459b6932 policy: add nft translation for simple policy none/strict use case
255e55b7 tests: xlate-test: no need to require superuser privileges
6990bbc5 extensions: hashlimit: remove space before burst in translation to nft
13ecaeb0 extensions: hashlimit: Rename 'flow table' keyword to meter
c252a2b0 extensions: Add test for cluster nft translation
bda1daa4 extensions: ip6t_{S,D}NAT: add more tests
88fa4543 extensions: ip6t_{S,D}NAT: multiple to-dst/to-src arguments not reported
64a0e098 extensions: libxt_cluster: Add translation to nft
6067208f extensions: add support for 'srh' match
0f387b07 extensions: hashlimit: fix incorrect burst in translations
1ffe6a74 extensions: libxt_hashlimit: Do not print default timeout and burst
27de281d extensions: Add macro _DEFAULT_SOURCE.
75364151 iptables: Remove const qualifier from struct option.
8b0da213 iptables: masquerade: add randomize-full support
e64db006 iptables: patch to correct linker flag sequence
033eac81 extensions: libxt_tcpmss: Add test case for invalid ranges.
505bfa11 iptables: xtables-eb: Remove const qualifier from struct option
a6d6821a iptables: extensions: Fix MARK target help
71de414c libxt_sctp: fix array out of range in print_chunk
1a32381a extensions: add tests for ipcomp protocol
4bd51770 tests: xlate: print output in same way as nft-test.py
d0e3d95f libxt_recent: Remove ineffective checks for info->name
23e6ed71 libxt_TOS: add tests for translation infrastructure
9564595e Update .gitignore
bebce197 iptables: iptables-compat translation for TCPMSS
dbbab0aa extensions: libxt_tcpmss: Detect invalid ranges
0e958281 iptables-translate: add test file for TCPMSS extension
de3c68b6 iptables-compat: do not allow to delete populated user define chains
f4b80ce7 iptables: change large file support handling
f5b46c2f iptables: Constify option struct
21ba5b38 ip{,6}tables-restore: Don't accept wait-interval without wait
60e0ffd3 ip{,6}tables-restore: Don't ignore missing wait-interval value
af468b6e utils: Add a man page for nfnl_osf
1773dcaa utils: nfnl_osf: Fix synopsis in help text
895ce096 extensions: libxt_bpf: fix missing __NR_bpf declaration
3c633296 xtables-compat-restore: fix translation of mangle's OUTPUT
1c32e560 netfilter: xt_hashlimit: add rate match mode
b5331f88 xtables-compat: fix memory leak when listing
91ae12e3 xtables-compat-restore: fix several memory leaks
79e1edd1 iptables-xml: Fix segfault on jump without a target
c49a93f1 xtables-translate: fix double space before comment
79fa7cc2 libip6t_icmp6: xlate: remove leftover space
8e62f572 tests: xlate: generalize owner
8d994bcf iptables: Add file output option to iptables-save
f8e5ebc5 iptables: Fix crash on malformed iptables-restore
80d8bfaa iptables: insist that the lock is held.
c29d99c8 libxtables: Display weird character warning for wildcards
1fe96cfb tests: xlate: check if it is being run as root
3f92b259 tests: xlate: remove python 3.5 dependency
d89dc47a iptables-restore/save: exit when given an unknown option
65801d02 iptables-restore.8: document -w/-W options
9cd3adbe iptables-restore/ip6tables-restore: add --version/-V argument
1ec1fb7a extensions: libxt_hashlimit: fix 64-bit printf formats
27f69f4a iptables: extensions: Remove typedef in struct.
340105fa tests: add regression tests for xtables-translate
b669e184 extensions: libxt_TOS: Add translation to nft
b2a84476 iptables: Remove unnecessary braces.
2963a8df iptables: Remove explicit static variables initalization.
1cf4ba6f iptables: Constify option struct
999eaa24 iptables-restore: support acquiring the lock.
6e2e169e iptables: remove duplicated argument parsing code
836846f0 iptables: move XT_LOCK_NAME from CFLAGS to config.h.
b91af533 iptables: set the path of the lock file via a configure option.
0e94eb2e iptables-translate: print nft iff there are more expanded rules to print
48ad179b libxtables: abolish AI_CANONNAME
9f50bbdf libxtables: remove unnecessary nesting from host_to_ip(6)addr
c6df55d6 iptables-translate: print nft command for each expand rules via dns names
82dacbb8 xtables-translate: Avoid querying the kernel
9f972f45 extensions: libxt_addrtype: Add translation to nft
2c8e251e utils: nfsynproxy: fix build with musl libc
9b8cb756 libiptc: don't set_changed() when checking rules with module jumps
eb66632d extensions: libxt_hashlimit: Add translation to nft
72bb3dbf xshared: using the blocking file lock request when we wait indefinitely
24f81746 xshared: do not lock again and again if "-w" option is not specified
fc3c3b4e libxt_hashlimit: add new unit test to catch kernel bug
516d9191 iptables: update pf.os
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
This makes it possible to add an iptables rule that offloads routing/NAT
packet processing to a software fast path. This fast path is much
quicker than running packets through the regular tables/chains.
Requires Linux 4.14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
If the auth or assoc request was denied the reason
was always WLAN_STATUS_UNSPECIFIED_FAILURE.
That's why for example the wpa supplicant was always
trying to reconnect to the AP.
Now it's possible to give reasoncodes why the auth
or assoc was denied.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Add Wireless Network Management (IEEE 802.11v)
support to:
- hostapd-full
- wpa_supplicant-full
It must be enabled at runtime via UCI with:
- option ieee80211v '1'
Add UCI support for:
- time_advertisement
- time_zone
- wnm_sleep_mode
- bss_transition
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Neighbor reports are enabled implicitly on use, beacon reports and BSS
transition management need to be enabled explicitly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This is fixing multiple compile problems with kernel 4.14 and updates the
code to take care of changes introduced between kernel 4.9 and 4.14.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Rename the gphy firmware to match the name requested by kernel 4.14 and
update the devicetree source files to use the new name.
Update the u-boot lantiq Makefile to be compatible with the new names as
well.
Signed-off-by: Mathias Kresin <dev@kresin.me>
With upstream commit 2c93e790e825 ("usb: add CONFIG_USB_PCI for system
have both PCI HW and non-PCI based USB HW") the CONFIG_USB_PCI was
introduced.
The option is disabled by default in our generic kernel 4.14 config, hence
we need to set the option for all related kernel modules.
Signed-off-by: Mathias Kresin <dev@kresin.me>
With a9772285a724 ("linux/compiler.h: Split into compiler.h and
compiler_types.h") compiler.h was refactored and most its content was
moved to compiler_types.h. Both files are required to build ppp-mod-pppoa.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The current implementation only checked if uqmi itself executed
correctly which is also the case when the returned value is actually
an error.
Rework this, checking that CID is a numeric value, which can only
be true if uqmi itself also executed correctly.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
1721453 Remove special handling of A-for-A queries.
499d8dd Fix boundary for test introduced in 3e3f1029c9ec6c63e430ff51063a6301d4b2262
6f1cbfd Fix debian/readme typo.
55ecde7 Inotify: Ignore backup files created by editors
6b54d69 Make failure to chown() pidfile a warning.
246a31c Change ownership of pid file, to keep systemd happy.
83e4b73 Remove confusion between --user and --script-user.
6340ca7 Tweak heuristic for initial DNSSEC memory allocation.
baf553d Default min-port to 1024 to avoid reserved ports.
486bcd5 Simplify and correct bindtodevice().
be9a74d Close Debian bug for CVE-2017-15107.
ffcbc0f Example config typo fixes.
a969ba6 Special case NSEC processing for root DS record, to avoid spurious BOGUS.
f178172 Add homepage to Debian control file.
cd7df61 Fix DNSSEC validation errors introduced in 4fe6744a220eddd3f1749b40cac3dfc510787de6
c1a4e25 Try to be a little more clever at falling back to smaller DNS packet sizes.
4fe6744 DNSSEC fix for wildcard NSEC records. CVE-2017-15107 applies.
3bd4c47 Remove limit on length of command-line options.
98196c4 Typo fix.
22cd860 Allow more than one --bridge-interface option to refer to an interface.
3c973ad Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC time validation.
faaf306 Spelling fixes.
c7e6aea Change references to gPXE to iPXE. Development of EtherBoot gPXE was always development of iPXE core developer Michael Brown.
e541245 Handle duplicate RRs in DNSSEC validation.
84a01be Bump year in Debian copyright notice.
d1ced3a Update copyrights to 2018.
a6cee69 Fix exit code from dhcp_release6.
0039920 Severely fix code formating of contrib/lease-tools/dhcp_release6.c
39d8550 Run Debian startup regex in "C" locale.
ef3d137 Fix infinite retries in strict-order mode.
8c707e1 Make 373e91738929a3d416e6292e65824184ba8428a6 compile without DNSSEC.
373e917 Fix a6004d7f17687ac2455f724d0b57098c413f128d to cope with >256 RRs in answer section.
74f0f9a Commment language tweaks.
ed6bdb0 Man page typos.
c88af04 Modify doc.html to mention git-over-http is now available.
ae0187d Fix trust-anchor regexp in Debian init script.
0c50e3d Bump version in Debian package.
075366a Open inotify socket only when used.
8e8b2d6 Release notes update.
087eb76 Always return a SERVFAIL response to DNS queries with RD=0.
ebedcba Typo in printf format string added in 22dee512f3738f87539a79aeb52b9e670b3bd104
0954a97 Remove RSA/MD5 DNSSEC algorithm.
b77efc1 Tidy DNSSEC algorithm table use.
3b0cb34 Fix manpage which said ZSK but meant KSK.
aa6f832 Add a few DNS RRs to the table.
ad9c6f0 Add support for Ed25519 DNSSEC signature algorithm.
a6004d7 Fix caching logic for validated answers.
c366717 Tidy up add_resource_record() buffer size checks.
22dee51 Log DNS server max packet size reduction.
6fd5d79 Fix logic on EDNS0 headers.
9d6918d Use IP[V6]_UNICAST_IF socket option instead of SO_BINDTODEVICE for DNS.
a49c5c2 Fix search_servers() segfault with DNSSEC.
30858e3 Spaces in CNAME options break parsing.
Refresh patches.
Remove upstreamed patches:
250-Fix-infinite-retries-in-strict-order-mode.patch
260-dnssec-SIGINT.patch
270-dnssec-wildcards.patch
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The default receive window size in dropbear is hardcoded to 24576 byte
to limit memory usage. This value was chosen for 100Mbps networks, and
limits the throughput of scp on faster networks. It also severely limits
scp throughput on high-latency links.
Add an option to set the receive window size so that people can improve
performance without having to recompile dropbear.
Setting the window size to the highest value supported by dropbear
improves throughput from my build machine to an APU2 on the same LAN
from 7MB/s to 7.9MB/s, and to an APU2 over a link with ~65ms latency
from 320KB/s to 7.5MB/s.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Between mbedtls 2.6.0 and 2.7.0, the void returning mbedtls_MODULE* functions
were deprecated in favor of functions returning an int error code. Use
the new function mbedtls_sha256_ret().
Signed-off-by: Russell Senior <russell@personaltelco.net>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Between mbedtls 2.6.0 and 2.7.0, the void returning mbedtls_MODULE* functions
were deprecated in favor of functions returning an int error code. Use
the new function mbedtls_sha256_ret().
Signed-off-by: Russell Senior <russell@personaltelco.net>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This syncs the Orange Pi R1 device tree files with the one from the
upstream kernel and also uses the default configuration from the Orange
Pi Zero.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Some functions used by a lot of other software was renamed and is only
active when deprecated functions are allowed, deactivate the removal of
deprecated functions for now.
Fixes: 75c5ab4caf ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The PC Engines APU3b has a new nct5104b version with chip ID 0xc453.
This adds support for that version.
Signed-off-by: Jasper Scholte <NightNL@outlook.com>
This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch adds support for GL.iNet GL-B1300
Specification:
- SOC: IPQ4028 / QCA Dakota
- RAM: 256 MiB
- FLASH: 32 MiB
- ETH: Qualcomm Atheros QCA8075 Gigabit Switch (2 x LAN, 1 x WAN)
- USB: 1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
- WLAN1: Qualcomm Atheros QCA4028 2.4GHz 802.11bgn 2:2x2
- WLAN2: Qualcomm Atheros QCA4028 5GHz 802.11a/n/ac 2:2x2
- INPUT: one reset and one WPS button
- LEDS: 3 leds: Power, WIFI(only for 2.4G currently), and one reserved
- UART: 1 x UART on PCB (3.3V, TX, RX, GND) - 115200 8N1
Installation:
Method 1:
- use serial port to stop uboot
- uboot command: run lf
Method 2:
- push down reset button and power on
- wait until three leds constantly on then release
- upgrade by uboot web at http://192.168.1.1
Note:
- the sysupgrade image need to be renamed to lede-gl-b1300.bin in both method.
- the sysupgrade image can be automatically downloaded if tftp server at
192.168.1.2 have that file.
- the wifi led will be flashing when writing image.
Signed-off-by: Dongming Han <handongming@gl-inet.com>
128bc35 logread: fix reconnect logd logic
66347ec logread: move the code setting up the request blob out of the main loop
975a258 logread: move output connection setup code out of main loop
b81bea7 logread: cleanup pid file handling
d73e7d2 ubox: Replace strerror(errno) with %m format.
Signed-off-by: John Crispin <john@phrozen.org>
Some people reported problems with the current development version, so
go back to the latests more or less release.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Using PKG_SOURCE_DATE instead of PKG_VERSION will make the build system
generate the version based on the date and the git hash. This way the
tar file name changes when the git hash changes and this avoids problems
when someone forgets to change the version, but changes the git hash.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Changes since last merge into OpenWrt since 2017-12-14:
- Added debugfs file tx_hist.
- Added debugfs file fixed_rate.
- Added debugfs file ba_hist.
- Modified the way to establish BA stream.
- Added code to control BF type.
- Added functions to check/dump dhcp packet.
- Upgrade 88W8964 firmware to 9.3.2.4.
- Added debugfs file coredump.
- Corrected the way to transmit multicast packets.
- Change driver version to 10.3.4.0-20180118.
- Corrected the way to get qos control.
- Assigned broadcast dhcpoffer to another queue.
- Separated broadcast and multicast packets. Bump to latest commit 20180206
Signed-off-by: Chris Breuer <github@chrisbreuer.de>
Make it easily possible to add a custom script in front of this hotplug
script which adds new devices. This is needed for the mvebu target in
which we want to migrate the old configuration before new devices are
getting detected.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
D-Link DAP-1522 is a wireless bridge/access point with 4 LAN
ports and a dual-band wireless chipset.
Specifications:
- Ralink RT2880
- 32 MB of RAM
- 4 MB of Flash
- 4x 10/100/1000 Mbps Ethernet (RTL8366SR)
- 802.11abgn (RT2850)
Flash Instructions:
1. Download lede-ramips-rt288x-dap-1522-a1-squashfs-factory.bin
2. Open the web interface and upload the image
Signed-off-by: George Hopkins <george-hopkins@null.net>
EG-200 is a DIN rail mountable device with one ethernet port, wifi,
an RS-485 port, and an internal USB attached uSD card reader.
Two leds, "modbus" and "etactica" are managed by userspace applications
in factory firmware.
Flash instruction:
Original firmware is based on OpenWrt.
Use sysupgrade image directly in vendor GUI.
Signed-off-by: Karl Palsson <karlp@etactica.com>
uqmi contains a command for directly querying the modem if there
is a valid data connection, so let's use it.
This avoids the cases were all previous tests are succesful, but the
actual data link is not up for some reasons, leading to states were we
thought the link was up when it actually wasn't ..
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Originally, the implementation only checked if uqmi command
execution succeeded properly without actually checking it's returned data.
This lead to a pass, even when the returned data was indicating an error.
Rework the verification to actually check the returned data,
which can only be correct if the uqmi command itself also executed correctly.
On command execution success, value "pdh_" is a pure numeric value.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Debugging shows that using the general method properly cleans on each
run, while the method specifying the client-ID shows "No effect"
even while in connected state.
Fixes several connectivity issues seen on specific modems.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This prevents passing down the HOSTCC stuff set in u-boot.mk
which results in linking errors against openssl:
tools/mxsimage.o: In function `sb_aes_reinit':
mxsimage.c:(.text+0x202): undefined reference to `EVP_CIPHER_CTX_reset'
tools/mxsimage.o: In function `mxsimage_generate':
mxsimage.c:(.text+0x110d): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x114f): undefined reference to `EVP_MD_CTX_free'
mxsimage.c:(.text+0x11c3): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x1323): undefined reference to `EVP_MD_CTX_free'
mxsimage.c:(.text+0x134a): undefined reference to `EVP_CIPHER_CTX_reset'
tools/mxsimage.o: In function `mxsimage_verify_print_header':
mxsimage.c:(.text+0x23ce): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x242c): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x246b): undefined reference to `EVP_MD_CTX_free'
mxsimage.c:(.text+0x24ef): undefined reference to `EVP_CIPHER_CTX_reset'
mxsimage.c:(.text+0x2e52): undefined reference to `EVP_MD_CTX_free'
collect2: error: ld returned 1 exit status
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
It is currently possible to enable connlabel-support in iptables.
However, in order for connlabel to work properly, the kernel module must
also be present. This patch adds support for building the
connlabel-module, and selects it by default when connlabel-support is
enabled.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
ls1012ardb/ls1012afrdm/ls1046ardb/ls1088ardb firmwares now use ubifs
rootfs. So u-boot env should be set accordingly.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Updated ppfe firmware to NXP LSDK1712 release. Used
ppfe firmware git tree on NXP github since it was
migrated here from qoriq-open-source github.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
NXP LSDK1712 release used two rcw git trees. The
original rcw git tree was still source code but
dropping ls1012a/ls1088a/ls2088a boards in LSDK1712.
Instead another new rcw git tree was used to just
provided rcw binaries for these boards dropped. So
this patch is to update ls-rcw to LSDK1712 release
and add a new ls-rcw-bin package.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
fman-ucode had been migrated from qoriq-open-source
github to NXP github. So the Makefile should be fixed
accordingly.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Updated MC firmware to NXP LSDK1712 release. Used
MC firmware git tree on NXP github since it was
migrated here from qoriq-open-source github.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
For hardware that supports multiple h/w output queues, add
a compatible scheduler (NET_SCH_MULTIQ).
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Current code and also before commit da52dd0c83 was vulnerable to shell
injection using volume lables in the GPT partition table of block
devices. Given that partition names can be freely defined in GPT tables
we really shouldn't evaluate a string which is potentially crafted with
evil intentions. Hence rather use `export -n` to absorb the uevent's
variables into the environment.
Fixes commit da52dd0c83 (base-files: quote values when evaluating uevent)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[mschiffer@universe-factory.net: suggested export -n usage]
The kmod-lp package included both lp.ko and ppdev.ko, but ECP device
drivers may or may not require lp NOT to be loaded, needing only ppdev.
Additionally, There were no packages for any parport interface modules,
such as uss720 or parport_pc, provided here. It has not been otherwise
possible to use PC-style parport hardware for kmod-lp.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
The last_rx field was removed from net_device. Since the field wasn't
used by the generic subsystem, and the driver only writes to it, just
remove the usage.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
When sourcing /sys/class/block/*/uevent values have to be quoted as
they may contain spaces (e.g. in PARTNAME).
Fix this by pre-processing with sed before sourcing.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The BDFs for OpenMesh A42 were upstreamed [1] to the ath10k-firmware
repository and are now part of ath10k-firmware 2018-01-26. The
ipq-wifi-openmesh_a42 package can now be dropped because OpenWrt already
ships the QCA4019 board-2.bin from this version.
[1] https://wireless.wiki.kernel.org/en/users/drivers/ath10k/boardfiles
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
* introduces the BDFs for the OpenMesh A42 in
/lib/firmware/ath10k/QCA4019/hw1.0/board-2.bin.
* adds new firmware firmware-6.bin_RM.4.4.1.c1-00037-QCARMSWP-1 for
QCA6174 hw3.0
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
With no warning, it just looks like the box has hung during boot.
We don't want users resetting it without having captured a crashdump.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Compiling the Intel microcode package results in a
microcode.bin and a microcode-64.bin. As we can
decide based on the subtarget which should be used,
we'll only split the required .bin file with
iucode-tool.
x64 will get the intel-microcode-64.bin
All other variants will get intel-microcode.bin
The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Use the Debian repository for sourcing the ucode files.
Current (20171205) includes support for fam17h CPUs already.
The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Add tool to "compile" Intel microcode files. The tool will be
compiled for host (to split the microcode.dat) and for target
(to forcibly reload the microcode if required).
Instead of using the large microcode.bin/microcode-64.bin, the
splitted ucode files (separate for CPU families) will be
installed.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
When we provide the HOSTCFLAGS to the U-Boot build it will fail because
it can not find the u-boot provided header files any more.
Just overwrite and not append the package specific configuration on top
of the configuration provided by u-boot.mk.
uboot-fritz4040 is based on U-Boot 2012.07 and this problem is probably
similar to the problem seen with the lantiq and ar71xx u-boot build.
Fixes: df9781a420 ("u-boot,at91bootstrap: fix incorrect HOSTCPPFLAGS variable")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Once installed fou kernel module allows you to use FOU (Foo over UDP)
and GUE (Generic UDP encapsulation) tunnel protocols.
To get ip fou command working you also need to install ip-full.
Signed-off-by: Filip Moc <lede@moc6.cz>
Since I have no openssl-dev on my machine, I first
get this error:
```
tools/kwbimage.c:21:10: fatal error: openssl/bn.h: No such file or directory
#include <openssl/bn.h>
```
After removing the UBOOT_MAKE_FLAGS the next error is:
```
tools/kwbimage.c:40:6: error: conflicting types for ‘EVP_MD_CTX_cleanup’
void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
```
After removing the OpenSSL patches the next error is:
```
HOSTLD tools/dumpimage
/usr/bin/ld: cannot find -lssl
/usr/bin/ld: cannot find -lcrypto
collect2: error: ld returned 1 exit status
scripts/Makefile.host:108: recipe for target 'tools/dumpimage' failed
make[5]: *** [tools/dumpimage] Error 1
```
So, the final part is to add the build system's
HOST_LDFLAGS to the UBOOT_MAKE_FLAGS.
(which was done in the previous commit)
Then the image builds.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This would should up as `$$(HOSTCPPFLAGS)` in the host CFLAGS.
```
make --jobserver-fds=3,4 -j -C <openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/u-boot-A10-OLinuXino-Lime/u-boot-2017.07 CROSS_COMPILE=arm-openwrt-linux-muslgnueabi- DTC="<openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/linux-sunxi_cortexa8/linux-4.9.76/scripts/dtc/dtc" HOSTCC="gcc" HOSTCFLAGS='-O2 -I<openwrt>/staging_dir/host/include -I<openwrt>/staging_dir/host/usr/include -I<openwrt>/staging_dir/hostpkg/include -I<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/host/include $$(HOSTCPPFLAGS)' HOSTLDFLAGS="" BL31=<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/image/bl31.bin
```
And then it would complain with:
```
/bin/sh: 1: HOSTCPPFLAGS: not found
```
Also, HOSTCPPFLAGS does not exist.
The correct var is HOST_CPPFLAGS.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Activate the support for 64 bit on all 64 bit CPUs and not only x86_64.
ARM64 does not provide an xml file, so do not pack any.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
We use the dtc from the kernel and that does not have all the options
which u-boot would like to use now. make these parameters optional.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
3413961 mt7603: avoid reordering qos-null data packets
c60e6db mt76: toggle driver station powersave bit before notifying mac80211
246d548 mt76: stop tx queues from the driver callback instead of common code
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The target it was meant for was updated to a version that this does not
compile with. It probably also hasn't been used in years
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Don't append an empty sendopts value as odhcp6c bails out
immediately on an empty -x option triggering an infinite start
loop of odhcp6c
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commit a26045049b added support for sendopts as a string; since multiple
sendopts values can be specified it makes more sense to model it as a
list of strings.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The ATM subsystem is different from the generic ethernet NICs. The ATM
subsystem requires a callback when a packet has been sent. It means a
tx skb_buff need to be used after it has sent. While the generic NIC
can fill up the TX ring and free skb_buffs if it encounter a ring buffer slot
with an already sent skbuff.
The ATM drivers need call the pop() function after it has send a
single ATM package. The ATM subsystem controls via this ways the queuing.
The ppe engine use DMA channels for read and write. Every atm_vcc has it's
own TX DMA channel and each TX DMA channel has it's own ring buffer.
The old driver had multiple issues:
- Call the subsystem callback at the beginning of tx function (ppe_send).
Didn't allowed the ATM subsystem to control the enqueued package
amount.
- Filled up the TX ring until full and fail futher
- copy or decouple the skb from all other subsystem before giving it
over to TX ring
The new tx path uses interupts.
- call the subsystem callback _after_ it was sent by hardware
- no need to copy our decouple the skb any more
- gives back control to the atm subsystem over the enqueued packages
- use an interupt for every sent atm package
Using interupts shouldn't be a problem because of the slow uplink bandwidth of
ADSL.
The speed _through_ the DSL router was always as high as it should
be, only traffic generated on the router itself were affected.
After changing to new tx path, the speed of iperf's run on the
router itself reached the same speed. The master/trunk wasn't as much
affected because of TCP optimisations (reboot-5022-gb2ea46fe236a).
The following results are taken on the remote server, which receives
the stream over the internet and the DSL line.
The sync moves between every sync a litte bit, but is so far stable
Latency / Interleave Delay: Down: Fast (0.25 ms) / Up: Fast (0.50 ms)
Data Rate: Down: 13.287 Mb/s / Up: 1.151 Mb/s
reboot-5521-g9f8d28285d without patch
[ ID] Interval Transfer Bandwidth Retr
[ 5] 0.00-10.04 sec 947 KBytes 773 Kbits/sec 0 sender
[ 5] 0.00-10.04 sec 928 KBytes 757 Kbits/sec receiver
reboot-5521-g9f8d28285d with patch
[ 5] 0.00-10.06 sec 1.16 MBytes 970 Kbits/sec 0 sender
[ 5] 0.00-10.06 sec 1.15 MBytes 959 Kbits/sec receiver
v17.01.4-239-g55c23e44f4 without patch
[ ID] Interval Transfer Bandwidth Retr
[ 5] 0.00-10.04 sec 87.4 KBytes 71.3 Kbits/sec 0 sender
[ 5] 0.00-10.04 sec 59.6 KBytes 48.7 Kbits/sec receiver
v17.01.4-239-g55c23e44f4 with patch
[ ID] Interval Transfer Bandwidth Retr
[ 5] 0.00-10.05 sec 1.18 MBytes 983 Kbits/sec 1 sender
[ 5] 0.00-10.05 sec 1.15 MBytes 959 Kbits/sec receiver
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
- use release build instead of debug to reduce size
- bump to use latest commit in allwinner tree
Tested on Pine64/1G.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2b7fae4 mt76: fix returnvar.cocci warnings
939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params()
cf59170 mt76x2: dfs: add set_domain handler
5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params()
f76e25f mt76x2: fix WMM parameter configuration
34d612d mt76: retry rx polling as long as there is budget left
0f8327a mt76x2: fix TSF value in probe responses
ad3f8e9 mt76: add an intermediate struct for rx status information
58a41f1 mt76: get station pointer by wcid and pass it to mac80211
b0508d3 mt76: implement A-MPDU rx reordering in the driver code
cf3cfc4 mt76: split mt76_rx_complete
461cdf9 mt76: pass the per-vif wcid to the core for multicast rx
9b2c778 mt76: validate rx CCMP PN
302af90 mt76x2: init: disable all pending tasklets during device removal
9f685fe mt7603: init: disable tbtt tasklet during device removal
c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames
3968dae mt7603: fix 40 mhz channel bandwidth reporting
9c2e03d mt7603: fix rx LDPC reporting
f515dfc mt76: implement AP_LINK_PS
974142c mt76: implement processing of BlockAckReq frames
c5209db mt76: avoid re-queueing A-MPDU rx reorder work if no frames are pending
e67e7a5 mt76x2: do not set status->aggr for NULL data frames
8693864 mt76: check qos ack policy before reordering packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
f0836c7e Update manual pages
25db178b Bump up version number to 1.30.0, LT revision to 29:2:15
1b6713e6 Update AUTHORS
c1a496cf nghttpx: Fix bug that h1 backend idle timeout expires sooner
e098a211 mruby: Fix bug that response header is unexpectedly overwritten
0ba4bf51 Merge pull request #1120 from dylanplecki/issue-1119-mruby-header-overwrite
6deee203 Fix#1119: Stop overwrite of first header on mruby call to env.req.set_header(..)
6761a933 Merge pull request #1105 from nghttp2/nghttpx-upgrade-scheme
5cc3d159 nghttpx: Add upgrade-scheme parameter to backend option
652f57e7 Merge pull request #1104 from nghttp2/allow-ping-after-goaway
acd6b40e Allow PING frame to be sent after GOAWAY
0fbb46ed Merge pull request #1101 from nghttp2/remember-pushed-links
6ad629de Merge pull request #1102 from nghttp2/fix-missing-alpn-validation
74754982 nghttpx: Fix missing ALPN validation (--npn-list)
a31a2e3b nghttpx: Remember which resource is pushed
a776b0db Merge pull request #1092 from nghttp2/define-103
cfd926f0 src: Define 103 status code
72f52716 Bump up version number to 1.30.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Firewall rules don't work as intended without conntrack support. The recent
cleanup removed the kmod-nf-conntrack6 dependency from the iptables
modules; add it to the firewall package instead.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
We don't need two versions of this. The escaping quotes
is so that the sed commands aren't misinterpreted by shell;
it has nothing to do with the contents of the file, thus
one version is adequate.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
By default udhcpc asks for a default list of options; the config option
defaultreqopts allows to tweak this behavior.
When set to 0 udhcpc will not ask for any options except for the options
specified in the reqopts config option.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
By default odhcp6c asks for a default list of options; the config option
defaultreqopts allows to tweak this behavior.
When set to 0 odhcp6c will not ask for any options except for the options
specified in the reqopts config option.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
For minimal firewall setups, NAT support may be unnecessary.
It would be possible to further reduce the minimum number of installed
modules, e.g. by separating IPv4 and IPv6 support or moving conntrack
support into a separate kmod package. We go with a more complete
kmod-nft-core for now, until a concrete usecase for smaller packages
arises.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate
packages, as they are a common dependency of ip(6)tables and nftables. This
avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables
modules depend on nf-conntrack(6) now.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
It's not needed now since commit a621b8c ("include: clean package
staging dir files before configure")
Fixes FS#1309
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The IGB and IXGBE drivers depend on kmod-hwmon core now.
Fixes: af707a178f ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.
Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
a0b5e8944 progress-bar: get screen width on windows
65ceb20df test1454: --connect-to with IPv6 address w/o IPv6 support!
eb6e3c4f6 CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
96186de1f docs: fix man page syntax to make test 1140 OK again
af32cd385 http: prevent custom Authorization headers in redirects
993dd5651 curl: progress bar refresh, get width using ioctl()
9d82cde7b RELEASE-NOTES: synced with bb0ffcc36
bb0ffcc36 libcurl-env.3: first take
ec122c4c8 TODO: two possible name resolver improvements
a5e6d6ebc http2: don't close connection when single transfer is stopped
87ddeee59 test558: fix for multissl builds
da07dbb86 examples/url2file.c: add missing curl_global_cleanup() call
ddafd45af SSH: Fix state machine for ssh-agent authentication
9e4ad1e2a openssl: fix potential memory leak in SSLKEYLOGFILE logic
ca9c93e3e openssl: fix the libressl build again
2c0c4dff0 unit1307: test many wildcards too
2a1b2b4ef curl_fnmatch: only allow 5 '*' sections in a single pattern
cb5accab9 ftp-wildcard: fix matching an empty string with "*[^a]"
25c40c9af SMB: fix numeric constant suffix and variable types
945df7410 CURLOPT_TCP_NODELAY.3: fix typo
8dd4edeb9 smtp/pop3/imap_get_message: decrease the data length too...
84fcaa2e7 openssl: enable SSLKEYLOGFILE support by default
e44ddfd47 mime: clone mime tree upon easy handle duplication.
2c821bba8 docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
a06311be2 test395: HTTP with overflow Content-Length value
67595e7d2 test394: verify abort of rubbish in Content-Length: value
ac17d7947 test393: verify --max-filesize with excessive Content-Length
f68e67271 HTTP: bail out on negative Content-Length: values
0616dfa1e configure.ac: append extra linker flags instead of prepending them.
650b9c1d6 RELEASE-NOTES: synced with 6fa10c8fa
6fa10c8fa setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
3b548ffde setopt: reintroduce non-static Curl_vsetopt() for OS400 support
fa3dbb9a1 http2: fix incorrect trailer buffer size
2a6dbb815 easy: fix connection ownership in curl_easy_pause
89f680473 system.h: Additionally check __LONG_MAX__ for defining curl_off_t
14d07be37 COPYING: it's 2018!
a8ce5efba progress: calculate transfer speed on milliseconds if possible
d4e40f069 scripts: allow all perl scripts to be run directly
e4f86025d mail-rcpt.d: fix short-text description
908a9a674 build: remove HAVE_LIMITS_H check
129390a51 openssl: fix memory leak of SSLKEYLOGFILE filename
272613df0 Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
481539e90 test1554: improve the error handling
593dcc553 test1554: add global initialization and cleanup
dc831260b curl_version_info.3: call the argument 'age'
58d7cd28a brotli: data at the end of content can be lost
a0f3eaf25 examples/cacertinmem: ignore cert-already-exists error
859ac3602 tool_getparam: Support size modifiers for --max-filesize
b399b0490 build: Fixed incorrect script termination from commit ad1dc10e61
a9b774a77 Makefile.vc: Added our standard copyright header
22fddb85a winbuild: Added support for VC15
ad1dc10e6 build: Added Visual Studio 2017 project files
d409640d6 build-wolfssl.bat: Added support for VC15
a4e88317d build-openssl.bat: Added support for VC15
c97648b55 curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
b43755789 examples/rtsp: fix error handling macros
f009bbe1f curl_easy_reset: release mime-related data.
4acc9d3d1 content_encoding: rework zlib_inflate
e639d4ca4 brotli: allow compiling with version 0.6.0.
9c6a6be88 CURLOPT_READFUNCTION.3: refer to argument with correct name
02f207a76 rand: add a clang-analyzer work-around
13ce373a5 krb5: fix a potential access of uninitialized memory
41982b6ac conncache: fix a return code [regression]
5d0ba70e1 curl: support >256 bytes warning messsages
188a43a8f libssh: fix a syntax error in configure.ac
7ef0c2d86 examples/smtp-mail.c: use separate defines for options and mail
621b24505 THANKS: added missing names
cc0cca1ba mailmap: added/clarified several names
9d7a59c8f setopt: less *or equal* than INT_MAX/1000 should be fine
2437dbbf1 vtls: replaced getenv() with curl_getenv()
ef5633d4b RELEASE-NOTES: synced with 3b9ea70ee
3b9ea70ee TODO: Expose tried IP addresses that failed
48c184a60 curl.1: mention http:// and https:// as valid proxy prefixes
76db03dd9 curl.1: documented two missing valid exit codes
63e58b8b4 CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference
671f0b506 Revert "curl: don't set CURLOPT_INTERLEAVEDATA"
4b6f3cff7 tests: mark data files as non-executable in git
98c572ed3 tests: update .gitignore for libtests
e959f16c5 multi_done: prune DNS cache
06a0a26fb mailmap: fixup two old git Author "aliases"
7ab4e7adb openssl: Disable file buffering for Win32 SSLKEYLOGFILE
b1b94305d RESOLVE: output verbose text when trying to set a duplicate name
bbea75ad6 CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
a4a56ec93 sftp: allow quoted commands to use relative paths
9fb5a943f CURLOPT_PRIVATE.3: fix grammar
179ee78e8 curl: remove __EMX__ #ifdefs
9dfb19483 openssl: improve data-pending check for https proxy
9ffad8eb1 curl: don't set CURLOPT_INTERLEAVEDATA
912324024 curl.h: remove incorrect comment about ERRORBUFFER
ebaab4d17 configure: add AX_CODE_COVERAGE only if using gcc
b5881d1fb curl: limit -# update frequency for unknown total size
546e7db78 BINDINGS: another PostgreSQL client
55e609890 CONNECT: keep close connection flag in http_connect_state struct
c103cac3c include: get netinet/in.h before linux/tcp.h
00cda0f9b openldap: fix checksrc nits
ff07f07cc openldap: add commented out debug possibilities
bb0ca2d44 examples: move threaded-shared-conn.c to the "complicated" ones
4fb85b87b RELEASE-NOTES: synced with b261c44e8
b261c44e8 URL: tolerate backslash after drive letter for FILE:
24dcd7466 tests: added netinet/in6.h includes in test servers
76ebd5417 configure: check for netinet/in6.h
0c65678e7 curl-config: add --ssl-backends
ea3a5d07d conncache: only allow multiplexing within same multi handle
415b8dff8 threaded-shared-conn.c: fixed typo in commenta
5254d8bf2 threaded-shared-conn.c: new example
07cb27c98 conncache: fix several lock issues
85f0133ea libssh: remove dead code in sftp_qoute
615edc1f7 sasl_getmesssage: make sure we have a long enough string to pass
440140946 libssh2: remove dead code from SSH_SFTP_QUOTE
6401ddad4 ssh-libssh.c: please checksrc
918530752 libssh: fixed dereference in statvfs access
8dad32bcf RESOURCES: update spec names
a08f5a77c libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS
8843c0939 libssh: no need to call sftp_get_error as ssh_get_error is sufficient
3cef6f22e libssh: fix minor static code analyzer nits
10bb0b471 openssl: pkcs12 is supported by boringssl
8eff32f0b travis: use pip2 instead of pip
b7f534597 lib582: do not verify host for SFTP
a2f396680 libssh: added SFTP support
c75c9d4fb symbols-in-versions: added new symbols with 7.56.3 version
05675ab5a .travis.yml: added build --with-libssh
38aef6dc4 libssh2: return CURLE_UPLOAD_FAILED on failure to upload
75427291e libssh2: send the correct CURLE error code on scp file not found
c92d2e14c Added support for libssh SSH SCP back-end
3973ee6a6 RELEASE-NOTES: synced with af8cc7a69
af8cc7a69 curlver: towards 7.57.1
4b4142491 lib: don't export all symbols, just everything curl_*
9194a9959 SSL: Avoid magic allocation of SSL backend specific data
744ee5838 examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
270494e1a travis: add boringssl build
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts commit 53f62bc5e5.
commit made the builders fail with
"Package kmod-igb is missing dependencies for the following libraries: hwmon.ko"
Signed-off-by: John Crispin <john@phrozen.org>
This fixes the following errors when doing "make package/install"
/home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l
ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory
flock: 1000: Bad file descriptor
Fixes FS#1260
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The IGB and IXGBE drivers depend on kmod-hwmon core now.
Fixes: af707a178f ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.
Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.
No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.
Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.
Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.
Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.
If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.
Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
Add support for hostapd's radius_client_addr in order to
force hostapd to send RADIUS packets from the correct source
interface rather than letting linux select the most appropriate.
Signed-off-by: Stephan Brunner <s.brunner@stephan-brunner.net>
Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.
Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
This commit finally bumps ARC tools to the most recent arc-2017.09 release version.
ARC GNU tools of version arc-2017.09 bring some quite significant changes like:
* Binutils v2.29 with additional ARC patches
* GCC 7.1.1 with additional ARC patches
More information on this release could be found here:
https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2017.09-release
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: John Crispin <john@phrozen.org>
Revert upstream commit 1bd773c077de "wireless: set correct mandatory rate
flags", as it breaks 11s interoperability: nodes can only associate when
neither or both have this patch. As this is a regression from released
versions, revert to the old code for now.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
So that it will not try to run c_rehash with the just built binaries on
certs/demo.
Fixesopenwrt/packages#5432
Reported-by: Val Kulkov <val.kulkov@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The iptables TRACE target is only available in raw table that's why the
dependency was moved from iptables-mod-trace into kmod-ipt-debug
Fixes FS#1219
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>