Currently both libustream-polarssl and libustream-mbedtls
variants define themselves as the DEFAULT_VARIANT
Remove extra DEFAULT_VARIANT from libustream-polarssl.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Later OpenVPN 2.3-openssl versions only enable
TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE
cipher suites. ECDHE key exchange is not supported by
OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE
OpenVPN 2.4-mbedtls clients to connect to such servers.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Reported-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reported-by: Lucian Cristian <luci@createc.ro>
Secp384r1 is the default curve for OpenVPN 2.4+. Enable this to
make OpenVPN-mbedtls clients able to perform ECDHE key exchange
with remote OpenVPN 2.4-openssl servers that use the default
OpenVPN curve.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
An external reset patch for AR955x accidentally led to external reset
being issued twice on AR913x, once before the RTC reset and once after.
This may be causing some stability issues.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit was added to improve reset time on old SoC devices that run
into chip hangs more frequently. However with the more recent addition
of full WMAC reset on these chips, it could be problematic.
Drop this patch to ensure that DMA activity is really stopped before the
chip reset is issued
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Opkg's builtin decompression code is unsuitable to process nested archives as
it uses a single shared state and relies on undefined seek behaviour for pipes.
Rework the extraction logic to use the external gzip command as I/O filter for
decompressing data and remove the builtin inflate code entirely.
This shrinks the final opkg binary by about 4KB and results in less runtime
memory consumption due to efficient use of vfork() and less copy-on-write
operations in the forked child.
Rework by Felix: create a thread that relays data to the gzip process
instead of using a fragile poll loop
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The external script used to generate the package lists for the
LEDE wiki's table of packages [1] and package indexes [2] requires
a "Source:" field in the package lists to find package makefiles.
The package makefiles are used to read the package's Category and Submenu.
The "Source:" field was removed in commit
b4aa3c899c
to reduce package list sizes and lessen opkg issues in low ram devices.
Add a separate package list file with full data to be used by the wiki's script.
It's called Packages.manifest and isn't compressed as it's not necessary.
1. https://lede-project.org/packages/start
2. https://lede-project.org/packages/index/start
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Opkg's builtin decompression code is unsuitable to process nested archives as
it uses a single shared state and relies on undefined seek behaviour for pipes.
Rework the extraction logic to use the external gzip command as I/O filter for
decompressing data and remove the builtin inflate code entirely.
This shrinks the final opkg binary by about 4KB and results in less runtime
memory consumption due to efficient use of vfork() and less copy-on-write
operations in the forked child.
Rework by Felix: create a thread that relays data to the gzip process
instead of using a fragile poll loop
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
64a655d proto: allow configuring deprecated static IPv6 addresses
c99182e remove obsolete /opt/local prefix on Mac OS X
0249d5f system-linux: Don't set gre tunnel ttl by default to 64 (#FS312)
edc15ca ubus: Display the IPv6 prefix assigned address
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
We do not have the needed platform support for VOICE_CPE_VMMC_PMC. The
vmmc driver will not compile with this option activated.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add patches provided upstream [1] by Fabio Berton to fix error:
> ./gencode.c: In function 'pcap_compile':
> ./gencode.c:693:8: error: 'compiler_state_t {aka struct _compiler_state}' has no member named 'ai'
> cstate.ai = NULL;
> ^
> ./gencode.c: In function 'gen_gateway':
> ./gencode.c:4914:13: error: 'cstate' undeclared (first use in this function)
> bpf_error(cstate, "direction applied to 'gateway'");
> ^
[1] https://github.com/the-tcpdump-group/libpcap/pull/541
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Tested-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
add possibility to set the facility to which dnsmasq will send syslog entries, i.e. set it to '/dev/null' to mute dnsmasq output at all.
Signed-off-by: Dirk Brenken dev@brenken.org
Before the rewrite, uhttpd-mod-tls used to contain a tls plugin.
Afterwards it was left in for compatibility reasons, but given how much
has changed, and that we're about to change the default SSL
implementation again, it's better to just drop this now
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit 0d4f02dfd6, which was
obviously untested. git downloads cannot handle multiple URLs at the
moment.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
- Source updated to fix noise level, DTS
- Added support for BB and RF
Tested working on WRT1900ACv1 (mamba) kernel 4.4.38. No regressions found.
Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix mirror hash]
A new firmware that is available on code-aurora repository is newer
than in Kvalo's repo.
Taking into account that firmwares that are in Kvalo's repo are considered
to be tested by internal QCA team, this one seems to be more stable
and fixes this bug:
ath10k_pci 0000:01:00.0: received unexpected tx_fetch_ind event: in
push mode
At least i havent faced it for a while in contradiction to current version.
Thus switching firmware source for qca9984 until it or a newer version
gets into Kvalo's repo.
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
Sometimes I'm getting error on the host-side build:
```
/usr/lib64/gcc/x86_64-suse-linux/4.8/../../../../x86_64-suse-linux/bin/ld: /home/sandu/work/lede/staging_dir/host/lib/liblzma.a(liblzma_la-common.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
/home/sandu/work/lede/staging_dir/host/lib/liblzma.a: error adding symbols: Bad value
collect2: error: ld returned 1 exit status
Makefile:2847: recipe for target 'libgettextlib.la' failed
make[9]: *** [libgettextlib.la] Error 1
make[9]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl-1.1.15/host/gettext-0.19.8.1/gettext-tools/gnulib-lib'
Makefile:2597: recipe for target 'all' failed
```
Disabling the shared-lib build, seems to fix this.
This is when building glib2 on the host-side.
glib2 is required by newer QEMU package [which is in the feeds].
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This adds a patch that introduces airtime fairness scheduling to ath9k,
which can significantly improve network efficiency in mixed-rate
environments.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
OpenVPN 2.4 builds with mbedTLS 2.x, rename openvpn-polarssl
variant to openvpn-mbedtls.
Some feature highlights:
* Data channel cipher negotiation
* AEAD cipher support for data channel encryption (currently only
* AES-GCM)
* ECDH key exchange for control channel
* LZ4 compression support
See https://github.com/OpenVPN/openvpn/blob/master/Changes.rst
for additional change notes.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Build seems to fail with:
```
Collected errors:
* satisfy_dependencies_for: Cannot satisfy the following dependencies for X:
* grev4 *
* opkg_install_cmd: Cannot install package X
```
After adding an empty install rule, the failure goes away.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
uqmi has the possibility to allow the modem to start a regsitration
process only to this specified plmn
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Let dnsmasq reread the leasefile by using procd_send_signal
which triggers procd to send SIGHUP kill signal by default
if signal is not specified
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>