This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled") which fixes same
issue as in the current fix contained in '130-wpa_supplicant-multi_ap_roam.patch',
but in a different way:
nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
an interface that is in a bridge and has 4addr mode already enabled.
This operation would not have been necessary in the first place and this
failure results in disconnecting, e.g., when roaming from one backhaul
BSS to another BSS with Multi AP.
Avoid this issue by ignoring the nl80211 command failure in the case
where 4addr mode is being enabled while it has already been enabled.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit fb860b4e41)
The QorIQ LX2160A reference design board provides a comprehensive platform
that enables design and evaluation of the LX2160A processor.
- Enables network intelligence with the next generation Datapath (DPPA2)
which provides differentiated offload and a rich set of IO, including
10GE, 25GE, 40GE, and PCIe Gen4
- Delivers unprecedented efficiency and new virtualized networks
- Supports designs in 5G packet processing, network function
virtualization, storage controller, white box switching, network
interface cards, and mobile edge computing
- Supports all three LX2 family members (16-core LX2160A; 12-core LX2120A;
and 8-core LX2080A)
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 80dcd14abe)
Add ddr-phy package for layerscape. Currently only LX2160ARDB
requires the package.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit f59d7aab2a)
The LS1046A Freeway board (FRWY) is a high-performance computing,
evaluation, and development platform that supports the QorIQ
LS1046A architecture processor capable of support more than 32,000
CoreMark performance. The FRWY-LS1046A board supports the QorIQ
LS1046A processor, onboard DDR4 memory, multiple Gigabit Ethernet,
USB3.0 and M2_Type_E interfaces for Wi-Fi.
The FRWY-LS1046A-TP includes the Coral Tensor Flow Processing Unit
that offloads AI/ML inferencing from the CPU to provide significant
boost for AI/ML applications. The FRWY-LS1046A-TP includes one M.2
TPU module and more modules can easily be added including USB
versions of the module to scale the AI/ML performance.
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[rebase, use AUTORELEASE, fix sorting, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 2c2d77bd3b)
This fixes 4 security vulnerabilities/bugs:
- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
SSLv2, but the affected functions still exist. Considered just a bug.
- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
EVP_DecryptUpdate may overflow the output length argument in some
cases where the input length is close to the maximum permissable
length for an integer on the platform. In such cases the return value
from the function call will be 1 (indicating success), but the output
length value will be negative.
- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
create a unique hash value based on the issuer and serial number data
contained within an X509 certificate. However it was failing to
correctly handle any errors that may occur while parsing the issuer
field (which might occur if the issuer field is maliciously
constructed). This may subsequently result in a NULL pointer deref and
a crash leading to a potential denial of service attack.
- Fixed SRP_Calc_client_key so that it runs in constant time. This could
be exploited in a side channel attack to recover the password.
The 3 CVEs above are currently awaiting analysis.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 482c9ff289)
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 75455b75a7ee)
Let's switch to 5.10 now that mac80211 has been updated.
Runtime-tested on ipq806x (Netgear R7800).
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry-picked from commit a5c4c40476)
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Automatically setup dhcpv4 server just like it's done for dhcpv6.
To select whether odhcpd or dnsmasq are serving DHCPv4 requests there
still is the 'maindhcp' option. To make things less confusing, make
sure things really work out-of-the-box in case dnsmasq is not even
installed at the time the uci-defaults script is being run.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes the build on MIPS BE like ath25 and ath79 target.
We get this error message when linking libwolfssl:
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so when searching for -lwolfssl
mips-openwrt-linux-musl/bin/ld: cannot find -lwolfssl
collect2: error: ld returned 1 exit status
This reverts commit 2591c83b34.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the build on MIPS BE like ath25 and ath79 target.
We get this error message when linking libubox:
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so when searching for -lubox
This reverts commit f421fefa8a.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This reverts commit 50a5a8993d as the bump
to 2021.01 unveiled issue with missing swig host tool needed for
mx6cuboxi's SPL.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
When transmitting to a receiver in dynamic SMPS mode, all transmissions that
use multiple spatial streams need to be sent using CTS-to-self or RTS/CTS to
give the receiver's extra chains some time to wake up.
This fixes the tx rate getting stuck at <= MCS7 for some clients, especially
Intel ones, which make aggressive use of SMPS.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
On hardware that supports this, this will improve performance by passing
802.3 frames from the hardware to the stack
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Fix license information.
Fix wrong ABI version. The library is versioned as libnftnl.so.11.4.0
Add PKG_BUILD_PARALLEL for faster compilation.
Remove autoreconf as nothing is being patched.
Minor cleanups for consistency between packages.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The first two are useless as /bin/sh can execute those scripts just
fine. Shellcheck reports no problems.
Telnetd patch is useless as telnet is no longer used in OpenWrt.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Remove stime backport.
Remove static libgcc patch as upstream fixed it with
BUSYBOX_DEFAULT_STATIC_LIBGCC which defauls to off.
Remove date -k patch as it no longer applies. It's also pointless as
busybox' hwclock utility can do the same thing.
Remove ntpd patch as that seems to have been applied upstream.
Add smalll patch fixing compilation with SELinux. Upstream commit
2496616b0a8d1c80cd1416b73a4847b59b9f969a renamed the variable without
renaming it in the SELinux path.
Refresh config and patches.
Config refresh:
Refresh commands, run after busybox is first built once:
cd package/utils/busybox/config/
../convert_menuconfig.pl ../../../../build_dir/target-mips_24kc_musl/busybox-default/busybox-1.33.0
cd ..
./convert_defaults.pl < ../../../build_dir/target-mips_24kc_musl/busybox-default/busybox-1.33.0/.config > Config-defaults.in
Manual edits needed afterward:
* Config-defaults.in: OpenWrt config symbol IPV6 logic applied to
BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in: OpenWrt configTARGET_bcm53xx logic applied to
BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)
* editors/Config.in: Add USE_GLIBC dependency to
BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)
* shell/Config.in : change at "Options common to all shells" the symbol
SHELL_ASH --> BUSYBOX_CONFIG_SHELL_ASH
(discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
Apparently our script does not see the hidden option while
prepending config options with "BUSYBOX_CONFIG_" which leads to a
missed dependency when the options are later evaluated.)
* Edit Config.in files by adding quotes to sourced items in
config/Config.in, networking/Config.in and util-linux/Config.in (commit 1da014f)
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[Added comments from Hannu Nyman to commit message]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The date -k patch is non standard and will be removed in the next
commit.
Tested behavior to be identical with a simple C program:
#define _GNU_SOURCE
#include <unistd.h>
#include <stdio.h>
#include <sys/time.h>
#include <sys/syscall.h>
int main()
{
struct timezone tt;
struct timezone tz;
int a = syscall(SYS_gettimeofday, NULL, &tt);
int b = gettimeofday(NULL, &tz);
printf("%d - %d, %d\n", a, tt.tz_minuteswest, tt.tz_dsttime);
printf("%d - %d, %d\n", b, tz.tz_minuteswest, tz.tz_dsttime);
}
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The removed patches were applied upstream.
This adapts ath10k-ct and mt76 to changed APIs.
nl80211.h in iw is updated to match the version from backports.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The removed patches were applied upstream.
Remove the 300-mac80211-optimize-skb-resizing.patch.
This patch was not applied upstream, but it conflicts with upstream
changes and needs bigger changes. It was applied with Felix to remove
this patch for now. It should be reworked and then send upstream later.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Refreshed all patches, removed 110-mx6cuboxi-mmc-fallback.patch as it
seems, that upstream has probably added similar funcionality in commit
6c3fbf3e456c ("mx6cuboxi: customize board_boot_order to access eMMC")
and it needs to be re-verified by device owner.
Run tested on apalis.
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
5a2dd18 iwinfo: add hardware description for MediaTek MT7622
4a32b33 iwinfo: add PCI ID for MediaTek MT7613BE
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This patch is required to be able to roam from one backhaul AP to
another one in the same ESS.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(daniel@makrotopia.org: PKG_REVISION bump and refreshed patches)
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
This patch allows other applications to get events management
frames (for example: association requests).
This is useful in Multi-AP context to be able to save association
requests from stations.
It has been sent to upstream hostapd in this series:
https://patchwork.ozlabs.org/project/hostap/list/?series=217500
'700-wifi-reload.patch' is updated due to the introduction of
'110-notify-mgmt-frames.patch'.
Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
After looking at various vendor GPL source code dumps I discovered that some
of them contain updated versions of ltq-ptm driver when compared to what
openwrt has.
The driver update is mostly cursory (simple changes to comments, whitespace,
formatting etc.) or adds debug features not used by openwrt.
However the updated driver also contains a later version of PTM firmware which
is extracted and included in this commit along with bits to correctly identify
its version when driver loads.
Signed-off-by: Antti Seppälä <a.seppala@gmail.com>
The 'bromimage' tool which is used to wrap bl2 with a MediaTek-specific
header is distributed in binary form only and unfortunately tries to
dynamically link against libopenssl, which fails on the buildbots.
Wait for MTK to provide a at least static executable instead, in the
meantime, mark the package as broken.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
HOST_CFLAGS were ignored as they were passed on incorrectly which lead
to build failure if OpenSSL wasn't present on the build host.
Fix that by properly passing HOST_CFLAGS when building each tool.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This should fix CVE-2021-3336:
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not
cease processing for certain anomalous peer behavior (sending an
ED22519, ED448, ECC, or RSA signature without the corresponding
certificate).
The patch is backported from the upstream wolfssl development branch.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.
Signed-off-by: Andre Heider <a.heider@gmail.com>
luci now uses ubus directly, so remove 'lucistat'.
For manual usage just print the ubus output, use luci for a pretty
version.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
procd sends sigterm to stop daemons, hook it up.
This speeds up the shutdown sequence and gets rid of the following message:
daemon.info procd: Instance dsl_control::instance1 pid 15408 not stopped on SIGTERM, sending SIGKILL instead
Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Martin Schiller <ms@dev.tdt.de>
dnsmasq v2.84rc2 has been promoted to release.
No functional difference between v2.83test3 and v2.84/v2.84rc2
Backport 2 patches to fix the version reporting
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Use new ubus-based hotplug call in dhcp-script.sh
As sysntpd now makes use of the new ubus-based hotplug calls, dnsmasq
no longer needs to ship ACL to cover ntpd-hotplug.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
erley.org no longer exists; attempting to connect to it during package
download results in lengthy timeouts. Use the new OpenWrt CDN alias to
download from reliable OpenWrt mirrors.
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
Multiple sources are hosted on OpenWrts source server only. The source
URLs to point to the server vary based on different epochs in OpenWrts
history.
Replace all by @OPENWRT which is an "empty" mirror, therefore using the
fallback servers sources.cdn.openwrt.org and sources.openwrt.org.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Commit 7c8c4f1be6 ("hostapd: fix P2P group information processing
vulnerability") was missing the actual patch for the vulnerability.
Fixes: 7c8c4f1be6 ("hostapd: fix P2P group information processing vulnerability")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Package ARM Trusted Firmware host tools separately.
(instead of building tfa-fiptool as part of tfa-layerscape)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ATF bl2 comes in 4 variants for MT7622 depending on the boot media:
* nor
* snand
* emmc
* sdmmc
Additional binary headers needed for emmc and sdmmc are downloaded as
well and provided along with bl2*.bin and bl31.bin to allow building
images including ATF for MT7622.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
If the driver uses .sta_add, station entries are only uploaded after the sta
is in assoc state. Fix early station rate table updates by deferring them
until the sta has been uploaded
Signed-off-by: Felix Fietkau <nbd@nbd.name>
With upstream commit f81f9f0ebac5 ("rockchip: rockpro64: initialize USB in
preboot") CONFIG_USE_PREBOOT was enabled on the RockPro64, which is causing
boot issues when a eMMC is used, as a workaround will temporarily disable
this option.
Signed-off-by: Marty Jones <mj8263788@gmail.com>
[Improve patch description]
Signed-off-by: David Bauer <mail@david-bauer.net>
Enable support for the Ubiquiti UniFi Outdoor+ RF filter via
device-tree. The old way of using platform data is not required anymore,
as it was only used on the now removed ar71xx target.
Signed-off-by: David Bauer <mail@david-bauer.net>
Replace with sed as done elsewhere.
Fixes error with at least btrfs-progs:
Package '@LIBSELINUX@', required by 'mount', not found
Package '@LIBCRYPTSETUP@', required by 'mount', not foun
Signed-off-by: Rosen Penev <rosenp@gmail.com>
The two required tools fail to identify their version when not compiling
from a git clone, patch that in and pass on the used commit hashes.
Upon boot it now prints "WTMI-devel-18.12.1-5598e150".
Signed-off-by: Andre Heider <a.heider@gmail.com>
The cpufreq issue has been identified and a fix is in the process of beeing
upstreamed [0].
Bump the boards to the default 1000MHz so they can run at that frequency
once the fix is merged. Until then the boards are stuck at 800MHz (just
claiming to run 1000Hz, which is a lie).
[0] https://lore.kernel.org/linux-arm-kernel/20210114124032.12765-1-pali@kernel.org/
Signed-off-by: Andre Heider <a.heider@gmail.com>
v5.10 has been released for strace. As such, let's go ahead bring in the
latest version of this package.
See here for the changelog:
https://github.com/strace/strace/releases/tag/v5.10
Signed-off-by: Geordan Neukum <gneukum1@gmail.com>
Pstore (persistent store) can be used to stash debug information (kernel
console, panics, ftrace) across reboots or crashes. If the filesystem is
present, mount it.
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Changelog:
- ath10k-ct: Pull in some upstream patches.
Runtime-tested on ipq806x (Netgear R7800).
Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
/lib/functions.sh was executable for no obvious reason and its
execute property was even checked in package-ipkg.mk just to
source it afterwards.
Remove the execute bit and shebang as this is clearly a library.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
This drops the shebang from another bunch of files in various /lib
folders, as these are sourced and the shebang is useless.
Fix execute bit in one case, too.
This should cover almost all trivial cases now, i.e. where /lib is
actually used for library files.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
65abbcd9f6fb mt76: usb: process URBs with status EPROTO properly
3199ef5fa35e mt76: mt7615: set mcu country code in mt7615_mcu_set_channel_domain()
5c86d5bb079b mt76: mt7915: Remove unneeded semicolon
3f546330b59d mt76: mt7915: support TxBF for DBDC
032ad7e02545 mt76: mt7615: unify init work
cc3f23d1e654 mt76: mt7915: bring up the WA event rx queue for band1
fa3d334a0e22 mt76: fix crash on tearing down ext phy
c4c9c402d14a mt76: mt7915: fix vif sta index for DBDC
eca2f0ec0d4c mt76: mt7915: fix command id for txbf action
c828124ef9a5 mt76: mt7915: add support for using a secondary PCIe link for gen1
dbaf0f4679f3 mt76: mt7915: make vif index per adapter instead of per band
fb3e5ce1eb00 mt76: move vif_mask back from mt76_phy to mt76_dev
be2bea66d6e3 mt76: mt7915: detect wrong nss eeprom parameter on dbdc cards
8dc5d4a0da7c Revert "mt76: mt7915: fix vif sta index for DBDC"
8c796a33781c mt76: mt7915: only set int1 when using the second hif
4eb5caaf6cc1 mt76: reduce q->lock hold time
0714890bf0fd mt76: mt7615: reduce VHT maximum MPDU length
2f85aa5cbc62 mt76: mt7915: avoid writes to MT_PCIE_RECOG_ID when not using gen1 devices
8696919d9aae mt76: dma: fix a possible memory leak in mt76_add_fragment()
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is only added to keep the PKG_RELEASE correct after fixing
the $(COMMITCOUNT) logic in the previous commit.
This way the PKG_RELEASE stays the same while the compiled packages
content isn't changed.
Signed-off-by: Paul Spooren <mail@aparcar.org>
Certificate signature algorithm was being set after call to
`wc_MakeCert`, resulting in a mismatch between specified signature in
certificate and the actual signature type.
Signed-off-by: Jeffrey Elms <jeff@wolfssl.com>
[fix commit subject, use COMMITCOUNT]
Signed-off-by: Paul Spooren <mail@aparcar.org>
