The ar8xxx.ko kernel module uses the devm_mdiobus_alloc() function
provided by kmod-mdio-devres, add the missing dependency.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Musl libc does not support the non-POSIX "%F" format for strptime() so
replace all occurrences of it with an equivalent "%Y-%m-%d" format.
Fixes: #10419
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The curl developers found test case that crashed in their testing when
using zlib patched against CVE-2022-37434, same patch we've backported
in commit 7df6795d4c ("zlib: backport fix for heap-based buffer
over-read (CVE-2022-37434)"). So we need to backport following patch in
order to fix issue introduced in that previous CVE-2022-37434 fix.
References: https://github.com/curl/curl/issues/9271
Fixes: 7df6795d4c ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Musl libc does not support the non-POSIX "%F" format for strptime() so
replace all occurrences of it with an equivalent "%Y-%m-%d" format.
Fixes: #10419
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The soversion of the shipped libjansson.so library didn't change, so the
ABI version change is unwarranted and leads to opkg file clashes.
Also stop shipping an unversioned library symlink while we're at it as
it only needed at compile/link time and leading to file level clashes
between packages on future ABI bumps.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Both of these packages depend on CONFIG_WWAN
in the kernel.
Also fix the missing "wwan" subfolder in the path.
This fixes the missing devices in /dev after booting an MHI capable modem.
Fixes: 2519190fec ("kernel: package mhi wwan ctrl driver")
Fixes: 6af46796fa ("kernel: package mhi mbim driver")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Backports upstream fix from 5.19
lockdep complains use of uninitialized spinlock at ieee80211_do_stop() [1],
for commit f856373e2f31ffd3 ("wifi: mac80211: do not wake queues on a vif
that is being stopped") guards clear_bit() using fq.lock even before
fq_init() from ieee80211_txq_setup_flows() initializes this spinlock.
According to discussion [2], Toke was not happy with expanding usage of
fq.lock. Since __ieee80211_wake_txqs() is called under RCU read lock, we
can instead use synchronize_rcu() for flushing ieee80211_wake_txqs().
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
libzstd from the packages feed gets picked up. Add patch adding
NO_LIBZSTD option like in perf and enable it.
Signed-off-by: Nick Hainke <vincent@systemli.org>
This extracts kmod-sched-act-police to allow using it without adding all
the packages from the big kmod-sched package.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
Add the ipset/ip_set_hash_ipmac.ko file. The CONFIG_IP_SET_HASH_IPMAC
KConfig option is already set by the package.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
This adds the act_sample.ko and psample.ko kernel module which allows
traffic sampling.
Signed-off-by: Thomas Langer <tlanger@maxlinear.com>
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
Extract the kmod-sched-prio and kmod-sched-red kernel modules from the
big kmod-sched package. This allows adding the two kernel modules to
OpenWrt without adding the kmod-sched and all its depdnecy.
Signed-off-by: Thomas Langer <tlanger@maxlinear.com>
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
This puts the kmod-sched packages into an alphabetical order.
I kept the kmod-sched-core at the top as this is the main package.
No changes other than reordering were done.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
Change SCHED_MODULES_EXTRA to an explicit list of modules
instead of taking everything that is not filtered out.
This removes the need of updating the filter each time an extra
sch_*, act_* or similar is added with an own kmod definition.
Signed-off-by: Thomas Langer <tlanger@maxlinear.com>
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
The sch_fq_codel.ko and the sch_fifo.ko are always compiled into the
kernel, they are activated in the generic kernel configuration. There is
no need to activate the build of these kernel modules in the kmod-sched*
packages.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
The ZyXEL LTE3301-PLUS is an 4G indoor CPE with 2 external LTE antennas.
Specifications:
- SoC: MediaTek MT7621AT
- RAM: 256 MB
- Flash: 128 MB MB NAND (MX30LF1G18AC)
- WiFi: MediaTek MT7615E
- Switch: 4 LAN ports (Gigabit)
- LTE: Quectel EG506 connected by USB3 to SoC
- SIM: 1 micro-SIM slot
- USB: USB3 port
- Buttons: Reset, WPS
- LEDs: Multicolour power, internet, LTE, signal, Wifi, USB
- Power: 12V, 1.5A
The device is built as an indoor ethernet to LTE bridge or router with
Wifi.
UART Serial:
57600N1
Located on populated 5 pin header J5:
[o] GND
[ ] key - no pin
[o] RX
[o] TX
[o] 3.3V Vcc
MAC assignment:
lan: 98:0d:67:ee:85:54 (base, on the device back)
wlan: 98:0d:67:ee:85:55
Installation from web GUI:
- Log in as "admin" on http://192.168.1.1/
- Upload OpenWrt initramfs-recovery.bin image on the
Maintenance -> Firmware page
- Wait for OpenWrt to boot and ssh to root@192.168.1.1
- format ubi device: ubiformat /dev/mtd6
- attach ubi device: ubiattach -m6
- create rootfs volume: ubimkvol /dev/ubi0 -n0 -N rootfs -s 1MiB
- rootfs_data volume: ubimkvol /dev/ubi0 -n1 -N rootfs_data -s 1MiB
- run sysupgrade with sysupgrade image
For more details about flashing see
commit 2449a63208 ("ramips: mt7621: Add support for ZyXEL NR7101").
Please note that this commit is needed:
firmware-utils: add marcant changes for ZyXEL NBG6716 and LTE3301-PLUS
Signed-off-by: André Valentin <avalentin@marcant.net>
The Sophos AP15 seems to be very close to Sophos AP55/AP100.
Based on:
commit 6f1efb2898 ("ath79: add support for Sophos AP100/AP55 family")
author Andrew Powers-Holmes <andrew@omnom.net>
Fri, 3 Sep 2021 15:53:57 +0200 (23:53 +1000)
committer Hauke Mehrtens <hauke@hauke-m.de>
Sat, 16 Apr 2022 16:59:29 +0200 (16:59 +0200)
Unique to AP15:
- Green and yellow LED
- 2T2R 2.4GHz 802.11b/g/n via SoC WMAC
- No buttons
- No piezo beeper
- No 5.8GHz
Flashing instructions:
- Derived from UART method described in referenced commit, methods
described there should work too.
- Set up a TFTP server; IP address has to be 192.168.99.8/24
- Copy the firmware (initramfs-kernel) to your TFTP server directory
renaming it to e.g. boot.bin
- Open AP's enclosure and locate UART header (there is a video online)
- Terminal connection parameters are 115200 8/N/1
- Connect TFTP server and AP via ethernet
- Power up AP and cancel autoboot when prompted
- Prompt shows 'ath> '
- Commands used to boot:
ath> tftpboot 0x81000000 boot.bin
ath> bootm 0x81000000
- Device should boot OpenWRT
- IP address after boot is 192.168.1.1/24
- Connect to device via browser
- Permanently flash using the web ui (flashing sysupgrade image)
- (BTW: the AP55 images seem to work too, only LEDs are not working)
Testing done:
- To be honest: Currently not so much testing done.
- Flashed onto two devices
- Devices are booting
- MAC addresses are correct
- LEDs are working
- Scanning for WLANs is working
Big thanks to all the people working on this great project!
(Sorry about my english, it is not my native language)
Signed-off-by: Manuel Niekamp <m.niekamp@richter-leiterplatten.de>
Remove outdated patches:
- 100-musl.patch
- 110-mac80211_tracepoint.patch
Trace-cmd now uses libtracefs and livtraceevent as libraries.
The plugins moved to libtraceevent.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes:
debuginfod: Support -C option for connection thread pooling.
debuginfod-client: Negative cache file are now zero sized instead of
no-permission files.
addr2line: The -A, --absolute option, which shows file names including
the full compilation directory is now the default. To get the
old behavior use the new option --relative.
readelf, elflint: Recognize FDO Packaging Metadata ELF notes
libdw, debuginfo-client: Load libcurl lazily only when files need to
be fetched remotely. libcurl is now never
loaded when DEBUGINFOD_URLS is unset. And when
DEBUGINFOD_URLS is set, libcurl is only loaded
when the debuginfod_begin function is called.
Signed-off-by: Nick Hainke <vincent@systemli.org>
The heartbeat trigger has the option to be inverted, however
openwrt/uci/luci have no way to set this.
This patch adds this support.
Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow
in inflate in inflate.c via a large gzip header extra field. NOTE: only
applications that call inflateGetHeader are affected. Some common
applications bundle the affected zlib source code but may be unable to
call inflateGetHeader.
Fixes: CVE-2022-37434
References: https://github.com/ivd38/zlib_overflow
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This change was included in the original pull request but later omitted
for some reason:
https://github.com/openwrt/openwrt/pull/4936
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
Config partition contains uboot env for the first 0x20000 bytes.
The rest of the partition contains other data including the device MAC
address and the password printed on the label.
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
"The MCP2221 is a USB-to-UART/I2C serial converter which enables
USB connectivity in applications that have a UART and I2C interfaces."
<https://www.microchip.com/en-us/product/MCP2221>
Signed-off-by: Leo Soares <leo@hyper.ag>
(replaced GPIOLIB KConfig with @GPIO_SUPPORT)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
all other drivers depend on @GPIO_SUPPORT rather than
forcing CONFIG_GPIOLIB=y.
(I wonder what would happen if someone decides to try
UML with USBIP?)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The re-transmit counters can overflow the 32 bit representation resulting
in negative values being displayed. Background being that the numbers are
treated at some point as signed INT rather than unsigned INT.
Change the counters from 32 bit to 64 bit, should provide sufficient room
to avoid any overflow. Not the nicest solution but it works
Fixes: #10077
Signed-off-by: Roland Barenbrug <roland@treslong.com>
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
This fixes the libmnl build on macOS, which ships with an outdated bash
at /bin/bash. During the OpenWrt build, a modern host bash is built and
made available at staging_dir/host/bin/bash, which is present before
/bin/bash in the build's PATH.
This is similar to 8f7ce3aa6d, presently appearing at
package/kernel/mac80211/patches/build/001-fix_build.patch.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
H3C TX180x series WiFi6 routers are customized by different carrier.
While these three devices look different, they use the same motherboard
inside. Another minor difference comes from the model name definition
in the u-boot environment variable.
Specifications:
SOC: MT7621 + MT7915
ROM: 128 MiB
RAM: 256 MiB
LED: status *2
Button: reset *1 + wps/mesh *1
Ethernet: lan *3 + wan *1 (10/100/1000Mbps)
TTL Baudrate: 115200
TFTP server IP: 192.168.124.99
MAC Address:
use address(sample 1) address(sample 2) source
label 88:xx:xx:98:xx:12 88:xx:xx:a2:xx:a5 u-boot-env@ethaddr
lan 88:xx:xx:98:xx:13 88:xx:xx:a2:xx:a6 $label +1
wan 88:xx:xx:98:xx:12 88:xx:xx:a2:xx:a5 $label
WiFi4_2G 8a:xx:xx:58:xx:14 8a:xx:xx:52:xx:a7 (Compatibility mode)
WiFi5_5G 8a:xx:xx:b8:xx:14 8a:xx:xx:b2:xx:a7 (Compatibility mode)
WiFi6_2G 8a:xx:xx:18:xx:14 8a:xx:xx:12:xx:a7
WiFi6_5G 8a:xx:xx:78:xx:14 8a:xx:xx:72:xx:a7
Compatibility mode is used to guarantee the connection of old devices
that only support WiFi4 or WiFi5.
TFTP + TTL Installation:
Although a TTL connection is required for installation, we do not need
to tear down it. We can find the TTL port from the cooling hole at the
bottom. It is located below LAN3 and the pins are defined as follows:
|LAN1|LAN2|LAN3|----|WAN|
--------------------
|GND|TX|RX|VCC|
1. Set tftp server IP to 192.168.124.99 and put initramfs firmware in
server's root directory, rename it to a simple name "initramfs.bin".
2. Plug in the power supply and wait for power on, connect the TTL cable
and open a TTL session, enter "reboot", then enter "Y" to confirm.
Finally push "0" to interruput boot while booting.
3. Execute command to install a initramfs system:
# tftp 0x80010000 192.168.124.99:initramfs.bin
# bootm 0x80010000
4. Backup nand flash by OpenWrt LuCI or dd instruction. We need those
partitions if we want to back to stock firmwre due to official
website does not provide download link.
# dd if=/dev/mtd1 of=/tmp/u-boot-env.bin
# dd if=/dev/mtd4 of=/tmp/firmware.bin
5. Edit u-boot env to ensure use default bootargs and first image slot:
# fw_setenv bootargs
# fw_setenv bootflag 0
6. Upgrade sysupgrade firmware.
7. About restore stock firmware: flash the "firmware" and "u-boot-env"
partitions that we backed up in step 4.
# mtd write /tmp/u-boot-env.bin u-boot-env
# mtd write /tmp/firmware.bin firmware
Additional Info:
The H3C stock firmware has a 160-byte firmware header that appears to
use a non-standard CRC32 verification algorithm. For this part of the
data, the u-boot does not check it so we can just directly replace it
with a placeholder.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
6ff988f mv_ddr: a3700: Use the right size for memset to not overflow
0f3e893 mv_ddr: a38x: fix BYTE_HOMOGENEOUS_SPLIT_OUT decision
4bae770 mv_ddr: a38x: fix SPLIT_OUT_MIX state decision
cdefd8b mv_ddr: a38x: Fix Synchronous vs Asynchronous mode determination
8c42ad9 mv_ddr_4_training: cast uint64_t to unsigned long long
Signed-off-by: Andre Heider <a.heider@gmail.com>
This updates mac80211 to version 5.15.58-1 which is based on kernel
5.15.58.
The removed patches were applied upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Apply upstream patch[1] to fix breakage around math libraries.
This can likely be removed when 5.5.0-stable is tagged and released.
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
1. https://github.com/wolfSSL/wolfssl/pull/5390
Signed-off-by: John Audia <therealgraysky@proton.me>
Changes:
a47d86d Up the release version to 2.65
fc99e56 Include more signatures in pgp.keys.asc.
52288cc Close out this comment in the go/Makefile
eb0f1df Prevent 'capsh --user=xxx --' from generating a bash error.
9a95791 Improve documentation for cap_get_pid and cap_reset_ambient.
21d08b0 Fix syntax error in DEBUG protected setcap.c code.
9425048 More useful captree usage string and man page.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes:
38cfa2e Up the release version to 2.64
7617af6 Avoid a deadlock in forked psx thread exit.
fc029cb Include LIBCAP_{MAJOR,MINOR} #define's in sys/capability.h
ceaa591 Clarify how the cap_get_pid() argument is interpreted.
15cacf2 Fix prctl return code/errno handling in libcap.
aae9374 Be explicit about CGO_ENABLED=1 for compare-cap build.
66a8a14 psx: free allocated memory at exit.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add driver for NVM Express block devices, ie. PCIe connected SSDs.
Targets which allow booting from NVMe (x86, maybe some mvebu boards come
to mind) should have it built-in, so rootfs can be mounted from there.
For targets without NVMe support in bootloader or BIOS/firmware it's
sufficient to provide the kernel module package.
On targets having the NVMe driver built-in the resulting kmod package
is an empty dummy. In any case, depending on or installing kmod-nvme
results in driver support being available (either because it was already
built-in or because the relevant kernel modules are added and loaded).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Disable the usage of target specific CPU crypto instructions by default
to allow the package being shared again. Since WolfSSL does not offer
a stable ABI or a long term support version suitable for OpenWrt release
timeframes, we're forced to frequently update it which is greatly
complicated by the package being nonshared.
People who want or need CPU crypto instruction support can enable it in
menuconfig while building custom images for the few platforms that support
them.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This fixes problem of overwriting BCM4908 U-Boot and DTB files by
BCM4912 ones. That bug didn't allow booting BCM4908 devices.
Fixes: f4c2dab544 ("uboot-bcm4908: add BCM4912 build")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The change of the PKG_VERSION caused the hash of the package to
change. This is because the PKG_VERSION is present in the
internal directory structure of the archive.
Fixes: e879cccaa2 ("uboot-layerscape: update PKG_HASH")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Hardware
--------
CPU: Mediatek MT7621
RAM: 256M DDR3
FLASH: 128M NAND
ETH: 1x Gigabit Ethernet
WiFi: Mediatek MT7915 (2.4/5GHz 802.11ax 2x2 DBDC)
BTN: 1x Reset (NWA50AX only)
LED: 1x Multi-Color (NWA50AX only)
UART Console
------------
NWA50AX:
Available below the rubber cover next to the ethernet port.
NWA55AXE:
Available on the board when disassembling the device.
Settings: 115200 8N1
Layout:
<12V> <LAN> GND-RX-TX-VCC
Logic-Level is 3V3. Don't connect VCC to your UART adapter!
Installation Web-UI
-------------------
Upload the Factory image using the devices Web-Interface.
As the device uses a dual-image partition layout, OpenWrt can only
installed on Slot A. This requires the current active image prior
flashing the device to be on Slot B.
If the currently installed image is started from Slot A, the device will
flash OpenWrt to Slot B. OpenWrt will panic upon first boot in this case
and the device will return to the ZyXEL firmware upon next boot.
If this happens, first install a ZyXEL firmware upgrade of any version
and install OpenWrt after that.
Installation TFTP
-----------------
This installation routine is especially useful in case
* unknown device password (NWA55AXE lacks reset button)
* bricked device
Attach to the UART console header of the device. Interrupt the boot
procedure by pressing Enter.
The bootloader has a reduced command-set available from CLI, but more
commands can be executed by abusing the atns command.
Boot a OpenWrt initramfs image available on a TFTP server at
192.168.1.66. Rename the image to owrt.bin
$ atnf owrt.bin
$ atna 192.168.1.88
$ atns "192.168.1.66; tftpboot; bootm"
Upon booting, set the booted image to the correct slot:
$ zyxel-bootconfig /dev/mtd10 get-status
$ zyxel-bootconfig /dev/mtd10 set-image-status 0 valid
$ zyxel-bootconfig /dev/mtd10 set-active-image 0
Copy the OpenWrt ramboot-factory image to the device using scp.
Write the factory image to NAND and reboot the device.
$ mtd write ramboot-factory.bin firmware
$ reboot
Signed-off-by: David Bauer <mail@david-bauer.net>
The armvirt target is also used to run OpenWrt in lxc on other targets
like a Raspberry Pi. If we set WOLFSSL_HAS_CPU_CRYPTO by default the
wolfssl binray is only working when the CPU supports the hardware crypto
extension.
Some targets like the Raspberry Pi do not support the ARM CPU crypto
extension, compile wolfssl without it by default. It is still possible
to activate it in custom builds.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds a simple AES-128-CBC encryption/decryption program using
either wolfSSL or OpenSSL as backend to decrypt Arcadyan WG4xx223
configuration partitions. The ipk size is 3,355 bytes.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The system parameters are contained in the Bdata partition.
To use the fw_setsys command, you need to create a file
fw_sys.config.
This file is created after calling the functions
ubootenv_add_uci_sys_config and ubootenv_add_app_config.
Signed-off-by: Oleg S <remittor@gmail.com>
[ wrapped commit description to 72 char ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Now that libiconv-stub is gone, a replacement for its host build is
needed.
Fixes: c0ba4201f8 ("libiconv-stub: remove")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
moves and extends the current facilities, which have been
added some time ago for the the usbip utility, to support
more utilites that are shipped with the Linux kernel tree
to the SDK.
this allows to drop all the hand-waving and code for
failed previous attempts to mitigate the SDK build failures.
Fixes: bdaaf66e28 ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Accessing the console on many devices is difficult.
netconsole eases debugging on devices that crash
after the network is up.
Reference to the netconsole documentation in upstream Linux:
<https://www.kernel.org/doc/html/latest/networking/netconsole.html>
|
|netconsole=[+][src-port]@[src-ip]/[<dev>],[tgt-port]@<tgt-ip>/[tgt-macaddr]
|
| where
| + if present, enable extended console support
| src-port source for UDP packets (defaults to 6665)
| src-ip source IP to use (interface address)
| dev network interface (eth0)
| tgt-port port for logging agent (6666)
| tgt-ip IP address for logging agent
| tgt-macaddr ethernet MAC address for logging agent (broadcast)
OpenWrt specific notes:
OpenWrt's device userspace scripts are attaching the network
interface (i.e. eth0) to a (virtual) bridge (br-lan) device.
This will cause netconsole to report:
|network logging stopped on interface eth0 as it is joining a master device
(and unfortunately the traffic/logs to stop at this point)
As a workaround, the netconsole module can be manually loaded
again after the bridge has been setup with:
insmod netconsole netconsole=@/br-lan,@192.168.1.x/MA:C...
One way of catching errors before the handoff, try to
append the /etc/modules.conf file with the following extra line:
options netconsole netconsole=@/eth0,@192.168.1.x/MA:C...
and install the kmod-netconsole (=y) into the base image.
Signed-off-by: Catalin Toda <catalinii@yahoo.com>
(Added commit message from PR, added links to documentation)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The change of the PKG_VERSION caused the hash of the package to
change. This is because the PKG_VERSION is present in the
internal directory structure of the uboot-layerscape-21.08.tar.xz
archive.
i.e:
# tar tf uboot-layerscape-21.08.tar.xz:
uboot-layerscape-21.08/
uboot-layerscape-21.08/.azure-pipelines.yml
uboot-layerscape-21.08/.checkpatch.conf
uboot-layerscape-21.08/.gitattributes
uboot-layerscape-21.08/.github/
[...]
vs.
# tar tf uboot-layerscape-LSDK-21.08.tar.xz
uboot-layerscape-LSDK-21.08/
uboot-layerscape-LSDK-21.08/.azure-pipelines.yml
uboot-layerscape-LSDK-21.08/.checkpatch.conf
uboot-layerscape-LSDK-21.08/.gitattributes
uboot-layerscape-LSDK-21.08/.github/
[...]
the (file) content of both archives are otherwise the same.
The PKG_HASH was taken from the builder log:
| Hash of the local file uboot-layerscape-21.08.tar.xz does not match
|(file: 54909a98bdcc26c7f9b35b35fcae09b977ecbf044be7bffa6dad9306c47cccf6,
|requested: 874e871755ef84ebbf3[...]) - deleting download.
without this update, the uboot-layerscape-21.08 package would
always try to download (from git), repacked the archive and
reupload to sources.openwrt.org (~14 MiB saved).
Fixes: 038d5bdab1 ("layerscape: use semantic versions for LSDK")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
those board files can/should be dropped now too.
Fixes: 50c232d6f4 ("ipq-wifi: drop upstreamed board-2.bin")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
the tacked on @TARGET_bcm53xx causes warnings:
tmp/.config-package.in:14027:warning: ignoring unsupported character '@'
tmp/.config-package.in:26028:warning: ignoring unsupported character '@'
this was wrong.
Fixes: be1761fa14 ("nu801: add MR26 to the table")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
ef5d3e3 jail: fix various ignoring return value compilation warning
8e4a956 jail: add WARNING macro to log non critical warning message
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
46a33b8 kmodloader: fix compilation warning with not checking return of asprintf
Also switch PKG_RELEASE to AUTORELEASE.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This version fixes two vulnerabilities:
-CVE-2022-34293[high]: Potential for DTLS DoS attack
-[medium]: Ciphertext side channel attack on ECC and DH operations.
The patch fixing x86 aesni build has been merged upstream.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
the legacy driver was dropped in linux 5.14-rc3:
commit d249ff28b1d8 ("intersil: remove obsolete prism54 wireless driver")
Quoting Lukas Bulwahn:
"p54 replaces prism54 so users should be unaffected."
Reported-by: Marius Dinu <m95d+git@psihoexpert.ro>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The spidev_test is build in phase2 even though it should be disabled.
My best guess is that we hit the same issue that I had with nu801.
The build-system thinks it's a tool that is necessary for
building the kernel.
In this case, the same fix (adding a dependency on the presence of
the module) could work in this case as well?
Fixes: bdaaf66e28 ("utils/spidev_test: build package directly from Linux")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The BDFs for the:
GL.iNet GL-B2200
were upstreamed to the ath10k-firmware repository
and landed in linux-firmware.git
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Kalle:
"I see that variant has a space in it, does that work it correctly? My
original idea was that spaces would not be allowed, but didn't realise
to add a check for that."
Is this an easy change? Because the original author (Tim Davis) noted:
"You may substitute the & and space with something else saner if they
prove to be problematic."
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This PR allows a user to enable a private psk, where each station
may have it's own psk or use a common psk if it is not defined.
The private psk is defined using the sta's mac and a radius server
is required.
ppsk option should be enabled in the wireless configuration along with
radius server details. When using PPSK, the key is ignored, it will be
retrieved from radius server. SAE is not yet supported (private sae) in
hostapd.
Wireless example configuration:
option encryption 'psk2+ccmp'
option ppsk '1'
option auth_server '127.0.0.1'
option auth_secret 'radiusServerPassword'
If you want to use dynamic VLAN on PPSK also include:
option dynamic_vlan '2'
option vlan_tagged_interface 'eth0'
option vlan_bridge 'br-vlan'
option vlan_naming '0'
It works enabling mac address verification on radius server and
requiring the tunnel-password (the private psk) from radius server.
In the radius server we need to configure the users. In case of
freeradius: /etc/freeradius3/mods-config/files/authorize
The user and Cleartext-Password should be the mac lower case using the
format "aabbccddeeff"
<sta mac> Cleartext-Password := "<sta mac>"
Tunnel-Password = <Private Password>
Example of a user configured in radius and using dynamic VLAN5:
8cb84a000000 Cleartext-Password := "8cb84a000000"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 5,
Tunnel-Password = MyPrivPw
If we want to have a default or shared psk, used when the mac is not
found in the list, we need to add the following at the end of the radius
authorize file:
DEFAULT Auth-Type := Accept
Tunnel-Password = SharedPw
And if using VLANs, for example VLAN6 for default users:
DEFAULT Auth-Type := Accept
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 6,
Tunnel-Password = SharedPw
Signed-off-by: Manuel Giganto <mgigantoregistros@gmail.com>
the hash and timestamp of the remote copy of the archive
has changed since last bump
meaning the remote archive copy was recreated
Signed-off-by: Michael Pratt <mcpratt@pm.me>
swig has been installed on the buildbots a while a ago and
Petr Štetiar got a fix for the pylibfdt error. Use that and re-enable
the builds for mt7620 and mt7621.
Refresh patches while at it.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Let U-Boot handle free space in UBI partitions by recognizing the EOF
marker OpenWrt is using as well for that purpose.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Buidbots are throwing the following compile error:
In file included from tools/aisimage.c:9:
include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
^~~~~~~~~~~~~~~
compilation terminated.
Fix it by passing `UBOOT_MAKE_FLAGS` variable to make.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Fixes: 6d5611af28 ("uboot-at91: update to linux4sam-2022.04")
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Building U-Boot for the MT7621 SoC requires binman, a Python-based
host tool to generate images. For now, binman cannot work inside the
OpenWrt build system because it requires swig, so mark the MT7621
boards as borken to fix the ramips/mt7621 build until someone with
knowledge about Python and swig fixes the underlaying issue.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Buidbots are currently choking on the following compile error:
In file included from tools/aisimage.c:9:
include/image.h:1133:12: fatal error: openssl/evp.h: No such file or directory
# include <openssl/evp.h>
^~~~~~~~~~~~~~~
compilation terminated.
This is caused by a complete overriding of make flags which are provided
correctly in `UBOOT_MAKE_FLAGS` variable, but currently overriden
instead of extended. This then leads to the usage of build host include
dirs, which are not available.
Fix it by extending `UBOOT_MAKE_FLAGS` variable like it was done in
commit 481339a042 ("uboot-imx: fix wrong make flags overriding").
Fixes: 7094e65503 ("uboot-imx: add support for TechNexion PICO-PI-IMX7D")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
* Merge uboot-ramips into uboot-mediatek.
* Port support for the RAVPower RP WD009 to U-Boot 2022.07.
* Add support for MT7621 and add builds for the reference boards.
* Add builds for MT7620 and MT7628 reference boards.
This should help to make development of U-Boot-level board support for
all MediaTek targets much easier.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add patch to fix host-build of the mkimage tool without
CONFIG_TOOLS_LIBCRYPTO.
Update and refresh all patches.
Tested on BananaPi R64 (MT7622) successfully booting from SD card,
eMMC and SPI-NAND.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This board features an AP6335 system-in-package combination of Wi-Fi and
Bluetooth module based on BCM4339.
Support is borrowed directly from the following Buildroot commit:
095420e05ae5: ("configs/imx7dpico: Add Wifi support").
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Old firmware provided by 'cypress-firmware' suite is not sufficient for
AP6335 module used in PICO-PI-IMX7D board to probe successfully. Use the
upstream version from linux-firmware instead.
At the same time, drop the old firmware from 'cypress-firmware' package.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
TechNexion PICO-PI-IMX7D uses BCM4339 Wi-Fi interface in SDIO mode.
Enable SDIO support for imx/cortexa7 to fully support it in images.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
Add package supporting Bluetooth HCI interfaces connected over SDIO.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
[pepe2k@gmail.com: dropped rfkill dependency, other minor text fixes]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
This will allow using fw_printenv without /etc/fw_env.config. Once there
is Linux NVMEM driver available for U-Boot env data.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Update uboot-at91 to linux4sam-2022.04. As linux4sam-2022.04 is based on
U-Boot v2022.01 which contains commit
93b196532254 ("Makefile: Only build dtc if needed") removed also the DTC
variable passed to MAKE to force the compilation of DTC.
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Remove upstreamed patches:
- 001-xtables-Call-init_extensions6-for-static-builds.patch
- 002-xtables-Call-init_extensions_a_b.patch
Fix patches:
- 102-iptables-disable-modprobe.patch
Fix warnings in the form of:
xtables.c:475:14: warning: 'get_modprobe' defined but not used [-Wunused-function]
475 | static char *get_modprobe(void)
| ^~~~~~~~~~~~
Backport patches:
- 020-treewide-use-uint-instead-of-u_int.patch
- 030-revert-fix-build-for-missing-ETH_ALEN-definition.patch
- 040-xshared-Fix-build-for-Werror-format-security.patch
- 050-build-fix-error-during-out-of-tree-build.patch
- 060-libxtables-unexport-init_extensions-declarations.patch
Refresh patches:
- 101-remove-check-already.patch
- 102-iptables-disable-modprobe.patch
- 200-configurable_builtin.patch
- 600-shared-libext.patch
- 700-disable-legacy-revisions.patch
Remove from Makefile:
$(CP) $(PKG_BUILD_DIR)/include/libipulog $(1)/usr/include/
Changelog:
fa0ccdbd configure: bump version for 1.8.8 release
8468fd4f nft: Fix EPERM handling for extensions without rev 0
ce9195c6 extensions: LOG: Document --log-macdecode in man page
404f304d man: *NAT: Review --random* option descriptions
0a538259 extensions: DNAT: Merge core printing functions
a7c2b728 libxtables: Revert change to struct xtables_pprot
fd64a587 libxtables: Drop xtables_globals 'optstring' field
3b8a6a6f xshared: Extend xtables_printhelp() for arptables
8ff84eaf xshared: Move arp_opcodes into shared space
adbfec0b extensions: MARK: Drop extra newline at end of help
1dcfb81e nft: split gen_payload() to allocate register and initialize expression
7e38890c nft: prepare for dynamic register allocation
165cafec nft: pass handle to helper functions to build netlink payload
94309632 nft: native mark matching support
aa92ec96 nft: pass struct nft_xt_ctx to parse_meta()
4c70c42f nft-shared: update context register for bitwise expression
18c96821 extensions: man: Document service name support in DNAT and REDIRECT
72d542b6 extensions: Merge REDIRECT into DNAT
14d77c8a extensions: Merge IPv4 and IPv6 DNAT targets
9621318b extensions: DNAT: Rename from libipt to libxt
2e0c9a40 extensions: ipt_DNAT: Combine xlate functions also
7adef314 extensions: ipt_DNAT: Merge v1/v2 print/save code
3f4f1cf0 extensions: ipt_DNAT: Merge v1 and v2 parsers
070a8626 Revert "libipt_[SD]NAT: avoid false error about multiple destinations specified"
08c14fa6 man: DNAT: Describe shifted port range feature
24fff5d7 xlate-test: Fix for empty source line on failure
ac4c84cc libxtables: Boost rule target checks by announcing chain names
f58b0d74 libxtables: Implement notargets hash table
b1aee6b2 nft: Reject standard targets as chain names when restoring
b555bfed tests: shell: Fix 0004-return-codes_0 for static builds
c293e116 nft: Review static extension loading
0836524f xtables: Call init_extensions{,a,b}() for static builds
6c689b63 Simplify static build extension loading
0c8e2535 libxtables: Fix for warning in xtables_ipmask_to_numeric
0c0cd434 nft: Don't pass command state opaque to family ops callbacks
b6196c75 xshared: Prefer xtables_chain_protos lookup over getprotoent
07ee529f nft: Speed up immediate parsing
b5f2faea nft: Simplify immediate parsing
17534cb1 Improve error messages for unsupported extensions
2dbb49d1 libxtables: Register only the highest revision extension
07e2107e xshared: Implement xtables lock timeout using signals
a3980769 tests: NFLOG: enable `--nflog-range` tests
b8e8ac27 tests: support explicit variant test result
adb03c3f tests: add `NOMATCH` test result
7a006c7d tests: iptables-test: rename variable
b7f15b42 iptables.8: Describe the effect of multiple -v flags
1407a9c4 tests: iptables-test: Support variant deviation
fc8f7289 nft: cache: Dump rules if debugging
73b91292 nft: Add debug output to table creation
51d9d9e0 ebtables: Support verbose mode
ad1ed75f nft: Set NFTNL_CHAIN_FAMILY in new chains
17ed253f iptables-restore: Support for extra debug output
a761a026 nft: Use verbose flag to toggle debug output
98e69b7e nft: add support for native tcp flag matching
92808bd5 nft-shared: add tcp flag dissection
6aba94ef nft: prefer native expressions instead of tcp match
c034cf31 nft: prefer native expressions instead of udp match
5489493e nft-shared: support native udp port delinearize
5795a1b5 nft-shared: support native tcp port range delinearize
250dce87 nft-shared: support native tcp port delinearize
ea5d45dc extensions: libxt_NFLOG: fix typo
26ecdf53 xshared: Fix response to unprivileged users
b32ae771 build: replace `AM_PROG_LIBTOOL` and `AC_DISABLE_STATIC` with `LT_INIT`
05286bab extensions: libxt_NFLOG: remove extra space when saving targets with prefixes
f0d02998 extensions: libxt_NFLOG: fix `--nflog-prefix` Python test-cases
f9df828a extensions: libxt_NFLOG: disable `--nflog-range` Python test-cases
62ad29e9 extensions: libxt_NFLOG: don't truncate log prefix on print/save
db99f601 extensions: libxt_NFLOG: use nft built-in logging instead of xt_NFLOG
30b178b9 extensions: *NAT: Kill multiple IPv4 range support
7ee5b970 tests: iptables-test: correct misspelt variable
223f02ca nft: fix indentation error.
5c2c2eea ip6tables: Use the shared do_parse, too
9baf3bf0 iptables: Use xtables' do_parse() function
e4f5185d nft: Move proto_parse and post_parse callbacks to xshared
ded7b579 xshared: Store parsed wait and wait_interval in xtables_args
62c3c93d xshared: Move do_parse to shared space
3039a52c xtables: Do not pass nft_handle to do_parse()
ece001c2 xtables: Pass xtables_args to check_inverse()
17abaeb1 xtables: Pass xtables_args to check_empty_interface()
dc8d8fce xtables: Move struct nft_xt_cmd_parse to xshared.h
98a4462f xtables: Pull table validity check out of do_parse()
d83371c7 xtables: Drop xtables' family on demand feature
49aa44ba nft-shared: set correct register value
b129b1cf iptables-*-restore: Drop pointless line reference
316d8efb libxtables: Extend basic_exit_err()
4bff5aef xtables_globals: Embed variant name in .program_version
51e5d293 xshared: Share exit_tryhelp()
56ac0452 xshared: Share a common printhelp function
4149b5d8 xshared: Share print_match_save() between legacy ip*tables
273d88a7 extensions: tcpmss: add iptables-translate support
7213561d xshared: Make load_proto() static
cf14b92b nft-shared: Drop unused function print_proto()
24f30842 xshared: Share print_header() with legacy iptables
a323c283 xshared: Share print_fragment() with legacy
1d73cec0 xshared: Share print_rule_details() with legacy
e5fb9f8e xshared: Share save_ipv{4,6}_addr() with legacy
22f2e1fc xshared: Share save_rule_details() with legacy
766e4872 xshared: Share print_iface() function
b5881e7f nft: Change whitespace printing in save_rule callback
1189d830 xshared: Merge and share parse_chain()
1eab8e83 extensions: hashlimit: Fix tests with HZ=1000
afa525ee xlate-test: Print full path if testing all files
b8d5271d Unbreak xtables-translate
0af80a91 nft: Merge xtables-arp-standalone.c into xtables-standalone.c
142cf724 xtables: arptables accepts empty interface names
ab0a785a xtables: Derive xtables_globals from family
6cf3976e nft-shared: Make nft_check_xt_legacy() family agnostic
832a0e2b nft-arp: Introduce post_parse callback
0aea399d arptables: Use standard data structures when parsing
fe83b12f libxtables: Introduce xtables_globals print_help callback
0687852d xtables-standalone: Drop version number from init errors
dded8ff3 nft: Add family ops callbacks wrapping different nft_cmd_* functions
38e1fe58 xtables: Simplify addr_mask freeing
cfdda180 nft-shared: Introduce init_cs family ops callback
65b150ae xshared: Store optstring in xtables_globals
2e6014c7 nft: Introduce builtin_tables_lookup()
db90ff64 tests: shell: fix bashism
45d8f769 nft: Delete builtin chains compatibly
e865a853 nft-chain: Introduce base_slot field
f9b33967 nft: Check base-chain compatibility when adding to cache
43189612 nft: cache: Avoid double free of unrecognized base-chains
040a15f2 xtables-translate: add missing argument and option to usage
2ed6dc75 tests: iptables-test: Fix conditional colors on stderr
63ab4fe3 ebtables: Avoid dropping policy when flushing
b714d45d iptables-test.py: print with color escapes only when stdout isatty
481626bb tests: shell: Return non-zero on error
7559af83 tests: iptables-test: Exit non-zero on error
c057939d tests: xlate-test: Exit non-zero on error
a8da7186 tests: iptables-test: Print errors to stderr
5166c445 tests: xlate-test: Print errors to stderr
fa78ff15 tests: xlate-test: Don't skip any input after the first empty line
fcbe454b tests: iptables-test: Fix missing chain case
61e85e31 iptables-nft: allow removal of empty builtin chains
544e7dc1 Fix a few doc typos
e438b976 nft: Use xtables_{m,c}alloc() everywhere
ca11c7b7 nft: Use xtables_malloc() in mnl_err_list_node_add()
cf410aa6 extensions: libxt_mac: Fix for missing space in listing
7ae14dc1 iptables-test: Make netns spawning more robust
bef9dc57 extensions: hashlimit: Fix tests with HZ=100
943fbf3e ip6tables: masquerade: use fully-random so that nft can understand the rule
ef7781eb libxtables: exit if called by setuid executeable
8629c53f tests/shell: Assert non-verbose mode is silent
57d1422d nft: Fix for non-verbose check command
26318637 ebtables: Dump atomic waste
765bf04e doc: ebtables-nft.8: Adjust for missing atomic-options
e727ccad xtables: Call init_extensions6() for static builds
9e1fffdf extensions: libxt_multiport: add translation for -m multiport --ports
c8145139 extensions: libxt_conntrack: simplify translation using negation
1c934617 extensions: libxt_tcp: rework translation to use flags match representation
bb01e33d extensions: libxt_connlimit: add translation
62828a6a tests: xlate-test: support multiline expectation
ba863c4b libxtables: extend xlate infrastructure
68ed965b extensions: libxt_string: Avoid buffer size warning for strncpy()
9b85e1ab libxtables: Introduce xtables_strdup() and use it everywhere
ca840c20 extensions: libebt_ip6: Use xtables_ip6parse_any()
084671d5 iptables-apply: Drop unused variable
0729ab37 nft: Avoid buffer size warnings copying iface names
eab75ed3 nft: Avoid memleak in error path of nft_cmd_new()
ffe88f8f libxtables: Fix memleak in xtopt_parse_hostmask()
8bb5bcae extensions: libebt_ip6: Drop unused variables
97fabae7 libxtables: Drop leftover variable in xtables_numeric_to_ip6addr()
5818be17 extensions: sctp: Translate --chunk-types option
a61282ec extensions: sctp: Fix nftables translation
556f7044 Use proto_to_name() from xshared in more places
eea68ca8 ebtables-translate: Use shared ebt_get_current_chain() function
9dc50b5b xshared: Merge invflags handling code
3664249f xshared: Eliminate iptables_command_state->invert
f647f61f xtables: Make invflags 16bit wide
616800af extensions: SECMARK: Implement revision 1
1e984079 nft-arp: Make use of ipv4_addr_to_string()
acac2dbe Eliminate inet_aton() and inet_ntoa()
9084ef29 extensions: sctp: Explain match types in man page
a3e81c62 nft: Increase BATCH_PAGE_SIZE to support huge rulesets
fdf64dcd nft: cache: Sort chains on demand only
c5d9a723 fix build for missing ETH_ALEN definition
18d7535d extensions: libxt_conntrack: use bitops for status negation
18e334da extensions: libxt_conntrack: use bitops for state negation
831f57c7 libxtables: Simplify xtables_ipmask_to_cidr() a bit
46f9d3a9 xtables-translate: Fix translation of odd netmasks
330f5df0 nft: Fix bitwise expression avoidance detection
5f1fcace iptables-nft: fix -Z option
c9441657 include: Drop libipulog.h
30c1d443 ebtables: Exit gracefully on invalid table names
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes
- Add configure commands to alter inventory TLVs
Fixes
- Update seccomp rules for newer kernel/libc
- Correctly handle an interface whose index has changed
- Don't send VLANs when there are too many
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changelog:
Assembler:
General:
* Add support for the LoongArch architecture.
* Add an option to control how multibyte characters are handled in
the assembler. Using the option warnings can be generated when
such characters are encountered in symbol names, or anywhere in
the input source file(s).
AArch64 and ARM:
* Add support for more system registers.
* Add support for Scalable Matrix Extension.
* Add support for Cortex-R52+, Cortex-A510, Cortex-A710,
Cortex-X2, Cortex-A710 cores.
* Add support for 'v8.7-a', 'v8.8-a', 'v9-a', 'v9.1-a',
'armv9.2-a' and 'armv9.3-a' architecture extensions.
X86:
* Add a command-line option to encode aligned vector move as
unaligned vector move.
* Add support for Intel AVX512_FP16 instructions.
* The outputs of .ds.x directive and .tfloat directive with hex
input have been reduced from 12 bytes to 10 bytes to match the
output of .tfloat directive.
Linker:
* Add support for the LoongArch architecture.
* Add -z pack-relative-relocs/-z no pack-relative-relocs to x86 ELF
linker to pack relative relocations in the DT_RELR section.
* Add -z indirect-extern-access/-z noindirect-extern-access to x86
ELF linker to control canonical function pointers and copy
relocation.
Other Binary Tools:
* elfedit: Add --output-abiversion option to update ABIVERSION.
* Tools which display symbols or strings (readelf, strings, nm,
objdump) have a new command line option which controls how unicode
characters are handled. By default they are treated as normal for
the tool. Using --unicode=locale will display them according to
the current locale. Using --unicode=hex will display them as hex
byte values, whilst --unicode=escape will display them as escape
sequences. In addition using --unicode=highlight will display
them as unicode escape sequences highlighted in red (if supported
by the output device).
* readelf -r dumps RELR relative relocations now.
* Support for efi-app-aarch64, efi-rtdrv-aarch64 and
efi-bsdrv-aarch64 has been added to objcopy in order to enable
UEFI development using binutils.
* ar: Add --thin for creating thin archives. -T is a deprecated
alias without diagnostics. In many ar implementations -T has a
different meaning, as specified by X/Open System Interface.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add libatomic as dependency.
Changelog:
2022-04-10: v1.0.26
* Fix regression with transfer free's after closing device
* Fix regression with destroyed context if API is misused
* Workaround for applications using missing default context
* Fix hotplog enumeration regression
* Fix Windows isochronous transfer regression since 1.0.24
* Fix macOS exit crash in some multi-context cases
* Build fixes for various platforms and configurations
* Fix Windows HID multi-interface product string retrieval
* Update isochronous OUT packet actual lengths on Windows
* Add interface bound checking for broken devices
* Add umockdev tests on Linux
Signed-off-by: Nick Hainke <vincent@systemli.org>
Remove upstreamed patche:
- 001-Correct-a-typo-in-the-Changelog-and-clean-up-a-stray.patch
- 002-linux_usbfs-Fix-parsing-of-descriptors-for-multi-con.patch
Changelog:
2022-01-31: v1.0.25
* Linux: Fix regression with some particular devices
* Linux: Fix regression with libusb_handle_events_timeout_completed()
* Linux: Fix regression with cpu usage in libusb_bulk_transfer
* Darwin (macOS): Add support for detaching kernel drivers with authorization.
* Darwin (macOS): Do not drop partial data on timeout.
* Darwin (macOS): Silence pipe error in set_interface_alt_setting().
* Windows: Fix HID backend missing byte
* Windows: Fix segfault with libusbk driver
* Windows: Fix regression when using libusb0 driver
* Windows: Support LIBUSB_TRANSFER_ADD_ZERO_PACKET on winusb
* New NO_DEVICE_DISCOVERY option replaces WEAK_AUTHORITY option
* Various other bug fixes and improvements
Signed-off-by: Nick Hainke <vincent@systemli.org>
- Rearrange Makefile.
- Switch to codeload.github.com because it looks like new version are
not longer deployed at www.digip.org
Signed-off-by: Nick Hainke <vincent@systemli.org>
Remove upstreamed patches:
- 001-src-nl_extras.h-fix-compatibility-with-libnl-3.3.0.patch
Changes:
- examples: add README with details to the various examples
- examples: af_ieee802154_tx example
- examples: af_ieee802154_rx example
- examples: add af_packet_rx example
- examples: af_inet6_rx example
- examples: af_packet_tx example
- examples: af_inet6_tx example
- examples: add .gitignore file for examples directory
- src/nl_extras.h: fix compatibility with libnl 3.3.0
- wpan-ping: add the support to set wpan-ping interval
- wpan-ping: Add the filtering function for frame receiving
Signed-off-by: Nick Hainke <vincent@systemli.org>
- Use SPDX
- Add PKG_RELEASE
- Change wpan.cakelab.org to linux-wpan.org/wpan-tools.html
- Switch to github.com as PKG_SOURCE_URL
Signed-off-by: Nick Hainke <vincent@systemli.org>
Changes:
1bb4162 libnl-3.7.0 release
897ec9c route: act: Allow full set of actions on gact,skbedit,mirred
00e46f1 Use print() function in both Python 2 and Python 3
083c1b6 sriov: fix setting ce_mask when parsing VF stat counter
2e9a4f7 Fix typos and errors
cc87ad2 changelog: update URL to git history
bde0b4c changelog: fix typos in ChangeLog
44988e6 route: format recently added code with clang-format
df6e38b route/act: add NAT action
7304c42 route: format recently added code with clang-format
f8eb218 cls: flower: extend flower API
e5dc111 flower: use correct attribute when filling out flags
df6058c tests: merge branch 'th/test-link'
9772c1d tests: add unit tests for creating links
4713b76 github: run unit tests several times and directly
8025547 github: export NLTST_SEED_RAND= to randomize unit tests
7efeca2 tests: add test utils
f6f4d36 tests: reformat unit test files with clang-format
135a706 utils: add _NL_AUTO_DEFINE_FCN_STRUCT() macro
0ea11be utils: add _nl_thread_local macro
9b04936 route: fix crash caused by parse_multipath() by wrong free()
2effffe route/link: Set the cache ops when cloning a link
5ecd56c route/link: add lock around rtnl_link_af_ops_put()
e1a077a route/link: avoid accessing af_ops after af_free() in rtnl_link_set_family()
3f4f1dd xfrm/sa: fix reference counters of sa selector addresses
d3c783f all: merge branch 'th/coverity-fixes'
23a75c5 xfrm: fix uninitalized variables in build_xfrm_ae_message()
d52dbcb route: fix check for NULL in nh_encap_dump()
1f61096 route/qdisc/mqprio: fix bufferoverflow and argument checking in rtnl_qdisc_mqprio_set_*()
f918c3a route/sriov: fix buffer overflow in rtnl_link_sriov_parse_vflist()
d4c7972 all: fix "-Wformat" warnings for nl_dump*()
6b2f238 netlink/utils.h: mark nl_dump() with __attribute__((format(printf,a,b)))
d3bd278 netlink/utils.h: add internal _nl_attribute_printf macro for public headers
a30b26d socket: workaround undefined behavior coverity warning in generate_local_port()
8acf6d5 nl-pktloc-lookup: fix buffer overflow when printing alignment
bf3585f route/link/sriov: fix initializing vlans in rtnl_link_sriov_clone()
dd06d22 route/qdisc/netem: fix bogus "%" in format string netem_dump_details()
f50a802 route/u32: fix u32_dump_details() to print data
fa79ee3 link/vrf: avoid coverity warning in rtnl_link_vrf_set_tableid() about CONSTANT_EXPRESSION_RESULT
31380f8 utils: suppress coverity warning in nl_cli_load_module() about leaked handle
aa398b5 route/ip6vti,ip6gre: fix printing invalid data in ip6{vti,gre}_dump_details()
40683cc netlink/private: add internal helper utils
6615dc0 route/link: workaround coverity warning about leak in rtnl_link_set_type()
ff5ef61 all: avoid coverity warnings about assigning variable but not using it
f58a3c0 route/mdb: check parser error in mdb_msg_parser() for nested MDBA_MDB attribute
46506d3 route/mdb: add and use rtnl_mdb_entry_free() internal helper method
46e85d2 route/mdb: fix leak in mdb_msg_parser()
b0641dd route/mdb: add _nl_auto_rtnl_mdb cleanup macro
d544105 route/mdb: fix buffer overflow in mdb_msg_parser()
4d12b63 tests: silently ignore EACCES for setting uid_map for test namespace
ec712a4 tests: cleanup unshare_user() and use _nltst_fclose()
85e3c5d tests: add _assert_nltst_netns() helper
39e4d8d github: test out-of-tree build and "--disable-static"
d63e473 github: build documentation in CI test
fa7f97f build: avoid building check-direct with --disable-static
8c741a7 tools: fix aborting on failure in "tools/build_release.sh" script
e2aa409 doc: fix markup error in "doc/route.txt"
4f3b4f9 doc: fix python2-ism in "doc/resolve-asciidoc-refs.py"
Signed-off-by: Nick Hainke <vincent@systemli.org>
Backport upstream fix to build on kernel 5.15.52 or later since kernel
devs backported newer functionality to older kernels.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Apply an upstream patch that removes unnecessary CFLAGs, avoiding
generation of incompatible code.
Commit 0bd5367233 is reverted so the
accelerated version builds by default on x86_64.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
*) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation would not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.
Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
they are both unaffected.
(CVE-2022-2097)
[Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
Signed-off-by: Dustin Lundquist <dustin@null-ptr.net>
Make sure the 'configure' shell script finds the libintl when linking
the test programs for discovering libpcap and libbpf.
Reported-by: @trippleflux
Fixes: 6ad1bea2a6 ("xdp-tools: add package")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The SDK does not have the LLVM toolchain yet.
Hopefully fixes errors in the form:
xsk_def_xdp_prog.c:4:10: fatal error: 'bpf/bpf_helpers.h' file not found
#include <bpf/bpf_helpers.h>
Fixes: 6ad1bea2a6 ("xdp-tools: add package")
Signed-off-by: Nick Hainke <vincent@systemli.org>
Without this, WOLFSSL_HAS_DH can be disabled even if WOLFSSL_HAS_WPAS is
enabled, resulting in an "Anonymous suite requires DH" error when trying
to compile wolfssl.
Signed-off-by: Pascal Ernster <git@hardfalcon.net>
Reviewed-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
*) In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further bugs where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection have been
fixed.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
(CVE-2022-2068)
[Daniel Fiala, Tomáš Mráz]
*) When OpenSSL TLS client is connecting without any supported elliptic
curves and TLS-1.3 protocol is disabled the connection will no longer fail
if a ciphersuite that does not use a key exchange based on elliptic
curves can be negotiated.
[Tomáš Mráz]
Signed-off-by: Andre Heider <a.heider@gmail.com>
libjson-c is happy to pick up libbsd both on the host and target.
Reproducible with
make package/libbsd/compile;make package/libjson-c/compile
Also fixes host compilation on Arch Linux for a similar reason.
Undefined reference to arc4random.
Fixes: f3a198697f ("libjson-c: update to 0.16")
Acked-by: Thomas Huehn thomas.huehn@hs-nordhausen.de
Acked-by: Nick Hainke vincent@systemli.org
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Disable lz4 and lzo2 manually.
Fixes errors in the form of:
Package f2fsck is missing dependencies for the following libraries:
liblz4.so.1
liblzo2.so.2
Fixes: 8b9e806160 ("f2fs-tools: update to 1.15.0")
Acked-by: Thomas Huehn <thomas.huehn@hs-nordhausen.de>
Signed-off-by: Nick Hainke <vincent@systemli.org>
xdp-tools - Library and utilities for use with the eXpress Data Path:
Fast Programmable Packet Processing in the Operating System Kernel
* libxdp: library for attaching XDP programs and using AF_XDP sockets
* xdp-filter: a simple XDP-powered packet filter
* xdp-loader: an XDP program loader
* xdpdump: tool for capturing packets at the XDP layer
Thanks to Nick @PolynomialDivision Hainke for testing and fixing!
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Improvements
- Added an interface of raising des Strausses awareness.
- Added --tips option to print strace tips, tricks, and tweaks at the end of the tracing session.
- Enhanced decoding of bpf and io_uring_register syscalls.
- Implemented decoding of COUNTER_*, RTC_PARAM_GET, and RTC_PARAM_SET ioctl commands.
- Updated lists of BPF_*, BR_*, BTRFS_*, IFA_*, IFLA_*, IORING_*, KEY_*, KVM_*, MADV_*, and UFFD_* constants.
- Updated lists of ioctl commands from Linux 5.18.
Bug fixes
- Fixed printing of the updated value of union bpf_attr.next_id on the exiting of bpf(BPF_*_GET_NEXT_ID) calls.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Improvements
- Added 64-bit LoongArch architecture support.
- Extended personality designation syntax of syscall specification expressions to support all@pers and %class@pers.
- Enhanced rejection of invalid syscall numbers in syscall specification expressions.
- Implemented decoding of set_mempolicy_home_node syscall, introduced in Linux 5.17.
- Implemented decoding of IFLA_GRO_MAX_SIZE and TCA_ACT_IN_HW_COUNT netlink attributes.
- Implemented decoding of PR_SET_VMA operation of prctl syscall.
- Implemented decoding of siginfo_t.si_pkey field.
- Implemented decoding of LIRC ioctl commands.
- Updated lists of FAN_*, IORING_*, IOSQE_*, KEY_*, KVM_*, MODULE_INIT_*, TCA_ACT_*, and *_MAGIC constants.
- Updated lists of ioctl commands from Linux 5.17.
Signed-off-by: Nick Hainke <vincent@systemli.org>
The mac80211-hwsim and the Intel iwlwifi driver support ieee80211ax, add
the missing DRIVER_11AX_SUPPORT dependency too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fix:
- 001-dont-build-docs.patch
Remove upstreamed patch:
- 010-clang.patch
Changelog:
Deprecated and removed features:
--------------------------------
* JSON_C_OBJECT_KEY_IS_CONSTANT is deprecated in favor of
JSON_C_OBJECT_ADD_CONSTANT_KEY
* Direct access to lh_table and lh_entry structure members is deprecated.
Use access functions instead, lh_table_head(), lh_entry_next(), etc...
* Drop REFCOUNT_DEBUG code.
New features
------------
* The 0.16 release introduces no new features
Build changes
-------------
* Add a DISABLE_EXTRA_LIBS option to skip using libbsd
* Add a DISABLE_JSON_POINTER option to skip compiling in json_pointer support.
Significant changes and bug fixes
---------------------------------
* Cap string length at INT_MAX to avoid various issues with very long strings.
* json_object_deep_copy: fix deep copy of strings containing '\0'
* Fix read past end of buffer in the "json_parse" command
* Avoid out of memory accesses in the locally provided vasprintf() function
(for those platforms that use it)
* Handle allocation failure in json_tokener_new_ex
* Fix use-after-free in json_tokener_new_ex() in the event of printbuf_new() returning NULL
* printbuf_memset(): set gaps to zero - areas within the print buffer which
have not been initialized by using printbuf_memset
* printbuf: return -1 on invalid arguments (len < 0 or total buffer > INT_MAX)
* sprintbuf(): propagate printbuf_memappend errors back to the caller
Optimizations
--------------
* Speed up parsing by replacing ctype functions with simplified, faster
non-locale-sensitive ones in json_tokener and json_object_to_json_string.
* Neither vertical tab nor formfeed are considered whitespace per the JSON spec
* json_object: speed up creation of objects, calloc() -> malloc() + set fields
* Avoid needless extra strlen() call in json_c_shallow_copy_default() and
json_object_equal() when the object is known to be a json_type_string.
Other changes
-------------
* Validate size arguments in arraylist functions.
* Use getrandom() if available; with GRND_NONBLOCK to allow use of json-c
very early during boot, such as part of cryptsetup.
* Use arc4random() if it's available.
* random_seed: on error, continue to next method instead of exiting the process
* Close file when unable to read from /dev/urandom in get_dev_random_seed()
Signed-off-by: Nick Hainke <vincent@systemli.org>
Refresh:
- 100-portability.patch
Changelog:
ea4ea5e6 Document MacOS test workaround.
b14fc902 Add missing file fat-arm64.c to tar file.
6720f433 Update config.guess and config.sub to latest versions.
a2be57f0 NEWS entries for Nettle-3.8.
bff9a605 Update version numbers, for nettle-3.8.
36386678 Fix comment typo
e05fd5a9 Add ChangeLog entry for SM3 contribution.
8739faa8 Document cbc_aes128_encrypt, cbc_aes192_encrypt and cbc_aes256_encrypt.
efb2ec7f Deleted the manual's incomplete and out of date list of authors.
af38c91f New more accurate AUTHORS file.
ba084efa Fix ChangeLog typo.
0fff3097 ChangeLog entries for s390x ghash update.
75b687a8 Fix comment typo.
5d0089ed Refactor s390x-specific code for new ghash organization
2aabd5e2 ppc: Update fat setup for new ghash organization.
8f5fddfb ppc: Update vpmsumd ghash to new organization.
1227381e Comment fix.
9939f866 arm64: Update fat setup for new ghash organization.
ab62f731 Fix comment error
b1645555 arm64: Update pclmul ghash to new organization.
6b80b889 Update fat setup for new ghash organization.
d382fcc0 Delete _ghash_digest.
d11c4cd9 x86_64: Update pclmul ghash to new organization.
f79cc0c1 x86_64: Update table-based ghash to new organization.
bdc2fc31 Move _ghash_digest.
1d438ad4 Refactor GCM C implementation.
bdf820df New function block16_zero.
d966ea0d Delete code for GCM_TABLE_BITS != 8.
60edc290 x86_64: Fat setup for GCM.
be245313 Fix comment typo.
f8fa4f1f x86_64: Initial implementation of gcm using the pclmulqdq instructions.
23f75f58 Rearrange gcm configuration defines, and add tests for internal functions.
483ccbc9 Add tests for edge cases in poly1305 digest folding.
f3656a44 x86_64: Rewrite of poly1305 assembly.
b7268727 ChangeLog entry for arm64 implementation of chacha.
1d4a985c ChangeLog entries for new ppc64 ecc files.
99be366f ecc: Add powerpc64 assembly for ecc_448_modp
53f7ae66 Move a comment.
e643dcf1 ecc: Add powerpc64 assembly for ecc_25519_modp
741191d1 ecc: Add powerpc64 assembly for ecc_224_modp
4adcb4af Simplify poly1305-test, more use of tstring length.
b48217c8 Add randomized tests of poly1305.
dbf178c0 Arrange so that GMP or mini-gmp is always available for tests.
7d83510e ChangeLog entries for new ppc64 ecc files.
02bbf7d1 ecc: Add powerpc64 assembly for ecc_521_modp
2bc7dfad ecc: Add powerpc64 assembly for ecc_384_modp
9b6c0639 ecc: Add powerpc64 assembly for ecc_192_modp
39af7b2e [Arm64] Optimize Chacha20
c82876a5 [S390x] Alerting assembler of machine type
044d24b0 [S390x] Optimize Chacha20
94228f87 tests: Use inline function for dummy definition of test_randomize.
7926debe Share ecc point validation function in testutils.c.
25f73004 Whitespace cleanup
0ec184d8 ppc: Reduce number of registers used for ecc_secp256r1_redc.
c7cf1939 ppc: New configure test for ELFV2_ABI
f57640ea x86_64: Improved ecc_secp256r1_redc
dd65a63e ChangeLog for previous change.
ecd4eacf ppc: Add powerpc64 assembly for ecc_256_redc
b2758f7c doc: documentation for SM3 hash
0ea74c02 Comment improvements for x86_64 ecc_secp256r1_redc
78aabc69 nettle-benchmark: bench SM3 hashes
7f77ccb4 hmac: add support for SM3 hash function
e2edd9be testsuite: add test for SM3 hash function
b72886e5 Add OSCCA SM3 hash algorithm
d2e4e531 Delete function mpz_limbs_read_n.
dd566239 Delete function mpz_limbs_cmp.
07d5e755 gitlab-ci: Enable randomized tests
64ce8c77 Randomize more tests
a6f9bdeb Reduce allocation in modinv test
957482d9 Fix sqrt_ratio test for v = 0 case.
7f730943 Reduce allocation in sqrt tests
2c9a600d Move NETTLE_TEST_SEED logic to testutils.c.
48d61c28 Delete obsolete comment.
ac95be13 Fix and test for sqrt(0) special case.
ffe0f587 eccdata: Output ecc_sqrt_z and ECC_SQRT_E only when computed.
65c95c79 Fix comment typo.
8db66280 Let secp384r1 inverse and sqrt share most of the powering.
5b2758a3 eccdata: Delete generation of unused values ecc_sqrt_t and ECC_SQRT_T_BITS.
b3abfac5 eccdata: Generate both redc and non-redc versions of ecc_sqrt_z.
2dbe065d Implement secp224r1 square root, based on patch by Wim Lewis.
c8daa71c New function ecc_mod_equal_p, based on patch by Wim Lewis.
4be1725f New function ecc_mod_pow_127m1, used for ecc_secp224r1_inv.
4e987de3 Implement secp521r1 square root, based on patch by Wim Lewis.
2adc4268 Implement secp384r1 square root, based on patch by Wim Lewis.
bc07754f Implement secp256r1 square root, based on patch by Wim Lewis.
35f12552 Implement secp192r1 square root, based on patch by Wim Lewis.
c2726388 Renamed sqrt_itch --> sqrt_ratio_itch, and curve25519 and curve448 sqrt functions.
03421be1 Rename ecc sqrt --> sqrt_ratio.
652bdc79 New function ecc_mod_zero_p.
571d2cc2 [S390x] Improvements on documentation and instruction set usage for SHA3 permute
26b0f47b New function sec_zero_p.
259ec19a [S390x] Remove lgr instructions by using xgrk instead of xgr instruction
73722fb0 Rewrite of secp256r1 mod functions.
45028ff2 Extend ecc-mod-test, with improved coverage of corner cases.
806d6f6a [S390x] Optimize SHA3 permute using vector facility
78f44318 Change "signature on digest" --> "of digest".
0f90c076 Doc fixes.
52c86f94 Delete a few old FIXME comments
2b68ee47 Use @url and https consistently for references. Fix overlong lines.
ea4b2e86 Use texi2pdf to generate the pdf manual
54bbc09b ChangeLog entries for doc structure improvements.
cc92638c Divide Cipher section into menu and nodes, and some other minor fixes.
5e6af10b Delete explicit node pointers in nettle.texinfo
55584f4e Change CBC-AES interface
7a966ac3 Test AEAD encrypt/decrypt with message split into pieces.
686fd559 More checks for null pointers in test_aead, to silent static analyzer.
41a72c24 Fix checks of HAVE_NATIVE_cbc_aes*_encrypt
d5b0b9cb Fix fat builds for x86_64 windows
419d7af5 x86_64: Fat setup for assembly CBC AES.
121290e0 x86_64: Assembly CBC AES aesni functions.
1f58b09c Add specialized functions for cbc-aes.
99dffa9c ChangeLog entries for recent contributions.
38092fde gitlab-ci: Use mini-gmp for big-endian powerpc64 cross build
4147279b gitlab-ci: Explicitly install cross libgmp-dev packages
8c2321d2 gitlab-ci: No-assembly cross-build for s390x, to test big-endian
d4cd2965 gitlab-ci: Delete mips build
9765f8b9 [S390x] Optimize SHA256 and SHA512 compress functions
463553ae x86_64: New 2-way aesni loop also for aes256
c7391e5c x86_64: Refactor aesni assembly, with specific functions for each key size.
4ea2a1f8 [S390x] Optimize SHA1 compress
a47813c2 [AArch64] Utilize AES 1-block macros in 4-block macros
5f7740a3 [AArch64] Load AES keys at function prologue
76c7418c ChangeLog entries for previous change.
f7bc3e1b [AArch64] Move AES round macros to machine.m4
39d1e2a3 [AArch64] Optimize AES with fat build support
b8054a1d [S390x] Optimize memxor3 using vector facility with fat support
422219fe [S390x] Optimize memxor
3900fe65 Add fat-s390x.c to OPT_SOURCES.
c2f16582 Fix name of s390x/fat directory in make dist target.
4fc00c4d [S390x] add FAT_TEST_LIST variable to enable fat build testing
856c62ef [S390x] Replace inline assembly and fix fat filenames
3be3ff3e [S390x] Fat build support for AES and GHASH
9f9d4c4b arm64: Add sha2 to aarch64 fat tests.
774917ec ChangeLog entry for arm64 sha256..
7b446327 [AArch64] Fat build support for SHA-256 compress
6c84092d [S390x] wipe parameter block content and leftover bytes of data from stack
7d301d93 [S390x] wipe hash subkey from stack once GHASH operation completed
d1c8417f [AArch64] Optimize SHA-256 compress
33bfc509 [S390x] Use uppercase for macro names in machine.m4 and enhance the documentation for GHASH implementation
94be863c Add sha1 to aarch64 fat tests.
6c89ed3c ChangeLog entry for previous change.
e5a9dbf4 arm64: Fat build support for SHA1 compress
530e4c8d [S390x] Update configure.ac and Makefile.in
b0525367 [S390x] Implement alloc_stack and free_stack macros in machine.m4
72448928 [S390x] Optimize GHASH
20fedc01 Update Nettle-3.7.3 NEWS.
c80961c6 Add input check to rsa_decrypt family of functions.
cd6059ae Change _rsa_sec_compute_root_tr to take a fix input size.
401e0bdd Fix comment typos.
fd6d9ba7 Add check that message length to _pkcs1_sec_decrypt is valid.
e60d8367 ChangeLog entry for arm64 sha1.
47cafcf2 aarch64: Optimize SHA1 Compress
a46a17e9 Fix C++-style comments
022e51a2 ChangeLog entries for aes keywrap.
0145efbc Implement aes key wrap and key unwrap (RFC 3394)
61bcbbf8 gitlab-ci: Explicitly pass --enable-s390x-msa to s390x build.
3b1bb7cb Fix comment typo.
c23701f3 Reorder and indent asm_replace_list.
c2a14fa3 ChangeLog entry for new s390x AES implementation.
1f38723e Append s390x-specific asm file names to asm_replace_list in configure.ac
71dafe91 [S390x] Basic AES-192 and AES-256 optimizations
8247fa21 ppc: Fix macro name SWAP_MASK to use all uppercase.
b9f0ede2 Update config.guess and config.sub.
46515038 [S390x] Basic AES-128 optimization
f4dc5f20 Split aes-encrypt.c and aes-decrypt.c into one file per key size.
0bff7a2b Initial config for s390x, contributed by Mamone Tarsha.
06d6ef33 nettle-benchmark: avoid -Wmaybe-uninitialized warnings
dda3f4fd gitlab-ci: Fix only: variables: check, and quote variables.
c2b56cd7 gitlab-ci: Use pipeline variable S390X_ACCOUNT
c25774e2 gitlab-ci: Add remote tests for s390x.
d5972ced Add forward declaration of struct aes_table.
085317d6 ChangeLog entries for arm64 fat build.
944881d7 ChangeLog entry for nettle-3.7.2 release
f9e0e1f4 NEWS entries for 3.7.2.
1585f6ac [AArch64] Support fat build for GCM optimization
03b8ba39 [AArch64] Use m4 macros in gcm-hash.asm and add documentation comments
3f43c143 [AArch64] Update README to be on par with other architectures
b30e0ca6 Fix canonical reduction in gostdsa_vko.
d9b564e4 Similar fix for eddsa.
fbaefb64 Analogous fix to ecc_gostdsa_verify.
c24b3616 Ensure ecdsa_sign output is canonically reduced.
2397757b Fix bug in ecc_ecdsa_verify.
5b7608fd Use ecc_mod_mul_canonical for point comparison.
2bf497ba New functions ecc_mod_mul_canonical and ecc_mod_sqr_canonical.
a471ae85 aarch64: Rename arm64/v8/ --> arm64/crypto/
0489825e aarch64: Use .arch armv8-a+crypto directive.
d32152f4 aarch64: Move m4 definitions after .file directive
f3dda9f4 ChangeLog entries for arm64 gcm_hash.
b098f19b arch64: Fix clang build
fd9dd9d7 arch64: Fix copyright line and typos
a3f91c0e aarch64: Adjust gcm-hash assembly for big-endian systems
09d77a10 aarch64: Implement GHASH using the crypto extension pmul instructions.
0c5429d3 aarch64: Add README
dbd16501 Add an empty machine.m64 to make configure happy
ebf9ae83 Recognize arm64 in configure
Signed-off-by: Nick Hainke <vincent@systemli.org>
Adjust
- 100-tcpdump_mini.patch
Remove upstreamed patches:
- 101-CVE-2020-8037.patch
- 102-CVE-2018-16301.patch
Changelog:
Wednesday, June 9, 2021 by gharris
Summary for 4.99.1 tcpdump release
Source code:
Squelch some compiler warnings
ICMP: Update the snapend for some nested IP packets.
MACsec: Update the snapend thus the ICV field is not payload
for the caller.
EIGRP: Fix packet header fields
SMB: Disable printer by default in CMake builds
OLSR: Print the protocol name even if the packet is invalid
MSDP: Print ": " before the protocol name
ESP: Remove padding, padding length and next header from the buffer
DHCPv6: Update the snapend for nested DHCPv6 packets
OpenFlow 1.0: Get snapend right for nested frames.
TCP: Update the snapend before decoding a MPTCP option
Ethernet, IEEE 802.15.4, IP, L2TP, TCP, ZEP: Add bounds checks
ForCES: Refine SPARSEDATA-TLV length check.
ASCII/hex: Use nd_trunc_longjmp() in truncation cases
GeoNet: Add a ND_TCHECK_LEN() call
Replace ND_TCHECK_/memcpy() pairs with GET_CPY_BYTES().
BGP: Fix overwrites of global 'astostr' temporary buffer
ARP: fix overwrites of static buffer in q922_string().
Frame Relay: have q922_string() handle errors better.
Building and testing:
Rebuild configure script when building release
Fix "make clean" for out-of-tree autotools builds
CMake: add stuff from CMAKE_PREFIX_PATH to PKG_CONFIG_PATH.
Documentation:
man: Update a reference as www.cifs.org is gone. [skip ci]
man: Update DNS sections
Solaris:
Fix a compile error with Sun C
Wednesday, December 30, 2020, by mcr@sandelman.ca, denis and fxl.
Summary for 4.99.0 tcpdump release
CVE-2018-16301: For the -F option handle large input files safely.
Improve the contents, wording and formatting of the man page.
Print unsupported link-layer protocol packets in hex.
Add support for new network protocols and DLTs: Arista, Autosar SOME/IP,
Broadcom LI and Ethernet switches tag, IEEE 802.15.9, IP-over-InfiniBand
(IPoIB), Linux SLL2, Linux vsockmon, MACsec, Marvell Distributed Switch
Architecture, OpenFlow 1.3, Precision Time Protocol (PTP), SSH, WHOIS,
ZigBee Encapsulation Protocol (ZEP).
Make protocol-specific updates for: AH, DHCP, DNS, ESP, FRF.16, HNCP,
ICMP6, IEEE 802.15.4, IPv6, IS-IS, Linux SLL, LLDP, LSP ping, MPTCP, NFS,
NSH, NTP, OSPF, OSPF6, PGM, PIM, PPTP, RADIUS, RSVP, Rx, SMB, UDLD,
VXLAN-GPE.
User interface:
Make SLL2 the default for Linux "any" pseudo-device.
Add --micro and --nano shorthands.
Add --count to print a counter only instead of decoding.
Add --print, to cause packet printing even with -w.
Add support for remote capture if libpcap supports it.
Display the "wireless" flag and connection status.
Flush the output packet buffer on a SIGUSR2.
Add the snapshot length to the "reading from file ..." message.
Fix local time printing (DST offset in timestamps).
Allow -C arguments > 2^31-1 GB if they can fit into a long.
Handle very large -f files by rejecting them.
Report periodic stats only when safe to do so.
Print the number of packets captured only as often as necessary.
With no -s, or with -s 0, don't specify the snapshot length with newer
versions of libpcap.
Improve version and usage message printing.
Building and testing:
Install into bindir, not sbindir.
autoconf: replace --with-system-libpcap with --disable-local-libpcap.
Require the compiler to support C99.
Better detect and use various C compilers and their features.
Add CMake as the second build system.
Make out-of-tree builds more reliable.
Use pkg-config to detect libpcap if available.
Improve Windows support.
Add more tests and improve the scripts that run them.
Test both with "normal" and "x87" floating-point.
Eliminate dependency on libdnet.
FreeBSD:
Print a proper error message about monitor mode VAP.
Use libcasper if available.
Fix failure to capture on RDMA device.
Include the correct capsicum header.
Source code:
Start the transition to longjmp() for packet truncation handling.
Introduce new helper functions, including GET_*(), nd_print_protocol(),
nd_print_invalid(), nd_print_trunc(), nd_trunc_longjmp() and others.
Put integer signedness right in many cases.
Introduce nd_uint*, nd_mac_addr, nd_ipv4 and nd_ipv6 types to fix
alignment issues, especially on SPARC.
Fix many C compiler, Coverity, UBSan and cppcheck warnings.
Fix issues detected with AddressSanitizer.
Remove many workarounds for older compilers and OSes.
Add a sanity check on packet header length.
Add and remove plenty of bounds checks.
Clean up pcap_findalldevs() call to find the first interface.
Use a short timeout, rather than immediate mode, for text output.
Handle DLT_ENC files *not* written on the same OS and byte-order host.
Add, and use, macros to do locale-independent case mapping.
Use a table instead of getprotobynumber().
Get rid of ND_UNALIGNED and ND_TCHECK().
Make roundup2() generally available.
Resync SMI list
against Wireshark.
Fix many typos.
Co-Developed-by: Ivan Pavlov <AuthorReflex@gmail.com>
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Signed-off-by: Nick Hainke <vincent@systemli.org>
Release Notes:
- The libiconv library is now licensed under the LGPL version 2.1,
instead of the LGPL version 2.0. The iconv program continues to
be licensed under GPL version 3.
- Added converters for many single-byte EBCDIC encodings: IBM-{037,
273,277,278,280,282,284,285,297,423,424,425,500,838,870,871,875},
IBM-{880,905,924,1025,1026,1047,1097,1112,1122,1123,1130,1132,1137,
1140}, IBM-{1141,1142,1143,1144,1145,1146,1147,1148,1149,1153,1154,
1155,1156,1157}, IBM-{1158,1160,1164,1165,1166,4971,12712,16804}.
They are available through the configure option
'--enable-extra-encodings'.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add patches:
- 100-configure.ac-fix-AC_ARG_WITH.patch
Remove upstreamed patches:
- 200-resize_f2fs-fix_wrong_ovp_calculation.patch
Changelog:
64f2596 f2fs-tools: upgrade version 1.15.0
d9d5b11 f2fs-tools: build silently
299c0b5 fsck.f2fs: fix broken file_map output
3af62be f2fs-tools: show segment/section layout correctly
4d9c009 f2fs-tools: use android config only if there's no config.h
0b9b89f dump.f2fs: compress: fix dstlen of LZ4_compress_fast_extState()
eee3969 mkfs.f2fs: check uuid library
e5fe1a2 f2fs-tools: use fsync() in Android
ea9921f f2fs-tools: support zoned device in Android
a8fefc2 android_config.h: add missing liblz4
0c54cf7 libf2fs_io: add unused mactor to avoid build failure
6eebd13 ci: Enable -Wall, -Wextra and -Werror
c491657 Fix PowerPC format string warnings
70e4139 Suppress a compiler warning about integer truncation
7a1206a Annotate switch/case fallthrough
b964b79 Change #ifdef _WIN32 checks into #ifdef HAVE_.*
28de4d1 tools/f2fs_io: Fix the type of 'ret'
fdff1ab fsck/segment.c: Remove dead code
ede3bde fsck/main.c: Suppress a compiler warning
93c6483 tools/f2fscrypt.c: Fix build without uuid/uuid.h header file
559e60e fsck: Remove a superfluous include directive
98f7f56 mkfs/f2fs_format.c: Suppress a compiler warning
ef011a4 configure.ac: Detect selinux/android.h
2e59ab8 configure.ac: Detect the sparse/sparse.h header
1790203 Fix the MinGW build
ecd27dc Use %zu to format size_t
24663b6 Include <stddef.h> instead of defining offsetof()
cdefef0 Move the be32_to_cpu() definition
1612bf9 Remove unnecessary __attribute__((packed)) annotations
7a5109f f2fs_fs.h: Use standard fixed width integer types
e61203c Suppress a compiler warning
9425b47 Verify structure sizes at compile time
006bb13 Change one array member into a flexible array member
cb4c5d6 ci: Build f2fstools upon push and pull requests
f3033fb Change the ANDROID_WINDOWS_HOST macro into _WIN32
87d7a95 Switch from the u_int to the uint types
c483354 configure.ac: Enable cross-compilation
3e97d07 configure.ac: Sort header file names alphabetically
91ba5e5 configure.ac: Enable the automake -Wall option
ae65a15 configure.ac: Remove two prototype tests
d24fd5c configure.ac: Stop using obsolete macros
6afcf64 libf2fs: don't allow mkfs / fsck on non power-of-2 zoned devices
c7757ec man: update mkfs.f2fs to give the default android option
46e1b83 f2fs-tools: use proper 64bit types for PPC
97ce230 mkfs.f2fs: fix wrong indentation and clean up
0d3d26d mkfs.f2fs: set project quota by default for -g android for v4.14+
1de1db8 f2fs-tools: add atomic write related options to f2fs_io write command
85cd72a mkfs.f2fs: set required quota types only
028af9f fsck.f2fs: Add progression feedback
972d710 fsck.f2fs: do not assert if i_size is missing i_blocks in symlink
f63551b f2fs-tools: separate other bugs in fsck_verify
ade81b9 f2fs-tools: remove false failure alarm when fixing quota
99bc497 f2fs-tools: fall back to the original version check when clock_gettime is not supported
1603a3d mkfs.f2fs: wipe other FS magics given -f
63d5004 fsck.f2fS: is_valid_summary(): check whether offset is out of bounds
3fd996c Avoid redefined ALIGN_UP
1edc138 fsck.f2fs: Update the usage about option of preen mode
49159df f2fs-tools: change fiemap print out format
8bcb58e f2fs_io: add rename w/ fsync option
9429e86 fsck.f2fs: add basic compress related check/fix
529967e f2fs-tools: make fiemap command in accordance with uapi
1228009 f2fs-tools: rebuild the quota inode if it is corrupted
9ee091e f2fs-tools: add periodic check in kernel version check
1bc7658 dump.f2fs: minor clean ups
69952e3 f2fs-tools: fix wrong value of reserve_new_block parameter in page_symlink
76d2a91 f2fs-tools: add extent cache for each file
8d464ee f2fs-tools: fix wrong file offset
acd2518 fsck|dump.f2fs: add -M to get file map
027488e mkfs.f2fs: remove android features for RO
e01ad31 f2fs-tools: fix metadata region overlap with zoned block device zones
f3b93bf sload.f2fs: Reword "IMMUTABLE" in strings/comments
820b5e3 sload.f2fs: use F2FS_COMPRESS_RELEASED instead of IMMUTABLE bit
1d2683f f2fs-tools: support small RO partition
a9594c6 fsck.f2fs: add "-l" to show the layout information
38e3115 f2fs_io: add to show immutable bit
6afd3e9 tools: Introduce f2fslabel
3218ff9 f2fs-tools: correct get kernel version logic
19d49b5 dump.f2fs: fix memory leak caused by dump_node_blk()
15d4d7b fsck.f2fs: fix memory leak caused by fsck_chk_orphan_node()
1900c22 mkfs.f2fs: fix memory leak in not enough segments error path
5cc365c resize.f2fs: fix memory leak caused by migrate_nat()
870915f f2fs_io: split definition check for crypto ioctl
91f9db2 fsck.f2fs: update kernel version in superblock on forced check
1531853 f2fs_io: Add get file name encryption mode
3bfcca8 f2fs-tool: increase debug level from 0 to 1 in migrate_block
5263ae2 resize.f2fs: fix to check free space before shrink
159752d resize.f2fs: fix wrong sit/nat bitmap during rebuild_checkpoint()
98e6463 resize.f2fs: add force option to rewrite broken calculation
f056fbe resize.f2fs: fix wrong ovp calculation
80dba0f Add -P option to preserve file owner
f0fda11 libf2fs: fix memory leak caused by get_rootdev()
5144f2f mkfs.f2fs: add VM disk files to hot data types
73c0871 libzoned: use blk_zone_v2 and blk_zone_report_v2 by default
9cb5150 f2fs-tools: fix wrong blk_zone_rep_v2 definition
15474db mkfs.f2fs: allocate zones together to avoid random access
316e128 mkfs.f2fs: adjust zone alignment when using multi-partitions
cc57f2c fsck.f2fs: fix alignment on multi-partition support
ff7172e f2fs-tools: Miscellaneous cleanup to README.
2b26417 mkfs.f2fs.8: Better document the -g argument.
e05afe5 mkfs.f2fs.8: fix formatting for -l parameter in man page
747b74c f2fs-tools: Make sload.f2fs reproduce hard links
b585244 f2fs-tools:sload.f2fs compression support
7b63f7b f2fs_io: add compress/decompress commands
457392a f2fs-tools: Added #ifdef WITH_func
d322d47 f2fs-tools: fix a few spelling errors in f2fs-tools
fcd5cd0 f2fs-tools: skipped to end on error syntax error
31d30f0 mkfs.f2fs: show a message when compression is enabled
1d4c7e7 f2fs_io: add get/set compression option
4bd7008 Fix ASSERT() macro with '%' in the expression
ca0ed8a f2fs-toos: fsck.f2fs Fix bad return value
c954e7c fsck.f2fs: do xnid sanity check only during fsck
1bfc173 f2fs_io: add erase option
e59bb17 mkfs.f2fs.8: document the verity feature
8fd836f fsck: clear unexpected casefold flags
1a7415a mkfs.f2fs: add -h and --help
717d70d f2fs_io: change fibmap to fiemap
Signed-off-by: Nick Hainke <vincent@systemli.org>
This enables building WolfSSL with Curve448, which can be used by
Strongswan. This has been tested on a Linksys E8450, running OpenWrt
22.03-rc4.
This allows parity with OpenSSL, which already supports Curve448 in
OpenWrt 21.02.
Fixesopenwrt/packages#18812.
Signed-off-by: Joel Low <joel@joelsplace.sg>
Remove upstreamed patch:
- 100-build-add-Libs.private-field-in-libnl-pkg-config-file.patch
cacaa5f libnl-3.6.0 release
855c02f route/mdb: merge branch 'troglobit:mdb-dump-fixes'
930fc11 route/mdb: add support for MAC multicast entries
2d68caf route/mdb: add missing detils and stats dump callbacks
d9ed99b nl-monitor: support for setting libnl debug level
4c41e0d nl-monitor: add missing --help to long_opts[]
7e96356 Check validation type against end of enum
4e153bc route/link: add VLAN bridge binding flag
b7256d3 github: build unit tests also with "clang"
8111933 route: assert that "rtnl_link_info_ops" refcount does not drop below zero
4f5c846 lib: merge branch 'th/object-clone-fixes'
d23fb81 lib: make nl_object_clone() out-of-memory safe
7f7452c route: fix ref counting for l_info_ops and io_clone()
620d024 route: drop unnecessary oo_clone() implementation from netconf
93a02eb netfilter: make log-msg,queue-msg setters robust against ENOMEM
23902d0 xfrm/sa: clone user_offload in xfrm_sa_clone()
29e5092 xfrm/sa: style cleanup xfrm_sa_clone()
14a9ebc utils: add internal _nl_memdup() helper
2e0d7f8 lib: add rtnl_link_info_ops_get() and take lock for rtnl_link_info_ops's io_refcnt
e884286 lib: include <netlink-private/utils.h> in <netlink-private/netlink.h>
7d43191 tests: merge branch 'th/tests-netns'
a7bbdab tests: add unit test for nl_object_clone() and nl_object_diff()
fdb0121 tests: add new "netns" test suite
9102872 tests: add fixture/teardown for tests to run in separate netns
9a42798 tests: cleanup creating test suites
1fc3e07 tests: refactor tests and add n-test-util helper library
7a3d6e2 netlink: add _NL_N_ELEMENTS() macro
3da4f7d netlink: add _nl_streq()/_nl_streq0() helper
1ad8555 netlink: add _nl_auto_nl_socket cleanup macro
c8a5729 lib: add _nl_close() helper
80868e6 clang-format: add ".clang-format" from linux kernel
2782ed3 github: build tests with "-std=gnu11"
af59b9a github: split tests in separate steps
c8f7902 build: add "check-progs" make target to build unit tests
23b4d33 route/cls: add TCA_FLOWER_KEY_VLAN_ETH_TYPE to "flower_policy" policy
1f8dc89 route/cls: return -NLE_INVAL in case rtnl_tc_data_peek() fails
ef5f3eb route/cls: merge branch 'westermo:cls-flower'
c385c84 route/cls: no need to copy simple fields in flower_clone()
79217d8 route/cls: make output pointers in rtnl_flower_get_{src,dst}_mac() optional
64e0836 route/cls: adjust whitspace/indentation
5ac9ce3 route/cls: use SPDX-License-Identifier
1a1c4e5 route/cls: reorder fields in "struct rtnl_flower" and adjust indentation
ef46de1 route/cls: add flower classifier
f0aad20 route: merge branch 'pugo:master'
d0cfecc route: make argument of rtnl_link_can_set_{bittiming,data_bittiming}() const
6a92268 route: add rtnl_link_can_set_data_bittiming_const()
841553b route: drop bitrate,sample-point getters/setters from can link
37998f7 route: rename rtnl_link_can_get_data_bt_const() to rtnl_link_can_get_data_bittiming_const()
96d3a6b route: fix adding rtnl_link_can_* symbols to symbol file
881e329 route: fix indentation
37c10ef route/link: add CAN FD support
d56bf73 route/mdb: merge branch 'rubensfig:mdb'
e0b2406 route/mdb: drop setting ifindex in mdb_clone()
d78a6eb route/mdb: minor cleanup in "mdb.c"
57a6d51 route/mdb: drop extra MDB attributes and rework mdb_compare()
0b44562 route/mdb: hide rtnl_mdb_entry_alloc() from public API
1c65ff7 route/mdb: reorder fields in "rtnl_mdb_entry" for tighther packing
1ac5403 route/mdb: use nl_list_for_each_entry_safe() for destroying list in mdb_free_data()
92035e2 route/mdb: cleanup mdb.h header
6237621 build: sort file names in Makefile.am
0ec6c6c mdb: support bridge multicast database notification
c980034 route/cls: merge branch 'westermo:classifier-api-extension'
a694c33 route/cls: rename rtnl_cls_get{,_by_prio}() API to rtnl_cls_find_by{handle,prio}()
88a5138 route/cls: allow fetching of classifiers from cache
90577b5 route: merge branch 'TummyFish:master'
299f61a license: use SPDX license identifiers and drop license comments
05a540d ip6vti: Add fwmark API
41e4365 ip6gre: Add fwmark API
ebc7df3 sit: Add fwmark API
8e1da8e ipip: Add fwmark API
bda19be ip6_tnl: Add fwmark API
cdc6c0f ipvti: Add fwmark API
2995710 ipgre: Add fwmark API
d9dc6c2 ip6vti: Add IPv6 VTI support
be86170 license: use SPDX license identifiers and drop license comments
919d9c6 route: merge branch 'westermo:fib-lookup'
1ff9b38 route/route: don't report failure when we receive a route in rtnl_route_lookup()
53bc27e route/route: support FIB lookups using rtnl
ed76b9a build: sort files in Makefile.am
46b22c1 route/link: merge branch 'westermo:team-support'
586a6b6 build: fix new symbols in "libnl-route-3.sym"
831f125 route/link: add support for team device
6c59580 route/link: Move LINK_ATTR_IFNAME to a proper location
f77cd25 route/netconf: full API export
f59f443 build: add Libs.private field in libnl pkg-config file
b3333e0 route/qdisc: allow fetching qdiscs by their kind
9a39188 netlink: merge branch 'michael-dev:feature/nflog-vlan-v3'
a93fc5f nflog: add recent missing symbols to "libnl-nf-3.sym"
7b4df53 nflog: add missing symbols to "libnl-nf-3.sym"
8266436 nflog:add conntrack flag and enable flags for nflog
246904d nflog: add CT support
59fc1d7 nflog: add mac_header support
c268c48 nflog: add vlan attribute
2548468 refresh linux/netfilter/nfnetlink_log.h with linux 5.4
4edffbd route/link: Add IPv6 GRE support
5d69587 route: add global sectin in "libnl-route-3.sym"
d0cf3a9 neigh: support to add fdb entry
3bf0a9c cls:u32: fix u32_clone() function
3147d86 route:tc: fix rtnl_tc_clone() calling to_clone() and add comment
c027e54 route:cls: fix dangling pointers in to_clone() implementations
47c04fb route:act: drop unnecessary implementations for to_clone()
79f7c9d tests: add test for cloning cls:u32 object
b1caff8 github: run unit tests under valgrind
38b3be3 tests: cleanup tests and avoid leaks
c2b94b9 lib: add more _nl_auto* cleanup macros
1f05e5a tests: replace libcheck's fail_if() macro by ck_assert*()
6341d89 log: fix typo in dumping msg
bfee88b route: fix memory leak of l_info_ops in link_msg_parser()
431ba83 route: merge branch 'qbdwlr:mplsPR'
cc680d4 route: add accessors for setting/getting ENCAP_MPLS attributes
efe8aad route: remove incorrect nl_addr_valid() from rtnl_route_nh_set_newdst(), etc.
0688bc6 netfilter/ct: fix use of reply/orig for conntrack requests
5d92516 route: don't use internal bit mask constants in NLA_PUT in can_put_attrs()
6fe9418 lib: fix descriptions for nl_cache_pickup()/nl_cache_pickup_checkdup()
d0d91c7 route: merge branch 't0mmmy90:check-if-nh-exists-while-updating-ipv6-multipath-route'
28a652b route: fix duplicate check for next hop for IPv6 multipath routes
03bfd2f route: check if nh exists while updating route
92c9237 ci: add github-actions
3d1fb00 tests/check-addr: replace deprecated fail_if() macro from libcheck with ck_assert_msg()
d9cad53 xfrm: fix naming consistency in xfrmnl_sp_get_curlifetime()
c0e82db cli: Add C++ linkage support
000a3bd yyerror: update to POSIX standard
f865a99 xfrm: merge branch 'spellingmistake:master'
0306ae2 xfrm: fix libnl-xfrm-3.sym linker versioning
8950194 xfrm: ensure minlen in policy for XFRMA_OFFLOAD_DEV
c8f33a4 xfrm: Add support for xfrm user offloading
b6cc13d Supporting Hardware offload capability for MACsec
39944c6 route/link: check calloc() return value
12cc0aa zero stack allocated memory in xfrmnl_build_sa_delete_request
5f39502 merge branch 'bengal/coverity'
26f342d route/qdisc: handle error of calloc()
d1a151e route/qdisc: fix memory leak in netem.c
aa092d1 route/link: fix copy-paste error in geneve.c
30552e8 route/cls: fix cgroup's clone() function
764c30a route: let route/link join RTNLGRP_IPV6_IFINFO mcast group
b24e833 doc: update link to mscgen-filter
0b5d17d addr: merge branch 'lcrestez-dn:dadfailed'
30924e7 tests: Add test for rtnl_addr_flags2str
5c05c75 addr: Add address flag `dadfailed`
2abeec8 xfrm: remove superfluous xfrm_userpolicy_id from dump request
5611487 lib/trivial: whitespace
ab015e1 lib: merge branch 'th/object-identical-fix'
36b0894 lib: allow to compare incomplete objects in nl_object_identical()
5020077 lib: let nl_object_identical() declare the same object as identical
406ebc8 lib: fix using right compare mask in nl_object_diff64()
8637c70 lib/trivial fix indentation
4be6062 route/link: avoid cloning link policy in link_msg_parser()
ba3c51c route/link: fix link_msg_parser() for using the af_ops of the link family
f9d0181 lib: use proper int type for id attributes in nl_object_identical()
68b3431 lib: fix documentation of nl_cache_dump_filter to have @params optional
2375cde lib: fix spelling errors in "netlink/handlers.h"
3faf26c gitignore: fix ignoring check-direct build artifacts
47fb1c0 xfrm: remove superfluous xfrm_usersa_id from dump request
846d288 travis: install "check" in travis
d64a0ec route: convert non-leading tabs to spaces in "include/netlink/route/link.h"
aaefd92 route: add test for valid content of map_stat_id_from_IPSTATS_MIB_v2 array
bab9e77 route/link: add RTNL_LINK_REASM_OVERLAPS stat
bae11ec tests: add "check-direct" test
2d50b04 route: add "netlink-private/route/utils.h" header
9a52b3d gitignore: merge all gitignore files in top level directory
4c5f2d6 merge branch 'th/license-comment-cleanup'
2d3e690 license: update "doc/COPYING" license text
1389188 license: add SPDX license identifer to "configure.ac" files
503aa5e license: fix and add SPDX license identifiers and drop license comments
4333aef license: cleanup copyright comments
956635b license: fix SPDX license identifier for nl-auto.h
5614b4c lib: merge branch 'th/cleanup-errout'
17e09aa rtnl/route: use cleanup attribute in "lib/route/link.c"
b50be8f rtnl/route: use cleanup attribute in "lib/route/route_obj.c"
fca338b rtnl/route: fix NLE_NOMEM handling in parse_multipath()
2957d8f rtnl/link: fix leaking rtnl_link_af_ops in link_msg_parser()
77b4f68 rtnl/route: only consider negative error codes as error
6870ece lib: cleanup nla_parse() to return early on error
a858a0b lib: use _nl_strncpy*() instead of plain strncpy()
018c694 lib: cleanup _nl_strncpy_assert()
e97b990 lib: rename _nl_strncpy() to _nl_strncpy_assert()
5ffbc6f lib: add _NL_RETURN_*() helper macros
abb7391 lib: add "include/netlink-private/nl-auto.h" header
ecd15bc lib: add _nl_assert_not_reached()
9cc38dc lib/route: adjust coding style
01ea9a6 route/link: Check for null pointer in macvlan
Signed-off-by: Nick Hainke <vincent@systemli.org>
Beeline SmartBox GIGA is a wireless WiFi 5 router manufactured by
Sercomm company.
Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 256 MiB, Nanya NT5CC128M16JR-EK
Flash: 128 MiB, Macronix MX30LF1G18AC
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7613BE): a/n/ac, 2x2
Ethernet: 3 ports - 2xGbE (WAN, LAN1), 1xFE (LAN2)
USB ports: 1xUSB3.0
Button: 1 button (Reset/WPS)
PCB ID: DBE00B-1.6MM
LEDs: 1 RGB LED
Power: 12 VDC, 1.5 A
Connector type: barrel
Bootloader: U-Boot
Installation
-----------------
1. Downgrade stock (Beeline) firmware to v.1.0.02;
2. Give factory OpenWrt image a shorter name, e.g. 1001.img;
3. Upload and update the firmware via the original web interface.
Remark: You might need make the 3rd step twice if your running firmware
is booted from the Slot 1 (Sercomm0 bootflag). The stock firmware
reverses the bootflag (Sercomm0 / Sercomm1) on each firmware update.
Revert to stock
---------------
1. Change the bootflag to Sercomm1 in OpenWrt CLI and then reboot:
printf 1 | dd bs=1 seek=7 count=1 of=/dev/mtdblock3
2. Optional: Update with any stock (Beeline) firmware if you want to
overwrite OpenWrt in Slot 0 completely.
MAC Addresses
-------------
+-----+-----------+---------+
| use | address | example |
+-----+-----------+---------+
| LAN | label | *:16 |
| WAN | label + 1 | *:17 |
| 2g | label + 4 | *:1a |
| 5g | label + 5 | *:1b |
+-----+-----------+---------+
The label MAC address was found in Factory 0x21000
Notes
-----
1. The following scripts are required for the build:
sercomm-crypto.py - already exists in OpenWrt
sercomm-partition-tag.py - already exists in OpenWrt
sercomm-payload.py - already exists in OpenWrt
sercomm-pid.py - new, the part of this pull request
sercomm-kernel-header.py - new, the part of this pull request
2. This device (same as other Sercomm S2,S3-based devices) requires
special LZMA and LOADADDR settings for successful boot:
LZMA_TEXT_START=0x82800000
KERNEL_LOADADDR=0x81001000
LOADADDR=0x80001000
3. This device (same as several other Sercomm-based devices - Beeline,
Netgear, Etisalat, Rostelecom) has partition map (mtd1) containing
real partition offsets, which may differ from device to device
depending on the number and location of bad blocks on NAND.
"fixed-partitions" is used if the partition map is not found or
corrupted. This behavour (it's the same as on stock firmware) is
provided by MTD_SERCOMM_PARTS module.
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile -basic and
-full variants with support for OCV. This feature can be configured in the
wireless config by setting ocv equal to one of the following values:
0 = disabled (hostapd/wpa_supplicant default)
1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the
driver indicates support for operating channel validation.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile the -basic and
-full variants of hostapd with this feature, and enable discovery of this
feature for future luci integration. OCV can be configured by setting ocv
equal to one of the following values in the wireless config:
0 = disabled (hostapd/wpa_supplicant default)
1 = enabled
2 = enabled in workaround mode - Allow STA that claims OCV capability to
connect even if the STA doesn't send OCI or negotiate PMF.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
c07f45927839 firmware: update mt7622 firmware to version 20220630
af406a2d1c36 mt76: do not use skb_set_queue_mapping for internal purposes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This external switch driver should be loaded on boot for network
support in failsafe mode.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This external switch driver should be loaded on boot for network
support in failsafe mode.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
In Turris MOX SDIO card [1], which uses Marvell 88W997 and its driver
mwifiex, you might get cryptic messages, which are not helpful to use.
@pali created patch, which improves messages by the driver and he will
send this to Linux kernel soon.
Before:
[ 81.026156] mwifiex_sdio mmc1:0001:1: CMD_RESP: cmd 0x20 error, result=0x1
After:
[ 15.784018] mwifiex_sdio mmc1:0001:1: CMD_RESP: cmd RF_ANTENNA (0x20) error, result=0x1
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
SDIO chip 88W9997 from NXP [1] is quite limited by its firmware and
driver. Add hacky patch to allow up to 4 SSID instead of 3 SSID.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
Add support for Methode euroDPU which is based on uDPU but does not
have a second SFP cage, instead of which a Maxlinear G.hn IC is used.
PHY mode is set to 1000Base-X despite Maxlinear IC being capable of
2500Base-X since until 5.15 support for mvebu is available trying to use
2500Base-X will cause buffer overruns for which the fix is not easily
backportable.
Installation instructions:
1. Boot the FIT initramfs image (openwrt-mvebu-cortexa53-methode_edpu-initramfs.itb)
2. sysupgrade using the openwrt-mvebu-cortexa53-methode_edpu-firmware.tgz
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
