- Feb 24, 2021
-
-
Adrian Schmutzler authored
Tidy this up a little. Signed-off-by:
Adrian Schmutzler <freifunk@adrianschmutzler.de>
-
Adrian Schmutzler authored
This package had two patches (with two headers etc.) in one file, which would have quilt merging them during a refresh. Separate these patches into two files, as the original intent seems to be having them separate. Signed-off-by:
Adrian Schmutzler <freifunk@adrianschmutzler.de>
-
Daniel Golle authored
When using Shell arithmetric evaluation via $((..)) the variables in the expression do not need to be prefixed by the '$' sign. Signed-off-by:
Daniel Golle <daniel@makrotopia.org>
-
Daniel Golle authored
Check if firmware environment variable 'rootfs_data_max' exists and is set to a numerical value greater than 0. If so, limit rootfs_data volume to that size instead of using the maximum available size. This is useful on devices with lots of flash where users may want to have eg. a volume for persistent logs and statistics or for external applications/containers. Persistence on rootfs overlay is limited by the size of memory available during the sysugprade process as that data needs to be copied to RAM while the volume is being recreated during sysupgrade. Hence it is unsuitable for keeping larger amounts of data accross upgrade which makes additional volume(s) for application data desirable. Signed-off-by:
Daniel Golle <daniel@makrotopia.org>
-
Daniel Golle authored
Allow for single (external-data) FIT image to hold kernel, dtb and squashfs. In that way, the bootloader verifies the system integrity including the rootfs, because what's the point of checking that the hash of the kernel is correct if it won't boot in case of squashfs being corrupted? Better allow bootloader to check everything needed to make it at least up to failsafe mode. As a positive side effect this change also makes the sysupgrade process on nand potentially much easier as it is now. In short: mkimage has a parameter '-E' which allows generating FIT images with 'external' data rather than embedding the data into the device-tree blob itself. In this way, the FIT structure itself remains small and can be parsed easily (rather than having to page around megabytes of image content). This patch makes use of that and adds support for adding sub-images of type 'filesystem' which are used to store the squashfs. Now U-Boot can verify the whole OS and the new partition parsers added in the Linux kernel can detect the filesystem sub-images, create partitions for them, and select the active rootfs volume based on the configuration in FIT (passing configuration via device tree could be implemented easily at a later stage). This new FIT partition parser works for NOR flash (on top of mtdblock), NAND flash (on top of ubiblock) as well as classic block devices (ie. eMMC, SDcard, SATA, NVME, ...). It could even be used to mount such FIT images via `losetup -P` on a user PC if this patch gets included in Linux upstream one day ;) Signed-off-by:
John Crispin <john@phrozen.org> Signed-off-by:
Daniel Golle <daniel@makrotopia.org>
-
- Feb 23, 2021
-
-
Rosen Penev authored
Nothing uses them. Allows to simplify the Makefile. Signed-off-by:
Rosen Penev <rosenp@gmail.com>
-
Hauke Mehrtens authored
Upstream integrated multiple patches from Distributions and did other changes: * rp-pppoe.so was renamed to pppoe.so * Converted to ANSI C The following patches were applied upstream: * 100-debian_ip-ip_option.patch * 101-debian_close_dev_ppp.patch * 103-debian_fix_link_pidfile.patch * 106-debian_stripMSdomain.patch * 107-debian_pppoatm_wildcard.patch * 110-debian_defaultroute.patch * 202-no_strip.patch Compilation with musl libc was fixed upstream so 140-pppoe_compile_fix.patch is not needed any more Parts of the 203-opt_flags.patch patch were applied in a different way upstream. Signed-off-by:
Hauke Mehrtens <hauke@hauke-m.de>
-
Eneas U de Queiroz authored
The packages feed has a proposed package for a GOST engine, which needs support from the main openssl library. It is a default option in OpenSSL. All that needs to be done here is to not disable it. Package increases by a net 1-byte, so it is not really really worth keeping this optional. This commit also includes a commented-out example engine configuration in openssl.cnf, as it is done for other available engines. Signed-off-by:
Eneas U de Queiroz <cotequeiroz@gmail.com>
-
Stijn Segers authored
This adds the necessary nuts and bolts for the uboot settings for both the ZyXEL GS1900-8HP v1 and v2. Signed-off-by:
Stijn Segers <foss@volatilesystems.org>
-
Eneas U de Queiroz authored
Biggest fix for this version is CVE-2021-3336, which has already been applied here. There are a couple of low severity security bug fixes as well. Three patches are no longer needed, and were removed; the one remaining was refreshed. This tool shows no ABI changes: https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0 Signed-off-by:
Eneas U de Queiroz <cotequeiroz@gmail.com>
-
Ilya Lipnitskiy authored
There are efforts underway to bring wireguard in-tree for Linux 5.4 and to have a common build infrastructure for both 5.4 and 5.10 for kmod-wireguard[0]. Until then, restrict kmod-wireguard to build only on Linux 5.4, because the wireguard-compat package will not build on Linux 5.10. [0]: https://github.com/openwrt/openwrt/pull/3885 Signed-off-by:
Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
-
Ilya Lipnitskiy authored
Modify existing modules to reflect their new location in Linux 5.10. Add missing dependenices. Signed-off-by:
Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com> [enable CRYPTO_USER_API_ENABLE_OBSOLETE; add kmod-crypto-hash dependency to usb-net-rtl8152] Signed-off-by:
David Bauer <mail@david-bauer.net>
-
Daniel Golle authored
Now that mirrors have picked it up, switch to using the @OPENWRT mirror instead of hosting those files on Github. Signed-off-by:
Daniel Golle <daniel@makrotopia.org>
-
Daniel Golle authored
2be57ed cosmetics: provide compatible system info on Aarch64 37eed13 system: expose if system was booted from initramfs Signed-off-by:
Daniel Golle <daniel@makrotopia.org>
-
Daniel Golle authored
* use binary provided by MediaTek to work-around 'bromimage' issue * refactor Makefile * add mt7622 1c variants (using binaries provided by MTK) Signed-off-by:
Daniel Golle <daniel@makrotopia.org>
-
- Feb 22, 2021
-
-
Álvaro Fernández Rojas authored
Signed-off-by:
Álvaro Fernández Rojas <noltari@gmail.com>
-
Álvaro Fernández Rojas authored
Signed-off-by:
Álvaro Fernández Rojas <noltari@gmail.com>
-
- Feb 21, 2021
-
-
Georgi Valkov authored
Prerequisite patch: Correct a typo in the Changelog and clean up a stray file Fix changes in libusb which introduced a regression: Commit e2be556bd2 ("linux_usbfs: Parse config descriptors during device initialization") introduced a regression for devices with multiple configurations. The logic that verifies the reported length of the configuration descriptors failed to count the length of the configuration descriptor itself and would truncate the actual length by 9 bytes, leading to a parsing error for subsequent descriptors. Signed-off-by:
Georgi Valkov <gvalkov@abv.bg>
-
- Feb 20, 2021
-
-
Adrian Schmutzler authored
The ls-ddr-phy package needs fiptool options that are not available via the version from arm-trusted-firmware-tools. This breaks build for layerscape with the recently added LX2160a: create: unrecognized option '--ddr-immem-udimm-1d' Use the tfa-layerscape variant again for now, but rename it to fiptool-layerscape to indicate that it's a specific variant. This reverts 84bc7d31 ("tfa-layerscape: don't build fiptool"). Fixes: f59d7aab ("layerscape: add ddr-phy package") Signed-off-by:
Adrian Schmutzler <freifunk@adrianschmutzler.de>
-
Petr Štetiar authored
49283916005d usign: add 21.02 release build pubkey bc4d80f064f2 gpg: add OpenWrt 21.02 signing key Signed-off-by:
Petr Štetiar <ynezz@true.cz>
-
Andreas Eberlein authored
This driver adds the LED support for the PC Engines APU1. This integrates the Linux kernel driver and includes a patch to support newer firmware versions. Also the default LED configuration is updated to use the correct devices. Signed-off-by:
Andreas Eberlein <foodeas@aeberlein.de>
-
Christian Lamparter authored
Signed-off-by:
Christian Lamparter <chunkeey@gmail.com>
-
Raphaël Mélotte authored
This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore 4addr mode enabling error if it was already enabled") which fixes same issue as in the current fix contained in '130-wpa_supplicant-multi_ap_roam.patch', but in a different way: nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on an interface that is in a bridge and has 4addr mode already enabled. This operation would not have been necessary in the first place and this failure results in disconnecting, e.g., when roaming from one backhaul BSS to another BSS with Multi AP. Avoid this issue by ignoring the nl80211 command failure in the case where 4addr mode is being enabled while it has already been enabled. Signed-off-by:
Raphaël Mélotte <raphael.melotte@mind.be> [bump PKG_RELEASE, more verbose commit description] Signed-off-by:
Petr Štetiar <ynezz@true.cz>
-
David Bauer authored
OpenSSL downloads itself are distributed using Akamai CDN, so use these sources as the highest priority. Remove a stale mirror which seems to be offline for a longer time already. Add fallbacks to the old release path also for the mirrors. Signed-off-by:
David Bauer <mail@david-bauer.net>
-
- Feb 19, 2021
-
-
Yangbo Lu authored
The QorIQ LX2160A reference design board provides a comprehensive platform that enables design and evaluation of the LX2160A processor. - Enables network intelligence with the next generation Datapath (DPPA2) which provides differentiated offload and a rich set of IO, including 10GE, 25GE, 40GE, and PCIe Gen4 - Delivers unprecedented efficiency and new virtualized networks - Supports designs in 5G packet processing, network function virtualization, storage controller, white box switching, network interface cards, and mobile edge computing - Supports all three LX2 family members (16-core LX2160A; 12-core LX2120A; and 8-core LX2080A) Signed-off-by:
Yangbo Lu <yangbo.lu@nxp.com> [use AUTORELEASE, add dtb to firmware part] Signed-off-by:
Adrian Schmutzler <freifunk@adrianschmutzler.de>
-
Yangbo Lu authored
Add ddr-phy package for layerscape. Currently only LX2160ARDB requires the package. Signed-off-by:
Yangbo Lu <yangbo.lu@nxp.com> [use AUTORELEASE] Signed-off-by:
Adrian Schmutzler <freifunk@adrianschmutzler.de>
-
Yangbo Lu authored
The LS1046A Freeway board (FRWY) is a high-performance computing, evaluation, and development platform that supports the QorIQ LS1046A architecture processor capable of support more than 32,000 CoreMark performance. The FRWY-LS1046A board supports the QorIQ LS1046A processor, onboard DDR4 memory, multiple Gigabit Ethernet, USB3.0 and M2_Type_E interfaces for Wi-Fi. The FRWY-LS1046A-TP includes the Coral Tensor Flow Processing Unit that offloads AI/ML inferencing from the CPU to provide significant boost for AI/ML applications. The FRWY-LS1046A-TP includes one M.2 TPU module and more modules can easily be added including USB versions of the module to scale the AI/ML performance. Signed-off-by:
Yangbo Lu <yangbo.lu@nxp.com> [rebase, use AUTORELEASE, fix sorting, add dtb to firmware part] Signed-off-by:
Adrian Schmutzler <freifunk@adrianschmutzler.de>
-
Álvaro Fernández Rojas authored
Download link has been moved. Signed-off-by:
Álvaro Fernández Rojas <noltari@gmail.com>
-
- Feb 18, 2021
-
-
Álvaro Fernández Rojas authored
Adds some fixes and removes upstreamed patch. Signed-off-by:
Álvaro Fernández Rojas <noltari@gmail.com>
-
Álvaro Fernández Rojas authored
This is needed to add support for CM4 and RPI 400. Signed-off-by:
Álvaro Fernández Rojas <noltari@gmail.com>
-
Mathias Kresin authored
If an external module uses exported symbols from another external module, Kbuild needs to have full knowledge of all symbols to avoid spitting out warnings about undefined symbols. Use PKG_EXTMOD_SUBDIRS to point to the build directory which contains the Module.symvers. Pass KERNEL_MAKE_FLAGS to the external module build, to inject KBUILD_EXTRA_SYMBOLS. KBUILD_EXTRA_SYMBOLS holds a space separated list of Module.symvers, which list all exported symbols. Signed-off-by:
Mathias Kresin <dev@kresin.me>
-
- Feb 17, 2021
-
-
Eneas U de Queiroz authored
This fixes 4 security vulnerabilities/bugs: - CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support SSLv2, but the affected functions still exist. Considered just a bug. - CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. - CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. - Fixed SRP_Calc_client_key so that it runs in constant time. This could be exploited in a side channel attack to recover the password. The 3 CVEs above are currently awaiting analysis. Signed-off-by:
Eneas U de Queiroz <cotequeiroz@gmail.com>
-
Rosen Penev authored
Add m4 patch to avoid conflict with tools/autoconf-archive. Add build parallel as it seems to work now. Remove a bunch of uClibc-ng hacks as it is not in the tree anymore. Format security patch was fixed upstream. Refreshed other patches. Signed-off-by:
Rosen Penev <rosenp@gmail.com>
-
- Feb 16, 2021
-
-
Felix Fietkau authored
Signed-off-by:
Felix Fietkau <nbd@nbd.name>
-
Felix Fietkau authored
After the ABI version rework, packages need to be declared in the order of their dependencies, so that dependent packages will use the right ABI version Signed-off-by:
Felix Fietkau <nbd@nbd.name>
-
Álvaro Fernández Rojas authored
Let's switch to 5.10 now that mac80211 has been updated. Runtime-tested on ipq806x (Netgear R7800). Signed-off-by:
Álvaro Fernández Rojas <noltari@gmail.com>
-
- Feb 15, 2021
-
-
Felix Fietkau authored
After the ABI version rework, packages need to be declared in the order of their dependencies, so that dependent packages will use the right ABI version Signed-off-by:
Felix Fietkau <nbd@nbd.name>
-
Hauke Mehrtens authored
The removed patches were applied upstream. Signed-off-by:
Hauke Mehrtens <hauke@hauke-m.de>
-
Hauke Mehrtens authored
A wrong quilt configuration was used last time. Fixes: ed1e234d ("mac80211: refresh patches") Signed-off-by:
Hauke Mehrtens <hauke@hauke-m.de>
-