Commit Graph

16466 Commits

Author SHA1 Message Date
Hans Dedecker
f6e07c8284 uci: update to version 2020-01-27
e8d8373 file: fix segfault in uci_parse_option
aa5e77a file: fix segfault in uci_parse_config

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-02 18:59:43 +01:00
Daniel Golle
2699ccd084 kernel: hwmon: package mcp3021 module
Package kernel module for Linear Technology MCP3021/3221 I2C connected
current and voltage monitor chips.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-02-02 17:49:20 +02:00
Álvaro Fernández Rojas
ffbb8ed5a2 cypress-firmware: update to v4.14.77-2020_0115
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-02-01 10:59:51 +01:00
Kevin Darbyshire-Bryant
e481df07fa iptables: set-dscpmark follow upstreamimg attempt
I'm having another attempt at trying to getting the 'store dscp into
conntrack connmark' functionality into upstream kernel, since the
restore function (act_ctinfo) has been accepted.

The syntax has changed from 'savedscp' to 'set-dscpmark' since that
conforms more closely with existing functionality.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-01-31 20:21:43 +00:00
Jo-Philipp Wich
c69c20c667 opkg: update to latest Git HEAD
80d161e opkg: Fix -Wformat-overflow warning
c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums

Fixes: CVE-2020-7982
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-29 17:00:53 +01:00
Felix Fietkau
b3e86cbb4f hostapd: add back support for passing CSA events from sta/mesh to AP interfaces
Fixes handling CSA when using AP+STA or AP+Mesh
This change was accidentally dropped in commit 167028b75
("hostapd: Update to version 2.9 (2019-08-08)")

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-29 12:25:10 +01:00
Felix Fietkau
ea5078014d mac80211: backport airtime queue limits support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-29 12:24:57 +01:00
Felix Fietkau
e0ab33ea49 mac80211: backport fix for an no-ack tx status issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-29 12:24:57 +01:00
Jason A. Donenfeld
c2859bf126 wireguard: bump to 0.0.20200128
This fixes a few small oversights for the 5.5 compat layer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-28 22:33:40 +01:00
Felix Fietkau
03e9e4ba9e hostapd: unconditionally enable ap/mesh for wpa-cli
Without this change, wpa-cli features depend on which wpad build variant was
used to build the wpa-cli package

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-28 14:38:43 +01:00
Adrian Schmutzler
9e0aab44b6 kernel: use older kernel for explicitly setting dependencies
It is generally more desirable to use older kernel versions for
dependencies, as this will require less changes when newer kernels
are added (they will by default select the newer packages).

Since we currently only have two kernels (4.14 and 4.19) in master,
this patch applies this logic by converting all LINUX_4_19 symbols
to their inverted LINUX_4_14 equivalents.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-26 22:07:48 +01:00
Sven Roederer
3519bf4976 hostapd: remove some bashisms
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
[remove shebang, slightly facelift commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-26 22:03:00 +01:00
Sven Roederer
bad59fd51b 6in4/6in4.sh: remove some bashism (usage of [[)
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-01-26 22:02:51 +01:00
Sven Roederer
bc357aaa2b netifd/config.sh: remove some bashism (usage of [[)
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-01-26 22:02:39 +01:00
Sven Roederer
0fecc997f8 base-files: remove some bashisms
"[[" is a bash extension for test. As the ash-implementation is
not fully compatible we drop its usage.
Also change to "=" for simple test, which is sufficient. (see d6ac8ca76c)

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
[split patch, removed shebang]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-26 21:51:24 +01:00
Martin Schiller
996f02e5ba lantiq: ltq-ptm: vr9: fix skb handling in ptm_hard_start_xmit()
Call skb_orphan(skb) to call the owner's destructor function and make
the skb unowned.

This is necessary to prevent sk_wmem_alloc of a socket from overflowing,
which leads to ENOBUFS errors on application level.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2020-01-26 18:38:17 +01:00
Magnus Kroken
6e96fd9047 mbedtls: update to 2.16.4
Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA.

Release announcement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released

Security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12

Fixes:
 * CVE-2019-18222: Side channel attack on ECDSA

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-01-26 15:07:59 +01:00
Christian Lamparter
a59f1ec30f ipq-wifi: drop deprecated .bin support
This patch converts the Qxwlan E2600AC image away from
the deprecated .bin file and to the new .qca4019 method.

As a result, we no longer need to carry around the
legacy support for handling .bin files.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-26 01:20:46 +01:00
Yen-Ting-Shen
51f3035978 ipq40xx: add support for EnGenius EMD1
SOC:     IPQ4018 / QCA Dakota
CPU:     Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:    256 MiB
NOR:     32 MiB
ETH:     Qualcomm Atheros QCA8072 (1 port)
WLAN1:   Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:   Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:   RESET Button
LEDS:    White, Blue, Red, Orange

Flash instruction:

From EnGenius firmware to OpenWrt firmware:

In Firmware Upgrade page, upgrade your openwrt-ipq40xx-generic-engenius_emd1-squashfs-factory.bin directly.

From OpenWrt firmware to EnGenius firmware:

1. Setup a TFTP server on your computer and configure static IP to 192.168.99.8
   Put the EnGenius firmware in the TFTP server directory on your computer.
2. Power up EMD1. Press 4 and then press any key to enter u-boot.
3. Download EnGenius firmware
   (IPQ40xx) # tftpboot 0x84000000 openwrt-ipq40xx-emd1-nor-fw-s.img
4. Flash the firmware
   (IPQ40xx) # imgaddr=0x84000000 && source 0x84000000:script
5. Reboot
   (IPQ40xx) # reset

Signed-off-by: Yen-Ting-Shen <frank.shen@senao.com>
[removed BOARD_NAME]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-26 01:20:45 +01:00
Fredrik Olofsson
52b8c7a892 ipq40xx: Add support for D-Link DAP-2610
Specifications
==============
- SOC: IPQ4018
- RAM: DDR3 256MB
- Flash: SPI NOR 16MB
- WiFi:
    - 2.4GHz: IPQ4018, 2x2, front end SKY85303-11
    - 5GHz: IPQ4018, 2x2, front end SKY85717-21
- Ethernet: 1x 10/100/1000Mbps, POE 802.3af
- PHY: QCA8072
- UART: GND, blocked, 3.3V, RX, TX / 115200 8N1
- LED: 1x red / green
- Button: 1x reset / factory default
- U-Boot bootloader with tftp and "emergency web server" accessible
  using serial port.

Installation
============
Flash factory image from D-Link web UI. Constraints in the D-Link web UI
makes the factory image unnecessarily large. Flash again using
sysupgrade from inside OpenWrt to reclaim some flash space.

Return to stock D-Link firmware
===============================
Partition layout is preserved, and it is possible to return to the stock
firmware simply by downloading it from D-Link and writing it to the
firmware partition.

    # mtd -r write dap2610-firmware.bin firmware

Quirks
======
To be flashable from the D-Link http server, the firmware must be larger
then 6MB, and the size in the firmware header must match the actual file
size. Also, the boot loader verifies the checksum of the firmware before
each boot, thus the jffs2 must be after the checksum covered part. This
is solved in the factory image by having the rootfs at the very end of
the image (without pad-rootfs).

The sysupgrade image which does not have to be flashable from the D-Link
web UI may be smaller, and the checksum in the firmware header only
covers the kernel part of the image.

Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
[added WRGG Variables to DEVICE_VARS, squashed spi pinconf/mux,
added emd1's gmac0 config,fix dtc warnings]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-26 01:20:45 +01:00
Jason A. Donenfeld
4576a753f2 wireguard-tools: bump to 1.0.20200121
* Makefile: remove pwd from compile output
* Makefile: add standard 'all' target
* Makefile: evaluate git version lazily

Quality of life improvements for packagers.

* ipc: simplify inflatable buffer and add fuzzer
* fuzz: add generic command argument fuzzer
* fuzz: add set and setconf fuzzers

More fuzzers and a slicker string list implementation. These fuzzers now find
themselves configuring wireguard interfaces from scratch after several million
mutations, which is fun to watch.

* netlink: make sure to clear return value when trying again

Prior, if a dump was interrupted by a concurrent set operation, we'd try
again, but forget to reset an error flag, so we'd keep trying again forever.
Now we do the right thing and succeed when we succeed.

* Makefile: sort inputs to linker so that build is reproducible

Earlier versions of make(1) passed GLOB_NOSORT to glob(3), resulting in the
linker receiving its inputs in a filesystem-dependent order. This screwed up
reproducible builds.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-24 08:21:04 +01:00
Jason A. Donenfeld
ec13b34118 wireguard: bump to 0.0.20200121
* Makefile: strip prefixed v from version.h

This fixes a mistake in dmesg output and when parsing the sysfs entry in the
filesystem.

* device: skb_list_walk_safe moved upstream

This is a 5.6 change, which we won't support here, but it does make the code
cleaner, so we make this change to keep things in sync.

* curve25519: x86_64: replace with formally verified implementation

This comes from INRIA's HACL*/Vale. It implements the same algorithm and
implementation strategy as the code it replaces, only this code has been
formally verified, sans the base point multiplication, which uses code
similar to prior, only it uses the formally verified field arithmetic
alongside reproducable ladder generation steps. This doesn't have a
pure-bmi2 version, which means haswell no longer benefits, but the
increased (doubled) code complexity is not worth it for a single
generation of chips that's already old.

Performance-wise, this is around 1% slower on older microarchitectures,
and slightly faster on newer microarchitectures, mainly 10nm ones or
backports of 10nm to 14nm. This implementation is "everest" below:

Xeon E5-2680 v4 (Broadwell)

armfazh: 133340 cycles per call
everest: 133436 cycles per call

Xeon Gold 5120 (Sky Lake Server)

armfazh: 112636 cycles per call
everest: 113906 cycles per call

Core i5-6300U (Sky Lake Client)

armfazh: 116810 cycles per call
everest: 117916 cycles per call

Core i7-7600U (Kaby Lake)

armfazh: 119523 cycles per call
everest: 119040 cycles per call

Core i7-8750H (Coffee Lake)

armfazh: 113914 cycles per call
everest: 113650 cycles per call

Core i9-9880H (Coffee Lake Refresh)

armfazh: 112616 cycles per call
everest: 114082 cycles per call

Core i3-8121U (Cannon Lake)

armfazh: 113202 cycles per call
everest: 111382 cycles per call

Core i7-8265U (Whiskey Lake)

armfazh: 127307 cycles per call
everest: 127697 cycles per call

Core i7-8550U (Kaby Lake Refresh)

armfazh: 127522 cycles per call
everest: 127083 cycles per call

Xeon Platinum 8275CL (Cascade Lake)

armfazh: 114380 cycles per call
everest: 114656 cycles per call

Achieving these kind of results with formally verified code is quite
remarkable, especialy considering that performance is favorable for
newer chips.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-24 08:21:04 +01:00
DENG Qingfang
2d758129ca ath10k-firmware: fix mirror hash
Fix PKG_MIRROR_HASH hash mismatch.

Fixes: 641a93f0f2 ("ath10k-firmware: update wave 1 firmware to 10.2.4-1.0-00047")
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-24 08:21:04 +01:00
Petr Štetiar
76bbe4b960 procd: update to version 2020-01-24
00aafc4f439e procd: show process's exit code
856b5f8be046 state: fix reboot causing shutdown inside LXC container
b44417c20c7f instance: provide error feedback if ujail binary is missing

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-24 08:21:04 +01:00
Roger Pueyo Centelles
7d39946ea0 rbextract: support devices directly showing ERD magic
Older ath79-based MikroTik devices have the ERD calibration data
compressed and stored different to newer IPQ40xx ones. This commit
adds support for these former ones.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-23 15:28:03 +01:00
Roger Pueyo Centelles
ba730d61af rbextract: add package
This utility extracts the radio calibration data, as well as other
board-related information (model, serial number, etc.), from MikroTik
Routerboard devices' flash.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-23 15:28:02 +01:00
Roger Pueyo Centelles
51526bcf1e rbcfg: make package available for ath79
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2020-01-23 15:28:02 +01:00
Felix Fietkau
c07f6e8659 hostapd: fix faulty WMM IE parameters with ETSI regulatory domains
hostapd sets minimum values for CWmin/CWmax/AIFS and maximum for TXOP.
The code for applying those values had a few bugs leading to bogus values,
which caused significant latency and packet loss.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-23 14:53:13 +01:00
Kimmo Vuorinen
a8723c48ad uboot-envtools: ath79: add support for glinet,gl-ar150
Add ubootenv uci config for GL.inet GL-AR150

Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-23 14:08:24 +01:00
Kimmo Vuorinen
dc6dfaac80 uboot-envtools: ar71xx: add support for gl-ar150/-domino/-mifi
Add ubootenv uci config for gl-ar150, gl-domino and gl-mifi

Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
[commit message/title facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-23 14:04:50 +01:00
Daniel Golle
3d6c571083 mac80211: add support for wds_bridge hostapd feature
hostapd allows putting WDS (4addr mode) clients into a separate bridge
other than the bridge regular (3addr mode) clients end up in. This is
useful for example giving WDS clients access to several VLANs
(trunking) while regular clients will end up inside a specific VLAN.

Add 'wds_bridge' config parameter for wifi-iface which contains the
name of the bridge. hostapd-mini already supports this feature, so all
needed is to add the UCI wrapping in mac80211.sh.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-22 14:22:17 +02:00
Russell King
a1358fc7ae kernel: add SFP support for Methode DM7052 NBASE-T module
Add support for Methode DM7052 NBASE-T module to OpenWRT. These
patches are taken from my "phy" branch, and will be sent for the
next kernel merge window.

Signed-off-by: Russell King <linux@armlinux.org.uk>
[jonas.gorski: move patches to pending, refresh patches]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2020-01-21 22:32:48 +01:00
Jan Pavlinec
2982997f1b curl: update to version 7.68.0 (security fix)
Fixes
CVE-2019-15601

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-01-21 22:17:53 +01:00
Petr Štetiar
0f81a0979c fstools: update to version 2020-01-21
deb745f82b93 Revert "fstools: Add support to read-only MTD partitions (eg. recovery images)"

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-21 17:25:56 +01:00
Petr Štetiar
3d8edd9bb4 urngd: update to version 2020-01-21
c7f7b6b65b82 Tag version 1.0.2
236b7a0aef21 Fix blocked entropy generation

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-21 17:16:01 +01:00
Daniel Golle
97a03a4760 procd: update to latest git HEAD
58c12f7 jail: add basic support for network namespaces
 ba69639 jail: create resolv.conf symlink for netns jails
 81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/

Add new 'netns' flag for procd_add_jail to make ujail setup a new
network namespace for the jailed service.
See previous netifd commit for example configuration for netns jailed
service.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-21 12:52:12 +02:00
Daniel Golle
e4ce8f59f5 netifd: add basic support for jail network namespaces
Prepare netifd for handling procd service jails having their own
network namespace.
Intefaces having the jail attribute will only be brought up inside the
jail's network namespace by procd calling the newly introduced ubus
method 'netns_updown'.
Currently proto 'static' is supported and configuration changes are
not yet being handled (ie. you'll have to restart the jailed service
for changes to take effect).

Example /etc/config/network snippet:
config device 'veth0'
    option type 'veth'
    option name 'vhost0'
    option peer_name 'virt0'

config interface 'virt'
    option type 'bridge'
    list ifname 'vhost0'
    option proto 'static'
    option ipaddr '10.0.0.1'
    option netmask '255.255.255.0'

config interface 'virt0'
    option ifname 'virt0'
    option proto 'static'
    option ipaddr '10.0.0.2'
    option netmask '255.255.255.0'
    option gateway '10.0.0.1'
    option dns '10.0.0.1'
    option jail 'transmission'

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-21 10:25:27 +02:00
Petr Štetiar
5c73bb12c8 libubox: update to version 2020-01-20
43a103ff17ee blobmsg: blobmsg_parse and blobmsg_parse_array oob read fixes
 5c0faaf4f5e2 tests: prefer dynamically allocated buffers
 1ffa41535369 blobmsg_json: prefer snprintf usage
 132ecb563da7 blobmsg: blobmsg_vprintf: prefer vsnprintf
 a2aab30fc918 jshn: prefer snprintf usage
 b0886a37f39a cmake: add a possibility to set library version
 a36ee96618a9 blobmsg: blobmsg_add_json_element() 64-bit values
 f0da3a4283b7 blobmsg_json: fix int16 serialization
 20a070f08139 tests: blobmsg/json: add more test cases
 379cd33d1992 tests: include json script shunit2 based testing

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-20 20:57:21 +01:00
Petr Štetiar
63000bfaf7 fstools: update to version 2020-01-18
f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images)
 189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-20 20:57:21 +01:00
Sungbo Eo
c26b687e31 kernel: remove further obsolete kernel version switches
Most of the kernel version switches below 4.14 were removed in commit
97940f8766 ("kernel: remove obsolete kernel version switches"),
but some of them still remained. Remove them now.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-01-18 19:39:05 +01:00
Rosen Penev
8df14c229c base-files/functions.sh: use grep -q instead of []
It's cleaner and faster as it does not need to do extra work.

Also removed $() to avoid executing the output. The shell can handle it.

https://github.com/koalaman/shellcheck/wiki/SC2143

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[correct || to && for one conversion]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-18 00:24:06 +01:00
Rosen Penev
d4009d7985 base-files/system.sh: remove $ in $(())
Not needed.

https://github.com/koalaman/shellcheck/wiki/Sc2004

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev
fb56573dc4 base-files/functions.sh: use && instead of -a
-a is not well defined.

https://github.com/koalaman/shellcheck/wiki/SC2166

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev
b8e17aefea base-files/functions.sh: remove useless cat
The cut command can take a file as an input.

https://github.com/koalaman/shellcheck/wiki/SC2002

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev
cba5fa0352 base-files/functions.sh: don't use $var in $(())
It's not needed. It can also lead to subtle bugs.

https://github.com/koalaman/shellcheck/wiki/Sc2004

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:35 +01:00
Stijn Tintel
1322190fd3 libcxx: fix build for x86/64
When building libcxx for x86/64, the library is installed in /usr/lib64.
As the install section tries to copy the library from /usr/lib, this
breaks build on x86/64. Override the lib dir suffix to fix this.

Fixes: 856ea2bad3 ("libcxx: Add package")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 00:42:49 +02:00
Hans Dedecker
f0c0f92ce4 odhcpd: update to version 2020-01-14
6db312a dhcpv6-ia: use dhcp leasetime to set preferred/valid statefull lifetimes
2520c48 dhcpv6-ia: introduce DHCPv6 pd and ia assignments flags
b413d8a dhcpv6-ia: cleanup prefix delegation routes
b0902af dhcpv6-ia: remove passing interface as parameter to apply_lease

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-01-16 21:53:17 +01:00
David Lam
a5f3648a1c hostapd: add support for system cert bundle validation
Currently, it is very cumbersome for a user to connect to a WPA-Enterprise
based network securely because the RADIUS server's CA certificate must first be
extracted from the EAPOL handshake using tcpdump or other methods before it can
be pinned using the ca_cert(2) fields. To make this process easier and more
secure (combined with changes in openwrt/openwrt#2654), this commit adds
support for validating against the built-in CA bundle when the ca-bundle
package is installed. Related LuCI changes in openwrt/luci#3513.

Signed-off-by: David Lam <david@thedavid.net>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16 12:08:18 +01:00
Daniel Golle
702c70264b hostapd: cleanup IBSS-RSN
set noscan also for IBSS and remove redundant/obsolete variable.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-16 10:26:21 +02:00
Andrea Dalla Costa
5adca1cf2a uboot-oxnas: fix memory leak in tool mkox820crc
In function `main` add calls to `free` for the variable `executable`.
This is needed because the variable `executable` is allocated but
never freed. This cause a memory leak.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-15 23:15:19 +01:00