CT firmware files use the same filename with a different URL for
different chips. Since all files end up in dl/, filenames need to be
unique as well.
Add a chip prefix to the output filename to fix this issue.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The SIGHUP also got sent to the reload script making it bail out
with an error
Revert "dnsmasq: reload config if host name is modified"
This reverts commit 854459a2f9.
Reported-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
The sha256sum was not updated in the last commit.
Fixes: a7c231027 [odhcpd: Fix dnsmasq re-reading hostfile]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Calling a build ##.##-CURRENT might mislead users into thinking that this
build is the most current release of a branch.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently, installing kmod-sdhci fails with "sdhci is already loaded" since
"sdhci.ko" is inserted explicitely first, the implicitely loaded again when
"sdhci-pltfm.ko" is inserted as the latter depends on the former.
Remove the explicit autoprobe of "sdhci.ko" to fix the postinstall script.
Acked-by: John Crispin <john@phrozen.org>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This will avoid loading it in the default configuration, which reduces
image size a bit, and (more importantly) improves performance by
avoiding some unnecessary netfilter hooks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Update libpcap to upstream release 1.8.1
Change the name from libpcap.so.1.3 to libpcap.so.1
Remove parts of patch 201 which moved code among src files.
Import patch 204 from Debian to update the USB path.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix parallel build bug]
this package references an undefined variable for its submenu.
Remove this NOP variable assignment.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
this kernel module currently does not set submenu.
Fix this by adding it to the "Others" submenu
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Add support for specifying a call profile index instead of APN. A
specific index different from 1 must be used for some service
provider and modem combinations.
In addition, change the manufacturer detection to use the standard
AT+CGMI command, which produces more predictable output than ATI,
remove the redundant ipv6 option, since it is less ambiguous to
directly specify the PDP context type with mobile connections, and
fix missing device during teardown when using ncm through the wwan
proto.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
Update uqmi to latest version, which brings about support for
specifying a call profile index instead of APN. A specific index
different from 1 must be used for some service provider and modem
combinations.
Also change option dhcp to dhcpv6, since IPv4 now always uses DHCP,
replace option ipv6 with pdptype, which is less ambiguous, and
make autoconnect optional and default it to off for IPv6 due to it
not working with statically configured IPv6.
Signed-off-by: Matti Laakso <malaakso@elisanet.fi>
Harmonise handling of DEFAULT_PATH by removing the patch introducing #ifndef
guards around the path, and only using one means to set the path in the
makefile.
Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
Update procd to latest HEAD in order to introduce support for services signals:
- Adds a new service.signal ubus call to send a kill() signal to one or all
running instances of a given service
- Adds a new "reload_signal" property which allows service init scripts to
request procd to send a specific kill() signal on reload, instead of
stopping and restarting running processes
Also fixes some potential memory leaks reported by cppcheck and an environment
variable corruption in the trace command.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The xt_id match was used by the firewall3 package to track its own rules but
the approach has been changed to use xt_comment instead now, so we can drop
this nonstandard extension.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update to current HEAD in order to drop automatic generation of per-zone
NOTRACK rules.
The NOTRACK rules used to provide a little performance improvement but the
later introduction of the netfilter conntrack cache made those rules largely
unnecessary. Additionally, those rules caused various issues which broke
stateful firewalling in some scenarios.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Depending on the dhcp uci config pidof dnsmasq can return
multiple pids. Fix re-reading of the hostfile by dnsmasq in
such case by sending SIGHUP signal to each of the returned
pids.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Let dnsmasq read all hosts files in /tmp/hosts directory by specifying
/tmp/hosts as argument of --addn-host
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Support new packet overhead passing paradigm in cake qdisc, also restore
DSCP wash/nowash keywords.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Track upstream changes, incl changes in packet overhead accounting
(automatically taking care of linux' packet sizing knowledge),
improvements to triple isolated DRR handling (new flow dominance),
statistics tweak & allow more packet drops in stressed conditions.
Under tests this has significantly improved latency control under
'many flows to one' scenarious as is typical of bittorrent and MS
Windows update.
I also restored 'DSCP washing' functionality in my repo which follows
upstream closely (like a hawk!) with tc keywords 'wash/nowash'. This
allows cake to limit/control packets in bands determined by a packet's
DSCP but to clear those DSCP bits on qdisc egress. This functionality
was originally removed as part of an attempt to push cake into the
kernel, which hasn't actually happened as yet.
A matching commit is required to iproute2/tc to support the new overhead
handling, keyword changes as well as the 'wash/nowash' tweak.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
One of those changes is re-enabling blowfish support to make
openvpn-mbedtls compatible with common configurations
Signed-off-by: Felix Fietkau <nbd@nbd.name>
OpenVPN requires arguments to --push to be enclosed in double quotes.
One set of quotes is stripped when the UCI config is parsed.
Change append_params() of openvpn.init to enclose push parameters in
double quotes.
Unquoted push parameters do not cause errors in OpenVPN 2.3,
but OpenVPN 2.4 fails to start with unquoted push parameters.
Fixes: FS#290.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
This option is required by OpenVPN, and OpenVPN 2.4 uses mbedTLS 2.x.
DHM_C is also already enabled in the PolarSSL 1.3.x config.h.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
This board is very old and unlikely to still be relevant today. Support
for it contains a significant amount of device specific baggage which is
worth getting rid of.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add support for NXP layerscape ls1046ardb 64b/32b Dev board.
LS1046ARDB Specification:
-------------------------
Memory subsystem:
* 8GByte DDR4 SDRAM (64bit bus)
* 512 Mbyte NAND flash
* Two 64 Mbyte high-speed SPI flash
* SD connector to interface with the SD memory card
* On-board 4G eMMC
Ethernet:
* Two XFI 10G ports
* Two SGMII ports
* Two RGMII ports
PCIe:
* PCIe1 (SerDes2 Lane0) to miniPCIe slot
* PCIe2 (SerDes2 Lane1) to x2 PCIe slot
* PCIe3 (SerDes2 Lane2) to x4 PCIe slot
* USB 3.0: one super speed USB 3.0 type A port, one Micro-AB port
* UART: supports two UARTs up to 115200 bps for console
Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
In order to prevent the impact of the merger of the company and the potential
rebase of the SDK repositories, migrate the u-boot source to github.
Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
In order to prevent the impact of the merger of the company and the potential
rebase of the SDK repositories, migrate the u-boot source to github.
Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
This just adds the kmods for these kernel modules.
This is found on some Lantiq / Intel reference boards.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Now that the VERSION_NUMBER variable holds the human friendly name and not
the commit ID anymore, we need to support adding the revision ID as well.
Introduce a new config variable CONFIG_VERSION_CODE_FILENAMES which, if set,
causes the resulting file names to contain a commit ID designation as printed
by scripts/getver.sh.
Also sanitize the input variables to ensure that the resulting strings are
lowercased and no not contain spaces.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Correct splitting the 32-bit 'hostid' value to two 16-bit hexadecimal
values. Previously, the lower 16-bit value was truncated to an 8-bit
value, which would result in hostid values 100 and 200 both to be set
to [::0:0] instead of [::0:100] and [::0:200] respectively.
Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
If the hostname in /etc/config/system is modified the dnsmasq will not
reread the update host file under /tmp/hosts/dhcp.$cfg.
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Last release of libnetfilter-queue was in 2012.
There don't seem to be any release tarballs since then.
This updates it to a more recent version, pointing to the git repo.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This fixes the following security problems:
CVE-2016-7440: Software AES table lookups do not properly consider cache-bank access times
CVE-2016-7439: Software RSA does not properly consider cache-bank monitoring
CVE-2016-7438: Software ECC does not properly consider cache-bank monitoring
SWEET32 Attack
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Support for MIPS toolchains without FPU support was added upstream,
so remove our patch.
patches/310-mips-link-tool.patch was a backport form this version of valgrind
src/abort.c is not referenced anywhere
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the following security problems:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Move the revision info to the VERSION_CODE variable and default VERSION_NUMBER
to CURRENT for master branch builds.
Also introduce a new menuconfig option CONFIG_VERSION_CODE which allows users
to override the revision value put into VERSION_CODE and adjust the template
files used by the base-files package to accomodate for the changed semantics.
While we're at it, also adjust the various URLs to match the current web site.
After this commit, the relevent files will look like the examples given below:
# cat /etc/openwrt_version
r2398+1
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='CURRENT'
DISTRIB_REVISION='r2398+1'
DISTRIB_CODENAME='reboot'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Reboot CURRENT r2398+1'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="CURRENT, Reboot"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Reboot CURRENT"
VERSION_ID="current"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2398+1"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Reboot CURRENT r2398+1"
On a release branch, those files would look like:
# cat /etc/openwrt_version
r2399
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='16.12-CURRENT'
DISTRIB_REVISION='r2399'
DISTRIB_CODENAME='test_release'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Test Release 16.12-CURRENT r2399'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="16.12-CURRENT, Test Release"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Test Release 16.12-CURRENT"
VERSION_ID="16.12-current"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2399"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Test Release 16.12-CURRENT r2399"
On a release tag, those files would look like:
# cat /etc/openwrt_version
r2500
# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='17.02.1'
DISTRIB_REVISION='r2500'
DISTRIB_CODENAME='mighty_unicorn'
DISTRIB_TARGET='x86/64'
DISTRIB_DESCRIPTION='LEDE Mighty Unicorn 17.02.1 r2500'
DISTRIB_TAINTS='no-all override'
# cat /usr/lib/os-release
NAME="LEDE"
VERSION="17.02.1, Mighty Unicorn"
ID="lede"
ID_LIKE="lede openwrt"
PRETTY_NAME="LEDE Mighty Unicorn 17.02.1"
VERSION_ID="17.02.1"
HOME_URL="http://lede-project.org/"
BUG_URL="http://bugs.lede-project.org/"
SUPPORT_URL="http://forum.lede-project.org/"
BUILD_ID="r2500"
LEDE_BOARD="x86/64"
LEDE_TAINTS="no-all override"
LEDE_DEVICE_MANUFACTURER="LEDE"
LEDE_DEVICE_MANUFACTURER_URL="http://lede-project.org/"
LEDE_DEVICE_PRODUCT="Generic"
LEDE_DEVICE_REVISION="v0"
LEDE_RELEASE="LEDE Mighty Unicorn 17.02.1 r2500"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
Not all kmod packages depends on kmod-ipt-compat-xtables, but this
kernel config option is required for building the whole package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Commit 2728512 ("e2fsprogs: List all libraries explicitly") forced the
e2fsprogs build system to link libcom_err.so in various places.
Unfortunately, the krb5 package also ships a libcom_err.so with a totally
different ABI and puts it into the global staging directory which causes
e2fsprogs to pick up this wrong library, leading to the following failure:
LD blkid
../lib/libext2fs.so: undefined reference to `_et_list'
collect2: error: ld returned 1 exit status
Makefile:504: recipe for target 'blkid' failed
Change the SYSLIBS specification to explicitely link libcom_err.so.0.0
which in order to work around the problem.
In the long run, the libcom_err clash between e2fsprogs and krb5 needs to
be solved properly.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
"service" is a simple wrapper that will allow to call init.d scripts
current method: # /etc/init.d/network reload
with the wrapper: # service network reload
If the wrapper is called without arguments or with a wrong init script name, it will print an error and list the content of /etc/init.d/ folder
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Based on the submission to the uboot-lantiq repo by Martin Blumenstingl.
Use the ddr_settings.h from the GPL tarball. The NAND boot optimized
one (with memory tuning enabled) doesn't work for the UART boot image.
Use the same mtd layout as the stock u-boot. Add add UBI support.
Use the leds to indicate boot status like it is done with the stock
u-boot. Switch on the red power led if kernel image can't be loaded.
Otherwise switch the green led on.
Make only the ramboot u-boot available. Only this image is required for
the first installation of LEDE.
Signed-off-by: Mathias Kresin <dev@kresin.me>
These properties allow overriding the settings from the EEPROM
which indicate whether a band is enabled or not.
Setting this property is only needed when the RF circuit does not
support the 2.4GHz or 5GHz band while it is enabled nevertheless in the
EEPROM.
These patches will be replaced with a future upstream version which
will introduces an ieee80211 device tree property to disable bands.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
There are two types of swapping the EEPROM data in the ath9k driver.
Before this series one type of swapping could not be used without the
other.
The first type of swapping looks at the "magic bytes" at the start of
the EEPROM data and performs swab16 on the EEPROM contents if needed.
The second type of swapping is EEPROM format specific and swaps
specific fields within the EEPROM itself (swab16, swab32 - depends on
the EEPROM format).
With this series the second part now looks at the EEPMISC register
inside the EEPROM, which uses a bit to indicate if the EEPROM data
is Big Endian (this is also done by the FreeBSD kernel).
This has a nice advantage: currently there are some out-of-tree hacks
(in OpenWrt and LEDE) where the EEPROM has a Big Endian header on a
Big Endian system (= no swab16 is performed) but the EEPROM itself
indicates that it's data is Little Endian. Until now the out-of-tree
code simply did a swab16 before passing the data to ath9k, so ath9k
first did the swab16 - this also enabled the format specific swapping.
These out-of-tree hacks are still working with the new logic, but it
is recommended to remove them. This implementation is based on a
discussion with Arnd Bergmann who raised concerns about the
robustness and portability of the swapping logic in the original OF
support patch review, see [0].
After a second round of patches (= v1 of this series) neither Arnd
Bergmann nor I were really happy with the complexity of the EEPROM
swapping logic. Based on a discussion (see [1] and [2]) we decided
that ath9k should use a defined format (specifying the endianness
of the data - I went with __le16 and __le32) when accessing the
EEPROM fields. A benefit of this is that we enable the EEPMISC based
swapping logic by default, just like the FreeBSD driver, see [3]. On
the devices which I have tested (see below) ath9k now works without
having to specify the "endian_check" field in ath9k_platform_data (or
a similar logic which could provide this via devicetree) as ath9k now
detects the endianness automatically. Only EEPROMs which are mangled
by some out-of-tree code still need the endian_check flag (or one can
simply remove that mangling from the out-of-tree code).
[0] http://www.spinics.net/lists/linux-wireless/msg152634.html
[1] https://marc.info/?l=linux-wireless&m=147250597503174&w=2
[2] https://marc.info/?l=linux-wireless&m=147254388611344&w=2
[3] 50719b56d9/sys/dev/ath/ath_hal/ah_eeprom_9287.c (L351)
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
These patches add support for configuring ath9k based devices via
devicetree. This was tested on PCI(e) based devices. This should work
for AHB based devices as well (adding more AHB specific properties may
still be needed) as soon as the ath79 platform is ready to populate the
ath9k wmac via devicetree.
This patchset was accepted upstream, more information can be found on
the linux-wireless list:
https://www.spinics.net/lists/linux-wireless/msg155474.html
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
The ESP algorithms in CBC mode require echainiv, so have kmod-ipsec
depend on kmod-crypto-echainiv.
See upstream commit 32b6170ca59ccf07d0e394561e54b2cd9726038c.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This constant was always defined to 0, and recently got removed in
upstream commit a07ea4d9941af5a0c6f0be2a71b51ac9c083c5e5 ("genetlink: no
longer support using static family IDs")
Fixes libnl-tiny builds with latest upstream kernels.
Fixes: d723f2573a ("libnl-tiny: remove include/linux overrides to fix various build issues")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Update fuse+libfuse to upstream 2.9.7. Drop the patch for CVE-2015-3202,
which is already integrated in the newer version. Rework the other patches.
Also switch PKG_SOURCE from @SF to libfuse's github releases.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
The 10.1 includes a good many stability fixes related to the effort of
backporting upstream 10.2 firmware. Also enables 802.1q vlan support.
Successfully tested on apu2.
The 10.4 firmwares including new backported code as well as stability
fixes. 10.4 has been tested on Fedora x86-64 platforms, but not on LEDE
specifically since I had issues compiling LEDE for my 9980/9984 AP hardware.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Packages that do a killall <cmd> with the same name as the init script
will fail the prerm step when the service isn't running. Do make them
removable without having to restart the service, ignore the return code.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
To make sure we properly restart services on upgrade we need to
call the prerm script of the old package, in case the init script
changes (or vanishes).
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Properly stop/start services on upgrade, but don't change the enabled
state.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Allow scripts from the package to be upgraded to be aware of being
upgraded.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
The host-side build of grub2 requires this sometimes.
This will re-generate the ./configure script from configure.ac.
I don't know the conditions of how this reproduces, it just
sometimes appears, and sometimes doesn't.
Build error
```
<lede-dir>/build_dir/target-x86_64_musl-1.1.15_yogi/host/grub-2.02~beta2/build-aux/missing: line 81: aclocal-1.14: command not found
WARNING: 'aclocal-1.14' is missing on your system.
You should only need it if you modified 'acinclude.m4' or
'configure.ac' or m4 files included by 'configure.ac'.
The 'aclocal' program is part of the GNU Automake package:
<http://www.gnu.org/software/automake>
It also requires GNU Autoconf, GNU m4 and Perl in order to run:
<http://www.gnu.org/software/autoconf>
<http://www.gnu.org/software/m4/>
<http://www.perl.org/>
Makefile:3962: recipe for target 'aclocal.m4' failed
```
Adding PKG_FIXUP adds sanity (i.e. autoreconf is used for host & target
builds) over just using HOST_FIXUP.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Use fwtool to extract it, only require metadata to be present if the
platform sysupgrade script sets REQUIRE_IMAGE_METADATA=1
Image metadata is in JSON format and contains a list of supported
devices, along with version information that could be displayed by a UI
later before the actual upgrade happens.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This will be used to append extra information to images which allows the
system to verify if an image is compatible with the system.
The extra data is appended to the end of the image, where it will be
ignored when upgrading from systems that do not process this data yet:
If the image is a squashfs or jffs2 image, the extra data will land
after the end-of-filesystem marker, where it will be overwritten once
the system boots for the first timee.
If the image is a sysupgrade tar file, tar will simply ignore the extra
data when unpacking.
The layout of the metadata/signature chunks is constructed in a way
that the last part contains just a magic and size information, so that
the tool can quickly check if any valid data is present without having
to do a pattern search throughout the full image.
Chunks also contain CRC32 information to detect file corruption, even
when the image is not signed.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
SafeLoader is image format used by some TP-LINK devices. This tool
allows extracting selected partitions out of it. It can be used for
sysupgrade.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Reboot of 519a199cbc
Which broke other builds.
This time, added compile flags to build only for POWERPC archs
Tested on mpc85xx, ar71xx and bcm2708.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Adds Google's mirror as primary source and kernel.org as fallback.
Same as commit 0d4f02dfd6
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
TI wl18xx and wl12xx are Wi-Fi/Bluetooth combo modules
that could be found on different existing boards.
But it is possible to get those modules as a separate
component and use with existing boards as well as
new boards equipped with either module may appear so we
remove dependency on OMAP instead we add dependency on MMC
because this Wi-Fi module uses SDIO interface.
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Imre Kaloz <kaloz@openwrt.org>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Without setting the HSR to the selected channel, the WLAN of the UAP
Outdoor+ will exhibit high packet loss in RX.
Based-on-patch-by: Stefan Rompf <stefan@loplof.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
odhcpd daemon has hitless config reload support by means of the
sighup signal; add reload_service function which uses sighup
signal to reload the config
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This fixes building with musl and drops the dependency on the OpenWrt
kernel-header patches:
270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch
271-uapi-libc-compat.h-do-not-rely-on-__GLIBC__.patch
272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch
Use the new upstream location at netfilter.org and use a define instead
of a patch to "optimize".
See also: https://git.netfilter.org/arptables/log/
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
[Jo-Philipp Wich: add mirror SHA256 sum]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This allows to include optimizations such as ARM neon which
are detected on run-time.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
[Jo-Philipp Wich: picked from openwrt#191 and rebased onto LEDE master]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This adds support for "channels" command which displays more details
about channels. It includes e.g. info about available widths.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
A firmware compiled with BUSYBOX_CONFIG_ARP should also use by default the
arp binary from busybox. Otherwise the extra functionality the user
requested can only be used when running arp with the path to the binary.
Signed-off-by: Marek Lindner <marek.lindner@open-mesh.com>
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport upstream accepted patch which allows to override the EEPROM
mac address with one from device tree.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The patch 615-rt2x00-fix_20mhz_clk.patch fixes code introduced by
611-rt2x00-rf_vals-rt3352-xtal20.patch and makes the the platform data
property clk_is_20mhz obsolete.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This reverts commit 519a199cbc.
Multiple users have reported building failures on ARM architectures, e.g.:
In file included from defs.h:42:0,
from process.c:37:
process.c:51:22: error: 'struct user_regs' has no member named 'ARM_r0'
#define uoff(member) offsetof(struct user, member)
^
./linux/arm/userent.h:1:3: note: in expansion of macro 'uoff'
{ uoff(regs.ARM_r0), "r0" },
^
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update to latest Git head in order to import several fixes and enhancements.
- Disable drop invalid by default (FS#73, FS#154)
Instead of dropping packets with conntrack state INVALID, only allow streams
with explicit NEW or UNTRACKED conntrack state.
This change gives user defined rules the chance to accept traffic like ICMPv6
multicast which would be filtered away by the very early ctstate INVALID drop
rule otherwise.
The old behaviour can be restored by explicitely setting "drop_invalid" to 1
in the global firewall config section.
- Fix re-initialization of loadable iptables extensions on musl (FS#31)
Since musl does not implement actual dlclose() semantics, it is impossible to
re-run initializers on subsequent dlopen() calls.
The firewall3 executable now intercepts the extension registration calls
instead in order to be able to re-call them when needed.
This also allowed us to switch to libxtables' builtin extension loader as a
positive side-effect.
- Fix masquerade rules for multiple negated IP addresses (FS#248)
When building MASQUERADE rules for zones which specify multiple negated
addresses in masq_src or masq_dest, emit -j RETURN rules which jump out of
the masquerading chain instead of creating multiple rules with inverted "-s"
arguments.
- Tag own rules using comments
Instead of relying on the nonstandard xt_id match, use the xt_comment match
to mark own rules. Existing comments are prefixed with "!fw3: " while
uncommented rules are marked with a sole "!fw3" string.
This allows removing the xt_id match entirely in a later commit.
- Make missing ubus connection nonfatal
Technically, firewall3 is able to operate without ubus just fine as long as
the zones are declared using "option device" or "option subnet" instead of
"option network" so do not abort execution if ubus could not be connected or
of no network namespace is exported in ubus.
This allows running firewall3 on ordinary Linux systems.
- Fix conntrack requirement detection for indirectly connected zones
The current code fails to apply the conntrack requirement flag recursively to
zones, leading to stray NOTRACK rules which break conntrack based traffic
policing.
Change the implementation to iteratively reapply the conntrack fixup logic
until no more zones had been changed in order to ensure that all directly and
indirectly connected zones receive the conntrack requirement flag.
- Add support for iptables 1.6.x
Adds support for the xtables version 11 api in order to allow building
against iptables 1.6.x
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
"This release fixes a few minor bugs, including a
(non-security-impacting) buffer overflow fix ported
from upstream cjson."
<http://software.es.net/iperf/news.html#iperf-3-1-4-released>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Most of the lantiq devices with ralink wifi have the EEPROM stored
in big endian byte order in flash, but the driver expects the EEPROM to
be in little endian.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The ralink,mtd-eeprom device tree property doesn't require the
ralink,eeprom property to work.
Rework the error handling and user notification as well. Do not log an
error if the mtd-eeprom parameter isn't used. It could be intentional
and should not scare the user.
Check if the number of bytes read from the mtd devices matches the
requested number of bytes.
In case of an mtd read error, give a hint to the user which partition
was tried to read from.
In case everything is fine, notify the user as well.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Call the rt2x00lib_get_eeprom_file_name only once and from the function
where the EEPROM filename is required.
Error only out if an EEPROM file is mandatory. Use the
REQUIRE_EEPROM_FILE bit to determine if it is mandatory.
Do not set the REQUIRE_EEPROM_FILE bit while requesting an EEPROM file.
It should be (and is) set before requesting an EEPROM file.
Do not redirect users to upstream while using a function of a custom
patch.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Adds the mac address of the DNS requestor to DNS queries which
are forwarded upstream and can be used to do filtering by the
upstream servers. This only works if the requestor is on the
same subnet as the dnsmasq server
The addmac parameter can hold the following values:
0 : mac address is not added
1 : mac address is added in binary format
base64 : mac address is added base64 encoded
text: : mac address is added in human readable format
as hex and colons
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
moving comgt and its modules to WWAN submenu to join uqmi as both are tools for WWAN modems.
I replaced the link with comgt's ubuntu manpage because the old link isn't working anymore.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Package the driver for the DS1374 chip present on the T4240RDB.
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix missing symbol]
For Huawei devices like E3372 proper command for set lte mode is:
AT^SYSCFGEX="03",3fffffff,2,4,7fffffffffffffff,,
Eval is required for proper quotation.
Without this fix:
Fri Nov 4 19:07:49 2016 daemon.notice netifd: Interface 'wan' is setting up now
Fri Nov 4 19:07:52 2016 daemon.notice netifd: wan (2060): sending -> AT
Fri Nov 4 19:07:52 2016 daemon.notice netifd: wan (2060): sending -> ATZ
Fri Nov 4 19:07:53 2016 daemon.notice netifd: wan (2060): sending -> ATQ0
Fri Nov 4 19:07:53 2016 daemon.notice netifd: wan (2060): sending -> ATV1
Fri Nov 4 19:07:54 2016 daemon.notice netifd: wan (2060): sending -> ATE1
Fri Nov 4 19:07:55 2016 daemon.notice netifd: wan (2060): sending -> ATS0=0
Fri Nov 4 19:07:55 2016 daemon.notice netifd: wan (2060): sending -> AT+CGDCONT=1,"IP","internet"
Fri Nov 4 19:07:57 2016 daemon.notice netifd: wan (2060): sending -> AT^SYSCFGEX=\"03\",3fffffff,2,4,7fffffffffffffff,,
Fri Nov 4 19:07:58 2016 daemon.notice netifd: wan (2060): Error running AT-command
Fri Nov 4 19:07:58 2016 daemon.notice netifd: wan (2060): Failed to set operating mode
Fri Nov 4 19:07:58 2016 daemon.notice netifd: wan (2092): Stopping network
...
With this fix:
Fri Nov 4 19:10:59 2016 daemon.notice netifd: Interface 'wan' is setting up now
Fri Nov 4 19:11:01 2016 daemon.notice netifd: wan (2539): sending -> AT
Fri Nov 4 19:11:01 2016 daemon.notice netifd: wan (2539): sending -> ATZ
Fri Nov 4 19:11:02 2016 daemon.notice netifd: wan (2539): sending -> ATQ0
Fri Nov 4 19:11:03 2016 daemon.notice netifd: wan (2539): sending -> ATV1
Fri Nov 4 19:11:03 2016 daemon.notice netifd: wan (2539): sending -> ATE1
Fri Nov 4 19:11:04 2016 daemon.notice netifd: wan (2539): sending -> ATS0=0
Fri Nov 4 19:11:05 2016 daemon.notice netifd: wan (2539): sending -> AT+CGDCONT=1,"IP","internet"
Fri Nov 4 19:11:06 2016 daemon.notice netifd: wan (2539): sending -> AT^SYSCFGEX="03",3fffffff,2,4,7fffffffffffffff,,
Fri Nov 4 19:11:07 2016 daemon.notice netifd: wan (2539): sending -> AT^NDISDUP=1,1,"internet"
Fri Nov 4 19:11:08 2016 daemon.notice netifd: wan (2539): Connected, starting DHCP on wwan0
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan' is now up
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Network device 'wwan0' link is up
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Network alias 'wwan0' link is up
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' is enabled
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' has link connectivity
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' is setting up now
...
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
FS#256
Fix audio not working due to unset SND_PCM_TIMER. CONFIG_SND_PCM_TIMER
is required for ALSA to work (at least for some audio devices),
otherwise applications using sound may fail. Can be reproduced by
installing "alsa-utils-tests" and running "speaker-test":
...
ALSA lib pcm_direct.c:1159:(snd1_pcm_direct_initialize_poll_fd) unable to open timer 'hw:CLASS=3,SCLASS=0,CARD=0,DEV=0,SUBDEV=0'
ALSA lib pcm_dmix.c:1106:(snd_pcm_dmix_open) unable to initialize poll_fd
Playback open error: -19,No such device
The kernel size does not increase, only the size of the kernel module
increases.
Signed-off-by: Dmitry Sutyagin <f3flight@gmail.com>
This reverts commit efd9dec319.
ath10k can take a long time to probe, long enough for netifd to fail to
initialize already configured wireless devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
LEDE no longer requires all PHYs to be initialized to
create the configuration files during bootup. This patch
removes the now obsolete ath10k patch.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Currently, the wifi detection script is executed as part of
the (early) boot process. Pluggable wifi USB devices, which
are inserted at a later time are not automatically
detected and therefore they don't show up in LuCI.
A user has to deal with wifi detection manually, or restart
the router.
However, the current "sleep 1" window - which the boot
process waits for wifi devices to "settle down" - is too
short to detect wifi devices for some routers anyway.
For example, this can happen with USB WLAN devices on the
WNDR4700. This is because the usb controller needs to load
its firmware from UBI and initialize, before it can operate.
The issue can be seen on a BT HomeHub 5A as well as soon as
the caldata are on an ubi volume. This is because the ath9k
card has to be initialized by owl-loader first. Which has to
wait for the firmware extraction script to retrieve the pci
initialization values inside the caldata.
This patch moves the wifi configuration to hotplug scripts.
For mac80211, the wifi configuration will now automatically
run any time a "ieee80211" device is added. Likewise
broadcom-wl's script checks for new "net" devices which
have the "wl$NUMBER" moniker.
Issues with spawning multiple interface configuration - in
case the detection script is run concurrently - have been
resolved by using a named section for the initial
configuration. Concurrent configuration scripts will now
simply overwrite the same existing configuration.
A workaround which preserves the "sleep 1" window for just
the first boot has been added. This allows the existing
brcm47xx boot and mvebu uci-default scripts to correctly
setup the initial mac addresses and regulatory domain.
And finally, the patch renames the "wifi detect" into
"wifi config". As the script no longer produces any output
that has to be redirected or appended to the configuration
file.
Thanks to Martin Blumenstingl for helping with the implementation
and testing of the patch.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Previously, wifi detect simply dumped its generated wireless
configuration to STDOUT. A second step was needed to append
the configuration to /etc/config/wireless (or create it, if
it didn't exist).
With this patch, The wifi detection script will now use uci
to update the wireless configuration directly.
This patch also makes the initially created wifi-iface a
named section ('default_radio$X' for mac80211 and
'default_wl$X' for broadcom). With this change, uci will
not print the cfgHASH to STDOUT (which would now corrupt
the wireless configuration). It will also prevent adding
duplicated wifi interface configurations, if the wifi
configuration is run concurrently.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds a check in "wifi detect" to test if the wireless
configuration file does exist. If it doesn't exist, an empty
/etc/config/wireless file will be created.
This is necessary because uci doesn't create new files,
instead the tool just exits with "uci: Entry not found".
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Rename the "ip" package declaration to "ip-tiny" and let both "ip-tiny" and
"ip-full" provide the virtual "ip" package. This allows users to freely choose
the "ip" command variant while other packages can continue to depend on "ip"
without needing to enforce a specific variant.
Note that this commit does not add busybox as "ip" provider due to
the following reasons:
- The builtin Busybox ip applet cannot be added or removed at runtime
- Both "ip-tiny" and "ip-full" are able to install without file clashes even
if the busybox applet is enabled
- The system is preferring full "ip-tiny" and "ip-full" at runtime, even
if Busybox ip is still present.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The current uboot default config for the A13 SOM erroneously enables support
for the AXP209 power regulator IC which is not present on the board.
This superfluous support module sets an incorrect initial clock frequency and
confuses the kernel, ultimately leading to a boot failure later on.
Properly disable the PMIC support and enable the EHCI support by translating
the deprecated SYS_EXTRA_OPTIONS values into proper SUNXI_NO_PMIC and
USB_EHCI_HCD symbols respectively.
Also rename 002-add-olimex-a13-som.diff to 002-add-olimex-a13-som.patch and
refresh the remaining patches of the series while we're at it.
Reported-by: Mario Fischer <mario-fischer@web.de>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Introduce support for a new [0-9]u@netdev syntax to ucidev_add_switch() to let
board.d network files request default network switch configurations which do
not use tagged CPU ports.
This commit itself has no effect on generated configurations at the moment
since we still emit untagged configurations by default but it allows boards to
opt-out from default tagged configs in case we start emitting tagged settings
by default.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The libblkid probe support in fstools git head requires blkid/blkid.h for
compilation, so add a build dependency on util-linux which provides libblkid.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The QorIQ LS1012A processor, optimized for battery-backed or
USB-powered, integrates a single ARM Cortex-A53 core with a hardware
packet forwarding engine and high-speed interfaces to deliver
line-rate networking performance.
QorIQ LS1012A Reference Design System (LS1012ARDB) is a high-performance
development platform, with a complete debugging environment.
The LS1012ARDB board supports the QorIQ LS1012A processor and is
optimized to support the high-bandwidth DDR3L memory and
a full complement of high-speed SerDes ports.
LEDE/OPENWRT will auto strip executable program file while make. So we
need select CONFIG_NO_STRIP=y while make menuconfig to avoid the ppfe network
fiemware be destroyed, then run make to build ls1012ardb firmware.
The fsl-quadspi flash with jffs2 fs is unstable and arise some failed message.
This issue have noticed the IP owner for investigate, hope he can solve it
earlier. So the ls1012ardb now also provide a xx-firmware.ext4.bin as default
firmware, and the uboot bootcmd will run wrtboot_ext4rfs for "rootfstype=ext4"
bootargs.
Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
Add support for NXP layerscape ls1043ardb 64b/32b Dev board.
LS1043a is an SoC with 4x64-bit up to 1.6 GHz ARMv8 A53 cores.
ls1043ardb support features as: 2GB DDR4, 128MB NOR/512MB NAND, USB3.0, eSDHC,
I2C, GPIO, PCIe/Mini-PCIe, 6x1G/1x10G network port, etc.
64b/32b ls1043ardb target is using 4.4 kernel, and rcw/u-boot/fman images from
NXP QorIQ SDK release.
All of 4.4 kernel patches porting from SDK release or upstream.
QorIQ SDK ISOs can be downloaded from this location:
http://www.nxp.com/products/software-and-tools/run-time-software/linux-sdk/linux-sdk-for-qoriq-processors:SDKLINUX
Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
(required not-distributable firmware blob - dump it by yourself from original firmware)
Signed-off-by: Eddi De Pieri <eddi@depieri.net>
(cherry picked from commit 47b1ff965b0cb57013b40fbe2bcd7f3c6eb6b606)
Modified after cherry-pick:
FW_MD5SUM in Makefile
Signed-off-by: Stefan Koch <stefan.koch10@gmail.com>
(required not-distributable firmware blob - dump it by yourself from original firmware)
Signed-off-by: Eddi De Pieri <eddi@depieri.net>
(cherry picked from commit ea9e61b8eb61a2e362a50541f03466dc7d087947)
Signed-off-by: Stefan Koch <stefan.koch10@gmail.com>
We need to tell hwclock with -u commandline option, that we would like
to keep our RTC clock in UTC timezone. Linux kernel expects RTC in UTC
timezone anyway.
In current state of things, we don't tell hwclock to load/store time
from/to RTC in UTC timezone so it uses the timezone from the system
time. If it's set to different timezone then UTC, sysfixtime is going to
screw the time in RTC.
I've following in the setup script:
uci set system.@system[0].timezone='CET-1CEST,M3.5.0,M10.5.0/3'
uci set system.@system[0].zonename='Europe/Prague'
I've this RTC setup (rtc1 is RTC on i.MX6 SoC, rtc0 is battery backed RTC mcp7941x):
rtc-ds1307 3-006f: rtc core: registered mcp7941x as rtc0
snvs_rtc 20cc000.snvs:snvs-rtc-lp: rtc core: registered 20cc000.snvs:snvs-r as rtc1
Then we can experience following (current time is 10:15am):
$ date
Fri Oct 21 10:15:07 CEST 2016
$ hwclock -r -f /dev/rtc0
Fri Oct 21 08:14:46 2016 0.000000 seconds
$ hwclock -u -r -f /dev/rtc0
Fri Oct 21 10:14:46 2016 0.000000 seconds
And after current broken sysfixtime:
$ /etc/init.d/sysfixtime stop
$ date
Fri Oct 21 10:15:25 CEST 2016
$ hwclock -r -f /dev/rtc0
Fri Oct 21 10:15:31 2016 0.000000 seconds
Now we've time in our battery backed RTC in CEST timezone instead of
UTC. Then once again, but with this patch applied to sysfixtime, where
hwclock is using correctly the -u parameter:
$ /etc/init.d/sysfixtime stop
$ date
Fri Oct 21 10:15:53 CEST 2016
$ hwclock -r -f /dev/rtc0
Fri Oct 21 08:15:55 2016 0.000000 seconds
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Ensure that selecting the wpa-supplicant-mesh package actually packages the
wpa_supplicant binary with SAE support and add missing dependency on OpenSSL.
Signed-off-by: Alexis Green <alexis@cessp.it>
[Jo-Philipp Wich: slightly reword commit message for clarity]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
We add an 'httpauth' section type that contains the options:
prefix: What virtual or real URL is being protected
username: The username for the Basic Auth dialogue
password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue
httpauth section names are given included as list
items to the instances to which they are to be applied.
Further any existing httpd.conf file (really whatever
is configured in the instance, but default of
/etc/httpd.conf) is appended to the per-instance httpd.conf
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
During reload, we could send invalid information to the other
side and confuse it.
That's why, during reload we'll pause execution, do the reconfig
and resume + update when reload is done.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The problem is that interfaces are specified at start as
command line arguments, making them unchange-able via reload.
That means, we have to move (since lldpd allows this) the
interfaces-match-pattern option to be in a config file and reload
the configuration.
It's either that, or do a 'restart'.
Since we're generating the lldpd.conf file, we'll have to
move the 'sysconfdir' of lldpd to /tmp, where the files will
get written ; this will prevent any unncessary flash writes.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Capitalized "disc" submenu name as all submenu names are capitalized (apart from "database", but I'll fix that
later).
moved "swap-utils" to Filesystem submenu as it is "formatting" a partition as swap so it looks out of place in Disc.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Currently the reset script will try to run jffs2reset on boards that are
running a rw rootfs, such as ext4. This will cause jffs2reset to fail
and the board to never reboot while the LED blinks until a manual
reboot.
This commit does two different things:
1. Disables reset on boards that do not have an overlay mount
2. Disables the Blinking LED after 5 seconds if the board does not
support reset
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Fix the default value for the 'bootcmd' environment variable.
Therefore make the default bootcmd work for buildbot's images.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Adds support in uci for configuring multiple dnsmasq instances via
multiple dnsmasq sections.
The uci sections host, boot, mac, tag, vendorclass, userclass,
circuitid, ... will refer to a dnsmasq instance via the instance
parameter defined in the section; if the instance parameter is
not specified backwards compatibility is preserved.
Start/Stopping a dnsmasq instance can be achieved by passing the
dnsmasq instance name as argument to start/stop via the init script.
Multiple dnsmasq instances is usefull in scenarios where you want to
bind a dnsmasq instance to an interface in order to isolate networks.
This patch is a rework of a multiple dnsmasq instance patch by Daniel Dickinson
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Fix metadata scan failure in the grub2 package by removing an unexpected
invisible space character and by adding back the missing SECTION variable
which was removed with d140648.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a partially random O= item to the certificate subject in order
to make the automatically generated certificates' subjects unique.
Firefox has problems when several self-signed certificates
with CA:true attribute and identical subjects have been
seen (and stored) by the browser. Reference to upstream bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1147544https://bugzilla.mozilla.org/show_bug.cgi?id=1056341https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34
Certificates created by the OpenSSL one-liner fall into that category.
Avoid identical certificate subjects by including a new 'O=' item
with CommonName + a random part (8 chars). Example:
/CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ
That ensures that the browser properly sees the accumulating
certificates as separate items and does not spend time
trying to form a trust chain from them.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Prefer the old default 'px5g' for certificate creation
as Firefox seems to dislike OpenSSL-created certs.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This option, defined by RFC3442, allows a DHCP server to send static
routes to a client. But the client has to request this option
explicitely.
Static routes are useful when the gateway configured by DHCP cannot be
in the same subnet as the client. This happens, for instance, when
using DHCP to hand out addresses in /32 subnets.
A new configuration option "classlessroute" is available, allowing
users to disable this feature (the option defaults to true).
Other DHCP clients already request this option by default (dhcpcd, for
instance, and possibly Windows). If a DHCP server does not support
this option, it will simply ignore it.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
moved px5g-standalone to Encryption submenu of Utilities.
Fixed title by removing the first "standalone" word from title.
The name is now consistent with other px5g packages, it is also shorter and will be shown in make menuconfig.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
moved px5g to Encryption submenu of Utilities, in an effort to tidy up a bit the Utilities section of make menuconfig.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
mkfs.ext4 und losetup are needed for sysupgrade support on mmc devices
with automatic rootfs split (loopback device usage).
Signed-off-by: André Valentin <avalentin@marcant.net>
While enable zynq uboot:
CONFIG_PACKAGE_uboot-zynq-zc702
CONFIG_PACKAGE_uboot-zynq-zed
CONFIG_PACKAGE_uboot-zynq-zybo
make will arise dtc error:
./scripts/dtc-version.sh: line 17: dtc: command not found
./scripts/dtc-version.sh: line 18: dtc: command not found
*** Your dtc is too old, please upgrade to dtc 1.4 or newer
make[4]: *** [checkdtc] Error 1
Pass the kernel dtc to uboot for compile.
Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
because boot loaders are in Boot Loaders, not in Utilities -> Boot Loaders
Also moved brub2-editenv in Utilities -> Boot Loaders
Part of a wider housekeeping effort on the packages repository.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Boot Loaders submenu of Utilities is the most logical place to find fconfig and other bootloader tools.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Boot Loaders submenu of Utilities is the most logical place to find rbcfg and other bootloader tools.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
The special prefix of "/" should match any url by definition but the final
assertion which ensures that the matched prefix ends in '\0' or '/' is causing
matches against the "/" prefix to fail.
Update to current HEAD in order to fix this particular case.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This helper allows using usbport trigger directly. It requires usbport
compatible syntax and supports specifying multiple USB ports, e.g.:
ucidef_set_led_usbport "usb" "USB" "devicename:colour:function" "usb1-port1" "usb2-port1"
This adds a proper object to the board.json, e.g.
"usb": {
"name": "USB",
"type": "usbport",
"sysfs": "devicename:colour:function",
"ports": [
"usb1-port1",
"usb2-port1"
]
}
and supports translating it into uci section.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* Adjust download locations:
- use https as busybox.net permanently redirects http to https
- gentoo mirror has neither 1.25.0 nor 1.25.1 available, so drop it
in favor of buildroot.net that has 1.25.1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This makes init.d script handle existing UCI entries using the new
trigger. It also switches all targets to use its package.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* Backport much of the 10.2 firmware features from upstream QCA driver.
This includes ANI support, adaptive CCA, tx-hang workarounds,
and lots of other things.
Not all of this may be enabled at this point, and more code waits to
be backported as time and motivation allows.
* Fix some rate-control issues where ath10k in station mode (at least), would
sometimes get stuck at low rates. This appeared to be a probe related
state machine issue in the firmware, so I added some timeout logic to kick
the state machine if it gets stuck. This signicantly improves throughput
tests with many stations.
* Support configuring WMI WD timeout using SET_SPECIAL API.
* Properly configure the rx-mask on bootup to work around problem found
by Mr. Kazior. This should remove the need to add the driver hack he
posted.
* Allow configuring pdev failed-retry threshold. This is how many consecutive
tx failures the firmware will allow before resetting the wifi chip (not a full
firmware crash).
Signed-off-by: Ben Greear <greearb@candelatech.com>
Adds Sebastian's 160Mhz support (un-tested), remove DMA32 change that
broke some x86 systems, allow setting 10.1 CT firmware keepalive watchdog
timeout, support QCA 9887 hardware, and some other tweaks.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This is upstream alternative for LEDE's ledtrig-usbdev. It's main
advantages are:
1) Support for assigning more than 1 USB port to the LED
2) Setting proper state when activating with device already connected
3) FWIW it's an upstream driver
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
changed install path from /sbin to /usr/sbin to be consistent with other filesystem tools
ext2-3-4 and f2fs tools are in /usr/sbin, for example
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
iperf upstream added some bugfixes to the already released 2.0.9 version
without changing the filename. This conflicts with old mirrored files
and the hash that we previously used.
To avoid conflict, use a renamed tarball from mirror2.openwrt.org
containing the new upstream changes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Commit f5c741b5e0 updated procd to a more recent version, but did not
change the hash of the tar. Update it to the one matching the file on
the download servers.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The file to patch doesn't exists. Due to the fact that a src directory
exists, the patch was never applied.
With 28502a9 the behaviour was changed and revealed the issue.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This more of a demo for the previous commit that comes with
this one, where I added support for copying source from 'src' to
the build dir(s).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
OpenWrt uses ancient u-boot thats not reproducible.
There are multiple upstream changes that introduce
reproducible builds like:
859e92b775fd8ebcfacc591eaf621b677c95b6f7
(not used here - the CMD_DATE/TIMESTAMP functionality
seems to be disabled by config)
70d39f57146a6cb94736db39c770c3d95e07bedb
f3f431a712729a1af94d01bd1bfde17a252ff02c
2d9efa1227262249d381ed5d9d341cbdba76e62d
Instead of changing the Makefile too much
this changeset just tries to use the
changes in Makefile from current upstream git f5fd45f
*Should* fix issue reported by reproducible lede page:
https://tests.reproducible-builds.org/lede/lede.html
Compile tested only
(verified w. hexdump & md5sum)
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
Tested with VDSL on TP-Link WD8970, I see full 1500-byte PPP data
frames, which end up being 1526 byte Ethernet frames (including
Ethernet+VLAN headers) on the wire.
Fixes: FS#210
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Switch to xz tarball, there's no point pulling two different tarballs of the same source code (tools/libtool uses xz).
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
luci using ustream-mbedtls is extremely slow vs ustream-polarssl.
polarssl alias mbedtls v1 is configured to use NIST prime speed
optimisation, so no longer disable the default optimisation for
mbedtls v2.
Compile & run tested: Archer C7v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[Jo-Philipp Wich: refresh patch to use common format]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Adds per-host leasetime support
Various bugfixes :
-Prioritize ifname resolving via ubus
-Free interface if ifindex cannot be resolved
-...
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [update mirror sha256]
This fixes the following error when mounting a ext4 filesystem
----
[ 166.240000] EXT4-fs (sda1): Cannot load crc32c driver.
----
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Commit 8f24ee6382 ("uqmi: Add proper IPv6 support") changed the code
to fetch the IPv4 address via QMI by default instead of using DHCP to
make it consistent with the IPv6 codepath.
This breaks on at least some Sierra Wireless cards, where data exchanges
fail to work until the host has fetched a DHCP lease.
Leave v6 as it is, but always use DHCP for v4.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
nf_tproxy_core was removed during 3.12 development with kernel commit
fd158d79d33d3c8b693e3e2d8c0e3068d529c2dc. The code was moved
to xt_TPROXY.c.
Fixes FS#212
Signed-off-by: Mathias Kresin <dev@kresin.me>
Adds the latest patches from Jes Sorensen for rtl8xxxu, which improve
rtl8732bu, rtl8192eu and rtl8188eu support.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Quote resolveip hostname argument to avoid bad shell injections.
While at it fix pattern match logic in case multiple IPv6 addresses
are returned for a hostname as they're seperated by newline by
resolveip and not a white space
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Adds u-boot for the at91 platform and a couple of boards.
The build honours COPTS to benefit from fortify source et al.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Now that the uhttpd init script can generate certificates using openssl as
well, update the section name and related comment to be more generic.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Before a configuration is generated, an empty file is created to store
it in. (required by UCI)
If something happens during config generation
(power cut, interruption, ..) an empty file exists and it is never
regenerated again, causing some daemons to fail starting
(NTPD, logread, ..)
Fix this by also generating new configs if a critical file
is empty.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The kmod-sound-hda-core module attempts to package snd-hda-core.ko which
does not exist in Linux 3.18, therfore only use it for kernels >= 4.1
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Support the usage of the OpenSSL command-line tool for generating
the SSL certificate for uhttpd. Traditionally 'px5g' based on
PolarSSL (or mbedTLS in LEDE), has been used for the creation.
uhttpd init script is enhanced by adding detection of an installed
openssl command-line binary (provided by 'openssl-util' package),
and if found, the tool is used for certificate generation.
Note: After this patch the script prefers to use the OpenSSL tool
if both it and px5g are installed.
This enables creating a truly OpenSSL-only version of LuCI
without dependency to PolarSSL/mbedTLS based px5g.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Prior to kernel 4.4, the hda-intel module depends on the hda-controller
utility submodule so bundle it for the older kernel versions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This patch removes the non-working wifi driver filter for
the wifi detection script.
I figured that rather than replacing ${2:-$DRIVERS} with
${1:-$DRIVERS}, it would be better to remove it. Nobody
needed it in the previous years.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
vfat filesystem fails to mount due to missing codepages with
factory-formatted flash drives. Depend on cp437 iso8559-1 and
utf8 nls modules as this covers most factory-formatted vfat
filesystems.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
This patch set adds support for PCI Intel HD Audio
sound devices. This is useful for multimedia packages
in the packages feed that one may use to create audio
servers.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
We have to remove the FPU check, it will run in an endless loop on LEDE
when compile without FPU emulation support.
The second patch fixes this problem: valgrind: mmap(0x400000, 303104)
failed in UME with error 22 (Invalid argument).
valgrind still does not support mips16, build LEDE without mips16 support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The nf_reject_* and nf_nat_masquerade_* modules are moved into the
corresponding kmod-nf- packages. Appropriate dependencies are added to the
kmod-nft- packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Since the kernel makefile is using .ONESHELL, we need to add -e to
.SHELLFLAGS so errors are not ignored.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fix rt_names build failure when FORTIFY_SOURCE disabled.
Include limits.h which otherwise gets automatically included
by fortify headers.
Solves FS #194
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Now that the firmware for BCM43430 has been submitted to linux-firmware use it
and remove RPiDistro package.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This patch moves the ath10k firmware packages to the firmware submenu
in the buildroot, where it belongs.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
Use firmware version 10.2.4.70.54 from kvalo's git repository. The old
version (even though it's version number is greater) is an old version
from September 2015.
Using only the firmware versions from kvalo's git repo is recommended,
because those are tested by QCA's internal QCA.
The QCA988X directory received a small reorganization as a "hw2.0"
subdirectory was added - this patch also takes care of that as
board.bin was moved to that subdirectory.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
For 64-bit capable systems, a symbolic link is set up for /lib64 to point to
/lib, so make sure the installation goes into /lib, irrespective of where the C
library files come from in an external toolchain.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
There is a separate package kmod-crypto-echainiv for echainiv.ko. Selecting
both packages led to a conflict, so remove the file from kmod-crypto-iv.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This fixes bug that could cause WARNING on every add_key/del_key call.
It also replaces WARNING with a simple message. They may still occur
e.g. on station going out of range and A-MPDU stall in the firmware.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch
Security advisory: https://www.openssl.org/news/secadv/20160926.txt
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Adds Google's mirrors as primary source and kernel.org as fallback.
Discussed in #lede-dev on Freenode
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Within the Lua binding, use the same logic as the command line interface for
reporting the used WPA ciphers. Instead of printing the intersection of
pairwise and group ciphers, report both group and pairwise ciphers.
This fixes a case where a connection which uses CCMP for pairwise and TKIP
as groupwise cipher is getting reported as using the NONE cipher.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The Linux kernel uses two distinct fields to denote the routing table ID in
use by network routes; the 8 bit `rtm_table` member of `struct rtmsg` and the
32 bit `RTA_TABLE` netlink attribute.
If a routing table ID is larger than 255, the `RT_TABLE` attribute must be used
and the `rtm_table` field has to be set to the special `RT_TABLE_UNSPEC` value.
This commit adds a patch which...
- switches the *_n2a() and *_a2n() functions of rt_names.c to use dynamically
sized, name-sorted arrays instead of fixed arrays limited to 1024 slots in
order to support IDs up to 65535
- adds proper handling of high table IDs to iprule.c and iproute.c when
adding, removing and dumping ip rules and network routes
After this change, the Busybox ip applet fully supports IP rules with high ID
numbers, using the same logic as the full iproute2.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Remove an invalid local variable declaration in the tunnel update subshell
invocation. Local declarations outside of function scopes are illegal since
the Busybox update to version 1.25.0 .
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
All these patches are in wireless-drirvers-next. There is support for
hidden SSID, few new devices and many fixes.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Now that we know that the password is in /etc/shadow and not in
/etc/passwd, we can properly fix the logic for the empty password check.
Only 'root::' is an empty password, 'root❌' and 'root:!:' allow no
password login at all.
This fixes the empty password warning still showing after the root password
has been locked using 'passwd -l root' (e.g. to allow public-key auth
only).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.
The config symbol is kept (for a while), as packages from feeds depend on
it.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Uboot-mvebu isn't a real package, which will break the image builder
when it tries to install it during the packing step. Instead of cleafog
selecting it through its default packages, make it default to m if the
clearfog profile is selected.
This will ensure it is always build, but never added to the rootfs. This
fixes creating images for clearfog with IB.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
The clearfog image requires u-boot, so package it into KDIR to make sure
it is available in imageBuilder.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Running prepare_rootfs on TARGET_DIR deletes the opkg state when
CONFIG_CLEAN_IPKG is enabled, making the per-device rootfs package install
fail.
To avoid this, create a copy of the TARGET_DIR before prepare_rootfs is run
and use this as basis for per-device rootfs generation.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
br_netfilter.ko and the corresponding Kconfig symbol are already provided
by kmod-br-netfilter, which is a dependency of kmod-ebtables.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Local variable declarations outside of functions are illegal since the Busybox
update to v1.25.0, therfore remove them from the appropriate places.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update the linux-firmware package in order to force the buildbots to fetch the
proper mirrored version.
Currently each builder has its own copy of the linux-firmware checkout staged
in its own dl/, since the package was updated before the mirrored copy has
been uploaded. The builders then subsequently uploaded their own copy instead,
leading to md5sum mismatches since each clone produces different tarballs.
By bumping the package to a new version and uploading the mirrored archive
with the proper md5sum beforehand, the builders will fetch that instead and
not upload their own copies.
To properly solve that problem in the future we need to ensure that packed
checkouts become reproducable.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Since the md5sum of the mirrored Git clone archive has been set in the Makefile
before that particular archive was uploaded to the source mirror, the buildbots
uploaded their own, different copy instead invalidating the mirror md5sum for
anyone else.
In order to fix the mismatch, update the md5sum to reflect the archive being
present on the download server.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The Annex A firmware will be updated to:
05.08.01.08.01.06_05.08.00.0B.01.01_osc
The Annex B firmware will be updated to:
05.07.09.09.00.06_05.07.04.04.00.02_osc
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Some devices (like the Cisco Meraki Z1 Cloud Managed Teleworker Gateway)
need to be able to initialize the PCIe wifi device. Normally, this is done
during the early stages of booting linux, because the necessary init code
is read from the memory mapped SPI and passed to pci_enable_ath9k_fixup.
However,this isn't possible for devices which have the init code for the
Atheros chip stored on NAND in an UBI volume. Hence, this module can be
used to initialze the chip when the user-space is ready to extract the
init code.
Martin Blumenstingl made a few fixes and added support for lantiq:
kernel: owl-loader: add support for OWL emulation PCI devices
kernel: owl-loader: don't re-scan the bus when ath9k_pci_fixup failed
kernel: owl-loader: use dev_* instead of pr_* logging functions
kernel: owl-loader: auto-generate the eeprom filename as fallback
kernel: owl-loader: add a debug message when swapping the eeprom data
kernel: owl-loader: add missing newlines in log messages
kernel: owl-loader: add support for the lantiq platform
These patches have been integrated. Thanks!
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
Match sections allow to set a tag specified by the option networkid if the client
sends an option and optionally the option value specified by the match option.
The force option will convert the dhcp-option to force-dhcp-option if set to 1 in
the dnsmasq config if options are specified in the dhcp_option option.
config match
option networkid tag
option match 12,myhost
option force 1
list dhcp_option '3,192.168.1.1'
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
A padding to align a message should not only be added between
different attributes of a netlink message, but also at the end of the
message to pad it to the correct size.
Without this patch the following command does not work and returns an
error code:
ip link add type nlmon
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Now that we have firmwares separated and brcm2708 being the only target that
actually selects SDIO support, avoid selecting all firmwares by default.
sunxi should select the proper firmwares once SDIO support is enabled and
tested.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Using few packages will allow saving some space by decreasing rootfs
size.
Moreover there are more firmware files that may require packaging and
even more to come later.
This can especially useful now, with per device rootfs.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
clean up usb gadget support:
- rename gadget modules so that they appear together and are easier to
identify as gadget modules
- make usb-lib-composite and usb-gadget hidden as there is no point in
selecting those without gadget drivers that require them as deps
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Now we have firmwares separated and bcm53xx selecting required ones make
use of it to actually save that rootfs space.
Other targets using brcmfmac (brcm2708 and sunxi) use SDIO interface and
firmware so they don't won't be affected.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Using few packages will allow saving some space by decreasing rootfs
size. Dropping 43602a1 firmware saves 316 580 B. Dropping 4366b1 saves
468 188 B.
Moreover there are more firmware files that may require packaging and
even more to come later (e.g. 4366c0).
This can especially useful now, with per device rootfs.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Permit users of the full variant to disable the NO_ID *.bind pseudo
domain masking.
Defaulted 'on' in all variants.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
As security precaution and to limit the attack surface based on
the version reported by tools like nmap mask out the dropbear
version so the version is not visible anymore by snooping on the
wire. Version is still visible by 'dropbear -V'
Based on a patch by Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove trailing _]
Don't expose dnsmasq version & other data to clients via the *.bind
pseudo domain. This uses a new 'NO_ID' compile time option which has been
discussed and submitted upstream.
This is an alternate to replacing version with 'unknown' which affects
the version reported to syslog and 'dnsmasq --version'
Run time tested with & without NO_ID on Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
e2fsprogs would fail linking with external toolchains which would not be able
to find several dependencies, explicit them.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Regression introduced by 3481d0d dnsmasq: run as dedicated UID/GID
dnsmasq is unable to remove its own pidfile as /var/run/dnsmasq is owned
by root and now dnsmasq runs as dnsmasq:dnsmasq. Change directory
ownership to match.
dnsmasq initially starts as root, creates the pidfile, then drops to
requested non-root user. Until this fix dnsmasq had insufficient
privilege to remove its own pidfile.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Add a dependency on DRIVER_11W_SUPPORT in order to enable the IEEE
802.11w functionality in hostapd.
Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
oneshot trigger configurations for LEDs are created, but the on/off
timing configurations are ignored. generate_config is correctly creating
oneshot configs, but the later led script doesn't recognise the trigger
details.
Fixes: c0c3f2d4c9 leds: support oneshot as well as timer triggers
Signed-off-by: Karl Palsson <karlp@etactica.com>
Enable CONFIG_PROCD_ZRAM_TMPFS compatibility via two changes to list_cpu_idx():
* detect if /tmp is being used by /dev/zram0; if yes, offset initial value by 1 to skip first zram device.
* hot-add /dev/zram1, if not already present.
Signed-off-by: Conn O'Griofa >connogriofa@gmail.com>
Add a patch to backport 5185c91385d73cdf79836eb8548e4726e43ae831
from Linux 4.8 adding USB2380 support to the NET2280 driver and
create an OpenWrt menu option to select it as a module.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
This allows kobs-ng to flash the SPL successfully on the 4.4 kernel used by
the Gateworks IMX boards supporting NAND. The previous version of kobs-ng
worked with the 3.14 kernel but will brick a board making its SPL unbootable
for the 4.4 kernel.
See http://trac.gateworks.com/wiki/ventana/bootloader#nandspl for instructions
on updating the SPL from Linux.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
power save response frames can go through the old tx path, and the tid
needs to be set for sequence numbers to be assigned correctly.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit 763f5d7873.
Currently the vfork() code path in opkg is broken and relies on unsupported
ftello() / fseeko() operations on pipes - we need to restructure the code
before we can reconsider this approach.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This reverts commit 02e3c718e9.
Currently the vfork() code path in opkg is broken and relies on unsupported
ftello() / fseeko() operations on pipes - we need to restructure the code
before we can reconsider this approach.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested briefly on Netgear r7800. Firmware failed to load on first
boot, but then it worked after that and I could not reproduce the
failure.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This tool can periodically check for ath10k firmware crashes.
If it finds a crash, it will package up the binary crash dump,
some OS level things like dmesg, lspci, etc into a tar file.
It then notifies the user about the crash and asks them to report
the bug to the appropriate email address.
This is most useful when used with ath10k-ct driver and
CT ath10k firmware, but it should also report issues with stock
ath10k driver and firmware in case one has appropriate contacts
to debug them.
This tool could be extended later for other modules/bugs/etc.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The iwinfo library might get compiled with different backends, depending on
the driver selection of the current target, so mark it as nonshared to avoid
broken libiwinfo support on other targets with same cpu architecture but
different wireless driver types.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The ATH9K_STATION_STATISTICS kernel config variable enables some extra
statistics that are useful for debugging (in particular with the airtime
fairness patches enabled). This adds that kernel config when selecting
ath9k debugging.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This uses GFP_DMA32 for firmware swap. Fixes issue on x86-64 with
QCA 9984 chipset when host system does not have vt-d enabled.
Also tested on linksys ea8500 with 9980 chipset.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
Without any in-tree users enabled the Kernel's build process doesn't
actually build those modules. Enable some potential in-tree users
during Kernel build, so out-of-tree modules can depend on them.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
With the default priority of 0, the DEU algos would be overlapped
by the generic algos (if available).
To fix this, set the cra_priority of the hardware algos to the
recommended value of 300/400.
Signed-off-by: Martin Schiller <mschiller@tdt.de>
Now that snapshot builds are only publishing SHA-256 checksums, it makes
sense to ship an appropriate utility for verification.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
PPP daemon can be put into persist mode meaning the
daemon will not exit after a connection gets terminated
but will instead try to reopen the connection.
The re-initiation after the link has been terminated
can be controlled via holdoff; this is helpfull in
scenarios where a BRAS is in denial of service mode
due to link setup requests after a BRAS has gone down
Following uci parameters have been added :
persist (boolean) : Puts the ppp daemon in persist mode
maxfail (integer) : Number of consecutive fail attempts which
puts the PPP daemon in exit mode
holdoff (interget) : Specifies how many seconds to wait
before re-initiating link setup after it has been terminated
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
src/linksys_bootcount.c misses to include stdint.h.
Apparently musl doesn't mind and includes this header by default,
but glibc does not and causes the build to fail.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
tools/env/fw_env.c misses to include stdint.h.
Apparently musl doesn't mind and includes this header by default,
but glibc does not and causes the build to fail.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
* Only parse interfaces that are up during init_config (as the
script depends on this to determine the proper IP/subnet range)
* Add reload interface triggers for samba-designated interfaces
* Force full service restart upon config change to ensure Samba
binds to new interfaces (sending HUP signal doesn't work)
* Rename "interface" variable to "samba_iface" and move into
global scope
Needed to fix Samba connectivity for clients connecting from a
different LAN subnet (e.g. pseudobridge configurations) due to the
'bind interfaces only' setting.
Signed-off-by: Conn O'Griofa <connogriofa@gmail.com>
When PKG_CONFIG_LIBDIR was unset in the environment, the configure
script was deducing the PKG_CONFIG_LIBDIR from the location of the
pkg-config binary, which doesn't make a lot of sense, and isn't done
by other autotools based packages.
Patch imported from the Buildroot project:
https://github.com/buildroot/buildroot/blob/master/package/ncurses/0001-fixup-pkg-config-handling.patch
Also refresh patches while we're at.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Due to an empty pi_ifname in the generic failsafe setup, the deconfig
never removed the failsafe networking interface, causing broken
networking later on.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Also configure the switch based on the failsafe config, and create the
failsafe interface as tagged if necessary.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
In preparation of properly setting up vlans and switches, add
support for configuring failsafe on a vlan tagged interface.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Move preinit interface and ip config to its own function to allow
calling it from more than one place.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Instead of board_detect generating the config as a side effect, let
config_generate call board_detect as needed.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Among other things, this compiles out support for peer caching.
The feature did not seem to work well in my testing of AP mode,
and totally breaks my own special use of station mode.
Briefly tested on ea8500.
Signed-off-by: Ben Greear <greearb@candelatech.com>
ath10k-ct driver was using bad defaults for 9980 if user
had not specified a fwcfg file to over-ride them.
Also, support configurable station-kickout-threshold,
which might work around issues with flakey connections.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix PKG_VERSION]
9pfs is used by kvm to share files between host and guest,
add proper config option to enable it.
Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
RADIUS accounting can be used even when RADIUS authentication is not
used. Move the accounting configuration outside of the EAP-exclusive
sections.
Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
The pi_* variables and the fs_failsafe_wait_timeout variable are set by
the CONFIG_TARGET_PREINIT_* config options. No need to maintain the same
values twice.
All other fs_ variables were never used.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Change the error message about missing SSL support to be more explicit by
mentioning required package names.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Changes include:
* Higher maximum transmit power in the 5170-5250 band of the BG
regdomain
* Introduction of the CU regdomain
* Introduction of the 5725-5875 band (short-range devices) in the DE
regdomain
* Introduction of 60 GHz channels 1-4 in the KR regdomain
* Introduction of the 5725-5875 band (short-range devices) in the NL
regdomain
Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
sysupgrade immediately reboots after flashing an image and doesn't
allow to unmount filesystems. At least in case the image used for
sysupgrade is stored on a FAT formatted usb flash drive, the following
warning is printed during the next mount of the flash drive:
FAT-fs (sda1): Volume was not properly unmounted. Some data may be
corrupt. Please run fsck.
Although a data corruption during read operations is unlikely, there is
no need to scare the users.
Signed-off-by: Mathias Kresin <dev@kresin.me>
/etc/init.d/boot tried to create /dev/root based on the kernel's
cmdline which won't work on any recent targets. Remove that code now
that fstools can detect the mounted rootfs based on
/proc/self/mountinfo and /dev/root was long gone anyway.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Targets that need switch drivers should select them in their kernel
config. This prevents some bloat from creeping into targets that don't
need switchdev/dsa
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Network drivers typically allocate memory in atomic context. For that to
be reliable, there needs to be enough free memory. Set the value
heuristically based on the total amount of system RAM.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
If option ist not set then ipv6 is still enabled on this Interface.
Check if variable is zero will fix this issue.
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
multiple invocation of dnsmasq script (e.g. by procd and hotplugd)
might cause procd to restart dnsmasq with an incomplete config file.
Config file generation might take quite a long time on larger configs
due ubus calls for each listening interface...
Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
Emits an initial event after the first link-up of a force_link
interface. This is needed for making the dnsmasq dhcp check more
reliable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Open/close triggers array around service_triggers call to make using
multiple triggers easier to deal with.
The API was quite confusing, because some functions contained implicit
trigger open/close calls and some didn't.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Passing the hostname is currently broken in since the shipped busybox includes this commit:
https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?id=2017d48c0d70bef8768efb42909e605ea8eb5a21
Before:
Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is now down
Sun Jan 31 18:11:32 2016 daemon.notice netifd: Interface 'wan' is setting up now
Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: option -h NAME is deprecated, use -x hostname:NAME
Sun Jan 31 18:11:32 2016 daemon.notice netifd: wan (18158): udhcpc: malformed hex string 'WR150'
After:
Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): udhcpc (v1.23.2) started
Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending discover...
Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Sending select for xxx.yyy.zzz.xyz...
Sun Jan 31 18:11:33 2016 daemon.notice netifd: wan (18169): Lease of xxx.yyy.zzz.xyz obtained, lease time 600
Signed-off-by: Merlijn Wajer <merlijn@wizzup.org>
Treat 'relayd' as an essential service to avoid connection interruptions during sysupgrade on devices configured as a pseudobridge.
Signed-off-by: Conn O'Griofa <connogriofa@gmail.com>
Fixes duplicate ubiblock entries being listed and improves
find_mount_point to also match against a block device's
major:minor numbers (needed e.g. for /dev/root).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Previous implementation was blocking the init and
breaking halt/reboot/sysupgrade (reported by Daniel Golle)
v2: use procd logging, use set -e + trap for error handling
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Tested-by: Daniel Golle <daniel@makrotopia.org>
This firmware has been lightly tested on non LEDE system
to date, and will be undergoing further testing and development.
Allow users to easily install this on their LEDE system as
they prefer.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The patch needed for this commit has been sent upstream:
https://github.com/openssl/openssl/pull/1155
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [add back bf and srp]
NPN has been superseded by ALPN so NPN is disabled by default
The patch has been sent to OpenSSL for inclusion, see
https://github.com/openssl/openssl/pull/1100
Signed-off-by: Dirk Feytons <dirk.feytons@gmail.com>
This patch gets rid of the booke watchdog kmod package.
Instead the affected boards will enable it in their
kernel configs.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
There seems to be a situation in which a rebuild of libpcap.so is triggered
in the install step of the libpcap Makefile. libpcap.so is the wrong
target, leading to the build failure reported in [1].
Fix the dependency of install-shared-so to $(SHAREDLIB) so the build can
succeed in this case.
[1] https://dev.openwrt.org/ticket/19894
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This lets one use the CT ath10k driver instead of the built-in
ath10k driver from the upstream kernel (or backports).
This should be a drop-in replacement, as well as enabling
better CT firmware support.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This reverts commit 31e5ed4152.
I've noticed some weird powersave related issues with this commit.
Revert until they've been fixed.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Removed socket options = TCP_NODELAY IPTOS_LOWDELAY
TCP_NODELAY (disables Nagle algorithm) is default since samba2.
IPTOS_LOWDELAY sets DSCP 0x10 coding (CS2)
The alternate IPTOS_THROUGHPUT sets DSCP 0x08 coding (CS1)
CS1 is a scavenger class, whilst CS2 is more OAM/interactive
(SNMP,SSH,syslog)
Using CS2 is definitely an abuse of DSCP classification, CS1 less so
however even if the ISP takes note of DSCP codings having a default that
sets traffic to CS2 is wrong. Better to use the default Best Effort
class.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
iftop would display portions of mac address with large ffffff prefixes.
Make if_hw_addr type consistent.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Move logging command line option to uci:
option verbose [0]/1/2 - mono-syllabic/verbose/noisy
Previously handled as 'OPTIONS' in .init script however variable
was ignored so never worked.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
To work correctly hostapd requires wireless driver to allow interfaces
removal. It was working with brcmfmac only partially. Firmware for
BCM43602 got some special hack (feature?) that allowed removing all
interfaces by disabling mbss mode. It wasn't working with BCM4366
firmware and remaining interfaces were preventing hostapd from starting
again.
Those patches add support for "interface_remove" firmware method which
works with BCM4366 firmware and they make it finally possible to use
BCM4366 & brcmfmac & multiple interfaces.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
There are multiple prism54/p54 firmware versions for different
drivers and devices. Therefore, assigning the package version
of all the different firmware packages on the old prism54
firmware could break if any of the p54 firmwares are updated
and we need to roll out new packages.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[removed PKG_VERSION]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Removed some options which are default anyway and added bind interfaces
only which causes the interfaces line to actually have an effect. Can be
verified with netstat.
Signed-off by: Rosen Penev <rosenp@gmail.com>
px5g has been listed as a blocker for switching to new mbedtls
as the default, therefore make and mbedtls variant of px5g so
that an new mbedtls-only image can be created.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
This reverts commit abf0768131.
The description is wrong, there is no recursive dependency here. The
conditions were added intentionally to avoid bogus build dependencies.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Commit d9b20a6f35 (SVN r48426) changed the
mac80211 phy lookup logic to strip the platform/ directory component from
the phy path specification.
Fix iwinfo to follow that logic by trying to lookup phys both with and
without "platform/" prefix.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
On OS X systems, the compilation of e2fsprogs fails at subst.c due to a
missing sys/stat.h include:
subst.c:333:14: error: variable has incomplete type 'struct stat'
struct stat stbuf;
^
subst.c:333:9: note: forward declaration of 'struct stat'
struct stat stbuf;
^
subst.c:392:8: warning: implicit declaration of function 'fstat' is invalid in C99
[-Wimplicit-function-declaration]
if (fstat(fd, &stbuf) == 0) {
^
subst.c:438:12: warning: implicit declaration of function 'fchmod' is invalid in C99
[-Wimplicit-function-declaration]
(void) fchmod(ofd, 0444);
^
2 warnings and 1 error generated.
make[3]: *** [subst.o] Error 1
Declare the nescessary HAVE_SYS_STAT_H macro to include the required header in
order to avoid the undeclared stat structure.
Tested-By: David Thornley <david.thornley@touchstargroup.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Two variants incorrectly include themselves in
conditional depends on ssl libraries, which results
in a recursive dependency.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
This allows gpiolib to re-use ath9k's devicetree node as GPIO
controller.
Example:
ath9k: ath9k@0 {
#gpio-cells = <2>;
gpio-controller;
}
Now the ath9k node can be used just like any other GPIO controller:
gpios = <&ath9k 1 GPIO_ACTIVE_HIGH>;
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
This enables ath9k's built-in GPIO controller for all chip versions
(instead of an explicit whitelist). This also allows us to get rid of
some duplicate code between hw.c and gpio.c because hw.c already
determines the number of GPIOs.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
This folds 550-ath9k_add_ar9280_gpio_chip.patch into
548-ath9k_enable_gpio_chip.patch because the former patch only extends
code which is introduced in the latter.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Use first caldata for devices without OTP. The driver uses the caldata
instead of the board.bin data anyway
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Small cleanup. I initially though /dev/kmsg was used for dmsg(and journald
on desktops) but this seems not to be the case. dmsg is still accessible
as non-root(gives output) which begs the question what does this do? Some
googling reveals that permissions are set to 600 for some embedded systems
while 644 for others. I can't find any justification for the latter. Might
as well err on the side of caution.
Signed-off by: Rosen Penev <rosenp@gmail.com>
This package is a custom build(like ubi-utils) of mtd-utils from infradead.org
It is required to work with Mikrotik NAND based devices
Signed-off-by: Sergey Sergeev <adron@yapic.net>
This adds this commit from normal libnl to libnl-tiny:
2dbc1ca76c
commit 2dbc1ca76c5b82c40749e609eb83877418abb006
Author: dima <dima.ky@gmail.com>
Date: Wed Oct 13 17:53:34 2010 +0300
Generic Netlink multicast groups support
I have a patch against commit d378220c96c3c8b6f27dca33e7d8ba03318f9c2d
extending libnl with a facility to receive generic netlink messages sent
to multicast groups.
Essentially it add one new function genl_ctrl_resolve_grp which
prototype looks like this
int genl_ctrl_resolve_grp(struct nl_sock *sk, const char *family_name,
const char *grp_name)
It resolves the family name and the group name to group id. Then
the returned id can be used in nl_socket_add_membership to subscribe
to multicast messages.
Besides that it adds two more functions
uint32_t nl_socket_get_peer_groups(struct nl_sock *sk)
void nl_socket_set_peer_groups(struct nl_sock *sk, uint32_t groups)
allowing to modify the socket peer groups field. So it's possible to
multicast messages from the user space using the legacy interface.
Looks like there is no way (or I was not able to find one?) to modify
the netlink socket destination group from the user space, when the
group id is greater then 32.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cosmetic style fix]
The pps-ldisc kernel module supports Pulse-Per-Second connected with the CD (Carrier Detect) pin.
Signed-off-by: Stephen Walker <stephendwalker+github@gmail.com>
This changes the default permissions for /dev entries to be more similar to
a desktop distro. Taken from the defaults of Arch Linux and Ubuntu. Also
changed some that were nonsensical. For example, all 660 permissions on
desktop distros were of the form root:x where x is something other than
root. As such, 660 is useless for LEDE where the specific group is missing.
audio seems to be the only group that isn't.
Signed-off by: Rosen Penev <rosenp@gmail.com>
This commit:
1) seed /dev/urandom with the saved seeds as early as possible
(see /lib/preinit/81_urandom_seed)
2) save a seed at /etc/urandom.seed if it doesn't exists
3) save a new seed each boot at "system.@system[0].urandom_seed"
(see /etc/init.d/urandom_seed)
We use getrandom() so we are sure /dev/urandom pool is initialized
Seed size is 512 bytes (ie /proc/sys/kernel/random/poolsize / 8)
it's the same size as in ubuntu 14.04 and all systemd systems
Seeding /dev/urandom doesn't change entropy estimation, so we still have
"random: ubus urandom read with 4 bits of entropy available"
messages in the logs, but we can now ignore them if
after "urandom-seed: Seeding with ..." message
Saving a new seed on each boot is disabled by default to avoid too much
writes without user consent
v2: log preinit messages to /dev/kmsg
v3: use non generic function name for logging, as /lib/preinit/ files
are all sourced together in /etc/preinit
v4: after a lot of discussion on the ML, use a uci config param
v5: config param is now the path of the seed
Signed-off-by: Etienne CHAMPETIER <champetier.etienne@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
OpenWrt enables XATTR support pretty much universally, therefore
for filesystems that a loaded as modules also enable XATTR support
so that there are no unexpected missing capabilities.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
Instead of downloading the firmware for prism54 devices in the
wireless.mk do it in an extra package Makefile. To ship the complete
source code Intel ships our modified OpenWrt/LEDE + the content of the
dl directory. We do not want to have any files in the dl/ directory
which are not needed to build our images. The prism54 gets downloaded
every time independently of building kmod-net-prism54 or not. When it
is in a own package it only gets downloaded when the firmware package
is selected.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Following fixes are included in the latest version:
-Script is launched with incorrect action
-Possible buffer overflows
-Lots of minor bugfixes
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
COBALT is a hybrid codel/blue algo combining best elements of both.
Exhibits improved behaviour in presence of abuse from unresponsive flows
handled by 'blue', whereas responsive flows are still handled by codel.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Cake AQM is experimenting with a codel/blue hybrid AQM COBALT instead
of just using codel alone. This patch updates tc to cope with some new
stats produced by COBALT.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
By default dnsmasq uses the time function; which returns the time since
Epoch; to retrieve the current time. On boards which have no realtime
clock this can lead to side effects when the time is synced via ntp
as the "time wrap" forces dhcp leases to be considered as expired.
By enabling the broken realtime clock build switch dnsmasq uses the
times utility which returns the number of clock tick.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
[Jo-Philipp Wich: change symbol name, add sym to PKG_CONFIG_DEPENDS]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
93d5629a introduced a build failure on older platforms (<4.4)
because bmp085 is a boolean and not a tristate.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
add BMP085 and BMP180 pressure sensors
this driver supports the SPI and I2C and
older chips (BMP280 is supported by iio subsystem)
issue found when cleaning up omap/config
found while writing this patch that a
similar patch was submitted in June/July 2014 but not integrated
only compile tested
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
The PDU length of incoming LLC frames is set to the total skb payload size
in __ieee80211_data_to_8023() of net/wireless/util.c which incorrectly
includes the length of the IEEE 802.11 header.
The resulting LLC frame header has a too large PDU length, causing the
llc_fixup_skb() function of net/llc/llc_input.c to reject the incoming
skb, effectively breaking STP.
Solve the problem by properly substracting the IEEE 802.11 frame header size
from the PDU length, allowing the LLC processor to pick up the incoming
control messages.
Special thanks to Gerry Rozema for tracking down the regression and proposing
a suitable patch.
Fixes FS#24.
References:
https://bugs.lede-project.org/index.php?do=details&task_id=24
Reported-by: Gerry Rozema <gerryr@rozeware.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Upstream OpenSSL hardening work introduced a change in shared code that
causes polarssl / mbedtls builds to break when no --tls-cipher is specified.
Import the upstream fix commit as patch until the next OpenVPN release gets
released and packaged.
Reported-by: Sebastian Koch <seb@metafly.info>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
With the addition of /etc/os-release patching lldpd to use
/etc/openwrt_release and to have the initscript use
/etc/openwrt_release and/or /etc/openwrt_version becomes
unnecessary.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
There are 2 issues fixed by this patch:
- UDP checksum is computed incorrectly, the used pseudo IP header
contains transport protocol 6 iso 17
- on big endian arches the UDP/TCP checksum is incorrectly
computed when payload length is odd
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [refresh patch]
The copy on the mirror has a different md5sum as specified in this
package Makefile. The content of the file on the mirror is the same as
in the checkout so just update our md5sum.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Instead of downloading the firmware from some website take it from
linux-firmware package and do not download it separately any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ebtables code relies on the `-nostartfiles` linker argument to execute the
extension modules' `_init()` functions automatically which is not working
reliably across all supported targets and gcc versions.
Running an ebtables executable linked this way just crashes with a segmentation
fault at runtime on program startup, e.g. on ARM architectures.
In order to fix the issue ...
- remove the use of the -nostartfiles linker flag
- rename the init procedures to a generic name without implicit semantics
- explicitely annotate those init procedures as constructors
The patch has been taken from the Alpine Linux distribution at
http://git.alpinelinux.org/cgit/aports/tree/main/ebtables/fix-extension-init.patch
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
dnsmasq's dnssec time checking method now uses a ntp hotplug mechanism,
therefore dnsmasq.time is redudant and no longer needs to be explicitly
excluded from sysfixtime.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Change dnsmasq's dnssec time check handling to use time validity
indicated by ntpd rather than maintaining a cross boot/upgrade
/etc/dnsmasq.time timestamp file. This saves flash device wear.
If ntpd client is configured in uci and you're using dnssec, then
dnsmasq will not check dnssec timestamp validity until ntpd hotplug
indicates sync via a stratum change. The ntpd hotplug leaves a status
flag file to indicate to dnsmasq.init that time is valid and that it
should now start in 'check dnssec timestamp valid' mode.
If ntpd client is not configured and you're using dnssec, then it is
presumed you're using an alternate time sync mechanism and that time is
correct, thus dnsmasq checks dnssec timestamps are valid from 1st start.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
V2 - stratum & step ntp changes indicate time is valid
V3 - on initial flag file step signal dnsmasq with SIGHUP if running
V4 - only accept step ntp changes. Accepting both stratum & step could
result in unpleasant script race conditions
V5 - Actually only accepting stratum is the correct thing to do after
further testing
V6 - improve handling of non busybox ntpd
if sysntpd not executable
dnsmasq checks dnssec timestamps
else
sysntp script disabled - look for timestamp file - allows external mechanism to use hotplug flag file
sysntp script enabled & uci ntp enabled - look for timestamp file
sysntp script enabled & uci ntp disabled - dnsmasq checks dnssec
timestamps
fi
/etc/os-release is the standard distribution release information
file, therefore add it (and image configuration options for
fields not previously present in LEDE). Once it is deemed
reasonable the non-standard openwrt_release, openwrt_version,
and device_info files could be removed (that is with this patch
we consider them deprecated in favour of the standard file).
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
In company networks everything except the http and https protocol is
often causes problems, because the network administrators try to block
everything else. To make it easier to use LEDE in company networks use
the https/http protocol for git access when possible.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
puts br2684ctl init after ADSL init instead of before, so that the ESI
is set at the right time, and for consistency with the PTM driver.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Original URL got 303 redirect which then also dropped the commit id
leading to different file revision & MD5 mismatch.
Corrected URL & clarified commit ID use in Makefile
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
/etc/init.d/fstab had some warnings in it to let users know that they
should call "block mount" directly. these ended up in the bootlog.
fix this by splitting the code into boot() and start(). this way the system
will boot without warning but manually starting the script will lead to the
message.
fixes FS#3
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: John Crispin <john@phrozen.org>
The package Makefile was based on work at link [1] with the following
changes
1. Disable minidebuginfo support thus no dependency on liblzma
2. Add 2 patches for building against musl-libc and building with
mips16 enabled
3. Add LICENSE and DEPENDS info, etc.
[1] https://github.com/rpi-openwrt/rpi-packages/tree/master/libs/libunwind
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
ARC port of GDB is not yet upstream so we need to use
sources from Synopsys GitHub repo.
Given Synopys' commitment to upstream ARC support in GDB
in the nearest future it might be simpler to add a separate
package for ARC GDB instead of patching generic GDB package.
This way once ARC GDB stuff gets uptreamed we'll only need
to remove that new "gdb-arc" package.
Note 1 very minor change in generic gdb package was done -
it now depends on !arc (while "gdb-arc" depends on "arc").
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Recent versions of Chrome require this ciphers to successfully handshake with
a TLS enabled uhttpd server using the ustream-polarssl backend.
If `CONFIG_GCM` is disabled, `ssl_ciphersuite_from_id()` will return `NULL`
when cipher `0x9d` is looked up, causing the calling `ssl_ciphersuite_match()`
to fail with `POLARSSL_ERR_SSL_INTERNAL_ERROR`.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add support for hostid dhcp config entry to dnsmasq. This allows
specification of dhcpv6 hostid suffix and works in the same way as
odhcpd.
Entries in auto generated dnsmasq.conf should conform to:
dhcp-host=mm:mm:mm:mm:mm:mm,IPv4addr,[::V6su:ffix],hostname
example based on sample config/dhcp entry:
config host
option name 'Kermit'
option mac 'E0:3F:49:A1:D4:AA'
option ip '192.168.235.4'
option hostid '4'
dhcp-host=E0:3F:49:A1:D4:AA,192.168.235.4,[::0:4],Kermit
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
- Fix calculation of `$vht_cap` bit field
- Replace wrong reference to `$tx_stbc` variable with proper `$tx_stbc_2by1` one
- Emit proper `RX-STBC-{1,12,123,1234}` tokens for the VHT capability list
See https://dev.openwrt.org/ticket/22535 for reference.
Signed-off-by: Scott Shambarger <devel@shambarger.net>
Daemons that are waiting for a timesync are only triggered when the action is stratum.
As step is the first sync action pass all actions to the ntpd hotplug scripts; it's up
to the ntpd hotplugscript to filter out the actions it is interested in.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
By default dnsmasq uses random ports for outbound dns queries;
when the maxport UCI option is specified the ports used will
always be smaller than the specified value.
This is usefull for systems behind firewalls.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Increase the default system log buffer size
from 16 kB (default both in logd source and in the startup script)
to 64 kB by adjusting the default value in startup script.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Increase the default system log buffer size
from 16 kB (built-in default in ubox logd)
to 64 kB by setting the option in /etc/config/system.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Record the state of any hardware LED configured through UCI and use that
information to revert the state when applying updated settings while
maintaining default behaviour of system LEDs.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The board_detect framework is now able to create the entire system config from
scratch so we can finally drop the copy shipped by base-files.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Now that config_generate is able to generate the entire /etc/config/system
from scratch we can apply the same logic as used for /etc/config/network;
when the configuration file exists already then do not do anything, else
generate it from the values provided by /etc/board.json .
In order to facilitate that move the file existance checking inside
/bin/config_generate and call it unconditionally from /bin/board_detect.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).
This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.
Signed-off-by: Matteo Panella <morpheus@level28.org>
[Jo-Philipp Wich: shorten commit title, bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Attempt to reset all LED states before applying the UCI configuration to
avoid leaving disabled LEDs behind in lingering glowing state, e.g. when
changing the sysfs entry in the config from one hardware LED to another.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
>From wolfssl/openssl/opensslv.h, and from skimming the contents of what
"--enable-stunnel" actually does, it seems that --enable-opensslextra
doesn't give you the "full" openssl compatibility that you may wish for
these days. Unfortuantely, while wolfssl writes the build time options
into wolfssl/options.h, it doesn't include that file itself. User
applications must include that directly.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Add 'cake' qdisc kernel module package.
V2 - KDB Small update to base on latest cake tc changes (wash option
deprecated)
V3 - KDB Move kmod-sched-cake package to kernel as is kernel related
V4 - KDB Split into individual patches, kmod & tc
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Add cake support to 'tc' in iproute2
- Use a patch to modify tc instead of adding a new tc-adv package.
Patch creates q_cake.c that matches commit 3314230bc4
- Do not include the other things from tc-adv (cake0, cake2, pie etc.).
V2 - KDB Small update to base on latest cake tc changes (wash option
deprecated)
V3 - KDB Move kmod-sched-cake package to kernel as is kernel related
v4 - KDB Split into individual patches, tc & kmod
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
uClibc-ng pretends to be GNU libc 2.2 and then a fallback
scanf check is tried, so that libmount is disabled
afterwards. Add a fix already suggested upstream.
Add librt dependency required for other apps, too.
Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
It turns out most device vendors don't set the correct country code
in their devices' on-flash-EEPROM sections as they apparently rather
provide a complete per-target-market firmware with patched drivers
instead of just setting the country code.
This results in the driver to incorrectly assume the value stored in
the on-flash-EERPOM (usually US or China) being the regulatory domain
inside which the device is being used.
To work around this issue, OpenWrt introduced the ATH_USER_REGD config
variable to decide during build whether or not to allow the user to
override the regulatory domain setting. This option, however, is not
enabled by default and thus ends up being disabled for snapshots builds
and released binaries.
As we know for a long time that most devices got borked regulatory
domain values set in their EEPROMs we should allow our users to respect
their local law (instead of just assume US or China laws).
Note that also the current default has great potential of users not
ever setting their regulatory domain and thus using inapproriate and
potentially illegal frequencies and/or tx-power settings
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This allows one to select CT firmware for ath10k
if one prefers to try this firmware instead of stock
ath10k firmware.
The 10.1 (988X) firmware can actually be installed beside the
default firmware, but it will not be used as long as the firmware-5.bin
file exists. Users could rename the files and reboot to use different
images.
The 99X0 (wave-2) firmware uses the same firmware-5.bin name as default
firmware, so it cannot be installed at the same time as default firmware.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Kernel module for the OMAP Random Number Generator
found on OMAP16xx, OMAP2/3/4/5 and AM33xx/AM43xx
multimedia processors.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
When the gettext-full host build phase finds an `emacs` exectuble during the
build it will launch an `emacs --batch` command to run some Lisp code.
On certain Debian systems the `/usr/bin/emacs` path might point, via
alternatives, to the `/usr/bin/jove` editor which will then launch an
interactive session when invoked by the gettext build.
In order to avoid this problem, explicitely disable emacs handling during
the build through a configure environment variable.
Also remove my now unreachable maintainer address.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Based on a submission to the uboot-lantiq repo by Eddi De Pieri.
Major cleanup and addition of brnboot second stage u-boot was done by
me.
The second stage brnboot u-boot is untested, since the brnboot prompt
is secured by a still unknown password. But should work.
The former ram values are replaced with the ram values extracted from
the original brnboot. The old ones didn't worked with the ramboot
image.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The default bootloader partition of some devices is to small for an
u-boot with uncompressed gphy firmware(s).
Instead of increasing the bootloader partition size, in compare to the
stock firmware, compress the firmware. This would allow the bootloader
of at least the FritzBox 3370 as well as the bootloader of the
VGV7510KW22 to fit into the bootloader partition of the stock firmware.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Based on a submission to the uboot-lantiq repo by Eddi De Pieri.
Devices like the xrx200 Arcadyan VGV7519 are using two NOR flash chips.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This makes brcmfmac compatible with mac80211 which uses dev_alloc_name
(and so returns -ENFILE on error).
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
LEDE project seems to be using "LEDE" as its acronym everywhere. To keep
things consistent adjust default wireless SSID.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: John Crispin <john@phrozen.org>
Acked-by: Alexander Couzens <lynxis@fe80.eu>
The igb kmods selects kmod-i2c-algo-bit which in turn is invisible until
kmod-i2c-core gets selected, causing kmod-igb to be hidden from menuconfig
as well.
Let kmod-igb select kmod-i2c-core as well in order to make it visible
in menuconfig right away.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- install correct libs to staging/usr/lib
fixes eudev, nfs-kernel-server
the lib*.a seem broken - use the correct .so files
and remove .a libs
- some build breakage was observed with parallel builds:
text-utils/more-more.o: In function `putstring':
more.c:(.text+0x1f4): undefined reference to `tputs'
text-utils/more-more.o: In function `initterm':
more.c:(.text+0x1b74): undefined reference to `setupterm'
more.c:(.text+0x1f0c): undefined reference to `tparm'
more.c:(.text+0x20ac): undefined reference to `tigetnum'
more.c:(.text+0x20c8): undefined reference to `tigetflag'
more.c:(.text+0x20ec): undefined reference to `tigetstr'
more.c:(.text+0x2148): undefined reference to `PC'
text-utils/more-more.o: In function `reset_tty':
more.c:(.text+0x2630): undefined reference to `tputs'
- fix line length
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
Some package postinstall operations, e.g. those emitted by the LuCI build
system, source and delete the uci-defaults themselves upon package insteall,
causing the generic defaults apply code to trigger shell errors like:
.../luci-app-ddns.postinst: .: line 130: can't open './40_luci-ddns'
Rework the generic apply code to check the existence of the uci-defaults
script before trying to source it, use sed to prefilter the list of entries
from the control file and perform the directory change in a subshell,
avoiding the need for cd $OLDPWD.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
reported by reproducible openwrt project[1]:
we package some libtool shell script
- add missing dependencies
- fix paths
- make in InstallDev does not seem to be necessary
tested (cal,dmesg,sfdisk) on x86 qemu VM with allyesconfig
[1]: https://reproducible.debian.net/openwrt/openwrt.html
[Jo-Philipp Wich: fix double slash in sfdisk path, reword commit message]
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Allow path specifications to refer to just '@' or '$' which is useful for
exporting the keys or array indizes of the toplevel object to the shell.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fix a „semantic typo“ introduced in b78aae793e,
where TARGET_INIT_PATH was used instead of CONFIG_TARGET_INIT_PATH.
Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
Generalize the partition discovery in sysupgrade in order to fix sysupgrade
and config backup/recovery on MMC block devices which use a different naming
scheme compared to mtdblock or sd* devices.
The change also adds the find applet to the ramdisk utilities so that upgrade
code can rely on it.
The commit is based on the initial submission by Russell Senior at
http://patchwork.ozlabs.org/patch/625440/ .
Signed-off-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Centralize setting all version information in include/version.mk
* Set RELEASE env variable in include/version.mk instead of toplevel.mk.
Stop exporting the variable.
* Remove hardcoded release name from /etc/banner
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
The busybox ntpd utility currently uses ntp servers specified in uci.
This patch allows the ntpd utility to use NTP servers received via DHCP(v6)
Following uci parameters have been added:
use_dhcp : enables NTP server config via DHCP(v6)
dhcp_interface : use NTP servers received only on the specified DHCP(v6) interfaces; if empty all interfaces are considered
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Instead of making assumptions about the leasefile and resolv file make sure
we use what the user configures, but fall back to defaults if no configuration
is specified
Signed-off-by: Daniel Dickinson <openwrt@daniel.thecshore.com>
Update to dnsmasq2.76. Refresh patches. Add new patch to fix musl
'poll.h' location warning.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Storage of such zones is provided by a nf_ct_ext struct, hence conntrack
memory foot print will not be increased if zones are not used.
Signed-off-by: Alin Năstac <alin.nastac@gmail.com>
According to the author, all SPI related configs are copy & paste
leftovers. Which makes sense since nothing is connected to the SPI bus
on this device.
The NOR SPL isn't required for this board, since the NOR is directly
memory mapped.
Allow to overwrite the env in ram while using brn variant. Do not set
the power GPIO pin twice.
Signed-off-by: Mathias Kresin <dev@kresin.me>
use:
- 00nn for u-boot patches
- 01nn for new boards
While doing the rework, the board definitions for the easy50712 and
easy80920 were moved to distinct board definitions patches.
Signed-off-by: Mathias Kresin <dev@kresin.me>
wolfssl has a fine grained feature and compatibility control
for compiling stunnel, lighthttp or (partly) openssl dropin
ustream-ssl uses features that require normally
HAVE_SNI, HAVE_STUNNEL and the openssl compatibility headers
ar71xx ipkg sizes of wolfssl 3.9.0:
- with stunnel: 144022
- this patch (w.o. stunnel): 131712
- without openssl(extra): 111104
- w.o openssl/sni:108515
- w.o openssl/sni/ecc: 93954
so patch 300 saves around 12k compressed ipkg size
v2: keep & rename patch 300 for clarity, fixes ustream-ssl/cyassl
that broke with v1
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
Typo, missing space before ] in previous commit caused shell syntax
failure and incorrect restoration of time.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
fixes:
CVE-2016-3739: TLS certificate check bypass with mbedTLS/PolarSSL
- remove crypto auth compile fix
curl changelog of 7.46 states its fixed
- fix mbedtls and cyassl usability #19621 :
add path to certificate file (from Mozilla via curl) and
provide this in a new package
tested on ar71xx w. curl/mbedtls/wolfssl
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
conditionally save dnsmasq.time across sysupgrade
dnsmasq uses /etc/dnsmasq.time as record of the last known good
system time to aid its validation of dnssec timestamps. dnsmasq
updates the timestamp on process start/stop once it considers the system
time as valid. The timestamp file should be preserved across system
upgrade but should not be included as part of normal configuration
backups to prevent restores corrupting the current timestamp.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps. By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the
last time that dnsmasq considered current even though that time is in
the past. Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.
In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of LEDE shutdown/reboot.
Either way, including /etc/dnsmasq.time as a time source for
sysfixtime is not helpful.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
conditionally save dnsmasq.time across sysupgrade
dnsmasq uses /etc/dnsmasq.time as record of the last known good
system time to aid its validation of dnssec timestamps. dnsmasq
updates the timestamp on process start/stop once it considers the system
time as valid. The timestamp file should be preserved across system
upgrade but should not be included as part of normal configuration
backups to prevent restores corrupting the current timestamp.
dnsmasq maintains dnsmasq.time across reboots and uses it as a means of
determining if current time is good enough to validate dnssec time
stamps. By including /etc/dnsmasq.time as a time source for sysfixtime,
the mechanism was effectively defeated because time was set to the
last time that dnsmasq considered current even though that time is in
the past. Since that time is out of date, dns(sec) resolution would
fail thus defeating any ntp based mechanisms for setting the clock
correctly.
In theory the process is defeated by any files in /etc that are newer
than /etc/dnsmasq.time however dnsmasq now updates the file's timestamp
on process TERM so hopefully /etc/dnsmasq.time is the latest file
timestamp in /etc as part of LEDE shutdown/reboot.
Either way, including /etc/dnsmasq.time as a time source for
sysfixtime is not helpful.
Some SSL applications requires a certificates bundle rather
than a directory containing certificates. For thos applications
we build the ca-bundle package
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
Add packaging of it87 hardware monitor kernel module. It is
a common thermal and voltage monitor that is in many x86
(at least) devices, and is just another i2c hwmon module.
Signed-off-by: Daniel Dickinson <lede@daniel.thecshore.com>
The patch 300-ath9k-force-rx_clear-when-disabling-rx.patch broke TX99 support
in ath9k. Fix the patch by only applying rx_clear if TX99 mode is not used.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
The libusb package is not parallel build save, a make -j16 reliably breaks it.
Forcibly disable parallel building.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
the recent fixes to make mount_root work during failsafe caused lots of
unwanted side effects. use the new preinit sentinel file to detect if
we are in preinit. this will also work if logged in via ssh.
Signed-off-by: John Crispin <john@phrozen.org>
- Update the terminal window title with the current directory and hostname, if using an xterm-compatible terminal emulator.
- Add ll, an useful alias to ls.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
This was found while investigating why luarocks does not work. It was
traced to a quite old lnum patch for 5.1.3. I compared against the
latest 5.1.4 patch - https://github.com/LuaDist/lualnum and discovered
the lessthan/lessequal evaluation was not falling through to the
call_orderTM (tag methods).
I have tested LuCI (simple tests) and used the following lua code to
validate the patch (both host and target patches supplied): -
> local my_mt = {
> __eq = function(v1, v2)
> print("__eq")
> return false
> end,
> __lt = function(v1, v2)
> print("__lt")
> return false
> end,
> __le = function(v1, v2)
> print("__le")
> return false
> end
> }
>
> function get_my(vstring)
> local my = {}
> my.string = vstring;
> setmetatable(my, my_mt);
> return my;
> end
>
> local a = get_my("1.0")
> local b = get_my("1.0")
>
> local eq_works = a == b;
> local lt_works = a < b;
> local gt_works = a > b;
>
> local lte_works = a <= b;
> local gte_works = a >= b;
Without the patch the following error will be presented: -
“attempt to compare two table values”
Signed-off-by: David Thornley <david.thornley@touchstargroup.com>
Update the dropbear package to version 2016.73, refresh patches.
The measured .ipk sizes on an x86_64 build are:
94588 dropbear_2015.71-3_x86_64.ipk
95316 dropbear_2016.73-1_x86_64.ipk
This is an increase of roughly 700 bytes after compression.
Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The original iperf package is unmaintained. This switches to the "iperf2"
project on sourceforge, a fork that started where the previous iperf left
off.
Version 2.0.8 fixes the issue that patch 002 handled, so that can be dropped.
Due to a faulty check in configure.ac, this version needs _GNU_SOURCE
defined to build properly against musl. Various other obsolete build
options were also removed.
Signed-off-by: Bert Vermeulen <bert@biot.com>
The option --disable-utmpx was deleted by accident in commit 7545c1d;
add it again to the CONFIGURE_ARGS list
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
this patch fixes a bug when using uclibc on MIPS. The bug does not exist when
using musl, so drop the fix.
Signed-off-by: John Crispin <john@phrozen.org>
The json_select call fails when there are no roles or ports objects in board.json. "json_select .." must not be executed after failing.
This fixes for example LEDs not being set up in /etc/config/system.
Signed-off-by: Vittorio Gambaletta <openwrt@vittgam.net>
Remove the udhcpc -R release option as sending a DHCP release
is configurable via the uci option release.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The patch made sure the ncursesw library was not selected to save space,
but that library doesn't exist in this distribution at all.
Signed-off-by: Bert Vermeulen <bert@biot.com>
Currently system log is always included as a part of ubox.
Add logd as a seperate package and add it to default packages list.
Signed-off-by: Andrej Vlasic <andrej.vlasic@sartura.hr>
SVN-Revision: 49285
So far fixtrx was calculating checksum over amount of data matching
partition erase size. It was mostly a workaround of checksum problem
after changing anything in initial TRX content (e.g. formatting JFFS2).
Its main purpose was to make bootloader accept modified TRX. This didn't
provide much protection of flash data against corruption.
This new option lets caller request calculating checksum over a bigger
amount of data. It may be used e.g. to include whole kernel data for
checksum and hopefully make bootloader go info failsafe mode if
something goes wrong.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
We plan to adjust usage of the main buffer to allow reading custom
amount of data for CRC32. This means we need another buffer that will be
always block aligned.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
1) Put sanity checks in one place
2) Respect provided offset
3) Read only as much data as needed for MD5 calculation
Thanks to the last change this is a great speedup and memory saver. On
devices with NAND flash we were allocating & reading about 128 MiB while
something about 8 MiB is enough.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
This avoid long (and unneeded) process of reading all data in case of
running on MTD not containig Seama entity.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
On platforms supporting both: TRX and Seama calling "fixtrx" was
resulting in trying to fix Seama as well.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
Packages may install scripts into /etc/uci-defaults to be executed once
after installation, usually at the first boot of the target. This works
fine if the package was installed to the rootfs during build or using
the ImageBuilder.
If the package is installed using opkg during run-time uci-defaults
were applied only after a reboot of the device. Avoid the need to
reboot by evaluting the package's uci-defaults in default-postinst.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Bump to the latest version, fixes several security issues:
* CVE-2016-2107, CVE-2016-2105, CVE-2016-2106, CVE-2016-2109, CVE-2016-2176
More details at https://www.openssl.org/news/openssl-1.0.2-notes.html
Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
Update to latest HEAD in order to fix MARK rule generation for local traffic,
also fix a possible race condition during firewall start.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This patch adds missing ASCII aliases to the libiconv stub in order to avoid conversion errors like https://github.com/openwrt/packages/issues/2373
Signed-off-by: Gergely Kiss <mail.gery@gmail.com>
Patch Lua packet script defines SHRT_MAX which is already defined in <linux/kernel.h> and
is included indirectly by lauxlib.h. Fix the redefintion as it leads to compile failure
on systems which treat macro redefinition as an error
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Remove the public unatteded buildkey from the opkg package to avoid
having hardcoded keys in tree. Use the external keyring package instead
which can be easily updated by users.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Conntrack support reads the connection track mark associated with
incoming DNS queries and sets the same mark value on the upstream
forwarded DNS query. This can be usefull to track traffic generated
by dnsmasq to associate it with the clients who generate the queries,
usefull for bandwidth accouting and firewall.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
A dropbear instance having an interface config won't start if the interface is down as no
IP address is available.
Adding interface triggers for each configured interface executing the dropbear reload script
will start the dropbear instance when the interface is up.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox)
Putuline support will use the utmp structure to write to the utmp file
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Make sending a DHCP release configurable when the client exits allowing to clean up
IP/mac state info in intermediate devices.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
lua_packet_segment parameter start has type char pointer; in function lua_tg
it's assigned an uint16 value generating compiler warnings obviously indicating
posssible seg fault problems. Fix the issue by using the correct skb functions
so the parameter points to the position inside the sk_buff
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Stijn Cleynhens <stijn.cleynhens@gmail.com>
Add nonshared flag to package depending on specific targets or subtargets as
there's no guarantee otherwise that they'll be available in the shared repo.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When the same package file is specified multiple times on the opkg install
command line, the name pointer on the argv array becomes stale after the
package structures have been merged, leading to invalid memory accesses
upon install.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Instead of converting the firmware files ourselves, use the files
generated during the normal kernel build process. This fixes packaging
kmod-e100 in the SDK environment.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
One of the patched files, include/unwind-cxx.h, contains windows newlines
which lead to the following failure:
Applying ./patches/006-eabi_fix.patch using plaintext:
patching file include/typeinfo
patching file include/unwind-cxx.h
Hunk #1 FAILED at 173 (different line endings).
Hunk #2 FAILED at 181 (different line endings).
Add a fixup command to the prepare phase which normalizes the line endings
before applying source patches.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
- Add %A placeholder for substituting the package architecture
- Change %U placeholder to refer to the toplevel repository URL
- Construct package feed URLs relative to the toplevel one to match new layout
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Use the new repository metadata field to choose the output directory of the
final package archives.
Non-sharable packages will be placed in the per-target package directory
while the rest will be placed in a per-repository sub directory within the
$OUTPUT_DIR/packages/$CPU_TYPE/ prefix.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This update also adds individual download of firmware files instead of fetching
every file on the repository (10-MiB vs 100+MiB).
Also copy Linux license from kernel directory instead of using the rpi-firmware
one.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
The settimeofday() syscall wrapper provided by musl filters out the timezone
argument, breaking the ability to set the kernel timezone through the function.
Adjust busybox patch to issue the syscall directly in order to circumvent the
problem.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Let DHCP client send a release when it exists so the DHCP server is
informed the IP address is released and allowing to clean up IP/mac
state info in intermediate devices.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Update to latest HEAD in order to remove the faulty "prelocal" ip rule leading
to unexpected policy rule precedence.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Running dnsmasq in a dedicated user/group allows matching its outgoing
traffic more easily using iptables' owner match.
Add UID/GID to the package metadata and append the user/group
parameters to the init script.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 49252
Enable access to GPIO on Atheros wireless chip AR9280.
Support for 9280 is added to existing 9285/9287 subsystem
because these 3 chips differ only in number of GPIO pins.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
SVN-Revision: 49251
Change mirror to Github (Gentoo repo) and drop the gzip compression.
Worst case there's about 4kbyte increase in size but most images ends up
beign somewhere between 4-100kbyte smaller due to the lzma compression.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
SVN-Revision: 49246
Respect user configured mount flags such as "ro" or "sync" when processing
external overlay mount points.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
SVN-Revision: 49223
Fixes build with /bin/sh pointing to certain versions of dash (for example
on Void Linux).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
SVN-Revision: 49218
The following patches were merged upstream:
* 0001-switch_root-improve-statfs-f_type-portability.patch
* 0002-lib-colors-use-static-buffers-when-parse-scheme.patch
* 002-mkostemp.patch
The following patch is not needed any more because all libc
implementations support alloc in sscanf:
* 001-no-printf-alloc.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 49191
This has been added to the kernel uapi for a while, and makes
sense to have it here too.
At the moment we're using it for query-ing qdisc via netlink
using libnl-tiny.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 49188
Parameter allows to enable/disable static leases; by default the value is 1
to keep backwards compatibility
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 49187
The wpa_supplicant supports an "anonymous_identity" field, which some
EAP networks require. From the documentation:
anonymous_identity: Anonymous identity string for EAP (to be used as the
unencrypted identity with EAP types that support different tunnelled
identity, e.g., EAP-TTLS).
This change modifies the hostapd.sh script to propagate this field
from the UCI config to the wpa_supplicant.conf file.
Signed-off-by: Kevin O'Connor <kevin@koconnor.net>
Reviewed-by: Manuel Munz <freifunk@somakoma.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 49181
If you have your ./files/ directory stored in a git repository,
the .git will be included into images using precious space.
This patch removes .git directories before packing images.
Signed-off-by: Joerg Jungermann <jj@borkum.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 49180
Misc fixes for LinkIt 7688 board:
- Copy the right wireless firmware for the mt7688
- Add back '0065-mt7688-fixes.patch', left out after the move to Linux 4.4.
- Remove SPI_DEV from linux config which otherwise causes a massive warning
- Add wmac to LINKIT7688.dts so wireless works
Signed-off-by: Adam Kent <adam@semicircular.net>
SVN-Revision: 49130
Updates USB IDs list to snapshot 2015-12-17 and changes copyright to
2016.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
SVN-Revision: 49112
This adds the firmware needed for the BCM43438 included in Raspberry Pi 3.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
SVN-Revision: 49102
airo requires ISA_DMA_API and
that symbol is only set on some ppc,malta,x86
x86 is probably only platform where that driver is used
fixes buildbot errors on ar71xx,lantiq ...:
airo.ko is missing
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 49073
Silence warning "daemon.notice netifd: wan6 (1139): sh: write error: Invalid argument"
when an invalid MTU is received via RA as kernel refuses to accept IPv6 mtu values
which are smaller than 1280 and bigger than the device mtu.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
git-svn-id: svn+ssh://svn.openwrt.org/openwrt/trunk@49054 3c298f89-4303-0410-b956-a3cf2f4a3e73
- depends on CFG80211 (upstream: 9da4aa48d04bbdbae3c959809e14da2bf0c53f61)
in os_dep/mon.c
This removes rtl8188eu completely from OpenWrt
since mac80211/compat-wireless/backports does not
provide staging wireless drivers
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 49049
Some parts of this package were named rt73-pci-firmware before which
looks like a copy and past error. This renames all parts to rt73-usb-
firmware and then the firmware gets build and the dependencies from the
package with the kernel module are also working correctly.
This fixes#22069
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 49037
The UML target does not have spi support.
This fixes a build problem found by the build bot.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 49034
Xiaomi MiWiFi Nano is based on Mediatek MT7628 with 64MB ram 16MB flash
Signed-off-by: Noble Pepper <openwrtmail@noblepepper.com>
v3 includes changes suggested by L. D. Pinney & Karl Palsson-
Eliminate en25q64 (4MB) flash chip
Alphabetization
Remove hyphen in model
Rename profile from miwifinano.mk to xiaomi.mk
Add gpios that are attached to leds
SVN-Revision: 49024
Explicit sets the size of the mtdparts, because the kernel has also an explicit value.
If they have diffent sizes the ubi won't be detected.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
SVN-Revision: 49018
otherwise the uboot is missing important commands like bootz
Signed-off-by: Martin Mueller <mm@sig21.net>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
SVN-Revision: 49017
Since switching to new ubi(kernel,squashfs,ubifs) layout, the kernel lies in a
ubi volume. Dropping the mtd parts because the mtd layout is saved in the
device-tree, which is appended to the zImage.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
SVN-Revision: 49016
procd from revision b12bb150ed38a4409bef5127c77b060ee616b860 supports
writing a pidfile. This adds support for setting that parameter with
standard init script hooks:
procd_set_param pidfile /var/run/someprocess.pid
Signed-off-by: Karl Palsson <karlp@etactica.com>
SVN-Revision: 48984
IPVS (IP Virtual Server) implements transport-layer load balancing inside the Linux kernel
so called Layer-4 switching.
IPVS running on a host acts as a load balancer at the front of a cluster of real servers, it
can direct requests for TCP/UDP based services to the real servers, and makes services of
the real servers to appear as a virtual service on a single IP address.
Signed-off-by: Mauro Mozzarelli <mauro@ezplanet.net>
SVN-Revision: 48982
x509-username-field was added in OpenVPN 2.2, and verify-x509-name was
added in 2.3. This fixes ticket #18807.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
SVN-Revision: 48969
This prepares brcmfmac for better country handling and fixes BCM4360
support which was always failing with:
[ 13.249195] brcmfmac: brcmf_pcie_download_fw_nvram: FW failed to initialize
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 48959
I do not know if this causes any problems now, but we should not set
it, because it is reserved. Some more recent versions of the Lantiq DSL
API driver and Control is checking if only valid bits are set.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48948
There are some cases where ISPs are running ATM over VDSL or PTM over
ADSL, this is not the common case, but these cases exist. Make it
possible to configure OpenWrt for such cases by adding a new config
option line_mode.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48947
The detailed annex option were only available in the danube DSL app
including the activation of G.992.2 Annex A (ADSL Lite). This is now
also added to the vdsl app for the vrx200.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48946
The adsl control app missed the activation of annex M and annex L in
the Annex A part, this now activates everything the firmware supports.
In Annex L type only the wide US (Mask1) was activated, now also the
narrow US (Mask2) version gets activated.
In addition annex J was also added.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48945
Instead of having two different types adsl and vdsl just create one dsl
type. This way we can use the same luci code for adsl and vdsl and the
config parameters are not so different.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48944
I am not calling dsl_cmd because I want to ignore the lock, quit
should also be send when someone else is accessing it. I saw that some
other call was stuck here and all following calls were stuck in the
dsl_cmd lock.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48943
Instead of having two big binaries only add one binary and then a patch
to create the other one when needed at runtime.
This is easier to handle in one Makefile for both firmware files.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 48939
Fix buildbot error for mpc85xx.
ehci-fsl.ko should be packaged inside the usb2 package, because it
depends on the ehci kernel module. The fsl-mph-dr-of.ko module can stay
in an own package because the ehci driver depends on it.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48932
This fixes this section mismatch warning:
The function spi_gpio_custom_get_slave_cs() references
the variable __initdata bus_nump.
This is often because spi_gpio_custom_get_slave_cs lacks a __initdata
annotation or the annotation of bus_nump is wrong.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48930
Ensure that ikey and okey are sent in network byte order to the kernel.
Also don't mangle external IP addrs and routes when reconfiguring iinterfaces.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 48919
Apply the error ignore mechanism to host builds as well in order to skip over
broken feed packages.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 48918
MD5s are shorter than SHA256, so reading buffer has to be bigger to read the
whole hash.
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
SVN-Revision: 48917
Extend /etc/config/system with a parameter to set the
default respawn retry for procd launched services that
have respawn enabled.
config service
option respawn_retry -1
All services that don't specify specific respawn parameters
will get their defaults added by procd.sh. If respawn_retry
is specified in /etc/config/system the default retry limit
will be set to this value by procd.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
SVN-Revision: 48915
One of the host patches introduces the new header file lnum_config.h
included by luaconf.h, but doesn't install it.
Install it to allow building C modules for the host Lua.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
SVN-Revision: 48907
Without the IRQF_ONESHOT flag in devm_request_threaded_irq() call I get
following error:
genirq: Threaded irq requested with handler=NULL and !ONESHOT for irq 56
gpio-keys gpio-keys: failed to request irq:56 for gpio:20
>From kernel/irq/manage.c:
The interrupt was requested with handler = NULL, so we use the default
primary handler for it. But it does not have the oneshot flag set. In
combination with level interrupts this is deadly, because the default
primary handler just wakes the thread, then the irq lines is reenabled,
but the device still has the level irq asserted. Rinse and repeat....
While this works for edge type interrupts, we play it safe and reject
unconditionally because we can't say for sure which type this interrupt
really has. The type flags are unreliable as the underlying chip
implementation can override them.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
SVN-Revision: 48894
The image_check currently fails when it cannot read all magic bytes in a
single chunk. But this can happen when the data are read from a pipe. This
currently breaks the openmesh.sh upgrade script with musl because it uses
dd with a blocksize of 1 to copy the image file to the mtd process.
The read can simply be repeated until enough bytes are read for the magic
byte check. It only stops when either an error was returned or 0 bytes were
read.
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
SVN-Revision: 48891
It was noticed that the system can hang during the reboot before the kernel
actually triggers the system reset and before all processes are stopped. The
watchdog didn't automatically restart the system because the om-watchdog
process was still running and triggering the hardware watchdog.
Instead the system should stop the watchdog during the shutdown to get the
benefit of an hardware reset in case of an software related problem. This stop
can be done quite easily with procd because it keeps track of its started
processes.
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
SVN-Revision: 48889
Enable access to GPIO chip and its pins for Atheros AR92xx
wireless devices. For now AR9285 and AR9287 are supported.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Acked-by: Hartmut Knaack <knaack.h@gmx.de>
SVN-Revision: 48881
Support default state for platform LEDs connected to ath9k device.
Now LEDs are correctly set on or off at ath9k module initialization.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Acked-by: Hartmut Knaack <knaack.h@gmx.de>
SVN-Revision: 48880
Enable platform-supplied WLAN LED name for ath9k device.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
Acked-by: Hartmut Knaack <knaack.h@gmx.de>
SVN-Revision: 48879
CVE-2016-0704
s2_srvr.c overwrite the wrong bytes in the master-key when applying
Bleichenbacher protection for export cipher suites. This provides a
Bleichenbacher oracle, and could potentially allow more efficient variants of
the DROWN attack.
CVE-2016-0703
s2_srvr.c did not enforce that clear-key-length is 0 for non-export ciphers.
If clear-key bytes are present for these ciphers, they *displace* encrypted-key
bytes. This leads to an efficient divide-and-conquer key recovery attack: if
an eavesdropper has intercepted an SSLv2 handshake, they can use the server as
an oracle to determine the SSLv2 master-key, using only 16 connections to the
server and negligible computation. More importantly, this leads to a more
efficient version of DROWN that is effective against non-export ciphersuites,
and requires no significant computation.
CVE-2016-0702
A side-channel attack was found which makes use of cache-bank conflicts on
the Intel Sandy-Bridge microarchitecture which could lead to the recovery of
RSA keys. The ability to exploit this issue is limited as it relies on an
attacker who has control of code in a thread running on the same hyper-
threaded core as the victim thread which is performing decryptions.
CVE-2016-0799
The internal |fmtstr| function used in processing a "%s" format string in
the BIO_*printf functions could overflow while calculating the length of a
string and cause an OOB read when printing very long strings. Additionally
the internal |doapr_outch| function can attempt to write to an OOB memory
location (at an offset from the NULL pointer) in the event of a memory
allocation failure. In 1.0.2 and below this could be caused where the size
of a buffer to be allocated is greater than INT_MAX. E.g. this could be in
processing a very long "%s" format string. Memory leaks can also occur.
The first issue may mask the second issue dependent on compiler behaviour.
These problems could enable attacks where large amounts of untrusted data is
passed to the BIO_*printf functions. If applications use these functions in
this way then they could be vulnerable. OpenSSL itself uses these functions
when printing out human-readable dumps of ASN.1 data. Therefore applications
that print this data could be vulnerable if the data is from untrusted sources.
OpenSSL command line applications could also be vulnerable where they print out
ASN.1 data, or if untrusted data is passed as command line arguments. Libssl is
not considered directly vulnerable. Additionally certificates etc received via
remote connections via libssl are also unlikely to be able to trigger these
issues because of message size limits enforced within libssl.
CVE-2016-0797
In the BN_hex2bn function the number of hex digits is calculated using an int
value |i|. Later |bn_expand| is called with a value of |i * 4|. For large
values of |i| this can result in |bn_expand| not allocating any memory because
|i * 4| is negative. This can leave the internal BIGNUM data field as NULL
leading to a subsequent NULL ptr deref. For very large values of |i|, the
calculation |i * 4| could be a positive value smaller than |i|. In this case
memory is allocated to the internal BIGNUM data field, but it is insufficiently
sized leading to heap corruption. A similar issue exists in BN_dec2bn. This
could have security consequences if BN_hex2bn/BN_dec2bn is ever called by user
applications with very large untrusted hex/dec data. This is anticipated to be
a rare occurrence. All OpenSSL internal usage of these functions use data that
is not expected to be untrusted, e.g. config file data or application command
line arguments. If user developed applications generate config file data based
on untrusted data then it is possible that this could also lead to security
consequences. This is also anticipated to be rare.
CVE-2016-0798
The SRP user database lookup method SRP_VBASE_get_by_user had confusing memory
management semantics; the returned pointer was sometimes newly allocated, and
sometimes owned by the callee. The calling code has no way of distinguishing
these two cases. Specifically, SRP servers that configure a secret seed to hide
valid login information are vulnerable to a memory leak: an attacker connecting
with an invalid username can cause a memory leak of around 300 bytes per
connection. Servers that do not configure SRP, or configure SRP but do not
configure a seed are not vulnerable. In Apache, the seed directive is known as
SSLSRPUnknownUserSeed. To mitigate the memory leak, the seed handling in
SRP_VBASE_get_by_user is now disabled even if the user has configured a seed.
Applications are advised to migrate to SRP_VBASE_get1_by_user. However, note
that OpenSSL makes no strong guarantees about the indistinguishability of valid
and invalid logins. In particular, computations are currently not carried out
in constant time.
CVE-2016-0705
A double free bug was discovered when OpenSSL parses malformed DSA private keys
and could lead to a DoS attack or memory corruption for applications that
receive DSA private keys from untrusted sources. This scenario is considered
rare.
CVE-2016-0800
A cross-protocol attack was discovered that could lead to decryption of TLS
sessions by using a server supporting SSLv2 and EXPORT cipher suites as a
Bleichenbacher RSA padding oracle. Note that traffic between clients and non-
vulnerable servers can be decrypted provided another server supporting SSLv2
and EXPORT ciphers (even with a different protocol such as SMTP, IMAP or POP)
shares the RSA keys of the non-vulnerable server. This vulnerability is known
as DROWN (CVE-2016-0800). Recovering one session key requires the attacker to
perform approximately 2^50 computation, as well as thousands of connections to
the affected server. A more efficient variant of the DROWN attack exists
against unpatched OpenSSL servers using versions that predate 1.0.2a, 1.0.1m,
1.0.0r and 0.9.8zf released on 19/Mar/2015 (see CVE-2016-0703 below). Users can
avoid this issue by disabling the SSLv2 protocol in all their SSL/TLS servers,
if they've not done so already. Disabling all SSLv2 ciphers is also sufficient,
provided the patches for CVE-2015-3197 (fixed in OpenSSL 1.0.1r and 1.0.2f)
have been deployed. Servers that have not disabled the SSLv2 protocol, and are
not patched for CVE-2015-3197 are vulnerable to DROWN even if all SSLv2
ciphers are nominally disabled, because malicious clients can force the use of
SSLv2 with EXPORT ciphers. OpenSSL 1.0.2g and 1.0.1s deploy the following
mitigation against DROWN: SSLv2 is now by default disabled at build-time.
Builds that are not configured with "enable-ssl2" will not support SSLv2.
Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the
version-flexible SSLv23_method() will need to explicitly call either of:
SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl,
SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the
application explicitly uses the version-specific SSLv2_method() or its client
or server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery
have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2
56-bit DES are no longer available. In addition, weak ciphers in SSLv3 and up
are now disabled in default builds of OpenSSL. Builds that are not configured
with "enable-weak-ssl-ciphers" will not provide any "EXPORT" or "LOW" strength
ciphers.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 48868
Opkg now uses sha256 by default and expects them. Making it optionally
understand md5s also and detect md5 sum so we can migrate from configuration
that used md5.
Signed-off-by: Michal Hrusecky <Michal.Hrusecky@nic.cz>
SVN-Revision: 48867
This will be used to create a diff between the Lantiq annex A and the
annex B firmware.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 48810
Enable setting a host-specific lease time for static hosts.
The new option is called "leasetime" and the format is similar
as for the default lease time: e.g. 12h, 3d, infinite
Default lease time is used for all hosts for which there is
no host-specific definition.
The option is added to /etc/config/dhcp for the selected hosts:
config host
option name 'Nexus'
option mac 'd8:50:66:55:59:7c'
option ip '192.168.1.245'
option leasetime '2h'
It gets appended to /var/etc/dnsmasq.conf like this:
dhcp-host=d8:50:66:55:59:7c,192.168.1.245,Nexus,2h
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 48801