33523a5 version: bump snapshot 0759480 curve25519-hacl64: reduce stack usage under KASAN b9ab0fc chacha20: add bounds checking to selftests 2e99d19 chacha20-mips32r2: reduce stack and branches in loop, refactor jumptable handling d6ac367 qemu: bump musl 28d8b7e crypto: make constant naming scheme consistent 56c4ea9 hchacha20: keep in native endian in words 0c3c0bc chacha20-arm: remove unused preambles 3dcd246 chacha20-arm: updated scalar code from Andy 6b9d5ca poly1305-mips64: remove useless preprocessor error 3ff3990 crypto-arm: rework KERNEL_MODE_NEON handling again dd2f91e crypto: flatten out makefile 67a3cfb curve25519-fiat32: work around m68k compiler stack frame bug 9aa2943 allowedips: work around kasan stack frame bug in selftest 317b318 chacha20-arm: use new scalar implementation b715e3b crypto-arm: rework KERNEL_MODE_NEON handling 77b07d9 global: reduce stack frame size ddc2bd6 chacha20: add chunked selftest and test sliding alignments and hchacha20 2eead02 chacha20-mips32r2: reduce jumptable entry size and stack usage a0ac620 chacha20-mips32r2: use simpler calling convention 09247c0 chacha20-arm: go with Ard's version to optimize for Cortex-A7 a329e0a chacha20-mips32r2: remove reorder directives 3b22533 chacha20-mips32r2: fix typo to allow reorder again d4ac6bb poly1305-mips32r2: remove all reorder directives 197a30c global: put SPDX identifier on its own line 305806d ratelimiter: disable selftest with KASAN 4e06236 crypto: do not waste space on selftest items 5e0fd08 netlink: reverse my christmas trees a61ea8b crypto: explicitly dual license b161aff poly1305: account for simd being toggled off midway 470a0c5 allowedips: change from BUG_ON to WARN_ON aa9e090 chacha20: prefer crypto_xor_cpy to avoid memmove 1b0adf5 poly1305: no need to trick gcc 8.1 a849803 blake2s: simplify final function 073f3d1 poly1305: better module description
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
3a610a0 Finesse allocation of memory for "struct crec" cache entries. 48b090c Fix b6f926fbefcd2471699599e44f32b8d25b87b471 to not SEGV on startup (rarely). 4139298 Change behavior when RD bit unset in queries. 51cc10f Add warning about 0.0.0.0 and :: addresses to man page. ea6cc33 Handle memory allocation failure in make_non_terminals() ad03967 Add debian/tmpfiles.conf f4fd07d Debian bugfix. e3c08a3 Debian packaging fix. (restorecon) 118011f Debian packaging fix. (tmpfiles.d)
Delete our own backports of ea6cc33 & 4139298, so the only real changes
here, since we don't care about the Debian stuff are 48b090c & 3a610a0
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This is an official release with some minor changes compared to the
unofficial 4.19-rc4-1 we used before.
* added bcma and ssb again, which is removed in OpenWrt
* fix to build with kernel 4.19
* other minor fixes not relevant for Openwrt.
Buffalo BHR-4GRV is a wired router, based on Atheros AR7242.
Specification:
- Atheros AR7242
- 64 MB of RAM
- 32 MB of Flash
- 2x 16 MB SPI-NOR flash
- 5x 10/100/1000 Mbps Ethernet
- 3x LEDs, 2x keys
- 1x USB 2.0 Type-A
- UART header on PCB
- JP1: Vcc, GND, TX, RX from reset button side
Flash instruction using factory image:
1. Boot the BHR-4GRV normaly and connect the computer to its LAN port
2. Access to
"http://192.168.11.1/cgi-bin/cgi?req=frm&frm=py-db/firmup.html"
with user "bufpy" and password "otdpopy"
3. Select the OpenWrt factory image and click "OK" button to perform
firmware upgrade
4. Wait ~200 seconds to complete flashing
ath79: fix support for Buffalo WZR-HP-G450H and split to dts/dtsi
There are many parts that are incorrect or missing in the current
code for Buffalo WZR-HP-G450H in ath79, so its support is broken.
I fixed that issues and split to dts/dtsi files to add support for
Buffalo BHR-4GRV.
And WZR-450HP has the same hardware as WZR-HP-G450H, so I change the
device name to "WZR-HP-G450H/WZR-450HP".
Specification:
- Atheros AR7242
- 64 MB of RAM
- 32 MB of Flash
- 2x 16 MB SPI-NOR flash
- 3T3R 2.4 GHz wifi
- SoC internal
- 5x 10/100/1000 Mbps Ethernet
- 6x LEDs, 5x keys
- 1x USB 2.0 Type-A
- UART header on PCB
- JP1: Vcc, GND, TX, RX from reset button side
Flash instruction using factory image:
1. Boot the WZR-HP-G450H (or WZR-450HP) normaly and connect the computer
to its LAN port
2. Access to
"http://192.168.11.1/cgi-bin/cgi?req=frm&frm=py-db/firmup.html"
with user "bufpy" and password "otdpopy"
3. Select the OpenWrt factory image and click "OK" button to perform
firmware update
4. Wait ~200 seconds to complete flashing
The sysupgrade image failed the check due to the wrong string in the
supported devices. This patch provides the correct name by dropping the
SUPPORTED_DEVICES to use the default generated name.
Signed-off-by: Steffen Förster <steffen@chemnitz.freifunk.net>
[drop the SUPPORTED_DEVICES, the old name was never used in a release] Signed-off-by: Mathias Kresin <dev@kresin.me>
When building using the multiple devices option with per-device root
filesystem, only the meta package mt76 is omitted but not the
dependencies selected by the package.
Explicitly exclude all 3 mt76 packages, plus the metapackage.
Otherwise, these modules will be included in the build, wasting
a few hundred kilobytes.
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
[mention the root cause of the issue in the commit message] Signed-off-by: Mathias Kresin <dev@kresin.me>
These patches were added after the new matches structure for the
mac80211 package was created. All the deleted patches are already
integrated in kernel 4.19-rc4.
Tomislav Požega [Mon, 8 Jan 2018 12:43:56 +0000 (13:43 +0100)]
mac80211: rt2x00: add RXIQ calibration
Add RXIQ calibration found in mtk driver. With old openwrt builds this gets us ~8Mbps more of RX bandwidth (test with iPA/eLNA layout).
Please try if this makes any difference among various board/RF layouts.
Tomislav Požega [Wed, 23 Aug 2017 17:10:21 +0000 (19:10 +0200)]
mac80211: rt2x00: write registers required for reducing power consumption
Write registers required for reducing power consumption like the vendor
driver does when ADJUST_POWER_CONSUMPTION_SUPPORT is set.
This helps devices to sync at better TX/RX rates and improves overall
performance.
IPVS (IP Virtual Server) implements transport-layer load balancing inside
the Linux kernel, so called Layer-4 switching. IPVS running on a host acts
as a load balancer at the front of a cluster of real servers, it can direct
requests for TCP/UDP based services to the real servers, and makes services
of the real servers to appear as a virtual service on a single IP address.
This change adds the following kmod packages
- kmod-nf-ipvs
- kmod-nf-ipvs-ftp
- kmod-nf-ipvs-sip
David Yang [Sat, 11 Aug 2018 07:51:02 +0000 (15:51 +0800)]
dante: disable sched_getscheduler() - not implemented in musl
musl doesn't come with an valid implementation of `sched_getscheduler()`;
it simply returns -ENOSYS for it. Without this option (and compile dante
with `sched_getscheduler()` enabled), you will get
error: serverinit(): sched_getscheduler(2): failed to retrieve current
cpuscheduling policy: Function not implemented
and dante won't start at all.
Ref: http://lists.alpinelinux.org/alpine-devel/3932.html
Ref: http://lists.alpinelinux.org/alpine-devel/3936.html Signed-off-by: David Yang <mmyangfl@gmail.com>
[slightly reword commit message] Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tony Ambardar [Sat, 3 Mar 2018 03:32:24 +0000 (19:32 -0800)]
base-files: fix postinstall uci-defaults removal
Commit 7f694582 introduced a bug where default_postinst() often fails to
remove a uci-defaults script after application, leaving it to run again
after a reboot.
(Note: commit 7f694582 also introduced FS#1021, now fixed by 73c745f6)
The subtle problem arises from the shell logical chain:
[ -f "$i" ] && . "$i" && rm -f "$i"
Most uci-defaults scripts contain a terminal 'exit 0' statement which,
when sourced, results in the logic chain exiting before executing 'rm -f'.
This was observed while testing upgrades of 'luci-app-sqm'.
The solution is to wrap the shell sourcing in a subshell relative to the
command 'rm -f':
( [ -f "$i" ] && . "$i" ) && rm -f "$i"
Revert to using 'grep' to prefilter the list of entries from the control
file, which yields the full path of uci-defaults scripts. This allows
keeping the existence check, directory change and script sourcing inside
the subshell, with the script removal correctly outside.
This approach avoids adding a second subshell only around the "." (source)
command. The change also preserves the fix FS#1021, since the full path is
used to source the script, which is POSIX-portable irrespective of PATH
variable or reference to the CWD.
Run Tested on: LEDE 17.01.4 running ar71xx, while tracing installation of
package luci-app-sqm with its associated /etc/uci-defaults/luci-sqm file.
Felix Fietkau [Mon, 24 Sep 2018 09:02:30 +0000 (11:02 +0200)]
build: drop buildbot toolchain rebuild check when not using git
The check cleans and rebuilds the toolchain if it changed on update.
When building from a source tarball, it is reasonable to expect that
there will be no updates, so no rebuild check is necessary
Yangbo Lu [Thu, 6 Sep 2018 05:30:32 +0000 (13:30 +0800)]
layerscape: build ls-dpl package with linux dtc tool
Building ls-dpl package requires the dtc tool. This patch
is to support using linux dtc tool for ls-dpl package.
This avoids compile issue when host system doesn't have
the dtc tool.
Yangbo Lu [Wed, 1 Aug 2018 02:41:11 +0000 (10:41 +0800)]
layerscape: fix get_device_file() function of restool
The restool failed to work with current gcc-7.3.0-musl.
This patch is to add a restool fix-up patch to fix
multiple problems encountered in the get_device_file()
function:
- The deprecated atoi() function is replaced by strtoul
- An invalid memory access was being performed by using
memory from dir->d_name even after closedir(). This is
fixed by a strdup() on the device filename.
- Also, error prints now print any relevant error code.
Yangbo Lu [Wed, 18 Jul 2018 08:56:07 +0000 (16:56 +0800)]
layerscape: add ls1012afrwy support and drop ls1012afrdm
ls1012afrdm was no longer supported in NXP Layerscape SDK.
Instead a new board ls1012afrwy was introduced in LSDK.
This patch is to drop ls1012afrdm and add ls1012afrwy support.
Since only 2MB NOR flash could be used, we just put u-boot
and firmware on NOR flash, and put kernel/dtb/rootfs on SD
card.
The Layerscape FRWY-LS1012A board is an ultra-low-cost
development platform for LS1012A Series Communication
Processors built on Arm Cortex-A53. This tool refines the
FRDM-LS1012A with more features for a better hands-on experience
for IoT, edge computing, and various advanced embedded
applications. Features include easy access to processor I/O,
low-power operation, micro SD card storage, an M2 connector, a
small form factor, and expansion board options via mikroBUS Click
Module. The MicroBUS Module provides easy expansion via hundreds
of powerful modules supporting sensors, actuators, memories,
and displays.
Yangbo Lu [Wed, 18 Jul 2018 06:14:40 +0000 (14:14 +0800)]
layerscape: add SD card boot support
NOR/QSPI Flash on Layerscape board only has limited 64MB memory size.
Since some boards (ls1043ardb/ls1046ardb/ls1088ardb/ls1021atwr)
could support SD card boot, we added SD boot support for them to put
all things on SD card to meet large memory requirement.
Yangbo Lu [Tue, 10 Jul 2018 03:58:59 +0000 (11:58 +0800)]
layerscape: add armv7 subtarget and ls1021atwr board support
The NXP TWR-LS1021A module is a development system based
on the QorIQ LS1021A processor.
- This feature-rich, high-performance processor module can
be used standalone or as part of an assembled Tower System
development platform.
- Incorporating dual Arm Cortex-A7 cores running up to 1 GHz,
the TWR-LS1021A delivers an outstanding level of performance.
- The TWR-LS1021A offers HDMI, SATA3 and USB3 connectors as
well as a complete Linux software developer's package.
- The module provides a comprehensive level of security that
includes support for secure boot, Trust Architecture and
tamper detection in both standby and active power modes,
safeguarding the device from manufacture to deployment.
Yangbo Lu [Wed, 15 Aug 2018 08:41:41 +0000 (16:41 +0800)]
layerscape: split image makefile per subtarget
This patch is to split image makefile per subtarget.
The ARMv7 subtarget will be added in the future.
It will be not convinient if only one makefile is used
for several subtargets management and future development.
This patch also dropped 32-bit Traverse LS1043-S since
Traverse only intended to support 64-bit and the 32-bit
compile now had an issue.
Yangbo Lu [Wed, 4 Jul 2018 04:20:41 +0000 (12:20 +0800)]
layerscape: update u-boot to LSDK-18.06
The u-boot source code had been migrated to codeaurora
for LSDK-18.06 release and the future release. This
patch is to update u-boot to LSDK-18.06 for both
uboot-layerscape and uboot-layerscape-armv8_32b packages.
Besides, this patch also introduced some other changes.
- Reworked uboot-layerscape makefile to make it more
readable.
- Define package in uboot-layerscape-armv8_32b for each board.
- Fixed u-boot package selection in target image makefile.
Yangbo Lu [Tue, 3 Jul 2018 06:17:08 +0000 (14:17 +0800)]
layerscape: update restool to LSDK-18.06
The restool source code had been migrated to codeaurora
for LSDK-18.06 release and the future release. This patch
is to update restool to LSDK-18.06 release.
Yangbo Lu [Tue, 3 Jul 2018 03:07:06 +0000 (11:07 +0800)]
layerscape: update ls-rcw to LSDK-18.06
The rcw source code had been migrated to codeaurora
for LSDK-18.06 release and the future release. The
source code had also involved ls1012ardb/ls1012afrdm/
ls1088ardb/ls2088ardb rcw, so we updated ls-rcw to
LSDK-18.06, reworked the makefile and dropped ls-rcw-bin
package in this patch. Also reworked ls-rcw patch to
adapt to the latest source code.
Yangbo Lu [Mon, 2 Jul 2018 03:12:17 +0000 (11:12 +0800)]
layerscape: update ls-dpl to LSDK-18.06
The dpl-examples source code had been migrated to
codeaurora for LSDK-18.06 release and the future
release. This patch is to update this package to
LSDK-18.06.
Yangbo Lu [Fri, 29 Jun 2018 08:20:32 +0000 (16:20 +0800)]
layerscape: update fman-ucode to LSDK-18.06
Actually there was no change for fman-ucode in LSDK-18.06
just tagged with LSDK-18.06. This patch is to rework the
fman-ucode makefile to make it more readable, and to use
lsdk-1806 as the PKG_VERSION.
Commit b7265c59ab7d ("kernel: backport a series of netfilter cleanup
patches to 4.14") added patch 302-netfilter-nf_tables_inet-don-t-use-
multihook-infrast.patch. That patch switches the netfilter core in the
kernel to use the new native NFPROTO_INET support. Unfortunately, the
new native NFPROTO_INET support does not exist in 4.14 and was not
backported along with this patchset. As such, nftables inet tables never
see any traffic.
As an example the following nft counter rule should increment for every
packet coming into the box, but never will:
nft add table inet foo
nft add chain inet foo bar { type filter hook input priority 0\; }
nft add rule inet foo bar counter
This commit pulls in the required backport patches to add the new
native NFPROTO_INET support, and thus restore nftables inet table
functionality.
Tested on Turris Omnia (mvebu)
Fixes: b7265c59ab7d ("kernel: backport a series of netfilter cleanup ...") Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
Magnus Kroken [Sat, 15 Sep 2018 22:44:43 +0000 (00:44 +0200)]
mbedtls: update to 2.13.0
* Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing.
* Several bugfixes.
* Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss.
This release introduces the ability to replace/interpose the allocator
(malloc) subject to certain restrictions, adds an experimental m68k
port, and makes notable improvements to stdio (application-provided
buffers), getaddrinfo (AI_ADDRCONFIG, support for IPv4-only kernel
configurations), the dynamic linker (safety against dlopen of
libraries using initial-exec TLS model, reclaiming unused memory on
FDPIC archs, better dladdr results), and handling of default thread
stack size (pthread_setattr_default_np now works more reliably).
Many bugs have been fixed, including potentially dangerous regressions
in iconv (only for new conversions to legacy encodings) and visibly
incorrect behavior in printf on non-x86 archs (%a format with
precision specifier), in getopt_long_only when short options are a
prefix for a long option, in complex arc-trig/hyperbolic functions, in
strftime and mktime (timezone-specific issues), and numerous
less-obvious places.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[altered commit msg a bit keeping it tight] Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
dnsmasq: Change behavior when RD bit unset in queries.
Backport upstream commit
Change anti cache-snooping behaviour with queries with the
recursion-desired bit unset. Instead to returning SERVFAIL, we
now always forward, and never answer from the cache. This
allows "dig +trace" command to work.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jonathan Lancett <j.lancett@ntlworld.com>
[minor tweak to commit title] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Felix Fietkau [Thu, 20 Sep 2018 08:06:49 +0000 (10:06 +0200)]
ath9k: fix unloading the module
Registering a GPIO chip with the ath9k device as parent prevents unload,
because the gpiochip core increases the module use count.
Unfortunately, the only way to avoid this at the moment seems to be to
register the GPIO chip without a parent device
Hans Dedecker [Mon, 17 Sep 2018 15:53:34 +0000 (17:53 +0200)]
map: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken map connectivity.
Therefore drop the default encaplimit value for map tunnels so
no destination option header is included by default.
Hans Dedecker [Mon, 17 Sep 2018 09:24:39 +0000 (11:24 +0200)]
ds-lite: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken ds-lite connectivity.
Therefore drop the default encaplimit value for ds-lite tunnels so
no destination option header is included by default.
* blake2s-x86_64: fix whitespace errors
* crypto: do not use compound literals in selftests
* crypto: make sure UML is properly disabled
* kconfig: make NEON depend on CPU_V7
* poly1305: rename finish to final
* chacha20: add constant for words in block
* curve25519-x86_64: remove useless define
* poly1305: precompute 5*r in init instead of blocks
* chacha20-arm: swap scalar and neon functions
* simd: add __must_check annotation
* poly1305: do not require simd context for arch
* chacha20-x86_64: cascade down implementations
* crypto: pass simd by reference
* chacha20-x86_64: don't activate simd for small blocks
* poly1305-x86_64: don't activate simd for small blocks
* crypto: do not use -include trick
* crypto: turn Zinc into individual modules
* chacha20poly1305: relax simd between sg chunks
* chacha20-x86_64: more limited cascade
* crypto: allow for disabling simd in zinc modules
* poly1305-x86_64: show full struct for state
* chacha20-x86_64: use correct cut off for avx512-vl
* curve25519-arm: only compile if symbols will be used
* chacha20poly1305: add __init to selftest helper functions
* chacha20: add independent self test
Tons of improvements all around the board to our cryptography library,
including some performance boosts with how we handle SIMD for small packets.
* send/receive: reduce number of sg entries
This quells a powerpc stack usage warning.
* global: remove non-essential inline annotations
We now allow the compiler to determine whether or not to inline certain
functions, while still manually choosing so for a few performance-critical
sections.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
projects / thirdparty / openwrt.git / log
