Commit Graph

15475 Commits

Author SHA1 Message Date
Stijn Tintel
c22cde2ea1 kernel: add kmod-fb-tft-ili9486
This module adds support for the ILI9486 LCD controller used in devices
like the Waveshare 3.5" and 4" LCD displays designed for Raspberry Pi.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-02-24 01:15:22 +02:00
Stijn Tintel
9f4a7de48a kernel: add kmod-fb-tft
This module adds support for small TFT LCD display modules. While this
module also exists in the 4.9 kernel, we are not going to support this
kernel in the next major release, so don't make it available for 4.9.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-02-24 01:15:22 +02:00
Stijn Tintel
4b3d17b709 kernel: add kmod-fb-sys-ram
The kernel modules that provide support for framebuffers in system RAM
are currently included in the kmod-drm-imx package. Move them to a
separate package, so that other modules can depend on them.

Increase the autoload order of the drm-imx* packages to load the modules
after loading the fb modules they depend on.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-02-24 01:15:05 +02:00
Stijn Tintel
e03deb8cae kernel: add kmod-iio-ccs811
This module supports the AMS CCS811 VOC sensor.
Tested on Raspberry Pi Zero W and ODROID C2.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-02-23 17:22:53 +02:00
Yousong Zhou
c17a68cc61 dnsmasq: prefer localuse over resolvfile guesswork
This makes it clear that localuse when explicitly specified in the
config will have its final say on whether or not the initscript should
touch /etc/resolv.conf, no matter whatever the result of previous
guesswork would be

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-02-23 01:58:20 +00:00
Rafał Miłecki
2d139450a3 mac80211: backport more brcmfmac changes queued for the 5.1
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-02-20 23:06:16 +01:00
Oever González
81adb132da ipq-wifi: update ipq-wifi for Linksys EA6350v3
This commit updates the file "board-linksys_ea6359v3".

Without this commit, the Linksys EA6350v3 will experience poor wireless
performance in both bands. With this patch, wireless performace will be
comparable to the performance of the stock firmware.

Signed-off-by: Oever González <notengobattery@gmail.com>
2019-02-20 18:51:31 +01:00
Christian Lamparter
d38789b559 firmware: ipq-wifi: mark packages as nonshared
The board-files are specific to the target and device. Hence
they need to be set as nonshared. Otherwise they do not show
up on the package repository. This causes problems for
imagebuilder, if it needs to build a image for a specific
device that hasn't had the time to have get its boardfile
upstream.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-02-20 18:51:31 +01:00
Daniel Golle
0b373bf4d6 uqmi: fix PIN_STATUS_FAILED error with MC7455 WCDMA/LTE modem
Apparently this modem replies differently to attempted --get-pin-status
which makes the script fail if a pincode is set. Fix this.

Manufacturer: Sierra Wireless, Incorporated
Model: MC7455
Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-02-20 15:16:24 +01:00
Arnout Vandecappelle (Essensium/Mind)
2e0f41e73a hostapd: add Multi-AP patches and config options
Cherry-pick Multi-AP commits from uptream:
 9c06f0f6a hostapd: Add Multi-AP protocol support
 5abc7823b wpa_supplicant: Add Multi-AP backhaul STA support
 a1debd338 tests: Refactor test_multi_ap
 bfcdac1c8 Multi-AP: Don't reject backhaul STA on fronthaul BSS
 cb3c156e7 tests: Update multi_ap_fronthaul_on_ap to match implementation
 56a2d788f WPS: Add multi_ap_subelem to wps_build_wfa_ext()
 83ebf5586 wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPS
 66819b07b hostapd: Support Multi-AP backhaul STA onboarding with WPS
 8682f384c hostapd: Add README-MULTI-AP
 b1daf498a tests: Multi-AP WPS provisioning

Add support for Multi-AP to the UCI configuration. Every wifi-iface gets
an option 'multi_ap'. For APs, its value can be 0 (multi-AP support
disabled), 1 (backhaul AP), 2 (fronthaul AP), or 3 (fronthaul + backhaul
AP). For STAs, it can be 0 (not a backhaul STA) or 1 (backhaul STA, can
only associate with backhaul AP).

Also add new optional parameter to wps_start ubus call of
wpa_supplicant to indicate that a Multi-AP backhaul link is required.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-20 13:17:11 +01:00
Daniel Golle
8554982e1f mac80211: rt2x00: replace pending by merged patches
Those have by now been merged into wireless-drivers-next:
 17ae2acd1a6f rt2x00: remove unneeded check
 5991a2ecd070 rt2x00: remove confusing AGC register
 9ad3b5565445 rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band
 7aca14885ede rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620
 c7ff1bfeaf1c rt2800: comment and simplify AGC init for RT6352

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-02-20 13:17:11 +01:00
Hauke Mehrtens
7878215a56 x86: Make kmod-drm-radeon and kmod-drm-amdgpu depend on x86
Currently these kernel packages only work on x86, restrict them to that
target.

Fixes: 2f239c02a0 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918ee9b ("x86: video: add radeon DRM module support")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-20 00:02:50 +01:00
Hans Dedecker
1bdd3b5f7d Revert "iproute2: use tc package variant to limit other package sizes"
This reverts commit e6d84fa886 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-19 15:22:28 +01:00
Hans Dedecker
de14f4301e Revert "iproute2: simplify linking libelf for eBFP/XDP object file support"
This reverts commit 26681fa6a6 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-19 15:22:28 +01:00
Hans Dedecker
566bfa417e Revert "iproute2: tc: enable and fix support for using .so plugins"
This reverts commit fc80ef3613 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and
rdma for the ip-full variant

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-19 15:22:28 +01:00
Hans Dedecker
96060b3018 Revert "iproute2: tc: reduce size of dynamic symbol table"
This reverts commit 248797834b as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-19 15:22:28 +01:00
Yousong Zhou
ec2a2a2aea dnsmasq: allow using dnsmasq as the sole resolver
Currently it seems impossible to configure /etc/config/dhcp to achieve
the following use case

 - run dnsmasq with no-resolv
 - re-generate /etc/resolv.conf with "nameserver 127.0.0.1"

Before this change, we have to set resolvfile to /tmp/resolv.conf.auto
to achive the 2nd effect above, but setting resolvfile requires noresolv
being false.

A new boolean option "localuse" is added to indicate that we intend to
use dnsmasq as the local dns resolver.  It's false by default and to
align with old behaviour it will be true automatically if resolvfile is
set to /tmp/resolv.conf.auto

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-19 13:06:06 +00:00
Daniel Golle
d4c999bb89 mac80211: rt2x00: backport accepted and pending patches from upstream
backport from wireless-drivers-next, replacing some existing patches in
our tree (marked with '=' are those which were already present):
 f483039cf51a rt2x00: use simple_read_from_buffer()
=5c656c71b1bf rt2800: move usb specific txdone/txstatus routines to rt2800lib
=0b0d556e0ebb rt2800mmio: use txdone/txstatus routines from lib
=5022efb50f62 rt2x00: do not check for txstatus timeout every time on tasklet
=adf26a356f13 rt2x00: use different txstatus timeouts when flushing
=0240564430c0 rt2800: flush and txstatus rework for rt2800mmio
 6eba8fd22352 rt2x00: rt2400pci: mark expected switch fall-through
 10bb92217747 rt2x00: rt2500pci: mark expected switch fall-through
 916e6bbcfcff rt2x00: rt2800lib: mark expected switch fall-throughs
 641dd8068ecb rt2x00: rt61pci: mark expected switch fall-through
 750afb08ca71 cross-tree: phase out dma_zalloc_coherent()
=c2e28ef7711f rt2x00: reduce tx power to nominal level on RT6352
 a4296994eb80 rt2x00: Work around a firmware bug with shared keys
 2587791d5758 rt2x00: no need to check return value of debugfs_create functions

pending on linux-wireless:
 rt2x00: remove unneeded check
 rt2x00: remove confusing AGC register
 rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band
 rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620
 rt2800: comment and simplify AGC init for RT6352
 rt2x00: do not print error when queue is full
 rt2800: partially restore old mmio txstatus behaviour
 rt2800: new flush implementation for SoC devices
 rt2800: move txstatus pending routine
 rt2800mmio: fetch tx status changes
 rt2800mmio: use timer and work for handling tx statuses timeouts
 rt2x00: remove last_nostatus_check
 rt2x00: remove not used entry field
 rt2x00mmio: remove legacy comment

While at it also rename some existing patches now that there are
separate folders with patches for each driver to make things a bit
nicer to handle.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-02-19 09:05:34 +01:00
Hans Dedecker
331963717b odhcpd: update to latest git HEAD
1f01299 config: fix build failure in case DHCPv4 support is disabled
67b3a14 dhcpv4: fix assignment of requested IP address
ca8ba91 dhcp: rework static lease logic
36833ea dhcpv6: rapid commit support
1ae316e dhcpv6: fix parsing of DHCPv6 relay messages
80157e1 dhcpv4: fix compile issue
671ccaa dhcpv6-ia: move function definitions to odhcpd.h
0db69b0 dhcpv6: improve code readibility
7847b27 treewide: unify dhcpv6 and dhcpv4 assignments
a54cee0 netlink: rework handling of netlink messages
9f25dd8 treewide: use avl tree to store interfaces
f21a0a7 treewide: align syslog tracing
edc5fb0 dhcpv6-ia: add full CONFIRM support
9d6eadf dhcpv6-ia: rework append_reply()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-18 16:11:32 +01:00
Rosy Song
93b984b78a samba36: allow build with no ipv6 support
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2019-02-17 19:22:39 +01:00
Paul Wassi
dc08514e6d uboot-kirkwood: update to 2019.01
Update U-Boot to current 2019.01 release for kirkwood platform

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2019-02-17 19:22:39 +01:00
Oldřich Jedlička
66e875a070 kernel: Added required dependencies for socket match.
This applies to kernel 4.10 and newer.

See 8db4c5be88

The above commit added to kernel 4.10 added new dependency
for building the NETFILTER_XT_MATCH_SOCKET (xt_socket.ko)
module. The NF_SOCKET_IPVx options (both of them) need to
be enabled in order to build the NETFILTER_XT_MATCH_SOCKET
module. Without the change the module is not built.

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
2019-02-17 19:22:39 +01:00
Lucian Cristian
2f239c02a0 x86: video: add amdgpu DRM kernel package
build amdgpu kernel as modules so it will find the firmware files

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-02-17 19:22:39 +01:00
Lucian Cristian
2f6918ee9b x86: video: add radeon DRM module support
add radeon module support so firmware can be loaded from userland

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-02-17 19:22:39 +01:00
Lucian Cristian
b06418016d linux-firmware: DRM: add amdgpu firmware
add firmware needed for amdgpu DRM display

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-02-17 19:22:39 +01:00
Lucian Cristian
22fdaa06b7 linux-firmware: DRM: add radeon firmware
add firmware needed for radeon DRM display

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-02-17 19:22:39 +01:00
Hauke Mehrtens
ce8226a971 strace: Only allow libdw or libunwind
These two dependencies are mutual exclusive and it is only possible to
select one of them, change the select to a chose so it is only possible
to select one of them in OpenWrt menu config.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-17 19:22:39 +01:00
Peter Wagner
b494734367 strace: fix configuration options
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2019-02-17 19:22:39 +01:00
Peter Wagner
0297610554 elfutils: fix DEPENDS for libelf
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2019-02-17 19:22:39 +01:00
Pawel Dembicki
d5f615bf2a sunxi: add support for Sinovoip Banana Pi M2 Plus
CPU: H3 Quad-core Cortex-A7 H.265/HEVC 4K @ 1.2 Ghz
GPU: Mali400MP2 GPU @ 600MHz (supports OpenGL ES 2.0)
Memory: 1GB DDR3 (shared with GPU)
Onboard: Storage TF card (Max. 64GB) / MMC card slot
Onboard: Network 10/100M Ethernet RJ45 (Realtek RTL8211E)
Onboard: Network BT4.0/WiFi 802.11 b/g/n (Ampak AP6212)
Onboard header: SPI, I2C, GPIO, UART
USB 2.0: Two USB 2.0 HOST, One USB 2.0 OTG

Untested:
Audio, Video

Not working:
Bluetooth

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2019-02-17 19:22:39 +01:00
Pawel Dembicki
1559682757 linux-firmware: broadcom: package 43430a0 FullMAC firmware
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2019-02-17 19:22:39 +01:00
Eneas U de Queiroz
ddee1825de openssl: patch to fix devcrypto sessions leak
Applies a patch from https://github.com/openssl/openssl/pull/8213
that fixes an error where open /dev/crypto sessions were not closed.
Thanks to Ansuel Smith for reporting it.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-17 19:22:35 +01:00
Tomasz Maciej Nowak
bb0e4f9fb0 build: remove leftovers from previous x86 commits
VBoxManage is not used and the image is created with proper permisions:
0f5d0f6  image: use internal qemu-img for vmdk and vdi images drop host
         dependencies on qemu-utils and VirtualBox

Unreachable config symbols:
9e0759e  x86: merge all geode based subtargets into one

No need to define those symbols since x86_64 is subtarget of x86:
196fb76  x86: make x86_64 a subtarget instead of a standalone target

Unreachable config symbols, so remove GRUB_ROOT:
371b382  x86: remove the xen_domu subtarget

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-02-17 18:22:40 +01:00
Rosen Penev
cd519abdbc mdadm: Update to 4.1
Tested on GnuBee PC1.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-02-17 17:33:18 +01:00
Deng Qingfang
f5db5742e4 iw: update to 5.0.1
Refresh patches

MIPS IPK size increases:
iw-tiny: +3k
iw-full: +10k

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
[Remove sha256, nan, bloom, measurements and ftm from tiny version]
[sync nl80211 between backports and iw]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-17 17:33:18 +01:00
Hauke Mehrtens
d48a8ed40d mac80211: update to version 4.19.23-1
This updates mac80211 to backports version 4.19.23-1 which includes all
the stable fixes from kernel 4.19.23.
The removed patches are included in this version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-17 17:33:18 +01:00
Jonas Gorski
c8a30172f8 dnsmasq: ensure test and rc order as older than final releases
Opkg treats text after a version number as higher than without:

 ~# opkg compare-versions "2.80rc1" "<<" "2.80"; echo $?
 1
 ~# opkg compare-versions "2.80rc1" ">>" "2.80"; echo $?
 0

This causes opkg not offering final release as upgradable version, and
even refusing to update, since it thinks the installed version is
higher.

This can be mitigated by adding ~ between the version and the text, as ~
will order as less than everything except itself. Since 'r' < 't', to
make sure that test will be treated as lower than rc we add a second ~
before the test tag. That way, the ordering becomes

  2.80~~test < 2.80~rc < 2.80

which then makes opkg properly treat prerelease versions as lower.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2019-02-17 16:55:24 +01:00
Felix Fietkau
5b6997dcb3 hostapd: update the fix for a race condition in mesh new peer handling
Prevent the mesh authentication state machine from getting reset on bogus
new peer discovery

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-17 16:06:44 +01:00
Felix Fietkau
f948aa4d4f hostapd: enable CONFIG_DEBUG_SYSLOG for wpa_supplicant
It was already enabled for wpad builds and since commit 6a15077e2d
the script relies on it. Size impact is minimal (2 kb on MIPS .ipk).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-17 13:05:14 +01:00
Alin Nastac
5241f9005c ipset: add support for hash(ip,mac)
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-17 12:00:02 +01:00
Hannu Nyman
94993a79f8 busybox: update to 1.30.1
Minor bugfix release. Fixes for
 * bc/dc
 * sed (backslash parsing for 'w' command)
 * ip (vlan fixes)
 * grep (fixes for -x -v)
 * ls (-i compat)

No need to refresh patches or config defaults

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2019-02-14 21:43:07 +01:00
Marius Genheimer
9ad3967f14 ipq40xx: add support for ASUS Lyra
SoC:   Qualcomm IPQ4019 (Dakota) 717 MHz, 4 cores
RAM:   256 MiB (Nanya NT5CC128M16IP-DI)
FLASH: 128 MiB (Macronix NAND)
WiFi0: Qualcomm IPQ4019 b/g/n 2x2
WiFi1: Qualcomm IPQ4019 a/n/ac 2x2
WiFi2: Qualcomm Atheros QCA9886 a/n/ac
BT:    Atheros AR3012
IN:    WPS Button, Reset Button
OUT:   RGB-LED via TI LP5523 9-channel Controller
UART:  Front of Device - 115200 N-8
       Pinout 3.3v - RX - TX - GND (Square is VCC)

Installation:
1. Transfer OpenWRT-initramfs image to the device via SSH to /tmp.
Login credentials are identical to the Web UI.

2. Login to the device via SSH.

3. Flash the initramfs image using

> mtd-write -d linux -i openwrt-image-file

4. Power-cycle the device and wait for OpenWRT to boot.

5. From there flash the OpenWRT-sysupgrade image.

Ethernet-Ports: Although labeled identically, the port next to
the power socket is the LAN port and the other one is WAN. This
is the same behavior as in the stock firmware.

Signed-off-by: Marius Genheimer <mail@f0wl.cc>
[Dropped setup_mac 02_network in favour of 05_set_iface_mac_ipq40xx.sh,
reorderd 02_network entries, added board.bin WA for the QCA9886 from ath79,
minor dts touchup, added rng to 4.19 dts]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-02-14 16:56:15 +01:00
Hans Dedecker
880f8e6d32 dnsmasq: add rapid commit config option
Add config option rapidcommit to enable support for DHCPv4 rapid
commit (RFC4039)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-13 10:37:36 +01:00
Eneas U de Queiroz
29b69e840a openssl: add package for openssl.cnf, misc changes
- Add the /etc/ssl/openssl.cnf as a separate package, to avoid breaking
  the transitional mechanism, allowing libopenssl_1.0* and
  libopenssl_1.1* to coexist.

- Remove the (selecting) dependency on @KERNEL_AIO

- Use global SOURCE_DATE_EPOCH

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 22:24:09 +01:00
Eneas U de Queiroz
2eeb2853ed openssl: optimizations based on ARCH/small flash
Add a patch to enable the option to change the default ciphersuite list
ordering to prefer ChaCha20 over AES-GCM.  This is used by default for
all platforms, except for x86_64 and aarch64. The assumption is that
only the latter have AES-specific CPU instructions and asm code that
uses them in openssl.  Chacha20Poly1305 is 3x faster than AES-256 in
systems without AES instructions, with an equivalent strength.

Disable error messages by default except for devices with small flash or
RAM, to aid debugging.

Disable ASM by default on arm platform with small flash.  Size
difference on mips and powerpc, the other platforms with small flash
devices, are not really relevant (using 100K as a threshold).  All of
the affected platforms are source-only anyway.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 22:24:09 +01:00
Eneas U de Queiroz
d872d00b2f openssl: update to version 1.1.1a
This version adds the following functionality:
  * TLS 1.3
  * AFALG engine support for hardware accelleration
  * x25519 ECC curve support
  * CRIME protection: disable use of compression by default
  * Support for ChaCha20 and Poly1305

Patches fixing bugs in the /dev/crypto engine were applied, from
https://github.com/openssl/openssl/pull/7585

This increses the size of the ipk binray on MIPS32 by about 32%:
old:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

new:
912.493 bin/packages/mips_24kc/base/libopenssl1.1_1.1.1a-2_mips_24kc.ipk
239.316 bin/packages/mips_24kc/base/openssl-util_1.1.1a-2_mips_24kc.ipk

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 22:23:26 +01:00
Eneas U de Queiroz
be3892284c openssl: add configuration options, disable ssl3
Adds the following configuration options:
* using optimized assembler code (was always on before)
* use of x86 SSE2 instructions
* dyanic engine support
* include error messages
* Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms
* RFC3779, CMS protocols
* VIA padlock hardware acceleration engine

Installs openssl.cnf with the library as it is used by engines
independent of the openssl util.

Fixes DTLS option that was innefective before.

Disables insecure SSL3 protocol and SHA0.

Adds openwrt-specific targets to Configure script, including asm support
for i386, ppc and mips64.

Strips building dirs from CFLAGS shown in binary.

Skips the fuzz directory during build.

Removed include/crypto/devcrypto.h that was included here, to use the
cryptodev-linux package, now that it was been moved from the packages
feed to the main openwrt repository.

This decreses the size of the ipk binray on MIPS32 by about 3.3%:
old:
706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

new:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 21:14:46 +01:00
Felix Fietkau
b044b52ab9 base-files: fix ucert verification
ucert needs to check the firmware part with metadata, but without the signature.
Use the new fwtool mode to extract that without altering the firmware image inside
the check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-12 16:42:03 +01:00
Felix Fietkau
8f4e31ea6e fwtool: add support for extracting the truncated data part to stdout
This allows extracing the firmware + metadata from a signed firmware without
altering the original image file

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-12 16:41:38 +01:00
Felix Fietkau
d5681e45f0 fwtool: do not strip metadata if extracting signature
This allows the signature to cover the metadata area

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-12 16:41:38 +01:00