aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* mt76: sync with version 878456caf60d from masterFelix Fietkau2017-10-131-4/+4
| | | | | | | Backport required DT changes from commit dabdd123c90c. Significantly improves stability and performance for MT76x2 and MT7603 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* LEDE v17.01.3: revert to branch defaultsStijn Tintel2017-10-031-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* LEDE v17.01.3: adjust config defaultsv17.01.3Stijn Tintel2017-10-031-2/+2
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* uhttp: update to latest versionAdrian Panella2017-10-031-3/+3
| | | | | | | | | | | | | | 3fd58e9 2017-08-19 uhttpd: add manifest support 88c0b4b 2017-07-09 file: fix basic auth regression 99957f6 2017-07-02 file: remove unused "auth" member from struct path_info c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS ad93be7 2017-07-02 auth: store parsed username and password fa51d7f 2017-07-02 proc: do not declare empty process variables a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash Signed-off-by: Adrian Panella <ianchi74@outlook.com>
* odhcpd: don't enable server mode on non-static lan portKarl Palsson2017-10-022-3/+18
| | | | | | | | | | | | Instead of blindly enabling the odhcpd v6 server and RA server on the lan port, only do that if the lan port protocol is "static" This prevents the unhelpful case of a device being a dhcpv4 client and v6 server on the same ethernet port. Signed-off-by: Karl Palsson <karlp@etactica.com> [PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup] Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcpd: backport fixes from master branch (FS#402, FS#524)Hans Dedecker2017-10-021-3/+3
| | | | | | | 336212c config: fix dhcpv4 server being started 336212c dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: bump to v2.78Kevin Darbyshire-Bryant2017-10-027-226/+4
| | | | | | Fixes CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495, 2017-CVE-14496 Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* base-files: create /etc/config/ directoryHauke Mehrtens2017-10-011-0/+1
| | | | | | | | | | | | | | | The /bin/config_generate script and some other scripts are assuming the /etc/config directory exists in the image. This is true in case for example the package firewall, dropbear or dnsmasq are included, which are adding the files under /etc/config/. Without any of these package the system will not boot up fully because the /etc/config/ directory is missing and some init scripts just fail. Make sure all images with the base-files contain a /etc/config/ directory. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Acked-by: John Crispin <john@phrozen.org>
* ltq-vdsl-mei: revert disable optimized firmware downloadMathias Kresin2017-09-301-2/+2
| | | | | | | | | | | | This reverts commit b428f45c062dc8ca8c2f35f491fa467dc5b85519. If the optimized firmware download is disabled, the xdsl subsystem hangs in the "idle request" state after physically disconnecting and reconnecting the xdsl modem from the line. It might fix the failing line init on boot as well. Signed-off-by: Mathias Kresin <dev@kresin.me>
* curl: fix security problemsHauke Mehrtens2017-09-303-1/+75
| | | | | | | | This fixes the following security problems: * CVE-2017-1000100 TFTP sends more than buffer size * CVE-2017-1000101 URL globbing out of bounds read Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mbedtls: update to 2.6.0 CVE-2017-14032Kevin Darbyshire-Bryant2017-09-302-30/+30
| | | | | | | | | | | | | | | Fixed an authentication bypass issue in SSL/TLS. When the TLS authentication mode was set to 'optional', mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when it was not trusted. This could be triggered remotely on both the client and server side. (Note, with the authentication mode set by mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake was correctly aborted). Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Tested-by: Magnus Kroken <mkroken@gmail.com>
* ltq-vdsl-mei: disable optimized firmware downloadMathias Kresin2017-09-281-2/+2
| | | | | | | | | With ltq-vdsl-mei 1.5.17.6 an optimized firmware download was added and enabled by default. As soon as the optimized firmware download is enabled, a watchdog based reboot is trigger between 24h to 48h of uptime if the board isn't connected to a xdsl line. Signed-off-by: Mathias Kresin <dev@kresin.me>
* ltq-vdsl: fix PM thread suspend and resume handlingMartin Schiller2017-09-282-1/+108
| | | | | | | | This is a backport form drv_dsl_cpe_api-4.18.10 and fixes some PM thread handling issues which lead to high system load and watchdog trigger within 1h of uptime for boards not connected to a xdsl line. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* openvpn: add "extra-certs" optionSven Roederer2017-09-252-1/+2
| | | | | | | | This option is used to specify a file containing PEM certs, to complete the local certificate chain. Which is quite usefull for "split-CA" setups. Signed-off-by: Sven Roederer <devel-sven@geroedel.de> Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* tcpdump: noop commit to refer CVEs fixed in 4.9.2Stijn Tintel2017-09-181-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed CVEs in the commit message. As the list of fixed CVEs is quite long, we should probably mention them in the changelogs of the releases to come. This commit will make sure this happens. The following CVEs were fixed in 21014d9708d586becbd62da571effadb488da9fc: CVE-2017-11541 CVE-2017-11541 CVE-2017-11542 CVE-2017-11542 CVE-2017-11543 CVE-2017-11543 CVE-2017-12893 CVE-2017-12894 CVE-2017-12895 CVE-2017-12896 CVE-2017-12897 CVE-2017-12898 CVE-2017-12899 CVE-2017-12900 CVE-2017-12901 CVE-2017-12902 CVE-2017-12985 CVE-2017-12986 CVE-2017-12987 CVE-2017-12988 CVE-2017-12989 CVE-2017-12990 CVE-2017-12991 CVE-2017-12992 CVE-2017-12993 CVE-2017-12994 CVE-2017-12995 CVE-2017-12996 CVE-2017-12997 CVE-2017-12998 CVE-2017-12999 CVE-2017-13000 CVE-2017-13001 CVE-2017-13002 CVE-2017-13003 CVE-2017-13004 CVE-2017-13005 CVE-2017-13006 CVE-2017-13007 CVE-2017-13008 CVE-2017-13009 CVE-2017-13010 CVE-2017-13011 CVE-2017-13012 CVE-2017-13013 CVE-2017-13014 CVE-2017-13015 CVE-2017-13016 CVE-2017-13017 CVE-2017-13018 CVE-2017-13019 CVE-2017-13020 CVE-2017-13021 CVE-2017-13022 CVE-2017-13023 CVE-2017-13024 CVE-2017-13025 CVE-2017-13026 CVE-2017-13027 CVE-2017-13028 CVE-2017-13029 CVE-2017-13030 CVE-2017-13031 CVE-2017-13032 CVE-2017-13033 CVE-2017-13034 CVE-2017-13035 CVE-2017-13036 CVE-2017-13037 CVE-2017-13038 CVE-2017-13039 CVE-2017-13040 CVE-2017-13041 CVE-2017-13042 CVE-2017-13043 CVE-2017-13044 CVE-2017-13045 CVE-2017-13046 CVE-2017-13047 CVE-2017-13048 CVE-2017-13049 CVE-2017-13050 CVE-2017-13051 CVE-2017-13052 CVE-2017-13053 CVE-2017-13054 CVE-2017-13055 CVE-2017-13687 CVE-2017-13688 CVE-2017-13689 CVE-2017-13690 CVE-2017-13725 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 2375e279a7cb462d62fd6028cb3fbd56217222de)
* tcpdump: bump to 4.9.2Stijn Tintel2017-09-182-37/+41
| | | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 21014d9708d586becbd62da571effadb488da9fc)
* utils/tcpdump: Rework URLsDaniel Engberg2017-09-181-2/+2
| | | | | | | | | | | | Add actual mirror and use main site as last resport Source: http://www.tcpdump.org/mirrors.html Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net> (cherry picked from commit fd95397ee33a34704771de2ab26a5910b1a88c6f) Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Conflicts: package/network/utils/tcpdump/Makefile
* base-files: fix wan6 interface config generation for pppoeHans Dedecker2017-09-182-6/+3
| | | | | | | | | | | | | | | | Setting ipv6 to auto in case of a pppoe interface will trigger the creation of a dynamic wan_6 interface meaning two IPv6 interfaces (wan6 and wan_6) will be active on top of the pppoe interface. This leads to unpredictable behavior in the network; therefore set ipv6 to 1 which will prevent the dynamic creation of the wan_6 interface. Further alias the wan6 interface on top of the wan interface for pppoe as the wan6 interface can only be started when the link local address is ready. In case of pppoe the link local address is negotiated during the Internet Protocol Control Protocol when the PPP link is setup meaning all the IP address info is only available when the wan interface is up. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* treewide: fix shellscript syntax errors/typosLorenzo Santina2017-09-139-10/+9
| | | | | | | | | Fix multiple syntax errors in shelscripts (of packages only) These errors were causing many conditions to not working properly Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it> [increase PKG_RELEASE, drop command substitution from directip.sh] Signed-off-by: Mathias Kresin <dev@kresin.em>
* hostapd: fix iapp_interface optionLorenzo Santina2017-09-101-1/+1
| | | | | | | ifname variable were not assigned due to syntax error causing the hostapd config file to have an empty iapp_interface= option Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
* dnsmasq: backport arcount edns0 fixKevin Darbyshire-Bryant2017-09-082-1/+45
| | | | | | | | | Don't return arcount=1 if EDNS0 RR won't fit in the packet. Omitting the EDNS0 RR but setting arcount gives a malformed packet. Also, don't accept UDP packet size less than 512 in received EDNS0. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* dnsmasq: backport official fix for CVE-2017-13704Kevin Darbyshire-Bryant2017-09-073-38/+95
| | | | | | | | | Remove LEDE partial fix for CVE-2017-13704. Backport official fix from upstream. Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
* uclient: update to 2017-09-06Matthias Schiffer2017-09-061-3/+3
| | | | | | | 24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses 83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* f2fs-tools: fix mkfs.f2fs on big-endian systemsStijn Tintel2017-09-032-1/+67
| | | | | | | Fixes: FS#749 Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit cdb494fdc2d3399e698893ff0cfd06d3c802364f)
* f2fs-tools: drop musl compat patchStijn Tintel2017-09-031-10/+0
| | | | | | | It is no longer needed since version 1.4.1. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> (cherry picked from commit 252c8ddf146f196faaa34cf7af9b3eacb79e6add)
* f2fs-tools: drop patch in favour of CONFIGURE_VARSStijn Tintel2017-09-032-19/+3
| | | | | | | | | Override the failing check in configure with CONFIGURE_VARS instead of carrying a patch that's unlikely to be accepted by upstream. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Acked-by: John Crispin <john@phrozen.org> (cherry picked from commit d87f27af54e7c122c8f320f7266dd5061bb47a8b)
* f2fs-tools: Switch to gz tarballDaniel Engberg2017-09-031-3/+3
| | | | | | At some point kernel.org decided to drop xz generated tarballs, switch to gz which they still provide. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* dnsmasq: forward.c: fix CVE-2017-13704Kevin Darbyshire-Bryant2017-08-302-1/+38
| | | | | | | | | | | | | | | | Fix SIGSEGV in rfc1035.c answer_request() line 1228 where memset() is called with header & limit pointing at the same address and thus tries to clear memory from before the buffer begins. answer_request() is called with an invalid edns packet size provided by the client. Ensure the udp_size provided by the client is bounded by 512 and configured maximum as per RFC 6891 6.2.3 "Values lower than 512 MUST be treated as equal to 512" The client that exposed the problem provided a payload udp size of 0. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Acked-by: Hans Dedecker <dedeckeh@gmail.com>
* tcpdump: Update to 4.9.1Daniel Engberg2017-08-151-2/+2
| | | | | | | Fixes: * CVE-2017-11108: Fix bounds checking for STP. Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* mbedtls: Re-allow SHA1-signed certificatesBaptiste Jonglez2017-08-112-1/+10
| | | | | | | | | | | | Since mbedtls 2.5.1, SHA1 has been disallowed in TLS certificates. This breaks openvpn clients that try to connect to servers that present a TLS certificate signed with SHA1, which is fairly common. Run-tested with openvpn-mbedtls 2.4.3, LEDE 17.01.2, on ar71xx. Fixes: FS#942 Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
* base-files: don't setup network in preinit if failsafe is disabledRafał Miłecki2017-08-091-1/+4
| | | | | | | | | | | | With failsafe disabled there is no point in early network setup. We don't send announcement over UDP and there is no way to ssh to the device. A side effect of this is avoiding a possibly incorrect network config (only with failsafe disabled). This problem is related to possible changes made by user in /etc/config/network. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* dnsmasq: backport remove ping check of configured dhcp addressHans Dedecker2017-08-082-1/+29
| | | | | | | Remove ping check in DHCPDISCOVER case as too many buggy clients leave an interface in configured state causing the ping check to fail. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: update to the latest git HEADHans Dedecker2017-08-081-3/+3
| | | | | | 66be6a2 watchdog: fix inline watchdog_get_magicclose function prototype Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: update to latest git HEADJohn Crispin2017-08-011-3/+3
| | | | | | 3e68cdf procd: Do not leak pipe file descriptors to children Signed-off-by: John Crispin <john@phrozen.org>
* curl: fix CVE-2017-7407 and CVE-2017-7468Hauke Mehrtens2017-07-283-1/+430
| | | | | | | | This fixes the following security problems: * CVE-2017-7407: https://curl.haxx.se/docs/adv_20170403.html * CVE-2017-7468: https://curl.haxx.se/docs/adv_20170419.html Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: netfilter: fix nf-nathelper(-extra) descriptionUwe Arnold2017-07-251-2/+2
| | | | | | | | | The tftp and irc netfilter modules are provided by nf-nathelper-extra and not by nf-nathelper. Signed-off-by: Uwe Arnold <donvipre@gmail.com> [move the irc module as well] Signed-off-by: Mathias Kresin <dev@kresin.me>
* uboot-envtools: add support for ALFA Network AP121FPiotr Dymacz2017-07-231-0/+1
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* procd: backport kernel watchdog start/stop supportHans Dedecker2017-07-131-3/+3
| | | | | | 4dbf57a watchdog: add support for starting/stopping kernel watchdog Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dnsmasq: backport patch fixing DNS failover (FS#841)Hans Dedecker2017-07-121-0/+31
| | | | | | | Backport upstream dnsmasq patch fixing DNS failover when first servers returns REFUSED in strict mode; fixes issue FS#841. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* fstools: backport fixes from master branchDaniel Golle2017-07-112-60/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following changes are backported from the master branch bdcb075 libfstools: fix matching device name (f038a61 on master) ef2d438 fstools: use -Wno-format-truncation instead of -Wno-error=format-truncation (c43ae11 on master) d361923 build: disable the format-truncation warning error to fix gcc 7 build errors (a19f2b3 on master) cddc830 libfstools: silence mkfs.{ext4,f2fs} (88d48d5 on master) be5004c libfstools: add basic documentation of mount functions (92b4c2c on master) 34d36c2 add missing includes (7d78836 on master) A previously added hotfix was replaced by a git commit, hence the patch file is removed and we got instead 45c2a6f libfstools: fix multiple volume_identify usages with the same volume (633a8d0 on master) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mtd-utils: use source package name for lzo in PKG_BUILD_DEPENDSMatthias Schiffer2017-07-081-1/+1
| | | | | | PKG_BUILD_DEPENDS should always refer to source package names. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* dnsmasq: backport tweak ICMP ping logic for DHCPv4Hans Dedecker2017-07-012-1/+26
| | | | | | | | | | Don't start ping-check of address in DHCP discover if there already exists a lease for the address. It has been reported under some circumstances android and netbooted windows devices can reply to ICMP pings if they have a lease and thus block the allocation of the IP address the device already has during boot. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dhcpv6: add missing dollar sign in dhcpv6 script (FS#874)Hans Dedecker2017-06-292-2/+2
| | | | Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* procd: backport fixes from master branchDaniel Golle2017-06-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The following commits have been cherry-picked into the lede-17.01 branch of procd, listed here in git-log-order ie. with head first: 89918c8 system: introduce new attribute board_name (79bbe6d and 453116e on master branch) 8297c38 preinit: define _GNU_SOURCE (e5b963a on master branch) 8fd57dd upgraded: cmake: Find and include uloop.h (e5ff8ca on master branch) 6b0da20 hotplug: fix a memory leak in handle_button_complete() (f367ec6 on master branch) 558ffb5 service/service_stopped(): fix a use-after-free (796ba3b on master branch) 22f89e1 upgraded: define __GNU_SOURCE (e7bb2c8 on master branch) 6e8ea8b rcS: add missing fcntl.h include (992b796 on master branch) cd5225d procd/rcS: Use /dev/null as stdin (d42b21e on master branch) 5131bec procd: Log initscript output prefixed with script name (1247db1 on master branch) 225b18d procd: Don't use syslog before its initialization (8d720b2 on master branch) 889442c procd: Add missing \n in debug message (2555474 on master branch) 2716228 procd: service gets deleted when its last instance is freed (8f218f5 on master branch) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: fix PKG_CONFIG_DEPENDS to include version.mk entriesRafał Miłecki2017-06-261-1/+2
| | | | | | | | Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for VERSION_SED command. We should keep these configs to make sure package gets refreshed when needed. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ca-certificates: Update to version 20161130+nmu1Christian Schoenebeck2017-06-261-3/+3
| | | | Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
* openvpn: update to 2.4.3Magnus Kroken2017-06-265-13/+14
| | | | | | | | | | | | | | | | | | | | Fixes for security and other issues. See security announcement for more details: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 * Remotely-triggerable ASSERT() on malformed IPv6 packet (CVE-2017-7508) * Pre-authentication remote crash/information disclosure for clients (CVE-2017-7520) * Potential double-free in --x509-alt-username (CVE-2017-7521) * Remote-triggerable memory leaks (CVE-2017-7512) * Post-authentication remote DoS when using the --x509-track option (CVE-2017-7522) * Null-pointer dereference in establish_http_proxy_passthru() * Restrict --x509-alt-username extension types * Fix potential 1-byte overread in TCP option parsing * Fix mbedtls fingerprint calculation * openssl: fix overflow check for long --tls-cipher option * Ensure option array p[] is always NULL-terminated * Pass correct buffer size to GetModuleFileNameW() (Quarkslabs finding 5.6) Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* mbedtls: update to 2.5.1Magnus Kroken2017-06-262-27/+27
| | | | | | | | | | | | | | | Fixes some security issues (no remote exploits), and introduces some changes. See release notes for details: https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released * Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read() * Adds exponent blinding to RSA private operations * Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt()) * Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification. * Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes. * Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
* Revert "dnsmasq: don't point --resolv-file to default location unconditionally"Hans Dedecker2017-06-191-3/+3
| | | | | | | | | | This reverts commit 78edfff5303533dc52a1ac64ad745acc0a8a743e. This breaks local dns resolving in case noresolv=1 as resolv.conf is not populated anymore with 127.0.0.1 as resolvfile does not equal /tmp/resolv.conf.auto anymore. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: fix service trigger syntax errorKevin Darbyshire-Bryant2017-06-172-2/+2
| | | | | | The classic single '&' when double '&&' conditional was meant. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>