This adds support for the new configuration option CONFIG_RETPOLINE and
refreshes the configuration.
Fixes: d8565a06dc ("kernel: bump 4.9 to 4.9.77")
Fixes: 9ddfac8015 ("kernel: bump 4.14 to 4.14.14")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This replaces the current patches used to make the kernel headers
compatible with musl with the version which was accepted upstream. This
is included in upstream kernel 4.15.
This was compile tested with iproute2 build on all supported kernel
versions with musl and one one with glibc.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Note this requires libnftnl-1.0.8 or higher, so that update needs
to be merged first.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Also, drop unsupported configure options.
Don't use git retrieve but released tarball instead.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
nftables 0.8.1 generates some new commands which will not work without
this on big endian systems. This patch is included in Linux 4.11 and
later.
My rule matching a TCP port was not working:
nft add rule ip foo bar ct state new tcp dport 22 accept
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
A DNSSEC validation error was introduced in the fix for CVE-2017-15107
Backport the upstream fix to the fix (a simple typo)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
CVE-2017-15107
An interesting problem has turned up in DNSSEC validation. It turns out
that NSEC records expanded from wildcards are allowed, so a domain can
include an NSEC record for *.example.org and an actual query reply could
expand that to anything in example.org and still have it signed by the
signature for the wildcard. So, for example
!.example.org NSEC zz.example.org
is fine.
The problem is that most implementers (your author included, but also
the Google public DNS people, powerdns and Unbound) then took that
record to prove the nothing exists between !.example.org and
zz.example.org, whereas in fact it only provides that proof between
*.example.org and zz.example.org.
This gives an attacker a way to prove that anything between
!.example.org and *.example.org doesn't exists, when it may well do so.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The patch 0022-dts-ipq4019-support-ARMv7-PMU.patch
was merged into 4.8-rc1.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[refresh patches]
Signed-off-by: Mathias Kresin <dev@kresin.me>
During the integration of the ipq40xx target,
the phy drivers were included into the ipq806x's
target kernel config.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch renames the AVM FRITZ!Box 4040's board-2.bin
file and package to match the 'vendor_product' format.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch aligns the device-tree file with the latest
guidelines.
- No longer include qcom-ipq4019-ap.dk01.1.dtsi. This
file is only partially upstream and therefore subjected
to changes that might not be compatible with the board.
As a result, the definitions from the file have been
copied into this dts.
- exclusively use decimal GPIO addresses.
- reorganize the reserved-memory layout to waste less
memory. There's no point in keeping the u-boot loader
around. This should also make it possible to create
an image that will boot with the original EVA/ADAM2 loader
without needing to install the modified u-boot loader.
And finally mark the "tz-apps" as reusable.
There isn't a way to upload apps to the trust-zone in OpenWrt
yet. But it might see some use in the future as a "secure"
key-store/TPM.
- sort the first-level nodes alphabetically.
- sort nodes with an address by the address.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA988x.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA9887.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9888.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9984.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA4019.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This update automatically includes a new firmware for the QCA6174:
firmware-6.bin_WLAN.RM.4.4.1-00079-QCARMSWPZ-1
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Add sendopts config support allowing to add options in sent DHCPv6 packets.
Options can be configured as follows :
uci set network.wan6.sendopts="sntpservers:3001:3001::1,3001:3001::2 11:00000000000000000000006674692F 0x3e8:ABCDEF"
Based on a patch by Frank Andrieu <fandrieu@gmail.com>
See https://git.openwrt.org/?p=project/odhcp6c.git;a=commit;h=510aaf6d528210c5e8a6159f9b80b32615e88c5f
for a more detailed description.
Latest git changes :
1f93bd4 dhcpv6: rework option passthrough logic
a477e95 odhcp6c: rework userclass and vendorclass command handling
510aaf6 odhcp6c: add -x opt:val support
ab75be1 treewide: update copyrights to 2018
f3a4609 odhcp6c: let odhcp6c_add_state return a success/failure indication
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
According to console log during TP-Link TL-WR840N v5 OEM firmware update
procedure 0x3e0000-0x3f0000 64kB "config" partition, which is used to store
router's configuration settings, is erased and recreated again during every
OEM firmware update procedure, thus does not contain any valuable factory data.
So it is conviniant to use this extra 64kB erase block for jffs overlay due
limited flash size on this device like it used on TP-Link's ar71xx boards.
Signed-off-by: Serg Studzinskii <serguzhg@gmail.com>
The platform_check_image() stub need to return 0 for success, otherwise
the sysupgrade will fail with:
Image check 'platform_check_image' failed.
Fixes: aa6f5f1787 ("kirkwood: use image metadata")
Signed-off-by: 尤晓杰 <yxj790222@163.com>
[reworded commit message}
Signed-off-by: Mathias Kresin <dev@kresin.me>
Use the first found directory in the tar archive instead of relying on
a directory named according to the userspace boardname.
It allows to change the boardname without adding another compatibility
layer to the zyxel sysupgrade.
Fixes: 33f09cf151 ("ipq806x: convert to dt-based board-detection")
Signed-off-by: Mathias Kresin <dev@kresin.me>
Obviously not all GPIO controller allow to change the direction. The issue
is around since the beginning of the script but only due to the recent
changes error messages are more visible.
Add a check if a change of the direction is supported by the GPIO
controller and fallback to setting only the value if not.
Fixes: FS#1271
Signed-off-by: Mathias Kresin <dev@kresin.me>
GPIOs are exported as active high to the sysfs, hence the logic need to be
inverted.
Fixes: e66c47fb14 ("base-files: gpio switch: set output value with
direction")
Signed-off-by: Mathias Kresin <dev@kresin.me>
5bae22e ubus/lua: pass notification name to callback
212ceb1 valgrind complained about these
d57907c fix invalid close() call
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Sometimes the hardware will push small packets that trigger a WARN_ON
in mac80211. Discard them early to avoid this issue.
Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This directory is never created, nor is it used anywhere. Using it in
HOST_LDFLAGS causes a linker warning to be emitted on macOS, which
messes with cmake configure tests.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
For eclipse users, .project is always created inside the project.
For users of CDT within Eclipse, add also .cproject, thanks Dirk
Feytons.
Signed-off-by: Catrinel Catrinescu <cc@80211.de>
The setup code of the OpenMesh OM5P ACv2 device uses nothing
from the mdio-gpio.h header, so remove the inclusion of that.
Also remove the kernel version check which is needed only
because the mdio-gpio.h header exists in a different path
in older kernels.
Compile tested only.
Cc: Sven Eckelmann <sven.eckelmann@openmesh.com>
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
In commit fce35bce0f ("config: support new symbol intro'd in kernel
4.12")
I forgot to remove the initial debug test line.
This clearly is wrong as the same symbol is defined conditionally in the
line below as it should be.
I looked over it as I just checked if the symbol was present now upon
testing it.
Fixes: fce35bce0f ("config: support new symbol intro'd in kernel
4.12")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Commit e15c63a375 ("ar71xx: add support for MikroTik RouterBOARD wAP
G-5HacT2HnD (wAP AC") broke the format of the patches. In unified diff
format, the unchanged, contextual lines must be preceded by a space
character.
Refresh the patches with quilt to fix them.
Fixes: e15c63a375 ("ar71xx: add support for MikroTik RouterBOARD wAPG-5HacT2HnD (wAP AC")
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
The patches introduced in commit 20e68f6d39 ("ar71xx: kernel: enable
PCI on QCA9556 SoC") have non standard format. In unified diff format,
the unchanged, contextual lines must be preceded by a space character.
Refresh the patches with quilt to fix them.
Fixes: 20e68f6d39 ("ar71xx: kernel: enable PCI on QCA9556 SoC")
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
