turris-cz
diff --git a/‎NEWS
Lines changed: 26 additions & 0 deletions b/‎NEWS
Lines changed: 26 additions & 0 deletions
diff --git a/‎configs/common/hardening
Lines changed: 3 additions & 2 deletions b/‎configs/common/hardening
Lines changed: 3 additions & 2 deletions
diff --git a/‎helpers/new_release.sh
Lines changed: 2 additions & 2 deletions b/‎helpers/new_release.sh
Lines changed: 2 additions & 2 deletions
diff --git a/‎patches/openwrt/backport/0005-iproute2-update-to-6.7.0.patch
Lines changed: 242 additions & 0 deletions b/‎patches/openwrt/backport/0005-iproute2-update-to-6.7.0.patch
Lines changed: 242 additions & 0 deletions
diff --git a/‎patches/openwrt/backport/0006-ethtool-update-to-6.6.patch
Lines changed: 33 additions & 0 deletions b/‎patches/openwrt/backport/0006-ethtool-update-to-6.6.patch
Lines changed: 33 additions & 0 deletions
@@ -4,6 +4,32 @@
 💥 Breaking Changes
   • Based on the latest OpenWrt 23.05 release
 
+7.0.2
+-----
+
+📌 Updates
+  • knot-resolver: Update to 5.7.4 and 6.0.8 - security updates
+
+🐛 Bug Fixes
+  • tvheadend: Fix init script and websockets
+
+7.0.1
+-----
+
+📌 Updates
+  • openssh: Update to 9.8p1 (Security update)
+  • ethtool: Update to 6.6
+  • iproute2: Update to 6.7.0
+  • cronie: Update to 1.7.2
+  • schnapps: Update to 2.13.1 - support for Turris 1.x
+
+🐛 Bug Fixes
+  • transmission: Downgrade to version 3 as new version seems to have some issues
+  • modem-manager-autosetup: Proceed with configuration even for unknown service providers
+
+💥 Breaking Changes
+  • Drop experimental mwifiex-nxp driver (not used anywhere)
+
 7.0.0
 -----
 
 
@@ -8,7 +8,8 @@ CONFIG_PKG_FORTIFY_SOURCE_2=y
 CONFIG_KERNEL_CC_STACKPROTECTOR_STRONG=y
 CONFIG_PKG_CC_STACKPROTECTOR_STRONG=y
 
+# Enable Stack-Smashing Protection for every executable build
+CONFIG_GCC_DEFAULT_SSP=y
+
 # Enable seccomp in kernel to use procd-seccomp
-CONFIG_SECCOMP=n
-CONFIG_KERNEL_SECCOMP=n
 CONFIG_LXC_SECCOMP=y
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Turris OS script verifying new release
-# (C) 2019-2021 CZ.NIC, z.s.p.o.
+# (C) 2019-2024 CZ.NIC, z.s.p.o.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -240,7 +240,7 @@ print_help() {
 	echo "Turris OS new releases managing tool."
 	echo
 	echo "Options:"
-	echo "  -v  Run script with verbose output"
+	echo "  -d  Run script in debugging (verbose) mode"
 	echo "  -h  Print this help text"
 	echo "Modes:"
 	echo "  verify"
 
@@ -0,0 +1,242 @@
+From b9a8e3a8a3db5d66c712ff36957971fdc0d4cf2a Mon Sep 17 00:00:00 2001
+From: Nick Hainke <[email protected]>
+Date: Wed, 19 Jul 2023 09:22:48 +0200
+Subject: [PATCH] iproute2: update to 6.7.0
+
+---
+ package/network/utils/iproute2/Makefile              |  4 ++--
+ .../utils/iproute2/patches/100-configure.patch       | 12 ------------
+ .../iproute2/patches/115-add-config-xtlibdir.patch   |  2 +-
+ .../patches/130-no_netem_tipc_dcb_man_vdpa.patch     |  2 +-
+ .../iproute2/patches/140-keep_libmnl_optional.patch  |  2 +-
+ .../iproute2/patches/145-keep_libelf_optional.patch  |  2 +-
+ .../iproute2/patches/150-keep_libcap_optional.patch  |  2 +-
+ .../iproute2/patches/155-keep_tirpc_optional.patch   |  2 +-
+ .../iproute2/patches/175-reduce-dynamic-syms.patch   | 12 ++++++------
+ .../iproute2/patches/190-fix-nls-rpath-link.patch    |  4 ++--
+ .../iproute2/patches/195-build_variant_ip_tc.patch   |  2 +-
+ .../patches/200-drop_libbsd_dependency.patch         |  6 +++---
+ .../iproute2/patches/300-selinux-configurable.patch  |  2 +-
+ 13 files changed, 21 insertions(+), 33 deletions(-)
+ delete mode 100644 package/network/utils/iproute2/patches/100-configure.patch
+
+diff --git a/package/network/utils/iproute2/Makefile b/package/network/utils/iproute2/Makefile
+index 101ca67324..2f9d2f2bc9 100644
+--- a/package/network/utils/iproute2/Makefile
++++ b/package/network/utils/iproute2/Makefile
+@@ -8,12 +8,12 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=iproute2
+-PKG_VERSION:=6.3.0
++PKG_VERSION:=6.7.0
+ PKG_RELEASE:=1
+ 
+ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+ PKG_SOURCE_URL:=@KERNEL/linux/utils/net/iproute2
+-PKG_HASH:=dfb2a98db96e7a653cffc6693335a1a466e29a34b6ac528be48f35e1d2766732
++PKG_HASH:=ff942dd9828d7d1f867f61fe72ce433078c31e5d8e4a78e20f02cb5892e8841d
+ PKG_BUILD_PARALLEL:=1
+ PKG_BUILD_DEPENDS:=iptables
+ PKG_LICENSE:=GPL-2.0
+diff --git a/package/network/utils/iproute2/patches/100-configure.patch b/package/network/utils/iproute2/patches/100-configure.patch
+deleted file mode 100644
+index 2d4fb7b9b3..0000000000
+--- a/package/network/utils/iproute2/patches/100-configure.patch
++++ /dev/null
+@@ -1,12 +0,0 @@
+---- a/configure
+-+++ b/configure
+-@@ -36,7 +36,8 @@ int main(int argc, char **argv) {
+- }
+- EOF
+- 
+--    if $CC -I$INCLUDE -o $TMPDIR/atmtest $TMPDIR/atmtest.c -latm >/dev/null 2>&1; then
+-+# OpenWrt: disable ATM support even if present on host system
+-+    if [ 1 -eq 0 ]; then
+- 	echo "TC_CONFIG_ATM:=y" >>$CONFIG
+- 	echo yes
+-     else
+diff --git a/package/network/utils/iproute2/patches/115-add-config-xtlibdir.patch b/package/network/utils/iproute2/patches/115-add-config-xtlibdir.patch
+index 03df7809f7..c32863c364 100644
+--- a/package/network/utils/iproute2/patches/115-add-config-xtlibdir.patch
++++ b/package/network/utils/iproute2/patches/115-add-config-xtlibdir.patch
+@@ -1,6 +1,6 @@
+ --- a/tc/Makefile
+ +++ b/tc/Makefile
+-@@ -127,6 +127,9 @@ CFLAGS += -DCONFIG_GACT -DCONFIG_GACT_PR
++@@ -119,6 +119,9 @@ CFLAGS += -DCONFIG_GACT -DCONFIG_GACT_PR
+  ifneq ($(IPT_LIB_DIR),)
+  	CFLAGS += -DIPT_LIB_DIR=\"$(IPT_LIB_DIR)\"
+  endif
+diff --git a/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch b/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch
+index 2a3f9eb90f..8c70c14489 100644
+--- a/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch
++++ b/package/network/utils/iproute2/patches/130-no_netem_tipc_dcb_man_vdpa.patch
+@@ -1,6 +1,6 @@
+ --- a/Makefile
+ +++ b/Makefile
+-@@ -65,9 +65,9 @@ WFLAGS += -Wmissing-declarations -Wold-s
++@@ -68,9 +68,9 @@ WFLAGS += -Wmissing-declarations -Wold-s
+  CFLAGS := $(WFLAGS) $(CCOPTS) -I../include -I../include/uapi $(DEFINES) $(CFLAGS)
+  YACCFLAGS = -d -t -v
+  
+diff --git a/package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch b/package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch
+index a8cdd103ba..0d22875751 100644
+--- a/package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch
++++ b/package/network/utils/iproute2/patches/140-keep_libmnl_optional.patch
+@@ -1,6 +1,6 @@
+ --- a/configure
+ +++ b/configure
+-@@ -411,7 +411,7 @@ check_tirpc()
++@@ -391,7 +391,7 @@ check_tirpc()
+  
+  check_mnl()
+  {
+diff --git a/package/network/utils/iproute2/patches/145-keep_libelf_optional.patch b/package/network/utils/iproute2/patches/145-keep_libelf_optional.patch
+index 0c5c3f59ed..bffacddb21 100644
+--- a/package/network/utils/iproute2/patches/145-keep_libelf_optional.patch
++++ b/package/network/utils/iproute2/patches/145-keep_libelf_optional.patch
+@@ -1,6 +1,6 @@
+ --- a/configure
+ +++ b/configure
+-@@ -266,7 +266,7 @@ EOF
++@@ -246,7 +246,7 @@ EOF
+  
+  check_elf()
+  {
+diff --git a/package/network/utils/iproute2/patches/150-keep_libcap_optional.patch b/package/network/utils/iproute2/patches/150-keep_libcap_optional.patch
+index 4cce2c3ca6..570e9c7038 100644
+--- a/package/network/utils/iproute2/patches/150-keep_libcap_optional.patch
++++ b/package/network/utils/iproute2/patches/150-keep_libcap_optional.patch
+@@ -1,6 +1,6 @@
+ --- a/configure
+ +++ b/configure
+-@@ -469,7 +469,7 @@ EOF
++@@ -449,7 +449,7 @@ EOF
+  
+  check_cap()
+  {
+diff --git a/package/network/utils/iproute2/patches/155-keep_tirpc_optional.patch b/package/network/utils/iproute2/patches/155-keep_tirpc_optional.patch
+index 28ba7e5217..4d7fb76308 100644
+--- a/package/network/utils/iproute2/patches/155-keep_tirpc_optional.patch
++++ b/package/network/utils/iproute2/patches/155-keep_tirpc_optional.patch
+@@ -1,6 +1,6 @@
+ --- a/configure
+ +++ b/configure
+-@@ -398,7 +398,7 @@ check_selinux()
++@@ -378,7 +378,7 @@ check_selinux()
+  
+  check_tirpc()
+  {
+diff --git a/package/network/utils/iproute2/patches/175-reduce-dynamic-syms.patch b/package/network/utils/iproute2/patches/175-reduce-dynamic-syms.patch
+index d0914848d5..aef51395a9 100644
+--- a/package/network/utils/iproute2/patches/175-reduce-dynamic-syms.patch
++++ b/package/network/utils/iproute2/patches/175-reduce-dynamic-syms.patch
+@@ -1,6 +1,6 @@
+ --- a/tc/Makefile
+ +++ b/tc/Makefile
+-@@ -113,7 +113,7 @@ LDLIBS += -L. -lm
++@@ -106,7 +106,7 @@ LDLIBS += -L. -lm
+  
+  ifeq ($(SHARED_LIBS),y)
+  LDLIBS += -ldl
+@@ -9,7 +9,7 @@
+  endif
+  
+  TCLIB := tc_core.o
+-@@ -143,7 +143,7 @@ MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc
++@@ -135,7 +135,7 @@ MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc
+  all: tc $(TCSO)
+  
+  tc: $(TCOBJ) $(LIBNETLINK) libtc.a
+@@ -18,15 +18,15 @@
+  
+  libtc.a: $(TCLIB)
+  	$(QUIET_AR)$(AR) rcs $@ $^
+-@@ -165,6 +165,7 @@ install: all
++@@ -157,6 +157,7 @@ install: all
+  clean:
+  	rm -f $(TCOBJ) $(TCLIB) libtc.a tc *.so emp_ematch.tab.h; \
+  	rm -f emp_ematch.tab.*
+ +	rm -f dynsyms.list
+  
+- q_atm.so: q_atm.c
+- 	$(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic -o q_atm.so q_atm.c -latm
+-@@ -204,4 +205,16 @@ static-syms.h: $(wildcard *.c)
++ m_xt.so: m_xt.c
++ 	$(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic -o m_xt.so m_xt.c $$($(PKG_CONFIG) xtables --cflags --libs)
++@@ -193,4 +194,16 @@ static-syms.h: $(wildcard *.c)
+  		sed -n '/'$$s'[^ ]* =/{s:.* \([^ ]*'$$s'[^ ]*\) .*:extern char \1[] __attribute__((weak)); if (!strcmp(sym, "\1")) return \1;:;p}' $$files ; \
+  	done > $@
+  
+diff --git a/package/network/utils/iproute2/patches/190-fix-nls-rpath-link.patch b/package/network/utils/iproute2/patches/190-fix-nls-rpath-link.patch
+index c7fceb2e22..765e4ad2e8 100644
+--- a/package/network/utils/iproute2/patches/190-fix-nls-rpath-link.patch
++++ b/package/network/utils/iproute2/patches/190-fix-nls-rpath-link.patch
+@@ -1,6 +1,6 @@
+ --- a/configure
+ +++ b/configure
+-@@ -290,7 +290,7 @@ int main(int argc, char **argv) {
++@@ -270,7 +270,7 @@ int main(int argc, char **argv) {
+  }
+  EOF
+  
+@@ -9,7 +9,7 @@
+      local ret=$?
+  
+      rm -f $TMPDIR/libbpf_test.c $TMPDIR/libbpf_test
+-@@ -308,7 +308,7 @@ int main(int argc, char **argv) {
++@@ -288,7 +288,7 @@ int main(int argc, char **argv) {
+  }
+  EOF
+  
+diff --git a/package/network/utils/iproute2/patches/195-build_variant_ip_tc.patch b/package/network/utils/iproute2/patches/195-build_variant_ip_tc.patch
+index 141763460d..8156adbf05 100644
+--- a/package/network/utils/iproute2/patches/195-build_variant_ip_tc.patch
++++ b/package/network/utils/iproute2/patches/195-build_variant_ip_tc.patch
+@@ -11,7 +11,7 @@
+  
+ --- a/tc/Makefile
+ +++ b/tc/Makefile
+-@@ -140,7 +140,7 @@ MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc
++@@ -132,7 +132,7 @@ MODDESTDIR := $(DESTDIR)$(LIBDIR)/tc
+  	$(QUIET_CC)$(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -shared -fpic $< -o $@
+  
+  
+diff --git a/package/network/utils/iproute2/patches/200-drop_libbsd_dependency.patch b/package/network/utils/iproute2/patches/200-drop_libbsd_dependency.patch
+index d1948860e8..92bf5cb66d 100644
+--- a/package/network/utils/iproute2/patches/200-drop_libbsd_dependency.patch
++++ b/package/network/utils/iproute2/patches/200-drop_libbsd_dependency.patch
+@@ -1,12 +1,12 @@
+ --- a/configure
+ +++ b/configure
+-@@ -455,14 +455,8 @@ EOF
++@@ -435,14 +435,8 @@ EOF
+      if $CC -I$INCLUDE -o $TMPDIR/strtest $TMPDIR/strtest.c >/dev/null 2>&1; then
+  	echo "no"
+      else
+ -	if ${PKG_CONFIG} libbsd --exists; then
+--		echo 'CFLAGS += -DHAVE_LIBBSD' `${PKG_CONFIG} libbsd --cflags` >>$CONFIG
+--		echo 'LDLIBS +=' `${PKG_CONFIG} libbsd --libs` >> $CONFIG
++-		echo 'CFLAGS += -DHAVE_LIBBSD' "$(${PKG_CONFIG} libbsd --cflags)" >>$CONFIG
++-		echo 'LDLIBS +=' "$(${PKG_CONFIG} libbsd --libs)" >> $CONFIG
+ -		echo "no"
+ -	else
+ -		echo 'CFLAGS += -DNEED_STRLCPY' >>$CONFIG
+diff --git a/package/network/utils/iproute2/patches/300-selinux-configurable.patch b/package/network/utils/iproute2/patches/300-selinux-configurable.patch
+index 817abf7d17..a611ba75f0 100644
+--- a/package/network/utils/iproute2/patches/300-selinux-configurable.patch
++++ b/package/network/utils/iproute2/patches/300-selinux-configurable.patch
+@@ -1,6 +1,6 @@
+ --- a/configure
+ +++ b/configure
+-@@ -385,7 +385,7 @@ check_libbpf()
++@@ -365,7 +365,7 @@ check_libbpf()
+  check_selinux()
+  # SELinux is a compile time option in the ss utility
+  {
+-- 
+2.45.2
+
+
@@ -0,0 +1,33 @@
+From 7ba11eb0106fd681998bd378977cb28dd00b0823 Mon Sep 17 00:00:00 2001
+From: Nick Hainke <[email protected]>
+Date: Wed, 19 Jul 2023 09:08:06 +0200
+Subject: [PATCH] ethtool: update to 6.6
+
+---
+ package/network/utils/ethtool/Makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/package/network/utils/ethtool/Makefile b/package/network/utils/ethtool/Makefile
+index 10fecd4a9c..bc2b13e423 100644
+--- a/package/network/utils/ethtool/Makefile
++++ b/package/network/utils/ethtool/Makefile
+@@ -8,13 +8,13 @@
+ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=ethtool
+-PKG_VERSION:=6.3
++PKG_VERSION:=6.6
+ PKG_RELEASE:=1
+ 
+ PKG_MAINTAINER:=Felix Fietkau <[email protected]>
+ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+ PKG_SOURCE_URL:=@KERNEL/software/network/ethtool
+-PKG_HASH:=d9425f0a3df138734001fccc4175fe178c025f938460ac25c4ebc39960168822
++PKG_HASH:=833a8493cb9cd5809ab59743092d9a38742c282290800e9626407511bbcebf9e
+ 
+ PKG_LICENSE:=GPL-2.0
+ PKG_LICENSE_FILES:=COPYING
+-- 
+2.45.2
+
+