mbedtls uses some instructions introduced in ARMv6 which are not
available in older architectures.
Fixes: 3f7dd06fd8 ("mbedtls: Update to 2.14.1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update mbedtls to 2.14.1
This fixes:
* CVE-2018-19608: Local timing attack on RSA decryption
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[Update to 2.14.1]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fixes these warnings:
swlib.c:455:18: warning: implicit declaration of function 'isspace'
swlib.c:461:9: warning: implicit declaration of function 'isdigit'
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Added two upstream mailing list patches that fix behavior under big endian
systems. Issue was present since version 1.11.0.
Tested on Turris Omnia.
Original discussion: https://github.com/openwrt/openwrt/pull/1575
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Use a forked version of the rtl8812au driver that works better
with OpenWRT (fix compile bugs, fix phy MAC address, etc)
Signed-off-by: Ben Greear <greearb@candelatech.com>
[update to 2018-11-16, replace rtw_byteorder.h, rename folder]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This updates the ath10k-ct driver to the version from 2018-12-11 and
selects the ath10k-ct version based on kernel 4.19 by default.
CONFIG_ATH10K_CE was introduced between kernel 4.16 and 4.19 and is a
mandatory option.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In mainline kernel commit 02c7b25e5f5 ("netfilter: nf_tables: build-in
filter chain type") all chain filters were merged into one file and into
one kernel module to save some memory. The code protected by these
configuration options CONFIG_NF_TABLES_BRIDGE, CONFIG_NF_TABLES_IPV4,
CONFIG_NF_TABLES_ARP, CONFIG_NF_TABLES_IPV6, CONFIG_NF_TABLES_NETDEV and
CONFIG_NF_TABLES_INET was merged into the nft_chain_filter.c file which
is now always compiled into the nf_tables.ko file.
This only happened in kernel 4.19 and OpenWrt has to select these as
modules in older kennel versions. Mark them as build-in in the kernel
4.19 specific kernel configuration file which will then not be
overwritten by the package specific settings which try to make them
modular again.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
CONFIG_HW_RANDOM_TPM does not activate a separate kernel module any
more, but it only activates the random code in the tpm.ko.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The video-videobuf2 kernel modules were moved to a new folder in kernel
4.19. videobuf2-v4l2.ko is only available since kernel 4.4, blacklist
this kmod completely on kernel 3.18.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The x86 optimized cryptographic algorithm kernel modules now mostly use
crypto_simd.ko instead of lrw.ko in kernel 4.19. Add the new module to
the kmod-crypto-misc package.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The asn1_decoder.ko module is needed by the kmod-nf-nathelper-extra
package in kernel 4.19, extract it and add the missing dependencies.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Kernel interface changed with kernel 4.19, it does not accept raw GPIO
numbers any more. Deactivate these drivers on kernel 4.19 for now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The r8169 driver uses the phy lib with the realtek phy driver in kernel
4.19 instead of integrating the phy driver into the mac driver.
Add the new phy driver and add this missing dependency.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ledtrig-netdev was added to upstream Linux kernel 4.16, replace our
own version with the patch based on the upstream version.
This will remove the ledtrig-netdev support from kernel 3.18, because I
not want to spend time on backporting it to 3.18. This will make it
easier to use the upstream version with kernel 4.19, by just not
applying this patch.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
63843750 Update manual pages
27801e98 Bump up version number to 1.35.1
60e020a8 nghttpx: Fix broken trailing slash handling
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The above options were incorrectly changed to required tags. Make them
optional again.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Backport upstream patch fixing incorrect passing of -lxtables to
LDFLAGS instead of LDLIBS in the tc/Makefile
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This updates the backports package used in mac80211 to version 4.19.7-1
which is based on kernel 4.19.7. This integrates all the stable fixes
introduces in this kernel version.
The deleted patches are not needed any more because they are either
included in the upstream Linux kernel 4.19.7 or in backports 4.19.7-1.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In hack/904-debloat_dma_buf.patch, DMA_SHARED_BUFFER is changed from
bool to tristate. As this patch is not applied to external kernel
sources, build fails if kmod-dma-buf is enabled. Fix this by only
including the module file if CONFIG_EXTERNAL_KERNEL_TREE and
CONFIG_KERNEL_GIT_CLONE_URI are not enabled.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
3aa81d0 file: access exec timeout via daemon ops structure
7235f34 plugin: store pointer to exec timeout value in the ops structure
ccd7c0a treewide: rename exec_timeout to rpc_exec_timeout
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
During upstream removal of conditional ipv6 support an order swap error
was made in a ternary operator usage.
This patch sent upstream.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The argument to print_0xhex is converted to unsigned long long
so the format string give for normal printout has to be some
variant of %llx. Backport the patch as otherwise, bogus values
will be printed on 32 bit platforms.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This partitialy reverts commit ccab68f2d3.
Registering the GPIO chip without a parent device completely breaks the
ath9k GPIOs for device tree targets.
As long as boards using the devicetree don't have the gpio-controller
property set for the ath9k node, the unloading of the driver works as
expected.
Register the GPIO chip with the ath9k device as parent only for OF
targets to find a trade-off between the needs of driver developers and
the broken LEDs and buttons seen by users.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Beside one exception, no one took care of these two remaining boards
still using the legacy image build code during the last two years.
Since OpenWrt 14.07 the ALLNET ALL0239-3G image building is broken.
The Sitecom WL-341 v3 image build code looks pretty hackish and broken.
It's questionable if the legacy image works as all.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Support other packages using pkg-config to query existence and details of
libelf and libdw libraries at build time.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
similar to hostapd, also add a ubus interface for wpa_supplicant
which will allow handling WPS push-button just as it works for hostapd.
In order to have wpa_supplicant running without any network
configuration (so you can use it to retrieve credentials via WPS),
configure wifi-iface in /etc/config/wireless:
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'wwan'
option mode 'sta'
option encryption 'wps'
This section will automatically be edited if credentials have
successfully been acquired via WPS.
Size difference (mips_24kc): roughly +4kb for the 'full' variants of
wpa_supplicant and wpad which do support WPS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This patch updates the uboot-fritz4040 package to the latest version.
The portability and private-libgcc patches, as well as the
upload-to-f4040.sh script have been added to the upstream repository.
Furthermore, the upload-to-f4040 has been updated to take the first
parameter as the file it is supposed to flash, otherwise it defaults
to the previous "uboot-fritz4040.bin". Furthermore the error messages
have been improved and ftp will now dump some "progress information"
to the user's console.
Also included is support for gcc 8+ and a fix for the obnoxous error
that currently breaks the builders:
| fritz/src/lzma2eva.c:23:30: fatal error: zlib.h: No such file or directory
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Backport upstream commits. Most interesting 122392e which changes how
SERVFAIL is handled especially in event of genuine server down/failure
scenarios with multiple servers. a799ca0 also interesting in that
answered received via TCP are now cached, DNSSEC typically using TCP
meant until now answers weren't cached, hence reducing performance.
59e4703 Free config file values on parsing errors.
48d12f1 Remove the NO_FORK compile-time option, and support for uclinux.
122392e Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e
3a5a84c Fix Makefile lines generating UBUS linker config.
24b8760 Do not rely on dead code elimination, use array instead. Make options bits derived from size and count. Use size of option bits and last supported bit in computation. No new change would be required when new options are added. Just change OPT_LAST constant.
6f7812d Fix spurious AD flags in some DNS replies from local config.
cbb5b17 Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab
cf59843 Don't forward *.bind/*.server queries upstream
ee87504 Remove ability to compile without IPv6 support.
a220545 Ensure that AD bit is reset on answers from --address=/<domain>/<address>.
a799ca0 Impove cache behaviour for TCP connections.
Along with an additional patch to fix compilation without DHCPv6, sent
upstream.
I've been running this for aaaages without obvious issue hence brave
step of opening to wider openwrt community.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This reverts commit a6a8fe0be5.
buildbot found an error
option.c: In function 'dhcp_context_free':
option.c:1042:15: error: 'struct dhcp_context' has no member named 'template_interface'
free(ctx->template_interface);
revert for the moment
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Backport upstream commits. Most interesting 122392e which changes how
SERVFAIL is handled especially in event of genuine server down/failure
scenarios with multiple servers. a799ca0 also interesting in that
answered received via TCP are now cached, DNSSEC typically using TCP
meant until now answers weren't cached, hence reducing performance.
59e4703 Free config file values on parsing errors.
48d12f1 Remove the NO_FORK compile-time option, and support for uclinux.
122392e Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e
3a5a84c Fix Makefile lines generating UBUS linker config.
24b8760 Do not rely on dead code elimination, use array instead. Make options bits derived from size and count. Use size of option bits and last supported bit in computation. No new change would be required when new options are added. Just change OPT_LAST constant.
6f7812d Fix spurious AD flags in some DNS replies from local config.
cbb5b17 Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab
cf59843 Don't forward *.bind/*.server queries upstream
ee87504 Remove ability to compile without IPv6 support.
a220545 Ensure that AD bit is reset on answers from --address=/<domain>/<address>.
a799ca0 Impove cache behaviour for TCP connections.
I've been running this for aaaages without obvious issue hence brave
step of opening to wider openwrt community.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Openwrt no longer uses and has not used since 5acfe55d71 Jun 2016 the
timestamp file (/etc/dnsmasq.time) method of resolving the dnssec/ntp
dnslookup chicken/egg problem, having used signals from ntp since that
change.
Drop the 'dnssec-improve-timestamp-heuristic' patch since it is neither
used nor sent upstream. One less thing to refresh & maintain.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Hauke Mehrtens
Roman Bazalevsky
Daniel Engberg
Brett Mastbergen
Deng Qingfang
Rosen Penev
Ben Greear
Eneas U de Queiroz
Michael Yartys
Hans Dedecker
Kevin Darbyshire-Bryant
Stijn Tintel
Martin Schiller
Jo-Philipp Wich
Mathias Kresin
Tony Ambardar
Daniel Golle
Christian Lamparter
Nikos Mavrogiannopoulos