aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* lantiq: activate noise margin delta for VDSL tooHauke Mehrtens2018-01-071-2/+2
| | | | | | | | | | | Previously this was only activated for ADSL, this patch activates the same setting also for VDSL, this feature is also support for VDSL in the same way it works for ADSL. I tested it with DSL FW 5.7.9.5.1.7 against a Broadcom 177.140 DSLCO (Deutsche Telekom) and saw different data rates and Max. Attainable Data Rates depending on the ds_snr_offset settings I choose. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Lantiq: make possible to tweak DSL SRN from UCIAndrea Merello2018-01-071-1/+26
| | | | | | | | | | | | | | | | | | | | | This patch makes possible to tweak the downstream SNR margin on Lantiq DSL devices. The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR margin offset. It accepts values in range -50 to +50 in 0.1 dB units. The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB steps. Currently this should only affect ADSL (not VDSL). It should be very easy to make this work also on VDSL lines, but since I couldn't test on VDSL lines this patch does not do that yet. I have also a patch for LUCI about this, that I could submit. Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line. Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
* libubox: update to latest lede-17.01 git HEADJo-Philipp Wich2018-01-071-3/+3
| | | | | | | | 1dafcd7 jshn: properly support JSON "null" type 6abafba jshn: read and write 64-bit integers cfc75c5 runqueue: fix use-after-free bug Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* kernel: update kernel 4.4 to version 4.4.110Hauke Mehrtens2018-01-0737-148/+149
| | | | | | This fixes: CVE-2017-5754 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* brcm47xx: relocate the stack in loaderHauke Mehrtens2018-01-062-2/+4
| | | | | | | | | | | By default we are reusing the stack provided by CFE, like it is intended by CFE. On my WRT54GS it is located at 0x8043BF30, so a big kernel image could overwrite it. Relocate it to a different memory region which is still under the 8MB RAM, but in the higher area. We only need this memory region for the stack of the loader, Linux will set up this for its own. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* brcm47xx: relocate loader to higher addressHauke Mehrtens2018-01-061-1/+1
| | | | | | | | | | | | | | | | | | | | | The boot process on a WRT54GL works the following way: 1. CFE gets loaded by the boot rom from flash 2. CFE loads the loader from the flash and gzip uncompresses it 3. CFE starts the loader 4. The loader stores the FW arguments and relocates itself to BZ_TEXT_START (now 0x80600000) 5. The loader reads the Linux image from flash 6. The loader lzma decompresses the Linux image to LOADADDR (0x80001000) 7. The loader executes the uncompress Linux image at LOADADDR The BZ_TEXT_START was set to 0x80400000 before. When the kernel gets uncompressed and is bigger than BZ_TEXT_START - LOADADDR it overwrote the loader which was currently uncompressing it and made the board crash. Increase the BZ_TEXT_START my 2 MB to have more space for the kernel. Even on 16MB RAM devices the memory goes till 0x80FFFFFF so this should not be a problem. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* fstools: backport fix from master branchRafał Miłecki2018-01-051-3/+3
| | | | | | 37762ff libfstools: support file paths longer than 255 chars Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* procd: update to latest git HEADHans Dedecker2018-01-041-3/+3
| | | | | | | 1883530 procd: Fix minor null pointer dereference. 9085551 procd: initd: fix path allocation in early_insmod Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* brcm47xx: image: build firmware for Asus WL-500g DeluxeRafał Miłecki2018-01-021-0/+8
| | | | | | | | It's a device based on BCM5365P (0x5365 package 0x00). This SoC has USB 1.1 controller but device has two USB 2.0 parts. They are handled by PCI-based controllers: 1106:3038 UHCI and 1106:3104 EHCI. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* Revert "iptables: fix nftables compile issue (FS#711)"Hans Dedecker2018-01-021-20/+0
| | | | | | This reverts commit da126d557c6d1cfe19d3f93481af6e00631d7931 as the iptables patch does not apply cleanly. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iptables: fix nftables compile issue (FS#711)rektide de la faye2018-01-021-0/+20
| | | | | | | | | | | | | | | | Enabling IPTABLES_NFTABLES resulted in an error during build:# *** No rule to make target '../extensions/libext.a', needed by 'xtables-compat-multi'." Comments from Alexander Lochmann and Fedor Konstantinov in FS#711 provided fixes for this build error, allowing iptables to compile. https://bugs.lede-project.org/index.php?do=details&task_id=711. This commit updates the Makefile.am xtables_compat_multi_LDFLAGS and _LDADD, moving linking of extensions to LDFLAGS. Signed-off-by: rektide de la faye <rektide@voodoowarez.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* rpcd: backport version 2017-12-07 from masterDaniel Golle2018-01-011-3/+3
| | | | | | | | cfe1e75c91 sys: packagelist: allow listing all packages 74a784f037 sys: fix passwd path Signed-off-by: Daniel Golle <daniel@makrotopia.org> (commit 173edcdc9da55fbd7225c4baa7b03405dfc074cc on master)
* uci: update to HEAD of lede-17.01 branchJo-Philipp Wich2018-01-011-3/+3
| | | | | | | | | | Switch uci to the lede-17.01 branch which contains the following two commits cherry-picked from uci master: 141b64e lua: additionally return name when looking up sections 1e17f24 lua: support extended section notation Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iproute2: cake: fix patch format errorKevin Darbyshire-Bryant2017-12-302-16/+6
| | | | | | | Fix patch format error introduced in c4e9487cf5 Refresh patches to tidy fuzz Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.4 to 4.4.108 for 17.01Kevin Darbyshire-Bryant2017-12-303-5/+5
| | | | | | Refresh patches. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* iproute2: cake: support new operating modes for 17.01Kevin Darbyshire-Bryant2017-12-302-38/+118
| | | | | | | | | | | | | | | | | | | | There has been recent significant activity with the cake qdisc of late Some of that effort is related to upstreaming to kernel & iproute2 mainline but we're not quite there yet. This commit teaches tc how to activate and interprete the latest cake operating modes, namely: ingress mode: Instead of only counting packets that make it past the shaper, include packets we've decided to drop as well, since they did arrive with us on the link and took link capacity. This mode is more suitable for shaping the ingress of a link (e.g. from ISP) rather than the more normal egress. ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in highly assymetric links (downstream v upstream capacity) where the majority of upstream link capacity is occupied with ACKS for downstream traffic. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kmod-sched-cake: bump to latest bake of cake for 17.01Kevin Darbyshire-Bryant2017-12-301-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | There has been recent significant activity with the cake qdisc of late but in the cobalt branch. Some of that effort is related to upstreaming to kernel & iproute2 mainline but we're not quite there yet. Relevant feature changes: ingress mode: Instead of only counting packets that make it past the shaper, include packets we've decided to drop as well, since they did arrive with us on the link and took link capacity. This mode is more suitable for shaping the ingress of a link (e.g. from ISP) rather than the more normal egress. ptm mode: Minor optimisation in packet overhead calculation. dual-src/dsthost/triple-isolate: Optimise only calculating src or dst host hashes only if required. ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS. Useful in highly assymetric links (downstream v upstream capacity) where the majority of upstream link capacity is occupied with ACKS for downstream traffic. A separate iproute2 patch to teach it about Cake's new features will follow. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* ramips: fix widora neo diag ledMathias Kresin2017-12-291-2/+4
| | | | | | | The diag LED is named widora:orange:wifi and can't be derived from the boardname. Signed-off-by: Mathias Kresin <dev@kresin.me>
* base-files: fix logic when to show failsafe bannerMatthias Schiffer2017-12-292-2/+2
| | | | | | Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net> Fixes: 1c9299877be9 ("base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists")
* base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe existsMatthias Schiffer2017-12-292-2/+5
| | | | | | | Since dropbear clears the environment, FAILSAFE was not set as intended in failsafe mode. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* wireguard: bump to 20171221Kevin Darbyshire-Bryant2017-12-251-2/+2
| | | | | | | | | | | | | | | | 7e945a8 version: bump snapshot f2168aa compat: kernels < 3.13 modified genl_ops 52004fd crypto: compile on UML 6b69b65 wg-quick: dumber matching for default routes aa35d9d wg-quick: add the "Table" config option 037c389 keygen-html: remove prebuilt file No patch refresh required. Compile-test-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump 4.4 to 4.4.107Etienne Haarsma2017-12-2325-84/+84
| | | | | | | | | | | | | Bump 4.4 to 4.4.107 and refreshed all patches. Made the following patch for Mediatek and Oxnas compatible with kernel 4.4.107: 0072-mtd-backport-v4.7-0day-patches-from-Boris.patch Compile-tested: ar71xx Run-tested: ar71xx Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com> Reviewed-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Tested-by: Rosen Penev <rosenp@gmail.com>
* wireguard: bump to 20171211Kevin Darbyshire-Bryant2017-12-152-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump to latest WireGuard snapshot release: 44f8e4d version: bump snapshot bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x 679e53a chacha20: avx512vl implementation 10b1232 poly1305: fix avx512f alignment bug 5fce163 chacha20poly1305: cleaner generic code 63a0031 blake2s-x86_64: fix spacing d2e13a8 global: add SPDX tags to all files d94f3dc chacha20-arm: fix with clang -fno-integrated-as. 3004f6b poly1305: update x86-64 kernel to AVX512F only d452d86 tools: no need to put this on the stack 0ff098f tools: remove undocumented unused syntax b1aa43c contrib: keygen-html for generating keys in the browser e35e45a kernel-tree: jury rig is the more common spelling 210845c netlink: rename symbol to avoid clashes fcf568e device: clear last handshake timer on ifdown d698467 compat: fix 3.10 backport 5342867 device: do not clear keys during sleep on Android 88624d4 curve25519: explictly depend on AS_AVX c45ed55 compat: support RAP in assembly 7f29cf9 curve25519: modularize dispatch Refresh patches. Compile-test-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* brcm47xx: remove target specific network preinit configJo-Philipp Wich2017-12-132-32/+0
| | | | | | | | | | The generic preinit code is now able to setup network and switch vlan settings from the /etc/board.json file, therefor drop the target specific code. Fixes FS#790. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 833c500cb2985e9b76a1aae3b6a577977eee5457)
* rules.mk: export TMPDIRJo-Philipp Wich2017-12-131-0/+1
| | | | | | | | | Set TMPDIR to the same value as the existing TMP_DIR variable in order to let gcc and various other utilities use the local temporary directory instead of the system-wide one. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 52a3477ff91a2009e451d5dce307e9cc945e9ffa)
* usbutils: Update usb.ids file to latestRosen Penev2017-12-131-3/+3
| | | | | Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit fc4e7bdca75f4d283374d3dfe0d0ac1cd4885612)
* hostapd: remove unused local var declarationLeon M. George2017-12-131-2/+0
| | | | | Signed-off-by: Leon M. George <leon@georgemail.eu> (cherry picked from commit 63462910ddb01d9a7391d793228767628aa65db2)
* hostapd: don't set htmode for wpa_supplicantLeon M. George2017-12-131-2/+0
| | | | | | | no longer supported Signed-off-by: Leon M. George <leon@georgemail.eu> (cherry picked from commit cc0847eda337f948f5ff6e75014aa88e48779677)
* libnl-tiny: use fixed message size instead of using the page sizeFelix Fietkau2017-12-131-6/+1
| | | | | | | Simplifies the code and reduces size Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit d5bcd0240a8f42a05ef31005a9a9dea848d3f7a8)
* packages: nvram: fix memory leak in _nvram_freeZhai Zhaoxuan2017-12-131-0/+4
| | | | | | | | The value of nvram_tuple_t is allocated in _nvram_realloc, but it is not freed in _nvram_free. Signed-off-by: Zhai Zhaoxuan <zhaizhaoxuan@xiaomi.com> (cherry picked from commit c382237ac33a787043b22abc42f0c5a80278baae)
* mac80211: don't pass the hostapd ctrl iface in adhocAntonio Quartulli2017-12-131-2/+8
| | | | | | | | Passing the ctrl iface to wpa_supplicant will automatically cause wpa_supplicant to send "STOP_AP" messages to the hostapd. This breaks the AP interfaces. Signed-off-by: Antonio Quartulli <ordex@autistici.org> (cherry picked from commit 0da54fa6428ea98d31b49f5d9a4a272214f5d188)
* hostapd: explicitly set beacon interval for wpa_supplicantSven Eckelmann2017-12-131-0/+1
| | | | | | | | | | | | | | | | The beacon_int is currently set explicitly for hostapd and when LEDE uses iw to join and IBSS/mesh. But it was not done when wpa_supplicant was used to join an encrypted IBSS or mesh. This configuration is required when an AP interface is configured together with an mesh interface. The beacon_int= line must therefore be re-added to the wpa_supplicant config. The value is retrieved from the the global variable. Fixes: 1a16cb9c67f0 ("mac80211, hostapd: always explicitly set beacon interval") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Felix Fietkau <nbd@nbd.name> [rebase] (cherry picked from commit 772afef61dc68e2470f4da130fac862ccf2fb105)
* hostapd: set mcast_rate in mesh modeSven Eckelmann2017-12-131-0/+68
| | | | | | | | | | | | | | | | | | | The wpa_supplicant code for IBSS allows to set the mcast rate. It is recommended to increase this value from 1 or 6 Mbit/s to something higher when using a mesh protocol on top which uses the multicast packet loss as indicator for the link quality. This setting was unfortunately not applied for mesh mode. But it would be beneficial when wpa_supplicant would behave similar to IBSS mode and set this argument during mesh join like authsae already does. At least it is helpful for companies/projects which are currently switching to 802.11s (without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS because newer drivers seem to support 802.11s but not IBSS anymore. Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com> Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh] (cherry picked from commit 43f66943d0dbf0ed0ec2a9cb071d0fbded2fbe35)
* igmpproxy: remove firewall rules when service is stoppedHans Dedecker2017-12-132-1/+5
| | | | | | | | | | Remove multicast routing firewall rules when the igmpproxy is stopped by triggering a firewall config change. Keeping the firewall open from the wan for igmp and udp multicast is not desired when the igmpproxy service is inactive. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 31ebbe34ccc066c212ef20de0856ab3a428fb801)
* openvpn: add support to start/stop single instancesMartin Schiller2017-12-132-18/+37
| | | | | | Signed-off-by: Martin Schiller <ms@dev.tdt.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase) (cherry picked from commit e2f25e607d2092cffa45196e7997854feb464232)
* package/elfutils: add CFLAG -Wno-format-nonliteralAlexander Couzens2017-12-131-1/+1
| | | | | | | | When a library is using fortify-packages GCC will complain about "error: format not a string literal, argument types not checked". Signed-off-by: Alexander Couzens <lynxis@fe80.eu> (cherry picked from commit 6ab45214644166846398e5e520d151c05cc4dd55)
* tools/coreutils: install readlinkFelix Fietkau2017-12-131-2/+2
| | | | | | | Parts of the build system use non-portable invocation of readlink Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 6bcc1c5331c797004e1b43168eb116d2d14b0102)
* uhttpd: fix query string handlingJo-Philipp Wich2017-12-131-3/+3
| | | | | | | | | | | Update to latest Git in order to fix potential memory corruption and invalid memory access when handling query strings in conjunction with active basic authentication. a235636 2017-11-04 file: fix query string handling Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 05a4200d56efe439e298c8af3d82ac221b0e86e9)
* openssl: fix cryptodev config dependencyRalph Sennhauser2017-12-131-0/+1
| | | | | Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com> (cherry picked from commit f5468d248613fee51d19715e0fa6e37012c0eda7)
* uqmi: replace legacy command invoke with newer typeKoen Vandeputte2017-12-131-7/+7
| | | | | Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 06d5d01e8acb4c7012bfa1ce8d432816b98088b0)
* procd: Always tell cmake whether to include seccomp support or notMichal Sojka2017-12-131-3/+2
| | | | | | | | | | Without this change, when a user disables seccomp support in .config, procd does not get recompiled unless the package is cleaned manually. It is because when -D option is missing from cmake command line, cmake uses cached value from the previous run where seccomp was enabled. Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz> (cherry picked from commit 0e300a3a71264d8938b17f9fb0d5f1ab33a0434a)
* libunwind: disable building with sspYousong Zhou2017-12-131-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | If we enable -fstack-protector while building libunwind, function __stack_chk_fail_local will be referred to for i386 and powerpc32 arches. This will cause link failure because the default gcc build specs says no link_ssp if -nostdlib is given. The error message: OpenWrt-libtool: link: ccache_cc -shared -fPIC -DPIC .libs/os-linux.o mi/.libs/init.o mi/.libs/flush_cache.o mi/.libs/mempool.o mi/.libs/strerror.o x86/.libs/is_fpreg.o x86/.libs/regname.o x86/.libs/Los-linux.o mi/.libs/backtrace.o mi/.libs/dyn-cancel.o mi/.libs/dyn-info-list.o mi/.libs/dyn-register.o mi/.libs/Ldyn-extract.o mi/.libs/Lfind_dynamic_proc_info.o mi/.libs/Lget_accessors.o mi/.libs/Lget_proc_info_by_ip.o mi/.libs/Lget_proc_name.o mi/.libs/Lput_dynamic_unwind_info.o mi/.libs/Ldestroy_addr_space.o mi/.libs/Lget_reg.o mi/.libs/Lset_reg.o mi/.libs/Lget_fpreg.o mi/.libs/Lset_fpreg.o mi/.libs/Lset_caching_policy.o x86/.libs/Lcreate_addr_space.o x86/.libs/Lget_save_loc.o x86/.libs/Lglobal.o x86/.libs/Linit.o x86/.libs/Linit_local.o x86/.libs/Linit_remote.o x86/.libs/Lget_proc_info.o x86/.libs/Lregs.o x86/.libs/Lresume.o x86/.libs/Lstep.o x86/.libs/getcontext-linux.o -Wl,--whole-archive ./.libs/libunwind-dwarf-local.a ./.libs/libunwind-elf32.a -Wl,--no-whole-archive -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/lib -lc -lgcc -Os -march=i486 -fstack-protector -Wl,-z -Wl,now -Wl,-z -Wl,relro -nostartfiles -nostdlib -Wl,-soname -Wl,libunwind.so.8 -o .libs/libunwind.so.8.0.1 .libs/os-linux.o: In function `_Ux86_get_elf_image': os-linux.c:(.text+0x588): undefined reference to `__stack_chk_fail_local' x86/.libs/Lregs.o: In function `_ULx86_access_fpreg': Lregs.c:(.text+0x25b): undefined reference to `__stack_chk_fail_local' x86/.libs/Lresume.o: In function `_ULx86_resume': Lresume.c:(.text+0xdc): undefined reference to `__stack_chk_fail_local' collect2: error: ld returned 1 exit status Makefile:2249: recipe for target 'libunwind.la' failed The snippet from gcc -dumpspecs %{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}} Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit f0c37f6ceb10a1db0193d4270c6807c0b2f7a3a0)
* tools/squashfs: use host cflagsFelix Fietkau2017-12-131-0/+1
| | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 20d363aed395e07ff42fe648f898b17f2077cc82)
* ppp: make the patches apply correctly againHauke Mehrtens2017-12-131-1/+1
| | | | | | | | This fixes a compile problem recently introduced by me. Fixes: f40fd43ab2f ("ppp: fix compile warning") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit a29848c67180396656e4e8a7ef47ae5b441a7325)
* ppp: fix compile warningHauke Mehrtens2017-12-131-0/+1
| | | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit f40fd43ab2fe0f5c707a07eb036e84af086f3066)
* dropbear: fix PKG_CONFIG_DEPENDSHans Dedecker2017-12-131-1/+4
| | | | | | | Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 834c93e00bee4f7253a5c64d1a9c8202b1082b1a)
* dropbear: make ssh compression support configurableMarcin Jurkowski2017-12-132-3/+13
| | | | | | | | | | Adds config option to enable compression support which is usefull when using a terminal sessions over a slow link. Impact on binary size is negligible but additional 60 kB (uncompressed) is needed for a shared zlib library. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com> (cherry picked from commit a816e1eac761bfdac720d00d15feb18b7b9fd1e3)
* procd: Install seccomp-trace symlinkMichal Sojka2017-12-131-0/+1
| | | | | Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz> (cherry picked from commit 1a5bf778fb4f8b648716d9f8275c6a0af503cfe5)
* openvpn: update to 2.4.4Magnus Kroken2017-12-132-34/+58
| | | | | | | | | | Fixes CVE-2017-12166: out of bounds write in key-method 1. Remove the mirror that was temporarily added during the 2.4.3 release. Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit a9a37526a9df3b565f5242857d17887cb492afab)
* build: remove @ as it's causing an errorPhilip Prindeville2017-12-131-1/+1
| | | | | | | | | Since $(DownloadMethod/unknown) is being invoked in the expansion of $(call locked ...) anyway, you can't have an @ because the shell doesn't know what to do with it. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> (cherry picked from commit 76ba01a39216b8460846808b2fc10d5ee230a324)