Hans Dedecker [Mon, 17 Sep 2018 15:53:34 +0000 (17:53 +0200)]
map: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken map connectivity.
Therefore drop the default encaplimit value for map tunnels so
no destination option header is included by default.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
d9691b66e2781a43cd4f508605dcfe88c4bbd042)
Hans Dedecker [Mon, 17 Sep 2018 09:24:39 +0000 (11:24 +0200)]
ds-lite: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken ds-lite connectivity.
Therefore drop the default encaplimit value for ds-lite tunnels so
no destination option header is included by default.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
1241707b4091aa9dd46ad75252689e83f6aac5b2)
Rosy Song [Wed, 12 Sep 2018 01:21:19 +0000 (09:21 +0800)]
odhcpd: enable ipv6 server mode only when it is supported
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from
918ec4d549cc80b590e50003d0c489c27f864749)
Marko Ratkaj [Mon, 10 Sep 2018 09:04:36 +0000 (11:04 +0200)]
tools/expat: fix docbook2man error on some systems
On some systems (Gentoo) configure stage fails because of docbook2man
working with SGML rather than with XML. We don't need xmlwf man pages so
we disable this.
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
(backported from
6e80dd58bb6c8c146ed8fd7ed538e96db4e8cc13)
Andy Walsh [Mon, 27 Aug 2018 12:19:55 +0000 (14:19 +0200)]
base-files: /etc/services: add missing 'rpcbind' alias
* add missing 'rpcbind' alias to /etc/services
Allows rpcbind to open its 111 port and be reachable via lan, this is the default behaviour.
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from
4549ab46a85735aa957e05c91dc023228aaa2697)
Rosen Penev [Mon, 10 Sep 2018 01:55:43 +0000 (18:55 -0700)]
usbutils: Update usb.ids to 0.315
Referencing the version instead of revision should fix uscan.
Tested on Turria Omnia.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from
a9aa25c8b6f2e694d5bc0b14fe84eac6fffeb23a)
Rosen Penev [Sun, 2 Sep 2018 02:06:54 +0000 (19:06 -0700)]
hostapd: Fix compile with OpenSSL 1.1.0 + no deprecated APIs
Patch was accepted upsteam:
https://w1.fi/cgit/hostap/commit/?id=
373c796948599a509bad71695b5b72eef003f661
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from
f78e07ad2a0926739310f8a6fd74a7b162123c98)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Yousong Zhou [Thu, 6 Sep 2018 08:00:24 +0000 (08:00 +0000)]
scripts/ipkg-build: quash error messages when conffiles.resolved is empty
When Package/xx/conffiles only contains directories that are empty at
package time, conffiles.resolved will be missing and the following
error messages will appear in the build log.
/home/yousong/git-repo/openwrt/openwrt/scripts/ipkg-build -c -o 0 -g 0 /home/yousong/git-repo/openwrt/openwrt/build_dir/target-mips_24kc_musl/linux-malta_be/openvswitch-2.10.0/ipkg-mips_24kc/openvswitch-common /home/yousong/git-repo/openwrt/openwrt/bin/packages/mips_24kc/packages
mv: cannot stat 'CONTROL/conffiles.resolved': No such file or directory
chmod: cannot access 'CONTROL/conffiles': No such file or directory
It will not break the ipkg-build process. The change is merely cosmetic
to not cause confusion when reading logs
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from
9e58c20ec9d48ee41a4a306b0cd6d3aece285efd)
Yousong Zhou [Wed, 5 Sep 2018 15:29:25 +0000 (15:29 +0000)]
scripts/metadata.pm: avoid adding dup names in provides list
The need arises from building Open vSwitch kernel datapath modules, e.g.
- kmod-openvswitch from Linux upstream
- kmod-openvswitch-intree from openvswitch source code
where both provides virtual package "kmod-openvswitch" for userspace
packages to select and depend on
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from
204081670b914795a494929777f09807b15f70f4)
Stijn Tintel [Thu, 28 Jun 2018 10:00:10 +0000 (13:00 +0300)]
strace: fix build on aarch64
As of version 4.21, strace enforces mpers by default. The current
implementation of aarch64 compat in strace assumes it's identical to
ARMv7 EABI and therefore tries to enable m32 personality support. As
there is no -m32 support on aarch64, this causes the build to fail.
Restore previous strace behavior to fix build on aarch64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Karl Palsson <karlp@tweak.net.au>
(backported from
067e2f5f1d0102ffb96d3248e42a29e7352cc29c)
Hans Dedecker [Wed, 5 Sep 2018 08:59:23 +0000 (10:59 +0200)]
odhcpd: bump to git HEAD (detect broken hostnames)
881f66b odhcpd: detect broken hostnames
3e17fd9 config: fix odhcpd_attrs array size
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
ecc3165cbc6e2f51a685962cac6074f63097fa05)
Alexander Couzens [Mon, 3 Sep 2018 19:42:02 +0000 (21:42 +0200)]
hostapd: fix build of wpa-supplicant-p2p
VARIANT:= got removed by accident.
Fixes:
3838b16943c6 ("hostapd: fix conflicts hell")
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from
967d6460c02810c9f4ec6f8c6894057995a03bf9)
Felix Fietkau [Sun, 26 Aug 2018 17:36:33 +0000 (19:36 +0200)]
build: add support for enabling the rootfs/boot partition size option via target feature
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
00f030a9c67c551e675364d73234a4cba273b420)
Jo-Philipp Wich [Thu, 30 Aug 2018 13:08:20 +0000 (15:08 +0200)]
ppp: remove hardcoded lcp-echo-failure, lcp-echo-interval values
OpenWrt used to ship hardcoded defaults for lcp-echo-failure and
lcp-echo-interval in the non-uci /etc/ppp/options file.
These values break uci support for *disabling* LCP echos through
the use of "option keepalive 0" as either omitting the keepalive
option or setting it to 0 will result in no lcp-echo-* flags
getting passed to the pppd cmdline, causing the pppd process to
revert to the defaults in /etc/ppp/options.
Address this issue by letting the uci "keepalive" option default
to the former hardcoded values "5, 1" and by removing the fixed
lcp-echo-failure and lcp-echo-interval settings from the
/etc/ppp/options files.
Ref: https://github.com/openwrt/luci/issues/2112
Ref: https://dev.archive.openwrt.org/ticket/2373.html
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=854
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1259
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from
555c592304023a0d24216a6d8ed9d525602ae218)
Paul Wassi [Thu, 23 Aug 2018 07:24:43 +0000 (09:24 +0200)]
base-files: provide more tolerant xterm detection
Set the window title not only in "xterm", but also in
e.g. "xterm-256color", "xterm-color", etc.
The case statement is taken from Debian / Ubuntu.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
(backported from
1bd6b91e0f9f53f13b5a9fa2939674012fe7193f)
Tuomas Tynkkynen [Sun, 19 Aug 2018 19:11:50 +0000 (22:11 +0300)]
brcm47xx: Enable USB power on WNDR3400v3
WNDR3400v3 needs GPIO 21 pulled high to enable power to USB ports. Add a
kernel patch to do that.
Signed-off-by: Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>
(backported from
5dd745588edea19846b2bc3a2e6938f139374ea9)
Keith Wong [Thu, 12 Apr 2018 03:21:08 +0000 (11:21 +0800)]
kernel: add kmod-tcp-bbr
This adds support for BBR (Bottleneck Bandwidth and RTT) TCP
congestion control. Applications (e.g. webservers, VPN client/server)
which initiate connections from router side can benefit from this.
This provide an easier way for users to use BBR by selecting /
installing kmod-tcp-bbr instead of altering kernel config and
compiling firmware by themselves.
Signed-off-by: Keith Wong <keithwky@gmail.com>
(backported from
79c233daa4caee1a8af0c7a91e1d4aee96d410e9)
Daniel Engberg [Wed, 2 May 2018 08:23:45 +0000 (10:23 +0200)]
libbsd: Update to 0.8.7
Update libbsd to 0.8.7
Remove glibc dependency
Clean up InstallDev and install entries
Use /usr path for consistency
Cherry pick patches from upstream to fix musl compilation
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from
e341f45913beac28e5574d470ed79e4b6f9ee255)
Martin Schiller [Fri, 24 Aug 2018 09:35:35 +0000 (11:35 +0200)]
kernel: fix kmod-gpio-mcp23s08 for linux 4.14
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(backported from
a904003b9b5fe2744ee5d5d8718c54d001f1c93e)
Martin Schiller [Fri, 24 Aug 2018 09:31:13 +0000 (11:31 +0200)]
x86/64: enable X86_INTEL_LPSS to select PINCTRL
This makes it possible to use the MCP23S08 i/o expander
on x86_64 platforms with linux 4.14.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(backported from
17f30bfcf7329c1770dc996b0d29934942bb2899)
Hauke Mehrtens [Sun, 26 Aug 2018 10:20:24 +0000 (12:20 +0200)]
x86: geode: Add missing config options
This adds a configuration options which is needed now.
Without this patch the geode build will fail.
Fixes:
4eda2fddf2 ("x86/geode: enable X86_INTEL_LPSS to select PINCTRL")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from
0f2787b9ff6976cf4999ed2dbb7debdb53bac2e3)
Martin Schiller [Fri, 24 Aug 2018 09:29:37 +0000 (11:29 +0200)]
x86/geode: enable X86_INTEL_LPSS to select PINCTRL
This makes it possible to use the MCP23S08 i/o expander
on geode platforms with linux 4.14.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(backported from
4eda2fddf2995c8ade2b1e0faddc8ce1f1e0ec5f)
Alex Maclean [Thu, 23 Aug 2018 13:30:36 +0000 (14:30 +0100)]
x86: add UHCI and XHCI USB host drivers to 4.14
Without UHCI a non-trivial number of machines will have no keyboard
without BIOS assistance.
Add XHCI as well in case there are chipsets which don't support legacy
interfaces, and support PCI OHCI controllers also.
Signed-off-by: Alex Maclean <monkeh@monkeh.net>
(backported from
894a95fa2df9467afe559c899af741a0c9040953)
Thomas Langer [Mon, 20 Aug 2018 10:13:29 +0000 (12:13 +0200)]
build: Unset CDPATH to avoid problems
In some places the output of commands, which include "cd" are used.
In case of CDPATH the new path is printed, which might not be expected.
Disable the variable to avoid these problem.
When CDPATH was set by the user to some value like "export CDPATH=."
the git checkout done by the build system did not work anymore, the
git cloning aborted with such an error message for example:
....
Packing checkout...
tar: /disk/fs1/tmp2/mehrtens/pon-ugw/ugw-haps/openwrt/tmp/dl/ppa-drv-1.0\n@
1534240258: Cannot stat: No such file or directory
tar: Date sample file not found
Try 'tar --help' or 'tar --usage' for more information.
.....
To avoid this, this patch makes the build system unset CDPATH inside
the build system, so the build system will still work even when the
user set this variable in his local environment.
Signed-off-by: Thomas Langer <thomas.langer@intel.com>
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
41faf52b0ffe902381e75a35e886f635321347b5)
Hans Dedecker [Fri, 24 Aug 2018 13:02:24 +0000 (15:02 +0200)]
dropbear: backport upstream fix for CVE-2018-15599
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
2211ee0037764e1c6b1576fe7a0975722cd4acdc)
Rosen Penev [Fri, 17 Aug 2018 02:32:59 +0000 (19:32 -0700)]
samba36: Enable umdnsd support
Allows discovery without having to use NetBIOS. Useful for mobile devices.
Could eventually throw nbmd away. But that requires Windows 10...
Tested on Fedora 28 with avahi-discover.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from
499773f8efe3357a2076c75c503ebcb42e41dbe6)
Luiz Angelo Daros de Luca [Sun, 19 Aug 2018 01:53:07 +0000 (22:53 -0300)]
base-files: create /etc/ethers by default
/etc/ethers is missing on /rom but always created when dnsmasq
runs. It is better to have it in place and avoid an extra change
in flash after firstboot.
It will generate an extra /etc/ethers-opkg when it has changed.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
d810d44e5a88e7ed5a72f8cd39fc57639aa6dbd0)
Daniel Engberg [Fri, 17 Aug 2018 08:00:02 +0000 (10:00 +0200)]
mwlwifi: Update to 10.3.8.0-
20180810
Update mwlwifi to 10.3.8.0-
20180810
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from
e1a1add5178b6a943c6272776ba3af06b3f953a8)
Stijn Tintel [Mon, 13 Aug 2018 19:05:46 +0000 (22:05 +0300)]
firewall: bump to git HEAD
12a7cf9 Add support for DSCP matches and target
06fa692 defaults: use a generic check_kmod() function
1c4d5bc defaults: fix check_kmod() function
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(backported from
03e5dcbf10b1f67a463735efd8db3386f91473fd)
Mathias Kresin [Sat, 11 Aug 2018 08:10:21 +0000 (10:10 +0200)]
base-files: add function to get mac as text from flash
Add a function to get a mac stored as text from flash. The octets of
the mac address need to be separated by any separator supported by
macaddr_canonicalize().
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from
dfee452713e6b3c10aafc6174f8087a920b54402)
Mathias Kresin [Sat, 11 Aug 2018 08:48:08 +0000 (10:48 +0200)]
base-files: use consistent coding style
Add the opening bracket right after the function name, to do it the
same way for all functions in this file.
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from
ec28d2797c1bff4a3a97e54fee648cc56185839a)
Thibaut VARÈNE [Thu, 9 Aug 2018 18:33:45 +0000 (20:33 +0200)]
base-files: make wifi report unknown command
Avoid having /sbin/wifi silently ignore unknown keywords and execute
"up"; instead display the help message and exit with an error.
Spell out the "up" keyword (which has users), add it to usage output,
and preserve the implicit assumption that runing /sbin/wifi without
argument performs "up".
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(backported from
78b5764fd8a3c133f0caf170238242b32a97105b)
Hans Dedecker [Thu, 9 Aug 2018 15:56:19 +0000 (17:56 +0200)]
odhcp6c: apply IPv6/ND configuration earlier
Apply IPv6/ND configuration before proto_send_update so that all config info
is available when netifd is handling the notify_proto ubus call.
In particular this fixes an issue when netifd is updating the downstream IPv6 mtu
as netifd was still using the not yet updated upstream IPv6 mtu to set the
downstream IPv6 mtu
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
2e02fdb3637c7a0320d230a3232d61e874c1e4d1)
Eneas U de Queiroz [Mon, 6 Aug 2018 18:19:20 +0000 (18:19 +0000)]
ustream-ssl: update to latest git HEAD
23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(backported from
33fd1d0d91fe6f0bb639a6fad0f681ba651f8254)
Paul Spooren [Sun, 5 Aug 2018 03:17:29 +0000 (12:17 +0900)]
imagebuilder: manifest function show stderr
This really simplifies debugging, if a package is not found or a feed is
not reachable, a proper stderr is printed. Currently it would only say
`_call_manifest` failed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(backported from
ad5c2897ec054b80549e526ef639dd75548d4747)
Jo-Philipp Wich [Sun, 5 Aug 2018 10:24:01 +0000 (12:24 +0200)]
scripts: time.pl: avoid hard Time::HiRes dependency
Use Time::HiRes when available and fallback to raw syscall interface
when not. If that fails too, simply report 0, 0 as real time.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from
a692e4e3de60e1a10906511fb8ef2d14937d4a19)
Jo-Philipp Wich [Sat, 4 Aug 2018 22:06:27 +0000 (00:06 +0200)]
build: remove GNU time dependency
Replace the GNU time program invocation with a simple Perl script reporting
the timing values. Since we require Perl anyway for the build system, we can
as well use that instead of requiring a random GNU utility rarely installed
by default.
Fixes:
ff6e62b288 ("build: log time taken by each packages/steps")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from
d3ddf6631e491a831617a5ae8b3d7924e47a275a)
Jo-Philipp Wich [Tue, 31 Jul 2018 18:39:13 +0000 (20:39 +0200)]
iwinfo: update to latest Git HEAD
a514139 build: compile with -ffunction-sections, -fdata-sections and LTO
3c30b17 wl: only invoke nvram executable if it exists
65b8333 Revert "build: compile with -ffunction-sections, -fdata-sections and LTO"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from
fdd6c556ab42d040efcc92a53149e3f8ec357f69)
Jo-Philipp Wich [Thu, 23 Aug 2018 18:03:29 +0000 (20:03 +0200)]
wolfssl: disable broken shipped Job server macro
The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on
plain POSIX shells due to the use of `let`.
Shells lacking `let` will fail to run the generated m4sh code and end up
invoking "make" with "-jyes" as argument, fialing the build.
Since there is no reason in the first place for some random package to
muck with the make job server settings and since we do not want it to
randomly override "-j" either, simply remove references to this defunct
macro to let the build succeed on platforms which not happen to use bash
as default shell.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from
a27de701b0250b06302350d25dc514e1b488dc59)
Alexandru Ardelean [Mon, 30 Jul 2018 14:03:18 +0000 (17:03 +0300)]
wolfssl: remove myself as maintainer
I no longer have the time, nor the desire to maintain this package.
Remove myself as maintainer.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(backported from
20346a63f69bbb919ffdf29bc2e77496d01719e3)
Luiz Angelo Daros de Luca [Tue, 27 Mar 2018 05:42:06 +0000 (02:42 -0300)]
openvpn-easy-rsa: update to 3.0.4
Upstream renamed openssl-1.0.cnf to openssl-easyrsa.cnf.
However, pkg kept using openssl-1.0.cnf.
Upstream easyrsa searchs for vars, openssl-*, x509-types in the
same directory as easyrsa script. This was patched to revert
back to static /etc/easy-rsa/ directory (as does OpenSUSE).
EASYRSA_PKI still depends on $PWD.
Move easyrsa from /usr/sbin to /usr/bin as root is not needed.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(backported from
f1bef0596fd2a983386c778a94486782bd272e27)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Daniel Gimpelevich [Sun, 21 Jan 2018 21:00:12 +0000 (13:00 -0800)]
kernel: package x86-optimized crypto-misc modules
Some of the modules in the crypto-misc package have alternate
implementations optimized for different x86 instruction set extensions,
but only one of these was built for this package until now: twofish-i586.ko
Tested with insmod, on both x86 and x86_64. The modules now have an
autoload, which they previous didn't, loading the dependencies in the
correct order.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(backported from
c762817c9211f439c5da6ea30b6ed828c9861c4f)
Rosy Song [Sat, 4 Aug 2018 11:01:18 +0000 (19:01 +0800)]
base-files: do not add relevant sections & options except when ipv6 is support in kernel
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from
2b637e5ab8ae24ff4176930f259dce195983d7ea)
Andreas Ziegler [Fri, 3 Aug 2018 23:56:39 +0000 (01:56 +0200)]
base-files: sysupgrade: abort if config backup fails
Sysupgrade shouldn't proceed, if the backup of the configuration
fails because tar (or gzip) exit with a non-zero code.
Signed-off-by: Andreas Ziegler <dev@andreas-ziegler.de>
(backported from
72489ebeb65fd1e1d77e8d9fbe105827a98dbf03)
Chen Minqiang [Thu, 2 Aug 2018 01:10:15 +0000 (09:10 +0800)]
base-files: fix HOME_URL replace
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
(backported from
33bce21bb0f3def5a2516384a8ae16f88b9b193e)
Rosy Song [Wed, 18 Jul 2018 07:42:56 +0000 (15:42 +0800)]
include: add netdev family support for nftables
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from
b4d4e4ceb56825033dd4c8e401e9250ae5042a99)
Andy Walsh [Thu, 26 Jul 2018 08:34:33 +0000 (10:34 +0200)]
ncurses: install lib on host build
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from
1639ebcb061abb3664e0b80f62f0019e37fda68e)
Dmitry Tunin [Sat, 28 Jul 2018 14:48:42 +0000 (17:48 +0300)]
igmpproxy: drop SSDP packets
It is insecure to let this type of packets inside
They can e.g. open ports on some other routers with UPnP, etc
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
(backported from
c128371124ce4d197a5fbc00e42b58e9d82c571e)
Daniel Engberg [Tue, 24 Jul 2018 09:09:17 +0000 (11:09 +0200)]
include/verbose.mk: Add sc to failure message
Add sc to build error message
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from
0aaa65075508035bdf6c8fc8fa9a79b94dc5eadc)
Dmitry Tunin [Sat, 28 Jul 2018 14:06:28 +0000 (17:06 +0300)]
igmpproxy: add a silent logging option
[0-3](none, minimal[default], more, maximum)
It is not 100% backward compatible, because now 0 disables logging
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
(backported from
7a6b2badfa56cfd833d64f113398198f71fd896e)
Rafał Miłecki [Mon, 18 Jun 2018 11:46:04 +0000 (13:46 +0200)]
bcm53xx: exit if writing kernel during sysupgrade fails
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(backported from
93cc44c433fed754bd76f8016a1660a6b932361e)
Christo Nedev [Fri, 1 Jun 2018 14:23:21 +0000 (14:23 +0000)]
brcm2708: Update brcm2708-gpu-fw package
Problem - rapsberry pi 3 b/b+ does not boot with bcm2710 images!
How Raspberry Pi boots Actualy?
When Raspberry is switched on GPU is activated.
1. GPU execute First stage bootloader from ROM.
First stage bootloader mount the FAT boot partition on the SD card
and execute second stage bootloader (bootcode.bin).
2. Second stage bootloader (bootcode.bin) activate SDRAM.
Load the GPU firmware (start.elf).
3. GPU firmware (start.elf)
a) display Rainbow splash.
b) read firmware configuration file config.txt and
split the RAM using fixup.dat.
c) loads a cmdline.txt
d) enables the CPU.
e) loads the kernel image configurable via config.txt
In your target/linux/brcm2708/image/config.txt
493 ## kernel (string)
494 ## Alternative name to use when loading kernel.
495 ##
496 #kernel=""
it is not configured!
But in your target/linux/brcm2708/image/Makefile
75 KERNEL_IMG := kernel8.img
76 DEVICE_TITLE := Raspberry Pi 3B/3B+
you have kernel8.img
GPU Firmware search order by default for a PI 3 is:
kernel8.img if found boot in 64 bit mode
kernel8-32.img if found boot in 32 bit mode
kernel7.img if found boot in 32 bit mode
kernel.img if found boot in 32 bit mode
But a PI 2 will start the search from kernel7.img and
a PI 1 only looks for kernel.img.
Оbviously the kernel has been found.
But something goes wrong and the device is restarted.
In your package/kernel/brcm2708-gpu-fw/Makefile
11 PKG_NAME:=brcm2708-gpu-fw
12 PKG_VERSION:=2017-08-08
13 PKG_RELEASE:=
e7ba7ab135f5a68b2c00a919ea9ac8d5528a5d5b
boot loader is 10 monts old.
In conclusion, the best way to solve the problem is
to update the boot loader!
Fixup_cd.dat and start_cd.elf files are not necessary.
These are used when GPU memory is set to 16 MB, which disables
some GPU features.
I did not remove them just in case!
cheers
Signed-off-by: Christo Nedev <christo.nedev@gmail.com>
(backported from
c335649629e641209a3539209defffeea090ad8f)
Mathias Kresin [Sun, 8 Jul 2018 21:18:15 +0000 (23:18 +0200)]
kernel: don't auto attach ubi on read error
With
a10a204aab26cc ("kernel: make ubi auto-attach check for a tar file
magic") the check for the magic was added without considering a failing
mtd_read(). If the read fails, no check is done and the mount code is
called straight away.
Failing with an error message for such cases seems to me the cleaner way,
as it would allow to spot hidden/workaround issues.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from
3716b5e4e6374883c80e61021923733b14cdb011)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Mathias Kresin [Sat, 7 Jul 2018 23:47:28 +0000 (01:47 +0200)]
kernel: handle bad blocks in ubi auto attach code
The first block(s) of the ubi mtd device might be bad. We need to take
care on our own to skip the bad block(s) and read the next one(s).
Don't treat recoverable read errors as fatal and check for the UBI magic
if the data of a block could be recovered using ECC or similar.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from
0ac91d82ed4d077150db902eb12d383c2be44fb2)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Mathias Kresin [Sat, 7 Jul 2018 23:38:08 +0000 (01:38 +0200)]
kernel: improve ubi auto attach code readability
Move the put_mtd_device() called on multiple error conditions to a goto
label to use it later for more error conditions.
The early return on failed open of the mtd device and mismatching mtd
type allows to get rid of one level of indentation. By jumping to the
cleanup code, a refcount bug is fixed for the wrong flash type condition.
While at it, make clear that we only check for the UBI magic if the read
from flash was successful.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from
fdf6760cda15b2710287c66c9969a3ed527793d8)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 24 Jul 2018 13:23:05 +0000 (15:23 +0200)]
build: do not override CCACHE_DIR when ccache is disabled
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from
991c7a4f69976f72bcee3f76d6917b224da45ea1)
Jo-Philipp Wich [Tue, 24 Jul 2018 11:36:28 +0000 (13:36 +0200)]
build: prereq-build.mk: fix gcc/g++ SetupHostCommand invocation
A missing comma caused the first command option to be considered part of
the error message.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from
a6f4c7bce8c62d2dded5c8c12f7f118e2a6c9ee5)
Felix Fietkau [Thu, 19 Jul 2018 15:13:25 +0000 (17:13 +0200)]
hostapd: remove unused struct hostapd_ubus_iface
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
f0ac9afe695ed297caf093f02144b2adf04bca87)
Luiz Angelo Daros de Luca [Tue, 17 Jul 2018 22:41:09 +0000 (19:41 -0300)]
base-files: fix wrong sysctl parameter order
Restarting service sysctl echos multiple errors like:
sysctl: -e: No such file or directory
After the first filename, all remaining arguments are treated
as files.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(backported from
4c4288728611d334efb777b74e737e1f98e0dc1b)
Mathias Kresin [Wed, 11 Jul 2018 20:13:36 +0000 (22:13 +0200)]
hostapd: fix conflicts hell
Add each variant to the matching PROVIDERS variables after evaluating
the respective hostapd*, wpad* and wpa* variant.
Each package providing the same feature will automatically conflict with
all prior packages providing the same feature.
This way we can handle the conflicts automatically without introducing
recursive dependencies.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from
3838b16943c6021e3ff06d5733df890408ad7158)
Mathias Kresin [Tue, 10 Jul 2018 19:17:33 +0000 (21:17 +0200)]
hostapd: cleanup package definition
Move common variables and/or values to the package (variant) default.
Add additional values in variant packages if necessary. Remove further
duplicates by introducing new templates.
Remove the ANY_[HOSTAPD|SUPPLICANT_PROVIDERS]_PROVIDERS. The are the
same as the variables without the any prefix. No need to maintain both
variables.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from
8af8ceb1c8558a6f25c50cb68b87a3a3425f3417)
Jo-Philipp Wich [Tue, 17 Jul 2018 14:01:46 +0000 (16:01 +0200)]
openvpn: increase procd termination timeout to 15s
Increase the termination timeout to 15s to let OpenVPN properly tear down
its connections, especially when weak links or complex down scripts are
involved.
Fixes FS#859.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from
28d3a1b54b6726a0a93477d75d09a25f74ee361f)
Peter Wagner [Tue, 3 Jul 2018 06:54:41 +0000 (08:54 +0200)]
librpc: add host build to install h files needed for nfs-kernel-server to get compiled
Signed-off-by: Peter Wagner <tripolar@gmx.at>
(backported from
d8d2133c35c9c9b410e16cdebe878acd0da6382f)
李国 [Fri, 6 Jul 2018 10:03:40 +0000 (18:03 +0800)]
verbose.mk: quote SUBMAKE options
build openwrt on centos 6 I should use devtoolset-3 to get gcc 4.9, but
it fail when make menuconfig. so I have to give option HOSTCC='gcc
-Wl,--copy-dt-needed-entries' to make. But it passed to sub make to
HOSTCC=gcc as micro SUBMAKE expand to HOSTCC=gcc
-Wl,--copy-dt-needed-entries. This patch fix this issue.
make -C build menuconfig HOSTCC='gcc -Wl,--copy-dt-needed-entries' V='1'
make: Entering directory `/work/openwrt/openwrt/build'
/opt/rh/devtoolset-3/root/usr/libexec/gcc/x86_64-redhat-linux/4.9.2/ld:
lxdialog/checklist.o: undefined reference to symbol 'acs_map'
//lib64/libtinfo.so.5: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make[1]: *** [mconf] Error 1
make -s -C scripts/config all CC=gcc -Wl,--copy-dt-needed-entries: build
failed. Please re-run make with -j1 V=s to see what's going on
make: *** [scripts/config/mconf] Error 1
make: Leaving directory `/work/openwrt/openwrt/build'
Signed-off-by: 李国 <uxgood.org@gmail.com>
(backported from
671999157d6cd0b629304f86beec7d71fc998b09)
Felix Fietkau [Wed, 4 Jul 2018 18:14:08 +0000 (20:14 +0200)]
kernel: replace bridge port isolate hack with upstream patch backport on 4.14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
21ee8ce9b52f8ae4a6babf4032f71e2d4d56392b)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Felix Fietkau [Wed, 4 Jul 2018 17:49:32 +0000 (19:49 +0200)]
kernel: adjust bridge port isolate patch to match upstream attribute naming
Newer kernels have a patch that implements compatible functionality
directly. Adjust the attribute of our own patch in preparation for
dropping it later
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
41a1c1af4bbf18cb5f3a4dfd1fb988317da9aa2d)
Hannu Nyman [Fri, 6 Jul 2018 13:45:06 +0000 (16:45 +0300)]
tools/ccache: update to 3.4.2
update version and refresh patch
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(backported from
7ec931b7f01e8e9dc6463069237097950761996a)
Hannu Nyman [Fri, 6 Jul 2018 13:46:33 +0000 (16:46 +0300)]
tools/cmake: update to 3.11.4
Update cmake and refresh patches.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(backported from
55fa8068c4eb1f6213ca115655067e635da3e637)
Yousong Zhou [Tue, 3 Jul 2018 07:37:49 +0000 (15:37 +0800)]
fixup-makefile.pl: fixup when PKG_SOURCE is defined elsewhere
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from
eb6759cc786b9a5fe1425364fc54212a425ff0be)
Kevin Darbyshire-Bryant [Sat, 9 Jun 2018 08:11:24 +0000 (09:11 +0100)]
build: ASLR hardening use $(FPIC)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from
89b59994eb44b5cd2fac594144c20c63fd05ef25)
Kevin Darbyshire-Bryant [Mon, 4 Sep 2017 19:20:12 +0000 (20:20 +0100)]
toolchain: gdb: enable TUI
The GDB Text User Interface (TUI) is a terminal interface
which uses the curses library to show the source file,
the assembly output, the program registers and GDB
commands in separate text windows.
In other words it's a friendlier interface for idiots like me!
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from
900d86766b2a2122ea435d98aa50dc72d5dadf93)
Hans Dedecker [Mon, 2 Jul 2018 15:31:03 +0000 (17:31 +0200)]
ebtables: update to latest git 2018-06-27
48cff25 build: drop install -o/-g root
53d7e7a extensions: ebt_string: take action if snprintf discards data
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
afac2a2dd67502ef8bd9799f328fa2e3b39292b1)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Lev [Tue, 26 Jun 2018 22:50:11 +0000 (00:50 +0200)]
ramips: fix wizfi630a swapped lan/wan port
The order of the Ethernet ports were mixed up.
This commit fixes the order to be aligned with the physical layout.
Signed-off-by: Lev <leventelist@gmail.com>
(backported from
3d6f57f3c6dabfe3911ffb1f1a2afbe3ff41c3fd)
Rosen Penev [Sat, 30 Jun 2018 19:25:12 +0000 (12:25 -0700)]
usbutils: Switch to Fedora usbutils
The Gentoo GitHub mirror went down. One benefit of Fedora's usb.ids file
is that it's versioned.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from
f23271f3b4f54d1e5ddf7b85786f9a30f38409ad)
Rosen Penev [Sun, 1 Jul 2018 00:02:52 +0000 (17:02 -0700)]
samba36: Disable external libtdb and libtevent
This was causing issues recently as samba36 is not API compatible with the
libtdb in the packages repo. It shouldn't be using it anyway. Nor tevent.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from
1f2612a4ddbb83af0c6daf3719ab74c3b7db6590)
Alexander Couzens [Fri, 29 Jun 2018 03:36:06 +0000 (05:36 +0200)]
swconfig: swlib_map_settings(): change return type to void
The return value of the function isn't used anywhere.
Fixes missing return value, CID
1329717.
Found-by: Coverity
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from
b06c447c5f66fd13078327bda3d885d48e2c0e42)
Alexander Couzens [Fri, 29 Jun 2018 03:27:16 +0000 (05:27 +0200)]
swconfig: fix un-initialized return value
Fix CID
1330844
Found-by: Coverity
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from
e37ad4e5ca2e70387656da81704ee4d4589c6d70)
Jo-Philipp Wich [Wed, 27 Jun 2018 16:51:25 +0000 (18:51 +0200)]
build: include package directory in sha256sums when running on buildbot
In order to be able to better compare files to sync in the future, include
all BIN_DIR subdirectories in the checksum calculation.
To not break existing applications, restrict the recursive checksumming to
CONFIG_BUILDBOT for now.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from
681e825f8fbf59a32c3b09810b2a3fef29880c63)
Mathias Kresin [Thu, 2 Nov 2017 07:21:57 +0000 (08:21 +0100)]
base-files: add menuconfig option for HOME_URL
Add a menuconfig option to set the HOME_URL exposed in
/usr/lib/os-release independent from the
LEDE_DEVICE_MANUFACTURER_URL.
Fixes: FS#1123
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from
52a9edb1bfaf51c250a33303beacba95dd1dbc05)
Alin Nastac [Mon, 25 Jun 2018 08:22:21 +0000 (10:22 +0200)]
netfilter: add bpf match support
Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.
Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
(backported from
ab07ae2f27dd920cb7ba186d9f7ad2ccb1c980c4)
Yousong Zhou [Mon, 25 Jun 2018 05:16:09 +0000 (13:16 +0800)]
dropbear: let opkg manage symlinks of ssh, scp
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from
c4aadbdaf69bad3fbb3ef54601a3629ba24a6e9b)
Hans Dedecker [Thu, 21 Jun 2018 20:26:18 +0000 (22:26 +0200)]
busybox: udhcpc: replace udhcpc_no_msg_dontroute patch by upstream fix
Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix
which removes the code which requires the server ID to be on local
network
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
c6e50075f245b076b57f3f87b5401764a2e11b92)
Magnus Kroken [Sun, 17 Jun 2018 14:16:39 +0000 (16:16 +0200)]
busybox: update to 1.28.4
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(backported from
ccc728a0e2a7c9717d3d1bcc59f0462e9dbed01e)
Rosy Song [Tue, 12 Jun 2018 07:49:50 +0000 (15:49 +0800)]
nftables: bump to version 0.9.0
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from
1ee98fdef3d6d71c1b0b3b120a9e24ac4b93c94f)
Rosy Song [Tue, 12 Jun 2018 07:49:32 +0000 (15:49 +0800)]
libnftnl: bump to version 1.1.1
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from
9d6a0352e7af9aef95f4d983e39516b76e7fc8ba)
Rafał Miłecki [Mon, 11 Jun 2018 10:52:42 +0000 (12:52 +0200)]
base-files: exit if mtd write command fails during sysupgrade
It avoids confusing situations like:
> Could not get image magic
> Image check failed.
> Upgrade completed
> Rebooting system...
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(backported from
5b2e20807d2b38de1cc4185d15bb4320b8bd743a)
Mathias Kresin [Sun, 18 Feb 2018 21:48:44 +0000 (22:48 +0100)]
ramips: mt7621: fix mtu setting with kernel 4.14
Since kernel 4.10 commit
61e84623ace3 ("net: centralize net_device
min/max MTU checking"), the range of mtu is [min_mtu, max_mtu], which
is [68, 1500] by default.
It's necessary to set a max_mtu if a mtu > 1500 is supported.
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from
5da2c68d001ee44b15a58639ed03a0ebb6f68020)
Felix Fietkau [Sun, 8 Apr 2018 17:19:58 +0000 (19:19 +0200)]
kernel: avoid flow offload for connections with xfrm on the dst entry (should fix IPSec)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from
b560c1748a4edf0d02046e5a988cc0caf1f4f987)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Denton Gentry [Wed, 30 May 2018 15:05:42 +0000 (15:05 +0000)]
hostapd: make cli treat UNKNOWN COMMAND as failing
Avoid infinite loop at 100% CPU when running hostapd_cli
if CONFIG_CTRL_IFACE_MIB is not defined.
_newselect(4, [3], NULL, NULL, ...)
recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24
Signed-off-by: Denton Gentry <denny@geekhold.com>
(backported from
a84962ea35e4e97f1c4a42f2eac0242cc2cbd879)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Daniel Golle [Wed, 6 Jun 2018 23:51:58 +0000 (01:51 +0200)]
ramips: fix reboot with W25Q256 with 4-address-mode enabled
Some board vendors actually changed the loader to expect the chip
to come up in 4-address-mode and flipped the ADP bit in the flash
chip's configuration register which makes it come up in 4-address-mode.
Hence it doesn't make sense to avoid switching to 4-address-mode on
those boards but the opposite as otherwise reboot hangs eg. on the
WrtNode2 boards. Fix this by checking the ADP register and only using
SPI_NOR_4B_READ_OP on chips which have ADP==0 (come up in 3-byte mode).
See also datasheet section 7.1.11 Power Up Address Mode (ADP)
Fixes:
22d982ea0 ("ramips: add support for switching between 3-byte and 4-byte addressing on w25q256 flash")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from
8796680277f4b231386fbc6e8a1ccae91d9fcbe8)
Hans Dedecker [Wed, 6 Jun 2018 20:30:57 +0000 (22:30 +0200)]
ebtables: update to latest git 2018-06-06
5699354 extensions: fix build failure on fc28
e6359ee build: update ebtables.h from kernel and drop local unused copy
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from
1bbe813db0bb8dc65b8ed7740cf7f35a81b8ba0e)
Ted Hess [Tue, 5 Jun 2018 14:05:35 +0000 (10:05 -0400)]
scripts: Replace obsolete POSIX tmpnam in slugimage.pl with File::Temp function
Signed-off-by: Ted Hess <thess@kitschensync.net>
(backported from
7590c3c58f5e9d580c86da10473d1d29a2f081c9)
Ivan Shapovalov [Sun, 13 May 2018 21:05:43 +0000 (00:05 +0300)]
netifd: drop conflicting 'device' interface property
Do not set device runtime property on interfaces in the hotplug handler
and in fixup_interfaces(). This property conflicts with device option
in several proto handlers (mainly QMI and other WWAN/3G protos) and does
not seem to be used anywhere.
Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(backported from
91b5b2e20d531584918c62a6c6cd046f0580f50a)
Kevin Darbyshire-Bryant [Wed, 30 May 2018 08:46:34 +0000 (08:46 +0000)]
nettle: bump to 3.4
3.4 is mainly a bug fix/maintenance release.
3KB increase in ipk lib size on mips.
Compile tested for: ar71xx, ramips
Run tested on: ar71xx Archer C7 v2, ramips mir3g
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from
1ee5051f202f600d854bcf939ba4ee37f057ace2)
Yousong Zhou [Thu, 5 Jul 2018 10:51:54 +0000 (18:51 +0800)]
ca-certificates: ca-bundle: add symlink for openssl default setting
OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem. This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation
Fixes openwrt/packages#6152
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from
191078e83d127f5ed9a38366d2edaac49f9333c5)
Rosen Penev [Sun, 27 May 2018 22:13:48 +0000 (15:13 -0700)]
curl: Add ca-bundle dependency
While building, curl complains that the path specified is missing.
Also, without ca-bundle, something like 'curl https://www.google.com'
does not work due to a certificate verify error.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from
7a20c7a05d52f9bb3c82742098457bfbed869a8a)
Rosen Penev [Sun, 27 May 2018 22:13:47 +0000 (15:13 -0700)]
curl: Use ca-bundle for all TLS libraries.
It simplifies the Makefile a bit. In addition, using ca-bundle
saves some space as well.
It also fixes an issue with at least transmission, which has a dependency
on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it not
to work.
This has been tested on mt7621 with OpenSSL and GnuTLS just by running
'curl https://www.google.com' and seeing if there's a verify error.
The rest are already using ca-bundle and therefore work fine.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from
f97946c49680a5fe713d0e2caaf072789f70e68d)
Rosen Penev [Fri, 25 May 2018 03:47:46 +0000 (20:47 -0700)]
ath10k-firmware: Fix QCA6174 support
Currently when installing the firmware, a bunch of files and directories
that the ath10k driver does not look for are created.
The package now installs firmware for both hw 2.1 and 3.0 devices.
2.1 is abandonware but may be useful to keep.
3.0 firmware was tested on a Killer 1535 to be relatively stable with
802.11w disabled. 802.11w causes multiple firmware crashes but that's true
of other ath10k firmwares as well.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported and squashed from
27eab4fa578d696ab55b6264a1b35fad6488b664,
d0fbe1956b3b9f07b6dcb54a8ed43a4904581e1d,
e191c7ee797c8b3458eb9791212a56b16febeeb4)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Daniel Golle [Thu, 31 May 2018 13:18:12 +0000 (15:18 +0200)]
hostapd: properly build hostapd-only SSL variants
Make sure hostapd-openssl is actually build against OpenSSL, same
for wolfSSL.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from
987900f2de76e6d292e55aa068c39b03f79c8812)
Daniel Golle [Wed, 30 May 2018 22:10:49 +0000 (00:10 +0200)]
hostapd: update packaging and patches
Clean up conflicts/provides/depends hell and add PROVIDES for
eapol-test variants while at it.
Update mesh-DFS patchset from Peter Oh to v5 (with local fixes) which
allows to drop two revert-patches for upstream commits which previously
were necessary to un-break mesh-DFS support.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from
78f1974bc565d7544589a49ad8efd92c4ddec5b3)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>