Backport two upstream commits that allow building
openvpn-openssl without OpenSSLs deprecated APIs.
Full changelog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8
Signed-off-by: Magnus Kroken
---
Runtime-tested openvpn-mbedtls and openvpn-openssl on x86_64.
On Fri, Nov 1, 2019 at 1:55 PM Hauke Mehrtens wrote:
>
> This decreases the size of the mtd application by 25% on MIPS BE.
>
> old:
> 20,597 /sbin/mtd
>
> new:
> 16,421 /sbin/mtd
>
> Signed-off-by: Hauke Mehrtens
> ---
> package/system/mtd/Makefile | 3 ++-
> 1 file changed, 2 insertions(+), 1
On Fri, Nov 1, 2019 at 1:55 PM Hauke Mehrtens wrote:
>
> This decreases the binary size when PIE ASLR is activated by 8% on MIPS BE.
A small note on LTO:
These packages do not generate libraries, but sometimes, LTO messes up
dynamic linking (static even more so).
For example:
This decreases the size of the mtd application by 25% on MIPS BE.
old:
20,597 /sbin/mtd
new:
16,421 /sbin/mtd
Signed-off-by: Hauke Mehrtens
---
package/system/mtd/Makefile | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/package/system/mtd/Makefile
This decreases the binary size when PIE ASLR is activated by 8% on MIPS BE.
old:
202,020 /usr/sbin/dnsmasq
new:
185,676 /usr/sbin/dnsmasq
Signed-off-by: Hauke Mehrtens
---
package/network/services/dnsmasq/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
This decreases the size of the swconfig application by 25% on MIPS BE.
old:
16,916 /sbin/swconfig
new:
12,565 /sbin/swconfig
Signed-off-by: Hauke Mehrtens
---
package/network/config/swconfig/Makefile | 3 +++
1 file changed, 3 insertions(+)
diff --git
This decreases the size of the usign application by 16% on MIPS BE.
old:
24,597 /usr/bin/usign
new:
20,501 /usr/bin/usign
Signed-off-by: Hauke Mehrtens
---
package/system/usign/Makefile | 3 +++
1 file changed, 3 insertions(+)
diff --git a/package/system/usign/Makefile
On Fri, Nov 1, 2019 at 12:21 PM Sebastian Kemper wrote:
>
> On Fri, Nov 01, 2019 at 12:06:39PM -0700, Rosen Penev wrote:
> > Would it also make sense to remove $(STAGING_DIR)/lib ? Locally, it
> > seems libpam gets installed there (probably a bug).
>
> Quoting FHS 3.0 regarding /lib's purpose:
On Fri, Nov 01, 2019 at 12:06:39PM -0700, Rosen Penev wrote:
> Would it also make sense to remove $(STAGING_DIR)/lib ? Locally, it
> seems libpam gets installed there (probably a bug).
Quoting FHS 3.0 regarding /lib's purpose: "The /lib directory contains
those shared library images needed to
On Fri, Nov 1, 2019 at 2:21 AM Jo-Philipp Wich wrote:
>
> Hi,
>
> [...]
>
> > Removing this directory from TARGET_CPPFLAGS will cut down the log noise
> > a bit. Not only will CPPFLAGS be shorter, there will be less warnings
> > set off by "-Wmissing-include-dirs" (or even failures when paired
Warn when the number of allocated parameters for the jail argv does not
match the number of used parameters. This normally leads to a buffer
overflow.
Signed-off-by: Hauke Mehrtens
---
service/instance.c | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/service/instance.c
When the no_new_privs parameter is given, thei size of the array which
contains the argv pointers is not increased in instance_jail_parse()
which causes a buffer overflow. Fix this by requesting one more entry in
instance_jail_parse() for the allocation.
Fixes: dfd5816bcbef ("instance, ujail:
Unlock and close the stream in case some file operations in
uci_open_stream() fail.
Signed-off-by: Hauke Mehrtens
---
util.c | 8 ++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/util.c b/util.c
index 12aec9b..8572e81 100644
--- a/util.c
+++ b/util.c
@@ -221,17 +221,21 @@
When we jump back to a save point in UCI_THROW() with longjmp all the
registers will be reset to the old values when we called UCI_TRAP_SAVE()
last time, but the memory is not restored. This will revert all the
variables which are stored in registers, but not the variables stored on
the stack.
On 11/1/19 2:12 AM, Andre Valentin wrote:
Hello,
I also did several tests on the 4.19 ipq806x (NBG6817). I noticed that VPN
throuput (IPsec Performance) dropped to 30% with exactly the same config
(kernel and openwrt), kernel crypto and arm crypto
stuff tested.
Also the whole system feels a
On Fri, Nov 1, 2019 at 3:10 PM wrote:
>
> Hi,
>
> > @@ -75,6 +76,7 @@
> > gmac0: mac@0 {
> > compatible = "mediatek,eth-mac";
> > reg = <0>;
> > + mtd-mac-address = < 0x2a>;
>
> Strange indent here ...
Ouch...This entire eth
Add device ids for AR9462, QCA9862, QCA9880 v1 mPCIe cards and
Ubiquiti branded QCA9880 v2 PCI wifi found in LiteBeam 5ac.
Signed-off-by: Tomislav Požega
---
--- a/hardware.txt
+++ b/hardware.txt
@@ -1,6 +1,7 @@
# libiwinfo hardware database
# vendor id | device id | subsystem vendor id |
Hi,
At the prpl Summit 2019 I saw a slide with 4 CVEs which are filled
against OpenWrt and there was one listed I was not aware of at that
time, CVE-2019-15513.
According to the CVE details page it was filled against OpenWrt on
23.8.2019 and OpenWrt was not informed before or after this was
This device contains 2 flash devices. One NOR (32M) and one NAND (128M).
U-boot and caldata are on the NOR, the firmware on the NAND.
SoC:IPQ4019
CPU:4x 710MHz ARMv7
RAM:256MB
FLASH: NOR:32MB NAND:128MB
ETH:2x GMAC Gigabit
POE:802.3 af/at POE,
Changes since the last PR:
- previous 2 patches have been dropped.
- spi-nand flash driver is used instead of the old mt29f.
- reboot hang problem is fixed by using the 'broken-flash-reset' dts property.
- u-boot-env partition is no longer read-only.
- bootargs are appended in the dts file and no
Hello,
The following patch (submitted by you) has been updated in Patchwork:
* openwrt: [OpenWrt-Devel,v2] hostapd: add IEEE 802.11k support
- http://patchwork.ozlabs.org/patch/1187712/
- for: OpenWrt development
was: New
now: Superseded
This email is a notification only -
Hi,
[...]
> Removing this directory from TARGET_CPPFLAGS will cut down the log noise
> a bit. Not only will CPPFLAGS be shorter, there will be less warnings
> set off by "-Wmissing-include-dirs" (or even failures when paired with
> "-Werror"). After all the directory does not even _exist_ in the
"$(STAGING_DIR)/include" was carried over from buildroot-ng to OpenWrt
in commit 60c1f0f64d23003a19a07d6b9638542130f6641d. buildroot has
dropped this directory a long time ago.
In OpenWrt the directory is still created by the PrepareStaging macro
and is part of the default TARGET_CPPFLAGS. But
Hello,
I also did several tests on the 4.19 ipq806x (NBG6817). I noticed that VPN
throuput (IPsec Performance) dropped to 30% with exactly the same config
(kernel and openwrt), kernel crypto and arm crypto
stuff tested.
Also the whole system feels a bit slowier. Timers (clock, ddr) in dts have
Hi,
> @@ -75,6 +76,7 @@
> gmac0: mac@0 {
> compatible = "mediatek,eth-mac";
> reg = <0>;
> + mtd-mac-address = < 0x2a>;
Strange indent here ...
> phy-mode = "sgmii";
> fixed-link {
>
25 matches
Mail list logo
