If system has more then one and different wwan interface (modem). Then the
wwan protohandler will always take the modem which is discovered first.
The protohandler will always setup the same interface. To fix this add a
new usb "bus" option which is associated with wwan device and so will set
the specified interface up. With this change more then one interface
could be mananged by the wwan protohandler.
If the "bus" option is not set in the uci network config then the protohandler
behaves as before the change. The protohanldler will take the first
interface which he founds.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
service_running() implementation in /etc/rc.common use it.
It is preferable to use wildcard than assuming the instance
name is the default one.
jsonfilter returns all matches when wildcards are used, hence
the -l 1 argument used to limit output to only one value.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
This is a precursor to adding proper support for multiple
6in4 tunnels with the already programmed tunlink parameter.
This is an essential sanity check so as to not break existing
and working behind NAT setups.
Signed-off-by: Sean Kenny <skenny@wfap.ca>
6in4: add myip he.net api parameter logic
This is to add proper support for multiple 6in4 tunnels
with the already programmed tunlink parameter.
As it stands before this commit, if there is a multi wan setup that
consists of dynamic ips, there is no way to use the
dynamic update feature as the he.net api is implicitly using
the ip address of the caller. This will explicitly use the
ipaddr specified in the interface config OR the ip of the
tunlink interface specified in the dynamic update api call instead
ONLY if the final resolved ipaddr variable is not an rfc1918 address.
Signed-off-by: Sean Kenny <skenny@wfap.ca>
The destination buffer size `d_len` is passed to `lzma_inflate` as a
pointer. Therefore, it needs to be dereferenced to compare its content.
Signed-off-by: Christian Franke <nobody@nowhere.ws>
The fwutil command will interpret the final 16 byte of a given firmware
image files as "struct fwimage_trailer".
In case these bytes do look like a valid trailer, we must ensure that we
print them out along with the remainder of the image to not accidentally
truncate non-trailer-images by 16 bytes when they're piped through fwtool,
e.g. as part of an image verification command sequence.
Some command sequences pipe images through fwtool in order to strip any
possible metadata, certificate or signature trailers and do not expect
bare images without any of that metadata to get truncated as other non-
fwtool specific metadata is expected at the end of the file, e.g. an
information block with an md5sum in case of the combined image format.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
8eb8443 version: bump snapshot
be09cf5 wg-quick: android: use Binder for setting DNS on Android 10
4716f85 noise: recompare stamps after taking write lock
54db197 netlink: allow preventing creation of new peers when updating
f1b87d1 netns: add test for failing 5.3 FIB changes
a3539c4 qemu: bump default version
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The channel can be selected automatically at run time by setting
channel=acs_survey or channel=0, both of which will enable the ACS survey
based algorithm in hostapd. If the option acs_exclude_dfs is set in the
hostpad config DFS channels from ACS are excluded on channel selection.
This commit will add the possibilty to exclude the dfs channel on ACS
survey.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Commit 7519a36774 ("base-files,procd: add generic service status")
introduced the generic 'status' command which broke the previous
dsl_control status output. To fix this, let's rename the "old" command
to "dslstat".
Fixes: 7519a36774 ("base-files,procd: add generic service status")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Update libevent to 2.1.11
Use CMake instead GNU Autotools
Backport following commits:
f05ba67193
..and partially
7201062f3e
to fix compilation
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Compilation of liblua itself works, but when other packages link against
it, the linker starts throwing undefined references to a bunch of math
functions in libm.
First discovered in a failed attempt to transition a package to uClibc++.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[fix commit title capitalization]
Signed-off-by: David Bauer <mail@david-bauer.net>
While all ath10k eeproms have a checksum field, so far two
functions for patching ath10k MAC address have been present (and
been used).
This merges code to provide a single function ath10k_patch_mac
in caldata.sh, having its name in accordance with ath9k functions.
By doing so, correct MAC patching for current and future ath10k
devices should be ensured.
This patch adds checksum adjustments for several targets on
ath79 and lantiq.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
GDB 8.3.1 brings the following fixes and enhancements over GDB 8.3:
PR c++/20020 (GDB segfault on printing objects)
PR gdb/24454 (nat/x86-linux-dregs.c failed assertion)
PR breakpoints/24541 (Incorrect evaluation of systemtap probes due to register being signed and probe expression assuming unsigned)
PR symtab/24545 (Symbol loading performance regression with cc1)
PR gdb/24592 (amd64->i386 linux syscall restart problem)
PR gdb/25009 (terminate called after throwing an instance of 'srchilite::ParserException')
PR gdb/25010 (Calls to error () can cause SIGTTOU to send gdb to the background)
PR breakpoints/25011 (Breakpoints on file reloads broken for PIE binaries)
This corrective release also brings the following testsuite fixes and
enhancements:
PR testsuite/25005 (gdb-caching-proc.exp takes a lot of time on skip_opencl_tests)
PR testsuite/25016 (Test-case failures for -pie)
GDB 8.3 includes the following changes and enhancements:
* Support for new native configurations (also available as a target configuration):
- RISC-V GNU/Linux (riscv*-*-linux*)
- RISC-V FreeBSD (riscv*-*-freebsd*)
* Support for new target configurations:
- CSKY ELF (csky*-*-elf)
- CSKY GNU/Linux (csky*-*-linux)
- NXP S12Z ELF (s12z-*-elf)
- OpenRISC GNU/Linux (or1k*-*-linux*)
* Native Windows debugging is only supported on Windows XP or later.
* The Python API in GDB now requires Python 2.6 or later.
* GDB now supports terminal styling for the CLI and TUI.
Source highlighting is also supported by building GDB with GNU
Highlight.
* Experimental support for compilation and injection of C++ source
code into the inferior (requires GCC 7.1 or higher, built with
libcp1.so).
* GDB and GDBserver now support IPv6 connections.
* Target description support on RISC-V targets.
* Various enhancements to several commands:
- "frame", "select-frame" and "info frame" commands
- "info functions", "info types", "info variables"
- "info thread"
- "info proc"
- System call alias catchpoint support on FreeBSD
- "target remote" support for Unix Domain sockets.
* Support for displaying all files opened by a process
* DWARF index cache: GDB can now automatically save indices of DWARF
symbols on disk to speed up further loading of the same binaries.
* Various GDB/MI enhancements.
* GDBserver on PowerPC GNU/Linux now supports access to the PPR,
DSCR, TAR, EBB/PMU, and HTM registers.
* Ada task switching support when debugging programs built with
the Ravenscar profile added to aarch64-elf.
* GDB in batch mode now exits with status 1 if the last executed
command failed.
* Support for building GDB with GCC's Undefined Behavior Sanitizer.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This unifies MAC address patch functions and moves them to a
common script. While those were implemented differently for
different targets, they all seem to do the same. The number of
different variants is significantly reduced by this patch.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This moves the almost identical calibration data extraction
functions present multiple times in several targets to a single
library file /lib/functions/caldata.sh.
Functions are renamed with more generic names to merge different
variants that only differ in their names.
Most of the targets used find_mtd_chardev, while some used
find_mtd_part inside the extraction code. To merge them, the more
abundant version with find_mtd_chardev is used in the common code.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[rebase on latest master; add mpc85xx]
Signed-off-by: David Bauer <mail@david-bauer.net>
The xor() function is defined in each of the caldata extraction
scripts for several targets. Move it to functions.sh to reduce
duplicate code.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This driver supports the Bosch Sensortec BME680 gas, humidity, pressure
and temperature sensor.
Tested I2C and SPI modes on a Raspberry Pi Zero W.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Upon writing to "remove" file, debugfs_remove_recursive() blocks while
holding rtnl_lock. This is because debugfs' file_ops callbacks are
executed in debugfs_use_file_*() context which prevents file removal.
Fix this by only flagging the device for removal and then do the cleanup
in file_ops.release callback which is executed out of that context.
Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
Since v3.11, netdevice notification data are of type
"struct netdev_notifier_info". Handle it as such!
This should fix a critical bug in which devices are unable get released
because trelay does not release resources in response to UNREGISTER
event spamming the log with something like:
unregister_netdevice: waiting for eth0.1 to become free. Usage count = 1
Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
crypto-arc4 move into a module with commit c3a78955f3,
fs-nfs-common-rpcsec compile error without arc4 support.
Ref: https://github.com/openwrt/packages/issues/9912
Fixes: c3a78955f3 ("kernel: move crypto-arc4 into a module")
Signed-off-by: Ruixi Zhou <zhouruixi@gmail.com>
"coreutil-date" package from the packages feed replaces the Busybox date
applet by symlinking /usr/bin/gnu-date to /bin/date. This prevents the system
init script from setting kernel timezone because the GNU date utility does not
provide such functionality:
root@OpenWrt:~# date -k
date: invalid option -- 'k'
Try 'date --help' for more information.
A specific reference to the Busybox date applet prevents alternative date
utilities from breaking the system init script.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
The first allows usage of several functions in the std namespace, which
broke compilation of gddrescue specifically with uClibc-ng and uClibc++.
The second allows usage of long long with normal C++11, which is part of
the standard. Before, std=gnu++11 needed to be passsed to work around it.
As a result of the second patch, the pedantic patch can safely be removed.
Both patches are upstream backports.
Added -std=c++11 to CFLAGS to guarentee proper inclusion of long long.
Added another patch that fixes a typo with the long long support. Sent to
upstream.
Fixed up license information according to SPDX.
Small cleanups for consistency.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add missing dependencies to i2c-core and regmap-spi. These get activated
when these modules are build in this driver, which is the case when we
build all modules. This fixes the build on some targets. This was found
by the buildbot.
Fixes: 34e2526f9f ("kernel: add kmod-rtc-pcf2127")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Current hash doesn't match with the content of the source tarball.
Fixes: a92f74ba8d ("libnl-tiny: move source code into separate Git repository")
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
71c2ef0420b5 mt76: fix aggregation stop issue
5b02a078d4a7 mt76: add missing locking around ampdu action
7d8764d320cf mt76: avoid enabling interrupt if NAPI poll is still pending
d94cc81d3980 mt76: drop rcu read lock in mt76_rx_aggr_stop
c11a4ad06d9d mt76: mt76x0: eeprom: add support for MAC address from OF
01642d8bed33 mt76: mt76x02: fix use-after-free in tx status code handling airtime
391e1488f885 mt76: add sanity check for a-mpdu rx wcid index
d3a589586d1b mt76: fix a-mpdu boundary detection issue for airtime reporting
Signed-off-by: Felix Fietkau <nbd@nbd.name>
0d004db Revert "pppd: Include time.h before using time_t"
e400854 pppdump: Eliminate printf format warning by using %zd
7f2f0de pppd: Refactor setjmp/longjmp with pipe pair in event wait loop
4e71317 make: Avoid using host include for cross-compiling
3202f89 pppoe: Remove the use of cdefs
d8e8d7a pppd: Remove unused rcsid variables
486f854 pppd: Fix GLIBC version test for non-glibc toolchains
b6cd558 pppd: Include time.h before using time_t
ef8ec11 radius: Fix compiler warning
f6330ec magic: Remove K&R style of arguments
347904e Add Submitting-patches.md
Remove patches 130-no_cdefs_h.patch, 131-missing_prototype_macro.patch,
132-fix_linux_includes.patch as fixed upstream
Refresh patches
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
In non-ETSI regulatory domains scan is blocked when operating channel
is a DFS channel. For ETSI, however, once DFS channel is marked as
available after the CAC, this channel will remain available (for some
time) even after leaving this channel.
Therefore a scan can be done without any impact on the availability
of the DFS channel as no new CAC is required after the scan.
Enable scan in mac80211 in these cases.
Signed-off-by: Aaron Komisar <aaron.komisar@tandemg.com>
Link: https://lore.kernel.org/r/1570024728-17284-1-git-send-email-aaron.komisar@tandemg.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
The factory uboot of the Turris Omnia boots with "root=b301", and we
instruct new users to sysupgrade from there (e.g. method 1, step 7).
Currently, this will fail with "Unable to determine upgrade device".
Add a new case to export_bootdevice, which parses the hex argument.
Fixes commit 2e5a0b81 ("mvebu: sysupgrade: sdcard: keep user added ...")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
gcc-8 switch -ffile-prefix-map helps a lot with reproducible build paths
in the resulting binaries.
Ref: https://reproducible-builds.org/docs/build-path/
Signed-off-by: Paul Spooren <mail@aparcar.org>
[refactored into separate commit]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
In order to make the source code usable and testable separately out of
buildroot.
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This backport fixes high latency (>100ms) on the WiFi link when using a
QCA988x Wave 1 radio. The ath10k-ct driver is not affected by this bug
from my testing, hence why it hasn't been discovered earlier.
Signed-off-by: David Bauer <mail@david-bauer.net>
Wifi HE (ieee80211ax) parsing is currently only activated in the full
version because it increases the compressed size by 2.5KBytes.
This also activates link time optimization (LTO) again, the problem was
fixed upstream
This increases the uncompressed binary size of iw-tiny by about 1.7%
old:
34446 iw_5.0.1-1_mipsel_24kc.ipk
new:
35064 iw_5.3-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
https://patchwork.kernel.org/patch/11161981/
--
From: Stanislaw Gruszka <sgruszka@redhat.com>
Subject: [PATCH] rt2x00: initialize last_reset
Initialize last_reset variable to INITIAL_JIFFIES, otherwise it is not
possible to test H/W reset for first 5 minutes of system run.
Fixes: e403fa31ed71 ("rt2x00: add restart hw")
Reported-and-tested-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
--
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Changes since 0.0.20190702:
define conversion constants for ancient kernels
android: refactor and add incoming allow rules
enforce that unused bits of flags are zero
immediately rekey all peers after changing device private key
support running in OpenVZ environments
do not run bc on clean target
skip peers with invalid keys
account for upstream configuration maze changes
openbsd: fix alternate routing table syntax
account for android-4.9 backport of addr_gen_mode
don't fail down when using systemd-resolved
allow specifying kernel release
enforce named pipe ownership and use protected prefix
work around ubuntu breakage
support newer PaX
don't rewrite siphash when it's from compat
squelch warnings for stack limit on broken kernel configs
support rhel/centos 7.7
Signed-off-by: Brandy Krueger <krueger.brandy24@gmail.com>
572ff7f fritzcreator: actually add checksum spacer
6edce1a fritzcreator: replace obscure padding generation with something more portable
2ff189f add ASUS RT-AC58U "easy install" factory u-boot shim
b91f9c2 readd spi-nand support
486ae53 improve cmd_sysupgrade
b0933f1 replace sstrip with strip
882e48a do not include generated files into git
0c5aa5f fix bugs in ipq40xx_cdp.c
Signed-off-by: David Bauer <mail@david-bauer.net>
hostapd will not use the getrandom() syscall and as a fallback use
/dev/random, the syscall is supported since Linux 3.17 and in the musl,
glibc and uclibc version used by OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
All the content of this function is proceeded by IEEE8021X_EAPOL no code
accesses the ssid variable outside of this ifdef.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The size of the ipkgs increase a bit (between 0.7% and 1.1%):
old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk
new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.
The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*
The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.
The size of the ipkgs increase a bit (between 1.3% and 2.3%):
old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
4327ed4 mkdev: Avoid out of bounds read
9b3eb63 libblkid-tiny: use blkid_probe_set_utf8label for label set
c9d0462 libblkid-tiny: adds blkid_probe_set_utf8label support
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Needed for glib2 host build:
gresource-tool.c:32:20: fatal error: libelf.h: No such file or directory
#include <libelf.h>
Changed PKG_LICENSE to the SPDX version.
Switched build dependency for argp-standalone to !USE_GLIBC. argp is a
glibc extension. Treat it as such.
Adjusted patch to use strerror_l, which works properly with both glibc
and musl. The patch errors under glibc with:
dwfl_error.c:158:7: error: ignoring return value of 'strerror_r', declared
with attribute warn_unused_result [-Werror=unused-result]
strerror_r (error & 0xffff, s, sizeof(s));
void casting does not fix the error.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure. This applies a couple of upstream
patches fixing this.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch,
the issue has been fixed upstream.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
This patch was originally added to fix compilation with v4l2rtspserver.
Turns out it was v4l2rtspserver that was broken, not uClibc++. This now
causes issues with a different package where the arguments are being
split.
Note that with this patch, shellcheck throws an error:
SC2068: Double quote array expansions to avoid re-splitting elements.
More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373
Signed-off-by: Rosen Penev <rosenp@gmail.com>
For AP mode, OpenWrt automatically sets ieee80211w to either 1 or 2, depending
on whether the encryption is set to sae-mixed, or sae/owe/eap suite-b.
Mirror the same defaults for client mode connections, in order to allow an
OpenWrt station to associate to an OpenWrt ap with SAE, OWE or Suite-B encryption
without the need to manually specify "option ieee80211w" on the station.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This changes fixes the generation of the wpa_supplicant client configuration
in WPA3 OWE client mode. Instead of incorrectly emitting key_mgmt=NONE, use
the proper key_mgmt=OWE setting instead.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
add module to support Emulex OneConnect
common in 10Gbit SFP+ cards by Dell/HP/IBM
supports OneConnect OCe10xxx OCe11xxx OCe14xxx,
LightPulse LPe12xxx
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if
CONFIG_WPS is not defined. With the later inclusion of
600-ubus_support, the issue manifests in warnings like these:
wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration
struct wpa_bss *bss)
^~~~~~~
This patch forward declares 'struct wpa_bss' regardless.
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The original wpa_hexdump uses a 'void *' for the payload. With patch
410-limit_debug_messages, the signature changes and compiler warnings
occur at various places. One such warning is:
wpa_debug.h:106:20: note: expected 'const u8 * {aka const unsigned char *}' but argument is of type 'struct wpa_eapol_key *'
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
For many devices, MAC addresses cannot be retrieved via the
device tree alias.
To still provide the label MAC address for those, this implements
a second mechanism that will put the address into uci config.
Note that this stores the actual MAC address, whereas in DTS
we reference the bearing device.
This is based on the work of Rosy Song <rosysong@rosinson.com>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
To refer to the MAC address on a device's label, one can
specify the alias label-mac-device in the DTS which should
point to the bearer of the corresponding MAC address.
With the function get_mac_label, the user can retrieve then
retrieve this address and use it as a value that uniquely
identifies his device.
This is severely helpful for several downstream functionalities,
e.g. define MAC addresses of custom netifs or change the SSID to
be easily recognizable.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Refresh patches, for changes in version 7.66.0 see https://curl.haxx.se/changes.html#7_66_0
Fixes CVEs:
CVE-2019-5481
CVE-2019-5482
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This version fixes 3 low-severity vulnerabilities:
- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
CMS_decrypt_set1_pkey
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Since service and instance names may contain characters which are not allowed
in JSON path labels, such as dashes or spaces, change the filter expression
to array square bracket notation to properly match these cases as well.
Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This makes brcmfmac use the same wiphy after PCIe reset to help user
space handle corner cases (e.g. firmware crash).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Update the ath10k-ct driver version to 5e8cd86f90dac966d12df6ece84ac41458d0e95f
to enable dynamic VLANs to work. Patches refreshed during the bump.
Signed-off-by: Robert Marko <robimarko@gmail.com>
[commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This enables a feature flag in the wave-2 firmware wmi-services indicating it can send
software-encrypted raw frames. This should in turn allow the AP-VLAN feature to work.
Signed-off-by: Robert Marko <robimarko@gmail.com>
commit eb204d14f75c ("base-files: implement generic service_running")
introduced generic service_running so it's not needed to copy&paste same
3 lines over and over again.
I've removed service_running from netifd/network init script as well,
because it was not working properly, looked quite strange and I didn't
understand the intention:
$ /etc/init.d/network stop
$ service network running && echo "yes" || echo "nope"
( have to wait for 30s )
Command failed: Request timed out
yes
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Adds a default status action for init.d scripts.
procd "service status" will return:
0) for loaded services (even if disabled by conf or dead)
3) for inactive services
4) when filtering a non-existing instance
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[rebased, cleaned up]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
e73bf11 config: ra_management compatibility support
d818380 odhcpd: router: Fix out of scope memory access
94a1c94 dhcpv6-ia: free assignment when validity timer expires
752fc2c router: speed up initial router advertisements
09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed
79eb160 router: fix previous commit
6034b5c router: close socket upon NETEV_IFINDEX_CHANGE
000182f router: fix lingering uloop socket descriptor
f6c2242 router: support ra_lifetime being 0
d111809 router: make RA flags configurable (FS#2019)
Update odhcpd defaults according to the new RA flags implementation
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886
1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887
Signed-off-by: David Bauer <mail@david-bauer.net>
Now that $UPGRADE_BACKUP is set conditionally there is no need to check
the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
b8238df sysupgrade: support "backup" attribute
This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This allows platform code to check if firmware image can be used with
preserving a backup. It may be used e.g. when installing vendor
firmwares that won't restore appended backup archive.
Suggested-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.
This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code
This update includes a fix for uninitialized variable usage.
Fixes: 7290963d09 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.
This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The mtd_get_mac_text helper method did not support hexadecimal offset
values, resulting them to break after 75bfc393ba ("treewide:
convert MAC address location offsets to hexadecimal")
This commit fixes this by evaluating the hexadecimal input,
converting them to decimal.
Signed-off-by: David Bauer <mail@david-bauer.net>
1) Add BACKUP_FILE and use it when copying an archive to be restored
after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
ABI version is same.
The ipkg size increase by about 2.2%:
old:
47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk
new:
48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This adds an 'eckey' command to generate an EC key, with an optional
curve name argument, with P-256 as default.
For the 'selfsigned' command, it adds an 'ec' algorithm argument to the
'-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option,
mirroring the way openssl specifies the curve name.
Notice that curve names are not necessarily the same in mbedtls and
openssl. In particular, secp256r1 works for mbedtls, but openssl uses
prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256
and P-384 are specifically supported.
Package size increased by about 900 bytes (arm).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Instead, instruct the configure script to use $(FPIC) only.
Mixing -fPIC and -fpic can cause issues on some platforms like PPC.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The configure scripts matches Linux with -fPIC, which is not exactly what
is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to
avoid passing -fPIC.
Removed PKG_BUILD_DIR as it is already the default value.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Since the binaries for both lua as well as lua5.3 contain the version
number, invocations of the "lua" binary are failing, as it's not created
anymore for the host package.
Fixes: fe59b46 ("lua: include version number in installed files")
Signed-off-by: David Bauer <mail@david-bauer.net>
So far firmware validation result was binary limited: it was either
successful or not. That meant various limitations, e.g.:
1) Lack of proper feedback on validation problems
2) No way of marking firmware as totally broken (impossible to install)
This change introduces JSON for storing detailed validation info. It
provides a list of performed validation tests and their results. It
allows marking firmware as non-forceable (broken image that can't be
even forced to install).
Example:
{
"tests": {
"fwtool_signature": true,
"fwtool_device_match": true
},
"valid": true,
"forceable": true
}
Implementation is based on *internal* check_image bash script that:
1) Uses existing validation functions
2) Provides helpers for setting extra validation info
This allows e.g. platform_check_image() to call notify_check_broken()
when needed & prevent user from bricking a device.
Right now the new JSON info is used by /sbin/sysupgrade only. It still
doesn't make use of "forceable" as that is planned for later
development.
Further plans for this feature are:
1) Expose firmware validation using some new ubus method
2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
method so:
a) It's possible to safely sysupgrade using ubus only
b) /sbin/sysupgrade can be more like just a CLI
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
From: Stanislaw Gruszka <sgruszka@redhat.com>
This reverts commit 9ad3b55654455258a9463384edb40077439d879f.
As reported by Sergey:
"I got some problem after upgrade kernel to 5.2 version (debian testing
linux-image-5.2.0-2-amd64). 5Ghz client stopped to see AP.
Some tests with 1metre distance between client-AP: 2.4Ghz -22dBm, for
5Ghz - 53dBm !, for longer distance (8m + walls) 2.4 - 61dBm, 5Ghz not
visible."
It was identified that rx signal level degradation was caused by
9ad3b5565445 ("rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band").
So revert this commit.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Close cooperation with Lorenzo Bianconi resulted
in these patches which fix all remaining seen issues
when using dynack.
Fix link losses when:
- Late Ack's are not seen or not present
- switching from too low static coverage class to dynack on a live link
These are fixed by setting the Ack Timeout/Slottime to
the max possible value for the currently used channel width when
a new station has been discovered.
When traffic flows, dynack is able to adjust to optimal values
within a few packets received (typically < 1 second)
These changes have been thoroughly tested on ~60 offshore devices
all interconnected using mesh over IBSS and dynack enabled on all.
Distances between devices varied from <100m up to ~35km
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
6a61b9a probe: fallback to libblkid.so.1 when libblkid.so does not exist
Also remove deprecation notices from init script while we're at it.
Fixes: FS#2274
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
a9f9557 nl80211: support reading hardware id from phy directly
c586cd3 iwinfo: add device id for MediaTek MT7612E
d4382dd iwinfo: add device id for Atheros AR9390
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This should fix a problem with 1560 MTU, 160Mhz on DFS channels,
some other small issues on < 5.2 kernels, and for 5.2 driver,
it pulls in some upstream stable fixes.
wave-1 firmware changes since last update:
* June 24, 2019: Try allocating low-priority WMI msgs if high-prio are not available.
* June 24, 2019: Init rate-ctrl to start at lowest rate instead of in the middle. Hoping
this helps DHCP when station connects from a long distance.
wave-2:
* June 24, 2019 Start rate-ctrl at minimal values to help DHCP work better for far-away peers.
* July 24, 2019 Fix old regression that made /a (and probably /b/g) perform poorly, at least on
diet-compiled images.
* Aug 8, 2019 Improve a/b/g rate-ctrl by damping the PER swings caused by the all-or-nothing logic
of transmitting non-block-ack frames one at a time.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>