459b6932 policy: add nft translation for simple policy none/strict use case
255e55b7 tests: xlate-test: no need to require superuser privileges
6990bbc5 extensions: hashlimit: remove space before burst in translation to nft
13ecaeb0 extensions: hashlimit: Rename 'flow table' keyword to meter
c252a2b0 extensions: Add test for cluster nft translation
bda1daa4 extensions: ip6t_{S,D}NAT: add more tests
88fa4543 extensions: ip6t_{S,D}NAT: multiple to-dst/to-src arguments not reported
64a0e098 extensions: libxt_cluster: Add translation to nft
6067208f extensions: add support for 'srh' match
0f387b07 extensions: hashlimit: fix incorrect burst in translations
1ffe6a74 extensions: libxt_hashlimit: Do not print default timeout and burst
27de281d extensions: Add macro _DEFAULT_SOURCE.
75364151 iptables: Remove const qualifier from struct option.
8b0da213 iptables: masquerade: add randomize-full support
e64db006 iptables: patch to correct linker flag sequence
033eac81 extensions: libxt_tcpmss: Add test case for invalid ranges.
505bfa11 iptables: xtables-eb: Remove const qualifier from struct option
a6d6821a iptables: extensions: Fix MARK target help
71de414c libxt_sctp: fix array out of range in print_chunk
1a32381a extensions: add tests for ipcomp protocol
4bd51770 tests: xlate: print output in same way as nft-test.py
d0e3d95f libxt_recent: Remove ineffective checks for info->name
23e6ed71 libxt_TOS: add tests for translation infrastructure
9564595e Update .gitignore
bebce197 iptables: iptables-compat translation for TCPMSS
dbbab0aa extensions: libxt_tcpmss: Detect invalid ranges
0e958281 iptables-translate: add test file for TCPMSS extension
de3c68b6 iptables-compat: do not allow to delete populated user define chains
f4b80ce7 iptables: change large file support handling
f5b46c2f iptables: Constify option struct
21ba5b38 ip{,6}tables-restore: Don't accept wait-interval without wait
60e0ffd3 ip{,6}tables-restore: Don't ignore missing wait-interval value
af468b6e utils: Add a man page for nfnl_osf
1773dcaa utils: nfnl_osf: Fix synopsis in help text
895ce096 extensions: libxt_bpf: fix missing __NR_bpf declaration
3c633296 xtables-compat-restore: fix translation of mangle's OUTPUT
1c32e560 netfilter: xt_hashlimit: add rate match mode
b5331f88 xtables-compat: fix memory leak when listing
91ae12e3 xtables-compat-restore: fix several memory leaks
79e1edd1 iptables-xml: Fix segfault on jump without a target
c49a93f1 xtables-translate: fix double space before comment
79fa7cc2 libip6t_icmp6: xlate: remove leftover space
8e62f572 tests: xlate: generalize owner
8d994bcf iptables: Add file output option to iptables-save
f8e5ebc5 iptables: Fix crash on malformed iptables-restore
80d8bfaa iptables: insist that the lock is held.
c29d99c8 libxtables: Display weird character warning for wildcards
1fe96cfb tests: xlate: check if it is being run as root
3f92b259 tests: xlate: remove python 3.5 dependency
d89dc47a iptables-restore/save: exit when given an unknown option
65801d02 iptables-restore.8: document -w/-W options
9cd3adbe iptables-restore/ip6tables-restore: add --version/-V argument
1ec1fb7a extensions: libxt_hashlimit: fix 64-bit printf formats
27f69f4a iptables: extensions: Remove typedef in struct.
340105fa tests: add regression tests for xtables-translate
b669e184 extensions: libxt_TOS: Add translation to nft
b2a84476 iptables: Remove unnecessary braces.
2963a8df iptables: Remove explicit static variables initalization.
1cf4ba6f iptables: Constify option struct
999eaa24 iptables-restore: support acquiring the lock.
6e2e169e iptables: remove duplicated argument parsing code
836846f0 iptables: move XT_LOCK_NAME from CFLAGS to config.h.
b91af533 iptables: set the path of the lock file via a configure option.
0e94eb2e iptables-translate: print nft iff there are more expanded rules to print
48ad179b libxtables: abolish AI_CANONNAME
9f50bbdf libxtables: remove unnecessary nesting from host_to_ip(6)addr
c6df55d6 iptables-translate: print nft command for each expand rules via dns names
82dacbb8 xtables-translate: Avoid querying the kernel
9f972f45 extensions: libxt_addrtype: Add translation to nft
2c8e251e utils: nfsynproxy: fix build with musl libc
9b8cb756 libiptc: don't set_changed() when checking rules with module jumps
eb66632d extensions: libxt_hashlimit: Add translation to nft
72bb3dbf xshared: using the blocking file lock request when we wait indefinitely
24f81746 xshared: do not lock again and again if "-w" option is not specified
fc3c3b4e libxt_hashlimit: add new unit test to catch kernel bug
516d9191 iptables: update pf.os
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
This makes it possible to add an iptables rule that offloads routing/NAT
packet processing to a software fast path. This fast path is much
quicker than running packets through the regular tables/chains.
Requires Linux 4.14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
If the auth or assoc request was denied the reason
was always WLAN_STATUS_UNSPECIFIED_FAILURE.
That's why for example the wpa supplicant was always
trying to reconnect to the AP.
Now it's possible to give reasoncodes why the auth
or assoc was denied.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add Wireless Network Management (IEEE 802.11v)
support to:
- hostapd-full
- wpa_supplicant-full
It must be enabled at runtime via UCI with:
- option ieee80211v '1'
Add UCI support for:
- time_advertisement
- time_zone
- wnm_sleep_mode
- bss_transition
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Neighbor reports are enabled implicitly on use, beacon reports and BSS
transition management need to be enabled explicitly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This is fixing multiple compile problems with kernel 4.14 and updates the
code to take care of changes introduced between kernel 4.9 and 4.14.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Rename the gphy firmware to match the name requested by kernel 4.14 and
update the devicetree source files to use the new name.
Update the u-boot lantiq Makefile to be compatible with the new names as
well.
Signed-off-by: Mathias Kresin <dev@kresin.me>
With upstream commit 2c93e790e825 ("usb: add CONFIG_USB_PCI for system
have both PCI HW and non-PCI based USB HW") the CONFIG_USB_PCI was
introduced.
The option is disabled by default in our generic kernel 4.14 config, hence
we need to set the option for all related kernel modules.
Signed-off-by: Mathias Kresin <dev@kresin.me>
With a9772285a724 ("linux/compiler.h: Split into compiler.h and
compiler_types.h") compiler.h was refactored and most its content was
moved to compiler_types.h. Both files are required to build ppp-mod-pppoa.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The current implementation only checked if uqmi itself executed
correctly which is also the case when the returned value is actually
an error.
Rework this, checking that CID is a numeric value, which can only
be true if uqmi itself also executed correctly.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
1721453 Remove special handling of A-for-A queries.
499d8dd Fix boundary for test introduced in 3e3f1029c9ec6c63e430ff51063a6301d4b2262
6f1cbfd Fix debian/readme typo.
55ecde7 Inotify: Ignore backup files created by editors
6b54d69 Make failure to chown() pidfile a warning.
246a31c Change ownership of pid file, to keep systemd happy.
83e4b73 Remove confusion between --user and --script-user.
6340ca7 Tweak heuristic for initial DNSSEC memory allocation.
baf553d Default min-port to 1024 to avoid reserved ports.
486bcd5 Simplify and correct bindtodevice().
be9a74d Close Debian bug for CVE-2017-15107.
ffcbc0f Example config typo fixes.
a969ba6 Special case NSEC processing for root DS record, to avoid spurious BOGUS.
f178172 Add homepage to Debian control file.
cd7df61 Fix DNSSEC validation errors introduced in 4fe6744a220eddd3f1749b40cac3dfc510787de6
c1a4e25 Try to be a little more clever at falling back to smaller DNS packet sizes.
4fe6744 DNSSEC fix for wildcard NSEC records. CVE-2017-15107 applies.
3bd4c47 Remove limit on length of command-line options.
98196c4 Typo fix.
22cd860 Allow more than one --bridge-interface option to refer to an interface.
3c973ad Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC time validation.
faaf306 Spelling fixes.
c7e6aea Change references to gPXE to iPXE. Development of EtherBoot gPXE was always development of iPXE core developer Michael Brown.
e541245 Handle duplicate RRs in DNSSEC validation.
84a01be Bump year in Debian copyright notice.
d1ced3a Update copyrights to 2018.
a6cee69 Fix exit code from dhcp_release6.
0039920 Severely fix code formating of contrib/lease-tools/dhcp_release6.c
39d8550 Run Debian startup regex in "C" locale.
ef3d137 Fix infinite retries in strict-order mode.
8c707e1 Make 373e91738929a3d416e6292e65824184ba8428a6 compile without DNSSEC.
373e917 Fix a6004d7f17687ac2455f724d0b57098c413f128d to cope with >256 RRs in answer section.
74f0f9a Commment language tweaks.
ed6bdb0 Man page typos.
c88af04 Modify doc.html to mention git-over-http is now available.
ae0187d Fix trust-anchor regexp in Debian init script.
0c50e3d Bump version in Debian package.
075366a Open inotify socket only when used.
8e8b2d6 Release notes update.
087eb76 Always return a SERVFAIL response to DNS queries with RD=0.
ebedcba Typo in printf format string added in 22dee512f3738f87539a79aeb52b9e670b3bd104
0954a97 Remove RSA/MD5 DNSSEC algorithm.
b77efc1 Tidy DNSSEC algorithm table use.
3b0cb34 Fix manpage which said ZSK but meant KSK.
aa6f832 Add a few DNS RRs to the table.
ad9c6f0 Add support for Ed25519 DNSSEC signature algorithm.
a6004d7 Fix caching logic for validated answers.
c366717 Tidy up add_resource_record() buffer size checks.
22dee51 Log DNS server max packet size reduction.
6fd5d79 Fix logic on EDNS0 headers.
9d6918d Use IP[V6]_UNICAST_IF socket option instead of SO_BINDTODEVICE for DNS.
a49c5c2 Fix search_servers() segfault with DNSSEC.
30858e3 Spaces in CNAME options break parsing.
Refresh patches.
Remove upstreamed patches:
250-Fix-infinite-retries-in-strict-order-mode.patch
260-dnssec-SIGINT.patch
270-dnssec-wildcards.patch
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The default receive window size in dropbear is hardcoded to 24576 byte
to limit memory usage. This value was chosen for 100Mbps networks, and
limits the throughput of scp on faster networks. It also severely limits
scp throughput on high-latency links.
Add an option to set the receive window size so that people can improve
performance without having to recompile dropbear.
Setting the window size to the highest value supported by dropbear
improves throughput from my build machine to an APU2 on the same LAN
from 7MB/s to 7.9MB/s, and to an APU2 over a link with ~65ms latency
from 320KB/s to 7.5MB/s.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Between mbedtls 2.6.0 and 2.7.0, the void returning mbedtls_MODULE* functions
were deprecated in favor of functions returning an int error code. Use
the new function mbedtls_sha256_ret().
Signed-off-by: Russell Senior <russell@personaltelco.net>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Between mbedtls 2.6.0 and 2.7.0, the void returning mbedtls_MODULE* functions
were deprecated in favor of functions returning an int error code. Use
the new function mbedtls_sha256_ret().
Signed-off-by: Russell Senior <russell@personaltelco.net>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This syncs the Orange Pi R1 device tree files with the one from the
upstream kernel and also uses the default configuration from the Orange
Pi Zero.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some functions used by a lot of other software was renamed and is only
active when deprecated functions are allowed, deactivate the removal of
deprecated functions for now.
Fixes: 75c5ab4caf ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The PC Engines APU3b has a new nct5104b version with chip ID 0xc453.
This adds support for that version.
Signed-off-by: Jasper Scholte <NightNL@outlook.com>
This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch adds support for GL.iNet GL-B1300
Specification:
- SOC: IPQ4028 / QCA Dakota
- RAM: 256 MiB
- FLASH: 32 MiB
- ETH: Qualcomm Atheros QCA8075 Gigabit Switch (2 x LAN, 1 x WAN)
- USB: 1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
- WLAN1: Qualcomm Atheros QCA4028 2.4GHz 802.11bgn 2:2x2
- WLAN2: Qualcomm Atheros QCA4028 5GHz 802.11a/n/ac 2:2x2
- INPUT: one reset and one WPS button
- LEDS: 3 leds: Power, WIFI(only for 2.4G currently), and one reserved
- UART: 1 x UART on PCB (3.3V, TX, RX, GND) - 115200 8N1
Installation:
Method 1:
- use serial port to stop uboot
- uboot command: run lf
Method 2:
- push down reset button and power on
- wait until three leds constantly on then release
- upgrade by uboot web at http://192.168.1.1
Note:
- the sysupgrade image need to be renamed to lede-gl-b1300.bin in both method.
- the sysupgrade image can be automatically downloaded if tftp server at
192.168.1.2 have that file.
- the wifi led will be flashing when writing image.
Signed-off-by: Dongming Han <handongming@gl-inet.com>
128bc35 logread: fix reconnect logd logic
66347ec logread: move the code setting up the request blob out of the main loop
975a258 logread: move output connection setup code out of main loop
b81bea7 logread: cleanup pid file handling
d73e7d2 ubox: Replace strerror(errno) with %m format.
Signed-off-by: John Crispin <john@phrozen.org>
Some people reported problems with the current development version, so
go back to the latests more or less release.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Using PKG_SOURCE_DATE instead of PKG_VERSION will make the build system
generate the version based on the date and the git hash. This way the
tar file name changes when the git hash changes and this avoids problems
when someone forgets to change the version, but changes the git hash.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes since last merge into OpenWrt since 2017-12-14:
- Added debugfs file tx_hist.
- Added debugfs file fixed_rate.
- Added debugfs file ba_hist.
- Modified the way to establish BA stream.
- Added code to control BF type.
- Added functions to check/dump dhcp packet.
- Upgrade 88W8964 firmware to 9.3.2.4.
- Added debugfs file coredump.
- Corrected the way to transmit multicast packets.
- Change driver version to 10.3.4.0-20180118.
- Corrected the way to get qos control.
- Assigned broadcast dhcpoffer to another queue.
- Separated broadcast and multicast packets. Bump to latest commit 20180206
Signed-off-by: Chris Breuer <github@chrisbreuer.de>
Make it easily possible to add a custom script in front of this hotplug
script which adds new devices. This is needed for the mvebu target in
which we want to migrate the old configuration before new devices are
getting detected.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
D-Link DAP-1522 is a wireless bridge/access point with 4 LAN
ports and a dual-band wireless chipset.
Specifications:
- Ralink RT2880
- 32 MB of RAM
- 4 MB of Flash
- 4x 10/100/1000 Mbps Ethernet (RTL8366SR)
- 802.11abgn (RT2850)
Flash Instructions:
1. Download lede-ramips-rt288x-dap-1522-a1-squashfs-factory.bin
2. Open the web interface and upload the image
Signed-off-by: George Hopkins <george-hopkins@null.net>
EG-200 is a DIN rail mountable device with one ethernet port, wifi,
an RS-485 port, and an internal USB attached uSD card reader.
Two leds, "modbus" and "etactica" are managed by userspace applications
in factory firmware.
Flash instruction:
Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.
Signed-off-by: Karl Palsson <karlp@etactica.com>
uqmi contains a command for directly querying the modem if there
is a valid data connection, so let's use it.
This avoids the cases were all previous tests are succesful, but the
actual data link is not up for some reasons, leading to states were we
thought the link was up when it actually wasn't ..
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Originally, the implementation only checked if uqmi command
execution succeeded properly without actually checking it's returned data.
This lead to a pass, even when the returned data was indicating an error.
Rework the verification to actually check the returned data,
which can only be correct if the uqmi command itself also executed correctly.
On command execution success, value "pdh_" is a pure numeric value.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Debugging shows that using the general method properly cleans on each
run, while the method specifying the client-ID shows "No effect"
even while in connected state.
Fixes several connectivity issues seen on specific modems.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This prevents passing down the HOSTCC stuff set in u-boot.mk
which results in linking errors against openssl:
tools/mxsimage.o: In function `sb_aes_reinit':
mxsimage.c:(.text+0x202): undefined reference to `EVP_CIPHER_CTX_reset'
tools/mxsimage.o: In function `mxsimage_generate':
mxsimage.c:(.text+0x110d): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x114f): undefined reference to `EVP_MD_CTX_free'
mxsimage.c:(.text+0x11c3): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x1323): undefined reference to `EVP_MD_CTX_free'
mxsimage.c:(.text+0x134a): undefined reference to `EVP_CIPHER_CTX_reset'
tools/mxsimage.o: In function `mxsimage_verify_print_header':
mxsimage.c:(.text+0x23ce): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x242c): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x246b): undefined reference to `EVP_MD_CTX_free'
mxsimage.c:(.text+0x24ef): undefined reference to `EVP_CIPHER_CTX_reset'
mxsimage.c:(.text+0x2e52): undefined reference to `EVP_MD_CTX_free'
collect2: error: ld returned 1 exit status
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
It is currently possible to enable connlabel-support in iptables.
However, in order for connlabel to work properly, the kernel module must
also be present. This patch adds support for building the
connlabel-module, and selects it by default when connlabel-support is
enabled.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
ls1012ardb/ls1012afrdm/ls1046ardb/ls1088ardb firmwares now use ubifs
rootfs. So u-boot env should be set accordingly.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Updated ppfe firmware to NXP LSDK1712 release. Used
ppfe firmware git tree on NXP github since it was
migrated here from qoriq-open-source github.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
NXP LSDK1712 release used two rcw git trees. The
original rcw git tree was still source code but
dropping ls1012a/ls1088a/ls2088a boards in LSDK1712.
Instead another new rcw git tree was used to just
provided rcw binaries for these boards dropped. So
this patch is to update ls-rcw to LSDK1712 release
and add a new ls-rcw-bin package.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
fman-ucode had been migrated from qoriq-open-source
github to NXP github. So the Makefile should be fixed
accordingly.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Updated MC firmware to NXP LSDK1712 release. Used
MC firmware git tree on NXP github since it was
migrated here from qoriq-open-source github.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
For hardware that supports multiple h/w output queues, add
a compatible scheduler (NET_SCH_MULTIQ).
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Current code and also before commit da52dd0c83 was vulnerable to shell
injection using volume lables in the GPT partition table of block
devices. Given that partition names can be freely defined in GPT tables
we really shouldn't evaluate a string which is potentially crafted with
evil intentions. Hence rather use `export -n` to absorb the uevent's
variables into the environment.
Fixes commit da52dd0c83 (base-files: quote values when evaluating uevent)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[mschiffer@universe-factory.net: suggested export -n usage]
The kmod-lp package included both lp.ko and ppdev.ko, but ECP device
drivers may or may not require lp NOT to be loaded, needing only ppdev.
Additionally, There were no packages for any parport interface modules,
such as uss720 or parport_pc, provided here. It has not been otherwise
possible to use PC-style parport hardware for kmod-lp.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
The last_rx field was removed from net_device. Since the field wasn't
used by the generic subsystem, and the driver only writes to it, just
remove the usage.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
When sourcing /sys/class/block/*/uevent values have to be quoted as
they may contain spaces (e.g. in PARTNAME).
Fix this by pre-processing with sed before sourcing.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The BDFs for OpenMesh A42 were upstreamed [1] to the ath10k-firmware
repository and are now part of ath10k-firmware 2018-01-26. The
ipq-wifi-openmesh_a42 package can now be dropped because OpenWrt already
ships the QCA4019 board-2.bin from this version.
[1] https://wireless.wiki.kernel.org/en/users/drivers/ath10k/boardfiles
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
* introduces the BDFs for the OpenMesh A42 in
/lib/firmware/ath10k/QCA4019/hw1.0/board-2.bin.
* adds new firmware firmware-6.bin_RM.4.4.1.c1-00037-QCARMSWP-1 for
QCA6174 hw3.0
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
With no warning, it just looks like the box has hung during boot.
We don't want users resetting it without having captured a crashdump.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Compiling the Intel microcode package results in a
microcode.bin and a microcode-64.bin. As we can
decide based on the subtarget which should be used,
we'll only split the required .bin file with
iucode-tool.
x64 will get the intel-microcode-64.bin
All other variants will get intel-microcode.bin
The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Use the Debian repository for sourcing the ucode files.
Current (20171205) includes support for fam17h CPUs already.
The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Add tool to "compile" Intel microcode files. The tool will be
compiled for host (to split the microcode.dat) and for target
(to forcibly reload the microcode if required).
Instead of using the large microcode.bin/microcode-64.bin, the
splitted ucode files (separate for CPU families) will be
installed.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
When we provide the HOSTCFLAGS to the U-Boot build it will fail because
it can not find the u-boot provided header files any more.
Just overwrite and not append the package specific configuration on top
of the configuration provided by u-boot.mk.
uboot-fritz4040 is based on U-Boot 2012.07 and this problem is probably
similar to the problem seen with the lantiq and ar71xx u-boot build.
Fixes: df9781a420 ("u-boot,at91bootstrap: fix incorrect HOSTCPPFLAGS variable")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Once installed fou kernel module allows you to use FOU (Foo over UDP)
and GUE (Generic UDP encapsulation) tunnel protocols.
To get ip fou command working you also need to install ip-full.
Signed-off-by: Filip Moc <lede@moc6.cz>
Since I have no openssl-dev on my machine, I first
get this error:
```
tools/kwbimage.c:21:10: fatal error: openssl/bn.h: No such file or directory
#include <openssl/bn.h>
```
After removing the UBOOT_MAKE_FLAGS the next error is:
```
tools/kwbimage.c:40:6: error: conflicting types for ‘EVP_MD_CTX_cleanup’
void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
```
After removing the OpenSSL patches the next error is:
```
HOSTLD tools/dumpimage
/usr/bin/ld: cannot find -lssl
/usr/bin/ld: cannot find -lcrypto
collect2: error: ld returned 1 exit status
scripts/Makefile.host:108: recipe for target 'tools/dumpimage' failed
make[5]: *** [tools/dumpimage] Error 1
```
So, the final part is to add the build system's
HOST_LDFLAGS to the UBOOT_MAKE_FLAGS.
(which was done in the previous commit)
Then the image builds.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This would should up as `$$(HOSTCPPFLAGS)` in the host CFLAGS.
```
make --jobserver-fds=3,4 -j -C <openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/u-boot-A10-OLinuXino-Lime/u-boot-2017.07 CROSS_COMPILE=arm-openwrt-linux-muslgnueabi- DTC="<openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/linux-sunxi_cortexa8/linux-4.9.76/scripts/dtc/dtc" HOSTCC="gcc" HOSTCFLAGS='-O2 -I<openwrt>/staging_dir/host/include -I<openwrt>/staging_dir/host/usr/include -I<openwrt>/staging_dir/hostpkg/include -I<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/host/include $$(HOSTCPPFLAGS)' HOSTLDFLAGS="" BL31=<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/image/bl31.bin
```
And then it would complain with:
```
/bin/sh: 1: HOSTCPPFLAGS: not found
```
Also, HOSTCPPFLAGS does not exist.
The correct var is HOST_CPPFLAGS.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Activate the support for 64 bit on all 64 bit CPUs and not only x86_64.
ARM64 does not provide an xml file, so do not pack any.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
We use the dtc from the kernel and that does not have all the options
which u-boot would like to use now. make these parameters optional.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3413961 mt7603: avoid reordering qos-null data packets
c60e6db mt76: toggle driver station powersave bit before notifying mac80211
246d548 mt76: stop tx queues from the driver callback instead of common code
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The target it was meant for was updated to a version that this does not
compile with. It probably also hasn't been used in years
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Don't append an empty sendopts value as odhcp6c bails out
immediately on an empty -x option triggering an infinite start
loop of odhcp6c
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commit a26045049b added support for sendopts as a string; since multiple
sendopts values can be specified it makes more sense to model it as a
list of strings.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The ATM subsystem is different from the generic ethernet NICs. The ATM
subsystem requires a callback when a packet has been sent. It means a
tx skb_buff need to be used after it has sent. While the generic NIC
can fill up the TX ring and free skb_buffs if it encounter a ring buffer slot
with an already sent skbuff.
The ATM drivers need call the pop() function after it has send a
single ATM package. The ATM subsystem controls via this ways the queuing.
The ppe engine use DMA channels for read and write. Every atm_vcc has it's
own TX DMA channel and each TX DMA channel has it's own ring buffer.
The old driver had multiple issues:
- Call the subsystem callback at the beginning of tx function (ppe_send).
Didn't allowed the ATM subsystem to control the enqueued package
amount.
- Filled up the TX ring until full and fail futher
- copy or decouple the skb from all other subsystem before giving it
over to TX ring
The new tx path uses interupts.
- call the subsystem callback _after_ it was sent by hardware
- no need to copy our decouple the skb any more
- gives back control to the atm subsystem over the enqueued packages
- use an interupt for every sent atm package
Using interupts shouldn't be a problem because of the slow uplink bandwidth of
ADSL.
The speed _through_ the DSL router was always as high as it should
be, only traffic generated on the router itself were affected.
After changing to new tx path, the speed of iperf's run on the
router itself reached the same speed. The master/trunk wasn't as much
affected because of TCP optimisations (reboot-5022-gb2ea46fe236a).
The following results are taken on the remote server, which receives
the stream over the internet and the DSL line.
The sync moves between every sync a litte bit, but is so far stable
Latency / Interleave Delay: Down: Fast (0.25 ms) / Up: Fast (0.50 ms)
Data Rate: Down: 13.287 Mb/s / Up: 1.151 Mb/s
reboot-5521-g9f8d28285d without patch
[ ID] Interval Transfer Bandwidth Retr
[ 5] 0.00-10.04 sec 947 KBytes 773 Kbits/sec 0 sender
[ 5] 0.00-10.04 sec 928 KBytes 757 Kbits/sec receiver
reboot-5521-g9f8d28285d with patch
[ 5] 0.00-10.06 sec 1.16 MBytes 970 Kbits/sec 0 sender
[ 5] 0.00-10.06 sec 1.15 MBytes 959 Kbits/sec receiver
v17.01.4-239-g55c23e44f4 without patch
[ ID] Interval Transfer Bandwidth Retr
[ 5] 0.00-10.04 sec 87.4 KBytes 71.3 Kbits/sec 0 sender
[ 5] 0.00-10.04 sec 59.6 KBytes 48.7 Kbits/sec receiver
v17.01.4-239-g55c23e44f4 with patch
[ ID] Interval Transfer Bandwidth Retr
[ 5] 0.00-10.05 sec 1.18 MBytes 983 Kbits/sec 1 sender
[ 5] 0.00-10.05 sec 1.15 MBytes 959 Kbits/sec receiver
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
- use release build instead of debug to reduce size
- bump to use latest commit in allwinner tree
Tested on Pine64/1G.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2b7fae4 mt76: fix returnvar.cocci warnings
939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params()
cf59170 mt76x2: dfs: add set_domain handler
5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params()
f76e25f mt76x2: fix WMM parameter configuration
34d612d mt76: retry rx polling as long as there is budget left
0f8327a mt76x2: fix TSF value in probe responses
ad3f8e9 mt76: add an intermediate struct for rx status information
58a41f1 mt76: get station pointer by wcid and pass it to mac80211
b0508d3 mt76: implement A-MPDU rx reordering in the driver code
cf3cfc4 mt76: split mt76_rx_complete
461cdf9 mt76: pass the per-vif wcid to the core for multicast rx
9b2c778 mt76: validate rx CCMP PN
302af90 mt76x2: init: disable all pending tasklets during device removal
9f685fe mt7603: init: disable tbtt tasklet during device removal
c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames
3968dae mt7603: fix 40 mhz channel bandwidth reporting
9c2e03d mt7603: fix rx LDPC reporting
f515dfc mt76: implement AP_LINK_PS
974142c mt76: implement processing of BlockAckReq frames
c5209db mt76: avoid re-queueing A-MPDU rx reorder work if no frames are pending
e67e7a5 mt76x2: do not set status->aggr for NULL data frames
8693864 mt76: check qos ack policy before reordering packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
f0836c7e Update manual pages
25db178b Bump up version number to 1.30.0, LT revision to 29:2:15
1b6713e6 Update AUTHORS
c1a496cf nghttpx: Fix bug that h1 backend idle timeout expires sooner
e098a211 mruby: Fix bug that response header is unexpectedly overwritten
0ba4bf51 Merge pull request #1120 from dylanplecki/issue-1119-mruby-header-overwrite
6deee203 Fix#1119: Stop overwrite of first header on mruby call to env.req.set_header(..)
6761a933 Merge pull request #1105 from nghttp2/nghttpx-upgrade-scheme
5cc3d159 nghttpx: Add upgrade-scheme parameter to backend option
652f57e7 Merge pull request #1104 from nghttp2/allow-ping-after-goaway
acd6b40e Allow PING frame to be sent after GOAWAY
0fbb46ed Merge pull request #1101 from nghttp2/remember-pushed-links
6ad629de Merge pull request #1102 from nghttp2/fix-missing-alpn-validation
74754982 nghttpx: Fix missing ALPN validation (--npn-list)
a31a2e3b nghttpx: Remember which resource is pushed
a776b0db Merge pull request #1092 from nghttp2/define-103
cfd926f0 src: Define 103 status code
72f52716 Bump up version number to 1.30.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Firewall rules don't work as intended without conntrack support. The recent
cleanup removed the kmod-nf-conntrack6 dependency from the iptables
modules; add it to the firewall package instead.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
We don't need two versions of this. The escaping quotes
is so that the sed commands aren't misinterpreted by shell;
it has nothing to do with the contents of the file, thus
one version is adequate.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
By default udhcpc asks for a default list of options; the config option
defaultreqopts allows to tweak this behavior.
When set to 0 udhcpc will not ask for any options except for the options
specified in the reqopts config option.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
By default odhcp6c asks for a default list of options; the config option
defaultreqopts allows to tweak this behavior.
When set to 0 odhcp6c will not ask for any options except for the options
specified in the reqopts config option.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
For minimal firewall setups, NAT support may be unnecessary.
It would be possible to further reduce the minimum number of installed
modules, e.g. by separating IPv4 and IPv6 support or moving conntrack
support into a separate kmod package. We go with a more complete
kmod-nft-core for now, until a concrete usecase for smaller packages
arises.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate
packages, as they are a common dependency of ip(6)tables and nftables. This
avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables
modules depend on nf-conntrack(6) now.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
It's not needed now since commit a621b8c ("include: clean package
staging dir files before configure")
Fixes FS#1309
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The IGB and IXGBE drivers depend on kmod-hwmon core now.
Fixes: af707a178f ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.
Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
a0b5e8944 progress-bar: get screen width on windows
65ceb20df test1454: --connect-to with IPv6 address w/o IPv6 support!
eb6e3c4f6 CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
96186de1f docs: fix man page syntax to make test 1140 OK again
af32cd385 http: prevent custom Authorization headers in redirects
993dd5651 curl: progress bar refresh, get width using ioctl()
9d82cde7b RELEASE-NOTES: synced with bb0ffcc36
bb0ffcc36 libcurl-env.3: first take
ec122c4c8 TODO: two possible name resolver improvements
a5e6d6ebc http2: don't close connection when single transfer is stopped
87ddeee59 test558: fix for multissl builds
da07dbb86 examples/url2file.c: add missing curl_global_cleanup() call
ddafd45af SSH: Fix state machine for ssh-agent authentication
9e4ad1e2a openssl: fix potential memory leak in SSLKEYLOGFILE logic
ca9c93e3e openssl: fix the libressl build again
2c0c4dff0 unit1307: test many wildcards too
2a1b2b4ef curl_fnmatch: only allow 5 '*' sections in a single pattern
cb5accab9 ftp-wildcard: fix matching an empty string with "*[^a]"
25c40c9af SMB: fix numeric constant suffix and variable types
945df7410 CURLOPT_TCP_NODELAY.3: fix typo
8dd4edeb9 smtp/pop3/imap_get_message: decrease the data length too...
84fcaa2e7 openssl: enable SSLKEYLOGFILE support by default
e44ddfd47 mime: clone mime tree upon easy handle duplication.
2c821bba8 docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
a06311be2 test395: HTTP with overflow Content-Length value
67595e7d2 test394: verify abort of rubbish in Content-Length: value
ac17d7947 test393: verify --max-filesize with excessive Content-Length
f68e67271 HTTP: bail out on negative Content-Length: values
0616dfa1e configure.ac: append extra linker flags instead of prepending them.
650b9c1d6 RELEASE-NOTES: synced with 6fa10c8fa
6fa10c8fa setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
3b548ffde setopt: reintroduce non-static Curl_vsetopt() for OS400 support
fa3dbb9a1 http2: fix incorrect trailer buffer size
2a6dbb815 easy: fix connection ownership in curl_easy_pause
89f680473 system.h: Additionally check __LONG_MAX__ for defining curl_off_t
14d07be37 COPYING: it's 2018!
a8ce5efba progress: calculate transfer speed on milliseconds if possible
d4e40f069 scripts: allow all perl scripts to be run directly
e4f86025d mail-rcpt.d: fix short-text description
908a9a674 build: remove HAVE_LIMITS_H check
129390a51 openssl: fix memory leak of SSLKEYLOGFILE filename
272613df0 Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
481539e90 test1554: improve the error handling
593dcc553 test1554: add global initialization and cleanup
dc831260b curl_version_info.3: call the argument 'age'
58d7cd28a brotli: data at the end of content can be lost
a0f3eaf25 examples/cacertinmem: ignore cert-already-exists error
859ac3602 tool_getparam: Support size modifiers for --max-filesize
b399b0490 build: Fixed incorrect script termination from commit ad1dc10e61
a9b774a77 Makefile.vc: Added our standard copyright header
22fddb85a winbuild: Added support for VC15
ad1dc10e6 build: Added Visual Studio 2017 project files
d409640d6 build-wolfssl.bat: Added support for VC15
a4e88317d build-openssl.bat: Added support for VC15
c97648b55 curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
b43755789 examples/rtsp: fix error handling macros
f009bbe1f curl_easy_reset: release mime-related data.
4acc9d3d1 content_encoding: rework zlib_inflate
e639d4ca4 brotli: allow compiling with version 0.6.0.
9c6a6be88 CURLOPT_READFUNCTION.3: refer to argument with correct name
02f207a76 rand: add a clang-analyzer work-around
13ce373a5 krb5: fix a potential access of uninitialized memory
41982b6ac conncache: fix a return code [regression]
5d0ba70e1 curl: support >256 bytes warning messsages
188a43a8f libssh: fix a syntax error in configure.ac
7ef0c2d86 examples/smtp-mail.c: use separate defines for options and mail
621b24505 THANKS: added missing names
cc0cca1ba mailmap: added/clarified several names
9d7a59c8f setopt: less *or equal* than INT_MAX/1000 should be fine
2437dbbf1 vtls: replaced getenv() with curl_getenv()
ef5633d4b RELEASE-NOTES: synced with 3b9ea70ee
3b9ea70ee TODO: Expose tried IP addresses that failed
48c184a60 curl.1: mention http:// and https:// as valid proxy prefixes
76db03dd9 curl.1: documented two missing valid exit codes
63e58b8b4 CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference
671f0b506 Revert "curl: don't set CURLOPT_INTERLEAVEDATA"
4b6f3cff7 tests: mark data files as non-executable in git
98c572ed3 tests: update .gitignore for libtests
e959f16c5 multi_done: prune DNS cache
06a0a26fb mailmap: fixup two old git Author "aliases"
7ab4e7adb openssl: Disable file buffering for Win32 SSLKEYLOGFILE
b1b94305d RESOLVE: output verbose text when trying to set a duplicate name
bbea75ad6 CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
a4a56ec93 sftp: allow quoted commands to use relative paths
9fb5a943f CURLOPT_PRIVATE.3: fix grammar
179ee78e8 curl: remove __EMX__ #ifdefs
9dfb19483 openssl: improve data-pending check for https proxy
9ffad8eb1 curl: don't set CURLOPT_INTERLEAVEDATA
912324024 curl.h: remove incorrect comment about ERRORBUFFER
ebaab4d17 configure: add AX_CODE_COVERAGE only if using gcc
b5881d1fb curl: limit -# update frequency for unknown total size
546e7db78 BINDINGS: another PostgreSQL client
55e609890 CONNECT: keep close connection flag in http_connect_state struct
c103cac3c include: get netinet/in.h before linux/tcp.h
00cda0f9b openldap: fix checksrc nits
ff07f07cc openldap: add commented out debug possibilities
bb0ca2d44 examples: move threaded-shared-conn.c to the "complicated" ones
4fb85b87b RELEASE-NOTES: synced with b261c44e8
b261c44e8 URL: tolerate backslash after drive letter for FILE:
24dcd7466 tests: added netinet/in6.h includes in test servers
76ebd5417 configure: check for netinet/in6.h
0c65678e7 curl-config: add --ssl-backends
ea3a5d07d conncache: only allow multiplexing within same multi handle
415b8dff8 threaded-shared-conn.c: fixed typo in commenta
5254d8bf2 threaded-shared-conn.c: new example
07cb27c98 conncache: fix several lock issues
85f0133ea libssh: remove dead code in sftp_qoute
615edc1f7 sasl_getmesssage: make sure we have a long enough string to pass
440140946 libssh2: remove dead code from SSH_SFTP_QUOTE
6401ddad4 ssh-libssh.c: please checksrc
918530752 libssh: fixed dereference in statvfs access
8dad32bcf RESOURCES: update spec names
a08f5a77c libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS
8843c0939 libssh: no need to call sftp_get_error as ssh_get_error is sufficient
3cef6f22e libssh: fix minor static code analyzer nits
10bb0b471 openssl: pkcs12 is supported by boringssl
8eff32f0b travis: use pip2 instead of pip
b7f534597 lib582: do not verify host for SFTP
a2f396680 libssh: added SFTP support
c75c9d4fb symbols-in-versions: added new symbols with 7.56.3 version
05675ab5a .travis.yml: added build --with-libssh
38aef6dc4 libssh2: return CURLE_UPLOAD_FAILED on failure to upload
75427291e libssh2: send the correct CURLE error code on scp file not found
c92d2e14c Added support for libssh SSH SCP back-end
3973ee6a6 RELEASE-NOTES: synced with af8cc7a69
af8cc7a69 curlver: towards 7.57.1
4b4142491 lib: don't export all symbols, just everything curl_*
9194a9959 SSL: Avoid magic allocation of SSL backend specific data
744ee5838 examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
270494e1a travis: add boringssl build
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts commit 53f62bc5e5.
commit made the builders fail with
"Package kmod-igb is missing dependencies for the following libraries: hwmon.ko"
Signed-off-by: John Crispin <john@phrozen.org>
This fixes the following errors when doing "make package/install"
/home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l
ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory
flock: 1000: Bad file descriptor
Fixes FS#1260
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The IGB and IXGBE drivers depend on kmod-hwmon core now.
Fixes: af707a178f ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.
Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.
No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.
Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Add support for hostapd's radius_client_addr in order to
force hostapd to send RADIUS packets from the correct source
interface rather than letting linux select the most appropriate.
Signed-off-by: Stephan Brunner <s.brunner@stephan-brunner.net>
Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.
Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This commit finally bumps ARC tools to the most recent arc-2017.09 release version.
ARC GNU tools of version arc-2017.09 bring some quite significant changes like:
* Binutils v2.29 with additional ARC patches
* GCC 7.1.1 with additional ARC patches
More information on this release could be found here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2017.09-release
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: John Crispin <john@phrozen.org>
Revert upstream commit 1bd773c077de "wireless: set correct mandatory rate
flags", as it breaks 11s interoperability: nodes can only associate when
neither or both have this patch. As this is a regression from released
versions, revert to the old code for now.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
So that it will not try to run c_rehash with the just built binaries on
certs/demo.
Fixesopenwrt/packages#5432
Reported-by: Val Kulkov <val.kulkov@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The iptables TRACE target is only available in raw table that's why the
dependency was moved from iptables-mod-trace into kmod-ipt-debug
Fixes FS#1219
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2b7fae4 mt76: fix returnvar.cocci warnings
939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params()
cf59170 mt76x2: dfs: add set_domain handler
5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params()
f76e25f mt76x2: fix WMM parameter configuration
34d612d mt76: retry rx polling as long as there is budget left
0f8327a mt76x2: fix TSF value in probe responses
ad3f8e9 mt76: add an intermediate struct for rx status information
58a41f1 mt76: get station pointer by wcid and pass it to mac80211
b0508d3 mt76: implement A-MPDU rx reordering in the driver code
cf3cfc4 mt76: split mt76_rx_complete
461cdf9 mt76: pass the per-vif wcid to the core for multicast rx
9b2c778 mt76: validate rx CCMP PN
302af90 mt76x2: init: disable all pending tasklets during device removal
9f685fe mt7603: init: disable tbtt tasklet during device removal
c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames
3968dae mt7603: fix 40 mhz channel bandwidth reporting
9c2e03d mt7603: fix rx LDPC reporting
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit 666e9cf222.
The change has not been build-tested on non-x86 targets and leads to
stalled kernel builds due to unset configuration symbols there.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
If a device only supports the 2nd verification method (uim),
the first method will fail as expected reporting an error:
"Command not supported"
Silence both separate methods and only report an error regarding
pin verification if both fail.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The kmod-lp package included both lp.ko and ppdev.ko, but ECP device
drivers may or may not require lp NOT to be loaded, needing only ppdev.
Additionally, There were no packages for any parport interface modules,
such as uss720 or parport_pc, provided here. It has not been otherwise
possible to use PC-style parport hardware for kmod-lp.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
This replaces the current patches used to make the kernel headers
compatible with musl with the version which was accepted upstream. This
is included in upstream kernel 4.15.
This was compile tested with iproute2 build on all supported kernel
versions with musl and one one with glibc.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Note this requires libnftnl-1.0.8 or higher, so that update needs
to be merged first.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Also, drop unsupported configure options.
Don't use git retrieve but released tarball instead.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
A DNSSEC validation error was introduced in the fix for CVE-2017-15107
Backport the upstream fix to the fix (a simple typo)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
CVE-2017-15107
An interesting problem has turned up in DNSSEC validation. It turns out
that NSEC records expanded from wildcards are allowed, so a domain can
include an NSEC record for *.example.org and an actual query reply could
expand that to anything in example.org and still have it signed by the
signature for the wildcard. So, for example
!.example.org NSEC zz.example.org
is fine.
The problem is that most implementers (your author included, but also
the Google public DNS people, powerdns and Unbound) then took that
record to prove the nothing exists between !.example.org and
zz.example.org, whereas in fact it only provides that proof between
*.example.org and zz.example.org.
This gives an attacker a way to prove that anything between
!.example.org and *.example.org doesn't exists, when it may well do so.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This patch renames the AVM FRITZ!Box 4040's board-2.bin
file and package to match the 'vendor_product' format.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA988x.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA9887.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9888.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9984.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA4019.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This update automatically includes a new firmware for the QCA6174:
firmware-6.bin_WLAN.RM.4.4.1-00079-QCARMSWPZ-1
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Add sendopts config support allowing to add options in sent DHCPv6 packets.
Options can be configured as follows :
uci set network.wan6.sendopts="sntpservers:3001:3001::1,3001:3001::2 11:00000000000000000000006674692F 0x3e8:ABCDEF"
Based on a patch by Frank Andrieu <fandrieu@gmail.com>
See https://git.openwrt.org/?p=project/odhcp6c.git;a=commit;h=510aaf6d528210c5e8a6159f9b80b32615e88c5f
for a more detailed description.
Latest git changes :
1f93bd4 dhcpv6: rework option passthrough logic
a477e95 odhcp6c: rework userclass and vendorclass command handling
510aaf6 odhcp6c: add -x opt:val support
ab75be1 treewide: update copyrights to 2018
f3a4609 odhcp6c: let odhcp6c_add_state return a success/failure indication
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Obviously not all GPIO controller allow to change the direction. The issue
is around since the beginning of the script but only due to the recent
changes error messages are more visible.
Add a check if a change of the direction is supported by the GPIO
controller and fallback to setting only the value if not.
Fixes: FS#1271
Signed-off-by: Mathias Kresin <dev@kresin.me>
GPIOs are exported as active high to the sysfs, hence the logic need to be
inverted.
Fixes: e66c47fb14 ("base-files: gpio switch: set output value with
direction")
Signed-off-by: Mathias Kresin <dev@kresin.me>
5bae22e ubus/lua: pass notification name to callback
212ceb1 valgrind complained about these
d57907c fix invalid close() call
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Sometimes the hardware will push small packets that trigger a WARN_ON
in mac80211. Discard them early to avoid this issue.
Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
It is no longer actively maintained and does not work well in many
configurations. Fully replaced by wpad-mesh
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Unconditionally enable connmark support and tie it to the conntrack core
module to allow removing this kernel configuration dependency from the
xtables-addons package.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Dnsmasq used SIGHUP to do too many things: 1) set dnssec time validation
enabled, 2) bump SOA zone serial, 3) clear dns cache, 4) reload hosts
files, 5) reload resolvers/servers files.
Many subsystems within LEDE can send SIGHUP to dnsmasq: 1) ntpd hotplug
(to indicate time is valid for dnssec) 2) odhcpd (to indicate a
new/removed host - typically DHCPv6 leases) 3) procd on interface state
changes 4) procd on system config state changes, 5) service reload.
If dnssec time validation is enabled before the system clock has been
set to a sensible time, name resolution will fail. Because name
resolution fails, ntpd is unable to resolve time server names to
addresses, so is unable to set time. Classic chicken/egg.
Since commits 23bba9cb33 (service reload) &
4f02285d8b (system config) make it more
likely a SIGHUP will be sent for events other than 'ntpd has set time'
it is more likely that an errant 'name resolution is failing for
everything' situation will be encountered.
Fortunately the upstream dnsmasq people agree and have moved 'check
dnssec timestamp enable' from SIGHUP handler to SIGINT.
Backport the upstream patch to use SIGINT.
ntpd hotplug script updated to use SIGINT.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Some newer LTE modems, like the MC7455 or EC25-E do not support
"802.3" mode, and will stay in "raw-ip" regardless of the mode being
set.
In this case, the driver must be informed that it should handle all
packets in raw mode. [1]
This commit fixes connectivity issues for these devices.
Before:
[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover
After:
[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending select for 100.66.245.226
udhcpc: lease of 100.66.245.226 obtained, lease time 7200
udhcpc: ifconfig wwan0 100.66.245.226 netmask 255.255.255.252 broadcast
+
udhcpc: setting default routers: 100.66.245.225
[1] https://lists.freedesktop.org/archives/libqmi-
devel/2017-January/002064.html
Tested on cns3xxx using a Sierra Wireless MC7455 LTE-A
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[bumped PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of grepping for NETWORK after calling ipcalc.sh; pass ipcalc.sh as
argument to eval allowing to use $NETWORK to retrieve the IPv4 prefix
(ip4prefix).
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Backport patches that separate spectral scan support from general debugfs
support of ath9k/ath10k; this allows to remove the dependency on
KERNEL_RELAY from these driver packages even with debugfs enabled and
avoids the memory footprint of the relay buffers allocated by ath9k/ath10k
even when they aren't used at all.
The KERNEL_RELAY dependency is moved to a new config symbol that enables
spectral scan support in these drivers.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This feature has been unused for years, and its scope is too limited to be
actually useful.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
18090d9 overlay: fix compilation with glibc
2a9a6ea libfstools: optimize building directory string for glob
de6b026 libfstools: support file paths longer than 255 chars
Signed-off-by: John Crispin <john@phrozen.org>
Board Data File (BDF) is loaded upon driver boot-up procedure. The right
board data file is identified on QCA4019 using bus, bmi-chip-id and
bmi-board-id.
The problem, however, can occur when the (default) board data file cannot
fulfill the vendor requirements and it is necessary to use a different
board data file.
This problem was solved for SMBIOS by adding a special SMBIOS type 0xF8.
Something similar has to be provided for systems without SMBIOS but with
device trees. No solution was specified by QCA and therefore a new one has
to be found for ath10k.
The device tree requires addition strings to define the variant name
wifi@a000000 {
status = "okay";
qcom,ath10k-calibration-variant = "RT-AC58U";
};
wifi@a800000 {
status = "okay";
qcom,ath10k-calibration-variant = "RT-AC58U";
};
This would create the boarddata identifiers for the board-2.bin search
* bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=RT-AC58U
* bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=RT-AC58U
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Use the generic board detection method:
- Board name: First compatible string from the device tree
- Board model: Model property from the device tree
Change occurrences of board name in userspace by the compatible
string, and removed target specific board detection script
Replace the definition of SUPPORTED_DEVICES in Device/Default
to extract the dt compatible string from each device definition.
Additionally, for devices supported by lede-17.01, append
the value of BOARD_NAME to SUPPORTED_DEVICES in the device
definition.
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
There are only artifacts for these boards in our tree and not even
partial support.
Drop teh stale files.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Commit 30f61a34b4 claimed to drop -d & -p
options. In reality only -d was dropped. Update command help text to
reflect that -d is no longer a supported option.
Fixes FS#1187
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
More important bug fix:
402f05c Use full-rate mtu_time in all tins. Fixes an issue where some
cake tins experienced excessive latency since 49776da (dynamically
adjust target)
Minor bug fixes:
31277c2 Avoid unsigned comparison against zero. Fix compiler warning,
no known impact.
8cf5278 ack_filter: fix TCP flag check. A very contrived case may have
lead to dropping a SYN packet that should not be dropped.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Certain DHCP servers push a gateway outside of the assigned interface subnet,
to support those situations, install a host route towards the gateway.
If Gateway and IP are served in same network, openwrt quagga cannot learn
routes (rip routes are not getting added, showing inactive) whereas
working fine when Gateway and IP are in different network.
Signed-off-by: Mogula Pranay <mogula.pranay@nxp.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Renaming an atm etherbride using 'ip link' (via hotplug) is racy since the
original netdev might disappear before br2684ctl has finished appling it's
setting:
local2.notice br2684ctl[1667]: Interface "nas0" created sucessfully
local2.notice br2684ctl[1667]: Communicating over ATM 0.8.35, encapsulation: LLC
kern.info kernel: dsl0: renamed from nas0
kern.err kernel: br2684:br2684_regvcc: tried to attach to non-existent device
local2.err br2684ctl[1667]: Could not configure interface:No such device or address
By passing the final used netdev name to br2684ctl_wrap another race
condition workaround will be enabled again.
Change the lantiq ptm driver to create a netdev with the name dsl as well.
Albeit the rename via 'ip link' works fine so far, using a different
approach for ptm then atm could be confusing.
Signed-off-by: Mathias Kresin <dev@kresin.me>
br2684ctl starts automatically, set up reload triggers, which fire as soon
as a atm driver is loaded. No need to do the reload via the script.
The reload is only required as soon as we can reliable switch between atm
and ptm driver and need to be implemented in a race free way.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Add the uci option nameprefix to specifc a target netdev name. Patch the
br2684ctl code to accept and set a netdev name via commandline parameters.
It allows to use the same netdev name for ATM and PTM lines on lantiq
xdsl hardware.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Mathis Kresin <dev@kresin.me>
These packages are needed to generate the image, better mark them hidden
so we will activate them based on which boards gets build and they will
be activated always when the board which needs then gets build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
These packages are needed to generate the image, better mark them hidden
so we will activate them based on which boards gets build and they will
be activated always when the board which needs then gets build.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The fixes following problems
1. changing prefix at91bootstrap to AT91bootstrap will fix the default
selection of at91bootstrap for the selected sama5 subtarget.
2. fixed missing default selection of sama5d4 nand flash for the
selected sama5d4 subtarget.
3. corrected at91bootstrap Title name.
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
neon and VFPv4 support is added to this target and uboot-at91 build
fails due to TARGET_CFLAGS -mfloat-abi set to hard. as a fix, setting
uboot-at91 CFLAGS -mfloat-abi=soft.
Fixes: 01cc6bd495 ("at91: sama5: activate fpu")
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
Fixes the following dependency error encountered by the buildbots:
Package kmod-w1 is missing dependencies for the following libraries:
hwmon.ko
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
add an uboot able to boot a kernel in an ubi partition
This uboot also has a "recovery" feature, before
booting from flash it will try to boot a initramfs
image called "initramfs.bin" from a FAT32-formatted
USB drive connected to the USB 2.0 port.
(u-boot lacks drivers for usb 3.0 controllers)
Just rename the initramfs image and place it on
the usb drive, the uboot will load it.
In case there is no USB drive or no such file
is found, the uboot will boot from internal flash.
The whole check takes less than a second, boot times
are not impacted.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Use <manufacturer>_<modelname> as image name.
Use the BOARD_NAME variable to ensure that the former used boardname is
still used as the subdirectory name for the sysupgrade-tar image, to
not break sysupgrade from earlier versions.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Build the Seagate GoFlexHome u-boot for the Seagate GoFlexNet as well. The
name clearly indicates that the u-boot can be used for both boards
Build the Zyxel NSA310 u-boot if the NSA310B image is selected.
Signed-off-by: Mathias Kresin <dev@kresin.me>
No image build code for the Guruplug, Sheevaplug and NSA310S exists. Drop
support for the boards for now.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Use the "low" and "high" values to configure the GPIO as an output with
that initial value. It ensures that the gpio doesn't have a unwanted value
during the time the direction is set to ouput and the actual value is
applied.
We don't need to take care of the GPIO polarity for now, since our
exported GPIOs are always active low.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Start gpio_switch before the boot state is set to up/initialised/done.
This way the exported GPIOs are available at the time rc.local is started.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Previously this was only activated for ADSL, this patch activates the
same setting also for VDSL, this feature is also support for VDSL in the
same way it works for ADSL.
I tested it with DSL FW 5.7.9.5.1.7 against a Broadcom 177.140 DSLCO
(Deutsche Telekom) and saw different data rates and Max. Attainable Data
Rates depending on the ds_snr_offset settings I choose.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The previous commit was incorrectly rebased and referred to a not
yet existing PROJECT_GIT variable.
Fixes: d86a269c1f libubox: update to latest git HEAD
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2a9a6ea libfstools: optimize building directory string for glob
de6b026 libfstools: support file paths longer than 255 chars
Signed-off-by: John Crispin <john@phrozen.org>
The NXP 74HC164 GPIO expander driver uses a different config symbol
("CONFIG_GPIO_74X164") and module name since since at least Kernel
version 2.6.37.
Update the kmod package definition accordingly by adjusting kconfig
and module file names.
This unrelated, but correct change has been separated from the
WNR2000v5 support commits.
Ref: https://github.com/lede-project/source/pull/1256
Suggested-by: Raphael Catolino <raphael.catolino@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of inferring the availability of NEON support from the target
optimization flags, use a preprocessor test to decide whether to enable
ARMv8 NEON optimizations.
Fixes the following build error spotted by the mediatek/32 buildbot:
[ 26%] Building C object CMakeFiles/zlib.dir/contrib/arm/inflate.o
In file included from .../zlib-1.2.11/contrib/arm/chunkcopy.h:10:0,
from .../zlib-1.2.11/contrib/arm/inflate.c:87:
.../arm_neon.h:31:2: error: #error You must enable NEON instructions (e.g. -mfloat-abi=softfp -mfpu=neon) to use arm_neon.h
#error You must enable NEON instructions (e.g. -mfloat-abi=softfp -mfpu=neon) to use arm_neon.h
^
In file included from .../zlib-1.2.11/contrib/arm/inflate.c:87:0:
.../zlib-1.2.11/contrib/arm/chunkcopy.h:18:9: error: unknown type name 'uint8x16_t'
typedef uint8x16_t chunkcopy_chunk_t;
^
[...]
CMakeFiles/zlib.dir/build.make:302: recipe for target 'CMakeFiles/zlib.dir/contrib/arm/inflate.o' failed
Fixes: 3acecba520 "package/libs/zlib: Add ARM and NEON optimizations"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
In order to properly support 802.11w, hostapd needs to advertise a group
management cipher when negotiating associations.
Introduce a new per-wifi-iface option "ieee80211w_mgmt_cipher" which
defaults to the standard AES-128-CMAC cipher and always emit a
"group_mgmt_cipher" setting in native hostapd config when 802.11w is
enabled.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When using the uci.sh wrapper, allow parameters to match those supported
by the uci binary i.e. "uci rename <config>.<section>[.<option>]=<name>".
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Some packages such as Python/Python3 (host pip/pip3) needs this
to compile.
More detailed explanation provided by Alexandru:
"i need the zlib/host for Python/Python3 ; because, it seems the
host pip/pip3 needs this to work ; i suspect in older versions
this worked, because some of the host's build env would be used
in the build, and then the zlib-dev from the host distro would
be used ; now, the host-build does not seem to have any
-I/usr/include stuff, which is good
and it also seems that Python/Python3 does not like it if the
zlib-dev package is too old, so using this zlib/host would be
good for this as well"
Source:
https://github.com/lede-project/source/pull/1329#issuecomment-351055861
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Add option to use O3 optimization as not all devices have
space constraints. This option is default using GCC in upstream
but isn't in the CMake makefile for some reason.
Source: https://github.com/madler/zlib/blob/master/configure#L170
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Usage documentation for 'procd_send_signal' states "The signal is SIGHUP
by default, and must be specified by NAME." Make actual behaviour match
the stated documented behaviour.
https://wiki.openwrt.org/inbox/procd-init-scripts
Suggested-by: Jo-Philip Wich <jow@mein.io>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
a5954cf procd: Add %m to several functions that return errno.
810d7a5 procd: Remove redundant errno variable in several printf functions.
fa5ce1c procd: Replace strerror(errno) with %m.
Signed-off-by: John Crispin <john@phrozen.org>
Add the uas(p) module to the modules loaded early on the boot process.
The uas(p) is an modern alternative, which is used by the modern USB3
storage cases, compared to the bot protocol. To be able to use uas(p)
storage cases for extroot, the kernel module has to be loaded before the
search for extroot has been called. This patch changes the load order to
support uas(p) storage cases for extroot.
Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
11efbf3 overlay: fix race condition when switching to jffs2
bdeb95a libblkid-tiny: add support for NTFS superblock
ef2cc03 fstools: Replace strerror(errno) with %m format.
98fd5b4 libblkid-tiny: add support for UBI superblock
Signed-off-by: John Crispin <john@phrozen.org>
Use flock to protect init script from concurrent execution
(of the same script).
Important for services which generate native config files.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Andrejs Hanins <ahanins@gmail.com>
This is needed for procd init script protection to work.
flock adds 4248 bytes to stripped busybox binary.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.
Fixes: FS#1181 - CVE-2017-16544:
Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8https://nvd.nist.gov/vuln/detail/CVE-2017-16544
Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
In current state, if there is START but no STOP, enbale()
will return 1 (failure), which is wrong.
Moreover there is no need to check for START/STOP twice.
Instead, add err variable to save success state and
and return it's value.
Also eliminate the need to disable() by using 'ln -sf',
which will first delete the old symlink if one exists.
Changes from v1:
- fixed description
Signed-off-by: Roman Yeryomin <roman@advem.lv>
5beb95d lua: additionally return name when looking up sections
ff33bb2 lua: support extended section notation
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fix overhead accounting error introduced by f33c4d6 refactor
cake_advance_shaper and ack_filter
Symptoms were links running under rate.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Enabling IPTABLES_NFTABLES resulted in an error during build:#
*** No rule to make target '../extensions/libext.a',
needed by 'xtables-compat-multi'."
Comments from Alexander Lochmann and Fedor Konstantinov in FS#711
provided fixes for this build error, allowing iptables to compile.
https://bugs.lede-project.org/index.php?do=details&task_id=711.
This commit updates the Makefile.am xtables_compat_multi_LDFLAGS
and _LDADD, moving linking of extensions to LDFLAGS.
Signed-off-by: rektide de la faye <rektide@voodoowarez.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 8170f280c4 ("base-files: set FAILSAFE in /etc/profile when
/tmp/.failsafe exists")
Since dropbear clears the environment, FAILSAFE was not set as intended in
failsafe mode. This also broke sysupgrade from failsafe mode over SSH.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Unconditionally pass TARGET_CPPFLAGS (not passed at all before) and
TARGET_LDFLAGS (passed only in certain non-default configuration before the
Makefile streamlining). Without these flags, hardening options
(PKG_FORTIFY_SOURCE and PKG_RELRO) were not actually applied to busybox.
The addition of these flags increases the size of the stripped busybox
binary by about 6KB (~4KB with fortify headers, ~2KB with "-znow -zrelro")
with the default hardening options PKG_FORTIFY_SOURCE_1 and PKG_RELRO_FULL.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Use default Build/Install steps where possible. No binary change in default
configuration, so PKG_RELEASE is not incremented.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Send a SIGHUP signal via procd to the dnsmasq service so the instance(s)
re-read(s) the /tmp/hosts/dhcp config.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If the hostname in /etc/config/system is modified the dnsmasq should also
get triggered to rewrite/reload the config.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
PKG_BUILD_DIR was defined with quoting PKG_VERSION in
layerscape package makefiles. Now PKG_VERSION has been
removed from these makefiles. When PKG_BUILD_DIR quotes
PKG_VERSION, '=' should be used instead ':=' to make
sure PKG_VERSION has been defined in common makefile.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Intel motherboards (as well as the Cavium ThunderX SoC) use a
superset of the I2C protocol called SMBus.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
439b9b6c (tag: v1.29.0) Update manual pages
48498452 Bump up version number to v1.29.0, LT revision to 29:1:15
d30f3816 Update manual pages
4d1139f6 Remove SPDY
48f57407 nghttpx: Update doc
c1f14d73 Update manual pages
216f4dad nghttpx: Remove redundant check
a4e27d76 Revert "nghttpx: Use an existing h2 backend connection as much as possible"
2365f12e Fix CMAKE_MODULE_PATH
03f7ec0f nghttpx: Write API request body in temporary file
2056e812 nghttpx: Increase api-max-request-body
1ebb6810 nghttpx: Faster configuration loading with lots of backends
a3ebeeaf nghttpx: Fix crash with --backend-http-proxy-uri option
422ad1be Use NGHTTP2_REFUSED_STREAM for streams which are closed by GOAWAY
97f1735c Bump up version number to 1.29.0
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
f40f84c support PantechMode
d8dc335 support Quanta and Blackberry modes
333e486 fix support for Option modems
Signed-off-by: John Crispin <john@phrozen.org>
7aa2594 odhcpd: Replace strerror(errno) with %m format
750e457 Support muliple RAs on single interface
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The git hash was changed for multiple layerscape packages without
changing the version number. The LEDE build system will not download the
packages again if the old version is already there and so some people
and the build bots are using wrong version of some packages. Use
PKG_SOURCE_DATE instead of PKG_VERSION to generate packages with the
date and the first charterers of the git hash. This will change the file
name and make the build system download them again, also if in future
the git hash is changed the file name will change and trigger a new
download.
This should fix a problem spotted by build bot.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The LinkIt Smart 7688/LinkIt Smart 7688 Duo are identical beside the
extra ATmega32U4 - accessible via UART - on the the Duo.
Since all relevant hardware is identical, drop the Duo special handling
in userspace.
Signed-off-by: Mathias Kresin <dev@kresin.me>
In commit 2b1ec44dbd ("layerscape: add ls1012afrdm device support")
The git revision and the mirror hash for this package was updated to a
version which includes ls1012afrdm-uboot.bin, but the file name at
dl/uboot-layerscape-armv8_32b-2017.09.tar.xz staid the same. This way
most user did not download the new version but used the old file.
Convert this package to the normal git clone parameters by using
PKG_SOURCE_DATE instated of PKG_VERSION, now the file name in dl also
contains the git hash and should change every time the git hash is
updated.
This should fix a problem spotted by build bot.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
LEDE Flyspray Task 1091:
Fix libiconv-full 'undefined reference' compile linker error using GCC7 Musl
Tested with targets x86 (i386 and x86_64)
Addition of CFLAGS "std=gnu89" fixes the linker issues, credit to harrylwc
Issue found with 'minidlna' package, which depends on 'libiconv-full'
Error in compile log:
../lib/.libs/libiconv.so: undefined reference to `aliases_lookup'
../lib/.libs/libiconv.so: undefined reference to `aliases2_lookup'
collect2: error: ld returned 1 exit status
Makefile:64: recipe for target 'iconv_no_i18n' failed
Signed-off-by: Jake Staehle <jacob@staehle.us>
Use <manufacturer>_<modelname> as image name.
Use the BOARD_NAME variable to ensure that the former used boardname is
still used as the subdirectory name for the sysupgrade-tar image, to
not break sysupgrade from earlier versions.
While at it, normalise the image filenames by using only lower case
characters and bin as file extension for sysupgrade images.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Use the first compatible string as board name in userspace. Add the new
board name as well as the former used board name to the image metadata
to keep compatibilty with already deployed installations.
Don't add the former used boardname for boards which exists only in
master or evaluation boards.
Signed-off-by: Mathias Kresin <dev@kresin.me>
kmod-lib-lzo and kmod-lib-lz4 depend in kernel 4.14 on
kmod-crypto-acompress, add this missing dependency.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
CONFIG_FRAMEBUFFER_CONSOLE does not activate new modules any more in
kernel 4.14, but CONFIG_FRAMEBUFFER_CONSOLE is now a boolean option
which change the kmod-fb package. kmod-fbcon should be split up.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This deactivates the following options which were introduced between
kernel 4.9 and 4.14 in some kernel packages:
CONFIG_INET_ESP_OFFLOAD
CONFIG_INET6_ESP_OFFLOAD
CONFIG_LWTUNNEL_BPF
CONFIG_NET_9P_XEN
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In kernel 4.14 kmod-bluetooth depends on kmod-crypto-ecdh, add
kmod-crypto-ecdh to LEDE.
Both packages also depend on the kmod-crypto-kpp package. To build this
we have to fix the dependency of CRYPTO_ECDH which has a typo.
This patch is already accepted upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In kernel 4.14 kmod-crypto-hw-ccp depends on kmod-crypto-rsa, add it.
kmod-crypto-rsa also packages the ASN1 parser and some other code which
is currently only used by this module.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In kernel 4.14 kmod-dm depends on kmod-dax.
Add DAX: "Direct access to differentiated memory" to LEDE.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In kernel 4.14 hwmon support can be deactivated for the tg3 driver,
deactivate it by default to save some space.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The default e1000e parameters (interrupt throttling rate, MSI/MSI-X
mode) are optimized for desktop and server computers to optimize
user-space execution (i.e. what's typically referred to as "useful"
work). This assumption breaks on a router under load where most of
the "useful" work actually takes place either in hardware interrupt
handlers (IRQ) or at software IRQ (swirq) modes, so we try to reflect
that by overriding these parameters with more appropriate values.
Patch-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
There has been recent significant activity with the cake qdisc of late
Some of that effort is related to upstreaming to kernel & iproute2
mainline but we're not quite there yet. This commit teaches tc how to
activate and interprete the latest cake operating modes, namely:
ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.
ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
There has been recent significant activity with the cake qdisc of late
but in the cobalt branch. Some of that effort is related to upstreaming
to kernel & iproute2 mainline but we're not quite there yet. Relevant
feature changes:
ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.
ptm mode: Minor optimisation in packet overhead calculation.
dual-src/dsthost/triple-isolate: Optimise only calculating src or dst
host hashes only if required.
ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.
A separate iproute2 patch to teach it about Cake's new features will
follow.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Remove PACKAGE_uhttpd_debug config as this is an unused leftover
Add CONFIG_uhttpd_lua to PKG_CONFIG_DEPENDS
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Since /overlay/upper appeared, -b ignored -c silently (cause it was
still checking for /overlay/etc). Now, if /overlay/upper is absent,
sysupgrade -c will fail and exit verbosely.
Fix -l to consider -c (it never did).
Clean up to always use /overlay/upper/xxx instead of still checking
for /overlay/xxx.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Lantiq and IPQ806X (which includes IPQ40XX) both define the
same custom function {ipq806x|lantiq}_get_dt_led.
This patch moves the function into the base-file package at
lib/functions/leds.sh to make it more accessible for other
targets as well.
Cc: Mathias Kresin <dev@kresin.me>
Cc: John Crispin <john@phrozen.org>
Cc: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
To not clutter the system when building an opkg free image, generate the
distfeeds.conf only if CLEAN_IPKG is unset.
Since opkg is now a shared package, we can't rely on PACKAGE_opkg, but
since opkg is not reasonably usable without the status information, we
can tie the distfeeds.conf to it.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Ensure /etc/opkg exists before trying to write there. This fixes a build
failure if SIGNED_PACKAGES is disabled.
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
All the relevant options used for distfeeds.conf are part of base-files,
so it makes more sense to move the file there as well.
This has the added benefit that the we can share the opkg package again,
reducing the amount of target specific packages.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Bump to latest WireGuard snapshot release:
44f8e4d version: bump snapshot
bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x
679e53a chacha20: avx512vl implementation
10b1232 poly1305: fix avx512f alignment bug
5fce163 chacha20poly1305: cleaner generic code
63a0031 blake2s-x86_64: fix spacing
d2e13a8 global: add SPDX tags to all files
d94f3dc chacha20-arm: fix with clang -fno-integrated-as.
3004f6b poly1305: update x86-64 kernel to AVX512F only
d452d86 tools: no need to put this on the stack
0ff098f tools: remove undocumented unused syntax
b1aa43c contrib: keygen-html for generating keys in the browser
e35e45a kernel-tree: jury rig is the more common spelling
210845c netlink: rename symbol to avoid clashes
fcf568e device: clear last handshake timer on ifdown
d698467 compat: fix 3.10 backport
5342867 device: do not clear keys during sleep on Android
88624d4 curve25519: explictly depend on AS_AVX
c45ed55 compat: support RAP in assembly
7f29cf9 curve25519: modularize dispatch
Refresh patches.
Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
As MD5 is known weak for many years and more and more
penetration test tools complain about enabled MD5 HMAC
I think it's time to drop it.
By disabling the MD5 HMAC support dropbear will also
automatically use SHA1 for fingerprints.
This shouldn't be a problem too.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Add config option which allows to enable/disable DHCP support at compile
time. Make DHCPv6 support dependant on DHCP support as DHCPv6 support
implies having DHCP support.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
- use %d instead of %n for opkg feed identifiers
- remove %n / %N references from version files
Fixes bf5cef47b3 merge: release/banner: drop release name and update banner.
Fixes FS#1213.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
udhcpc doesn't send a hostname by default. Use the system hostname if
nothing else is specified, to always send a hostname.
It syncs the behaviour to odhcpc, which always sends a hostname.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Kernel and rootfs in a subdirectory matching the userspace boardname,
was intended to use a single sysupgrade-tar archive for multiple boards
with different kernel/rootfs images. This feature was never used.
Use the first found directory in the tar archive instead of relying on
a directory named according to the userspace boardname.
It allows to change the boardname without adding another compatibility
layer - using the nand_board_name() function - for (sub)targets using
the metadata based image validation in favour to
nand_do_platform_check().
Signed-off-by: Mathias Kresin <dev@kresin.me>
This patch fixes two issues with the current get_partitions()
function.
First: "Invalid partition table on $disk" will pop up on
legitimate images on big endian system.
This is because the little-endian representation of "55 AA" is
assumed in the context of little-endian architectures. On these
comparing it to the 16-bit word 0xAA55 does work as intented.
Whereas on big-endian systems, this would have to be 0x55AA.
This patch fixes the issue by replacing the integer conversion
and value match check with just a string comparision.
Second: The extraction of the type, start LBA and LBA num from
the partition table has the same endianness issue. This has been
fixed by using the new hex_le32_to_cpu() function. This function
will translate the stored little-endian data to the correct
byte-order if necessary.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.2.1-00058 firmware for the QCA4019.
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
d02a05b mt7603: update firmware to version 20160107100755
4d4cd05 Partially revert "mt7603: use mcu command to set timing registers, fix OFDM timeout values"
170f334 mt76x2: remove MAC address limitation for multi-vif setups
3563b8f mt76x2: clean up MAC/BSSID address initialization
9de77e1 mt76x2: drop wiphy->addresses
a6a6e25 mt76x2: init: disable APCLI by default
c64633e mt76x2: configure rx filter based on monitor mode setting
ac815fa mt76x2: init: fix rx filter default value during init
e504656 mt7603: configure other-unicast drop based on monitor mode setting
Signed-off-by: Felix Fietkau <nbd@nbd.name>
add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)
Fixes CVEs: CVE-2017-3737, CVE-2017-3738
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Different invocations of the dnsmasq init script (e.g. at startup by procd)
will rewrite the dhcp host file which might result into dnsmasq reading an
empty dhcp host file as it is being rewritten by the dnsmasq init script.
Let the dnsmasq init script first write to a temp dhcp host file so it does
not overwrite the contents of the existing dhcp host file.
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.
Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.
Make this option configurable via UCI, but disabled by default.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
Tiny variant supports a subset of the ip commands; align the ip help
text so it actually reflects which commands are supported in the
tiny variant.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Preserves optionality of libmnl by letting configuration
script follow the HAVE_MNL environment variable.
Signed-off-by: Russell Senior <russell@personaltelco.net>