5e1bc34 ustream-openssl: clear error stack before SSL_read/SSL_write
f7f93ad add support for specifying usable ciphers
Also bump the ABI version since the layout of `struct ustream_ssl_ops`
changed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
There is a restriction in the number of parameters(10) that may be passed to
the SetupHostCommand macro so continually adding explicit gcc'n' version
checks ends up breaking the compiler check for the later versions and
oddballs like Darwin as was done in 835d1c68a0 which added gcc10.
Drop all the explicitly specified gcc version checks. If a suitable gcc
compiler is not found, it may be specified at the dependency checking
stage after which that version will be symlinked into the build staging
host directory.
eg. 'CC=gccfoo CXX=g++foo make prereq'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Jo-Philipp Wich <jo@mein.io>
In the geode subtarget all default x86 features were overwritten via :=
instead of extending them via +=.
This patch fixes the inheritance and thereby the compilation of
x86/geode target.
Compile tested x86/geode.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The x86 image generation was refacted via cb007a7bf6 and accidently not
included `geode.mk` when selected as subtarget.
Now the file is included and image compilation for x86/geode works
again.
Thanks to Russell Senior <russell@personaltelco.net> for reporting the
problem and suggesting a patch!
Signed-off-by: Paul Spooren <mail@aparcar.org>
Lets add GCC 10 detection to the build system as distributions like Fedora 32 have started shipping with it.
Some tools like mtd-utils need work to compile under GCC10, but that will be next step.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
This patch prepares the WNDR4700 to use the HDD sensor for
the thermal zone. While the kernel's thermal.txt device-tree
binding documentation files talks about supporting multiple
sensors for a zone. This sadly is NOT the case. Even the most
current upstream kernels (5.6-rc) supports just >one< sensor
per zone: (driver/base/of-thermal.c:886)
| * REVIST: for now, the thermal framework supports only
| * one sensor per thermal zone. Thus, we are considering
| * only the first two values as slope and offset.
I do hope that this warning will prevent others wasteing time
on trying to figure out why their multi-sensor thermal-zones
definitions are not working as specified.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds the hwmon-drivetemp to the device.
It also adds device-tree bindings. This can be useful to
automate external fans which can be controlled for example
by either an unused sata-port or by the usb-power regulator.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch follows the other patches that added the watchdog
core to various (armvirt, malta, ath79, ...) targets that
have been hit by the following build error:
Package kmod-hwmon-sch5627 is missing dependencies for the following libraries:
watchdog.ko
In theory, we could have just added the CONFIG_WATCHDOG_CORE=y
to the Kconfig variable of kmod-hwmon-sch5627's package definition.
This would have forced the watchdog core to be builtin and less
architectures would need to be updated. But we might as well follow
through here.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Add option 'scriptarp' to uci dnsmasq config to enable --script-arp functions.
The default setting is false, meaning any scripts in `/etc/hotplug.d/neigh` intended
to be triggered by `/usr/lib/dnsmasq/dhcp-script.sh` will fail to execute.
Also enable --script-arp if has_handlers returns true.
Signed-off-by: Jordan Sokolic <oofnik@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
The reset assert and deassert methods currently miss
a return value, leading to a compilation warning.
Return the return-value of reset_control_assert and
reset_control_deassert to fix these warnings.
Suggested-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Signed-off-by: David Bauer <mail@david-bauer.net>
This fixes the compilation of the AR934x NAND controller
driver for kernel 5.4 while leaving it untouched for
kernel 4.19.
This change is currently not run-tested, as i do not have such
a device at hand.
CC: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
CC: André Valentin <avalentin@marcant.net>
CC: WeiDong Jia <jwdsccd@gmail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
This time DTS fix, again from Sungbo Eo <mans0n@gorani.run>
ARM: dts: oxnas: Fix clear-mask property
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
9f5a7c4 iwinfo: add missing HT modename for HT-None
06a03c9 Revert "iwinfo: add BSS load element to scan result"
9a4bae8 iwinfo: add device id for Qualcomm Atheros QCA9990
eba5a20 iwinfo: add device id for BCM43602
a6914dc iwinfo: add BSS load element to scan result
bb21698 iwinfo: add device id for Atheros AR9287
7483398 iwinfo: add device id for MediaTek MT7615E
Signed-off-by: David Bauer <mail@david-bauer.net>
The Uniquiti AC Pro and Ubiquiti AC Mesh Pro currently have the
"Primary" and "Secondary" ethernet ports configured to offer LAN as well
as WAN. However, Uiquiti describes the following behavior for the
devices Ethernet ports:
> Secondary UniFi Access Point (UAP) Ethernet ports don't
> provide PoE passthrough (to run current to a second powered
> device), but they do support data passthrough.
> It serves as a bridged interface between main / secondary
> Ethernet port.
To reduce confusion for users (as LAN and WAN functionality is not
visible on the device itself), configure both ports to offer LAN
functionality. Users can still configure a WAN interface on a port they
are able to choose.
CC: Lucian Cristian <lucian.cristian@gmail.com>
Reported-by: Florian Klink <flokli@flokli.de>
Signed-off-by: David Bauer <mail@david-bauer.net>
In order to build squashfskit with GCC10, this backport from upstream is needed.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
[increase PKG_RELEASE]
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
This patch adds support for the Ubiquiti NanoBridge M (XM), a
802.11n wireless with a feed+dish form factor, with the same board
definition as the Bullet M (XM).
Specifications:
- Atheros AR7241 SoC
- 32 MB RAM
- 8 MB SPI flash
- 1x 10/100 Mbps Ethernet port, 24 Vdc PoE-in
- Power and LAN green LEDs
- 4x RSSI LEDs (red, orange, green, green)
- UART (115200 8N1)
Flashing via stock GUI:
- WARNING: flashing OpenWrt from AirOS v5.6 or newer will brick your
device! Read the wiki for more info.
- Downgrade to AirOS v5.5.x (latest available is 5.5.11) first.
- Upload the factory image via AirOS web GUI.
Flashing via TFTP:
- WARNING: flashing OpenWrt from AirOS v5.6 or newer will brick your
device! Read the wiki for more info.
- Downgrade to AirOS v5.5.x (latest available is 5.5.11) first.
- Use a pointy tool (e.g., pen cap, slotted screwdriver) to keep the
reset button pressed.
- Power on the device (keep reset button pressed).
- Keep pressing until LEDs flash alternatively LED1+LED3 =>
LED2+LED4 => LED1+LED3, etc.
- Release reset button.
- The device starts a TFTP server at 192.168.1.20.
- Set a static IP on the computer (e.g., 192.168.1.21/24).
- Upload via tftp the factory image:
$ tftp 192.168.1.20
tftp> bin
tftp> trace
tftp> put openwrt-ath79-generic-xxxxx-ubnt_nanobridge-m-squashfs-factory.bin
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
[rebase, fix includes in DTS, add label MAC address, add SOC and
fix sorting in generic-ubnt.mk]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Use "truncate" to adjust size of existing file instead of "dd" which
required creating a copy. This saves space on tmpfs. It may be as low
as 2.1 MiB when using OpenWrt default user space and way more (20+ MiB)
when flashing vendor firmware.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Now that check-size uses IMAGE_SIZE by default, we can skip the argument from
image recipes to reduce redundancy.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[do not touch ar71xx]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
In most cases check-size is used with IMAGE_SIZE and vice versa. Let check-size
use IMAGE_SIZE by default.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Place DEVICE_VARS assignments at the top of the file or above Device/Default
to make them easier to find.
For ramips, remove redundant values already present in parent file.
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[do not touch ar71xx, extend commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This adds support for the Ubiquiti Bullet M (AR7240).
Specifications:
- AR7240 SoC @ 400 MHz
- 32 MB RAM
- 8 MB SPI flash
- 1x 10/100 Mbps Ethernet, 24 Vdc PoE-in
- External antenna
- POWER/LAN green LEDs
- 4x RSSI LEDs (red, orange, green, green)
- UART (115200 8N1) on PCB
Flashing via WebUI:
Upload the factory image via the stock firmware web UI.
Attention: airOS firmware versions >= 5.6 have a new bootloader with
an incompatible partition table!
Please downgrade to <= 5.5 _before_ flashing OpenWrt!
Refer to the device's Wiki page for further information.
Flashing via TFTP:
Same procedure as other Ubiquiti M boards.
- Use a pointy tool (e.g., pen cap, paper clip) and keep the reset
button on the device or on the PoE supply pressed
- Power on the device via PoE (keep reset button pressed)
- Keep pressing until LEDs flash alternatively LED1+LED3 =>
LED2+LED4 => LED1+LED3, etc.
- Release reset button
- The device starts a TFTP server at 192.168.1.20
- Set a static IP on the computer (e.g., 192.168.1.21/24)
- Upload via tftp the factory image:
$ tftp 192.168.1.20
tftp> bin
tftp> trace
tftp> put openwrt-ath79-generic-xxxxx-ubnt_bullet-m-ar7240-squashfs-factory.bin
The "fixed-link" section of the device tree is needed to avoid errors like this:
Generic PHY mdio.0:1f:04: Master/Slave resolution failed, maybe conflicting manual settings?
With "fixed-link", the errors go away and eth0 comes up reliably.
Signed-off-by: Russell Senior <russell@personaltelco.net>
[fix SUPPORTED_DEVICES]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The v5.4 kernel already works much better than v4.19
as so many things got upstreamed so let's just bump
it to kernel v5.4.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
This adds a kernel config file for the v5.4 gemini
kernel.
No major changes compared to v4.19, mainly
CONFIG_MTD_PHYSMAP_OF_GEMINI was renamed to
CONFIG_MTD_PHYSMAP_GEMINI.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
[select UNWINDER_ARM, set CONFIG_DRM_FBDEV_OVERALLOC, drop
dropped 4.19 symbols, kernel config refreshed]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This adds the kernel patches needed for the Gemini.
Just 7 patches, 5 of them are already upstream.
Notably we incorperate the temperature sensor on the
hard drive to drive temperature control of the NAS
chassis. This is required for the DIR-685 which has
no external temperature sensor.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
[use the drivetemp package over the backport]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
These have been discovered by the gemini 5.4 patches.
This is because one of the devices uses the FBDEV emulation.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch backports the hwmon drivetemp sensor module from vanilla
linux 5.5 to be available on OpenWrt's 5.4 kernel.
Extract from The upstream commit by Guenter Roeck <linux@roeck-us.net>:
hwmon: Driver for disk and solid state drives with temperature sensors
"Reading the temperature of ATA drives has been supported for years
by userspace tools such as smarttools or hddtemp. The downside of
such tools is that they need to run with super-user privilege, that
the temperatures are not reported by standard tools such as 'sensors'
or 'libsensors', and that drive temperatures are not available for use
in the kernel's thermal subsystem.
This driver solves this problem by adding support for reading the
temperature of ATA drives from the kernel using the hwmon API and
by adding a temperature zone for each drive.
With this driver, the hard disk temperature can be read [...]
using sysfs:
$ grep . /sys/class/hwmon/hwmon9/{name,temp1_input}
/sys/class/hwmon/hwmon9/name:drivetemp
/sys/class/hwmon/hwmon9/temp1_input:23000
If the drive supports SCT transport and reports temperature limits,
those are reported as well.
drivetemp-scsi-0-0
Adapter: SCSI adapter
temp1: +27.0<C2><B0>C (low = +0.0<C2><B0>C, high = +60.0<C2><B0>C)
(crit low = -41.0<C2><B0>C, crit = +85.0<C2><B0>C)
(lowest = +23.0<C2><B0>C, highest = +34.0<C2><B0>C)
The driver attempts to use SCT Command Transport to read the drive
temperature. If the SCT Command Transport feature set is not available,
or if it does not report the drive temperature, drive temperatures may
be readable through SMART attributes. Since SMART attributes are not well
defined, this method is only used as fallback mechanism."
This patch incorperates a patch made by Linus Walleij:
820-libata-Assign-OF-node-to-the-SCSI-device.patch
This patch is necessary in order to wire-up the drivetemp
sensor into the device tree's thermal-zones.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This version includes bug and security fixes, including medium-severity
CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This adds commented configuration help for the alternate, afalg-sync
engine to /etc/ssl/openssl.cnf.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Sungbo Eo <mans0n@gorani.run> submitted another patch fixing an error
on reboot:
irqchip/versatile-fpga: Apply clear-mask earlier
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
qemustart allows easy testing of created images via `qemu`. The script
automatically selects created images and can setup e.g. networks.
As the x86 target now uses the generic image.mk the profile appears also
in the image name, this is *generic*.
Add the profile name to the qemustart script so it still finds the file.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The previous image generation code would always gzipped images.
This patch changes the behaviour and only compresses images when
selected in menuconfig.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Rely on device profiles instead for packages selection.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebase, adjusted commit title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
This commit introduces few related changes which need to be done in
single commit to keep images buildable between git revisions. In result
it retains all previous image creation possibilities with slight name
change of generated images. Brief summary of the commit:
* Split up image generation recipe to smaller chunks to make it more
generic and reusable.
* Make iso images x86 specific and drop their definition as root
filesystem.
* Convert image creation process to generic code specified in image.mk.
* Make geode subtarget inherit features from the main target instead of
redefining them.
* For subtargets create device definitions with basic packages set.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebased]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Let the grub2 package take care of creating installable grub2 images,
this will allow creating grub2 images without first calling x86 image
generation recipe. Also as side effect, since those images are now
shared, it'll reduce the number of calling grub-mkimage.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebase, adjusted commit title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fix header change that was done for kernel but 4.19 got missed for 5.4.
Solves nasty errors like:
8.4.0_musl/include/linux/netfilter/xt_CONNMARK.h:5,
from connmark_listener.c:30:
/builder/shared-workdir/build/sdk/staging_dir/toolchain-aarch64_cortex-a53_gcc-8.4.0_musl/include/linux/netfilter/xt_connmark.h:23:2: error: enumerator value for 'XT_CONNMARK_VALUE' is not an integer constant
XT_CONNMARK_VALUE = BIT(0),
^~~~~~~~~~~~~~~~~
/builder/shared-workdir/build/sdk/staging_dir/toolchain-aarch64_cortex-a53_gcc-8.4.0_musl/include/linux/netfilter/xt_connmark.h:25:1: error: enumerator value for 'XT_CONNMARK_DSCP' is not an integer constant
};
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
WireGuard had a brief professional security audit. The auditors didn't find
any vulnerabilities, but they did suggest one defense-in-depth suggestion to
protect against potential API misuse down the road, mentioned below. This
compat snapshot corresponds with the patches I just pushed to Dave for
5.6-rc7.
* curve25519-x86_64: avoid use of r12
This buys us 100 extra cycles, which isn't much, but it winds up being even
faster on PaX kernels, which use r12 as a RAP register.
* wireguard: queueing: account for skb->protocol==0
This is the defense-in-depth change. We deal with skb->protocol==0 just fine,
but the advice to deal explicitly with it seems like a good idea.
* receive: remove dead code from default packet type case
A default case of a particular switch statement should never be hit, so
instead of printing a pretty debug message there, we full-on WARN(), so that
we get bug reports.
* noise: error out precomputed DH during handshake rather than config
All peer keys will now be addable, even if they're low order. However, no
handshake messages will be produced successfully. This is a more consistent
behavior with other low order keys, where the handshake just won't complete if
they're being used anywhere.
* send: use normaler alignment formula from upstream
We're trying to keep a minimal delta with upstream for the compat backport.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netlink: initialize mostly unused field
* curve25519: squelch warnings on clang
Code quality improvements.
* man: fix grammar in wg(8) and wg-quick(8)
* man: backlink wg-quick(8) in wg(8)
* man: add a warning to the SaveConfig description
Man page improvements. We hope to rewrite our man pages in mdocml at some
point soon.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
mt76 is a target default package for mt7622-wmac only.
mt7623 doesn't have integrated wireless support and wifi drivers for
pcie cards should be added as device specific package.
mt7629-wmac isn't supported by mt76 yet.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>