The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enable engine support by default. Right now, some packages require
this, so it is always enabled by the bots. Many packages will compile
differently when engine support is detected, needing engine symbols from
the libraries.
However, being off by default, a user compiling its own image will fail
to run some popular packages from the official repo.
Note that disabling engines did not work in 1.0.2, so this problem never
showed up before.
NPN support has been removed in major browsers & servers, and has become
a small bloat, so it does not make sense to leave it on by default.
Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Currently the Geode builds fails on following kernel module missing
dependencies:
Package kmod-drm-amdgpu is missing dependencies for the following libraries:
backlight.ko
drm_kms_helper.ko
fb.ko
ttm.ko
So this patch tries to fix the kmod-drm-amdgpu module dependecies.
Fixes: 2f239c0 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918e ("x86: video: add radeon DRM module support")
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
Commit 6e060bd62c introduced a dependency to the dialout group.
Adding this group to the "group" file in the base-files package is not
enough to handle this dependency, because after a sysupgrade this entry
will be missing in the "group" file.
To address this problem the dependencies to the required groups needs to
be set in the Makefile of the procd package.
Then, the uci-default script "13_fix_group_user" will add the groups
on first boot-up after a sysupgrade.
Fixes: 6e060bd62c ("base-files/hotplug: fix dedicated group for tty devices")
Tested-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Both targets have their own idea of how to use ehci-fsl.
This patch reverts part of commit
68b8d3b079 ("kernel: usb: add FSL EHCI package") and moves
ehci-fsl back into kmod-usb2, while also making it hopefully
useable for the mpc85xx target.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
24f9dc7 Iron out all extra compiler warnings
9d8dbc9 Enable extra compiler checks
ff8d356 mbim-proxy support
ccca03f umbim: add registration set support
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Replace the patch introduced by commit d0b969eee8 ("mac80211: rt2x00:
do not increment sequence number while re-transmitting") was merged
into wireless-drivers.git. Replace our version with the merged version.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
EAP-pwd missing commit validation
Published: April 10, 2019
Identifiers:
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for
scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for
scalar/element)
Latest version available from: https://w1.fi/security/2019-4/
Vulnerability
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate the received scalar and element
values in EAP-pwd-Commit messages properly. This could result in attacks
that would be able to complete EAP-pwd authentication exchange without
the attacker having to know the used password.
A reflection attack is possible against the EAP-pwd server since the
hostapd EAP server did not verify that the EAP-pwd-Commit contains
scalar/element values that differ from the ones the server sent out
itself. This allows the attacker to complete EAP-pwd authentication
without knowing the password, but this does not result in the attacker
being able to derive the session key (MSK), i.e., the attacker would not
be able to complete the following key exchange (e.g., 4-way handshake in
RSN/WPA).
An attack using invalid scalar/element values is possible against both
the EAP-pwd server and peer since hostapd and wpa_supplicant did not
validate these values in the received EAP-pwd-Commit messages. If the
used crypto library does not implement additional checks for the element
(EC point), this could result in attacks where the attacker could use a
specially crafted commit message values to manipulate the exchange to
result in deriving a session key value from a very small set of possible
values. This could further be used to attack the EAP-pwd server in a
practical manner. An attack against the EAP-pwd peer is slightly more
complex, but still consider practical. These invalid scalar/element
attacks could result in the attacker being able to complete
authentication and learn the session key and MSK to allow the key
exchange to be completed as well, i.e., the attacker gaining access to
the network in case of the attack against the EAP server or the attacker
being able to operate a rogue AP in case of the attack against the EAP
peer.
While similar attacks might be applicable against SAE, it should be
noted that the SAE implementation in hostapd and wpa_supplicant does
have the validation steps that were missing from the EAP-pwd
implementation and as such, these attacks do not apply to the current
SAE implementation. Old versions of wpa_supplicant/hostapd did not
include the reflection attack check in the SAE implementation, though,
since that was added in June 2015 for v2.5 (commit 6a58444d27fd 'SAE:
Verify that own/peer commit-scalar and COMMIT-ELEMENT are different').
Vulnerable versions/configurations
All hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build
configuration and EAP-pwd being enabled in the runtime configuration)
are vulnerable against the reflection attack.
All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration) are vulnerable against the invalid
scalar/element attack when built against a crypto library that does not
have an explicit validation step on imported EC points. The following
list indicates which cases are vulnerable/not vulnerable:
- OpenSSL v1.0.2 or older: vulnerable
- OpenSSL v1.1.0 or newer: not vulnerable
- BoringSSL with commit 38feb990a183 ('Require that EC points are on the
curve.') from September 2015: not vulnerable
- BoringSSL without commit 38feb990a183: vulnerable
- LibreSSL: vulnerable
- wolfssl: vulnerable
Acknowledgments
Thanks to Mathy Vanhoef (New York University Abu Dhabi) for discovering
and reporting the issues and for proposing changes to address them in
the implementation.
Possible mitigation steps
- Merge the following commits to wpa_supplicant/hostapd and rebuild:
CVE-2019-9497:
EAP-pwd server: Detect reflection attacks
CVE-2019-9498:
EAP-pwd server: Verify received scalar and element
EAP-pwd: Check element x,y coordinates explicitly
CVE-2019-9499:
EAP-pwd client: Verify received scalar and element
EAP-pwd: Check element x,y coordinates explicitly
These patches are available from https://w1.fi/security/2019-4/
- Update to wpa_supplicant/hostapd v2.8 or newer, once available
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
hostapd: fix SAE confirm missing state validation
Published: April 10, 2019
Identifiers:
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
Latest version available from: https://w1.fi/security/2019-3/
Vulnerability
When hostapd is used to operate an access point with SAE (Simultaneous
Authentication of Equals; also known as WPA3-Personal), an invalid
authentication sequence could result in the hostapd process terminating
due to a NULL pointer dereference when processing SAE confirm
message. This was caused by missing state validation steps when
processing the SAE confirm message in hostapd/AP mode.
Similar cases against the wpa_supplicant SAE station implementation had
already been tested by the hwsim test cases, but those sequences did not
trigger this specific code path in AP mode which is why the issue was
not discovered earlier.
An attacker in radio range of an access point using hostapd in SAE
configuration could use this issue to perform a denial of service attack
by forcing the hostapd process to terminate.
Vulnerable versions/configurations
All hostapd versions with SAE support (CONFIG_SAE=y in the build
configuration and SAE being enabled in the runtime configuration).
Possible mitigation steps
- Merge the following commit to hostapd and rebuild:
SAE: Fix confirm message validation in error cases
These patches are available from https://w1.fi/security/2019-3/
- Update to hostapd v2.8 or newer, once available
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
EAP-pwd side-channel attack
Published: April 10, 2019
Identifiers:
- CVE-2019-9495 (cache attack against EAP-pwd)
Latest version available from: https://w1.fi/security/2019-2/
Vulnerability
Number of potential side channel attacks were recently discovered in the
SAE implementations used by both hostapd and wpa_supplicant (see
security advisory 2019-1 and VU#871675). EAP-pwd uses a similar design
for deriving PWE from the password and while a specific attack against
EAP-pwd is not yet known to be tested, there is no reason to believe
that the EAP-pwd implementation would be immune against the type of
cache attack that was identified for the SAE implementation. Since the
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) does not support MODP groups, the timing attack described against
SAE is not applicable for the EAP-pwd implementation.
A novel cache-based attack against SAE handshake would likely be
applicable against the EAP-pwd implementation. Even though the
wpa_supplicant/hostapd PWE derivation iteration for EAP-pwd has
protections against timing attacks, this new cache-based attack might
enable an attacker to determine which code branch is taken in the
iteration if the attacker is able to run unprivileged code on the victim
machine (e.g., an app installed on a smart phone or potentially a
JavaScript code on a web site loaded by a web browser). This depends on
the used CPU not providing sufficient protection to prevent unprivileged
applications from observing memory access patterns through the shared
cache (which is the most likely case with today's designs).
The attacker could use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full recovery of the used password if that password is
not strong enough to protect against dictionary attacks.
This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on an authentication server
(EAP server), so the most likely target for this would be a client
device using EAP-pwd.
The commits listed in the end of this advisory change the EAP-pwd
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.
Vulnerable versions/configurations
All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration).
It should also be noted that older versions of wpa_supplicant/hostapd
prior to v2.7 did not include additional protection against certain
timing differences. The definition of the EAP-pwd (RFC 5931) does not
describe such protection, but the same issue that was addressed in SAE
earlier can be applicable against EAP-pwd as well and as such, that
implementation specific extra protection (commit 22ac3dfebf7b, "EAP-pwd:
Mask timing of PWE derivation") is needed to avoid showing externally
visible timing differences that could leak information about the
password. Any uses of older wpa_supplicant/hostapd versions with EAP-pwd
are recommended to update to v2.7 or newer in addition to the mitigation
steps listed below for the more recently discovered issue.
Possible mitigation steps
- Merge the following commits to wpa_supplicant/hostapd and rebuild:
OpenSSL: Use constant time operations for private bignums
Add helper functions for constant time operations
OpenSSL: Use constant time selection for crypto_bignum_legendre()
EAP-pwd: Use constant time and memory access for finding the PWE
These patches are available from https://w1.fi/security/2019-2/
- Update to wpa_supplicant/hostapd v2.8 or newer, once available
- Use strong passwords to prevent dictionary attacks
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
SAE side-channel attacks
Published: April 10, 2019
Identifiers:
- VU#871675
- CVE-2019-9494 (cache attack against SAE)
Latest version available from: https://w1.fi/security/2019-1/
Vulnerability
Number of potential side channel attacks were discovered in the SAE
implementations used by both hostapd (AP) and wpa_supplicant
(infrastructure BSS station/mesh station). SAE (Simultaneous
Authentication of Equals) is also known as WPA3-Personal. The discovered
side channel attacks may be able to leak information about the used
password based on observable timing differences and cache access
patterns. This might result in full password recovery when combined with
an offline dictionary attack and if the password is not strong enough to
protect against dictionary attacks.
Cache attack
A novel cache-based attack against SAE handshake was discovered. This
attack targets SAE with ECC groups. ECC group 19 being the mandatory
group to support and the most likely used group for SAE today, so this
attack applies to the most common SAE use case. Even though the PWE
derivation iteration in SAE has protections against timing attacks, this
new cache-based attack enables an attacker to determine which code
branch is taken in the iteration if the attacker is able to run
unprivileged code on the victim machine (e.g., an app installed on a
smart phone or potentially a JavaScript code on a web site loaded by a
web browser). This depends on the used CPU not providing sufficient
protection to prevent unprivileged applications from observing memory
access patterns through the shared cache (which is the most likely case
with today's designs).
The attacker can use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full discovery of the used password.
This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on access points, so the
most likely target for this would be a client device using SAE in an
infrastructure BSS or mesh BSS.
The commits listed in the end of this advisory change the SAE
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.
Timing attack
The timing attack applies to the MODP groups 22, 23, and 24 where the
PWE generation algorithm defined for SAE can have sufficient timing
differences for an attacker to be able to determine how many rounds were
needed to find the PWE based on the used password and MAC
addresses. When the attack is repeated with multiple times, the attacker
may be able to gather enough information about the password to be able
to recover it fully using an offline dictionary attack if the password
is not strong enough to protect against dictionary attacks. This attack
could be performed by an attacker in radio range of an access point or a
station enabling the specific MODP groups.
This timing attack requires the applicable MODP groups to be enabled
explicitly in hostapd/wpa_supplicant configuration (sae_groups
parameter). All versions of hostapd/wpa_supplicant have disabled these
groups by default.
While this security advisory lists couple of commits introducing
additional protection for MODP groups in SAE, it should be noted that
the groups 22, 23, and 24 are not considered strong enough to meet the
current expectation for a secure system. As such, their use is
discouraged even if the additional protection mechanisms in the
implementation are included.
Vulnerable versions/configurations
All wpa_supplicant and hostapd versions with SAE support (CONFIG_SAE=y
in the build configuration and SAE being enabled in the runtime
configuration).
Acknowledgments
Thanks to Mathy Vanhoef (New York University Abu Dhabi) and Eyal Ronen
(Tel Aviv University) for discovering the issues and for discussions on
how to address them.
Possible mitigation steps
- Merge the following commits to wpa_supplicant/hostapd and rebuild:
OpenSSL: Use constant time operations for private bignums
Add helper functions for constant time operations
OpenSSL: Use constant time selection for crypto_bignum_legendre()
SAE: Minimize timing differences in PWE derivation
SAE: Avoid branches in is_quadratic_residue_blind()
SAE: Mask timing of MODP groups 22, 23, 24
SAE: Use const_time selection for PWE in FFC
SAE: Use constant time operations in sae_test_pwd_seed_ffc()
These patches are available from https://w1.fi/security/2019-1/
- Update to wpa_supplicant/hostapd v2.8 or newer, once available
- In addition to either of the above alternatives, disable MODP groups
1, 2, 5, 22, 23, and 24 by removing them from hostapd/wpa_supplicant
sae_groups runtime configuration parameter, if they were explicitly
enabled since those groups are not considered strong enough to meet
current security expectations. The groups 22, 23, and 24 are related
to the discovered side channel (timing) attack. The other groups in
the list are consider too weak to provide sufficient security. Note
that all these groups have been disabled by default in all
hostapd/wpa_supplicant versions and these would be used only if
explicitly enabled in the configuration.
- Use strong passwords to prevent dictionary attacks
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
With this change, the file is reduced from 5186 bytes to 4649 bytes that
its approximately 10.5 percent less memory consumption. For small
devices, sometimes every byte counts.
Also, all other protocol handler use tabs instead of spaces.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This is sold as a dual-band 802.11ac range extender. It has a sliding
switch for Extender mode or Access Point mode, a WPS button, a recessed
Reset button, a hard-power button, and a multitude of LED's, some
multiplexed via an NXP 74AHC164D chip. The internal serial header pinout is
Vcc, Tx, Rx, GND, with GND closest to the corner of the board. You may
connect at 115200 bps, 8 data bits, no parity, 1 stop bit.
Specification:
- System-On-Chip: QCA9558
- CPU/Speed: 720 MHz
- Flash-Chip: Winbond 25Q128FVSG
- Flash size: 16 MiB
- RAM: 128 MiB
- Wireless No1: QCA9558 on-chip 2.4GHz 802.11bgn, 3x3
- Wireless No2: QCA99x0 chip 5GHz 802.11an+ac, 4x4
- PHY: Atheros AR8035-A
Installation:
If you can get to the stock firmware's firmware upgrade option, just feed
it the factory.img and boot as usual. As an alternative, TFTP the
factory.img to the bootloader.
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
[whitespace fix in DTS and reorder of make variables]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fix dbclient regression in 2019.77. After exiting the terminal would be left
in a bad state. Reported by Ryan Woodsmall
drop patch applied upstream:
010-tty-modes-werent-reset-for-client.patch
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
We do not need to define an empty Build/Configure since
the default checks for existing ./configure and does nothing
in case nothing is found.
Similar for Build/Compile: we can remove the definition
when we only call the default.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
After getting rid of cryptsetup's heavy openssl dependency, there is now
the problem of missing RIPEMD160 support. RIPEMD160 is used for True/Vera
crypt volumes as well as old LUKS1 ones.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Currently leds migration scripts in ar71xx and lantiq share a lot of
logic and introducing leds migration to another target would mean
copying this code, again. Therefore add common logic to library in
base-files package.
Suggested-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
* allowedips: initialize list head when removing intermediate nodes
Fix for an important regression in removing allowed IPs from the last
snapshot. We have new test cases to catch these in the future as well.
* tools: warn if an AllowedIP has a nonzero host part
If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8)
will now print a warning. Even though we mask this automatically down to
192.168.1.0/24, usually when people specify it like this, it's a mistake.
* wg-quick: add 'strip' subcommand
The new strip subcommand prints the config file to stdout after stripping
it of all wg-quick-specific options. This enables tricks such as:
`wg addconf $DEV <(wg-quick strip $DEV)`.
* tools: avoid unneccessary next_peer assignments in sort_peers()
Small C optimization the compiler was probably already doing.
* peerlookup: rename from hashtables
* allowedips: do not use __always_inline
* device: use skb accessor functions where possible
Suggested tweaks from Dave Miller.
* blake2s: simplify
* blake2s: remove outlen parameter from final
The blake2s implementation has been simplified, since we don't use any of the
fancy tree hashing parameters or the like. We also no longer separate the
output length at initialization time from the output length at finalization
time.
* global: the _bh variety of rcu helpers have been unified
* compat: nf_nat_core.h was removed upstream
* compat: backport skb_mark_not_on_list
The usual assortment of compat fixes for Linux 5.1.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The removed patches are now integrated in the upstream kernel.
Refresh all patches on top of the new backports release.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Add U-Boot for NVIDIA Tegra based boards, with the first being CompuLab
TrimSlice. This is part of initial support for this board.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
New target introduces initial support for NVIDIA Tegra SoC based devices.
It focuses on Tegra 2 CPUs, for successors supporting NEON instruction
set the target should be split in two subtargets.
This initial commit doesn't create any device image, it's groundwork
for further additions.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Commit 124ab1dc0a and 5523ee3459 introduced the assignment of the
group "tty" to /dev/tty* devices in order to support unprivileged
user access to serial devices.
However, due to an improperly rebased commit this feature broke.
This patch restores the lost hunk in hotplug.json file to
re-introduce this feature and also renames the existing "tty" group
to "dialout" as this is the more typical name for such a group
on desktop systems.
Fixes: 5209cfa534 ("procd: fix hotplug.json syntax")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
OpenVPN as of 2.4.7 uses some OpenSSL APIs that are deprecated in
OpenSSL >= 1.1.0.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [white space fix]
361b3e4 proto-shell: return error in case setup fails
a97297d interface: set interface in TEARDOWN state when checking link state
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Increase MAX_WAIT_FW_COMPLETE_ITERATIONS to 10000 as before commit
e5e0700 to prevent timeout as reported here: #308 (Original OP issue is
probably not related though as his post preceeds commit e5e0700).
compile/test target mvebu/mamba, rango
Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
[commit subject and message tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Release notes since last time:
Release notes for wave-1 / 10.1:
2019-03-28: Fix sometimes using bad TID for management frames
in htt-mgt mode. (Backported from wave2, looks
like bug would be the same though.)
Release notes for wave-2 / 10.4:
2019-03-28: Fix off-channel scanning while associated in
proxy-station mode.
2019-03-29: Fix sometimes sending mgt frames on wrong tid when
using htt-mgt. This bug has been around since I first
enabled htt-mgt mode.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
c2cfe9d iwinfo: Fix 802.11ad channel to frequency
Fixes 9725aa271a ("iwinfo: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant
bc2c876 libfstools: Print error in case of loop blkdev failure
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Instead of creating host-routes depending on fwmark as (accidentally)
pushed by commit
1e8bb50b93 ("wireguard: do not add host-dependencies if fwmark is set")
use a new config option 'nohostroute' to explicitely prevent creation
of the route to the endpoint.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The 'fwmark' option is used to define routing traffic to
wireguard endpoints to go through specific routing tables.
In that case it doesn't make sense to setup routes for
host-dependencies in the 'main' table, so skip setting host
dependencies if 'fwmark' is set.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The 4.14.108 bump introduced a missing dependency when building
specific netfilters.
Thsi was not seen as the error does not occur on all targets.
Thanks to Jo-Philipp Wich for providing the fix
Fixes: af6c86dbe5 ("kernel: bump 4.14 to 4.14.108")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
- limit ECC support to ec*-sha2-nistp256:
* DROPBEAR_ECC now provides only basic support for ECC
- provide full ECC support as an option:
* DROPBEAR_ECC_FULL brings back support for ec{dh,dsa}-sha2-nistp{384,521}
- update feature costs in binary size
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* option "keyfile" is more generic than "rsakeyfile".
* option "rsakeyfile" is considered to be deprecated and should be removed
in future releases.
* warn user (in syslog) if option "rsakeyfile" is used
* better check options ("rsakeyfile" and "keyfile"): don't append
"-r keyfile" to command line if file is absent (doesn't exist or empty),
warn user (in syslog) about such files
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Felix Fietkau pointed out that bundled libtomcrypt/libtommath do funny stuff with CFLAGS.
fix this with checking environment variable OPENWRT_BUILD in both libs.
change in dropbear binary size is drastical: 221621 -> 164277.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
compiler complains about messed up CFLAGS in build log:
<command-line>: warning: "_FORTIFY_SOURCE" redefined
<command-line>: note: this is the location of the previous definition
and then linker fails:
mips-openwrt-linux-musl-gcc [...] -o dropbearmulti [...]
collect2: fatal error: ld terminated with signal 11 [Segmentation fault]
compilation terminated.
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans0.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans1.ltrans.o: relocation R_MIPS_HI16 against `ses' can not be used when making a shared object; recompile with -fPIC
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans2.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
[...]
/staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
make[3]: *** [Makefile:198: dropbearmulti] Error 1
make[3]: *** Deleting file 'dropbearmulti'
make[3]: Leaving directory '/build_dir/target-mips_24kc_musl/dropbear-2018.76'
make[2]: *** [Makefile:158: /build_dir/target-mips_24kc_musl/dropbear-2018.76/.built] Error 2
make[2]: Leaving directory '/package/network/services/dropbear'
This FTBFS issue was caused by hardening flags set up by dropbear's configure script.
By default, Dropbear offers hardening via CFLAGS and LDFLAGS,
but this may break or confuse OpenWrt settings.
Remove most Dropbear's hardening settings in favour of precise build,
but preserve Spectre v2 mitigations:
* -mfunction-return=thunk
* -mindirect-branch=thunk
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Release notes since last time:
Release notes for wave-1:
- 2019-03-12: Add btcoex feature flag for 2.4Ghz only adapters,
backported from upstream 10.2 firmware.
- 2019-03-12: Support offloading decrypt of PMF blockack frames
to the host. This lets us do blockack with PMF and
rx-sw-crypt. Normal hwcrypt scenarios would not need this.
Release notes for wave-2:
- 2019-03-12: Fix crash when tearing down VI TID when pending frames
exist. Could reproduce this while doing rmmod when VI
traffic was flowing and PMF was enabled but broken.
Bad luck could rarely cause it to happen in more normal
config too.
- 2019-03-12: Support offloading decrypt of PMF blockack frames to
the host. This lets us do blockack with PMF and
rx-sw-crypt. Normal hwcrypt scenarios would not need this.
- 2019-03-12: Re-work problematic patch that attempted to fix transmit
on non-QOS tids. It appears buggy in several ways,
hopefully improved now. This was introduced last fall.
See github bug 78.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
4d8c7e8 mt76: mt76x02: send no-skb tx status without holding the status lock
7e9e9ad mt76: mt7603: add missing initialization for dev->ps_lock
3a7e6bb mt76: fix potential deadlock on cancelling workqueues
deacb8f mt76: fix using mac80211 tx skb header padding
c9402eb mt76: use napi polling for tx cleanup
60e508e mt76: use readl/writel instead of ioread32/iowrite32
5912e8a mt7603: fix sequence number assignment
95a83cc mt7603: send BAR after powersave wakeup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
a8cf037 netifd: wireless: Add support for GCMP cipher
34a70b6 netifd: wireless: Add support for 802.11ad
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit 0331770299.
With LTO enabled valgridn does not build on MIPS32 any more, deactivate
it for now. The patch refresh was not reverted.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Openssl 1.1.0 made wholesale changes to its building system.
Apparently, parallel builds are working now.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
The PKG_MIRROR_HASH was for some reason wrong.
Fixes: d75db67870 ("uboot-fritz4040: bump version to 2019-03-03")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
- Former "mir3g" board name becomes "xiaomi,mir3g".
- Reorder some entries to maintain alphabetical order.
- Change DTS so status LEDs (yellow/red/blue) mimic
Xiaomi stock firmware: (Section Indicator)
<http://files.xiaomi-mi.co.uk/files/router_pro/router%20PRO%20EN.pdf>
<http://files.xiaomi-mi.co.uk/files/Mi_WiFi_router_3/MiWiFi_router3_EN.pdf>
|Yellow: Update (LED flickering), the launch of the system (steady light);
|Blue: during normal operation (steady light);
|Red: Safe mode (display flicker), system failure (steady light);
Signed-off-by: Ozgur Can Leonard <ozgurcan@gmail.com>
[Added link to similar Router 3 model]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
- Tested on Turris MOX, OpenWrt master
- Removed PKG_BUILD_DIR
In build_dir there were two folders
ca-certificates and ca-certificates-20190110 and it failed as files
were in ca-certificates-20190110
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Hardware
--------
CPU: Qualcomm IPQ4018
RAM: 256M
FLASH: 32M SPI NOR W25Q256
ETH: QCA8075
WiFi2: IPQ4018 2T2R 2SS b/g/n
WiFi5: IPQ4018 2T2R 2SS n/ac
LED: - Power amber
- LAN1(PoE) green
- LAN2 green
- Wi-Fi 2.4GHz green
- Wi-Fi 5GHz green
BTN: - WPS
UART: 115200n8 3.3V J1
VCC(1) - GND(2) - TX(3) - RX(4)
Added basic support to get the device up and running for a sysupgrade
image only.
There is currently no way back to factory firmware, so this is a one-way
street to OpenWRT.
Install from factory condition is convoluted, and may brick your device:
1) Enable SSH and disable the CLI on the factory device from the web user
interface (Management->Advanced)
2) Reboot the device
3) Override the default, limited SSH shell:
a) Get into the ssh shell:
ssh admin@192.168.1.1 /bin/sh --login
b) Change the dropbear script to disable the limited shell. At the
empty command prompt type:
sed -i '/login_ssh/s/^/#/g’ dropbear
/etc/init.d/dropbear restart
exit
4) ssh in to a (now-) normal OpenWRT SSH session
5) Flash your built image
a) scp openwrt-ipq40xx-engenius_ens620ext-squashfs-sysupgrade.bin
admin@192.168.1.1:/tmp/
b) ssh admin@192.168.1.1
c) sysupgrade -n
/tmp/openwrt-ipq40xx-engenius_ens620ext-squashfs-sysupgrade.bin
6) After flash completes (it may say "Upgrade failed" followed by
"Upgrade completed") and device reboots, log in to newly flashed
system. Note you will now need to ssh as root rather than admin.
Signed-off-by: Steve Glennon <s.glennon@cablelabs.com>
[whitespace fixes, reordered partitions, removed rng node from 4.14,
fixed 901-arm-boot-add-dts-files.patch]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Update iproute2 to 5.0.0
Remove upstream patch 001-tc-fix-undefined-XATTR_SIZE_MAX
Alter patch 170-ip_tiny as support for IPX and DECnet is dropped
Update patch 010-cake-fwmark to match upstream commit
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Update the out of tree build of cake. Applicable patches are also in
net-next.
057c738 Fix fwmark_shft assignment (again)
ca6c162 Add support for storing mark back into conntrack
7ed9b6c Fix off-by-one error when setting fwmark_shft.
a4a243a sch_cake: Interpret fwmark parameter as a bitmask
29d707e Simplify logic in cake_select_tin()
8acaaee Permit use of connmarks as tin classifiers
348f186 Make the dual modes fairer
99a7297 compat: Don't lock root qdisc when dumping stats on old kernels
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
ipset utility was linked statically to libipset. Disable static library for dynamic linking to save space.
Add -Wl,--gc-sections,--as-needed for further reduction
MIPS ipk size:
ipset: 29KiB -> 2KiB
libipset: 39KiB -> 38KiB
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
The keyword "all" is only supported by `iw set antenna` if
it's used as the only argument.
Convert "all" into a mask before calling `iw set antenna`.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
00ac79d mt7603: fix initialization of max rx length
320af65 mt76: mt7603: use the correct hweight8() function
bdee924 mt76: fix schedule while atomic in mt76x02_reset_state
abcb544 mt76x02: do not enable RTS/CTS by default
e97a209 mt76: remove mt76_queue dependency from tx_queue_skb function pointer
ddd98f8 mt76: remove mt76_queue dependency from tx_prepare_skb function pointer
9bc2d56 mt76: remove mt76_queue dependency from tx_complete_skb function pointer
06c917f mt76: introduce mt76_sw_queue data structure
2dc63b0 mt76: introduce mt76_txq_id field in mt76_queue_entry
312f6fc mt76: remove irqsave/restore in locking for tx status fifo
0fe6386 mt76: move mt76x02_insert_hdr_pad in mt76-core module
efe9a47 mt76: mmio: move mt76_insert_hdr_pad in mt76_dma_tx_queue_skb
0b03f87 mt76: move skb dma mapping before running tx_prepare_skb
f977a92 mt76: introduce mt76_tx_info data structure
72fe286 mt76: use mac80211 txq scheduling
b77b932 mt76: reduce locking in mt76_dma_tx_cleanup
c0ab515 mt76: store wcid tx rate info in one u32 reduce locking
f37ad72 mt76: mt76x02: store software PN/IV in wcid
5323005 mt76: move tx tasklet to struct mt76_dev
688d708 mt76: only schedule txqs from the tx tasklet
42ce040 mt76: use TX_NEEDS_ALIGNED4_SKBS
2660aa9 mt76: mt7603: store software PN/IV in wcid
3ce8a93 mt76: dma: add static qualifier to mt76_dma_tx_queue_skb
81a32aa mt7603: remove mt7603_mcu_init routine
48dc7e9 mt7603: core: do not use magic numbers in mt7603_reg_map
2236490 mt76: usb: reduce code indentation in mt76u_alloc_tx
Signed-off-by: Felix Fietkau <nbd@nbd.name>
dnsmasq (and probably other DHCP servers as well) does not like to hand out
leases with duplicate host names.
Adding support for skipping the hostname makes it easier to deploy setups
where it is not guaranteed to be unique
Signed-off-by: Felix Fietkau <nbd@nbd.name>
In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all*
symbols into the dynamic symbol table. Instead, use --dynamic-list to
export a smaller set of symbols similar to that defined in static-syms.h
in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase.
The symbol set is based on that required by the only plugin, m_xt.so.
Also increment PKG_RELEASE.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE fixup]
This enables using the tc module m_xt.so, which uses the act_ipt kernel
module to allow tc actions based on iptables targets. e.g.
tc filter add dev eth0 parent 1: prio 10 protocol ip \
u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE
Make the SHARED_LIBS parameter configurable and based on tc package
selection.
Fix a problem using the tc m_xt.so plugin as also described in
https://bugs.debian.org/868059:
Sync include/xtables.h from iptables to make sure the right offset is
used when accessing structure members defined in libxtables. One could
get “Extension does not know id …” otherwise. (See also: #868059)
Patch to sync the included xtables.h with system iptables 1.6.x. This
continues to work with iptables 1.8.2.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Add build and runtime dependencies on libelf, allowing tc and ip-full
to load BPF and XDP object files respectively.
Define package 'tc' as a singleton package variant, which can be used to
enable additional functionality limited only to tc. Also set ip-tiny
as the default 'ip' variant.
Preserve optionality of libelf by having configuration script follow the
HAVE_ELF environment variable, used similarly to the HAVE_MNL variable.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Hardware
--------
CPU: Qualcomm IPQ4019
RAM: 256M (NANYA NT5CC128M16JR-EK)
FLASH: 128M NAND (Macronix MX30LF1G18AC-XKI)
ETH: Qualcomm QCA8072
WiFi2: IPQ4019 2T2R 2SS b/g/n
WiFi5: IPQ4019 2T2R 2SS n/ac
WiFi5: QCA9984 4T4R 4SS n/ac
LED: - Connect green/blue/red
- Power green
BTN: WPS/Connect
UART: 115200n8 3.3V
VCC - RX - TX - GND (Square is VCC)
Installation
------------
1. Grab the uboot for the Device from the 'u-boot-fritz3000'
subdirectory. Place it in the same directory as the 'eva_ramboot.py'
script. It is located in the 'scripts/flashing' subdirectory of the
OpenWRT tree.
2. Assign yourself the IP address 192.168.178.10/24. Connect your
Computer to one of the boxes LAN ports.
3. Connect Power to the Box. As soon as the LAN port of your computer
shows link, load the U-Boot to the box using following command.
> ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz3000.bin
4. The U-Boot will now start. Now assign yourself the IP address
192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
server root directory and rename it to 'FRITZ3000.bin'.
5. The Box will now boot OpenWRT from RAM. This can take up to two
minutes.
6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
scp. SSH into the Box and first write the Bootloader to both previous
kernel partitions.
> mtd write /path/to/uboot-fritz3000.bin uboot0
> mtd write /path/to/uboot-fritz3000.bin uboot1
7. Remove the AVM filesystem partitions to make room for our kernel +
rootfs + overlayfs.
> ubirmvol /dev/ubi0 --name=avm_filesys_0
> ubirmvol /dev/ubi0 --name=avm_filesys_1
8. Flash OpenWRT peristently using sysupgrade.
> sysupgrade -n /path/to/openwrt-sysupgrade.bin
Signed-off-by: David Bauer <mail@david-bauer.net>
AVM devices based on Qualcomm IPQ40xx do not store sector health
information in the OOB area. Make this check optional to support this
platform.
Signed-off-by: David Bauer <mail@david-bauer.net>
Hardware:
CPU: MediaTek MT7621AT (2x880MHz)
RAM: 512MB DDR3
FLASH: 256MB NAND
WiFi: 2.4GHz 4x4 MT7615 b/g/n (Needs driver, See Issues!)
WiFI: 5GHz 4x4 MT7615 a/n/ac (Needs driver, See Issues!)
USB: 1x 3.0
ETH: 1x WAN 10/100/1000 3x LAN 10/100/1000
LED: Power/Status
BTN: RESET
UART: 115200 8n1
Partition layout and boot:
Stock Xiaomi firmware has the MTD split into (among others)
- kernel0 (@0x200000)
- kernel1 (@0x600000)
- rootfs0
- rootfs1
- overlay (ubi)
Xiaomi uboot expects to find kernels at 0x200000 & 0x600000
referred to as system 1 & system 2 respectively.
a kernel is considered suitable for handing control over
if its linux magic number exists & uImage CRC are correct.
If either of those conditions fail, a matching sys'n'_fail flag
is set in uboot env & a restart performed in the hope that the
alternate kernel is okay.
If neither kernel checksums ok and both are marked failed, system 2
is booted anyway.
Note uboot's tftp flash install writes the transferred
image to both kernel partitions.
Installation:
Similar to the Xiaomi MIR3G, we keep stock Xiaomi firmware in
kernel0 for ease of recovery, and install OpenWRT into kernel1 and
after.
The installation file for OpenWRT is a *squashfs-factory.bin file that
contains the kernel and a ubi partition. This is flashed as follows:
nvram set flag_try_sys1_failed=1
nvram set flag_try_sys2_failed=0
nvram commit
dd if=factory.bin bs=1M count=4 | mtd write - kernel1
dd if=factory.bin bs=1M skip=4 | mtd write - rootfs0
reboot
Reverting to stock:
The part of stock firmware we've kept in kernel0 allows us to run stock
recovery, which will re-flash stock firmware from a *.bin file on a USB.
For this we do the following:
fw_setenv flag_try_sys1_failed 0
fw_setenv flag_try_sys2_failed 1
reboot
After reboot the LED status light will blink red, at which point pressing
the 'reset' button will cause stock firmware to be installed from USB.
Issues:
OpenWRT currently does not have support for the MT7615 wifi chips. There is
ongoing work to add mt7615 support to the open source mt76 driver. Until that
support is in place, there are closed-source kernel modules that can be used.
See: https://forum.openwrt.org/t/support-for-xiaomi-wifi-r3p-pro/20290/170
Signed-off-by: Ozgur Can Leonard <ozgurcan@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[02_network remaps, Added link to notes]
Hardware
--------
SOC: QCA9558
RAM: 128M DDR2
Flash: 16MiB SPI-NOR
ETH: QCA8337N: 2x 10/100/1000 PoE and PoE pass-through
WiFi2: QCA9558 (bgn) 2T2R
WiFi5: 2x mPCIE with AR9582 (an) 2T2R
BTN: 1x Reset
GPIO: multiple GPIO on header, PoE passthrough enable
UART: 3.3V 115200 8N1 header on the board
WDG: ATTiny13 watchdog
JTAG: header on the board
USB: 1x connector and 1x header on the board
PoE: 10-32V input in ETH port 1, passthrough in port 2
mPCIE: 2x populated with radios (but replaceable)
OpenWrt is preinstalled from factory. To install use <your-image>-sysupgade.bin
using the web interface or with sysupgrade -n.
Flash from bootloader (in case failsafe does not work)
1. Connect the LibreRouter with a serial adapter (TTL voltage) to the UART
header in the board.
2. Connect an ETH cable and configure static ip addres 192.168.1.10/24
3. Turn on the device and stop the bootloader sending any key through the serial
interface.
4. Use a TFTP server to serve <your image>-sysupgrade.bin file.
5. Execute the following commands at the bootloader prompt:
ath> tftp 82000000 <your image>-sysupgrade.bin
ath> erase 0x9f050000 +$filesize
ath> cp.b 0x82000000 0x9f050000 $filesize
ath> bootm 0x9f050000
More docs
* Bootloader https://github.com/librerouterorg/u-boot
* Board details (schematics, gerbers): https://github.com/librerouterorg/board
Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
Openssh uses digest contexts across forks, which is not supported by the
/dev/crypto engine. The speed of digests is usually not worth enabling
them anyway. This changes the default of the DIGESTS option to NONE, so
the user still has the option to enable them.
Added another patch related to the use of encryption contexts across
forks, that ignores a failure to close a previous open session when
reinitializing a context, instead of failing the reinitialization.
Added a link to the Cryptographic Hardware Accelerators document to the
engine pacakges description, to provide more detailed instructions to
configure the engines.
Revert the removal of the OPENSSL_ENGINE_CRYPTO symbol, currently used
by openssh. There is an open PR to update openssh; when merged, this
symbol can be safely removed.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches]
Imported from patchwork, patches marked with '=' have already been in
our tree:
[v3,1/4] cfg80211: add ratelimited variants of err and warn
[v3,2/4] rt2x00: use ratelimited variants dev_warn/dev_err
[v3,3/4] rt2x00: check number of EPROTO errors
=[v3,4/4] rt2x00: do not print error when queue is full
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add missing /usr/sbin install dir fixing :
install: cannot create regular file 'build_dir/target-x86_64_musl/busybox-1.30.1/.pkgdir/busybox/usr/sbin/ntpd-hotplug': No such file or directory
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
cfb47d30 Take into account larger frame size for prioritization
dbbe4e01 Remove unused field
371bc3a8 clang-format
5e7889c5 Update manual pages
b1b2ad50 Bump up version number to 1.37.0, LT revision to 31:2:17
e043ca83 Update AUTHORS
c2434dfb Simplify stream_less
816ad210 Reuse name when indexing header by referencing dynamic table
f5feb16e Merge pull request #1295 from bratkartoffel/fix-compile-boringssl
adf09f21 Merge pull request #1303 from donny-dont/fix-shared-install
2591960e Explicitly set install location when building shared libs
d93842db nghttpx: Fix backend stall if header and request body are sent in 2 packets
8dc2b263 nghttpx: Use std::priority_queue
8d842701 Update manual pages
de85b0fd Update README
5d6beed5 Merge branch 'nghttpx-backend-weight'
1ff9de4c nghttpx: Backend address selection with weight
34482ed4 Fix compilation with boringssl
9b6ced66 Bump up version number to 1.37.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This fixes the following compile problem with kernel 4.20:
In file included from arp.c:20:0:
include/linux/if_arp.h:121:16: error: 'IFNAMSIZ' undeclared here (not in a function)
char arp_dev[IFNAMSIZ];
^~~~~~~~
make[7]: *** [Makefile:459: arp.o] Error 1
This is caused by commit 6a12709da354 ("net: if_arp: use define instead
of hard-coded value") in the upstream Linux kernel which is integrated
in Linux 4.20.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The configure script broke when used in alpine-3.9 based docker containers. Fixed in wolfSSL >3.15.7.
Signed-off-by: Moritz Warning <moritzwarning@web.de>
This patch re-enables the reset_ppe() functionality for VR9 targets by using
the new lantiq rcu subsystem. The reset sequence in the reset_ppe() function
was taken from the ppa datapath driver of lantiq UGW 7.4.1.
Additionally it adds the required reset definitions to the vr9 dtsi file.
It also prepares the reset_ppe() function calls for the other lantiq targets.
This feature is needed to be able to switch between ltq-atm/ltq-ptm driver
in ATM/PTM Auto-Mode at runtime.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
A tool for reading the TFFS partitions (a name-value storage usually
found in AVM Fritz!Box based devices) on nand flash.
Copyright (c) 2018 Valentin Spreckels <Valentin.Spreckels@Informatik.Uni-Oldenburg.DE>
Based on the fritz_tffs_read tool:
Copyright (c) 2015-2016 Martin Blumenstingl <martin.blumenstingl@googlemail.com>
and on the TFFS 2.0 kernel driver from AVM:
Copyright (c) 2004-2007 AVM GmbH <fritzbox_info@avm.de>
and the TFFS 3.0 kernel driver from AVM:
Copyright (C) 2004-2014 AVM GmbH <fritzbox_info@avm.de>
and the OpenWrt TFFS kernel driver:
Copyright (c) 2013 John Crispin <blogic@openwrt.org>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Signed-off-by: Valentin Spreckels <Valentin.Spreckels@Informatik.Uni-Oldenburg.de>
Signed-off-by: Andy Binder <AndyBinder@gmx.de>
The patches to the /dev/crypto engine were commited to openssl master,
and will be in the next major version (3.0).
Changes:
- Optimization in computing a digest in one operation, saving an ioctl
- Runtime configuration options for the choice of algorithms to use
- Command to dump useful information about the algorithms supported by
the engine and the system.
- Build the devcrypto engine as a dynamic module, like other engines.
The devcrypto engine is built as a separate package by default, but
options were added to allow building the engines into the main library.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
[refresh patches]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Add specific 'variant' for 'bus=ahb,bmi-chip-id=0,bmi-board-id=25' BDF.
Use the same value ('ALFA-Network-AP120C-AC') as sent upstream.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
1d7760d mt76: mt7603: set moredata flag when queueing ps-filtered packets
0b927b2 mt76: fix return value check in mt76_wmac_probe()
e72376d mt76x02: fix hdr pointer in write txwi for USB
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This backports upstream commit
34d5629 ath10k: limit available channels via DT ieee80211-freq-limit
to the 4.19 ath10k-ct version. Without this patch, disabled channels
are still listed as a supported configuration for the radio.
The identical patch was also backported by OpenWRT to the non-ct driver.
It can be dropped as soon as we switch to an ath10k-ct version based on
4.20 or higher.
Signed-off-by: David Bauer <mail@david-bauer.net>
Release notes since last update:
wave-1 firmware:
* Feb 14, 2019: Remove logic that causes assert when swba logic is not
initialized. This was seen when trying to bring up 6 VAP
vdevs. A similar fix went into wave-2 firmware some time
ago.
* Feb 27, 2019: Support up to 32 vAP vdevs, fix stack corruption when
driver requests too many vAP.
* Feb 28, 2019: Support beacon-tx-wmi callback message. This lets driver
properly clean up beacon buffers so we don't crash
(somethings the entire OS/system) due to DMA errors.
wave-2 firmware:
* Feb 27. 2019: Support up to 32 AP vdevs. Previous to this, stack would
be corrupted if you went past 16 AP vdevs.
* Feb 28, 2019: Support beacon-tx-wmi callback message. This lets driver
properly clean up beacon buffers. In wave-1, this could
crash the entire OS, but I didn't see the same crashes
in wave-2, so maybe it is fixed in some other way. Add
the feature regardless as it seems proper.
Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
9360f389234a ath10k: Support up to 24 vAP per radio, fix DMA bug in wave-1.
9cbf8d430974 ath10k-ct: Add 4.20 driver, SGI support for fixed-rate tx.
Runtime tested on: ipq806x
Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.
Fixes: FS#2122
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Currently STA+AP re-transmitting the management frames with
incremented sequence number if hardware is assigning the sequence.
Fix is to assign the sequence number for Beacon by hardware
and for other Management frames software will assign the
sequence number
Signed-off-by: Vijayakumar Durai <vijayakumar.durai1@vivint.com>
3c6df9b mt76: rewrite dma descriptor base and ring size on queue reset
30e757e mt76: mt76x02: when setting a key, use PN from mac80211
fa83406 mt76: mt76x2: implement full device restart on watchdog reset
ead881b mt76: mt76x02: do not sync PN for keys with sw_iv set
ba1d989 mt76: mmio: move mt76x02_set_irq_mask in mt76 module
283ebbe mt76: dma: move mt76x02_init_{tx,rx}_queue in mt76 module
b216d3c mt76: introduce q->stopped parameter
8b437d2 mt76x02: clear sta and vif driver data structures on add
2c62d03 mt76x02: clear running flag when resetting state on restart
6b10cfc mt76: mt76x02: only update the base mac address if necessary
669bc49 mt76: mt76x02: reduce false positives in ED/CCA tx blocking
2ed9382 mt76: mt7603: fix tx status HT rate validation
d2c6823 mt76: mt76x2: fix external LNA gain settings
8ee2259 mt76: mt76x2: fix 2.4 GHz channel gain settings
8bfe6d4 mt76: mt7603: clear ps filtering mode before releasing buffered frames
d13b065 mt76: mt7603: fix up hardware queue index for PS filtered packets
eb1ecc4 mt76: mt7603: notify mac80211 about buffered frames in ps queue
3687eec mt76: mt7603: clear the service period on releasing PS filtered packets
42ab27e mt76: when releasing PS frames, end the service period if no frame was found
461f3b0 mt76: mt76x02: disable ED/CCA by default
Signed-off-by: Felix Fietkau <nbd@nbd.name>
ieee80211w support is only activated in hostapd when at least one
capable driver is build into the image. Many drivers which are capable
of ieee80211 (MFP) and have the MFP_CAPABLE set in the driver are still
missing the DRIVER_11W_SUPPORT dependency. Add this to more driver
capable of ieee80211w.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
b514490 iwinfo: add device id for MediaTek MT7603E
e9e1400 iwinfo: more Ralink and MediaTek WiSoC and PCIe chips
cb108c5 iwinfo: fix capitalization of vendor name
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Contains the following change
eeef7b5 blobmsg_json: blobmsg_format_string: do not escape '/'
Resolves FS#2147
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The change was made with the following commands
cd package/utils/busybox/config
../convert_menuconfig.pl ~/git-repo/openwrt/openwrt/build_dir/target-mips_24kc_musl/busybox-1.30.1
convert_defaults.pl has no changes other than overwriting defaults for
BUSYBOX_DEFAULT_FEATURE_IPV6
Resolves FS#2146
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This is to align with upstream change 72089cf ("config: deindent all
help texts") and to make the follow-up change syncing Config.in files
with current busybox version more reviewable
It was made with the following commands
cd package/utils/busybox/config
find . -name 'Config.in' | xargs sed -ir -e 's/^\t \([^ ]\)/\t\1/'
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
consolidate patch 651-rt2x00-remove-unneccesary-code.patch.
fixup the most obvious whitespace problems in RXIQ and TX-LOFT code.
always backup registers bbpr1, bbpr4, bbpr241 and bbpr242 to avoid
compiler warning about them being potentially uninitialized.
no functional changes (intended)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Use tested values on shuttle,kd20 and assumed values for
mitrastar,stg-212 and cloudengines,pogoplug*.
akitio users have yet to report back stock flash layout to support
vendor bootloader environment there as well.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ar has a deterministic (-D) and non-deterministic (-U) mode.
OpenWrt is already using the deterministic mode by default,
but ncurses' configure script force this to be non-deterministic.
Since autoreconf fails to generate a new configure, the configure script
is directly modified.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Hardware
--------
CPU: Qualcomm IPQ4019
RAM: 256M
FLASH: 128M NAND
ETH: QCA8075
VDSL: Intel/Lantiq VRX518 PCIe attached
currently not supported
DECT: Dialog SC14448
currently not supported
WiFi2: IPQ4019 2T2R 2SS b/g/n
WiFi5: IPQ4019 2T2R 2SS n/ac
LED: - Power/DSL green
- WLAN green
- FON/DECT green
- Connect/WPS green
- Info green
- Info red
BTN: - WLAN
- FON
- WPS/Connect
UART: 115200n8 3.3V (located under the Dialog chip)
VCC - RX - TX - GND (Square is VCC)
Installation
------------
1. Grab the uboot for the Device from the 'u-boot-fritz7530'
subdirectory. Place it in the same directory as the 'eva_ramboot.py'
script. It is located in the 'scripts/flashing' subdirectory of the
OpenWRT tree.
2. Assign yourself the IP address 192.168.178.10/24. Connect your
Computer to one of the boxes LAN ports.
3. Connect Power to the Box. As soon as the LAN port of your computer
shows link, load the U-Boot to the box using following command.
> ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz7530.bin
4. The U-Boot will now start. Now assign yourself the IP address
192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
server root directory and rename it to 'FRITZ7530.bin'.
5. The Box will now boot OpenWRT from RAM. This can take up to two
minutes.
6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
scp. SSH into the Box and first write the Bootloader to both previous
kernel partitions.
> mtd write /path/to/uboot-fritz7530.bin uboot0
> mtd write /path/to/uboot-fritz7530.bin uboot1
7. Remove the AVM filesystem partitions to make room for our kernel +
rootfs + overlayfs.
> ubirmvol /dev/ubi0 --name=avm_filesys_0
> ubirmvol /dev/ubi0 --name=avm_filesys_1
8. Flash OpenWRT peristently using sysupgrade.
> sysupgrade -n /path/to/openwrt-sysupgrade.bin
Signed-off-by: David Bauer <mail@david-bauer.net>
[removed pcie-dts range node, refreshed on top of AP120-AC/E2600AC]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Adds support for the AVM FRITZ!Box 7530.
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [PKG_RELEASE]
Qxwlan E2600AC C1 based on IPQ4019
Specifications:
SOC: Qualcomm IPQ4019
DRAM: 256 MiB
FLASH: 32 MiB Winbond W25Q256
ETH: Qualcomm QCA8075
WLAN: 5G + 5G/2.4G
* 2T2R 2.4/5 GHz
- QCA4019 hw1.0 (SoC)
* 2T2R 5 GHz
- QCA4019 hw1.0 (SoC)
INPUT: Reset buutton
LED: 1x Power ,6 driven by gpio
SERIAL: UART (J5)
UUSB: USB3.0
POWER: 1x DC jack for main power input (9-24 V)
SLOT: Pcie (J25), sim card (J11), SD card (J51)
Flash instruction (using U-Boot CLI and tftp server):
- Configure PC with static IP 192.168.1.10 and tftp server.
- Rename "sysupgrade" filename to "firmware.bin" and place it in tftp
server directory.
- Connect PC with one of RJ45 ports, power up the board and press
"enter" key to access U-Boot CLI.
- Use the following command to update the device to OpenWrt: "run lfw".
Flash instruction (using U-Boot web-based recovery):
- Configure PC with static IP 192.168.1.xxx(2-254)/24.
- Connect PC with one of RJ45 ports, press the reset button, power up
the board and keep button pressed for around 6-7 seconds, until LEDs
start flashing.
- Open your browser and enter 192.168.1.1, select "sysupgrade" image
and click the upgrade button.
Qxwlan E2600AC C2 based on IPQ4019
Specifications:
SOC: Qualcomm IPQ4019
DRAM: 256 MiB
NOR: 16 MiB Winbond W25Q128
NAND: 128MiB Micron MT29F1G08ABAEAWP
ETH: Qualcomm QCA8075
WLAN: 5G + 5G/2.4G
* 2T2R 2.4/5 GHz
- QCA4019 hw1.0 (SoC)
* 2T2R 5 GHz
- QCA4019 hw1.0 (SoC)
INPUT: Reset buutton
LED: 1x Power, 6 driven by gpio
SERIAL: UART (J5)
USB: USB3.0
POWER: 1x DC jack for main power input (9-24 V)
SLOT: Pcie (J25), sim card (J11), SD card (J51)
Flash instruction (using U-Boot CLI and tftp server):
- Configure PC with static IP 192.168.1.10 and tftp server.
- Rename "ubi" filename to "ubi-firmware.bin" and place it in tftp
server directory.
- Connect PC with one of RJ45 ports, power up the board and press
"enter" key to access U-Boot CLI.
- Use the following command to update the device to OpenWrt: "run lfw".
Flash instruction (using U-Boot web-based recovery):
- Configure PC with static IP 192.168.1.xxx(2-254)/24.
- Connect PC with one of RJ45 ports, press the reset button, power up
the board and keep button pressed for around 6-7 seconds, until LEDs
start flashing.
- Open your browser and enter 192.168.1.1, select "ubi" image
and click the upgrade button.
Signed-off-by: 张鹏 <sd20@qxwlan.com>
[ added rng node. whitespace fixes, ported 02_network,
ipq-wifi Makefile, misc dts fixes, trivial message changes ]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* wg-quick: freebsd: allow loopback to work
FreeBSD adds a route for point-to-point destination addresses. We don't
really want to specify any destination address, but unfortunately we
have to. Before we tried to cheat by giving our own address as the
destination, but this had the unfortunate effect of preventing
loopback from working on our local ip address. We work around this with
yet another kludge: we set the destination address to 127.0.0.1. Since
127.0.0.1 is already assigned to an interface, this has the same effect
of not specifying a destination address, and therefore we accomplish the
intended behavior. Note that the bad behavior is still present in Darwin,
where such workaround does not exist.
* tools: remove unused check phony declaration
* highlighter: when subtracting char, cast to unsigned
* chacha20: name enums
* tools: fight compiler slightly harder
* tools: c_acc doesn't need to be initialized
* queueing: more reasonable allocator function convention
Usual nits.
* systemd: wg-quick should depend on nss-lookup.target
Since wg-quick(8) calls wg(8) which does hostname lookups, we should
probably only run this after we're allowed to look up hostnames.
* compat: backport ALIGN_DOWN
* noise: whiten the nanoseconds portion of the timestamp
This mitigates unrelated sidechannel attacks that think they can turn
WireGuard into a useful time oracle.
* hashtables: decouple hashtable allocations from the main device allocation
The hashtable allocations are quite large, and cause the device allocation in
the net framework to stall sometimes while it tries to find a contiguous
region that can fit the device struct. To fix the allocation stalls, decouple
the hashtable allocations from the device allocation and allocate the
hashtables with kvmalloc's implicit __GFP_NORETRY so that the allocations fall
back to vmalloc with little resistance.
* chacha20poly1305: permit unaligned strides on certain platforms
The map allocations required to fix this are mostly slower than unaligned
paths.
* noise: store clamped key instead of raw key
This causes `wg show` to now show the right thing. Useful for doing
comparisons.
* compat: ipv6_stub is sometimes null
On ancient kernels, ipv6_stub is sometimes null in cases where IPv6 has
been disabled with a command line flag or other failures.
* Makefile: don't duplicate code in install and modules-install
* Makefile: make the depmod path configurable
* queueing: net-next has changed signature of skb_probe_transport_header
A 5.1 change. This could change again, but for now it allows us to keep this
snapshot aligned with our upstream submissions.
* netlink: don't remove allowed ips for new peers
* peer: only synchronize_rcu_bh and traverse trie once when removing all peers
* allowedips: maintain per-peer list of allowedips
This is a rather big and important change that makes it much much faster to do
operations involving thousands of peers. Batch peer/allowedip addition and
clearing is several orders of magnitude faster now.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This is bugfix release that incorporated all of the devcrypto engine
patches currently in the tree.
The cleaning procedure in Package/Configure was not removing the
dependency files, causing linking errors during a rebuild with
different options. It was replaced by a simple make clean.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
omcproxy's configuration is lost on every update or installation.
Avoid it by defining the configuration file.
Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com>
After update to 5.0.1 iw-full package failed to display command list on
ipq40xx arch. Root cause was found to be LTO reordering causing
incorrect detection of command struct size in:
iw.c:552
cmd_size = labs((long)&__section_set - (long)&__section_get);
This reverts commit ef16a394d2.
Signed-off-by: Mantas Pucka <mantas@8devices.com>
If no mcast_rate is set for the wifi-iface then there is no rate_idx (0)
set for the bss. This can break for example 5GHz meshpoint interfaces
because 0 maps to a CCK rate (11Mbit/s).
It must also be avoided that the ath10k-ct internal state for the rates is
not synced with the mac80211 rates state. Otherwise, the user specified
rate (e.g. a wifi-iface mcast_rate for a meshpoint interface) will only be
set on startup. And a short while after that, ath10k-ct specific code in
ath10k_check_apply_special_rates is missing a valid rate in its own
structures and is then recalculating a new default rate. This default rate
is in most situations not the requested rate.
Fixes: 4df3c71cd4 ("ath10k-ct: Update to 2018-12-11 and use version based on 4.19")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
If no mcast_rate is set for the wifi-iface then there is no rate_idx (0)
set for the bss. This breaks for example 5GHz meshpoint interfaces because
0 maps to a CCK rate (11Mbit/s).
Fixes: db90c243a0 ("mac80211: update to version based on 4.19-rc4")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
This should fix the WDS / 4addr mode with ath10k and probably other
devices.
This patch was found here: https://patchwork.kernel.org/patch/10692383/
Fixes: d9eefa7a70 ("mac80211: rebase ontop of v4.18.5")
Reported-by: Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fix crash due to passing invalid r2x00dev->eeprom_file pointer to
release_firmware(). Since we copy eeprom data with EEPROM_SIZE
in rt2800_read_eeprom() we can use eeprom_file->size as marker
if the file was crated by request_firmware().
Acked-by: Kristian Evensen <kristian.evensen@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
On targets that don't have input support enabled in the kernel config,
building kmod-input-touchscreen-ads7846 fails due to a missing
dependency on kmod-input-core. Add the dependency to fix this.
Fixes: 77a54bbf13 ("kernel: add kmod-input-touchscreen-ads7846")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
max_ttl - limit the ttl in the dns answer if greater as $max_ttl
min_cache_ttl - force caching of dns answers even the ttl in the answer
is lower than the $min_cache_ttl
max_cache_ttl - cache only dns answer for $max_cache_ttl.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
This module adds support for ADS7846 based touchscreens used in devices
like the WaveShare 3.5" and 4" LCD displays designed for Raspberry Pi.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This module adds support for the ILI9486 LCD controller used in devices
like the Waveshare 3.5" and 4" LCD displays designed for Raspberry Pi.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This module adds support for small TFT LCD display modules. While this
module also exists in the 4.9 kernel, we are not going to support this
kernel in the next major release, so don't make it available for 4.9.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The kernel modules that provide support for framebuffers in system RAM
are currently included in the kmod-drm-imx package. Move them to a
separate package, so that other modules can depend on them.
Increase the autoload order of the drm-imx* packages to load the modules
after loading the fb modules they depend on.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This makes it clear that localuse when explicitly specified in the
config will have its final say on whether or not the initscript should
touch /etc/resolv.conf, no matter whatever the result of previous
guesswork would be
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
This commit updates the file "board-linksys_ea6359v3".
Without this commit, the Linksys EA6350v3 will experience poor wireless
performance in both bands. With this patch, wireless performace will be
comparable to the performance of the stock firmware.
Signed-off-by: Oever González <notengobattery@gmail.com>
The board-files are specific to the target and device. Hence
they need to be set as nonshared. Otherwise they do not show
up on the package repository. This causes problems for
imagebuilder, if it needs to build a image for a specific
device that hasn't had the time to have get its boardfile
upstream.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Apparently this modem replies differently to attempted --get-pin-status
which makes the script fail if a pincode is set. Fix this.
Manufacturer: Sierra Wireless, Incorporated
Model: MC7455
Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Cherry-pick Multi-AP commits from uptream:
9c06f0f6a hostapd: Add Multi-AP protocol support
5abc7823b wpa_supplicant: Add Multi-AP backhaul STA support
a1debd338 tests: Refactor test_multi_ap
bfcdac1c8 Multi-AP: Don't reject backhaul STA on fronthaul BSS
cb3c156e7 tests: Update multi_ap_fronthaul_on_ap to match implementation
56a2d788f WPS: Add multi_ap_subelem to wps_build_wfa_ext()
83ebf5586 wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPS
66819b07b hostapd: Support Multi-AP backhaul STA onboarding with WPS
8682f384c hostapd: Add README-MULTI-AP
b1daf498a tests: Multi-AP WPS provisioning
Add support for Multi-AP to the UCI configuration. Every wifi-iface gets
an option 'multi_ap'. For APs, its value can be 0 (multi-AP support
disabled), 1 (backhaul AP), 2 (fronthaul AP), or 3 (fronthaul + backhaul
AP). For STAs, it can be 0 (not a backhaul STA) or 1 (backhaul STA, can
only associate with backhaul AP).
Also add new optional parameter to wps_start ubus call of
wpa_supplicant to indicate that a Multi-AP backhaul link is required.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Those have by now been merged into wireless-drivers-next:
17ae2acd1a6f rt2x00: remove unneeded check
5991a2ecd070 rt2x00: remove confusing AGC register
9ad3b5565445 rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band
7aca14885ede rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620
c7ff1bfeaf1c rt2800: comment and simplify AGC init for RT6352
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Currently these kernel packages only work on x86, restrict them to that
target.
Fixes: 2f239c02a0 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918ee9b ("x86: video: add radeon DRM module support")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit e6d84fa886 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts commit 26681fa6a6 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts commit fc80ef3613 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and
rdma for the ip-full variant
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts commit 248797834b as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Currently it seems impossible to configure /etc/config/dhcp to achieve
the following use case
- run dnsmasq with no-resolv
- re-generate /etc/resolv.conf with "nameserver 127.0.0.1"
Before this change, we have to set resolvfile to /tmp/resolv.conf.auto
to achive the 2nd effect above, but setting resolvfile requires noresolv
being false.
A new boolean option "localuse" is added to indicate that we intend to
use dnsmasq as the local dns resolver. It's false by default and to
align with old behaviour it will be true automatically if resolvfile is
set to /tmp/resolv.conf.auto
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
backport from wireless-drivers-next, replacing some existing patches in
our tree (marked with '=' are those which were already present):
f483039cf51a rt2x00: use simple_read_from_buffer()
=5c656c71b1bf rt2800: move usb specific txdone/txstatus routines to rt2800lib
=0b0d556e0ebb rt2800mmio: use txdone/txstatus routines from lib
=5022efb50f62 rt2x00: do not check for txstatus timeout every time on tasklet
=adf26a356f13 rt2x00: use different txstatus timeouts when flushing
=0240564430c0 rt2800: flush and txstatus rework for rt2800mmio
6eba8fd22352 rt2x00: rt2400pci: mark expected switch fall-through
10bb92217747 rt2x00: rt2500pci: mark expected switch fall-through
916e6bbcfcff rt2x00: rt2800lib: mark expected switch fall-throughs
641dd8068ecb rt2x00: rt61pci: mark expected switch fall-through
750afb08ca71 cross-tree: phase out dma_zalloc_coherent()
=c2e28ef7711f rt2x00: reduce tx power to nominal level on RT6352
a4296994eb80 rt2x00: Work around a firmware bug with shared keys
2587791d5758 rt2x00: no need to check return value of debugfs_create functions
pending on linux-wireless:
rt2x00: remove unneeded check
rt2x00: remove confusing AGC register
rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band
rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620
rt2800: comment and simplify AGC init for RT6352
rt2x00: do not print error when queue is full
rt2800: partially restore old mmio txstatus behaviour
rt2800: new flush implementation for SoC devices
rt2800: move txstatus pending routine
rt2800mmio: fetch tx status changes
rt2800mmio: use timer and work for handling tx statuses timeouts
rt2x00: remove last_nostatus_check
rt2x00: remove not used entry field
rt2x00mmio: remove legacy comment
While at it also rename some existing patches now that there are
separate folders with patches for each driver to make things a bit
nicer to handle.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This applies to kernel 4.10 and newer.
See 8db4c5be88
The above commit added to kernel 4.10 added new dependency
for building the NETFILTER_XT_MATCH_SOCKET (xt_socket.ko)
module. The NF_SOCKET_IPVx options (both of them) need to
be enabled in order to build the NETFILTER_XT_MATCH_SOCKET
module. Without the change the module is not built.
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
These two dependencies are mutual exclusive and it is only possible to
select one of them, change the select to a chose so it is only possible
to select one of them in OpenWrt menu config.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Applies a patch from https://github.com/openssl/openssl/pull/8213
that fixes an error where open /dev/crypto sessions were not closed.
Thanks to Ansuel Smith for reporting it.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
VBoxManage is not used and the image is created with proper permisions:
0f5d0f6 image: use internal qemu-img for vmdk and vdi images drop host
dependencies on qemu-utils and VirtualBox
Unreachable config symbols:
9e0759e x86: merge all geode based subtargets into one
No need to define those symbols since x86_64 is subtarget of x86:
196fb76 x86: make x86_64 a subtarget instead of a standalone target
Unreachable config symbols, so remove GRUB_ROOT:
371b382 x86: remove the xen_domu subtarget
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
This updates mac80211 to backports version 4.19.23-1 which includes all
the stable fixes from kernel 4.19.23.
The removed patches are included in this version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Opkg treats text after a version number as higher than without:
~# opkg compare-versions "2.80rc1" "<<" "2.80"; echo $?
1
~# opkg compare-versions "2.80rc1" ">>" "2.80"; echo $?
0
This causes opkg not offering final release as upgradable version, and
even refusing to update, since it thinks the installed version is
higher.
This can be mitigated by adding ~ between the version and the text, as ~
will order as less than everything except itself. Since 'r' < 't', to
make sure that test will be treated as lower than rc we add a second ~
before the test tag. That way, the ordering becomes
2.80~~test < 2.80~rc < 2.80
which then makes opkg properly treat prerelease versions as lower.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
It was already enabled for wpad builds and since commit 6a15077e2d
the script relies on it. Size impact is minimal (2 kb on MIPS .ipk).
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Minor bugfix release. Fixes for
* bc/dc
* sed (backslash parsing for 'w' command)
* ip (vlan fixes)
* grep (fixes for -x -v)
* ls (-i compat)
No need to refresh patches or config defaults
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SoC: Qualcomm IPQ4019 (Dakota) 717 MHz, 4 cores
RAM: 256 MiB (Nanya NT5CC128M16IP-DI)
FLASH: 128 MiB (Macronix NAND)
WiFi0: Qualcomm IPQ4019 b/g/n 2x2
WiFi1: Qualcomm IPQ4019 a/n/ac 2x2
WiFi2: Qualcomm Atheros QCA9886 a/n/ac
BT: Atheros AR3012
IN: WPS Button, Reset Button
OUT: RGB-LED via TI LP5523 9-channel Controller
UART: Front of Device - 115200 N-8
Pinout 3.3v - RX - TX - GND (Square is VCC)
Installation:
1. Transfer OpenWRT-initramfs image to the device via SSH to /tmp.
Login credentials are identical to the Web UI.
2. Login to the device via SSH.
3. Flash the initramfs image using
> mtd-write -d linux -i openwrt-image-file
4. Power-cycle the device and wait for OpenWRT to boot.
5. From there flash the OpenWRT-sysupgrade image.
Ethernet-Ports: Although labeled identically, the port next to
the power socket is the LAN port and the other one is WAN. This
is the same behavior as in the stock firmware.
Signed-off-by: Marius Genheimer <mail@f0wl.cc>
[Dropped setup_mac 02_network in favour of 05_set_iface_mac_ipq40xx.sh,
reorderd 02_network entries, added board.bin WA for the QCA9886 from ath79,
minor dts touchup, added rng to 4.19 dts]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
- Add the /etc/ssl/openssl.cnf as a separate package, to avoid breaking
the transitional mechanism, allowing libopenssl_1.0* and
libopenssl_1.1* to coexist.
- Remove the (selecting) dependency on @KERNEL_AIO
- Use global SOURCE_DATE_EPOCH
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Add a patch to enable the option to change the default ciphersuite list
ordering to prefer ChaCha20 over AES-GCM. This is used by default for
all platforms, except for x86_64 and aarch64. The assumption is that
only the latter have AES-specific CPU instructions and asm code that
uses them in openssl. Chacha20Poly1305 is 3x faster than AES-256 in
systems without AES instructions, with an equivalent strength.
Disable error messages by default except for devices with small flash or
RAM, to aid debugging.
Disable ASM by default on arm platform with small flash. Size
difference on mips and powerpc, the other platforms with small flash
devices, are not really relevant (using 100K as a threshold). All of
the affected platforms are source-only anyway.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
This version adds the following functionality:
* TLS 1.3
* AFALG engine support for hardware accelleration
* x25519 ECC curve support
* CRIME protection: disable use of compression by default
* Support for ChaCha20 and Poly1305
Patches fixing bugs in the /dev/crypto engine were applied, from
https://github.com/openssl/openssl/pull/7585
This increses the size of the ipk binray on MIPS32 by about 32%:
old:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk
new:
912.493 bin/packages/mips_24kc/base/libopenssl1.1_1.1.1a-2_mips_24kc.ipk
239.316 bin/packages/mips_24kc/base/openssl-util_1.1.1a-2_mips_24kc.ipk
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Adds the following configuration options:
* using optimized assembler code (was always on before)
* use of x86 SSE2 instructions
* dyanic engine support
* include error messages
* Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms
* RFC3779, CMS protocols
* VIA padlock hardware acceleration engine
Installs openssl.cnf with the library as it is used by engines
independent of the openssl util.
Fixes DTLS option that was innefective before.
Disables insecure SSL3 protocol and SHA0.
Adds openwrt-specific targets to Configure script, including asm support
for i386, ppc and mips64.
Strips building dirs from CFLAGS shown in binary.
Skips the fuzz directory during build.
Removed include/crypto/devcrypto.h that was included here, to use the
cryptodev-linux package, now that it was been moved from the packages
feed to the main openwrt repository.
This decreses the size of the ipk binray on MIPS32 by about 3.3%:
old:
706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk
new:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
ucert needs to check the firmware part with metadata, but without the signature.
Use the new fwtool mode to extract that without altering the firmware image inside
the check
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This allows extracing the firmware + metadata from a signed firmware without
altering the original image file
Signed-off-by: Felix Fietkau <nbd@nbd.name>
In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all*
symbols into the dynamic symbol table. Instead, use --dynamic-list to
export a smaller set of symbols similar to that defined in static-syms.h
in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase.
Also increment PKG_RELEASE.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
This enables using the tc module m_xt.so, which uses the act_ipt kernel
module to allow tc actions based on iptables targets. e.g.
tc filter add dev eth0 parent 1: prio 10 protocol ip \
u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE
Make the SHARED_LIBS parameter configurable and based on tc package
selection.
Fix a problem using the tc m_xt.so plugin as also described in
https://bugs.debian.org/868059:
Sync include/xtables.h from iptables to make sure the right offset is
used when accessing structure members defined in libxtables. One could
get “Extension does not know id …” otherwise. (See also: #868059)
Patch to sync the included xtables.h with system iptables 1.6.x. This
continues to work with iptables 1.8.2.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Simplify build and runtime dependencies on libelf, which allows tc and ip
to load BPF and XDP object files respectively.
Preserve optionality of libelf by having configuration script follow the
HAVE_ELF environment variable, used similarly to the HAVE_MNL variable.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Replace the old 'tc' with a singleton package variant which will be used
to enable additional functionality and limit it only to tc. Non-variant
packages will only be installed during 'tiny' variant builds, hence will
be configured without extra features, thus preserving previously limited
functionality and reduced package sizes.
Also set ip-tiny as the default variant, and install 'tiny' versions of
development libraries.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Compile-based feature detection (e.g. xtables, ipset support) was broken
due to silent compilation errors in the configure script, caused by a
Makefile variable KERNEL_INCLUDE referring to kernel build headers. Use
userspace headers by setting the same "user_headers" kernel include path
as used for the iptables build.
Remove redundant or unused Build/Configure definitions from package
Makefile, including KERNEL_INCLUDE, LIBC_INCLUDE and DBM includes.
Don't pass LDFLAGS within MAKE_FLAGS as this interferes with LDFLAGS in
tc/Makefile and masks a link parameter ("-Wl,-export-dynamic"). Instead,
use standard TARGET_LDFLAGS.
Replace EXTRA_CCOPTS in MAKE_FLAGS with cleaner TARGET_CPPFLAGS, and also
drop now unneeded patch 150-extra-ccopts.patch.
Enable defining XT_LIB_DIR from Makefile, needed to set the iptables
modules directory to something other than /lib/xtables, and also add
libxtables dependency. Both are needed with working xtables detection.
Note that libxtables is also pulled in by iptables, firewall or luci, so
this change has no size impact in most cases.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Since v4.13, iproute2 switched to a config.mk file with greater use of
pkg-config for library/feature detection. Replace the old Config patch
with one modifying the configure script but enabling the same changes:
- explicitly disable TC_CONFIG_ATM
- rely on feature detection for IP_CONFIG_SETNS and TC_CONFIG_XT
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Add the test_bpf module that runs various test vectors against the BPF
interpreter or BPF JIT compiler. The module must be manually loaded, as
with the kmod-crypto-test module which serves a similar purpose.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Add em_ipset module to support tc filter classification by IP set. Build
as a standalone package to help avoid pulling in rest of kmod-sched and
isolate new dependency on kmod-ipt-ipset.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Add act_pedit, act_csum, act_gact and act_simple modules for additional
tc action support. Module act_simple helps with debug and logging, similar
to iptables LOG target, while act_gact provides common generic actions.
Modules act_pedit and act_csum support general packet mangling, and have
been the subject of feature requests and forum discussions (e.g. DSCP),
as well as being added to the Turris OS fork of OpenWrt ~2 years ago.
Also select dependency kmod-lib-crc32c to support act_csum.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
All tc ematch modules, including those in kmod-sched-core and kmod-sched,
use cls_basic as a core dependency. Relocate cls_basic from kmod-sched to
kmod-sched-core to avoid requiring kmod-sched unnecessarily.
This change is also backwards compatible since any past tc ematch users
will have had to install both kmod-sched-core and kmod-sched anyway.
Add the matchall kernel module cls_matchall introduced in kernel 4.8. The
matchall classifier matches every packet and allows the user to apply
actions on it. It is a simpler, more efficient replacement for the common
but cryptic tc classifier idiom "u32 match u32 0 0".
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Issues a wmi command to firmware when multicast rate change is received with the
new BSS_CHANGED_MCAST_RATE flag. Also fixes the incorrect fixed_rate setting
for CCK rates which got introduced with addition of ath10k_rates_rev2 enum.
By default the firmware uses 1Mbps and 6Mbps rate for management packets
in 2G and 5G bands respectively. But when the user selects different
basic rates from the userspace, we need to send the management
packets at the lowest basic rate selected by the user.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
By default the firmware uses 1Mbps and 6Mbps rate for management packets
in 2G and 5G bands respectively. But when the user selects different
basic rates from the userspace, we need to send the management
packets at the lowest basic rate selected by the user.
This change makes use of WMI_VDEV_PARAM_MGMT_RATE param for configuring the
management packets rate to the firmware.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Release notes since last time:
2019-02-08:
Fix rate-ctrl assert related to bad logic that tried to guess
that lower bandwidth probes were automatically successful if
higher was. The NSS mismatch that can happen here caused the
assert. Just comment out the offending code
(per comment from original QCA code). This is bug 69.
2019-02-10:
Fix bssid mis-alignment that broke 4-addr vlan mode (bug 67).
Original buggy commit was
commit 2bf89e70ecd1 ("dev-ds: Better packing of wal_vdev struct.")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set
default firewall zone to wan as the firewall zone for the vti interface
can be configured in the firewall config or it makes it impossible not to
specify a firewall zone for the vti interface.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set
default firewall zone to wan as the firewall zone for the ipip interface
can be configured in the firewall config or it makes it impossible not to
specify a firewall zone for the ipip interface.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Remove 980-rt2x00-reduce-power-consumption-on-mt7620.patch which in
combination with the most recently added patch reportedly causes TX
power to be too weak.
"without patches rssi on receiver is ~ -23dBm with 980 about -35dBm,
with both patches drops below -40dBm. with 987 only ~-28dBm"
We may need to reconsider this once we have implemented TSSI.
Fixes: cdb58b2bfe ("mac80211: rt2x00: reduce tx power to nominal level on RT6352")
Reported-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Fixed CVEs:
CVE-2018-16890
CVE-2019-3822
CVE-2019-3823
For other changes in version 7.64.0 see https://curl.haxx.se/changes.html#7_64_0
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Current implementation of RT6352 support provides too high tx power
at least on iPA/eLNA devices. Reduce amplification of variable gain
amplifier by 6dB to match board target power of 17dBm.
Transmited signal strength with this patch is similar to that of
stock firmware or pandorabox firmware. Throughput measured with iperf
improves. Device tested: Xiaomi Miwifi Mini.
Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There are two problems with this behaviour that the zone is set to wan
if no zone config option is defined in the interface section.
* The zone for the interface is "normally" specified in the firewall
config file. So if we have defined "no" zone for this interface zone
option is set now to "wan" additonaly if we add the interface in the firewall
config section to the "lan" zone, the interface is added to lan and wan at once.
iptables-save | grep <iface>
This is not what I expect.
* If I do not want to set a zone to this interface it is not possible.
Remove the default assigment to wan if no zone option is defined.
If some one need the option it stil possible to define this option.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
The package hash does not match the one of the package found on the
mirrors and which is generated when I do the git clone.
Fixes: 4856fa30a6 ("nat46: import for routing, add myself as maintainer")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* Jan 2, 2019
Rebase patches to make 9980 bisectable.
* Jan 2, 2019
Fix scheduling related assert when wal-peer is deleted with pending
tx buffers (bug 54, and others)
* Jan 7, 2019:
Fix specifying retransmits for AMPDU frames. It was previously ignored
since it is a 'software' retransmit instead of a hardware retransmit.
* Jan 9, 2019
Fix potential way to get zero rates selected (and then assert)
* Jan 18, 2019
pfsched has specific work-around to just return if we find invalid flags AND
if we are in an out-of-order situation. Maybe this is last of the pfsched
related issues (bug 54 and similar).
* Jan 24, 2019
The rcSibUpdate method can be called concurrently with IRQ tx-completion callback,
and that could potentially allow the tx-completion callback to see invalid state
and assert or otherwise mess up the rate-ctrl logic. So, disable IRQs in
rcSibUpdate to prevent this. Related to bug 58.
* Jan 28, 2019
Ensure that cached config is applied to ratectrl objects when fetched from
the cache. This should fix part of bug 58.
* Jan 28, 2019
Ensure that ratectrl objects from cachemgr are always initialized. This fixes
another part of bug 58.
* Jan 30, 2019
Better use of temporary rate-ctrl object. Make sure it is initialized, simplify
code path. This finishes up porting forward similar changes I made for wave-1
firmware long ago, and fixes another potential way to hit bug-58 issues.
* Jan 30, 2019
Cachemgr did not have a callback for when memory was logically freed. This means
that peers could keep stale references to rate-ctrl objects that were in process
of being DMA'd into to load a different peer's rate-ctrl state. This was causing
the bugcheck logic to fail early and often, and I suspect it might be a root cause
of bug 58 as well. The fix is to add a callback and set any 'deleted' memory references
to NULL so that we cannot access it accidentally. Thanks to excellent logs and patience
from the bug-58 reporter!
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
a9d4c0e mt76: mt76x2: avoid running DPD calibration if tx is blocked
4d7e13f mt76: explicitly disable energy detect cca during scan
e3c1aad mt76: run MAC work every 100ms
4e8766a mt76: clear CCA timer stats in mt76x02_edcca_init
e301f23 mt76: measure the time between mt76x02_edcca_check runs
74075ef mt76: increase ED/CCA tx block threshold
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Package kmod-drm is missing dependencies for the following libraries:
drm_panel_orientation_quirks.ko
It seems, that since Linux 4.15-rc2 drm depends on drm_panel_orientation_quirks.ko
commit 8d70f395e6cbece665b12b4bf6dbc48d12623014
Author: Hans de Goede <j.w.r.degoede@gmail.com>
Date: Sat Nov 25 20:35:49 2017 +0100
drm: Add support for a panel-orientation connector property, v6
On some devices the LCD panel is mounted in the casing in such a way that
the up/top side of the panel does not match with the top side of the
device (e.g. it is mounted upside-down).
This commit adds the necessary infra for lcd-panel drm_connector-s to
have a "panel orientation" property to communicate how the panel is
orientated vs the casing.
Userspace can use this property to check for non-normal orientation and
then adjust the displayed image accordingly by rotating it to compensate.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
a4ec45c mt7603: fix LED support (copy CFLAGS from main Makefile)
edda5c5 mt76x02: use mask for vifs
dd52191 mt76x02: use commmon add interface for mt76x2u
a80acaf mt76x02: initialize mutli bss mode when set up address
38e832d mt76x02: minor beaconing init changes
171adaf mt76x02: init beacon config for mt76x2u
dcab682 mt76: beaconing fixes for USB
ff81de1 mt76x02: enable support for IBSS and MESH
8027b5d mt7603: remove copyright headers
e747e80 mt76: fix software encryption issues
2afa0d7 mt7603: remove WCID override for software encrypted frames
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Host "gd.tuwien.ac.at" does not exists anymore, so we replace it by "ftp.pca.dfn.de" from the official list of mirrors.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
d4ba162 libopkg: only perform size check when information is available
Fixes: e079591b84 ("opkg: update to latest Git head")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
c3da1aa mt7603: trigger beacon stuck detection faster
7a53138 mt7603: trigger watchdog reset if flushing CAB queue fails
6eef33b mt7603: remove mt7603_txq_init
ae30c30 mt76: add driver callback for when a sta is associated
0db925f mt7603: update HT/VHT capabilities after assoc
b5ac8e4 mt7603: initialize LED callbacks only if CONFIG_MT76_LEDS is set
c989bac mt76x0: eeprom: fix chan_vs_power map in mt76x0_get_power_info
24bd2c0 mt76x0: phy: report target_power in debugfs
bc7ce2a mt76x0: init: introduce mt76x0_init_txpower routine
Signed-off-by: Felix Fietkau <nbd@nbd.name>
When config_get is called as "config_get section option" the option
is unexpectedly globbed by the shell which differs from the way options
are read to a variable with "config_get variable section option".
Add another layer of double quotes to fix it.
Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
If a user finds that logd is too barebone for their needs and wishes
to have more control over syslog, the user presently has an option
to enable CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG and configure syslog
with settings in /etc/syslog.conf.
Presently /etc/syslog.conf silently disappears on sysupgrade. This
patch prevents such unwanted behaviour if busybox syslog is enabled
via CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG.
Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
This fixes the following security problems:
* CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication
* CVE-2018-0734: Timing vulnerability in DSA signature generation
* Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module
Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
As the usage of libbsd is no longer limited to glibc, prevent libbsd
being picked up by removing the dependency on libbsd.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This introduces a new Kconfig option to switch on/off mbedtls' support
for debug functions.
The idea behind is to inspect TLS traffic with Wireshark for debug
purposes. At the moment, there is no native or 'nice' support for
this, but at
68aea15833
an example implementation can be found which uses the debug functions
of the library. However, this requires to have this debug stuff enabled
in the library, but at the moment it is staticly patched out.
So this patch removes the static part from the configuration patch
and introduces a dynamic config file editing during build.
When enabled, this heavily increases the library size, so I added
a warning in the Kconfig help section.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This reduces the needed modifications to the mainline Linux kernel and
also makes the regmap package work with an out of tree kernel which
does not have these modifications.
The regmap-core is only added when it is really build as a module.
The regmap-core is normally bool so it cannot be built as a module in an
unmodified kernel. When it is selected by on other kernel module it will
always be selected as build in and it also does not show up in
$(LINUX_DIR)/modules.builtin as it is not supposed to be a kernel module.
When it is not in $(LINUX_DIR)/modules.builtin the build system expects
it to be built as a .ko file.
Just check if the module is really there and only add it in that case.
This splits the regmap package into multiple packages, one for each bus type.
This way only the bus maps which are really needed have to be added.
This also splits the I2C, SPI and MMIO regmap into separate packages to not
require all these subsystems to build them, on an unmodified upstream kernel
this also causes problems in some situations.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Added e4crypt tool for encrypting files and directories. To work properly
requires kernel and work on keyutils. That will be done in a future commit
Some top-level reorganization for consistency between packages.
Tested on GnuBee PC1 (mt7621).
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Add support for passing additional parameters to mtd called during
sysupgrade. It will be required to toggle the "recovery moe" flag
supported by recent tp-link boards.
Signed-off-by: David Bauer <mail@david-bauer.net>
[split code from board support patch; add commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
This adds an option to set the recovery flag of newer TP-Link MediaTek
boards and remove it after a successful write.
To make use of this feature, add the '-t' option to mtd-write.
The '-t' option takes the mtd partition containing the recovery flag
(usually 'romfile') as an argument. Make sure this partition is not
flagged as read-only!
Example:
> mtd -t romfile write owrt.bin firmware
This command writes the recovery-flag before it begins writing the image
to the firmware partition. After the image-write has been successful,
the recovery flag is removed.
This way, the TP-Link web-recovery is automatically enabled on an
unsucessful flash (e.g. power loss).
This option is only available if the mtd package is compiled for the
ramips target.
Signed-off-by: David Bauer <mail@david-bauer.net>
This commit adds the object 'linksys_bootcount_fix.o' to the ipq40xx
target.
This is needed for the Linksys EA6350v3 device. Without this patch, the
device will switch-back between the current and the last flashed firmware
every 3 (three) reboots. With this patch, the device works as expected.
Signed-off-by: Ryan Pannell <ryan@osukl.com>
Signed-off-by: Oever González <notengobattery@gmail.com>
This commit adds support for the Linksys EA6350v3 device in the ipq40xx
target.
This is needed for uboot-envtools to access the environment. Without this
patch, the Linksys EA6350v3 will not be able to access the uboot
environment. As a side effect, the feature auto_recovery will make the
device unstable by switching between the latest and the current firmware.
Signed-off-by: Ryan Pannell <ryan@osukl.com>
Signed-off-by: Oever González <notengobattery@gmail.com>
This commit adds support for the Linksys EA6350v3 device in the ipq-wifi
target.
Without this patch, the Linksys EA6350v3 won't be hable to have fully
functional wireless interfaces. This is not permanent: the board data has
already been sent to ath10k _at_ lists _dot_ infradead _dot_ org
Signed-off-by: Ryan Pannell <ryan@osukl.com>
Signed-off-by: Oever González <notengobattery@gmail.com>
This patch adds several country codes to the regd.h and regd_common.h
files in order to support devices whose country codes are not present in
the original list.
Without this patch, all devices whose manufacturer programmed any of these
code in their EEPROM will run without wireless interfaces.
Signed-off-by: Oever González <notengobattery@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [matched signed-off]
CPU: FSL P1020 (2x 800MHz E500 PPC)
RAM: 1GB DDR3
FLASH: 256MiB NAND
WiFi: 2x Atheros AR9382 2x2:2 abgn
ETH: 2x BCM54616S - 1x BCM53128 8-port switch
LED: 5x LEDs (Power, WiFi1, WiFi2, N/D, SYS)
BTN: 1x RESET
Installation
------------
1. Download initrams kernel image, dtb binary and sysupgrade image.
2. Place initramfs kernel into tftp root directory. Rename to
"panda-uimage-factory".
3. Place dtb binary into tftp root directory. Rename to "panda.fdt".
4. Start tftp server on 192.168.100.8/24.
5. Power up the device with the reset button pressed. It will download
the initrams and dtb via tftp and boot into OpenWRT in RAM.
6. SSH into the device and remove the factory partitions.
> ubirmvol /dev/ubi0 --name=kernel1
> ubirmvol /dev/ubi0 --name=rootfs1
> ubirmvol /dev/ubi0 --name=devicetree1
You will have around 60 MiB of free space with that.
You can also delete "kernel2", "devicetree2", "rootfs2" and "storage"
respectively in case you do not want to go back to the vendor firmware.
7. Modify the U-Boot bootcmd to allow for booting OpenWRT
> fw_setenv bootcmd_owrt "ubi part ubi && ubi read 0x1000000 kernel
&& bootm 0x1000000"
> fw_setenv bootargs_owrt "setenv bootargs console=ttyS0,115200
ubi.mtd=3,2048"
> fw_setenv bootcmd "run bootargs_owrt; run bootcmd_owrt"
8. Transfer the sysupgrade image via scp into the /tmp directory.
9. Upgrade the device
> sysupgrade -n /tmp/<imagename>
Signed-off-by: David Bauer <mail@david-bauer.net>
The library has an usual shared object file name, which caused the
install glob pattern to miss the actual so.
Fixes: #2082
Fixes; 0e70f69a35 ("treewide: revise library packaging")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This bumps ppp to latest git version.
There is one upstream commit, which changes DES encryption calls from
libcrypt / glibc to openssl.
As long as we don't use glibc-2.28, revert this commit.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Initially this patch was introduced as a quick fix following
the removal of 936-ath10k_skip_otp_check.patch which caused
multiple ath10k pcie devices in various ipq806x and ar71xx/ath79
targets to malfunction.
Thankfully, the affected devices have been updated to utilize
the pre-caldata method. And finally with the switch to ath10k-ct,
which never had the patch or any reports of similar issues, I
think it's time to remove this patch since it is no longer needed.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The ABI_VERSION:=1 tag will take care of transforming the binary
library package basename.
Add a virtual PROVIDES:=libelf1 for packages still having libelf1
in their DEPENDS:=... lists.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Last incompatible change appeared to be 4924411
("http: add proper error handling to uclient_http_redirect()") which
changed the return value of uclient_http_redirect() from bool to int.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* tools: curve25519: handle unaligned loads/stores safely
This should fix sporadic crashes with `wg pubkey` on certain architectures.
* netlink: auth socket changes against namespace of socket
In WireGuard, the underlying UDP socket lives in the namespace where the
interface was created and doesn't move if the interface is moved. This
allows one to create the interface in some privileged place that has
Internet access, and then move it into a container namespace that only
has the WireGuard interface for egress. Consider the following
situation:
1. Interface created in namespace A. Socket therefore lives in namespace A.
2. Interface moved to namespace B. Socket remains in namespace A.
3. Namespace B now has access to the interface and changes the listen
port and/or fwmark of socket. Change is reflected in namespace A.
This behavior is arguably _fine_ and perhaps even expected or
acceptable. But there's also an argument to be made that B should have
A's cred to do so. So, this patch adds a simple ns_capable check.
* ratelimiter: build tests with !IPV6
Should reenable building in debug mode for systems without IPv6.
* noise: replace getnstimeofday64 with ktime_get_real_ts64
* ratelimiter: totalram_pages is now a function
* qemu: enable FP on MIPS
Linux 5.0 support.
* keygen-html: bring back pure javascript implementation
Benoît Viguier has proofs that values will stay well within 2^53. We
also have an improved carry function that's much simpler. Probably more
constant time than emscripten's 64-bit integers.
* contrib: introduce simple highlighter library
This is the highlighter library being used in:
- https://twitter.com/EdgeSecurity/status/1085294681003454465
- https://twitter.com/EdgeSecurity/status/1081953278248796165
It's included here as a contrib example, so that others can paste it into
their own GUI clients for having the same strictly validating highlighting.
* netlink: use __kernel_timespec for handshake time
This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Update to the latest version of iproute2; see https://lwn.net/Articles/776174/
for a full overview of the changes in 4.20.
Remove upstream patch 001-fix-print_0xhex-on-32-bit.patch and 002-tc-fix-xtables-incorrect-usage-of-LDFLAGS.patch
Introduce a patch to include <linux/limits.h> for XATTR_SIZE_MAX in tc
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
On musl based distributions, u-boot 2010.03 fails to build with:
u-boot-2010.03/include/u-boot/crc.h:29:50: error: unknown type name 'uint'
uint32_t crc32 (uint32_t, const unsigned char *, uint);
The issue was fixed in the newer u-boot-2018.03 version, this commit
backports the change to the older version used by ar71xx/ath79.
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[add commit message from PR description]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The crypt(3) function is allowed to fail with either EINVAL or ENOSYS when
the given salt is either invalid or when the requested algorithm is not
implemented.
In such a case, libbb's pw_encrypt() function will silently convert the
crypt() NULL return value into an empty string which is then processed
without further errors by utilities such as chpasswd or passwd, causing
them to set an empty password when an unsupported cipher is requested.
Patch the relevant users of pw_encrypt() to abort in case an empty hash
is returned by pw_encrypt() in order to mitigate the problem.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Since readline/host links ncurses/host now, we need to ensure that the
libncursesw.so host library is built with -fPIC.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This may be useful if you don't entirely trust your flash and want to be able
to check for corruptions.
Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net>
This adds a wrapper (uci_load_validate) for uci_validate_section() that
allows callers (through a callback function) to access the values set by
uci_validate_section(), without having to manually declare a
(potentially long) list of local variables.
The callback function receives two arguments when called, the config
section name and the return value of uci_validate_section().
If no callback function is given, then the wrapper exits with the value
returned by uci_validate_section().
This also updates several init scripts to use the new wrapper function.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
these utilities need to run with uid 0 to be useful. Thus,
install them setuid root like other distros do, too.
Signed-off-by: Carsten Wolff <carsten@wolffcarsten.de>
[use INSTALL_SUID macro]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Linux kernel has a polling mechanism that can be activated by changing
the parameter /sys/module/block/parameters/events_dfl_poll_msecs which
is deactivated by default or the /sys/block/[device]/events_poll_msecs
for one device.
This patch set the events_poll_msecs when a disk is inserted.
Once the media disk change event is sent by the kernel then we force a
re-read of the devices using /sbin/block info.
With this patch, insertion and ejection of sd card will automatically
generate partition devices in /dev.
Signed-off-by: Matthias Badaire <mbadaire@gmail.com>
[rewrap commit message, fix bashisms, fix non-matching condition,
bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Also fix the libxxxw.so* -> libxxx.so* linking to actually work, the
prevsious code failed to properly symlink the versioned .so files.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update (lib)readline to 8.0
Remove autoreconf
Remove blankspace at the end of the lines in description
Remove --enable-shared and --enable-static as they're enabled by default
Remove TARGET_CPPFLAGS
Simplify install sections
Install readline.pc (pkgconfig)
Add patch for linking (lib)ncurses
Source:
https://git.buildroot.net/buildroot/plain/package/readline/0000-curses-link.patch
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
In order to prepare the switch from librpc to libtirpc, we need to relocate
conntrack-tools to the packages feed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
d273ddd mt7603: fix number of frames limit in .release_buffered_frames
63bf183 mt76: add channel switch announcement support
e45db12 mt7603: fix tx status info
9d11596 mt7603: discard bogus tx status data
4bcb2f9 mt7603: fix txd q_idx field value
4206db7 mt76: set IEEE80211_HW_NEEDS_UNIQUE_STA_ADDR flag
c4e4982 mt7603: set IEEE80211_HW_TX_STATUS_NO_AMPDU_LEN
702f557 mt7603: use maximum tx count for buffered multicast packets
158529d mt7603: fix PSE reset retry sequence
fc31457 mt7603: implement support for SMPS
Signed-off-by: Felix Fietkau <nbd@nbd.name>
e7e8ee5f Update bash_completion
b3b4e335 Update manual pages
bd93d90a Don't treat text as option if it matches -[0-9]
ea69c84b Bump up version number to 1.36.0
783b649b Update AUTHORS
eb21e6f8 Merge branch 'update-http-parser'
ab2aa567 Fix test failure
ff87a542 Use http-parser 0d0a24e19eb5ba232d2ea8859aba2a7cc6c42bc4
439dbce6 Merge branch 'nghttpx-h1-connection-pool-per-addr'
e9c9838c nghttpx: Pool h1 backend connection per address
803d4ba9 Merge branch 'nghttpx-randomize-roundrobin-order'
732245e5 make clang-format
9e8d5433 Use clang-format-7
fdcdb21c nghttpx: Randomize backend address round robin order per thread
11d0533c nghttpx: Ensure that cert serial does not exceed 20 bytes
dbb5f00d Merge pull request #1287 from rckclmbr/fix_serial_size
9cc412e2 Merge pull request #1285 from staticinvocation/master
5b2efc0a Fix getting long serial numbers for openssl < 1.1
7e4c48a4 Disable shared library if ENABLE_SHARED_LIB is OFF
082e162f Merge pull request #1282 from alagoutte/travis
7cc7c06c .travis(.yml): no longer need llvm-toolchain-trusty-7
12ebeb30 .travis(.yml): Update to Xenial
c78abbe1 Update mruby to 2.0.0
124c7848 nghttpx: Add missing return
ce9667c4 Merge branch 'nghttpx-fix-trailing-slash-handling'
f3f40840 nghttpx: Fix broken trailing slash handling
302abf1b h2load: Fix compile error with gcc
089a03be h2load: Write log file with write(2)
de4fe728 Merge branch 'pyos-master'
d1b3a83f h2load: add an option to write per-request logs
eb679253 Merge branch 'puscas-port_in_use'
6800d317 added access to the number of the current server port
c98362ea Bump up version number to 1.36.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Add the ABI_VERSION source makefile variable to the binary package basename
and resolve source dependencies on packages with ABI_VERSION set to such
expanded names.
If for example a package specifies DEPENDS:=libopenssl while the OpenSSL
Makefile specifies ABI_VERSION:=1.0.0, the resulting ipk control data
dependency will be "Depends: libopenssl1.0.0" and the libopenssl ipk file
will be called "libopenssl1.0.0_<version>_<arch>.ipk".
The next time a library such as OpenSSL is updated to an incompatible
version, the ABI_VERSION shall be changed accordingly to prevent opkg from
simply upgrading to an incompatible library without considering the
dependencies of already installed packages.
Also introduce another "SourceName" control field which is required by
the newly introduced "scritps/ipkg-remove" to determine the proper related
.ipk files to delete upon buildroot package clean operations.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
In the case of upstream libraries, set the ABI_VERSION variable to the
soname value of the first version version after the last backwards
incompatible change.
For custom OpenWrt libraries, set the ABI_VERSION to the date of the
last Git commit doing backwards incompatible changes to the source,
such as changing function singatures or dropping exported symbols.
The soname values have been determined by either checking
https://abi-laboratory.pro/index.php?view=tracker or - in the case
of OpenWrt libraries - by carefully reviewing the changes made to
header files thorough the corresponding Git history.
In the future, the ABI_VERSION values must be bumped whenever the
library is updated to an incpompatible version but not with every
package update, in order to reduce the dependency churn in the
binary package repository.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This update fixes some cosmetical issues and a number of segmentation
faults when parsing lists having Conflicts or Replaces tags.
d217daf libopkg: fix replacelist parsing and writing
9dd9a07 libopkg: fix segmentation fault when traversing conflicts
34571ba libopkg: consider provided packages in pkg_vec_mark_if_matches()
18740e6 opkg_download: print error when fork() fails
e3d7330 libopkg: don't print unresolved dependencies twice
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
f52bb5b fix previous commit
18eac67 Fix entries in /etc/hosts disabling static leases.
f8c77ed Fix removal of DHCP_CLIENT_MAC options from DHCPv6 relay replies.
4bf62f6 Tidy cache_blockdata_free()
9c0d445 Fix e7bfd556c079c8b5e7425aed44abc35925b24043 to actually work.
2896e24 Check for not(DS or DNSKEY) in is_outdated_cname_pointer()
a90f09d Fix crash freeing negative SRV cache entries.
5b99eae Cache SRV records.
2daca52 Fix typo in ra-param man page section.
2c59473 File logic bug in cache-marshalling code. Introduced a couple of commits back.
cc921df Remove nested struct/union in cache records and all_addr.
ab194ed Futher address union tidying.
65a01b7 Tidy address-union handling: move class into explicit argument.
bde4647 Tidy all_addr union, merge log and rcode fields.
e7bfd55 Alter DHCP address selection after DECLINE in consec-addr mode. Avoid offering the same address after a recieving a DECLINE message to stop an infinite protocol loop. This has long been done in default address allocation mode: this adds similar behaviour when allocaing addresses consecutively.
The most relevant fix for openwrt is 18eac67 (& my own local f52bb5b
which fixes a missing bracket silly) To quote the patch:
It is possible for a config entry to have one address family specified by a
dhcp-host directive and the other added from /etc/hosts. This is especially
common on OpenWrt because it uses odhcpd for DHCPv6 and IPv6 leases are
imported into dnsmasq via a hosts file.
To handle this case there need to be separate *_HOSTS flags for IPv4 and IPv6.
Otherwise when the hosts file is reloaded it will clear the CONFIG_ADDR(6) flag
which was set by the dhcp-host directive.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
7abbed4 dhcpv6: add setting to choose IA_NA, IA_PD or both
dd1aefd router: add syslog tracing for skipped routes
0314d58 router: filter route information option
5e99738 router: make announcing DNS info configurable (FS#2020)
1fe77f3 router: check return code of odhcpd_get_interface_dns_addr()
8f49804 config: check for invalid DNS addresses
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
331ac70 Correctly update parent qlen when splitting GSO packets
581967c Makefile: Hook into Kbuild/Kconfig infrastructure
The parent qlen change is relevant if using cake as a leaf qdisc,
the makefile is a no-op.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
4ea9a2db164c Update upload-release.sh script and po files.
a01938d584b9 libelf: Mark both fsize and msize with const attribute.
c338a0541663 libebl: Don't update w, t and len unnecessarily in ebl_object_note_type_name.
422b549007f6 Prepare for 0.175
22ec8efc1dd8 elflint: Allow PT_GNU_EH_FRAME segment to match SHT_X86_64_UNWIND section.
cf10453f8252 libelf: Correctly setup alignment of SHF_COMPRESSED section data.
d3e6266754b9 strip: Also handle gnu compressed debug sections with --reloc-debug-sections
72e30c2e0cb4 Handle GNU Build Attribute ELF Notes.
7a3f6fe60b85 Recognize NT_VERSION notes.
cff53f1784c9 libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE
ecbe3120cddb libdwelf: New function dwelf_elf_begin.
4b0342b85b5b backends: Add x86_64 section_type_name for SHT_X86_64_UNWIND.
825e48c4e942 Also find CFI in sections of type SHT_X86_64_UNWIND
4789e0fb92b0 libelf: Explicitly update section data after (de)compression.
1628254ba215 strip: Add --reloc-debug-sections-only option.
f2d59180b90b strip: Extract code to update shdrstrndx into new common function.
f6ae0ab9350e strip: Split out debug section relocation into separate helper functions.
b15ee95bcee4 strip: Always copy over any phdrs if there are any.
e574889d92b1 unstrip: Add ELF_CHECK to make sure gelf_getehdr () doesn't return NULL.
5199e15870e0 Recognize and parse GNU Property notes.
b75ff1bbd060 addr2line: Use elf_getshdrstrndx not Ehdr field to print section name.
35197ea4c43e readelf: Use shstrndx to lookup section names.
9a74c190a2b3 backends: ppc use define instead of const for size of dwarf_regs array.
72d023b35f36 readelf: Make sure readp is smaller than cieend in print_debug_frame_section.
dce0b3b63ba0 readelf: Make sure readp is smaller than cieend in print_debug_frame_section.
1e7c230b277b Check sh_entsize is not zero.
22d2d082d57a size: Handle recursive ELF ar files.
2b16a9be6993 arlib: Check that sh_entsize isn't zero.
4cdb0fd0d3b4 ar: Assume epoch if ar_date is bogus.
577511f66842 findtextrel: Check that sh_entsize isn't zero.
20f9de9b5f70 libdwfl: Sanity check partial core file data reads.
2f4a040fab52 readelf: Handle multiple .debug_macro sections and decode header flag.
eee4269e5315 unstrip: Renumber the group section indexes.
c06ab0bbb476 strip, unstrip: Handle SHT_GROUP correctly.
2876b3b648f6 Handle ADD/SUB relocations
69d6e67eee30 tests: backtrace-dwarf.c improve error handling in test framework.
Originally-produced--by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Commit 3f0eb71dae added ALTERNATIVES for wget but not in correct
alphabetical order; increase PKG_RELEASE as well.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Don't symlink uclient-fetch anymore to /bin/wget but rather use
the ALTERNATIVES support for wget to install it as /usr/bin/wget.
Let uclient-fetch provide wget
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Busybox wget applet conflicts with the version from uclient.
Fix this by using ALTERNATIVE support for wget in busybox.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The Detection pin is at PF6 and not at PH13 like defined before. I
checked the schematics and now I am am not seeing this error message any
more:
Loading Environment from FAT... Card did not respond to voltage select!
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Disable the PMIC on Olimex A13 Olinuxino, as the SPL cannot set the
core voltage correctly, which causes the board to freeze later at
kernel if CPU throttling is enabled (see below). This will almost
certainly kill the VGA output (which requires LDO3 to be set), but
this is still a better option than to disable CPU throttling for
all Cortex-A8 based devices.
[ 2.485632] cpufreq: cpufreq_online: CPU0: Running at unlisted freq: 384000 KHz
[ 2.525698] cpufreq: cpufreq_online: CPU0: Unlisted initial frequency changed to: 432000 KHz
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
Instead of using a fork of the ARM trusted firmware specifically for the
Allwinner SoCs, use the official version from ARM now, this version
supports the Allwinner SoCs now and the older ATF repository is
deprecated.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This updates the uboot for the sunxi target to version 2018.11
The removed patches are applied upstream and not needed any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes two build problems introduced with the recently added new
kernel module package.
Fixes: ed2839ac41 ("kernel/modules: add kmod-pmbus-zl6100 module")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch adds the kmod packaging for the Intersil / Zilker Labs
ZL6100 and compatible digital DC-DC controllers as well as the
core kernel module for the Power Management Bus.
Add:
kmod-pmbus-core
kmod-pmbus-zl6100
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
This fixes compilation of gdb on arm64.
The kernel defines "struct sigcontext" in asm/sigcontext.h and musl libc
defines it in signal.h, which collides.
Kernel 4.14 misses the definitions of struct user_sve_header so we still
have to use the aarch64-sve-linux-sigcontext.h header file which also
provides that and make sure aarch64-sve-linux-sigcontext.h does not
provide the same headers as the kernel or musl.
Fixes: FS#2040
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Set the LDFLAGS otherwise it will not get the target hardening flags or
any other generic flags provided in the LDFLAGS
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
d2e247d odhcp6c: align further with RFC8415
ce83a23 dhcpv6: avoid parsing unncessary IAs
b079733 dhcpv6: set cnt to correct IOV enum
41494da dhcpv6: get rid of request_prefix
f7437e4 dhcpv6: sanitize option request list
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The new samba36-hotplug package provides a hotplug.d script for the
"mount" subsystem. It automatically shares every mounted block device.
It works by updating /var/run/config/samba file which:
1) Is read by procd init script
2) Gets wiped on reboot providing a consistent state
3) Can be safely updated without flash wearing or conflicting with user
changes being made in /etc/config/samba
Cc: Rosy Song <rosysong@rosinson.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This will allow automation/hotplug.d scripts to store runtime shares in
the /var/run/config/samba. It's useful e.g. for USB drives that user
wants to be automatically shared.
Using /var/run/config/ provides:
1) Automated cleaning on reboots
It's important for consistency (to avoid sharing non-existing drives)
2) Safety for user non-commited changes
Automated scripts should never call "uci [foo] commit" as that could
flush incomplete config.
Another minor gain is avoiding flash wearing for runtime setup.
Cc: Rosy Song <rosysong@rosinson.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This fixes:
1) Getting STA info with newer firmwares
2) Getting DMI / UEFI / OF data
3) Possible memory corruption in firmware loading code
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
1) Using fwctx variable after brcmf_fw_request_done() was executed meant
accessing freed memory.
2) Using fwctx->completion for the wait_for_completion_timeout() call
could reuslt in NULL pointer dereference on fw loading error or if
brcmf_fw_request_done() was executed quickly enough.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Copy U-Boot to STAGING_DIR_IMAGE (and append it to the EVA-image from
there) to fix image generation using the image-builder.
Also remove the bootloader from DEVICE_PACKAGES and instead use the
BUILD_DEVICES directive from within the U-Boot makefile.
This fixes eva-image generation using the OpenWRT image-builder.
Signed-off-by: David Bauer <mail@david-bauer.net>
This patch deprecates the kmod-ptp-gianfar package and
introduces kmod-ptp-qoriq for 4.19+ in its place. This
has become necessary due to the linux kernel commit
ceefc71d4c05 ("ptp: rework gianfar_ptp as QorIQ common PTP driver")
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [reworded commit]
Currently busybox find and xargs conflict with the versions from
findutils package. Fix this by using ALTERNATIVES in busybox
and the related findutils (from packages feed) commit.
The conflict is due to the binaries being in the the same place
in rootfs and opkg not being happy about that.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
It seems, that since Linux 4.18-rc1 rtc-ds1307 depends on hwmon-core.
commit 6b583a64fd1e019fd01626b46892ebf2361951c5
Author: Heiner Kallweit <hkallweit1@gmail.com>
Date: Wed Sep 27 22:41:26 2017 +0200
rtc: ds1307: simplify hwmon config
We don't have to define an extra config symbol, IS_REACHABLE does
what we need. And having this config symbol just to save the few
bytes of hwmon support on non-DS3231 chips isn't worth it IMO
(especially as the symbol is set per default).
While at it, use the same dependency check for `kmod-regmap` as well, so
it's future proof as well.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
70f8785 zones: add zone identifying local traffic in raw OUTPUT chain
6920de7 utils: Free args in __fw3_command_pipe()
6ba9105 options: redirects: Fix possible buffer overflows
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This commit adds the nescessary settings to allow reading the uboot environment variables on the GL.iNet GL-B1300 board.
Signed-off-by: Ibrahim Tachijian <barhom@netsat.se>
This updates hostapd to version the git version from 2018-12-02 which
matches the 2.7 release.
The removed patches were are already available in the upstream code, one
additional backport is needed to fix a compile problem.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This is a big block(d) cleanup with new feature of generating "mount"
hotplug.d events.
It's an important update for those who were using mountd in the
pre-18.06 releases. Due to the mountd being replaced with blockd a
support for "mountd" hotplug.d events has been lost. It broke all kind
of shell scripts that were e.g. managing services depending on an
external USB drive availability.
This basically (re-)adds support for calling /etc/hotplug.d/mount/
scripts with ACTION ("add" or "remove") and DEVICE set.
af93f4b block(d): improve hotplug.d "mount" events for the autofs
3bb3352 blockd: unmount device explicitly when it disappears
28753b3 block: remove target directory after unmounting
c8c7ca5 block: cleanup handling "start" action of the "autofs" command
f1bb762 block: make blockd_notify() return an int instead of void
71c2bde block: generate hotplug.d mount events
30f5096 block: validate amount of arguments for the "autofs" command
dc6a462 blockd: don't reparse blob msg in the vlist callbacks
f6a9686 blockd: don't unmount device when removing it from the list
1913fea block: don't duplicate unmounting code in the mount_action()
6b445fa block: make umount_device() function more generic
a778468 block: don't duplicate mounting code in the mount_device()
5dc631d block: simplify code picking mount target directory
2971779 block: move blockd_notify() call out of the conditional blocks
b86bd6e block: fix formatting & indent in the mount_device()
e12c0d6 fstools: use EXIT_FAILURE when indicating error on exit
091aa3d fstools: guard usage of WEXITSTATUS
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This commit allows to use non-standard UBI volume name as the rootfs
volume in sysupgrade.
ex.:
The U-Boot on Buffalo WXR-2533DHP checks existence and checksum of
"ubi_rootfs" volume when booting, so this name is required.
OpenWrt currently provides several patches:
490-ubi-auto-attach-mtd-device-named-ubi-or-data-on-boot.patch
491-ubi-auto-create-ubiblock-device-for-rootfs.patch
492-try-auto-mounting-ubi0-rootfs-in-init-do_mounts.c.patch
to facilitate ubi rootfs automount. However the upstream kernel
also supports the means of booting from a fully custom ubi
partition name and ubi volume name via bootargs/kernel's cmdline
parameters:
ubi.mtd=mtd_partition_name
ubi.block=rootfs_volume_name
root=/dev/ubiblock$X_$Y
For more information and examples visit the wiki over at linux-mtd:
<http://www.linux-mtd.infradead.org/faq/ubifs.html>
<http://www.linux-mtd.infradead.org/doc/ubi.html>
Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [reworded commit]
Update busybox to 1.30.0.
Refresh patches.
Leave new features disabled by default.
Config refreshed via:
cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-1.30.0
make package/busybox/compile
cd package/utils/busybox
./convert_defaults.pl < ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-1.30.0/.config > Config-defaults.in
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This device is called GL-AR300M, therefore rename the board(s)
to 'gl-ar300m-nor' and 'gl-ar300m-nand'
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
[change boardname in uboot envtools as well, don't use wildcards for
boardname]
Signed-off-by: Mathias Kresin <dev@kresin.me>
check_signature is a bool option and doesn't take any arguments. The
presence of the 1 falsely suggests setting it to 0 disables the check,
while the option actually needs to be removed or commented out to be
disabled. So remove the argument to make it more clear.
Fixes: beca028bd6 ("build: add integration for managing opkg package feed keys")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Before installing an interface triggger check if an interface
trigger for the interface is already in place.
This avoids installing identical interface triggers for a given
interface
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
omcproxy will not start up if either the downlink or uplink interface is
not up at boottime as the interface triggers are not correctly
installed.
Further rework omcproxy init to make use of network functions defined
in network.sh; set proper family and proto options in procd firewall
rules.
Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
dd508af iwinfo: fix QCA9984 vendor id
0eaabf1 iwinfo: add device id for Atheros AR9287
6e998ec iwinfo: add device id for MediaTek MT7612E
5aa8c54 libiwinfo: nl80211: add mesh stats on assoclist.
77a9e98 iwinfo: Add Mikrotik R11e-2HPnD and R11e-5HacT to hardware list
Signed-off-by: Mathias Kresin <dev@kresin.me>
This reverts commit fd569e5e9d.
After an extra review & discussion few concerns were raised regarding
that feature:
1) It reacts to hotplug.d "block" events instead of more accurate (but
currently unavailable) "mount" events.
2) It requires *something* to mount block device before samba hotplug.d
gets fired. Otherwise samba_add_section() will just return.
3) It doesn't reload Samba which some users may expect
4) It operates on /etc/ which is not a right place for autogenerated
ephemeral config.
5) It doesn't include any cleanup for non-existing shares.
Cc: Rosy Song <rosysong@rosinson.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
417ab77 mt7603: improve recovery from PSE reset failure
fea7ad8 mt76: move mt76x02_phy_get_min_avg_rssi to mt76 core
9d009be mt7603: add dynamic sensitivity tuning based on false CCA events
2c8e9ac mt7603: initialize channel maximum power from eeprom data
b2cc29b mt76: move mt76x02_get_txpower to mt76 core
6203d46 mt7603: add support for setting transmit power
294e095 mt7603: reset DMA scheduler on MT7628
8178f0d mt7603: apply efuse data only when it exists
e67e551 mt76: dma: remove napi from mt76_dma_rx_fill signature
0490bd2 mt76: usb: do not build the skb if reported len does not fit in buf_size
eb076ae mt76: Add missing include of linux/module.h
1d2819e mt76: fix typo in mt76x02_check_mac_err routine
9c9fae3 mt76: mac: run mt76x02_mac_work routine atomically
6be90b6 mt76: usb: avoid queue/status spinlocks while passing tx status to mac80211
40dad32 mt76x0: pci: fix ACS support
d94e9c4 mt76x02: do not set protection on set_rts_threshold callback
0d83d73 mt76x02: fixup MT_PROT_RATE_* defines
628f8d7 mt76x02: set protection according to ht operation element
f7d8c17 mt76x0: configure MT_VHT_HT_FBK_CFG1
10f57cf mt76x2: add static qualifier to mt76x2_init_hardware
37b2ad3 mt76: dfs: run mt76x02_dfs_set_domain atomically
51b6daf mt76x2: init: set default value for MT_TX_LINK_CFG
9661da4 mt76: add energy detect CCA support to mt76x{0,2}e drivers
876d0e9 mt76: mac: minor optimizations in mt76x02_mac_tx_rate_val
c78e317 mt76: dma: do not build skb if reported len does not fit in buf_size
3598046 mt76: mmio: introduce mt76x02_check_tx_hang watchdog
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Since kernel 4.18 support for Qualcomm glue layer was
moved from DWC3 OF Simple to a separate DWC3 QCOM module.
So lets add it and make it depend on 4.19 kernel and make
sure that DWC3 OF Simple is not included if 4.19 is used.
Signed-off-by: Robert Marko <robimarko@gmail.com>
This version removes a lot of unusefull warnings that would quickly overflow the dmesg.
Warnings like this:
ath10k_ahb a800000.wifi: Invalid legacy rate 26 peer stats
ath10k_ahb a000000.wifi: Invalid VHT mcs 15 peer stats
On this version I only had 2 warnings at all.
Tested on 8devices Jalapeno.
Signed-off-by: Robert Marko <robimarko@gmail.com>
Based on the process of discovery in
https://github.com/openwrt/openwrt/pull/1613, it has become clear
that (at least) the PowerCloud System CR5000 was unable to get
working 5GHz wireless (PCIe) because AH_USE_EEPROM was unconditionally
masked out, not only when qca,noeeprom was in the DTS.
This patch moves mask AH_USE_EEPROM into the if ... qca,noeeprom
OF test.
Thanks to Christian Lampartar (@chunkeey) for the heavy lifting and help.
Patch has been prepared for upstream and will be submitted after review
by @chunkeey and @xdarklight.
Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
GCC 8.0+ <https://gcc.gnu.org/gcc-8/changes.html> introduces a new
warning about unsafe macros expanding to multiple statements used
as a body of a statement such as if, else, while, switch, or for.
In combination with -Werror this can cause the compilation to fail:
|In file included from xmalloc.c:37:
|xmalloc.c: In function 'xmalloc':
|system.h:39:2: error: macro expands to multiple statements [-Werror=multistatement-macros]
| fflush(stdout); \
| ^~~~~~
|xmalloc.c:52:5: note: in expansion of macro 'error'
| error (EXIT_FAILURE, 0, _("memory exhausted"));
| ^~~~~
|xmalloc.c:51:3: note: some parts of macro expansion are not guarded by this 'if' clause
| if (p == NULL)
| ^~
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
67ce93e Fix compile error on kernel 4.15+
c1345bb Change driver version to 10.3.8.0-20181210.
9cb815b Upgrade 88W8997 firmware to 8.4.4.6.
433fc6d Fix non-backport use of nla_parse before 4.12.0
3b36e21 Use wiphy_to_ieee80211_hw() instead of wiphy_priv()
97ebcfa Change driver version to 10.3.8.0-20181120.
f000953 Upgrade 88W8997 firmware to 8.4.4.4.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Depending on the global nls support configuration in the buildroot, the
linked libelf.so library might depend on libintl.so.
Import the nls.mk helper to set library prefixes and flags accordingly
in this case.
Ref: https://github.com/openwrt/packages/issues/7728#issuecomment-448760140
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When building with full lagnuage support, libelf.so will depend on and
link with libintl.so so we need to change the pkg-config template to
reflect this library dependency.
Also change the Makefile to only pass --disable-nls to configure when
the full nls support is actually disabled in the buildroot config.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The iproute2 build system links libelf support to every utility while only
the tc program actually requires libelf specific functionality.
Unfortunately the BPF ELF functionality is not confined into an own
compilation unit but added to the existing bpf.c sources of the shared
static libutil.a, causing every iproute2 applet to pick up an implicit
libelf.so dependency.
In order to avoid this requirement, patch the iproute2 build system to
create both a libutil.a and a libutil-elf.a, with the former being built
without libelf functionality and to only link the tc applet with the libelf
enabled libutil.
Finally, make the tc package depend on libelf to solve compilation errors.
Ref: https://github.com/openwrt/packages/issues/7728
Fixes: FS#2011
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Support other packages using pkg-config to query existence and details of
libelf and libdw libraries at build time.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
This file is needed to properly use the tc ematch modules present in
kmod-sched-core and kmod-sched. It is a read-only index file of ematch
methods used only by tc.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
The LS1021A-IoT gateway reference design based on the
QorIQ LS1021A processor is a purpose-built, small
footprint hardware platform with a wide array of
high-speed connectivity and low-speed serial interfaces
to support secure delivery of IoT services for home,
business or other commercial location.
- Combines standards-based, open source software with a
feature-rich IoT gateway design to establish a common,
open framework for secured IoT service delivery and
management.
- Provides a wide assortment of high-speed and serial-based
connectivity in a compact, highly secure design.
- High efficiency through the use of the Arm-based QorIQ
LS1021A embedded processor.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
It seems, that since Linux 4.18-rc2 ci_hdrc depends on ulpi.
commit a930d8bd94d8db7715d1af74299f710b1fb22fc8
Author: Fabio Estevam <fabio.estevam@nxp.com>
Date: Wed Jul 4 10:09:58 2018 -0300
usb: chipidea: Always build ULPI code
Commit 03e6275ae381 ("usb: chipidea: Fix ULPI on imx51") causes a kernel
hang on imx51 systems that use the ULPI interface and do not select the
CONFIG_USB_CHIPIDEA_ULPI option.
In order to avoid such potential misuse, let's always build the
chipidea ULPI code into the final ci_hdrc object.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
After changing board names to DT compat string, we also need to
adjust the script which generates uboot-env configuration files.
Fixes: e880a30549 ("mxs: use generic sysinfo board detection")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
According to https://github.com/openwrt/openwrt/pull/1527, support
for the Buffalo BHR-4GRV2 in ath79 requires repartitioning from
an initramfs image, make this easier by supporting uboot-envtools
support out of the box.
Build tested, but not runtime tested.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Port support for the Buffalo WZR-HP-AG300H from the ar71xx target to
ath79 as well.
Build- and runtime tested on the Buffalo WZR-HP-AG300H.
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Interface triggers are installed by the dropbear init script in case an
interface is configured for a given dropbear uci section.
As dropbear is started after network the interface trigger event can be
missed during a small window; this is especially the case if lan is
specified as interface.
Fix this by starting dropbear before network so no interface trigger
is missed. As dropbear is started earlier than netifd add a boot function
to avoid the usage of network.sh functions as call to such functions will
fail at boottime.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
In the upstream netdev led trigger the one mode file was replaced by 3
files named rx, tx and link. Fix the netdev trigger configuration code
to use the modified API.
Fixes: aa3b6a08c5 ("kernel: Replace ledtrig-netdev with upstream backport")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit 216397b812.
Due to:
Package ip-tiny is missing dependencies for the following libraries:
libelf.so.1
Makefile:187: recipe for target '/var/lib/buildbot/slaves/slave-lede-builds4/mips_24kc/build/sdk/bin/packages/mips_24kc/base/ip-tiny_4.19.0-6_mips_24kc.ipk' failed
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The eapol-test application also uses the code with the newly activated
ubus support, add the missing dependency.
Fixes: f5753aae23 ("hostapd: add support for WPS pushbutton station")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
mbedtls uses some instructions introduced in ARMv6 which are not
available in older architectures.
Fixes: 3f7dd06fd8 ("mbedtls: Update to 2.14.1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Update mbedtls to 2.14.1
This fixes:
* CVE-2018-19608: Local timing attack on RSA decryption
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[Update to 2.14.1]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Fixes these warnings:
swlib.c:455:18: warning: implicit declaration of function 'isspace'
swlib.c:461:9: warning: implicit declaration of function 'isdigit'
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Added two upstream mailing list patches that fix behavior under big endian
systems. Issue was present since version 1.11.0.
Tested on Turris Omnia.
Original discussion: https://github.com/openwrt/openwrt/pull/1575
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Use a forked version of the rtl8812au driver that works better
with OpenWRT (fix compile bugs, fix phy MAC address, etc)
Signed-off-by: Ben Greear <greearb@candelatech.com>
[update to 2018-11-16, replace rtw_byteorder.h, rename folder]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This updates the ath10k-ct driver to the version from 2018-12-11 and
selects the ath10k-ct version based on kernel 4.19 by default.
CONFIG_ATH10K_CE was introduced between kernel 4.16 and 4.19 and is a
mandatory option.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In mainline kernel commit 02c7b25e5f5 ("netfilter: nf_tables: build-in
filter chain type") all chain filters were merged into one file and into
one kernel module to save some memory. The code protected by these
configuration options CONFIG_NF_TABLES_BRIDGE, CONFIG_NF_TABLES_IPV4,
CONFIG_NF_TABLES_ARP, CONFIG_NF_TABLES_IPV6, CONFIG_NF_TABLES_NETDEV and
CONFIG_NF_TABLES_INET was merged into the nft_chain_filter.c file which
is now always compiled into the nf_tables.ko file.
This only happened in kernel 4.19 and OpenWrt has to select these as
modules in older kennel versions. Mark them as build-in in the kernel
4.19 specific kernel configuration file which will then not be
overwritten by the package specific settings which try to make them
modular again.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
CONFIG_HW_RANDOM_TPM does not activate a separate kernel module any
more, but it only activates the random code in the tpm.ko.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The video-videobuf2 kernel modules were moved to a new folder in kernel
4.19. videobuf2-v4l2.ko is only available since kernel 4.4, blacklist
this kmod completely on kernel 3.18.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The x86 optimized cryptographic algorithm kernel modules now mostly use
crypto_simd.ko instead of lrw.ko in kernel 4.19. Add the new module to
the kmod-crypto-misc package.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The asn1_decoder.ko module is needed by the kmod-nf-nathelper-extra
package in kernel 4.19, extract it and add the missing dependencies.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Kernel interface changed with kernel 4.19, it does not accept raw GPIO
numbers any more. Deactivate these drivers on kernel 4.19 for now.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The r8169 driver uses the phy lib with the realtek phy driver in kernel
4.19 instead of integrating the phy driver into the mac driver.
Add the new phy driver and add this missing dependency.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The ledtrig-netdev was added to upstream Linux kernel 4.16, replace our
own version with the patch based on the upstream version.
This will remove the ledtrig-netdev support from kernel 3.18, because I
not want to spend time on backporting it to 3.18. This will make it
easier to use the upstream version with kernel 4.19, by just not
applying this patch.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
63843750 Update manual pages
27801e98 Bump up version number to 1.35.1
60e020a8 nghttpx: Fix broken trailing slash handling
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The above options were incorrectly changed to required tags. Make them
optional again.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Backport upstream patch fixing incorrect passing of -lxtables to
LDFLAGS instead of LDLIBS in the tc/Makefile
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This updates the backports package used in mac80211 to version 4.19.7-1
which is based on kernel 4.19.7. This integrates all the stable fixes
introduces in this kernel version.
The deleted patches are not needed any more because they are either
included in the upstream Linux kernel 4.19.7 or in backports 4.19.7-1.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In hack/904-debloat_dma_buf.patch, DMA_SHARED_BUFFER is changed from
bool to tristate. As this patch is not applied to external kernel
sources, build fails if kmod-dma-buf is enabled. Fix this by only
including the module file if CONFIG_EXTERNAL_KERNEL_TREE and
CONFIG_KERNEL_GIT_CLONE_URI are not enabled.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
3aa81d0 file: access exec timeout via daemon ops structure
7235f34 plugin: store pointer to exec timeout value in the ops structure
ccd7c0a treewide: rename exec_timeout to rpc_exec_timeout
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
During upstream removal of conditional ipv6 support an order swap error
was made in a ternary operator usage.
This patch sent upstream.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
The argument to print_0xhex is converted to unsigned long long
so the format string give for normal printout has to be some
variant of %llx. Backport the patch as otherwise, bogus values
will be printed on 32 bit platforms.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This partitialy reverts commit ccab68f2d3.
Registering the GPIO chip without a parent device completely breaks the
ath9k GPIOs for device tree targets.
As long as boards using the devicetree don't have the gpio-controller
property set for the ath9k node, the unloading of the driver works as
expected.
Register the GPIO chip with the ath9k device as parent only for OF
targets to find a trade-off between the needs of driver developers and
the broken LEDs and buttons seen by users.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Beside one exception, no one took care of these two remaining boards
still using the legacy image build code during the last two years.
Since OpenWrt 14.07 the ALLNET ALL0239-3G image building is broken.
The Sitecom WL-341 v3 image build code looks pretty hackish and broken.
It's questionable if the legacy image works as all.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Support other packages using pkg-config to query existence and details of
libelf and libdw libraries at build time.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
similar to hostapd, also add a ubus interface for wpa_supplicant
which will allow handling WPS push-button just as it works for hostapd.
In order to have wpa_supplicant running without any network
configuration (so you can use it to retrieve credentials via WPS),
configure wifi-iface in /etc/config/wireless:
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'wwan'
option mode 'sta'
option encryption 'wps'
This section will automatically be edited if credentials have
successfully been acquired via WPS.
Size difference (mips_24kc): roughly +4kb for the 'full' variants of
wpa_supplicant and wpad which do support WPS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This patch updates the uboot-fritz4040 package to the latest version.
The portability and private-libgcc patches, as well as the
upload-to-f4040.sh script have been added to the upstream repository.
Furthermore, the upload-to-f4040 has been updated to take the first
parameter as the file it is supposed to flash, otherwise it defaults
to the previous "uboot-fritz4040.bin". Furthermore the error messages
have been improved and ftp will now dump some "progress information"
to the user's console.
Also included is support for gcc 8+ and a fix for the obnoxous error
that currently breaks the builders:
| fritz/src/lzma2eva.c:23:30: fatal error: zlib.h: No such file or directory
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Backport upstream commits. Most interesting 122392e which changes how
SERVFAIL is handled especially in event of genuine server down/failure
scenarios with multiple servers. a799ca0 also interesting in that
answered received via TCP are now cached, DNSSEC typically using TCP
meant until now answers weren't cached, hence reducing performance.
59e4703 Free config file values on parsing errors.
48d12f1 Remove the NO_FORK compile-time option, and support for uclinux.
122392e Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e
3a5a84c Fix Makefile lines generating UBUS linker config.
24b8760 Do not rely on dead code elimination, use array instead. Make options bits derived from size and count. Use size of option bits and last supported bit in computation. No new change would be required when new options are added. Just change OPT_LAST constant.
6f7812d Fix spurious AD flags in some DNS replies from local config.
cbb5b17 Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab
cf59843 Don't forward *.bind/*.server queries upstream
ee87504 Remove ability to compile without IPv6 support.
a220545 Ensure that AD bit is reset on answers from --address=/<domain>/<address>.
a799ca0 Impove cache behaviour for TCP connections.
Along with an additional patch to fix compilation without DHCPv6, sent
upstream.
I've been running this for aaaages without obvious issue hence brave
step of opening to wider openwrt community.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This reverts commit a6a8fe0be5.
buildbot found an error
option.c: In function 'dhcp_context_free':
option.c:1042:15: error: 'struct dhcp_context' has no member named 'template_interface'
free(ctx->template_interface);
revert for the moment
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Backport upstream commits. Most interesting 122392e which changes how
SERVFAIL is handled especially in event of genuine server down/failure
scenarios with multiple servers. a799ca0 also interesting in that
answered received via TCP are now cached, DNSSEC typically using TCP
meant until now answers weren't cached, hence reducing performance.
59e4703 Free config file values on parsing errors.
48d12f1 Remove the NO_FORK compile-time option, and support for uclinux.
122392e Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e
3a5a84c Fix Makefile lines generating UBUS linker config.
24b8760 Do not rely on dead code elimination, use array instead. Make options bits derived from size and count. Use size of option bits and last supported bit in computation. No new change would be required when new options are added. Just change OPT_LAST constant.
6f7812d Fix spurious AD flags in some DNS replies from local config.
cbb5b17 Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab
cf59843 Don't forward *.bind/*.server queries upstream
ee87504 Remove ability to compile without IPv6 support.
a220545 Ensure that AD bit is reset on answers from --address=/<domain>/<address>.
a799ca0 Impove cache behaviour for TCP connections.
I've been running this for aaaages without obvious issue hence brave
step of opening to wider openwrt community.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Openwrt no longer uses and has not used since 5acfe55d71 Jun 2016 the
timestamp file (/etc/dnsmasq.time) method of resolving the dnssec/ntp
dnslookup chicken/egg problem, having used signals from ntp since that
change.
Drop the 'dnssec-improve-timestamp-heuristic' patch since it is neither
used nor sent upstream. One less thing to refresh & maintain.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
When '-k' is used, sysupgrade inserts into backup a new file
/etc/backup/installed_packages.txt which contains pkgname and origin (rom,
overlay, unknown) without touching rootfs.
It's mainly used to reinstall all extra packages:
# opkg update
# grep "\toverlay" /etc/backup/installed_packages.txt | cut -f1 | xargs -r opkg install
# rm /etc/backup/installed_packages.txt
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Add sysupgrade '-o' option in order to include all overlay files in
backup, except for those that are from packages but including files
listed in conffiles, sysupgrade.conf or /lib/upgrade/keep.d.
With '-u' option, it will skip files equals to /rom and conffiles that
were not changed.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
With '-u', for a file /aaa/bbb/ccc enlisted for backup,
it will only get into backup if /rom/aaa/bbb/ccc does not
exist or /aaa/bbb/ccc is different from /rom/aaa/bbb/ccc.
It also works with '-c', but only effective for files touched
but not modified.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Renamed add_uci_conffiles to add_conffiles as it includes
any conffiles listed, not only UCI ones.
Make do_save_conffiles arg mandatory
Allow other options after -l (like -c)
Do not use stdout for error messages (fixes backup to stdout)
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
This now matches what was generated locally on my PC and the file on the
mirror server.
Fixes: 575d0240f9 ("ath10k-firmware: update board-2.bin for community firmwares")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream
Added patches :
001-extensions_format-security_fixes_in_libip.patch
002-include_fix_build_with_kernel_headers_before_4_2.patch
101-remove-register-check.patch
The first and the second patch are upsteam fixes for compilation errors.
The third patch remove check if one target lib is already registred; this is caused by
shared libs that are loaded before the iptables execution.
Iptables changelog:
bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release
61d6c38 xtables: add 'printf' attribute to xlate_add
5edb249 libxtables: xlate: init buffer to zero
9afd2a6 tests: shell: fix expected arptables-save output
6387941 arptables: fix --version info
d703c1f arptables: ignore --table argument.
d5754e3 arptables: make uni/multicast mac masks static
1b63e66 arptables: add test cases
5aecb2d arptables: pre-init hlen and ethertype
9677ed1 arptables: fix src/dst mac handling
ab0b6d5 arptables: fix target ip offset
c0c75ce arptables: fix -s/-d handling for negation and mask
3ac65af arptables: add basic test infra for arptables-nft
e31564f arptables: fix rule deletion/compare
2345ff6 arptables: remove code that is also commented-out in original arptables
50c2397 arptables-save: add -c option, like xtables-save
d9a518e arptables: use ->save for arptables-save, like xtables
5a52e6a extensions: test protocol and interface negation
85d7df9 xtables: Fix error return code in nft_chain_user_rename()
3ccb443 xtables: Clarify error message when deleting by index
95db364 xtables: Fix typo in do_command() error message
5f508b7 ebtables: use extrapositioned negation consistently
583b27e ebtables-save: add -c option, using xtables-style counters
e6723ab nft: add NFT_TABLE_* enumeration
21ec111 nft: replace nft_chain_dump() by nft_chain_list_get()
05947c8 iptables-nft: fix -f fragment option
7bd9feb libxtables: add and use mac print helpers
a10eb88 extensions: libebt_ip: fix tos negation
9b127b7 extensions: libebt_ip6: fix ip6-dport negation
c59ba1b xtables-nft: make -Z option work
1bf4a13 nft: add missing error string
a9f9377 iptables-tests: add % to run iptables commands
b81c8da iptables-tests: do not append xtables-multi to external commands
edf2b7c ebtables-nft: add arpreply target
2d1372e ebtables: add redirect test case
c3e8dbd ebtables: add test cases
cd90cef ebtables: relax -t table restriction, add snat/dnat test cases
fd95f1f ebtables: fix -j CONTINUE handling for add/delete
fb747f8 tests: add basic ebtables test support
d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr
9ff9915 iptables-test: fix netns test
8c918db xtables: Fix for matching rules with wildcard interfaces
b2fc2a3 extensions: limit: unbreak build without libnftnl
682f39a xtables: Fix for spurious errors from iptables-translate
90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release
0123183 iptables-test: add -N option to exercise netns removal path
abae556 libxtables: expose new etherdb lookup function through libxtables API
c2d9ed9 libxtables: prefix exported new functions for etherdb lookups
5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota"
2673faf xtables: Remove target_maxnamelen field
8ca3436 extensions: cgroup: fix option parsing for v2
0a8f2bc extensions: libxt_quota: Allow setting the remaining quota
b373a91 nft-shared: Use xtables_calloc()
5a40961 arptables: Use the shared nft_ipv46_parse_target()
9f07503 Combine parse_target() and command_jump() implementations
7373297 Combine command_match() implementations
a76ba54 libiptc: NULL-terminate errorname
a3716cc libxtables: Check extension real_name length
0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts
671e40a xtables: Drop pointless check
7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find()
11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload()
d95c1e8 libxtables: Use posix_spawn() instead of vfork()
7e50eba Fix a few cases of pointless assignments
f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking
47fb86c nft-arp: Drop ineffective conditional
80aae9b iptables: Use print_ifaces() from xtables
8da04ff Share print_ipv{4,6}_addr() from xtables
b686594 iptables-apply: Replace signal numbers by names
f175dee iptables-apply: Quote strings passed to echo
52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query()
61ebf3f libxtables: Don't read garbage in xtables_strtoui()
ab639f2 libxtables: Avoid calling memcpy() with NULL source
22ef371 libiptc: Simplify alloc_handle() function signature
6b7145f libxt_time: Drop initialization of variable 'year'
749d3c2 libxt_ipvs: Avoid potential buffer overrun
8e798e0 libxt_conntrack: Avoid potential buffer overrun
74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION
d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id
23ef6f0 xtables: Remove unused variable in nft_is_table_compatible()
4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable'
1788f54 Mark fall through cases in switch() statements
31f1434 libxtables: Integrate getethertype.c from xtables core
7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush()
8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr()
6fc7762 libxt_string: Fix array out of bounds check
2a68be1 xtables-save: Ignore uninteresting tables
f9efc8c extensions: add cgroup revision 2
9b8cb16 extensions: REJECT: Merge reject tables
56d7ab4 libxt_string: Avoid potential array out of bounds access
bfd41c8 ebtables: Fix for potential array boundary overstep
e6f9867 libiptc: Avoid side-effect in memset() calls
4144571 libxtables: Fix potential array overrun in xtables_option_parse()
9242b5d xtables: Accept --wait in iptables-nft-restore
c9f4f04 xtables: Don't check all rules for being compatible
15606f2 doc: Improve layout of u32 instructions
7345037 xtables-restore: Fix flushing referenced custom chains
7df11d1 xtables: Drop use of IP6T_F_PROTO
b6a06c1 xtables: Align return codes with legacy iptables
3bb497c xtables: Fix for deleting rules with comment
0800d9b ip6tables-translate: Fix libip6t_mh.txlate test
4cf650c ebtables-translate: Fix for libebt_limit.txlate
783e9c2 xtables: Add missing deinitialization
9771d06 ebtables: Review match/target lookup once more
85ed1ab extensions: libebt_mark: Drop mark_supplied check
6a46ca0 xtables: Add a few missing exit calls
acde6be ebtables-translate: Fix segfault while parsing extension options
2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more
9f5b28a xlate-test: Fix for calling wrong command name
1a878a7 extensions: AUDIT: Provide translation
5ee03e6 xtables: Use meta l4proto for -p match
37b68b2 xtables: Fix for segfault when registering hashlimit extension
92f7b04 xtables: Fix for segfault in iptables-nft
294f9ef ebtables: Fix entries count in chain listing
6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero
7bccf30 ebtables: Fix for listing of non-existent chains
3d9a13d xtables: Fix for no output in iptables-nft -S
a33c6fd arptables: Drop extensions/libxt_mangle.c
02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c
5de8dcf xtables: Use native nftables limit expression
514de48 ebtables: Remove flags misinterpretations
528cbf9 xtables: Fix for wrong counter format in -S output
9ca32c4 xtables: Don't pass full invflags to add_compat()
e055aeb xtables: Improve xtables-monitor first impression
b925733 tests: Fix skipping for recent nft-only tests
277f374 xtables: Spelling fixes in xtables-monitor
a9d9f64 xtables: Fix potential segfault in nft_rule_append()
fbf0bf7 tests: Add ebtables-{save,restore} testcases
f1d8508 tests: Add arptables-{save,restore} testcases
63c3dae xtables: Implement arptables-{save,restore}
aa7fb04 ebtables: Review match/target lookup
3f123dc ebtables-restore: Use xtables_restore_parse()
295d5a8 xtables-restore: Make COMMIT support configurable
1679b2c xtables-restore: Improve user-defined chain detection
2ce9f65 xtables: Match verbose ip{,6}tables output with legacy
cd79556 xtables: Reserve space for 'opt' column in ip6tables output
0357254 xtables: Print error when listing non-existent chains
206033e xtables: Fix for no output on first iptables-nft invocation
a0698de xtables: Do not count rules as chain references
d11b6b8 arptables: Fix jumps into user-defined chains
3f27955 arptables: Fix opcode printing in numeric output
f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore}
3319c61 ebtables: Support --init-table command
3ec8aac arptables: Print policy only for base chains
83bc189 arptables: Fix for trailing spaces in output
aaed1b6 arptables: Fix memleaks in do_commandarp()
d67d85d ebtables: Print non-standard target parameters
2e478e9 ebtables: Fix match_list insertion
a192f03 ebtables: Fix for wrong program name in error messages
a2ed880 xshared: Consolidate argv construction routines
1cc0918 xshared: Consolidate parse_counters()
78b9d43 Consolidate DEBUGP macros
14ad525 xtables: Fix program name in xtables_error()
f7bbdb0 xtables: Use correct built-in chain count
ae574b2 xtables: Fix compilation with NLDEBUG defined
82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs
c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs
89d3443 xtables: Fix for nft_rule_flush() returning garbage
c259447 xtables: Allocate rule cache just once
ed30b93 nft: don't print rule counters unless verbose
31e4b59 iptables-restore: free the table lock when skipping a table
f8e29a1 xtables: avoid bogus 'is incompatible' warning
6ea7579 nft: decode meta l4proto
922508e xtables: implement ebtables-{save,restore}
25ef908 xtables: introduce nft_init_eb()
de8574a xtables: parameter to add_argv() may be const
6f60f22 xtables: pass format to nft_rule_save()
f3b772c xtables: introduce save_chain callback
fa1681f xtables: rename {print,save}_rule functions
444d581 xtables: get rid of nft_ipv{4,6}_save_counters()
34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find()
de782e8 xtables: merge nft_ipv{4,6}_parse_target()
ae8eece xtables: get rid of nft_ipv{4,6}_print_header()
2687794 xtables: arp: make rule_to_cs callback private
1bf73c4 xtables: Use new callbacks in nft_rule_print_save()
1866625 xtables: introduce rule_to_cs/clear_cs callbacks
0589457 xtables: simplify struct nft_xt_ctx
d9c6a5d xtables: merge {ip,arp}tables_command_state structs
87b5b9e iptables: replace memset by c99-style initializers
907da5c xtables: fix crash if nft_rule_list_get() fails
565a223 xtables: Support nft suffix for arptables and ebtables
c468f01 tests: check iptables retval, not echo
47d1484 iptables: tests: add test for iptables-save and iptables-restore
e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled
17c66a5 iptables: tests: shell: Add README
6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency
7b66fc2 man: clarify translate tools do not modify any state
f7fec51 xtables-monitor: add --version option
b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy
2028e54 xtables: display legacy/nf_tables flavor in error messages, too
fd8d7d7 ebtables-nft: add stp match
f15639b tests: add script that mimics firewalld startup
27f7db2 tests: fix variable name to multi-binary
2a89ec5 tests: add a few simple tests for list/new/delete
37d9d5b ebtables-nft: make -L, -X CHAINNAME work
816bd1f ebtables-nft: remove exec_style
b81708f ebtables-nft: don't crash on ebtables -X
de02a75 doc: fix some spellos and the dash escape
dcf4529 tests: add firewalld default ruleset from fedora 27
f23abd5 tests: add another ipv4 only ruleset
ed9cfe1 tests: add initial save/restore test cases
9933dc5 tests: adapt test suite to run with legacy+nftables based binaries
be70918 xtables: rename xt-multi binaries to -nft, -legacy
d49ba50 xtables-restore: init table before processing policies
344c6eb doc: Fix spelling error in hashlimit section
e063873 tests: make duplicate test work
d26c538 xtables: add xtables-monitor
db84371 xtables: translate nft meta trace set 1 to -j TRACE
20eac2a xtables: warn in case old-style (set/getsockopt) tables exist
c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings
e5fed16 iptables8.in: Update coreteam names
672accf include: update kernel netfilter header files
856a875 xtables: silence two compiler warnings
ae6e159 xtables: remove dead code inherited from ebtables
107b7eb configure: add -Wlogical-op warning to cflags
bc7f49d ebtables-translate: remove --change-counters code
38b4166 iptables: tests: shell: add shell test-suite
1e6427a xtables-compat: skip invalid tables
cb368b6 xtables: more error printing fixes
b1b828f xtables: homogenize error message
4caa559 xtables: initialize basechains for rule flush command too
9b89622 xtables: rework rule cache logic
01e25e2 xtables: add chain cache
8d190e9 xtables: initialize basechains only once on ruleset restore
0a86351 xtables-compat: ignore '+' interface name
125d1ce xtables-compat: append all errors into single line
437746c xtables: extended error reporting
d1c79cd xtables: allocate struct xt_comment_info for comments
4e20209 xtables: use libnftnl batch API
49709e2 xtables-compat: remove nft_is_ruleset_compatible
03e1377 xtables: allow dumping of chains in specific table
94fd83d xtables: inconsistent error reporting for -X and no empty chain
c4f1622 ebtables-compat: add arp match extension
24ce746 ebtables-compat: add redirect match extension
84c04e3 ebtables-compat: add nat match extensions
14ec998 xtables-compat: ebtables: prefer snprintf to strncpy
5e2b473 xtables-compat: extend generic tests for masks and wildcards
1a696c9 libxtables: store all requested match types
bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks
6454d7d ebtables-translate: suppress redundant protocols
07f4ca9 xtables-compat: ebtables: allow checking for zero-mac
0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses
3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct
20e2758 xtables-compat: ebtables: fix logical interface negation
2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names
564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall
0ae81d0 xtables-compat: ebtables: kill ebtables_command_state
651cfee xtables-compat: pass correct table skeleton
652b98e xtables-compat: fix wildcard detection
49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid
429143b extensions: libxt_CONNMARK: incorrect translation after v2
db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark
155e1c0 extensions: libip6t_srh: support matching previous, next and last SID
f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range
6a9ffb1 xtables-compat-restore: flush table and its content with no -n
07ae37c xtables-compat: fix bogus error with -X and no user-defined chains
df3d92b xtables-compat-restore: flush user-defined chains with -n
ca16584 xtables-compat-restore: flush rules and delete user-defined chains
ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2
e25d99a xtables-compat: pass larger socket buffer
838746e xtables-compat: xtables-save: don't return 1
2211679 xtables-compat: ebtables: support concurrent option
a77a7d8 iptables-test: fix bug with rateest
de87405 xtables-compat: fix ipv4 frag (-f)
c7b2fd6 xtables-compat: also check tg2->userspacesize
5685938 xtables-compat: avoid unneeded bitwise ops
b9d7b49 xtables-compat: restore: sync options with iptables-restore
c0ef861 extensions: add xlate test for ipables -f
d79a7f1 xtables-compat: output -s,d first during save, just like iptables
d1eb4d5 iptables-compat: chains are purge out already from table flush
09f0d47 iptables-compat: do not fail on restore if user chain exists
8798eb8 iptables-compat: remove non-batching routines
b633ef9 xtables.conf: fix hook skeletons
7af2178 xtables-compat: fall back to comment match in case name is too long
e9aeecf xlate-test: use locally installed xlate tools
0ab58e3 xtables-compat: ebtables: handle mac masks properly
734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds
fb7ae9f xtables-compat: truncate comments to 254 bytes
36976c4 extensions: libipt_DNAT: support shifted portmap ranges
d7ac61b iptables-test: add nft switch and test binaries from git
992e17d xtables-compat: only fetch revisions for ip/ip6
12a52ff xtables: Fix rules print/save after iptables update
1197c5e xtables: Register all match/target revisions supported by us and kernel
e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time
3b2530c xtables: Do not register matches/targets with incompatible revision
d3f1437 xtables: Introduce and use common function to print val[/mask] arguments
29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments
56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension
79c2da9 extensions: ULOG: remove test
a0956ce ebtables-translate: turn off useless compat queries
9840869 nft: arptables: remove obsolete forward hook definition
7a37d14 iptables-compat: statify nft_restart()
a3aac1d iptables-compat: handle netlink dump EINTR errors
a567dc3 ebtables-compat: add 'vlan' match extension
7564bba ebtables-compat: add 'pkttype' match extension
4d40904 ebtables-translate: update table name on -t
5c8ce9c ebtables-compat: add 'ip6' match extension
8a85a14 libebt_ip: fix translations for tos and icmp
b6f0bec libebt_ip: add icmp support
f38ed1e xt-translate: quote interface names in translated output
71a6e37 icmp: split icmp type printing to header file
e67c088 ebtables-translate: add initial test cases
207dd5e xt-compat: add ebtables-translate
d988274 xlate-translate: split common parts into helper
1650806 xtables-eb: export 3 functions
6b2041c nft-bridge: add eb-translate backend functions
3063c37 nft-bridge: fix mac address printing
394a400 nft: fix crash when getprotobynumber() returns 0
6a1dbdf ebtables-compat: support intra-positioned negations
3e94f0a nft-bridge: add forward declaration for struct nftnl_rule
5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs'
ce3c780 nft: make nft_init self-contained
cb151d5 xtables-translate: rm duplicate includes
69c089b xt-compat: constify a few struct members
03ecffe ebtables-compat: add initial translations
57af67d iptables: constify option struct
88231c4 ebtables-compat: load mark target
6b4e167 ebtables-compat: don't make failing extension load fatal
24110b5 libxt_comment: silence truncation warning
98fc8ce xtables-compat: only validate the xtables builtin tables
9d9b724 xtables-compat: skip unsupported tables
59d15cf xtables-compat: also validate priorities and hook points match expected values
eb35854 xtables-compat: fix snprintf truncation warnings
fc04c8a extensions: CLUSTERIP: do not allow --local-node 0
eb2c052 extensions: CLUSTERIP: add tests
ca3c397 iptables: add xtables-translate.8 manpage
5beb158 extensions: libxt_bpf: Fix build with old kernel versions
147a891 extenstions: ecn: add tcp ecn/cwr translation
ed928a8 extensions: add tests for comp match options
632ace7 xtables-compat-multi.c: Allow symlink of ebtables
d7ccc68 iptables: add xtables-compat.8 manpage
043da5b extensions: connmark: remove non-working translation
a93b502 extensions: prefer plain 'set' over 'set mark and'
577b7e2 xtables-compat-restore: use correct hook priorities
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
I wanted to add status LEDs support to my imx6 based board and have
found out, that I could use diag.sh script found in ramips platform,
which seems to be also shared in a few other platforms:
4801276bc2078c5bcf03003c831e3b0a target/linux/ramips/base-files/etc/diag.sh
4801276bc2078c5bcf03003c831e3b0a target/linux/ipq40xx/base-files/etc/diag.sh
4801276bc2078c5bcf03003c831e3b0a target/linux/ath79/base-files/etc/diag.sh
So I've extended the base diag.sh in a way, that if it detects any of
the DTS LED aliases, then it would use the generic DTS set_led_state
code.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
SOC: IPQ4018 / QCA Dakota
CPU: Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM: 256 MiB
NOR: 32 MiB
ETH: Qualcomm Atheros QCA8072
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT: RESET Button
LEDS: Power, LAN, MESH, WLAN 2.4GHz, WLAN 5GHz
1. Load Ramdisk via U-Boot
To set up the flash memory environment, do the following:
a. As a preliminary step, ensure that the board console port is connected to the PC using these RS232 parameters:
* 115200bps
* 8N1
b. Confirm that the PC is connected to the board using one of the Ethernet ports. Set a static ip 192.168.99.8 for Ethernet that connects to board. The PC must have a TFTP server launched and listening on the interface to which the board is connected. At this stage power up the board and, after a few seconds, press 4 and then any key during the countdown.
U-BOOT> set serverip 192.168.99.8 && set ipaddr 192.168.99.9 && tftpboot 0x84000000 openwrt.itb && bootm
2. Load image via GUI
a. Upgrade EAP1300 to FW v3.5.3.2
In the GUI, System Manager > Firmware > Firmware Upgrade, to do upgrade.
b. Transfer to OpenWrt from EnGenius.
In Firmware Upgrade page, to upgrade yours openwrt-ipq40xx-engenius_eap1300-squashfs-sysupgrade.bin.
3. Revert to EnGenius EAP1300
To flash openwrt-ipq40xx-engenius_eap1300-squashfs-factory.bin by using sysupgrade command and "DO NOT" keep configuration.
$ sysupgrade –n openwrt-ipq40xx-engenius_eap1300-squashfs-factory.bin
Signed-off-by: Steven Lin <steven.lin@senao.com>
To be able to use the camera module, start_x=1 has to be set in
config.txt. This will cause the bootloader to load the GPU firmware that
contain the extra video codecs. Install these firmware files.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
An upstream change broke brcmfmac when loaded with modparam roamoff=1.
As we are carrying a patch that enables roamoff by default on the
brcm2708 target to improve stability, wireless is currently broken
there. Add a patch to fix brcmfmac with roamoff=1.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
For the parameters tls-cipher and ncp-ciphers more than one option can
be used in the OpenVPN configuration, separated by a colon, which should
be implemented as a list in order to configure it more clearly. By
adding the new OPENVPN_LIST option to the openvpn.options file with the
tls-cipher and ncp-cipher parameters, uci can now add this option as a
"list" and the init script will generate the appropriate OpenVPN
configuration from it.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This is actually a build dependency for /dev/crypto support in openssl.
Since it is a kernel module, it belongs here anyway.
- Removed Nikos Mavrogiannopoulos as maintainer.
- Streamlined make flags
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
This reverts commit 41770add03.
The fwtool_check_image() procedure is used by `sysupgrade --test` which must
not alter the image under test in any way.
Currently, when the LuCI ui or any other sysupgrade wrapper first invokes
sysupgrade --test to verify the compatibility of the image and then calculates
the sha256sum over it, the resulting checksum will differ from the original
image since the test invocation will implicitely strip the metadata trailer.
To properly fix the underlying issue, the combined image checksumming code
must be modified to skip the metadata trailer.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The return value of a package prerm script is discarded and not returned
correctly by default_prerm(). This allows other operations like service
shutdown to "leak" their return value, prompting workarounds like commit
48cfc826 which do not address the root cause.
Preserve a package prerm script return value for use by default_prerm(),
sharing the corresponding code from default_postinst() for consistency.
Also use consistent code for handling of /etc/init.d/ scripts.
Run Tested on: LEDE 17.01.4 running ar71xx.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Update the OpenVPN package to version 2.4.6, refresh patches and drop
menuconfig options which are not supported upstream anymore.
Also fix the x509-alt-username configure flag - it is not supported
by mbedtls and was syntactically wrong in the Makefile - and the
port-share option which has been present in menuconfig but not been
used in the Makefile.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
dfa4ede interface: fix return code of __interface_add()
a82a8f6 netifd: fix resource leak on error in netifd_add_dynamic()
fa2403d config: fix resource leaks on error in config_parse_interface()
85de9de interface: fix memory leak on error in __interface_add()
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
As automatic helper assignment is disabled in recent Linux kernels,
explicit rules must be added to the raw table for each helper.
While commit f50a524 in the firewall3 project added a set of default
rules and other additional related functionality, both this and the
alternative manual methods of defining these rules require kmod-ipt-raw.
Signed-off-by: Steven Honson <steven@honson.id.au>
This patch adds support for the Netgear WNDAP620 and WNDAP660,
they are similar devices, but due to the LAN LED configuration,
the switch setup and WIFI configuration each gets a different
device target.
Hardware Highlights WNDAP620:
CPU: AMCC PowerPC APM82181 at 1000 MHz
DRAM: 128 MB, 2 x 64 MiB DDR2 Hynix H5PS5162GF
CPU: AMCC PowerPC APM82181 at 1000 MHz
FLASH: 32 MiB, NAND SLC, Hynix HY27US08561A
Ethernet: RealTek RTL8363SB 2x2-Port Switch PHY - Only 1 GBit Port (POE)
Wifi: Atheros AR9380 minipcie - Dual-Band - 3x3:3
Serial: console port with RJ45 Interface (9600-N-8-1)
LEDS: Power, LAN-Activity, dual color LAN-Linkspeed, 2.4GHz, 5GHz LEDs
Button: Soft Reset Button
Antennae: 3 internal dual-band antennae + 3 x RSMA for external antennaes
Hardware Highlights WNDAP660:
CPU: AMCC PowerPC APM82181 at 1000 MHz + 2 Heatsinks
DRAM: 256 MB, 2 x 128 MiB DDR2
FLASH: 32 MiB, NAND SLC, Hynix HY27US08561A
Ethernet: RealTek RTL8363SB 2x2-Port Switch PHY (POE)
Wifi1: Atheros AR9380 minipcie - Dual-Band - 3x3:3
Wifi2: Atheros AR9380 minipcie - Dual-Band - 3x3:3
Serial: console port with RJ45 Interface (9600-N-8-1)
LEDS: Power, LAN-Activity, 2x dual color LAN-Linkspeed, 2.4GHz, 5GHz LEDs
Button: Soft Reset Button
Antennae: 6 internal dual-band antennae + 3 x RSMA for external antennaes
Flashing requirements:
- needs a tftp server at 192.168.1.10/serverip.
- special 8P8C(aka RJ45)<->D-SUB9 Console Cable
("Cisco Console Cable"). Note: Both WNDAP6x0 have
a MAX3232 transceivers, hence no need for any separate
CMOS/TTL level shifters.
External Antenna:
The antennae mux is controlled by GPIO 11 and GPIO14. Valid Configurations:
= Config# = | = GPIO 11 = | = GPIO 14 = | ===== Description =====
1. | 1 / High | 0 / Low | Use the internal antennae (default)
2. | 0 / Low | 1 / High | Use the external antennae
The external antennaes are only meant for the 2.4 GHz band.
One-way Flashing instructions via u-boot:
0. connect the serial cable to the RJ45 Console Port
Note: This requires a poper RS232 and not a TTL/USB adaptor.
1. power up the AP and interrupt the u-boot process at
'Hit any key to stop autoboot'
2. setup serverip and ipaddr env settings
Enter the following commands into the u-boot shell
# setenv ipaddr 192.168.1.1
# setenv serverip 192.168.1.10
3. download the factory.img image to the AP
Enter the following commands into the u-boot shell
# tftp ${kernel_addr_r} openwrt-apm821xx-nand-netgear_wndap660-squashfs-factory.img
4. verfiy image integrity
Enter the following commands into the u-boot shell
# crc32 $fileaddr $filesize
If the calculated crc32 checksum does not match, go back to step 3.
5. flash the image
Enter the following commands into the u-boot shell
# nand erase 0x110000 0x1bd0000
# nand write ${kernel_addr_r} 0x110000 ${filesize}
6. setup uboot environment
Enter the following commands into the u-boot shell
# setenv bootargs
# setenv fileaddr
# setenv filesize
# setenv addroot 'setenv bootargs ${bootargs} root=/dev/ubiblock0_0'
# setenv owrt_boot 'nboot ${kernel_addr_r} nand0 0x110000; run addroot; run addtty; bootm ${kernel_addr_r}'
# setenv bootcmd 'run owrt_boot'
# saveenv
7. boot
# run bootcmd
Booting initramfs instructions via u-boot:
Follow steps 0 - 2 from above.
3. boot initramfs
Enter the following commands into the u-boot shell
# tftp ${kernel_addr_r} openwrt-apm821xx-nand-netgear_wndap660-initramfs-kernel.bin
# run addtty
# bootm ${kernel_addr_r}
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds u-boot environment access to the MX60(W) target.
"The environment size is one NAND block (128KiB on Buckminster).
We allocate four NAND blocks to deal with bad blocks which may
exist in the saved environment"
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
All apm821xx devices use u-boot and most of them have
an accessible u-boot environment. This patch adds the
necessary template file, but does not add the
uboot-envtools package to any of the targets.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
If I create following image:
define Device/engenius-m36
IMAGE/sysupgrade.bin := combined-image | append-metadata
endef
Sysupgrade then errors out:
Invalid image. Contents do not match checksum (image:cd285595eaf297370404ae0e2815ec1a calculated:2cf9a2286fb6b01af3ea189128017d44)
Image check 'platform_check_image' failed.
By removing the metadata from the image I get combined-image checksum
working again and sysupgrade works.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
It is not necessary to have iucode-tool present on target system to have
functional intel-microcode package. The build time dependency is kept.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
e520469b Update manual pages
54067256 Bump up version number to 1.35.0
c4d2eeee Update AUTHORS
f51e696e asio: Add stop() to listen_and_serve doc
a433b132 Merge pull request #1260 from nghttp2/h2load-non-final-response
cf48a56d Merge pull request #1238 from jktjkt/cmake-fix-libevent-detection
6cad1b24 nghttpx: Write mruby send_info early
3c393dca nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend
17292445 h2load: Handle HTTP/1 non-final response
f6644a92 make clang-format
48998f72 Merge pull request #1222 from donny-dont/fix/declspec
15ff52f9 Update README
6c03bb14 Upgrade travis toolchain
524b4392 Fix travis build failure
859bf2bc Update manual pages
b5619fb1 h2load: Clarify that time for connect includes TLS handshake
dcbe0c69 nghttpx: Simplify move ctor and operator
2996c284 nghttpx: Cleanup
42e8ceb6 nghttpx: Convert API status code to enum class
1daf9ce8 nghttpx: Convert WorkerEventType to enum class
d68edf56 nghttpx: Convert MemcachedStatusCode to enum class
0c4e9fef nghttpx: Convert memcached op to enum class
571404c6 nghttpx: Convert MemcachedParseState to enum class
4d562b77 nghttpx: Convert LogFragmentType to enum class
e6225871 nghttpx: Convert connection check status to enum class
4bd075de nghttpx: Convert Http2Session state to enum class
b46a3249 nghttpx: Convert FreelistZone to enum class
4bd44b9c nghttpx: Convert dispatch state to enum class
1b42110d nghttpx: Make Downstream state enum class
0735ec55 nghttpx: Convert shrpx_connect_proto to enum class
00554779 nghttpx: Convert DNSResolverStatus to enum class
0963f389 nghttpx: Convert SerialEventType to enum class
1abfa3ca nghttpx: Make TLS handshake state enum class
f2159bc2 nghttpx: Convert UpstreamAltMode to enum class
b0eb68ee nghttpx: Convert shrpx_forwarded_node_type to enum class
e7b7b037 nghttpx: Convert shrpx_cookie_secure to enum class
5e4f434f nghttpx: Convert shrpx_session_affinity to enum class
20ea964f nghttpx: Convert shrpx_proto to enum class
d105619b src: Remove extra braces if possible
ec5729b1 Use std::make_unique
6c919695 Use C++14
46576178 Don't send Transfer-Encoding to pre-HTTP/1.1 clients
5e925f87 Update doc
153531d4 nghttpx: Use the same type as standard stream operator<<
f7287df0 Bump up version number to 1.35.0-DEV
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2cc4b99 file: use global exec timeout instead of own hardcoded limit
ecd1660 exec: increase maximum execution time to 120s
Also expose the socket and timeout options in /etc/config/rpcd for
easier use.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When restart is run on an init script, the script traps SIGTERM. This is
done as a workaround for scripts named the same name as the program they
start. In that case, the init script process will have the same name as
the program process, and so when the init script runs killall, it will
kill itself. So SIGTERM is trapped to make the init script unkillable.
However, the trap is retained when the init script runs start, and thus
processes started by restart will not respond to SIGTERM, and will thus
be unkillable unless you use SIGKILL. This fixes that by removing the
trap before running start.
Signed-off-by: Linus Kardell <linus@telliq.com>
4734108 mt7603: use mt7603_wtbl_clear on station removal
9428e34 mt7603: fix watchdog reset sequence
b3f82a3 mt7603: report PSE reset failures via debugfs
a301dec mt7603: add back PSE client reset code
94cebfc mt7603: fix handling lost interrupt events during watchdog reset
b38fe7d mt7603: only issue PSE reset on PSE stuck
da666a7 mt7603: issue PSE reset if firmware debug register indicates stuck queues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* chacha20,poly1305: fix up for win64
* poly1305: only export neon symbols when in use
* poly1305: cleanup leftover debugging changes
* crypto: resolve target prefix on buggy kernels
* chacha20,poly1305: don't do compiler testing in generator and remove xor helper
* crypto: better path resolution and more specific generated .S
* poly1305: make frame pointers for auxiliary calls
* chacha20,poly1305: do not use xlate
This should fix up the various build errors, warnings, and insertion errors
introduced by the previous snapshot, where we added some significant
refactoring. In short, we're trying to port to using Andy Polyakov's original
perlasm files, and this means quite a lot of work to re-do that had stableized
in our old .S.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
4b83102 treewide: switch to C-code style comments
70506bf treewide: make some functions static
d9872db interface: fix removal of dynamic interfaces
2f7ef7d interface: rework code to get rid of interface_set_dynamic
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
009ab91 mt76: clean up more unused EXPORT_SYMBOLs
963768d mt76x02: fix regression in tx station race condition fix
d7788cc mt76: mt76x02: make group_wcid the first member in struct mt76x02_vif
e65ad4c mt7603: make group_wcid the first member in struct mt7603_vif
7b1373e mt76: mt76x02: remove mt76x02_txq_init
a97127b mt76: replace sta_add/remove ops with common sta_state function
13f1e82 mt7603: clear wtbl entry for removed stations
90e2c1b mt7603: add mt7603_wtbl_set_skip_tx, change mt7603_wtbl_set_ps users
41931e4 mt7603: toggle skip_tx on station add/remove
d0fdf01 mt7603: avoid unnecessary wtbl writes for ps-filter
Signed-off-by: Felix Fietkau <nbd@nbd.name>
* Zinc no longer ships generated assembly code. Rather, we now
bundle in the original perlasm generator for it. The primary purpose
of this snapshot is to get testing of this.
* Clarify the peer removal logic and make lifetimes more precise.
* Use READ_ONCE for is_valid and is_dead.
* No need to use atomic when the recounter is mutex protected.
* Fix up macros and annotations in allowedips.
* Increment drop counter when staged packets are dropped.
* Use static constants instead of enums for 64-bit values in selftest.
* Mark large constants as ULL in poly1305-donna64.
* Fix sparse warnings in allowedips debugging code.
* Do not use wg_peer_get_maybe_zero in timer callbacks, since we now can
carefully control the lifetime of these functions and ensure they never
execute after dropping the last reference.
* Cleanup hashing in ratelimiter.
* Do not guard timer removals, since del_timer is always okay.
* We now check for PM_AUTOSLEEP, which makes the clear*on-suspend decision a
bit more general.
* Set csum_level to ~0, since the poly1305 authenticator certainly means
that no data was modified in transit.
* Use CHECKSUM_PARTIAL check for skb_checksum_help instead of
skb_checksum_setup check.
* wg.8: specify that wg(8) shows runtime info too
* wg.8: AllowedIPs isn't actually required
* keygen-html: add missing glue macro
* wg-quick: android: do not choke on empty allowed-ips
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
SSIDs may contain UTF8 characters but ideally hostapd should be told
this is the case so it can advertise the fact. Default enable this
option.
add uci option utf8_ssid '0'/'1' for disable/enable e.g.
config wifi-iface
option utf8_ssid '0'
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Use Gentoo and FreeBSDs distfile caches as mirrors because
main site/domain is abandoned.
Source: https://lwn.net/Articles/762264/
Fixes FS#1913
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This patch reverts commit 2dc1f54b12 as it
breaks the build for me on x86-64 if I've IPV6 support disabled. Same config
builds fine on `openwrt-18.06` branch at 55d078b2.
$ grep IPV6 .config
# CONFIG_KERNEL_IPV6 is not set
# CONFIG_IPV6 is not set
Build errors out on:
Package libiptc is missing dependencies for the following libraries:
libip6tc.so.0
Looking at iptables-1.6.2/libiptc/Makefile.am:
libiptc_la_LIBADD = libip4tc.la libip6tc.la
and to iptables-1.6.2/libiptc/libiptc.pc.in:
Requires: libip4tc libip6tc
It seems that libiptc needs v4/v6 libs, so v6 isn't optional.
Cc: Rosy Song <rosysong@rosinson.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
8a1ad80 Release version 4.19.
ecdf295 ethtool: Fix uninitialized variable use at qsfp dump
98c148e ethtool: better syntax for combinations of FEC modes
d4b9f3f ethtool: support combinations of FEC modes
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Update to the latest version of iproute2; see https://lwn.net/Articles/769354/
for a full overview of the changes in 4.19.
Remove 190-add-cake-to-tc patch as CAKE qdisc is now supported in 4.19.0
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
172f081 mt76x0: do not overwrite other MT_BBP(AGC, 8) fields
2ae2046 mt76x0: phy: use mt76_poll_msec in mt76x0_phy_temp_sensor
add66a0 mt76x0: init: use mt76x02_mac_shared_key_setup in mt76x0_init_hardware
1f24db9 mt76x2: move wcid_tx_rate conf at bootstrap
097b2bd mt76x0: init: use mt76x02_mac_wcid_setup for wcid configuration
d0eb03e mt76x2u: init: remove not useful configuration
c7aa8f4 mt76x2u: init: use common routines for wcid/key initialization
bd568d9 mt76: move mt76x02_eeprom_copy in mt76x02-lib module
57b441d mt76x0: phy: introduce tssi calibration support
a78802c mt76x0: phy: use tssi reported value to configure tx power if available
94ad030 mt76: remove mcu_msg_alloc
15cb426 mt76: remove wait argument from mt76x02_mcu_function_select
cd76a83 mt76: remove wait argument from mt76x02_mcu_set_radio_state
9b97e0f mt76x02: run calibration after scanning
663b197 mt76x02: assure we update gain after scan
eb53745 mt76x0: dfs: fix IBI_R11 configuration on non-radar channels
ef06c30 mt76: avoid queue/status spinlocks while passing tx status to mac80211
5195257 mt7603: fix maximum rx frame size
01815e9 mt7603: use mutex from struct mt76_dev
3c8e8a7 mt7603: use irq_lock/irqmask from struct mt76_dev
8b7f50d mt76: add size check for additional rx fragments
87bad3a mt7603: stop MAC on watchdog reset
c34baab mt7603: add missing unlock in case changing the channel fails
ac6fc78 mt7603: add debugfs file to trigger watchdog resets
d9b5324 mt7603: add SPDX license identifiers
498d716 mt7603: fix checkpatch issues
a1afefd mt7603: fix handling of fixed rate packets
5ee0523 mt7603: fix tx status rate reporting for fixed-rate packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Currently, dynack was only tested upstream using AP/STA mode.
Testing it on IBSS, showed that late-ack detection was broken.
This is caused due to dynack using Association Request/Response
frames for late-ack detection, which IBSS does not use.
Also allowing Authentication frames here solves this.
A second issue also got fixed, which was also seen AP/STA mode:
When a station was added, the estimated value would be exponentially averaged
using 0 as a starting point.
This means that on larger distances, the ack timeout was still not high
enough before synchronizing would run out of late-ack's for estimation.
Fix this by using the initial estimated value as a baseline
and only start averaging in the following estimation rounds.
Test setup:
- 2x identical devices: RB912UAG-5HPnD + 19dB sector
- IBSS
- 2x2 802.11an (ar9340), HT20, long GI
- RSSI's -70 / -71
- Real distance: 23910 meter
Results (60s iperf runs):
Fixed coverage class 54 (up to 24300m):
* 21.5 Mbits/sec
Dynack:
* 28.9 Mbits/sec
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Add configure argument --disable-ipv6 when ipv6 is deselected.
Add fix-non-ipv6-builds.patch as long there is no new upstream
release.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
When bumping Curl to 7.62.0 in commit 278e4eba09 I did not include the fixed
CVEs in the commit message; this commit fixes this.
The following CVEs were fixed in 7.62.0 :
CVE-2018-16839
CVE-2018-16840
CVE-2018-16842
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The BDFs for all boards were upstreamed to the ath10k-firmware
repository and linux-firmware.git.
We switched to the upstream board-2.bin, hence the files can be removed
here.
Keep the ipq-wifi package in case new boards are added. It might take
some time till board-2.bins send upstream are merged.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates the board-2.bin for the default
IPQ4019, QCA9984 and QCA9888 ath10k-firmware-xyz-ct
and -ct-htt firmwares.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Also update the U-Boot BSP patch for I2SE Duckbill devices
and remove upstreamed patch for LibreSSL support.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Some package (e.g. libunbound) depend on OPENSSL_WITH_DEPRECATED. In some
situations it may happen that libunbound and openssl are only pulled in as
build dependencies, but are not enabled in .config.
In such cases, the defaults of symbols like OPENSSL_WITH_DEPRECATED are
ignored (as the whole symbol depends on PACKAGE_libopenssl), and config
symbol dependencies of libunbound aren't effective either (as libunbound
is not actually enabled).
This commit works around the issue by introducing a hidden negated symbol
OPENSSL_NO_DEPRECATED, which is always disabled when PACKAGE_libopenssl is
disabled, and ensures that OpenSSL is built with deprecated APIs in this
case. A user can still manage to break the build by explicitly enabling
libopenssl and disabling OPENSSL_WITH_DEPRECATED; the interaction between
build dependencies and config symbols will require further discussion.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Install following as config files (600) perms instead of as data (644)
/usr/share/dnsmasq/dhcpbogushostname.conf
/usr/share/dnsmasq/trust-anchors.conf
/usr/share/dnsmasq/rfc6761.conf
/etc/hotplug.d/ntp/25-dnsmasqsec
/etc/config/dhcp
/etc/dnsmasq.conf
dnsmasq reads relevant config files before dropping root privilege and
running as dnsmasq:dnsmasq
ntpd runs as root so the hotplug script is still accessible
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
USB support doesn't necessarily mean that there's
PCI support available so move that to the drivers
which requires PCI support. This applies to the
sunxi platform for instance.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix mt76x0e]
0b8b15f mt7603: use common mmio mcu struct
d612e2e mt76: mt76x02: skip station tx status for non-sta wcid entries
d89d84b mt76: mt76x02: only override control->sta on sw-encrypted tx
9d59d2a mt76: add support for reporting tx status with skb
ed17ba2 mt7603: use common tx status handling code
14b6c59 mt76x0: use band parameter for LC calibration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Upgrade 88W8997 firmware to 8.4.0.52.
Removed unnecessary firmware settings.
Added vendor events.
Fixed crash problem when module is removed.
Modified the code to protect tx queues.
Signed-off-by: Jonathan Lancett <j.lancett@ntlworld.com>
[tidy commit message]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Add the most recent supported firmware file for the Intel 9000 and
9260 wireless chips. The API version 41 is not yet supported by the driver.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>