Set new option 'reconf' in 'wifi-device' section to enable dynamic re-configuration on that radio. Also fix wifi relay and 'netifd: radio1 (9654): Command failed'.
cdac046 dns.c: fix input validation fix
Due to a slight foobar typo, failing to de-reference a pointer, previous
fix not quite as complete as it should have been.
Improve CVE-2020-11750 fix
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
f4d759b dhcp.c: further improve validation
Further improve input validation for CVE-2020-11752
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Backport patch from hostapd.git master that fixes copy/paste error in
crypto_bignum_sub() in crypto_wolfssl.c.
This missing fix was discovered while testing SAE over a mesh interface.
With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with
wpad-mesh-wolfssl.
Cc: Sean Parkinson <sean@wolfssl.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* compat: support latest suse 15.1 and 15.2
* compat: support RHEL 7.8's faulty siphash backport
* compat: error out if bc is missing
* compat: backport hsiphash_1u32 for tests
We now have improved support for RHEL 7.8, SUSE 15.[12], and Ubuntu 16.04.
* compat: include sch_generic.h header for skb_reset_tc
A fix for a compiler error on kernels with weird configs.
* compat: import latest fixes for ptr_ring
* compat: don't assume READ_ONCE barriers on old kernels
* compat: kvmalloc_array is not required anyway
ptr_ring.h from upstream was imported, with compat modifications, to our
compat layer, to receive the latest fixes.
* compat: prefix icmp[v6]_ndo_send with __compat
Some distros that backported icmp[v6]_ndo_send still try to build the compat
module in some corner case circumstances, resulting in errors. Work around
this with the usual __compat games.
* compat: ip6_dst_lookup_flow was backported to 3.16.83
* compat: ip6_dst_lookup_flow was backported to 4.19.119
Greg and Ben backported the ip6_dst_lookup_flow patches to stable kernels,
causing breaking in our compat module, which these changes fix.
* git: add gitattributes so tarball doesn't have gitignore files
Distros won't need to clean this up manually now.
* crypto: do not export symbols
These don't do anything and only increased file size.
* queueing: cleanup ptr_ring in error path of packet_queue_init
Sultan Alsawaf reported a memory leak on an error path.
* main: mark as in-tree
Now that we're upstream, there's no need to set the taint flag.
* receive: use tunnel helpers for decapsulating ECN markings
ECN markings are now decapsulated using RFC6040 instead of the old RFC3168.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Although gdb is supported, gdbserver is still not.
checking whether gdbserver is supported on this host... no
Build breaks as gdbserver executable is not found during packaging.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Build with NO_LIBCAP=1. This is to resolve build issue.
Package perf is missing dependencies for the following libraries:
libcap.so.2
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
This fixes a bunch of cosmetic issues with GL.iNet GL-MV1000:
- apply alphabetic sorting in multiple files
- use armada-3720 prefix for DTS like for other devices
- fix vendor capitalization for model in DTSes
- remove trivial comment in DTS files
- use DEVICE_VENDOR/DEVICE_MODEL
- remove redundant SUPPORTED_DEVICES
- use SOC instead of DEVICE_DTS
- remove empty line at EOF
Fixes: 050c24f05c ("mvebu: add support for GL.iNet GL-MV1000")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The combination +@IPV6:kmod-ipsec6 is not valid, the +a:b
syntax implies the @. Fix it.
Fixes: 2e6b6f9fca ("kernel: add @IPv6 dependency to ipv6 modules")
Reported-by: Oldřich Jedlička (@oldium)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with
high severity, assigned CVE-2020-1967.
Ref: https://www.openssl.org/news/secadv/20200421.txt
Cherry-pick from openwrt/openwrt@3773ae1.
Also add mirror for mainland China user in this commit.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
Co-authored-by: Petr Štetiar <ynezz@true.cz>
Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with
high severity, assigned CVE-2020-1967.
Ref: https://www.openssl.org/news/secadv/20200421.txt
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Update U-Boot to current 2020.04 release for kirkwood platform.
Catch up with upstream and move some configuration options from
the header files to the corresponding defconfig files.
Compile tested: all devices
Run tested: nsa310, pogoplugv4
Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters
Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
Cherry-pick from: openwrt/openwrt@02fcbe2.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org>
Co-authored-by: Magnus Kroken <mkroken@gmail.com>
When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.
This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1
Fixes: aaf46a8fe2 ("dante: disable sched_getscheduler() - not implemented in musl")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
#define _DEFAULT_SOURCE
<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
glibc 2.31 does not provide stime() any more, backport a fix from
current busybox master to avoid using this function.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.
Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters
Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
In preparation for dropping the out of tree cake module and using
in tree cake from upstream, rename the package to kmod-sched-cake-oot
(out of tree)
Initially add a PROVIDES kmod-sched-cake so that package dependencies
can be satisfied.
Ultimately this package will be removed when linux 4.14 is removed.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Removed sys/cdefs usage. The header is deprecated.
Removed canonicalize_file_name define. It's already fixed upstream.
Added --disable-debuginfod. Seems to be needed.
Modified patch 005 to build more stuff. It was failing before. It still
only builds libraries.
Modified patch 100 to use strerror under non-glibc. It is used under
glibc as strerror is not thread safe. It is under musl and uClibc-ng.
strerror_l is not available under uClibc-ng.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
It is generally more desirable to use older kernel versions for
dependencies, as this will require less changes when newer kernels
are added (they will by default select the newer packages).
Since we currently only have two kernels (4.14 and 4.19) in master,
this patch applies this logic by converting all LINUX_4_19 symbols
to their inverted LINUX_4_14 equivalents.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This external switch driver should be loaded on boot for network support
in failsafe mode.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[alter commit message]
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
IPv6 modules should all depend on @IPV6, to avoid circular dependencies
problems, especially if they select a module that depends on IPV6 as
well. In theory, if a package A depends on IPV6, any package doing
'select A' (DEPENDS+= A) should also depend on IPV6; otherwise selecting
A will fail. Sometimes the build system is forgiving this, but
eventually, and unexpectedly, it may blow up on some other commit.
Alternatively one can conditionally add IPv6 dependencies only if
CONFIG_IPV6 is selected: (DEPENDS+= +IPV6:package6).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This adds the new xfrm4_mode_beet, xfrm4_mode_transport,
xfrm4_mode_tunnel and their IPv6 versions on kernel 5.4. These modules
were newly added in kernel 5.2.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Since linux kernel commit 0768e17073dc527ccd18ed5f96ce85f9985e9115
(2019-04-19) the asm-generic/sockios.h header no longer defines
SIOCGSTAMP. Instead it provides only SIOCGSTAMP_OLD.
The linux/sockios.h header now defines SIOCGSTAMP using either
SIOCGSTAMP_OLD or SIOCGSTAMP_NEW as appropriate. This linux only
header file is not included so we get a build failure.
Signed-off-by: Norbert van Bolhuis <nvbolhuis@aimvalley.nl>
1. KERNEL_CRASH_DUMP should depends on KERNEL_PROC_KCORE (kexec use it)
2. select crashkernel mem size by totalmem
mem <= 256M disable crashkernel by default
mem >= 4G use 256M for crashkernel
mem >= 8G use 512M for crashkernel
default use 128M
3. set BOOT_IMAGE in kdump.init
4. resolve a "Unhandled rela relocation: R_X86_64_PLT32" error
Tested on x86_64
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
This module was added with kernel 4.15, but is was removed again with
kernel version 5.3. OpenWrt does not support specifying a kernel version
range so just break it with kernel 4.14 and only support recent kernel
versions.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Since kernel 4.15, init_timer is not available anymore, and has been
replaced by timer_setup. The fixes compilation of wl_linuc.c, which
returned the following errors beforehand (line-wrapped manually):
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c: In function 'wl_init_timer':
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2576:2: error: implicit
declaration of function 'init_timer'; did you mean 'init_timers'?
[-Werror=implicit-function-declaration]
init_timer(&t->timer);
^~~~~~~~~~
init_timers
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2577:10: error:
'struct timer_list' has no member named 'data'
t->timer.data = (ulong) t;
^
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2578:20: error: assignment
to 'void (*)(struct timer_list *)' from incompatible pointer type
'void (*)(ulong)' {aka 'void (*)(long unsigned int)'}
[-Werror=incompatible-pointer-types]
t->timer.function = wl_timer;
This should fix build of several devices on bcm63xx with testing
kernel (4.19).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Upstream commit 84ede58dfcd1d ("crypto: hash - remove
CRYPTO_ALG_TYPE_DIGEST") drops the CRYPTO_ALG_TYPE_DIGEST define because
it has the same value as CRYPTO_ALG_TYPE_HASH. This was the case for
earlier kernels as well. Switch to CRYPTO_ALG_TYPE_HASH to fix building
against Linux 5.4.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Upstream commit 96d4f267e40f95 ("Remove 'type' argument from access_ok()
function") removes the first argument to access_ok.
Adjust the code so it builds with Linux 5.4.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
nf_reset() was renamed to nf_reset_ct() in upstream Linux commit
895b5c9f206e ("netfilter: drop bridge nf reset from nf_reset)"
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
gigaset was moved to staging in kernel 5.4, just deactivate it on
recent kernel versions instead of adapting it.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
