Commit Graph

38267 Commits

Author SHA1 Message Date
Andrea Merello
dea8979a81 Lantiq: make possible to tweak DSL SRN from UCI
This patch makes possible to tweak the downstream SNR margin on
Lantiq DSL devices.

The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR
margin offset. It accepts values in range -50 to +50 in 0.1 dB units.

The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB
steps.

Currently this should only affect ADSL (not VDSL). It should be very
easy to make this work also on VDSL lines, but since I couldn't test
on VDSL lines this patch does not do that yet.

I have also a patch for LUCI about this, that I could submit.

Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line.

Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
2018-01-07 23:46:44 +01:00
Jo-Philipp Wich
9934231670 libubox: update to latest lede-17.01 git HEAD
1dafcd7 jshn: properly support JSON "null" type
6abafba jshn: read and write 64-bit integers
cfc75c5 runqueue: fix use-after-free bug

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-07 16:22:21 +01:00
Hauke Mehrtens
7f5a040359 kernel: update kernel 4.4 to version 4.4.110
This fixes:  CVE-2017-5754

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-07 13:37:04 +01:00
Hauke Mehrtens
ddedcb19e5 brcm47xx: relocate the stack in loader
By default we are reusing the stack provided by CFE, like it is intended
by CFE. On my WRT54GS it is located at 0x8043BF30, so a big kernel image
could overwrite it. Relocate it to a different memory region which is
still under the 8MB RAM, but in the higher area. We only need this
memory region for the stack of the loader, Linux will set up this
for its own.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-06 00:40:00 +01:00
Hauke Mehrtens
da43069f5b brcm47xx: relocate loader to higher address
The boot process on a WRT54GL works the following way:
1. CFE gets loaded by the boot rom from flash
2. CFE loads the loader from the flash and gzip uncompresses it
3. CFE starts the loader
4. The loader stores the FW arguments and relocates itself to
   BZ_TEXT_START (now 0x80600000)
5. The loader reads the Linux image from flash
6. The loader lzma decompresses the Linux image to LOADADDR (0x80001000)
7. The loader executes the uncompress Linux image at LOADADDR

The BZ_TEXT_START was set to 0x80400000 before. When the kernel gets
uncompressed and is bigger than BZ_TEXT_START - LOADADDR it overwrote
the loader which was currently uncompressing it and made the board
crash. Increase the BZ_TEXT_START my 2 MB to have more space for the
kernel. Even on 16MB RAM devices the memory goes till 0x80FFFFFF so this
should not be a problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-06 00:40:00 +01:00
Rafał Miłecki
f19416ae9d fstools: backport fix from master branch
37762ff libfstools: support file paths longer than 255 chars

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-01-05 14:58:36 +01:00
Hans Dedecker
55c23e44f4 procd: update to latest git HEAD
1883530 procd: Fix minor null pointer dereference.
9085551 procd: initd: fix path allocation in early_insmod

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-04 11:30:05 +01:00
Rafał Miłecki
ffbbcc9b34 brcm47xx: image: build firmware for Asus WL-500g Deluxe
It's a device based on BCM5365P (0x5365 package 0x00). This SoC has
USB 1.1 controller but device has two USB 2.0 parts. They are handled by
PCI-based controllers: 1106:3038 UHCI and 1106:3104 EHCI.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-01-02 16:58:13 +01:00
Hans Dedecker
0426596453 Revert "iptables: fix nftables compile issue (FS#711)"
This reverts commit da126d557c as the iptables patch does not apply cleanly.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-02 10:05:55 +01:00
rektide de la faye
da126d557c iptables: fix nftables compile issue (FS#711)
Enabling IPTABLES_NFTABLES resulted in an error during build:#
*** No rule to make target '../extensions/libext.a',
needed by 'xtables-compat-multi'."

Comments from Alexander Lochmann and Fedor Konstantinov in FS#711
provided fixes for this build error, allowing iptables to compile.
https://bugs.lede-project.org/index.php?do=details&task_id=711.

This commit updates the Makefile.am xtables_compat_multi_LDFLAGS
and _LDADD, moving linking of extensions to LDFLAGS.

Signed-off-by: rektide de la faye <rektide@voodoowarez.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-02 08:00:37 +01:00
Daniel Golle
473e994571 rpcd: backport version 2017-12-07 from master
cfe1e75c91 sys: packagelist: allow listing all packages
74a784f037 sys: fix passwd path

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(commit 173edcdc9d on master)
2018-01-01 22:27:51 +01:00
Jo-Philipp Wich
b833944eb2 uci: update to HEAD of lede-17.01 branch
Switch uci to the lede-17.01 branch which contains the following two commits
cherry-picked from uci master:

141b64e lua: additionally return name when looking up sections
1e17f24 lua: support extended section notation

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-01 17:01:49 +01:00
Kevin Darbyshire-Bryant
dca4dfacf2 iproute2: cake: fix patch format error
Fix patch format error introduced in c4e9487cf5
Refresh patches to tidy fuzz

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-30 11:05:44 +01:00
Kevin Darbyshire-Bryant
ee55629a30 kernel: bump 4.4 to 4.4.108 for 17.01
Refresh patches.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-30 00:36:25 +01:00
Kevin Darbyshire-Bryant
c4e9487cf5 iproute2: cake: support new operating modes for 17.01
There has been recent significant activity with the cake qdisc of late
Some of that effort is related to upstreaming to kernel & iproute2
mainline but we're not quite there yet.  This commit teaches tc how to
activate and interprete the latest cake operating modes, namely:

ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.

ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-30 00:36:01 +01:00
Kevin Darbyshire-Bryant
4f1dca9eca kmod-sched-cake: bump to latest bake of cake for 17.01
There has been recent significant activity with the cake qdisc of late
but in the cobalt branch.  Some of that effort is related to upstreaming
to kernel & iproute2 mainline but we're not quite there yet.  Relevant
feature changes:

ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.

ptm mode: Minor optimisation in packet overhead calculation.

dual-src/dsthost/triple-isolate: Optimise only calculating src or dst
host hashes only if required.

ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.

A separate iproute2 patch to teach it about Cake's new features will
follow.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-30 00:35:41 +01:00
Mathias Kresin
959a49dc15 ramips: fix widora neo diag led
The diag LED is named widora🍊wifi and can't be derived from the
boardname.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-29 22:33:46 +01:00
Matthias Schiffer
a1908023cc
base-files: fix logic when to show failsafe banner
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 1c9299877b ("base-files: set FAILSAFE in /etc/profile when
/tmp/.failsafe exists")
2017-12-29 15:59:17 +01:00
Matthias Schiffer
1c9299877b
base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists
Since dropbear clears the environment, FAILSAFE was not set as intended in
failsafe mode.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-29 14:36:26 +01:00
Kevin Darbyshire-Bryant
2603c85060 wireguard: bump to 20171221
7e945a8 version: bump snapshot
f2168aa compat: kernels < 3.13 modified genl_ops
52004fd crypto: compile on UML
6b69b65 wg-quick: dumber matching for default routes
aa35d9d wg-quick: add the "Table" config option
037c389 keygen-html: remove prebuilt file

No patch refresh required.

Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-25 21:16:10 +01:00
Etienne Haarsma
f8a441e020 kernel: bump 4.4 to 4.4.107
Bump 4.4 to 4.4.107 and refreshed all patches.
Made the following patch for Mediatek and Oxnas compatible with kernel 4.4.107:
0072-mtd-backport-v4.7-0day-patches-from-Boris.patch

Compile-tested: ar71xx
Run-tested: ar71xx

Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
Reviewed-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Rosen Penev <rosenp@gmail.com>
2017-12-23 09:42:33 +01:00
Kevin Darbyshire-Bryant
ceea0ac25d wireguard: bump to 20171211
Bump to latest WireGuard snapshot release:

44f8e4d version: bump snapshot
bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x
679e53a chacha20: avx512vl implementation
10b1232 poly1305: fix avx512f alignment bug
5fce163 chacha20poly1305: cleaner generic code
63a0031 blake2s-x86_64: fix spacing
d2e13a8 global: add SPDX tags to all files
d94f3dc chacha20-arm: fix with clang -fno-integrated-as.
3004f6b poly1305: update x86-64 kernel to AVX512F only
d452d86 tools: no need to put this on the stack
0ff098f tools: remove undocumented unused syntax
b1aa43c contrib: keygen-html for generating keys in the browser
e35e45a kernel-tree: jury rig is the more common spelling
210845c netlink: rename symbol to avoid clashes
fcf568e device: clear last handshake timer on ifdown
d698467 compat: fix 3.10 backport
5342867 device: do not clear keys during sleep on Android
88624d4 curve25519: explictly depend on AS_AVX
c45ed55 compat: support RAP in assembly
7f29cf9 curve25519: modularize dispatch

Refresh patches.

Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-15 17:48:56 +01:00
Jo-Philipp Wich
ebb54740c7 brcm47xx: remove target specific network preinit config
The generic preinit code is now able to setup network and switch vlan settings
from the /etc/board.json file, therefor drop the target specific code.

Fixes FS#790.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 833c500cb2)
2017-12-13 18:50:55 +01:00
Jo-Philipp Wich
b41d154f50 rules.mk: export TMPDIR
Set TMPDIR to the same value as the existing TMP_DIR variable in order to
let gcc and various other utilities use the local temporary directory
instead of the system-wide one.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 52a3477ff91a2009e451d5dce307e9cc945e9ffa)
2017-12-13 16:57:17 +01:00
Rosen Penev
e719a08cc1 usbutils: Update usb.ids file to latest
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fc4e7bdca7)
2017-12-13 16:54:29 +01:00
Leon M. George
4cfcfecf76 hostapd: remove unused local var declaration
Signed-off-by: Leon M. George <leon@georgemail.eu>
(cherry picked from commit 63462910dd)
2017-12-13 16:53:53 +01:00
Leon M. George
796bc21023 hostapd: don't set htmode for wpa_supplicant
no longer supported

Signed-off-by: Leon M. George <leon@georgemail.eu>
(cherry picked from commit cc0847eda3)
2017-12-13 16:53:48 +01:00
Felix Fietkau
50147d41b9 libnl-tiny: use fixed message size instead of using the page size
Simplifies the code and reduces size

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d5bcd0240a)
2017-12-13 16:52:12 +01:00
Zhai Zhaoxuan
0625814426 packages: nvram: fix memory leak in _nvram_free
The value of nvram_tuple_t is allocated in _nvram_realloc,
but it is not freed in _nvram_free.

Signed-off-by: Zhai Zhaoxuan <zhaizhaoxuan@xiaomi.com>
(cherry picked from commit c382237ac3)
2017-12-13 16:51:59 +01:00
Antonio Quartulli
0f175041ad mac80211: don't pass the hostapd ctrl iface in adhoc
Passing the ctrl iface to wpa_supplicant will automatically cause wpa_supplicant
to send "STOP_AP" messages to the hostapd. This breaks the AP interfaces.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
(cherry picked from commit 0da54fa642)
2017-12-13 16:51:12 +01:00
Sven Eckelmann
05f0fac189 hostapd: explicitly set beacon interval for wpa_supplicant
The beacon_int is currently set explicitly for hostapd and when LEDE uses
iw to join and IBSS/mesh. But it was not done when wpa_supplicant was used
to join an encrypted IBSS or mesh.

This configuration is required when an AP interface is configured together
with an mesh interface. The beacon_int= line must therefore be re-added to
the wpa_supplicant config. The value is retrieved from the the global
variable.

Fixes: 1a16cb9c67 ("mac80211, hostapd: always explicitly set beacon interval")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [rebase]
(cherry picked from commit 772afef61d)
2017-12-13 16:50:06 +01:00
Sven Eckelmann
7f78a86254 hostapd: set mcast_rate in mesh mode
The wpa_supplicant code for IBSS allows to set the mcast rate. It is
recommended to increase this value from 1 or 6 Mbit/s to something higher
when using a mesh protocol on top which uses the multicast packet loss as
indicator for the link quality.

This setting was unfortunately not applied for mesh mode. But it would be
beneficial when wpa_supplicant would behave similar to IBSS mode and set
this argument during mesh join like authsae already does. At least it is
helpful for companies/projects which are currently switching to 802.11s
(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
because newer drivers seem to support 802.11s but not IBSS anymore.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh]
(cherry picked from commit 43f66943d0)
2017-12-13 16:49:59 +01:00
Hans Dedecker
c315843f88 igmpproxy: remove firewall rules when service is stopped
Remove multicast routing firewall rules when the igmpproxy is stopped by
triggering a firewall config change.
Keeping the firewall open from the wan for igmp and udp multicast is not
desired when the igmpproxy service is inactive.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 31ebbe34cc)
2017-12-13 16:49:13 +01:00
Martin Schiller
91e48304a9 openvpn: add support to start/stop single instances
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
(cherry picked from commit e2f25e607d)
2017-12-13 16:48:57 +01:00
Alexander Couzens
e5c284bb81 package/elfutils: add CFLAG -Wno-format-nonliteral
When a library is using fortify-packages GCC will complain about
"error: format not a string literal, argument types not checked".

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(cherry picked from commit 6ab4521464)
2017-12-13 16:48:35 +01:00
Felix Fietkau
dde29b2b01 tools/coreutils: install readlink
Parts of the build system use non-portable invocation of readlink

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 6bcc1c5331)
2017-12-13 16:47:42 +01:00
Jo-Philipp Wich
2f75641b1f uhttpd: fix query string handling
Update to latest Git in order to fix potential memory corruption and invalid
memory access when handling query strings in conjunction with active basic
authentication.

a235636 2017-11-04 file: fix query string handling

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 05a4200d56)
2017-12-13 16:46:36 +01:00
Ralph Sennhauser
79024cd3be openssl: fix cryptodev config dependency
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
(cherry picked from commit f5468d2486)
2017-12-13 16:46:02 +01:00
Koen Vandeputte
bead60c2d3 uqmi: replace legacy command invoke with newer type
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 06d5d01e8a)
2017-12-13 16:45:11 +01:00
Michal Sojka
5872c19c63 procd: Always tell cmake whether to include seccomp support or not
Without this change, when a user disables seccomp support in .config,
procd does not get recompiled unless the package is cleaned manually.
It is because when -D option is missing from cmake command line, cmake
uses cached value from the previous run where seccomp was enabled.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
(cherry picked from commit 0e300a3a71)
2017-12-13 16:44:07 +01:00
Yousong Zhou
cd901ef1a6 libunwind: disable building with ssp
If we enable -fstack-protector while building libunwind, function
__stack_chk_fail_local will be referred to for i386 and powerpc32
arches.  This will cause link failure because the default gcc build
specs says no link_ssp if -nostdlib is given.

The error message:

    OpenWrt-libtool: link: ccache_cc -shared  -fPIC -DPIC  .libs/os-linux.o mi/.libs/init.o mi/.libs/flush_cache.o mi/.libs/mempool.o mi/.libs/strerror.o x86/.libs/is_fpreg.o x86/.libs/regname.o x86/.libs/Los-linux.o mi/.libs/backtrace.o mi/.libs/dyn-cancel.o mi/.libs/dyn-info-list.o mi/.libs/dyn-register.o mi/.libs/Ldyn-extract.o mi/.libs/Lfind_dynamic_proc_info.o mi/.libs/Lget_accessors.o mi/.libs/Lget_proc_info_by_ip.o mi/.libs/Lget_proc_name.o mi/.libs/Lput_dynamic_unwind_info.o mi/.libs/Ldestroy_addr_space.o mi/.libs/Lget_reg.o mi/.libs/Lset_reg.o mi/.libs/Lget_fpreg.o mi/.libs/Lset_fpreg.o mi/.libs/Lset_caching_policy.o x86/.libs/Lcreate_addr_space.o x86/.libs/Lget_save_loc.o x86/.libs/Lglobal.o x86/.libs/Linit.o x86/.libs/Linit_local.o x86/.libs/Linit_remote.o x86/.libs/Lget_proc_info.o x86/.libs/Lregs.o x86/.libs/Lresume.o x86/.libs/Lstep.o x86/.libs/getcontext-linux.o  -Wl,--whole-archive ./.libs/libunwind-dwarf-local.a ./.libs/libunwind-elf32.a -Wl,--no-whole-archive  -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/lib -lc -lgcc  -Os -march=i486 -fstack-protector -Wl,-z -Wl,now -Wl,-z -Wl,relro -nostartfiles -nostdlib   -Wl,-soname -Wl,libunwind.so.8 -o .libs/libunwind.so.8.0.1
    .libs/os-linux.o: In function `_Ux86_get_elf_image':
    os-linux.c:(.text+0x588): undefined reference to `__stack_chk_fail_local'
    x86/.libs/Lregs.o: In function `_ULx86_access_fpreg':
    Lregs.c:(.text+0x25b): undefined reference to `__stack_chk_fail_local'
    x86/.libs/Lresume.o: In function `_ULx86_resume':
    Lresume.c:(.text+0xdc): undefined reference to `__stack_chk_fail_local'
    collect2: error: ld returned 1 exit status
    Makefile:2249: recipe for target 'libunwind.la' failed

The snippet from gcc -dumpspecs

    %{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}}

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit f0c37f6ceb)
2017-12-13 16:43:37 +01:00
Felix Fietkau
1aedf2f149 tools/squashfs: use host cflags
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 20d363aed3)
2017-12-13 16:41:40 +01:00
Hauke Mehrtens
7fa70027d4 ppp: make the patches apply correctly again
This fixes a compile problem recently introduced by me.

Fixes: f40fd43ab2 ("ppp: fix compile warning")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a29848c671)
2017-12-13 16:40:21 +01:00
Hauke Mehrtens
d63eb474b3 ppp: fix compile warning
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f40fd43ab2)
2017-12-13 16:40:21 +01:00
Hans Dedecker
9bd667fc24 dropbear: fix PKG_CONFIG_DEPENDS
Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 834c93e00b)
2017-12-13 16:38:28 +01:00
Marcin Jurkowski
9d1bfb8f4d dropbear: make ssh compression support configurable
Adds config option to enable compression support which is usefull
when using a terminal sessions over a slow link. Impact on binary
size is negligible but additional 60 kB (uncompressed) is needed for
a shared zlib library.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
(cherry picked from commit a816e1eac7)
2017-12-13 16:37:14 +01:00
Michal Sojka
ed4f4f1a8e procd: Install seccomp-trace symlink
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
(cherry picked from commit 1a5bf778fb)
2017-12-13 16:36:38 +01:00
Magnus Kroken
77e79b2dd0 openvpn: update to 2.4.4
Fixes CVE-2017-12166: out of bounds write in key-method 1.

Remove the mirror that was temporarily added during the
2.4.3 release.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit a9a37526a9)
2017-12-13 16:36:02 +01:00
Philip Prindeville
5beb0abc83 build: remove @ as it's causing an error
Since $(DownloadMethod/unknown) is being invoked in the expansion of
$(call locked ...) anyway, you can't have an @ because the shell
doesn't know what to do with it.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 76ba01a392)
2017-12-13 16:34:40 +01:00
Philip Prindeville
eff1f7e7ef usbutils: avoid duplicating the git revision
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 3008fc9a7b)
2017-12-13 16:34:10 +01:00