Rationale:
1/ This tool is no longer necessary following the implementation of a
sysfs driver
2/ The upstream author, Robert Marko, stated[1] that this tool had been
taken from his tree in an unfinished state not suitable for merging
[1] https://github.com/openwrt/openwrt/pull/2850#issuecomment-610277863
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
add option to set management IP pattern
also add missing 'unconfigure system hostname'
for example pattern '!192.168.1.1' makes it possible that
WAN IP is selected instead of LAN IP
Signed-off-by: Daniel A. Maierhofer <git@damadmai.at>
[grammar and spelling fixes in commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Samba 3.6 is completely unsupported, in addition to having tons of patches
It also causes kernel panics on some platforms when sendfile is enabled.
Example:
https://github.com/gnubee-git/GnuBee_Docs/issues/45
I have reproduced on ramips as well as mvebu in the past.
Samba 4 is an alternative available in the packages repo.
cifsd is a lightweight alternative available in the packages repo. It is
also a faster alternative to both Samba versions (lower CPU usage). It
was renamed to ksmbd.
To summarize, here are the alternatives:
- ksmbd + luci-app-cifsd
- samba4 + luci-app-samba4
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[drop samba36-server from GEMINI_NAS_PACKAGES, ksmbd rename + summary]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain ls-dpl with only one package
installing all 4 files as intermediate files.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain ls-mc with only one package
installing all two images as intermediate files.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain fman-ucode with only one package
installing all two binaries as intermediate files.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Update tfa package to latest LSDK-20.04 dropping one patch
which had already been integrated.
Add fixes,
- Fix DEPENDS/PKG_BUILD_DEPENDS.
- Remove HIDDEN:=1.
- Move intermediate files installing into Build/InstallDev.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Update u-boot package to latest LSDK-20.04 dropping patches
which are no longer needed.
Adapt u-boot bootargs to kernel 5.4 for booting.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Update ls-rcw to latest LSDK-20.04.
Update patch 0001 with a new one.
Drop patch 0002 since it had been integrated.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
We do not have to define package for each board, and
consider variant's building/installing.
It is easier to maintain ls-rcw with only one package
installing all boards RCW binaries as intermediate
files, each of which is just about hundreds of bytes.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
* compat: timeconst.h is a generated artifact
Before we were trying to check for timeconst.h by looking in the kernel
source directory. This isn't quite correct on configurations in which
the object directory is separate from the kernel source directory, for
example when using O="elsewhere" as a make option when building the
kernel. The correct fix is to use $(CURDIR), which should point to
where we want.
* compat: use bash instead of bc for HZ-->USEC calculation
This should make packaging somewhat easier, as bash is generally already
available (at least for dkms), whereas bc isn't provided by distros by
default in their build meta packages.
* socket: remove errant restriction on looping to self
It's already possible to create two different interfaces and loop
packets between them. This has always been possible with tunnels in the
kernel, and isn't specific to wireguard. Therefore, the networking stack
already needs to deal with that. At the very least, the packet winds up
exceeding the MTU and is discarded at that point. So, since this is
already something that happens, there's no need to forbid the not very
exceptional case of routing a packet back to the same interface; this
loop is no different than others, and we shouldn't special case it, but
rather rely on generic handling of loops in general. This also makes it
easier to do interesting things with wireguard such as onion routing.
At the same time, we add a selftest for this, ensuring that both onion
routing works and infinite routing loops do not crash the kernel. We
also add a test case for wireguard interfaces nesting packets and
sending traffic between each other, as well as the loop in this case
too. We make sure to send some throughput-heavy traffic for this use
case, to stress out any possible recursion issues with the locks around
workqueues.
* send: cond_resched() when processing tx ringbuffers
Users with pathological hardware reported CPU stalls on CONFIG_
PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning
these workers would never terminate. That turned out not to be okay on
systems without forced preemption. This commit adds a cond_resched() to
the bottom of each loop iteration, so that these workers don't hog the
core. We don't do this on encryption/decryption because the compat
module here uses simd_relax, which already includes a call to schedule
in preempt_enable.
* selftests: initalize ipv6 members to NULL to squelch clang warning
This fixes a worthless warning from clang.
* send/receive: use explicit unlikely branch instead of implicit coalescing
Some code readibility cleanups.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* uci state was not getting reset properly during teardown
* AP+STA co-exist state was not flushed properly upon channel switch
* remove a debug logger call
* properly teardown supplicant instances when they get disabled
* add md5 config support for supplicant
* don't call wpa_supplicant_prepare_interface twice
Signed-off-by: John Crispin <john@phrozen.org>
As touch creates files with permission 0644 use umask to create
config files with permission 0600 to be inline with INSTALL_CONF
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* compat: support latest suse 15.1 and 15.2
* compat: support RHEL 7.8's faulty siphash backport
* compat: error out if bc is missing
* compat: backport hsiphash_1u32 for tests
We now have improved support for RHEL 7.8, SUSE 15.[12], and Ubuntu 16.04.
* compat: include sch_generic.h header for skb_reset_tc
A fix for a compiler error on kernels with weird configs.
* compat: import latest fixes for ptr_ring
* compat: don't assume READ_ONCE barriers on old kernels
* compat: kvmalloc_array is not required anyway
ptr_ring.h from upstream was imported, with compat modifications, to our
compat layer, to receive the latest fixes.
* compat: prefix icmp[v6]_ndo_send with __compat
Some distros that backported icmp[v6]_ndo_send still try to build the compat
module in some corner case circumstances, resulting in errors. Work around
this with the usual __compat games.
* compat: ip6_dst_lookup_flow was backported to 3.16.83
* compat: ip6_dst_lookup_flow was backported to 4.19.119
Greg and Ben backported the ip6_dst_lookup_flow patches to stable kernels,
causing breaking in our compat module, which these changes fix.
* git: add gitattributes so tarball doesn't have gitignore files
Distros won't need to clean this up manually now.
* crypto: do not export symbols
These don't do anything and only increased file size.
* queueing: cleanup ptr_ring in error path of packet_queue_init
Sultan Alsawaf reported a memory leak on an error path.
* main: mark as in-tree
Now that we're upstream, there's no need to set the taint flag.
* receive: use tunnel helpers for decapsulating ECN markings
ECN markings are now decapsulated using RFC6040 instead of the old RFC3168.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Pulls in workaround for TX rate code firmware bug which might as well
help track it down via different printk()s and thus possibly provide
more clue for proper fix.
Firmware currently sends wrong (0xff) TX rate code which causes
WARN_ONCE, so the workaround just changes this bogus value (0xff) into 0.
For 5.4 it also pulls in tx-queue-wake throttling patch "ath10k: Restart
xmit queues below low-water mark", which should improve performance with
high number of concurrent TCP streams.
Ref: https://github.com/greearb/ath10k-ct/pull/129
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Init script checks for an already active DHCP server on the interface
and if such DHCP server is found, then it logs "refusing to start DHCP"
message, starts dnsmasq without DHCP service unless `option force 1` is
set and caches the DHCP server check result.
Each consecutive service start then uses this cached DHCP server check
result, but doesn't provide log feedback about disabled DHCP service
anymore.
So this patch ensures, that the log message about disabled DHCP service
on particular interface is always provided.
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Backport patch from hostapd.git master that fixes copy/paste error in
crypto_bignum_sub() in crypto_wolfssl.c.
This missing fix was discovered while testing SAE over a mesh interface.
With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with
wpad-mesh-wolfssl.
Cc: Sean Parkinson <sean@wolfssl.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
For wave-2, there is now a new variant: htt-mgt-community (vs the old
full-htt-mgt-community).
The non-full one (hence forth 'diet') compiles out a lot of firmware features
that ath10k does not use. This saves a lot of resources and lets one
configure more stations/vdevs/etc using fwcfg.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Fixes following build error on mpc85xx/generic:
ppc_initreg.c: In function 'ppc_set_initial_registers_tid':
ppc_initreg.c:79:22: error: field 'r' has incomplete type
struct pt_regs r;
Ref: FS#2924
Fixes: d27623b542 ("elfutils: update to 0.179")
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Another release is overdue for quite some time, so I'm backporting three
fixes from upstream which I plan to backport into 19.07 as well.
Ref: FS#2880
Signed-off-by: Petr Štetiar <ynezz@true.cz>
bef8f8a5966d mt76: mt7615: remove a stray if statement
89bd7199487f mt76: remove variable 'val' set but not used
ee8ac234b84e mt76: mt7615: introduce mt7615_mcu_fill_msg
4999db4668f0 mt76: mt7615: introduce mt7615_mcu_wait_response
8ce6e40eba03 mt76: mt7615: cleanup fw queue just for mmio devices
9d1d2ee9add3 mt76: mt7615: introduce mt7615_init_device routine
7fbd2a57cea4 mt76: always init to 0 mcu messages
3b277cf18d95 mt76: mt7615: introduce mt7615_mcu_send_message routine
2a4132a55a4f mt76: mt7615: add mt7615_mcu_ops data structure
9ba71749a122 mt76: mt7615: move mt7615_mcu_set_bmc to mt7615_mcu_ops
2e991f3e8cdd mt76: mt7615: move mt7615_mcu_set_sta in mt7615_mcu_ops
56852057cb90 mt76: mt7615: rely on skb API for mt7615_mcu_set_eeprom
642ecd978887 mt76: mt7615: rework mt7615_mcu_set_bss_info using skb APIs
2b0810af4a52 mt76: mt7615: move more mcu commands in mt7615_mcu_ops data structure
7a6285e63d88 mt76: mt7615: introduce MCU_FW_PREFIX for fw mcu commands
e536b42ebc7d mt76: mt7615: introduce mt7615_register_map
fccbdb628ffd mt76: mt7615: add mt7663e support to mt7615_reg_map
d42244e9255c mt76: mt7615: add mt7663e support to mt7615_{driver,firmware}_own
aebbe088127f mt76: mt7615: add mt7663e support to mt7615_mcu_set_eeprom
28e22d07f892 mt76: mt7615: introduce mt7615_eeprom_parse_hw_band_cap routine
167428592647 mt76: mt7615: introduce mt7615_init_mac_chain routine
23ca7acfc856 mt76: mt7615: introduce uni cmd command types
c4171728cf70 mt76: mt7615: introduce set_bmc and st_sta for uni commands
9e5c76d2310a mt76: mt7615: add more uni mcu commands
779b2cebc147 mt76: mt7615: introduce set_ba uni command
21ee7da00f0a mt76: mt7615: get rid of sta_rec_wtbl data structure
2097f74f664c mt76: mt7615: introduce mt7663e support
8e9cd01228d0 mt7615: sync Kconfig with upstream
3b4f93840950 mt76: add memory barrier to DMA queue kick
8d301ace8ed7 mt76: mt7615: fix mt7663e firmware struct endianness
9bc1850ce711 mt76: mt7615: fix endianness in unified command
a1b9b7d94aa0 mt76: mt7615: add missing declaration in mt7615.h
6e4b2a709fe7 mt76: sync Makefile with upstream
258dfb6afb30 mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter
9c3d84b62cc0 mt76: mt76x2u: introduce Mercury UD13 support
ea8ea71933ca mt76: mt76x0: pci: add mt7610 PCI ID
9d555f82d329 mt76: mt7615: modify mt7615_ampdu_stat_read for each phy
8bd26d6c3172 mt76: mt7615: enable aggr_stats for both phy
1315afa511e0 mt76: mt7615: cleanup mib related defines and structs
072b50c61e0e mt76: mt7615: add more useful Tx mib counters
b23ff3e9343a mt76: mt7663: fix mt7615_mac_cca_stats_reset routine
294abe47c9b2 mt76: mt7663: enable nf estimation
d2d7bf2243f6 mt76: mt7615: make scs configurable per phy
908a2cfab88f mt76: mt7663: disable RDD commands
eaef0a268b95 mt76: mt7615: add ethool support to mt7663 driver
96e07ef1113d mt76: mt7615: introduce mt7615_mcu_set_channel_domain mcu command
67182f36e3be mt76: mt7663: keep Rx filters as the default
e6a3f3ffe53a mt76: mt7615: introduce hw scan support
12ecd5ba2146 mt76: mt7615: introduce scheduled scan support
f6ab0bee3172 mt76: mt7615: introduce BSS absence event
f208a9430044 mt76: mt7615: introduce rlm tlv in bss_info mcu command
ea4f4d216dbe mt76: mt7615: remove unnecessary register operations
72c9380e70f9 mt76: add headroom and tailroom to mt76_mcu_ops data structure
63e14669e09d mt76: mt7615: introduce mt7663u support to mt7615_write_txwi
29d359ac7626 mt76: mt7615: introduce mt7615_mac_update_rate_desc routine
1f1dd2cb5b49 mt76: mt7615: introduce __mt7663_load_firmware routine
cb6dcfd3cf13 mt76: mt7615: move mt7615_mac_wtbl_addr in mac.h
d28e8e7ef912 mt76: mt76u: rely on mt7622 queue scheme for mt7663u
f78cf8957aba mt76: mt7615: rework wtbl key configuration
2829497aaaf5 mt76: mt7615: introduce mt7615_wtbl_desc data structure
02c9ec4a15e7 mt76: mt7615: add address parameter to mt7615_eeprom_init
e9c640c0a79e mt76: mt7663: correct the name of the rom patch
1e8b2fe5ab03 mt76: mt7615: do not always reset the dfs state setting the channel
ec0ea46dacf9 mt76: mt7615: Delete an error message in mt7622_wmac_probe()
d16a4698f1ac mt76: mt7615: disable merge of OTP ROM data by default
2b58998bb594 mt76: mt7615: add support for applying DC offset calibration from EEPROM
55198aafb756 mt76: mt7615: add support for applying tx DPD calibration from EEPROM
5a1eaa38d380 mt76: mt7603: disable merge of OTP ROM data by default
bf60f43b12fb mt76: mt76x2: disable merge of OTP ROM data by default
9406eb1d110f mt76: mt7615: fix endian issues in applying flash calibration data
66d00b8c9dac mt76: mt7615: fix possible division by 0 in mt7615_mac_update_mib_stats
25d812dddcf8 mt76: mt7663: fix aggr range entry in debugfs
08b8bd2bc915 mt76: mt7615: disable hw/sched scan ops for non-offload firmware
8fb1cd20a776 mt76: mt7615: set hw scan limits only for firmware with offload support
05b23d7478fe mt76: mt7615: rework IRQ handling to prepare for MSI support
b92c0d576769 mt76: mt7622: fix DMA unmap length
03daa60ca69c mt76: mt7663: fix DMA unmap length
5f2f676b1f01 mt76: mt7615: enable MSI by default
5822911f8026 mt76: remove unnecessary annotations
a7035bce8517 mt76: mt7615: fix possible deadlock in mt7615_stop
d4e6e225bc06 mt76: mt7615: move core shared code in mt7615-common module
94827d2033c7 mt76: mt7615: introduce mt7663u support
36591dd35f91 mt76: mt7615: enable scs for mt7663 driver
bd80144cb5be mt76: mt7615: disable aspm by default
9dcb60b78ede mt76: mt7615: provide aid info to the mcu
6e443e89cce2 mt76: remove PS_NULLFUNC_STACK capability
ea133325faa6 mt76: mt7663: introduce 802.11 PS support in sta mode
ff3869b38cf2 mt76: mt7615: make Kconfig entry obvious for MT7663E
01fd34f3a6c5 mt76: mt7615: fix sta ampdu factor for VHT
e5adbb2077e2 mt76: fix A-MPDU density handling
d73e3a23a54e mt76: mt7615: use larger rx buffers if VHT is supported
257319e9b07d mt76: mt7615: never use an 802.11b CF-End rate on 5GHz
29a92c5606d6 mt76: mt7603: never use an 802.11b CF-End rate on 5GHz
c0b19ac97c07 mt76: mt7615: adjust timing in mt7615_mac_set_timing to match fw/hw values
1656882f2723 mt76: mt7615: do not adjust MAC timings if the device is not running
4e7ce907faf3 mt76: mt7615: fix tx status rate index calculation
8304b3866100 mt76: mt7603: fix tx status rate index calculation
722d1f47d8ba mt76: add rx queues info to mt76 debugfs
da329ef776b0 mt76: mt7615: parse mcu return code for unified commands
facf74fd506f mt76: mt7615: fix mt7615_firmware_own for mt7663e
e910787a9888 mt76: mt7615: fix max wtbl size for 7663
c9821f7d6a8c mt76: mt7615: fix mt7615_driver_own routine
e35cc532c3d2 mt76: mt7615: fix aid configuration in mt7615_mcu_wtbl_generic_tlv
b6cb91a71fe1 mt76: mt7615: rework mt7615_mac_sta_poll for usb code
b193dd8100f8 mt76: mt7663u: enable AirTimeFairness
31cffa98920f mt76: mt7615: move mcu bss upload before creating the sta
cde3716aa47e mt76: enable TDLS support
1846da5dd417 mt76: mt7615: set spatial extension index
6aaf0299730f mt76: mt7615: fix endian issues in dcoc/txdpd calibration
5de75b745cf9 mt76: mt7663: fix up BMC entry indicated to unicmd firmware
a5f394c5ca48 mt76: mt7615: add sta pointer to mt7615_mcu_add_bss_info signature
1f2f3dda76b9 mt76: mt7615: fix event report in mt7615_mcu_bss_event
c2a3cced36de mt76: mt76x0: enable MCS 8 and MCS9
1afabe78cfc5 mt76: mt7663: add the possibility to load firmware v2
5f3ccc722627 mt76: mt7663: remove check in mt7663_load_n9
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This fixes a bunch of cosmetic issues with GL.iNet GL-MV1000:
- apply alphabetic sorting in multiple files
- use armada-3720 prefix for DTS like for other devices
- fix vendor capitalization for model in DTSes
- remove trivial comment in DTS files
- use DEVICE_VENDOR/DEVICE_MODEL
- remove redundant SUPPORTED_DEVICES
- use SOC instead of DEVICE_DTS
- remove empty line at EOF
Fixes: 050c24f05c ("mvebu: add support for GL.iNet GL-MV1000")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Before, only frames with a maximum size of 1528 bytes could be
transmitted between two 802.11s nodes.
For batman-adv for instance, which adds its own header to each frame,
we typically need an MTU of at least 1532 bytes to be able to transmit
without fragmentation.
This patch now increases the maxmimum frame size from 1528 to 1656
bytes.
Tested with two ath10k devices in 802.11s mode, as well as with
batman-adv on top of 802.11s with forwarding disabled.
Fix originally found and developed by Ben Greear.
Link: https://github.com/greearb/ath10k-ct/issues/89
Link: 9e5ab25027
Cc: Ben Greear <greearb@candelatech.com>
Signed-off-by: Linus Lüssing <ll@simonwunderlich.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Build with NO_LIBCAP=1. This is to resolve build issue.
Package perf is missing dependencies for the following libraries:
libcap.so.2
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Although gdb is supported, gdbserver is still not.
checking whether gdbserver is supported on this host... no
Build breaks as gdbserver executable is not found during packaging.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
f4d759b dhcp.c: further improve validation
Further improve input validation for CVE-2020-11752
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
cdac046 dns.c: fix input validation fix
Due to a slight foobar typo, failing to de-reference a pointer, previous
fix not quite as complete as it should have been.
Improve CVE-2020-11750 fix
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
e2ed964 jail: don't fail unless requirejail is set
17e7ae7 jail: don't load libpreload-seccomp.so if it doesn't exist
Fixesopenwrt/packages#11913
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes a few minor issues (partially cosmetic) in ltq-adsl and
ltq-adsl-fw Makefiles:
- fix PKG_SOURCE_URL and switch to https
- remove non-existant FW_NAME variable
- fix package name for config inclusion
- fix config symbol for debugging
Fixes: 1d0a9d0c04 ("move ltq-adsl")
Cc: John Crispin <john@phrozen.org>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The combination +@IPV6:kmod-ipsec6 is not valid, the +a:b
syntax implies the @. Fix it.
Fixes: 2e6b6f9fca ("kernel: add @IPv6 dependency to ipv6 modules")
Reported-by: Oldřich Jedlička (@oldium)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with
high severity, assigned CVE-2020-1967.
Ref: https://www.openssl.org/news/secadv/20200421.txt
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Commit 7975060116 ("uboot-rockchip: add new package") has added
`OpenWRT` ident string, fix it to proper `OpenWrt`.
Fixes: 7975060116 ("uboot-rockchip: add new package")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This is needed to build the uboot-rockchip, needed for the rockchip target
Signed-off-by: Tobias Mädel <t.maedel@alfeld.de>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
[replaced `mkdir -p` with INSTALL_DIR variable]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Update U-Boot to current 2020.04 release for kirkwood platform.
Catch up with upstream and move some configuration options from
the header files to the corresponding defconfig files.
Compile tested: all devices
Run tested: nsa310, pogoplugv4
Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.
This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1
Fixes: aaf46a8fe2 ("dante: disable sched_getscheduler() - not implemented in musl")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
When open() is called with O_CREAT a 3. parameter has to be given with
the file system permissions of the new file.
Not giving this is an error, which results in a compile error with glibc.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
In file included from /include/fcntl.h:329,
from main.c:18:
In function 'open',
inlined from 'rbcfg_update' at main.c:501:7:
/include/bits/fcntl2.h:50:4: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
__open_missing_mode ();
^~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
#define _DEFAULT_SOURCE
<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
glibc 2.31 does not provide stime() any more, backport a fix from
current busybox master to avoid using this function.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.
Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters
Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Some FullMAC cfg80211 wireless devices do not support virtual
interfaces, hence there is script logic to keep the existing network
device. Improve this to support renaming the interface if needed and
make sure the existing interface actually belongs to the right phy.
Change calls to 'iw' to avoid outputing warnings and errors to not
confuse users of such devices.
Also bump PKG_RELEASE which has been forgotten in the previous two
mac80211 changes.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Refreshed all patches, run tested on apalis.
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.
This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.
Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.
Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
Instead of using the actual interface name, a hard-coded 'wlan0' has
slipped into the script. Replace it.
Fixes: ccf2aa9d4b ("mac80211: detect existing interface before adding")
Reported-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
32c717e jail: only mess with rootfs if CLONE_NEWNS was set
b275a62 instance: harmonize instance API
511fd97 jail: make /proc more secure
4953b7c jail: mount /sys read-only
a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
a4cc165 jail: always mount /dev as additional tmpfs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This reverts commit 1b973b54ea.
It turns out act_police is included in the kmod-sched package so this
package turns out to be superfluous and causes file provision conflicts.
Ooooops! Best revert it then.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The previous commit introduced a regression for netns jails without
jail_ifname set. Fix that.
Fixes: 4e4f7c6d2d ("netifd: network namespace jail improvements")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
aaaca2e interface: allocate and free memory for jail name
d93126d interface: allow renaming interface when moving to jail netns
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Removed sys/cdefs usage. The header is deprecated.
Removed canonicalize_file_name define. It's already fixed upstream.
Added --disable-debuginfod. Seems to be needed.
Modified patch 005 to build more stuff. It was failing before. It still
only builds libraries.
Modified patch 100 to use strerror under non-glibc. It is used under
glibc as strerror is not thread safe. It is under musl and uClibc-ng.
strerror_l is not available under uClibc-ng.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
CONFIG_WRITE functionality is not used and could be removed.
Looks helpful for devices with small flash because wpad is also affected.
Little testing shows that about 6 KB could be saved.
Signed-off-by: Kirill Lukonin <klukonin@gmail.com>
Updates the 88W8964 firmware used in the Linksys WRT3200ACM and WRT32X
[v9.3.2.6 -> v9.3.2.12]
Removes 0c43219 ("mwlwifi: Fix loading with backports v5.3")
as it has been merged upstream.
Unfortunately, there is a bug wherein Kaloz's repo, the version
detection mechanism for fixing vendor commands doesn't work.
It pulls in the Linux kernel version, which as of this time is
"4.14.y" or "4.19.y"
However, the proper behaviour is that it should pull in the mac80211
backports version which as of now is "5.4.27"
The included patch works around this using a backports define found
only on versions >5.3, "VENDOR_CMD_RAW_DATA".
Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
Including the local build key in /etc/opkg/keys isn't feasible when
building on the buildbot: The included key collides with its copy
already in openwrt-keyring which breaks the ImageBuilder.
Not including a locally generated key also makes the base-files package
more reproducible.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
current preinit code in base-files doesn't config switch when there are
no port roles defined. But this kind of configuration exists on single
port devices where switch vlan is simply disabled.
configure reset and enable_vlan property when a switch node exist.
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>