Daniel Golle [Fri, 2 Feb 2018 00:57:46 +0000 (01:57 +0100)]
base-files: quote values when evaluating uevent
When sourcing /sys/class/block/*/uevent values have to be quoted as
they may contain spaces (e.g. in PARTNAME).
Fix this by pre-processing with sed before sourcing.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Sven Eckelmann [Mon, 29 Jan 2018 10:52:51 +0000 (11:52 +0100)]
ipq-wifi: drop OpenMesh A42 board-2.bin
The BDFs for OpenMesh A42 were upstreamed [1] to the ath10k-firmware
repository and are now part of ath10k-firmware 2018-01-26. The
ipq-wifi-openmesh_a42 package can now be dropped because OpenWrt already
ships the QCA4019 board-2.bin from this version.
Sven Eckelmann [Mon, 29 Jan 2018 10:46:35 +0000 (11:46 +0100)]
firmware: ath10k-firmware: update to 2018-01-26
* introduces the BDFs for the OpenMesh A42 in
/lib/firmware/ath10k/QCA4019/hw1.0/board-2.bin.
* adds new firmware firmware-6.bin_RM.4.4.1.c1-00037-QCARMSWP-1 for
QCA6174 hw3.0
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
David Bauer [Tue, 6 Feb 2018 18:44:36 +0000 (19:44 +0100)]
ar71xx: remove bs-partition ro-flag for UniFi AC
This removes the read-only flag from the bs (bootselect) partition
on UniFi AC devices. This allows to correct the indicator from which
partition the device is booting its kernel from.
See also:
- https://github.com/freifunk-gluon/gluon/issues/1301
- https://bugs.lede-project.org/index.php?do=details&task_id=662
Henryk Heisig [Sun, 28 Jan 2018 18:49:38 +0000 (19:49 +0100)]
ramips: add support for TP-Link Archer C50 v3
TP-Link Archer C50 v3 is a router with 5-port FE switch and
non-detachable antennas. It's based on MediaTek MT7628N+MT7612E.
Specification:
- MediaTek MT7628N/N (580 Mhz)
- 64 MB of RAM
- 8 MB of FLASH
- 2T2R 2.4 GHz and 2T2R 5 GHz
- 5x 10/100 Mbps Ethernet
- 4x external, non-detachable antennas
- UART (J1) header on PCB (115200 8n1)
- 7x LED (GPIO-controlled*), 2x button, power switch
* WAN LED in this devices is a dual-color, dual-leads type which isn't
(fully) supported by gpio-leds driver. This type of LED requires both
GPIOs state change at the same time to select color or turn it off.
For now, we support/use only the green part of the LED.
Flash instruction:
The only way to flash LEDE image in ArcherC50v3 is to use
tftp recovery mode in U-Boot:
1. Configure PC with static IP 192.168.0.66/24 and tftp server.
2. Rename "openwrt-ramips-mt7628-ArcherC50v3-squashfs-tftp-recovery.bin"
to "tp_recovery.bin" and place it in tftp server directory.
3. Connect PC with one of LAN ports, press the reset button, power up
the router and keep button pressed for around 6-7 seconds, until
device starts downloading the file.
4. Router will download file from server, write it to flash and reboot.
Zoltan HERPAI [Sat, 10 Feb 2018 20:19:41 +0000 (21:19 +0100)]
firmware: add microcode package for Intel
Compiling the Intel microcode package results in a
microcode.bin and a microcode-64.bin. As we can
decide based on the subtarget which should be used,
we'll only split the required .bin file with
iucode-tool.
x64 will get the intel-microcode-64.bin
All other variants will get intel-microcode.bin
The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.
Zoltan HERPAI [Sun, 11 Feb 2018 11:30:07 +0000 (12:30 +0100)]
tools: add iucode-tool
Add tool to "compile" Intel microcode files. The tool will be
compiled for host (to split the microcode.dat) and for target
(to forcibly reload the microcode if required).
Instead of using the large microcode.bin/microcode-64.bin, the
splitted ucode files (separate for CPU families) will be
installed.
Hauke Mehrtens [Sat, 10 Feb 2018 23:52:08 +0000 (00:52 +0100)]
uboot-fritz4040: Fix build with HOSTCFLAGS
When we provide the HOSTCFLAGS to the U-Boot build it will fail because
it can not find the u-boot provided header files any more.
Just overwrite and not append the package specific configuration on top
of the configuration provided by u-boot.mk.
uboot-fritz4040 is based on U-Boot 2012.07 and this problem is probably
similar to the problem seen with the lantiq and ar71xx u-boot build.
Adrià Llaudet [Thu, 8 Feb 2018 11:02:24 +0000 (12:02 +0100)]
imx6: use DTS_DIR at image build code
Use "$(DTS_DIR)", defined at include/image.mk, instead of
"$(LINUX_DIR)/arch/$(LINUX_KARCH)/boot/dts" in order to generalize and
allow a better Device/* device-tree parameterization (i.e. DEVICE_DTS_DIR
and DTS_DIR).
Evgeniy Didin [Tue, 30 Jan 2018 12:36:51 +0000 (15:36 +0300)]
kernel: backport fix undefined abort
While building mpi.ko module with stable Linux v4.14.14 an error occured:
>ERROR: "abort" [lib/mpi/mpi.ko] undefined!
In upstream Linux 4.15 this issue is fixed:
Commit 7c2c11b208be ("arch: define weak abort()")
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c2c11b208be09c156573fc0076b7b3646e05219
uboot-mvebu: fix build ; use the build's tools/libressl
Since I have no openssl-dev on my machine, I first
get this error:
```
tools/kwbimage.c:21:10: fatal error: openssl/bn.h: No such file or directory
#include <openssl/bn.h>
```
After removing the UBOOT_MAKE_FLAGS the next error is:
```
tools/kwbimage.c:40:6: error: conflicting types for ‘EVP_MD_CTX_cleanup’
void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
```
After removing the OpenSSL patches the next error is:
```
HOSTLD tools/dumpimage
/usr/bin/ld: cannot find -lssl
/usr/bin/ld: cannot find -lcrypto
collect2: error: ld returned 1 exit status
scripts/Makefile.host:108: recipe for target 'tools/dumpimage' failed
make[5]: *** [tools/dumpimage] Error 1
```
So, the final part is to add the build system's
HOST_LDFLAGS to the UBOOT_MAKE_FLAGS.
(which was done in the previous commit)
Then the image builds.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This would should up as `$$(HOSTCPPFLAGS)` in the host CFLAGS.
```
make --jobserver-fds=3,4 -j -C <openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/u-boot-A10-OLinuXino-Lime/u-boot-2017.07 CROSS_COMPILE=arm-openwrt-linux-muslgnueabi- DTC="<openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/linux-sunxi_cortexa8/linux-4.9.76/scripts/dtc/dtc" HOSTCC="gcc" HOSTCFLAGS='-O2 -I<openwrt>/staging_dir/host/include -I<openwrt>/staging_dir/host/usr/include -I<openwrt>/staging_dir/hostpkg/include -I<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/host/include $$(HOSTCPPFLAGS)' HOSTLDFLAGS="" BL31=<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/image/bl31.bin
```
And then it would complain with:
```
/bin/sh: 1: HOSTCPPFLAGS: not found
```
Also, HOSTCPPFLAGS does not exist.
The correct var is HOST_CPPFLAGS.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Felix Fietkau [Fri, 9 Feb 2018 15:04:30 +0000 (16:04 +0100)]
mt76: update to the latest version, fixes mt7603 stability issues
3413961 mt7603: avoid reordering qos-null data packets c60e6db mt76: toggle driver station powersave bit before notifying mac80211 246d548 mt76: stop tx queues from the driver callback instead of common code
Stijn Tintel [Thu, 8 Feb 2018 08:36:38 +0000 (09:36 +0100)]
kernel: bump 4.14 to 4.14.18
Refresh patches.
Remove upstreamed patches:
- apm821xx/010-crypto-gcm-add-GCM-IV-size-constant.patch
- backport/040-crypto-fix-typo-in-KPP-dependency-of-CRYPTO_ECDH.patch
Remove pending-4.14/650-pppoe_header_pad.patch, it is superseded by
upstream commit d32e5740001972c1bb193dd60af02721d047a17e.
Update patch that no longer applies: hack/204-module_strip.patch
Hans Dedecker [Mon, 5 Feb 2018 08:57:48 +0000 (09:57 +0100)]
odhcp6c: change sendopts option into list
Commit a26045049b added support for sendopts as a string; since multiple
sendopts values can be specified it makes more sense to model it as a
list of strings.
Daniel Golle [Wed, 24 Jan 2018 00:27:51 +0000 (01:27 +0100)]
ramips: various fixes for zbt-we1226
Convert userspace code to use generic device-tree compatible board
detection method. Users of the existing code will have to use
sysupgrade -F once to switch to the new generic board naming.
Properly setup pinctrl fixing the switch port LEDs.
Fixes commit 9c4fe103cb (ramips: add support for ZBT-WE1226) Reported-by: Mathias Kresin <dev@kresin.me> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The ATM subsystem is different from the generic ethernet NICs. The ATM
subsystem requires a callback when a packet has been sent. It means a
tx skb_buff need to be used after it has sent. While the generic NIC
can fill up the TX ring and free skb_buffs if it encounter a ring buffer slot
with an already sent skbuff.
The ATM drivers need call the pop() function after it has send a
single ATM package. The ATM subsystem controls via this ways the queuing.
The ppe engine use DMA channels for read and write. Every atm_vcc has it's
own TX DMA channel and each TX DMA channel has it's own ring buffer.
The old driver had multiple issues:
- Call the subsystem callback at the beginning of tx function (ppe_send).
Didn't allowed the ATM subsystem to control the enqueued package
amount.
- Filled up the TX ring until full and fail futher
- copy or decouple the skb from all other subsystem before giving it
over to TX ring
The new tx path uses interupts.
- call the subsystem callback _after_ it was sent by hardware
- no need to copy our decouple the skb any more
- gives back control to the atm subsystem over the enqueued packages
- use an interupt for every sent atm package
Using interupts shouldn't be a problem because of the slow uplink bandwidth of
ADSL.
The speed _through_ the DSL router was always as high as it should
be, only traffic generated on the router itself were affected.
After changing to new tx path, the speed of iperf's run on the
router itself reached the same speed. The master/trunk wasn't as much
affected because of TCP optimisations (reboot-5022-gb2ea46fe236a).
The following results are taken on the remote server, which receives
the stream over the internet and the DSL line.
The sync moves between every sync a litte bit, but is so far stable
Latency / Interleave Delay: Down: Fast (0.25 ms) / Up: Fast (0.50 ms)
Data Rate: Down: 13.287 Mb/s / Up: 1.151 Mb/s
Felix Fietkau [Thu, 25 Jan 2018 15:49:14 +0000 (16:49 +0100)]
mt76: update to the latest version
2b7fae4 mt76: fix returnvar.cocci warnings 939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params() cf59170 mt76x2: dfs: add set_domain handler 5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params() f76e25f mt76x2: fix WMM parameter configuration 34d612d mt76: retry rx polling as long as there is budget left 0f8327a mt76x2: fix TSF value in probe responses ad3f8e9 mt76: add an intermediate struct for rx status information 58a41f1 mt76: get station pointer by wcid and pass it to mac80211 b0508d3 mt76: implement A-MPDU rx reordering in the driver code cf3cfc4 mt76: split mt76_rx_complete 461cdf9 mt76: pass the per-vif wcid to the core for multicast rx 9b2c778 mt76: validate rx CCMP PN 302af90 mt76x2: init: disable all pending tasklets during device removal 9f685fe mt7603: init: disable tbtt tasklet during device removal c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames 3968dae mt7603: fix 40 mhz channel bandwidth reporting 9c2e03d mt7603: fix rx LDPC reporting f515dfc mt76: implement AP_LINK_PS 974142c mt76: implement processing of BlockAckReq frames c5209db mt76: avoid re-queueing A-MPDU rx reorder work if no frames are pending e67e7a5 mt76x2: do not set status->aggr for NULL data frames 8693864 mt76: check qos ack policy before reordering packets
kernel: fix forwarding locally generated packages in bridge isolation patch
Locally generated packets weren't forwarded to the isolated interfaces in a
bridge. Isolation should only prevent the flooding of incomming packets to
other interfaces in the bridge.
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Rosen Penev [Mon, 4 Dec 2017 19:40:23 +0000 (11:40 -0800)]
ag71xx: Reorder ag71xx struct members for better cache performance
Qualcomm claims this improves the D-cache footprint. Origina commit message below:
From: Ben Menchaca <ben.menchaca@qca.qualcomm.com>
Date: Fri, 7 Jun 2013 10:57:28 -0500
Subject: [ag71xx] cluster/align structs for cache perf
Cluster the frequently used, per-packet structures in ag71xx near
to each other, and cacheline-align them. Some other re-ordering
occurred to move "warmer" structures near the per-packet structures.
Signed-off-by: Ben Menchaca <ben.menchaca@qca.qualcomm.com> Signed-off-by: Rosen Penev <rosenp@gmail.com>
Hans Dedecker [Sun, 4 Feb 2018 20:17:02 +0000 (21:17 +0100)]
nghttp2: bump to 1.30.0
f0836c7e Update manual pages 25db178b Bump up version number to 1.30.0, LT revision to 29:2:15 1b6713e6 Update AUTHORS c1a496cf nghttpx: Fix bug that h1 backend idle timeout expires sooner e098a211 mruby: Fix bug that response header is unexpectedly overwritten 0ba4bf51 Merge pull request #1120 from dylanplecki/issue-1119-mruby-header-overwrite 6deee203 Fix #1119: Stop overwrite of first header on mruby call to env.req.set_header(..) 6761a933 Merge pull request #1105 from nghttp2/nghttpx-upgrade-scheme 5cc3d159 nghttpx: Add upgrade-scheme parameter to backend option 652f57e7 Merge pull request #1104 from nghttp2/allow-ping-after-goaway acd6b40e Allow PING frame to be sent after GOAWAY 0fbb46ed Merge pull request #1101 from nghttp2/remember-pushed-links 6ad629de Merge pull request #1102 from nghttp2/fix-missing-alpn-validation 74754982 nghttpx: Fix missing ALPN validation (--npn-list) a31a2e3b nghttpx: Remember which resource is pushed a776b0db Merge pull request #1092 from nghttp2/define-103 cfd926f0 src: Define 103 status code 72f52716 Bump up version number to 1.30.0-DEV
2675814 version: bump snapshot 381d703 qemu: update base versions c3fbd9d curve25519: break more things with more test cases 93fa0d9 curve25519: replace fiat64 with faster hacl64 6177bdd curve25519: replace hacl64 with fiat64 b9bf37d curve25519: verify that specialized basepoint implementations are correct bd3f0d8 tools: dedup secret normalization 1f87434 chacha20poly1305: better buffer alignment 78959ed chacha20poly1305: use existing rol32 function 494cdea tools: fread doesn't change errno ab89bdc device: let udev know what kind of device we are 62e8720 qemu: disable AVX-512 in userland 6342bf7 qemu: disable PIE for compilation e23e451 contrib: keygen-html: share curve25519 implementation with kernel 6b28fa6 tools: share curve25519 implementations with kernel c80cbfa poly1305: add poly-specific self-tests 10a2edf curve25519-fiat32: uninline certain functions
Firewall rules don't work as intended without conntrack support. The recent
cleanup removed the kmod-nf-conntrack6 dependency from the iptables
modules; add it to the firewall package instead.
treewide: combine VERSION_SED and VERSION_SED_SCRIPT
We don't need two versions of this. The escaping quotes
is so that the sed commands aren't misinterpreted by shell;
it has nothing to do with the contents of the file, thus
one version is adequate.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
version.mk: escape values used in VERSION_SED macro
In addition to backslash and ampersand needing to be escaped for
simple sed RHS strings, we also need to escape comma since we're
using that as our s/// delimiter.
Pass everything through a macro filter to sanitize it.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Jo-Philipp Wich [Thu, 25 Jan 2018 16:12:29 +0000 (17:12 +0100)]
build: bundle-libraries.sh: patch bundled ld.so
Remove references to /etc/, /lib/ and /usr/ from the bundled ld.so
interpreter using simple binary patching.
This is needed to prevent loading host system libraries such as
libnss_compat.so.2 on foreign systems, which may result in ld.so
inconsistency assertions.
Hans Dedecker [Thu, 1 Feb 2018 14:12:58 +0000 (15:12 +0100)]
netifd: add defaultreqopts config option
By default udhcpc asks for a default list of options; the config option
defaultreqopts allows to tweak this behavior.
When set to 0 udhcpc will not ask for any options except for the options
specified in the reqopts config option.
Hans Dedecker [Wed, 31 Jan 2018 11:58:53 +0000 (12:58 +0100)]
odhcp6c: add defaultreqopts config option
By default odhcp6c asks for a default list of options; the config option
defaultreqopts allows to tweak this behavior.
When set to 0 odhcp6c will not ask for any options except for the options
specified in the reqopts config option.
For minimal firewall setups, NAT support may be unnecessary.
It would be possible to further reduce the minimum number of installed
modules, e.g. by separating IPv4 and IPv6 support or moving conntrack
support into a separate kmod package. We go with a more complete
kmod-nft-core for now, until a concrete usecase for smaller packages
arises.
netfilter: clean up dependencies of kernel modules
The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate
packages, as they are a common dependency of ip(6)tables and nftables. This
avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables
modules depend on nf-conntrack(6) now.
Hans Dedecker [Fri, 26 Jan 2018 20:17:46 +0000 (21:17 +0100)]
curl: bump to 7.58.0
a0b5e8944 progress-bar: get screen width on windows 65ceb20df test1454: --connect-to with IPv6 address w/o IPv6 support! eb6e3c4f6 CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support 96186de1f docs: fix man page syntax to make test 1140 OK again af32cd385 http: prevent custom Authorization headers in redirects 993dd5651 curl: progress bar refresh, get width using ioctl() 9d82cde7b RELEASE-NOTES: synced with bb0ffcc36 bb0ffcc36 libcurl-env.3: first take ec122c4c8 TODO: two possible name resolver improvements a5e6d6ebc http2: don't close connection when single transfer is stopped 87ddeee59 test558: fix for multissl builds da07dbb86 examples/url2file.c: add missing curl_global_cleanup() call ddafd45af SSH: Fix state machine for ssh-agent authentication 9e4ad1e2a openssl: fix potential memory leak in SSLKEYLOGFILE logic ca9c93e3e openssl: fix the libressl build again 2c0c4dff0 unit1307: test many wildcards too 2a1b2b4ef curl_fnmatch: only allow 5 '*' sections in a single pattern cb5accab9 ftp-wildcard: fix matching an empty string with "*[^a]" 25c40c9af SMB: fix numeric constant suffix and variable types 945df7410 CURLOPT_TCP_NODELAY.3: fix typo 8dd4edeb9 smtp/pop3/imap_get_message: decrease the data length too... 84fcaa2e7 openssl: enable SSLKEYLOGFILE support by default e44ddfd47 mime: clone mime tree upon easy handle duplication. 2c821bba8 docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata a06311be2 test395: HTTP with overflow Content-Length value 67595e7d2 test394: verify abort of rubbish in Content-Length: value ac17d7947 test393: verify --max-filesize with excessive Content-Length f68e67271 HTTP: bail out on negative Content-Length: values 0616dfa1e configure.ac: append extra linker flags instead of prepending them. 650b9c1d6 RELEASE-NOTES: synced with 6fa10c8fa 6fa10c8fa setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values 3b548ffde setopt: reintroduce non-static Curl_vsetopt() for OS400 support fa3dbb9a1 http2: fix incorrect trailer buffer size 2a6dbb815 easy: fix connection ownership in curl_easy_pause 89f680473 system.h: Additionally check __LONG_MAX__ for defining curl_off_t 14d07be37 COPYING: it's 2018! a8ce5efba progress: calculate transfer speed on milliseconds if possible d4e40f069 scripts: allow all perl scripts to be run directly e4f86025d mail-rcpt.d: fix short-text description 908a9a674 build: remove HAVE_LIMITS_H check 129390a51 openssl: fix memory leak of SSLKEYLOGFILE filename 272613df0 Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX" 481539e90 test1554: improve the error handling 593dcc553 test1554: add global initialization and cleanup dc831260b curl_version_info.3: call the argument 'age' 58d7cd28a brotli: data at the end of content can be lost a0f3eaf25 examples/cacertinmem: ignore cert-already-exists error 859ac3602 tool_getparam: Support size modifiers for --max-filesize b399b0490 build: Fixed incorrect script termination from commit ad1dc10e61 a9b774a77 Makefile.vc: Added our standard copyright header 22fddb85a winbuild: Added support for VC15 ad1dc10e6 build: Added Visual Studio 2017 project files d409640d6 build-wolfssl.bat: Added support for VC15 a4e88317d build-openssl.bat: Added support for VC15 c97648b55 curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX b43755789 examples/rtsp: fix error handling macros f009bbe1f curl_easy_reset: release mime-related data. 4acc9d3d1 content_encoding: rework zlib_inflate e639d4ca4 brotli: allow compiling with version 0.6.0. 9c6a6be88 CURLOPT_READFUNCTION.3: refer to argument with correct name 02f207a76 rand: add a clang-analyzer work-around 13ce373a5 krb5: fix a potential access of uninitialized memory 41982b6ac conncache: fix a return code [regression] 5d0ba70e1 curl: support >256 bytes warning messsages 188a43a8f libssh: fix a syntax error in configure.ac 7ef0c2d86 examples/smtp-mail.c: use separate defines for options and mail 621b24505 THANKS: added missing names cc0cca1ba mailmap: added/clarified several names 9d7a59c8f setopt: less *or equal* than INT_MAX/1000 should be fine 2437dbbf1 vtls: replaced getenv() with curl_getenv() ef5633d4b RELEASE-NOTES: synced with 3b9ea70ee 3b9ea70ee TODO: Expose tried IP addresses that failed 48c184a60 curl.1: mention http:// and https:// as valid proxy prefixes 76db03dd9 curl.1: documented two missing valid exit codes 63e58b8b4 CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference 671f0b506 Revert "curl: don't set CURLOPT_INTERLEAVEDATA" 4b6f3cff7 tests: mark data files as non-executable in git 98c572ed3 tests: update .gitignore for libtests e959f16c5 multi_done: prune DNS cache 06a0a26fb mailmap: fixup two old git Author "aliases" 7ab4e7adb openssl: Disable file buffering for Win32 SSLKEYLOGFILE b1b94305d RESOLVE: output verbose text when trying to set a duplicate name bbea75ad6 CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE a4a56ec93 sftp: allow quoted commands to use relative paths 9fb5a943f CURLOPT_PRIVATE.3: fix grammar 179ee78e8 curl: remove __EMX__ #ifdefs 9dfb19483 openssl: improve data-pending check for https proxy 9ffad8eb1 curl: don't set CURLOPT_INTERLEAVEDATA 912324024 curl.h: remove incorrect comment about ERRORBUFFER ebaab4d17 configure: add AX_CODE_COVERAGE only if using gcc b5881d1fb curl: limit -# update frequency for unknown total size 546e7db78 BINDINGS: another PostgreSQL client 55e609890 CONNECT: keep close connection flag in http_connect_state struct c103cac3c include: get netinet/in.h before linux/tcp.h 00cda0f9b openldap: fix checksrc nits ff07f07cc openldap: add commented out debug possibilities bb0ca2d44 examples: move threaded-shared-conn.c to the "complicated" ones 4fb85b87b RELEASE-NOTES: synced with b261c44e8 b261c44e8 URL: tolerate backslash after drive letter for FILE: 24dcd7466 tests: added netinet/in6.h includes in test servers 76ebd5417 configure: check for netinet/in6.h 0c65678e7 curl-config: add --ssl-backends ea3a5d07d conncache: only allow multiplexing within same multi handle 415b8dff8 threaded-shared-conn.c: fixed typo in commenta 5254d8bf2 threaded-shared-conn.c: new example 07cb27c98 conncache: fix several lock issues 85f0133ea libssh: remove dead code in sftp_qoute 615edc1f7 sasl_getmesssage: make sure we have a long enough string to pass 440140946 libssh2: remove dead code from SSH_SFTP_QUOTE 6401ddad4 ssh-libssh.c: please checksrc 918530752 libssh: fixed dereference in statvfs access 8dad32bcf RESOURCES: update spec names a08f5a77c libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS 8843c0939 libssh: no need to call sftp_get_error as ssh_get_error is sufficient 3cef6f22e libssh: fix minor static code analyzer nits 10bb0b471 openssl: pkcs12 is supported by boringssl 8eff32f0b travis: use pip2 instead of pip b7f534597 lib582: do not verify host for SFTP a2f396680 libssh: added SFTP support c75c9d4fb symbols-in-versions: added new symbols with 7.56.3 version 05675ab5a .travis.yml: added build --with-libssh 38aef6dc4 libssh2: return CURLE_UPLOAD_FAILED on failure to upload 75427291e libssh2: send the correct CURLE error code on scp file not found c92d2e14c Added support for libssh SSH SCP back-end 3973ee6a6 RELEASE-NOTES: synced with af8cc7a69 af8cc7a69 curlver: towards 7.57.1 4b4142491 lib: don't export all symbols, just everything curl_* 9194a9959 SSL: Avoid magic allocation of SSL backend specific data 744ee5838 examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL 270494e1a travis: add boringssl build
Yousong Zhou [Sun, 28 Jan 2018 01:43:30 +0000 (09:43 +0800)]
procd: fix procd_lock() when prepare_roofs
This fixes the following errors when doing "make package/install"
/home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l
ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory
flock: 1000: Bad file descriptor
Hauke Mehrtens [Sat, 27 Jan 2018 21:51:59 +0000 (22:51 +0100)]
binutils: assertion failure bfd/elfxx-mips.c:3860
With forced PIE and SSP support I ran into this assertion failure.
backport two patches to fix this problem from the binutils 2.28 branch.
This fix is already included in binutils 2.28.1 and 2.29.
Julien Dusser [Sun, 7 Jan 2018 17:47:21 +0000 (18:47 +0100)]
build: cleanup SSP_SUPPORT configure option
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.
Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.
No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.
Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.
Julien Dusser [Mon, 8 Jan 2018 22:47:06 +0000 (23:47 +0100)]
build: add hardened builds with PIE (ASLR) support
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com> Signed-off-by: Julien Dusser <julien.dusser@free.fr>
kernel-headers: adjust PKG_ variables when using git clone method
When using an external git clone for the kernel repo,
the build would fail because the build won't download
[via git] the kernel tarball.
This is because the `toolchain/kernel-headers` assumes
that the kernel would get downloaded via normal HTTP.
The reason for this is the `HostBuild` rule, which
calls the `Download/default` rule.
To use the `Download/default` we just need to conditionally
adjust some PKG_ vars.
We can safely use `LINUX_VERSION` as it was already adjusted
in the `kernel-version.mk` to avoid collisions with other tarballs.
kernel.mk: update LINUX_VERSION filename for cloned repo
In case there is an external git repo specified,
it could overwrite the kernel tarball that was
downloaded from kernel.org.
The only identifier for such a file is the
KERNEL_GIT_CLONE_URI & KERNEL_GIT_REF symbols,
so if we have to download it we'll use that
information [after some sanitization]
to create a different filename for the kernel tarball.
If KERNEL_GIT_REF symbol is empty, HEAD will be used
as mentioned in the description of KERNEL_GIT_REF.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Stephan Brunner [Fri, 19 Jan 2018 13:03:46 +0000 (14:03 +0100)]
hostapd: add support for hostapd's radius_client_addr
Add support for hostapd's radius_client_addr in order to
force hostapd to send RADIUS packets from the correct source
interface rather than letting linux select the most appropriate.
Signed-off-by: Stephan Brunner <s.brunner@stephan-brunner.net>
projects / thirdparty / openwrt.git / log
