Commit Graph

50203 Commits

Author SHA1 Message Date
John Audia
38bdff29aa kernel: bump 5.4 to 5.4.90
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.

Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
2021-01-19 15:39:36 +01:00
Hauke Mehrtens
e87c0d934c dnsmasq: Update to version 2.83
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
  Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
  overflow in sort_rrset() when DNSSEC is used. This can allow a remote
  attacker to write arbitrary data into target device's memory that can
  lead to memory corruption and other unexpected behaviors on the target
  device.
* CVE-2020-25682:
  Dnsmasq versions before 2.83 is susceptible to buffer overflow in
  extract_name() function due to missing length check, when DNSSEC is
  enabled. This can allow a remote attacker to cause memory corruption
  on the target device.
* CVE-2020-25683:
  Dnsmasq version before 2.83 is susceptible to a heap-based buffer
  overflow when DNSSEC is enabled. A remote attacker, who can create
  valid DNS replies, could use this flaw to cause an overflow in a heap-
  allocated memory. This flaw is caused by the lack of length checks in
  rtc1035.c:extract_name(), which could be abused to make the code
  execute memcpy() with a negative size in get_rdata() and cause a crash
  in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
  A lack of proper address/port check implemented in Dnsmasq version <
  2.83 reply_query function makes forging replies easier to an off-path
  attacker.
* CVE-2020-25685:
  A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
  versions before 2.83 reply_query function allows remote attackers to
  spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
  Multiple DNS query requests for the same resource name (RRNAME) by
  Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
  traffic, using a birthday attack (RFC 5452), that can lead to DNS
  cache poisoning.
* CVE-2020-25687:
  Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
  overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
  remote attacker, who can create valid DNS replies, could use this flaw
  to cause an overflow in a heap-allocated memory. This flaw is caused
  by the lack of length checks in rtc1035.c:extract_name(), which could
  be abused to make the code execute memcpy() with a negative size in
  sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
  Service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-19 13:01:03 +01:00
Hauke Mehrtens
20a7c9d5c9 uboot-at91: Add PKG_MIRROR_HASH to fix download
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-18 22:10:14 +01:00
Hauke Mehrtens
a141e7a00e at91bootstrap: Add PKG_MIRROR_HASH to fix download
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-01-18 22:10:03 +01:00
Paul Spooren
26d1e529f1 include: update logo with better kerning
Kerning seems to be very off-putting for some people so the logo
designer thankfully updated guidelines to something which is now
considered final.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-18 09:31:39 -10:00
David Bauer
99f50a7535 ath79: rename UniFi AC kernel1 partition
These devices do not run Ubiquiti AirOS. Rename the partition to the
name used by other UniFi devices with vendor dualboot support.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-01-18 17:33:00 +01:00
David Bauer
a8a17fd223 rockchip: use stable MAC-address for NanoPi R2S
The NanoPi R2S does not have a board specific MAC address written inside
e.g. an EEPROM, hence why it is randomly generated on first boot.

The issue with that however is the lack of a driver for the PRNG.
It often results to the same MAC address used on multiple boards by
default, as urngd is not active at this early stage resulting in low
available entropy.

There is however a semi-unique identifier available to us, which is the
CID of the used SD card. It is unique to each SD card, hence we can use
it to generate the MAC address used for LAN and WAN.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-01-18 17:32:52 +01:00
Rafał Miłecki
f559b89bd0 bcm63xx-cfe: enable package for bcm4908
bcm4908 target needs to include cferam images in firmware files too

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-01-18 07:39:09 +01:00
Rafał Miłecki
eaca08ab58 firmware-utils: bcm4908img: tool adding BCM4908 image tail
Flashing image with BCM4908 CFE bootloader requires specific firmware
format. It needs 20 extra bytes with magic numbers and CRC32 appended.

This tools allows appending such a tail to the specified image and also
verifying CRC32 of existing BCM4908 image.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-01-18 07:39:09 +01:00
Rosen Penev
f13b623f5e mbedtls: update to 2.16.9
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-18 00:49:14 +01:00
Hans Dedecker
e857b09767 netifd: fix IPv6 routing loop on point-to-point links
c00c833 interface-ip: add unreachable route if address is offlink
e71909c interface-ip: coding style fixes

Tested-by: Karl Vogel <karl.vogel@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-17 21:22:39 +01:00
Hans Dedecker
4301541351 odhcp6c: fix routing loop on point-to-point links
53f07e9 ra: fix routing loop on point to point links
2b6959d ra: align ifindex resolving

Tested-by: Karl Vogel <karl.vogel@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-17 21:22:39 +01:00
Robert Marko
f4fdd8609c
ipq40xx: mikrotik: enable MikroTik platform driver
This enables the MikroTik platform driver, it enables us to parse
valuable info from hard_config including WLAN calibration data
extraction from sysfs.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-01-17 14:31:56 +01:00
Robert Marko
0184889088 ipq40xx: mikrotik: enable MikroTik NOR parser
Needed for SPI-NOR based MikroTik IPQ40xx devices like hAP ac2.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-01-17 14:23:05 +01:00
Robert Marko
30a92f55de ipq40xx: mikrotik: enable CONFIG_MTD_ROUTERBOOT_PARTS
This enables the new MikroTik specific partition parser.

This avoids manually specifying the MikroTik specific partitions as they
can be detected by their magic values.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-01-17 14:23:05 +01:00
Robert Marko
b779da27ef ipq40xx: add MikroTik subtarget
MikroTik devices require the use of raw vmlinux out of the self
extracting compressed kernels.

They also require 4K sectors, kernel2minor, partition parser as well as
RouterBoard platform drivers.

So in order to not add unnecessary code to the generic sub target lets
introduce a MikroTik sub target.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-01-17 14:23:05 +01:00
John Thomson
10d057f84a ipq40xx: kernel compressed boot: reset watchdog countdown
If the watchdog is enabled, set the timeout to 30 seconds before
decompress is started.

Mikrotik ipq40xx devices running with RouterBoot have the SoC watchdog
enabled and running with a timeout that does not allow time for the
kernel to decompress and manage the watchdog.

On ipq40xx RouterBoot TFTP boot the watchdog countdown is reset before:
Jumping to kernel

Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
2021-01-17 14:23:05 +01:00
Robert Marko
b6461e4654 ipq40xx: arm: compressed: add appended DTB section
This adds a appended_dtb section to the ARM decompressor
linker script.

This allows using the existing ARM zImage appended DTB support for
appending a DTB to the raw ELF kernel.

Its size is set to 1MB max to match the zImage appended DTB size limit.

To use it to pass the DTB to the kernel, objcopy is used:

objcopy --set-section-flags=.appended_dtb=alloc,contents \
	--update-section=.appended_dtb=<target>.dtb vmlinux

This is based off the following patch:
c063e27e02

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-01-17 14:23:05 +01:00
Rosen Penev
43539a6aab libusb: make InstallDev explicit
Helps to see what actually gets installed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-16 23:37:08 -10:00
Rosen Penev
3d2dab5660 libusb: cleanup PKG_ variables
Reordered for consistency between packages.

Fixed license information.

Change PKG_BUILD_PARALLEL to 1. This is no longer a problem.1

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-16 23:26:52 -10:00
Rosen Penev
0798b13d7d libusb: update to 1.0.24
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-16 23:25:27 -10:00
Alexander Couzens
378c7ff282
ipq40xx: split generic images into own file
In preparation of the new mikrotik subtarget split the generic images
into generic.mk

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2021-01-17 07:16:23 +01:00
Hans Dedecker
54bfebdca0 glibc: update to latest 2.32 commit (BZ #20019, BZ #27177, BZ #27130)
4c619b3eed x86: Check IFUNC definition in unrelocated executable [BZ #20019]
87450ecf8a x86: Set header.feature_1 in TCB for always-on CET [BZ #27177]
2b4f67c2b3 Update for [BZ #27130] fix
1a24bbd43e x86-64: Avoid rep movsb with short distance [BZ #27130]

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-01-15 20:49:01 +01:00
Rui Salvaterra
41b096b448 ramips: mt7621: refresh the kernel config
The removed config symbols are already enabled by the generic kernel
configuration (or by default), while the added ones are forcefully
enabled by the specific architecture.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-01-15 19:12:57 +01:00
Adrian Schmutzler
3bbdc72b53 ath79: remove USB port definition for TP-Link TL-WR810N v1
The USB port definition is only needed when it is linked to a USB
LED. Since there is none for this device, we might as well remove
the port definition.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-15 19:00:15 +01:00
Russell Senior
591a4c9ed3 ath79: Add support for Ubiquiti Bullet AC
CPU:         Atheros AR9342 rev 3 SoC
RAM:         64 MB DDR2
Flash:       16 MB NOR SPI
WLAN 2.4GHz: Atheros AR9342 v3 (ath9k)
WLAN 5.0GHz: QCA988X
Ports:       1x GbE

Flashing procedure is identical to other ubnt devices.
https://openwrt.org/toh/ubiquiti/common

Flashing through factory firmware
1. Ensure firmware version v8.7.0 is installed.
   Up/downgrade to this exact version.
2. Patch fwupdate.real binary using
   `hexdump -Cv /bin/ubntbox | sed 's/14 40 fe 27/00 00 00 00/g' | \
    hexdump -R > /tmp/fwupdate.real`
3. Make the patched fwupdate.real binary executable using
   `chmod +x /tmp/fwupdate.real`
4. Copy the squashfs factory image to /tmp on the device
5. Flash OpenWrt using `/tmp/fwupdate.real -m <squashfs-factory image>`
6. Wait for the device to reboot
(copied from Ubiquiti NanoBeam AC and modified)

Flashing from serial console
1. Connect serial console (115200 baud)
2. Connect ethernet to a network with a TFTP server, through a
   passive PoE injector.
3. Press a key to obtain a u-boot prompt
4. Set your TFTP server's ip address, with:
   setenv serverip <tftp-server-address>
5. Set the Bullet AC's ip address, with:
   setenv ipaddr <bullet-ac-address>
6. Set the boot file, with:
   setenv bootfile <name-of-initramfs-binary-on-tftp-server>
7. Fetch the binary with tftp:
   tftpboot
8. Boot the initramfs binary:
   bootm
9. From the initramfs, fetch the sysupgrade binary, and flash it with
   sysupgrade.

The Bullet AC is identified as a 2WA board by Ubiquiti. As such, the UBNT_TYPE
must match from the "Flashing through factory firmware" install instructions
to work.

Phy0 is QCA988X which can tune either band (2.4 or 5GHz). Phy1 is AR9342,
on which 5GHz is disabled.  It isn't currently known whether phy1 is
routed to the N connector at all.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2021-01-15 18:32:38 +01:00
Sungbo Eo
583e39e3d5 kernel: drop empty kmod-ledtrig-* packages
The following four led triggers are enabled in generic config.

* kmod-ledtrig-default-on
* kmod-ledtrig-heartbeat
* kmod-ledtrig-netdev
* kmod-ledtrig-timer

Drop the packages and remove them from DEVICE_PACKAGES.
There's no other package depending on them in this repo.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2021-01-15 18:24:31 +01:00
Sungbo Eo
8451f47b1e treewide: do not disable LED triggers in target config
Those targets have already enabled some other LED triggers, so enabling
a few more won't be a big problem.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2021-01-15 18:22:45 +01:00
Sungbo Eo
22061b2880 kernel: enable CONFIG_LEDS_TRIGGER_HEARTBEAT
The heartbeat trigger is used by luci-mod-system, which is installed
as a part of the standard luci package set. It seems the LED trigger
will be required quite often, so let's enable it by default.

This increases uncompressed kernel size by about 100 bytes on ath79/generic.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2021-01-15 18:20:55 +01:00
Leon M. George
d5bbd4975c hostapd: fix setting wps_state to "not configured"
With encryption disabled, it was intended to set wpa_state=1 (enabled,
not configured) through the 'wps_not_configured' flag.
The flag is set appropriately but the condition using it is broken.
Instead, 'wps_configured' is checked and wpa_state is always 2 (enabled,
configured). Fix it by using the correct variable name.

Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit title/message improvements]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-15 18:17:45 +01:00
Sungbo Eo
218eff5bdb kernel: update kmod-thermal package
CONFIG_THERMAL option was changed to boolean in upstream linux commit
554b3529fe01 ("thermal/drivers/core: Remove the module Kconfig's option").
Switch it to 'y' and remove FILES and AUTOLOAD for non-existant module file.

And update the descripton text for the package as in upstream linux commit
eb8504620381 ("thermal: Rephrase the Kconfig text for thermal").

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2021-01-15 17:47:33 +01:00
Nick Hainke
5beea4c3fd owipcalc: use v6 in cidr_parse6 function
The cidr_parse6 function parses a string to an ipv6-address.
The cidr struct contains a union called buf for the ipv4 and ipv6
address. Since it is a char pointer and the struct is initialized with
the maximum size (so ipv6 string) it does not make any difference.
However, we should access the buffer using the v6 name, since it could
be confusing otherwise.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-01-15 17:40:27 +01:00
Jan Alexander
05707e6460 ipq806x: fix Ubiquiti UniFi AC HD partition map
This fixes a typo in the previously committed partition map that led to
the extension of the read-only mtd partition "SSD" into the following
partitions.

Fixes: 4e46beb313 ("ipq806x: add support for Ubiquiti UniFi AC HD")

Signed-off-by: Jan Alexander <jan@nalx.net>
2021-01-15 17:34:04 +01:00
John Audia
945a704fab kernel: bump 5.4 to 5.4.89
All modification made by update_kernel.sh in a fresh clone without
existing toolchains.

Build system: x86_64
Build-tested: ipq806x/R7800, bcm27xx/bcm2711
Run-tested: ipq806x/R7800

No dmesg regressions, everything functional

Signed-off-by: John Audia <graysky@archlinux.us>
Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
2021-01-15 17:29:41 +01:00
Felix Fietkau
b0ad07e9a0 mac80211: fix rounding error in minstrel_ht throughput calculation
Fixes rate selection with lower data rates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-15 13:05:40 +01:00
Paul Spooren
4dad324429 scripts: target-metadata don't add PROFILES twice
Since 4ee3cf2b5a profiles with alternative vendor names may appear
multiple times in `tmp/.targetinfo` or `.targetinfo` (for
ImageBuilders).

The `target-metadata.pl` script adds these profiles then twice to
`PROFILE_NAMES` and the ImageBuilder show the profile twice when running
`make info`.

This patch removes duplicate profile IDs and only adds them once to
`.profiles.mk`.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-01-14 22:42:21 -10:00
Rui Salvaterra
412dc26c99 kernel: make lwtunnel support optional
Not everyone will want to bloat their kernel by 24 kiB for such a niche
feature.

Fixes: a1a7f3274e "kernel: enable SRv6 support by
enabling lwtunnel"

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-01-14 22:38:39 -10:00
Rafał Miłecki
c40006e0af bcm4908: prepend kernel images with a custom header
It's required for CFE to accept kernel.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-01-15 07:45:19 +01:00
Rafał Miłecki
6e7ca70449 firmware-utils: bcm4908kernel: tool adding BCM4908 kernel header
BCM4908 CFE bootloader requires kernel to be prepended with a custom
header. This simple tool implements support for such headers.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-01-15 07:44:46 +01:00
Rosen Penev
33646a51ab glibc: add arc700 patch
glibc does not officially support ARC700 so this adds the missing
pieces. I looked at uClibc-ng and a patch by Synopsis for glibc.

ran make toolchain/glibc/refresh to clean up fuzz.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-14 12:45:46 -10:00
Felix Fietkau
faeaf5a010 mac80211: fix an uninitialized stack variable in the minstrel update
It can lead to out-of-bounds access and invalid rates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-14 20:12:29 +01:00
Felix Fietkau
f841855f10 mt76: update to the latest version
a46f9a9160e9 mt76: mt7915: add vif check in mt7915_update_vif_beacon()
27ad12352ac9 mt76: mt7615: add vif check in mt7615_update_vif_beacon()
0a449cef024e mt76: mt7915: fix MT_CIPHER_BIP_CMAC_128 setkey
eacd2d493c61 mt76: mt7915: reset token when mac_reset happens
e4b23301e6c9 mt76: mt7615: reset token when mac_reset happens
6e22bbfe0360 mt76: mt7615: convert comma to semicolon
37865118ae2d mt76: mt7915: convert comma to semicolon
742c36b2e527 mt76: mt7915: run mt7915_configure_filter holding mt76 mutex
a515727e8423 mt76: mt7915: add support for flash mode
b6f7b3da5216 mt76: mt7915: fix endianness warning in mt7915_mcu_set_radar_th
062f3f4f06a2 mt76: mt7915: simplify mt7915_mcu_send_message routine
dbba9b993300 mt76: mt7915: drop zero-length packet to avoid Tx hang
36a745d0f71c mt76: Fix queue ID variable types after mcu queue split
a4539760b0b1 mt7915: update the testmode support to the latest upstream patch
64bd6f87e4c2 mt7915: fix crash on failure in pci_set_dma_mask
c202ace409e0 mt76: remove unused variable q
d1b827781f84 mt76: mt7915: add partial add_bss_info command on testmode init
a897a69769f5 mt76: testmode: introduce dbdc support
b44472e99822 mt76: testmode: move mtd part to mt76_dev
45e27e6cdc12 mt76: mt7915: move testmode data from dev to phy
b6673b005770 mt76: mt7615: move testmode data from dev to phy
abdd471e9f2d mt76: mt7915: fix ht mcs in mt7915_mcu_get_rx_rate()
d679b56b9585 mt76: move mac_work in mt76_core module
36cd48ab4454 mt76: move chainmask in mt76_phy
89a6781ed045 mt76: mt7915: force ldpc for bw larger than 20MHz in testmode
3d0834e78005 mt76: testmode: add support to set user-defined spe index
cc05f4679667 mt76: testmode: add attributes for ipg related parameters
77b18b16fe16 mt76: testmode: make tx queued limit adjustable
6365a58573cb mt76: mt7915: split edca update function
e56282bf67f6 mt76: mt7915: add support for ipg in testmode
6fa642903e4e mt76: mt7915: calculate new packet length when tx_time is set in testmode
729ec5daeba5 mt76: mt7915: clean hw queue before starting new testmode tx
981443da5cf7 mt76: testmode: add a new state for continuous tx
4793fc9b3d48 mt76: mt7915: rework set state part in testmode
11a1e86e5946 mt76: mt7915: add support for continuous tx in testmode
364affef82fc mt76: mt7615: mt7915: disable txpower sku when testmode enabled
9fc19db51293 mt76: mt7915: simplify peer's TxBF capability check
6377b7f330be mt76: mt7915: add implicit Tx beamforming support
983091a40633 mt76: mt7915: fix MESH ifdef block
bbb7a9e77751 mt76: mt76u: fix NULL pointer dereference in mt76u_status_worker
a28a8dd2f7de mt76: usb: fix crash on device removal
9c312f2ce2c5 mt76: mt7915: rework mcu API
e6fe82acb111 mt76: mt7915: disable RED support in the WA firmware
25d7429bdc41 mt76: mt7915: fix eeprom parsing for DBDC
7a93026dd3dc mt76: mt7915: fix eeprom DBDC band selection
4c8a09cc45d0 tools: Set mode for new file /tmp/mt76-test-%s

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-14 14:06:00 +01:00
Felix Fietkau
3fd070e089 tools/fakeroot: fix build regression on macOS
AT_EMPTY_PATH and AT_NO_AUTOMOUNT does not exist there

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-01-14 14:01:57 +01:00
Rafał Miłecki
6c90999e2e bcm4908: backport brcmstb USB PHY driver changes
This includes BCM4908 support

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-01-14 12:34:20 +01:00
Leon M. George
fa02225ee6 hostapd: fix key_mgmt typo
The key_mgmt variable was mistyped when checking against "WPS", so
the if clause was never entered.

Fixes: f5753aae23 ("hostapd: add support for WPS pushbutton station")

Signed-off-by: Leon M. George <leon@georgemail.eu>
[add commit message, bump PKG_RELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-01-14 03:54:06 +01:00
Leon M. George
f72ce73e36 hostapd: remove trailing whitespaces
Signed-off-by: Leon M. George <leon@georgemail.eu>
2021-01-14 03:50:38 +01:00
Leon M. George
4bde00c2a3 hostapd: remove unused variable
'base' was never used.

Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")

Signed-off-by: Leon M. George <leon@georgemail.eu>
2021-01-14 03:48:41 +01:00
Leon M. George
3497b30b9c hostapd: remove unused variable
'enc_str' was never used.

Fixes: 498d84fc4e ("netifd: add wireless configuration support
and port mac80211 to the new framework")

Signed-off-by: Leon M. George <leon@georgemail.eu>
2021-01-14 03:45:17 +01:00
Daniel Golle
1f78538387 hostapd: run as user 'network' if procd-ujail is installed
Granting capabilities CAP_NET_ADMIN and CAP_NET_RAW allows running
hostapd and wpa_supplicant without root priviledges.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-14 00:52:50 +00:00
Daniel Golle
d9d6988434 mac80211: improve error handling when adding hostapd config
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-01-14 00:52:50 +00:00