19fd7fc libfstools: make sure file is closed on error
d390744 libfstools: use uevent instead of relying on custom kernel patch
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
find_mmc_part provides a better alternative and all users of
get_partition_by_name have been removed.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Some devices got more than one mmc device.
Allow specifying the root device as 2nd parameter of find_mmc_part so
scripts can avoid matching irrelevant partitions on wrong mmc device.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
qosify is simple daemon for setting up and managing CAKE along with a custom
eBPF based classifier that sets DSCP fields of packets.
It is configured via UCI and it supports the following features:
- simple TCP/UDP port based mapping
- IP address based mapping
- priority boosting based on average packet size
- bulk flow detection based on number of packets per second
- dynamically add IP entries with timeout
Signed-off-by: Felix Fietkau <nbd@nbd.name>
In order to genererate suitable kernel headers, a 5.10 kernel tree is
prepared with a default config for mips. The arch is forced to mips in
order to avoid issues with inline asm on various architectures in a way
that doesn't involve relying on the host toolchain/headers.
It also has the advantage of supporting both endian types
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Commit a2fcd3900c ("dnsmasq: improve init script") broke the existing
handling for hosts_dir. Remove the redundant mount again to fix it.
Reported-by: Hartmut Birr <e9hack@gmail.com>
Fixes: a2fcd3900c ("dnsmasq: improve init script")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
b743a331421d ubusd: log ACL init errors
2099bb3ad997 libubus: use list_empty/list_first_entry in ubus_process_pending_msg
ef038488edc3 libubus: process pending messages in data handler if stack depth is 0
a72457b61df0 libubus: increase stack depth for processing obj msgs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Added minimal mmc support for helper functions:
- find_mmc_part: Look for a given partition name. Returns the
coresponding partition path
- caldata_extract_mmc: Look for a given partition name and then
extracts the calibration data
- mmc_get_mac_binary: Returns the mac address from a given partition
name and offset
Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
[replace dd with caldata_dd, moved sysupgrade mmc to orbi]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
When loading the bonding driver, bonding interface are automatically
created on bonding module load.
> ip a s bond0
> 14: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN
> group default qlen 1000
> link/ether a6:f2:20:64:c1:b9 brd ff:ff:ff:ff:ff:ff
This is not necessary in openwrt as we do not use this created interface.
The netifd creates a bonding interface based on its network configuration
name and configures this over the netifd bonding proto handler.
In order to keep the overview of the interfaces clear, bonding
interfaces should not be created automatically when loading this module,
because they are not used anyway.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Dongwon T&I DW02-412H is a 2.4/5GHz band 11ac (WiFi-5) router, based on
Qualcomm Atheros QCA9557.
Specifications
--------------
- SoC: Qualcomm Atheros QCA9557-AT4A
- RAM: DDR2 128MB
- Flash: SPI NOR 2MB (Winbond W25Q16DVSSIG / ESMT F25L16PA(2S)) +
NAND 64/128MB
- WiFi:
- 2.4GHz: QCA9557 WMAC
- 5GHz: QCA9882-BR4A
- Ethernet: 5x 10/100/1000Mbps
- Switch: QCA8337N-AL3C
- USB: 1x USB 2.0
- UART:
- JP2: 3.3V, TX, RX, GND (3.3V is the square pad) / 115200 8N1
Installation
--------------
1. Connect a serial interface to UART header and
interrupt the autostart of kernel.
2. Transfer the factory image via TFTP and write it to the NAND flash.
3. Update U-Boot environment variable.
> tftpboot 0x81000000 <your image>-factory.img
> nand erase 0x1000000
> nand write 0x81000000 0x1000000 ${filesize}
> setenv bootpart 2
> saveenv
Revert to stock firmware
--------------
1. Revert to stock U-Boot environment variable.
> setenv bootpart 1
> saveenv
MAC addresses as verified by OEM firmware
--------------
WAN: *:XX (label)
LAN: *:XX + 1
2.4G: *:XX + 3
5G: *:XX + 4
The label MAC address was found in art 0x0.
Credits
--------------
Credit goes to the @manatails who first developed how to port OpenWRT
to this device and had a significant impact on this patch.
And thanks to @adschm and @mans0n for guiding me to revise the code
in many ways.
Signed-off-by: Jihoon Han <rapid_renard@renard.ga>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
Tested-by: Sungbo Eo <mans0n@gorani.run>
This commit adds support for Xiaomi MiWiFi 3C device.
Xiaomi MiWifi 3C has almost the same system architecture
as the Xiaomi Mi WiFi Nano, which is already officially
supported by OpenWrt.
The differences are:
- Numbers of antennas (4 instead of 2). The antenna management
is done via the µC. There is no configuration needed in the
software code.
- LAN port assignments are different. LAN1 and WAN are
interchanged.
OpenWrt Wiki: https://openwrt.org/toh/xiaomi/mir3c
OpenWrt developers forum page:
https://forum.openwrt.org/t/support-for-xiaomi-mi-3c
Specifications:
- CPU: MediaTek MT7628AN (575MHz)
- Flash: 16MB
- RAM: 64MB DDR2
- 2.4 GHz: IEEE 802.11b/g/n with Integrated LNA and PA
- Antennas: 4x external single band antennas
- WAN: 1x 10/100M
- LAN: 2x 10/100M
- LED: 1x amber/blue/red. Programmable
- Button: Reset
MAC addresses as verified by OEM firmware:
use address source
LAN *:92 factory 0x28
WAN *:92 factory 0x28
2g *:93 factory 0x4
OEM firmware uses VLAN's to create the network interface for WAN and LAN.
Bootloader info:
The stock bootloader uses a "Dual ROM Partition System".
OS1 is a deep copy of OS2.
The bootloader start OS2 by default.
To force start OS1 it is needed to set "flag_try_sys2_failed=1".
How to install:
1- Use OpenWRTInvasion to gain telnet, ssh and ftp access.
https://github.com/acecilia/OpenWRTInvasion
(IP: 192.168.31.1 - Username: root - Password: root)
2- Connect to router using telnet or ssh.
3- Backup all partitions. Use command "dd if=/dev/mtd0 of=/tmp/mtd0".
Copy /tmp/mtd0 to computer using ftp.
4- Copy openwrt-ramips-mt76x8-xiaomi_miwifi-3c-squashfs-sysupgrade.bin
to /tmp in router using ftp.
5- Enable UART access and change start image for OS1.
```
nvram set uart_en=1
nvram set flag_last_success=1
nvram set boot_wait=on
nvram set flag_try_sys2_failed=1
nvram commit
```
6- Installing Openwrt on OS1 and free OS2.
```
mtd erase OS1
mtd erase OS2
mtd -r write /tmp/openwrt-ramips-mt76x8-xiaomi_miwifi-3c-squashfs-sysupgrade.bin OS1
```
Limitations: For the first install the image size needs to be less
than 7733248 bits.
Thanks for all community and especially for this device:
minax007, earth08, S.Farid
Signed-off-by: Eduardo Santos <edu.2000.kill@gmail.com>
[wrap lines, remove whitespace errors, add mediatek,mtd-eeprom to
&wmac, convert to nvmem]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* fix restart in LuCI (inherited umask was to restrictive)
* make directory of hosts-file (!= /tmp) accessible in ujail
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Update VERSIONs to 3.3 for release.
Update VERSIONs to 3.3-rc3 for release.
Correct some typos
Update VERSIONs to 3.3-rc2 for release.
Update VERSIONs and Python bindings version to 3.3-rc1 for release
libsepol/secilc/docs: Update the CIL documentation
secilc: fix memory leaks in secilc2conf
secilc: fix memory leaks in secilc
libsepol/cil: Add support for using qualified names to secil2conf
libsepol/cil: Add support for using qualified names to secil2tree
secilc: Add support for using qualified names to secilc
secilc/test: Add test for anonymous args
secilc/docs: Relocate and reword macro call name resolution order
secilc/docs: Document the order that inherited rules are resolved in
secilc: Create the new program called secil2tree to write out CIL AST
secilc/docs: Update the CIL documentation for various blocks
secilc.c: Don't fail if input file is empty
cil_conditional_statements.md: fix expr definition
secilc/docs: Lists are now allowed in constraint expressions
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[re-apply now that libsepol is up-to-date as well]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Update VERSIONs to 3.3 for release.
libsepol/cil: Fix potential undefined shifts
libsepol: Fix potential undefined shifts
Update VERSIONs to 3.3-rc3 for release.
libsepol/cil: Do not skip macros when resolving until later passes
libsepol/cil: Limit the amount of reporting for bounds failures
libsepol/cil: silence clang void-pointer-to-enum-cast warning
libsepol: resolve GCC warning about null-dereference
libsepol: use correct cast
libsepol: ebitmap: mark nodes of const ebitmaps const
Update VERSIONs to 3.3-rc2 for release.
libsepol/cil: Handle operations in a class mapping when verifying
libsepol/cil: Do not use original type and typeattribute datums
libsepol: free memory after policy validation
libsepol: avoid implicit conversions
libsepol: fix typo
libsepol/cil: Free duplicate datums in original calling function
libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
Update VERSIONs and Python bindings version to 3.3-rc1 for release
libsepol/cil: Limit the number of active line marks
libsepol/cil: Add function to get number of items in a stack
libsepol: Fix detected RESOURCE_LEAKs
libsepol/cil: Fix syntax checking in __cil_verify_syntax()
libsepol/cil: Use size_t for len in __cil_verify_syntax()
libsepol/cil: Remove redundant syntax checking
libsepol/cil: Improve in-statement to allow use after inheritance
libsepol/cil: Simplify cil_tree_children_destroy()
libsepol/cil: Refactor the function __cil_build_ast_node_helper()
libsepol/cil: Don't destroy optionals whose parent will be destroyed
libsepol/cil: Properly check for parameter when inserting name
libsepol/cil: Reset expandtypeattribute rules when resetting AST
libsepol/cil: Properly check parse tree when printing error messages
libsepol/cil: Allow some duplicate macro and block declarations
libsepol/cil: When writing AST use line marks for src_info nodes
libsepol/cil: Report correct high-level language line numbers
libsepol/cil: Add line mark kind and line number to src info
libsepol/cil: Create common string-to-unsigned-integer functions
libsepol/cil: Push line mark state first when processing a line mark
libsepol/cil: Check for valid line mark type immediately
libsepol/cil: Check the token type after getting the next token
libsepol/cil: Check syntax of src_info statement
libsepol/cil: move the fuzz target and build script to the selinux repository
libsepol: replace strerror by %m
libsepol/cil: remove obsolete comment
libsepol/cil: do not allow \0 in quoted strings
libsepol/cil: Fix handling category sets in an expression
libsepol: assure string NUL-termination of ibdev_name
libsepol: avoid implicit conversions
libsepol: ignore UBSAN false-positives
libsepol: avoid unsigned integer overflow
libsepol/cil: Improve checking for bad inheritance patterns
libsepol: silence -Wextra-semi-stmt warning
libsepol/cil: do not override previous results of __cil_verify_classperms
libsepol/cil: Provide option to allow qualified names in declarations
libsepol/cil: make array cil_sym_sizes const
libsepol/cil: Only reset AST if optional has a declaration
libsepol/cil: Add function to determine if a subtree has a declaration
libsepol/cil: Improve degenerate inheritance check
libsepol/cil: Reduce the initial symtab sizes for blocks
libsepol/cil: Check for empty list when marking neverallow attributes
libsepol/cil: Fix syntax checking of defaultrange rule
libsepol/cil: Properly check for loops in sets
libsepol/cil: Allow duplicate optional blocks in most cases
libsepol: declare read-only arrays const
libsepol: declare file local variable static
libsepol: drop unnecessary casts
libsepol: drop repeated semicolons
libsepol/cil: avoid using maybe uninitialized variables
libsepol/cil: drop unnecessary casts
libsepol/cil: drop dead store
libsepol/cil: drop extra semicolon
libsepol/cil: silence cast warning
libsepol: remove dead stores
libsepol: do not allocate memory of size 0
libsepol: mark read-only parameters of type_set_ interfaces const
libsepol: mark read-only parameters of ebitmap interfaces const
libsepol: remove dead stores
libsepol/cil: follow declaration-after-statement
libsepol: follow declaration-after-statement
libsepol: avoid unsigned integer overflow
libsepol: remove unused functions
libsepol: resolve missing prototypes
libsepol: fix typos
libsepol: Quote paths when generating policy.conf from binary policy
libsepol/cil: Account for anonymous category sets in an expression
libsepol/cil: Fix anonymous IP address call arguments
libsepol: quote paths in CIL conversion
libsepol/cil: Resolve anonymous levels only once
libsepol/cil: Pointers to datums should be set to NULL when resetting
libsepol/cil: Resolve anonymous class permission sets only once
libsepol/cil: Limit the number of open parenthesis allowed
libsepol/cil: Destroy the permission nodes when exiting with an error
libsepol/cil: Handle disabled optional blocks in earlier passes
libsepol/cil: Do not resolve arguments to declarations in the call
libsepo/cil: Refactor macro call resolution
libsepol/cil: Do not add NULL node when inserting key into symtab
libsepol/cil: Make name resolution in macros work as documented
libsepol/cil: Fix name resolution involving inherited blocks
libsepol/cil: Check for self-referential loops in sets
libsepol/cil: Return an error if a call argument fails to resolve
libsepol/cil: Check datum in ordered list for expected flavor
libsepol/cil: Detect degenerate inheritance and exit with an error
libsepol/cil: Fix instances where an error returns SEPOL_OK
libsepol/cil: Properly reset an anonymous classperm set
libsepol: use checked arithmetic builtin to perform safe addition
libsepol/cil: Add functions to make use of cil_write_ast()
libsepol/cil: Create functions to write the CIL AST
libsepol/cil: Use CIL_ERR for error messages in cil_compile()
libsepol/cil: Make invalid statement error messages consistent
libsepol/cil: Do not allow tunable declarations in in-statements
libsepol/cil: Sync checks for invalid rules in macros
libsepol/cil: Check for statements not allowed in optional blocks
libsepol/cil: Sync checks for invalid rules in booleanifs
libsepol/cil: Reorder checks for invalid rules when resolving AST
libsepol/cil: Use AST to track blocks and optionals when resolving
libsepol/cil: Create new first child helper function for building AST
libsepol/cil: Cleanup build AST helper functions
libsepol/cil: Reorder checks for invalid rules when building AST
libsepol/cil: Move check for the shadowing of macro parameters
libsepol/cil: Create function cil_add_decl_to_symtab() and refactor
libsepol/cil: Refactor helper function for cil_gen_node()
libsepol/cil: Allow permission expressions when using map classes
libsepol/cil: Exit with an error if declaration name is a reserved word
libsepol/cil: More strict verification of constraint leaf expressions
libsepol/cil: Set class field to NULL when resetting struct cil_classperms
libsepol/cil: cil_reset_classperms_set() should not reset classpermission
libsepol/cil: Destroy classperm list when resetting map perms
libsepol/cil: Destroy classperms list when resetting classpermission
libsepol/cil: Fix out-of-bound read of file context pattern ending with "\"
libsepol/cil: Check for duplicate blocks, optionals, and macros
libsepol: Write "NO_IDENTIFIER" for empty CIL constraint expression
libsepol: Enclose identifier lists in CIL constraint expressions
libsepol/cil: Allow lists in constraint expressions
libsepol: Enclose identifier lists in constraint expressions
libsepol: Write "NO_IDENTIFIER" for empty constraint expression
libsepol: make num_* unsigned int in module_to_cil
libsepol/cil: do not leak avrulex_ioctl_table memory when an error occurs
libsepol/cil: fix NULL pointer dereference in __cil_insert_name
libsepol/cil: replace printf with proper cil_tree_log
libsepol/cil: remove stray printf
libsepol/cil: make cil_post_fc_fill_data static
libsepol: Check kernel to CIL and Conf functions for supported versions
libsepol: Remove unnecessary copying of declarations from link.c
libsepol: Properly handle types associated to role attributes
libsepol: Expand role attributes in constraint expressions
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[re-apply now that buildbot phase1 has caught up]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Backport upstream fix for module load regression caused by IRAM recovery.
Without this patch devices using mainline ath10k driver could lost wireless
function because ath10k module failed to load.
Signed-off-by: Zhijun You <hujy652@gmail.com>
Back in the day, the board-2.bin came with ath10k-firmware-qca4019.
This changed with
commit c3b2efaf24 ("linux-firmware: ath10k: add board firmware packages")
which placed the board-2.bin into a separate package: ath10k-board-qca4019.
This was great, because it addressed one of the caveat of the original
ipq-wifi package:
commit fa03d441e9 ("firmware: add custom IPQ wifi board definitions")
| 2. updating ath10k-firmware-qca4019 will also replace
| the board-2.bin. For this cases the user needs to
| manually reinstall the wifi-board package once the
| ath10k-firmware-qca4019 is updated.
This could be extended further so that ipq-wifi packages
no longer use "install-override" and the various QCA4019
variants list the ath10k-board-qca4019 as a CONFLICT
package.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
OpenWrt maintains two special out-of-tree DT properties:
"qca,disable-5ghz" and "qca,disable-2ghz". These are implemented
in a mac80211 ath9k patch "550-ath9k-disable-bands-via-dt.patch".
With the things being what they are, now might be a good
point to switch the devices to the generic and upstream
"ieee80211-freq-limit" property. This property is much
broader and works differently. Instead of disabling the
drivers logic which would add the affected band and
channels. It now disables all channels which are not
within the specified frequency range.
Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> # HH5A
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* SSH agent forwarding might cause security issues, locally and on the jump
machine (https://defn.io/2019/04/12/ssh-forwarding/). So allow to
completely disabling it.
* separate options for client and server
* keep it enabled by default
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
This reverts commit 2da891e735.
secilc 3.3 requires libsepol to be version 3.3 as well and doesn't
build otherwise. Revert for now.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This reverts commit de8a800ca9.
Host build uses host includes instead of staging/hostpkg.
This breaks the build in case of selinux host libs being older than
version 3.3. Revert for now until better fix is found.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
wifi: writes to terminal
hotplugcall and sqm read class sysfile symlinks
unbound and sqm related loose ends
support/example: policycoreutils host-compile is required
TODO: this was wrong and it is actually needed
linguist detectable does not work this way
linguist-detectable
updates README
adds workflows
adds a note about persistent /var option
project moved to https://github.com/DefenSec/selinux-policy
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Update VERSIONs to 3.3 for release.
Update VERSIONs to 3.3-rc3 for release.
Correct some typos
Update VERSIONs to 3.3-rc2 for release.
Update VERSIONs and Python bindings version to 3.3-rc1 for release
libsepol/secilc/docs: Update the CIL documentation
secilc: fix memory leaks in secilc2conf
secilc: fix memory leaks in secilc
libsepol/cil: Add support for using qualified names to secil2conf
libsepol/cil: Add support for using qualified names to secil2tree
secilc: Add support for using qualified names to secilc
secilc/test: Add test for anonymous args
secilc/docs: Relocate and reword macro call name resolution order
secilc/docs: Document the order that inherited rules are resolved in
secilc: Create the new program called secil2tree to write out CIL AST
secilc/docs: Update the CIL documentation for various blocks
secilc.c: Don't fail if input file is empty
cil_conditional_statements.md: fix expr definition
secilc/docs: Lists are now allowed in constraint expressions
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Update VERSIONs to 3.3 for release.
Update VERSIONs to 3.3-rc3 for release.
libselinux/semodule: Improve extracting message
Correct some typos
Update VERSIONs to 3.3-rc2 for release.
Update VERSIONs and Python bindings version to 3.3-rc1 for release
policycoreutils: free memory of allocated context in newrole
policycoreutils: free memory of allocated context in run_init
policycoreutils: free memory on lstat failure in sestatus
policycoreutils: silence -Wextra-semi-stmt warning
fixfiles: do not exclude /dev and /run in -C mode
policycoreutils/setfiles: do not create useless setfiles.8.man file
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Update VERSIONs to 3.3 for release.
checkpolicy: Fix potential undefined shifts
Update VERSIONs to 3.3-rc3 for release.
checkpolicy: delay down-cast to avoid align warning
checkpolicy: drop incorrect cast
checkpolicy: update documentation
checkpolicy: print reason of fopen failure
checkpolicy: policy_define: cleanup declarations
Update VERSIONs to 3.3-rc2 for release.
checkpolicy: free extended permission memory
checkpolicy: print warning on source line overflow
checkpolicy: error out on parsing too big integers
checkpolicy: avoid implicit conversion
checkpolicy: resolve dismod memory leaks
checkpolicy: add missing function declarations
checkpolicy: mark file local functions in policy_define static
checkpolicy: mark read-only parameters in module compiler const
checkpolicy: misc checkpolicy tweaks
checkpolicy: misc checkmodule tweaks
checkpolicy: enclose macro argument in parentheses
Update VERSIONs and Python bindings version to 3.3-rc1 for release
checkpolicy: mark read-only parameters in policy define const
checkpolicy/test: mark file local functions static
checkpolicy: parse_util drop unused declaration
checkpolicy: drop redundant cast to the same type
checkpolicy: avoid potential use of uninitialized variable
checkpolicy: check before potential NULL dereference
checkpolicy: remove dead assignments
checkpolicy: follow declaration-after-statement
checkpolicy: use correct format specifier for unsigned
checkpolicy: drop dead condition
checkpolicy: simplify assignment
checkpolicy: drop -pipe compile option
checkpolicy: pass CFLAGS at link stage
checkpolicy: silence -Wextra-semi-stmt warning
checkpolicy: Do not automatically upgrade when using "-b" flag
libsepol/checkpolicy: Set user roles using role value instead of dominance
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Update VERSIONs to 3.3 for release.
Update VERSIONs to 3.3-rc3 for release.
Update VERSIONs to 3.3-rc2 for release.
Update VERSIONs and Python bindings version to 3.3-rc1 for release
libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_write_langext()
libsemanage: silence -Wextra-semi-stmt warning
libsemanage: fix use-after-free in parse_module_store()
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Update VERSIONs to 3.3 for release.
libselinux: Fix potential undefined shifts
Update VERSIONs to 3.3-rc3 for release.
Update VERSIONs to 3.3-rc2 for release.
libselinux/utils: drop requirement to combine compiling and linking
Update VERSIONs and Python bindings version to 3.3-rc1 for release
Improve error message for label file validation
libselinux: replace strerror by %m
libselinux: silence -Wextra-semi-stmt warning
libselinux/utils/getseuser.c: fix build with gcc 4.8
selinux.8: document how mount flag nosuid affects SELinux
libselinux: fix typo
libselinux: improve getcon(3) man page
libselinux: selinux_status_open: return 1 in fallback mode
libselinux: do not use status page fallback mode internally
libselinux: make selinux_status_open(3) reentrant
libselinux: avc_destroy(3) closes status page
libselinux: label_file.c: fix indent
libselinux: regex: unify parameter names
libselinux: sidtab_sid_stats(): unify parameter name
libselinux: drop redundant casts to the same type
libselinux: label_db::db_init(): open file with CLOEXEC mode
libselinux: matchpathcon: free memory on realloc failure
libselinux: label_file::init(): do not pass NULL to strdup
libselinux: init_selinux_config(): free resources on error
libselinux: matchmediacon(): close file on error
libselinux: store_stem(): do not free possible non-heap object
libselinux: getdefaultcon: free memory on multiple same arguments
libselinux: setexecfilecon(): drop dead assignment
libselinux: label_media::init(): drop dead assignment
libselinux: label_x::init(): drop dead assignment
libselinux: context_new(): drop dead assignment
libselinux: exclude_non_seclabel_mounts(): drop unused variable
libselinux: getconlist: free memory on multiple level arguments
libselinux: selabel_get_digests_all_partial_matches: free memory after FTS_D block
libselinux: selinux_restorecon: mark local variable static
libselinux: avcstat: use standard length modifier for unsigned long long
libselinux: sefcontext_compile: mark local variable static
libselinux: Sha1Finalise(): do not discard const qualifier
libselinux: label_common(): do not discard const qualifier
libselinux: selinux_file_context_cmp(): do not discard const qualifier
libselinux: sidtab_hash(): do not discard const qualifier
libselinux: silence -Wstringop-overflow warning from gcc 10.3.1
libselinux: selinux_check_passwd_access_internal(): respect deny_unknown
libselinux: do not duplicate make target when going into subdirectory
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Update VERSIONs to 3.3 for release.
libsepol/cil: Fix potential undefined shifts
libsepol: Fix potential undefined shifts
Update VERSIONs to 3.3-rc3 for release.
libsepol/cil: Do not skip macros when resolving until later passes
libsepol/cil: Limit the amount of reporting for bounds failures
libsepol/cil: silence clang void-pointer-to-enum-cast warning
libsepol: resolve GCC warning about null-dereference
libsepol: use correct cast
libsepol: ebitmap: mark nodes of const ebitmaps const
Update VERSIONs to 3.3-rc2 for release.
libsepol/cil: Handle operations in a class mapping when verifying
libsepol/cil: Do not use original type and typeattribute datums
libsepol: free memory after policy validation
libsepol: avoid implicit conversions
libsepol: fix typo
libsepol/cil: Free duplicate datums in original calling function
libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
Update VERSIONs and Python bindings version to 3.3-rc1 for release
libsepol/cil: Limit the number of active line marks
libsepol/cil: Add function to get number of items in a stack
libsepol: Fix detected RESOURCE_LEAKs
libsepol/cil: Fix syntax checking in __cil_verify_syntax()
libsepol/cil: Use size_t for len in __cil_verify_syntax()
libsepol/cil: Remove redundant syntax checking
libsepol/cil: Improve in-statement to allow use after inheritance
libsepol/cil: Simplify cil_tree_children_destroy()
libsepol/cil: Refactor the function __cil_build_ast_node_helper()
libsepol/cil: Don't destroy optionals whose parent will be destroyed
libsepol/cil: Properly check for parameter when inserting name
libsepol/cil: Reset expandtypeattribute rules when resetting AST
libsepol/cil: Properly check parse tree when printing error messages
libsepol/cil: Allow some duplicate macro and block declarations
libsepol/cil: When writing AST use line marks for src_info nodes
libsepol/cil: Report correct high-level language line numbers
libsepol/cil: Add line mark kind and line number to src info
libsepol/cil: Create common string-to-unsigned-integer functions
libsepol/cil: Push line mark state first when processing a line mark
libsepol/cil: Check for valid line mark type immediately
libsepol/cil: Check the token type after getting the next token
libsepol/cil: Check syntax of src_info statement
libsepol/cil: move the fuzz target and build script to the selinux repository
libsepol: replace strerror by %m
libsepol/cil: remove obsolete comment
libsepol/cil: do not allow \0 in quoted strings
libsepol/cil: Fix handling category sets in an expression
libsepol: assure string NUL-termination of ibdev_name
libsepol: avoid implicit conversions
libsepol: ignore UBSAN false-positives
libsepol: avoid unsigned integer overflow
libsepol/cil: Improve checking for bad inheritance patterns
libsepol: silence -Wextra-semi-stmt warning
libsepol/cil: do not override previous results of __cil_verify_classperms
libsepol/cil: Provide option to allow qualified names in declarations
libsepol/cil: make array cil_sym_sizes const
libsepol/cil: Only reset AST if optional has a declaration
libsepol/cil: Add function to determine if a subtree has a declaration
libsepol/cil: Improve degenerate inheritance check
libsepol/cil: Reduce the initial symtab sizes for blocks
libsepol/cil: Check for empty list when marking neverallow attributes
libsepol/cil: Fix syntax checking of defaultrange rule
libsepol/cil: Properly check for loops in sets
libsepol/cil: Allow duplicate optional blocks in most cases
libsepol: declare read-only arrays const
libsepol: declare file local variable static
libsepol: drop unnecessary casts
libsepol: drop repeated semicolons
libsepol/cil: avoid using maybe uninitialized variables
libsepol/cil: drop unnecessary casts
libsepol/cil: drop dead store
libsepol/cil: drop extra semicolon
libsepol/cil: silence cast warning
libsepol: remove dead stores
libsepol: do not allocate memory of size 0
libsepol: mark read-only parameters of type_set_ interfaces const
libsepol: mark read-only parameters of ebitmap interfaces const
libsepol: remove dead stores
libsepol/cil: follow declaration-after-statement
libsepol: follow declaration-after-statement
libsepol: avoid unsigned integer overflow
libsepol: remove unused functions
libsepol: resolve missing prototypes
libsepol: fix typos
libsepol: Quote paths when generating policy.conf from binary policy
libsepol/cil: Account for anonymous category sets in an expression
libsepol/cil: Fix anonymous IP address call arguments
libsepol: quote paths in CIL conversion
libsepol/cil: Resolve anonymous levels only once
libsepol/cil: Pointers to datums should be set to NULL when resetting
libsepol/cil: Resolve anonymous class permission sets only once
libsepol/cil: Limit the number of open parenthesis allowed
libsepol/cil: Destroy the permission nodes when exiting with an error
libsepol/cil: Handle disabled optional blocks in earlier passes
libsepol/cil: Do not resolve arguments to declarations in the call
libsepo/cil: Refactor macro call resolution
libsepol/cil: Do not add NULL node when inserting key into symtab
libsepol/cil: Make name resolution in macros work as documented
libsepol/cil: Fix name resolution involving inherited blocks
libsepol/cil: Check for self-referential loops in sets
libsepol/cil: Return an error if a call argument fails to resolve
libsepol/cil: Check datum in ordered list for expected flavor
libsepol/cil: Detect degenerate inheritance and exit with an error
libsepol/cil: Fix instances where an error returns SEPOL_OK
libsepol/cil: Properly reset an anonymous classperm set
libsepol: use checked arithmetic builtin to perform safe addition
libsepol/cil: Add functions to make use of cil_write_ast()
libsepol/cil: Create functions to write the CIL AST
libsepol/cil: Use CIL_ERR for error messages in cil_compile()
libsepol/cil: Make invalid statement error messages consistent
libsepol/cil: Do not allow tunable declarations in in-statements
libsepol/cil: Sync checks for invalid rules in macros
libsepol/cil: Check for statements not allowed in optional blocks
libsepol/cil: Sync checks for invalid rules in booleanifs
libsepol/cil: Reorder checks for invalid rules when resolving AST
libsepol/cil: Use AST to track blocks and optionals when resolving
libsepol/cil: Create new first child helper function for building AST
libsepol/cil: Cleanup build AST helper functions
libsepol/cil: Reorder checks for invalid rules when building AST
libsepol/cil: Move check for the shadowing of macro parameters
libsepol/cil: Create function cil_add_decl_to_symtab() and refactor
libsepol/cil: Refactor helper function for cil_gen_node()
libsepol/cil: Allow permission expressions when using map classes
libsepol/cil: Exit with an error if declaration name is a reserved word
libsepol/cil: More strict verification of constraint leaf expressions
libsepol/cil: Set class field to NULL when resetting struct cil_classperms
libsepol/cil: cil_reset_classperms_set() should not reset classpermission
libsepol/cil: Destroy classperm list when resetting map perms
libsepol/cil: Destroy classperms list when resetting classpermission
libsepol/cil: Fix out-of-bound read of file context pattern ending with "\"
libsepol/cil: Check for duplicate blocks, optionals, and macros
libsepol: Write "NO_IDENTIFIER" for empty CIL constraint expression
libsepol: Enclose identifier lists in CIL constraint expressions
libsepol/cil: Allow lists in constraint expressions
libsepol: Enclose identifier lists in constraint expressions
libsepol: Write "NO_IDENTIFIER" for empty constraint expression
libsepol: make num_* unsigned int in module_to_cil
libsepol/cil: do not leak avrulex_ioctl_table memory when an error occurs
libsepol/cil: fix NULL pointer dereference in __cil_insert_name
libsepol/cil: replace printf with proper cil_tree_log
libsepol/cil: remove stray printf
libsepol/cil: make cil_post_fc_fill_data static
libsepol: Check kernel to CIL and Conf functions for supported versions
libsepol: Remove unnecessary copying of declarations from link.c
libsepol: Properly handle types associated to role attributes
libsepol: Expand role attributes in constraint expressions
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Some packages may require additional group membership for the system
user added by that package. Allow defining additional groups as third
member of the ':'-separated tuple, allowing to specify multiple
','-separated groups with optional GID.
Example:
USERID:=foouser=1000:foogroup=1000:addg1=1001,addg2=1002,addg3
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The 'madvise', syscall is missing.
Found with 'utrace /usr/sbin/umdns' on an R7800 and RT3200.
Signed-off-by: Michael Peleshenko <mpeleshenko@gmail.com>
Add support for SAM9X60-EK board.
Hardware:
- SoC: SAM9X60
- RAM: Winbond W972GG6KB-25 (2Gbit DDR2)
- NAND Flash: Micron MT29F4G08ABAEA
- QSPI Flash: Microchip SST26VF064B
- EEPROM: Microchip 24AA02E48
- SDMMC: One standard 4-bit SD card interface
- USB: two stacked Type-A connectors with power switches, one micro-B
USB device
- CAN: 2 interfaces (Microchip MCP2542)
- Ethernet: one 10/100Mbps
- WiFi/BT: one optional WiFi/Bluetooth interface
- Audio: one ClassD port
- Display: one 24-bit LCD interface
- Camera: one 12-bit image sensor interface
- IO: one IO expander (Microchip MCP23008)
- Debug ports: one J-Link-OB + CDC, one JTAG interface
- Leds: one RGB LED
- Buttons: 4 push button switches
- Expansion: one PIO connector, one mikrobus connector
- Power management: two power regulators, two power consumption measurement
devices
Flashing:
- follow the procedure at [1]
[1] https://www.linux4sam.org/bin/view/Linux4SAM/Sam9x60EKMainPage#Create_a_SD_card_with_the_demo
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Add support for SAMA5D27 WLSOM1-EK board.
Hardware:
- SIP: SAMA5D27C-LD2G-CU including SAMA5D27 MPU and 2Gbit LPDDR2-SDRAM
- MMC: one standard SD card interface
- Flash: 64 Mb serial quad I/O flash memory (SST26VF064BEUIT-104I/MF)
with embedded EUI-48 and EUI-64 MAC addresses
- USB: one USB device, one USB host one HSIC interface
- Ethernet: 1x10/100Mbps port
- WiFi/BT: IEEE 802.11 b/g/n Wi-Fi plus Bluetooth (Wi-Fi/BT) module
(ATWILC3000-MR110UA)
- Crypto: one ATECC608B-TNGTLS secure element
- Video: one LCD RGB 18-bit interface, one ISC 12-bit camera interface
- Debug port: one JTAG interface, one UART interface, one WILC UART
interface
- Leds: one RGB LED
- Buttons: start, reset, wakeup, user buttons
- Expansion: one tamper connector, one mikrobus interface, 2 XPRO PTC
connector
- Power managament: PMIC (MCP16502)
Flashing:
- follow procedure at [1]
[1] https://www.linux4sam.org/bin/view/Linux4SAM/Sama5d27WLSom1EKMainPage#Create_a_SD_card_with_the_demo
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
Add support for SAMA5D2 ICP board.
Hardware:
- SoC: SAMA5D27
- RAM: 512 MB DDR3L
- MMC: One stanard SD card interface
- USB: One USB host switch 4 ports with power switch,
One USB device type Micro-AB
- CAN: 2 interfaces
- Ethernet: One Gigabit Ethernet PHY through HSIC,
One ETH switchport,
One EtherCAT interface
- WiFi/BT: Footprint for IEEE 802.11 b/g/n Wi-Fi plus
Bluetooth module (Wi-Fi/BT), suitable for
Microchip WILC3000-MR110CA or WILC3000-MR110UA
- Debug port: One J-Link-OB/J-Link-CDC, one JTAG interface
- Leds: one RGB LED
- Buttons: reset, wakeup, 2 user buttons
- Expansion: one PIOBU/PIO connector, 3 mikrobus sockets
- Power mangament: PMIC (MCP16502), one power consumption device
(PAC1934)
Not working in Linux:
- EtherCAT interface: there is no Linux support integrated
- PAC1934: driver available at [1] but not integrated in Linux
Flashing:
- follow the procedure at [2]
[1] https://ww1.microchip.com/downloads/en/DeviceDoc/pac193x_linux_driver.zip
[2] https://www.linux4sam.org/bin/view/Linux4SAM/Sama5d2IcpMainPage#Create_a_SD_card_with_the_demo
Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
No package here depends on it. Furthermore, uClibc++ is a fairly buggy
C++ library and seems to be relatively inactive upstream.
It also lacks proper support for modern C++11 features.
The main benefit of it is size: 66.6 KB vs 287.3 KB on mips24kc. Static
linking and LTO can help bring the size down of packages that need it.
Added warning message to uclibc++.mk
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Host libraries are only build static, so let's pass --static to
pkg-config globally and remove the then unnecessary patches doing
exactly that individually.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Using Host/Exports doesn't work as intended, explicitly add the
required vars so that u-boot finds the required libraries when building
its tools.
Signed-off-by: Andre Heider <a.heider@gmail.com>
This function is missing in kernel 5.4, but it is sued by ath10k.
This fixes the build of ath10k on some targets.
Fixes: cfe0eb7485 ("mac80211: Update to version 5.14.13-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The removed patches were applied upstream.
The Cisco Aironet 802.11b driver was removed from backports, remove
it also from OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The removed patches were applied upstream.
of_get_mac_address() was backported in our OpenWrt kernel, remove the
change from backports.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The removed patches were applied upstream.
This backports version 5.11.22 and later does not support kernel
versions < 4.4, this allows us to remove some patches too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
e983a25 Update regulatory rules for Ecuador (EC)
a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz
cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz
86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US
6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US
9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately
42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Per FHS 3.0, /var/lock is the location for lock files [1].
However its current permissions (755) are too restrictive
for use by unprivileged processes.
Debian and Ubuntu set them to 1777, and now so do we.
[1] <https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#varlockLockFiles>
Signed-off-by: Deomid Ryabkov <rojer@rojer.me>
[fixed typo in commit message, had to remove "rojer" due to git hooks]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This fixes passing a bogus non-null pointer to the ubus handler in case
the transition request is rejected.
Signed-off-by: David Bauer <mail@david-bauer.net>
Both hostapd and netifd attempt to add a VLAN device to a bridge.
Depending on which one wins the race, bridge vlan settings might be incomplete,
or hostapd might run into an error and refuse to service the client.
Fix this by preventing hostapd from adding interfaces to the bridge and
instead rely entirely on netifd handling this properly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
c61a1d432b34 wireless: fix creating AP mode WDS station interfaces
f78bdec2ed5f wireless: fix handling vif attributes on reload with mode change
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Refactor so that the outer function opens and closes the mei fd and
passes it around, just as with the main fd.
That also allows us to use the IOCTL macro in get_vector_status() and
clean up accordingly.
Switch to AUTORELEASE while at it.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Add in a fix for 160Mhz dfs on 5.10 and higher.
Add support for 5.13 and 5.15 kernels.
Add of_get_mac_address support for 5.15 driver.
Signed-off-by: Andrew Robbins <andrew@robbinsa.me>
The nl80211 was out of sync with the version used in our backports. This
broke the configuration of the antenna gain.
Fixes: 2bfac61483 ("mac80211: backport support for BSS color changes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
They're preferred terminal descriptions for tmux, with additional support to
some special characters and italic fonts. More info can be found at:
https://github.com/tmux/tmux/wiki/FAQ
Fixes: FS#3404
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
When a ubus event handler denies a association with a non-zero return
value, the code jumps to preceeding code, creating an endless loop until
the event handler accepts the assc request.
Move the ubus handler further up the code to avoid creating such a loop.
Signed-off-by: David Bauer <mail@david-bauer.net>
Right now when I want to temporarily disable wg peer I need to delete
the entire peer section. This is not such a good solution because I
loose the previous configuration of the peer.
This patch adds `disabled` option to peer config which causes that
the config section is ignored.
Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
[use $(AUTORELEASE)]
Signed-off-by: Paul Spooren <mail@aparcar.org>
This introduces support for hardware flow offloading, which was added in
in nftables 0.9.9.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
It's the default anyway and this just looks confusing, as if it wasn't.
Switch to AUTORELEASE while at it.
The binary size is unchanged.
Signed-off-by: Andre Heider <a.heider@gmail.com>
This gates out anything that might introduce semantically frivolous jitter,
maximizing chance of identical object files.
The binary size shrinks by 8kb:
1244352 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
Signed-off-by: Andre Heider <a.heider@gmail.com>
"Alternate certification chains, as oppossed to requiring full chain
validataion. Certificate validation behavior is relaxed, similar to
openssl and browsers. Only the peer certificate must validate to a trusted
certificate. Without this, all certificates sent by a peer must be
used in the trust chain or the connection will be rejected."
This fixes e.g. uclient-fetch and curl connecting to servers using a Let's
Encrypt certificate which are cross-signed by the now expired
DST Root CA X3, see [0].
This is the recommended solution from upstream [1].
The binary size increases by ~12.3kb:
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
[0] https://github.com/openwrt/packages/issues/16674
[1] https://github.com/wolfSSL/wolfssl/issues/4443#issuecomment-934926793
Signed-off-by: Andre Heider <a.heider@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
Until now, this feature was switched on via the kernel configuration
option KERNEL_SECCOMP.
The follwing change a7f794cd2a now requires that
the package procd-seccomp must also enabled for buildinmg.
However, this is not the case we have no dependency and the imagebuilder
cannot build the image, because of the implicit package selection.
This change adds a new configuration option CONFIG_SECCOMP.
The new option has the same behaviour as the configuration
option CONFIG_SELINUX.
If the CONFIG_SECCOMP is selected then the package procd-seccomp and
KERNEL_SECCOMP is enabled for this build.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The existing wnm_disassoc_imminent ubus method only supports issuing a
bss transition request with the disassoc imminent flag set.
For use-cases, where the client is requested to roam to another BSS
without a pending disassoc, this existing method is not suitable.
Add a new bss_transition_request ubus method, which provides a more
universal way to dispatch a transition request. It takes the following
arguments:
Required:
addr: String - MAC-address of the STA to send the request to (colon-seperated)
Optional:
abridged - Bool - Indicates if the abridged flag is set
disassociation_imminent: Bool - Whether or not the disassoc_imminent
flag is set
disassociation_timer: I32 - number of TBTTs after which the client will
be disassociated
validity_period: I32 - number of TBTTs after which the beacon
candidate list (if included) will be invalid
neighbors: blob-array - Array of strings containing neighbor reports as
hex-string
Signed-off-by: David Bauer <mail@david-bauer.net>
To allow steering daemons to be aware of the STA-decided transition
target, publish WNM transition responses to ubus. This way, steerings
daemons can learn about STA-chosen targets and send a better selection
of transition candidates.
Signed-off-by: David Bauer <mail@david-bauer.net>
97bcdcf uxc: fix segfault caused by use-after-free
6398e05 uxc: don't free the stack
324ebd0 jail: fs: add support for asymmetric mount bind
c44ab7f jail: netifd: generate netifd uci config and mount it
82dd390 jail: make use of per-container netifd via ubus
The new per-jail netifd is now configured by filtering the host
network configuration. As libuci is used for that, procd-ujail now
depends on libuci.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This reverts commit f536f5ebdd.
As Hauke commented, this causes builder failures on 5.4 kernels.
This revert includes changes to the mx100 kernel modules
dependency as well as the uci led definitions.
Tested-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This adds a userspace interpretation of the nu801 driver used by Meraki
hardware. Previously this was a driver that was added per target, but as
multiple targets now have this driver, we should move to something that
can be shared by all targets since no driver exists upstream.
Co-developed-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Kernel has added the different variants of the Rock Pi 4 in commit
b5edb0467370 ("arm64: dts: rockchip: Mark rock-pi-4 as rock-pi-4a
dts"). The former Rock Pi 4 is now Rock Pi 4A.
For compatibility with kernel 5.4, this rename has been held back
so far. Having switched to kernel 5.10 now, we can finally apply
it in our tree as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The GPIO_DEVICE symbol belonged to a custom driver that was removed from
OpenWrt in 2012. The symbol never existed in the upstream kernel.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Update busybox to version 1.34.1, which is a minor
maintenance release. It contains just the two post-1.34.0
upstream patches that we earlier backported plus a few fixes
to awk.
* Remove the two backported upstream patches that are
now unnecessary.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
U-Boot 2021.10 has been released.
Rebase mediatek patches on top of new release and remove some patches
which have been merged upstream.
Tested on Bananapi BPi-R2 (mt7623), Bananapi BPi-R64 (mt7622) and
Linksys E8450 (mt7622).
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Bring the usage in line with the dnsmasq man page and the other options
where set: is mandatory.
No functional change.
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Nobody ever updates PKG_RELEASE when changing devices or setup in
the various uboot-* packages. Use $(AUTORELEASE) so we still have
proper versioning there.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This simplifies some operations as it doesn't have to be caculated over
and over. It will also allow adding support for more vendor formats.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Globalscale MOCHAbin is a Armada 7040 based development board.
Specifications:
* Armada 7040 Quad core ARMv8 Cortex A-72 @ 1.4GHz
* 2 / 4 / 8 GB of DDR4 DRAM
* 16 GB eMMC
* 4MB SPI-NOR (Bootloader)
* 1x M.2-2280 B-key socket (for SSD expansion, SATA3 only)
* 1x M.2-2250 B-key socket (for modems, USB2.0 and I2C only)
* 1x Mini-PCIe 3.0 (x1, USB2.0 and I2C)
* 1x SATA 7+15 socket (SATA3)
* 1x 16-pin (2×8) MikroBus Connector
* 1x SIM card slot (Connected to the mini-PCIe and both M.2 slots)
* 2x USB3.0 Type-A ports via SMSC USB5434B hub
* Cortex 2x5 JTAG
* microUSB port for UART (PL2303GL/PL2303SA onboard)
* 1x 10G SFP+
* 1x 1G SFP (Connected to 88E1512 PHY)
* 1x 1G RJ45 with PoE PD (Connected to 88E1512 PHY)
* 4x 1G RJ45 ports via Topaz 88E6141 switch
* RTC with battery holder (SoC provided, requires CR2032 battery)
* 1x 12V DC IN
* 1x Power switch
* 1x 12V fan header (3-pin, power only)
* 1x mini-PCIe LED header (2x0.1" pins)
* 1x M.2-2280 LED header (2x0.1" pins)
* 6x Bootstrap jumpers
* 1x Power LED (Green)
* 3x Tri-color RGB LEDs (Controllable)
* 1x Microchip ATECC608B secure element
Note that 1G SFP and 1G WAN cannot be used at the same time as they are in
parallel connected to the same PHY.
Installation:
Copy dtb from build_dir to bin/ and run tftpserver there:
$ cp ./build_dir/target-aarch64_cortex-a72_musl/linux-mvebu_cortexa72/image-armada-7040-mochabin.dtb bin/targets/mvebu/cortexa72/
$ in.tftpd -L -s bin/targets/mvebu/cortexa72/
Connect to the device UART via microUSB port and power on the device.
Power on the device and hit any key to stop the autoboot.
Set serverip (host IP) and ipaddr (any free IP address on the same subnet), e.g:
$ setenv serverip 192.168.1.10 # Host
$ setenv ipaddr 192.168.1.15 # Device
Set the ethernet device (Example for the 1G WAN):
$ setenv ethact mvpp2-2
Ping server to confirm network is working:
$ ping $serverip
Using mvpp2-2 device
host 192.168.1.15 is alive
Tftpboot the firmware:
$ tftpboot $kernel_addr_r openwrt-mvebu-cortexa72-globalscale_mochabin-initramfs-kernel.bin
$ tftpboot $fdt_addr_r image-armada-7040-mochabin.dtb
Boot the image:
$ booti $kernel_addr_r - $fdt_addr_r
Once the initramfs is booted, transfer openwrt-mvebu-cortexa72-globalscale_mochabin-squashfs-sdcard.img.gz
to /tmp dir on the device.
Gunzip and dd the image:
$ gunzip /tmp/openwrt-mvebu-cortexa72-globalscale_mochabin-squashfs-sdcard.img.gz
$ dd if=/tmp/openwrt-mvebu-cortexa72-globalscale_mochabin-squashfs-sdcard.img of=/dev/mmcblk0 && sync
Reboot the device.
Hit any key to stop the autoboot.
Reset U-boot env and set the bootcmd:
$ env default -a
$ setenv bootcmd 'load mmc 0 ${loadaddr} boot.scr && source ${loadaddr}'
Optionally I would advise to edit the console env variable to remove earlycon as that
causes the kernel to never use the driver for the serial console.
Earlycon should be used only for debugging before the kernel can configure the console
and will otherwise cause various issues with the console.
$ setenv console 'console=ttyS0,115200'
Save and reset
$ saveenv
$ reset
OpenWrt should boot from eMMC now.
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Fix BPi-R2 GPIO LEDs to indicate boot into production or recovery
firmware in DTS and define them in default environment.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
186f6eaeba70 wireless: display log messages for setup/teardown/retry
fac471c4934a wireless: process and close script file descriptor when rerunning setup
62e2bb56f48e main: poll process log stream even if processes are killed
0e311d3f2d1a wireless: reset number of retries on config change
e467e0ff44c0 wireless: reset retry counter when setup succeeds
448ffc154fe7 wireless: fix index for stations
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Even though TRACEPOINTS is not enabled in my kernel config, my build
fails due to KVM_MMU_AUDIT being missing. Add this symbol to kmod-kvm to
fix this.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
In hostapd_ubus_add_bss(), ubus objects are not registered for mesh
interfaces. This provokes a segfault when accessing the ubus object in
mesh deinit.
This commit adds the same condition to hostapd_ubus_free_bss() for
discarding those mesh interfaces.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
The `mkdir` commands supports passing multiple arguments to batch create
multiple folders, instead of calling the tool every single time.
If the creation of one of the folders fails, all other folder are still
created and therefore doesn't change the error handling.
Also stop creating `/etc/` explicitly after subfolders of `/etc/` were
already created.
Signed-off-by: Paul Spooren <mail@aparcar.org>
The `sed`-script shouldn't be called multiple times, especially not with
the same files.
This commit merges all files together in a single `sed`-script call.
Signed-off-by: Paul Spooren <mail@aparcar.org>
For some reason, the build system chops off the last number from the version,
which is not correct. Add it back.
Update hash.
Fixes: 96c7164acd ("restool: update to LSDK-20.12")
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[add Fixes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The official Plasma Cloud firmware adjusted the BDFs to contain new
conformance test limits and target power values. These should be imported
to avoid emissions outside the allowed limits.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Currently, the fstab service starts after the log service which breaks
the ability to write a persistent log file to a filesystem mounted by
the fstab service. Thus, change the start order of the fstab service so
it starts right before the log service.
Fixes: b131853 ("ubox: update to latest git revision")
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[set to 11 to be explicitly before log, not only alphabetically, SPDX]
Signed-off-by: Paul Spooren <mail@aparcar.org>
Fixes compilation with GCC11.
Kept PKG_VERSION as there's some bug that chops off the 12 at the end.
Refreshed other patch.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fixes compilation with both GCC 10 and 11.
Switched to AUTORELEASE for simplicity.
Removed PKG_VERSION as it's derived from PKG_SOURCE_VERSION.
Removed all patches as they are upstream backports.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Delete tunnel on 6rd interface teardown.
Should solve problem related to tunnel stuck on restart loop
with "Unknown Command" on tunnel restart due to wan connection drop.
This patch is similar to the one written by Ansuel on Aug 2, 2021
but the 6rd teardown produces the same symptoms when the network
service is restarted.
Signed-off-by: David Lam <david@thedavid.net>
GCC 10 defaults to `-fno-common` and complains about multiple definition
of `mc_status` in restool.
Backport a patch from upstream to fix compilation with host GCC 10.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
c62d85cf7a0d bridge: check port bpdu filter status and apply it to the config
25555611be91 libnetlink: turn rtnetlink error answers into debug msgs
462b3a491347 build: use pthread cflags/ldflags
Signed-off-by: Felix Fietkau <nbd@nbd.name>
d590fbd255ce wireless: always enable bpdu filter for AP interfaces and VLANs
f8ff6d820283 system-linux: remove copy&paste from /proc and /sys path names
300b1220fab3 wireless: improve reliability of proxyarp support
5ba9744aac6d device: add support for configuring bonding devices
6fa9b042ff4d wireless: only apply wireless device attributes to the base vif interface
06d11bbf1f2b wireless: only enable proxyarp/isolate for AP vifs
08e954e137ff bonding: claim the port device before creating the bonding device
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This adds the hash also for the aarch64 toolchain in addition to the
x86_64 toolchain. This gets the build on a Linux aarch64 host one step
further.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update iproute2 to latest stable 5.14; for the changes see https://lwn.net/Articles/867940/
Refresh patches
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
8a60e7e trace: don't leak file descriptor in error path
68df9ac procd: fix container deletion
f16abe0 uxc: add JSON output option for 'list' command
a23c888 jail: prepare for adding process to existing namespace
50da8a4 instance: allow jailed service to join namespace(s)
482d1ab Revert "jail: do not hack /etc/resolv.conf on container rootfs"
1eb4371 jail: start ubus and netifd instances for container with netns
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
bump version and remove patches that have been applied
176d701 wtmi: Wait 1s after putting PHYs INTn pin low
2eeccfe wtmi: Change comment describing reset workaround
e8c94a5 wtmi: Count RAM size from both CS0 and CS1
995979e wtmi: Rename macro
e29eb29 wtmi: soc: Fix start_ap_workaround() for TF-A with debug
81245ed wtmi: Use constant name PLAT_MARVELL_MAILBOX_BASE
18ccb83 wtmi: Do a proper UART reset with clock change as described in spec
15ff106 avs: Validate VDD value from OTP
3f33626 fix: clock: a3700: change pwm clock for 600/600 and 1200/750 preset
fb5e436 wtmi: uart: fix UART baudrate divisor calculation
Signed-off-by: sean lee <ilf@live.com>
Summary of upstream CHANGELOG:
* Handle DHCPREBIND requests in the DHCPv6 server code.
* Fix bug which caused dnsmasq to lose track of processes forked.
* Major rewrite of the DNS server and domain handling code.
* Revise resource handling for number of concurrent DNS queries.
* Improve efficiency of DNSSEC.
* Connection track mark based DNS query filtering.
* Allow smaller than 64 prefix lengths in synth-domain.
* Make domains generated by --synth-domain appear in replies
when in authoritative mode.
* Ensure CAP_NET_ADMIN capability is available when
conntrack is configured.
* When --dhcp-hostsfile --dhcp-optsfile and --addn-hosts are
given a directory as argument, define the order in which
files within that directory are read.
* Support some wildcard matching of input tags to --tag-if.
Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
Changes from 4.7.0:
Fix one high (OCSP verification issue) and two low vulnerabilities
Improve compatibility layer
Other improvements and fixes
For detailed changes refer to https://github.com/wolfSSL/wolfssl/releases
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
The ZyXEL GS1900-24HPv2 is a 24 port PoE switch with two SFP ports, similar to the other GS1900 switches.
Specifications
--------------
* Device: ZyXEL GS1900-24HPv2
* SoC: Realtek RTL8382M 500 MHz MIPS 4KEc
* Flash: 16 MiB
* RAM: W631GG8MB-12 128 MiB DDR3 SDRAM
(stock firmware is configured to use only 64 MiB)
* Ethernet: 24x 10/100/1000 Mbps, 2x SFP 100/1000 Mbps
* LEDs: 1 PWR LED (green, not configurable)
1 SYS LED (green, configurable)
24 ethernet port link/activity LEDs (green, SoC controlled)
24 ethernet port PoE status LEDs
2 SFP status/activity LEDs (green, SoC controlled)
* Buttons: 1 "RESTORE" button on front panel
1 "RESET" button on front panel
* Power 120-240V AC C13
* UART: 1 serial header (J41) with populated standard pin connector on
the left edge of the PCB, angled towards the side.
The casing has a rectangular cutout on the side that provides
external access to these pins.
Pinout (front to back):
+ GND
+ TX
+ RX
+ VCC
Serial connection parameters for both devices: 115200 8N1.
Installation
------------
OEM upgrade method:
(Possible on master once https://patchwork.ozlabs.org/project/openwrt/patch/20210624210408.19248-1-bjorn@mork.no/ is merged)
* Log in to OEM management web interface
* Navigate to Maintenance > Firmware > Management
* If "Active Image" has the first option selected, OpenWrt will need to be
flashed to the "Active" partition. If the second option is selected,
OpenWrt will need to be flashed to the "Backup" partition.
* Navigate to Maintenance > Firmware > Upload
* Upload the openwrt-realtek-generic-zyxel_gs1900-24hp-v2-initramfs-kernel.bin
file by your preferred method to the previously determined partition.
When prompted, select to boot from the newly flashed image, and reboot the switch.
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/openwrt-realtek-generic-zyxel_gs1900-24hp-v2-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
U-Boot TFTP method:
* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
space bar, and enable the network:
> rtk network on
* Since the GS1900-24HPv2 is a dual-partition device, you want to keep the OEM
firmware on the backup partition for the time being. OpenWrt can only boot
from the first partition anyway (hardcoded in the DTS). To make sure we are
manipulating the first partition, issue the following commands:
> setsys bootpartition 0
> savesys
* Download the image onto the device and boot from it:
> tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-24hp-v2-initramfs-kernel.bin
> bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
> sysupgrade -n /tmp/openwrt-realtek-generic-zyxel_gs1900-24hp-v2-squashfs-sysupgrade.bin
it may be necessary to restart the network (/etc/init.d/network restart) on
the running initramfs image.
Signed-off-by: Soma Zambelly <zambelly.soma@gmail.com>
The ipq-wifi-netgear_wac510 package is not selected by any device and would
be empty anyway. The default board-2.bin from ath10k-board-qca4019 is
therefore used for this device and the package doesn't provide any visible
features.
Fixes: b126d9c3a3 ("ipq40xx: add netgear wac510 support")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
When doing parallel build on a fast machine with bottleneck in i/o,
m_xt.so may start linking faster than dynsyms.list gets populated,
resulting in error:
ld:dynsyms.list:0: syntax error in dynamic list
Fix this by adding dynsyms.list as make dependency to m_xt.so
Described also here:
https://bugs.openwrt.org/index.php?do=details&task_id=3353
Change from v1:
- add dynsysms.list dependancy only when shared libs are enabled
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Fixes: FS#3353
Sitecom WLR-4100 v1 002 (marked as X4 N300) is a wireless router
Specification:
SoC: MT7620A
RAM: 64 MB DDR2
Flash: MX25L6405D SPI NOR 8 MB
WIFI: 2.4 GHz integrated
Ethernet: 5x 10/100/1000 Mbps QCA8337
USB: 1x 2.0
LEDS: 2x GPIO controlled, 5x switch
Buttons: 1x GPIO controlled
UART: row of 4 unpopulated holes near USB port, starting count from
white triangle on PCB:
VCC 3.3V
GND
TX
RX
baud: 115200, parity: none, flow control: none
Installation
Connect to one of LAN (yellow) ethernet ports,
Open router configuration interface,
Go to Toolbox > Firmware,
Browse for OpenWrt factory image with dlf extension and hit Apply,
Wait few minutes, after the Power LED will stop blinking, the router is
ready for configuration.
Known issues
Some USB 2.0 devices work at full speed mode 1.1 only
MAC addresses
factory partition only contains one (binary) MAC address in 0x4.
u-boot-env contains four (ascii) MAC addresses, of which two appear
to be valid.
factory 0x4 **:**:**:**:b9:84 binary
u-boot-env ethaddr **:**:**:**:b9:84 ascii
u-boot-env wanaddr **:**:**:**:b9:85 ascii
u-boot-env wlanaddr 00:AA:BB:CC:DD:12 ascii
u-boot-env iNICaddr 00:AA:BB:CC:DD:22 ascii
The factory firmware only assigns ethaddr. Thus, we take the
binary value which we can use directly in DTS.
Additional information
OEM firmware shell password is: SitecomSenao
useful for creating backup of original firmware.
There is also another revision of this device (v1 001), based on RT3352 SoC
Signed-off-by: Andrea Poletti <polex73@yahoo.it>
[remove config DT label, convert to nvmem, remove MAC address
setup from u-boot-env, add MAC address info to commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Update busybox to version 1.34.0
* Remove upstreamed patches (205, 530, 540)
* Remove one old patch that does not apply any more. (203)
That was originally introduced in 2008 with 563d23459,
but does not apply after busybox restructuring with
https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?h=1_34_stable&id=e6007c4911c3ea26925f9473b9f156a692585f30
and
https://git.busybox.net/busybox/commit/networking/udhcp/dhcpc.c?h=1_34_stable&id=1c7253726fcbab09917f143f0b703efbd2df55c3
* Refresh config and patches.
* Backport upstream fixes for
- MIPS compilation breakage and
- process substitution regression
Config refresh:
Refresh commands, run after busybox is first built once:
cd utils/busybox/
cd config/
../convert_menuconfig.pl ../../../../build_dir/target-aarch64_cortex-a53_musl/busybox-default/busybox-1.34.0
cd ..
./convert_defaults.pl < ../../../build_dir/target-aarch64_cortex-a53_musl/busybox-default/busybox-1.34.0/.config > Config-defaults.in
Manual edits needed afterward:
* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in: OpenWrt configTARGET_bcm53xx logic applied to
BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)
* Config-defaults.in: OpenWrt logic applied to
BUSYBOX_DEFAULT_LOGIN_SESSION_AS_CHILD (commit dc92917)
BUSYBOX_DEFAULT_UDHCPC_DEFAULT_INTERFACE (just "")
* config/editors/Config.in: Add USE_GLIBC dependency to
BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)
* config/shell/Config.in : change at "Options common to all shells" the symbol
SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
(discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
Apparently our script does not see the hidden option while
prepending config options with "BUSYBOX_CONFIG_" which leads to a
missed dependency when the options are later evaluated.)
* Edit Config.in files by adding quotes to sourced items in
config/Config.in, config/networking/Config.in and config/util-linux/Config.in (commit 1da014f)
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
929c862 vm: fix toplevel function call protocol
8f34d70 fs: fix chown() and rename() error return values
03ca445 tests: disable fuzz tests for now
3b1be3d types: mark further GC roots
d49af4e types: fix comparison of differently signed integers
c79ff39 types: handle conversion errors when dealing with negative error indexes
3315b1f types: allow negative array indexes
d5b25f9 treewide: harmonize function naming
cc4ce8d module: remove unused defines
f5d7526 examples: add libucode usage examples
559eff2 types, vm: adjust GC api
e5e7e62 treewide: move header files into dedicated directory
ff6168a build: install header files
7e6ce0f main: introduce new flag `-x` to allow disabling specific functions
b1817b3 vm: fix invalid memory access on GC'ing uninitialized VM context
498fe87 main: refactor option parsing and VM setup
ff52440 treewide: consolidate typedef naming
1d60418 vm: add API to control trace mode
48f33ad vm: make root exception handler configurable
0f69f09 vm: fix invalid memory access on toplevel function calls
6bcc318 vm: fix handling exceptions in top-level function calls
4ae0568 lib, vm: reimplement exit() as exception type
2f77657 vm: extend API to allow returning result value from VM execution
111645a vm: remove module preloading logic
38ff6de main: preload modules ourselves
d5bc223 vm: add uc_vm_invoke() helper
ef0baf1 vm: cosmetic fix for outputting exceptions without source context
b11a2fa vm: move global scope allocation into uc_vm_init()
900b2a3 vm: add getter and setter for vm globals scope
0179576 lib: rename uc_add_proto_functions() to uc_add_functions()
98b9c84 lib: expose stdlib function array
1adfba0 treewide: eliminate dead code and unused functions
3974e71 treewide: replace a number of unnecessary type casts
bf85226 treewide: move ressource type registry into vm instance
e2b3d2e build: split into libucode and ucode cli
dad8f3a types: properly deal with circular data in GC mark phase
62dbd64 lexer: rename UT_ prefixed constants to UC_
bc8e465 types: fix wrong assert() on tearing down object trees
853b9f1 vm: fix potential invalid memory access in uc_vm_get_error_context()
6f05cdd lib: fix refcount imbalance in uc_require_path()
96f140b lib, vm: ensure that require() compiles modules only once
df5db5f compiler: don't segfault on invalid declaration expressions
a97c7a1 lexer: transition into EOF state on unrecognized character
2a838d1 compiler: improve mapping of binary operator tokens to instructions
9872f65 vm: add support for I_LE and I_GE instructions
4e410c3 treewide: let uc_cmp() use instruction instead of token numbers
ce6081d lexer, vm: reorder token and instruction numbers
234a4f6 lib: implement b64enc() and b64dec() functions
856a0c0 lib: only consider context of calling function for callbacks
86fb130 lib: implement min() and max() functions
3e893e6 lib: pass-through "this" context to library function callbacks
42de7ab lib: implement `sourcepath()` function
05c80a7 lib: fix negative uc_index() return value on 32bit systems
9874562 lexer: implement raw code mode
3b665c8 lexer: drop value union from keyword table
44354cf lexer, compiler: separate TK_BOOL token into TK_TRUE and TK_FALSE tokens
5879bdf syntax: drop Infinity and NaN keywords
d4edadc lib: rename uc_lib_init() to uc_load_stdlib()
d81bad7 main, lib: move allocation of globals object into lib function
c4f4b38 main: simplify REQUIRE_SEARCH_PATH initialization
54ca3aa types: fix uninitialized memory on setting non-contiguous array indexes
cbc0d78 build: let require search patch default to CMAKE_INSTALL_PREFIX
5714705 syntax: introduce `const` support
ed32c42 compiler, lexer: add NO_LEGACY define to disable legacy syntax features
ff6811f syntax: implement `delete` as proper operator
5803d86 lib: implement wildcard() function
dfb7379 fs: implement chmod(), chown(), rename() and glob() functions
1ddf5b6 lexer: skip interpreter line in any source buffer
9951a00 build: lower minimum required CMake version to v3.13
7b81ab2 main: expose argv as global ARGV array to ucode scripts
7283a70 tests: rename misnamed testcases for consistency
3f80116 compiler: fix local for-loop initializer variable declarations
f20b56f compiler: properly parse slashes in parenthesized division expressions
5c4e1ea lib: implement regexp(), a function to construct regexp instances at runtime
e546bba lib: implement render(), an include variant capturing output in a string
0cb10c6 vm: implement mechanism to change output file descriptor
eb8a64d lib: fix uc_sort()
f1ffc9f vm: truncate long values after 60 chars in trace output
850612f compiler: properly handle break/continue in nested scopes
f0a9875 compiler: properly handle keyword in parenthesized property access expression
1660433 compiler: fix stack mismatch on compiling `use strict` statements
a36e0df syntax: implement support for 'use strict' pragma
827a34a vm, compiler: get rid of unused struct members
594cdf3 lib: implement assert()
c4d1648 lib: add support for pretty printing JSON to printf() and sprintf()
f2eaea3 lib: gracefully handle truncated format strings in uc_printf_common()
02629b8 lexer: fix infinite loop on parsing unterminated comments
2bc9bac lexer: fix infinite loop on parsing unterminated expression blocks
f73e201 lexer: fix infinite loop when parsing regexp literal at EOF
86b4863 compiler: fix segfault on parsing invalid pre/post increment expressions
0e24509 lib: fix reporting source context lines at EOF
e66b2ad compiler, lexer: improve lexical state handling
e29b574 lib: fix uc_split() quirks
64eec7f treewide: ISO C / pedantic compliance
4af803d build: output error messages on test failures
9ef693e vm: improve context for early errors
6def9fc tests: pass ucode library path through environment
d5dd183 treewide: address various sign-compare warnings
28825ac types: support creating ressource values without associated type
9c5106a types: fix potential memory leaks and null pointer accesses
c51934a types: fix potential leak of key in ucv_object_add()
7b28727 main: fix ineffective EOF check in parse()
4cf897c lib: uc_system(): fix invalid free() of non-heap memory
35af4ba treewide: rework internal data type system
f2c4b79 treewide: fix issues reported by clang code analyzer
93ededb tests: allow executing run_tests.sh from any directory
0e4a387 Add initial GitLab and GitHub CI support
df73b25 tests: add more tests
41d33d0 tests: custom: return exit code if tests fails
1c548a6 cmake: do not output binaries into lib directory
2b59097 tests: create custom tests from current tests cases
8039361 main: provide just binary name in help output
778e4f7 lexer: fix incomplete struct initializers
502ecdc cmake: enable extra compiler checks
3c2aeff cmake: fix includes and libraries
617a114 cmake: make 3.0 minimum version
f360350 lib: implement sleep(ms) function
7f0ff91 lib: allow parsing non-array, non-object value in json()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Change the CONFLICTS definition from the alternative package
(ethtool-full) to the main one.
The CONFLICTS line creates a dependency to the conflicting package.
Right now, the dependency would be created in the PACKAGE_ethtool-full
symbol:
config PACKAGE_ethtool-full
depends on m || (PACKAGE_ethtool != y)
When the main package is selected by airmon-ng, it selects
PACKAGE_ethtool, *depending* on the value of PACKAGE_ethtool-full:
config PACKAGE_airmon-ng
select PACKAGE_ethtool if PACKAGE_ethtool-full<PACKAGE_airmon-ng
In the first block, the value of PACKAGE_ethtool-full depends on the
value of PACKAGE_ethtool. In the second block, the opposite is true:
the value of PACKAGE_ethtool depends on the value of
PACKAGE_ethtool-full. This is a recursive dependency.
Fix it by changing the package where the dependency is created, so that
only the value of PACKAGE_ethtool will depend on PACKAGE_ethtool-full.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
The previous procd update broke mounting overlayfs in an attempt to
fix an off-by-one error. Revert that broken fix and apply fix from
Nick Hainke <vincent@systemli.org> instead to bring things back to
life.
20adf53 Revert "initd: fix off-by-one error in mkdev.c"
773e8da initd: fix off-by-one error in mkdev.c
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Remove old math patch meant for old GCC versions. It's not needed
for GCC and causes issues with clang.
Add CMake patch to identify clang properly and apply the proper
flags. Fixes the following warnings/errors:
json_pointer.c:230:7: warning: implicit declaration of function
'vasprintf' is invalid in C99 [-Wimplicit-function-declaration]
rc = vasprintf(&path_copy, path_fmt, args);
^
json_pointer.c:317:7: warning: implicit declaration of function
'vasprintf' is invalid in C99 [-Wimplicit-function-declaration]
rc = vasprintf(&path_copy, path_fmt, args);
^
/usr/include/bits/mathcalls.h:177:23: error: cannot redeclare builtin
function '__builtin_isinf'
__MATHDECL_ALIAS (int,isinf,, (_Mdouble_ __value), isinf)
^
/usr/include/bits/mathcalls.h:177:23: note: '__builtin_isinf' is a
builtin with type 'int ()'
/usr/include/bits/mathcalls.h:213:23: error: cannot redeclare builtin
function '__builtin_isnan'
__MATHDECL_ALIAS (int,isnan,, (_Mdouble_ __value), isnan)
The clang patch is an upstream backport.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
df251c2 uxc: move mountpoint of persistent config to /var/run/uxc
e5b38fd trace: free memory allocated by blobmsg_format_json_indent()
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The hostapd.sh script already has support for configuring proxy-ARP,
however no built variant has support for it enabled.
Enable proxy-ARP support for hostapd-full builds in order to allow users
to actually use this feature.
Signed-off-by: David Bauer <mail@david-bauer.net>
The disable_dgaf config fiels is only available in case Hostapd is
compiled with Hotspot 2.0 support, however Proxy-ARP does not depend on
Hotspot 2.0.
Only add the code related to this config field when Hotspot 2.0 is
enabled to fix compilation with the aformentioned preconditions.
Signed-off-by: David Bauer <mail@david-bauer.net>
This version fixes two vulnerabilities:
- SM2 Decryption Buffer Overflow (CVE-2021-3711)
Severity: High
- Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
Severity: Medium
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
OpenWrt's special gpio-button-hotplug driver is still using
exclusively the legacy GPIO Subsystem gpio_ API.
While it still does work fine for most devices, upstream
linux is starting to convert platform support like that of
the APU2/3/4 to the new GPIOD LOOKUP tables that are not
supported by it.
Hence, this patch replaces the gpio_ calls present in
gpio-button-hotplug with gpiod_ equivalent wherever
it's possible. This allows the driver to use the
gpiod lookup tables and still have a fallback for
legacy platform data code that just sets button->gpio
set to the real button/switch GPIO.
As a bonus: the active_low logic is now being handled
by the linux's gpio subsystem too. Another issue that
was address is the of_handle leak in the dt parser
error path.
Tested with legacy platform data: x86_64: APU2, MX-100
Tested on OF: ATH79; MR18, APM821xx: Netgear WNDR4700,
RAMIPS: WL-330N3G
LANTIQ: AVM FritzBox 7360v1
Reported-by: Chris Blake <chrisrblake93@gmail.com>
Tested-by: Chris Blake <chrisrblake93@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This integrates with netifd in order to provide STP/RSTP protocol support
in user space. It defaults to using RSTP for bridges with stp enabled.
This daemon has no config files, it uses the configuration passed from
netifd via ubus
Signed-off-by: Felix Fietkau <nbd@nbd.name>
50e6b20 libfstools: handle open() return value properly in F2FS check
e1b6811 blockd: include missing libubox/utils.h
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
8a8306d uxc.c: fix coverity resource leak warning
7f2398e jail: devices: create parent folder when creating devices
0603c8d jail: return to hook callback instead of just calling it
3edb7eb jail: check return value when opening console
af048a3 jail: use portable sizeof(void *)
6010bd3 utils: make sure read() string is 0 terminated
f6daca3 uxc: free string returned by blobmsg_format_json_indent()
51f1cd2 trace: free string returned by blobmsg_format_json_indent()
d716cb5 trace: handle open() return value and make sure string is terminated
b824a89 jail: preload: avoid NULL-dereference in case things go wrong
167dc24 jail: protect against strcat buffer overflows
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
94170ae24bc9 device: extend device settings flags to 64 bit
1eb0fafaa986 device: add support for configuring device link speed/duplex
ed84473b7af9 bridge: memset bst->config by default to avoid stale config values
6519cf31e4b0 bridge: add support for an external STP daemon
454e9c33c906 bridge: tune default stp parameters
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Add a config option for json_script instead of unconditionally including
all json files in /etc/uhttpd in every uhttpd instance. This makes it
possible to configure a single instance with an unconditional redirect,
which currently renders all other uhttpd instances unusable.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Felix Fietkau <nbd@nbd.name>
01b4e60 dhcpv4: fix uninitialized hostname in some ubus events
1666769 dhcpv6-ia: allow up to 64 bit wide hostid
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The option was initially named TARGET_ROOTFS_LN_VAR_TMP, and the check
was correct. When renaming the option to something more suitable, the
check was changed to check for n, but when an option is not set, it's
not n but empty. This results in the check always evaluating to false.
Fix the check by checking for y with ifneq.
Fixes: 57807f50de ("base-files: add option to make /var persistent")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
In OpenWrt, /var is symlinked to /tmp by default. This is done to reduce
the amount of writes to the flash chip, which often have not the
greatest durability. As a result, things like DHCP or UPnP lease files,
are not persistent across reboots.
Since OpenWrt can run on devices with more durable storage, it makes
sense to have an option for a persistent /var. Add an option to make
/var persistent. When enabled, /var will no longer be symlinked to /tmp,
but /var/run will be symlink to /tmp/run, as it should contains only
files that should not be kept during reboot. The option is off by
default, to maintain the current behaviour.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The userspace application now uses the model=full option to match the
configuration of the kernel module. The source no longer contains SOAP
support, which was the primary reason to build only typical instead
of full before.
This makes several CLI commands, which were already supported in the
kernel module, available in the userspace application. For example, this
includes bbsg which allows to get information about VDSL2 bands.
Some previously applied build options were redundant. Disabling ADSL MIB
support is unnecessary, as it only applies to Danube. ADSL LED support
is no longer included in the source. ReTx counters are already included
with model type full.
This increases the size of the userspace application by approximately
15 kB (uncompressed). The kernel module does not change at all.
Signed-off-by: Jan Hoffmann <jan@3e8.eu>
with xinetd allowed+blocked (ipv6) hosts could be set
what is not possible with stock dropbear package
The file size increased 12 Bytes, so this "opimisation" did not really helped.
Within a compressed storage format it is 0..
ipk: 111.171 -> 111.361 = 190 bytes
bin: 215.128 -> 215.140 = 12 bytes
Signed-off-by: Fritz D. Ansel <fdansel@yandex.ru>
Replace some OpenWrt patches with openembedded ones for easier
maintainability. Remove several outdated ones as well.
Replace PKG_RELEASE with AUTORELEASE to avoid manual bumps.
Remove !arc dependency as it is supported upstream now.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
BananaPi BPi-R2 comes with HDMI and MIPI-DSI. Use dislpay facility in
Linux by add "console=tty1" boot argument.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes a build problem seen after binutils 2.36 is used by default.
Fixes: 3f41153b1c ("toolchain/binutils: switch to version 2.36.1 by default")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
592ac0f add a note
4bacd14 sslcertfile: list /etc/ssl
7bdefa4 example: indicate that skip is an option
d1e9a85 wifi: sys pipe usage
eb903e1 README: add note about policycoreutils-setfiles weak dependency
762e011 ttyd: signull all subjects
fbfc079 acme: add basic support for acme_cleanup.sh and acme_setup.sh
9ac7592 acme: transition to sys.subj on generic initscript execution
f3dd1ba acme: missing rules related to sys.subj trans on file.initscriptfile
ae273fa odhcp6c/netifd: support drop-in directories
5fa9b41 subj: do not encourage misconfiguration
44722b6 blockd, logd, odhcpc6, ubiutil, mtdstordev
a775d93 21.02 related
a473691 rcboot runs rcuhttpd which creates /tmp/etc for /tmp/etc/uhttpd
290e9fb rcuhttpd: related to rcboot and uci-defaults
3fc0d8b rcuhttpd: lists /etc/uci-defaults
1f5ef48 removes ubvol.lock policy and adds move mtd/ubi partitions
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Installing headers and static libraries to the target system seems
to be not required for most use cases, so let's factor them
out into a dedicated -dev package.
This cuts down to disk usage to around 50% of the original
package to ~ 2MB - not that disk space is an issue normally,
but when using inside an initramfs only project, it counts.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
When compiling busybox with GCC 10 and CONFIG_PKG_ASLR_PIE_ALL=y, there
are hundreds of errors like:
relocation R_MIPS16_26 against `xzalloc' cannot be used when making a
shared object; recompile with -fPIC
Simply solve this by no longer disabling PKG_ASLR_PIE, so that $(FPIC)
is properly added to the CFLAGS and LDFLAGS.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
While an image layout based on MBR and 'bootfs' partition may be easy
to understand for users who are very used to the IBM PC and always have
the option to access the SD card outside of the device (and hence don't
really depend on other recovery methods or dual-boot), in my opinion
it's a dead end for many desirable features on embedded systems,
especially when managed remotely (and hence without an easy option to
access the SD card using another device in case things go wrong, for
example).
Let me explain:
* using a MSDOS/VFAT filesystem to store kernel(s) is problematic, as a
single corruption of the bootfs can render the system into a state
that it no longer boots at all. This makes dual-boot useless, or at
least very tedious to setup with then 2 independent boot partitions
to avoid the single point of failure on a "hot" block (the FAT index
of the boot partition, written every time a file is changed in
bootfs). And well: most targets even store the bootloader environment
in a file in that very same FAT filesystem, hence it cannot be used
to script a reliable dual-boot method (as loading the environment
itself will already fail if the filesystem is corrupted).
* loading the kernel uImage from bootfs and using rootfs inside an
additional partition means the bootloader can only validate the
kernel -- if rootfs is broken or corrupted, this can lead to a reboot
loop, which is often a quite costly thing to happen in terms of
hardware lifetime.
* imitating MBR-boot behavior with a FAT-formatted bootfs partition
(like IBM PC in the 80s and 90s) is just one of many choices on
embedded targets. There are much better options with modern U-Boot
(which is what we use and build from source for all targets booting
off SD cards), see examples in mediatek/mt7622 and mediatek/mt7623.
Hence rename the 'sdcard' feature to 'legacy-sdcard', and prefix
functions with 'legacy_sdcard_' instead of 'sdcard_'.
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
procd.sh:
Instead of triggering on every mount.add event, there should be no
mount trigger at all in case none of the directories passed to
procd_add_*_mount_trigger() are located on a mountpoint configured in
/etc/config/fstab.
uxc:
add missing dependency on rpcd.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
040fecc system: fix issues reported by Coverity
48f481b service: make sure string read is null terminated
16dbc2a uxc: fix a bunch of issues discovered by Coverity
ff9002f uxc: fix help output
104b49d uxc: support config in uvol
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Delete tunnel on 6in4 interface teardown.
Should solve problem related to tunnel stuck on restart loop
with "Unknown Command" on tunnel restart due to wan connection drop.
Fixes: FS#3690
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>