Last release of libnetfilter-queue was in 2012.
There don't seem to be any release tarballs since then.
This updates it to a more recent version, pointing to the git repo.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This is helpful for Orion-based NAS boxes that have the XOR engine enabled
since it provides faster software RAID.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
The harddisk target is for NAS boxes, so set the DEVICE_TYPE accordingly so we
get a sensible default package selection.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Enable support for this machine in the kernel and also produce valid image
files with the correct machine id.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Utilize the existing git download logic from include/download.mk and migrate
the kernel download over to it. This avoids repeatedly cloning kernel sources
after a make target/linux/clean for instance.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix build error]
This is going to be used to migrate the hand rolled git clone for the kernel
into using the git download method. The kernel uses custom options that we may
have to pass down.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Needed to work around ethernet hang issues on Ubiquiti NanoStation Loco XW,
because ar71xx is not converted to device tree yet.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
By default, forwarding between all ports is allowed on init. This is
problematic in cases where some ports are supposed to be isolated from
each other, most commonly LAN/WAN separation.
REG_ESW_PORT_PCR(port) has a destination mask for a particular port,
controlling what other ports it is allowed to send packets to.
Instead of initializing all to 0xff (all ports), allow each physical
port to send to the CPU port, and the CPU port to send to all other
ports.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes the partition name for the firmware splitter, the cfi
address and adds the mtd-eeprom address for wmac. It adds additional
LEDs and make use of them in diag.sh and 01_leds.
Please note that the ":blue:wired" LED is used because the
":blue:router" behaviour is unpredictable for failsafe indication. The
issue with the router LED is that you have two states only.
"off" is steady on and "on" blinks. Therefore the wired LED is more
suitable.
Furthermore it reuses the correct switch configuration definition to
reflect the device ports and numbering. Additionally fixes the issue
that the default configuration is not applied as no port 6 exists on
this device.
Signed-off-by: Tobias Wolf <github-NTEO@vplace.de>
sysupgrade command fails due to missing U-Boot environment-processing
binaries on sysupgrade ramdisk. The missing binaries result in the
following output:
Switching to ramdisk...
Performing system upgrade...
ash: /usr/sbin/fw_printenv: not found
ash: fw_setenv: not found
ash: touch: not found
cannot find target partition
Signed-off-by: Vignesh Balasubramaniam <vigneshb.hp@gmail.com>
The name from the Device define will be used in the metadata. Due to
typo/different spelling, this name might not match the one exported in
/lib/mvebu.sh.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This fixes the following security problems:
CVE-2016-7440: Software AES table lookups do not properly consider cache-bank access times
CVE-2016-7439: Software RSA does not properly consider cache-bank monitoring
CVE-2016-7438: Software ECC does not properly consider cache-bank monitoring
SWEET32 Attack
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Support for MIPS toolchains without FPU support was added upstream,
so remove our patch.
patches/310-mips-link-tool.patch was a backport form this version of valgrind
src/abort.c is not referenced anywhere
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the following security problems:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Change getver.sh to append a short Git commit hash to the end of the artifical
revision number. This way we still have order- and comparable commit numbers
but also a direct relation to the Git commit.
The new output format will look like "r2400+2-882472e" for dirty trees or like
"r2402-882472e" for clean ones.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Move the revision info to the VERSION_CODE variable and default VERSION_NUMBER
to CURRENT for master branch builds.
Also introduce a new menuconfig option CONFIG_VERSION_CODE which allows users
to override the revision value put into VERSION_CODE and adjust the template
files used by the base-files package to accomodate for the changed semantics.
While we're at it, also adjust the various URLs to match the current web site.
After this commit, the relevent files will look like the examples given below:
# cat /etc/openwrt_version
r2398+1
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='CURRENT'
DISTRIB_REVISION='r2398+1'
DISTRIB_CODENAME='reboot'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Reboot CURRENT r2398+1'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="CURRENT, Reboot"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Reboot CURRENT"
VERSION_ID="current"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2398+1"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Reboot CURRENT r2398+1"
On a release branch, those files would look like:
# cat /etc/openwrt_version
r2399
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='16.12-CURRENT'
DISTRIB_REVISION='r2399'
DISTRIB_CODENAME='test_release'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Test Release 16.12-CURRENT r2399'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="16.12-CURRENT, Test Release"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Test Release 16.12-CURRENT"
VERSION_ID="16.12-current"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2399"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Test Release 16.12-CURRENT r2399"
On a release tag, those files would look like:
# cat /etc/openwrt_version
r2500
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='17.02.1'
DISTRIB_REVISION='r2500'
DISTRIB_CODENAME='mighty_unicorn'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Mighty Unicorn 17.02.1 r2500'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="17.02.1, Mighty Unicorn"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Mighty Unicorn 17.02.1"
VERSION_ID="17.02.1"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2500"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Mighty Unicorn 17.02.1 r2500"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
Sadly, LibreSSL claims to be OpenSSL v2.0.0 while not providing the new
interfaces introduced with OpenSSL v1.1.x, so extend the pre-OpenSSL 1.1.x
compat checks to consider LibreSSL as well.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
use pwr LED in diag.sh
Expose unused pinmux pins as GPIOs
export power LED and buzzer pins
Use rb750gr3:blue:pwr LED in diag.sh for boot status instead of rb750gr3:green:usr
Signed-off-by: Andrew Yong <me@ndoo.sg>
Imported from https://source.codeaurora.org/quic/qsdk/system/openwrt/commit/?h=korg/linux-3.4.y/release/arugula_bb_cs&id=2be4f8a8b205ae1a37db44839864451ebe893e6e
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
Enable flow control of LAN and WAN ports to
get better performance.
Setup pvid as 0 for all ports during initialisation
to avoid confusion during system or switch INIT.
Disable PORT MAC before config MAC to avoid it work abnormal.
This change is for IR-054144, IR-057315.
Change-Id: I345f3dffa59ad3f97150e09692723da12a7b1067
Signed-off-by: Zou Shunxiang <shunxian@codeaurora.org>
Signed-off-by: xiaofeis <xiaofeis@codeaurora.org>
Imported from e1aaf7ec00%5E%21/#F0
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
CHROMIUM: net: ar8216: address security vulnerabilities in swconfig & ar8216
This patch does the following changes:
*address the security vulnerabilities in both swconfig framework and in
ar8216 driver (many bound check additions, and turned swconfig structure
signed element into unsigned when applicable)
*address a couple of whitespaces and indendation issues
BUG=chrome-os-partner:33096
TEST=none
Change-Id: I94ea78fcce8c1932cc584d1508c6e3b5dfb93ce9
Signed-off-by: Mathieu Olivari <mathieu@codeaurora.org>
Reviewed-on: https://chromium-review.googlesource.com/236490
Reviewed-by: Toshi Kikuchi <toshik@chromium.org>
Commit-Queue: Toshi Kikuchi <toshik@chromium.org>
Tested-by: Toshi Kikuchi <toshik@chromium.org>