Commit Graph

16310 Commits

Author SHA1 Message Date
Hauke Mehrtens
1691c1168d mbedtls: Update to version 2.16.12
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
  value when verifying a MAC or AEAD tag. This hardens the library in
  case the value leaks through a memory disclosure vulnerability. For
  example, a memory disclosure vulnerability could have allowed a
  man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
  mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
  (out of memory). After that, calling mbedtls_ssl_session_free()
  and mbedtls_ssl_free() would cause an internal session buffer to
  be free()'d twice. CVE-2021-44732

The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 57f38e2c82)
2022-02-13 18:27:18 +01:00
Rosen Penev
419b9f4c45 mbedtls: update to 2.16.11
Switched to AUTORELEASE to avoid manual increments.

Release notes:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit fcfd741eb8)
2022-02-13 18:26:55 +01:00
Hauke Mehrtens
bfa4cccd46 tcpdump: libpcap: Remove http://www.us.tcpdump.org mirror
The http://www.us.tcpdump.org mirror will go offline soon, only use the
normal download URL.

Reported-by: Denis Ovsienko <denis@ovsienko.info>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 18bdfc803b)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[rebased for OpenWrt 21.02 branch]
(cherry picked from commit 4dddb7ca36)
2022-02-13 10:51:47 +01:00
Hauke Mehrtens
e92a4e5458 tcpdump: Fix CVE-2018-16301
This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8f5875c4e2)
(cherry picked from commit 59e7ae8d65)
2022-02-13 08:55:02 +01:00
Eneas U de Queiroz
b50eb70e01 openssl: bump to 1.1.1m
This is a bugfix release.  Changelog:

  *) Avoid loading of a dynamic engine twice.
  *) Fixed building on Debian with kfreebsd kernels
  *) Prioritise DANE TLSA issuer certs over peer certs
  *) Fixed random API for MacOS prior to 10.12

Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 5beaa75d94)
2022-01-16 18:52:58 +01:00
Hauke Mehrtens
cc8c1be438 mac80211: Update to version 4.19.221
The following patch was backported from upstream before and is not
needed any more:
  package/kernel/mac80211/patches/ath/980-ath10k-fix-max-antenna-gain-unit.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-14 23:38:30 +01:00
Roman Yeryomin
554f1b89aa iproute2: m_xt.so depends on dynsyms.list
When doing parallel build on a fast machine with bottleneck in i/o,
m_xt.so may start linking faster than dynsyms.list gets populated,
resulting in error:

ld:dynsyms.list:0: syntax error in dynamic list

Fix this by adding dynsyms.list as make dependency to m_xt.so
Described also here:
https://bugs.openwrt.org/index.php?do=details&task_id=3353

Change from v1:
- add dynsysms.list dependancy only when shared libs are enabled

Signed-off-by: Roman Yeryomin <roman@advem.lv>
Fixes: FS#3353
(cherry-picked from commit edd53df168)
2021-12-14 23:38:30 +01:00
Mathias Kresin
f14bc5cf56 uboot-lantiq: danube: fix hanging lzma kernel uncompression #2
Follow up to commit 8fb714edd6. Managed to
hit the very same issue again while playing with the NOR SPL builds.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-11-27 22:55:25 +01:00
Mathias Kresin
8fb714edd6 uboot-lantiq: danube: fix hanging lzma kernel uncompression
At least since gcc 7.3.0 (OpenWrt 18.06) lwr/lwl are used in the
assembly of LzmaProps_Decode. While the decission made by the compiler
looks perfect fine, it triggers some obscure hang on lantiq danube-s
v1.5 with MX29LV640EB NOR flash chips.

Only if the offset 1 is used, the hang can be observed. Using any other
offset works fine:

  lwl s0,0(a1) - s0 == 0x6d000080
  lwl s0,1(a1) - hangs
  lwl s0,2(a1) - s0 == 0x0080xxxx
  lwl s0,3(a1) - s0 == 0x80xxxxxx

It isn't clear whether it is a limitation of the flash chip, the EBU or
something else.

Force 8bit reads to prevent gcc optimizing the read with lwr/lwl
instructions.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-11-14 21:36:15 +01:00
Christian Lamparter
b5b526285a wireless-regdb: update to version 2021.08.28
e983a25 Update regulatory rules for Ecuador (EC)
a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz
cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz
86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US
6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US
9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately
42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit dbb4c47798)
2021-11-07 19:49:57 +01:00
Felix Fietkau
a5c479a200 wireless-regdb: update to version 2021.04.21
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit d76535c45e)
2021-11-07 19:49:57 +01:00
Alan Swanson
c72ea2a6c7 uboot-lantiq: fix sha1.h header clash when system libmd installed
Backport of u-boot commit "includes: move openssl headers to include/u-boot"
2b9912e6a7

Fixes: FS#3955
Signed-off-by: Alan Swanson <reiver@improbability.net>
(cherry picked from commit 8db6410492)
2021-10-02 17:41:26 +02:00
Hauke Mehrtens
123d12eada mac80211: Update to backports-4.19.207-1
Refresh all patches.

This contains fixes for CVE-2020-3702

1. These patches (ath, ath9k, mac80211)  were included in kernel
versions since 4.14.245 and 4.19.205. They fix security vulnerability
CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2].

Thank you Josef Schlehofer for reporting this problem.

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702
[2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-09-22 23:23:57 +02:00
Luis Araneda
556d165dda uboot-zynq: fix dtc compilation on host gcc 10
gcc 10 defaults to -fno-common, which causes an error
when linking.

Back-port the following Linux kernel commit to fix it:
e33a814e772c (scripts/dtc: Remove redundant YYLOC global declaration)

Tested on an Arch Linux host with gcc 10.1.0

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
(cherry picked from commit 8b870418f1)
2021-09-13 13:06:02 +02:00
Sven Eckelmann
f33dc315cb uboot-tegra: Fix build with GCC-10 as host compiler
The package uses the host compiler to build the dtc binary. With gcc-10,
the option -fno-common is now the default behavior. Thus multiple
definitions of the same variable are now forbidden and results in following
error during linking:

  HOSTLD  scripts/dtc/dtc
  /usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
  collect2: error: ld returned 1 exit status

The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove
redundant YYLOC global declaration").

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2021-09-13 13:06:02 +02:00
Sven Eckelmann
f31bb35b63 uboot-mvebu: Fix build with GCC-10 as host compiler
The package uses the host compiler to build the dtc binary. With gcc-10,
the option -fno-common is now the default behavior. Thus multiple
definitions of the same variable are now forbidden and results in following
error during linking:

  HOSTLD  scripts/dtc/dtc
  /usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
  collect2: error: ld returned 1 exit status

The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove
redundant YYLOC global declaration").

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2021-09-13 13:06:02 +02:00
Hauke Mehrtens
e8cf46ebba uboot-layerscape: fix dtc compilation on host gcc 10
Backport a patch from upstream U-Boot to fix the compile with host GCC 10.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8d143784cb)
2021-09-13 13:06:02 +02:00
Sven Eckelmann
d059ce28f5 uboot-kirkwood: Fix build with GCC-10 as host compiler
The package uses the host compiler to build the dtc binary. With gcc-10,
the option -fno-common is now the default behavior. Thus multiple
definitions of the same variable are now forbidden and results in following
error during linking:

  HOSTLD  scripts/dtc/dtc
  /usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
  collect2: error: ld returned 1 exit status

The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove
redundant YYLOC global declaration").

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2021-09-13 13:06:02 +02:00
Sven Eckelmann
af5c8856f8 uboot-sunxi: Fix build with GCC-10 as host compiler
The package uses the host compiler to build the dtc binary. With gcc-10,
the option -fno-common is now the default behavior. Thus multiple
definitions of the same variable are now forbidden and results in following
error during linking:

  HOSTLD  scripts/dtc/dtc
  /usr/bin/ld: scripts/dtc/dtc-parser.tab.o:(.bss+0x10): multiple definition of `yylloc'; scripts/dtc/dtc-lexer.lex.o:(.bss+0x0): first defined here
  collect2: error: ld returned 1 exit status

The easiest workaround is to add the upstream commit 018921ee79d3 ("Remove
redundant YYLOC global declaration").

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2021-09-13 13:06:02 +02:00
Eneas U de Queiroz
fdea0036a2 openssl: bump to 1.1.1l
This version fixes two vulnerabilities:
  - SM2 Decryption Buffer Overflow (CVE-2021-3711)
    Severity: High

  - Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
    Severity: Medium

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-08-30 17:15:37 +02:00
Eneas U de Queiroz
40c03b101c openssl: use --cross-compile-prefix in Configure
This sets the --cross-compile-prefix option when running Configure, so
that that it will not use the host gcc to figure out, among other
things, compiler defines.  It avoids errors, if the host 'gcc' is
handled by clang:

mips-openwrt-linux-musl-gcc: error: unrecognized command-line option
'-Qunused-arguments'

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 2f75348923)
2021-08-30 17:15:37 +02:00
Hauke Mehrtens
cfc1602a1e OpenWrt v19.07.8: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-01 18:46:20 +02:00
Hauke Mehrtens
31f2f76cd5 OpenWrt v19.07.8: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-08-01 18:45:59 +02:00
Petr Štetiar
ef56c85848 ubus: update to version 2021-07-01
This update cherry picks following fix:

 * ubusd: fix tx_queue linked list usage

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-07-29 21:50:28 +02:00
Petr Štetiar
796bf50e8e ubus: update to version 2021-06-03
This update cherry picks following changes:

 * cmake: add a possibility to set library version
 * ubusd: protect against too-short messages
 * ubusd: add per-client tx queue limit
 * ubusd: convert tx_queue to linked list
 * lua: avoid truncation of large numeric values

Fixes: FS#1525
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-07-29 21:50:28 +02:00
Petr Štetiar
92e341d632 ubus: backport SOVERSION support
Add a support for setting of new `ABIVERSION` CMake define which allows
to control the SOVERSION used for the built shared library. This is
needed for downstream packaging to properly track breaking ABI changes
when updating to newer versions of the library.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(backported from commit 8edb1797d5)
2021-07-29 21:50:28 +02:00
Michael Yartys
ceb8821a3d ath10k-ct: add security fixes
This rebases -ct changes on top of upstream stable kernel's latest code.
Including the wifi security fixes that recently went in.

Removed upstreamed 203-ath10k-Limit-available-channels-via-DT-ieee80211-fre.patch
and refreshed patches.

Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [backport]
(backported from commit 2e10ed925e)
2021-07-02 17:15:44 +02:00
Paul Spooren
71fa524e1b base-files: fix /tmp/TZ when zoneinfo not installed
The zoneinfo packages are not installed per default so neither
/tmp/localtime nor /tmp/TZ is generated.

This patch mostly reverts the previous fix and instead incooperates a
solution suggested by Jo.

Fixes "base-files: fix zoneinfo support " 8af62ed

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 56bdb6bb97)
2021-06-25 14:56:48 -10:00
Rosen Penev
c88bdb8294 base-files: fix zoneinfo support
The system init script currently sets /tmp/localinfo when zoneinfo is
populated. However, zoneinfo has spaces in it whereas the actual files
have _ instead of spaces. This made the if condition never return true.

Example failure when removing the if condition:

/tmp/localtime -> /usr/share/zoneinfo/America/Los Angeles

This file does not exist. America/Los_Angeles does.

Ran through shfmt -w -ci -bn -sr -s

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 8af62ede18)
2021-06-23 15:44:30 -10:00
Ali MJ Al-Nasrawy
15612706c9 mac80211: distance config: allow "auto" as a value
The user can now enable the ACK timeout estimation algorithm (dynack)
for drivers that support it.
It is also expected that the distance config accepts the same values as:
$ iw phyX set distance XXX

Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
(cherry picked from commit a8a1ef8568)
2021-06-23 12:10:41 -10:00
Hauke Mehrtens
ffd4452f8b mac80211: Update to backports version 4.19.193-test1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-06-06 17:57:56 +02:00
Jo-Philipp Wich
1153773c78 ubox: fix init script validation of log_ip option
The underlying logread process uses usock() to handle remote connections
which is able to handle both hostnames and IP addresses.

Ref: https://github.com/openwrt/luci/issues/5077
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit ec83fb9ced)
2021-05-28 15:26:31 +02:00
Hauke Mehrtens
84c5dbcf2a openwrt-keyring: Only copy sign key for 19.07 and 21.02
Instead of adding all public signature keys from the openwrt-keyring
repository only add the key which is used to sign the OpenWrt 19.07
feeds and the 21.02 feeds to allow checking the next release.

If one of the other keys would be compromised this would not affect
users of 19.07 release builds.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-16 15:34:49 +02:00
Petr Štetiar
c07c98d28e openwrt-keyring: add OpenWrt 21.02 GPG/usign keys
49283916005d usign: add 21.02 release build pubkey
bc4d80f064f2 gpg: add OpenWrt 21.02 signing key

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 1bf6d70e60)
2021-05-16 15:34:20 +02:00
Hauke Mehrtens
1b5a45a4a7 mac80211: Update to backports version 4.19.189-1
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-04 01:07:17 +02:00
Hauke Mehrtens
a883e3af38 dropbear: Fix CVE-2020-36254
This backports a fix from dropbear 2020.81.
CVE-2020-36254 description:
scp.c in Dropbear before 2020.79 mishandles the filename of . or an empty filename, a related issue to CVE-2018-20685.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-05-03 20:08:53 +02:00
Magnus Kroken
7198ae4cf3 openvpn: update to 2.4.11
Fixes two related security vulnerabilities (CVE-2020-15078) which under
very specific circumstances allow tricking a server using delayed
authentication (plugin or management) into returning a PUSH_REPLY before
the AUTH_FAILED message, which can possibly be used to gather
information about a VPN setup.

This release also includes other bug fixes and improvements.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2021-05-02 14:43:52 +02:00
Magnus Kroken
a8beddcd34 openvpn: update to 2.4.9
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.

Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry-picked from commit d7e98bd7c5)
2021-05-02 14:43:52 +02:00
Magnus Kroken
f82ddf9024 openvpn: update to 2.4.8
Backport two upstream commits that allow building
openvpn-openssl without OpenSSLs deprecated APIs.

Full changelog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry-picked from commit bf43e5bbf9)
2021-05-02 14:43:52 +02:00
Martin Schiller
8788e86245 ppp/pppoe-discovery: fix -W option
This patch is already included in ppp-2.4.9 which is used in openwrt
master.

Backport this patch to openwrt-19.07.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-05-02 14:43:09 +02:00
Koen Vandeputte
cc0b70467d mac80211: backport upstream fixes
Refreshed all patches.
Includes all fixes up to 4.19.184

Signed-off-by: Koen Vandeputte <koen.vandeputte@citymesh.com>
2021-04-09 15:43:38 +02:00
Eneas U de Queiroz
81266d9001 openssl: bump to 1.1.1k
This version fixes 2 security vulnerabilities, among other changes:

 - CVE-2021-3450: problem with verifying a certificate chain when using
   the X509_V_FLAG_X509_STRICT flag.

 - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously
   crafted renegotiation ClientHello message from a client.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0bd0de7d43)
2021-03-27 07:44:43 +01:00
Petr Štetiar
6165bb0d60 openssl: sync package download URLs with master
Apparently it fixes some broken URLs and as a bonus it makes
cherry-picking of fixes easier.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-03-27 07:42:14 +01:00
Magnus Kroken
c336db7a78 mbedtls: update to 2.16.10
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.

Security fixes:
* Fix a buffer overflow in mbedtls_mpi_sub_abs()
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem()
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout()
* Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit dbde2bcf60)
2021-03-27 07:35:25 +01:00
Daniel Golle
616fff2a94
mwlwifi: add PKG_FLAGS:=nonshared
This should fix the problem of mwlwifi-firmware-* not being found
when using the ImageBuilder.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9b3aaf1cdb)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-24 20:56:30 +00:00
Eneas U de Queiroz
c64742a96e wolfssl: bump to v4.7.0-stable
Biggest fix for this version is CVE-2021-3336, which has already been
applied here.  There are a couple of low severity security bug fixes as
well.

Three patches are no longer needed, and were removed; the one remaining
was refreshed.

This tool shows no ABI changes:
https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d1dfb577f1)
2021-03-06 15:48:43 +01:00
Stefan Lippers-Hollmann
4b19b2db78 hostapd: P2P: Fix a corner case in peer addition based on PD Request
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.

Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.

This fixes the following security vulnerabilities/bugs:

- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
  in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
  discovery requests. It could result in denial of service or other
  impact (potentially execution of arbitrary code), for an attacker
  within radio range.

Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 1ca5de13a1)
2021-03-06 15:48:43 +01:00
Adrian Schmutzler
a5672f6b96 Revert "base-files: source functions.sh in /lib/functions/system.sh"
This reverts commit 86aeac4fc9.

The reverted commit introduced a cyclic dependency between
/lib/functions.sh and /lib/functions/system.sh. Further details
are found in 282e817350 ("base-files: do not source system.sh
in functions.sh"), which was applied to master some time ago and
is included in 21.02.

With the current age of 19.07 branch, it seems safer to revert this
mostly cosmetic feature than investing further time into disentangling
the dependencies.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-03-01 22:33:20 +01:00
Adrian Schmutzler
86aeac4fc9 base-files: source functions.sh in /lib/functions/system.sh
The file /lib/functions/system.sh depends on find_mtd_index() and
find_mtd_part() located in /lib/function.sh, so let's source that
file.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(backported from commit ae636effd2)
2021-02-24 18:05:02 +01:00
Raphaël Mélotte
e9c0c5021c hostapd: backport ignoring 4addr mode enabling error
This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled").

 nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
 an interface that is in a bridge and has 4addr mode already enabled.
 This operation would not have been necessary in the first place and this
 failure results in disconnecting, e.g., when roaming from one backhaul
 BSS to another BSS with Multi AP.

 Avoid this issue by ignoring the nl80211 command failure in the case
 where 4addr mode is being enabled while it has already been enabled.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit fb860b4e41)
2021-02-20 10:57:43 +01:00