add smartdns #645
Merged
add smartdns #645
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hiboyhiboy
added a commit
to hiboyhiboy/rt-n56u
that referenced
this pull request
Aug 10, 2021
* mt7615-5.0.3.0: fix AutoChannelSelect in DBDC mode * update README.md * Dockerfile: update * toolchain: update gitignore * update README.md * toolchain: update gitignore * update README.md * toolchain: strip executables Dockerfile: update * tools: fix compilation errors in Alpine enviroment * update README.md * switch_gsw: exit program when argc is incorrect * Support dhcp-to-host: Add host name record for dnsmasq dhcp-host (hanwckf#481) * Support --dhcp-to-host to keep DHCP host name valid at any times * Add sample script tokeep DHCP host name valid at any times * Update Makefile (hanwckf#487) * travis-ci: build with arm64 (hanwckf#489) * samba36: update config.guess for arm64 build * e2fsprogs: fix typo in patch * boards: add support for JCG-Y2 (hanwckf#500) * Phicomm K2&K2P LED Control Update (hanwckf#495) * Phicomm K2&K2P LED control 灯光与原版相同。网络连接时仅亮起蓝色,不亮黄灯 * htop: update tarball * shortcut-fe(SFE):enable CONFIG_NF_CONNTRACK_EVENTS at compile SFE (hanwckf#507) * kernel: Makefile: disable loop optimization mode in gcc-4.8.x (and later) and incorrect code generation in some situations * add github actions * shortcut-fe(SFE):add skb clone check,fix typo (hanwckf#508) * shortcut-fe(SFE):skb clone check If the skb is a cloned skb, unshare it and update the IP and transport layer header pointers before writing to the skb. Change-Id: I6309685fa92e09d4aa0576bae5849d9633f4b3d6 Signed-off-by: Murat Sezgin <msezgin@codeaurora.org> * shortcut-fe(SFE):fix typo * Update README.md * github-actions: upload images to artifact * Update CI.yml * github-actions: build only once when push tags * update README.md * default disable IPv6 and IGDv2 options (hanwckf#509) default disable miniupnpd IPv6 and IGDv2 options for devices not supported IGDv2. eg: all windows devices. * github-actions: build: remove WDR7300, add 5K-W20 * vlmcsd: bump to svn1113 * mt7615: remove more noisy log * shortcut-fe: keep nf_conntrack_tcp_be_liberal and nf_conntrack_tcp_no_window_check when SFE is disabled * napt66: keep original ip6_forward() process when napt66 is disabled * transmission: bump to 2.94 * OYE-001: remove tunsafe * ncurses: add --without-termlib option * samba36: make basics before make all to prevent parallel build error * transmission-control: bump to 1.6.1 * shortcut-fe(SFE): backport NF_CONNTRACK_CHAIN_EVENTS (hanwckf#515) * kernel: netfilter: Introduce NF_CONNTRACK_CHAIN_EVENTS (Backport from chromiumos 3.18 (114594778f3a8a22f1c98f70aef74b778329da3f) & lede patchs) * kernel:config add CONFIG_ NF_CONNTRACK_CHAIN_EVENTS New symbols c7116ad net: conntrack events, support multiple registrant Register multiple callbacks to ct events (NF_CONNTRACK_CHAIN_EVENTS) * shortcut-fe(SFE):enable CONFIG_NF_CONNTRACK_CHAIN_EVENTS at compile SFE * shortcut-fe(SFE):fix * shortcut-fe(SFE):fix * kernel:net:revert something * ecache:fix Co-authored-by: Alexey <4653240-dm38@users.noreply.gitlab.com> * transmission: bump to 3.00 * XY-C1: enable transmission * dev_init.sh: setup htop default color * mt7615: enable "PowerUpenable" * XY-C1: enable RAETH_GMAC2 * wireguard: add wireguard-go & wireguard-tools * AriaNg: bump to 1.1.7 * mt7615: disable "PowerUpenable" * redsocks: add missing sources * add 3proxy-0.9.3 * kernel: exfat: Fix leak for symbolic link in exfat_lookup While exfat_lookup() for symbolic file, we Should not alloc memory to EXFAT_I(inode)->target since the corredspoding exfat inode info is still is in memory and EXFAT_I(inode)->target has not released yet. If we do so, memory leak would happen. Therefore we only alloc it if not null. Reviewed-by: Ethan Wu <ethanwu@synology.com> Signed-off-by: Chung-Chiang Cheng <cccheng@synology.com> * kernel: exfat: finding dentry faster We don't need to read all the dentry and compare them one by one. Skip reading the useless dentries to fast the dentry finding speed. Also add back the name_hash to compare it more faster. Signed-off-by: Lianwei Wang <lianwei.wang@gmail.com> * MIPS: do_mcheck: Fix kernel code dump with EVA commit 55c723e181ccec30fb5c672397fe69ec35967d97 upstream. If a machine check exception is raised in kernel mode, user context, with EVA enabled, then the do_mcheck handler will attempt to read the code around the EPC using EVA load instructions, i.e. as if the reads were from user mode. This will either read random user data if the process has anything mapped at the same address, or it will cause an exception which is handled by __get_user, resulting in this output: Code: (Bad address in epc) Fix by setting the current user access mode to kernel if the saved register context indicates the exception was taken in kernel mode. This causes __get_user to use normal loads to read the kernel code. Signed-off-by: James Hogan <james.hogan@imgtec.com> Cc: Markos Chandras <markos.chandras@imgtec.com> Cc: Leonid Yegoshin <leonid.yegoshin@imgtec.com> Cc: linux-mips@linux-mips.org Patchwork: https://patchwork.linux-mips.org/patch/10777/ Signed-off-by: Ralf Baechle <ralf@linux-mips.org> Signed-off-by: Luis Henriques <luis.henriques@canonical.com> * mtd: jedec_probe: Fix crash in jedec_read_mfr() * pppd: Fix sign-extension when displaying bytes in octal print_string() displays characters as \\%.03o but without first casting it from "char" to "unsigned char" so it gets sign-extended to an int. This causes output like \37777777630 instead of \230. Signed-off-by: Philip A. Prindeville <philipp@redfish-solutions.com> * pppd: ipxcp: Prevent buffer overrun on remote router name This fixes an if condition to prevent a possible 1-byte overrun on ipxcp_hisoptions[0].name. Reported-by: "Sabas Rosales, Blanca E" <blanca.e.sabas.rosales@intel.com> Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: pppdump: Eliminate printf format warning by using %zd Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: Fix printing call in print_option() print_option() was in this case passing p/opt->addr2 as the format string instead of the string to be printed (as a quoted string). That could lead to a nasty crash. Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: Fix compile warning due to comparing pointer to NUL character Evidently this means to check for arg pointing to an empty string, not arg being NULL, since the ensuing error talks about the variable name being missing. Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: Don't try to free(NULL - 1) A logic bug in update_script_environment() means that it can call remove_script_env() even when the variable being removed is not present in the script_env array. The result of that is that remove_script_env() will call free() with argument NULL - 1. To fix this, we avoid calling remove_script_env() in this case. Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: remove warning: this ‘if’ clause does not guard... * pppd: magic: Remove K&R style of arguments The __P() macro does not exist in libmusl so I switched magic.{c,h} to using the std-c argument style, which had already been used in some functions. Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be> Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: pppoe: Remove the use of cdefs sys/cdefs.h contains the __P() macro. The header doesn't exist in my musl toolchain, the __P() macro has been obsoleted even by glibc, and it's never used in the code. This commit removes the need for this remainder. Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be> Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: Fix GLIBC version test for non-glibc toolchains Non-glibc toolchains have their include files arranged more similar to newer glibc's than to older. Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be> Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: Fix a typo in comment. Diff from Yuuichi Someya. * pppd: Change include from sys/errno.h to errno.h According to POSIX, the canonical location for errno.h is on the top level. Signed-off-by: Stefan Nickl <Stefan.Nickl@gmail.com> * pppd: fix printing of DNS/WINS addresses Options "ms-dns" and "ms-wins" may be specified several times. This allows the second occurrence to be printed. Signed-off-by: Nathan Hintz <nlhintz@hotmail.com> * pppd: Check tdb pointer before closing Check that pointer to the tdb is not NULL before calling tdb_close(). It is possible that the file could not be opened/created due to permission issues. This change prevents the crash that happens in that case. Signed-off-by: Alfonso Sánchez-Beato <alfonso.sanchez-beato@canonical.com> * pppd: Limit memory accessed by string formats with max length specified Currently, calls to [v]slprintf that have a string format (%s, %v, %q) with a maximum length specified (e.g. %.20s) do a strlen() on the string, and can therefore access memory beyond the maximum length specified. If the string is not null-terminated, this could result in an out-of-bounds read. This makes vslprintf use strnlen() in cases where a maximum length has been specified, so that we don't access the string beyond the maximum length that was given. Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: Make sure word read from options file is null-terminated If a word read from an options file was longer than MAXWORDLEN, we could pass it to option_error() without null termination, which could have lead to an out-of-bounds access in vslprintf. Make sure word[] is null terminated in all cases. Reported-by: Florian Kohnhäuser <florian@kohnhaeuser.com> Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: plugins/rp-pppoe: Make tag parsing loop condition more accurate The loop in parsePacket() that parses the tags in a received PPPoE packet uses a loop condition that checks if there is at least one more byte to be read; however, the tag header is 4 bytes. Thus it could read 3 bytes past the end of the received data. However, there is no possibility of reading past the end of the packet->payload array, since we previously checked that len <= ETH_JUMBO_LEN (which is sizeof(packet->payload)) - 6. Also, the tag length check will always fail (except for a tag type of TAG_END_OF_LIST, which terminates processing). This fixes the loop condition to require at least 4 bytes remaining, so that we know that the tag header is within the received data. Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: Avoid use of strnlen (and strlen) in vslprintf Commit b311e98b ("pppd: Limit memory accessed by string formats with max length specified") added calls to strnlen() in vslprintf(). Unfortunately, strnlen() is not provided in some standard C libraries. This changes the code to avoid using strnlen(). Using the observation that the number of characters we can use from the input string is bounded by buflen, the number of bytes of output buffer available, we can also avoid doing strlen() on a potentially long string. Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: Ignore received EAP messages when not doing EAP This adds some basic checks to the subroutines of eap_input to check that we have requested or agreed to doing EAP authentication before doing any processing on the received packet. The motivation is to make it harder for a malicious peer to disrupt the operation of pppd by sending unsolicited EAP packets. Note that eap_success() already has a check that the EAP client state is reasonable, and does nothing (apart from possibly printing a debug message) if not. Signed-off-by: Paul Mackerras <paulus@ozlabs.org> * pppd: Accept Malformed Windows Success Message (hanwckf#156) Windows Server 2019 skip a space when sending a success message. This commit accepts such a malformed message and continues normally. Signed-off-by: Yannay Linveh <yannayl@gmail.com> Signed-off-by: yannayl <yannayl@users.noreply.github.com> * pppd: Various fixes for errors found by coverity static analysis (hanwckf#109) Fixes hanwckf#108 Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com> * pppd: remove warning: implicit declaration of function 'inet_ntoa' * pppd: Fix ccp_cilen calculated size if both deflate_correct and deflate_draft are enabled This fixes a bug where ccp_cilen() will return 4 bytes less than necessary for the addci buffer if both deflate_correct and deflate_draft are enabled. Signed-off-by: Sylvain Rochet <gradator@gradator.net> Signed-off-by: Paul Mackerras <paulus@samba.org> * wing/ss: script: set ulimit nofiles to 65536 * libs: fix redsocks dependence * p910nd,wpa_supplicant,lldt: apply patches from wive-ng-mt * configs: remove "CONFIG_TOOLCHAIN_DIR" in templates, add toolchain.inc * fix gcc warnings * update README.md * github-actions: update * build_firmware_ci: fix * 802.1x, samba36, wireless_tools: fix sizeof-pointer-memaccess warnings * NEWIFI3: enable transmission * user: fix CFLAGS * comgt, dosfstools, libdisk, rc: fix format-overflow warnings * transmission: make with multiple jobs * openssl: fix CFLAGS & LDFLAGS * vendor: CFLAGS: add -Wno-unused * transmission: fix build * rc: dnsmasq: Maximum number of concurrent DNS queries set to 512 (solution to the problem of long opening of some sites) * vsftpd: fix uninitialized variable error * rc: fixed export to nfs ipv6 * uclibc-ng: drop unneeded support ld.so.cache * openssl: fix CPUFLAG * trunk: remove useless .config clean_tree: fix errors * openvpn: disable lz4 * openssl: bump to 1.1.1 curl, libws, httpd, njit-client, ttyd, wpa_supplicant: migrate to openssl 1.1.1 libuv: add for ttyd * njit-client: using the original source * kernel: fix the problem of repeated compilation * clean_tree_{simple}: cleanup * libwebsocket: add missing libwebsockets-evlib_uv.so * busybox: fix the problem of repeated compilation * libws: fix LWS_INSTALL_LIBDIR * www: adapt for mobile UI (hanwckf#531) add mobile ui tweak * libncurses: bump to 6.2 libncurses: fix terminfo installation errors * PSG1218: disable ss/dns-forwarder to reduce fw size * vendor: remove useless EEPROM bin files vendor: cleanup config.arch & Makefiles * openssl: disable sm2 sm3 sm4 ciphers * build_firmware: tweak kernel-config * openssl: fix make clean * boards: add support for XIAOMI Mi-3C (hanwckf#533) * Include XIAOMI Mi-3C config files * Update README.md Included MI-3C and updated package list for Debian/Ubuntu (instead of "python-docutils" the package "python3-docutils" is required) * Update README.md For Debian/Ubuntu the package needs to be "python3-docutils" instead of "python-docutils" Co-authored-by: root <root@administrator> * WDR7300: update to mt7615-5.0.4.0 * build_firmware_modify: cleanup * vendor: fix load address * mt7615: remove 5.0.3.0 driver * mt7620: using mt76x2(3.0) driver instead of rt2860v2(2.7) * 5K-W20, MI-MINI, OYE-001: disable RT2880_FLASH_AUTO * update README.md * vendor: Makefile: cleanup * ss:bump to 3.3.5 (hanwckf#534) * openssl: prefer chacha20 over aes-gcm openssl: tweak config www: update * libs: add boost-1.72.0 (prebuilt for mipsel) trojan: add source * www: 手机/平板模式v3 (hanwckf#542) * Update state.js better mobile style * Update state.js logo 在正中间了 符合执行顺序,效率更高 不影响jQuery.js更新 * Update Logout.asp 修改适合手机及平板 * Update state.js 修正手机显示 更改菜单添加方式,和显示方式,方便 添加插件 说明见注释 * Update state.js 添加注释 * Update README.md (hanwckf#549) * boards: add support for zte-e8820s (hanwckf#551) * Update state.js (hanwckf#554) 删掉菜单分级,改回之前样式 * Revert "Update state.js (hanwckf#554)" This reverts commit 380363e. * Revert "www: 手机/平板模式v3 (hanwckf#542)" This reverts commit 23286e8. * Add udpxy_renew_period nvram key to set udpxy param "-M : periodically renew multicast subscription (skip if 0 sec) [default = 0 sec]", and set its default value to 120 to avoid IPTV broken after 4 minutes (hanwckf#569) * redsocks:fixes hanwckf#567 (hanwckf#576) add missing depend libevent_core-2.1.so.6 * dropbear: backport CVE-2018-15599,CVE-2018-20685 fix (hanwckf#582) * dropbear:Wait to fail invalid usernames,fix CVE-2018-15599 Change handling of failed authentication to avoid disclosing valid usernames, CVE-2018-15599. * dropbear:Port OpenSSH CVE-2018-20685 fix * busybox: Added lost part of "fix the problem of repeated compilation" (hanwckf#583) before: Feb 7 02:50:33 syslogd started: BusyBox v Feb 7 02:50:33 K2P: firmware version: 3.4.3.9-099 Feb 7 02:50:33 kernel: klogd started: BusyBox v (2021-02-06 18:35:55 UTC) after: Jan 11 13:29:58 syslogd started: BusyBox v1.24.2 Jan 11 13:29:58 K2P: firmware version: 3.4.3.9-099 Jan 11 13:29:58 kernel: klogd started: BusyBox v1.24.2 (2021-02-07 06:04:27 UTC) * github-actions: build XY-C1 * dnsmasq: Backport some security updates and bump to 2.80 (hanwckf#573) This fixes the following security problems in dnsmasq: * CVE-2020-25681: Dnsmasq versions before 2.83 is susceptible to a heap-based buffer overflow in sort_rrset() when DNSSEC is used. This can allow a remote attacker to write arbitrary data into target device's memory that can lead to memory corruption and other unexpected behaviors on the target device. * CVE-2020-25682: Dnsmasq versions before 2.83 is susceptible to buffer overflow in extract_name() function due to missing length check, when DNSSEC is enabled. This can allow a remote attacker to cause memory corruption on the target device. * CVE-2020-25683: Dnsmasq version before 2.83 is susceptible to a heap-based buffer overflow when DNSSEC is enabled. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap- allocated memory. This flaw is caused by the lack of length checks in rtc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in Dnsmasq, resulting in a Denial of Service. * CVE-2020-25684: A lack of proper address/port check implemented in Dnsmasq version < 2.83 reply_query function makes forging replies easier to an off-path attacker. * CVE-2020-25685: A lack of query resource name (RRNAME) checks implemented in Dnsmasq's versions before 2.83 reply_query function allows remote attackers to spoof DNS traffic that can lead to DNS cache poisoning. * CVE-2020-25686: Multiple DNS query requests for the same resource name (RRNAME) by Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS traffic, using a birthday attack (RFC 5452), that can lead to DNS cache poisoning. * CVE-2020-25687: Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rtc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of Service. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org> Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de> * dnsmasq: adapt project (hanwckf#587) * kernel: set LINUX_COMPILE_BY & LINUX_COMPILE_HOST automatically * kernel: fix missing part of commit "11b11c1" * curl: bump to 7.75.0 * Dropbear: update to 2020.81 (hanwckf#590) * dropbear:update to 2020.81 * dropbear: add generate ed25519_host_key * dropbear: add firmware specific patch Signed-off-by: Alexey <4653240-dm38@users.noreply.gitlab.com> * dropbear:apply original patches Signed-off-by: Oleg Sviridov <developermzrip@gmail.com> * transmission: fix build fails with autoconf 2.70 * boards: Add new device (hanwckf#628) add xiaomi-R4A, NETGEAR R6220, NETGEAR R6800 Co-authored-by: root <meisreallyba@gmail.com> * fix something (hanwckf#629) Co-authored-by: root <meisreallyba@gmail.com> * boards: add Xiaomi-R3P (hanwckf#630) Co-authored-by: root <meisreallyba@gmail.com> * MI-R4A: rename * MI-R3P: add description for MI-R3P-breed.config * mt7603: remove noisy log * Revert "www: adapt for mobile UI (hanwckf#531)" This reverts commit 3748660. * www: fix trans * templates: disable ss/dns-forwarder due to regulations * templates: disable scutclient/mentohust by default * boards: enable ubifs for nand boards * boards: B70, E8820S, MI-3, MI-R3G, MI-R3P, RM2100: resize partitions Note: After upgrading this firmware, all configuration data WILL BE LOST! 注意:升级该固件后,所有的配置信息都会丢失! kernel+rootfs(24M),config(512k),storage(4M) * mtd: add xiaomi nand parts See linux-3.4.x/drivers/mtd/ralink/ralink-nand-map-xiaomi.h * update README.md * Shadowsocks: simple lan acl (hanwckf#602) - 修改ipset ss_spec_src*类型从hash:mac变成hash:net,ip地址做acl更方便 - 降低ss_spec_src_bp的优先级,这样可以bypass整个lan地址段而只对指定lan ip代理 * openssl: bump to 1.1.1j (hanwckf#595) * openssl: bump to 1.1.1j This fixes 4 security vulnerabilities/bugs: - CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support SSLv2, but the affected functions still exist. Considered just a bug. - CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. - CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it was failing to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. - Fixed SRP_Calc_client_key so that it runs in constant time. This could be exploited in a side channel attack to recover the password. The 3 CVEs above are currently awaiting analysis. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: CN_SZTL <cnsztl@project-openwrt.eu.org> * openssl: bump to 1.1.1k This version fixes 2 security vulnerabilities, among other changes: - CVE-2021-3450: problem with verifying a certificate chain when using the X509_V_FLAG_X509_STRICT flag. - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org> Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com> * htop: fix Makefile * mtk-nand: add "ALL" partition for whole NAND flash * R2100: update templates * boards: mt7615: using 5.0.4.0 driver by default * mtkwifi: sitesurvey: prepare for 11ax wmode * kernel: prepare for mt7915 * kernel: backport skb functions for mt7915 driver * drivers: mtk-wifi: add mt7915-7.3.0.1 * mt7915: apply patches * boards: flush all kernel config * rc, httpd: add support for mt7915 * boards: add xiaomi CR660x * mt7915: fix mt7915d l1profile when driver is build in kernel * boards: CR660x: build mt7915 driver in kernel * rc: fix apcli+ap wmode for mt7915d * www: remove wds wireless mode for mt7915 * mt7915: remove noisy logs * update README.md * github-actions: build CR660x * vendor: Makefile: print nand firmware max size * rc: smp: tune mt7915d smp settings * mtkwifi: apply patches from dm38/padavan-ng * github-actions: add action-tmate for debug purpose * mtkwifi: fix copy-paste bug * inadyn: bump to 2.8.1 inadyn: add support for oray.com DDNS inadyn: add support for netassist ipv6 tunnel inadyn: fix dnspod.cn AAAA record type rc: add support for IPv6 DDNS rc: enable SSL DDNS/checkip for all templates rc: remove asuscomm.com DDNS * mt7915: remove noisy logs * inadyn: fix build * rc: Added load sdhc kernel modules (fix auto mount sd card) * rc: watchdog: don't launch httpd if it is stopped * Update matroskadec.c Исправление логической ошибки * user/apps: add -fvisibility=hidden to reduce size * firmware: fixes for openssl 1.1.1 * openvpn: bump to 2.5.2 * openvpn: drop nsCertType=server Thx to Volt1 * openvpn: add tls-crypt support * openvpn: cosmetic & small fixes Thx to Developer_MZRIP * openvpn: fix ncp and firewall Thx to Developer_MZRIP * openvpn: add support for CHACHA20-POLY1305 * openvpn: update compress settings because of comp-lzo is deprecated * openvpn: replace obsolete --ns-cert-type by --remote-cert-tls * webui: openvpn: add NCP Ciphers List. * rc: fix empty check ovpn ncp ciphers list. * webui: openvpn: add tls-crypto-v2 managment. * openvpn: webui: add ED25519 and ED448 keys. change signature * kernel: fix GPIO Read-Modify-Write potencial problem fix reset MT7603 * kernel: mips: fix an off-by-one in dma_capable This makes it match the generic version. Reported-by: Vladimir Murzin <vladimir.murzin@arm.com> Signed-off-by: Christoph Hellwig <hch@lst.de> * kernel: mtd: nand: Fix writing mtdoops to nand flash. commit 30863e38ebeb500a31cecee8096fb5002677dd9b upstream. When mtdoops calls mtd_panic_write(), it eventually calls panic_nand_write() in nand_base.c. In order to properly wait for the nand chip to be ready in panic_nand_wait(), the chip must first be selected. When using the atmel nand flash controller, a panic would occur due to a NULL pointer exception. Fixes: 2af7c6539931 ("mtd: Add panic_write for NAND flashes") Signed-off-by: Brent Taylor <motobud@gmail.com> Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com> [bwh: Backported to 3.2: adjust context] Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: Oleg Sviridov <developermzrip@gmail.com> * pppoe: only process PADT targeted at local interfaces We don't want to disconnect a session because of a stray PADT arriving while the interface is in promiscuous mode. Furthermore, multicast and broadcast packets make no sense here, so only PACKET_HOST is accepted. Reported-by: David Balažic <xerces9@gmail.com> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Guillaume Nault <gnault@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> * kernel: ubi: Put MTD device after it is not used The MTD device reference is dropped via put_mtd_device, however its field ->index is read and passed to ubi_msg. To fix this, the patch moves the reference dropping after calling ubi_msg. Signed-off-by: Pan Bian <bianpan2016@163.com> Reviewed-by: Boris Brezillon <boris.brezillon@bootlin.com> Signed-off-by: Richard Weinberger <richard@nod.at> * kernel: ubifs: Check for name being NULL while mounting The requested device name can be NULL or an empty string. Check for that and refuse to continue. UBIFS has to do this manually since we cannot use mount_bdev(), which checks for this condition. Fixes: 1e51764a3c2ac ("UBIFS: add new flash file system") Reported-by: syzbot+38bd0f7865e5c6379280@syzkaller.appspotmail.com Signed-off-by: Richard Weinberger <richard@nod.at> * kernel: ubifs: Remove unneeded semicolon delete redundant semicolon Signed-off-by: Ding Xiang <dingxiang@cmss.chinamobile.com> Signed-off-by: Richard Weinberger <richard@nod.at> * kernel: ubifs: Simplify redundant code cbuf's size can be simply assigned. Signed-off-by: Liu Song <liu.song11@zte.com.cn> Reviewed-by: Jiang Biao <jiang.biao2@zte.com.cn> Signed-off-by: Richard Weinberger <richard@nod.at> * kernel: ubifs: fix use-after-free on symlink traversal free the symlink body after the same RCU delay we have for freeing the struct inode itself, so that traversal during RCU pathwalk wouldn't step into freed memory. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> * kernel: ubifs: Fix default compression selection in ubifs When ubifs is build without the LZO compressor and no compressor is given the creation of the default file system will fail. before selection the LZO compressor check if it is present and if not fall back to the zlib or none. Signed-off-by: Gabor Juhos <juhosg@openwrt.org> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Signed-off-by: Richard Weinberger <richard@nod.at> * kernel: ubifs: Fix memory leak in lprobs self-check Allocate the buffer after we return early. Otherwise memory is being leaked. Cc: <stable@vger.kernel.org> Fixes: 1e51764a3c2a ("UBIFS: add new flash file system") Signed-off-by: Richard Weinberger <richard@nod.at> * kernel: ubifs: Fix compilation after "Fix default compression selection in ubifs" (old kernel) * www: update ovpn trans * boards: enable openvpn and openssl bin * fix issue hanwckf#639 * clear_tree_simple: clean libtirpc to prevent ci build error * www: update dict trans * mt7915: remove noisy logs * scripts: add rwfs2ubi.sh to create ubifs at RWFS partition * rwfs2ubi.sh: fix typo * mt7915: remove noisy logs * mt7915: remove noisy log * mt7915: remove noisy logs * tools: update depmod.sh * htop: Update Makefile (hanwckf#644) Co-authored-by: SmartFxxker <25600161+lvyouang@users.noreply.github.com> * boards: add support for JCG Q20 (hanwckf#650) * boards: fix esw & NETGEAR-BZV leds * add smartdns (hanwckf#645) * boards: revert BOARD_NUM_ETH_LEDS * MI-R3P: fix front leds (hanwckf#652) * makefile: fix typo * boards: fix board CFLAGS * www: fix ez button params * mt7615: update to MT7622_7615_SoftAP_5.0.5.1_85befc_20200629 * mt7915: fix kconfig * boards: bump mt7615/mt7915 kernel config * rc: fix mt7615 ACS alg * mt7615: update n9 fw to 20200814163649, cr4 fw to 20190121161307 copy from openwrt/mt76 * rc: fix mt7615 UAPSDCapable config * rc: fix mt7915 wifi6 related configs * mt7615: revert cr4 fw to 20190415154149 (MT7622_7615_SoftAP_5.0.4.0_bb5ba3_20190503) * openvpn: fix build * boards: MI-R3P: fix kernel configs * rc: check AssocReqRssiThres & KickStaRssiLow is vaild * shared: enable WMM by default * rc: allow kickrssi/assocrssi equal to zero * boards: add support for XIAOMI Mi-4 (hanwckf#671) * boards: add support for XIAOMI Mi-4 * boards: add support for XIAOMI Mi-4 * Update kernel-3.4.x.config * Alignment of the settings of other templates Following configurations were set to "y": CONFIG_FIRMWARE_INCLUDE_MINIEAP=y CONFIG_FIRMWARE_INCLUDE_NJIT_CLIENT=y * update github-actions Co-authored-by: hanwckf <hanwckf@vip.qq.com> Co-authored-by: Yonsm <Yonsm@qq.com> Co-authored-by: lissom <kkjoy2617@gmail.com> Co-authored-by: AmadeusGhost <42570690+AmadeusGhost@users.noreply.github.com> Co-authored-by: JuanLinn <64671466+JuanLinn@users.noreply.github.com> Co-authored-by: Yh793 <69706356+Yh793@users.noreply.github.com> Co-authored-by: Alexey <4653240-dm38@users.noreply.gitlab.com> Co-authored-by: AlphaAnother <17845460+AlphaAnother@users.noreply.github.com> Co-authored-by: Peter Huang <peterh@synology.com> Co-authored-by: Lianwei Wang <lianwei.wang@gmail.com> Co-authored-by: Philip A. Prindeville <philipp@redfish-solutions.com> Co-authored-by: Paul Mackerras <paulus@samba.org> Co-authored-by: Paul Mackerras <paulus@ozlabs.org> Co-authored-by: Vegard Nossum <vegard.nossum@oracle.com> Co-authored-by: Oleg Sviridov <developermzrip@gmail.com> Co-authored-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be> Co-authored-by: YASUOKA Masahiko <yasuoka@yasuoka.net> Co-authored-by: Stefan Nickl <Stefan.Nickl@gmail.com> Co-authored-by: Nathan Hintz <nlhintz@hotmail.com> Co-authored-by: Alfonso Sánchez-Beato <alfonso.sanchez-beato@canonical.com> Co-authored-by: yannayl <yannayl@users.noreply.github.com> Co-authored-by: Jaroslav Škarvada <jskarvad@redhat.com> Co-authored-by: Sylvain Rochet <gradator@gradator.net> Co-authored-by: Maxim Anisimov <maxim.anisimov.ua@gmail.com> Co-authored-by: xtr3mz <xtr3mz@gmail.com> Co-authored-by: minax007 <67478561+minax007@users.noreply.github.com> Co-authored-by: root <root@administrator> Co-authored-by: PaPerseller <huseraph@gmail.com> Co-authored-by: liuyunwuhen <liuyunwuhen@gmail.com> Co-authored-by: dylan8888 <37317524+dylan8888@users.noreply.github.com> Co-authored-by: CN_SZTL <22235437+1715173329@users.noreply.github.com> Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de> Co-authored-by: padavanonly <83120842+padavanonly@users.noreply.github.com> Co-authored-by: root <meisreallyba@gmail.com> Co-authored-by: Kangyi Cui <392083349@qq.com> Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com> Co-authored-by: Иван Сигаев <senpoliai@gmail.com> Co-authored-by: Christoph Hellwig <hch@lst.de> Co-authored-by: Brent Taylor <motobud@gmail.com> Co-authored-by: Sergey Aleynikov <sergey.aleynikov@gmail.com> Co-authored-by: Pan Bian <bianpan2016@163.com> Co-authored-by: Richard Weinberger <richard@nod.at> Co-authored-by: Ding Xiang <dingxiang@cmss.chinamobile.com> Co-authored-by: Liu Song <liu.song11@zte.com.cn> Co-authored-by: Al Viro <viro@zeniv.linux.org.uk> Co-authored-by: Gabor Juhos <juhosg@openwrt.org> Co-authored-by: SmartFxxker <25600161+wingslu@users.noreply.github.com> Co-authored-by: SmartFxxker <25600161+lvyouang@users.noreply.github.com> Co-authored-by: blioild <56418022+blioild@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.