Debian changelog:
intel-microcode (3.20240312.1) unstable; urgency=medium
* New upstream microcode datafile 20240312 (closes: #1066108)
- Mitigations for INTEL-SA-INTEL-SA-00972 (CVE-2023-39368):
Protection mechanism failure of bus lock regulator for some Intel
Processors may allow an unauthenticated user to potentially enable
denial of service via network access.
- Mitigations for INTEL-SA-INTEL-SA-00982 (CVE-2023-38575):
Non-transparent sharing of return predictor targets between contexts in
some Intel Processors may allow an authorized user to potentially
enable information disclosure via local access. Affects SGX as well.
- Mitigations for INTEL-SA-INTEL-SA-00898 (CVE-2023-28746), aka RFDS:
Information exposure through microarchitectural state after transient
execution from some register files for some Intel Atom Processors and
E-cores of Intel Core Processors may allow an authenticated user to
potentially enable information disclosure via local access. Enhances
VERW instruction to clear stale register buffers. Affects SGX as well.
Requires kernel update to be effective.
- Mitigations for INTEL-SA-INTEL-SA-00960 (CVE-2023-22655), aka TECRA:
Protection mechanism failure in some 3rd and 4th Generation Intel Xeon
Processors when using Intel SGX or Intel TDX may allow a privileged
user to potentially enable escalation of privilege via local access.
NOTE: effective only when loaded by firmware. Allows SMM firmware to
attack SGX/TDX.
- Mitigations for INTEL-SA-INTEL-SA-01045 (CVE-2023-43490):
Incorrect calculation in microcode keying mechanism for some Intel
Xeon D Processors with Intel SGX may allow a privileged user to
potentially enable information disclosure via local access.
* Fixes for other unspecified functional issues on many processors
* Updated microcodes:
sig 0x00050653, pf_mask 0x97, 2023-07-28, rev 0x1000191, size 36864
sig 0x00050656, pf_mask 0xbf, 2023-07-28, rev 0x4003605, size 38912
sig 0x00050657, pf_mask 0xbf, 2023-07-28, rev 0x5003605, size 37888
sig 0x0005065b, pf_mask 0xbf, 2023-08-03, rev 0x7002802, size 30720
sig 0x00050665, pf_mask 0x10, 2023-08-03, rev 0xe000015, size 23552
sig 0x000506f1, pf_mask 0x01, 2023-10-05, rev 0x003e, size 11264
sig 0x000606a6, pf_mask 0x87, 2023-09-14, rev 0xd0003d1, size 307200
sig 0x000606c1, pf_mask 0x10, 2023-12-05, rev 0x1000290, size 299008
sig 0x000706a1, pf_mask 0x01, 2023-08-25, rev 0x0040, size 76800
sig 0x000706a8, pf_mask 0x01, 2023-08-25, rev 0x0024, size 76800
sig 0x000706e5, pf_mask 0x80, 2023-09-14, rev 0x00c4, size 114688
sig 0x000806c1, pf_mask 0x80, 2023-09-13, rev 0x00b6, size 111616
sig 0x000806c2, pf_mask 0xc2, 2023-09-13, rev 0x0036, size 98304
sig 0x000806d1, pf_mask 0xc2, 2023-09-13, rev 0x0050, size 104448
sig 0x000806ec, pf_mask 0x94, 2023-07-16, rev 0x00fa, size 106496
sig 0x000806f8, pf_mask 0x87, 2024-01-03, rev 0x2b000590, size 579584
sig 0x000806f7, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f6, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f5, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x000806f4, pf_mask 0x87, 2024-01-03, rev 0x2b000590
sig 0x00090661, pf_mask 0x01, 2023-09-26, rev 0x0019, size 20480
sig 0x00090672, pf_mask 0x07, 2023-09-19, rev 0x0034, size 224256
sig 0x00090675, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f2, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000b06f5, pf_mask 0x07, 2023-09-19, rev 0x0034
sig 0x000906a3, pf_mask 0x80, 2023-09-19, rev 0x0432, size 222208
sig 0x000906a4, pf_mask 0x80, 2023-09-19, rev 0x0432
sig 0x000906c0, pf_mask 0x01, 2023-09-26, rev 0x24000026, size 20480
sig 0x000906e9, pf_mask 0x2a, 2023-09-28, rev 0x00f8, size 108544
sig 0x000906ea, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 105472
sig 0x000906ec, pf_mask 0x22, 2023-07-26, rev 0x00f6, size 106496
sig 0x000906ed, pf_mask 0x22, 2023-07-27, rev 0x00fc, size 106496
sig 0x000a0652, pf_mask 0x20, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0653, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0655, pf_mask 0x22, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0660, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 97280
sig 0x000a0661, pf_mask 0x80, 2023-07-16, rev 0x00fa, size 96256
sig 0x000a0671, pf_mask 0x02, 2023-09-14, rev 0x005e, size 108544
sig 0x000b0671, pf_mask 0x32, 2023-12-14, rev 0x0122, size 215040
sig 0x000b06a2, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000b06a3, pf_mask 0xe0, 2023-12-07, rev 0x4121
sig 0x000b06e0, pf_mask 0x11, 2023-09-25, rev 0x0015, size 138240
* New microcodes:
sig 0x000a06a4, pf_mask 0xe6, 2024-01-03, rev 0x001c, size 136192
sig 0x000b06a8, pf_mask 0xe0, 2023-12-07, rev 0x4121, size 220160
sig 0x000c06f2, pf_mask 0x87, 2023-11-20, rev 0x21000200, size 549888
sig 0x000c06f1, pf_mask 0x87, 2023-11-20, rev 0x21000200
* source: update symlinks to reflect id of the latest release, 20240312
* changelog, debian/changelog: fix typos
-- Henrique de Moraes Holschuh <hmh@debian.org> Tue, 12 Mar 2024 20:28:17 -0300
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
dnsmasq was recently updated to 2.90, but PKG_RELEASE was not reset to 1.
Fixes: 838a27f64f56 ("dnsmasq: version 2.90")
Signed-off-by: Robert Marko <robimarko@gmail.com>
libevent2's cmake use absolute path, then cmake cannot find it when cross compiling:
```
-- Found libevent include directory: /builder/staging_dir/target-mips_24kc_musl/usr/include
-- Found libevent component: /builder/staging_dir/target-mips_24kc_musl/usr/lib/libevent_core.so
-- Found libevent component: /builder/staging_dir/target-mips_24kc_musl/usr/lib/libevent_extra.so
-- Found libevent component: /builder/staging_dir/target-mips_24kc_musl/usr/lib/libevent_openssl.so
-- Found libevent 2.1.12 in /builder/staging_dir/target-mips_24kc_musl/usr
CMake Error at /builder/staging_dir/target-mips_24kc_musl/usr/lib/cmake/libevent/LibeventTargets-shared.cmake:102 (message):
The imported target "libevent::core" references the file
"/usr/lib/libevent_core-2.1.so.7.0.1"
but this file does not exist. Possible reasons include:
* The file was deleted, renamed, or moved to another location.
* An install or uninstall procedure did not complete successfully.
* The installation package was faulty and contained
"/builder/staging_dir/target-mips_24kc_musl/usr/lib/cmake/libevent/LibeventTargets-shared.cmake"
but not all the files it references.
Call Stack (most recent call first):
/builder/staging_dir/target-mips_24kc_musl/usr/lib/cmake/libevent/LibeventConfig.cmake:168 (include)
CMakeLists.txt:34 (find_package)
```
This patch make cmake use relative imported path, so it can find libevent.
Signed-off-by: Liu Dongmiao <liudongmiao@gmail.com>
For certain lldp_class scenarios (2 & 3) a policy must be set also.
Class 4 is default, although it's good to handle the policy eventuality.
Here, set a default lldp_policy for all lldp_class scenarios. Any
lldp_policy can now be set.
Depends on PR #14584 (which introduced an `if` block)
Tested on 22.03.5, 22.03.6
Signed-off-by: Paul Donald <newtwen@gmail.com>
Recent changes for Linux 6.6 broke things when building with older
kernels:
Package kmod-fs-jfs is missing dependencies for the following libraries:
nls_base.ko
Fix this by adding NLS dependencies after the added dependency applying
on Linux 6.6.
Fixes: f9198480da ("kernel: modules: fs: adapt for kernel 6.6")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
A commit introduced in kernel 6.6 has splitted page_pool.h into
several headers. Thus the included header must be modified for a
successful build.
Ref: a9ca9f9ceff3 (page_pool: split types and declarations from
page_pool.h)
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Now that geniv is packaged separately for kernel 6.6, we need to add it
as a dependency to kmod-crypto-seqiv and kmod-crypto-echainiv that require
it under kernel 6.6.
Signed-off-by: Robert Marko <robimarko@gmail.com>
geniv was separated intentionally from aead in kernel 6.5, and since
we now have it packaged separately as well remove it from kmod-aead
in 6.6.
Signed-off-by: Robert Marko <robimarko@gmail.com>
In kernel 6.5 geniv was split from AEAD config symbol, in order to manage
its dependencies on other code.
So, lets do the same in OpenWrt and split it from aead module so others
can depend on geniv directly.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Adapt hwmon kmods for building under kernel 6.6:
* ad7418 now requires regmap
* Invert criteria to allow adt7410 be built with Linux 6.1 as well
as Linux 6.6.
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
Adapt crypto kmods for building under kernel 6.6:
* mpi.ko moved from lib/mpi/mpi.ko to lib/crypto/mpi/mpi.ko
* jitterentropy_rng requires SHA3 support for kernel 6.6
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt video kmods for building under kernel 6.6:
* Add drm_exec.ko and drm_suballoc_helper.ko for kmod-drm as they
are added since 6.6 and 6.4
* Add uvc.ko for kmod-video-uvc as related contents was split as a
new module since 6.3
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt block kmods for building under kernel 6.6:
* To build scsi_transport_iscsi.ko, change CONFIG_SCSI_ISCSI_ATTRS
from =y to =m as this config is always tristate since 2.6.
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt fs kmods for building under kernel 6.6:
* Add kmod-fs-netfs as dependency for kmod-fs-9p
* Add kmod-fs-netfs as dependency for fs-smbfs-common as netfs is
required for cifs since 6.3
* Add new kmod-nls-ucs2-utils as dependency for smbfs/jfs as UCS2
support was split as new module since 6.6.
* Add kmod-lib-zlib-deflate and kmod-lib-zlib-inflate as
dependencies for kmod-pstore due to crypto API compression was
replaced with zlib_deflate library calls since 6.6
* Remove nfs_ssc.ko from kmod-fs-nfs-common. The nfs_ssc was no
longer a kernel module described by NFS_V4_2_SSC_HELPER since 5.13 [1]
Link:
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/fs/Kconfig?id=d9092b4bb2109502eb8972021a3f74febc931a63
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt usb kmods for building under kernel 6.6:
* Add kmod-phylink as dependency for usb-net-asix
* Add kmod-net-selftests as dependency for usb-net-smsc95xx
* Add kmod-iio-core as dependency for usb-hid-mcp2221 as ADC/DAC
support was added since 6.2 which requires IIO.
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt netdevices kmods for building under kernel 6.6:
* Add missing module dependency for kmod-stmmac-core on kmod-of-mdio.
* Invert criteria to allow Airoha EN8811H PHY driver to build with
Linux 6.1 as well as Linux 6.6.
* Mellanox mlx5 driver started exposing thermal sensors and now it requires
hwmon
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Adapt netsupport kmods for building under kernel 6.6:
* common part of mqprio was split into a new Kconfig since 6.3.
Add new kmod-sched-mqprio-common as dependency for kmod-sched-mqprio.
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt input kmods for building under kernel 6.6:
* kmod-input-touchscreen-edt-ft5x06 depends on kmod-regmap-i2c
from 6.3 as it starts to use regmap to access registers
* CONFIG_HID_SUPPORT needs to be set in addition to CONFIG_HID.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Adapt iio kmods for building under kernel 6.6:
* kmod-iio-lsm6dsx depends on kmod-kmod-industrialio-triggered-buffer
from 6.2
Signed-off-by: Weijie Gao <hackpascal@gmail.com>
Make sure patch sequence number is unique by moving patch
440-add-jdcloud_re-cp-03.patch -> 441-add-jdcloud_re-cp-03.patch
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Previously only partially implemented. After commit
5007f488bb5e1b556052ef246bd3822fed8d09d2 lldp_location was never removed
Now, add the value of lldp_location to the generated config.
The location param has a few syntaxes, so the config acquires the first
usage from the man page: 'address country EU'
Supplementary fix for PR #14193 (this param was included in the original
PR #13018 but the lldp_location fixes were absent from PR #14193).
Tested on 22.03.5, 22.03.6
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit 3ce909914a12647bec52bcee0a162dd6d158a4f6
The lldpd man page says that "configure lldp tx-interval" can
specify an interval value in milliseconds by appending a "ms" suffix to
the figure. Thus mandating string handling, and not integer comparison.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit 909f0630663d7ae1471c76154516e3299992a150
Now pass two params to get_config_cid_ifaces() for:
cid_interface
interface
Each of which is a CSV of interfaces.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit ac771313ebedd2c4bfda8adef47650d45d77c32d
portidsubtype takes 1 of 2 possible keywords which do not need quoting:
configure lldp portidsubtype ifname | macaddress
The third keyword 'local' is used in the syntax when individual ports
are being defined:
configure [ports ethX [,…]] lldp portidsubtype local value
When this syntax is used, quoting is useful (see test cases for lldpd).
In the init file, the 'local' syntax is unused.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit c98ee4dbb3db0f064d990941cdd82e872da76946
agent-type takes 1 of 3 possible keywords which do not require quoting:
configure lldp agent-type nearest-bridge | nearest-non-tpmr-bridge
| nearest-customer-bridge
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit 3ce909914a12647bec52bcee0a162dd6d158a4f6
'capabilities enabled x' where x is a string of CSV
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
from commit 1be2088a5247b2cfabe8be991c1e52ddaf780a16
The original PR #13018 did not exhibit this.
Tested on 22.03.5
Signed-off-by: Paul Donald <newtwen@gmail.com>
Bump to 2.90 to get upstream's fix for DNSSEC KeyTrap (CVE-2023-50387,
CVE-2023-50868) among many other goodies and fixes (notably, upstream
568fb024... fixes a UAF in cache_remove_uid that was routinely crashing
dnsmasq in my deployment).
Catch up our 200-ubus_dns.patch, too.
Signed-off-by: Nathaniel Wesley Filardo <nwfilardo@gmail.com>
As the Visionfive V1 board has an Ampak module connected via SDIO, enable
support for SDIO in the brcmfmac module.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
CDNS3 is a SuperSpeed (SS) USB 3.0 Dual-Role-Device (DRD) controller from
Cadence. Add support for this device, and add the required symbols into
the generic configs.
Compile-tested: apm821xx, bcm4908, imx, mpc85xx, pistachio, starfive
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Contrary to common ipTIME NOR devices, the "Config" partition of T5004
and AX2004M contain normal U-Boot environment variables. Renaming the
partition into "u-boot-env" serves for better description, and it also
conforms to common naming practice in OpenWrt.
This patch might also be extended to A3004T, but its u-boot-env
partition layout has not been confirmed yet.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Realtek RTL8188F is an 802.11n 1x1 USB Wi-Fi adapter. It has been
supported by the upstream rtl8xxxu driver since Linux 6.2 kernel.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
This reverts commit 75505c5ec724b9b961dcb411bac1d4b9aede3e1d.
The issue has been fixed upstream.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Probing of the fitblk driver in some situations happens after Linux
attempts to mount rootfs, which then fails.
Always use 'rootwait' kernel parameter when using fitblk for rootfs.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The AQL limit for buffered broadcast packets is higher than the maximum
total pending airtime limit. This can get unicast data stuck whenever there
is too much pending broadcast data. Fix this by excluding broadcast AQL from
the total limit.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
