Add option to compile kmod-inet-diag, support for INET (TCP, DCCP, etc)
socket monitoring interface used by native Linux tools such as ss.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* uboot-rockchip: Fix doornet1dts
The dts refers to the official website uboot startup parameters
`arch/arm/mach-rockchip/rk3328/rk3328.c`---Fix boot order parameters,It is helpful for other devices to start emmc and sd normally
* Update 104-rockchip-rk3328-Add-support-for-EmbedFire-DoorNet1.patch
Update to the latest upstream version. In this version there is a new
tool with which you can convert ipsets into nftables sets. Since we are
now using nftables as default firewall, this could be a useful tool for
porting ipsets to nftables sets.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
我只是执行者,有问题请找 “Redmi ax6 机友会”(522966467)里面的群主
和陈超(269806631)等狗管理和伪君子反馈。
I'm just an executor. If you have any questions, please contact the
group owner and Chen Chao (269806631) management and hypocrites in
the "Redmi ax6 Friends Club" (522966467) for feedback.
私はただの遺言執行者です。ご不明な点がございましたら、グループのオ
ーナーである Chen Chao(269806631)や、「Redmi ax6 Friends Club」
(522966467)の他のマネージャーや偽善者にお問い合わせください。
Unanimous approval from the entire development team.
Ref: https://t.me/chenchao_rip/4
Cc: lean <coolsnowwolf@gmail.com>
Cc: asushugo <429632952@163.com>
CC: CN_SZTL <cnsztl@immortalwrt.org>
Cc: AmadeusGhost <amadeus@immortalwrt.org>
Debians' changelog by Henrique de Moraes Holschuh <hmh@debian.org>:
* upstream changelog: new upstream datafile 20220207
* Mitigates (*only* when loaded from UEFI firmware through the FIT)
CVE-2021-0146, INTEL-SA-00528: VT-d privilege escalation through
debug port, on Pentium, Celeron and Atom processors with signatures
0x506c9, 0x506ca, 0x506f1, 0x706a1, 0x706a8
https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/57#issuecomment-1036363145
* Mitigates CVE-2021-0127, INTEL-SA-00532: an unexpected code breakpoint
may cause a system hang, on many processors.
* Mitigates CVE-2021-0145, INTEL-SA-00561: information disclosure due
to improper sanitization of shared resources (fast-store forward
predictor), on many processors.
* Mitigates CVE-2021-33120, INTEL-SA-00589: out-of-bounds read on some
Atom Processors may allow information disclosure or denial of service
via network access.
* Fixes critical errata (functional issues) on many processors
* Adds a MSR switch to enable RAPL filtering (default off, once enabled
it can only be disabled by poweroff or reboot). Useful to protect
SGX and other threads from side-channel info leak. Improves the
mitigation for CVE-2020-8694, CVE-2020-8695, INTEL-SA-00389 on many
processors.
* Disables TSX in more processor models.
* Fixes issue with WBINDV on multi-socket (server) systems which could
cause resets and unpredictable system behavior.
* Adds a MSR switch to 10th and 11th-gen (Ice Lake, Tiger Lake, Rocket
Lake) processors, to control a fix for (hopefully rare) unpredictable
processor behavior when HyperThreading is enabled. This MSR switch
is enabled by default on *server* processors. On other processors,
it needs to be explicitly enabled by an updated UEFI/BIOS (with added
configuration logic). An updated operating system kernel might also
be able to enable it. When enabled, this fix can impact performance.
* Updated Microcodes:
sig 0x000306f2, pf_mask 0x6f, 2021-08-11, rev 0x0049, size 38912
sig 0x000306f4, pf_mask 0x80, 2021-05-24, rev 0x001a, size 23552
sig 0x000406e3, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 105472
sig 0x00050653, pf_mask 0x97, 2021-05-26, rev 0x100015c, size 34816
sig 0x00050654, pf_mask 0xb7, 2021-06-16, rev 0x2006c0a, size 43008
sig 0x00050656, pf_mask 0xbf, 2021-08-13, rev 0x400320a, size 35840
sig 0x00050657, pf_mask 0xbf, 2021-08-13, rev 0x500320a, size 36864
sig 0x0005065b, pf_mask 0xbf, 2021-06-04, rev 0x7002402, size 28672
sig 0x00050663, pf_mask 0x10, 2021-06-12, rev 0x700001c, size 28672
sig 0x00050664, pf_mask 0x10, 2021-06-12, rev 0xf00001a, size 27648
sig 0x00050665, pf_mask 0x10, 2021-09-18, rev 0xe000014, size 23552
sig 0x000506c9, pf_mask 0x03, 2021-05-10, rev 0x0046, size 17408
sig 0x000506ca, pf_mask 0x03, 2021-05-10, rev 0x0024, size 16384
sig 0x000506e3, pf_mask 0x36, 2021-04-29, rev 0x00ec, size 108544
sig 0x000506f1, pf_mask 0x01, 2021-05-10, rev 0x0036, size 11264
sig 0x000606a6, pf_mask 0x87, 2021-12-03, rev 0xd000331, size 291840
sig 0x000706a1, pf_mask 0x01, 2021-05-10, rev 0x0038, size 74752
sig 0x000706a8, pf_mask 0x01, 2021-05-10, rev 0x001c, size 75776
sig 0x000706e5, pf_mask 0x80, 2021-05-26, rev 0x00a8, size 110592
sig 0x000806a1, pf_mask 0x10, 2021-09-02, rev 0x002d, size 34816
sig 0x000806c1, pf_mask 0x80, 2021-08-06, rev 0x009a, size 109568
sig 0x000806c2, pf_mask 0xc2, 2021-07-16, rev 0x0022, size 96256
sig 0x000806d1, pf_mask 0xc2, 2021-07-16, rev 0x003c, size 101376
sig 0x000806e9, pf_mask 0x10, 2021-04-28, rev 0x00ec, size 104448
sig 0x000806e9, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 104448
sig 0x000806ea, pf_mask 0xc0, 2021-04-28, rev 0x00ec, size 103424
sig 0x000806eb, pf_mask 0xd0, 2021-04-28, rev 0x00ec, size 104448
sig 0x000806ec, pf_mask 0x94, 2021-04-28, rev 0x00ec, size 104448
sig 0x00090661, pf_mask 0x01, 2021-09-21, rev 0x0015, size 20480
sig 0x000906c0, pf_mask 0x01, 2021-08-09, rev 0x2400001f, size 20480
sig 0x000906e9, pf_mask 0x2a, 2021-04-29, rev 0x00ec, size 106496
sig 0x000906ea, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 102400
sig 0x000906eb, pf_mask 0x02, 2021-04-28, rev 0x00ec, size 104448
sig 0x000906ec, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
sig 0x000906ed, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 103424
sig 0x000a0652, pf_mask 0x20, 2021-04-28, rev 0x00ec, size 93184
sig 0x000a0653, pf_mask 0x22, 2021-04-28, rev 0x00ec, size 94208
sig 0x000a0655, pf_mask 0x22, 2021-04-28, rev 0x00ee, size 94208
sig 0x000a0660, pf_mask 0x80, 2021-04-28, rev 0x00ea, size 94208
sig 0x000a0661, pf_mask 0x80, 2021-04-29, rev 0x00ec, size 93184
sig 0x000a0671, pf_mask 0x02, 2021-08-29, rev 0x0050, size 102400
* Removed Microcodes:
sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
* update .gitignore and debian/.gitignore.
Add some missing items from .gitignore and debian/.gitignore.
* ucode-blacklist: do not late-load 0x406e3 and 0x506e3.
When the BIOS microcode is older than revision 0x7f (and perhaps in some
other cases as well), the latest microcode updates for 0x406e3 and
0x506e3 must be applied using the early update method. Otherwise, the
system might hang. Also: there must not be any other intermediate
microcode update attempts [other than the one done by the BIOS itself],
either. It must go from the BIOS microcode update directly to the
latest microcode update.
* source: update symlinks to reflect id of the latest release, 20220207
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
<https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0>
"Mbed TLS 2.28 is a long-time support branch.
It will be supported with bug-fixes and security
fixes until end of 2024."
<https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md>
"Currently, the only supported LTS branch is: mbedtls-2.28.
For a short time we also have the previous LTS, which has
recently ended its support period, mbedtls-2.16.
This branch will move into the archive namespace around the
time of the next release."
this will also add support for uacme ualpn support.
size changes
221586 libmbedtls12_2.28.0-1_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
(remark about 2.16's EOS, slightly reworded)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* gdb: update to 10.2
Replace some OpenWrt patches with openembedded ones for easier
maintainability. Remove several outdated ones as well.
Replace PKG_RELEASE with AUTORELEASE to avoid manual bumps.
Remove !arc dependency as it is supported upstream now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* gdb: Update to version 11.1
GDB 11.1 now depends on gmp.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* gdb: Add explicit patch to libgmp
Without giving the patch gdb does not compile on Arch Linux.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* gdb: Make only full gdb depend on libgmp
libgmp is only needed for the full gdb and not for the gdbserver
application.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* gdb: Update gdb to version 11.2
This is a minor corrective release over GDB 11.1, fixing the following issues:
* PR sim/28302 (gdb fails to build with glibc 2.34)
* PR build/28318 (std::thread support configure check does not use CXX_DIALECT)
* PR gdb/28405 (arm-none-eabi: internal-error: ptid_t remote_target::select_thread_for_ambiguous_stop_reply(const target_waitstatus*): Assertion `first_resumed_thread != nullptr' failed)
* PR tui/28483 ([gdb/tui] breakpoint creation not displayed)
* PR build/28555 (uclibc compile failure since commit 4655f8509fd44e6efabefa373650d9982ff37fd6)
* PR rust/28637 (Rust characters will be encoded using DW_ATE_UTF)
* PR gdb/28758 (GDB 11 doesn't work correctly on binaries with a SHT_RELR (.relr.dyn) section)
* PR gdb/28785 (Support SHT_RELR (.relr.dyn) section)
The sizes of the ipk changed on mips 24Kc like this:
2285775 gdb_11.1-3_mips_24kc.ipk
2287441 gdb_11.2-4_mips_24kc.ipk
191828 gdbserver_11.1-3_mips_24kc.ipk
191811 gdbserver_11.2-4_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Rosen Penev <rosenp@gmail.com>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
* util-linux: Add taskset
This adds the taskset application from util Linux.
It is already built, but not packaged yet.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
* util-linux: add lslocks
This change adds the "lslocks" utility from util-linux.
Signed-off-by: Roman Azarenko <roman.azarenko@iopsys.eu>
* util-linux: Do not build raw any more.
The man page of the raw tool does not build because the disk-utils/raw.8
file is missing. It looks like it should be in the tar.xz file we
download, but it is missing.
We do not package the raw tool, so this is not a problem.
This fixes the following build error:
No rule to make target 'disk-utils/raw.8', needed by 'all-am'. Stop.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* util-linux: Update to version 2.37.3
This release fixes two security mount(8) and umount(8) issues:
CVE-2021-3996
Improper UID check in libmount allows an unprivileged user to unmount FUSE
filesystems of users with similar UID.
CVE-2021-3995
This issue is related to parsing the /proc/self/mountinfo file allows an
unprivileged user to unmount other user's filesystems that are either
world-writable themselves or mounted in a world-writable directory.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* util-linux: package ipcs command
Add a package for util-linux' ipcs command, to show information about
System V inter-process communication facilities.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Co-authored-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
Co-authored-by: Roman Azarenko <roman.azarenko@iopsys.eu>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Stijn Tintel <stijn@linux-ipv6.be>
The sizes of the ipk changed on MIPS 24Kc like this:
289764 strace_5.14-1_mips_24kc.ipk
310899 strace_5.16-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
It relies on a custom ax_code_coverage.m4 file included with strace.
Unfortunately, this conflicts with the one included with
autoconf-macros. Instead of creating a huge patch to fix it, just remove
the variable as code coverage is not used here.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Previously, grub2 was hardcoded to always look on "hd0" for the
kernel.
This works well when the system only had a single disk.
But if there was a second disk/stick present, it may have look
on the wrong drive because of enumeration races.
This patch utilizes grub2 search function to look for a filesystem
with the label "kernel". This works thanks to existing setup in
scripts/gen_image_generic.sh. Which sets the "kernel" label on
both the fat and ext4 filesystem variants.
Signed-off-by: Jax Jiang <jax.jiang.007@gmail.com>
Suggested-by: Alberto Bursi <bobafetthotmail@gmail.com> (MX100 WA)
(word wrapped, slightly rewritten commit message, removed MX100 WA)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
In the default shadow file, as visible in the failsafe mode, the user
root has value of `0` set in the 3rd field, the date of last password
change. This setting means that the password needs to be changed the
next time the user will log in the system. `dropbear` server is ignoring
this setting but `openssh-server` tries to enforce it and fails in the
failsafe mode because the rootfs is R/O.
Disable the password aging feature for user root by setting the 3rd
filed empty.
Signed-off-by: Rucke Teg <rucketeg@protonmail.com>
Backport fix for API breakage of SSL_get_verify_result() introduced in
v5.1.1-stable. In v4.8.1-stable SSL_get_verify_result() used to return
X509_V_OK when used on LE powered sites or other sites utilizing
relaxed/alternative cert chain validation feature. After an update to
v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA
error and thus rendered all such connection attempts imposible:
$ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org"
Downloading 'https://letsencrypt.org'
Connecting to 18.159.128.50:443
Connection error: Invalid SSL certificate
Fixes: #9283
References: https://github.com/wolfSSL/wolfssl/issues/4879
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This uses uci to configure engines, by generating a list of enabled
engines in /var/etc/ssl/engines.cnf from engines configured in
/etc/config/openssl:
config engine 'devcrypto'
option enabled '1'
Currently the only options implemented are 'enabled', which defaults to
true and enables the named engine, and the 'force' option, that enables
the engine even if the init script thinks the engine does not exist.
The existence test is to check for either a configuration file
/etc/ssl/engines.cnf.d/%ENGINE%.cnf, or a shared object file
/usr/lib/engines-1.1/%ENGINE%.so.
The engine list is generated by an init script which is set to run after
'log' because it informs the engines being enabled or skipped. It
should run before any service using OpenSSL as the crypto library,
otherwise the service will not use any engine.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This enables an engine during its package's installation, by adding it
to the engines list in /etc/ssl/engines.cnf.d/engines.cnf.
The engine build system was reworked, with the addition of an engine.mk
file that groups some of the engine packages' definitions, and could be
used by out of tree engines as well.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This changes the configuration of engines from the global openssl.cnf to
files in the /etc/ssl/engines.cnf.d directory. The engines.cnf file has
the list of enabled engines, while each engine has its own configuration
file installed under /etc/ssl/engines.cnf.d.
Patches were refreshed with --zero-commit.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
ksmbd is an upstream linux alternative to Samba which is lighterweight
and more performant, especially on underpowered devices.
Moving it here from the packages feed as it is now an upstream kernel
module. Also easier to update as version updates can be coordinated better
The next LTS kernel (5.15) has this included. A depend on kernel < 5.15
will need to be added later.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* Rockchip:Fix dtsi of doornet2
phy:
Modify phy timing;The manufacturer's board requires two timing modes: 125m and 25m ---stmmac_mdio.c stmmac_main.c
Among them, stmmac_main.c is added with 1.5 reset, and the compilation of other devices is not affected
emmc:
In emmc hs400 mode, the performance test effect is the same as hs200, so it is safer to reduce hs200
* Rockchip:Add doornet2 to overclock to 2.2GHz/1.8GHz
* Create 105-rockchip-rk3399-Add-support-for-EmbedFire-DoorNet2.patch
Modify the startup method: SD starts first, which is convenient for saving bricks. If there is no system in SD, it will automatically jump to the next emmc boot
* Update with kernel 5.4
* Update 992-rockchip-rk3399-overclock-to-2.2-1.8-GHz-for-NanoPi4.patch
fdt* utils are needed by targets that use U-Boot FIT images for
sysupgrade. It includes all recent BCM4908 SoC routers as Broadcom
switched from CFE to U-Boot.
fdtget is required for extracting images (bootfs & rootfs) from
Broadcom's ITB. Extracted images can be then flashed to UBI volumes.
sysupgrade is core functionality so it needs dtc as part of base code
base.
Cc: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
a29bad9 compiler: fix patchlist corruption on switch statement syntax errors
86f0662 lib: change `ord()` to always return single byte value
116a8ce vallist: fix storing/retrieving short strings with 8bit byte value
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* glibc: update to latest 2.33 HEAD (bug 28011)
b5711025bc x86_64: Remove unneeded static PIE check for undefined weak diagnostic
edfd11197e wordexp: handle overflow in positional parameter number (bug 28011)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* glibc: update to latest 2.33 HEAD (bug 28213)
9b01145592 MIPS: Setup errno for {f,l,}xstat
9c676ef514 RISC-V: Update rv64 ULPs
c6cadbf83a linux: Remove shmmax check from tst-sysvshm-linux
22d37364ae librt: add test (bug 28213)
27a78fd712 librt: fix NULL pointer dereference (bug 28213)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* toolchain: glibc: Update to version 2.34
glibc version 2.34 does not provide versioned shared libraries any more,
it only provides shared libraries using the ABI version. Do not try to
copy them any more.
The functions from libpthread and librt were integrated into the main
binary, the libpthread.so and librt.so are only used for backwards
compatibility any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: glibc: Increase minimum kernel version to 5.4
Increase the minimum kernel version needed by the glibc compiled for
OpenWrt to version 5.4. With this setting the glibc build will remove
all code needed to support older kernel versions.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: glibc: Enable --enable-bind-now
Enable --enable-bind-now when CONFIG_PKG_RELRO_FULL is set. This option
is activated by default. This will enable full RELRO protection.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* glibc: update to 2.34 HEAD
72123e1b56 NEWS: Add a bug entry for BZ #28755
08beb3a3f4 x86: Fix __wcsncmp_evex in strcmp-evex.S [BZ# 28755]
b50d5b746c x86: Fix __wcsncmp_avx2 in strcmp-avx2.S [BZ# 28755]
1b9cd6a721 NEWS: add bug entry for BZ #28769 and BZ #28770
3438bbca90 Linux: Detect user namespace support in io/tst-getcwd-smallbuff
d084965adc realpath: Avoid overwriting preexisting error (CVE-2021-3998)
472e799a5f getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)
8c8a71c85f tst-realpath-toolong: Fix hurd build
f7a79879c0 realpath: Set errno to ENAMETOOLONG for result larger than PATH_MAX [BZ #28770]
73c362840c stdlib: Fix formatting of tests list in Makefile
269eb9d930 stdlib: Sort tests in Makefile
062ff490c1 support: Add helpers to create paths longer than PATH_MAX
82b1acd9de powerpc: Fix unrecognized instruction errors with recent binutils
1d401d1fcc x86: use default cache size if it cannot be determined [BZ #28784]
6890b8a3ae CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)
1081f1d3dd sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542)
7b5d433fd0 CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542)
5575daae50 socket: Add the __sockaddr_un_set function
03e6e02e6a Disable debuginfod in printer tests [BZ #28757]
705f1e4606 Update syscall lists for Linux 5.16
2fe2af88ab i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bug 28771)
73558ffe84 Update syscall lists for Linux 5.15
e64235ff42 powerpc: Fix unrecognized instruction errors with recent GCC
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* toolchain: glibc: Remove patch for ARC700
The ARC700 target was renoved, this patch is not needed any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Hans Dedecker <dedeckeh@gmail.com>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
* ucode: update to latest Git HEAD
929c862 vm: fix toplevel function call protocol
8f34d70 fs: fix chown() and rename() error return values
03ca445 tests: disable fuzz tests for now
3b1be3d types: mark further GC roots
d49af4e types: fix comparison of differently signed integers
c79ff39 types: handle conversion errors when dealing with negative error indexes
3315b1f types: allow negative array indexes
d5b25f9 treewide: harmonize function naming
cc4ce8d module: remove unused defines
f5d7526 examples: add libucode usage examples
559eff2 types, vm: adjust GC api
e5e7e62 treewide: move header files into dedicated directory
ff6168a build: install header files
7e6ce0f main: introduce new flag `-x` to allow disabling specific functions
b1817b3 vm: fix invalid memory access on GC'ing uninitialized VM context
498fe87 main: refactor option parsing and VM setup
ff52440 treewide: consolidate typedef naming
1d60418 vm: add API to control trace mode
48f33ad vm: make root exception handler configurable
0f69f09 vm: fix invalid memory access on toplevel function calls
6bcc318 vm: fix handling exceptions in top-level function calls
4ae0568 lib, vm: reimplement exit() as exception type
2f77657 vm: extend API to allow returning result value from VM execution
111645a vm: remove module preloading logic
38ff6de main: preload modules ourselves
d5bc223 vm: add uc_vm_invoke() helper
ef0baf1 vm: cosmetic fix for outputting exceptions without source context
b11a2fa vm: move global scope allocation into uc_vm_init()
900b2a3 vm: add getter and setter for vm globals scope
0179576 lib: rename uc_add_proto_functions() to uc_add_functions()
98b9c84 lib: expose stdlib function array
1adfba0 treewide: eliminate dead code and unused functions
3974e71 treewide: replace a number of unnecessary type casts
bf85226 treewide: move ressource type registry into vm instance
e2b3d2e build: split into libucode and ucode cli
dad8f3a types: properly deal with circular data in GC mark phase
62dbd64 lexer: rename UT_ prefixed constants to UC_
bc8e465 types: fix wrong assert() on tearing down object trees
853b9f1 vm: fix potential invalid memory access in uc_vm_get_error_context()
6f05cdd lib: fix refcount imbalance in uc_require_path()
96f140b lib, vm: ensure that require() compiles modules only once
df5db5f compiler: don't segfault on invalid declaration expressions
a97c7a1 lexer: transition into EOF state on unrecognized character
2a838d1 compiler: improve mapping of binary operator tokens to instructions
9872f65 vm: add support for I_LE and I_GE instructions
4e410c3 treewide: let uc_cmp() use instruction instead of token numbers
ce6081d lexer, vm: reorder token and instruction numbers
234a4f6 lib: implement b64enc() and b64dec() functions
856a0c0 lib: only consider context of calling function for callbacks
86fb130 lib: implement min() and max() functions
3e893e6 lib: pass-through "this" context to library function callbacks
42de7ab lib: implement `sourcepath()` function
05c80a7 lib: fix negative uc_index() return value on 32bit systems
9874562 lexer: implement raw code mode
3b665c8 lexer: drop value union from keyword table
44354cf lexer, compiler: separate TK_BOOL token into TK_TRUE and TK_FALSE tokens
5879bdf syntax: drop Infinity and NaN keywords
d4edadc lib: rename uc_lib_init() to uc_load_stdlib()
d81bad7 main, lib: move allocation of globals object into lib function
c4f4b38 main: simplify REQUIRE_SEARCH_PATH initialization
54ca3aa types: fix uninitialized memory on setting non-contiguous array indexes
cbc0d78 build: let require search patch default to CMAKE_INSTALL_PREFIX
5714705 syntax: introduce `const` support
ed32c42 compiler, lexer: add NO_LEGACY define to disable legacy syntax features
ff6811f syntax: implement `delete` as proper operator
5803d86 lib: implement wildcard() function
dfb7379 fs: implement chmod(), chown(), rename() and glob() functions
1ddf5b6 lexer: skip interpreter line in any source buffer
9951a00 build: lower minimum required CMake version to v3.13
7b81ab2 main: expose argv as global ARGV array to ucode scripts
7283a70 tests: rename misnamed testcases for consistency
3f80116 compiler: fix local for-loop initializer variable declarations
f20b56f compiler: properly parse slashes in parenthesized division expressions
5c4e1ea lib: implement regexp(), a function to construct regexp instances at runtime
e546bba lib: implement render(), an include variant capturing output in a string
0cb10c6 vm: implement mechanism to change output file descriptor
eb8a64d lib: fix uc_sort()
f1ffc9f vm: truncate long values after 60 chars in trace output
850612f compiler: properly handle break/continue in nested scopes
f0a9875 compiler: properly handle keyword in parenthesized property access expression
1660433 compiler: fix stack mismatch on compiling `use strict` statements
a36e0df syntax: implement support for 'use strict' pragma
827a34a vm, compiler: get rid of unused struct members
594cdf3 lib: implement assert()
c4d1648 lib: add support for pretty printing JSON to printf() and sprintf()
f2eaea3 lib: gracefully handle truncated format strings in uc_printf_common()
02629b8 lexer: fix infinite loop on parsing unterminated comments
2bc9bac lexer: fix infinite loop on parsing unterminated expression blocks
f73e201 lexer: fix infinite loop when parsing regexp literal at EOF
86b4863 compiler: fix segfault on parsing invalid pre/post increment expressions
0e24509 lib: fix reporting source context lines at EOF
e66b2ad compiler, lexer: improve lexical state handling
e29b574 lib: fix uc_split() quirks
64eec7f treewide: ISO C / pedantic compliance
4af803d build: output error messages on test failures
9ef693e vm: improve context for early errors
6def9fc tests: pass ucode library path through environment
d5dd183 treewide: address various sign-compare warnings
28825ac types: support creating ressource values without associated type
9c5106a types: fix potential memory leaks and null pointer accesses
c51934a types: fix potential leak of key in ucv_object_add()
7b28727 main: fix ineffective EOF check in parse()
4cf897c lib: uc_system(): fix invalid free() of non-heap memory
35af4ba treewide: rework internal data type system
f2c4b79 treewide: fix issues reported by clang code analyzer
93ededb tests: allow executing run_tests.sh from any directory
0e4a387 Add initial GitLab and GitHub CI support
df73b25 tests: add more tests
41d33d0 tests: custom: return exit code if tests fails
1c548a6 cmake: do not output binaries into lib directory
2b59097 tests: create custom tests from current tests cases
8039361 main: provide just binary name in help output
778e4f7 lexer: fix incomplete struct initializers
502ecdc cmake: enable extra compiler checks
3c2aeff cmake: fix includes and libraries
617a114 cmake: make 3.0 minimum version
f360350 lib: implement sleep(ms) function
7f0ff91 lib: allow parsing non-array, non-object value in json()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucode: update to latest Git HEAD
0f022aa lib: increase refcount when returning cached module instance
c9e68bb lib: introduce resolver library
9041e24 lib: fix uninitialized memory access on handling %J string formats
4ee06d8 syntax: introduce optional chaining operators
ce4a7d9 vm: reset callframes before invoking unhandled exception handler
218e822 vm: clear exception information before calling managed code functions
5b908bd ubus: properly handle signed 64bit values too
e43b751 ubus: fix handling signed 16bit and 32bit integers
137428f nl80211: fix issues spotted by static code analyzer
b9d4f61 nl80211: treat signal attr values as signed integers
9a7c355 nl80211: expose sta_info attributes
bb358d9 lib: introduce Linux 802.11 netlink binding
914f54c types: fix invalid memory access on setting non-contiguous array indexes
631f00d main: fix leaking module name when processing -m flag
e55188b compiler: properly handle jumps to offset 0
98c4147 tests: support specifying cmdline args in testcase files
64e4f68 types: fix formatting escape sequences for 8 bit chars
dd86e1d rtnl: automatically derive message family from certain address attrs
74fdb97 rtnl: expose IPv4 and IPv6 devconfig information
7fa1008 rtnl: allow reply nla payloads to be smaller than headsize
cbae3cb lib: introduce Linux route netlink binding
e6dd389 ci: adjust build prereqs for GitHub as well
07ae165 ci: add libnl-tiny to prereqs
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucode: add temporary fix for integer formatting on 32bit systems
The ucode VM always passes 64bit integer values to sprintf implementation
while the `%d` format expects 32bit integers on 32bit platforms, leading
to incorrect formatting results.
Temporarily solve the issue by casting the numeric argument to int until
a more thorough fix arrives with the next update.
Fixes: FS#4234
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucode: update to latest Git HEAD
c6dae42 LICENSE: add ISC license file
402f603 lib: introduce struct library
dcb6ffd struct: fix PowerPC specific compiler pragma name
a0512ea treewide: fix typo in exported function names and types
eaaaf88 nl80211: fix wiphy dump reply merge logic
e6efadb fs: add utility functions
54ef6c0 nl80211: fix premature netlink reply receive abort
07802f3 syntax: disallow keywords in object property shorthand notation
3489b75 vm: support object property access on resource value types
dc8027c types: consider resource prototypes when marking reachable objects
5680fab treewide: fix upvalue reference type name
0d29b25 treewide: fix "resource" misspellings
99fdafd vm: introduce value registry
66f7c00 ubus: add support for async requests
5c77dd5 fs: implement fdopen(), file.fileno() and proc.fileno()
b605dbf treewide: rework numeric value handling
599d233 vallist: store double values in a platform neutral manner
5bb9ab7 struct: reuse double packing routines from core
2fd7ab5 vm: optimize string concatenation
eafa321 lib: implement uniq() function
6b2e79a types: add initial infrastructure for function serialization
725bb75 compiler, vm: use a program wide constant list
6c2caf9 source: refactor source file handling
371ba45 program: implement support for precompiling source files
3578afe build: support building without compile capabilities
61d0a34 lib: replace usages of vasprintf() with xvasprintf()
03b6a8e syntax: drop legacy syntax support
01132db lib: fix %J string formats with precision specifier
3f44c42 lib: rework format string handling
a1b3c5d struct: implement `*` format, fix invalid memory accesses
34a04a2 run_tests.sh: fix exitcode evaluation
abe38e7 run_tests.sh: add ability to define environment variables for testcases
04fa2ba tests: reorganize testcase files
6a55d10 lib: fix exists() error return value
aa860a3 vm: fix `null` loose equality/inequality checks
3f6d199 vallist: uc_number_parse(): parse empty strings as `0`, not `NaN`
ddc5aa7 vm: fix NaN strict equality tests
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ucode: update to latest Git HEAD
11adf0c source: convert source objects into proper uc_value_t type
3a49192 treewide: rework function memory model
7edad5c tests: add functional tests for builtin functions
d5003fd lib: fix leaking tokener in uc_json() on parse exception
5d0ecd9 lib: fix infinite loop on empty regexp matches in uc_replace()
3ad57f1 lib: fix infinite loop on empty regexp matches in uc_match()
32d596d lib: fix infinite loop on empty regexp matches in uc_split()
3e3f38d vm: ensure consistent trace output between gcc and clang compiled ucode
3600ded vm: fix leaking function value on call exception
3059295 vm: NULL-initialize pointer to make cppcheck happy
98e59bf source: zero-initialize conversion union to make cppcheck happy
7a65c14 run_tests.sh: change workdir to testcase directory during execution
afec8d7 run_tests.sh: support placing supplemental testcase files
3ada6e0 run_tests.sh: always treat outputs as text data
2cb627f program: rename bytecode load/write functions, track path of executed file
1094ffa lib: fix memory leak in uc_require_ucode()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Co-authored-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: make organization (O=) of the cert configurable via uci
Make the organization (O=) of the cert configurable via uci. If not
configured, use a combination of "OpenWrt" and an unique id like it was
done before.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* uhttpd: add config option for json_script
Add a config option for json_script instead of unconditionally including
all json files in /etc/uhttpd in every uhttpd instance. This makes it
possible to configure a single instance with an unconditional redirect,
which currently renders all other uhttpd instances unusable.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Felix Fietkau <nbd@nbd.name>
* uhttpd: update to latest Git HEAD
2f8b136 main: fix leaking -p/-s argument values
881fd3b ucode: adjust to latest ucode api
8b2868e file: specify UTF-8 as charset for dirlists, add option to override
3a5bd84 main: add ucode options to help text
16aa142 examples: add ucode handler example
3ceccd0 ucode: add ucode plugin support
f0f1406 examples: add example Lua handler script
9e87095 listen: avoid invalid memory access
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Co-authored-by: Martin Schiller <ms@dev.tdt.de>
Co-authored-by: Stijn Tintel <stijn@linux-ipv6.be>
Co-authored-by: Jo-Philipp Wich <jo@mein.io>
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
value when verifying a MAC or AEAD tag. This hardens the library in
case the value leaks through a memory disclosure vulnerability. For
example, a memory disclosure vulnerability could have allowed a
man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
(out of memory). After that, calling mbedtls_ssl_session_free()
and mbedtls_ssl_free() would cause an internal session buffer to
be free()'d twice. CVE-2021-44732
The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
* libs/wolfssl: add SAN (Subject Alternative Name) support
x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)
It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
* wolfssl: update to 5.1.1-stable
Bump from 4.8.1-stable to 5.1.1-stable
Detailed release notes: https://github.com/wolfSSL/wolfssl/releases
Upstreamed patches:
001-Maths-x86-asm-change-asm-snippets-to-get-compiling.patch -
fa8f23284d
002-Update-macro-guard-on-SHA256-transform-call.patch -
f447e4c1fa
Refreshed patches:
100-disable-hardening-check.patch
200-ecc-rng.patch
CFLAG -DWOLFSSL_ALT_CERT_CHAINS replaced to --enable-altcertchains
configure option
The size of the ipk changed on aarch64 like this:
491341 libwolfssl4.8.1.31258522_4.8.1-stable-7_aarch64_cortex-a53.ipk
520322 libwolfssl5.1.1.31258522_5.1.1-stable-1_aarch64_cortex-a53.ipk
Tested-by: Alozxy <alozxy@users.noreply.github.com>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Co-authored-by: Sergey V. Lobanov <sergey@lobanov.in>
795f420 cmis: Rename CMIS parsing functions
369b43a cmis: Initialize CMIS memory map
da16288 cmis: Use memory map during parsing
6acaeb9 cmis: Consolidate code between IOCTL and netlink paths
d7d15f7 sff-8636: Rename SFF-8636 parsing functions
4230597 sff-8636: Initialize SFF-8636 memory map
b74c040 sff-8636: Use memory map during parsing
799572f sff-8636: Consolidate code between IOCTL and netlink paths
9fdf45c sff-8079: Split SFF-8079 parsing function
2ccda25 netlink: eeprom: Export a function to request an EEPROM page
86792db cmis: Request specific pages for parsing in netlink path
6e2b32a sff-8636: Request specific pages for parsing in netlink path
c2170d4 sff-8079: Request specific pages for parsing in netlink path
9538f38 netlink: eeprom: Defer page requests to individual parsers
664586e Merge branch 'review/next/module-mem-map' into master
50fdaec ethtool: Set mask correctly for dumping advertised FEC modes
c5e7133 cable-test: Fix premature process termination
73091cd sff-8636: Use an SFF-8636 specific define for maximum number of channels
837c166 sff-common: Move OFFSET_TO_U16_PTR() to common header file
8658852 cmis: Initialize Page 02h in memory map
27b42a9 cmis: Initialize Banked Page 11h in memory map
340d88e cmis: Parse and print diagnostic information
eae6a99 cmis: Print Module State and Fault Cause
82012f2 cmis: Print Module-Level Controls
d7b1007 sff-8636: Print Power set and Power override bits
429f2fc Merge branch 'review/cmis-diag' into master
32457a9 monitor: do not show duplicate options in help text
c01963e Release version 5.16.
The sizes of the ipk changed on MIPS 24Kc like this:
34317 ethtool_5.15-1_mips_24kc.ipk
34311 ethtool_5.16-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
The actual script dnscache-while.sh is still in the process after the DNS cache stops. This optimization completely stops the script and the DNS cache process
* Revert "busybox: update to 1.33.2 bugfix release (#8386)"
This reverts commit a6f79ace50.
* busybox: fix compilation with GCC 10
When compiling busybox with GCC 10 and CONFIG_PKG_ASLR_PIE_ALL=y, there
are hundreds of errors like:
relocation R_MIPS16_26 against `xzalloc' cannot be used when making a
shared object; recompile with -fPIC
Simply solve this by no longer disabling PKG_ASLR_PIE, so that $(FPIC)
is properly added to the CFLAGS and LDFLAGS.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
* busybox: update to version 1.34.0
Update busybox to version 1.34.0
* Remove upstreamed patches (205, 530, 540)
* Remove one old patch that does not apply any more. (203)
That was originally introduced in 2008 with 563d23459,
but does not apply after busybox restructuring with
https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?h=1_34_stable&id=e6007c4911c3ea26925f9473b9f156a692585f30
and
https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?h=1_34_stable&id=1c7253726fcbab09917f143f0b703efbd2df55c3
* Refresh config and patches.
* Backport upstream fixes for
- MIPS compilation breakage and
- process substitution regression
Config refresh:
Refresh commands, run after busybox is first built once:
cd utils/busybox/
cd config/
../convert_menuconfig.pl ../../../../build_dir/target-aarch64_cortex-a53_musl/busybox-default/busybox-1.34.0
cd ..
./convert_defaults.pl < ../../../build_dir/target-aarch64_cortex-a53_musl/busybox-default/busybox-1.34.0/.config > Config-defaults.in
Manual edits needed afterward:
* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in: OpenWrt configTARGET_bcm53xx logic applied to
BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)
* Config-defaults.in: OpenWrt logic applied to
BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)
BUSYBOX_DEFAULT_UDHCPC_DEFAULT_INTERFACE (just "")
* config/editors/Config.in: Add USE_GLIBC dependency to
BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)
* config/shell/Config.in : change at "Options common to all shells" the symbol
SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
(discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
Apparently our script does not see the hidden option while
prepending config options with "BUSYBOX_CONFIG_" which leads to a
missed dependency when the options are later evaluated.)
* Edit Config.in files by adding quotes to sourced items in
config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* busybox: update to 1.34.1
Update busybox to version 1.34.1, which is a minor
maintenance release. It contains just the two post-1.34.0
upstream patches that we earlier backported plus a few fixes
to awk.
* Remove the two backported upstream patches that are
now unnecessary.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
* busybox: fix compatibility with BUSYBOX_CONFIG_INSTALL_NO_USR
Signed-off-by: aakkll <94471752+aakkll@users.noreply.github.com>
* busybox: update to 1.35.0
Update busybox to 1.35.0
* refresh patches
Config refresh:
Refresh commands, run after busybox is first built once:
cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0
cd ..
./convert_defaults.pl ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-default/busybox-1.35.0/.config > Config-defaults.in
Manual edits needed after config refresh:
* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in: OpenWrt configTARGET_bcm53xx logic applied to
BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)
* Config-defaults.in: OpenWrt logic applied to
BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)
* config/editors/Config.in: Add USE_GLIBC dependency to
BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)
* config/shell/Config.in : change at "Options common to all shells" the symbol
SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
(discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
Apparently our script does not see the hidden option while
prepending config options with "BUSYBOX_CONFIG_" which leads to a
missed dependency when the options are later evaluated.)
* Edit Config.in files by adding quotes to sourced items in
config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Co-authored-by: Stijn Tintel <stijn@linux-ipv6.be>
Co-authored-by: Hannu Nyman <hannu.nyman@iki.fi>
Co-authored-by: Marius Dinu <m95d+git@psihoexpert.ro>
0f16ea5 options.c: add DSCP code LE Least Effort
24ba465 firewall3: remove redundant syn check
df1306a firewall3: fix locking issue
3624c37 firewall3: support table load on access on Linux 5.15+
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Co-authored-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* binutils: Update to version 2.37
This matches the version used in the toolchain.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* binutils: fix compiling with arch-based distros
Arch Linux users have encountered problems with packages that have a dependency on binutils. This error happens when libtool is doing:
libtool: relink: ...
So change PKG_FIXUP to "patch-libtool".
Fixes error in the form of:
libtool: install: error: relink `libctf.la' with the above command
before installing it
Upstream Bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=28545
OpenWrt Bug:
https://bugs.openwrt.org/index.php?do=details&task_id=4149
Acked-by: John Audia <graysky@archlinux.us>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Nick Hainke <vincent@systemli.org>
CHECK_RUN_DIR=0 must be a part of MAKE_FLAGS, not MAKE_VARS, otherwise
it is not possible to compile mdadm on host without /run dir.
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
Co-authored-by: Sergey V. Lobanov <sergey@lobanov.in>
Linux upstream commit 9370f2d05a
add load firmware file through request_firmware,this affect the
nanopi r2s and some USB adapters in kernel 5.10 with this error:
'r8152 4-1:1.0: unable to load firmware patch rtl_nic/rtl8153b-2.fw'
This patch split the USB NIC firmware files from r8169 firmware,
and adds r8152-firmware to r8152 driver.
Add kmod-usb-net-cdc-ncm to support RTL8156A and RTL8156B 2.5G ethernet
adapters supported since v5.13-rc1.
195aae321c
Signed-off-by: Marty Jones <mj8263788@gmail.com>
session tickets are a feature of TLSv1.2 and require less memory
and overhead on the server than does managing a session cache
Building mbedtls with support for session tickets will allow the
feature to be used with lighttpd-1.4.56 and later.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Subtarget-specific files under 'uboot-envtools' package are supported
since 6f3a05ebb0 ("uboot-envtools: support uci-default config also per
subtargets").
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
This is a bugfix release. Changelog:
*) Avoid loading of a dynamic engine twice.
*) Fixed building on Debian with kfreebsd kernels
*) Prioritise DANE TLSA issuer certs over peer certs
*) Fixed random API for MacOS prior to 10.12
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
this patch consolidates the amd64-microcode
(moved to linux-firmware.git, previously this was an extra
debian source package download), amdgpu and radeon firmwares
into a shared "amd" makefile.
With the upcoming 20211216 linux-firmware bump,
this will include a microcode update for ZEN 3 CPUs.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The rtl8723bs firmware was removed and a symlink to the rtl8723bu
firmware was created like it is done in upstream linux-firmware.
The following OpenWrt packages are changing:
* amdgpu-firmware: Multiple updates and new files
* ar3k-firmware: Multiple updates and new files
* ath10k-firmware-qca6174: Updated ath10k/QCA6174/hw3.0/board-2.bin
* bnx2x-firmware: Added bnx2x-e1-7.13.21.0.fw, bnx2x-e1h-7.13.21.0.fw and bnx2x-e2-7.13.21.0.fw
* iwlwifi-firmware-iwl8260c: Updated iwlwifi-8000C-36.ucode
* iwlwifi-firmware-iwl8265: Updated iwlwifi-8265-36.ucode
* iwlwifi-firmware-iwl9000: Updated iwlwifi-9000-pu-b0-jf-b0-46.ucode
* iwlwifi-firmware-iwl9260: Updated iwlwifi-9260-th-b0-jf-b0-46.ucode
* r8169-firmware: Updated rtl8153c-1.fw
* rtl8723bs-firmware: removed
* rtl8723bu-firmware: Added rtlwifi/rtl8723bs_nic.bin symlink
* rtl8822ce-firmware: Updated rtw8822c_fw.bin
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
We were missing (not using) the last sector of each partition,
compared with the output of gparted.
Signed-off-by: Javier Marcet <javier@marcet.info>
[moved the dot]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The http://www.us.tcpdump.org mirror will go offline soon, only use the
normal download URL.
Reported-by: Denis Ovsienko <denis@ovsienko.info>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Backport an upstream patch that adds support for ELFv2 ABI on big endian
ppc64. As musl only supports ELFv2 ABI on ppc64 regardless of
endianness, this is required to be able to build OpenSSL for ppc64be.
Modify our targets patch to add linux-powerpc64-openwrt, which will use
the linux64v2 perlasm scheme. This will probably break the combination
ppc64 with glibc, but as we really only want to support musl, this
shouldn't be a problem.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
Co-authored-by: Stijn Tintel <stijn@linux-ipv6.be>
I updated the link for downloading Windows client to download the latest
currently available version instead of using beta version, which is not
good to use in production.
Also, the macOS link led to the OpenVPN server, which was wrong. It should
be a client. It was updated to the latest version as well.
