aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ncurses: Do not pass both -fPIC and -fpicRosen Penev2019-09-041-2/+4
| | | | | | | | | | | The configure scripts matches Linux with -fPIC, which is not exactly what is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to avoid passing -fPIC. Removed PKG_BUILD_DIR as it is already the default value. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit e2ecf39e8e49e43b4d358853f9da51e3897d042c)
* build: remove harmful -nopad option from mksquashfsChristian Lamparter2019-09-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While the -nopad option prevents mksquashfs from padding the image to an arbitrary 4k. It does not take into consideration that squashfs is programmed to have this 4k padding when it's being used on on a block device... which is its main "use-case". Now, after a week long discussion on the ML that included a back-and-forth between some of the possible options. But this is likely the best KISS patch to deal with the issue right away given the limited resources. From squashfs code point of view, be warned. The 4k padding is not enough when dealing with devices that have a PAGE_SIZE bigger than 4k. if it turns out to be affecting you, then please look-up either: "FS#2460 - kernel panic reading squashfs from ubi volume" bug Or the discussion on the OpenWrt-Devel ML in "amp821xx: use newly added pad-squashfs for Meraki MR24" and "Squashfs breakage lottery with UBI..." before making an educated guess. Note: This will not affect the "tiny"/small flash devices as much as it seems at first. This is because the the rootfs_data partition that follows uses jffs2. And it requires to be aligned to the flash block-size in order to work at all. So either the involved FSes will meet in the middle as before, or not at all. But in that latter case the image was already hoping for the "undefined behaviour" gamble to turn out in its favour and this is probably why this was unnoticed for so long. Fixes: FS#2460 Reported-by: Russell Senior <russell@personaltelco.net> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 1c0290c5cc6258c48b8ba46b4f9c85a21de4f875)
* base-files: use JSON for storing firmware validation infoRafał Miłecki2019-09-042-14/+73
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So far firmware validation result was binary limited: it was either successful or not. That meant various limitations, e.g.: 1) Lack of proper feedback on validation problems 2) No way of marking firmware as totally broken (impossible to install) This change introduces JSON for storing detailed validation info. It provides a list of performed validation tests and their results. It allows marking firmware as non-forceable (broken image that can't be even forced to install). Example: { "tests": { "fwtool_signature": true, "fwtool_device_match": true }, "valid": true, "forceable": true } Implementation is based on *internal* check_image bash script that: 1) Uses existing validation functions 2) Provides helpers for setting extra validation info This allows e.g. platform_check_image() to call notify_check_broken() when needed & prevent user from bricking a device. Right now the new JSON info is used by /sbin/sysupgrade only. It still doesn't make use of "forceable" as that is planned for later development. Further plans for this feature are: 1) Expose firmware validation using some new ubus method 2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus method so: a) It's possible to safely sysupgrade using ubus only b) /sbin/sysupgrade can be more like just a CLI Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit f522047958f99ab7b506ec550f796c0460af1a85)
* scripts/feeds: allow adding parameters to feedsJo-Philipp Wich2019-09-041-18/+30
| | | | | | | | | | this allows adding "--" prefixed parameters inside feeds.conf between the target and name. The first parameter is --force which has the same effect as using -f when installing any of the packages. This allows creating feeds that will override base packages by default. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 775b70f8d5dfe9830aaf3b79fc8fb38c8148ee1f)
* procd: fix compile issue with glibc (FS#2469)Hans Dedecker2019-09-041-3/+3
| | | | | | | 0430252 sysupgrade: add missing _GNU_SOURCE define (FS#2469) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 6e45ba4699eb8424951648cfeddc0a8633f8891e)
* openssl: refresh patchesChristian Lamparter2019-09-043-7/+7
| | | | | Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 5ef3fe614c1e8c350ca0083f61577a89c002bc53)
* treewide: sysupgrade: pass "save_partitions" option to the "sysupgrade" methodRafał Miłecki2019-09-049-19/+9
| | | | | | | | This explicitly lets stage2 know if partitions should be preserved. No more "touch /tmp/sysupgrade.always.overwrite.bootdisk.partmap" hack. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit b6f4cd57e19a8cfcd9ff52582b65164ce6213c3d)
* base-files: pass "save_config" option to the "sysupgrade" methodRafał Miłecki2019-09-044-5/+6
| | | | | | | This explicitly lets stage2 know if config should be preserved. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit b534ba96110012d2697d19d71b7dcd60bd4cd375)
* procd: update to latest git HEADRafał Miłecki2019-09-041-3/+3
| | | | | | | 9558031 system: support passing "options" to the "sysupgrade" ubus method Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 2b1a6d263cc84ac6189447fe971b52d8b34cea51)
* firewall: update to latest git HEADKevin Darbyshire-Bryant2019-09-041-3/+3
| | | | | | | bf29c1e firewall3: ipset: Handle reload_set properly Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit bd01346bb463d371627739fad539310ef5bd4146)
* elfutils: bump to 0.177Luiz Angelo Daros de Luca2019-09-042-43/+4
| | | | | | | 200-uclibc-ng-compat.patch is upstream now. Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com> (cherry picked from commit 0851ce4ff97260a0fab2a507ee8370e60f78370d)
* iftop: update to HEAD of 2018-10-03 - 77901cChristian Lamparter2019-09-041-3/+3
| | | | | | | | | | | | | Update iftop to commit 77901c8c53e01359d83b8090aacfe62214658183 git log --pretty=oneline --abbrev-commit 949ed0f7..77901c8c 77901c8 Support scales beyond 1Gbps Created with the help of the make-package-update-commit.sh script. Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit cfd0748497c5c27c6d0f80b0ad3698ffe4428352)
* nghttp2: bump to 1.39.2Hans Dedecker2019-09-041-2/+2
| | | | | | | | | | 957abacf Bump up version number to 1.39.2, LT revision to 32:0:18 83d362c6 Don't read too greedily a76d0723 Add nghttp2_option_set_max_outbound_ack db2f612a nghttpx: Fix request stall Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 58f929077f8687adbf75338504f319d054a96153)
* ltq-ifxos: refer to https://bugs.openwrt.orgYousong Zhou2019-09-041-1/+1
| | | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit f0f5cb26cb7ced03c70063d08c90d211f80b7a31)
* ct-bugcheck: report to https://openwrt.org by defaultYousong Zhou2019-09-041-1/+1
| | | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit 26615ededcdc7c6d30c72d77c3a890be1f777b32)
* download.pl: use https://source.openwrt.orgYousong Zhou2019-09-041-2/+1
| | | | | | | | | https://sources.lede-openwrt.org now redirects to there https://downloads.openwrt.org/sources returns 404, so remove it here Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> (cherry picked from commit 0f3667864d5391c2d9ace63ccfc83ab270405cc9)
* u-boot.mk: use openwrt url instead of lede projectLuis Araneda2019-09-041-1/+1
| | | | | | | | | | The LEDE URL is automatically redirected to the OpenWRT one, returning an HTTP 301 code (Moved Permanently). Also, use https, as indicated by the redirect. Signed-off-by: Luis Araneda <luaraneda@gmail.com> (cherry picked from commit b39ded4ab7e02cedd50810a206dadd71e1ea7fb7)
* ustream-ssl: update to latest git HEADHauke Mehrtens2019-09-041-3/+3
| | | | | | | | e8f9c22 Revise supported ciphersuites 7e9e269 wolfssl, openssl: use TLS 1.3, set ciphersuites Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit ced2b7bb988426aaece07a78c17d5a7c268e54c4)
* tools/e2fsprogs: Update to 1.45.3Daniel Engberg2019-09-044-36/+13
| | | | | | | | | | Update e2fsprogs to 1.45.3 Remove OpenBSD patch Remove Darwin patch, neither macports or brew patches these files Add patch to avoid crond detection on host OS Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit 234f7a9e5dccfaa449d75a120ef90080d0715436)
* build: fix indent in image-commands.mkAdrian Schmutzler2019-09-041-1/+1
| | | | | | | Convert leading spaces to tab to match rest of the file. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 7e5a0da6426b3b14bde8798524826b64e16cf219)
* hostapd: Allow CONFIG_IEEE80211W for all but mini variantHauke Mehrtens2019-09-041-6/+2
| | | | | | | | | | This commit will activate CONFIG_IEEE80211W for all, but the mini variant when at least one driver supports it. This will add ieee80211w support for the mesh variant for example. Fixes: FS#2397 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 1d4df52c215874a5238ddef7bccf0139f7758c24)
* hostapd: Remove ROBO switch supportHauke Mehrtens2019-09-041-2/+0
| | | | | | | The driver was removed from OpenWrt a long time ago. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit f34e8258340f5994a2506bd087fc6e6d4a3d5d5e)
* firewall: improve ipset supportKevin Darbyshire-Bryant2019-09-041-4/+4
| | | | | | | | | | | | | | | | | | | | | Bump to latest git HEAD 509e673 firewall3: Improve ipset support The enabled option did not work properly for ipsets, as it was not checked on create/destroy of a set. After this commit, sets are only created/destroyed if enabled is set to true. Add support for reloading, or recreating, ipsets on firewall reload. By setting "reload_set" to true, the set will be destroyed and then re-created when the firewall is reloaded. Add support for the counters and comment extensions. By setting "counters" or "comment" to true, then counters or comments are added to the set. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 51ffce069424f86e894369cee5cd327dd503db5f)
* build: allow overriding default selection state for devicesJonas Gorski2019-09-043-2/+7
| | | | | | | | | | | | | | | | | | | | Allow overriding the default selection state for Devices, similar to setting a default for packages. E.g. by setting DEFAULT to n, they won't be selected by default anymore when enabling all device in the multi device profile. This allows preventing images being built by the default config for known broken devices, devices without enough RAM/flash, or devices not working with a certain kernel versions. This does not prevent the devices from being manually selected or images being built by the ImageBuilder. These devices often still have worth with a reduced package-set, or as a device for regression testing, when no better device is available. Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> (cherry picked from commit 7546be60074e452751ba2a48eddbc13910bec708)
* build: add buildinfo files for reproducibilityPaul Spooren2019-09-043-4/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | generate feeds.buildinfo and version.buildinfo in build dir after containing the feed revisions (via ./scripts/feeds list -sf) as well as the current revision of buildroot (via ./scripts/getver.sh). With this information it should be possible to reproduce any build, especially the release builds. Usage would be to move feeds.buildinfo to feeds.conf and git checkout the revision hash of version.buildinfo. Content of feeds.buildinfo would look similar to this: src-git routing https://git.openwrt.org/feed/routing.git^bf475d6 src-git telephony https://git.openwrt.org/feed/telephony.git^470eb8e ... Content of version.buildinfo would look similar to this: r10203+1-c12bd3a21b Without the exact feed revision it is not possible to determine installed package versions. Also rename config.seed to config.buildinfo to follow the recommended style of https://reproducible-builds.org/docs/recording/ Signed-off-by: Paul Spooren <mail@aparcar.org> (cherry picked from commit 454021581f630d5d04afeb8ff6581c1bda295c87)
* sdk: fix GCC and Python dangling symlinksPetr Štetiar2019-09-041-1/+2
| | | | | | | | | | | | | | Force prereq again in SDK in order to fix GCC and Python dangling symlinks: staging_dir/host/bin/g++ -> /builder/ath79_generic/ccache_cxx.sh staging_dir/host/bin/gcc -> /builder/ath79_generic/ccache_cc.sh staging_dir/host/bin/python -> /usr/bin/python3.5 staging_dir/host/bin/python3 -> /usr/bin/python3.5 Ref: FS#2424 Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 200f2666fb1c8d9d128824dc5586e0e66386971f)
* dnsmasq: use nettle ecc_curve access functionsHans Dedecker2019-09-042-1/+36
| | | | | | | Fixes compile issues with nettle 3.5.1 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 63ced140484e072dddbba39bb729adc98d94d522)
* nettle: Update to 3.5.1Daniel Engberg2019-09-041-4/+4
| | | | | | | | Update (lib)nettle to 3.5.1 Bump ABI_VERSION Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit 9e489b41b596a768b04b796a9b375d7d005b6ec7)
* comgt-ncm: add driver dependencies againVincent Wiemann2019-09-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In the commit 623716dd4318 ("comgt-ncm: Fix NCM protocol") the dependencies to vendor NCM drivers were removed, because: > comgt-ncm should not depend on the USB-serial-related kernel modules, > as the cdc-wdm control device works without them. There is also no need > to depend on kmod-huawei-cdc-ncm, since other manufacturers (like > Ericsson and Samsung) which use other kernel modules should also be > supported. From a user-perspective this does not make sense, as installing comgt-ncm (or luci-proto-ncm) should install all needed dependencies for using such a device. Furthermore depending on kmod-huawei-cdc-ncm does not mean that Ericsson and Samsung devices can't be supported. By the way it seems that Ericsson and Samsung devices never used NCM, but act as serial modems. Thus this commit adds the dependencies again. Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com> [fixed title capitalization, formatted commit message, renamed Sony-Ericsson to Ericsson] Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit ccb4b96b8a4990178512c7a785f998a5e6f74cc3)
* gpio-button-hotplug: add volume button handlingChuanhong Guo2019-09-042-1/+3
| | | | | | | This is used by PISEN WMB001N. Signed-off-by: Chuanhong Guo <gch981213@gmail.com> (cherry picked from commit 11182349e1f31f873ebddd69d6b87dec638eaabf)
* procd: update to latest git HEAD (FS#2425)Hans Dedecker2019-09-041-3/+3
| | | | | | | 8323690 state: fix shutdown when running in a container (FS#2425) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit d9364c1cbc6a13f1dc2ea8432c98962ed157991f)
* netifd: update to latest git HEADHans Dedecker2019-09-041-3/+3
| | | | | | | 5e02f94 system-linux: fix resource leak Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit d70a35c365ae607671f8698fee10f29fd9023161)
* expat: Update to 2.2.7Daniel Engberg2019-09-041-2/+2
| | | | | | | Update (lib)expat to 2.2.7 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit 7270fdb62ff86f7b85c6dfbc0ea4ff0ba5ff9b9e)
* linux-atm: Add missing headersRosen Penev2019-09-042-1/+31
| | | | | | | This fixes compilation with -Werror=implicit-function-declaration. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 1b1c47577bac99bdd8ab9ecde928ab0398f78799)
* toolchain: fix gcc depends on kernel headersHauke Mehrtens2019-09-041-1/+1
| | | | | | | | | | | | | GCC needs the kernel headers to compile. Some GCC file includes asm/unistd.h which is provided by the kernel headers. Normally the kernel headers build is very fast and ready before the gcc uses it, but if it clones the kernel from a slow git repository it takes longer and then it could be that the gcc already wants to use the kernel headers before they are available. This patch fixes this problem by adding the missing dependency. Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com> (cherry picked from commit b20156ba704ed8e03d030b2f294d8d19bebd2f71)
* build: include BUILD_VARIANT in PKG_BUILD_DIRJeffery To2019-09-0417-23/+2
| | | | | | | | | | | | This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into account (if set), so that packages do not need to manually override PKG_BUILD_DIR just to handle variants. This also updates most base packages with variants to use the updated default PKG_BUILD_DIR. Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit e545fac8d968864a965edb9e50c6f90940b0a6c9)
* ethtool: bump to 5.2Hans Dedecker2019-09-041-2/+2
| | | | | | | | | | 379c096 Release version 5.2. 2bce6d9 ethtool: Add 100BaseT1 and 1000BaseT1 link modes 67ffbf5 ethtool: sync ethtool-copy.h with linux-next from 30/05/2019 687152b ethtool.spec: Use standard file location macros Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 018395392c2608698201042bbaa180b82eb7120f)
* firewall: update to latest git HEADHans Dedecker2019-09-041-3/+3
| | | | | | | de94097 utils: coverity resource leak warning Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit efb7b7a12af55758458cdb945a0833af411289f7)
* ipset: update to 7.3DENG Qingfang2019-09-041-3/+3
| | | | | Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit edd9b39fab46a7231b8662697ba8c10de42d5a66)
* sdk: Fix cryptodev-linux build when CONFIG_ARM64_MODULE_PLTS=yJeffery To2019-09-041-1/+2
| | | | | | | | | When CONFIG_ARM64_MODULE_PLTS=y, arch/arm64/kernel/module.lds is required to build cryptodev-linux. This updates the sdk to include this file. Signed-off-by: Jeffery To <jeffery.to@gmail.com> (cherry picked from commit 6e300f6a0c94812d0f4d8f67df6604c763f7552f)
* ccache: update to 3.7.2DENG Qingfang2019-09-042-3/+3
| | | | | | | | | | Update ccache to 3.7.2 Release notes: https://ccache.dev/releasenotes.html#_ccache_3_7_2 Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn> (cherry picked from commit 2caf747116337645420653ec003799a8eef69229)
* toolchain/fortify-headers: Update to 1.1Kevin Darbyshire-Bryant2019-09-041-2/+2
| | | | | | | Update fortify-headers to 1.1 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit cbe08e6b563438054c1efcb0daa0b965ec902052)
* autotools.mk: autoreconf: fix missing install-shPetr Štetiar2019-09-041-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I'm trying to create a package for libgpiod, which uses AC_CONFIG_AUX_DIR macro, which is probably leading to the following configure error: autoreconf: running: /openwrt.git/staging_dir/host/bin/libtoolize --force OpenWrt-libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, `autostuff'. OpenWrt-libtoolize: linking file `autostuff/ltmain.sh' OpenWrt-libtoolize: putting macros in `m4'. ... configure: error: cannot find install-sh, install.sh, or shtool in autostuff "."/autostuff >From the build output it's clear, that libtoolize isn't installing install-sh symlink, because libtoolize would install install-sh only if it's being run with --install parameter. Corresponding part in libtoolize: if $opt_install; then func_config_update config.guess \ "$pkgdatadir/config" "$auxdir" pkgconfig_header func_config_update config.sub \ "$pkgdatadir/config" "$auxdir" pkgconfig_header func_install_update install-sh \ "$pkgdatadir/config" "$auxdir" pkgconfig_header fi func_ltmain_update ltmain.sh \ "$pkgdatadir/config" "$auxdir" pkgconfig_header Adding --install parameter to libtoolize fixes this build issue: autoreconf: running: /openwrt.git/staging_dir/host/bin/libtoolize --install --force OpenWrt-libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, `autostuff'. OpenWrt-libtoolize: linking file `autostuff/config.guess' OpenWrt-libtoolize: linking file `autostuff/config.sub' OpenWrt-libtoolize: linking file `autostuff/install-sh' OpenWrt-libtoolize: linking file `autostuff/ltmain.sh' OpenWrt-libtoolize: putting macros in `m4'. Cc: Felix Fietkau <nbd@nbd.name> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 5cf897779eacf63cdbcdebd1af68c109096665c6)
* tools: libressl: fix compilation for non-glibc clib (FS#2400)Hans Dedecker2019-09-041-0/+23
| | | | | | | | | | | | | | Fixes compilaton issue for non glibc clibs : libtool: compile: gcc -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.9.2\" "-DPACKAGE_STRING=\"libressl 2.9.2\"" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.9.2\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_SYMLINK=1 -DHAVE_ERR_H=1 -DHAVE_ASPRINTF=1 -DHAVE_MEMMEM=1 -DHAVE_STRLCAT=1 -DHAVE_STRLCPY=1 -DHAVE_STRNDUP=1 -DHAVE_STRNLEN=1 -DHAVE_STRSEP=1 -DHAVE_TIMEGM=1 -DHAVE_SYSLOG=1 -DHAVE_ACCEPT4=1 -DHAVE_PIPE2=1 -DHAVE_POLL=1 -DHAVE_SOCKETPAIR=1 -DHAVE_EXPLICIT_BZERO=1 -DHAVE_GETAUXVAL=1 -DHAVE_GETAUXVAL=1 -DHAVE_DL_ITERATE_PHDR=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_VA_COPY=1 -DHAS_GNU_WARNING_LONG=1 -DSIZEOF_TIME_T=8 -I. -I../include -I../include/compat -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= -I../crypto/asn1 -I../crypto/bn -I../crypto/ec -I../crypto/ecdsa -I../crypto/evp -I../crypto/modes -I../crypto -I/builds/pantacor/pv-platforms/openwrt-base/openwrt/staging_dir/host/include -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE -D__STRICT_ALIGNMENT -O2 -I/builds/pantacor/pv-platforms/openwrt-base/openwrt/staging_dir/host/include -fpic -Wall -std=gnu99 -fno-strict-aliasing -fno-strict-overflow -D_FORTIFY_SOURCE=2 -fstack-protector-strong -DHAVE_GNU_STACK -Wno-pointer-sign -MT compat/getprogname_linux.lo -MD -MP -MF compat/.deps/getprogname_linux.Tpo -c compat/getprogname_linux.c -o compat/getprogname_linux.o compat/getprogname_linux.c: In function 'getprogname': compat/getprogname_linux.c:32:2: error: #error "Cannot emulate getprogname" #error "Cannot emulate getprogname" ^~~~~ Reported-by: Anibal Portero <anibal.portero@pantacor.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 1282a630272c59dfd105262772a2ca136084db03)
* netifd: update to latest git HEADHans Dedecker2019-09-041-3/+3
| | | | | | | 899f168 system-linux: Coverity fixes Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 11617bcb3be6778d5427723a09922aae50956a8c)
* tools: libressl: fix build on MacOSKevin Darbyshire-Bryant2019-09-041-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Making all in tests depbase=`echo handshake_table.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\ gcc -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.9.2\" -DPACKAGE_STRING=\"libressl\ 2.9.2\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.9.2\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_SYMLINK=1 -DHAVE_ERR_H=1 -DHAVE_READPASSPHRASE_H=1 -DHAVE_ASPRINTF=1 -DHAVE_MEMMEM=1 -DHAVE_READPASSPHRASE=1 -DHAVE_STRLCAT=1 -DHAVE_STRLCPY=1 -DHAVE_STRNDUP=1 -DHAVE_STRNLEN=1 -DHAVE_STRSEP=1 -DHAVE_TIMEGM=1 -DHAVE_GETPROGNAME=1 -DHAVE_SYSLOG=1 -DHAVE_POLL=1 -DHAVE_SOCKETPAIR=1 -DHAVE_ARC4RANDOM=1 -DHAVE_ARC4RANDOM_BUF=1 -DHAVE_ARC4RANDOM_UNIFORM=1 -DHAVE_TIMINGSAFE_BCMP=1 -DHAVE_CLOCK_GETTIME=1 -DHAVE_VA_COPY=1 -DHAVE___VA_COPY=1 -DSIZEOF_TIME_T=8 -I. -I../include -I../include/compat -DLIBRESSL_INTERNAL -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= -I ../crypto/modes -I ../crypto/asn1 -I ../ssl -I ../tls -I ../apps/openssl -I ../apps/openssl/compat -D_PATH_SSL_CA_FILE=\"../apps/openssl/cert.pem\" -I/Users/kevin/wrt/staging_dir/host/include -D__STRICT_ALIGNMENT -O2 -I/Users/kevin/wrt/staging_dir/host/include -fpic -Wall -std=gnu99 -fno-strict-aliasing -fno-strict-overflow -D_FORTIFY_SOURCE=2 -fstack-protector-strong -Qunused-arguments -Wno-pointer-sign -MT handshake_table.o -MD -MP -MF $depbase.Tpo -c -o handshake_table.o handshake_table.c &&\ mv -f $depbase.Tpo $depbase.Po make[4]: *** No rule to make target `/Users/kevin/wrt/build_dir/host/libressl-2.9.2/crypto/.libs/libcrypto_la-cpuid-macosx-x86_64.o', needed by `handshake_table'. Stop. make[3]: *** [all-recursive] Error 1 A similar error & clues from https://gitlab.com/ymorin/buildroot/commit/e783d60473944f8b39f1def45d8d6b483a062158 " LibreSSL 2.9.1 now has a test that requires libtls.a, however, when building a shared library only build, the --disable-static flag is passed to libressl, which prevents the building of libtls.a. With libtls.a not being built, the following error occurs: libressl-2.9.1/tls/.libs/libtls.a', needed by 'handshake_table'. Stop. There are three options to fix this: 1) Stick with autotools, and provide a patch that removes building anything in the tests folder. 2) Pass --enable-static to LIBRESSL_CONF_OPTS 3) Change the package type to cmake, as a cmake build does not have this issue." It appears we cannot change to cmake because cmake has a dependency on an ssl library. Take option 1 and do not build the tests. Also take the opportunity to remove man page building as well. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> (cherry picked from commit 8d6d227bb653b7cce7092a5a9d55180c3e022848)
* curl: update to 7.65.3Hans Dedecker2019-09-041-2/+2
| | | | | | | For changes in 7.65.3; see https://curl.haxx.se/changes.html#7_65_3 Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit fc2df4f7050adae3ca6284a499fa914e07cba70b)
* tools: libressl: update to 2.9.2 versionRoman Yeryomin2019-09-041-2/+2
| | | | | | | To keep in sync with OpenSSL 1.1.x branch version options. Signed-off-by: Roman Yeryomin <roman@advem.lv> (cherry picked from commit 3f1e8c01316a5ea0162197cd8eb6dbbabe396176)
* openvpn: add new list option tls_ciphersuitesMartin Schiller2019-09-041-1/+2
| | | | | | | | To configure the list of allowable TLS 1.3 ciphersuites, the option tls_ciphersuites is used instead of tls_ciphers. Signed-off-by: Martin Schiller <ms@dev.tdt.de> (cherry picked from commit 261df949faad6dda43454868628f79265e9cc5e7)
* base-files: don't set ARGV and ARGCRafał Miłecki2019-09-043-7/+1
| | | | | | | Those are not used by any image check function anymore. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 3f4c785a6bbde87296e362c315f10b55c98843e3)