CVE-2017-15107
An interesting problem has turned up in DNSSEC validation. It turns out
that NSEC records expanded from wildcards are allowed, so a domain can
include an NSEC record for *.example.org and an actual query reply could
expand that to anything in example.org and still have it signed by the
signature for the wildcard. So, for example
!.example.org NSEC zz.example.org
is fine.
The problem is that most implementers (your author included, but also
the Google public DNS people, powerdns and Unbound) then took that
record to prove the nothing exists between !.example.org and
zz.example.org, whereas in fact it only provides that proof between
*.example.org and zz.example.org.
This gives an attacker a way to prove that anything between
!.example.org and *.example.org doesn't exists, when it may well do so.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The patch 0022-dts-ipq4019-support-ARMv7-PMU.patch
was merged into 4.8-rc1.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[refresh patches]
Signed-off-by: Mathias Kresin <dev@kresin.me>
During the integration of the ipq40xx target,
the phy drivers were included into the ipq806x's
target kernel config.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch renames the AVM FRITZ!Box 4040's board-2.bin
file and package to match the 'vendor_product' format.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch aligns the device-tree file with the latest
guidelines.
- No longer include qcom-ipq4019-ap.dk01.1.dtsi. This
file is only partially upstream and therefore subjected
to changes that might not be compatible with the board.
As a result, the definitions from the file have been
copied into this dts.
- exclusively use decimal GPIO addresses.
- reorganize the reserved-memory layout to waste less
memory. There's no point in keeping the u-boot loader
around. This should also make it possible to create
an image that will boot with the original EVA/ADAM2 loader
without needing to install the modified u-boot loader.
And finally mark the "tz-apps" as reusable.
There isn't a way to upload apps to the trust-zone in OpenWrt
yet. But it might see some use in the future as a "secure"
key-store/TPM.
- sort the first-level nodes alphabetically.
- sort nodes with an address by the address.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA988x.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA9887.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9888.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9984.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA4019.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This update automatically includes a new firmware for the QCA6174:
firmware-6.bin_WLAN.RM.4.4.1-00079-QCARMSWPZ-1
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Add sendopts config support allowing to add options in sent DHCPv6 packets.
Options can be configured as follows :
uci set network.wan6.sendopts="sntpservers:3001:3001::1,3001:3001::2 11:00000000000000000000006674692F 0x3e8:ABCDEF"
Based on a patch by Frank Andrieu <fandrieu@gmail.com>
See https://git.openwrt.org/?p=project/odhcp6c.git;a=commit;h=510aaf6d528210c5e8a6159f9b80b32615e88c5f
for a more detailed description.
Latest git changes :
1f93bd4 dhcpv6: rework option passthrough logic
a477e95 odhcp6c: rework userclass and vendorclass command handling
510aaf6 odhcp6c: add -x opt:val support
ab75be1 treewide: update copyrights to 2018
f3a4609 odhcp6c: let odhcp6c_add_state return a success/failure indication
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
According to console log during TP-Link TL-WR840N v5 OEM firmware update
procedure 0x3e0000-0x3f0000 64kB "config" partition, which is used to store
router's configuration settings, is erased and recreated again during every
OEM firmware update procedure, thus does not contain any valuable factory data.
So it is conviniant to use this extra 64kB erase block for jffs overlay due
limited flash size on this device like it used on TP-Link's ar71xx boards.
Signed-off-by: Serg Studzinskii <serguzhg@gmail.com>
The platform_check_image() stub need to return 0 for success, otherwise
the sysupgrade will fail with:
Image check 'platform_check_image' failed.
Fixes: aa6f5f1787 ("kirkwood: use image metadata")
Signed-off-by: 尤晓杰 <yxj790222@163.com>
[reworded commit message}
Signed-off-by: Mathias Kresin <dev@kresin.me>
Use the first found directory in the tar archive instead of relying on
a directory named according to the userspace boardname.
It allows to change the boardname without adding another compatibility
layer to the zyxel sysupgrade.
Fixes: 33f09cf151 ("ipq806x: convert to dt-based board-detection")
Signed-off-by: Mathias Kresin <dev@kresin.me>
Obviously not all GPIO controller allow to change the direction. The issue
is around since the beginning of the script but only due to the recent
changes error messages are more visible.
Add a check if a change of the direction is supported by the GPIO
controller and fallback to setting only the value if not.
Fixes: FS#1271
Signed-off-by: Mathias Kresin <dev@kresin.me>
GPIOs are exported as active high to the sysfs, hence the logic need to be
inverted.
Fixes: e66c47fb14 ("base-files: gpio switch: set output value with
direction")
Signed-off-by: Mathias Kresin <dev@kresin.me>
5bae22e ubus/lua: pass notification name to callback
212ceb1 valgrind complained about these
d57907c fix invalid close() call
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Sometimes the hardware will push small packets that trigger a WARN_ON
in mac80211. Discard them early to avoid this issue.
Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This directory is never created, nor is it used anywhere. Using it in
HOST_LDFLAGS causes a linker warning to be emitted on macOS, which
messes with cmake configure tests.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
For eclipse users, .project is always created inside the project.
For users of CDT within Eclipse, add also .cproject, thanks Dirk
Feytons.
Signed-off-by: Catrinel Catrinescu <cc@80211.de>
The setup code of the OpenMesh OM5P ACv2 device uses nothing
from the mdio-gpio.h header, so remove the inclusion of that.
Also remove the kernel version check which is needed only
because the mdio-gpio.h header exists in a different path
in older kernels.
Compile tested only.
Cc: Sven Eckelmann <sven.eckelmann@openmesh.com>
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
In commit fce35bce0f ("config: support new symbol intro'd in kernel
4.12")
I forgot to remove the initial debug test line.
This clearly is wrong as the same symbol is defined conditionally in the
line below as it should be.
I looked over it as I just checked if the symbol was present now upon
testing it.
Fixes: fce35bce0f ("config: support new symbol intro'd in kernel
4.12")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Commit e15c63a375 ("ar71xx: add support for MikroTik RouterBOARD wAP
G-5HacT2HnD (wAP AC") broke the format of the patches. In unified diff
format, the unchanged, contextual lines must be preceded by a space
character.
Refresh the patches with quilt to fix them.
Fixes: e15c63a375 ("ar71xx: add support for MikroTik RouterBOARD wAPG-5HacT2HnD (wAP AC")
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
The patches introduced in commit 20e68f6d39 ("ar71xx: kernel: enable
PCI on QCA9556 SoC") have non standard format. In unified diff format,
the unchanged, contextual lines must be preceded by a space character.
Refresh the patches with quilt to fix them.
Fixes: 20e68f6d39 ("ar71xx: kernel: enable PCI on QCA9556 SoC")
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
The setup code defines four individual structures for the
Reset buttons of the supported boards. The only difference
between the definitions is the GPIO number used for the
button.
Replace the different structures with one generic variant,
and add a helper function to simplify the button registration.
Signed-off-by: Gabor Juhos <juhosg@freemail.hu>
The Gateworks GW5520 board uses 2x intel gigabit mac's, instead of the
internal i.MX6 FEC.
Add support for these.
Signed-off-by: Scott V. Kamp <outbackdingo@gmail.com>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
It is no longer actively maintained and does not work well in many
configurations. Fully replaced by wpad-mesh
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Picking commit from QSDK
https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?h=eggplant&id=a86bda9f8a7965f0cedd347a9c04800eb9f41ea3
Commit message:
"During removal of the glue layer(dwc3-of-simple), USB master reset is set to active and during insertion it is de-activated."
Change-Id: I537dc810f6cb2a46664ee674840145066432b957
Signed-off-by: Vasudevan Murugesan <vmuruges@codeaurora.org>
(cherry picked from commit 4611e13580a216812f85f0801b95442d02eeb836)"
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
A newer clk and cpufreq drivers for ipq806x platform had been sent upstream.
A change that i have noticed is that now it's possible to set min, cur and max frequencies from sysfs (previously it was bugged and caused nothing).
Following patches are removed:
- 0036-clk-Avoid-sending-high-rates-to-downstream-clocks-du.patch - seems it was dropped from the patchset by current committer.
- 0044-clk-qcom-krait-Remove-CLK_IS_ROOT.patch - already applied to the driver itself in the corresponding patch.
- 0057-clk-qcom-Add-regmap-mux-div-clocks-support.patch - seem to be irrelevant to ipq806x.
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
According to QSDK and OEM tarballs (checked c2600, r7500v2, r7800) 2nd pci slot (pci1, 2,4 GHz card)) on ap148 based boards should operate in gen1 mode.
EA8500 is an exception and according to GPL pcie0 should operate in gen1 mode.
In previous commit we've added the support for this option, so enable it in DT for affected devices.
QSDK ref:
https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?h=release/endive_preview_cc&id=f3b07fe309027c52fc163149500cedddd707c506
While at it move the phy transmit termination offset value into dtsi file as it's platform specific.
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
