| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Improves local TCP throughput and fixes use-after-free bugs that could lead
to crashes.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since kernel 4.14.75 commit ("netfilter: xt_cluster: add dependency on conntrack module")
a dependency is required on kmod-nf-conntrack.
It seems this was already present for kmod-ipt-clusterip
but not yet for kmod-ipt-cluster
Add it fixing a build error when including kmod-ipt-cluster:
Package kmod-ipt-cluster is missing dependencies for the following libraries:
nf_conntrack.ko
modules/netfilter.mk:665: recipe for target '/mnt/ramdisk/koen/firmware/builds/openwrt/bin/targets/cns3xxx/generic/packages/kmod-ipt-cluster_4.14.75-1_arm_mpcore_vfp.ipk' failed
make[3]: *** [/mnt/ramdisk/koen/firmware/builds/openwrt/bin/targets/cns3xxx/generic/packages/kmod-ipt-cluster_4.14.75-1_arm_mpcore_vfp.ipk] Error 1
make[3]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt/package/kernel/linux'
Command exited with non-zero status 2
time: package/kernel/linux/compile#1.80#0.05#2.07
package/Makefile:107: recipe for target 'package/kernel/linux/compile' failed
make[2]: *** [package/kernel/linux/compile] Error 2
make[2]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt'
package/Makefile:103: recipe for target '/mnt/ramdisk/koen/firmware/builds/openwrt/staging_dir/target-arm_mpcore+vfp_musl_eabi/stamp/.package_compile' failed
make[1]: *** [/mnt/ramdisk/koen/firmware/builds/openwrt/staging_dir/target-arm_mpcore+vfp_musl_eabi/stamp/.package_compile] Error 2
make[1]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt'
/mnt/ramdisk/koen/firmware/builds/openwrt/include/toplevel.mk:216: recipe for target 'world' failed
make: *** [world] Error 2
Fixes: bba743458eb4 ("kernel: bump 4.14 to 4.14.75")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.75&id=b969656b46626a674232c0eadf92a394b89df07c
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes the following build error:
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_post’
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_wait'
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_init’
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_destroy’
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support for -D got broken in the 2.0.11 release by the upstream commit
218d8c667944 ("first pass L2 mode w/UDP checks, v4 only"). After that
commit clients were still able to connect but no traffic was passed.
It was reported and is fixed now in the upstream git repository.
Backport two patches to fix this. The first one is just a requirement
for the later to apply. The second one is the real fix and it needed
only a small adjustment to apply without backporing the commit
10887b59c7e7 ("fix --txstart-time report messages").
Fixes: 7d15f96eaf76 ("iperf: bump to 2.0.12")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 87cd118794cc9375260ea213838e80ad5295e83c)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The sysupgrade_pre_upgrade hook was removed with 6a27c2f4b1a4 ("base-files:
drop fwtool_pre_upgrade") while there were still scripts using it:
* target/linux/ar71xx/base-files/lib/upgrade/allnet.sh
* target/linux/ar71xx/base-files/lib/upgrade/openmesh.sh
* target/linux/ipq40xx/base-files/lib/upgrade/openmesh.sh
Not running the hooks can either prevent a successful upgrade or brick the
device because the fw_setenv program cannot be started correctly.
Fixes: 6a27c2f4b1a4 ("base-files: drop fwtool_pre_upgrade")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
|
| |
|
|
|
|
| |
d0fa124 iprule: fix segfault (FS#1875)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Revert "Add workaround for wrong skb->mac_len values after splitting GSO"
Remove our local patch which did the same thing.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 885052fbfb0ea5ee49e6abc6878ae99ee011688b)
|
| |
|
|
|
|
|
|
|
| |
Kernels 4.14.73 & 4.9.140 include the gso fixup fix, so cake
doesn't need to do it. Let's not waste cpu cycles by doing it in
cake which could be really important on cpu constrained devices.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit b47614f9f18c7d1c24104ef1d53c8d1ac8920ba4)
|
| |
|
|
|
|
| |
53e1110 mt76: mt76x2: fix multi-interface beacon configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
| |
other drivers)
Software crypto wasn't working for management frames because the flag
indicating management frame crypto was missing
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
| |
497c304 mt7603: fix wcid for frames sent via drv_tx
27af7a5 mt76: fix handling ps-poll frames
c3dba28 mt76: check aggregation sequence number for frames sent via drv_tx
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
Backport u-boot commit 704f3acfcf55343043bbed01c5fb0a0094a68e8a to fix
compatibility with gcc7.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
|
| |
|
|
|
|
| |
Fixes a crash with drivers like ath9k
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
6e1898d mt76x2: fix tx power configuration for VHT mcs 9
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport most significant upstream fixes (excl. hwsim fixes)
Refreshed all patches.
Contains important fixes for CSA (Channel Switch Announcement)
and A-MSDU frames.
[slightly altered to apply cleanly]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
| |
|
|
|
|
|
|
|
| |
Registering a GPIO chip with the ath9k device as parent prevents unload,
because the gpiochip core increases the module use count.
Unfortunately, the only way to avoid this at the moment seems to be to
register the GPIO chip without a parent device
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
| |
Allow setting specific routing tables via the ip4table and ip6table
options also when ${ifname}_4 and ${ifname}_6 child interfaces are
being created.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e51aa699f7ca3ce83a0add622c0fd17d0caafc46)
|
| |
|
|
|
|
|
|
|
| |
Pull in latest upstream tweaks:
Similar to the previous patch for no-split-gso, the negative keywords for
'nat', 'wash' and 'ack-filter' were not printed either. Add those as well.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 033f02b9b5580e67e2f1b623f62da60d645e7ba2)
|
| |
|
|
|
|
|
|
|
| |
When the GSO splitting was turned into dual split-gso/no-split-gso options,
the printing of the latter was left out. Add that, so output is consistent
with the options passed
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 8cac8572897c28e902218b445aa9bed82c40989f)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CAKE supports overriding of its internal classification of
packets through the tc filter mechanism.
Update the man page in our package, even though we don't
build them. Someone may find the documentation useful.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 30598a05385b0ac2380dd4f30037a9f9d0318cf2)
(cherry picked from commit dc9388ac5506f2d0ea0fee6967c003b9129c8ca5)
|
| |
|
|
|
|
|
|
|
| |
Bump to latest upstream cake:
Add workaround for wrong skb->mac_len values after splitting GSO
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 66fd41ba79356b1b776ba29dd8191039abc23061)
|
| |
|
|
|
|
|
|
| |
Expand filter flow mapping to include hosts as well
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit d14ffdc307d36bd9abe908b46ff7baece54c9551)
(cherry picked from commit 721dfd4eb8a4a568c7c4320436a843d30413605e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes sch_cake's gso/gro splitting configurable
from userspace.
To disable breaking apart superpackets in sch_cake:
tc qdisc replace dev whatever root cake no-split-gso
to enable:
tc qdisc replace dev whatever root cake split-gso
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Dave Taht <dave.taht@gmail.com>
[pulled from netdev list - no API/ABI change]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 3e8a9389961cd866b867740a2f71c2a0af97ab56)
|
| |
|
|
|
|
|
|
|
|
| |
Follow upstream kernel patch that restores always splitting gso packets
by default whilst making the option configurable from (tc) userspace.
No ABI/API change
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit fe077d20e3b484e55ad49d5711673d05d7a301de)
|
| |
|
|
|
| |
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b3d441c5f7c5247c1b0c3b6e9827d49a27093d50)
|
| |
|
|
|
|
|
|
| |
This allows driver to support features that can't be dynamically
discovered.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit fecbd91c7c12b5b1cfe894c2901083cc42863aae)
|
| |
|
|
|
|
|
|
|
| |
Monitor mode isn't supported yet with brcmfmac, it's just an early work.
This also prepares brcmfmac to work stable with new firmwares which use
updated struct for passing STA info.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c0608c6a27e74923dc94772072d4a279d652b3fc)
|
| |
|
|
|
|
|
|
|
| |
Allowing DHCPV6_CLIENT_FQDN and DHCPV6_ACCEPT_RECONFIGURE to be turned off.
Defaulting to false, former behavior remains unchanged.
Signed-off-by: pacien <pacien.trangirard@pacien.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit ef01c1d308d1cb200fc14ab49f0d3d0a07e1a9fe)
|
| |
|
|
|
|
|
|
|
|
|
| |
The dnsmasq variants should provide dnsmasq, otherwise it is impossible
to include them in the image.
This change allows one to have CONFIG_PACKAGE_dnsmasq=m and
CONFIG_PACKAGE_dnsmasq-full=y, e.g. because you want DNSSEC support, or
IPSETs suport on your 3000-devices fleet ;-)
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
|
| |
|
|
|
|
|
|
| |
This is required for programs that indirectly link libjson-c through the
libubox blobmsg_json library.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5762efd8b29d68e219fc9d00b681269727cbf5d5)
|
| |
|
|
|
|
|
|
| |
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 73100024d335caaa7477e5b3be27fad1d228a234)
|
| |
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 56e3a19ad6b09b421db84e7266f3df3d459d23b4)
[While nothing in 18.06 needs the blobmsg-json host build, this prevents
builds failing due to incompatible json-c versions installed on the host
system]
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
| |
|
|
|
|
|
|
| |
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit a5368dc30c18947d260c8b68f2f83ca57bdb95b0)
|
| |
|
|
|
|
|
| |
Found through UScan.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 31f87ebcb25b4d266faaf347073f1913740a5891)
|
| |
|
|
|
|
|
| |
Add -Wno-implicit-fallthrough to HOST_CFLAGS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 5e9470a93b6e79ec63d2eda16f1849d7e3868562)
|
| |
|
|
|
| |
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6fc8e06078d30e8d36a00d0ecc97ac9cc148fe60)
|
| |
|
|
|
|
|
|
|
|
| |
Patch 300-CVE-2015-8370.patch was added without proper rebasing on the
version used by OpenWrt, make it apply and refresh the patch to fix
compilation.
Fixes: 7e73e9128f ("grub2: Fix CVE-2015-8370")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 9ffbe84ea49fc643f41bfdf687de99aee17c9154)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This CVE is a culmination of multiple integer overflow issues that cause
multiple issues like Denial of Service and authentication bypass.
More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370
Taken from Fedora.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 7e73e9128f6a63b9198c88eea97c267810447be4)
|
| |
|
|
|
|
|
|
|
|
|
| |
Issue causes a crash with specially crafted bzip2 files.
More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189
Taken from Fedora.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f9469efbfa7ce892651f9a6da713eacbef66f177)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The control device /dev/cdc-wdm0 is not available immediately on the
D-Link DWR-921 Rev.C3, therefore the wwan interface fails to start at
boot with a "The specified control device does not exist" error.
This patch alters /lib/netifd/proto/qmi.sh to wait for
network.wwan.delay earlier, before checking for the control device,
instead of just before interacting with the modem.
One still has to use network.wwan.proto='qmi', as the "wwan" proto
performs that sort of check before any delay is possible, failing with a
"No valid device was found" error.
Signed-off-by: Thomas Equeter <tequeter@users.noreply.github.com>
|
| |
|
|
|
|
|
|
|
|
| |
Some combination of modem/wireless operator requires more time to
execute the commands.
Tested on DWR-512 embedded wwan modem and italian operator iliad (new
virtual operator).
Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
(cherry picked from commit 774d7fc9f2897d7b33ef15ddaa3522531eb85970)
|
| |
|
|
|
|
|
|
| |
This is necessary to get my position right.
Without this my longitude is incorrecty -15.85xxxx instead of -16.52yyyy
Signed-off-by: Bruno Randolf <br1@einfach.org>
(cherry picked from commit fe960cead7005811deb03c220f6bb5660f65e1d5)
|
| |
|
|
|
|
|
| |
Like many other packages, an option to disable can be practical.
Signed-off-by: Bruno Randolf <br1@einfach.org>
(cherry picked from commit 6b14a73f4f619b7bbdeac1cbcd0d34b0957ca0cb)
|
| |
|
|
|
|
|
| |
Add non-DFS 5G upper channels (149-165) besides existed 4 lower channels
(36, 40, 44, 48).
Signed-off-by: Antonio Silverio <menion@gmail.com>
|
| |
|
|
|
|
|
|
| |
7daf962 mt7603: add survey support
980c606 mt7603: add fix for CCA signal configuration
30b8371 mt7603: fix BAR rate
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
| |
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
|
|
|
| |
41333ab uci: tighten uci reorder operation error handling
f91751b uci: tighten uci delete operation error handling
c2c612b uci: tighten uci set operation error handling
948bb51 uci: tighten uci add operation error handling
51980c6 uci: reject invalid section and option names
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 8c91807214c42b481a0893e118d46f488419468a)
|
| |
|
|
|
|
|
|
| |
This fixes the following security problems:
* CVE-2018-0732: Client DoS due to large DH parameter
* CVE-2018-0737: Cache timing vulnerability in RSA Key Generation
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
