aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* LEDE v17.01.6: revert to branch defaultsHauke Mehrtens2018-09-025-11/+9
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* LEDE v17.01.6: adjust config defaultsv17.01.6Hauke Mehrtens2018-09-025-9/+11
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* grub2: rebase patchesJo-Philipp Wich2018-08-301-8/+4
| | | | | | | | | | Patch 300-CVE-2015-8370.patch was added without proper rebasing on the version used by OpenWrt, make it apply and refresh the patch to fix compilation. Fixes: 7e73e9128f ("grub2: Fix CVE-2015-8370") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 9ffbe84ea49fc643f41bfdf687de99aee17c9154)
* bzip2: Fix CVE-2016-3189Rosen Penev2018-08-302-1/+12
| | | | | | | | | | | Issue causes a crash with specially crafted bzip2 files. More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189 Taken from Fedora. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit f9469efbfa7ce892651f9a6da713eacbef66f177)
* grub2: Fix CVE-2015-8370Rosen Penev2018-08-302-1/+45
| | | | | | | | | | | | This CVE is a culmination of multiple integer overflow issues that cause multiple issues like Denial of Service and authentication bypass. More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370 Taken from Fedora. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 7e73e9128f6a63b9198c88eea97c267810447be4)
* scripts: bundle-libraries: fix logic flawJo-Philipp Wich2018-08-301-7/+6
| | | | | | | | | | | | Previous refactoring of the script moved the LDSO detection into a file-not-exists condition, causing onyl the very first executable to get bundled. Solve the problem by unconditionally checking for LDSO again. Fixes: 9030a78a71 ("scripts: bundle-libraries: prevent loading host locales") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 5ebcd32997b6d10abcd29c8795a598fdcaf4521d)
* scripts: bundle-libraries: prevent loading host locales (FS#1803)Jo-Philipp Wich2018-08-301-5/+21
| | | | | | | | | | | | | | Binary patch the bundled glibc library to inhibit loading of host locale archives in order to avoid triggering internal libc assertions when invoking shipped, bundled executables. The problem has been solved with upstream Glibc commit 0062ace229 ("Gracefully handle incompatible locale data") but we still need to deal with older Glibc binaries for some time to come. Fixes FS#1803 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 9030a78a716b0a2eeed4510d4a314393262255c2)
* kernel: bump kernel 4.4 to version 4.4.153Hauke Mehrtens2018-08-308-25/+25
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mt76: Fix mirror hashHauke Mehrtens2018-08-301-1/+1
| | | | | | | | | The mirror hash added in this commit was wrong. The file on the mirror server and the newly generated file from git have a different hash value, use that one. Fixes: 4b5861c47 ("mt76: update to the latest version") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* dropbear: backport upstream fix for CVE-2018-15599Hans Dedecker2018-08-273-3/+224
| | | | | | | | | | CVE description : The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* kernel: bump kernel 4.4 to version 4.4.151Hauke Mehrtens2018-08-221-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump kernel 4.4 to version 4.4.150Hauke Mehrtens2018-08-213-4/+4
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* tools/e2fsprogs: update to 1.44.1Paul Wassi2018-08-211-2/+2
| | | | | | | Update e2fsprogs to upstream 1.44.1 (feature and bugfix release) Signed-off-by: Paul Wassi <p.wassi@gmx.at> (cherry picked from commit 8262179f4a007035a531bb913261f5f91115fad8)
* e2fsprogs: bump to 1.44.0Ansuel Smith2018-08-211-2/+2
| | | | | | | Fix compilation error Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> (cherry picked from commit a9c00578b5c55357117db9dbbbd4e5652b9b4648)
* tools/e2fsprogs: Update to 1.43.7Rosen Penev2018-08-211-2/+2
| | | | | | | Compile tested on Fedora 27. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 08cc9a2ca8536e9808b60145cd0e10bdcfc98aca)
* tools/e2fsprogs: Update to 1.43.6Daniel Engberg2018-08-214-39/+2
| | | | | | | | | | | Update e2fsprogs to 1.43.6 * Remove FreeBSD patch as it's not needed, FreeBSD 9.1 is EoL and this is compiling on FreeBSD 11.1. * Remove libmagic patch, RHEL 5 is EoL (End of Production Phase) since March 31, 2017. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit ed617fd8f2f39e18ad435883db5b4100e6f7f977)
* tools/e2fsprogs: Update to 1.43.5Daniel Engberg2018-08-211-2/+2
| | | | | | | Update e2fsprogs to 1.43.5 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit 8477d5454531a35306d57c123c89602fee71a07f)
* tools/e2fsprogs: Update to 1.43.4Daniel Engberg2018-08-212-5/+5
| | | | | | | | | | | | | | | * Update to 1.43.4 * Refresh patches * xz tarball which saves about 2M in size Changelog: http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.43.4 Tested by Etienne Haarsma (ar71xx), Daniel Engberg (kirkwood) Signed-off-by: Etienne Haarsma <bladeoner112@gmail.com> Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> Signed-off-by: Felix Fietkau <nbd@nbd.name> [use @KERNEL instead of harcoded URL] (cherry picked from commit 34ba64fe708e45b7c042e2d273e66d4ce03df4e3)
* Revert "tools/e2fsprogs: fix building on a glibc 2.27 host"Matthias Schiffer2018-08-212-54/+1
| | | | | | This reverts commit 58a95f0f8ff768b43d68eed2b6a786e0f40f723b. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* tools/bison: Update to 3.0.5Daniel Engberg2018-08-213-32/+10
| | | | | | | | Update bison to 3.0.5 Bugfix release Remove 001-fix-macos-vasnprintf.patch as it is fixed upstream Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mac80211: brcmfmac: fix compilation with SDIO supportRafał Miłecki2018-08-171-2/+12
| | | | | | | | | This fixes following error when compiling with CONFIG_BRCMFMAC_SDIO=y: drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c:1100:23: error: 'sdiod' undeclared (first use in this function) brcmf_dev_coredump(&sdiod->func1->dev); Fixes: 9d8940c5b92f ("mac80211: brcmfmac: backport important changes from the 4.18") Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport patch setting WIPHY_FLAG_HAVE_AP_SMERafał Miłecki2018-08-168-2/+36
| | | | | | | It's an important hint for authenticator (e.g. hostapd) about hardware capabilities. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.19Rafał Miłecki2018-08-168-2/+472
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.18Rafał Miłecki2018-08-169-2/+393
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.16Rafał Miłecki2018-08-163-1/+74
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.15Rafał Miłecki2018-08-165-1/+100
| | | | | | | | Two more patches that may be worth backporting in the future: fdd0bd88ceae brcmfmac: add CLM download support cc124d5cc8d8 brcmfmac: fix CLM load error for legacy chips when user helper is enabled Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.14Rafał Miłecki2018-08-167-5/+250
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.13Rafał Miłecki2018-08-169-4/+259
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport important changes from the 4.12Rafał Miłecki2018-08-1614-5/+613
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport use-after-free fix from 4.11Rafał Miłecki2018-08-162-1/+62
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: group 4.11 backport patchesRafał Miłecki2018-08-166-0/+0
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* openssl: update to version 1.0.2pHauke Mehrtens2018-08-153-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0732: Client DoS due to large DH parameter * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump kernel 4.4 to version 4.4.148Hauke Mehrtens2018-08-154-73/+5
| | | | | | | | | | | The following patch was integrated upstream: * target/linux/generic/patches-4.4/005-ext4-fix-check-to-prevent-initializing-reserved-inod.patch This fixes tries to work around the following security problems: * CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects * CVE-2018-3646 L1 Terminal Fault Virtualization related aspects Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to version 2.7.5Hauke Mehrtens2018-08-102-4/+4
| | | | | | | | This fixes the following security problems: * CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel * CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* curl: fix some security problemsHauke Mehrtens2018-08-1012-45/+385
| | | | | | | | | | | | | | This fixes the following security problems: * CVE-2017-1000254: FTP PWD response parser out of bounds read * CVE-2017-1000257: IMAP FETCH response out of bounds read * CVE-2018-1000005: HTTP/2 trailer out-of-bounds read * CVE-2018-1000007: HTTP authentication leak in redirects * CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write * CVE-2018-1000121: LDAP NULL pointer dereference * CVE-2018-1000122: RTSP RTP buffer over-read * CVE-2018-1000301: RTSP bad headers buffer over-read Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* wpa_supplicant: fix CVE-2018-14526John Crispin2018-08-101-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unauthenticated EAPOL-Key decryption in wpa_supplicant Published: August 8, 2018 Identifiers: - CVE-2018-14526 Latest version available from: https://w1.fi/security/2018-1/ Vulnerability A vulnerability was found in how wpa_supplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpa_supplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being authenticated. This has a potential issue in the case where WPA2/RSN style of EAPOL-Key construction is used with TKIP negotiated as the pairwise cipher. It should be noted that WPA2 is not supposed to be used with TKIP as the pairwise cipher. Instead, CCMP is expected to be used and with that pairwise cipher, this vulnerability is not applicable in practice. When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data field is encrypted using RC4. This vulnerability allows unauthenticated EAPOL-Key frames to be processed and due to the RC4 design, this makes it possible for an attacker to modify the plaintext version of the Key Data field with bitwise XOR operations without knowing the contents. This can be used to cause a denial of service attack by modifying GTK/IGTK on the station (without the attacker learning any of the keys) which would prevent the station from accepting received group-addressed frames. Furthermore, this might be abused by making wpa_supplicant act as a decryption oracle to try to recover some of the Key Data payload (GTK/IGTK) to get knowledge of the group encryption keys. Full recovery of the group encryption keys requires multiple attempts (128 connection attempts per octet) and each attempt results in disconnection due to a failure to complete the 4-way handshake. These failures can result in the AP/network getting disabled temporarily or even permanently (requiring user action to re-enable) which may make it impractical to perform the attack to recover the keys before the AP has already changes the group keys. By default, wpa_supplicant is enforcing at minimum a ten second wait time between each failed connection attempt, i.e., over 20 minutes waiting to recover each octet while hostapd AP implementation uses 10 minute default for GTK rekeying when using TKIP. With such timing behavior, practical attack would need large number of impacted stations to be trying to connect to the same AP to be able to recover sufficient information from the GTK to be able to determine the key before it gets changed. Vulnerable versions/configurations All wpa_supplicant versions. Acknowledgments Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU Leuven for discovering and reporting this issue. Possible mitigation steps - Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This can be done also on the AP side. - Merge the following commits to wpa_supplicant and rebuild: WPA: Ignore unauthenticated encrypted EAPOL-Key data This patch is available from https://w1.fi/security/2018-1/ - Update to wpa_supplicant v2.7 or newer, once available Signed-off-by: John Crispin <john@phrozen.org>
* tools: findutils: fix compilation with glibc 2.28Luis Araneda2018-08-101-0/+104
| | | | | | | Add a temporary workaround to compile with glibc 2.28 as some constants were removed and others made private Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* tools: m4: fix compilation with glibc 2.28Luis Araneda2018-08-101-0/+118
| | | | | | | Add a temporary workaround to compile with glibc 2.28 as some constants were removed and others made private Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* brcm47xx: revert upstream commit breaking BCM4718A1Rafał Miłecki2018-08-101-0/+76
| | | | | | | | This fixes kernel hang when booting on BCM4718A1 (& probably BCM4717A1). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 4c1aa64b4d804e77dfaa8d53e5ef699fcced4b18) Fixes: aaecfecdcde5 ("kernel: bump kernel 4.4 to version 4.4.139")
* kernel: ext4: fix check to prevent initializing reserved inodesMatthias Schiffer2018-08-091-0/+68
| | | | | | | | | | | | The broken check would detect a newly generated root filesystem as corrupt under certain circumstances, in some cases actually currupting the it while trying to handle the error condition. This is a regression introduced in kernel 4.4.140. The 4.14.y stable series has already received this fix, while it is still pending for 4.4.y and 4.9.y. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* kernel: bump kernel 4.4 to version 4.4.147Matthias Schiffer2018-08-0937-192/+81
| | | | | | | | target/linux/ar71xx/patches-4.4/103-MIPS-ath79-fix-register-address-in-ath79_ddr_wb_flus.patch has been applied upstream; the two deleted brcm2708 patches have been useless even before (as the second one only reverted the first one). Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* firmware: amd64-microcode: update to 20180524Zoltan HERPAI2018-08-091-2/+2
| | | | | | | | | | | | | * New microcode update packages from AMD upstream: + New Microcodes: sig 0x00800f12, patch id 0x08001227, 2018-02-09 + Updated Microcodes: sig 0x00600f12, patch id 0x0600063e, 2018-02-07 sig 0x00600f20, patch id 0x06000852, 2018-02-06 * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support, plus other unspecified fixes/updates. Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* firmware: intel-microcode: bump to 20180703Zoltan HERPAI2018-08-091-6/+6
| | | | | | | | | | | | | | | | | | | | | | | * New upstream microcode data file 20180703 + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432 sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456 sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360 sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408 sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792 sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408 sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672 sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744 sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432 sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728 + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640 + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for: Sandybridge server, Ivy Bridge server, Haswell server, Skylake server, Broadwell server, a few HEDT Core i7/i9 models that are actually gimped server dies. Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
* uclient: update to latest git HEADJo-Philipp Wich2018-08-041-4/+4
| | | | | | | | | | | | | | | f2573da uclient-fetch: use package name pattern in message for missing SSL library 9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename f41ff60 uclient-http: basic auth: Handle memory allocation failure a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures 66fb58d uclient-http: Handle memory allocation failure 2ac991b uclient: Handle memory allocation failure for url 63beea4 uclient-http: Implement error handling for header-sending eb850df uclient-utils: Handle memory allocation failure for url file name ae1c656 uclient-http: Close ustream file handle only if allocated Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit e44162ffca448d024fe023944df702c9d3f6b586)
* downloads.mk: introduce name-agnostic PROJECT_GIT variableJo-Philipp Wich2018-08-041-2/+4
| | | | | | | | | | | Introduce a name-agnostic PROJECT_GIT variable poiting to https://git.openwrt.org/ and declare LEDE_GIT and OPENWRT_GIT as aliases to it. After some transition time we can drop this alias variables. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 4700544e4068cb72932148ac1ecd294ca1388671)
* sdk: include arch/arm/ Linux includes along with arch/arm64/ onesJo-Philipp Wich2018-08-041-1/+7
| | | | | | | | | | | | The Linux headers on arm64 architectures contain references to common arch/arm/ headers which were not bundled by the SDK so far. Check if we're packing the SDK for an arm64 target and if we do, also include arch/arm headers as well. Fixes FS#1725. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 4bb8a678e0e0eaf5c3651cc73f3b2c4cb1d267a2)
* sdk: bundle usbip userspace sourcesJo-Philipp Wich2018-08-041-0/+4
| | | | | | | | | Bundle the usbip utility sources shipped with the Linux kernel tree in order to allow the usbip packages from the package feed to build within the OpenWrt SDK. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit d0e0b7049f88774e67c3d5ad6b573f7070e5f900)
* kmod-sched-cake: bump to 20180716Kevin Darbyshire-Bryant2018-07-251-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump to the latest cake recipe. This backports tc class support to kernel 4.9 and other than conditional kernel compilation pre-processor macros represents the cake that has gone upstream into kernel 4.19. Loud cheer! Fun may be had by changing cake tin classification for packets on ingress. e.g. tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \ ip dport 6981 0xffff action skbedit priority 800b:1 Where 800b: represents the filter handle for the ifb obtained by 'tc qdisc' and the 1 from 800b:1 represents the cake tin number. So the above example puts all incoming packets destined for port 6981 into the BULK (lowest priority) tin. f39ab9a Obey tin_order for tc filter classifiers 1e2473f Clean up after latest backport. 82531d0 Reorder includes to fix out of tree compilation 52cbc00 Code style cleanup 6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR() cab17b6 Remove duplicate call to qdisc_watchdog_init() 71c7991 Merge branch 'backport-classful' 32aa7fb Fix compilation on Linux 4.9 9f8fe7a Fix compilation on Linux 4.14 ceab7a3 Rework filter classification aad5436 Fixed version of class stats be1c549 Add cake-specific class stats 483399d Use tin_order for class dumps 80dc129 Add class dumping 0c8e6c1 Fix dropping when using filters c220493 Add the minimum class ops 5ed54d2 Start implementing tc filter/class support Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit c729c43b391e759b6700b28c8e02ba93fe15f8c2)
* iproute2: merge upstream CAKE supportJo-Philipp Wich2018-07-253-0/+1511
| | | | | | | | | | | | | | | | | | | | Add upstream support for CAKE into iproute2 and conditionally enable it depending on the build environment we're running under. When running with SDK=1 and CONFIG_BUILDBOT=y we assume that we're invoked by the release package builder at http://release-builds.lede-project.org/17.01/packages/ and produce shared iproute2 executables with legacy CAKE support for older released kernels. When not running under the release package builder environment, produce nonshared packages using the new, upstream CAKE support suitable for the latest kernel. Depending on the environment, suffix the PKG_RELEASE field with either "-cake-legacy" or "-cake-upstream" to ensure that the nonshared packages are preferred by opkg for newer builds. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* WDR4900v1 remove dt node for absent hw crypto.Tim Small2018-07-221-0/+24
| | | | | | | | | | | | | | | | | | | | The WDR4900v1 uses the P1040 SoC, so the device tree pulls in the definition for the related P1010 SoC. However, the P1040 lacks the CAAM/SEC4 hardware crypto accelerator which the P1010 device tree defines. If left defined, this causes the CAAM drivers (if present) to attempt to use the non-existent device, making various crypto-related operations (e.g. macsec and ipsec) fail. This commit overrides the incorrect dt node definition in the included file. See also: - https://bugs.openwrt.org/index.php?do=details&task_id=1262 - https://community.nxp.com/thread/338432#comment-474107 Signed-off-by: Tim Small <tim@seoss.co.uk> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit e97aaf483c71fd5e3072ec2dce53354fc97357c9)