This version includes bug and security fixes, including medium-severity
CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This adds commented configuration help for the alternate, afalg-sync
engine to /etc/ssl/openssl.cnf.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Sungbo Eo <mans0n@gorani.run> submitted another patch fixing an error
on reboot:
irqchip/versatile-fpga: Apply clear-mask earlier
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
qemustart allows easy testing of created images via `qemu`. The script
automatically selects created images and can setup e.g. networks.
As the x86 target now uses the generic image.mk the profile appears also
in the image name, this is *generic*.
Add the profile name to the qemustart script so it still finds the file.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The previous image generation code would always gzipped images.
This patch changes the behaviour and only compresses images when
selected in menuconfig.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Rely on device profiles instead for packages selection.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebase, adjusted commit title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
This commit introduces few related changes which need to be done in
single commit to keep images buildable between git revisions. In result
it retains all previous image creation possibilities with slight name
change of generated images. Brief summary of the commit:
* Split up image generation recipe to smaller chunks to make it more
generic and reusable.
* Make iso images x86 specific and drop their definition as root
filesystem.
* Convert image creation process to generic code specified in image.mk.
* Make geode subtarget inherit features from the main target instead of
redefining them.
* For subtargets create device definitions with basic packages set.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebased]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Let the grub2 package take care of creating installable grub2 images,
this will allow creating grub2 images without first calling x86 image
generation recipe. Also as side effect, since those images are now
shared, it'll reduce the number of calling grub-mkimage.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebase, adjusted commit title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fix header change that was done for kernel but 4.19 got missed for 5.4.
Solves nasty errors like:
8.4.0_musl/include/linux/netfilter/xt_CONNMARK.h:5,
from connmark_listener.c:30:
/builder/shared-workdir/build/sdk/staging_dir/toolchain-aarch64_cortex-a53_gcc-8.4.0_musl/include/linux/netfilter/xt_connmark.h:23:2: error: enumerator value for 'XT_CONNMARK_VALUE' is not an integer constant
XT_CONNMARK_VALUE = BIT(0),
^~~~~~~~~~~~~~~~~
/builder/shared-workdir/build/sdk/staging_dir/toolchain-aarch64_cortex-a53_gcc-8.4.0_musl/include/linux/netfilter/xt_connmark.h:25:1: error: enumerator value for 'XT_CONNMARK_DSCP' is not an integer constant
};
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
WireGuard had a brief professional security audit. The auditors didn't find
any vulnerabilities, but they did suggest one defense-in-depth suggestion to
protect against potential API misuse down the road, mentioned below. This
compat snapshot corresponds with the patches I just pushed to Dave for
5.6-rc7.
* curve25519-x86_64: avoid use of r12
This buys us 100 extra cycles, which isn't much, but it winds up being even
faster on PaX kernels, which use r12 as a RAP register.
* wireguard: queueing: account for skb->protocol==0
This is the defense-in-depth change. We deal with skb->protocol==0 just fine,
but the advice to deal explicitly with it seems like a good idea.
* receive: remove dead code from default packet type case
A default case of a particular switch statement should never be hit, so
instead of printing a pretty debug message there, we full-on WARN(), so that
we get bug reports.
* noise: error out precomputed DH during handshake rather than config
All peer keys will now be addable, even if they're low order. However, no
handshake messages will be produced successfully. This is a more consistent
behavior with other low order keys, where the handshake just won't complete if
they're being used anywhere.
* send: use normaler alignment formula from upstream
We're trying to keep a minimal delta with upstream for the compat backport.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* netlink: initialize mostly unused field
* curve25519: squelch warnings on clang
Code quality improvements.
* man: fix grammar in wg(8) and wg-quick(8)
* man: backlink wg-quick(8) in wg(8)
* man: add a warning to the SaveConfig description
Man page improvements. We hope to rewrite our man pages in mdocml at some
point soon.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
mt76 is a target default package for mt7622-wmac only.
mt7623 doesn't have integrated wireless support and wifi drivers for
pcie cards should be added as device specific package.
mt7629-wmac isn't supported by mt76 yet.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
rename "kernel" partition in upstream dts to "firmware" and add
denx,fit as compatible string for mtdsplit.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
1. fix typo: ucidef_set_interfaces_wan -> ucidef_set_interface_wan
2. change board name to mt7629-rfb to match upstream dts
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This external switch driver should be loaded on boot for network support
in failsafe mode.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[alter commit message]
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
This commit adds definition of DEBUG0 and DEBUG1 registers and replace
magic values with proper register modifying.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
For virtual access points (when multiple SSIDs are used for one
physical AP), there exist one physical network interface and
multiple virtual interfaces, which are fully under control of
hostapd. When networking is setup, the script
`/lib/netifd/wireless/mac80211.sh` is called, which tries to bring
the interface up by a call to `ip link set dev <iface> up`. This
call might fail for virtual APs, because the virtual interface
might not have been created by hostapd yet. There are some artifical
delays in the script most probably to handle this, but when DFS
channel availability check on 5GHz band is issued, hostapd can
delay creating virtual interfaces by a minute.
In order to fix this (or work around it), do not try to bring the
interface up (this is responsibility of hostapd anyway) and
do not try to set txpower on the virtual interface.
Fixes FS#2698.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
1. KERNEL_CRASH_DUMP should depends on KERNEL_PROC_KCORE (kexec use it)
2. select crashkernel mem size by totalmem
mem <= 256M disable crashkernel by default
mem >= 4G use 256M for crashkernel
mem >= 8G use 512M for crashkernel
default use 128M
3. set BOOT_IMAGE in kdump.init
4. resolve a "Unhandled rela relocation: R_X86_64_PLT32" error
Tested on x86_64
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Sungbo Eo <mans0n@gorani.run> posted a patch fixing the long-standing
reboot problem on the OXNAS OX820 platform:
irqchip/versatile-fpga: Handle chained IRQs properly
It got queued for 5.7. Import it to oxnas target patches for now.
Fixes: b4917fa907 ("oxnas: fix oxnas-rps-timer dt-match")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This revert c8f8e59816eca49d776562d2d302bf990a87faf0
The TX/RX flow control is not the cause of the TX timeouts issue
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
