aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* base-files: fix ucert verificationFelix Fietkau2019-02-121-1/+2
| | | | | | | | ucert needs to check the firmware part with metadata, but without the signature. Use the new fwtool mode to extract that without altering the firmware image inside the check Signed-off-by: Felix Fietkau <nbd@nbd.name>
* fwtool: add support for extracting the truncated data part to stdoutFelix Fietkau2019-02-121-2/+23
| | | | | | | This allows extracing the firmware + metadata from a signed firmware without altering the original image file Signed-off-by: Felix Fietkau <nbd@nbd.name>
* fwtool: do not strip metadata if extracting signatureFelix Fietkau2019-02-121-1/+3
| | | | | | This allows the signature to cover the metadata area Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix race condition in mesh new peer handlingFelix Fietkau2019-02-121-0/+34
| | | | | | Avoid trying to add the same station to the driver multiple times Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: send wpa_supplicant logging output to syslogFelix Fietkau2019-02-121-1/+1
| | | | | | Helpful for debugging network connectivity issues Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: brcmfmac: backport early changes queued for the Linux 5.1Rafał Miłecki2019-02-1211-3/+2715
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mac80211: brcmfmac: backport remaining patches from the Linux 5.0Rafał Miłecki2019-02-1214-3/+1071
| | | | Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* iproute2: tc: reduce size of dynamic symbol tableTony Ambardar2019-02-112-1/+45
| | | | | | | | | | | In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all* symbols into the dynamic symbol table. Instead, use --dynamic-list to export a smaller set of symbols similar to that defined in static-syms.h in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase. Also increment PKG_RELEASE. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: tc: enable and fix support for using .so pluginsTony Ambardar2019-02-112-1/+107
| | | | | | | | | | | | | | | | | | | | | | | This enables using the tc module m_xt.so, which uses the act_ipt kernel module to allow tc actions based on iptables targets. e.g. tc filter add dev eth0 parent 1: prio 10 protocol ip \ u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE Make the SHARED_LIBS parameter configurable and based on tc package selection. Fix a problem using the tc m_xt.so plugin as also described in https://bugs.debian.org/868059: Sync include/xtables.h from iptables to make sure the right offset is used when accessing structure members defined in libxtables. One could get “Extension does not know id …” otherwise. (See also: #868059) Patch to sync the included xtables.h with system iptables 1.6.x. This continues to work with iptables 1.8.2. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: simplify linking libelf for eBFP/XDP object file supportTony Ambardar2019-02-113-61/+21
| | | | | | | | | | Simplify build and runtime dependencies on libelf, which allows tc and ip to load BPF and XDP object files respectively. Preserve optionality of libelf by having configuration script follow the HAVE_ELF environment variable, used similarly to the HAVE_MNL variable. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: use tc package variant to limit other package sizesTony Ambardar2019-02-111-0/+9
| | | | | | | | | | | | | Replace the old 'tc' with a singleton package variant which will be used to enable additional functionality and limit it only to tc. Non-variant packages will only be installed during 'tiny' variant builds, hence will be configured without extra features, thus preserving previously limited functionality and reduced package sizes. Also set ip-tiny as the default variant, and install 'tiny' versions of development libraries. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: simplify Makefile, patches and fix feature detectionTony Ambardar2019-02-113-20/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | Compile-based feature detection (e.g. xtables, ipset support) was broken due to silent compilation errors in the configure script, caused by a Makefile variable KERNEL_INCLUDE referring to kernel build headers. Use userspace headers by setting the same "user_headers" kernel include path as used for the iptables build. Remove redundant or unused Build/Configure definitions from package Makefile, including KERNEL_INCLUDE, LIBC_INCLUDE and DBM includes. Don't pass LDFLAGS within MAKE_FLAGS as this interferes with LDFLAGS in tc/Makefile and masks a link parameter ("-Wl,-export-dynamic"). Instead, use standard TARGET_LDFLAGS. Replace EXTRA_CCOPTS in MAKE_FLAGS with cleaner TARGET_CPPFLAGS, and also drop now unneeded patch 150-extra-ccopts.patch. Enable defining XT_LIB_DIR from Makefile, needed to set the iptables modules directory to something other than /lib/xtables, and also add libxtables dependency. Both are needed with working xtables detection. Note that libxtables is also pulled in by iptables, firewall or luci, so this change has no size impact in most cases. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* iproute2: fix broken configuration patchTony Ambardar2019-02-112-7/+12
| | | | | | | | | | Since v4.13, iproute2 switched to a config.mk file with greater use of pkg-config for library/feature detection. Replace the old Config patch with one modifying the configure script but enabling the same changes: - explicitly disable TC_CONFIG_ATM - rely on feature detection for IP_CONFIG_SETNS and TC_CONFIG_XT Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* base-files: enable BPF JIT sysctl by defaultTony Ambardar2019-02-111-0/+2
| | | | | | Set net.core.bpf_jit_enable=1 in /etc/sysctl.d/10-default.conf. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* kernel/modules: add kmod-bpf-test packageTony Ambardar2019-02-111-0/+11
| | | | | | | | Add the test_bpf module that runs various test vectors against the BPF interpreter or BPF JIT compiler. The module must be manually loaded, as with the kmod-crypto-test module which serves a similar purpose. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* kernel/modules: add kmod-sched-bpf packageTony Ambardar2019-02-111-1/+17
| | | | | | | Add cls_bpf and act_bpf modules for additional tc classifier and action support of cBPF and eBPF. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* kernel/modules: add kmod-sched-ipset packageTony Ambardar2019-02-111-1/+16
| | | | | | | | Add em_ipset module to support tc filter classification by IP set. Build as a standalone package to help avoid pulling in rest of kmod-sched and isolate new dependency on kmod-ipt-ipset. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* kernel/modules: kmod-sched: add some common, useful actionsTony Ambardar2019-02-111-1/+5
| | | | | | | | | | | | | Add act_pedit, act_csum, act_gact and act_simple modules for additional tc action support. Module act_simple helps with debug and logging, similar to iptables LOG target, while act_gact provides common generic actions. Modules act_pedit and act_csum support general packet mangling, and have been the subject of feature requests and forum discussions (e.g. DSCP), as well as being added to the Turris OS fork of OpenWrt ~2 years ago. Also select dependency kmod-lib-crc32c to support act_csum. Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* kernel/modules: kmod-sched-core: add missing dependency, useful moduleTony Ambardar2019-02-111-2/+4
| | | | | | | | | | | | | | | | All tc ematch modules, including those in kmod-sched-core and kmod-sched, use cls_basic as a core dependency. Relocate cls_basic from kmod-sched to kmod-sched-core to avoid requiring kmod-sched unnecessarily. This change is also backwards compatible since any past tc ematch users will have had to install both kmod-sched-core and kmod-sched anyway. Add the matchall kernel module cls_matchall introduced in kernel 4.8. The matchall classifier matches every packet and allows the user to apply actions on it. It is a simpler, more efficient replacement for the common but cryptic tc classifier idiom "u32 match u32 0 0". Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
* mac80211: ath10k: support for management rate controlSven Eckelmann2019-02-113-1/+156
| | | | | | | | | | | | | Issues a wmi command to firmware when multicast rate change is received with the new BSS_CHANGED_MCAST_RATE flag. Also fixes the incorrect fixed_rate setting for CCK rates which got introduced with addition of ath10k_rates_rev2 enum. By default the firmware uses 1Mbps and 6Mbps rate for management packets in 2G and 5G bands respectively. But when the user selects different basic rates from the userspace, we need to send the management packets at the lowest basic rate selected by the user. Signed-off-by: Sven Eckelmann <sven@narfation.org>
* ath10k-ct: support for management rate controlSven Eckelmann2019-02-113-1/+156
| | | | | | | | | | | | By default the firmware uses 1Mbps and 6Mbps rate for management packets in 2G and 5G bands respectively. But when the user selects different basic rates from the userspace, we need to send the management packets at the lowest basic rate selected by the user. This change makes use of WMI_VDEV_PARAM_MGMT_RATE param for configuring the management packets rate to the firmware. Signed-off-by: Sven Eckelmann <sven@narfation.org>
* ath10k-firmware: update Candela Tech firmware imagesChristian Lamparter2019-02-111-16/+16
| | | | | | | | | | | | | | | | | | Release notes since last time: 2019-02-08: Fix rate-ctrl assert related to bad logic that tried to guess that lower bandwidth probes were automatically successful if higher was. The NSS mismatch that can happen here caused the assert. Just comment out the offending code (per comment from original QCA code). This is bug 69. 2019-02-10: Fix bssid mis-alignment that broke 4-addr vlan mode (bug 67). Original buggy commit was commit 2bf89e70ecd1 ("dev-ds: Better packing of wal_vdev struct.") Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* mac80211: brcmfmac: fix a possible NULL pointer dereferenceRafał Miłecki2019-02-111-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a possible crash in the brcmf_fw_request_nvram_done(): [ 31.687293] Backtrace: [ 31.689760] [<c004fb4c>] (__wake_up_common) from [<c004fc38>] (__wake_up_locked+0x1c/0x24) [ 31.698043] r10:c6794000 r9:00000009 r8:00000001 r7:bf54dda0 r6:a0000013 r5:c78e7d38 [ 31.705928] r4:c78e7d3c r3:00000000 [ 31.709528] [<c004fc1c>] (__wake_up_locked) from [<c00502a8>] (complete+0x3c/0x4c) [ 31.717148] [<c005026c>] (complete) from [<bf54590c>] (brcmf_fw_request_nvram_done+0x5c8/0x6a4 [brcmfmac]) [ 31.726818] r7:bf54dda0 r6:c6794000 r5:00001990 r4:c6782380 [ 31.732544] [<bf545344>] (brcmf_fw_request_nvram_done [brcmfmac]) from [<c0204e40>] (request_firmware_work_func+0x38/0x60) [ 31.743607] r10:00000008 r9:c6bdd700 r8:00000000 r7:c72c3cd8 r6:c67f4300 r5:c6bda300 [ 31.751493] r4:c67f4300 [ 31.754046] [<c0204e08>] (request_firmware_work_func) from [<c0034458>] (process_one_work+0x1e0/0x318) [ 31.763365] r4:c72c3cc0 [ 31.765913] [<c0034278>] (process_one_work) from [<c0035234>] (worker_thread+0x2f4/0x448) [ 31.774107] r10:00000008 r9:00000000 r8:c6bda314 r7:c72c3cd8 r6:c6bda300 r5:c6bda300 [ 31.781993] r4:c72c3cc0 [ 31.784545] [<c0034f40>] (worker_thread) from [<c003984c>] (kthread+0x100/0x114) [ 31.791949] r10:00000000 r9:00000000 r8:00000000 r7:c0034f40 r6:c72c3cc0 r5:00000000 [ 31.799836] r4:c735dc00 r3:c79ed540 [ 31.803438] [<c003974c>] (kthread) from [<c00097d0>] (ret_from_fork+0x14/0x24) [ 31.810672] r7:00000000 r6:00000000 r5:c003974c r4:c735dc00 [ 31.816378] Code: e5b53004 e1a07001 e1a06002 e243000c (e5934000) [ 31.822487] ---[ end trace a0ffbb07a810d503 ]--- Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* vti: remove setting default firewall zone to wanHans Dedecker2019-02-092-3/+1
| | | | | | | | | Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set default firewall zone to wan as the firewall zone for the vti interface can be configured in the firewall config or it makes it impossible not to specify a firewall zone for the vti interface. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipip: remove setting default firewall zone to wanHans Dedecker2019-02-092-3/+1
| | | | | | | | | Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set default firewall zone to wan as the firewall zone for the ipip interface can be configured in the firewall config or it makes it impossible not to specify a firewall zone for the ipip interface. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* base-files: do not strip fwtool signature data during checkFelix Fietkau2019-02-091-1/+1
| | | | | | | Same reason as in commit 9808bd279927bcd2d3a78d19a55229b93bbbcf05 - sysupgrade --test must not alter the image in any way Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: rt2x00: remove patch causing low tx powerDaniel Golle2019-02-081-43/+0
| | | | | | | | | | | | | | | Remove 980-rt2x00-reduce-power-consumption-on-mt7620.patch which in combination with the most recently added patch reportedly causes TX power to be too weak. "without patches rssi on receiver is ~ -23dBm with 980 about -35dBm, with both patches drops below -40dBm. with 987 only ~-28dBm" We may need to reconsider this once we have implemented TSSI. Fixes: cdb58b2bfe ("mac80211: rt2x00: reduce tx power to nominal level on RT6352") Reported-by: Tomislav Požega <pozega.tomislav@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* curl: bump to 7.64.0Deng Qingfang2019-02-082-4/+4
| | | | | | | | | | | | Fixed CVEs: CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 For other changes in version 7.64.0 see https://curl.haxx.se/changes.html#7_64_0 Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
* mac80211: rt2x00: reduce tx power to nominal level on RT6352Daniel Golle2019-02-081-0/+114
| | | | | | | | | | | | Current implementation of RT6352 support provides too high tx power at least on iPA/eLNA devices. Reduce amplification of variable gain amplifier by 6dB to match board target power of 17dBm. Transmited signal strength with this patch is similar to that of stock firmware or pandorabox firmware. Throughput measured with iperf improves. Device tested: Xiaomi Miwifi Mini. Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* gre: remove setting default firewall zone to wanFlorian Eckert2019-02-072-2/+1
| | | | | | | | | | | | | | | | | | | | | | There are two problems with this behaviour that the zone is set to wan if no zone config option is defined in the interface section. * The zone for the interface is "normally" specified in the firewall config file. So if we have defined "no" zone for this interface zone option is set now to "wan" additonaly if we add the interface in the firewall config section to the "lan" zone, the interface is added to lan and wan at once. iptables-save | grep <iface> This is not what I expect. * If I do not want to set a zone to this interface it is not possible. Remove the default assigment to wan if no zone option is defined. If some one need the option it stil possible to define this option. Signed-off-by: Florian Eckert <fe@dev.tdt.de> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
* nat46: Fix mirror hashHauke Mehrtens2019-02-071-1/+1
| | | | | | | | The package hash does not match the one of the package found on the mirrors and which is generated when I do the git clone. Fixes: 4856fa30a6c ("nat46: import for routing, add myself as maintainer") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ath10k-firmware: update Candela Tech firmware imagesKoen Vandeputte2019-02-041-16/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Jan 2, 2019 Rebase patches to make 9980 bisectable. * Jan 2, 2019 Fix scheduling related assert when wal-peer is deleted with pending tx buffers (bug 54, and others) * Jan 7, 2019: Fix specifying retransmits for AMPDU frames. It was previously ignored since it is a 'software' retransmit instead of a hardware retransmit. * Jan 9, 2019 Fix potential way to get zero rates selected (and then assert) * Jan 18, 2019 pfsched has specific work-around to just return if we find invalid flags AND if we are in an out-of-order situation. Maybe this is last of the pfsched related issues (bug 54 and similar). * Jan 24, 2019 The rcSibUpdate method can be called concurrently with IRQ tx-completion callback, and that could potentially allow the tx-completion callback to see invalid state and assert or otherwise mess up the rate-ctrl logic. So, disable IRQs in rcSibUpdate to prevent this. Related to bug 58. * Jan 28, 2019 Ensure that cached config is applied to ratectrl objects when fetched from the cache. This should fix part of bug 58. * Jan 28, 2019 Ensure that ratectrl objects from cachemgr are always initialized. This fixes another part of bug 58. * Jan 30, 2019 Better use of temporary rate-ctrl object. Make sure it is initialized, simplify code path. This finishes up porting forward similar changes I made for wave-1 firmware long ago, and fixes another potential way to hit bug-58 issues. * Jan 30, 2019 Cachemgr did not have a callback for when memory was logically freed. This means that peers could keep stale references to rate-ctrl objects that were in process of being DMA'd into to load a different peer's rate-ctrl state. This was causing the bugcheck logic to fail early and often, and I suspect it might be a root cause of bug 58 as well. The fix is to add a callback and set any 'deleted' memory references to NULL so that we cannot access it accidentally. Thanks to excellent logs and patience from the bug-58 reporter! Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
* mt76: update to the latest versionFelix Fietkau2019-02-031-3/+3
| | | | | | | | | | | a9d4c0e mt76: mt76x2: avoid running DPD calibration if tx is blocked 4d7e13f mt76: explicitly disable energy detect cca during scan e3c1aad mt76: run MAC work every 100ms 4e8766a mt76: clear CCA timer stats in mt76x02_edcca_init e301f23 mt76: measure the time between mt76x02_edcca_check runs 74075ef mt76: increase ED/CCA tx block threshold Signed-off-by: Felix Fietkau <nbd@nbd.name>
* kernel: Fix drm dependency on drm_panel_orientation_quirks.ko for 4.19Petr Štetiar2019-02-011-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | Package kmod-drm is missing dependencies for the following libraries: drm_panel_orientation_quirks.ko It seems, that since Linux 4.15-rc2 drm depends on drm_panel_orientation_quirks.ko commit 8d70f395e6cbece665b12b4bf6dbc48d12623014 Author: Hans de Goede <j.w.r.degoede@gmail.com> Date: Sat Nov 25 20:35:49 2017 +0100 drm: Add support for a panel-orientation connector property, v6 On some devices the LCD panel is mounted in the casing in such a way that the up/top side of the panel does not match with the top side of the device (e.g. it is mounted upside-down). This commit adds the necessary infra for lcd-panel drm_connector-s to have a "panel orientation" property to communicate how the panel is orientated vs the casing. Userspace can use this property to check for non-normal orientation and then adjust the displayed image accordingly by rotating it to compensate. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* mt76: update to the latest versionFelix Fietkau2019-01-311-3/+3
| | | | | | | | | | | | | | | | a4ec45c mt7603: fix LED support (copy CFLAGS from main Makefile) edda5c5 mt76x02: use mask for vifs dd52191 mt76x02: use commmon add interface for mt76x2u a80acaf mt76x02: initialize mutli bss mode when set up address 38e832d mt76x02: minor beaconing init changes 171adaf mt76x02: init beacon config for mt76x2u dcab682 mt76: beaconing fixes for USB ff81de1 mt76x02: enable support for IBSS and MESH 8027b5d mt7603: remove copyright headers e747e80 mt76: fix software encryption issues 2afa0d7 mt7603: remove WCID override for software encrypted frames Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netifd: handle hotplug event socket errorsHans Dedecker2019-01-311-3/+3
| | | | | | 5cd7215 system-linux: handle hotplug event socket ENOBUFS errors Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* openssl: update list of mirrorsSven Roederer2019-01-311-2/+2
| | | | | | Host "gd.tuwien.ac.at" does not exists anymore, so we replace it by "ftp.pca.dfn.de" from the official list of mirrors. Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* uboot-omap: add 'rootwait' to the kernel cmdlineAndre Heider2019-01-311-1/+1
| | | | | | Some SD cards take a while to get detected, fix booting of those. Signed-off-by: Andre Heider <a.heider@gmail.com>
* dnsmasq: latest pre-2.81 patchesKevin Darbyshire-Bryant2019-01-3132-34/+96
| | | | Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* opkg: update to latest Git headJo-Philipp Wich2019-01-311-2/+2
| | | | | | | d4ba162 libopkg: only perform size check when information is available Fixes: e079591b84 ("opkg: update to latest Git head") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* opkg: update to latest Git headJo-Philipp Wich2019-01-311-3/+3
| | | | | | cb66403 libopkg: check for file size mismatches Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* mt76: update to the latest versionFelix Fietkau2019-01-301-3/+3
| | | | | | | | | | | | | | c3da1aa mt7603: trigger beacon stuck detection faster 7a53138 mt7603: trigger watchdog reset if flushing CAB queue fails 6eef33b mt7603: remove mt7603_txq_init ae30c30 mt76: add driver callback for when a sta is associated 0db925f mt7603: update HT/VHT capabilities after assoc b5ac8e4 mt7603: initialize LED callbacks only if CONFIG_MT76_LEDS is set c989bac mt76x0: eeprom: fix chan_vs_power map in mt76x0_get_power_info 24bd2c0 mt76x0: phy: report target_power in debugfs bc7ce2a mt76x0: init: introduce mt76x0_init_txpower routine Signed-off-by: Felix Fietkau <nbd@nbd.name>
* base-files: config_get: prevent filename globbingGünther Kelleter2019-01-302-2/+2
| | | | | | | | | When config_get is called as "config_get section option" the option is unexpectedly globbed by the shell which differs from the way options are read to a variable with "config_get variable section option". Add another layer of double quotes to fix it. Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
* busybox: keep syslog.conf during sysupgradeVal Kulkov2019-01-301-0/+6
| | | | | | | | | | | | | If a user finds that logd is too barebone for their needs and wishes to have more control over syslog, the user presently has an option to enable CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG and configure syslog with settings in /etc/syslog.conf. Presently /etc/syslog.conf silently disappears on sysupgrade. This patch prevents such unwanted behaviour if busybox syslog is enabled via CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG. Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
* openssl: bump to 1.0.2qSven Roederer2019-01-301-2/+2
| | | | | | | | | This fixes the following security problems: * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication * CVE-2018-0734: Timing vulnerability in DSA signature generation * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
* uhttpd: disable concurrent requests by defaultJo-Philipp Wich2019-01-302-2/+2
| | | | | | | | In order to avoid straining CPU and memory resources on lower end devices, avoid running multiple CGI requests in parallel. Ref: https://forum.openwrt.org/t/high-load-fix-on-openwrt-luci/29006 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iproute2: drop libbsd dependencyHans Dedecker2019-01-291-0/+19
| | | | | | | As the usage of libbsd is no longer limited to glibc, prevent libbsd being picked up by removing the dependency on libbsd. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* wpa_supplicant: fix calling channel switch via wpa_cli on mesh interfacesFelix Fietkau2019-01-291-0/+39
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: add support for passing CSA events from sta/mesh to AP interfacesFelix Fietkau2019-01-292-2/+183
| | | | | | Fixes handling CSA when using AP+STA or AP+Mesh Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: fix an issue with allocated tailroom for encrypted mgmt packetsFelix Fietkau2019-01-291-0/+48
| | | | | | Fixes kernel warnings and connectivity issues in encrypted mesh networks Signed-off-by: Felix Fietkau <nbd@nbd.name>