Enable MediaTek protocol in btusb module to support e.g. the Bluetooth
part of the MT7921K NGFF/M.2 module.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of always including the XHCI driver in the kernel on all
MediaTek boards, selectively include the kernel module only on boards
which actually make use of USB functionality.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rename libwolfssl-cpu-crypto to libwolfsslcpu-crypto so that the
regular libwolfssl version comes first when running:
opkg install libwolfssl
Normally, if the package name matches the opkg parameter, that package
is preferred. However, for libraries, the ABI version string is
appended to the package official name, and the short name won't match.
Failing a name match, the candidate packages are sorted in alphabetical
order, and a dash will come before any number. So in order to prefer
the original library, the dash should be removed from the alternative
library.
Fixes: c3e7d86d2b (wolfssl: add libwolfssl-cpu-crypto package)
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Move CONFIG_PACKAGE_libwolfssl-benchmark from the top of
PKG_CONFIG_DEPENDS to after PKG_ABI_VERSION is set.
This avoids changing the ABI version hash whether the bnechmark package
package is selected or not.
Fixes: 05df135cac (wolfssl: Rebuild when libwolfssl-benchmark gets changes)
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
iucode-tool/host is used by intel-microcode to manipulate with
microcode.bin file. iucode-tool requires cpuid.h at compile time
for autodection feature, but non-x86 build hosts does not have
this header file (e.g. ubuntu 20.04 aarch64) or this header
generates compile time error (#error macro) (e.g. macos arm64).
This patch provides compat cpuid.h to build iucode-tool/host on
non-x86 linux hosts and macos. CPU autodectection is not required
for intel-microcode package build so compat cpuid.h is ok for
OpenWrt purposes.
glibc and argp lib are not present in macos so iucode-tool/host
build fails. This patch adds argp-standalone/host as build
dependency if host os is macos.
Generated ucode (intel-microcode package) is exactly the same on
Linux x86_64 (Ubuntu 20.04), Linux aarch64 (Ubuntu 20.04) and
Darwin arm64 (MacOS 11.6) build hosts.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
The GPIO used for the RST button is also used for PCIe-CLKREQ signal.
Hence it cannot be used as button signal if PCIe is also used.
Wire up WPS button to serve as KEY_RESTART in Linux and "reset" button
in U-Boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Weijie Gao has submitted an updated version of the patchset adding
support for MT7986 and MT7981 to U-Boot. Use that v2 patchset.
Changes of v2:
- Add cpu driver for print_cpuinfo()
- Fix NULL pointer dereference in mtk_image
(was already fixed in OpenWrt)
- Fix coding style
- Minor changes
https://patchwork.ozlabs.org/project/uboot/list/?series=316148
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Create new mediatek_filogic file and add entries for environment on
MMC, UBI and NOR for the Bananapi BPi-R3.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The Bananapi BPi-R3 board can boot from eMMC, SD card, SPI-NAND and
SPI-NOR, depending on the position of switches controlling the BOOTSEL
bootstrap pins as we as hard-wired chip-select lines. The position of the
chip-select switch SW6 decides whether either SD card or eMMC can be
accessed, SW5 selects either SPI-NAND or SPI-NOR.
Generate U-Boot for all 4 boot options. The SD card version allows
installation to SPI-NAND and SPI-NOR (eMMC cannot be accessed
simultanously with the SD card), the SPI-NAND version allows installation
to eMMC.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Treat missing compression node in FIT image as IH_COMP_NONE.
This is implicentely already happening in most places, but for now
was still triggering an annoying warning about initramfs compression
being obsolete despite compression note being absent.
Fix this.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* updated SNAND/SNFI driver brings support for MT7981
* add support for MediaTek NAND Memory bad Block Management (NMBM)
(not used for any boards atm, but could be useful in future)
* wire up NMBM support for MT7622, MT7629, MT7981 and MT7986
* replace some local patches with updated version from SDK
* bring some legacy precompiler symbols which haven't been converted
into Kconfig symbols in U-Boot 2022.07, remove when bumbping to
U-Boot 2022.10:
100-28-include-configs-mt7986-h-from-SDK.patch
Source: https://github.com/mtk-openwrt/u-boot
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
libwolfssl-cpu-crypto is a variant of libwolfssl with support for
cryptographic CPU instructions on x86_64 and aarch64.
On aarch64, wolfSSL does not perform run-time detection, so the library
will crash when the AES functions are called. A preinst script attempts
to check for support by querying /proc/cpuinfo, if installed in a
running system. When building an image, the script will check the
DISTRIB_TARGET value in /etc/openwrt_release, and will abort
installation if target is bcm27xx.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* uboot-rockchip:fix r4se uboot sd card not bootable
this will cause uboot to fail to load the sd card at startup, and uboot can recognize emmc
* rockchip:fix r4se system loading prompt led
* add the previous one
* fix
Update host build of fiptool and use the new python sptool.py instead
of the previous sptool executable.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The current target code is too chaotic, the patches are
messy and disorderly, and there are still many duplicate
code. Pack it back to half a year ago.
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This forces a rebuild of the wolfssl package when the
libwolfssl-benchmark OpenWrt package gets activated or deactivated.
Without this change the wolfssl build will fail when it compiled without
libwolfssl-benchmark before and it gets activated for the next build.
Fixes: 18fd12edb810 ("wolfssl: add benchmark utility")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Older MT7623 ARMv7 SoC as well as new Filogic platforms come with
inside-secure,safexcel-eip97 units. Enable them in DTS and select the
driver kernel module by default on those platforms.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
MediaTek's ARM Trusted Firmware v2.7+ allows the images inside a FIP
structure to be compressed. Make use of that for boards with NOR flash.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The updated sources bring support for the MT798x Filogic SoC family.
Add builds for MT7986 with most supported storage types, each for DDR3
and DDR4 configurations.
A better solution for skipping bad blocks on SPI-NAND connected via the
SNFI interface has been implemented upstream, so drop local patch.
Add pending patches [1] and [2] to fix boot on existing MT7622 boards.
Tested on BananaPi BPi-R64 (SDMMC, eMMC, SPI-NAND), Linksys E8450 and
Ubiquiti UniFi 6 LR as well as upcoming Bananapi BPi-R3 board for which
support will be added in future patches.
[1]: https://github.com/mtk-openwrt/arm-trusted-firmware/pulls/#3
[2]: https://github.com/mtk-openwrt/arm-trusted-firmware/pulls/#4
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
As anyway only the default is called now we can as well also just remove
the override for Build/Configure.
Fixes: e2cffbb805 ("arm-trusted-firmware-mediatek: update to 2021-03-10")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Instead of relying on dtc being provided by the build host use the
dtc from $(LINUX_DIR) similar to how it's done also in u-boot.mk.
For this to work kernel.mk now needs to be included before
trusted-firmware-a.mk, add this include to all affected packages.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes:
debuginfod: Support -C option for connection thread pooling.
debuginfod-client: Negative cache file are now zero sized instead of
no-permission files.
addr2line: The -A, --absolute option, which shows file names including
the full compilation directory is now the default. To get the
old behavior use the new option --relative.
readelf, elflint: Recognize FDO Packaging Metadata ELF notes
libdw, debuginfo-client: Load libcurl lazily only when files need to
be fetched remotely. libcurl is now never
loaded when DEBUGINFOD_URLS is unset. And when
DEBUGINFOD_URLS is set, libcurl is only loaded
when the debuginfod_begin function is called.
Signed-off-by: Nick Hainke <vincent@systemli.org>
The upcoming dwarves host package requires elfutils. As dependencies for
tools must exist in tools, we need to move elfutils host build there.
As there is at least one package that depends on this, and there is no
proper way to create such dependency in the build system, build it
unconditionally when not building on macOS.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
intl is not included in libc, disable it as is done with the target
package.
argp is also not included. Add build depends for argp-standalone.
fts is also not included. Add build depends for musl-fts.
Disable shared libraries to avoid having to manually add rpath.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
This patch adds host-compile ability to argp-standalone for build
hosts without glibc and argp lib, e.g. MacOS.
iucode-tool/host can not be built on MacOS due to lack of argp.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Add patch to skip bad blocks when reading from SPI-NAND. This is needed
in case erase block(s) early in the flash inside the FIP area are bad
and hence need to be skipped in order to be able to boot on such damaged
chips.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
It is common for 802.11ax NICs to support more than just AP mode, which
results in there being a distinct set of HE capabilities for each mode. As
(bad) luck would have it, iw prints out info for each HE mode in sequential
order according to `enum nl80211_iftype`, and AP mode isn't always first.
As a result, the wrong set of HE capabilities can be parsed if an AP NIC
supports station (managed) mode or any other mode preceding AP mode, since
only the first set of HE capabilities printed by iw is parsed from awk's
output.
This has a noticeable impact on beamforming for example, since managed mode
usually doesn't have beamformer capabilities enabled, while AP mode does.
Hostapd won't be set up with the configs to enable beamformer capabilities
in this scenario, causing hostapd to disable beamforming to HE stations
even when it's supported by the AP.
Always parse the correct set of HE capabilities for AP mode to fix this.
This is achieved by trimming all of iw's output prior to the AP mode
capabilities, which ensures that the first set of HE capabilities are
always for AP mode.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
WPA3 enterprise requires group_mgmt_cipher=BIP-GMAC-256 and if 802.11r is
active also wpa_key_mgmt FT-EAP-SHA384. This commit also requires
corresponding changes in netifd.
Signed-off-by: Joerg Werner <schreibubi@gmail.com>
In the SDK the folder $(LINUX_DIR)/user_headers/include does not exist,
but it more or less contains the same content as
$(LINUX_DIR)/include/uapi which also exists in the SDK.
Since iproute2 commit 1d819dcc741e ("configure: fix parsing issue on
include_dir option") it checks if this folder exists and aborts the
build if it does not exists.
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1d819dcc741e25958190e31f8186c940713fa0a8
With this commit the KERNEL_INCLUDE variable points to a valid folder
with the kernel include headers. I am not sure if they are actually
needed because the build worked before even with an invalid path.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Doesn't have these usb wireless network cards, but did a simple test
on rtl8852be, it turns out that the rtl driver is completely rubbish
and is no longer usable.
With the 5.18 and 5.19 update ip-tiny grows in size. Remove some
features bringing it back to the size before 5.18.
Remove
- Identifier-locator addressing (ila)
- MACsec Device Configuration (macsec)
- Multicast Routing Cache Management (mroute)
- mrule
- Virtual Routing and Forwarding (vrf)
- Segment Routing (sr)
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add patch:
- 105-ipstats-Define-MIN-function-to-fix-undefined-referen.patch
Refreshed:
- 170-ip_tiny.patch
- 195-build_variant_ip_tc.patch
Changes:
deb48554 v5.19.0
f8decf82 bpf_glue: include errno.h
71178ae0 rdma: update uapi/ib_user_verbs.h
96594fd2 vdpa: update uapi headers from 5.19-rc7
30c7b77f Revert "uapi: add vdpa.h"
c5433c4b ip neigh: Fix memory leak when doing 'get'
2cb76253 mptcp: Fix memory leak when getting limits
afdbb020 mptcp: Fix memory leak when doing 'endpoint show'
6db01afd bridge: Fix memory leak when doing 'fdb get'
1d540336 ip address: Fix memory leak when specifying device
325f706b uapi: add virtio_ring.h
291898c5 uapi: add vdpa.h
6e2fb804 uapi: update bpf.h
329fda18 ip: Fix size_columns() invocation that passes a 32-bit quantity
2a00a4b1 man: tc-fq_codel: add drop_batch
6bf5abef uapi: update mptcp.h
02410392 ip: Fix size_columns() for very large values
ed243312 man: tc-ct.8: fix example
2bb37e90 l2tp: fix typo in AF_INET6 checksum JSON print
855edb3d man: tc-fq_codel: Fix a typo.
4044a453 tc: declaration hides parameter
a44a7918 genl: fix duplicate include guard
703f2de6 uapi: change name for zerocopy sendfile in tls
248ad98e uapi: update socket.h
11e41a63 ip: Convert non-constant initializers to macros
8d3977ef Update kernel headers
5a1ad9f8 man: ip-stats.8: Describe groups xstats, xstats_slave and afstats
d9976d67 ipstats: Expose bond stats in ipstats
36e10429 ipstats: Expose bridge stats in ipstats
79f5ad95 iplink_bridge: Split bridge_print_stats_attr()
1247ed51 ipstats: Add groups "xstats", "xstats_slave"
c6900b79 ipstats: Add a third level of stats hierarchy, a "suite"
2ed73b9a iplink: Add JSON support to MPLS stats formatter
5ed8fd9d ipstats: Add a group "afstats", subgroup "mpls"
dff392fd iplink: Publish a function to format MPLS stats
72623b73 iplink: Fix formatting of MPLS stats
ce41750f ip: ipstats: Do not assume length of response attribute payload
40b50f15 bridge: vni: add support for stats dumping
c7f12a15 ip: iplink_vxlan: add support to set vnifiltering flag on vxlan device
45cd32f9 bridge: vxlan device vnifilter support
837294e4 libbpf: Remove use of bpf_map_is_offload_neutral
64e5ed77 libbpf: Remove use of bpf_program__set_priv and bpf_program__priv
ba6519cb libbpf: Use bpf_object__load instead of bpf_object__load_xattr
a6eb654d f_flower: add number of vlans man entry
5788732e f_flower: Check args with num_of_vlans
5ba31bcf f_flower: Add num of vlans parameter
b28eb051 man: Add man pages for the "stats" functions
a05a27c0 ipmonitor: Add monitoring support for stats events
0f1fd40c ipstats: Add offload subgroup "l3_stats"
179030fa ipstats: Add offload subgroup "hw_stats_info"
af5e7955 ipstats: Add a group "offload", subgroup "cpu_hit"
0517a2fd ipstats: Add a group "link"
df0b2c6d ipstats: Add a shell of "show" command
82f6444f ipstats: Add a "set" command
54d82b06 ip: Add a new family of commands, "stats"
5520cf16 ip: Publish functions for stats formatting
a463d6b1 libnetlink: Add filtering to rtnl_statsdump_req_filter()
38ae12d3 devlink: introduce -[he]x cmdline option to allow dumping numbers in hex format
bba95837 Update kernel headers
f6559bea ip-link: put types on man page in alphabetic order
ee53174b ip/iplink_virt_wifi: add support for virt_wifi
Signed-off-by: Nick Hainke <vincent@systemli.org>
The ip-tiny size grows from 124k (5.17.0) to 128k (5.18.0).
The update introduces a commit "configure: add check_libtirpc()" that
introduces a check for libtirpc. However, if libtirpc is already in the
staging directory due to an other dependency the check yields that the
library is installed and should be used resulting in failures like:
Package ss is missing dependencies for the following libraries:
libtirpc.so.3
To fix it add a patch making libtirpc optional again and setting it
"HAVE_TIRPC=n":
- 155-keep_tirpc_optional.patch
Fix patches:
- 130-no_netem_tipc_dcb_man_vdpa.patch
Refresh patches:
- 140-keep_libmnl_optional.patch
- 150-keep_libcap_optional.patch
- 180-drop_FAILED_POLICY.patch
- 200-drop_libbsd_dependency.patch
Changes:
6474b7c8 v5.18.0
4429a6c9 tipc: fix keylen check
6b6979b9 iplink: remove GSO_MAX_SIZE definition
19c3e009 doc: fix 'infact' --> 'in fact' typo
ed706c78 man: fix some typos
03589beb man: devlink-region: fix typo in example
b84fc332 tc: em_u32: fix offset parsing
b6d17086 uapi: update of virtio_ids
17bf51b7 libbpf: Remove use of bpf_map_is_offload_neutral
fa305925 libbpf: Remove use of bpf_program__set_priv and bpf_program__priv
9e0057b4 libbpf: Use bpf_object__load instead of bpf_object__load_xattr
e81fd551 devlink: fix "devlink health dump" command without arg
6f3b5843 man: use quote instead of acute accent
42d351fa man: 'allow to' -> 'allow one to'
d8a7a0f4 uapi: upstream update to stddef.h
5b2ff061 uapi: update from 5.18-rc1
292509f9 ss: remove an implicit dependency on rpcinfo
1ee309a4 configure: add check_libtirpc()
41848100 ip/geneve: add support for IFLA_GENEVE_INNER_PROTO_INHERIT
28add137 f_flower: Implement gtp options support
b25599c5 ip: GTP support in ip link
e4880869 man: bridge: document per-port mcast_router settings
9e82e828 bridge: support for controlling mcast_router per port
f1d18e2e Update kernel headers
8130653d vdpa: Update man page with added support to configure max vq pair
56eb8bf4 vdpa: Support reading device features
16482fd4 vdpa: Support for configuring max VQ pairs for a device
bd91c764 vdpa: Allow for printing negotiated features of a device
2d1954c8 vdpa: Remove unsupported command line option
93fb6810 Makefile: move HAVE_MNL check to top-level Makefile
2dee2101 man: ip-link: whitespace fixes to odd line breaks mid sentence
609b90aa man: ip-link: mention bridge port's default mcast_flood state
b1c3ad84 man: ip-link: document new bcast_flood flag on bridge ports
c354a434 ip: iplink_bridge_slave: support for broadcast flooding
909f0d51 man: bridge: add missing closing " in bridge show mdb
3b681cf9 man: bridge: document new bcast_flood flag for bridge ports
a6c848eb bridge: support for controlling flooding of broadcast per port
8acb5247 ip/batadv: allow to specify RA when creating link
0431d8e8 Import batman_adv.h header from last kernel sync point
239bfd45 Revert "configure: Allow command line override of toolchain"
a93c90c7 tc: separate action print for filter and action dump
d9977eaf bpf: Remove use of bpf_create_map_xattr
ac4e0913 bpf: Export bpf syscall wrapper
873bb975 bpf_glue: Remove use of bpf_load_program from libbpf
5e17b715 ss: display advertised TCP receive window and out-of-order counter
712ec66e tc: bash-completion: Add profinet and ethercat to procotol completion list
75061b35 lib: add profinet and ethercat as link layer protocol names
0a685b98 man8/ip-link.8: add locked port feature description and cmd syntax
d4fe3673 man8/bridge.8: add locked port feature description and cmd syntax
092af16b ip: iplink_bridge_slave: add locked port flag support
0e51a185 bridge: link: add command to set port in locked mode
04a0077d Update kernel headers
386ae64c configure: Allow command line override of toolchain
bea92cb0 mptcp: add port support for setting flags
2dbc6c90 mptcp: add fullmesh support for setting flags
5fb6bda0 mptcp: add fullmesh check for adding address
9831202f bond: add ns_ip6_target option
e8fd4d4b devlink: Remove strtouint8_t in favor of get_u8
2688abf0 devlink: Remove strtouint16_t in favor of get_u16
95c03f40 devlink: Remove strtouint32_t in favor of get_u32
7cb0e24d devlink: Remove strtouint64_t in favor of get_u64
7848f6bb Update kernel headers
4f015972 f_flower: fix indentation for enc_key_id and u32
25a9c4fa tunnel: Fix missing space after local/remote print
ff14875e Update documentation
8908cb25 Add support for the IOAM insertion frequency
cd24451e Update kernel headers
e4ba36f7 iplink: add ip-link documentation
5d57e130 iplink: add gro_max_size attribute handling
721435dc tc: u32: add json support in `print_raw`, `print_ipv4`, `print_ipv6`
c733722b tc: u32: add support for json output
5f44590d tc/f_flower: fix indentation
9948b6cb tc_util: fix breakage from clang changes
f4cd4f12 tc: add skip_hw and skip_sw to control action offload
ba5ac984 json_print: suppress clang format warning
bf71c8f2 libbpf: fix clang warning about format non-literal
5632cf69 tunnel: fix clang warning
c0248878 tipc: fix clang warning about empty format string
371c13e8 can: fix clang warning
8d27eee5 ipl2tp: fix clang warning
560d2336 tc_util: fix clang warning in print_masked_type
b2450e46 flower: fix clang warnings
4e27d538 netem: fix clang warnings
9d5e29e6 utils: add format attribute
343c4f52 tc: add format attribute to tc_print_rate
Signed-off-by: Nick Hainke <vincent@systemli.org>
Remove backports:
- 0001-lib-fix-ax25.h-include-for-musl.patch
Changes:
4c424dfd v5.17.0
7846496b link_xfrm: if_id must be non zero
eed4bb1a testsuite: link xfrm delete no if_id test
ac0a54b2 rdma: make RES_PID and RES_KERN_NAME alternative to each other
885e281e uapi: update vdpa.h
19c0def1 ipaddress: remove 'label' compatibility with Linux-2.0 net aliases
1808f002 lib/fs: fix memory leak in get_task_name()
62c0700c uapi: update magic.h
c8d9d925 rdma: Fix the logic to print unsigned int.
a42dfaa4 Revert "rdma: Fix res_print_uint() and add res_print_u64()"
9d0badec rdma: Fix res_print_uint() and add res_print_u64()
86a1452b uapi: update to xfrm.h
09c6a3d2 bridge: Remove vlan listing from `bridge link`
e4fda259 bridge: Fix error string typo
cc143bda lnstat: fix strdup leak in -w argument parsing
90bbf861 iplink_can: print_usage: typo fix, add missing spaces
1b5c7414 dcb: Fix error reporting when accessing "dcb app"
a38d305d tc: fix duplicate fall-through
f8beda6e libnetlink: fix socket leak in rtnl_open_byproto()
7f70eb2a tc_util: Fix parsing action control with space and slash
29da83f8 iprule: Allow option dsfield in 'ip rule show'
07012a1f ss: use freecon() instead of free() when appropriate
03b4de0b man: Fix a typo in the flag documentation of ip address
924f6b4a dcb: app: Add missing "dcb app show dev X default-prio"
5c9571bc uapi: update kernel headers from 5.17-rc1
d542543b tc/action: print error to stderr
52370c61 mptcp: add id check for deleting address
c556f577 dcb: Rewrite array-formatting code to not cause warnings with Clang
0dc5da8e f_flower: fix checkpatch warnings
ffbcb246 netem: fix checkpatch warnings
8bced38a lib: fix ax25.h include for musl
e27bb8e5 uapi: add missing virtio headers
26ff0afa uapi: add missing rose and ax25 files
eb4206ec q_cake: allow changing to diffserv3
db530529 iplink_can: add ctrlmode_{supported,_static} to the "--details --json" output
ac2e9148 Update kernel headers
bb4cc9cc rdma: Don't allocate sparse array
b8767168 rdma: Limit copy data by the destination size
167e33f3 vdpa: Enable user to set mtu of the vdpa device
384938f9 vdpa: Enable user to set mac address of vdpa device
a311f0c4 vdpa: Enable user to query vdpa device config layout
9d8882d5 vdpa: Update kernel headers
5cb7ec0c Update kernel headers and import virtio_net
26113360 mptcp: add support for changing the backup flag
4b301b87 tc: Add support for ce_threshold_value/mask in fq_codel
99d09ee9 bond: add arp_missed_max option
432cb06b mptcp: add support for fullmesh flag
2d777dfe Update kernel headers
a21458fc vdpa: Remove duplicate vdpa UAPI header file
Signed-off-by: Nick Hainke <vincent@systemli.org>
This adds the new tc-bpf variant and removes libxtables dependency from
the tc-tiny variant. The tc-full variant stays like before and contains
everything.
This allows to use tc without libxtables.
The variants have the following sizes:
root@OpenWrt:/# ls -al /usr/libexec/tc-*
-rwxr-xr-x 1 root root 282453 Mar 1 21:55 /usr/libexec/tc-bpf
-rwxr-xr-x 1 root root 282533 Mar 1 21:55 /usr/libexec/tc-full
-rwxr-xr-x 1 root root 266037 Mar 1 21:55 /usr/libexec/tc-tiny
They are linking the following shared libraries:
root@OpenWrt:/# ldd /usr/libexec/tc-tiny
/lib/ld-musl-mips-sf.so.1 (0x77d6e000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d4a000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77d6e000)
root@OpenWrt:/# ldd /usr/libexec/tc-bpf
/lib/ld-musl-mips-sf.so.1 (0x77da6000)
libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77d60000)
libelf.so.1 => /usr/lib/libelf.so.1 (0x77d3e000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d1a000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77da6000)
libz.so.1 => /usr/lib/libz.so.1 (0x77cf6000)
root@OpenWrt:/# ldd /usr/libexec/tc-full
/lib/ld-musl-mips-sf.so.1 (0x77de8000)
libbpf.so.0 => /usr/lib/libbpf.so.0 (0x77da2000)
libelf.so.1 => /usr/lib/libelf.so.1 (0x77d80000)
libxtables.so.12 => /usr/lib/libxtables.so.12 (0x77d66000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77d42000)
libc.so => /lib/ld-musl-mips-sf.so.1 (0x77de8000)
libz.so.1 => /usr/lib/libz.so.1 (0x77d1e000)
This is based on a patch from Tiago Gaspar.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
armvirt/64 when compiled with ALL_KMODS=y reports following:
Package kmod-mdio-devres is missing dependencies for the following libraries:
of_mdio.ko
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fix:
Package kmod-mdio-devres is missing dependencies for the following libraries:
of_mdio.ko
Package kmod-of-mdio is missing dependencies for the following libraries:
fwnode_mdio.ko
Co-authored-by: breakings <breakingstop@gmail.com>
The curl developers found test case that crashed in their testing when
using zlib patched against CVE-2022-37434, same patch we've backported
in commit 7df6795d4c25 ("zlib: backport fix for heap-based buffer
over-read (CVE-2022-37434)"). So we need to backport following patch in
order to fix issue introduced in that previous CVE-2022-37434 fix.
References: https://github.com/curl/curl/issues/9271
Fixes: 7df6795d4c25 ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow
in inflate in inflate.c via a large gzip header extra field. NOTE: only
applications that call inflateGetHeader are affected. Some common
applications bundle the affected zlib source code but may be unable to
call inflateGetHeader.
Fixes: CVE-2022-37434
References: https://github.com/ivd38/zlib_overflow
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Changes:
a47d86d Up the release version to 2.65
fc99e56 Include more signatures in pgp.keys.asc.
52288cc Close out this comment in the go/Makefile
eb0f1df Prevent 'capsh --user=xxx --' from generating a bash error.
9a95791 Improve documentation for cap_get_pid and cap_reset_ambient.
21d08b0 Fix syntax error in DEBUG protected setcap.c code.
9425048 More useful captree usage string and man page.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes:
38cfa2e Up the release version to 2.64
7617af6 Avoid a deadlock in forked psx thread exit.
fc029cb Include LIBCAP_{MAJOR,MINOR} #define's in sys/capability.h
ceaa591 Clarify how the cap_get_pid() argument is interpreted.
15cacf2 Fix prctl return code/errno handling in libcap.
aae9374 Be explicit about CGO_ENABLED=1 for compare-cap build.
66a8a14 psx: free allocated memory at exit.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This fixes the libmnl build on macOS, which ships with an outdated bash
at /bin/bash. During the OpenWrt build, a modern host bash is built and
made available at staging_dir/host/bin/bash, which is present before
/bin/bash in the build's PATH.
This is similar to 8f7ce3aa6dda, presently appearing at
package/kernel/mac80211/patches/build/001-fix_build.patch.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
Apply upstream patch[1] to fix breakage around math libraries.
This can likely be removed when 5.5.0-stable is tagged and released.
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
1. https://github.com/wolfSSL/wolfssl/pull/5390
Signed-off-by: John Audia <therealgraysky@proton.me>
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.
The patch fixing x86 aesni build has been merged upstream.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Add driver for NVM Express block devices, ie. PCIe connected SSDs.
Targets which allow booting from NVMe (x86, maybe some mvebu boards come
to mind) should have it built-in, so rootfs can be mounted from there.
For targets without NVMe support in bootloader or BIOS/firmware it's
sufficient to provide the kernel module package.
On targets having the NVMe driver built-in the resulting kmod package
is an empty dummy. In any case, depending on or installing kmod-nvme
results in driver support being available (either because it was already
built-in or because the relevant kernel modules are added and loaded).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Disable the usage of target specific CPU crypto instructions by default
to allow the package being shared again. Since WolfSSL does not offer
a stable ABI or a long term support version suitable for OpenWrt release
timeframes, we're forced to frequently update it which is greatly
complicated by the package being nonshared.
People who want or need CPU crypto instruction support can enable it in
menuconfig while building custom images for the few platforms that support
them.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The armvirt target is also used to run OpenWrt in lxc on other targets
like a Raspberry Pi. If we set WOLFSSL_HAS_CPU_CRYPTO by default the
wolfssl binray is only working when the CPU supports the hardware crypto
extension.
Some targets like the Raspberry Pi do not support the ARM CPU crypto
extension, compile wolfssl without it by default. It is still possible
to activate it in custom builds.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Accessing the console on many devices is difficult.
netconsole eases debugging on devices that crash
after the network is up.
Reference to the netconsole documentation in upstream Linux:
<https://www.kernel.org/doc/html/latest/networking/netconsole.html>
|
|netconsole=[+][src-port]@[src-ip]/[<dev>],[tgt-port]@<tgt-ip>/[tgt-macaddr]
|
| where
| + if present, enable extended console support
| src-port source for UDP packets (defaults to 6665)
| src-ip source IP to use (interface address)
| dev network interface (eth0)
| tgt-port port for logging agent (6666)
| tgt-ip IP address for logging agent
| tgt-macaddr ethernet MAC address for logging agent (broadcast)
OpenWrt specific notes:
OpenWrt's device userspace scripts are attaching the network
interface (i.e. eth0) to a (virtual) bridge (br-lan) device.
This will cause netconsole to report:
|network logging stopped on interface eth0 as it is joining a master device
(and unfortunately the traffic/logs to stop at this point)
As a workaround, the netconsole module can be manually loaded
again after the bridge has been setup with:
insmod netconsole netconsole=@/br-lan,@192.168.1.x/MA:C...
One way of catching errors before the handoff, try to
append the /etc/modules.conf file with the following extra line:
options netconsole netconsole=@/eth0,@192.168.1.x/MA:C...
and install the kmod-netconsole (=y) into the base image.
Signed-off-by: Catalin Toda <catalinii@yahoo.com>
(Added commit message from PR, added links to documentation)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
moves and extends the current facilities, which have been
added some time ago for the the usbip utility, to support
more utilites that are shipped with the Linux kernel tree
to the SDK.
this allows to drop all the hand-waving and code for
failed previous attempts to mitigate the SDK build failures.
Fixes: bdaaf66e28bd ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.
The patch fixing x86 aesni build has been merged upstream.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
the legacy driver was dropped in linux 5.14-rc3:
commit d249ff28b1d8 ("intersil: remove obsolete prism54 wireless driver")
Quoting Lukas Bulwahn:
"p54 replaces prism54 so users should be unaffected."
Reported-by: Marius Dinu <m95d+git@psihoexpert.ro>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The spidev_test is build in phase2 even though it should be disabled.
My best guess is that we hit the same issue that I had with nu801.
The build-system thinks it's a tool that is necessary for
building the kernel.
In this case, the same fix (adding a dependency on the presence of
the module) could work in this case as well?
Fixes: bdaaf66e28bd ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
With this change you need have swig and libpython3-dev installed on
your host, which should be done already.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
The rk356x SoC does not have Rockchip miniloader at all.
However, it has following features (hope you can enjoy):
-- Support boot Android format image only
-- Support gpt/misc compulsory verification
-- Full-closed binary and uboot can't ntr it
This reverts commit 2c340abaf1.
Without this, WOLFSSL_HAS_DH can be disabled even if WOLFSSL_HAS_WPAS is
enabled, resulting in an "Anonymous suite requires DH" error when trying
to compile wolfssl.
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Pascal Ernster <git@hardfalcon.net>
Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
*) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation would not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
(CVE-2022-2097)
[Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
Signed-off-by: Dustin Lundquist <dustin@null-ptr.net>
Apply an upstream patch that removes unnecessary CFLAGs, avoiding
generation of incompatible code.
Commit 0bd536723303ccd178e289690d073740c928bb34 is reverted so the
accelerated version builds by default on x86_64.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Fixes: be0639063a70 ("kernel: bump 5.4 to 5.4.203")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* libnl: cleanup makefile
- Add PKG_LICENSE_FILES.
- Use SPDX.
Signed-off-by: Nick Hainke <vincent@systemli.org>
* libnl: update to 3.6.0
Remove upstreamed patch:
- 100-build-add-Libs.private-field-in-libnl-pkg-config-file.patch
cacaa5f libnl-3.6.0 release
855c02f route/mdb: merge branch 'troglobit:mdb-dump-fixes'
930fc11 route/mdb: add support for MAC multicast entries
2d68caf route/mdb: add missing detils and stats dump callbacks
d9ed99b nl-monitor: support for setting libnl debug level
4c41e0d nl-monitor: add missing --help to long_opts[]
7e96356 Check validation type against end of enum
4e153bc route/link: add VLAN bridge binding flag
b7256d3 github: build unit tests also with "clang"
8111933 route: assert that "rtnl_link_info_ops" refcount does not drop below zero
4f5c846 lib: merge branch 'th/object-clone-fixes'
d23fb81 lib: make nl_object_clone() out-of-memory safe
7f7452c route: fix ref counting for l_info_ops and io_clone()
620d024 route: drop unnecessary oo_clone() implementation from netconf
93a02eb netfilter: make log-msg,queue-msg setters robust against ENOMEM
23902d0 xfrm/sa: clone user_offload in xfrm_sa_clone()
29e5092 xfrm/sa: style cleanup xfrm_sa_clone()
14a9ebc utils: add internal _nl_memdup() helper
2e0d7f8 lib: add rtnl_link_info_ops_get() and take lock for rtnl_link_info_ops's io_refcnt
e884286 lib: include <netlink-private/utils.h> in <netlink-private/netlink.h>
7d43191 tests: merge branch 'th/tests-netns'
a7bbdab tests: add unit test for nl_object_clone() and nl_object_diff()
fdb0121 tests: add new "netns" test suite
9102872 tests: add fixture/teardown for tests to run in separate netns
9a42798 tests: cleanup creating test suites
1fc3e07 tests: refactor tests and add n-test-util helper library
7a3d6e2 netlink: add _NL_N_ELEMENTS() macro
3da4f7d netlink: add _nl_streq()/_nl_streq0() helper
1ad8555 netlink: add _nl_auto_nl_socket cleanup macro
c8a5729 lib: add _nl_close() helper
80868e6 clang-format: add ".clang-format" from linux kernel
2782ed3 github: build tests with "-std=gnu11"
af59b9a github: split tests in separate steps
c8f7902 build: add "check-progs" make target to build unit tests
23b4d33 route/cls: add TCA_FLOWER_KEY_VLAN_ETH_TYPE to "flower_policy" policy
1f8dc89 route/cls: return -NLE_INVAL in case rtnl_tc_data_peek() fails
ef5f3eb route/cls: merge branch 'westermo:cls-flower'
c385c84 route/cls: no need to copy simple fields in flower_clone()
79217d8 route/cls: make output pointers in rtnl_flower_get_{src,dst}_mac() optional
64e0836 route/cls: adjust whitspace/indentation
5ac9ce3 route/cls: use SPDX-License-Identifier
1a1c4e5 route/cls: reorder fields in "struct rtnl_flower" and adjust indentation
ef46de1 route/cls: add flower classifier
f0aad20 route: merge branch 'pugo:master'
d0cfecc route: make argument of rtnl_link_can_set_{bittiming,data_bittiming}() const
6a92268 route: add rtnl_link_can_set_data_bittiming_const()
841553b route: drop bitrate,sample-point getters/setters from can link
37998f7 route: rename rtnl_link_can_get_data_bt_const() to rtnl_link_can_get_data_bittiming_const()
96d3a6b route: fix adding rtnl_link_can_* symbols to symbol file
881e329 route: fix indentation
37c10ef route/link: add CAN FD support
d56bf73 route/mdb: merge branch 'rubensfig:mdb'
e0b2406 route/mdb: drop setting ifindex in mdb_clone()
d78a6eb route/mdb: minor cleanup in "mdb.c"
57a6d51 route/mdb: drop extra MDB attributes and rework mdb_compare()
0b44562 route/mdb: hide rtnl_mdb_entry_alloc() from public API
1c65ff7 route/mdb: reorder fields in "rtnl_mdb_entry" for tighther packing
1ac5403 route/mdb: use nl_list_for_each_entry_safe() for destroying list in mdb_free_data()
92035e2 route/mdb: cleanup mdb.h header
6237621 build: sort file names in Makefile.am
0ec6c6c mdb: support bridge multicast database notification
c980034 route/cls: merge branch 'westermo:classifier-api-extension'
a694c33 route/cls: rename rtnl_cls_get{,_by_prio}() API to rtnl_cls_find_by{handle,prio}()
88a5138 route/cls: allow fetching of classifiers from cache
90577b5 route: merge branch 'TummyFish:master'
299f61a license: use SPDX license identifiers and drop license comments
05a540d ip6vti: Add fwmark API
41e4365 ip6gre: Add fwmark API
ebc7df3 sit: Add fwmark API
8e1da8e ipip: Add fwmark API
bda19be ip6_tnl: Add fwmark API
cdc6c0f ipvti: Add fwmark API
2995710 ipgre: Add fwmark API
d9dc6c2 ip6vti: Add IPv6 VTI support
be86170 license: use SPDX license identifiers and drop license comments
919d9c6 route: merge branch 'westermo:fib-lookup'
1ff9b38 route/route: don't report failure when we receive a route in rtnl_route_lookup()
53bc27e route/route: support FIB lookups using rtnl
ed76b9a build: sort files in Makefile.am
46b22c1 route/link: merge branch 'westermo:team-support'
586a6b6 build: fix new symbols in "libnl-route-3.sym"
831f125 route/link: add support for team device
6c59580 route/link: Move LINK_ATTR_IFNAME to a proper location
f77cd25 route/netconf: full API export
f59f443 build: add Libs.private field in libnl pkg-config file
b3333e0 route/qdisc: allow fetching qdiscs by their kind
9a39188 netlink: merge branch 'michael-dev:feature/nflog-vlan-v3'
a93fc5f nflog: add recent missing symbols to "libnl-nf-3.sym"
7b4df53 nflog: add missing symbols to "libnl-nf-3.sym"
8266436 nflog:add conntrack flag and enable flags for nflog
246904d nflog: add CT support
59fc1d7 nflog: add mac_header support
c268c48 nflog: add vlan attribute
2548468 refresh linux/netfilter/nfnetlink_log.h with linux 5.4
4edffbd route/link: Add IPv6 GRE support
5d69587 route: add global sectin in "libnl-route-3.sym"
d0cf3a9 neigh: support to add fdb entry
3bf0a9c cls:u32: fix u32_clone() function
3147d86 route:tc: fix rtnl_tc_clone() calling to_clone() and add comment
c027e54 route:cls: fix dangling pointers in to_clone() implementations
47c04fb route:act: drop unnecessary implementations for to_clone()
79f7c9d tests: add test for cloning cls:u32 object
b1caff8 github: run unit tests under valgrind
38b3be3 tests: cleanup tests and avoid leaks
c2b94b9 lib: add more _nl_auto* cleanup macros
1f05e5a tests: replace libcheck's fail_if() macro by ck_assert*()
6341d89 log: fix typo in dumping msg
bfee88b route: fix memory leak of l_info_ops in link_msg_parser()
431ba83 route: merge branch 'qbdwlr:mplsPR'
cc680d4 route: add accessors for setting/getting ENCAP_MPLS attributes
efe8aad route: remove incorrect nl_addr_valid() from rtnl_route_nh_set_newdst(), etc.
0688bc6 netfilter/ct: fix use of reply/orig for conntrack requests
5d92516 route: don't use internal bit mask constants in NLA_PUT in can_put_attrs()
6fe9418 lib: fix descriptions for nl_cache_pickup()/nl_cache_pickup_checkdup()
d0d91c7 route: merge branch 't0mmmy90:check-if-nh-exists-while-updating-ipv6-multipath-route'
28a652b route: fix duplicate check for next hop for IPv6 multipath routes
03bfd2f route: check if nh exists while updating route
92c9237 ci: add github-actions
3d1fb00 tests/check-addr: replace deprecated fail_if() macro from libcheck with ck_assert_msg()
d9cad53 xfrm: fix naming consistency in xfrmnl_sp_get_curlifetime()
c0e82db cli: Add C++ linkage support
000a3bd yyerror: update to POSIX standard
f865a99 xfrm: merge branch 'spellingmistake:master'
0306ae2 xfrm: fix libnl-xfrm-3.sym linker versioning
8950194 xfrm: ensure minlen in policy for XFRMA_OFFLOAD_DEV
c8f33a4 xfrm: Add support for xfrm user offloading
b6cc13d Supporting Hardware offload capability for MACsec
39944c6 route/link: check calloc() return value
12cc0aa zero stack allocated memory in xfrmnl_build_sa_delete_request
5f39502 merge branch 'bengal/coverity'
26f342d route/qdisc: handle error of calloc()
d1a151e route/qdisc: fix memory leak in netem.c
aa092d1 route/link: fix copy-paste error in geneve.c
30552e8 route/cls: fix cgroup's clone() function
764c30a route: let route/link join RTNLGRP_IPV6_IFINFO mcast group
b24e833 doc: update link to mscgen-filter
0b5d17d addr: merge branch 'lcrestez-dn:dadfailed'
30924e7 tests: Add test for rtnl_addr_flags2str
5c05c75 addr: Add address flag `dadfailed`
2abeec8 xfrm: remove superfluous xfrm_userpolicy_id from dump request
5611487 lib/trivial: whitespace
ab015e1 lib: merge branch 'th/object-identical-fix'
36b0894 lib: allow to compare incomplete objects in nl_object_identical()
5020077 lib: let nl_object_identical() declare the same object as identical
406ebc8 lib: fix using right compare mask in nl_object_diff64()
8637c70 lib/trivial fix indentation
4be6062 route/link: avoid cloning link policy in link_msg_parser()
ba3c51c route/link: fix link_msg_parser() for using the af_ops of the link family
f9d0181 lib: use proper int type for id attributes in nl_object_identical()
68b3431 lib: fix documentation of nl_cache_dump_filter to have @params optional
2375cde lib: fix spelling errors in "netlink/handlers.h"
3faf26c gitignore: fix ignoring check-direct build artifacts
47fb1c0 xfrm: remove superfluous xfrm_usersa_id from dump request
846d288 travis: install "check" in travis
d64a0ec route: convert non-leading tabs to spaces in "include/netlink/route/link.h"
aaefd92 route: add test for valid content of map_stat_id_from_IPSTATS_MIB_v2 array
bab9e77 route/link: add RTNL_LINK_REASM_OVERLAPS stat
bae11ec tests: add "check-direct" test
2d50b04 route: add "netlink-private/route/utils.h" header
9a52b3d gitignore: merge all gitignore files in top level directory
4c5f2d6 merge branch 'th/license-comment-cleanup'
2d3e690 license: update "doc/COPYING" license text
1389188 license: add SPDX license identifer to "configure.ac" files
503aa5e license: fix and add SPDX license identifiers and drop license comments
4333aef license: cleanup copyright comments
956635b license: fix SPDX license identifier for nl-auto.h
5614b4c lib: merge branch 'th/cleanup-errout'
17e09aa rtnl/route: use cleanup attribute in "lib/route/link.c"
b50be8f rtnl/route: use cleanup attribute in "lib/route/route_obj.c"
fca338b rtnl/route: fix NLE_NOMEM handling in parse_multipath()
2957d8f rtnl/link: fix leaking rtnl_link_af_ops in link_msg_parser()
77b4f68 rtnl/route: only consider negative error codes as error
6870ece lib: cleanup nla_parse() to return early on error
a858a0b lib: use _nl_strncpy*() instead of plain strncpy()
018c694 lib: cleanup _nl_strncpy_assert()
e97b990 lib: rename _nl_strncpy() to _nl_strncpy_assert()
5ffbc6f lib: add _NL_RETURN_*() helper macros
abb7391 lib: add "include/netlink-private/nl-auto.h" header
ecd15bc lib: add _nl_assert_not_reached()
9cc38dc lib/route: adjust coding style
01ea9a6 route/link: Check for null pointer in macvlan
Signed-off-by: Nick Hainke <vincent@systemli.org>
Co-authored-by: Nick Hainke <vincent@systemli.org>
This enables building WolfSSL with Curve448, which can be used by
Strongswan. This has been tested on a Linksys E8450, running OpenWrt
22.03-rc4.
This allows parity with OpenSSL, which already supports Curve448 in
OpenWrt 21.02.
Fixesopenwrt/packages#18812.
Signed-off-by: Joel Low <joel@joelsplace.sg>
Co-authored-by: Joel Low <joel@joelsplace.sg>
c07f45927839 firmware: update mt7622 firmware to version 20220630
af406a2d1c36 mt76: do not use skb_set_queue_mapping for internal purposes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
WolfSSL is crashing with an illegal opcode in some x86_64 CPUs that have
AES instructions but lack other extensions that are used by WolfSSL
when AES-NI is enabled.
Disable the option by default for now until the issue is properly fixed.
People can enable them in a custom build if they are sure it will work
for them.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
9eabf30 Release version 5.18.
2b3ddcb ethtool: fec: Change the prompt string to adapt to current situations
d660dde pretty: add missing message descriptions for rings
aaeb16a pretty: support u8 enumerated types
6b320b8 rings: add support to set/get cqe size
41fddc0 update UAPI header copies
42e6c28 help: fix alignment of rx-buf-len parameter
e1d0a19 ethtool.8: Fix typo in man page
37f0586 Release version 5.17.
8c2984c strset: do not put a pointer to a local variable to nlctx
8fd02a2 ioctl: add the memory free operation after send_ioctl call fails
b9f25ea ethtool: Add support for OSFP transceiver modules
6e79542 features: add --json support
5ed5ce5 Merge branch 'next' into master
b90abbb man: document recently added parameters
51a9312 tunables: add support to get/set tx copybreak buf size
a081c2a rings: add support to set/get rx buf len
d699bab Merge branch 'master' into next
52db6b9 Merge branch 'review/module-extstate' into next
6407b52 monitor: add option for --show-module/--set-module
1f35786 ethtool: Add transceiver module extended state
2d4c5b7 ethtool: Add ability to control transceiver modules' power mode
005908b Update UAPI header copies
Signed-off-by: Nick Hainke <vincent@systemli.org>
Co-authored-by: Nick Hainke <vincent@systemli.org>
1696f9eb8b40 mt76: mt7915: do not copy ieee80211_ops pointer in mt7915_mmio_probe
a4db5869d660 mt76: mt7915: update mpdu density in 6g capability
500c18014d95 mt76: mt7915: add sta_rec with EXTRA_INFO_NEW for the first time only
3ef66fc7c714 mt76: do not check the ccmp pn for ONLY_MONITOR frame
dd682eead016 mt76: mt7915: update the maximum size of beacon offload
4fb991f2c997 mt76: mt7615: add sta_rec with EXTRA_INFO_NEW for the first time only
ba39ed3b44f1 mt76: mt76x02: improve reliability of the beacon hang check
fd8211cf7c59 mt76: mt7921: sync with updated patch
f2edd340ddb4 mt76: allow receiving frames with invalid CCMP PN via monitor interfaces
b6e865e2cc70 mt76: mt7615: fix throughput regression on DFS channels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Major changes are:
Add support for smbd-direct multi-desctriptor.
Add support for dkms.
Add support for key exchange.
Fix seveal bugs.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Co-authored-by: Rosen Penev <rosenp@gmail.com>
4554ee652caf mt76: mt7921: fix warning Using plain integer as NULL pointer
a3f1d6ccf3ca mt76: mt7921: add missing bh-disable around rx napi schedule
9aeca2a5ce47 mt76: mt7921: get rid of mt7921_mcu_exit
fee8a5911c76 mt76: connac: move shared fw structures in connac module
db4d784ae7ba mt76: mt7921: move fw toggle in mt7921_load_firmware
16ab6bf49556 mt76: connac: move mt76_connac2_load_ram in connac module
29fd748801c6 mt76: connac: move mt76_connac2_load_patch in connac module
051c68d18214 mt76: mt7663: rely on mt76_connac2_fw_trailer
d6ae3505ac6c mt76: enable the VHT extended NSS BW feature
488a5ccc9762 mt76: mt7921: rely on mt76_dev in mt7921_mac_write_txwi signature
934029bb93e2 mt76: mt7915: rely on mt76_dev in mt7915_mac_write_txwi signature
ecefae4c7d72 mt76: connac: move mac connac2 defs in mt76_connac2_mac.h
b5eecc841df8 mt76: connac: move connac2_mac_write_txwi in mt76_connac module
012e619a07b9 mt76: connac: move mt76_connac2_mac_add_txs_skb in connac module
1b492be795ea mt76: mt7921: not support beacon offload disable command
f1f46d3b4b19 mt76: mt7921: fix command timeout in AP stop period
cae61112ef1d mt76: connac: move HE radiotap parsing in connac module
487674062643 mt76: connac: move mt76_connac2_reverse_frag0_hdr_trans in mt76-connac module
649bdc4983c4 mt76: connac: move mt76_connac2_mac_fill_rx_rate in connac module
cb75aaa39252 mt76: mt7921s: remove unnecessary goto in mt7921s_mcu_drv_pmctrl
e0eaf66eaebb mt76: mt7615: do not update pm stats in case of error
f8d125b4ea30 mt76: mt7921: do not update pm states in case of error
6329a834907e mt76: mt7921s: fix possible sdio deadlock in command fail
8a04f1b04662 mt76: mt7921: fix aggregation subframes setting to HE max
e52283439094 mt76: mt7915: disable UL MU-MIMO for mt7915
fd3958970e3d mt76: mt7921: enlarge maximum VHT MPDU length to 11454
18df38fe77f7 mt76: mt7915: get rid of unnecessary new line in mt7915_mac_write_txwi
149e95f5d7a6 mt76: connac: move mt76_connac_fw_txp in common module
899d192e8a79 mt76: move mt7615_txp_ptr in mt76_connac module
7184f0a6f6a5 mt76: connac: move mt76_connac_tx_free in shared code
c42d45278fa5 mt76: connac: move mt76_connac_tx_complete_skb in shared code
0993f4ef96f8 mt76: connac: move mt76_connac_write_hw_txp in shared code
467960fab791 mt76: connac: move mt7615_txp_skb_unmap in common code
2e758064b085 mt76: mt7915: rely on mt76_connac_tx_free
2065a7901671 mt76: move mcu_txd/mcu_rxd structures in shared code
576c1b7c472b mt76: move mt76_connac2_mcu_fill_message in mt76_connac module
7275f7758090 mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
* wolfssl: don't change ABI because of hw crypto
Enabling different hardware crypto acceleration should not change the
library ABI. Add them to PKG_CONFIG_DEPENDS after the ABI version hash
has been computed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: add benchmark utility
This packages the wolfssl benchmark utility.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: enable CPU crypto instructions
This enables AES & SHA CPU instructions for compatible armv8, and x86_64
architectures. Add this to the hardware acceleration choice, since they
can't be enabled at the same time.
The package was marked non-shared, since the arm CPUs may or may not
have crypto extensions enabled based on licensing; bcm27xx does not
enable them. There is no run-time detection of this for arm.
NOTE:
Should this be backported to a release branch, it must be done shortly
before a new minor release, because the change to nonshared will remove
libwolfssl from the shared packages, but the nonshared are only built in
a subsequent release!
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* wolfssl: set nonshared flag global
libwolfssl-benchmark should NOT be compiled as nonshared but
currently there is a bug where, on buildbot stage2, the package
is recompiled to build libwolfssl-benchmark and the dependency
change to the new libwolfssl version.
Each dependant package will now depend on the new wolfssl package
instead of the one previously on stage1 that has a different package
HASH.
Set the nonshared PKGFLAGS global while this gets investigated
and eventually fixed.
Fixes: 0a2edc2714dc ("wolfssl: enable CPU crypto instructions")
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* Revert "wolfssl: set nonshared flag global"
This reverts commit e0cc5b9b3ae65113f0e0dd9249dae4776b65c503.
A better and correct solution was found.
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
* wolfssl: make WOLFSSL_HAS_OPENVPN default to y
Openvpn forces CONFIG_WOLFSSL_HAS_OPENVPN=y. When the phase1 bots build
the now non-shared package, openvpn will not be selected, and WolfSSL
will be built without it. Then phase2 bots have CONFIG_ALL=y, which
will select openvpn and force CONFIG_WOLFSSL_HAS_OPENVPN=y. This
changes the version hash, causing dependency failures, as shared
packages expect the phase2 hash.
Fixes: #9738
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Delete the crypto-lib-blake2s kmod package, as BLAKE2s is now built-in.
Patches automatically rebased.
Build system: x86_64
Build-tested: ipq806x/R7800, x86/64
Signed-off-by: John Audia <therealgraysky@proton.me>
* ucode: update to latest Git HEAD
e14b099 syntax: implement support for ES6 template literals
111cf06 vm: stop executing bytecode on return of nested calls
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucode: fix PKG_MIRROR_HASH
Fixes: 0400774a10 ("ucode: update to latest Git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucode: reorder BuildPackage calls
Ensure that the libucode recipe is processed before the ucode one in
order to reliably encode the ABI version into ucode's libucode dependency.
Fixes: #9788
Ref: https://forum.openwrt.org/t/fw4-wont-start-after-upgrade/126308
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucode: update to latest Git HEAD
081871e compiler: fix segmentation fault on compiling unexpected unary expressions
090b426 fs: avoid input buffering with small limits in fs.readfile()
8da140f lib: introduce hexenc() and hexdec()
9a72423 Update README.md
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Co-authored-by: Jo-Philipp Wich <jo@mein.io>
This is mostly a bug fix release, including two that were already
patched here:
- 300-fix-SSL_get_verify_result-regression.patch
- 400-wolfcrypt-src-port-devcrypto-devcrypto_aes.c-remove-.patch
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This release comes with a security fix related to c_rehash. OpenWrt
does not ship or use it, so it was not affected by the bug.
There is a fix for a possible crash in ERR_load_strings() when
configured with no-err, which OpenWrt does by default.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
- Binary files were renamed to cyfmac from brcmfmac, but the files needs
to be on the router with the previous naming
[ 6.656165] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
[ 6.665182] brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.bin failed with error -2
[ 6.674928] brcmfmac mmc1:0001:1: Falling back to sysfs fallback for: brcm/brcmfmac43455-sdio.bin
- Cypress were acquired by Infineon Technologies
Thus change the project URL and switch to download files from their
GitHub repository. This is much better than the previous solution, which
requires finding new threads on their community forum about new driver
updates, and it will be necessary to change the URL each time.
Unfortunately, it seems that there is not published changelog, but
according to this forum thread [1], be careful by opening the link from
solution since it contains ending bracket ), it brings fixes for various
security vulnerabilities, which were fixed in 7_45_234.
Fixes:
- FragAttacks
- Kr00k
Also add LICENSE file
Run tested on Seeedstudio router powered by Raspberry Pi 4 CM with
package cypress-firmware-43455-sdio.
Before:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[ 6.895050] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Mar 23 2020 02:20:01 version 7.45.206 (r725000 CY) FWID 01-febaba43
After:
root@OpenWrt:~# dmesg | grep 'Firmware: BCM4345/6'
[ 6.829805] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Apr 15 2021 03:03:20 version 7.45.234 (4ca95bb CY) FWID 01-996384e2
[1] https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/Outdated-brcmfmac-firmware-for-Raspberry-Pi-4-in-OpenWrt-21-02-1/m-p/331593#M2269
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
update rtl8812au-ct driver to be ready for 5.15 Linux.
Signed-off-by: Janpieter Sollie <janpieter.sollie@edpnet.be>
[added commit message from PR with changes, added tag to subject]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* fix mtk mt7603e and mt7615d driver build error for kernel version >= 5.15
no longer do get_fs and set_fs when build for kernel >= 5.15 for mt7603e and mt7615d driver.
for new kernels, get_fs and set_fs is removed from kernel source,
in mt7603e and mt7615d driver, kernel_write and kernel_read is used for newer kernel versions,
and the two functions do not need get_fs and set_fs trick, so we can remove them safely.
* use "help" instead of "---help---" in mt7603e Kconfig
* busybox: fix busybox lock applet pidstr buffer overflow
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.
Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
* busybox: Fix snprintf arguments in lock
The first argument for snprintf is the buffer and the 2. one is the
size. Fix the order. This broke the lock application.
Fixes: 34567750db2c ("busybox: fix busybox lock applet pidstr buffer overflow")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Qichao Zhang <njuzhangqichao@gmail.com>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes:
c63f193 bump version to 1.0.2
3cffa84 libnfnetlink: Check getsockname() return code
90ba679 include: Silence gcc warning in linux_list.h
bb4f6c8 Make it clear that this library is deprecated
e46569c Minimally resurrect doxygen documentation
5087de4 libnfnetlink: hide private symbols
62ca426 autogen: don't convert __u16 to u_int16_t
efa1d8e src: Use stdint types everywhere
7a1a07c include: Sync with kernel headers
7633f0c libnfnetlink: initialize attribute padding to resolve valgrind warnings
94b68f3 configure: uclinux is also linux
617fe82 src: get source code license header in sync with current licensing terms
97a3960 build: resolve automake-1.12 warnings
Removed the patch 100-missing_include.patch, libnfnetlink compiles fine
with musl without this patch.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Co-authored-by: Nick Hainke <vincent@systemli.org>
Changes:
Duncan Roe (5):
nlmsg: Fix a missing doxygen section trailer
build: doc: "make" builds & installs a full set of man pages
build: doc: get rid of the need for manual updating of Makefile
build: If doxygen is not available, be sure to report "doxygen: no" to ./configure
src: doc: Fix messed-up Netlink message batch diagram
Fernando Fernandez Mancera (1):
src: fix doxygen function documentation
Florian Westphal (1):
libmnl: zero attribute padding
Guillaume Nault (1):
callback: mark cb_ctl_array 'const' in mnl_cb_run2()
Kylie McClain (1):
examples: nfct-daemon: Fix test building on musl libc
Laura Garcia Liebana (4):
examples: add arp cache dump example
examples: fix neigh max attributes
examples: fix print line format
examples: reduce LOCs during neigh attributes validation
Pablo Neira Ayuso (3):
doxygen: remove EXPORT_SYMBOL from the output
include: add MNL_SOCKET_DUMP_SIZE definition
build: libmnl 1.0.5 release
Petr Vorel (1):
examples: Add rtnl-addr-add.c
Stephen Hemminger (1):
examples: rtnl-addr-dump: fix typo
igo95862 (1):
doxygen: Fixed link to the git source tree on the website.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Co-authored-by: Nick Hainke <vincent@systemli.org>
Fixes two high-severity vulnerabilities:
- CVE-2022-25640: A TLS v1.3 server who requires mutual authentication
can be bypassed. If a malicious client does not send the
certificate_verify message a client can connect without presenting a
certificate even if the server requires one.
- CVE-2022-25638: A TLS v1.3 client attempting to authenticate a TLS
v1.3 server can have its certificate heck bypassed. If the sig_algo in
the certificate_verify message is different than the certificate
message checking may be bypassed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
33f1e0b treewide: move json-c compat shims into internal header file
e0e9431 vm: move unhandled exception reporting out of `uc_vm_execute_chunk()`
2b59140 vm: fix callframe double free on unhanded exceptions
7d7e950 main: abort when failing to load a preload library
1032a67 lib: let `json()` accept input objects implementing `read()` method
5ee68d5 fs: implement `fs.readfile()` and `fs.writefile()`
df6b861 ci: debian: change path before attempting to invoke Git operations
dfaf05a ci: debian: automatically update changelog from Git tag
34f3c45 ci: fix YAML syntax of Debian workflow
e956bcf fs: fix off-by-one in fs.dirname() function
6fc4b6c .gitignore: fix overmatching patterns, blacklist cram .venv
7c2e082 build: remove legacy json-c check
77942af build: add polyfills for older libjson-c versions
0b4aaa3 CI: build Debian package
f404285 debian: Add package definition
a37f654 types: fix escape sequence encoding of high byte values in JSON strings
aae5312 Update README.md
8134e25 build: fix symlink install target
87c7296 treewide: replace some leftover "utpl" occurrences, update .gitignore
7d27ad5 build: only stage ucc symlink if compile support is enabled
171402f lib: add date and time related functions
8b5dc60 lib: provide API function to obtain stdlib function implementations
eb0d2f1 main: turn ucode into multicall executable
28ee7e1 uloop: add support for tasks
753dea9 CI: build on macOS
668c5c0 lib: add argument position support (`%m$`) to `sprintf()` and `printf()`
ab46fdf treewide: remove legacy json-c include directives
b8f49b1 tests: 21_regex_literals: generalize syntax error test case
fd2e5e7 tests: 16_sort: fix logic flaw exposed on OS X
2c71bf2 tests: run_tests.sh: pass dummy value to `-T` flag
55c4a90 lib: disallow zero padding for %s formats
0d05cb5 tests: run_tests.sh: use greadlink if available
271e520 resolv: make OS X compatible
d13c320 fs: avoid Linux specific sys/sysmacros.h include on OS X
33397a3 uloop: use execvp() on OS X
bafdc8f lib: add naive sigtimedwait() stub for OS X
ada1585 build: consolidate CMakeLists.txt and cover OS X deviations
befbb69 include: add OS X compatible endian.h header
49838a8 include: rename include guards to avoid clashes with system headers
91f65de nl80211: add missing attributes and correct some attribute flags
b4a1fd5 lib: adjust require(), render() and include() raw mode semantics
4618807 main: rework CLI frontend
73dcd78 lib: fix potential integer underflow on empty render output
c402551 vm: fix crash on object literals with non-string computed properties
efe8a02 syntax: support add new operators
078d686 ubus: add event support
6c66c83 ubus: refactor error and argument handling
1cb04f9 ubus: add object publishing, notify and subscribe support
0e85974 uloop: clear errno before integer conversion attempts
05bd7ed types: treat resource type prototypes as GC roots
a2a26ca lib: introduce uloop binding
6b6d01f vm: release this context on exception in managed method call
1af23a9 tests: fix proto() testcase
4ce69a8 fs: implement access(), mkstemp(), file.flush() and proc.flush()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Co-authored-by: Jo-Philipp Wich <jo@mein.io>
This package uses BPF to create a fast path which improves bridging performance
by bypassing the bridge layer. It also supports creating tc offload rules for
hardware that supports it.
Hardware offload support can be used with MT7622 + MT7915 once it is merged
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The PKG_LICENSE field was missing.
While at it, normalize the Makefile a bit.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Co-authored-by: Paul Spooren <mail@aparcar.org>
This adds the pending support for the BSS color collision handling.
This way drivers that implement CCA can on the fly change the BSS color
ID once a collision is detected.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Co-authored-by: Robert Marko <robimarko@gmail.com>
Using BSS coloring is one way of improving performance on 802.11ax
radios, currently its only enabled by users adding he_bss_color to their
wireless UCI config.
This made sense as one could easily get BSS color collision as BSS color
range is 1-63.
Hostapd now has a way of dealing with BSS color collisions so we can just
assign a integer in the 1-63 range randomly if one is not set by users.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Co-authored-by: Robert Marko <robimarko@gmail.com>
Kernel setting `/proc/sys/kernel/pid_max` can be set up to 4194304 (7
digits) which will cause buffer overflow in busbox lock patch, this
often happens when running in a rootfs container environment.
This commit enlarges `pidstr` to 12 bytes to ensure a sufficient buffer
for pid number and an additional char '\n'.
Signed-off-by: Qichao Zhang <njuzhangqichao@gmail.com>
Co-authored-by: Qichao Zhang <njuzhangqichao@gmail.com>
Revert a commit to allow providing CFLAGS and LIBS from OpenWrt package
Makefile.
This downgrades the nl80211.h to kernel 5.15 and removes
FILS_CRYPTO_OFFLOAD. This is needed to make it compatible
with our patched mac80211 from kernel 5.15
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
engine.mk is supposed to be included by engine packages, but it will not
be present in the SDK in the same place as in the main repository.
Move it to include/openssl-engine.mk to avoid this.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* ncurses: add tmux terminfo
They're preferred terminal descriptions for tmux, with additional support to
some special characters and italic fonts. More info can be found at:
https://github.com/tmux/tmux/wiki/FAQ
Fixes: FS#3404
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
* ncurses: update to 6.3
release notes: https://invisible-island.net/ncurses/announce-6.3.html
Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
Co-authored-by: Jitao Lu <dianlujitao@gmail.com>
Co-authored-by: Huangbin Zhan <zhanhb88@gmail.com>
This is a bugfix release. Changelog:
*) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
forever for non-prime moduli. (CVE-2022-0778)
*) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK
(RFC 5489) to the list of ciphersuites providing Perfect Forward
Secrecy as required by SECLEVEL >= 3.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Add option to compile kmod-inet-diag, support for INET (TCP, DCCP, etc)
socket monitoring interface used by native Linux tools such as ss.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* uboot-rockchip: Fix doornet1dts
The dts refers to the official website uboot startup parameters
`arch/arm/mach-rockchip/rk3328/rk3328.c`---Fix boot order parameters,It is helpful for other devices to start emmc and sd normally
* Update 104-rockchip-rk3328-Add-support-for-EmbedFire-DoorNet1.patch
Update to the latest upstream version. In this version there is a new
tool with which you can convert ipsets into nftables sets. Since we are
now using nftables as default firewall, this could be a useful tool for
porting ipsets to nftables sets.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
我只是执行者,有问题请找 “Redmi ax6 机友会”(522966467)里面的群主
和陈超(269806631)等狗管理和伪君子反馈。
I'm just an executor. If you have any questions, please contact the
group owner and Chen Chao (269806631) management and hypocrites in
the "Redmi ax6 Friends Club" (522966467) for feedback.
私はただの遺言執行者です。ご不明な点がございましたら、グループのオ
ーナーである Chen Chao(269806631)や、「Redmi ax6 Friends Club」
(522966467)の他のマネージャーや偽善者にお問い合わせください。
Unanimous approval from the entire development team.
Ref: https://t.me/chenchao_rip/4
Cc: lean <coolsnowwolf@gmail.com>
Cc: asushugo <429632952@163.com>
CC: CN_SZTL <cnsztl@immortalwrt.org>
Cc: AmadeusGhost <amadeus@immortalwrt.org>
