aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mtd: mark as nonshared to fix FS#484Mirko Parthey2018-06-051-0/+2
| | | | | | | | | | | | Upstream commit: 46d7ced9d1e104693a9f995bfe8a6e28ac82b592 The mtd tool is built with different configurations depending on the target. For example, brcm47xx adds the fixtrx subcommand, without which an image fails when booting the second time. Mark the mtd package as nonshared to really fix FS#484. Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
* ustream-ssl: update to latest git HEADJohn Crispin2018-06-051-4/+4
| | | | | | | | | Upstream commit: 346d4c75eaa7a1d9bc8fcddc5db10a6aca95c005 5322f9d mbedtls: Fix setting allowed cipher suites e8a1469 mbedtls: Add support for a session cache Signed-off-by: John Crispin <john@phrozen.org>
* ustream-ssl: update to latest git HEADJohn Crispin2018-06-051-3/+3
| | | | | | | | | | Upstream commit: 52ba5760b771d873fe21d260e3b53506663b6144 527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode. 39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL. 45ac930 remove polarssl support Signed-off-by: John Crispin <john@phrozen.org>
* mbedtls: Activate the session cacheHauke Mehrtens2018-06-051-10/+0
| | | | | | | | | | | | Upstream commit: f2c8f6dc3249b506b915741d12905402dfffe162 This make sit possible to store informations about a session and reuse it later. When used by a server it increases the time to create a new TLS session from about 1 second to less than 0.1 seconds. The size of the ipkg file increased by about 800 Bytes. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update mbedtls to version 2.7.3Hauke Mehrtens2018-06-052-7/+7
| | | | | | This fixes some minor security problems and other bugs. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump kernel 4.4 to 4.4.135 for 17.01Hauke Mehrtens2018-06-0269-284/+286
| | | | | | * Refreshed patches Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ar71xx: Deactivate build of Netgear WNR2000v3Hauke Mehrtens2018-06-021-1/+2
| | | | | | | | | This devices always looses the settings after power loss, nothing is been saved. Deactivate building this image till this problem is fixed. See FS#672 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mvebu: Add support for WRT3200ACM with new NAND flashImre Kaloz2018-06-021-0/+2
| | | | | | | | Newer Linksys boards might come with a Winbond W29N02GV which can be configured in different ways. Make sure we configure it the same way as the older chips so everything keeps working. Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
* brcm47xx: add switch port mapping to Asus WL-500WMirko Parthey2018-05-291-1/+1
| | | | | | | | | | | Switch ports 0..3 are connected to external ports LAN{1..4} in sequence, switch port 4 is not used, and switch port 5 is connected to the CPU. The WAN port is attached to the CPU's second network interface; it has no connection to the internal switch. Reuse the "Dell TrueMobile 2300" entry, which describes the same mapping. Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
* odhcpd: fix managed address configuration settingHans Dedecker2018-05-271-4/+4
| | | | | | 59339a7 router: fix managed address configuration setting Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* apm821xx: Add default packages to NAND targetChris Blake2018-05-273-8/+9
| | | | | | | | | | This moves core router packages to the NAND target, to ensure they are applied to all images. This change is being done due to an issue found when flashing the MX60W image, which came without these when built as a multi image. Signed-off-by: Chris Blake <chrisrblake93@gmail.com> (cherry picked from commit d1c3a9485a90fff9bf7083faba4138e14dcdae7d)
* wireguard: bump to 20180519Jason A. Donenfeld2018-05-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * chacha20poly1305: add mips32 implementation "The OpenWRT Commit" - this significantly speeds up performance on cheap plastic MIPS routers, and presumably the remaining MIPS32r2 super computers out there. * timers: reinitialize state on init * timers: round up instead of down in slack_time * timers: remove slack_time * timers: clear send_keepalive timer on sending handshake response * timers: no need to clear keepalive in persistent keepalive Andrew He and I have helped simplify the timers and remove some old warts, making the whole system a bit easier to analyze. * tools: fix errno propagation and messages Error messages are now more coherent. * device: remove allowedips before individual peers This avoids an O(n^2) traversal in favor of an O(n) one. Before systems with many peers would grind when deleting the interface. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wireguard: no longer need portability patchKevin Darbyshire-Bryant2018-05-252-19/+1
| | | | | | | | | Drop package/network/services/wireguard/patches/100-portability.patch Instead pass 'PLATFORM=linux' to make since we are always building FOR linux. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard: bump to 20180514Kevin Darbyshire-Bryant2018-05-252-9/+10
| | | | | | | | | | | | | | | 52be69b version: bump snapshot 4884b45 ncat-client-server: add wg-quick variant a333551 wg-quick: add darwin implementation f5bf84d compat: backport for OpenSUSE 15 fe1ae1b wg-quick: add wg symlink ecc1c5f wg-quick: add android implementation 3e6bb79 tools: reorganize for multiplatform wg-quick b289d12 allowedips: Fix graphviz output after endianness patch Refresh cross compile compatibility patch Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard: Add support for ip6prefix config optionToke Høiland-Jørgensen2018-05-251-0/+6
| | | | | | | | | | | | This makes it easier to distribute prefixes over a wireguard tunnel interface, by simply setting the ip6prefix option in uci (just like with other protocols). Obviously, routing etc needs to be setup properly for things to work; this just adds the config option so the prefix can be assigned to other interfaces. Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
* wireguard: bump to 0.0.20180513Kevin Darbyshire-Bryant2018-05-251-2/+2
| | | | | | | | | | | | | | | | | | | 6b4a340 version: bump snapshot faa2103 compat: don't clear header bits on RHEL 4014532 compat: handle RHEL 7.5's recent backports 66589bc queueing: preserve pfmemalloc header bit 37f114a chacha20poly1305: make gcc 8.1 happy 926caae socket: use skb_put_data 724d979 wg-quick: preliminary support for go implementation c454c26 allowedips: simplify arithmetic 71d44be allowedips: produce better assembly with unsigned arithmetic 5e3532e allowedips: use native endian on lookup 856f105 allowedips: add selftest for allowedips_walk_by_peer 41df6d2 embeddable-wg-library: zero attribute padding 9a1bea6 keygen-html: add zip file example f182b1a qemu: retry on 404 in wget for kernel.org race Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard: bump to 20180420Kevin Darbyshire-Bryant2018-05-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | 7cc2668 version: bump snapshot 860c7c7 poly1305: do not place constants in different sections 5f1e4ca compat: remove unused dev_recursion_level backport 7e4b991 blake2s: remove unused helper 13225fc send: simplify skb_padding with nice macro a1525bf send: account for route-based MTU bbb2fde wg-quick: account for specified fwmark in auto routing mode c452105 qemu: bump default version dbe5223 version: bump snapshot 1d3ef31 chacha20poly1305: put magic constant behind macro cdc164c chacha20poly1305: add self tests from wycheproof 1060e54 curve25519: add self tests from wycheproof 0e1e127 wg-quick.8: fix typo 2b06b8e curve25519: precomp const correctness 8102664 curve25519: memzero in batches 1f54c43 curve25519: use cmov instead of xor for cswap fa5326f curve25519: use precomp implementation instead of sandy2x 9b19328 compat: support OpenSUSE 15 3102d28 compat: silence warning on frankenkernels 8f64c61 compat: stable kernels are now receiving b87b619 62127f9 wg-quick: hide errors on save Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard: bump to 20180304Jason A. Donenfeld2018-05-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7c0d711 version: bump snapshot b6a5cc0 contrib: add extract-handshakes kprobe example 37dc953 wg-quick: if resolvconf/run/iface exists, use it 1f9be19 wg-quick: if resolvconf/interface-order exists, use it 4d2d395 noise: align static_identity keys 14395d2 compat: use correct -include path 38c6d8f noise: fix function prototype 302d0c0 global: in gnu code, use un-underscored asm ff4e06b messages: MESSAGE_TOTAL is unused ea81962 crypto: read only after init e35f409 Kconfig: require DST_CACHE explicitly 9d5baf7 Revert "contrib: keygen-html: rewrite in pure javascript" 6e09a46 contrib: keygen-html: rewrite in pure javascript e0af0f4 compat: workaround netlink refcount bug ec65415 contrib: embedded-wg-library: add key generation functions 06099b8 allowedips: fix comment style ce04251 contrib: embedded-wg-library: add ability to add and del interfaces 7403191 queueing: skb_reset: mark as xnet Changes: * queueing: skb_reset: mark as xnet This allows cgroups to classify packets. * contrib: embedded-wg-library: add ability to add and del interfaces * contrib: embedded-wg-library: add key generation functions The embeddable library gains a few extra tricks, for people implementing plugins for various network managers. * crypto: read only after init * allowedips: fix comment style * messages: MESSAGE_TOTAL is unused * global: in gnu code, use un-underscored asm * noise: fix function prototype Small cleanups. * compat: workaround netlink refcount bug An upstream refcounting bug meant that in certain situations it became impossible to unload the module. So, we work around it in the compat code. The problem has been fixed in 4.16. * contrib: keygen-html: rewrite in pure javascript * Revert "contrib: keygen-html: rewrite in pure javascript" We nearly moved away from emscripten'ing the fiat32 code, but the resultant floating point javascript was just too terrifying. * Kconfig: require DST_CACHE explicitly Required for certain frankenkernels. * compat: use correct -include path Fixes certain out-of-tree build systems. * noise: align static_identity keys Gives us better alignment of private keys. * wg-quick: if resolvconf/interface-order exists, use it * wg-quick: if resolvconf/run/iface exists, use it Better compatibility with Debian's resolvconf. * contrib: add extract-handshakes kprobe example Small utility for extracting ephemeral key data from the kernel's memory. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (git log --oneline description)
* wireguard: bump to 20180202Kevin Darbyshire-Bryant2018-05-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump to latest wireguard release snapshot: 2675814 version: bump snapshot 381d703 qemu: update base versions c3fbd9d curve25519: break more things with more test cases 93fa0d9 curve25519: replace fiat64 with faster hacl64 6177bdd curve25519: replace hacl64 with fiat64 b9bf37d curve25519: verify that specialized basepoint implementations are correct bd3f0d8 tools: dedup secret normalization 1f87434 chacha20poly1305: better buffer alignment 78959ed chacha20poly1305: use existing rol32 function 494cdea tools: fread doesn't change errno ab89bdc device: let udev know what kind of device we are 62e8720 qemu: disable AVX-512 in userland 6342bf7 qemu: disable PIE for compilation e23e451 contrib: keygen-html: share curve25519 implementation with kernel 6b28fa6 tools: share curve25519 implementations with kernel c80cbfa poly1305: add poly-specific self-tests 10a2edf curve25519-fiat32: uninline certain functions No patch refresh required. Compile-tested-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* wireguard: bump to 20180118Kevin Darbyshire-Bryant2018-05-251-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Bump to latest wireguard release snapshot: 9a93a3d version: bump snapshot 7bc0579 contrib: keygen-html: update curve25519 implementation ffc13a3 tools: import new curve25519 implementations 0ae7356 curve25519: wire up new impls and remove donna f90e36b curve25519: resolve symbol clash between fe types 505bc05 curve25519: import 64-bit hacl-star implementation 8c02050 curve25519: import 32-bit fiat-crypto implementation 96157fd curve25519: modularize implementation 4830fc7 poly1305: remove indirect calls bfd1a5e tools: plug memleak in config error path 09bf49b external-tests: add python implementation b4d5801 wg-quick: ifnames have max len of 15 6fcd86c socket: check for null socket before fishing out sport ddb8270 global: year bump 399d766 receive: treat packet checking as irrelevant for timers No patch refresh required. Compile-tested-for: ar71xx Run-tested-on: ar71xx Archer C7 v2 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* kernel: bump kernel 4.4 to 4.4.132 for 17.01Etienne Haarsma2018-05-226-11/+11
| | | | | | | | | * Refreshed patches Compile-tested: ar71xx Run-tested: ar71xx Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
* rpcd: update to lastest HEADRafał Miłecki2018-05-141-3/+3
| | | | | | | | | | | | | | | | | All these changes are important enough to have them in the 17.01. 8206219 uci: fix memory leak in rpc_uci_replace_savedir() 10f7878 exec: close stdout and stderr streams on child signal 92d0d75 uci: use correct sort index when reordering sections 66a9bad uci: fix memory leak in rpc_uci_apply_timeout() 2423162 uci: switch to proper save directory on apply/rollback edd37f8 uci: add rpc_uci_replace_savedir() helper eb09f3a session: ignore non-string username attribute upon restore 3d400c7 session: support reclaiming pending apply session f0f6f81 session: remove redundant key attribute to rpc_session_set() 6994c87 uci: fix session delta isolation Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: use accepted version of bcm47xxpart fix commitRafał Miłecki2018-05-141-1/+6
| | | | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 404508001e9f2bbf09fc4c4027cf16b8720124db)
* bcm53xx: backport the first bunch of 4.18 BCM5301X patchesRafał Miłecki2018-05-1210-5/+931
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ar71xx: fix and improve ALFA Network Tube2H supportPiotr Dymacz2018-05-091-1/+12
| | | | | | | | | Fix ART offset (make it universal for 8/16 MB versions of the board) and while at it, include also GPIO setup for h/w watchdog (EM6324QYSP5B). Fixes: FS#1532 Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* kernel: bump kernel 4.4 to 4.4.131 for 17.01Etienne Haarsma2018-05-079-35/+35
| | | | | | | | | * Refreshed patches Compile-tested: ar71xx Run-tested: ar71xx Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
* kernel: add missing in6_dev_put_clear call to an ipv6 network patchFelix Fietkau2018-05-041-4/+12
| | | | | | | | | | | | | | Fixes "unregister_netdevice: waiting for lo to become free. Usage count = 1" messages which started appearing since the update to 4.4.103. That problem was exposed by upstream commit 76da0704507bb ("ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER") backported to 4.4.x branch in 2417da3f4d6bc. Fixes: 2b664499cd622 ("kernel: bump 4.4 to 4.4.103 for 17.01") Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 58f7b5b96c301176d639540df4723c798af2a999)
* kernel: bump kernel 4.4 to 4.4.129 for 17.01Etienne Haarsma2018-04-3043-136/+136
| | | | | | | | | * Refreshed patches Compile-tested: ar71xx Run-tested: ar71xx Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com>
* gcc: gcc 6.3.0 fix comparison between pointer and integerKevin Darbyshire-Bryant2018-04-271-0/+11
| | | | | | | | | | | | | | | | | | Fix FS#832 /source/build_dir/toolchain-mips_74kc_gcc-6.3.0_musl/gcc-6.3.0/gcc/ubsan.c: In function 'bool ubsan_use_new_style_p(location_t)': /source/build_dir/toolchain-mips_74kc_gcc-6.3.0_musl/gcc-6.3.0/gcc/ubsan.c:1474:23: error: ISO C++ forbids comparison between pointer and integer [-fpermissive] || xloc.file == '\0' || xloc.file[0] == '\xff' ^~~~ make[5]: *** [Makefile:1085: ubsan.o] Error 1 https://www.viva64.com/en/b/0425/#ID0EMGCI Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> (cherry picked from commit 22e2b402aee17684781ae705a91fb3645299de9c)
* ar71xx: Ubiquiti Airmax M: add relocate-kernel to invalidate cacheMatthias Schiffer2018-04-261-0/+1
| | | | | | | | | | | | | | Some Ubiquiti U-boot versions, in particular the "U-Boot 1.1.4.2-s956 (Jun 10 2015 - 10:54:50)" found with AirOS 5.6, do not correctly flush the caches for the whole kernel address range after decompressing the kernel image, leading to hard to debug boot failures, depending on kernel version and configuration. As a workaround, prepend the relocate-kernels loader, which will invalidate the caches after moving the kernel to the correct load address. Reported-by: Andreas Ziegler <dev@andreas-ziegler.de> Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* brcm47xx: backport upstream patches for Netgear WNR1000 V3Rafał Miłecki2018-04-236-46/+128
| | | | | | | | This includes fix for reading NVRAM content. (cherry picked from commit b1f5dd34ed84b295a67934a64d2ab309db65b65e) Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* base-files: /lib/functions.sh: ignore errors in insert_modulesMatthias Schiffer2018-04-172-2/+2
| | | | | | | | | | Package postinst will pass even names of builtin modules to insert_modules, leading to postinst failing with error 255. This has been fixed in master in r5279, but for lede-17.01 this minimal change is preferable. Fixes FS#645, FS#893. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* fstools: update to latest lede-17.01 branchRafał Miłecki2018-04-161-3/+3
| | | | | | | 6609e98 libfstools: add "const" to char pointer arguments in mount_move() 95c07d5 libfstools: fix foreachdir() to pass dir with a trailing slash Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: bump kernel 4.4 to 4.4.126 for 17.01Stijn Segers2018-04-1433-132/+98
| | | | | | | | | * Refreshed patches Compile-tested: ar71xx, ramips/mt7621, x86/64 Run-tested: ar71xx Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* mbedtls: change libmbedcrypto.so soversion back to 0Hauke Mehrtens2018-04-146-5/+31
| | | | | | | | | | | | | | | | | | mbedtls changed in version 2.7.0 and 2.7.2 the soversion of the libmbedcrypto.so library, use the old version again to be able to use the new library with binaries compiled against the old mbedtls library. Some binaries got rebuild to for the 2.7.0 release and are now using libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0. Go back to libmbedcrypto.so.0 and make the system rebuild the binaries which were rebuild for 2.7.0 again. This should make the libmbedcrypto.so library be compatible with the old version shipped with 17.01. Fixes: 3ca1438ae0 ("mbedtls: update to version 2.7.2") Fixes: f609913b5c ("mbedtls: update to version 2.7.0") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: mtd: bcm47xxpart: improve handling TRX partition sizeRafał Miłecki2018-04-121-0/+65
| | | | | | | | | | | | | | | | This is important fix for flash parsing in some corner cases. In case of TRX subpartition with rootfs being aligned to the flash block size it was incorrectly registered twice. Detecting & registering it as a standalone partition was resulting in an incorrect "firmware" partition size and possibly broken sysupgrade. It wasn't noticed before because "rootfs" alignment depends on a kernel size. It can happen though - depending on the configuration and the kernel size. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit f5195e72c0fcf2949f7d6296a5db081eb58f8e32)
* ar71xx: sysupgrade: improve CPE/WBS 210/510 validation, add new metadata offsetMatthias Schiffer2018-04-101-12/+20
| | | | | | | | | Previously, tplink_pharos_check_image() would accept any image with ELF magic and only non-printable data in the support-list, as in this case the while-read loop would not run at all. Add the new support-list offset and ensure an image is only accepted when the model string is actually found. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* kernel: backport commit reverting genirq patch causing regressionsRafał Miłecki2018-04-051-0/+37
| | | | | | | | | | | | | | | | | | | Switching from kernel 4.4.120 to 4.4.124 introduced a regression in the genirq code. It was caused by a commit 9d0273bb1c4b6 ("genirq: Use irqd_get_trigger_type to compare the trigger type for shared IRQs"). On bcm53xx it breaks serial console and results in a flood of: [ 22.078829] genirq: Flags mismatch irq 18. 00000080 (serial) vs. 00000080 (gpio) [ 22.086432] genirq: Flags mismatch irq 18. 00000080 (serial) vs. 00000080 (gpio) [ 22.601150] genirq: Flags mismatch irq 18. 00000080 (serial) vs. 00000080 (gpio) [ 22.608845] genirq: Flags mismatch irq 18. 00000080 (serial) vs. 00000080 (gpio) Later in the upstream "linux-4.4.y" branch that commit was reverted and it was followed by a 4.4.126 release. Until we switch from 4.4.124 to 4.4.126 (or newer), let's backport that reverting commit. Fixes: bed0ee7cbfaa5 ("Kernel: bump 4.4 to 4.4.124 for 17.01") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* intel-microcode: update to 20180312Zoltan HERPAI2018-04-041-3/+3
| | | | | | | | | | | | | | | | | - Update microcode for 24 CPU types - Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for: Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake, Coffee Lake - Missing production updates: - Broadwell-E/EX Xeons (sig 0x406f1) - Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell, Gemini Lake, Denverton - New Microcodes: - sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140 - sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009 Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu> (cherry picked from commit 3db9d6e57def2912314c7ce0bc0c282f313ed654)
* brcm47xx: add Luxul XAP-1500 and XWR-1750 WiFi LEDsRafał Miłecki2018-04-032-2/+88
| | | | | | (cherry picked from commit 16efb0c1c6c7702e694aef8f297b57b7c10b98c1) Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: add support for BCM4366E chipsetRafał Miłecki2018-04-032-1/+47
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mbedtls: update to version 2.7.2Hauke Mehrtens2018-04-012-23/+23
| | | | | | This fixes some minor security problems. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* openssl: update to 1.0.2oPaul Wassi2018-04-014-11/+11
| | | | | | Fixes CVE-2018-0739 Signed-off-by: Paul Wassi <p.wassi@gmx.at>
* Kernel: bump 4.4 to 4.4.124 for 17.01Stijn Segers2018-04-0119-170/+142
| | | | | | | | | | * Refreshed patches * Removed 087-Revert-led-core-Fix-brightness-setting-when-setting-.patch (applied upstream) Compile-tested on ar71xx, ramips/mt7621, x86/64 Run-tested on ar71xx Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* mac80211: brcmfmac: backport commit dropping IAPP packets by defaultRafał Miłecki2018-03-212-1/+158
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* kernel: merge a pending fix for HFSC warnings/slowdowns (fixes FS#1136)Felix Fietkau2018-03-113-3/+89
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mbedtls: update to version 2.7.0Hauke Mehrtens2018-03-106-53/+42
| | | | | | | | | | | | | | | | | | | This fixes the following security problems: * CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled * CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures This release is also ABI incompatible with the previous one, but it is API compatible. Some functions used by a lot of other software was renamed and the old function names are provided as a static inline now, but they are only active when deprecated functions are allowed, deactivate the removal of deprecated functions for now. Also increase the PKG_RELEASE version to force a rebuild and update of packages depending on mbedtls to handle the changed ABI. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools/e2fsprogs: fix building on a glibc 2.27 hostStefan Lippers-Hollmann2018-03-102-1/+54
| | | | | | | | | | | | | | | | | | | | The e2fsprogs host build fails on a glibc 2.27 host with make[6]: Entering directory 'build_dir/host/e2fsprogs-1.43.7/debugfs' CC create_inode.o ./../misc/create_inode.c:399:18: error: conflicting types for 'copy_file_range' static errcode_t copy_file_range(ext2_filsys fs, int fd, ext2_file_t e2_file, ^~~~~~~~~~~~~~~ In file included from ./../misc/create_inode.c:19:0: /usr/include/unistd.h:1110:9: note: previous declaration of 'copy_file_range' was here ssize_t copy_file_range (int __infd, __off64_t *__pinoff, ^~~~~~~~~~~~~~~ Backport upstream commit "misc: rename copy_file_range to copy_file_chunk" 01551bdba16ab16512a01affe02ade32c41ede8a in order to fix this. Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
* generic: revert broken LED core patchMatthias Schiffer2018-03-081-0/+28
| | | | | | | | | At least on some devices, LEDs don't work anymore since kernel 4.4.120. Revert the broken change. See also: https://www.spinics.net/lists/stable/msg223656.html Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* base-files: tune fragment queue thresholds for available system memoryMatthias Schiffer2018-03-072-10/+21
| | | | | | | | | The default fragment low/high thresholds are 3 and 4 MB. On devices with only 32MB RAM, these settings may lead to OOM when many fragments that cannot be reassembled are received. Decrease fragment low/high thresholds to 384 and 512 kB on devices with less than 64 MB RAM. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>