Update to dnsmasq2.76. Refresh patches. Add new patch to fix musl
'poll.h' location warning.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Storage of such zones is provided by a nf_ct_ext struct, hence conntrack
memory foot print will not be increased if zones are not used.
Signed-off-by: Alin Năstac <alin.nastac@gmail.com>
According to the author, all SPI related configs are copy & paste
leftovers. Which makes sense since nothing is connected to the SPI bus
on this device.
The NOR SPL isn't required for this board, since the NOR is directly
memory mapped.
Allow to overwrite the env in ram while using brn variant. Do not set
the power GPIO pin twice.
Signed-off-by: Mathias Kresin <dev@kresin.me>
use:
- 00nn for u-boot patches
- 01nn for new boards
While doing the rework, the board definitions for the easy50712 and
easy80920 were moved to distinct board definitions patches.
Signed-off-by: Mathias Kresin <dev@kresin.me>
wolfssl has a fine grained feature and compatibility control
for compiling stunnel, lighthttp or (partly) openssl dropin
ustream-ssl uses features that require normally
HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers
ar71xx ipkg sizes of wolfssl 3.9.0:
- with stunnel: 144022
- this patch (w.o. stunnel): 131712
- without openssl(extra): 111104
- w.o openssl/sni:108515
- w.o openssl/sni/ecc: 93954
so patch 300 saves around 12k compressed ipkg size
v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl
that broke with v1
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
Typo, missing space before ] in previous commit caused shell syntax
failure and incorrect restoration of time.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
fixes:
CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL
- remove crypto auth compile fix
curl changelog of 7.46 states its fixed
- fix mbedtls and cyassl usability #19621 :
add path to certificate file (from Mozilla via curl) and
provide this in a new package
tested on ar71xx w. curl/mbedtls/wolfssl
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
conditionally save dnsmasq.time across sysupgrade
dnsmasq uses /etc/dnsmasq.time as record of the last known good
system time to aid its validation of dnssec timestamps. dnsmasq
updates the timestamp on process start/stop once it considers the system
time as valid. The timestamp file should be preserved across system
upgrade but should not be included as part of normal configuration
backups to prevent restores corrupting the current timestamp.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps. By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the
last time that dnsmasq considered current even though that time is in
the past. Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.
In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of LEDE shutdown/reboot.
Either way, including /etc/dnsmasq.time as a time source for
sysfixtime is not helpful.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
conditionally save dnsmasq.time across sysupgrade
dnsmasq uses /etc/dnsmasq.time as record of the last known good
system time to aid its validation of dnssec timestamps. dnsmasq
updates the timestamp on process start/stop once it considers the system
time as valid. The timestamp file should be preserved across system
upgrade but should not be included as part of normal configuration
backups to prevent restores corrupting the current timestamp.
dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps. By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the
last time that dnsmasq considered current even though that time is in
the past. Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.
In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of LEDE shutdown/reboot.
Either way, including /etc/dnsmasq.time as a time source for
sysfixtime is not helpful.
Some SSL applications requires a certificates bundle rather
than a directory containing certificates. For thos applications
we build the ca-bundle package
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
Add packaging of it87 hardware monitor kernel module. It is
a common thermal and voltage monitor that is in many x86
(at least) devices, and is just another i2c hwmon module.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
The patch 300-ath9k-force-rx_clear-when-disabling-rx.patch broke TX99 support
in ath9k. Fix the patch by only applying rx_clear if TX99 mode is not used.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
The libusb package is not parallel build save, a make -j16 reliably breaks it.
Forcibly disable parallel building.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
the recent fixes to make mount_root work during failsafe caused lots of
unwanted side effects. use the new preinit sentinel file to detect if
we are in preinit. this will also work if logged in via ssh.
Signed-off-by: John Crispin <john@phrozen.org>
- Update the terminal window title with the current directory and hostname, if using an xterm-compatible terminal emulator.
- Add ll, an useful alias to ls.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
This was found while investigating why luarocks does not work. It was
traced to a quite old lnum patch for 5.1.3. I compared against the
latest 5.1.4 patch - https://github.com/LuaDist/lualnum and discovered
the lessthan/lessequal evaluation was not falling through to the
call_orderTM (tag methods).
I have tested LuCI (simple tests) and used the following lua code to
validate the patch (both host and target patches supplied): -
> local my_mt = {
> __eq = function(v1, v2)
> print("__eq")
> return false
> end,
> __lt = function(v1, v2)
> print("__lt")
> return false
> end,
> __le = function(v1, v2)
> print("__le")
> return false
> end
> }
>
> function get_my(vstring)
> local my = {}
> my.string = vstring;
> setmetatable(my, my_mt);
> return my;
> end
>
> local a = get_my("1.0")
> local b = get_my("1.0")
>
> local eq_works = a == b;
> local lt_works = a < b;
> local gt_works = a > b;
>
> local lte_works = a <= b;
> local gte_works = a >= b;
Without the patch the following error will be presented: -
“attempt to compare two table values”
Signed-off-by: David Thornley <david.thornley@touchstargroup.com>
Update the dropbear package to version 2016.73, refresh patches.
The measured .ipk sizes on an x86_64 build are:
94588 dropbear_2015.71-3_x86_64.ipk
95316 dropbear_2016.73-1_x86_64.ipk
This is an increase of roughly 700 bytes after compression.
Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The original iperf package is unmaintained. This switches to the "iperf2"
project on sourceforge, a fork that started where the previous iperf left
off.
Version 2.0.8 fixes the issue that patch 002 handled, so that can be dropped.
Due to a faulty check in configure.ac, this version needs _GNU_SOURCE
defined to build properly against musl. Various other obsolete build
options were also removed.
Signed-off-by: Bert Vermeulen <bert@biot.com>
The option --disable-utmpx was deleted by accident in commit 7545c1d;
add it again to the CONFIGURE_ARGS list
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
this patch fixes a bug when using uclibc on MIPS. The bug does not exist when
using musl, so drop the fix.
Signed-off-by: John Crispin <john@phrozen.org>
The json_select call fails when there are no roles or ports objects in board.json. "json_select .." must not be executed after failing.
This fixes for example LEDs not being set up in /etc/config/system.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
Remove the udhcpc -R release option as sending a DHCP release
is configurable via the uci option release.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The patch made sure the ncursesw library was not selected to save space,
but that library doesn't exist in this distribution at all.
Signed-off-by: Bert Vermeulen <bert@biot.com>
Currently system log is always included as a part of ubox.
Add logd as a seperate package and add it to default packages list.
Signed-off-by: Andrej Vlasic <andrej.vlasic@sartura.hr>
SVN-Revision: 49285
So far fixtrx was calculating checksum over amount of data matching
partition erase size. It was mostly a workaround of checksum problem
after changing anything in initial TRX content (e.g. formatting JFFS2).
Its main purpose was to make bootloader accept modified TRX. This didn't
provide much protection of flash data against corruption.
This new option lets caller request calculating checksum over a bigger
amount of data. It may be used e.g. to include whole kernel data for
checksum and hopefully make bootloader go info failsafe mode if
something goes wrong.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
We plan to adjust usage of the main buffer to allow reading custom
amount of data for CRC32. This means we need another buffer that will be
always block aligned.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
1) Put sanity checks in one place
2) Respect provided offset
3) Read only as much data as needed for MD5 calculation
Thanks to the last change this is a great speedup and memory saver. On
devices with NAND flash we were allocating & reading about 128 MiB while
something about 8 MiB is enough.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
This avoid long (and unneeded) process of reading all data in case of
running on MTD not containig Seama entity.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
On platforms supporting both: TRX and Seama calling "fixtrx" was
resulting in trying to fix Seama as well.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Packages may install scripts into /etc/uci-defaults to be executed once
after installation, usually at the first boot of the target. This works
fine if the package was installed to the rootfs during build or using
the ImageBuilder.
If the package is installed using opkg during run-time uci-defaults
were applied only after a reboot of the device. Avoid the need to
reboot by evaluting the package's uci-defaults in default-postinst.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Bump to the latest version, fixes several security issues:
* CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176
More details at https://www.openssl.org/news/openssl-1.0.2-notes.html
Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>