aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* treewide: when copying a backup file always specify dest nameRafał Miłecki2019-09-1212-12/+12
| | | | | | | | $CONF_TAR shouldn't be assumed to always point to the sysupgrade.tgz. This change makes code more generic and allows refactoring $CONF_TAR. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 62dbe361a1b1ed1506bc0387bff55eddcb619e49)
* treewide: don't hardcode "sysupgrade.tgz" file nameRafał Miłecki2019-09-1215-22/+31
| | | | | | | | | 1) Add BACKUP_FILE and use it when copying an archive to be restored after sysupgrade (on the next preinit). 2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit bf390478727ac5f4f9d6fb684de48b8150bcec67)
* tools: mkimage: fix __u64 typedef conflict with new glibcYousong Zhou2019-09-121-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Including "sys/stat.h" from newer glibc will cause __u64 from linux uapi header to be included, causing compilation failure for u-boot tools USE_HOSTCC Remove typedef for __u64 in include/compiler.h to fix the issue. It should be safe because as of u-boot-2018.03, no ref to __u64 is found under u-boot tools/ directory Error message snippet follows HOSTCC tools/mkenvimage.o In file included from /usr/include/asm-generic/types.h:7, from /usr/include/asm/types.h:5, from /usr/include/linux/types.h:5, from /usr/include/linux/stat.h:5, from /usr/include/bits/statx.h:30, from /usr/include/sys/stat.h:446, from tools/mkenvimage.c:21: /usr/include/asm-generic/int-ll64.h:31:42: error: conflicting types for '__u64' 31 | __extension__ typedef unsigned long long __u64; | ^~~~~ In file included from <command-line>: ././include/compiler.h:69:18: note: previous declaration of '__u64' was here 69 | typedef uint64_t __u64; | ^~~~~ make[5]: *** [scripts/Makefile.host:116: tools/mkenvimage.o] Error 1 Ref: https://forum.openwrt.org/t/compile-error-19-07/44423 Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1699194 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* Revert "ar71xx: use platform code for qca955x usb0 init"Koen Vandeputte2019-09-121-14/+0
| | | | | | | | | | | | | | | This reverts commit af91a370de2b94a37b8a87a9f95503e96dfcb744. As Piotr Dymacz pointed out: In QCA MIPS based WiSOCs, for first USB interface, device/host mode can be selected _only_ in hardware see description of 57c641ba6e QCA955x and QCA9563, second USB can be switched to device mode in software (tested and confirmed on real hardware). Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ar71xx: qca955x pci init/reset fixesTomislav Požega2019-09-111-0/+120
| | | | | | | | | | | | | | | Current ar724x code does the reset only on single pci bus, and in case of qca9558 writes the wrong register (0x10 vs 0x0c). This change allows the reset of second pci bus, commonly used in Archer C7 devices, in case host controller is stuck in reset. If the resetting controller on boot can solve any other issue it can be enabled unconditionally by removing reset check before ar724x_pci_hw_init is called. Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com> [refreshed to apply cleanly] Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> (cherry picked from commit 76d870871cb12fc0c170e5fd23bce568adfaae6d)
* ar71xx: enable ddr wb flush on qca955xTomislav Požega2019-09-111-0/+49
| | | | | | | | | Enable flushing of write buffers on qca955x. GPL code has 0x88 reg defined for PCI flush which is likely an error since the device freezes on boot. So use DS default value 0xA8 for PCI flush. Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com> (cherry picked from commit fe9e702dc94ece2a004f6db68d6fb9a94d9437cb)
* ar71xx: use platform code for qca955x usb0 initTomislav Požega2019-09-111-0/+14
| | | | | | | | Switch from ci_usb_setup to generic platform initialization of usb0 port. Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com> (cherry picked from commit 36a0cfd24be1cb79f221964ed2bfe12b98befff3)
* kernel: bump 4.14 to 4.4.142Koen Vandeputte2019-09-116-36/+10
| | | | | | | | | | | | Refreshed all patches. Remove upstreamed: - 0032-usb-host-fotg2-restart-hcd-after-port-reset.patch Compile-tested on: ar71xx, cns3xxx, imx6, x86_64 Runtime-tested on: ar71xx, cns3xxx, imx6 Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* hostapd: SAE/EAP-pwd side-channel attack updateHauke Mehrtens2019-09-109-1/+397
| | | | | | | | | Fixes this security problem: * SAE/EAP-pwd side-channel attack update https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)
* hostapd: Fix security problem in EAP-pwdHauke Mehrtens2019-09-103-1/+81
| | | | | | | | | | | | This fixes: CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment" https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt This should not affect OpenWrt in the default settings as we do not use EAP-pwd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 9f34bf51d60a237696b1d4cc9b5f4835b95e7ea2)
* ramips: fix ethernet MAC address of ASUS RT-AC57UAdrian Schmutzler2019-09-091-1/+1
| | | | | | | This backports the only non-cosmetic fix from 6640e1c3681b ("ramips: clean and improve MAC address setup in 02_network"). Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ramips: fix duplicate network setup for dlink, dir-615-h1Adrian Schmutzler2019-09-091-1/+0
| | | | | | | | | | | | | | | In 555ca422d1cb ("ramips: fix D-Link DIR-615 H1 switch port mapping"), port setup for dir-615-h1 was changed without removing the old one. This was working as the new one was triggered earlier than the old one. (In the meantine, changed sorting during ramips rename patches actually inversed that order.) Anyway, just remove the wrong case now. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit e35e4a996e26f17b69d200505ecea78af96a2704)
* ramips: remove duplicate case for MAC setup of freestation5Adrian Schmutzler2019-09-091-1/+0
| | | | | | | | | | | | | ARC FreeStation5 is present twice in MAC address setup. >From older commits/changes, it is not possible to reconstruct the correct choice only by reading the annotations. Thus, remove the second case and keep the first one, so behavior stays the same (as nobody seems to have complained about it). Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit ad4eb2241b33b05b0942a3fa7ed2e53fb6e84386)
* mac80211: brcmfmac: backport more kernel 5.4 changesRafał Miłecki2019-09-098-9/+283
| | | | | | | | Patch getting RAM info got upstreamed. A debugging fs entry for testing reset feature was added. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 681acdcc54d2e59135bb706c38bed942f74ccf74)
* mt7620: disable image generation for Nexx WT3020 (4MB)Hauke Mehrtens2019-09-081-1/+1
| | | | | | | | | Image generation is currently failing on builbots due to the following error: WARNING: Image file openwrt-19.07-snapshot-r10495-db5164d3d0-ramips-mt7620-wt3020-4M-squashfs-factory.bin is too big Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* apm821xx: Make patches apply againHauke Mehrtens2019-09-081-30/+0
| | | | | | | | This patch was applied to the upstream kernel in version 4.14.135, remove it from our patches directory. Fixes: 40379b0ec64d ("apm821xx: fix bogus key-presses on boot") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Revert "build: remove harmful -nopad option from mksquashfs"Jonas Gorski2019-09-081-1/+1
| | | | | | | | | | | | | | | This reverts commit 1c0290c5cc6258c48b8ba46b4f9c85a21de4f875. Dropping the nopad can make the padding overflow into the next erase block on devices using a non-aligned rootfs start. This breaks the jffs2 overlay partition with the following messages: [ 30.343877] jffs2_scan_eraseblock(): End of filesystem marker found at 0x10000 [ 30.376512] jffs2: Cowardly refusing to erase blocks on filesystem with no valid JFFS2 nodes [ 30.385253] jffs2: empty_blocks 196, bad_blocks 0, c->nr_blocks 197 Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> (cherry picked from commit f11d90a76b719106336b94d85b166b4ebf19dbb0)
* ipq40xx: fix AVM NAND caldata extractionDavid Bauer2019-09-081-3/+15
| | | | | | | | | | | | | | The AVM Fritz!Box 7530 (and probably other AVM IPQ4019 NAND devices) has it's caldata not stored consistently, but instead at currently 3 known possible offsets. As we get a non-zero exit code from fritz_cal_extract, simply try all three possible offsets on both bootloader partitions, until a matching caldata for each radio is found. Reported-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit a6f85b81b7efd3fa3265d70e5406275b2dc03f5f)
* kernel: net_sched: fix a NULL pointer deref in ipt actionCong Wang2019-09-082-1/+291
| | | | | | | | | | | | | | | | | | | | | The net pointer in struct xt_tgdtor_param is not explicitly initialized therefore is still NULL when dereferencing it. So we have to find a way to pass the correct net pointer to ipt_destroy_target(). The best way I find is just saving the net pointer inside the per netns struct tcf_idrinfo, which could make this patch smaller. Fixes: 0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed by ruleset") Reported-and-tested-by: Tony Ambardar <itugrok@xxxxxxxxx> Cc: Jamal Hadi Salim <jhs@xxxxxxxxxxxx> Cc: Jiri Pirko <jiri@xxxxxxxxxxx> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> [Backport for kernel v4.19 and v4.14] [Bug Link: https://bugzilla.kernel.org/show_bug.cgi?id=204681] Signed-off-by: Tony Ambardar <itugrok@yahoo.com> (cherry picked from commit 7735cce0c5c306bd9eea20ca2805e4a492c02be9)
* mvebu: sysupgrade: don't use $ARGV in platform_check_image()Rafał Miłecki2019-09-071-1/+1
| | | | | | | | | | sysupgrade passes image path to platform_check_image() as an argument so it can be simply accessed using $1 Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 76e43c82b55518b794ac24f9acfb3888c638f99b) [rmilecki: dropping ARGV without this change broke sysupgrade] Fixes: 6ac62c4b6cae ("base-files: don't set ARGV and ARGC")
* treewide: sysupgrade: don't use $ARGV in platform_do_upgrade()Rafał Miłecki2019-09-0715-43/+43
| | | | | | | | | | stage2 passes image path to platform_do_upgrade() as an argument so it can be simply accessed using $1 Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 8b4bc7abe073489a3595eeb2d81818852319c148) [rmilecki: dropping ARGV without this change broke sysupgrade] Fixes: 6ac62c4b6cae ("base-files: don't set ARGV and ARGC")
* odhcp6c: update to latest git HEADHans Dedecker2019-09-071-2/+2
| | | | | | | e199804 dhcpv6: sanitize oro options Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 1855c237948e211849d79765ca749cdea6a79987)
* ath79: correct OCEDO Ursus phy-mode propertyDavid Bauer2019-09-071-1/+3
| | | | | | | | | | This fixes the previously incorrect phy-mode for the OCEDO Ursus GMAC0. See 62abbd587dc9 ("ath79: correct various phy-mode properties") for more details. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 7b137e9df920926dbd92f12450d9955c2759c92b)
* ramips: fix network setup for various NETGEAR boardsDavid Bauer2019-09-071-11/+6
| | | | | | | | | | | | | | | | | There are currently the following issues present for the Netgear R6220, R6350 and WNDR3700 v5: - LAN and WAN MAC-addresses are inverted - WAN MAC-address is off. It are +2 compared to the LAN MAC-address (R6350 only) - Switchport order is inverted in LuCi This commit fixes both these issues by assigning correct MAC-addresses to LAN and WAN interfaces and defining the switchports with the correct labels. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 13937a16d40693df67d3d39faa3a80644bdb7abf)
* ramips: use phy trigger for various Netgear boardsDavid Bauer2019-09-073-1/+2
| | | | | | | | | | This commit switches the default trigger for the WiFi LED from a netdev trigger on "wlan0" to a wireless-phy based trigger. THis allows the LED to work, even when the wireless interface is not named "wlan0" without modifiying the LED settings. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit fa46c9b208fe3833f085e9f6ddf7c492b16f6c34)
* ramips: disable badblock shifting for MT7621 NANDDavid Bauer2019-09-071-1/+1
| | | | | | | | | | | | | | | | | | The MediaTek MT7621 NAND driver currently intransparently shifts NAND pages when a block is marked as bad. Because of this, offsets for e.g. caldata and MAC-addresses seem to be off. This is, howeer, not a task for the mtd NAND driver, as the flash translation layer is tasked with this. This patch disables this badblock shifting. This fix was originally proposed by Jo-Philipp Wich at https://bugs.openwrt.org/index.php?do=details&task_id=1926 Fixes FS#1926 ("MTD partition offset not correctly mapped when bad eraseblocks present") Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 527832e54bf3bc4d699a145ae66f34230246f0a9)
* treewide: fix invalid UPGRADE_OPT_SAVE_CONFIG spellingsRafał Miłecki2019-09-065-7/+7
| | | | | | | | That was a result of accidentally running "sed" twice on some files. Fixes: 9b9412d55cca ("treewide: replace remaining (not working now) $SAVE_CONFIG uses") Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 1078de96e315f3cc2675b2c5935009e8c6159ad4)
* treewide: replace remaining (not working now) $SAVE_CONFIG usesRafał Miłecki2019-09-068-10/+10
| | | | | | | | This var has been replaced by the $UPGRADE_OPT_UPGRADE_OPT_SAVE_CONFIG Fixes: f25d164aca80 ("base-files: pass "save_config" option to the "sysupgrade" method") Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 5797fe84a3b508483f7d82e177157c1bf2f342d9)
* procd: update to the latest git HEADRafał Miłecki2019-09-061-3/+3
| | | | | | | | | | | 0f3c136 sysupgrade: set UPGRADE_BACKUP env variable 0bcbbbf system: fix uninitialized variables in firmware validation code This update includes a fix for uninitialized variable usage. Fixes: db5164d3d056 ("procd: update to the latest git HEAD") Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit e8dcbbc865cb6acef1cfbafe77f30c1f003c3dc3)
* procd: update to the latest git HEADRafał Miłecki2019-09-041-3/+3
| | | | | | | | | | | | | 34ac88c system: reject sysupgrade of invalid firmware images by default f55c235 system: reject sysupgrade of broken firmware images e990e21 system: add "validate_firmware_image" ubus method This update changes "sysupgrade" ubus method API. It's now required to pass "force" attribute whenever invalid firmware is meant to be installed. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 7290963d0992b9aa412e0066dcf721857fbd40f7)
* base-files: pass "force" parameter to the "sysupgrade" callRafał Miłecki2019-09-041-0/+3
| | | | | | | | This makes sysupgrade work with the most recent procd that validates firmware before proceeding. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit b71962da16c2e2b93d633d7bde1436b3da2bf740)
* upslug2: Update to git repositoryRosen Penev2019-09-042-297/+7
| | | | | | | | | | | | | | | This has two improvements over the current version. An autotools fix and application of the wrt350v2 patch. Cleaned up Makefile as a result of makefiles being fixed. Note that this package is not really used as it depends on orion, which is classified as broken. This is the last package that uses svn in the tree. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit ac31ec0f62af31cdbc348911503bae8c152f8516)
* sdk: use bundle-libraries.sh to ship kernel objtool toolsJo-Philipp Wich2019-09-041-8/+2
| | | | | | | | | | | Ensure that the kernel objtool utilities are processed by the library bundler in order to ensure that they're usable on foreign systems with different libc versions. Fixes: a9f6fceb42 ("sdk: fix building external modules when CONFIG_STACK_VALIDATION=y") Acked-by: Yousong Zhou <yszhou4tech@gmail.com> Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit efaaadb49e90b51ba3a6adc6fafc330c23b8f764)
* include: kernel-build: pass pkg-config overrides to kernel buildJo-Philipp Wich2019-09-041-0/+6
| | | | | | | | | | | | | | Pass suitable pkg-config overrides to the kernel build process in order to let our pkg-config wrapper discover libraries provided by tools/. This mainly affects the use of libelf which is required for the CONFIG_STACK_VALIDATION features. So far, the build system either silently used host system libraries or kbuild simply disabled the feature due to the lack of a suitable libelf. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit fe43969336201f2cc7d103b68fd6e65989bee184)
* tools: libelf: fix headers to trigger -Wundef warningsJo-Philipp Wich2019-09-041-0/+198
| | | | | | | | | | | | | When libelf from tools/ is used for building the kernel, compilation aborts due to access to undefined defines since Kbuild adds -Wundef to the compiler flags. Patch the header files to use `#if defined(...)` instead of `#if ...` to prevent such issues. Ref: https://github.com/NixOS/nixpkgs/issues/59929 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit f3ab336d7ceda929dc8dc4a8b09a9552dc6be0b1)
* tools: libelf: install pkg-config fileJo-Philipp Wich2019-09-041-1/+3
| | | | | | | | Install the pkg-config definition for libelf in order to allow the kernel build process discover it later on. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit d3f86c9cc3e465fbca51aaadbb274856831ba56c)
* scripts/feeds: fix 'src-include' directiveBjørn Mork2019-09-041-1/+1
| | | | | | | | | | | | | Commit 775b70f8d5df renamed parse_file() parameters without updating the recursive call. This broke parsing of any feeds.conf using 'src-include'. $ scripts/feeds update -a Can't use string ("defaults") as a HASH ref while "strict refs" in use at scripts/feeds line 63, <$fh> line 1. Fixes: 775b70f8d5df ("scripts/feeds: allow adding parameters to feeds") Signed-off-by: Bjørn Mork <bjorn@mork.no> (cherry picked from commit a21b70be31a9d8adda0ae65cc38d1b3b4b6680d4)
* uci: update to latest Git HEADHauke Mehrtens2019-09-041-3/+3
| | | | | | | 415f9e4 uci/file: replace mktemp() with mkstemp() Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 6aa962a62288952aec08c1f67fb0735f420f720e)
* iwinfo: update to latest Git HEADHauke Mehrtens2019-09-041-3/+3
| | | | | | | | | f599a8d iwinfo: Fix rate buffer size 71ec9be iwinfo: Fix buffer size f8ef450 iwinfo: Add support for WPA3 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 6658447534152b72a3341b369f1eb545618fa7cf)
* Fix handling of BUILD_SUFFIX in remote-gdb scriptThomas Langer2019-09-041-4/+4
| | | | | | | | | | When CONFIG_BUILD_SUFFIX is enabled, the target-* folders in build_dir and staging_dir have this suffix in the name, but not the toolchain directories. When detecting the names for "arch" and "libc", also accept the suffix and do not use it for the toolchain path. Signed-off-by: Thomas Langer <thomas.langer@intel.com> (cherry picked from commit 035906fd05b2e5543cedd9471731043945fdcf13)
* tools/cmake: Update to 3.15.1Daniel Engberg2019-09-045-33/+22
| | | | | | | | | | | | | Update CMake to 3.15.1 Refresh patches Remove inofficial fossies.org and replace with GitHub (link on official site) Remove 150-C-feature-checks-Match-warnings-more-strictly.patch as it's a no longer needed backport from upstream. Disable ccache if GCC is 4.8, 4.9 or 5.X to avoid build failures. Reference: https://github.com/openwrt/openwrt/pull/1929 Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit 413c68d120043cd8ff1f4aa057d33c140bfc6bfa)
* nftables: bump to version 0.9.2Konstantin Demin2019-09-042-31/+4
| | | | | | | | | | | | | | | - exclude Python-related stuff from build - drop patches: * 010-uclibc-ng.patch, applied upstream ipkg size decrease by 2.8%: old: 194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk new: 189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit b74f1f335a792a15feb0fd839a69486050d3531f)
* libnftnl: bump to version 1.1.4Konstantin Demin2019-09-041-2/+2
| | | | | | | | | | | | | ABI version is same. The ipkg size increase by about 2.2%: old: 47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk new: 48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit 699955a684eb8f6eb39123632ec7e193fa132753)
* rpcd: update to latest Git HEADJo-Philipp Wich2019-09-041-3/+3
| | | | | | | | 821045f file: add path based read/write/exec ACL checks fb337e5 file: add stat() information to directory listings Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 02169bd3f8ccfa3076bb4d46e979d2fdcc7d413e)
* uhttpd: add support to generate EC keysEneas U de Queiroz2019-09-043-2/+14
| | | | | | | | | This adds the key_type and ec_curve options to enable the generation of EC keys during initialization, using openssl or the new options added to px5g. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 7f2b230b3b9d0a7fb758db3a9b1958845506a5a3)
* px5g: support EC keysEneas U de Queiroz2019-09-042-19/+71
| | | | | | | | | | | | | | | | | | | This adds an 'eckey' command to generate an EC key, with an optional curve name argument, with P-256 as default. For the 'selfsigned' command, it adds an 'ec' algorithm argument to the '-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option, mirroring the way openssl specifies the curve name. Notice that curve names are not necessarily the same in mbedtls and openssl. In particular, secp256r1 works for mbedtls, but openssl uses prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256 and P-384 are specifically supported. Package size increased by about 900 bytes (arm). Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit a552ababd4ff8e91d3f03f7496f12d080a71ba28)
* openssl: always build with EC supportEneas U de Queiroz2019-09-042-19/+2
| | | | | Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit f40262697f5aebed25313a1b2eb8f68d37c97e60)
* libnfnetlink: Avoid passing both -fPIC and -fpicRosen Penev2019-09-041-3/+4
| | | | | | | | | Instead, instruct the configure script to use $(FPIC) only. Mixing -fPIC and -fpic can cause issues on some platforms like PPC. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 926157c2ccb02aa06b343662ecbd2571faf6eddd)
* ncurses: Do not pass both -fPIC and -fpicRosen Penev2019-09-041-2/+4
| | | | | | | | | | | The configure scripts matches Linux with -fPIC, which is not exactly what is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to avoid passing -fPIC. Removed PKG_BUILD_DIR as it is already the default value. Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit e2ecf39e8e49e43b4d358853f9da51e3897d042c)
* build: remove harmful -nopad option from mksquashfsChristian Lamparter2019-09-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While the -nopad option prevents mksquashfs from padding the image to an arbitrary 4k. It does not take into consideration that squashfs is programmed to have this 4k padding when it's being used on on a block device... which is its main "use-case". Now, after a week long discussion on the ML that included a back-and-forth between some of the possible options. But this is likely the best KISS patch to deal with the issue right away given the limited resources. From squashfs code point of view, be warned. The 4k padding is not enough when dealing with devices that have a PAGE_SIZE bigger than 4k. if it turns out to be affecting you, then please look-up either: "FS#2460 - kernel panic reading squashfs from ubi volume" bug Or the discussion on the OpenWrt-Devel ML in "amp821xx: use newly added pad-squashfs for Meraki MR24" and "Squashfs breakage lottery with UBI..." before making an educated guess. Note: This will not affect the "tiny"/small flash devices as much as it seems at first. This is because the the rootfs_data partition that follows uses jffs2. And it requires to be aligned to the flash block-size in order to work at all. So either the involved FSes will meet in the middle as before, or not at all. But in that latter case the image was already hoping for the "undefined behaviour" gamble to turn out in its favour and this is probably why this was unnoticed for so long. Fixes: FS#2460 Reported-by: Russell Senior <russell@personaltelco.net> Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (cherry picked from commit 1c0290c5cc6258c48b8ba46b4f9c85a21de4f875)