUSIVE_SYSTEM_RAM=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y # CONFIG_MEMORY_HOTPLUG is not set +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y CONFIG_COMPACTION=y @@ -702,11 +730,14 @@ CONFIG_VM_EVENT_COUNTERS=y # # GUP_TEST needs to have DEBUG_FS enabled # +# CONFIG_DMAPOOL_TEST is not set CONFIG_ARCH_HAS_PTE_SPECIAL=y +CONFIG_MEMFD_CREATE=y CONFIG_SECRETMEM=y # CONFIG_ANON_VMA_NAME is not set # CONFIG_USERFAULTFD is not set # CONFIG_LRU_GEN is not set +CONFIG_ARCH_SUPPORTS_PER_VMA_LOCK=y CONFIG_LOCK_MM_AND_FIND_VMA=y # @@ -719,6 +750,7 @@ CONFIG_LOCK_MM_AND_FIND_VMA=y CONFIG_NET=y CONFIG_NET_INGRESS=y CONFIG_NET_EGRESS=y +CONFIG_NET_XGRESS=y CONFIG_SKB_EXTENSIONS=y # @@ -962,7 +994,6 @@ CONFIG_IP_NF_TARGET_MASQUERADE=m # CONFIG_IP_NF_TARGET_NETMAP is not set # CONFIG_IP_NF_TARGET_REDIRECT is not set CONFIG_IP_NF_MANGLE=y -# CONFIG_IP_NF_TARGET_CLUSTERIP is not set # CONFIG_IP_NF_TARGET_ECN is not set # CONFIG_IP_NF_TARGET_TTL is not set # CONFIG_IP_NF_RAW is not set @@ -1023,7 +1054,6 @@ CONFIG_NET_SCHED=y # # Queueing/Scheduling # -# CONFIG_NET_SCH_CBQ is not set # CONFIG_NET_SCH_HTB is not set # CONFIG_NET_SCH_HFSC is not set # CONFIG_NET_SCH_PRIO is not set @@ -1037,7 +1067,6 @@ CONFIG_NET_SCHED=y # CONFIG_NET_SCH_ETF is not set # CONFIG_NET_SCH_TAPRIO is not set # CONFIG_NET_SCH_GRED is not set -# CONFIG_NET_SCH_DSMARK is not set # CONFIG_NET_SCH_NETEM is not set # CONFIG_NET_SCH_DRR is not set # CONFIG_NET_SCH_MQPRIO is not set @@ -1063,8 +1092,6 @@ CONFIG_NET_CLS=y # CONFIG_NET_CLS_ROUTE4 is not set # CONFIG_NET_CLS_FW is not set # CONFIG_NET_CLS_U32 is not set -# CONFIG_NET_CLS_RSVP is not set -# CONFIG_NET_CLS_RSVP6 is not set # CONFIG_NET_CLS_FLOW is not set # CONFIG_NET_CLS_BPF is not set # CONFIG_NET_CLS_FLOWER is not set @@ -1112,6 +1139,7 @@ CONFIG_QRTR=m # CONFIG_QRTR_TUN is not set CONFIG_QRTR_MHI=m # CONFIG_NET_NCSI is not set +CONFIG_MAX_SKB_FRAGS=17 CONFIG_NET_RX_BUSY_POLL=y CONFIG_BQL=y @@ -1173,6 +1201,8 @@ CONFIG_NET_9P_VIRTIO=y # CONFIG_NET_IFE is not set # CONFIG_LWTUNNEL is not set CONFIG_GRO_CELLS=y +CONFIG_PAGE_POOL=y +# CONFIG_PAGE_POOL_STATS is not set CONFIG_FAILOVER=y CONFIG_ETHTOOL_NETLINK=y @@ -1195,7 +1225,6 @@ CONFIG_PCIEASPM_DEFAULT=y CONFIG_PCIE_PME=y # CONFIG_PCIE_PTM is not set CONFIG_PCI_MSI=y -CONFIG_PCI_MSI_IRQ_DOMAIN=y CONFIG_PCI_QUIRKS=y # CONFIG_PCI_DEBUG is not set # CONFIG_PCI_STUB is not set @@ -1219,21 +1248,21 @@ CONFIG_HOTPLUG_PCI_ACPI=y # CONFIG_VMD is not set # -# DesignWare PCI Core Support +# Cadence-based PCIe controllers # -# CONFIG_PCIE_DW_PLAT_HOST is not set -# CONFIG_PCI_MESON is not set -# end of DesignWare PCI Core Support +# end of Cadence-based PCIe controllers # -# Mobiveil PCIe Core Support +# DesignWare-based PCIe controllers # -# end of Mobiveil PCIe Core Support +# CONFIG_PCI_MESON is not set +# CONFIG_PCIE_DW_PLAT_HOST is not set +# end of DesignWare-based PCIe controllers # -# Cadence PCIe controllers support +# Mobiveil-based PCIe controllers # -# end of Cadence PCIe controllers support +# end of Mobiveil-based PCIe controllers # end of PCI controller drivers # @@ -1284,6 +1313,7 @@ CONFIG_GENERIC_CPU_AUTOPROBE=y CONFIG_GENERIC_CPU_VULNERABILITIES=y CONFIG_DMA_SHARED_BUFFER=y # CONFIG_DMA_FENCE_TRACE is not set +# CONFIG_FW_DEVLINK_SYNC_STATE_TIMEOUT is not set # end of Generic Driver Options # @@ -1294,6 +1324,11 @@ CONFIG_MHI_BUS=m # CONFIG_MHI_BUS_EP is not set # end of Bus devices +# +# Cache Drivers +# +# end of Cache Drivers + CONFIG_CONNECTOR=y CONFIG_PROC_EVENTS=y @@ -1395,7 +1430,6 @@ CONFIG_EEPROM_93CX6=m # CONFIG_BCM_VK is not set # CONFIG_MISC_ALCOR_PCI is not set # CONFIG_MISC_RTSX_PCI is not set -# CONFIG_HABANA_AI is not set # CONFIG_PVPANIC is not set # end of Misc devices @@ -1480,7 +1514,6 @@ CONFIG_E1000=y # CONFIG_E1000E is not set # CONFIG_IGB is not set # CONFIG_IGBVF is not set -# CONFIG_IXGB is not set # CONFIG_IXGBE is not set # CONFIG_IXGBEVF is not set # CONFIG_I40E is not set @@ -1488,7 +1521,6 @@ CONFIG_E1000=y # CONFIG_ICE is not set # CONFIG_FM10K is not set # CONFIG_IGC is not set -# CONFIG_NET_VENDOR_WANGXUN is not set # CONFIG_JME is not set # CONFIG_NET_VENDOR_LITEX is not set # CONFIG_NET_VENDOR_MARVELL is not set @@ -1529,6 +1561,7 @@ CONFIG_E1000=y # CONFIG_NET_VENDOR_TI is not set # CONFIG_NET_VENDOR_VERTEXCOM is not set # CONFIG_NET_VENDOR_VIA is not set +# CONFIG_NET_VENDOR_WANGXUN is not set # CONFIG_NET_VENDOR_WIZNET is not set # CONFIG_NET_VENDOR_XILINX is not set # CONFIG_FDDI is not set @@ -1582,6 +1615,8 @@ CONFIG_WCN36XX=m CONFIG_ATH11K=m CONFIG_ATH11K_PCI=m # CONFIG_ATH11K_DEBUG is not set +CONFIG_ATH12K=m +# CONFIG_ATH12K_DEBUG is not set CONFIG_WLAN_VENDOR_ATMEL=y CONFIG_ATMEL=m CONFIG_PCI_ATMEL=m @@ -1670,6 +1705,7 @@ CONFIG_MT76_CORE=m CONFIG_MT76_LEDS=y CONFIG_MT76x02_LIB=m CONFIG_MT76_CONNAC_LIB=m +CONFIG_MT792x_LIB=m CONFIG_MT76x0_COMMON=m CONFIG_MT76x0E=m CONFIG_MT76x2_COMMON=m @@ -1680,6 +1716,7 @@ CONFIG_MT7615E=m CONFIG_MT7915E=m CONFIG_MT7921_COMMON=m CONFIG_MT7921E=m +CONFIG_MT7996E=m CONFIG_WLAN_VENDOR_MICROCHIP=y CONFIG_WLAN_VENDOR_PURELIFI=y CONFIG_WLAN_VENDOR_RALINK=y @@ -1806,6 +1843,7 @@ CONFIG_HW_CONSOLE=y # CONFIG_VT_HW_CONSOLE_BINDING is not set CONFIG_UNIX98_PTYS=y # CONFIG_LEGACY_PTYS is not set +CONFIG_LEGACY_TIOCSTI=y CONFIG_LDISC_AUTOLOAD=y # @@ -1818,12 +1856,14 @@ CONFIG_SERIAL_8250_PNP=y # CONFIG_SERIAL_8250_16550A_VARIANTS is not set # CONFIG_SERIAL_8250_FINTEK is not set CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_PCILIB=y CONFIG_SERIAL_8250_PCI=y CONFIG_SERIAL_8250_EXAR=y CONFIG_SERIAL_8250_NR_UARTS=32 CONFIG_SERIAL_8250_RUNTIME_UARTS=4 CONFIG_SERIAL_8250_EXTENDED=y CONFIG_SERIAL_8250_MANY_PORTS=y +# CONFIG_SERIAL_8250_PCI1XXXX is not set CONFIG_SERIAL_8250_SHARE_IRQ=y CONFIG_SERIAL_8250_DETECT_IRQ=y CONFIG_SERIAL_8250_RSA=y @@ -1854,7 +1894,6 @@ CONFIG_SERIAL_CORE_CONSOLE=y CONFIG_SERIAL_NONSTANDARD=y # CONFIG_MOXA_INTELLIO is not set # CONFIG_MOXA_SMARTIO is not set -# CONFIG_SYNCLINK_GT is not set # CONFIG_N_HDLC is not set # CONFIG_N_GSM is not set # CONFIG_NOZOMI is not set @@ -1881,8 +1920,6 @@ CONFIG_HPET=y # CONFIG_TCG_TPM is not set # CONFIG_TELCLOCK is not set # CONFIG_XILLYBUS is not set -# CONFIG_RANDOM_TRUST_CPU is not set -# CONFIG_RANDOM_TRUST_BOOTLOADER is not set # end of Character devices # @@ -1918,6 +1955,7 @@ CONFIG_PTP_1588_CLOCK_OPTIONAL=y # # Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. # +# CONFIG_PTP_1588_CLOCK_MOCK is not set # end of PTP clock support # CONFIG_PINCTRL is not set @@ -1953,6 +1991,7 @@ CONFIG_HWMON=y # CONFIG_SENSORS_NCT6683 is not set # CONFIG_SENSORS_NCT6775 is not set # CONFIG_SENSORS_NPCM7XX is not set +# CONFIG_SENSORS_OXP is not set # CONFIG_SENSORS_SIS5595 is not set # CONFIG_SENSORS_SMSC47M1 is not set # CONFIG_SENSORS_SMSC47B397 is not set @@ -1991,6 +2030,7 @@ CONFIG_THERMAL_GOV_USER_SPACE=y # # CONFIG_INTEL_POWERCLAMP is not set CONFIG_X86_THERMAL_VECTOR=y +CONFIG_INTEL_TCC=y CONFIG_X86_PKG_TEMP_THERMAL=m # CONFIG_INTEL_SOC_DTS_THERMAL is not set @@ -2028,6 +2068,7 @@ CONFIG_WATCHDOG_OPEN_TIMEOUT=0 # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_ACQUIRE_WDT is not set # CONFIG_ADVANTECH_WDT is not set +# CONFIG_ADVANTECH_EC_WDT is not set # CONFIG_ALIM1535_WDT is not set # CONFIG_ALIM7101_WDT is not set # CONFIG_EBC_C384_WDT is not set @@ -2090,7 +2131,6 @@ CONFIG_BCMA_DRIVER_PCI=y # Multifunction device drivers # # CONFIG_MFD_MADERA is not set -# CONFIG_HTC_PASIC3 is not set # CONFIG_LPC_ICH is not set # CONFIG_LPC_SCH is not set # CONFIG_MFD_INTEL_LPSS_ACPI is not set @@ -2102,7 +2142,6 @@ CONFIG_BCMA_DRIVER_PCI=y # CONFIG_MFD_RDC321X is not set # CONFIG_MFD_SM501 is not set # CONFIG_MFD_SYSCON is not set -# CONFIG_MFD_TI_AM335X_TSCADC is not set # CONFIG_MFD_TQMX86 is not set # CONFIG_MFD_VX855 is not set # end of Multifunction device drivers @@ -2121,16 +2160,12 @@ CONFIG_BCMA_DRIVER_PCI=y # # Graphics support # +# CONFIG_AUXDISPLAY is not set # CONFIG_AGP is not set # CONFIG_VGA_SWITCHEROO is not set # CONFIG_DRM is not set # -# ARM devices -# -# end of ARM devices - -# # Frame buffer Devices # # CONFIG_FB is not set @@ -2154,19 +2189,7 @@ CONFIG_DUMMY_CONSOLE_ROWS=25 # end of Graphics support # CONFIG_SOUND is not set - -# -# HID support -# -# CONFIG_HID is not set - -# -# Intel ISH HID support -# -# CONFIG_INTEL_ISH_HID is not set -# end of Intel ISH HID support -# end of HID support - +# CONFIG_HID_SUPPORT is not set CONFIG_USB_OHCI_LITTLE_ENDIAN=y # CONFIG_USB_SUPPORT is not set # CONFIG_MMC is not set @@ -2190,7 +2213,6 @@ CONFIG_LEDS_CLASS=y # CONFIG_LEDS_MLXREG is not set # CONFIG_LEDS_USER is not set # CONFIG_LEDS_NIC78BX is not set -# CONFIG_LEDS_TI_LMU_COMMON is not set # # Flash and Torch LED drivers @@ -2275,9 +2297,7 @@ CONFIG_RTC_DRV_CMOS=y # CONFIG_RTC_DRV_M48T35 is not set # CONFIG_RTC_DRV_M48T59 is not set # CONFIG_RTC_DRV_MSM6242 is not set -# CONFIG_RTC_DRV_BQ4802 is not set # CONFIG_RTC_DRV_RP5C01 is not set -# CONFIG_RTC_DRV_V3020 is not set # # on-CPU RTC drivers @@ -2302,7 +2322,6 @@ CONFIG_SYNC_FILE=y # CONFIG_DMABUF_SYSFS_STATS is not set # end of DMABUF options -# CONFIG_AUXDISPLAY is not set # CONFIG_UIO is not set # CONFIG_VFIO is not set # CONFIG_VIRT_DRIVERS is not set @@ -2334,7 +2353,6 @@ CONFIG_X86_PLATFORM_DEVICES=y # CONFIG_ACPI_WMI is not set # CONFIG_ACERHDF is not set # CONFIG_ACER_WIRELESS is not set -# CONFIG_AMD_PMC is not set # CONFIG_AMD_HSMP is not set # CONFIG_ADV_SWBUTTON is not set # CONFIG_ASUS_WIRELESS is not set @@ -2376,7 +2394,6 @@ CONFIG_X86_PLATFORM_DEVICES=y # CONFIG_INTEL_SCU_PLATFORM is not set # CONFIG_SIEMENS_SIMATIC_IPC is not set # CONFIG_WINMATE_FM07_KEYS is not set -CONFIG_P2SB=y # CONFIG_COMMON_CLK is not set # CONFIG_HWSPINLOCK is not set @@ -2439,6 +2456,8 @@ CONFIG_CLKBLD_I8253=y # # end of Enable LiteX SoC Builder specific drivers +# CONFIG_WPCM450_SOC is not set + # # Qualcomm SoC drivers # @@ -2506,6 +2525,14 @@ CONFIG_QCOM_QMI_HELPERS=m # CONFIG_DAX is not set CONFIG_NVMEM=y CONFIG_NVMEM_SYSFS=y + +# +# Layout Types +# +# CONFIG_NVMEM_LAYOUT_SL28_VPD is not set +# CONFIG_NVMEM_LAYOUT_ONIE_TLV is not set +# end of Layout Types + # CONFIG_NVMEM_RMEM is not set # @@ -2530,6 +2557,7 @@ CONFIG_NVMEM_SYSFS=y # CONFIG_DCACHE_WORD_ACCESS=y # CONFIG_VALIDATE_FS_PARSER is not set +CONFIG_FS_IOMAP=y # CONFIG_EXT2_FS is not set # CONFIG_EXT3_FS is not set # CONFIG_EXT4_FS is not set @@ -2550,7 +2578,6 @@ CONFIG_FILE_LOCKING=y # CONFIG_INOTIFY_USER is not set # CONFIG_FANOTIFY is not set # CONFIG_QUOTA is not set -# CONFIG_AUTOFS4_FS is not set # CONFIG_AUTOFS_FS is not set # CONFIG_FUSE_FS is not set # CONFIG_OVERLAY_FS is not set @@ -2595,12 +2622,11 @@ CONFIG_TMPFS=y CONFIG_TMPFS_POSIX_ACL=y CONFIG_TMPFS_XATTR=y # CONFIG_TMPFS_INODE64 is not set +# CONFIG_TMPFS_QUOTA is not set CONFIG_HUGETLBFS=y CONFIG_HUGETLB_PAGE=y -CONFIG_ARCH_WANT_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y # CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set -CONFIG_MEMFD_CREATE=y CONFIG_ARCH_HAS_GIGANTIC_PAGE=y # CONFIG_CONFIGFS_FS is not set # end of Pseudo filesystems @@ -2620,8 +2646,10 @@ CONFIG_SQUASHFS=y CONFIG_SQUASHFS_FILE_CACHE=y # CONFIG_SQUASHFS_FILE_DIRECT is not set CONFIG_SQUASHFS_DECOMP_SINGLE=y -# CONFIG_SQUASHFS_DECOMP_MULTI is not set -# CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU is not set +# CONFIG_SQUASHFS_CHOICE_DECOMP_BY_MOUNT is not set +CONFIG_SQUASHFS_COMPILE_DECOMP_SINGLE=y +# CONFIG_SQUASHFS_COMPILE_DECOMP_MULTI is not set +# CONFIG_SQUASHFS_COMPILE_DECOMP_MULTI_PERCPU is not set # CONFIG_SQUASHFS_XATTR is not set CONFIG_SQUASHFS_ZLIB=y CONFIG_SQUASHFS_LZ4=y @@ -2719,7 +2747,6 @@ CONFIG_KEYS=y # CONFIG_SECURITY_DMESG_RESTRICT is not set # CONFIG_SECURITY is not set # CONFIG_SECURITYFS is not set -CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y # CONFIG_HARDENED_USERCOPY is not set # CONFIG_FORTIFY_SOURCE is not set # CONFIG_STATIC_USERMODEHELPER is not set @@ -2745,6 +2772,13 @@ CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y # CONFIG_ZERO_CALL_USED_REGS is not set # end of Memory initialization +# +# Hardening of kernel data structures +# +# CONFIG_LIST_HARDENED is not set +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# end of Hardening of kernel data structures + CONFIG_RANDSTRUCT_NONE=y # end of Kernel hardening options # end of Security options @@ -2758,6 +2792,7 @@ CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y CONFIG_CRYPTO_AEAD=y CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SIG2=y CONFIG_CRYPTO_SKCIPHER=y CONFIG_CRYPTO_SKCIPHER2=y CONFIG_CRYPTO_HASH=y @@ -2773,7 +2808,6 @@ CONFIG_CRYPTO_MANAGER=y CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_USER is not set CONFIG_CRYPTO_MANAGER_DISABLE_TESTS=y -CONFIG_CRYPTO_GF128MUL=y CONFIG_CRYPTO_NULL=y CONFIG_CRYPTO_NULL2=y # CONFIG_CRYPTO_CRYPTD is not set @@ -2835,6 +2869,7 @@ CONFIG_CRYPTO_CTR=y # CONFIG_CRYPTO_CHACHA20POLY1305 is not set CONFIG_CRYPTO_CCM=y CONFIG_CRYPTO_GCM=y +CONFIG_CRYPTO_GENIV=y CONFIG_CRYPTO_SEQIV=y CONFIG_CRYPTO_ECHAINIV=y # CONFIG_CRYPTO_ESSIV is not set @@ -2855,7 +2890,7 @@ CONFIG_CRYPTO_MICHAEL_MIC=m # CONFIG_CRYPTO_SHA1 is not set CONFIG_CRYPTO_SHA256=y CONFIG_CRYPTO_SHA512=y -# CONFIG_CRYPTO_SHA3 is not set +CONFIG_CRYPTO_SHA3=y # CONFIG_CRYPTO_SM3_GENERIC is not set # CONFIG_CRYPTO_STREEBOG is not set # CONFIG_CRYPTO_VMAC is not set @@ -2893,6 +2928,7 @@ CONFIG_CRYPTO_DRBG_HMAC=y # CONFIG_CRYPTO_DRBG_CTR is not set CONFIG_CRYPTO_DRBG=y CONFIG_CRYPTO_JITTERENTROPY=y +# CONFIG_CRYPTO_JITTERENTROPY_TESTINTERFACE is not set # end of Random number generation # @@ -2927,6 +2963,8 @@ CONFIG_CRYPTO_HASH_INFO=y # CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set # CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set # CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_ARIA_GFNI_AVX512_X86_64 is not set # CONFIG_CRYPTO_CHACHA20_X86_64 is not set # CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set # CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set @@ -2986,6 +3024,7 @@ CONFIG_ARCH_USE_SYM_ANNOTATIONS=y CONFIG_CRYPTO_LIB_UTILS=y CONFIG_CRYPTO_LIB_AES=y CONFIG_CRYPTO_LIB_ARC4=y +CONFIG_CRYPTO_LIB_GF128MUL=y CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y # CONFIG_CRYPTO_LIB_CHACHA is not set # CONFIG_CRYPTO_LIB_CURVE25519 is not set @@ -3031,12 +3070,14 @@ CONFIG_XZ_DEC_BCJ=y # CONFIG_XZ_DEC_TEST is not set CONFIG_ASSOCIATIVE_ARRAY=y CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT=y CONFIG_HAS_IOPORT_MAP=y CONFIG_HAS_DMA=y CONFIG_NEED_SG_DMA_LENGTH=y CONFIG_NEED_DMA_MAP_STATE=y CONFIG_ARCH_DMA_ADDR_T_64BIT=y CONFIG_SWIOTLB=y +# CONFIG_SWIOTLB_DYNAMIC is not set # CONFIG_DMA_API_DEBUG is not set CONFIG_SGL_ALLOC=y CONFIG_DQL=y @@ -3050,6 +3091,7 @@ CONFIG_GENERIC_GETTIMEOFDAY=y CONFIG_GENERIC_VDSO_TIME_NS=y CONFIG_SG_POOL=y CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_ARCH_HAS_CPU_CACHE_INVALIDATE_MEMREGION=y CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y CONFIG_ARCH_HAS_COPY_MC=y CONFIG_ARCH_STACKWALK=y @@ -3134,9 +3176,9 @@ CONFIG_SLUB_DEBUG=y CONFIG_ARCH_HAS_DEBUG_WX=y # CONFIG_DEBUG_WX is not set CONFIG_GENERIC_PTDUMP=y -# CONFIG_DEBUG_OBJECTS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_OBJECTS is not set # CONFIG_DEBUG_STACK_USAGE is not set # CONFIG_SCHED_STACK_END_CHECK is not set CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y @@ -3166,17 +3208,17 @@ CONFIG_HAVE_ARCH_KMSAN=y CONFIG_PANIC_ON_OOPS_VALUE=0 CONFIG_PANIC_TIMEOUT=0 # CONFIG_SOFTLOCKUP_DETECTOR is not set -CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y # CONFIG_HARDLOCKUP_DETECTOR is not set +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y # CONFIG_DETECT_HUNG_TASK is not set # CONFIG_WQ_WATCHDOG is not set +# CONFIG_WQ_CPU_INTENSIVE_REPORT is not set # CONFIG_TEST_LOCKUP is not set # end of Debug Oops, Lockups and Hangs # # Scheduler Debugging # -CONFIG_SCHED_DEBUG=y CONFIG_SCHED_INFO=y # CONFIG_SCHEDSTATS is not set # end of Scheduler Debugging @@ -3203,6 +3245,7 @@ CONFIG_LOCK_DEBUGGING_SUPPORT=y # CONFIG_CSD_LOCK_WAIT_DEBUG is not set # end of Lock Debugging (spinlocks, mutexes, etc...) +# CONFIG_NMI_CHECK_CPU is not set # CONFIG_DEBUG_IRQFLAGS is not set CONFIG_STACKTRACE=y # CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set @@ -3215,12 +3258,9 @@ CONFIG_STACKTRACE=y # CONFIG_DEBUG_PLIST is not set # CONFIG_DEBUG_SG is not set # CONFIG_DEBUG_NOTIFIERS is not set -# CONFIG_BUG_ON_DATA_CORRUPTION is not set # CONFIG_DEBUG_MAPLE_TREE is not set # end of Debug kernel data structures -# CONFIG_DEBUG_CREDENTIALS is not set - # # RCU Debugging # @@ -3245,6 +3285,7 @@ CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y CONFIG_HAVE_SYSCALL_TRACEPOINTS=y CONFIG_HAVE_FENTRY=y CONFIG_HAVE_OBJTOOL_MCOUNT=y +CONFIG_HAVE_OBJTOOL_NOP_MCOUNT=y CONFIG_HAVE_C_RECORDMCOUNT=y CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y CONFIG_TRACING_SUPPORT=y diff --git a/aports/mDNSResponder/APKBUILD b/aports/mDNSResponder/APKBUILD index 49016e5..599453f 100644 --- a/aports/mDNSResponder/APKBUILD +++ b/aports/mDNSResponder/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname='mDNSResponder' -pkgver=1790.80.10 -pkgrel=1 +pkgver=2200.80.16 +pkgrel=0 pkgdesc='Bonjour (zero-configuration networking) by Apple' arch="x86_64" url='https://opensource.apple.com/tarballs/mDNSResponder/' @@ -42,7 +42,7 @@ package() { } sha512sums=" -3386f2dd7c40a675dbb6518afcd8c26944a32e5d5e52eb16b89d853d0e5d93bdab102a4bdfe486c1719f89fd6a8dd16fb950461d3c75eb822e2817f0cdfa0d17 mDNSResponder-1790.80.10.tar.gz +883ecf0a700568555be0d59adbf979a783b1fd84ddd846246acbb63df83774efd87d25d655e74fb8e57832513bd7ae7ed8571b5a5ba4f679fc74cf16b1d24544 mDNSResponder-2200.80.16.tar.gz d2f8359164f4aa1d4c881a5ad4b9a53a44df71ab6c7a57adbeda42cfd7339a7d1f860850df894d9a1f74d1989d012c83733ebfb9a891bdf410cd45fcf47ec1a6 mdnsresponderposix.initd b53af6a0a1351bd328a54fc8826350340371ad3134fc4131d3a8d1b0e016cf074141a89e515054b2119dc0eff84c609a0b7c422669c3fa00a17d2460140bc24f mdnsresponderposix.confd " diff --git a/aports/openrc/0001-sh-rc-cgroup.sh-add-openrc.-prefix-the-cgroupv2-path.patch b/aports/openrc/0001-sh-rc-cgroup.sh-add-openrc.-prefix-the-cgroupv2-path.patch new file mode 100644 index 0000000..3b4ff76 --- /dev/null +++ b/aports/openrc/0001-sh-rc-cgroup.sh-add-openrc.-prefix-the-cgroupv2-path.patch @@ -0,0 +1,57 @@ +From abe447e2fbfb55d9fbff624bf44f46cb1c8622cb Mon Sep 17 00:00:00 2001 +From: Natanael Copa <ncopa@alpinelinux.org> +Date: Fri, 15 Dec 2023 18:52:28 +0100 +Subject: [PATCH] sh/rc-cgroup.sh: add openrc. prefix the cgroupv2 path + +Some services, like docker, creates and manages /sys/fs/cgroup/<service> +themselves. Avoid conflict with the openrc created cgroup path by adding +a `openrc.` prefix. + +Fixes: https://github.com/OpenRC/openrc/issues/680 +--- + sh/rc-cgroup.sh | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/sh/rc-cgroup.sh b/sh/rc-cgroup.sh +index e5c7ae7f..f10e328c 100644 +--- a/sh/rc-cgroup.sh ++++ b/sh/rc-cgroup.sh +@@ -35,7 +35,7 @@ cgroup_get_pids() + cgroup_pids= + cgroup_procs="$(cgroup2_find_path)" + if [ -n "${cgroup_procs}" ]; then +- cgroup_procs="${cgroup_procs}/${RC_SVCNAME}/cgroup.procs" ++ cgroup_procs="${cgroup_procs}/openrc.${RC_SVCNAME}/cgroup.procs" + else + cgroup_procs="/sys/fs/cgroup/openrc/${RC_SVCNAME}/tasks" + fi +@@ -167,7 +167,7 @@ cgroup2_remove() + local cgroup_path rc_cgroup_path + cgroup_path="$(cgroup2_find_path)" + [ -z "${cgroup_path}" ] && return 0 +- rc_cgroup_path="${cgroup_path}/${RC_SVCNAME}" ++ rc_cgroup_path="${cgroup_path}/openrc.${RC_SVCNAME}" + [ ! -d "${rc_cgroup_path}" ] || + [ ! -e "${rc_cgroup_path}"/cgroup.events ] && + return 0 +@@ -191,7 +191,7 @@ cgroup2_set_limits() + cgroup_path="$(cgroup2_find_path)" + [ -z "${cgroup_path}" ] && return 0 + mountinfo -q "${cgroup_path}"|| return 0 +- rc_cgroup_path="${cgroup_path}/${RC_SVCNAME}" ++ rc_cgroup_path="${cgroup_path}/openrc.${RC_SVCNAME}" + [ ! -d "${rc_cgroup_path}" ] && mkdir "${rc_cgroup_path}" + [ -f "${rc_cgroup_path}"/cgroup.procs ] && + printf 0 > "${rc_cgroup_path}"/cgroup.procs +@@ -210,7 +210,7 @@ cgroup2_kill_cgroup() { + local cgroup_path + cgroup_path="$(cgroup2_find_path)" + [ -z "${cgroup_path}" ] && return 1 +- rc_cgroup_path="${cgroup_path}/${RC_SVCNAME}" ++ rc_cgroup_path="${cgroup_path}/openrc.${RC_SVCNAME}" + if [ -f "${rc_cgroup_path}"/cgroup.kill ]; then + printf "%d" 1 > "${rc_cgroup_path}"/cgroup.kill + fi +-- +2.43.0 + diff --git a/aports/openrc/0009-Based-on-the-vrf-patch-it-adds-support-to-run-servic.patch b/aports/openrc/0009-Based-on-the-vrf-patch-it-adds-support-to-run-servic.patch new file mode 100644 index 0000000..bd149d9 --- /dev/null +++ b/aports/openrc/0009-Based-on-the-vrf-patch-it-adds-support-to-run-servic.patch @@ -0,0 +1,30 @@ +From 2f7405254f16cbb33ddb7c57eb20606a92b6c84a Mon Sep 17 00:00:00 2001 +From: Thomas Liske <thomas@fiasko-nw.net> +Date: Sat, 16 Sep 2023 18:25:42 +0200 +Subject: [PATCH] Based on the vrf patch it adds support to run services in + netns namespaces. It is even possible to stack both options and run services + in a VRF inside a netns namespace. + +--- + sh/openrc-run.sh.in | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/sh/openrc-run.sh.in b/sh/openrc-run.sh.in +index 5eb4224c..2a6605db 100644 +--- a/sh/openrc-run.sh.in ++++ b/sh/openrc-run.sh.in +@@ -242,6 +242,11 @@ if [ -n "$vrf" ]; then + RC_VRF_EXEC="/sbin/ip vrf exec $vrf" + fi + ++# Add ip netns if configured to run in a netns (netns+vrf may stack) ++if [ -n "$netns" ]; then ++ RC_VRF_EXEC="/sbin/ip netns exec $netns $RC_VRF_EXEC" ++fi ++ + # load service supervisor functions + sourcex "@LIBEXECDIR@/sh/runit.sh" + sourcex "@LIBEXECDIR@/sh/s6.sh" +-- +2.39.2 + diff --git a/aports/openrc/APKBUILD b/aports/openrc/APKBUILD index 7efd42e..8b49f09 100644 --- a/aports/openrc/APKBUILD +++ b/aports/openrc/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=openrc -pkgver=0.48 -pkgrel=0 # base: 0 +pkgver=0.52.1 +pkgrel=0 # base: 2 pkgdesc="OpenRC manages the services, startup and shutdown of a host" url="https://github.com/OpenRC/openrc" arch="all" @@ -21,8 +21,11 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgve 0006-Add-support-for-starting-services-in-a-specified-VRF.patch 0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch 0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch + 0009-Based-on-the-vrf-patch-it-adds-support-to-run-servic.patch supervise-daemon-defaults.patch + sysctl-readme.patch + 0001-sh-rc-cgroup.sh-add-openrc.-prefix-the-cgroupv2-path.patch openrc.logrotate hostname.initd @@ -52,7 +55,11 @@ prepare() { build() { + if [ -z "$BOOTSTRAP" ]; then + local lto="-Db_lto=true" + fi abuild-meson \ + $lto \ -Dzsh-completions=false \ -Dbash-completions=false \ -Dpam=false \ @@ -73,6 +80,11 @@ package() { DESTDIR="$pkgdir" meson install --no-rebuild -C output + # place .so's in /lib so fancy ancient separate partition /usr configs can + # load them + mv "$pkgdir"/usr/lib/*.so* "$pkgdir"/usr/lib/*.a \ + "$pkgdir"/lib/ + # Alpine does not use openrc as its init so delete # openrc-init & openrc-shutdown to avoid confusion. rm -f "$pkgdir"/sbin/openrc-init "$pkgdir"/sbin/openrc-shutdown @@ -111,9 +123,6 @@ package() { # openrc upstream removed service(8) for whatever reason, put it back ln -s /sbin/rc-service "$pkgdir"/sbin/service - # remove deprecated /sbin/runscript to avoid conflict with minicom - rm "$pkgdir"/sbin/runscript - rm -rf "$pkgdir"/usr/share/man \ "$pkgdir"/usr/share/openrc \ "$pkgdir"/usr/include \ @@ -123,7 +132,7 @@ package() { } sha512sums=" -c67c0a1c87f44a6fde0a7634fcdff0683a821eef5183a4f3e1ef850d04dd7f6c23ec0a72b4a76d9f6c08cb34e362d5e204937caec549eadc638c286c2389c5ee openrc-0.48.tar.gz +741f3f0752217b9ce159d00362d688738c5a84512ddd30c44f4f7f451d7950315a5e1de79eaf5e7b1cf6539a04f59600fbe82cc2a6ad966b735c2eb4d4f35717 openrc-0.52.1.tar.gz 257861f5f0562e9b9a9fccebae474bd75c4bb51f005a2b8132fd551f061f65863de46c5bc4437f137b4a9d3ca741f9de9274bfa7b418eda70497ed4b5fd3056d 0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch 3f47b4f7e6c5b7fb53ff8a13470fbada67f7470e5eba71a683e6c022162c3905f560d561c3d61698e3fde367d6ae715edf76e99949f52a22a3bbf79debc33f64 0002-fsck-don-t-add-C0-to-busybox-fsck.patch 0bd69d9e8e9c321a5e67cf924be07b9dd0b58801143c18f74bebf442958fc878e46a65f07cc2842566a8c3434e788ef3ca0c90c607de6b10931f01324bfc1b11 0003-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch @@ -132,7 +141,10 @@ c67c0a1c87f44a6fde0a7634fcdff0683a821eef5183a4f3e1ef850d04dd7f6c23ec0a72b4a76d9f 8bf00b82d7fc0eb1b529ec735009f91d277141ba7e5c04e23d10bbcf36eb453f0b31d48aec45e50b5be4c14f611acc4454933f3cefdf8beab07d851328223464 0006-Add-support-for-starting-services-in-a-specified-VRF.patch 431ac28808e684bea5511386bf5f06efe7f509f1dbe7e15ae6309563d813deae8f3edd872a0943ef8088e3cf778d7bc5ebd15a893dc4a08f4022b7a56bbafc63 0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch 475f4ea63b9b5d7eb9c623e96b6cc3d3072abcb7194d0045b84e0688836c8514fccfc68b0eae0b4bee60878cdea8042c3ce7e48406ee7a2f0e4a3e128a153468 0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch +d7b8b1facd7fb9a6a8350912644cce3956947bcaa8bcb645f9c26a2bb0d062970efaa14bd66a7987f0748daff7b5a8e701b45b3fcca7c7c7e393ac262728f1a6 0009-Based-on-the-vrf-patch-it-adds-support-to-run-servic.patch 1323a8476580f7b56a9cf1b24b26b10da76c5916cf23d7dab01f08a3261751341dfe01d1ed884df8e6ea17ff6a52021cc40fb3101e99b77d4ae7f3f61ee330e8 supervise-daemon-defaults.patch +903ff555275a67ff08da91badb55d9fa6c6a2901e8ef09ca8366bd74d69757491c8336347f04551268ecf053c8ae974f50decd869926894dd94e382008e3e925 sysctl-readme.patch +8e31d1665bf4c1301473b0a9b508d645ff49f6f4afffb63b265c862178a15af156bffa0ef141bc850c05eae09806908cabb1e21ad939f556764632b3392c1f62 0001-sh-rc-cgroup.sh-add-openrc.-prefix-the-cgroupv2-path.patch 12bb6354e808fbf47bbab963de55ee7901738b4a912659982c57ef2777fff9a670e867fcb8ec316a76b151032c92dc89a950d7d1d835ef53f753a8f3b41d2cec openrc.logrotate 493f27d588e64bb2bb542b32493ed05873f4724e8ad1751002982d7b4e07963cfb72f93603b2d678f305177cf9556d408a87b793744c6b7cd46cf9be4b744c02 hostname.initd 787d783f91919c115809890f18d06d0812055f0aca42378e081d2cfbe2ff20a1db8d937b823ec4adbe0d380a6f02a2310dc74f6c3a2c36fd5d5371d51ad6d459 hwdrivers.initd diff --git a/aports/openrc/sysctl-readme.patch b/aports/openrc/sysctl-readme.patch new file mode 100644 index 0000000..df61aa1 --- /dev/null +++ b/aports/openrc/sysctl-readme.patch @@ -0,0 +1,11 @@ +diff --git a/sysctl.d/README b/sysctl.d/README +index ca3e030..1b056a7 100644 +--- a/sysctl.d/README ++++ b/sysctl.d/README +@@ -10,4 +10,5 @@ with .conf, or it will not be read. + + The recommended location for local system settings is /etc/sysctl.d/local.conf + but as long as you follow the rules for the name of the file, anything will +-work. see the sysctl.conf(5) man page for details of the format. ++work. see the sysctl.conf(5) man page for details of the format. This manpage ++can be found in the `procps-doc` package. diff --git a/aports/radvd/APKBUILD b/aports/radvd/APKBUILD index 846b9aa..2ab3234 100644 --- a/aports/radvd/APKBUILD +++ b/aports/radvd/APKBUILD @@ -2,11 +2,11 @@ # pkgname=radvd pkgver=2.19 -pkgrel=0 # base: 3 +pkgrel=1 # base: 4 pkgdesc="IPv6 router advertisement daemon" url="http://www.litech.org/radvd" arch="all" -license="BSD with advertising" +license="BSD-Advertising-Acknowledgement" makedepends="flex bison linux-headers" install= source="http://www.litech.org/radvd/dist/radvd-$pkgver.tar.xz diff --git a/aports/rtl8821ce-edge/APKBUILD b/aports/rtl8821ce-edge/APKBUILD index d2e7442..e33dc7e 100644 --- a/aports/rtl8821ce-edge/APKBUILD +++ b/aports/rtl8821ce-edge/APKBUILD @@ -1,9 +1,9 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname='rtl8821ce-edge' -pkgver=20230915 -pkgrel=1 -_gitrev='0d2c745d7ef023bccd63cf79e98556f0b5a39024' +pkgver=20240120 +pkgrel=06080010000 +_gitrev='66983b69120a13699acf40a12979317f29012111' pkgdesc='Driver for Realtek 8821CE, an 802.11ac device (edge)' arch="x86_64" url='https://github.com/tomaspinho/rtl8821ce' @@ -28,5 +28,5 @@ package() { } sha512sums=" -48b0ce599f580275aa836c9dd046721e65733831608104fde4b7a533defd533b124a9d28a1080473556723fb29eb38595e035c65098740f077c9900943a79e22 0d2c745d7ef023bccd63cf79e98556f0b5a39024.zip +a19f1ba48908af617b2158dfb7ac5ba53e575ca63c21bf5eeb754eb354f98f92ae841eba3e356b0241c4ed10a32a22f939132b30aa763213e449cbf70720d266 66983b69120a13699acf40a12979317f29012111.zip " diff --git a/aports/rtl8821ce/APKBUILD b/aports/rtl8821ce/APKBUILD index bc23f90..4909833 100644 --- a/aports/rtl8821ce/APKBUILD +++ b/aports/rtl8821ce/APKBUILD @@ -1,9 +1,9 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname='rtl8821ce' -pkgver=20230915 -pkgrel=1 -_gitrev='0d2c745d7ef023bccd63cf79e98556f0b5a39024' +pkgver=20240120 +pkgrel=06060220000 +_gitrev='66983b69120a13699acf40a12979317f29012111' pkgdesc='Driver for Realtek 8821CE, an 802.11ac device' arch="x86_64" url='https://github.com/tomaspinho/rtl8821ce' @@ -28,5 +28,5 @@ package() { } sha512sums=" -48b0ce599f580275aa836c9dd046721e65733831608104fde4b7a533defd533b124a9d28a1080473556723fb29eb38595e035c65098740f077c9900943a79e22 0d2c745d7ef023bccd63cf79e98556f0b5a39024.zip +a19f1ba48908af617b2158dfb7ac5ba53e575ca63c21bf5eeb754eb354f98f92ae841eba3e356b0241c4ed10a32a22f939132b30aa763213e449cbf70720d266 66983b69120a13699acf40a12979317f29012111.zip " diff --git a/aports/rtw88-edge/APKBUILD b/aports/rtw88-edge/APKBUILD index 7c6cea9..7aaf2f2 100644 --- a/aports/rtw88-edge/APKBUILD +++ b/aports/rtw88-edge/APKBUILD @@ -1,9 +1,9 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname='rtw88-edge' -pkgver=20230913 -pkgrel=1 -_gitrev='d0f932dba10827bae07cb7044854651565591b87' +pkgver=20231024 +pkgrel=06080010000 +_gitrev='ca9f4e199efbf8c377e8a1769ba5b05b23f92c82' pkgdesc='Backport of the Realtek Wifi 5 drivers from the wireless-next repo (edge)' arch="x86_64" url='https://github.com/lwfinger/rtw88' @@ -34,6 +34,6 @@ package() { } sha512sums=" -4a33c7cace66437d422816c74810bd637f846be5d7935ef8aaae70971e35cf04640e10d71b3c62e6e951809188bd6c6846f2ebf1d90dd9bb45aedcfdf833bc8b Makefile.patch -8d1aaaa1942230cb5f1ca82123fda020760ff71a281be3826b4bafacee442c0b647928a4bccab1c70fe559d91550962b23998710ac7ab8b995f335230519281c d0f932dba10827bae07cb7044854651565591b87.zip +28dfab87e2768970c572df340e170dc451deb6a2c2cbc817e22f858c8ed627883977a9fffc5a8500e7b5c79bcbd40bc6ce14e45d6741cc9066046aad5e2baabc Makefile.patch +372e27570739e9d857e187bf39d008801d07aa534ce0db7f1ed5843df0803295d641f623ff4408ef45d26cbb3678f527d01c3e92e4bd2d25d22a6a9f600171ad ca9f4e199efbf8c377e8a1769ba5b05b23f92c82.zip " diff --git a/aports/rtw88-edge/Makefile.patch b/aports/rtw88-edge/Makefile.patch index 284bc95..f0d9b91 100644 --- a/aports/rtw88-edge/Makefile.patch +++ b/aports/rtw88-edge/Makefile.patch @@ -1,6 +1,14 @@ --- a/Makefile +++ b/Makefile -@@ -57,59 +57,26 @@ +@@ -31,7 +31,6 @@ + + EXTRA_CFLAGS += -O2 + EXTRA_CFLAGS += -DCONFIG_RTW88_8822BE=1 +-EXTRA_CFLAGS += -DCONFIG_RTW88_8821CE=1 + EXTRA_CFLAGS += -DCONFIG_RTW88_8822CE=1 + EXTRA_CFLAGS += -DCONFIG_RTW88_8723DE=1 + EXTRA_CFLAGS += -DCONFIG_RTW88_DEBUG=1 +@@ -63,60 +62,24 @@ obj-m += rtw_8822be.o rtw_8822be-objs := rtw8822be.o @@ -37,9 +45,9 @@ obj-m += rtw_8821c.o rtw_8821c-objs := rtw8821c.o rtw8821c_table.o - obj-m += rtw_8821ce.o - rtw_8821ce-objs := rtw8821ce.o - +-obj-m += rtw_8821ce.o +-rtw_8821ce-objs := rtw8821ce.o +- -obj-m += rtw_8821cs.o -rtw_8821cs-objs := rtw8821cs.o - @@ -48,7 +56,7 @@ - obj-m += rtw_pci.o rtw_pci-objs := pci.o -- + -obj-m += rtw_sdio.o -rtw_sdio-objs := sdio.o - @@ -57,6 +65,34 @@ - -obj-m += rtw_usb.o -rtw_usb-objs := usb.o - +- ccflags-y += -D__CHECK_ENDIAN__ + all: +@@ -164,25 +127,14 @@ + echo "Skipping key creation" + endif + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_pci.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_usb.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_sdio.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_core.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8723d.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8723de.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8723du.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8723ds.ko ++ @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8821c.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822b.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822be.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822bu.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822bs.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8821c.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8821ce.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8821cu.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8821cs.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822c.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822ce.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822cu.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822cs.ko + + sign-install: all sign install + diff --git a/aports/rtw88/APKBUILD b/aports/rtw88/APKBUILD index 53ea908..a6a57a0 100644 --- a/aports/rtw88/APKBUILD +++ b/aports/rtw88/APKBUILD @@ -1,9 +1,9 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname='rtw88' -pkgver=20230913 -pkgrel=1 -_gitrev='d0f932dba10827bae07cb7044854651565591b87' +pkgver=20231024 +pkgrel=06060220000 +_gitrev='ca9f4e199efbf8c377e8a1769ba5b05b23f92c82' pkgdesc='Backport of the Realtek Wifi 5 drivers from the wireless-next repo' arch="x86_64" url='https://github.com/lwfinger/rtw88' @@ -34,6 +34,6 @@ package() { } sha512sums=" -4a33c7cace66437d422816c74810bd637f846be5d7935ef8aaae70971e35cf04640e10d71b3c62e6e951809188bd6c6846f2ebf1d90dd9bb45aedcfdf833bc8b Makefile.patch -8d1aaaa1942230cb5f1ca82123fda020760ff71a281be3826b4bafacee442c0b647928a4bccab1c70fe559d91550962b23998710ac7ab8b995f335230519281c d0f932dba10827bae07cb7044854651565591b87.zip +28dfab87e2768970c572df340e170dc451deb6a2c2cbc817e22f858c8ed627883977a9fffc5a8500e7b5c79bcbd40bc6ce14e45d6741cc9066046aad5e2baabc Makefile.patch +372e27570739e9d857e187bf39d008801d07aa534ce0db7f1ed5843df0803295d641f623ff4408ef45d26cbb3678f527d01c3e92e4bd2d25d22a6a9f600171ad ca9f4e199efbf8c377e8a1769ba5b05b23f92c82.zip " diff --git a/aports/rtw88/Makefile.patch b/aports/rtw88/Makefile.patch index 284bc95..f0d9b91 100644 --- a/aports/rtw88/Makefile.patch +++ b/aports/rtw88/Makefile.patch @@ -1,6 +1,14 @@ --- a/Makefile +++ b/Makefile -@@ -57,59 +57,26 @@ +@@ -31,7 +31,6 @@ + + EXTRA_CFLAGS += -O2 + EXTRA_CFLAGS += -DCONFIG_RTW88_8822BE=1 +-EXTRA_CFLAGS += -DCONFIG_RTW88_8821CE=1 + EXTRA_CFLAGS += -DCONFIG_RTW88_8822CE=1 + EXTRA_CFLAGS += -DCONFIG_RTW88_8723DE=1 + EXTRA_CFLAGS += -DCONFIG_RTW88_DEBUG=1 +@@ -63,60 +62,24 @@ obj-m += rtw_8822be.o rtw_8822be-objs := rtw8822be.o @@ -37,9 +45,9 @@ obj-m += rtw_8821c.o rtw_8821c-objs := rtw8821c.o rtw8821c_table.o - obj-m += rtw_8821ce.o - rtw_8821ce-objs := rtw8821ce.o - +-obj-m += rtw_8821ce.o +-rtw_8821ce-objs := rtw8821ce.o +- -obj-m += rtw_8821cs.o -rtw_8821cs-objs := rtw8821cs.o - @@ -48,7 +56,7 @@ - obj-m += rtw_pci.o rtw_pci-objs := pci.o -- + -obj-m += rtw_sdio.o -rtw_sdio-objs := sdio.o - @@ -57,6 +65,34 @@ - -obj-m += rtw_usb.o -rtw_usb-objs := usb.o - +- ccflags-y += -D__CHECK_ENDIAN__ + all: +@@ -164,25 +127,14 @@ + echo "Skipping key creation" + endif + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_pci.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_usb.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_sdio.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_core.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8723d.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8723de.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8723du.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8723ds.ko ++ @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8821c.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822b.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822be.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822bu.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822bs.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8821c.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8821ce.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8821cu.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8821cs.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822c.ko + @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822ce.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822cu.ko +- @$(KSRC)/scripts/sign-file sha256 MOK.priv MOK.der rtw_8822cs.ko + + sign-install: all sign install + diff --git a/aports/rtw89-edge/APKBUILD b/aports/rtw89-edge/APKBUILD index 41a9a59..94f4c0d 100644 --- a/aports/rtw89-edge/APKBUILD +++ b/aports/rtw89-edge/APKBUILD @@ -1,9 +1,9 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname='rtw89-edge' -pkgver=20230913 -pkgrel=1 -_gitrev='12837647e34f07e117d90b25708a4f8baa772f50' +pkgver=20240310 +pkgrel=06080010000 +_gitrev='48680abfeb843330d385384bd8edde259a241147' pkgdesc='Driver for Realtek 8852AE, an 802.11ax device (edge)' arch="x86_64" url='https://github.com/lwfinger/rtw89' @@ -28,5 +28,5 @@ package() { } sha512sums=" -7a5318149da92925736cc5fa7746940c83c60ada07442c5e362fe7ee2bb67c3b5de1905f39a7e08be8c752aef23b0807f5e0202d665ed8dcc66149a4983fdb52 12837647e34f07e117d90b25708a4f8baa772f50.zip +3c92a0502d398ccb262fa92231fe43264eb7de3da9a57a74e265cf8422134bf5fee3b4de2cd1aa75946b4796f1b025e1b232d0f8710b04f7f3cbd3e0a9ddd9d8 48680abfeb843330d385384bd8edde259a241147.zip " diff --git a/aports/rtw89/APKBUILD b/aports/rtw89/APKBUILD index 846dbbd..9259823 100644 --- a/aports/rtw89/APKBUILD +++ b/aports/rtw89/APKBUILD @@ -1,9 +1,9 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname='rtw89' -pkgver=20230913 -pkgrel=1 -_gitrev='12837647e34f07e117d90b25708a4f8baa772f50' +pkgver=20240310 +pkgrel=06060220000 +_gitrev='48680abfeb843330d385384bd8edde259a241147' pkgdesc='Driver for Realtek 8852AE, an 802.11ax device' arch="x86_64" url='https://github.com/lwfinger/rtw89' @@ -28,5 +28,5 @@ package() { } sha512sums=" -7a5318149da92925736cc5fa7746940c83c60ada07442c5e362fe7ee2bb67c3b5de1905f39a7e08be8c752aef23b0807f5e0202d665ed8dcc66149a4983fdb52 12837647e34f07e117d90b25708a4f8baa772f50.zip +3c92a0502d398ccb262fa92231fe43264eb7de3da9a57a74e265cf8422134bf5fee3b4de2cd1aa75946b4796f1b025e1b232d0f8710b04f7f3cbd3e0a9ddd9d8 48680abfeb843330d385384bd8edde259a241147.zip " diff --git a/aports/socat/APKBUILD b/aports/socat/APKBUILD index 5fd3a09..7da4946 100644 --- a/aports/socat/APKBUILD +++ b/aports/socat/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Gabor Pali <pali.gabor@gmail.com> pkgname=socat -pkgver=1.7.4.4 -pkgrel=1 # base: 1 +pkgver=1.8.0.0 +pkgrel=0 # base: 0 pkgdesc="Multipurpose relay for binary protocols (stripped)" options="!check" url="http://www.dest-unreach.org/socat/" @@ -37,15 +37,21 @@ _options="--srcdir=$_srcdir --disable-creat --disable-gopen --disable-pipe - --disable-termios + --disable-socketpair + --disable-shell + --disable-stats --disable-ip6 --disable-rawip --disable-genericsocket --disable-interface --disable-sctp + --disable-dccp --disable-vsock + --disable-namespaces + --disable-posixmq --disable-socks4 --disable-socks4a + --disable-socks5 --disable-proxy --disable-exec --disable-system @@ -91,8 +97,8 @@ _udp() { } sha512sums=" -709fd393642d4249152d75add4d489ea76e6118c9e6740e796f029e8c5ddd4f5c9218d587977fc57ada640f635a996cbbe4055275236a169881bb2be1d3e5df9 socat-1.7.4.4.tar.gz +edf459a9f1907a14025e13b3101ad29787f9a72795cffcd00017ce98847562884db29a95b9ae478a6a50868137548b142947c43fb18e975eb5853a763c42902c socat-1.8.0.0.tar.gz 2032b6528cb27b69d8fb6a6f64af32fcc1f6e4934bb0d7c8931b38ab7ad5e27f6f4344a6cf49751fa3178cd725f954e195373362f7d5929e587d7f0309346059 use-linux-headers.patch 22a6e0c2317a9317997c98114daac258ebbcc3d8e58e49a6ebf24781b98967afed47c63807282582fa0909076fe349281f05e4462faacb90e7aabc853903d6e6 netdb-internal.patch -de2ca2d318ada9ac7140ad6fbc42006ea0ef040d68cc579ed1452246fd16a7eceb4ce577336bc20e513cf6fe24da296447529ec36c22fa17a4c18be29e180b81 no-extras.patch +017c0b51e416ae7f199885d808173b40ba72a419dbe946d692a044a81dcffd0c38e40a99abb7d1cbed01d132c5a9adfc5f9a1de1fe4e8a4ff7d22ed7b0ec53d3 no-extras.patch " diff --git a/aports/socat/no-extras.patch b/aports/socat/no-extras.patch index 94bd71a..34af2ce 100644 --- a/aports/socat/no-extras.patch +++ b/aports/socat/no-extras.patch @@ -1,45 +1,72 @@ ---- socat-1.7.4.2/Makefile.in.orig 2022-04-01 22:07:25.284535646 +0000 -+++ socat-1.7.4.2/Makefile.in 2022-04-01 22:09:04.484450962 +0000 -@@ -57,7 +57,7 @@ +--- socat-1.8.0.0/Makefile.in.orig ++++ socat-1.8.0.0/Makefile.in +@@ -58,9 +58,9 @@ + XIOOBJS = $(XIOSRCS:.c=.o) + UTLSRCS = error.c dalan.c procan.c procan-cdefs.c hostan.c fdname.c sysutils.c utils.c nestlex.c vsnprintf_r.c snprinterr.c @FILAN@ sycls.c @SSLCLS@ UTLOBJS = $(UTLSRCS:.c=.o) - CFILES = $(XIOSRCS) $(UTLSRCS) socat.c procan_main.c filan_main.c +-CFILES = $(XIOSRCS) $(UTLSRCS) socat.c procan_main.c filan_main.c ++CFILES = $(XIOSRCS) $(UTLSRCS) socat.c OFILES = $(CFILES:.c=.o) -PROGS = socat procan filan +PROGS = socat HFILES = sycls.h sslcls.h error.h dalan.h procan.h filan.h hostan.h sysincludes.h xio.h xioopen.h sysutils.h utils.h nestlex.h vsnprintf_r.h snprinterr.h compat.h \ xioconfig.h mytypes.h xioopts.h xiodiag.h xiohelp.h xiosysincludes.h \ -@@ -87,7 +87,7 @@ - Config/Makefile.MacOSX-10-5 Config/config.MacOSX-10-5.h \ - Config/Makefile.DragonFly-2-8-2 Config/config.DragonFly-2-8-2.h +@@ -82,7 +82,7 @@ + TESTFILES = test.sh socks4echo.sh proxyecho.sh readline-test.sh \ + proxy.sh socks4a-echo.sh -all: progs doc +all: progs scmclean: gitclean -@@ -131,19 +131,12 @@ +@@ -107,10 +107,10 @@ + makedepend $(SYSDEFS) $(CFILES) + + socat: socat.o libxio.a +- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ socat.o libxio.a $(CLIBS) ++ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^ $(CLIBS) + + procan.o: procan.c +- $(CC) $(CFLAGS) -c -D CC=\"$(CC)\" -o $@ procan.c ++ $(CC) $(CFLAGS) -c -D CC=\"$(CC)\" -o $@ $^ + + PROCAN_OBJS=procan_main.o procan.o procan-cdefs.o hostan.o error.o sycls.o sysutils.o utils.o vsnprintf_r.o snprinterr.o + procan: $(PROCAN_OBJS) +@@ -128,29 +128,12 @@ strip: progs strip $(PROGS) -install: progs $(srcdir)/doc/socat.1 +install: progs mkdir -p $(DESTDIR)$(BINDEST) - $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST) +- $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST)/socat1 +- ln -sf socat1 $(DESTDIR)$(BINDEST)/socat +- $(INSTALL) -m 755 socat-chain.sh $(DESTDIR)$(BINDEST) +- $(INSTALL) -m 755 socat-mux.sh $(DESTDIR)$(BINDEST) +- $(INSTALL) -m 755 socat-broker.sh $(DESTDIR)$(BINDEST) - $(INSTALL) -m 755 procan $(DESTDIR)$(BINDEST) - $(INSTALL) -m 755 filan $(DESTDIR)$(BINDEST) - mkdir -p $(DESTDIR)$(MANDEST)/man1 -- $(INSTALL) -m 644 $(srcdir)/doc/socat.1 $(DESTDIR)$(MANDEST)/man1/ +- $(INSTALL) -m 644 $(srcdir)/doc/socat.1 $(DESTDIR)$(MANDEST)/man1/socat1.1 +- ln -sf socat1.1 $(DESTDIR)$(MANDEST)/man1/socat.1 ++ $(INSTALL) -m 755 socat $(DESTDIR)$(BINDEST)/socat uninstall: rm -f $(DESTDIR)$(BINDEST)/socat +- rm -f $(DESTDIR)$(BINDEST)/socat1 +- rm -f $(DESTDIR)$(BINDEST)/socat-chain.sh +- rm -f $(DESTDIR)$(BINDEST)/socat-mux.sh +- rm -f $(DESTDIR)$(BINDEST)/socat-broker.sh - rm -f $(DESTDIR)$(BINDEST)/procan - rm -f $(DESTDIR)$(BINDEST)/filan - rm -f $(DESTDIR)$(MANDEST)/man1/socat.1 +- rm -f $(DESTDIR)$(MANDEST)/man1/socat1.1 # make a GNU-zipped tar ball of the source files dist: socat.tar.gz socat.tar.bz2 -@@ -165,7 +158,7 @@ +@@ -172,7 +155,7 @@ rm -r $(TARDIR) clean: diff --git a/aports/uds_passthru/APKBUILD b/aports/uds_passthru/APKBUILD index 76e087b..f8b1653 100644 --- a/aports/uds_passthru/APKBUILD +++ b/aports/uds_passthru/APKBUILD @@ -2,7 +2,7 @@ pkgname=uds_passthru pkgver=0.1.1 -pkgrel=2 +pkgrel=3 pkgdesc="Unix Domain Socket pass-through for Wifibox" url="https://github.com/pgj/freebsd-wifibox-alpine" arch="all" diff --git a/aports/wpa_supplicant/APKBUILD b/aports/wpa_supplicant/APKBUILD index dff5eed..58c5cce 100644 --- a/aports/wpa_supplicant/APKBUILD +++ b/aports/wpa_supplicant/APKBUILD @@ -2,7 +2,7 @@ pkgname=wpa_supplicant pkgver=2.10 -pkgrel=5 # base: 7 +pkgrel=6 # base: 10 pkgdesc="utility providing key negotiation for WPA wireless networks" url="https://w1.fi/wpa_supplicant/" arch="all" @@ -14,18 +14,22 @@ source="https://w1.fi/releases/wpa_supplicant-$pkgver.tar.gz wpa_supplicant.initd wpa_supplicant.confd - eloop.patch + CVE-2023-52160.patch + unsafe-renegotiation-1.patch unsafe-renegotiation-2.patch 0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch 0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch + lower-security-level-for-tls-1.patch no-tools.patch config " # secfixes: +# 2.10-r10: +# - CVE-2023-52160 # 2.9-r13: # - CVE-2021-30004 # 2.9-r12: @@ -81,14 +85,14 @@ package() { sha512sums=" 021c2a48f45d39c1dc6557730be5debaee071bc0ff82a271638beee6e32314e353e49d39e2f0dc8dff6e094dcc7008cfe1c32d0c7a34a1a345a12a3f1c1e11a1 wpa_supplicant-2.10.tar.gz -92c4cbaa9776a354275640c9411d2f547f4c0e00415af4ab30039f1a0be6a11082d49e2514905010f0abcc4a9276353276da9864e3d5f7264a0f0767c8cc9d78 wpa_supplicant.initd +8e5f0958f6086c465d7a13e793be7dedc021fae2162f0f3b29d00919c355f13e1c257744ae99ae063cca525fb8fa03abd5c117efe0ba9c6812b560ce62366846 wpa_supplicant.initd c7e4041fe41743c5e63a07edc9234d0c44c4c0f193a180b27342b43f3be45fb87b42ee0f9e4a20614cf6ad58cf64d25f74d1e75e2e1d521c2f6d45cdc5737eae wpa_supplicant.confd -2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232 eloop.patch +955c219a9e4e3e89f7f880561755059ea9f1ea27f5a5ec9f6a5b7c29195b06123c8eecfba324f3695bdb8cb53c401745c3d030a97e133dd1730351dc36c92fec CVE-2023-52160.patch 9528735924faf876a7094de46760605e5e66e265187421a668be06dbf03d7b4db6b84cbad793fcd6bd614e3ba540f82f1f80660d75e8a6070eeb7e9abb54ed28 unsafe-renegotiation-1.patch a92ba3ed3f41022a8af9396d2b703ee47f78aa05c1fddb42919a7fe6a6fad71e3515c63457e97e252ae0a32c6c34d67ea6efe0278df1e141cf36e650237e5295 unsafe-renegotiation-2.patch fb328872087268056b035802f71df2f7af8d11699822fe68611201a07dc693c4fdb8c50dd4fd509ed6db4cca89f6003ce3303770951686a35633977f466f4fb5 0001-nl80211-add-extra-ies-only-if-allowed-by-driver.patch f8a5f5e18509b61ad6fb7ce78207c039fccfca6b71f494cbe9853bcb1b09025364554a45b6129a5b992f6327f72c8a97b660088d9c542f0e62a1c370a3c628a8 0002-AP-guard-FT-SAE-code-with-CONFIG_IEEE80211R_AP.patch b1217eff6fbdba5a4c7302ea33bec64290d26745967b24e825c100de9b0e9b6400f0769c3cfac3c761596bb01079c31b632f14bd3374735200385f38557d8cad lower-security-level-for-tls-1.patch 3278eff7118f9dc9e177adc3ed91cad562a8edde396af8619321ac8552a86e9c7de25212d5578ea17cbe4b6dc928d83cd6e9a7f0d41e07576656e6e9274107d6 no-tools.patch -310ee960c3d8beab80169bedf43ff9dfbf49f808c5a32accac2f41e54fff6d047a6136488de72cbcfa66c5205a3b68019dff6e7f2ebb87e00bbcdc509fca95ee config +450563b68fd99740cfae49521439e876e67b94c50f5ea20a84a96411713e5b93fbe428284105d13e4616a3d10d5bb0e6a9d752be1a939fb342fa3ea935210c7c config " diff --git a/aports/wpa_supplicant/CVE-2023-52160.patch b/aports/wpa_supplicant/CVE-2023-52160.patch new file mode 100644 index 0000000..0726373 --- /dev/null +++ b/aports/wpa_supplicant/CVE-2023-52160.patch @@ -0,0 +1,210 @@ +From 8e6485a1bcb0baffdea9e55255a81270b768439c Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Sat, 8 Jul 2023 19:55:32 +0300 +Subject: PEAP client: Update Phase 2 authentication requirements + +The previous PEAP client behavior allowed the server to skip Phase 2 +authentication with the expectation that the server was authenticated +during Phase 1 through TLS server certificate validation. Various PEAP +specifications are not exactly clear on what the behavior on this front +is supposed to be and as such, this ended up being more flexible than +the TTLS/FAST/TEAP cases. However, this is not really ideal when +unfortunately common misconfiguration of PEAP is used in deployed +devices where the server trust root (ca_cert) is not configured or the +user has an easy option for allowing this validation step to be skipped. + +Change the default PEAP client behavior to be to require Phase 2 +authentication to be successfully completed for cases where TLS session +resumption is not used and the client certificate has not been +configured. Those two exceptions are the main cases where a deployed +authentication server might skip Phase 2 and as such, where a more +strict default behavior could result in undesired interoperability +issues. Requiring Phase 2 authentication will end up disabling TLS +session resumption automatically to avoid interoperability issues. + +Allow Phase 2 authentication behavior to be configured with a new phase1 +configuration parameter option: +'phase2_auth' option can be used to control Phase 2 (i.e., within TLS +tunnel) behavior for PEAP: + * 0 = do not require Phase 2 authentication + * 1 = require Phase 2 authentication when client certificate + (private_key/client_cert) is no used and TLS session resumption was + not used (default) + * 2 = require Phase 2 authentication in all cases + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/eap_peer/eap_config.h | 8 ++++++++ + src/eap_peer/eap_peap.c | 40 +++++++++++++++++++++++++++++++++++--- + src/eap_peer/eap_tls_common.c | 6 ++++++ + src/eap_peer/eap_tls_common.h | 5 +++++ + wpa_supplicant/wpa_supplicant.conf | 7 +++++++ + 5 files changed, 63 insertions(+), 3 deletions(-) + +diff --git a/src/eap_peer/eap_config.h b/src/eap_peer/eap_config.h +index 26744ab68..58d5a1359 100644 +--- a/src/eap_peer/eap_config.h ++++ b/src/eap_peer/eap_config.h +@@ -471,6 +471,14 @@ struct eap_peer_config { + * 1 = use cryptobinding if server supports it + * 2 = require cryptobinding + * ++ * phase2_auth option can be used to control Phase 2 (i.e., within TLS ++ * tunnel) behavior for PEAP: ++ * 0 = do not require Phase 2 authentication ++ * 1 = require Phase 2 authentication when client certificate ++ * (private_key/client_cert) is no used and TLS session resumption was ++ * not used (default) ++ * 2 = require Phase 2 authentication in all cases ++ * + * EAP-WSC (WPS) uses following options: pin=Device_Password and + * uuid=Device_UUID + * +diff --git a/src/eap_peer/eap_peap.c b/src/eap_peer/eap_peap.c +index 12e30df29..608069719 100644 +--- a/src/eap_peer/eap_peap.c ++++ b/src/eap_peer/eap_peap.c +@@ -67,6 +67,7 @@ struct eap_peap_data { + u8 cmk[20]; + int soh; /* Whether IF-TNCCS-SOH (Statement of Health; Microsoft NAP) + * is enabled. */ ++ enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth; + }; + + +@@ -114,6 +115,19 @@ static void eap_peap_parse_phase1(struct eap_peap_data *data, + wpa_printf(MSG_DEBUG, "EAP-PEAP: Require cryptobinding"); + } + ++ if (os_strstr(phase1, "phase2_auth=0")) { ++ data->phase2_auth = NO_AUTH; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Do not require Phase 2 authentication"); ++ } else if (os_strstr(phase1, "phase2_auth=1")) { ++ data->phase2_auth = FOR_INITIAL; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Require Phase 2 authentication for initial connection"); ++ } else if (os_strstr(phase1, "phase2_auth=2")) { ++ data->phase2_auth = ALWAYS; ++ wpa_printf(MSG_DEBUG, ++ "EAP-PEAP: Require Phase 2 authentication for all cases"); ++ } + #ifdef EAP_TNC + if (os_strstr(phase1, "tnc=soh2")) { + data->soh = 2; +@@ -142,6 +156,7 @@ static void * eap_peap_init(struct eap_sm *sm) + data->force_peap_version = -1; + data->peap_outer_success = 2; + data->crypto_binding = OPTIONAL_BINDING; ++ data->phase2_auth = FOR_INITIAL; + + if (config && config->phase1) + eap_peap_parse_phase1(data, config->phase1); +@@ -454,6 +469,20 @@ static int eap_tlv_validate_cryptobinding(struct eap_sm *sm, + } + + ++static bool peap_phase2_sufficient(struct eap_sm *sm, ++ struct eap_peap_data *data) ++{ ++ if ((data->phase2_auth == ALWAYS || ++ (data->phase2_auth == FOR_INITIAL && ++ !tls_connection_resumed(sm->ssl_ctx, data->ssl.conn) && ++ !data->ssl.client_cert_conf) || ++ data->phase2_eap_started) && ++ !data->phase2_eap_success) ++ return false; ++ return true; ++} ++ ++ + /** + * eap_tlv_process - Process a received EAP-TLV message and generate a response + * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() +@@ -568,6 +597,11 @@ static int eap_tlv_process(struct eap_sm *sm, struct eap_peap_data *data, + " - force failed Phase 2"); + resp_status = EAP_TLV_RESULT_FAILURE; + ret->decision = DECISION_FAIL; ++ } else if (!peap_phase2_sufficient(sm, data)) { ++ wpa_printf(MSG_INFO, ++ "EAP-PEAP: Server indicated Phase 2 success, but sufficient Phase 2 authentication has not been completed"); ++ resp_status = EAP_TLV_RESULT_FAILURE; ++ ret->decision = DECISION_FAIL; + } else { + resp_status = EAP_TLV_RESULT_SUCCESS; + ret->decision = DECISION_UNCOND_SUCC; +@@ -887,8 +921,7 @@ continue_req: + /* EAP-Success within TLS tunnel is used to indicate + * shutdown of the TLS channel. The authentication has + * been completed. */ +- if (data->phase2_eap_started && +- !data->phase2_eap_success) { ++ if (!peap_phase2_sufficient(sm, data)) { + wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 " + "Success used to indicate success, " + "but Phase 2 EAP was not yet " +@@ -1199,8 +1232,9 @@ static struct wpabuf * eap_peap_process(struct eap_sm *sm, void *priv, + static bool eap_peap_has_reauth_data(struct eap_sm *sm, void *priv) + { + struct eap_peap_data *data = priv; ++ + return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && +- data->phase2_success; ++ data->phase2_success && data->phase2_auth != ALWAYS; + } + + +diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c +index 6193b4bdb..966cbd6c7 100644 +--- a/src/eap_peer/eap_tls_common.c ++++ b/src/eap_peer/eap_tls_common.c +@@ -242,6 +242,12 @@ static int eap_tls_params_from_conf(struct eap_sm *sm, + + sm->ext_cert_check = !!(params->flags & TLS_CONN_EXT_CERT_CHECK); + ++ if (!phase2) ++ data->client_cert_conf = params->client_cert || ++ params->client_cert_blob || ++ params->private_key || ++ params->private_key_blob; ++ + return 0; + } + +diff --git a/src/eap_peer/eap_tls_common.h b/src/eap_peer/eap_tls_common.h +index 9ac00121f..334863413 100644 +--- a/src/eap_peer/eap_tls_common.h ++++ b/src/eap_peer/eap_tls_common.h +@@ -79,6 +79,11 @@ struct eap_ssl_data { + * tls_v13 - Whether TLS v1.3 or newer is used + */ + int tls_v13; ++ ++ /** ++ * client_cert_conf: Whether client certificate has been configured ++ */ ++ bool client_cert_conf; + }; + + +diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf +index f0b82443e..1b09f57d3 100644 +--- a/wpa_supplicant/wpa_supplicant.conf ++++ b/wpa_supplicant/wpa_supplicant.conf +@@ -1370,6 +1370,13 @@ fast_reauth=1 + # * 0 = do not use cryptobinding (default) + # * 1 = use cryptobinding if server supports it + # * 2 = require cryptobinding ++# 'phase2_auth' option can be used to control Phase 2 (i.e., within TLS ++# tunnel) behavior for PEAP: ++# * 0 = do not require Phase 2 authentication ++# * 1 = require Phase 2 authentication when client certificate ++# (private_key/client_cert) is no used and TLS session resumption was ++# not used (default) ++# * 2 = require Phase 2 authentication in all cases + # EAP-WSC (WPS) uses following options: pin=<Device Password> or + # pbc=1. + # +-- +cgit v1.2.3-18-g5258 + diff --git a/aports/wpa_supplicant/config b/aports/wpa_supplicant/config index 5bf8072..cdefd95 100644 --- a/aports/wpa_supplicant/config +++ b/aports/wpa_supplicant/config @@ -532,7 +532,7 @@ CONFIG_TDLS=y # Wi-Fi Display # This can be used to enable Wi-Fi Display extensions for P2P using an external # program to control the additional information exchanges in the messages. -#CONFIG_WIFI_DISPLAY=y +CONFIG_WIFI_DISPLAY=y # Autoscan # This can be used to enable automatic scan support in wpa_supplicant. diff --git a/aports/wpa_supplicant/eloop.patch b/aports/wpa_supplicant/eloop.patch deleted file mode 100644 index bab2cee..0000000 --- a/aports/wpa_supplicant/eloop.patch +++ /dev/null @@ -1,16 +0,0 @@ -$OpenBSD: patch-src_utils_eloop_c,v 1.5 2015/09/29 11:57:54 dcoppa Exp $ - -don't try to access list members to free them unless already initialised - ---- a/src/utils/eloop.c.orig Sun Sep 27 21:02:05 2015 -+++ b/src/utils/eloop.c Mon Sep 28 09:35:05 2015 -@@ -1064,6 +1064,9 @@ void eloop_destroy(void) - struct eloop_timeout *timeout, *prev; - struct os_reltime now; - -+ if (eloop.timeout.prev == NULL) -+ return; -+ - os_get_reltime(&now); - dl_list_for_each_safe(timeout, prev, &eloop.timeout, - struct eloop_timeout, list) { diff --git a/aports/wpa_supplicant/wpa_supplicant.initd b/aports/wpa_supplicant/wpa_supplicant.initd index c1a4834..91f57e6 100644 --- a/aports/wpa_supplicant/wpa_supplicant.initd +++ b/aports/wpa_supplicant/wpa_supplicant.initd @@ -18,6 +18,7 @@ depend() { after bootmisc modules entropy udev-settle before dns dhcpcd net keyword -shutdown + provide wlan } find_wireless() { |