Upstream commit: 46d7ced9d1
The mtd tool is built with different configurations depending on the
target. For example, brcm47xx adds the fixtrx subcommand, without which
an image fails when booting the second time.
Mark the mtd package as nonshared to really fix FS#484.
Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
Upstream commit: 52ba5760b7
527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode.
39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL.
45ac930 remove polarssl support
Signed-off-by: John Crispin <john@phrozen.org>
Upstream commit: f2c8f6dc32
This make sit possible to store informations about a session and reuse
it later. When used by a server it increases the time to create a new
TLS session from about 1 second to less than 0.1 seconds.
The size of the ipkg file increased by about 800 Bytes.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This devices always looses the settings after power loss, nothing is
been saved.
Deactivate building this image till this problem is fixed.
See FS#672
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Newer Linksys boards might come with a Winbond W29N02GV which can be
configured in different ways. Make sure we configure it the same way as
the older chips so everything keeps working.
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
Switch ports 0..3 are connected to external ports LAN{1..4} in sequence,
switch port 4 is not used, and switch port 5 is connected to the CPU.
The WAN port is attached to the CPU's second network interface; it has no
connection to the internal switch.
Reuse the "Dell TrueMobile 2300" entry, which describes the same mapping.
Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
This moves core router packages to the NAND target, to ensure they are
applied to all images. This change is being done due to an issue found
when flashing the MX60W image, which came without these when built as a
multi image.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
(cherry picked from commit d1c3a9485a)
* chacha20poly1305: add mips32 implementation
"The OpenWRT Commit" - this significantly speeds up performance on cheap
plastic MIPS routers, and presumably the remaining MIPS32r2 super computers
out there.
* timers: reinitialize state on init
* timers: round up instead of down in slack_time
* timers: remove slack_time
* timers: clear send_keepalive timer on sending handshake response
* timers: no need to clear keepalive in persistent keepalive
Andrew He and I have helped simplify the timers and remove some old warts,
making the whole system a bit easier to analyze.
* tools: fix errno propagation and messages
Error messages are now more coherent.
* device: remove allowedips before individual peers
This avoids an O(n^2) traversal in favor of an O(n) one. Before systems with
many peers would grind when deleting the interface.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Drop package/network/services/wireguard/patches/100-portability.patch
Instead pass 'PLATFORM=linux' to make since we are always building FOR
linux.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This makes it easier to distribute prefixes over a wireguard tunnel
interface, by simply setting the ip6prefix option in uci (just like with
other protocols).
Obviously, routing etc needs to be setup properly for things to work; this
just adds the config option so the prefix can be assigned to other
interfaces.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
6b4a340 version: bump snapshot
faa2103 compat: don't clear header bits on RHEL
4014532 compat: handle RHEL 7.5's recent backports
66589bc queueing: preserve pfmemalloc header bit
37f114a chacha20poly1305: make gcc 8.1 happy
926caae socket: use skb_put_data
724d979 wg-quick: preliminary support for go implementation
c454c26 allowedips: simplify arithmetic
71d44be allowedips: produce better assembly with unsigned arithmetic
5e3532e allowedips: use native endian on lookup
856f105 allowedips: add selftest for allowedips_walk_by_peer
41df6d2 embeddable-wg-library: zero attribute padding
9a1bea6 keygen-html: add zip file example
f182b1a qemu: retry on 404 in wget for kernel.org race
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
7cc2668 version: bump snapshot
860c7c7 poly1305: do not place constants in different sections
5f1e4ca compat: remove unused dev_recursion_level backport
7e4b991 blake2s: remove unused helper
13225fc send: simplify skb_padding with nice macro
a1525bf send: account for route-based MTU
bbb2fde wg-quick: account for specified fwmark in auto routing mode
c452105 qemu: bump default version
dbe5223 version: bump snapshot
1d3ef31 chacha20poly1305: put magic constant behind macro
cdc164c chacha20poly1305: add self tests from wycheproof
1060e54 curve25519: add self tests from wycheproof
0e1e127 wg-quick.8: fix typo
2b06b8e curve25519: precomp const correctness
8102664 curve25519: memzero in batches
1f54c43 curve25519: use cmov instead of xor for cswap
fa5326f curve25519: use precomp implementation instead of sandy2x
9b19328 compat: support OpenSUSE 15
3102d28 compat: silence warning on frankenkernels
8f64c61 compat: stable kernels are now receiving b87b619
62127f9 wg-quick: hide errors on save
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
7c0d711 version: bump snapshot
b6a5cc0 contrib: add extract-handshakes kprobe example
37dc953 wg-quick: if resolvconf/run/iface exists, use it
1f9be19 wg-quick: if resolvconf/interface-order exists, use it
4d2d395 noise: align static_identity keys
14395d2 compat: use correct -include path
38c6d8f noise: fix function prototype
302d0c0 global: in gnu code, use un-underscored asm
ff4e06b messages: MESSAGE_TOTAL is unused
ea81962 crypto: read only after init
e35f409 Kconfig: require DST_CACHE explicitly
9d5baf7 Revert "contrib: keygen-html: rewrite in pure javascript"
6e09a46 contrib: keygen-html: rewrite in pure javascript
e0af0f4 compat: workaround netlink refcount bug
ec65415 contrib: embedded-wg-library: add key generation functions
06099b8 allowedips: fix comment style
ce04251 contrib: embedded-wg-library: add ability to add and del interfaces
7403191 queueing: skb_reset: mark as xnet
Changes:
* queueing: skb_reset: mark as xnet
This allows cgroups to classify packets.
* contrib: embedded-wg-library: add ability to add and del interfaces
* contrib: embedded-wg-library: add key generation functions
The embeddable library gains a few extra tricks, for people implementing
plugins for various network managers.
* crypto: read only after init
* allowedips: fix comment style
* messages: MESSAGE_TOTAL is unused
* global: in gnu code, use un-underscored asm
* noise: fix function prototype
Small cleanups.
* compat: workaround netlink refcount bug
An upstream refcounting bug meant that in certain situations it became
impossible to unload the module. So, we work around it in the compat code. The
problem has been fixed in 4.16.
* contrib: keygen-html: rewrite in pure javascript
* Revert "contrib: keygen-html: rewrite in pure javascript"
We nearly moved away from emscripten'ing the fiat32 code, but the resultant
floating point javascript was just too terrifying.
* Kconfig: require DST_CACHE explicitly
Required for certain frankenkernels.
* compat: use correct -include path
Fixes certain out-of-tree build systems.
* noise: align static_identity keys
Gives us better alignment of private keys.
* wg-quick: if resolvconf/interface-order exists, use it
* wg-quick: if resolvconf/run/iface exists, use it
Better compatibility with Debian's resolvconf.
* contrib: add extract-handshakes kprobe example
Small utility for extracting ephemeral key data from the kernel's memory.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (git log --oneline description)
All these changes are important enough to have them in the 17.01.
8206219 uci: fix memory leak in rpc_uci_replace_savedir()
10f7878 exec: close stdout and stderr streams on child signal
92d0d75 uci: use correct sort index when reordering sections
66a9bad uci: fix memory leak in rpc_uci_apply_timeout()
2423162 uci: switch to proper save directory on apply/rollback
edd37f8 uci: add rpc_uci_replace_savedir() helper
eb09f3a session: ignore non-string username attribute upon restore
3d400c7 session: support reclaiming pending apply session
f0f6f81 session: remove redundant key attribute to rpc_session_set()
6994c87 uci: fix session delta isolation
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Fix ART offset (make it universal for 8/16 MB versions of the board) and
while at it, include also GPIO setup for h/w watchdog (EM6324QYSP5B).
Fixes: FS#1532
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Fixes "unregister_netdevice: waiting for lo to become free. Usage count = 1"
messages which started appearing since the update to 4.4.103. That
problem was exposed by upstream commit 76da0704507bb ("ipv6: only call
ip6_route_dev_notify() once for NETDEV_UNREGISTER") backported to 4.4.x
branch in 2417da3f4d6bc.
Fixes: 2b664499cd ("kernel: bump 4.4 to 4.4.103 for 17.01")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 58f7b5b96c)
Some Ubiquiti U-boot versions, in particular the "U-Boot 1.1.4.2-s956
(Jun 10 2015 - 10:54:50)" found with AirOS 5.6, do not correctly flush the
caches for the whole kernel address range after decompressing the kernel
image, leading to hard to debug boot failures, depending on kernel version
and configuration.
As a workaround, prepend the relocate-kernels loader, which will invalidate
the caches after moving the kernel to the correct load address.
Reported-by: Andreas Ziegler <dev@andreas-ziegler.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Package postinst will pass even names of builtin modules to insert_modules,
leading to postinst failing with error 255. This has been fixed in master
in r5279, but for lede-17.01 this minimal change is preferable.
Fixes FS#645, FS#893.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
6609e98 libfstools: add "const" to char pointer arguments in mount_move()
95c07d5 libfstools: fix foreachdir() to pass dir with a trailing slash
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the
libmbedcrypto.so library, use the old version again to be able to use
the new library with binaries compiled against the old mbedtls library.
Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.
Go back to libmbedcrypto.so.0 and make the system rebuild the binaries
which were rebuild for 2.7.0 again.
This should make the libmbedcrypto.so library be compatible with the old
version shipped with 17.01.
Fixes: 3ca1438ae0 ("mbedtls: update to version 2.7.2")
Fixes: f609913b5c ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is important fix for flash parsing in some corner cases. In case
of TRX subpartition with rootfs being aligned to the flash block size it
was incorrectly registered twice. Detecting & registering it as a
standalone partition was resulting in an incorrect "firmware" partition
size and possibly broken sysupgrade.
It wasn't noticed before because "rootfs" alignment depends on a kernel
size. It can happen though - depending on the configuration and the
kernel size.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f5195e72c0)
Previously, tplink_pharos_check_image() would accept any image with ELF
magic and only non-printable data in the support-list, as in this case the
while-read loop would not run at all. Add the new support-list offset and
ensure an image is only accepted when the model string is actually found.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Switching from kernel 4.4.120 to 4.4.124 introduced a regression in
the genirq code. It was caused by a commit 9d0273bb1c4b6 ("genirq: Use
irqd_get_trigger_type to compare the trigger type for shared IRQs").
On bcm53xx it breaks serial console and results in a flood of:
[ 22.078829] genirq: Flags mismatch irq 18. 00000080 (serial) vs. 00000080 (gpio)
[ 22.086432] genirq: Flags mismatch irq 18. 00000080 (serial) vs. 00000080 (gpio)
[ 22.601150] genirq: Flags mismatch irq 18. 00000080 (serial) vs. 00000080 (gpio)
[ 22.608845] genirq: Flags mismatch irq 18. 00000080 (serial) vs. 00000080 (gpio)
Later in the upstream "linux-4.4.y" branch that commit was reverted and
it was followed by a 4.4.126 release. Until we switch from 4.4.124 to
4.4.126 (or newer), let's backport that reverting commit.
Fixes: bed0ee7cbf ("Kernel: bump 4.4 to 4.4.124 for 17.01")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures
This release is also ABI incompatible with the previous one, but it is
API compatible.
Some functions used by a lot of other software was renamed and the old
function names are provided as a static inline now, but they are only
active when deprecated functions are allowed, deactivate the removal of
deprecated functions for now.
Also increase the PKG_RELEASE version to force a rebuild and update of
packages depending on mbedtls to handle the changed ABI.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The e2fsprogs host build fails on a glibc 2.27 host with
make[6]: Entering directory 'build_dir/host/e2fsprogs-1.43.7/debugfs'
CC create_inode.o
./../misc/create_inode.c:399:18: error: conflicting types for 'copy_file_range'
static errcode_t copy_file_range(ext2_filsys fs, int fd, ext2_file_t e2_file,
^~~~~~~~~~~~~~~
In file included from ./../misc/create_inode.c:19:0:
/usr/include/unistd.h:1110:9: note: previous declaration of 'copy_file_range' was here
ssize_t copy_file_range (int __infd, __off64_t *__pinoff,
^~~~~~~~~~~~~~~
Backport upstream commit "misc: rename copy_file_range to
copy_file_chunk" 01551bdba16ab16512a01affe02ade32c41ede8a in order to
fix this.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
At least on some devices, LEDs don't work anymore since kernel 4.4.120.
Revert the broken change.
See also: https://www.spinics.net/lists/stable/msg223656.html
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The default fragment low/high thresholds are 3 and 4 MB. On devices with
only 32MB RAM, these settings may lead to OOM when many fragments that
cannot be reassembled are received. Decrease fragment low/high thresholds
to 384 and 512 kB on devices with less than 64 MB RAM.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Mirko Parthey
John Crispin
Hauke Mehrtens
Imre Kaloz
Hans Dedecker
Chris Blake
Jason A. Donenfeld
Kevin Darbyshire-Bryant
Toke Høiland-Jørgensen
Etienne Haarsma
Rafał Miłecki
Piotr Dymacz
Felix Fietkau
Kevin Darbyshire-Bryant
Matthias Schiffer
Stijn Segers
Zoltan HERPAI
Paul Wassi
Stefan Lippers-Hollmann