aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
...
* hostapd: adjust to removal of WOLFSSL_HAS_AES_GCMEneas U de Queiroz2019-10-191-1/+0
| | | | | | | WolfSSL is always built with AES-GCM support now. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit ee5a3f6d605602bbff57cde337235088cf9c3ffa)
* trelay: fix deadlock on removeAli MJ Al-Nasrawy2019-10-191-7/+21
| | | | | | | | | | | | Upon writing to "remove" file, debugfs_remove_recursive() blocks while holding rtnl_lock. This is because debugfs' file_ops callbacks are executed in debugfs_use_file_*() context which prevents file removal. Fix this by only flagging the device for removal and then do the cleanup in file_ops.release callback which is executed out of that context. Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com> (cherry picked from commit c2635b871d1dd03a6608a9255222672decd49e09)
* trelay: handle netdevice events correctlyAli MJ Al-Nasrawy2019-10-191-1/+1
| | | | | | | | | | | | | | Since v3.11, netdevice notification data are of type "struct netdev_notifier_info". Handle it as such! This should fix a critical bug in which devices are unable get released because trelay does not release resources in response to UNREGISTER event spamming the log with something like: unregister_netdevice: waiting for eth0.1 to become free. Usage count = 1 Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com> (cherry picked from commit 77cfc0739d30c1282f7de24d2ec086d244e34bb7)
* bzip2: add linker option LDFLAGSleo chung2019-10-191-0/+11
| | | | | | | | | | | if gcc not linker whith this LDFLAGS, "file libbz2.so.1.0.8" will recognize as pie executable ELF file ( which should be shared object). this because the file command version before 5.36 not recognize correctly. Signed-off-by: leo chung <gewalalb@gmail.com> (cherry picked from commit 56ab58fb6ce29329963619d5a4fffa9d5828176e)
* mac80211: Update to version 4.19.79Hauke Mehrtens2019-10-199-46/+27
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* lantiq: Fix fw_cutter LzmaWrapperChristian Franke2019-10-181-1/+1
| | | | | | | | | The destination buffer size `d_len` is passed to `lzma_inflate` as a pointer. Therefore, it needs to be dereferenced to compare its content. Signed-off-by: Christian Franke <nobody@nowhere.ws> (cherry picked from commit d544bc84a07f299ac1e513715301cae5fbd30923) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* rpcd: update to latest Git HEADJo-Philipp Wich2019-10-181-3/+3
| | | | | | | 95f0973 file: increase minimum read buffer size to 4096 bytes Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 2a603cfcfccc4b20b10b7992bc07be0945345ed9)
* rpcd: update to latest Git HEADJo-Philipp Wich2019-10-181-3/+3
| | | | | | | e2a7bc4 iwinfo: add WPA3 support Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit d6a405280f0156a2dad7d9cfa96695d53ed87dab)
* rpcd: update to latest Git HEADJo-Philipp Wich2019-10-181-4/+4
| | | | | | | | | | | | 69eeb1b file: refactor message parsing and permission checking f65527a iwinfo: expose all rate info fields in assoclist reply 7fec636 sys: fix symbol redeclaration 27c24c7 rpcd: sys: actually move timespec declaration 345363b file: add remove operation 604db20 rpcd: Switch to nanosleep Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 2f9f8769e334d2e8d0bac4edadbcf6bcdd229519)
* fwtool: do not omit final 16 byte when image does not contain signatureJo-Philipp Wich2019-10-172-2/+4
| | | | | | | | | | | | | | | | | | | The fwutil command will interpret the final 16 byte of a given firmware image files as "struct fwimage_trailer". In case these bytes do look like a valid trailer, we must ensure that we print them out along with the remainder of the image to not accidentally truncate non-trailer-images by 16 bytes when they're piped through fwtool, e.g. as part of an image verification command sequence. Some command sequences pipe images through fwtool in order to strip any possible metadata, certificate or signature trailers and do not expect bare images without any of that metadata to get truncated as other non- fwtool specific metadata is expected at the end of the file, e.g. an information block with an md5sum in case of the combined image format. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 889b841048c5eb7f975135cab363f1fdd9b6cfa1)
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-10-161-3/+3
| | | | | | | | 07315b6 nl80211: handle hidden SSIDs in wpa_supplicant scan results 3ac846e lua: fix string description of mixed WPA3 modes Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit bc61458b73c04f900c358be8b7ed37c84298472a)
* gdb: bump to 8.3.1Koen Vandeputte2019-10-155-29/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GDB 8.3.1 brings the following fixes and enhancements over GDB 8.3: PR c++/20020 (GDB segfault on printing objects) PR gdb/24454 (nat/x86-linux-dregs.c failed assertion) PR breakpoints/24541 (Incorrect evaluation of systemtap probes due to register being signed and probe expression assuming unsigned) PR symtab/24545 (Symbol loading performance regression with cc1) PR gdb/24592 (amd64->i386 linux syscall restart problem) PR gdb/25009 (terminate called after throwing an instance of 'srchilite::ParserException') PR gdb/25010 (Calls to error () can cause SIGTTOU to send gdb to the background) PR breakpoints/25011 (Breakpoints on file reloads broken for PIE binaries) This corrective release also brings the following testsuite fixes and enhancements: PR testsuite/25005 (gdb-caching-proc.exp takes a lot of time on skip_opencl_tests) PR testsuite/25016 (Test-case failures for -pie) GDB 8.3 includes the following changes and enhancements: * Support for new native configurations (also available as a target configuration): - RISC-V GNU/Linux (riscv*-*-linux*) - RISC-V FreeBSD (riscv*-*-freebsd*) * Support for new target configurations: - CSKY ELF (csky*-*-elf) - CSKY GNU/Linux (csky*-*-linux) - NXP S12Z ELF (s12z-*-elf) - OpenRISC GNU/Linux (or1k*-*-linux*) * Native Windows debugging is only supported on Windows XP or later. * The Python API in GDB now requires Python 2.6 or later. * GDB now supports terminal styling for the CLI and TUI. Source highlighting is also supported by building GDB with GNU Highlight. * Experimental support for compilation and injection of C++ source code into the inferior (requires GCC 7.1 or higher, built with libcp1.so). * GDB and GDBserver now support IPv6 connections. * Target description support on RISC-V targets. * Various enhancements to several commands: - "frame", "select-frame" and "info frame" commands - "info functions", "info types", "info variables" - "info thread" - "info proc" - System call alias catchpoint support on FreeBSD - "target remote" support for Unix Domain sockets. * Support for displaying all files opened by a process * DWARF index cache: GDB can now automatically save indices of DWARF symbols on disk to speed up further loading of the same binaries. * Various GDB/MI enhancements. * GDBserver on PowerPC GNU/Linux now supports access to the PPR, DSCR, TAR, EBB/PMU, and HTM registers. * Ada task switching support when debugging programs built with the Ravenscar profile added to aarch64-elf. * GDB in batch mode now exits with status 1 if the last executed command failed. * Support for building GDB with GCC's Undefined Behavior Sanitizer. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-10-151-3/+3
| | | | | | | a29b7d4 nl80211: align path to phy mapping logic with mac80211.sh Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 57b834281b586839b5e2cb00d7907de50c68ebcc)
* iwinfo: update to latest Git HEADJo-Philipp Wich2019-10-111-3/+3
| | | | | | | | | | | | | | | | Contains following updates squashed from 3 bump commits in master: 02112f9 cli: fix reporting of mixed WPA2/WPA3 versions 7faeaea nl80211: properly detect WEP encryption in wpa_supp scan results 629b5ff nl80211: do not confuse open connections with WEP ones 3d47ddd nl80211: rework hostapd and wpa_supplicant wpa suite parsing 313e827 nl80211: keep awaiting wpa_supplicant scan results on busy response a766751 nl80211: fix parsing of mixed wpa encryption in wpa_supp scan results f096bfd utils: support parsing SAE and OWE key management suites from IEs 2a95086 nl80211: recognize SAE encrypted mesh Signed-off-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Petr Štetiar <ynezz@true.cz>
* base-files: use get_mac_binary() in mtd_get_mac_binary_ubi()Adrian Schmutzler2019-09-291-6/+1
| | | | | | | | | | | | | The actual retrieval of the MAC address in mtd_get_mac_binary_ubi() is the same as in get_mac_binary(). Thus, use the latter function in the former to reduce duplicate code. This will also allow to benefit from the enhanced path check there and bring mtd_get_mac_binary_ubi() more in line with the similar mtd_get_mac_binary(). Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> (cherry picked from commit 45600124fcbd14ece6e289cb59b318ea44c598fe)
* uboot-fritz4040: update to 2019-09-07David Bauer2019-09-251-3/+3
| | | | | | | | | | | | | | 572ff7f fritzcreator: actually add checksum spacer 6edce1a fritzcreator: replace obscure padding generation with something more portable 2ff189f add ASUS RT-AC58U "easy install" factory u-boot shim b91f9c2 readd spi-nand support 486ae53 improve cmd_sysupgrade b0933f1 replace sstrip with strip 882e48a do not include generated files into git 0c5aa5f fix bugs in ipq40xx_cdp.c Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit af63436d2d0dc3c07d1cb11b018e486994942c6c)
* ath10k-ct: update to version 2019-09-09Koen Vandeputte2019-09-248-17/+17
| | | | | | | | | | 5e8cd86f90da ath10k-ct: Backport ap-vlan code from 5.2 to 4.20 and 4.19 drivers. 0c518586bd7f ath10k-ct: Fix a few warning splats. Adds AP VLAN. Refreshed all patches. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* ath10k-firmware: update Candela Tech firmware imagesRobert Marko2019-09-241-20/+20
| | | | | | | | This enables a feature flag in the wave-2 firmware wmi-services indicating it can send software-encrypted raw frames. This should in turn allow the AP-VLAN feature to work. Signed-off-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit 7c930990af911f6634b422d7253f09df2bb164bf)
* openssl: bump to 1.1.1dEneas U de Queiroz2019-09-2312-2524/+223
| | | | | | | | | | | | | | This version fixes 3 low-severity vulnerabilities: - CVE-2019-1547: ECDSA remote timing attack - CVE-2019-1549: Fork Protection - CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Patches were refreshed. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit d868d0a5d7e1d76bb1a8980346d222fae55fa18b)
* hostapd: Fix AP mode PMF disconnection protection bypassHauke Mehrtens2019-09-214-6/+72
| | | | | | | | | This fixes * CVE-2019-16275 AP mode PMF disconnection protection bypass https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit a6981604b30bc1ddc1713b368fe853d89c2ba40d)
* uClibc++: Remove faulty patchRosen Penev2019-09-212-14/+1
| | | | | | | | | | | | | | | | This patch was originally added to fix compilation with v4l2rtspserver. Turns out it was v4l2rtspserver that was broken, not uClibc++. This now causes issues with a different package where the arguments are being split. Note that with this patch, shellcheck throws an error: SC2068: Double quote array expansions to avoid re-splitting elements. More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373 Signed-off-by: Rosen Penev <rosenp@gmail.com> (cherry picked from commit 977a8fc5fc2e1be6d159b2d9e1c617826b5d9701)
* mbedtls: update to 2.16.3Magnus Kroken2019-09-213-52/+25
| | | | | | | | Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch, the issue has been fixed upstream. Signed-off-by: Magnus Kroken <mkroken@gmail.com> (cherry picked from commit 49d96ffc5c47e40b7f3d99a91a42ea8a54a38bd9)
* ltq-vdsl-fw: update firmware filename and download URLDaniel Golle2019-09-213-5/+5
| | | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit 4fc0a61ed3da96330d30703a2a039a6a06dc0b2f)
* kernel: add module for Emulex OneConnect 10GbitAlberto Bursi2019-09-211-0/+22
| | | | | | | | | | add module to support Emulex OneConnect common in 10Gbit SFP+ cards by Dell/HP/IBM supports OneConnect OCe10xxx OCe11xxx OCe14xxx, LightPulse LPe12xxx Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it> (cherry picked from commit 827f47749b75dcc6b650297b9303c27127b15201)
* procd: fix invalid JSON filter expression in procd_running()Jo-Philipp Wich2019-09-192-2/+2
| | | | | | | | | | Since service and instance names may contain characters which are not allowed in JSON path labels, such as dashes or spaces, change the filter expression to array square bracket notation to properly match these cases as well. Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state") Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit c933b6d22478c1113629ef549beea6337f978d62)
* firewall: update to latest Git HEADJo-Philipp Wich2019-09-181-3/+3
| | | | | | | | | | | | | | | | | | | | 383eb58 ubus: do not overwrite ipset name attribute c26f890 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type 487bd0d utils: Fix string format message 4d0c703 firewall3: Fix some format string problems 8c404ef iptables.c: lock the xtables.lock c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path() Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Petr Štetiar <ynezz@true.cz> [cherry picked and squashed from commits 7db655991443a98f84e4c39e733232d41d2d6137, 359bff605244c2cf2bff75bce0f0b16b496a6a77, 2cf209ce9166575d8259b5b4176ee91d8b48d2ff, 5ef9e4f107a94c502908403fdf56cf6bcdc08dd2] Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* procd: update to the latest git HEADRafał Miłecki2019-09-181-3/+3
| | | | | | | | 62dc8c0 system: sysupgrade: send reply on error 2710c65 system: refuse sysupgrade with backup if it's unsupported Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 04e912d21720b2d906d84aaf172af79a25076a41)
* mac80211: brcmfmac: backport the last 5.4 changesRafał Miłecki2019-09-164-1/+413
| | | | | | | | This makes brcmfmac use the same wiphy after PCIe reset to help user space handle corner cases (e.g. firmware crash). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit f39f4b2f6d4300995270f635261b07197e8cf61e)
* treewide: sysupgrade: use $UPGRADE_BACKUP to check for backupRafał Miłecki2019-09-163-3/+2
| | | | | | | | Now that $UPGRADE_BACKUP is set conditionally there is no need to check the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit a858db313687ddfa6ed1ddba76bd74844a7b89dc)
* procd: update to the latest git HEADRafał Miłecki2019-09-161-3/+3
| | | | | | | | | | b8238df sysupgrade: support "backup" attribute This update requires "sysupgrade" method callers to pass "backup" attribute if $UPGRADE_BACKUP is used in the project. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 9785a9121d2d7a0a25bcd2924ee78fafada056da)
* base-files: sysupgrade: pass "backup" ubus attributeRafał Miłecki2019-09-161-0/+3
| | | | | | | | | This explicitly tells procd what backup file should be used during sysupgrade (if any). It's much more generic this way compared to the magic /tmp/sysupgrade.tgz file that had to be created before a call. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit c5223b26a40ae61fc7750bf865464048af328ab1)
* odhcpd: retry failed PD assignments on addrlist changeHans Dedecker2019-09-151-3/+3
| | | | | | 88d9ab6 dhcpv6: retry failed PD assignments on addrlist change Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iwinfo: update to latest Git HEADDavid Bauer2019-09-151-3/+3
| | | | | | | | a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886 1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887 Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 7db2f1a71f202023154e80758079193fc47352eb)
* base-files: validate firmware for compatibility with backupRafał Miłecki2019-09-121-0/+7
| | | | | | | | | | This allows platform code to check if firmware image can be used with preserving a backup. It may be used e.g. when installing vendor firmwares that won't restore appended backup archive. Suggested-by: Luis Araneda <luaraneda@gmail.com> Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 1c510fe2980cd787602786e82f44602549d607d4)
* treewide: use new procd sysupgrade $UPGRADE_BACKUP variableRafał Miłecki2019-09-122-2/+1
| | | | | | | | | | | It's a variable set by procd that should replace hardcoded /tmp/sysupgrade.tgz. This change requires the most recent procd with the commit 0f3c136 ("sysupgrade: set UPGRADE_BACKUP env variable"). Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 641f6b6c26cb9ab5e1198810015e5f4b2b5b34ad)
* treewide: don't hardcode "sysupgrade.tgz" file nameRafał Miłecki2019-09-122-1/+3
| | | | | | | | | 1) Add BACKUP_FILE and use it when copying an archive to be restored after sysupgrade (on the next preinit). 2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit bf390478727ac5f4f9d6fb684de48b8150bcec67)
* hostapd: SAE/EAP-pwd side-channel attack updateHauke Mehrtens2019-09-109-1/+397
| | | | | | | | | Fixes this security problem: * SAE/EAP-pwd side-channel attack update https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)
* hostapd: Fix security problem in EAP-pwdHauke Mehrtens2019-09-103-1/+81
| | | | | | | | | | | | This fixes: CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment" https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt This should not affect OpenWrt in the default settings as we do not use EAP-pwd. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 9f34bf51d60a237696b1d4cc9b5f4835b95e7ea2)
* mac80211: brcmfmac: backport more kernel 5.4 changesRafał Miłecki2019-09-098-9/+283
| | | | | | | | Patch getting RAM info got upstreamed. A debugging fs entry for testing reset feature was added. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 681acdcc54d2e59135bb706c38bed942f74ccf74)
* odhcp6c: update to latest git HEADHans Dedecker2019-09-071-2/+2
| | | | | | | e199804 dhcpv6: sanitize oro options Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 1855c237948e211849d79765ca749cdea6a79987)
* procd: update to the latest git HEADRafał Miłecki2019-09-061-3/+3
| | | | | | | | | | | 0f3c136 sysupgrade: set UPGRADE_BACKUP env variable 0bcbbbf system: fix uninitialized variables in firmware validation code This update includes a fix for uninitialized variable usage. Fixes: db5164d3d056 ("procd: update to the latest git HEAD") Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit e8dcbbc865cb6acef1cfbafe77f30c1f003c3dc3)
* procd: update to the latest git HEADRafał Miłecki2019-09-041-3/+3
| | | | | | | | | | | | | 34ac88c system: reject sysupgrade of invalid firmware images by default f55c235 system: reject sysupgrade of broken firmware images e990e21 system: add "validate_firmware_image" ubus method This update changes "sysupgrade" ubus method API. It's now required to pass "force" attribute whenever invalid firmware is meant to be installed. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit 7290963d0992b9aa412e0066dcf721857fbd40f7)
* base-files: pass "force" parameter to the "sysupgrade" callRafał Miłecki2019-09-041-0/+3
| | | | | | | | This makes sysupgrade work with the most recent procd that validates firmware before proceeding. Signed-off-by: Rafał Miłecki <rafal@milecki.pl> (cherry picked from commit b71962da16c2e2b93d633d7bde1436b3da2bf740)
* uci: update to latest Git HEADHauke Mehrtens2019-09-041-3/+3
| | | | | | | 415f9e4 uci/file: replace mktemp() with mkstemp() Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 6aa962a62288952aec08c1f67fb0735f420f720e)
* iwinfo: update to latest Git HEADHauke Mehrtens2019-09-041-3/+3
| | | | | | | | | f599a8d iwinfo: Fix rate buffer size 71ec9be iwinfo: Fix buffer size f8ef450 iwinfo: Add support for WPA3 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 6658447534152b72a3341b369f1eb545618fa7cf)
* nftables: bump to version 0.9.2Konstantin Demin2019-09-042-31/+4
| | | | | | | | | | | | | | | - exclude Python-related stuff from build - drop patches: * 010-uclibc-ng.patch, applied upstream ipkg size decrease by 2.8%: old: 194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk new: 189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit b74f1f335a792a15feb0fd839a69486050d3531f)
* libnftnl: bump to version 1.1.4Konstantin Demin2019-09-041-2/+2
| | | | | | | | | | | | | ABI version is same. The ipkg size increase by about 2.2%: old: 47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk new: 48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com> (cherry picked from commit 699955a684eb8f6eb39123632ec7e193fa132753)
* rpcd: update to latest Git HEADJo-Philipp Wich2019-09-041-3/+3
| | | | | | | | 821045f file: add path based read/write/exec ACL checks fb337e5 file: add stat() information to directory listings Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 02169bd3f8ccfa3076bb4d46e979d2fdcc7d413e)
* uhttpd: add support to generate EC keysEneas U de Queiroz2019-09-043-2/+14
| | | | | | | | | This adds the key_type and ec_curve options to enable the generation of EC keys during initialization, using openssl or the new options added to px5g. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit 7f2b230b3b9d0a7fb758db3a9b1958845506a5a3)
* px5g: support EC keysEneas U de Queiroz2019-09-042-19/+71
| | | | | | | | | | | | | | | | | | | This adds an 'eckey' command to generate an EC key, with an optional curve name argument, with P-256 as default. For the 'selfsigned' command, it adds an 'ec' algorithm argument to the '-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option, mirroring the way openssl specifies the curve name. Notice that curve names are not necessarily the same in mbedtls and openssl. In particular, secp256r1 works for mbedtls, but openssl uses prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256 and P-384 are specifically supported. Package size increased by about 900 bytes (arm). Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit a552ababd4ff8e91d3f03f7496f12d080a71ba28)