| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\
| |
| | |
openssl: use cryptodev-linux instead of ocf
|
| | |
| |
| |
| |
| | |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| |\ \
| | |
| | | |
squashfs4: use upstream xz compression header format
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the upstream kernel and the upstream squashfs4 tools the xz
compression header looks the following:
struct disk_comp_opts {
__le32 dictionary_size;
__le32 flags;
};
We added some other members and also moved some existing members. Place
the members which are already in upstream header at the same position
as in that kernel and add our own at the end. The kernel should not
have a problem when there are some additional members and just ignore
them.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This extension was added specifically for use by firewall3. Since
firewall-2016-11-06 no longer uses it remove it before it finds other
creative uses.
Should there already be such a use-case outside of OpenWrt I suggest to
package this extension properly a la xtables-addons instead.
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
|
| |\ \
| |/
|/| |
CVE-2016-5195 (dirtycow) fixes for 3.18, 4.1, 4.4
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes CVE-2016-5195, backport the mm patch into 097- until the kernel
version is upgraded.
Compile-tested on ar71xx, ramips.
Runtime-tested on ramips.
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Patch 610- is updated as check_entry helper was killed
Patch 666- is updated (thanks to Stijn Tintel)
Fixes CVE-2016-5195 (dirtycow)
Compile-tested on brcm47xx and rb532
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Patch 610- is updated as check_entry helper was killed in 3.18.37
Patch 666- is updated (thanks to Stijn Tintel)
Fixes CVE-2016-5195 (dirtycow)
Compile-tested on adm5120 and mcs814x
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |/
|
|
|
|
|
|
|
|
| |
This adds kernel support for tpm's providing:
* kmod-tpm - tpm framework
* kmod-tpm-i2c-infineon - infineon i2c 1.2 spec tpm
* kmod-random-tpm - tpm backed rng
Signed-off-by: Ian Pozella <Ian.Pozella@imgtec.com>
Signed-off-by: Abhijit Mahajani <Abhijit.Mahajani@imgtec.com>
|
| |
|
|
|
|
| |
Stay on 4.1.27
This reverts commit 231ef70f455fcc230a400af90a13e181a2c261cd.
|
| |
|
|
|
|
| |
Stay on 3.18.36
This reverts commit 83767cf94f909f5932540da7641a12b7dfa71d85.
|
| |
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch was introduced in commit r16412 for the brcm47xx target only
and then moved to generic in commit r32395. It was initially added
because of ticket #5186 and should fix some problems with fuse file
systems and MIPS caches. The commit comment in r32395 says that this a
generic problem in MIPS CPUs, but does not name any specifics about
that. There was a fix added to kernel 2.6.21 in commit commit
7575a49f20 "[MIPS] Implement flush_anon_page()." that should fix this
problem, but that was already available before both commits were done
to OpenWrt.
I just tested fuse with ntfs.3g without this patch on a BCM4704
(BMIPS3300 V0.6) SoC and haven't seen any problems. Someone reported
that removing this patch improves some fuse operations by 5 times on
some modern MIPS cores.
My test was only a simple "dd if=/dev/zero of=/mnt/zero bs=5000" to an
USB stick.
This patch removes the patch to OpenWrt, because I assume that it is
not needed any more and Felix, the orginal author, also thinks so.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
| |
The patch target/linux/generic/patches-4.4/206-mips-disable-vdso.patch
should be sufficient.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The swconfig kernel infrastructure fails to do any permissions checks when
changing settings. As such an ordinary user account on a device with a
switch can change switch settings without any special permissions.
Routers generally have few non-admin users so this isn't a big hole, but it
is a security hole. Likely the greatest danger is for multifunction devices
which have a lot of extra daemons, compromising a low-security daemon would
allow one to modify switch settings and cause the router/switch to appear to
lock-up (or cause other sorts of troublesome nyetwork behavior).
Implement a check for CAP_NET_ADMIN in swconfig_set_attr() and deny any
requests originating from user contexts lacking this capability.
Reported-by: Elliott Mitchell <ehem+openwrt@m5p.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
This can be used to prevent double compression for platforms where the
boot loader already expects compressed images.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
| |
In kernel 4.7 there is upstreamed b53 driver using (mostly?) the same
symbols as our b53 does. Change our symbols so both drivers can coexist
in kernel tree.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Jonas Gorski <jonas.gorski@gmail.com>
|
| |
|
|
| |
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
|
| |
|
|
| |
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
|
| |
|
|
| |
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
|
| |
|
|
|
|
|
|
|
| |
Changelog: https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.14
Some manual changes to target/linux/generic/patches-4.4/610-
netfilter_match_bypass_default_checks.patch were needed.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Despite the MS_SILENT flag being set when probing for ubifs rootfs a
logline indicating an error is generated during boot:
UBIFS error (pid: 1): cannot open "ubi0:rootfs", error -19
This leads to confusion and there shouldn't be lines containing
the word 'error' twice in a bootlog if actually everything is fine
(just the rootfs happens to be something else than ubifs)
The patch added has been submitted and was accepted upstream, see:
http://lists.infradead.org/pipermail/linux-mtd/2016-June/068056.html
http://patchwork.ozlabs.org/patch/637491
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
| |
|
|
|
|
|
|
|
| |
So far "kernel" partition didn't contain just a kernel. It also included
Seama header and meta data. This was making kernel update complex and it
wasn't trivial to read kernel size.
Fix it by making "kernel" parition contain just a kernel image.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
| |
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
|
| |
|
|
| |
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Building for octeon fails with
'arch/mips/vdso/vdso-n32.so.dbg' already contains a '.MIPS.abiflags'
section
if the file already exists from a prior build.
Use the same workaround as the one for vdso.so.dbg committed in
9eb155353a5f5137ec85a5b5b0287af63c544710.
Commit 91f205acaf2a44ae75418d2f2cb156149f0df8ae extended the workaround
to cover vdso-o32.so.dbg but missed the vdso-n32.so.dbg which is added
now by this change.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
It was accidentally left out when 4.4 support was added
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
unset following config symbols
- INPUT_PALMAS_PWRBUTTON
- INPUT_TPS65218_PWRBUTTON
- INPUT_TWL4030_PWRBUTTON
- INPUT_TWL4030_VIBRA
- INPUT_TWL6040_VIBRA
- KEYBOARD_TWL4030
- TWL4030_MADC
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
| |
|
|
| |
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
|
| |
|
|
| |
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
The copy overhead can be quite expensive
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
