Always build AES-GCM support.
Unnecessary patches were removed.
This includes two vulnerability fixes:
CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK
extension parsing.
CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
It seems bzip2 was abandoned by the author and adopted by the sourceware
people. The last release of bzip2 was from 2010.
Several security bugs were fixed as well as others.
Fixed up PKG_LICENSE to be compatible with SPDX.
Changed URLs to point to the new home.
Added patch that gets rid of deprecated utime function and switches it to
utimensat.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The removed patches were applied upstream.
The type of the RT2X00_LIB_EEPROM config option was changed to bool,
because boolean is an invalid value and the new kconfig system
complained about this.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This commit will activate CONFIG_IEEE80211W for all, but the mini
variant when at least one driver supports it. This will add ieee80211w
support for the mesh variant for example.
Fixes: FS#2397
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Unconditionally execute the final case statement, even if the disk layout
changed. This is necessary, to keep the original Turris Omnia flash
instructions working: The disk layout WILL change, when switching from
TurrisOS to OpenWRT. Without updating the uboot environment at the same
time, the user would end up with an unbootable system.
Fixes commit 2e5a0b81ec ("mvebu: sysupgrade: sdcard: keep user added ...")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
OpenWrt will run out of RAM while booting with the default package set,
so let's not provide images that will likely fail. They can still be
built manually through source or IB if needed.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Bump to latest git HEAD
509e673 firewall3: Improve ipset support
The enabled option did not work properly for ipsets, as it was not
checked on create/destroy of a set. After this commit, sets are only
created/destroyed if enabled is set to true.
Add support for reloading, or recreating, ipsets on firewall reload. By
setting "reload_set" to true, the set will be destroyed and then
re-created when the firewall is reloaded.
Add support for the counters and comment extensions. By setting
"counters" or "comment" to true, then counters or comments are added to
the set.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This commit unifies the LED mapping of the AVM Fritz!Box routers, which
have a combined Power/DSL LED.
With the stock firmware, the Power LED has the following
characteristics:
- Blink when DSL sync is being established
- Solid when DSL sync is present
We can't completely resemble this behavior in OpenWrt. Currently, the
Power LED is completely off, when DSL sync is missing. This is not
really helpful, as a user might have the impression, that he bricked his
device.
Instead, map the Info-LED to the state of the DSL connection.
There is no consistent behavior for the Info-LED in the stock
firmware, as the user can set it's function by himself. The DSL
connection state is one possible option for the Info LED there.
Also use the red Power LED to indicate a running upgrade, in case the
board has a two-color Power LED.
Signed-off-by: David Bauer <mail@david-bauer.net>
This device has not been supported in ar71xx, so there is no need
for an explicit SUPPORTED_DEVICES entry.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The TP-Link TL-WR842N v3 has a software-controllable Power LED. The WPS
LED is normally only used as a System LED, when the Power LED can't be
controlled by software.
Additionally, the Power LED is also the System LED for this board in
ar71xx.
Signed-off-by: David Bauer <mail@david-bauer.net>
The AVM Fritz!Box 7530 (and probably other AVM IPQ4019 NAND devices)
has it's caldata not stored consistently, but instead at currently
3 known possible offsets.
As we get a non-zero exit code from fritz_cal_extract, simply try all
three possible offsets on both bootloader partitions, until a matching
caldata for each radio is found.
Reported-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
This changes size and offset set for WiFi caldata extraction and
MAC address adjustment to hexadecimal notation.
This will be much clearer for the reader when numbers are big, and
will also match the style used for mtd-cal-data in DTS files.
Since dd cannot deal with hexadecimal notation, one has to convert
back to decimal by simple $(($hexnum)).
Acked-by: Alexander Couzens <lynxis@fe80.eu>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This changes the offsets for the MAC address location in
mtd_get_mac_binary* and mtd_get_mac_text to hexadecimal notation.
This will be much clearer for the reader when numbers are big, and
will also match the style used for mtd-mac-address in DTS files.
(e.g. 0x1006 and 0x5006 are much more useful than 4102 and 20486)
Acked-by: Alexander Couzens <lynxis@fe80.eu>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
For x86/64 (maybe more) target the SUPPORTED_DEVICES variable is empty
which causes the `&&` junction to fail, producing a non zero exit code.
Tested-by: Paul Spooren <mail@aparcar.org>
Fixed-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Paul Spooren <mail@aparcar.org>
Allow overriding the default selection state for Devices, similar to
setting a default for packages.
E.g. by setting DEFAULT to n, they won't be selected by default anymore
when enabling all device in the multi device profile.
This allows preventing images being built by the default config for
known broken devices, devices without enough RAM/flash, or devices not
working with a certain kernel versions.
This does not prevent the devices from being manually selected or images
being built by the ImageBuilder. These devices often still have worth
with a reduced package-set, or as a device for regression testing, when
no better device is available.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
The manifest file is based on IMG_PREFIX and PROFILE_SANITIZED, whereas
the latter takes a string like DEVICE_8dev_carambola2 and sanitizes it.
This behaviour results in a useless "device_" profile-prefix in the
device manifest filename. Now uses *subst* to remove that.
Therefore this patch results more consistent device file names:
openwrt-ath79-generic-8dev_carambola2-initramfs-kernel.bin
openwrt-ath79-generic-8dev-carambola2.manifest
openwrt-ath79-generic-8dev_carambola2-squashfs-sysupgrade.bin
instead of a single file being called
openwrt-ath79-generic-device_8dev-carambola2.manifest
Signed-off-by: Paul Spooren <mail@aparcar.org>
generate feeds.buildinfo and version.buildinfo in build dir after
containing the feed revisions (via ./scripts/feeds list -sf) as well as
the current revision of buildroot (via ./scripts/getver.sh).
With this information it should be possible to reproduce any build,
especially the release builds.
Usage would be to move feeds.buildinfo to feeds.conf and git checkout the
revision hash of version.buildinfo.
Content of feeds.buildinfo would look similar to this:
src-git routing https://git.openwrt.org/feed/routing.git^bf475d6
src-git telephony https://git.openwrt.org/feed/telephony.git^470eb8e
...
Content of version.buildinfo would look similar to this:
r10203+1-c12bd3a21b
Without the exact feed revision it is not possible to determine
installed package versions.
Also rename config.seed to config.buildinfo to follow the recommended
style of https://reproducible-builds.org/docs/recording/
Signed-off-by: Paul Spooren <mail@aparcar.org>
GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed style
diff payload with shell metacharacters. The ed editor does not need to be
present on the vulnerable system. This is different from CVE-2018-1000156.
https://nvd.nist.gov/vuln/detail/CVE-2019-13638
Signed-off-by: Russell Senior <russell@personaltelco.net>
This version bump includes a bunch of fixes and improvements, which
should fix gpsd build breakage in the package feeds.
Ref: https://github.com/SCons/scons/blob/master/src/CHANGES.txt
Signed-off-by: Russell Senior <russell@personaltelco.net>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This replaces gpio-export by gpio-hogs and switches buttons
to interrupt-driven gpio-keys.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Revert "mac80211: add new minstrel_ht patches to improve probing on mt76x2" (9861050b85)
Revert "kernel: use bulk free in kfree_skb_list to improve performance" (98b654de2e)
Revert "ramips: add preliminary support for WIO ONE" (085141dc5b)
Revert "ramips: add preliminary support for SGE AP-MTKH7-0006 developer board" (b1db6d0539)
Revert "build: use config.site generated by autoconf-lean, drop hardcoded sitefiles" (363ce4329d)
Revert "toolchain: add autoconf-lean" (fdb30eed03)
Revert "build: allow overriding the filename on the remote server when downloading" (6fa0e07758)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Github releases usually don't contain the project name in the release
filename, which makes them very inconvenient to use from the build
system. Add support for naming the local file differently.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Force prereq again in SDK in order to fix GCC and Python dangling
symlinks:
staging_dir/host/bin/g++ -> /builder/ath79_generic/ccache_cxx.sh
staging_dir/host/bin/gcc -> /builder/ath79_generic/ccache_cc.sh
staging_dir/host/bin/python -> /usr/bin/python3.5
staging_dir/host/bin/python3 -> /usr/bin/python3.5
Ref: FS#2424
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Lan and Wan addresses are swapped compared to the original firmware.
This patch fixes this problem
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
The AVM Fritz!Box 7412 does not use the VMMC part of the Lantiq chip but
rather a proprietary solution based on the DECT chip for the FXS ports.
Therefore, the second VPE can be enabled for use with OpenWrt.
Signed-off-by: David Bauer <mail@david-bauer.net>
The AVM FRITZ!Box 7412 buttons are both active low, which is currently
incorrectly defined in the device-tree.
This leads to the device booting directly into failsafe.
Signed-off-by: David Bauer <mail@david-bauer.net>
In commit d93969a13a ("ramips: Improve compatible for TP-Link
Archer devices") and subsequent ones, names of several devices
in ramips have been changed.
Since LED names are frequently invoked by $boardname, this has
broken LED setup in 01_leds, as $boardname and prefix in DTS
do not match anymore.
This patch updates device name prefixes for LEDs in DTS files,
and provides a migration script.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
When adding support in 9ed272fe95 ("ath79: add support for
Comfast WR650AC v1/v2"), IMAGE_SIZE has not been added to device
definition.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
ar71xx got lost during final rebase ..
Fixes: b417a0c48d ("ar71xx/ath79: ag71xx: init rings with GFP_KERNEL")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Upstream commit 246902bdf562d45ea3475fac64c93048a7a39f01
Which contains following explanation:
--
There is no need to use GFP_ATOMIC here, GFP_KERNEL should be enough.
The 'kcalloc()' just a few lines above, already uses GFP_KERNEL.
--
Looking at the code, all other descriptors also use plain GFP_KERNEL
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
