Commit Graph

17520 Commits

Author SHA1 Message Date
Daniel Golle
e065c9184c uqmi: update to git HEAD
65796a6 nas: add --get-plmn
 0a19b5b uqmi: add timeout parameter

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 21:58:22 +00:00
Filip Moc
ce293cd3ac uqmi: set device-operating-mode to online
This is required for LTE module MR400 (in TL-MR6400 v4).
Otherwise LTE module won't register to GSM network.

Signed-off-by: Filip Moc <lede@moc6.cz>
2020-11-22 21:14:09 +00:00
Filip Moc
9ebbb55113 uqmi: add support for IPv4 autoconf from QMI
There already was an option for autoconfiguring IPv4 from QMI but this
was removed by commit 3b9b963e6e ("uqmi: always use DHCP for IPv4").

DHCP does not work on MR400 LTE module (in TL-MR6400 v4) so let's readd
support for IPv4 autoconf from QMI but this time allow to configure this
for IPv4 and IPv6 independently and keep DHCP default on IPv4.

Signed-off-by: Filip Moc <lede@moc6.cz>
2020-11-22 21:13:39 +00:00
Thomas Richard
2b3a0cabea uqmi: wait forever registration if timeout set to 0
Give possibility to wait forever the registration by setting timeout
option to 0.

No timeout can be useful if the interface starts whereas no network is
available, because at the end of timeout the interface will be stopped
and never restarted.

Signed-off-by: Thomas Richard <thomas.richard@kontron.com>
2020-11-22 21:13:18 +00:00
Daniel Golle
6e9b707ee2 Revert "refpolicy: add variant that builds modular policy"
This reverts commit 9eb9943f82.
Building the 'modular' variant requires 'semodule_package' from
'selinux-python' to be installed on the buildhost.
Apart from that, this change also broke the monolithic refpolicy
'targeted' build.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 15:20:35 +00:00
Daniel Golle
8262c99fc3 procd: update to git HEAD
04a2edd uxc: make force-delete kill container process
 be6da62 seccomp: silence 'unknown syscall' warnings
 b22e625 jail: cgroup hack: rewrite cgroup -> cgroup2
 df7fa7b uxc: fix incomplete commit

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-22 03:24:33 +00:00
Felix Fietkau
5242bf7cf7 netifd: update to the latest version
351d690f1a09 wireless: fix passing bridge name for vlan hotplug pass-through
c1c2728946b5 config: initialize bridge and bridge vlans before other devices
5e18d5b9ccb1 interface: do not force link-ext hotplug interfaces to present by default
4544f026bb09 bridge-vlan: add support for defining aliases for vlan ids

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-21 10:24:37 +01:00
John Crispin
8134c542e2 base-files: generated named bridge-vlan sections
Signed-off-by: John Crispin <john@phrozen.org>
2020-11-19 15:38:37 +01:00
Piotr Dymacz
1bce45fc0f uboot-envtools: ath79: add support for ALFA Network Pi-WiFi4
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-11-18 23:49:34 +01:00
Hauke Mehrtens
a8030ea40f valgrind: Update to version 3.16.1
No special changes, just get in sync with recent code.
See here for the changelog:
https://valgrind.org/docs/manual/dist.news.html

The ipkg sizes changes as follows for mips 24kc :
	3.15   : valgrind_3.15.0-2_mips_24kc.ipk 1450680
	3.16.1 : valgrind_3.16.1-1_mips_24kc.ipk 1491954

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-18 19:01:44 +01:00
Hauke Mehrtens
557fe9cd3b strace: Update to version 5.9
No special changes, just get in sync with recent code.
See here for the changelog:
https://github.com/strace/strace/releases/tag/v5.9

The ipkg sizes changes as follows for mips 24kc :
	5.8 : strace_5.8-1_mips_24kc.ipk 271195
	5.9 : strace_5.9-1_mips_24kc.ipk 278352

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-18 19:01:33 +01:00
Hauke Mehrtens
ad0711559d iperf3: Update to version 3.9
No special changes, just get in sync with recent code.
See here for the changelog:
http://software.es.net/iperf/news.html#iperf-3-9-released

The ipkg sizes changes as follows for mips 24kc :
	3.7 : iperf3_3.7-1_mips_24kc.ipk 39675
	3.9 : iperf3_3.9-1_mips_24kc.ipk 41586

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-18 18:59:36 +01:00
Hans Dedecker
7330348f2d ethtool: update to version 5.9
The ipkg sizes changes as follows for mips 24kc :
	5.8 : ethtool_5.8-1_mips_24kc.ipk 34930
	5.9 : ethtool_5.9-1_mips_24kc.ipk 35241

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-17 21:31:23 +01:00
Matthias Schiffer
3f1109bf2a
base-files: fix backwards compatiblity of rc.common EXTRA_COMMANDS
Avoid needlessly breaking old initscripts that set EXTRA_COMMANDS. This
will aid in debugging (as it simplifies reverting to an older version of
a package) and unbreaks third-party feeds (and packages that maintain
their OpenWrt initscripts as part of the software's repo instead of the
OpenWrt feed like fastd).

Without this, initscripts that set EXTRA_COMMANDS become completely
unusable, as all default commands like start/stop cease working.

Fixes: 1a69f50dc6 ("base-files: fix rc.common help alignment")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-11-17 17:57:42 +01:00
David Bauer
21dfdfd78b hostapd: set validity interval for BSS TMRA
This sets the validity interval for the BSS transition candidate
list to the same value as the disassociation timer.

Currently the value is always 0, which is the specification states is a
reserved value. Also, wpa_supplicant and from the looks of it some
Android implementations will outright ignore the candidate list in this
case.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:06:39 +01:00
Dobroslaw Kijowski
edb93eda16 hostapd: add support for static airtime policy configuration
* Add support for passing airtime_sta_weight into hostapd configuration.
* Since that commit it is possible to configure station weights. Set higher
  value for larger airtime share, lower for smaller share.

I have tested this functionality by modyfing /etc/config/wireless to:

config wifi-device 'radio0'
	...
        option airtime_mode '1'

config wifi-iface 'default_radio0'
	...
        list airtime_sta_weight '01:02:03:04:05:06 1024'

Now, when the station associates with the access point it has been assigned
a higher weight value.
root@OpenWrt:~# cat /sys/kernel/debug/ieee80211/phy0/netdev\:wlan0/stations/01\:02\:03\:04\:05\:06/airtime
RX: 12656 us
TX: 10617 us
Weight: 1024
Deficit: VO: -2075 us VI: 256 us BE: -206 us BK: 256 us

[MAC address has been changed into a dummy one.]

Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
2020-11-17 17:06:16 +01:00
Dobroslaw Kijowski
03cdeb5f97 hostapd: fix per-BSS airtime configuration
airtime_mode is always parsed as an empty string since it hasn't been
added into hostapd_common_add_device_config function.

Fixes: e289f183 ("hostapd: add support for per-BSS airtime configuration")
Signed-off-by: Dobroslaw Kijowski <dobo90@gmail.com>
2020-11-17 17:05:20 +01:00
David Bauer
0ce5f15f9c hostapd: ubus: add get_status method
This adds a new get_status method to a hostapd interface, which
provides information about the current interface status.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:05:06 +01:00
David Bauer
80b531614b hostapd: ubus: add VHT capabilities to client list
This adds parsed VHT capability information to the hostapd
get_clients method.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:04:40 +01:00
David Bauer
cd8052da49 hostapd: ubus: add driver information to client list
This adds information from mac80211 to hostapd get_client ubus function.
This way, TX as well as RX status information as well as the signal can
be determined.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:04:33 +01:00
David Bauer
7463a0b5ee hostapd: fix variable shadowing
Fixes commit 838b412cb5 ("hostapd: add interworking support")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-17 17:04:22 +01:00
Daniel Golle
01b83040d3 umdns: convert seccomp filter rules to OCI format
procd-seccomp switched to OCI-compliant seccomp parser instead of our
(legacy, OpenWrt-specific) format. Convert ruleset to new format.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-17 13:12:37 +00:00
Daniel Golle
62a3430f9b procd: drop legacy seccomp support, switch to OCI parsers
d8f36f5 seccomp: specifying architectures is optional
 d352e6e seccomp: switch to new OCI compliant parser
 c110405 trace: switch to OCI seccomp JSON output

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-17 13:12:37 +00:00
Alberto Bursi
a4d52522c7 wireguard-tools: fix category/description in menuconfig
wireguard-tools is trying to import the menuconfig section
from the wireguard package, but since it's not anymore in
the same makefile this seems to fail and wireguard-tools
ends up in "extra packages" category instead with other
odds and ends.

Same for the description, it's trying to import it from the
wireguard package but it fails so it only shows the line
written in this makefile.

remove the broken imports and add manually the entries
and description they were supposed to load

Fixes: ea980fb9c6 ("wireguard: bump to 20191226")

Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
[fix trailing whitespaces, add Fixes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-17 13:03:16 +01:00
DENG Qingfang
03d178727a kernel: remove mvsw61xx swconfig driver
All targets that used mvsw61xx have switched to upstream mv88e6xxx DSA
driver, so it can be removed.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-11-16 13:55:05 +01:00
Hans Dedecker
0f7a3288e1 odhcpd: update to latest git HEAD
fb55e80 dhcpv6-ia : write statefile atomically

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-15 18:48:33 +01:00
Hans Dedecker
aaf3443e1a dropbear: update to 2.81
Update dropbear to latest stable 2.81; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES

Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-15 18:23:47 +01:00
Rui Salvaterra
c63908afd2 wireguard-tools: drop the dependency on ip-{tiny,full}
BusyBox ip already provides the required functionality and is enabled by default
in OpenWrt. This patch drops the ip dependency and makes the BusyBox ip required
dependencies explicit, allowing for a significant image size reduction.

openwrt-ath79-generic-ubnt_nanostation-loco-m-squashfs-sysupgrade.bin size:
4588354 bytes (with ip-tiny)
4457282 bytes (with BusyBox ip)

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-11-14 17:46:35 +01:00
Felix Fietkau
5752ccb60f libjson-c: enable rpath for host builds to fix errors on recent macOS
Same approach as on libubox

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-14 14:48:30 +01:00
Hans Dedecker
ee8ef9b10b iproute2: update to 5.9
Update iproute2 to latest stable 5.9; for the changes see https://lwn.net/Articles/834755/

Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Hauke Mehrtens <hauke@huake-m.de>
2020-11-14 09:24:48 +01:00
Felix Fietkau
bc91ce3a70 kernel: remove kmod-capi
We don't package any driver that uses this module

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-13 13:16:25 +01:00
Felix Fietkau
c4600e6261 netifd: update to the latest version
4a41135750d9 system-linux: only overwrite dev->present state on check_state for simple devices

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-13 12:49:27 +01:00
Brett Mastbergen
e800ecfa3d libnetfilter-log: Backport kernel header syncs
Backport upstream commits that sync the local kernel header
copies in this library, with up to date copies.  These updated
headers ensure that libnetfilter-log users can use current
kernel functionality such as requesting that conntrack
information be appended to nflog events sent to userspace via
the NFULNL_CFG_F_CONNTRACK flag.  This functionality has been
available since kernel version 4.4

Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
2020-11-12 18:21:55 +01:00
Roman Kuzmitskii
02e8182d87 sunxi: add support for Libre Computer ALL-H3-CC H5
Specification:

- CPU: Allwinner H5, Quad-core Cortex-A53 Up to 1GHz
- DDR3 RAM: 2GB
- Network:
    10/100M Ethernet x 1
- IR: x1 (Receive)
- USB (Host) Type-A x3
- USB (OTG) Type-A x1
- MicroSD Slot x 1
- eMMC Slot x1
- MicroUSB power input
- GPIO 40pin header
- UART 3pin header
- Leds:
    - librecomputer:blue:status
    - librecomputer:green:pwr
- Buttons:
    - uboot button (used to enter fel mode)
    - power button (can trigger power on)
- Power Supply via MicroUSB or GPIO 5V/2A

Installation:

- Write the image to SD Card with dd
- Boot from the SD Card

Signed-off-by: Roman Kuzmitskii <damex.pp@icloud.com>
[Fixed Signed-off-by]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-11-12 18:21:17 +01:00
Tan Zien
3c5d70ad26 kernel: add module support Solarflare network adapter
According to Solarflare user guide
it is recommended to install lm-sensors and
use the following command to obtain adapter health info

$ sensors | grep sfc
sfc pci 0400
sfc pci 0401

$ sensors sfc pci 0400
sfc pci 0400
Adapter: PCI adapter
1.2V supply:                        N/A
3.3V supply:                    +3.22 V  (min =  +3.00 V, max =  +3.60 V)
12.0V supply:                  +12.14 V  (min = +11.04 V, max = +12.96 V)
0.9V supply (ext. ADC):         +1.03 V  (min =  +0.50 V, max =  +1.10 V)
                                         (crit max =  +1.15 V)
0.9V phase A supply:                N/A
PHY overcurrent:                    N/A
ERROR: Can't get value of subfeature temp1_alarm: Can't read
PHY temp.:                          N/A
AOE FPGA temp.:                 +68.0°C  (low  =  +0.0°C, high = +95.0°C)
                                         (crit = +105.0°C)
Ambient temp.:                  +56.0°C  (low  =  +0.0°C, high = +75.0°C)
                                         (crit = +85.0°C)
Controller die (TDIODE) temp.:  +77.0°C  (low  =  +0.0°C, high = +95.0°C)
                                         (crit = +105.0°C)
Board front temp.:              +59.0°C  (low  =  +0.0°C, high = +75.0°C)
                                         (crit = +85.0°C)
Board back temp.:               +62.0°C  (low  =  +0.0°C, high = +75.0°C)
                                         (crit = +85.0°C)
1.2V supply current:                N/A
0.9V phase A supply current:        N/A
3.3V supply current:                N/A
12V supply current:                 N/A

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-11-12 18:19:44 +01:00
Brett Mastbergen
df8e4906f7 netfilter: Add queue support for nftables
This change adds the configuration option to build and include
the nft_queue kernel module, which allows traffic to be queued up
to userspace from an nftables rule

Tested-by: Sébastien Delafond sdelafond@gmail.com
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
2020-11-12 18:19:44 +01:00
Huangbin Zhan
86917e4979 rpcd: remove file when applied
Make sure exit value of this script is zero. Or the file won't be deleted.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-11-12 18:19:44 +01:00
Jianhui Zhao
8d7a6d48eb ca-certificates: canonical the build dir
The previous build directory "build_dir/target-xx/work/"
contaminated the entire build directory.

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
2020-11-12 18:19:44 +01:00
Bruno Randolf
7185c5ec7d busybox: Let procd respawn cron
On some systems I see the issue that crond dies after a few days.
Simply letting procd respawn the process is a simple safety-net.

Signed-off-by: Bruno Randolf <br1@einfach.org>
2020-11-12 18:19:44 +01:00
Antonis Kanouras
cb8c94f516 uboot-envtools: support Xiaomi Mi Router 3G v2/4A Gigabit
Add support for the following devices:

- Xiaomi Mi Wi-Fi Router 3G v2
- Xiaomi Mi Router 4A Gigabit Edition

Signed-off-by: Antonis Kanouras <antonis@metadosis.eu>
[add explicit case for 4A, bump PKG_RELEASE,
improve commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-11-12 17:18:26 +01:00
Yangbo Lu
01aa24f985 layerscape: make restool depend on TARGET_layerscape_armv8_64b
The restool is for Layerscape DPAA2 platforms which are
ARMv8 platforms.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-11-12 17:18:26 +01:00
Jason A. Donenfeld
a0df35e89c wireguard: bump to 1.0.20201112
* noise: take lock when removing handshake entry from table

This is a defense in depth patch backported from upstream to account for any
future issues with list node lifecycles.

* netns: check that route_me_harder packets use the right sk

A test for an issue that goes back to before Linux's git history began. I've
fixed this upstream, but it doesn't look possible to put it into the compat
layer, as it's a core networking problem. But we still test for it in the
netns test and warn on broken kernels.

* qemu: drop build support for rhel 8.2

We now test 8.3+.

* compat: SYM_FUNC_{START,END} were backported to 5.4
* qemu: bump default testing version

The real motivation for this version bump: 5.4.76 made a change that broke our
compat layer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-11-12 13:28:38 +01:00
Felix Fietkau
128ef379ae libnl-tiny: update to the latest version
2584ebc642b2 libnl-tiny: install pkgconfig file
c291088f631d unl: add support for connecting to rtnl

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:26:03 +01:00
Felix Fietkau
0bb5d39b7a mac80211: add minstrel fixes that fix mt76 issues in legacy mode
Remove deferred sampling code which does not work well with rate tables +
probing.
Fix tx status handling if the first invalid rate idx is not set to -1

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:24:42 +01:00
Felix Fietkau
bf3158b620 mac80211: backport the new tasklet API
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:24:42 +01:00
Felix Fietkau
a0be58576c netifd: update to the latest version
3023b0cc7352 bridge: add support for defining port member vlans via hotplug ops
a3016c451248 vlan: add pass-through hotplug ops that pass the VLAN info to the bridge
d59f3ddcbaf0 vlandev: add pass-through hotplug ops that pass the VLAN info to the bridge
dd5e61153636 bridge: show vlans in device status
a56e14afa612 bridge: preserve hotplug ports on vlan update if config is unchanged
d1e8884f8911 bridge: fix use-after-free bug on bridge member free
3a2b21001c3c system-dummy: set present state only for simple devices
ed11f0c0ffe4 bridge: only overwrite implicit vlan assignment if vlans are configured

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-11-12 11:24:42 +01:00
Aleksandr Mezin
acb336235c dnsmasq: 'ipset' config sections
Allow configuring ipsets with dedicated config sections:

    config ipset
        list name 'ss_rules_dst_forward'
        list name 'ss_rules6_dst_forward'
        list domain 't.me'
        list domain 'telegram.org'

instead of current, rather inconvenient syntax:

    config dnsmasq
        ...
        list ipset '/t.me/telegram.org/ss_rules_dst_forward,ss_rules6_dst_forward'

Current syntax will still continue to work though.

With this change, a LuCI GUI for DNS ipsets should be easy to implement.

Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-11-11 20:47:34 +01:00
Yousong Zhou
600bcaf9c9 base-files: bump PKG_RELEASE
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
00fb51f97e base-files: upgrade: stage2: use v for log lines
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
128bb4e8d3 base-files: upgrade: fwtool.sh: rewording logs
The intent is to make it sound more like info level message, not some
error like "404 not found".  x86 target at the moment makes image with
only signature but no metadata (ref commit f8141216 "x86: append
metadata to combined images").

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Reviewed-By: Philip Prindeville <philipp@redfish-solutions.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
856b288d27 base-files: upgrade: fwtool.sh: use v for log lines
This will have at least the following effects

 - Log lines will have common prefix
 - They will be output to stderr instead of stdout

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
50b870ee3c base-files: upgrade: add get_image_dd()
This is mainly to handle stderr message "Broken pipe", "F+P records
in/out" by common pattern "xcat | dd .."

Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3140
Reported-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Reviewed-By: Philip Prindeville <philipp@redfish-solutions.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
bd21e4a936 base-files: upgrade: use stdin redirection to replace cat command
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
7863c33cea base-files: upgrade: add vn and variants
To be used with in the following pattern

  vn "Remaining: "
  for p in $xx; do
    _vn "$p"
  done
  _v

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Yousong Zhou
826bb13742 base-files: upgrade: log with date prefix
And log to stderr

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2020-11-11 21:29:55 +08:00
Jan Pavlinec
a86c0d97b5 dnsmasq: explictly set ednspacket_max value
This is related to DNS Flag Day 2020. It sets default
ends buffer size value to 1232.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-11-09 20:44:46 +01:00
W. Michael Petullo
9eb9943f82 refpolicy: add variant that builds modular policy
This adds a variant of refpolicy that builds the modular form of the
policy. While this requires more memory on the target device, along with
some tricks to deal with OpenWrt's volatile /var directory, it is useful
for experiementing with SELinux policy.

Signed-off-by: W. Michael Petullo <mike@flyn.org>
2020-11-09 13:06:19 +00:00
Paul Spooren
753309c7dd uhttpd: use P-256 for certs
The uhttpd package takes care of creating self-signed certificates if
px5g is installed. This improves the security of router management as it
encrypts the LuCI connection.

The EC P-256 curve is faster than RSA which which improves the user
experience on embedded devices. EC P-256 is support for as old devices
as Android 4.4.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-09 10:54:29 +00:00
Rui Salvaterra
682843adad hostapd: add a hostapd-basic-wolfssl variant
If only AP mode is needed, this is currently the most space-efficient way to
provide support for WPA{2,3}-PSK, 802.11w and 802.11r.

openwrt-ath79-generic-ubnt_nanostation-loco-m-squashfs-sysupgrade.bin sizes:

4719426 bytes (with wpad-basic-wolfssl)
4457282 bytes (with hostapd-basic-wolfssl)

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-11-08 20:25:59 +00:00
Daniel Golle
9867d08e07 procd: bump to git HEAD
b0de894 jail: fix capabilities

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-07 06:03:49 +00:00
Daniel Golle
c8a81ada58 procd: bump to git HEAD
2f381fe jail: guard boolean blobmsg attributes
 602b8fa jail: add option for pidfile
 bba6de7 jail: handle mount propagation flags
 6963d50 jail: relax seccomp unknown syscall handling
 e1fcfdc jail: add support for absolute root path in OCI spec
 257f29b jail: don't fail if maskedPath cannot be found
 75f2374 uxc: mimic runc cmdline by using getopt_long

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-05 02:17:25 +00:00
Daniel Golle
4a976beff4 gdb: fix building with NLS enabled
Building gdb failed with CONFIG_BUILD_NLS enabled. Use nls.mk and
add the necessary dependencies for libintl and libiconv.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-05 00:55:37 +00:00
Rafał Dzięgiel
ed2491ba67 mac80211: ath9k: enable OEM cards support on x86
A lot of devices running OpenWrt x86 arch (32 or 64 bit) are either
"home-made routers" or devices that use PC class OEM components.

This commit enables OEM cards support on those devices by default.

Signed-off-by: Rafał Dzięgiel <rafostar.github@gmail.com>
[reformat commit message]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-11-04 23:58:50 +01:00
John Crispin
229623e310 mediatek: update uboot to latest patchset provided by MTK
MTK sent us their latest version of the staging uboot. Lets merge the patches.

Signed-off-by: John Crispin <john@phrozen.org>
2020-11-04 20:32:52 +01:00
John Crispin
be09c5a3cd base-files: add board.d support for bridge device
Latest netifd allows us to setup network bridges with implicit vlan
tagging. For this to work, we need to setup several additional uci
sections. This feature is particularly usefull for DSA tupe devices.
Add board.d and uci-defaults support for generating the sections.

Signed-off-by: John Crispin <john@phrozen.org>
2020-11-04 07:36:49 +01:00
Daniel Golle
08d90a75f9 opkg: clean up and fix performance regression
da9746a libopkg: clean up handling of unresolved dependencies

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-11-03 04:43:19 +00:00
Daniel Golle
f5c5a8abd2 opkg: fix yet another dependency resolution bug
The previous fix of a fix caused yet another problem leading to
`opkg show-upgradable` ending up in an infinite loop.
Fix that.

Fixes: 4a2b1ff7fb ("opkg: fix dependency resolution")
Reported-by: Huangbin Zhan <zhanhb88@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-02 23:31:50 +00:00
Daniel Golle
4a2b1ff7fb opkg: fix dependency resolution
The previous commit broke opkg in a way that it would no longer
include dependencies when installing a package, effectively leading
to broken images and unusable systems.
Fix that by making sure dependencies are still going to be checked.
Also reduce size of struct abstract_pkg as suggested by @jow- while at
it.

Fixes: 1445d333aa ("opkg: bump to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-11-02 20:51:30 +00:00
Florian Eckert
0232bf601d zram-swap: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
42675aa30c dropbear: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
ba9b8da466 ltq-vdsl-app: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
00e87255f2 ltq-adsl-app: use new extra_command wrapper
Use new `extra_command` wrapper to fix the alignement.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
Florian Eckert
1a69f50dc6 base-files: fix rc.common help alignment
This commit introduces a new function `extra_command` to better format
the help text without having to calculate the indentation in every startup
script that wants to add a new command. So far it looks weird and is not
formatted correctly on some startup scripts.

After using the new `extra_command` wrapper the alignement looks correctly.

And if the indentation is not sufficient in the future, this can be
changed in the function extra_command at a central location.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-11-02 21:32:38 +01:00
John Audia
e48aac89a2 linux-firmware: update to 20201022
git log --pretty=oneline --abbrev-commit 20200918..20201022
dae4b4c (HEAD -> main, tag: 20201022, origin/master, origin/main, origin/HEAD) Merge branch 'v1.1.5' of https://github.com/irui-wang/linux_fw_vpu_v1.1.5 into main
04f71fe cypress: add Cypress firmware and clm_blob files
4d0755b Merge https://github.com/shahasit/bt-linux-firmware into main
2a262bb Merge https://github.com/shahasit/video-linux-firmware into main
c024640 Merge tag 'iwlwifi-fw-2020-10-14' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware into main
09e8cff rtl_bt: Update RTL8821C BT FW to 0xAA6C_A99E
d7904d5 ath10k: add SDIO firmware for QCA9377 WiFi
ecdc272 Merge branch 'dg1_dmc_v2_02' of git://anongit.freedesktop.org/drm/drm-firmware into main
c86361d ice: update package file to 1.3.16.0
76ceac8 mediatek: separate venc service thread
8877322 QCA : Updated firmware file for WCN3991
4f41e9d iwlwifi: update and add new FWs from core56-54 release
346057d iwlwifi: update 3168, 7265D, 8000C and 8265 firmwares
a140ef3 i915: Add DG1 DMC v2.02
a09b728 qcom : updated venus firmware files for v5.4
58d41d0 ice: Add comms package file for Intel E800 series driver
c1bef9e copy-firmware: Always write Link: entries
b95e230 Merge commit 'ad1da95d52f1a9206da3ef52f3484f3b89ec6615' of https://github.com/shahasit/linux-firmware-bt into main
0b884ec amdgpu: update vega20 firmware for 20.40
bca0233 amdgpu: update vega12 firmware for 20.40
8652e02 amdgpu: update vega10 firmware for 20.40
9f46d48 amdgpu: update renoir firmware for 20.40
e667605 amdgpu: update raven2 firmware for 20.40
a487f2f amdgpu: update raven firmware for 20.40
aa7b732 amdgpu: update picasso firmware for 20.40
a18981e amdgpu: update navi14 firmware for 20.40
1696e2e amdgpu: update navi12 firmware for 20.40
6b8a6ea amdgpu: update navi10 firmware for 20.40
5b30b38 linux-firmware: Add new VPDMA firmware 1b8.bin
ad1da95 QCA : Updated firmware files for WCN3991
b78a66c linux-firmware: Update firmware for Cadence MHDP8546 DP bridge
afbfb5f linux-firmware: Update firmware patch for Intel Bluetooth 7265 (D1)
a38b8ed Mellanox: Add new mlxsw_spectrum firmware xx.2008.1312
1487a8a linux-firmware: nvidia: move firmware symlinks to WHENCE
bdd5617 linux-firmware: move i915 firmware symlinks to WHENCE
ab69b57 linux-firmware: move iwlwifi-7265D-10.ucode symlink to WHENCE
49c4ff5 Merge branch 'mrvl-prestera' of https://github.com/PLVision/linux-firmware into main
7a02212 linux-firmware: Update Marvell Switchdev firmware with ABI changes

Signed-off-by: John Audia <graysky@archlinux.us>
2020-11-01 20:54:37 +01:00
Hauke Mehrtens
ffee6bb471 gdb: Disable tests
We do not use the tests or ubsan in our gdb package.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-01 20:54:37 +01:00
Hauke Mehrtens
8698a727dd gdb: Always use system zlib
Instead of using the system zlib when the package is selected and using
the internal zlib if it is not selected in OpenWrt, just activate it
always. This should make the package more deterministic.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-01 20:54:37 +01:00
Hauke Mehrtens
f1f0ed869a gdb: Update to version 10.1
gdb 10.1 adds many new features for example gdbserver support for
  - ARC GNU/Linux
  - RISC-V GNU/Linux

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-11-01 20:54:37 +01:00
Hans Dedecker
cafa3dc7c7 odhcpd: fix compile problem on 64-bit systems
735c783 dhcpv6: fix size_t fields in syslog format

Fixes 5cdc65f6d1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-11-01 20:44:54 +01:00
Hans Dedecker
5cdc65f6d1 odhcpd: update to latest git HEAD
5700919 dhcpv6: add explicit dhcpv4o6 server address
e4f4e62 dhcpv6: add DHCPv4-over-DHCPv6 support
aff290b dhcpv6: check message type
2677fa1 router: fix advertisement interval option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-10-31 21:27:47 +01:00
Rui Salvaterra
f8c88a8775 hostapd: enable OWE for the basic-{openssl, wolfssl} variants
Opportunistic Wireless Encryption is needed to create/access encrypted networks
which don't require authentication.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-10-31 13:02:28 +00:00
Daniel Golle
237f708b3c libselinux: remove dependency on musl-fts for non-musl builds
Suggested-by: Curtis Deptuck <curtdept@users.noreply.github.com>
Tested-by: Curtis Deptuck <curtdept@users.noreply.github.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-31 00:49:43 +00:00
Adrian Schmutzler
ac5671f46c kernel: remove obsolete kernel version switches for 4.19
This removes switches dependent on kernel version 4.19 as well as
several packages/modules selected only for that version.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-10-30 19:44:41 +01:00
Daniel Golle
499924adf0 Revert "kmod-nft-reject: Fix for "nft_reject_ipv4.ko missing" warning"
This reverts commit 7f94e2afcf.

Package kmod-nft-core is missing dependencies for the following libraries:
nft_reject.ko

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-30 01:39:01 +00:00
Philip Prindeville
7f94e2afcf kmod-nft-reject: Fix for "nft_reject_ipv4.ko missing" warning
Seeing the following:

    ERROR: module '/home/philipp/lede/build_dir/target-x86_64_musl/linux-x86_64/linux-5.4.33/net/ipv4/netfilter/nft_reject_ipv4.ko' is missing.
    modules/netfilter.mk:1068: recipe for target '/home/philipp/lede/bin/targets/x86/64/packages/kmod-nft-core_5.4.33-1_x86_64.ipk' failed
    make[3]: *** [/home/philipp/lede/bin/targets/x86/64/packages/kmod-nft-core_5.4.33-1_x86_64.ipk] Error 1

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-10-30 00:39:09 +00:00
Daniel Golle
c3a4cddaaf hostapd: remove hostapd-hs20 variant
Hotspot 2.0 AP features have been made available in the -full variants
of hostapd and wpad. Hence we no longer need a seperate package for
that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-30 00:39:09 +00:00
Rui Salvaterra
10e73b1e9e hostapd: add {hostapd,wpad}-basic-openssl variants
Add OpenSSL-linked basic variants (which provides WPA-PSK only, 802.11r and
802.11w) of both hostapd and wpad. For people who don't need the full hostapd
but are stuck with libopenssl for other reasons, this saves space by avoiding
the need of an additional library (or a larger hostapd with built-in crypto).

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-10-30 00:39:09 +00:00
Daniel Golle
1445d333aa opkg: bump to git HEAD
8769c75 pkg_hash: don't suggest incompatible packages

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-30 00:39:09 +00:00
David Bauer
9f1927173a hostapd: wpas: add missing config symbols
This adds missing config symbols for interworking as well as Hotspot 2.0
to the wpa_supplicant-full configuration.

These symbols were added to the hostapd-full configuration prior to this
commit. Without adding them to the wpa_supplicant configuration,
building of wpad-full fails.

Thanks to Rene for reaching out on IRC.

Fixes: commit be9694aaa2 ("hostapd: add UCI support for Hotspot 2.0")
Fixes: commit 838b412cb5 ("hostapd: add interworking support")
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 03:25:25 +01:00
Daniel Golle
256fa157a9 dnsmasq: install /etc/hotplug.d/ntp/25-dnsmasqsec world-readable
/etc/hotplug.d/ntp/25-dnsmasqsec is being sourced by /sbin/hotplug-call
running as ntpd user. For that to work the file needs to be readable by
that user.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-10-28 02:01:04 +00:00
Sven Eckelmann
7ca9b82c38 mac80211: Fix wpa_supplicant config removal ubus call
If mac80211_setup_supplicant() is called with enabled=0 then it should just
destroy the interface and remove the configuration from wpa_supplicant. But
the ubus method call always returned

  Command failed: Method not found

because the actual name of the method is "config_remove".

Fixes: b5516603dd ("mac80211: more wifi reconf related fixes")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:11:12 +01:00
David Bauer
83d40aef13 hostapd: bump PKG_RELEASE
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:09:34 +01:00
David Bauer
838b412cb5 hostapd: add interworking support
This adds configuration options to enable interworking for hostapd.
All options require iw_enabled to be set to 1 for a given VAP.

All IEEE802.11u related settings are supported with exception of the
venue information which will be added as separate UCI sections at a
later point.

The options use the same name as the ones from the hostapd.conf file
with a "iw_" prefix added.

All UCI configuration options are passed without further modifications
to hostapd with exceptions of the following options, whose elements can
be provided using UCI lis elements:

 - iw_roaming_consortium
 - iw_anqp_elem
 - iw_nai_realm
 - iw_domain_name
 - iw_anqp_3gpp_cell_net

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:09:04 +01:00
David Bauer
cc80cf53c5 hostapd: add FTM responder support
This adds support for enabling the FTM responder flag for the APs
extended capabilities. On supported hardware, enabling the ftm_responder
config key for a given AP will enable the FTM responder bit.

FTM support itself is unconditionally implemented in the devices
firmware (ath10k 2nd generation with 3.2.1.1 firmware). There's
currently no softmac implementation.

Also allow to configure LCI and civic location information which can be
transmitted to a FTM initiator.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:56 +01:00
David Bauer
daeda8a87e mac80211: pass phy name to hostapd_set_bss_options
hostapd_set_bss_options expects the PHY as second and the VIF as third
argument. However, only the VIF was passed as second argument without a
third argument at all.

This was never a problem, as both PHY and VIF were never accessed.
However, with FTM support the PHY is needed to determine the HW support
when configuring the BSS.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:49 +01:00
David Bauer
b518f07d4b hostapd: remove ieee80211v option
Remove the ieee80211v option. It previously was required to be enabled
in order to use time_advertisement, time_zone, wnm_sleep_mode and
bss_transition, however it didn't enable any of these options by default.

Remove it, as configuring these options independently is enough.

This change does not influence the behavior of any already configured
setting.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:29 +01:00
David Bauer
e66bd0eb04 hostapd: make rrm report independent of ieee80211k setting
Allow to configure both RRM beacon as well as neighbor reports
independently and only enable them by default in case the ieee80211k
config option is set.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-10-28 00:08:22 +01:00
Petr Štetiar
43fe0bd18d uci: fix package mirror hash
I've forget to update PKG_MIRROR_HASH in my previous package version
bump.

Fixes: 095cc2b745 ("uci: update to version 2020-10-06")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-10-27 22:58:27 +01:00
Petr Štetiar
f9005d4f80 umdns: update to version 2020-10-26
59e4fc98162d cache: cache_answer: fix off by one
4cece9cc7db4 cache: cache_record_find: fix buffer overflow
be687257ee0b cmake: tests: provide umdns-san binary
bf01f2dd0089 tests: add dns_handle_packet_file tool
134afc728846 tests: add libFuzzer based fuzzing
de08a2c71ca8 cmake: create static library
cdc18fbb3ea8 interface: fix possible null pointer dereference
1fa034c65cb6 interface: fix value stored to 'fd' is never read
3a67ebe3fc66 Add initial GitLab CI support
50caea125517 cmake: fix include dirs and libs lookup

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-10-27 22:51:59 +01:00
Petr Štetiar
095cc2b745 uci: update to version 2020-10-06
52bbc99f69ea Replace malloc() + memset() with calloc()
3fbd6c923434 ucimap: Check return of malloc()
eae126f66663 file: Check buffer size after strtok()
7f574273180a file: use size_t for position and pointer
19770b6949b9 file: use dynamic memory allocation for tempfile name
aa46546794ac file: uci_file_commit: fix memory leak
671c7554bfde uci: silence UBSAN error by using offsetof macro from compiler
ea5bbd57d0e1 tests: cram: add uci import testing on fuzzer corpus
31f78bfbf75f cmake: add uci-san cli built with clang sanitizers
a3e650911f5e file: uci_parse_package: fix heap use after free
9bd361ca3236 tests: add libFuzzer based fuzzing

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-10-27 22:51:59 +01:00
Joel Johnson
d7db32440f dnsmasq: include IPv6 local nameserver entry
For IPv6 native connections when using IPv6 DNS lookups, there is no
valid default resolver if ignoring WAN DHCP provided nameservers.

This uses a runtime check to determine if IPv6 is supported on the host.

Signed-off-by: Joel Johnson <mrjoel@lixil.net>
2020-10-26 18:51:35 +01:00