this patch consolidates the amd64-microcode
(moved to linux-firmware.git, previously this was an extra
debian source package download), amdgpu and radeon firmwares
into a shared "amd" makefile.
With the upcoming 20211216 linux-firmware bump,
this will include a microcode update for ZEN 3 CPUs.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The rtl8723bs firmware was removed and a symlink to the rtl8723bu
firmware was created like it is done in upstream linux-firmware.
The following OpenWrt packages are changing:
* amdgpu-firmware: Multiple updates and new files
* ar3k-firmware: Multiple updates and new files
* ath10k-firmware-qca6174: Updated ath10k/QCA6174/hw3.0/board-2.bin
* bnx2x-firmware: Added bnx2x-e1-7.13.21.0.fw, bnx2x-e1h-7.13.21.0.fw and bnx2x-e2-7.13.21.0.fw
* iwlwifi-firmware-iwl8260c: Updated iwlwifi-8000C-36.ucode
* iwlwifi-firmware-iwl8265: Updated iwlwifi-8265-36.ucode
* iwlwifi-firmware-iwl9000: Updated iwlwifi-9000-pu-b0-jf-b0-46.ucode
* iwlwifi-firmware-iwl9260: Updated iwlwifi-9260-th-b0-jf-b0-46.ucode
* r8169-firmware: Updated rtl8153c-1.fw
* rtl8723bs-firmware: removed
* rtl8723bu-firmware: Added rtlwifi/rtl8723bs_nic.bin symlink
* rtl8822ce-firmware: Updated rtw8822c_fw.bin
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
We were missing (not using) the last sector of each partition,
compared with the output of gparted.
Signed-off-by: Javier Marcet <javier@marcet.info>
[moved the dot]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The http://www.us.tcpdump.org mirror will go offline soon, only use the
normal download URL.
Reported-by: Denis Ovsienko <denis@ovsienko.info>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
Backport an upstream patch that adds support for ELFv2 ABI on big endian
ppc64. As musl only supports ELFv2 ABI on ppc64 regardless of
endianness, this is required to be able to build OpenSSL for ppc64be.
Modify our targets patch to add linux-powerpc64-openwrt, which will use
the linux64v2 perlasm scheme. This will probably break the combination
ppc64 with glibc, but as we really only want to support musl, this
shouldn't be a problem.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
Co-authored-by: Stijn Tintel <stijn@linux-ipv6.be>
I updated the link for downloading Windows client to download the latest
currently available version instead of using beta version, which is not
good to use in production.
Also, the macOS link led to the OpenVPN server, which was wrong. It should
be a client. It was updated to the latest version as well.
fixing linking error when --enable-devcrypto=yes
fixes: 7d92bb050961 wolfssl: update to 4.8.1-stable
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
It's the default anyway and this just looks confusing, as if it wasn't.
Switch to AUTORELEASE while at it.
The binary size is unchanged.
Signed-off-by: Andre Heider <a.heider@gmail.com>
This gates out anything that might introduce semantically frivolous jitter,
maximizing chance of identical object files.
The binary size shrinks by 8kb:
1244352 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
Signed-off-by: Andre Heider <a.heider@gmail.com>
"Alternate certification chains, as oppossed to requiring full chain
validataion. Certificate validation behavior is relaxed, similar to
openssl and browsers. Only the peer certificate must validate to a trusted
certificate. Without this, all certificates sent by a peer must be
used in the trust chain or the connection will be rejected."
This fixes e.g. uclient-fetch and curl connecting to servers using a Let's
Encrypt certificate which are cross-signed by the now expired
DST Root CA X3, see [0].
This is the recommended solution from upstream [1].
The binary size increases by ~12.3kb:
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
[0] https://github.com/openwrt/packages/issues/16674
[1] https://github.com/wolfSSL/wolfssl/issues/4443#issuecomment-934926793
Signed-off-by: Andre Heider <a.heider@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
Changes from 4.7.0:
Fix one high (OCSP verification issue) and two low vulnerabilities
Improve compatibility layer
Other improvements and fixes
For detailed changes refer to https://github.com/wolfSSL/wolfssl/releases
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
from https://git.kernel.org/pub/scm/network/iproute2/iproute2.git
changes since 5.14.0:
ad3a118f rdma: Fix SRQ resource tracking information json
7a235a10 man: devlink-port: fix pfnum for devlink port add
229eaba5 uapi: pickup fix for xfrm ABI breakage
a500c5ac lib/bpf: fix map-in-map creation without prepopulation
7c032cac man: devlink-port: remove extra .br
04ee8e6f man: devlink-port: fix style
14802d84 man: devlink-port: fix the devlink port add synopsis
897772a7 cmd: use spaces instead of tabs for usage indentation
e7a98a96 mptcp: unbreak JSON endpoint list
2f5825cb lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists
d756c08a tc/f_flower: fix port range parsing
92e32f77 uapi: updates from 5.15-rc1
e7e0e2ce iptuntap: fix multi-queue flag display
deef844b man: ip-link: remove double of
a3272b93 configure: restore backward compatibility
ceba5930 tree-wide: fix some typos found by Lintian
7a705242 ip: remove leftovers from IPX and DECnet
8ab1834e uapi: update headers from 5.15 merge
6d0d35ba ip/bond: add lacp active support
926ad641 Update kernel headers
c730bd0b ip/tunnel: always print all known attributes
df8912ed ipioam6: use print_nl instead of print_null
7e7270bb tc/skbmod: Introduce SKBMOD_F_ECN option
86c596ed IOAM man8
2d83c710 New IOAM6 encap type for routes
f0b3808a Add, show, link, remove IOAM namespaces and schemas
acbdef93 Import ioam6 uapi headers
2d6fa30b Update kernel headers
508ad89c ipneigh: add support to print brief output of neigh cache in tabular format
* update patch 170-ip_tiny.patch to accomodate ioam.
Signed-off-by: Russell Senior <russell@personaltelco.net>
Co-authored-by: Russell Senior <russell@personaltelco.net>
Fix the return value, shell return codes should be 0 to indicate success
(i.e. mount point found), 1 should be failure (i.e. mount point not-found).
Fixes: ac4e8aa ("dnsmasq: fix more dnsmasq jail issues")
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
Co-authored-by: Oldřich Jedlička <oldium.pro@gmail.com>
* dnsmasq: add ubus acl to allow calls to hotplug.tftp object
dnsmasq may call hotplug.dhcp, hotplug.neigh and hotplug.tftp.
Only the first two callees were listed in the ACL, so add missing
hotplug.tftp.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: fix the dynamic dns object names patch
We can't use booleans, since we're not including stdbool.h. Use integers
instead.
Fixes: 0b79e7c01e ("dnsmasq: generate the dns object name dynamically")
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Rui Salvaterra <rsalvaterra@gmail.com>
Add pdptype param, for selecting IPv4, IPv6, or IPv4v6
Fix check for required PIN, only pin1 (SIM pin) matters
Get IP config directly from modem, no need for DHCP
Fix return value from proto_mbim_setup()
Signed-off-by: Howard Chu <hyc@symas.com>
* dnsmasq: add support for monitoring and modifying dns lookup results via ubus
The monitoring functionality will be used for dns rule support in qosify
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: add match_tag for --dhcp-host
A set of tags can be specified for --dhcp-host option to restrict the
assignment to the requests which match all the tags.
Example usage:
config vendorclass
option networkid 'udhcp'
option vendorclass 'udhcp'
config host
option mac '*:*:*:*:*:*'
list match_tag 'switch.10'
list match_tag 'udhcp'
option ip '192.168.25.10'
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Paul Fertser <fercerpav@gmail.com>
* ramips: add support for Beeline(Sercomm) U-Boot
- Add recipe for several Beeline/Sercomm devices (e.g., Beeline SmartBox
GIGA, Beeline SmartBox Turbo+, Sercomm S3) that appends special header
to a kernel.
- Add device variables KERNEL_LOADADDR, LZMA_TEXT_START. It's also
necessary for the devices mentioned above.
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
(cherry picked from commit 6240da24f4c1442b0f750f06be512f630b0bc6c8)
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
* ramips: Add support for Beeline SmartBox TURBO+
This PR adds support for router Beeline Smart Box TURBO+.
OEM/ODM Serсomm. Almost identical to Serсomm S3.
Specification
-------------
SoC Type: MediaTek MT7621AT (880 MHz, 2 cores)
RAM (Nanya NT5CC64M16GP): 128 MiB
Flash (Macronix MX30LF1G18AC): 128 MiB
Wireless 2.4 GHz (MT7603EN): b/g/n, 2x2
Wireless 5 GHz (MT7615N): a/n/ac, 4x4
Ethernet: 5 ports - 5×GbE (WAN, LAN1-4)
USB ports: 1xUSB3.0
Buttons: 2 button (reset, wps)
LEDs: Red, Green, Blue
Zigbee (EFR32MG1B232GG): 3.0
Stock bootloader: U-Boot 1.1.3
Power: 12 VDC, 1.5 A
Installation
------------
Attach serial console, then boot the initramfs image via TFTP.
Once inside OpenWrt, run sysupgrade -n with the sysupgrade file.
Signed-off-by: Maximilian Weinmann <x1@disroot.org>
(cherry picked from commit d1f294521bd8bc462c76e09c57a5c8b0600170cd)
(factory recipe from a2cfe339995467308c9126c3d0f70d2a28aeb073)
(big NAND from e6e5837a625ba09e286a5bde05f2ce581cfbeab7)
(removed nvmem cells, fixed conflicts)
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
* ramips: add Sercomm partition map parser
This adds an MTD partition parser for the Sercomm partition table that
is used in some Netgear routers.
This is essentially the same code as proposed in the pull request for
Netgear R6350 support by NOGUCHI Hiroshi <drvlabo@gmail.com>:
https://github.com/openwrt/openwrt/pull/1318
It was originally rejected as it did not seem to work correctly.
However, this was only due the NAND driver transparently shifting pages
to hide bad blocks, which was fixed in commit
527832e54bf3bc4d699a145ae66f34230246f0a9.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[x1@disroot.org: correction from checkpatch.pl]
Signed-off-by: Maximilian Weinmann <x1@disroot.org>
(cherry picked from commit 65e772105f8d5e98a999b836fed794b7415f2741)
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
* ramips: Improve Beeline Smartbox Turbo+ support in lede
Changed switch configuration and a few minor changes.
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
Co-authored-by: Maximilian Weinmann <x1@disroot.org>
Co-authored-by: Jan Hoffmann <jan@3e8.eu>
Build the tc-mod-iptables before the tc-tiny and tc-full packages.
This avoids unnecessary package rebuild when calling make back to back.
Before this change, tc-mod-iptables will be built after the main tc
binary packages.
Both tc-tiny and tc-full depend on tc-mod-ipables. If make is called
after the packages are already built, it will check the timestamps of
both packages, and will rebuild the main binaries, since the module
package will be newer than the tc package.
Calling BuildPackage,mod-iptables first ensures that its variant gets
built before the other packages' variants.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Commit a2fcd3900c ("dnsmasq: improve init script") broke the existing
handling for hosts_dir. Remove the redundant mount again to fix it.
Reported-by: Hartmut Birr <e9hack@gmail.com>
Fixes: a2fcd3900c ("dnsmasq: improve init script")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
Package hostapd-common is a dependency of every other package defined in
hostpad Makefile. It is currently built next to the bottom of that
Makefile's package list.
If you run make back to back, then check-compile will compare the
hostapd-common timestamp to the variant being compiled, to decide if the
varint needs to be rebuilt or not. Since the hostapd-conf package is
built towards the end of the list, it will be newer than most of the
variants, causing unnecessary package rebuilds.
Move it to the top, so that its timestamp will be older than dependent
packages, avoiding unnecessary rebuild of every selected variant.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* fix restart in LuCI (inherited umask was to restrictive)
* make directory of hosts-file (!= /tmp) accessible in ujail
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
Per FHS 3.0, /var/lock is the location for lock files [1].
However its current permissions (755) are too restrictive
for use by unprivileged processes.
Debian and Ubuntu set them to 1777, and now so do we.
[1] <https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#varlockLockFiles>
Signed-off-by: Deomid Ryabkov <rojer@rojer.me>
[fixed typo in commit message, had to remove "rojer" due to git hooks]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Co-authored-by: Deomid Ryabkov <rojer@rojer.me>
* hostapd: fix a race condition on adding AP mode wds sta interfaces
Both hostapd and netifd attempt to add a VLAN device to a bridge.
Depending on which one wins the race, bridge vlan settings might be incomplete,
or hostapd might run into an error and refuse to service the client.
Fix this by preventing hostapd from adding interfaces to the bridge and
instead rely entirely on netifd handling this properly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix up patches after the last commit
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: ubus: fix uninitialized pointer
This fixes passing a bogus non-null pointer to the ubus handler in case
the transition request is rejected.
Signed-off-by: David Bauer <mail@david-bauer.net>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: David Bauer <mail@david-bauer.net>
* hostapd: ubus: add notification for BSS transition response
To allow steering daemons to be aware of the STA-decided transition
target, publish WNM transition responses to ubus. This way, steerings
daemons can learn about STA-chosen targets and send a better selection
of transition candidates.
Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: ubus: add BSS transtiton request method
The existing wnm_disassoc_imminent ubus method only supports issuing a
bss transition request with the disassoc imminent flag set.
For use-cases, where the client is requested to roam to another BSS
without a pending disassoc, this existing method is not suitable.
Add a new bss_transition_request ubus method, which provides a more
universal way to dispatch a transition request. It takes the following
arguments:
Required:
addr: String - MAC-address of the STA to send the request to (colon-seperated)
Optional:
abridged - Bool - Indicates if the abridged flag is set
disassociation_imminent: Bool - Whether or not the disassoc_imminent
flag is set
disassociation_timer: I32 - number of TBTTs after which the client will
be disassociated
validity_period: I32 - number of TBTTs after which the beacon
candidate list (if included) will be invalid
neighbors: blob-array - Array of strings containing neighbor reports as
hex-string
Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix goto loop for ubus assoc handler
When a ubus event handler denies a association with a non-zero return
value, the code jumps to preceeding code, creating an endless loop until
the event handler accepts the assc request.
Move the ubus handler further up the code to avoid creating such a loop.
Signed-off-by: David Bauer <mail@david-bauer.net>
Co-authored-by: David Bauer <mail@david-bauer.net>
The GPIO_DEVICE symbol belonged to a custom driver that was removed from
OpenWrt in 2012. The symbol never existed in the upstream kernel.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Co-authored-by: Stijn Tintel <stijn@linux-ipv6.be>
Nobody ever updates PKG_RELEASE when changing devices or setup in
the various uboot-* packages. Use $(AUTORELEASE) so we still have
proper versioning there.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Co-authored-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
bugfix: in shairport-sync's conf file output_rate should be number form
(except "auto")
bugfix: audio_backend_buffer_desired_length should in "general" section
enhance: option and text imporvement
cleanup: remove invalid options in shairport-sync's conf file generate
Bring the usage in line with the dnsmasq man page and the other options
where set: is mandatory.
No functional change.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Co-authored-by: Paul Fertser <fercerpav@gmail.com>
feature: add allow_session_interruption and session_timeout option
bugfix: restart shairport-sync when new setting submitted on luci
enhance: some text change and file rename
* mac80211: fix HT40 mode for 6G band
The channel offset used for VHT segment calculation was missing for HT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: refresh patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: add missing change for encap offload on devices with sw rate control
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ath9k: owl-loader: remove obsolete AR71XX patch
this is no longer necessary as the AR71XX target
was superseded by ath79.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* mac80211: revert faulty change that was breaking broadcast tx
Fixes: 0f6887972adc ("mac80211: add missing change for encap offload on devices with sw rate control")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: Update to backports-5.10.68
Refresh all patches.
The removed patches were integrated upstream.
This contains fixes for CVE-2020-3702
1. These patches (ath, ath9k, mac80211) were included in kernel
versions since 4.14.245 and 4.19.205. They fix security vulnerability
CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2].
Thank you Josef Schlehofer for reporting this problem.
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702
[2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: backport support for BSS color changes
This is needed for an upcoming mt76 update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Christian Lamparter <chunkeey@gmail.com>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
The dependencies in the repo doesn't meet the minimum requirements for
upgrading to the latest aMule version.
This reverts commit dc43ea2936.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
* hostapd: let netifd set bridge port attributes for snooping
Avoids race conditions on bridge member add/remove
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix segfault when deinit mesh ifaces
In hostapd_ubus_add_bss(), ubus objects are not registered for mesh
interfaces. This provokes a segfault when accessing the ubus object in
mesh deinit.
This commit adds the same condition to hostapd_ubus_free_bss() for
discarding those mesh interfaces.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
* base-files: reduce `sed` calls
The `sed`-script shouldn't be called multiple times, especially not with
the same files.
This commit merges all files together in a single `sed`-script call.
Signed-off-by: Paul Spooren <mail@aparcar.org>
* base-files: reduce number of `mkdir` calls
The `mkdir` commands supports passing multiple arguments to batch create
multiple folders, instead of calling the tool every single time.
If the creation of one of the folders fails, all other folder are still
created and therefore doesn't change the error handling.
Also stop creating `/etc/` explicitly after subfolders of `/etc/` were
already created.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Co-authored-by: Paul Spooren <mail@aparcar.org>
* iproute2: bump to 5.13
Drop patch 185-libbpf-add-limits-h merged upstream
Update patch 170-ip_tiny
Update patch 130-no_netem_tpic_dcb...
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
* iproute2: m_xt.so depends on dynsyms.list
When doing parallel build on a fast machine with bottleneck in i/o,
m_xt.so may start linking faster than dynsyms.list gets populated,
resulting in error:
ld:dynsyms.list:0: syntax error in dynamic list
Fix this by adding dynsyms.list as make dependency to m_xt.so
Described also here:
https://bugs.openwrt.org/index.php?do=details&task_id=3353
Change from v1:
- add dynsysms.list dependancy only when shared libs are enabled
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Fixes: FS#3353
* iproute2: update to 5.14
Update iproute2 to latest stable 5.14; for the changes see https://lwn.net/Articles/867940/
Refresh patches
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Co-authored-by: Ansuel Smith <ansuelsmth@gmail.com>
Co-authored-by: Roman Yeryomin <roman@advem.lv>
Co-authored-by: Hans Dedecker <dedeckeh@gmail.com>
Change the CONFLICTS definition from the alternative package
(ethtool-full) to the main one.
The CONFLICTS line creates a dependency to the conflicting package.
Right now, the dependency would be created in the PACKAGE_ethtool-full
symbol:
config PACKAGE_ethtool-full
depends on m || (PACKAGE_ethtool != y)
When the main package is selected by airmon-ng, it selects
PACKAGE_ethtool, *depending* on the value of PACKAGE_ethtool-full:
config PACKAGE_airmon-ng
select PACKAGE_ethtool if PACKAGE_ethtool-full<PACKAGE_airmon-ng
In the first block, the value of PACKAGE_ethtool-full depends on the
value of PACKAGE_ethtool. In the second block, the opposite is true:
the value of PACKAGE_ethtool depends on the value of
PACKAGE_ethtool-full. This is a recursive dependency.
Fix it by changing the package where the dependency is created, so that
only the value of PACKAGE_ethtool will depend on PACKAGE_ethtool-full.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* hostapd: refresh patches
Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: fix Proxy-ARP with Hotspot 2.0 disabled
The disable_dgaf config fiels is only available in case Hostapd is
compiled with Hotspot 2.0 support, however Proxy-ARP does not depend on
Hotspot 2.0.
Only add the code related to this config field when Hotspot 2.0 is
enabled to fix compilation with the aformentioned preconditions.
Signed-off-by: David Bauer <mail@david-bauer.net>
* hostapd: enable proxy-arp support for hostapd-full
The hostapd.sh script already has support for configuring proxy-ARP,
however no built variant has support for it enabled.
Enable proxy-ARP support for hostapd-full builds in order to allow users
to actually use this feature.
Signed-off-by: David Bauer <mail@david-bauer.net>
Co-authored-by: David Bauer <mail@david-bauer.net>
This version fixes two vulnerabilities:
- SM2 Decryption Buffer Overflow (CVE-2021-3711)
Severity: High
- Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
Severity: Medium
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Co-authored-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
8a8306d uxc.c: fix coverity resource leak warning
7f2398e jail: devices: create parent folder when creating devices
0603c8d jail: return to hook callback instead of just calling it
3edb7eb jail: check return value when opening console
af048a3 jail: use portable sizeof(void *)
6010bd3 utils: make sure read() string is 0 terminated
f6daca3 uxc: free string returned by blobmsg_format_json_indent()
51f1cd2 trace: free string returned by blobmsg_format_json_indent()
d716cb5 trace: handle open() return value and make sure string is terminated
b824a89 jail: preload: avoid NULL-dereference in case things go wrong
167dc24 jail: protect against strcat buffer overflows
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
* mac80211: fix HT40 mode for 6G band
The channel offset used for VHT segment calculation was missing for HT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: refresh patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mac80211: add missing change for encap offload on devices with sw rate control
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
* base-files: add option to make /var persistent
In OpenWrt, /var is symlinked to /tmp by default. This is done to reduce
the amount of writes to the flash chip, which often have not the
greatest durability. As a result, things like DHCP or UPnP lease files,
are not persistent across reboots.
Since OpenWrt can run on devices with more durable storage, it makes
sense to have an option for a persistent /var. Add an option to make
/var persistent. When enabled, /var will no longer be symlinked to /tmp,
but /var/run will be symlink to /tmp/run, as it should contains only
files that should not be kept during reboot. The option is off by
default, to maintain the current behaviour.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* base-files: fix option to make /var persistent
The option was initially named TARGET_ROOTFS_LN_VAR_TMP, and the check
was correct. When renaming the option to something more suitable, the
check was changed to check for n, but when an option is not set, it's
not n but empty. This results in the check always evaluating to false.
Fix the check by checking for y with ifneq.
Fixes: 57807f50ded6 ("base-files: add option to make /var persistent")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Co-authored-by: Stijn Tintel <stijn@linux-ipv6.be>
592ac0f add a note
4bacd14 sslcertfile: list /etc/ssl
7bdefa4 example: indicate that skip is an option
d1e9a85 wifi: sys pipe usage
eb903e1 README: add note about policycoreutils-setfiles weak dependency
762e011 ttyd: signull all subjects
fbfc079 acme: add basic support for acme_cleanup.sh and acme_setup.sh
9ac7592 acme: transition to sys.subj on generic initscript execution
f3dd1ba acme: missing rules related to sys.subj trans on file.initscriptfile
ae273fa odhcp6c/netifd: support drop-in directories
5fa9b41 subj: do not encourage misconfiguration
44722b6 blockd, logd, odhcpc6, ubiutil, mtdstordev
a775d93 21.02 related
a473691 rcboot runs rcuhttpd which creates /tmp/etc for /tmp/etc/uhttpd
290e9fb rcuhttpd: related to rcboot and uci-defaults
3fc0d8b rcuhttpd: lists /etc/uci-defaults
1f5ef48 removes ubvol.lock policy and adds move mtd/ubi partitions
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
40e5f6a ipsets: permit default timeout of 0
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Co-authored-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
* procd: update to git HEAD
48638ad hotplug-dispatch: yet another rare memory leak disovered by Coverity
459b3e8 jail: fix several issues discovered by Coverity
2562e2b ujail-console: add missing error handling discovered by coverity
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEAD
040fecc system: fix issues reported by Coverity
48f481b service: make sure string read is null terminated
16dbc2a uxc: fix a bunch of issues discovered by Coverity
ff9002f uxc: fix help output
104b49d uxc: support config in uvol
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: add missing dependency and fix empty mount triggers
procd.sh:
Instead of triggering on every mount.add event, there should be no
mount trigger at all in case none of the directories passed to
procd_add_*_mount_trigger() are located on a mountpoint configured in
/etc/config/fstab.
uxc:
add missing dependency on rpcd.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEAD
2dcefbd jail: add support for cgroup devices as in OCI run-time spec
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEAD
0ee73b2 uxc: implement support for rootfs overlay in containers
b0a8ea1 jail: do not hack /etc/resolv.conf on container rootfs
92aba53 jail: increase max additional env records to 64
15997e6 jail: allow rootfs to be a symbolic link
0114c6f jail: open() extroot folder before mounting
ed96eda uxc: check for required blockd mounts
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEAD
0545905 jail: make use of realpath() for rootfs and overlaydir
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEAD
9bd1b7f jail: refactor directory handling for rootfs and overlaydir
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEAD
772292e uxc: don't restart containers when mount shows up
3a9d910 uxc: resolve volume UUIDs by name of UCI fstab section
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEAD
f26233e watchdog: Add an info message if the watchdog reset the system
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* procd: update to git HEAD
Fix build on glibc targets and address a bunch of compiler warnings.
93fc089 jail: cgroups-bpf: don't use sys/reg.h when building with glibc
548d057 jail: don't ignore return value of seteuid()
220b716 jail: ignore return value when creating default /dev symlinks
78d5baa hotplug-dispatch: don't ignore asprintf() return value
736aee5 uxc: always handle asprintf() return value
2b20456 hotplug-dispatch: replace wrongly used assert()
bfc86a2 jail: cgroups: replace wrongly used assert()
516bdf2 jail: don't ignore return value of write()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEAD and add new script helpers
e10de28 jail: cgroups-bpf: fix compile with musl 1.2
f5d9b14 hotplug-dispatch: fix rare memory leaks in error paths
Add new init script helpers:
procd_add_start_mount_trigger
procd_add_reload_mount_trigger
procd_get_mountpoints
Both trigger helpers expect a list of paths which are checked against
the mount targets configured in /etc/config/fstab and a trigger for all
mountpoints covered by the list of paths is setup.
procd_get_mountpoints is useful to find out if and which mountpoints
are covered by a list of paths.
Example:
DATADIRS="/mnt/data/foo /mnt/data/bar /etc/foo/baz /var/lib/doe"
start_service() {
[ "$_BOOT" = "1" ] &&
[ "$(procd_get_mountpoints $DATADIRS)" ] && return 0
procd_open_instance
# ...
procd_close_instance
}
boot() {
_BOOT=1 start
}
service_triggers() {
procd_add_start_mount_trigger $DATADIRS
}
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: change procd_add_start_mount_trigger to do restart
Change procd_add_start_mount_trigger to procd_add_restart_mount_trigger
and make it call 'restart' instead of 'start'.
This is more useful as it allows to handle both cases, intial start of
a services as well as restarting services. Calling 'restart' on a
service which has not yet been started has the same result as calling
'start'.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* procd: update to git HEAD
9f233f5 system: make rootfs type accessible through board call
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Hauke Mehrtens <hauke@hauke-m.de>
This check was accidentally left in after reworking the code,
causing a segfault
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
* ethtool: introduce ethtool-full build variant
Netlink support is required for using the virtual cable tester
functionality.
Remove the pretty print build option and instead create a second package
variant ethtool-full. This allows users to install the full ethtool
featureset using opkg.
Signed-off-by: David Bauer <mail@david-bauer.net>
* ethtool: update to v5.13
Signed-off-by: David Bauer <mail@david-bauer.net>
* ethtool: fix depends
Co-authored-by: David Bauer <mail@david-bauer.net>
Co-authored-by: Chen Minqiang <ptpt52@gmail.com>
When using htmode 'HE20' with a radio mode that uses wpa-supplicant
(like mesh or sta), it will default to 40 MHz bw if disable_ht40 is not
set. This commit fixes this behaviour.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
Co-authored-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
This enables building of rpcapd and adds it as a package.
It is a daemon that allows remote packet capturing from another machine.
E.g. Wireshark can talk to it using the Remote Capture Protocol (RPCAP).
https://www.tcpdump.org/manpages/rpcapd.8.html
Compile and run tested: OpenWrt SNAPSHOT r17190-2801fe6132 on x86/64
Signed-off-by: Stephan Schmidtmer <hurz@gmx.org>
Co-authored-by: Stephan Schmidtmer <hurz@gmx.org>
The difference between flashing:
Interrupt U-Boot and run these commands:
setenv bootcmd "setenv mtdids nand0=nand0 && set mtdparts
mtdparts=nand0:0xDC00000@0x2400000(firmware) && ubi part firmware &&
ubi read 0x44000000 kernel 0x6e0000 && bootm"
saveenv
If the busybox applet losetup was selected, `command -v` selects that
during sysupgrade. As this applet is in another path and doesn't cover
the '-D' option which is used to make sure user-defined loop devices
are no longer active during sysupgrade.
Detect losetup at the path of the full utility to avoid error messages
in case of the busybox applet being selected.
Reported-by: fda77 <fda77@users.noreply.github.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: fix more dnsmasq jail issues
* remove superflus mounts of /dev/null and /dev/urandom
* reset EXTRA_MOUNTS at the beginning of the script
* add mount according to ignore_hosts_dir
* don't add mount for file which is inside a directory already in the
EXTRA_MOUNTS list
Fixes: 59c63224e1 ("dnsmasq: rework jail mounts")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* dnsmasq: reset EXTRA_MOUNT in the right place
EXTRA_MOUNT variable should be reset in dnsmasq_start() rather than
just once at the beginning of the script.
Fixes: ac4e8aa2f8 ("dnsmasq: fix more dnsmasq jail issues")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
* split into multiple lines to improve readability
* use EXTRA_MOUNT for addnhosts instead of blindly adding /tmp/hosts
* remove no longer needed mount for /sbin/hotplug-call
* add dhcp-script.sh dependencies (jshn, ubus)
Fixes: 3a94c2ca5c ("dnsmasq: add /tmp/hosts/ to jail_mount")
Fixes: aed95c4cb8 ("dnsmasq: switch to ubus-based hotplug call")
Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Co-authored-by: Daniel Golle <daniel@makrotopia.org>
Fixes: 7b46377a0cd9 ("hostapd: make the snooping interface (for proxyarp) configurable")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
* hostapd: make the snooping interface (for proxyarp) configurable
Use the VLAN interface instead of the bridge, to ensure that hostapd receives
untagged DHCP packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: fix a segfault on sta disconnect with proxy arp enabled
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* hostapd: make proxyarp work with libnl-tiny
Remove a dependency on libnl3-route
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Co-authored-by: Felix Fietkau <nbd@nbd.name>
Add a patch to fix building with GCC 11, which triggers new warnings by
enabling -Warray-parameter by default.
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Co-authored-by: Rui Salvaterra <rsalvaterra@gmail.com>
* elfutils: update to 0.182
Add --disable-libdebuginfod with remove libcurl dependency.
Remove totally unused host elfutils.
Refreshed and rebased patches.
Also happens to fix compilation with GCC11.
Newer versions of elfutils seem to have some kind of dependency on
obstack.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libcap: update to 2.51
Switched to AUTORELEASE to avoid manual increments.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libnftnl: update to 1.2.0
Switch to AUTORELEASE to avoid manual increments.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libpcap: update to 1.10.1
Switch to AUTORELEASE to avoid manual increments.
Refreshed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mbedtls: update to 2.16.11
Switched to AUTORELEASE to avoid manual increments.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* nettle: update to 3.7.3
Switch to AUTORELEASE to avoid manual increments.
Refreshed patches.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
* pcre: update to 8.45
Switch to AUTORELEASE to avoid manual increments.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Co-authored-by: Rosen Penev <rosenp@gmail.com>
Programs like the olsr-name-plugin write hostname files to "/tmp/hosts/".
If you don't add this to the jail_mount, dnsmasq can't read it anymore.
Signed-off-by: Nick Hainke <vincent@systemli.org>
Co-authored-by: Nick Hainke <vincent@systemli.org>
