* wg-quick: linux: suppress error when finding unused table
This fixes a spurious warning messages seen with recent versions of iproute2
and kernels.
* wg-quick: linux: ensure postdown hooks execute
* wg-quick: linux: have remove_iptables return true
* wg-quick: linux: iptables-* -w is not widely supported
Adding in iptables had some hiccups. For the record, I'm very unhappy about
having to put any firewalling code into wg-quick(8). We'll of course need to
support nftables too at some point if this continues. I'm investigating with
upstream the possibility of adding a sysctl to patch the issue that iptables
is handling now, so hopefully at somepoint down the line we'll be able to shed
this dependency once again.
* send: use kfree_skb_list
* device: prepare skb_list_walk_safe for upstreaming
* send: avoid touching skb->{next,prev} directly
Suggestions from LKML.
* ipc: make sure userspace communication frees wgdevice
Free things properly on error paths.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
IPv6 protocol is enabled on all gre interfaces, but gre(v6)tap
interfaces are usually added to a bridge interface, in which case
IPv6 should be enabled only on the bridge interface.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
The Owl Loader (named after the codename that Atheros gave
these devices back in the day) has been accepted upstream.
This patch removes the "misc" driver OpenWrt had and adds
the remaining differences against the version that ships
with 5.4-rc1 into a separate "120-owl-loader-compat.patch"
file that can be cut down once AR71XX is being dealt with.
Note: I decided to keep the existing (kmod-)owl-loader
package name around for now. The kernel module file in
the kmod package will be called ath9k_pci_owl_loader.ko
though.
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This reverts commit 8176431963 ("mt76: probe load mt7615 driver
asynchronously"). After said commit, users report that MT7615 no longer
works on boot and they have to manually enable WiFi (via command "wifi") to
make it working again.
Fixes: FS#2546
Ref: https://forum.openwrt.org/t/xiaomi-r3p-no-wifi-on-boot/45509
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This also fixes mac80211_prepare_vif iw set channel in monitor or
mesh mode.
Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: fixed commit message]
e4bd927 cast ucert_argv to proper type when passing to execv
Fixes warnings:
warning: passing argument 2 of 'execv' from incompatible pointer type
[-Wincompatible-pointer-types]
254 | execv(usign_argv[0], usign_argv)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* messages: recalculate rekey max based on a one minute flood
* allowedips: safely dereference rcu roots
* socket: remove redundant check of new4
* allowedips: avoid double lock in selftest error case
* tools: add syncconf command
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
07413cce72e1 tests: jshn: add more test cases
26586dae43a8 jshn: fix missing usage for -p and -o arguments
8e832a771d3a jshn: fix off by one in jshn_parse_file
cb698e35409b jshn: jshn_parse: fix leaks of memory pointed to by 'obj'
c42f11cc7c0f jshn: main: fix leak of memory pointed to by 'vars'
93848ec96dc5 jshn: refactor main into smaller pieces
9b6ede0e5312 avl: guard against theoretical null pointer dereference
c008294a8323 blobmsg_json: fix possible uninitialized struct member
0003ea9c45cc base64: fix possible null pointer dereference
8baeeea1f52d add assert.h component
b0a5cd8a28bf add cram based unit tests
1fefb7c4d7f9 add initial GitLab CI support
c955464d7a9b enable extra compiler checks
6228df9de91d iron out all extra compiler warnings
Signed-off-by: Petr Štetiar <ynezz@true.cz>
41060943 Bump up version number to 1.40.0, LT revision to 33:0:19
5ae9bb89 Fail fast if huffman decoding context is in failure state
bb519154 Merge pull request #1413 from nghttp2/check-authority
77f5487a Add nghttp2_check_authority as public API
db9a8f6e Merge pull request #1409 from nghttp2/fix-wrong-stream-close-error-code
6f28a69b Merge pull request #1411 from richard78917/fix_warning
6ce4835e Fix the bug that stream is closed with wrong error code
29042f1c priority_spec::valid(): remove const qualifier from return value
d08c4395 Merge pull request #1405 from nghttp2/huffman
5d6964cf Faster huffman decoding
0d855bfc Faster huffman encoding
6f967c6e Fix errors reported by coverity scan
b8a43db8 Merge pull request #1394 from wrowe/fix-static-libname
70b62c1a Merge pull request #1393 from wrowe/fix-static-msvcrt
28b1f0b9 Avoid filename collision of static and dynamic lib
1dd966f1 Merge branch 'fix-nghttpx-mruby'
fe8946dd nghttpx: Fix bug that mruby is incorrectly shared between backends
72b71a6b Add new flag ENABLE_STATIC_CRT for Windows
f8933fe5 nghttpx: Reconnect h1 backend if it lost connection before sending headers
89c33d69 Update neverbleed
7079dc5e Update neverbleed to fix memory leak
5080db84 Revert "nghttpx: Reconnect h1 backend if it lost connection before sending headers"
053c7ac5 nghttpx: Returns 408 if backend timed out before sending headers
8a59ce6d nghttpx: Reconnect h1 backend if it lost connection before sending headers
f2fde180 Remove redundant null check before delete
95efb3e1 Don't read too greedily
0a6ce87c Add nghttp2_option_set_max_outbound_ack
2aa79fa9 Bump up LT revision to 32:0:18
3980678d Merge branch 'nghttpx-fix-request-stall'
319d5ab1 nghttpx: Fix request stall
448bbbc3 integration-tests: gofmt
e575a2aa Merge pull request #1377 from Aldrog/cmake_systemd
4f7aedc9 cmake: Support building nghttpx with systemd
7a590893 Fix clang-8 warning
ee443134 Fix FPE with default backend
abef9b90 Fix log-level is not set with cmd-line or configuration file
12a999f0 Bump up version number to 1.40.0-DEV
acfb3607 Update manual pages
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
netifd does not handle network.@device[x].name properly if it
contains multiple ifaces separated by spaces. Due to this, board.d
lan_mac setup does not work if multiple ifaces are set to LAN by
ucidef_set_interface_lan.
To fix this, create a device node for each member iface when
running config_generate instead. Those are named based on the
member ifname:
ucidef_set_interface_lan "eth0 eth1.1"
ucidef_set_interface_macaddr "lan" "yy:yy:yy:yy:yy:01"
will return
config device 'lan_eth0_dev'
option name 'eth0'
option macaddr 'yy:yy:yy:yy:yy:01'
config device 'lan_eth1_1_dev'
option name 'eth1.1'
option macaddr 'yy:yy:yy:yy:yy:01'
ref: https://github.com/openwrt/openwrt/pull/2542
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[always use new scheme, extend description, change commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Commit b3d8b3a introduced a new test:
[ -n "$noscan" -a "$noscan" -gt 0 ] && hostapd_noscan=1
But if length of "$noscan" is zero (noscan is not set) this doesn't stop
the shell to evaluate the rest of the test.
root@hank2:~# [ -n "$noscan" -a "$noscan" -gt 0 ]
ash: out of range
root@hank2:~#
So when radios are brought up this shows in the log:
Sat Nov 23 10:51:38 2019 daemon.info procd: - init complete -
Sat Nov 23 10:52:24 2019 daemon.notice netifd: radio1 (1243): sh: out of range
Sat Nov 23 10:52:25 2019 user.notice firewall: Reloading firewall due to ifup of wan (eth0.2)
Sat Nov 23 10:52:25 2019 daemon.notice netifd: radio0 (1242): sh: out of range
Sat Nov 23 10:52:26 2019 authpriv.info dropbear[1536]: Not backgrounding
This commit sets noscan to 0 if unset and removes the gratuitous length
check, preventing the warning.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
dnsmasq v2.80 made 'dnssec-check-unsigned' the default, thus the uci
option was rendered ineffectual: we checked unsigned zones no matter the
setting.
Disabling the checking of unsigned zones is now achieve with the
"--dnssec-check-unsigned=no" dnsmasq option.
Update init script to pass required option in the disabled case.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
This updates mac80211 to backports based on kernel 5.4-rc8.
The deleted patches were applied upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
8174814 utils: persist effective extra_src and extra_dest options in state file
72a486f zones: fix emitting match rules for zones with only "extra" options
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This backports a patch to build it work with python2 in addition to
python3.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
* add u-boot support for uDPU
* add line to copy u-boot binary to STAGING_DIR_IMAGE, this can later be used
as BL33 variable required for ATF build
* add patch to increase max gunzip size in mvebu_armada-37xx.h which is
required for booting the itb recovery images
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
ATF mvebu is required for building a functional bootloader for A7K/A8K and
A37xx platforms. uDPU device is added as the first target.
A3700 platform has a wide range of settings which can be used per device, so
options are defined under the Device sections.
Platform also required WTP (recovery) tools and mv-ddr package for the DDR
topology configuration. 32-bit cross compiler is used for building the WTMI
image.
After the build, flash-image.bin can be used with the bubt command from the
u-boot shell to flash the new version of u-boot.
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
Change dhcp no/release on shutdown to 'norelease' uci option to match
existing proto dhcpv6 usage.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
All patches have been dropped, they're either redundant (e.g. due to the
new and unset CONFIG_SPL_FAT_WRITE), break compilation (thumb hacks) or
have been applied upstream.
The defconfig for am335x_boneblack has been removed upstream [0], so use
am335x_evm for boneblack too.
Size changes (before, after, file):
ti_am335x-evm and ti_am335x-bone-black:
79804 110832 MLO
623836 756148 u-boot.img
ti_omap3-beagle:
54148 57708 MLO
496272 665728 u-boot.img
ti_omap4-panda:
39356 40204 MLO
284648 366672 u-boot.img
Tested on boneblack, which has the biggest spl size increase. The beagle and
panda spl sizes seem reasonable to not break booting.
[0] 8fa7f65dd0
Signed-off-by: Andre Heider <a.heider@gmail.com>
This potentially fixes some issues seen on IBSS
when interfaces go out of range and then re-appear.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The skb_get_hash_perturb() function now takes a siphash_key_t instead of
an u32. This was changed in commit 55667441c84f ("net/flow_dissector:
switch to siphash"). Use the correct type in the fq header file
depending on the kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Keep existing wdev when creating new nl80211 interfaces if phy and
type match, delete it otherwise.
To make this work, also remove left-over debugging function which
prevented the return-value of the 'iw' command to be taken into
account in mac80211_iw_interface_add().
As 4addr-mode (WDS) was setup during interface creation for station
interfaces, also set it after interface creation to make sure an
existing sta interface ends up with the right mode.
Fixes: a5bc9787d4 ("mac80211: add support for dynamically
reconfiguring wifi")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
8dd50da20de0 lua: fix error handling
a2cab3b088a2 ucimap: fix possible use of memory after it is freed
9cf978bc7964 delta: prevent possible null pointer use
7736f497d2d9 cli: remove unused variable assigment
39093f3b040d lua: fix memory leak in set method
19ceff323f1e lua: fix memory leak in changes method
18049a84fe40 tests: add cram based unit tests
2b549cc050de lua: fix copy&paste in error string
f5dd5217d627 cli: fix realloc issue spotted by cppcheck
af59f86a0db9 iron out all extra compiler warnings
1637d2918692 tests: shunit2: run all tests under Valgrind by default
c1af73bfb023 cmake: enable extra compiler checks
be69504e3666 cmake: build Lua module only if enabled
38a2f12ec5ab tests: shunit2: fix issues reported by shellcheck
266fc9e94c1e add initial GitLab CI support
17d6144a49c6 tests: shunit2: make it working under CMake
a6e8bbefd860 cmake: add unit testing option and shunit2 tests
0ca93fec701a test: move shunit2 tests under standalone subdirectory
Signed-off-by: Petr Štetiar <ynezz@true.cz>
0219008cc876 remove never used err variable assignment disliked by scan-build
7ce813fcd667 silence use after the free clang analyzer warning
1f73b6a8e678 use offsetof macro to make scan-build happy
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Commit ed5b9129d7 ("base-files: implement generic service_running")
has added EXTRA_HELP variable, thus overriding already available
EXTRA_HELP text available in other init scripts, resulting in the
missing help text from services like dropbear for example.
So fix this regression by appending EXTRA_HELP text provided by the
other init scripts into the one provided by the script itself.
Fixes: ed5b9129d7 ("base-files: implement generic service_running")
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
[commit title/description facelift, fixes tag, fixed From:, pkg bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
AutoLoad parameter must match the exact kernel module name. Fix it.
Fixes: 125f1ce9ad ("kernel: video: add DRM core and IMX DRM support for HDMI/LVDS")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
Changes introduced for dynamic wifi reconfiguration left behind
unmanaged interface types. Restore parts of the old function to
also clean (unencrypted, non-DFS) mesh and ad-hoc interfaces.
Fixes: a5bc9787d4 ("mac80211: add support for dynamically
reconfiguring wifi")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The GL.iNet GL-AR750S has been supported by the ar71xx and ath79
platforms with access to its 16 MB NOR flash, but not its 128 MB
SPI NAND flash.
This commit provides support for the NAND through the upstream
SPI-NAND framework.
At this time, the OEM U-Boot appears to only support loading the
kernel from NOR. This configuration is preserved as this time,
with the glinet,gl-ar750s-nand name reserved for a potential,
future, NAND-only boot.
The family of GL-AR750S devices on the ath79 platform now includes:
* glinet,gl-ar750m-nor-nand "nand" target
* glinet,gl-ar750m-nor "nand" target (NAND-aware)
NB: This commit increases the kernel size from 2 MB to 4 MB
"Force-less" sysupgrade is presently supported from the current
versions of following NOR-based firmwre images to the version of
glinet,gl-ar750s-nor firmware produced by this commit:
* glinet,gl-ar750s -- OpenWrt 19.07 ar71xx
* glinet,gl-ar750s -- OpenWrt 19.07 ath79
Users who have sucessfully upgraded to glinet,gl-ar750m-nor may then
flash glinet,gl-ar750m-nor-nand with sysupgrade to transtion to the
NAND-based variant.
Other upgrades to these images, including directly to the NAND-based
glinet,gl-ar750s-nor-nand firmware, can be accomplished through U-Boot.
NB: See "ath79: restrict GL-AR750S kernel build-size to 2 MB" which
enables flashing of NAND factory.img with the current GL-iNet U-Boot,
"U-Boot 1.1.4-gcf378d80-dirty (Aug 16 2018 - 07:51:15)"
The GL-AR750S OEM U-Boot allows upload and flashing of either NOR
firmware (sysupgrade.bin) or NAND firmware (factory.img) through its
HTTP-based GUI. Serial connectivity is not required.
The glinet,gl-ar750s-nor and glinet,gl-ar750s-nor-nand images
generated after this commit flash each other directly.
This commit changes the control of the USB VBUS to gpio-hog from
regulator-fixed introduced by commit 0f6b944c92. This reduces the
compressed kernel size by ~14 kB, with no apparent loss of
functionality. No other ath79-nand boards are using regulator-fixed
at this time.
Note: mtd_get_mac_binary art 0x5006 does not return the proper MAC
and the GL.iNet source indicates that only the 0x0 offset is valid
The ar71xx targets are unmodified.
Cc: Alexander Wördekemper <alexwoerde@web.de>
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
The GL.iNet GL-AR300M series of devices includes variants without NAND
and only the 16 MB NOR flash. These include the GL-AR300M16 and the
GL-AR300M-Lite (already with its own board name).
This board-name addition provides disambiguation from the NAND-bearing
GL-AR300M devices, both for OpenWrt code and for end users.
Kernel and firmware support for NAND and UBI will add ~320 kB to the
overall firmware size at this time. This NOR-only option continues to
provide more compact firmware for both the GL-AR300M16 as well as
those who wish to use it as an alternate or primary, NOR-resident
firmware on the GL-AR300M.
The ar71xx targets are unmodified.
Installation
------------
Install through OEM U-Boot (HTTP-based) or `sysupgrade --force` when
booted from NOR and running OEM or OpenWrt, NOR-based firmware.
As one of the intentions is disambiguation from NAND-bearing units,
users who have flashed this firmware onto a device with NAND would
need to use U-Boot or `sysupgrade --force` to flash firmware that
again supports NAND.
There are no additional SUPPORTED_DEVICES as it is not possible to
determine if a device does or does not have NAND based on
either the OEM's or OpenWrt's board names prior to this patch.
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Discovered recent changes had broken sysupgrade for ar71xx mikrotik
rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh after
switching to tmpfs.
Signed-off-by: Russell Senior <russell@personaltelco.net>
uci-defaults are sourced and non-executable, so they do not require
a shebang.
While at it, apply consistent naming scheme.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Now that netifd and hostapd allow dynamic reconfiguration, add a
command to trigger it.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Change scripts to use ubus interface of hostapd/wpa_supplicant to
add/remove/modify wireless interfaces instead of (re-)starting the
services.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add ubus interface to hostapd and wpa_supplicant to allow dynamically
reloading wiface configuration without having to restart the hostapd
process.
As a consequence, both hostapd and wpa_supplicant are now started
persistently on boot for each wifi device in the system and then
receive ubus calls adding, modifying or removing interface
configuration.
At a later stage it would be desirable to reduce the services to one
single instance managing all radios.
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
7a723d0 wireless: add ubus method for reloading configuration
e15147c wireless: make reconf opt-in and allow serializing configuration
Set new option 'reconf' in 'wifi-device' section to enable dynamic
re-configuration on that radio.
If necessary, also set option 'serialize' which forced netifd to
configure interfaces of wireless devices one-by-one.
Both options are disabled by default.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Includes following changes:
9d9d4c284786 fix possible garbage in unitialized char* struct members
dbc1b1b71b24 fix possible copy of null buffer and validation of unitialized header
76d53deef8bb crc32: add missing stdint.h dependency
e5666ed3b47c add cram based unit tests
abe0cf7de053 add initial GitLab CI support
e43042507b4f iron out extra compiler warnings
5df0cd6e1523 convert into CMake project
a7dc0526f819 refactor into separate Git project
adds missing PKG_LICENSE field and converts the package build to utilize
CMake.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Instead of depending on kmod-usb2 make it depend on the normal USB
dependencies. This should hopefully fix some problems seen in the build
bot builds for powerpc_8540.
In addition also activate DRIVER_11N_SUPPORT support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
lib and includedir point to the host, not staging_dir.
Note that prefix and exec_prefix is overriden to point to staging_dir.
As CMAKE_INSTTALL is passed, switched InstallDev to use cmake.mk's rule.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
includedir and libdir are set to /usr/include and /usr/lib . This breaks
compilation with packages such as tmux that use pkgconfig to find libevent
Also added PKG_LICENSE_FILES.
Simplified the InstallDev section by using cmake.mk's default rule.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Forward the OpenWrt TARGET_LDFLAGS to the linker of the fw_printenv tool.
In addition also use the more standard make invocation script.
With this change the fw_printenv tool is built with PIE and Full RELRO
support when activated globally in OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Update busybox to 1.31.1
Small bug fix release. Fixes for dc, ash (PS1 expansion fix),
hush, dpkg-deb, telnet and wget.
No need to refresh patches or config.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Now that 'start-console' procd command has reached the main repo,
we can add a rule to start consoles on serial devices which are
created when USB gadget driver reports creation with hotplugging.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Also update the U-Boot BSP patch for I2SE Duckbill devices.
Run tested on I2SE Duckbill and Olimex OLinuXino Maxi boards.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
This decreases the size of the usign application by 16% on MIPS BE.
old:
24,597 /usr/bin/usign
new:
20,501 /usr/bin/usign
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This decreases the size of the swconfig application by 25% on MIPS BE.
old:
16,916 /sbin/swconfig
new:
12,565 /sbin/swconfig
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This decreases the size of the mtd application by 25% on MIPS BE.
old:
20,597 /sbin/mtd
new:
16,421 /sbin/mtd
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This decreases the binary size when PIE ASLR is activated by 8% on MIPS BE.
old:
202,020 /usr/sbin/dnsmasq
new:
185,676 /usr/sbin/dnsmasq
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Commit ad7c6102f2 ("busybox: fix missing install with suid bit set if
FEATURE_SUID=y") actually fixes BUSYBOX_CONFIG_FEATURE_SUID option and
thus would install busybox setuid root by default which would result in
possibly unwanted change of current behaviour, so let's disable this
option by default in order to preserve the current status-quo.
For the record: disabling FEATURE_SUID to preserve the status-quo does
*not* imply the current status-quo is "safer", or for that matter, in
any way desireable. That is a discussion to be had on the mailing
lists.
Switching the FEATURE_SUID default to "n" is simply a compromise to
facilitate the merge of the changes that unbreak FEATURE_SUID.
Ref: PR#2502
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
[commit title/description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
With FEATURE_SUID=y one can install busybox binary belonging to root
with the suid bit set, enabling some applets to perform root-level
operations even when run by ordinary users. Busybox then drops
privileges for applets that don't need root access, before entering
their main() function.
Currently we don't install busybox binary with suid bit set, rendering
this feature unusable.
Note that we can't just "chmod u+s /bin/busybox" at runtime as a
"cheaper" solution: it would waste approximately 200KiB of FLASH (the
whole /bin/busybox binary gets copied into the overlay).
Ref: PR#2502
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
[commit title/description facelift, use INSTALL_SUID variable]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This reverts commit 6170c46b47.
There has been demand for further evaluation of the impact of a
changed hostname, so this is reverted for now. The default hostname
will be "OpenWrt" again after this commit.
The macaddr_geteui() function is not removed by this revert.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
If a label MAC address is provided for device, system
will rename the hostname with OpenWrt_{eui mac address}.
This helps to distinguish between different devices.
Since it's no good idea to nest json_* functions, this code does
not use get_mac_label directly, but only get_mac_label_dt as
external resource.
Signed-off-by: Rosy Song <rosysong@rosinson.com>
[merged with commit introducing macaddr_geteui, rebased on updated
label MAC address storage, extended commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
If set, label MAC address is available from one of two sources,
device tree or board.json. So far, the function get_mac_label
was meant for retrieving the address, while an option in uci
system config was specified only for case 2 (board.json).
The uci config option has several drawbacks:
- it is only used for a fraction of devices (those not in DT)
- label MAC address is a device property, while config implies
user interaction
- label_macaddr option will only be set if /etc/config/system
does not exist (i.e. only for new installations)
Thus, this patch changes the behavior of get_mac_label:
Instead of writing the value in board.json to uci system config
and reading from this location afterwards, get_mac_label now
extracts data from board.json directly. The uci config option
won't be used anymore.
In addition, two utility functions for extraction only from DT
or from board.json are introduced.
Since this is only changing the access to the label MAC address, it
won't interfere with the addresses stored in the code base so far.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This is needed to export crypto information to netfilter, allowing
the alt. afalg openssl engine to obtain information about the drivers
being used.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Many bugs were fixed--2 patches removed here.
This release of wolfSSL includes fixes for 5 security vulnerabilities,
including two CVEs with high/critical base scores:
- potential invalid read with TLS 1.3 PSK, including session tickets
- potential hang with ocspstaping2 (always enabled in openwrt)
- CVE-2019-15651: 1-byte overread when decoding certificate extensions
- CVE-2019-16748: 1-byte overread when checking certificate signatures
- DSA attack to recover DSA private keys
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Includes following changes:
0230d0698e59 add initial GitLab CI support
5e13b797a988 iron out all extra compiler warnings
802fbd4d6f39 cmake: enable extra compiler checks
050bb5c4431b convert into CMake project
5b350e42d1fd refactor into separate Git project
and converts the package build to utilize CMake.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The QCA953x only supports 25 MHz refclk, however some OEMs set an
invalid bootstrap value for the REF_CLK option, which would break the
clock detection in ath9k.
Force the QCA953x refclk to 25MHz in ath9k, as this is (according to the
datasheet) the only valid frequency.
Signed-off-by: David Bauer <mail@david-bauer.net>
The release notes since last time for wave-1:
* October 5, 2019: Fix too-short msg caused by invalid use of PayloadLen in receive path.
This appears to resolve the issue of getting (and ignoring) too-short commands
when we detect loss of CE interrupts and go into polling mode.
* October 12, 2019: Fix regression in IBSS mode that caused SWBA overrun issues. Related to
regression added during the ct-station logic, specifically TSF allocation.
Thanks for Ahmed Zaki @ Mage-Networks for helping to diagnose and test.
* October 15, 2019: Only send beacon tx completion events if we can detect CT driver is being
used (based on CT_STATS_OK flag being set). This should help CT firmware work
better on stock driver.
The release notes since last time for wave-2:
* October 15, 2019: Only send beacon tx completion events if we can detect CT driver is being
used (based on ATH10k_USE_TXCOMPL_TXRATE2 | ATH10k_USE_TXCOMPL_TXRATE1 flags being set).
This should help CT firmware work better on stock driver.
* October 31, 2019: Compile out peer-ratecode-list-event. ath10k driver ignores the event.
* November 1, 2019: Fix rate-ctrl related crash when nss and other things were changed while
station stays associated. See bug: https://github.com/greearb/ath10k-ct/issues/96
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect
Fixes: CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The device path will be the same for the first phy. For all subsequent
phys, the path gets an extra +1, +2, ...
Move the code for converting path to phy and vice versa to a separate
library script shared by config detection code and the netifd wireless
handler script
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This enables PMKSA and opportunistic key caching by default for
WPA2/WPA3-Personal, WPA3-Personal and OWE auth types.
Otherwise, Apple devices won't connect to the WPA3 network.
This should not degrade security, as there's no external authentication
provider.
Tested with OCEDO Koala and iPhone 7 (iOS 13.1).
Signed-off-by: David Bauer <mail@david-bauer.net>
https://patchwork.kernel.org/patch/11224189/
--
On 2019-10-28 06:07, wbob wrote:
> Hello Roman,
>
> while reading around drivers/net/wireless/ralink/rt2x00/rt2800lib.c
> I stumbled on what I think is an edit of yours made in error in march
> 2017:
>
> https://github.com/torvalds/linux/commit/41977e86#diff-dae5dc10da180f3b055809a48118e18aR5281
>
> RT6352 in line 5281 should not have been introduced as the "else if"
> below line 5291 can then not take effect for a RT6352 device. Another
> possibility is for line 5291 to be not for RT6352, but this seems
> very unlikely. Are you able to clarify still after this substantial time?
>
> 5277: static int rt2800_init_registers(struct rt2x00_dev *rt2x00dev)
> ...
> 5279: } else if (rt2x00_rt(rt2x00dev, RT5390) ||
> 5280: rt2x00_rt(rt2x00dev, RT5392) ||
> 5281: rt2x00_rt(rt2x00dev, RT6352)) {
> ...
> 5291: } else if (rt2x00_rt(rt2x00dev, RT6352)) {
> ...
Hence remove errornous line 5281 to make the driver actually
execute the correct initialization routine for MT7620 chips.
As it was requested by Stanislaw Gruszka remove setting values of
MIMO_PS_CFG and TX_PIN_CFG. MIMO_PS_CFG is responsible for MIMO
power-safe mode (which is disabled), hence we can drop setting it.
TX_PIN_CFG is set correctly in other functions, and as setting this
value breaks some devices, rather don't set it here during init, but
only modify it later on.
Fixes: 41977e86c984 ("rt2x00: add support for MT7620")
Reported-by: wbob <wbob@jify.de>
Reported-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
--
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
It contains a single change to vlist.h header file: "vlist: add more
macros for loop iteration". This is needed for newer version of fstools
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enables radio resource management to be reported by hostapd to clients.
Ref: https://github.com/lede-project/source/pull/1430
Co-developed-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
When ASLR_PIE was activated globally these drivers failed to build
because the user space LDFLAGS leaked into the kernel build process.
This was fixed in upstream Linux kernel commit ce99d0bf312d ("kbuild:
clear LDFLAGS in the top Makefile") which went into Linux 4.17. The
lantiq target is now on Linux 4.19 only and these exceptions are not
needed any more.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch adds ath79 support for Netgear WNR2200.
Router was previously supported by ar71xx target only (8 MiB variant).
Netgear WNR2200 has two flash versions - 8MiB sold in EU, US etc. and
16 MiB for Russia and China markets. Apart from flash size both variants
share the same hardware specification.
Specification
=============
* Description: Netgear WNR2200
* Loader: U-boot
* SOC: Atheros AR7241 (360 MHz)
* RAM: 64 MiB
* Flash: 8 MiB or 16 MiB (SPI NOR)
- U-boot binary: 256 KiB
- U-boot environment: 64 KiB
- Firmware: 7808 KiB or 16000 KiB
- ART: 64 KiB
* Ethernet: 4 x 10/100 LAN + 1 x 10/100 WAN
* Wireless: 2.4 GHz b/g/n (Atheros AR9287)
* USB: yes, 1 x USB 2.0
* Buttons:
- Reset
- WiFi (rfkill)
- WPS
* LEDs:
- Power (amber/green)
- WAN (amber/green)
- WLAN (blue)
- 4 x LAN (amber/green)
- WPS (green)
* UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
* Power supply: DC 12V 1.5A
* MAC addresses: LAN on case label, WAN +1, WLAN +2
Installation
============
* TFTP recovery
* TFTP via U-boot prompt
* sysupgrade
* Web interface
Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_generic=y
CONFIG_TARGET_ath79_generic_DEVICE_netgear_wnr2200-8m=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y
CONFIG_KERNEL_DEBUG_INFO=y
CONFIG_KERNEL_DEBUG_KERNEL=y
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>