OpenVPN assumes that its control channel messages are sent and received
unfragmented, this assumption is broken when CBC record splitting is
enabled in mbedTLS.
The record splitting is intended as countermeasure against BEAST attacks
which do not apply to OpenVPN, therefore we simply disable it until
upstream OpenVPN gains the ability to process fragmented control
messages.
Disabling the splitting also works around a (not remotely triggerable)
segmentation fault in mbedTLS.
References:
* https://dev.openwrt.org/ticket/19101
* https://community.openvpn.net/openvpn/ticket/524
* https://github.com/ARMmbed/mbedtls/pull/185
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45602 3c298f89-4303-0410-b956-a3cf2f4a3e73
This reverts commit ff84c27a281bc19df19bc62ee8688cca5586f6e3.
This tool has really broken size handling (many values hardcoded), it
crashes right now in case of NVRAM not filling whole MTD partition.
Conflicts:
package/utils/nvram/src/nvram.h
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45579 3c298f89-4303-0410-b956-a3cf2f4a3e73
The loop was giving up too early as it never expected NVRAM smaller
than 0x10000.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45578 3c298f89-4303-0410-b956-a3cf2f4a3e73
This reverts r43204. The symlinks are faulty, as they point to a
temporary staging dir
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45569 3c298f89-4303-0410-b956-a3cf2f4a3e73
For years Broadcom devices use 64 KiB NVRAM partition size and some of
them indeed have it filled in more than 50%. This change allows handling
whole NVRAM e.g. on Netgear WNDR4500 and Netgear R8000.
The same fix was applied to kernel in upstream commit 6ab7c29.
Reported-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45566 3c298f89-4303-0410-b956-a3cf2f4a3e73
Otherwise writing anything will result in loosing data.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45565 3c298f89-4303-0410-b956-a3cf2f4a3e73
We don't have broadcom-diag for months or years now and the correct
solution is to simply don't have "nvram" partition on WGT634U anyway.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45564 3c298f89-4303-0410-b956-a3cf2f4a3e73
Sytax of /proc/mtd is following:
dev: size erasesize name
which means that sscanf "mtd%d: %08x" reads size, not erasesize.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45563 3c298f89-4303-0410-b956-a3cf2f4a3e73
Path /dev/mtdblock%d is used for years now.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45562 3c298f89-4303-0410-b956-a3cf2f4a3e73
New revision adds transmit frame rate info
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45560 3c298f89-4303-0410-b956-a3cf2f4a3e73
instead of failing when authsae is not installed, also try using
wpa_supplicant as the newly added -mesh variants support mesh mode
and SAE encryption.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45520 3c298f89-4303-0410-b956-a3cf2f4a3e73
The most significant change from the previous version is the trimming of
the 300-ip_tiny.patch to lib/utils.c where a section previously patched
had vanished. That section of the patch was removed.
Built and lightly tested on ar71xx against uClibc and musl.
Signed-off-by: Russell Senior <russell@personaltelco.net>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45512 3c298f89-4303-0410-b956-a3cf2f4a3e73
