This adds patches to avoid possible application breakage caused by a
change in behavior introduced in 1.1.1e. It affects at least nginx,
which logs error messages such as:
nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error:
4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while
keepalive, client: xxxx, server: [::]:443
Openssl commits db943f4 (Detect EOF while reading in libssl), and
22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the
behavior when encountering an EOF in SSL_read(). Previous behavior was
to return SSL_ERROR_SYSCALL, but errno would still be 0. The commits
being reverted changed it to SSL_ERRO_SSL, and add an error to the
stack, which is correct. Unfortunately this affects a number of
applications that counted on the old behavior, including nginx.
The reversion was discussed in openssl/openssl#11378, and implemented as
PR openssl/openssl#11400.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Current boot script uses hardcoded bootdevice, which allows booting from
SD card only, so this patch allows booting directly from eMMC as well.
While at it, replace fixed root device with more flexible UUID based
probing, so from now on probing order of MMC device doesn't matter.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Adding U-Boot image for Olimex A64-Olinuxino eMMC, including patch which
adds eMMC boot partition configuration commands.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Rename the board as done in upstream commit 268ae6548779 ("sunxi: Rename
Sinovoip BPI M2 Plus to Bananapi M2 Plus H3") which backs the rename
with the following reasoning:
The brand Sinovoip is used for Sinovoip's original VOIP products, while
the Bananapi brand is for the single board computers they produce. This
has been verified by Bananapi. Rename the board from "Sinovoip BPI M2
Plus" to "Bananapi M2 Plus". For the defconfig file, all lowercase is
used.
To support the H5 variant of this board, the "H3" suffix is added to
the defconfig name.
This has to be done in order to allow building U-Boot past v2019.04
release where this change was introduced.
Ref: https://github.com/openwrt/openwrt/pull/2849#discussion_r396401489
Suggested-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
U-boot also have defconfig for this board. In 2019.01 branch they are identical.
Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
the code would unconditionally tear down all interfaces upon a reconf.
This should only be done when the reconf call fails.
Signed-off-by: John Crispin <john@phrozen.org>
Release notes for 017:
Wave-1:
* March 19, 2020: Fix problem where power-save was not enabled when going off-channel to scan.
The problem was a boolean logic inversion in the chmgr code, a regression I introduced
a long time ago.
* March 19, 2020: When scanning only on current working channel, do not bother with disable/enable
powersave. This should make an on-channel scan less obtrusive than it was previously.
* March 23, 2020: Fix channel-mgr use-after-free problem that caused crashes in some cases. The crash
was exacerbated by recent power-save changes.
* March 23, 2020: Fix station-mode power-save related crash: backported the fix from 10.2 QCA firmware.
* March 23, 2020: Attempt to better clean up power-save objects and state, especially in station mode.
Release notes for 016:
Wave-1 changes, some debugging code for a crash someone reported, plus:
* February 28, 2020: Fix custom-tx path when sending in 0x0 for rate-code. Have tries == 0 mean
one try but NO-ACK (similar to how wave-2 does it).
wave-2:
* Fixed some long-ago regressions related to powersave and/or multicast. Maybe fix some
additional multicast and/or tx-scheduling bugs.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
Fix the test for an enabled sysntp initscript in dnsmasq.init, and get
rid of "test -o" while at it.
Issue reproduced on openwrt-19.07 with the help of pool.ntp.br and an
RTC-less ath79 router. dnssec-no-timecheck would be clearly missing
from /var/etc/dnsmasq.conf.* while the router was still a few days in
the past due to non-working DNSSEC + DNS-based NTP server config.
The fix was tested with the router in the "DNSSEC broken state": it
properly started dnsmasq in dnssec-no-timecheck mode, and eventually ntp
was able to resolve the server name to an IP address, and set the system
time. DNSSEC was then enabled by SIGINT through the ntp hotplug hook,
as expected.
A missing system.ntp.enabled UCI node is required for the bug to show
up. The reasons for why it would be missing in the first place were not
investigated.
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Refer to shellcheck SC2166. There are just too many caveats that are
shell-dependent on test -a and test -o to use them.
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
5e1bc34 ustream-openssl: clear error stack before SSL_read/SSL_write
f7f93ad add support for specifying usable ciphers
Also bump the ABI version since the layout of `struct ustream_ssl_ops`
changed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add option 'scriptarp' to uci dnsmasq config to enable --script-arp functions.
The default setting is false, meaning any scripts in `/etc/hotplug.d/neigh` intended
to be triggered by `/usr/lib/dnsmasq/dhcp-script.sh` will fail to execute.
Also enable --script-arp if has_handlers returns true.
Signed-off-by: Jordan Sokolic <oofnik@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
9f5a7c4 iwinfo: add missing HT modename for HT-None
06a03c9 Revert "iwinfo: add BSS load element to scan result"
9a4bae8 iwinfo: add device id for Qualcomm Atheros QCA9990
eba5a20 iwinfo: add device id for BCM43602
a6914dc iwinfo: add BSS load element to scan result
bb21698 iwinfo: add device id for Atheros AR9287
7483398 iwinfo: add device id for MediaTek MT7615E
Signed-off-by: David Bauer <mail@david-bauer.net>
This patch backports the hwmon drivetemp sensor module from vanilla
linux 5.5 to be available on OpenWrt's 5.4 kernel.
Extract from The upstream commit by Guenter Roeck <linux@roeck-us.net>:
hwmon: Driver for disk and solid state drives with temperature sensors
"Reading the temperature of ATA drives has been supported for years
by userspace tools such as smarttools or hddtemp. The downside of
such tools is that they need to run with super-user privilege, that
the temperatures are not reported by standard tools such as 'sensors'
or 'libsensors', and that drive temperatures are not available for use
in the kernel's thermal subsystem.
This driver solves this problem by adding support for reading the
temperature of ATA drives from the kernel using the hwmon API and
by adding a temperature zone for each drive.
With this driver, the hard disk temperature can be read [...]
using sysfs:
$ grep . /sys/class/hwmon/hwmon9/{name,temp1_input}
/sys/class/hwmon/hwmon9/name:drivetemp
/sys/class/hwmon/hwmon9/temp1_input:23000
If the drive supports SCT transport and reports temperature limits,
those are reported as well.
drivetemp-scsi-0-0
Adapter: SCSI adapter
temp1: +27.0<C2><B0>C (low = +0.0<C2><B0>C, high = +60.0<C2><B0>C)
(crit low = -41.0<C2><B0>C, crit = +85.0<C2><B0>C)
(lowest = +23.0<C2><B0>C, highest = +34.0<C2><B0>C)
The driver attempts to use SCT Command Transport to read the drive
temperature. If the SCT Command Transport feature set is not available,
or if it does not report the drive temperature, drive temperatures may
be readable through SMART attributes. Since SMART attributes are not well
defined, this method is only used as fallback mechanism."
This patch incorperates a patch made by Linus Walleij:
820-libata-Assign-OF-node-to-the-SCSI-device.patch
This patch is necessary in order to wire-up the drivetemp
sensor into the device tree's thermal-zones.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This version includes bug and security fixes, including medium-severity
CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This adds commented configuration help for the alternate, afalg-sync
engine to /etc/ssl/openssl.cnf.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Let the grub2 package take care of creating installable grub2 images,
this will allow creating grub2 images without first calling x86 image
generation recipe. Also as side effect, since those images are now
shared, it'll reduce the number of calling grub-mkimage.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebase, adjusted commit title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
WireGuard had a brief professional security audit. The auditors didn't find
any vulnerabilities, but they did suggest one defense-in-depth suggestion to
protect against potential API misuse down the road, mentioned below. This
compat snapshot corresponds with the patches I just pushed to Dave for
5.6-rc7.
* curve25519-x86_64: avoid use of r12
This buys us 100 extra cycles, which isn't much, but it winds up being even
faster on PaX kernels, which use r12 as a RAP register.
* wireguard: queueing: account for skb->protocol==0
This is the defense-in-depth change. We deal with skb->protocol==0 just fine,
but the advice to deal explicitly with it seems like a good idea.
* receive: remove dead code from default packet type case
A default case of a particular switch statement should never be hit, so
instead of printing a pretty debug message there, we full-on WARN(), so that
we get bug reports.
* noise: error out precomputed DH during handshake rather than config
All peer keys will now be addable, even if they're low order. However, no
handshake messages will be produced successfully. This is a more consistent
behavior with other low order keys, where the handshake just won't complete if
they're being used anywhere.
* send: use normaler alignment formula from upstream
We're trying to keep a minimal delta with upstream for the compat backport.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netlink: initialize mostly unused field
* curve25519: squelch warnings on clang
Code quality improvements.
* man: fix grammar in wg(8) and wg-quick(8)
* man: backlink wg-quick(8) in wg(8)
* man: add a warning to the SaveConfig description
Man page improvements. We hope to rewrite our man pages in mdocml at some
point soon.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This external switch driver should be loaded on boot for network support
in failsafe mode.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[alter commit message]
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
For virtual access points (when multiple SSIDs are used for one
physical AP), there exist one physical network interface and
multiple virtual interfaces, which are fully under control of
hostapd. When networking is setup, the script
`/lib/netifd/wireless/mac80211.sh` is called, which tries to bring
the interface up by a call to `ip link set dev <iface> up`. This
call might fail for virtual APs, because the virtual interface
might not have been created by hostapd yet. There are some artifical
delays in the script most probably to handle this, but when DFS
channel availability check on 5GHz band is issued, hostapd can
delay creating virtual interfaces by a minute.
In order to fix this (or work around it), do not try to bring the
interface up (this is responsibility of hostapd anyway) and
do not try to set txpower on the virtual interface.
Fixes FS#2698.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
1. KERNEL_CRASH_DUMP should depends on KERNEL_PROC_KCORE (kexec use it)
2. select crashkernel mem size by totalmem
mem <= 256M disable crashkernel by default
mem >= 4G use 256M for crashkernel
mem >= 8G use 512M for crashkernel
default use 128M
3. set BOOT_IMAGE in kdump.init
4. resolve a "Unhandled rela relocation: R_X86_64_PLT32" error
Tested on x86_64
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
When introducing ubus reload support, ubus initialization was moved
to the service level instead of being carried out when adding a BSS
configuration. While this works when using wpa_supplicant in that way,
it breaks the ability to run wpa_supplicant on the command line, eg.
for debugging purposes.
Fix that by re-introducing ubus context intialization when adding
configuration.
Reported-by: @PolynomialDivision https://github.com/openwrt/openwrt/pull/2417
Fixes: 60fb4c92b6 ("hostapd: add ubus reload")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Compiling the ltq-tapi driver against Linux 5.4 results in a compile
error complaining that the size of struct sched_param is not known.
Switch the existing "sched/types.h" include to reference
include/uapi/linux/sched/types.h to fix compilation against Linux 5.4.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Upstream commit 84ede58dfcd1d ("crypto: hash - remove
CRYPTO_ALG_TYPE_DIGEST") drops the CRYPTO_ALG_TYPE_DIGEST define because
it has the same value as CRYPTO_ALG_TYPE_HASH. This was the case for
earlier kernels as well. Switch to CRYPTO_ALG_TYPE_HASH to fix building
against Linux 5.4.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Upstream commit e4b92b108c6cd6 ("timekeeping: remove obsolete time
accessors") removed do_gettimeofday(). In Linux 4.19 this was only a
wrapper around ktime_get_real_ts64(). Use ktime_get_real_ts64() now that
the wrapper is gone to fix compilation against Linux 5.4.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Upstream commit e4b92b108c6cd6 ("timekeeping: remove obsolete time
accessors") removed do_gettimeofday(). In Linux 4.19 this was only a
wrapper around ktime_get_real_ts64(). Use ktime_get_real_ts64() now that
the wrapper is gone to fix compilation against Linux 5.4.
Move the ifxmips_mei_interface header to the include directory, it can't
be found otherwise during compilation. The reason for the changed
behaviour is not yet clear, however having header files in an include
directory is more straight forward.
To use the of_device_id struct, the mod_devicetable header need to be
included. Instead of including this header, include the of_platform
header, which includes the mod_devicetable on its own.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Nick Bowler
Eneas U de Queiroz
Petr Štetiar
Aleksander Jan Bajkowski
John Crispin
Rafał Miłecki
Álvaro Fernández Rojas
Hans Dedecker
Henrique de Moraes Holschuh
Jo-Philipp Wich
Kevin Darbyshire-Bryant
Jordan Sokolic
David Bauer
Christian Lamparter
Paul Spooren
Jason A. Donenfeld
Luiz Angelo Daros de Luca
Oldřich Jedlička
Chen Minqiang
Jan Kardell
Jeffery To
Daniel Golle
Leon M. George
Martin Blumenstingl
Mathias Kresin