This fixes the following compile errors after the wolfssl 4.5.0 update:
LD wpa_cli
../src/crypto/tls_wolfssl.c: In function 'tls_match_alt_subject':
../src/crypto/tls_wolfssl.c:610:11: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
type = GEN_EMAIL;
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:610:11: note: each undeclared identifier is reported only once for each function it appears in
../src/crypto/tls_wolfssl.c:613:11: error: 'GEN_DNS' undeclared (first use in this function)
type = GEN_DNS;
^~~~~~~
../src/crypto/tls_wolfssl.c:616:11: error: 'GEN_URI' undeclared (first use in this function)
type = GEN_URI;
^~~~~~~
../src/crypto/tls_wolfssl.c: In function 'wolfssl_tls_cert_event':
../src/crypto/tls_wolfssl.c:902:20: error: 'GEN_EMAIL' undeclared (first use in this function); did you mean 'ENAVAIL'?
if (gen->type != GEN_EMAIL &&
^~~~~~~~~
ENAVAIL
../src/crypto/tls_wolfssl.c:903:20: error: 'GEN_DNS' undeclared (first use in this function)
gen->type != GEN_DNS &&
^~~~~~~
../src/crypto/tls_wolfssl.c:904:20: error: 'GEN_URI' undeclared (first use in this function)
gen->type != GEN_URI)
^~~~~~~
Makefile:2029: recipe for target '../src/crypto/tls_wolfssl.o' failed
Fixes: 00722a720c ("wolfssl: Update to version 4.5.0")
Reported-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
While commit 734a8c46e7 focussed on removing stuff directly
selected by the NET_RALINK_* symbols, this patch removes additional
unused mt7621-specific code from the ethernet driver.
As with the previous patch, the main reason is to reduce the amount
of code we have to maintain and care about.
Note that this patch still keeps a few lines with
IS_ENABLED(CONFIG_SOC_MT7621) in mtk_eth_soc.h/.c, as this file is
still selected for the mt7621 subtarget.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The release notes says this:
As already said, the changes since 2.1.1 are primarily bug fixes, addressing
compiler warnings and issues reported by diagnostic tools, but also build
failures for some configurations.
https://lists.infradead.org/pipermail/linux-mtd/2020-July/081299.html
The size of the ubi-utils ipk increases on mips BE by 0.2%
old:
ubi-utils_2.1.1-1_mips_24kc.ipk: 70992
new:
ubi-utils_2.1.2-1_mips_24kc.ipk: 71109
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The release notes says this:
As already said, the changes since 2.1.1 are primarily bug fixes, addressing
compiler warnings and issues reported by diagnostic tools, but also build
failures for some configurations.
https://lists.infradead.org/pipermail/linux-mtd/2020-July/081299.html
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the following security problems:
* In earlier versions of wolfSSL there exists a potential man in the
middle attack on TLS 1.3 clients.
* Denial of service attack on TLS 1.3 servers from repetitively sending
ChangeCipherSpecs messages. (CVE-2020-12457)
* Potential cache timing attacks on public key operations in builds that
are not using SP (single precision). (CVE-2020-15309)
* When using SGX with EC scalar multiplication the possibility of side-
channel attacks are present.
* Leak of private key in the case that PEM format private keys are
bundled in with PEM certificates into a single file.
* During the handshake, clear application_data messages in epoch 0 are
processed and returned to the application.
Full changelog:
https://www.wolfssl.com/docs/wolfssl-changelog/
Fix a build error on big endian systems by backporting a pull request:
https://github.com/wolfSSL/wolfssl/pull/3255
The size of the ipk increases on mips BE by 1.4%
old:
libwolfssl24_4.4.0-stable-2_mips_24kc.ipk: 386246
new:
libwolfssl24_4.5.0-stable-1_mips_24kc.ipk: 391528
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Instead of using mbedtls by default use wolfssl. We now integrate
wolfssl in the default build so use it also as default ssl library for
curl.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Backport a commit from upstream curl to fix a problem in configure with
wolfssl.
checking size of time_t... configure: error: cannot determine a size for time_t
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
On Comfast CF-E130N v2 and Mikrotik LHG HB board, the config
found in DTS appears to be strange:
- eth0 has "syscon","simple-mfd" set although it's not enabled
- eth1 is enabled redundantly (already "okay" in qca953x.dtsi)
- phy-handle is set for eth1 in DTS although it has a fixed-link
in qca953x.dtsi
This seems like a copy-paste gone wrong. Remove the named options.
Run-tested on MikroTik LHG 2.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This introduces the vendor_model scheme to this target in order to
harmonize device names within the target and with the rest of
OpenWrt. In addition, custom board names are dropped in favor
of the generic script which takes the compatible.
Use the SUPPORTED_DEVICES variable to store the compatible where it
deviates from the device name, so we can use it in build recipes.
While at it, harmonize a few indents as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Changing dtb file path since the dtb files are build in KDIR folder
with image- prefix.
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
[remove commented lines]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Move patches to 5.4, put config only in subtarget directories.
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
[refresh patches, add commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
LS1012FRDM is supported but there's no flashing instruction in README.
This patch adds it.
While at it, add a missing saveenv for MAC address setup.
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[add comment about saveenv]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Mbed TLS 2.16.7 is a maintenance release of the Mbed TLS 2.16 branch,
and provides bug fixes and minor enhancements. This release includes
fixes for security issues and the most severe one is described in more
detail in a security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-07
* Fix a side channel vulnerability in modular exponentiation that could
reveal an RSA private key used in a secure enclave.
* Fix side channel in mbedtls_ecp_check_pub_priv() and
mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a private
key that didn't include the uncompressed public key), as well as
mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
f_rng argument. An attacker with access to precise enough timing and
memory access information (typically an untrusted operating system
attacking a secure enclave) could fully recover the ECC private key.
* Fix issue in Lucky 13 counter-measure that could make it ineffective when
hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
macros).
Due to Mbed TLS moving from ARMmbed to the Trusted Firmware project, some
changes to the download URLs are required. For the time being, the
ARMmbed/mbedtls Github repository is the canonical source for Mbed TLS.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
[Use https://codeload.github.com and new tar.gz file]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
93e2334 exfat: fix build error on linux-5.4,5.5 kernel
01a7b8c exfat: fix name_hash computation on big endian systems
8f92bc0 exfat: fix wrong size update of stream entry by typo
Removed commented material that was for testing compilation.
Removed patch as the error was fixed upstream. First entry above.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The driver currently only support managed and monitor mode
Changes since v1:
- drop the @DRIVER_11N_SUPPORT dependency
Signed-off-by: mohammad rasim <mohammad.rasim96@gmail.com>
These upstream patches makes the RTL8366RB DSA switch work
properly with OpenWrt, the D-Link DIR-685 gets network and
can be used as a router, and the same should be applicable
for any other device that want to enable the RTL8366RB
through Device Tree.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
SUSV3_LEGACY_MACROS are completely unused since SUSV3_LEGACY is enabled
HAS_OBSOLETE_BSD_SIGNAL is completely deprecated functionality.
HAS_BSD_RES_CLOSE is completely deprecated functionality.
HAS_FTW is deprecated SUSV4 functionality. Saves ~4.5kb.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
CMake provides a user package registry (stored in ~/.cmake/packages) and
a system package registry (not available on non-Windows platforms).
The "export(PACKAGE)" command may store information in the user package
registry, and the "find_package()" command may search both user and
system package registries for information.
This sets various variables to disable the use of these package
registries (both saving and retrieval of package information).
This also sets deprecated variables that perform similar functions, in
case external toolchains include older versions of CMake.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
For example, Turris MOX SDIO card is using Marvell (NXP) 88W8997 chip.
Technical specs of 88W8997:
- 28nm
- 802.11 ac wave-2
It should support simultaneous dual-band 2.4 GHz and 5 GHz,
but it requires to support multiSSID for one Wi-Fi card [1], which is
not supported in OpenWrt, yet and if we tried to run two instances of
hostapd, it didn't work well, so it's 2.4 GHz or 5 GHz.
- 2x2 MU-MIMO
- Bluetooth 5.1 with LE support
- Unfortunately, there can be connected only 8 clients at the same time
(limited by FW, however, there exists "enterprise" chip, its equal chip,
it is just different that it uses different FW)
Symlink is necessary as mwifiex_sdio tries to load sd8997_uapsta.bin
[ 13.651182] mwifiex_sdio mmc0:0001:1: Direct firmware load for mrvl/sd8997_uapsta.bin failed with error -2
[ 13.661065] mwifiex_sdio mmc0:0001:1: Falling back to user helper
[ 13.684880] firmware mrvl!sd8997_uapsta.bin: firmware_loading_store: map pages failed
[ 13.695910] mwifiex_sdio mmc0:0001:1: Failed to get firmware mrvl/sd8997_uapsta.bin
[ 13.703774] mwifiex_sdio mmc0:0001:1: info: _mwifiex_fw_dpc: unregister device
Pali Rohár sent two patches [2] [3] into kernel to fix default firmware name for SD8997, so
the symlink will not be required in the future versions of kernel, which
was accepted and right now, according to my details it was backported to 5.8, 5.7 and 5.4
[1] https://bugs.openwrt.org/index.php?do=details&task_id=3243
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=00eb0cb36fad5
[3] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2e1fcac52a9ea
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This reverts commit c737a9ee6a.
The source CDN has been discontinued in its current form and will take a
while to be reestablished. Even then it makes little sense to put a CDN
before other CDNs such as kernel.org, apache.org, sourceforge etc.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
For many target we have added CONFIG_WATCHDOG_CORE=y to the target
config due to the following error:
Package kmod-hwmon-sch5627 is missing dependencies for the following
libraries:
watchdog.ko
However, actually the proper way appears to be setting the
dependency for the kmod-hwmon-sch5627 package, as the error message
demands.
Do this in this patch and remove the target config entries added
due to this issue.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Changes:
- Update patches
- Update dts with new binding
Tx term offset dropped and replaced with a new compatible
Removed:
- 0071-5-PCI-qcom-Programming-the-PCIE-iATU-for-IPQ806x
Pci init does the same exact thing (was needed in older kernel version)
- 0071-7-pcie-Set-PCIE-MRRS-and-MPS-to-256B
Rejected upstream, can't find any reason to have this. No regression with
testing it on R7800.
Tested on R7800 (ipq8065), R7500 v2 ("ipq8064-v2")
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Tested-by: Paul Blazejowski <paulb@blazebox.homeip.net> [R7800]
[rebase and refresh]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The symbol KERNEL_CGROUP_HUGETLB is always used whenever KERNEL_CGROUPS is enabled.
The absence of this notation will cause the user to be asked to enter this parameter the first time it is compiled.
Signed-off-by: Yuan Tao <ty@wevs.org>
This commit adds a `selinux` variant which comes with with a number of
SELinux applets and also SELinux label support.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The wg3526 fails to boot if the kernel is large.
Enabling lzma-loader resolves the issue on both the wg3526-16m
and wg3526-32m.
Fixes: FS#3143
Signed-off-by: Rustam Gaptulin <rascal6@gmail.com>
[commit message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Both IB and SDK now use the same logic for packing.
This commit add reproducible multithread compression to the SDK and
corrects the file mtime for both. Previously all files where just copied
over from the build system, generating random mtimes.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fixes package libcurl build issue :
Package libcurl is missing dependencies for the following libraries:
libzstd.so.1
Suggested-by: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
8027c7d95274 mt76: mt7615: fix reading airtime statistics
3743e7c904de mt76: mt7915: optimize mt7915_mac_sta_poll
d2fe5e8330c6 mt76: mt7915: fix variable initialization in sta poll
692065b4c9db mt76: mt7915: only enable hw amsdu for AP and station
b54157df7c27 mt7615: update firmware to version 20200814
888990e159d2 mt76: use threaded NAPI
3a3306e408f2 mt76: mt7915: add 802.11 encap offload support
795b772cd392 mt76: mt7915: add encap offload for 4-address mode stations
55d79ab7fa23 mt76: dma: update q->queued immediately on cleanup
23dbd64d6324 mt76: mt7915: schedule tx tasklet in mt7915_mac_tx_free
5cf34cda70af mt76: mt7915: significantly reduce interrupt load
87a69429069f mt76: add utility functions for deferring work to a kernel thread
2f1318a06d0a mt76: convert from tx tasklet to tx worker thread
72f0979566be mt76: mt7915: add support for accessing mapped registers via bus ops
f9ce5c776c9a mt76: use ieee80211_rx_list to pass frames to the network stack as a batch
25dd8bdae3bf mt76: mt7615: significantly reduce interrupt load
7c5445dec812 mt76: mt7615: release mutex in mt7615_reset_test_set
e68c3e254822 mt76: mt7663s: use NULL instead of 0 in sdio code
4368380e20e7 mt76: mt7663s: fix resume failure
bea386f27914 mt76: mt7663s: fix unable to handle kernel paging request
b8780c44c716 mt76: mt7615: fix possible memory leak in mt7615_tm_set_tx_power
37a1c7ed6796 mt76: mt7615: fix a possible NULL pointer dereference in mt7615_pm_wake_work
8c7c1a207d25 mt76: fix a possible NULL pointer dereference in mt76_testmode_dump
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The TL-WPA8630 v1 and v2 have the same LED Control GPIO configuration
according to the TP-Link GPL sources. Set the GPIO to output to make
it work and set to Active Low. It defaults to LEDs on at bootup.
To turn all LEDs off:
echo 0 > /sys/class/gpio/tp-link\:led\:control/value
To turn all LEDs on:
echo 1 > /sys/class/gpio/tp-link\:led\:control/value
Change the "LED" button from BTN_0 to KEY_LIGHTS_TOGGLE to match other
devices and the button guide, and to reduce the number of unintuitive
"BTN_X" inputs.
Fixes: ab74def0db ("ath79: add support for TP-Link TL-WPA8630P v2")
Signed-off-by: Joe Mullally <jwmullally@gmail.com>
[shorten commit title, minor commit message adjustments]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>