| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
uscan reports a new CVE now that PKG_CPE_ID was added.
Reordered patches by date.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[re-title commit & refresh patches]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from a6bd9d0cb652686453604b762e80a35d023908c4)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new test case was adding in one of the patches fixing a problem, this
also included a change in the test/Makefile.am to add this test case.
The build system detected a change in the Makefile.am and wants to
regenerate the Makefile.in, but this fails because automake-1.15 is not
installed yet. As automake depends on patch being build first, make sure
we do not modify the Makefile.am.
This fixes build problem seen by the build bots.
Fixes: 4797dddfde6 ("patch: apply upstream cve fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 759f111f8d7f2d9f5f12713fc6f48ce6422997ec)
|
| |
|
|
|
|
|
|
|
|
|
| |
The Makefile.am changed and now patch wants to use automake to
regenerate the Makefile.in. Make sure automake was build before we build
patch.
This fixes build problem seen by the build bots.
Fixes: 4797dddfde6 ("patch: apply upstream cve fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 07e8c217cb79a19c59fcb34ea6de39aa91a625b6)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply two upstream patches to address two CVEs:
* CVE-2018-1000156
* CVE-2018-6952
Add PKG_CPE_ID to Makefile.
Build tested on apm821xx and ar71xx.
Signed-off-by: Russell Senior <russell@personaltelco.net>
(backported from 4797dddfde6a8ffdbdcb4e5b5e137b0a00313f62)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
| |
07528d43f9bc nmea.c: set _BSD_SOURCE to have timegm() & stime() on musl
b88037b6bf6a check timegm return code
ccabdf6c235f nmea.c: Add null byte to nmea fields
cdc1478a8133 remove deprication warning
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from 81d7f82441f0754d398309a722323d792a24d76a)
|
| |
|
|
|
|
|
| |
update PKG_RELEASE
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from 4cabda8b7ddb0efea23e2aa044ea8bf18e03d199)
|
| |
|
|
|
|
|
|
|
| |
Check pin count value from pin status and stop verification the pin if
the value is less then 3. This should prevent the proto-handler to
lock the SIM. If SIM is locked then the PUK is needed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from 0c9d06b5b243334123eafaf2e26a15ec2757767e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Load the json output from uqmi --get-pin-status command and evaluate the
"pin1_status" value.
The following uqmi "pin1_status" values are evaluated:
- disabled
Do not verify PIN because SIM verification is disabled on this SIM
- blocked
Stop qmi_setup because SIM is locked and a PUK is required
- not_verified
SIM is not yet verified. Do a uqmi --verify-pin1 command if a SIM is
specified
- verified:
Do not verify the PIN because this was already done before
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from 4b80bd878d0fcb520f4811097900ebb5478a74fd)
|
| |
|
|
|
|
|
|
|
| |
QMI proto setup-handler will wait forever if SIM does not get initialized.
To fix this stop polling pin status and notify netifd. Netifd will generate
then a "ifup-failed" ACTION.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from f171a86d064ac3fcfff05d286becae87c2e26b5f)
|
| |
|
|
|
|
|
|
|
| |
QMI proto setup-handler will wait forever if it is unable to registrate to
the mobile network. To fix this stop polling network registration status
and notify netifd. Netifd will generate then a "ifup-failed" ACTION.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from dec1bfa0f48d43174921d1a1357a4842f9ba0cf6)
|
| |
|
|
|
|
|
| |
Also add logging output for SIM initilization.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from 71865200c95d5ccebe01980c88ee44a15888bcaf)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This value will be used for now during following situations:
* Ask the sim with the uqmi --get-pin-status command.
* Wait for network registration with the uqmi --get-serving-system command.
This two commands wait forever in a while loop. Add a timeout to stop
waiting and so inform netifd.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from dee93def394c9bf10d2cc3eb64d9e190ca461a67)
|
| |
|
|
|
|
|
|
| |
Move uqmi std and error output on commands without using them to /dev/null.
This will remove useless outputs in the syslog.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from 2d57aa9c4c852e847e66a3bb5c775910d0cb8d77)
|
| |
|
|
|
|
|
| |
fix indenting
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from 692c6d9a5dbb955d00516b465271fd8a053af206)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Make inclusion of the destination option header containing the tunnel
encapsulation limit configurable for IPv6 GRE packets.
Setting the uci parameter encaplimit to ignore; allows to disable the
insertion of the destination option header in the IPv6 GRE packets.
Otherwise the tunnel encapsulation limit value can be set to a value
from 0 till 255 by setting the encaplimit uci parameter accordingly.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 3d015e971f5e3f0df8e8ab149fda1270c5c72507)
|
| |
|
|
|
|
|
|
|
| |
57f639e (HEAD -> master, origin/master, origin/HEAD) odhcpd: make DHCPv6/RA/NDP support optional
402c274 dhcpv6: check return code of dhcpv6_ia_init()
ee7472a router: don't leak RA message in relay mode (FS#1853)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from af78e90d4cdb3c944d9c4f3d4d4648dd67886c4d)
|
| |
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 518fb345e110f7028912211ebf75af92c7c10809)
|
| |
|
|
|
|
|
| |
It was broken by the recent commit that added iw-full
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 7999282f7f1a1ab8a965f4b5efe31a4209bac0a6)
|
| |
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 8c647e873f9adf4527e61684458075f8d2b61a97)
|
| |
|
|
|
|
|
|
|
|
|
| |
221ce7e ubusd_acl: event send access list support
da503db ubusd_acl: event listen access list support
c035bab ubusd_acl: rework wildcard support
73bd847 ubusd_event: move strmatch_len to ubus_common.h
0327a91 ubus/lua: add support for BLOBMSG_TYPE_DOUBLE
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from f771a1b96277e3553b46746decdf24fbf00a8997)
|
| |
|
|
|
|
|
| |
dropped already upstream patch
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
(backported from 68f109609b613b38bb3b2e6e82a9c04ae8bd011f)
|
| |
|
|
|
| |
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from bbf46c9f8feea755ceb8e33ccf91733c1c2b2a34)
|
| |
|
|
|
|
|
|
|
|
|
| |
Config option to limit maximum compression streams per zram dev for
multicore CPU's. This could be defined via 'zram_comp_streams' option in
the 'system' section of '/etc/config/system' file or via cli (for e.x.
with 'uci set system.@System[0].zram_comp_streams=2 && uci commit
system'). Default is number of logical CPU cores.
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from 70d3ffb47fcef901e4d86da4c9077ba8b8e2ba10)
|
| |
|
|
|
|
|
|
|
|
| |
Use only one zram swap device of the specified $size instead of
[N x $size] devices for multicore CPUs Now zram module uses multiple
compression streams for each dev by default, so we do not need to create
several zram devs to utilize multicore CPUs.
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from 814cae7362c3bd57e8fd9305d5d0b48ff219d4d0)
|
| |
|
|
|
|
|
|
|
|
|
| |
* "zram stop" could reset up to $(num_of_cores) zram devices even if
some of those were not mounted as swap dev's. This fix tries to
enumerate mounted swap zram dev's before making a reset
* remove hot-added zram devs on stop (except zram0)
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from 9edc1fe8abac6638cd05640279bc741a23b8d260)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Compression algorithms for zram are provided by kernel crypto API, could
be any of [lzo|zl4|deflate|<some_more>] depending on kernel modules.
Compress algo for zram-swap could be defined via 'zram_comp_algo' option
in 'system' section of '/etc/config/system' file, or via cli (for e.x.
with 'uci set system.@System[0].zram_comp_algo=lz4 && uci commit
system'). check available algo's via 'cat /sys/block/zram0
/comp_algorithm'
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from b9e89adfb7881806d01e3bd259852e352f3b3ce8)
|
| |
|
|
|
| |
Signed-off-by: Samuel Casa <samuel.casa@neratec.com>
(backported from 65e9561b3d0546bfe6bad1840d81c0aa07b0c68d)
|
| |
|
|
|
|
|
| |
Signed-off-by: Samuel Casa <samuel.casa@neratec.com>
[slightly reword subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from b291517fdf5a698726fe94010055ec90d85f365a)
|
| |
|
|
|
| |
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 456df06071f54d3c799725227d1ac77afbe61891)
|
| |
|
|
|
|
|
|
|
|
| |
4b83102 treewide: switch to C-code style comments
70506bf treewide: make some functions static
d9872db interface: fix removal of dynamic interfaces
2f7ef7d interface: rework code to get rid of interface_set_dynamic
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 8e409f476b358111113353c3d3adfcff113674b8)
|
| |
|
|
|
|
|
|
| |
841b5d1 system-linux: enable by default ignore encaplimit for grev6 tunnels
125cbee system-linux: fix a typo in gre tunnel data parsing logic
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from db6f9d5598a353c94578bd76dbef92dd78f3ae63)
|
| |
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 7d8681ccb99730ca0b35a5c341b468a86cadbf35)
|
| |
|
|
|
|
|
|
| |
This can be used to fingerprint clients to try to identify the exact
model
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 23c1827e341fce302ba2841ecabeeb3f95e21d68)
|
| |
|
|
|
|
|
|
|
| |
Backport two upstream fixes to address overly verbose logging of MAC ACL
rejection messages.
Fixes: FS#1468
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 3e633bb3709611d79965fab667e3239fd3bde151)
|
| |
|
|
|
|
|
|
|
|
|
| |
Optimized inlining was disabled by default when gcc 4 was still
relatively new. By now, all gcc versions handle this well and there
seems to be no real reason to keep it x86-only.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 1e8882585c6f4a5e7f5e2b4f18cd550aafa6f81d)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
| |
This configuration option is not set when building the
layerscape/armv8_64b target.
Fixes: 92aa21497b2 ("kernel: build support for NFSv4 in nfsd")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 99e1a12fd0448bc045da7f3776e804df187ee7a2)
|
| |
|
|
|
| |
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(backported from 92aa21497b22bcf03862cf9da8e89ef007affebd)
|
| |
|
|
|
|
|
|
| |
This fixes a build problem recently introduced.
Fixes: a904003b9b5f ("kernel: fix kmod-gpio-mcp23s08 for linux 4.14")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from e882e63f1e1169030389b304489ab8a7d785df33)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We currently could (ab)use IMAGES for this task, but the downside is,
that the filenames has filesystem tied to the filename, which might be
confusing as the artifact itself don't has to be used with that specific
filesystem. Another downside is, that the artifacts built with IMAGES
target are build for every FILESYSTEMS filesystem.
Consider following use case:
define Device/apalis
...
FILESYSTEMS := ext4 squashfs
IMAGES := spl-uboot.bin recovery.scr
IMAGE/spl-uboot.bin := append-uboot-spl | pad-to 68k | append-uboot
IMAGE/recovery.scr := recovery-scr
endef
Where we would get target binaries with following filenames:
openwrt-imx6-apalis-squashfs.recovery.scr
openwrt-imx6-apalis-squashfs.spl-uboot.bin
openwrt-imx6-apalis-ext4.recovery.scr
openwrt-imx6-apalis-ext4.spl-uboot.bin
With proposed patch, we could now just do:
define Device/apalis
...
ARTIFACTS := spl-uboot.bin recovery.scr
ARTIFACT/spl-uboot.bin := append-uboot-spl | pad-to 68k | append-uboot
ARTIFACT/recovery.scr := recovery-scr
endef
Which would produce target binaries with following filenames:
openwrt-imx6-apalis-recovery.scr
openwrt-imx6-apalis-spl-uboot.bin
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 493c9a35516c27a8ec412d97e63c8cf6f41a57ea)
|
| |
|
|
|
|
|
| |
disable use of assembly code since x32 gets misdetected as amd64
Signed-off-by: Thorsten Glaser <tg@mirbsd.org>
(backported from a395563f68fde6f52dbf10913f59f13b8c804cd5)
|
| |
|
|
|
|
|
|
|
|
| |
The -rcX "testing" kernels are no longer hosted on
cdn.kernel.org file servers directly in a "testing"
directory. Therefore the logic that tested for "-rc"
can be removed.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(backported from 92bcd08989dede0f60589023e2aea4a864de76c6)
|
| |
|
|
|
|
|
| |
calls to it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from b7855230a348fa711de70665c861f63c631c98e9)
|
| |
|
|
|
|
|
| |
The kernel headers makefile needs to override LINUX_KARCH
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from c3a0102195a2902f1964b667fb86031308c78f9d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Originally, cns3xxx used it's own functions for mapping, reading and writing registers.
Upstream commit 802b7c06adc7 ("ARM: cns3xxx: Convert PCI to use generic config accessors")
removed the internal PCI config write function in favor of the generic one:
cns3xxx_pci_write_config() --> pci_generic_config_write()
cns3xxx_pci_write_config() expected aligned addresses, being produced by cns3xxx_pci_map_bus()
while the generic one pci_generic_config_write() actually expects the real address
as both the function and hardware are capable of byte-aligned writes.
This currently leads to pci_generic_config_write() writing
to the wrong registers on some ocasions.
First issue seen due to this:
- driver ath9k gets loaded
- The driver wants to write value 0xA8 to register PCI_LATENCY_TIMER, located at 0x0D
- cns3xxx_pci_map_bus() aligns the address to 0x0C
- pci_generic_config_write() effectively writes 0xA8 into register 0x0C (CACHE_LINE_SIZE)
This seems to cause some slight instability when certain PCI devices are used.
Another issue example caused by this this is the PCI bus numbering,
where the primary bus is higher than the secondary, which is impossible.
Before:
00:00.0 PCI bridge: Cavium, Inc. Device 3400 (rev 01) (prog-if 00 [Normal decode])
Flags: bus master, fast devsel, latency 0, IRQ 255
Bus: primary=02, secondary=01, subordinate=ff, sec-latency=0
After fix:
00:00.0 PCI bridge: Cavium, Inc. Device 3400 (rev 01) (prog-if 00 [Normal decode])
Flags: bus master, fast devsel, latency 0, IRQ 255
Bus: primary=00, secondary=01, subordinate=02, sec-latency=0
And very likely some more ..
Fix all by omitting the alignment being done in the mapping function.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
| |
Refreshed all patches.
Compile-tested on: ar71xx
Runtime-tested on: ar71xx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
| |
The cache coloring problem on MIPS CPUs was fixed with kernel 4.9.129 of
the kernel 4.9 branch. Activate VDSO support for MIPS again.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 91a71804f89a238082904ae027fffb52114e3499)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
33523a5 version: bump snapshot
0759480 curve25519-hacl64: reduce stack usage under KASAN
b9ab0fc chacha20: add bounds checking to selftests
2e99d19 chacha20-mips32r2: reduce stack and branches in loop, refactor jumptable handling
d6ac367 qemu: bump musl
28d8b7e crypto: make constant naming scheme consistent
56c4ea9 hchacha20: keep in native endian in words
0c3c0bc chacha20-arm: remove unused preambles
3dcd246 chacha20-arm: updated scalar code from Andy
6b9d5ca poly1305-mips64: remove useless preprocessor error
3ff3990 crypto-arm: rework KERNEL_MODE_NEON handling again
dd2f91e crypto: flatten out makefile
67a3cfb curve25519-fiat32: work around m68k compiler stack frame bug
9aa2943 allowedips: work around kasan stack frame bug in selftest
317b318 chacha20-arm: use new scalar implementation
b715e3b crypto-arm: rework KERNEL_MODE_NEON handling
77b07d9 global: reduce stack frame size
ddc2bd6 chacha20: add chunked selftest and test sliding alignments and hchacha20
2eead02 chacha20-mips32r2: reduce jumptable entry size and stack usage
a0ac620 chacha20-mips32r2: use simpler calling convention
09247c0 chacha20-arm: go with Ard's version to optimize for Cortex-A7
a329e0a chacha20-mips32r2: remove reorder directives
3b22533 chacha20-mips32r2: fix typo to allow reorder again
d4ac6bb poly1305-mips32r2: remove all reorder directives
197a30c global: put SPDX identifier on its own line
305806d ratelimiter: disable selftest with KASAN
4e06236 crypto: do not waste space on selftest items
5e0fd08 netlink: reverse my christmas trees
a61ea8b crypto: explicitly dual license
b161aff poly1305: account for simd being toggled off midway
470a0c5 allowedips: change from BUG_ON to WARN_ON
aa9e090 chacha20: prefer crypto_xor_cpy to avoid memmove
1b0adf5 poly1305: no need to trick gcc 8.1
a849803 blake2s: simplify final function
073f3d1 poly1305: better module description
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 37961f12baa756caf5d735fdafff46205d21a93d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* blake2s-x86_64: fix whitespace errors
* crypto: do not use compound literals in selftests
* crypto: make sure UML is properly disabled
* kconfig: make NEON depend on CPU_V7
* poly1305: rename finish to final
* chacha20: add constant for words in block
* curve25519-x86_64: remove useless define
* poly1305: precompute 5*r in init instead of blocks
* chacha20-arm: swap scalar and neon functions
* simd: add __must_check annotation
* poly1305: do not require simd context for arch
* chacha20-x86_64: cascade down implementations
* crypto: pass simd by reference
* chacha20-x86_64: don't activate simd for small blocks
* poly1305-x86_64: don't activate simd for small blocks
* crypto: do not use -include trick
* crypto: turn Zinc into individual modules
* chacha20poly1305: relax simd between sg chunks
* chacha20-x86_64: more limited cascade
* crypto: allow for disabling simd in zinc modules
* poly1305-x86_64: show full struct for state
* chacha20-x86_64: use correct cut off for avx512-vl
* curve25519-arm: only compile if symbols will be used
* chacha20poly1305: add __init to selftest helper functions
* chacha20: add independent self test
Tons of improvements all around the board to our cryptography library,
including some performance boosts with how we handle SIMD for small packets.
* send/receive: reduce number of sg entries
This quells a powerpc stack usage warning.
* global: remove non-essential inline annotations
We now allow the compiler to determine whether or not to inline certain
functions, while still manually choosing so for a few performance-critical
sections.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from f07a94da50b8a31928cb34c19695747e0df74beb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* curve25519: arm: do not modify sp directly
* compat: support neon.h on old kernels
* compat: arch-namespace certain includes
* compat: move simd.h from crypto to compat since it's going upstream
This fixes a decent amount of compat breakage and thumb2-mode breakage
introduced by our move to Zinc.
* crypto: use CRYPTOGAMS license
Rather than using code from OpenSSL, use code directly from AndyP.
* poly1305: rewrite self tests from scratch
* poly1305: switch to donna
This makes our C Poly1305 implementation a bit more intensely tested and also
faster, especially on 64-bit systems. It also sets the stage for moving to a
HACL* implementation when that's ready.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from a54f492d0cf1f9bff1dd449961441e789c724995)
|
