Backport fix for API breakage of SSL_get_verify_result() introduced in
v5.1.1-stable. In v4.8.1-stable SSL_get_verify_result() used to return
X509_V_OK when used on LE powered sites or other sites utilizing
relaxed/alternative cert chain validation feature. After an update to
v5.1.1-stable that API calls started returning X509_V_ERR_INVALID_CA
error and thus rendered all such connection attempts imposible:
$ docker run -it openwrt/rootfs:x86_64-21.02.2 sh -c "wget https://letsencrypt.org"
Downloading 'https://letsencrypt.org'
Connecting to 18.159.128.50:443
Connection error: Invalid SSL certificate
Fixes: #9283
References: https://github.com/wolfSSL/wolfssl/issues/4879
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b9251e3b407592f3114e739231088c3d27663c4c)
Add support for the Xunlong OrangePi R1 Plus LTS.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit dfc3b6228256ff5004a9601296892b1ca5cb4f4a)
This fixes the following security problem:
The command-line argument parser in tcpdump before 4.99.0 has a buffer
overflow in tcpdump.c:read_infile(). To trigger this vulnerability the
attacker needs to create a 4GB file on the local filesystem and to
specify the file name as the value of the -F command-line argument of
tcpdump.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8f5875c4e221453932f217a82f8c3092cacba3e5)
This fixes some recent security problems in hostapd.
See here for details: https://w1.fi/security/2022-1
* CVE-2022-23303
* CVE-2022-23304
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)
It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES
Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
(cherry picked from commit dfd695f4b9f364a7c7db646d2cada10fdf304f02)
This fixes the following security problems:
* Zeroize several intermediate variables used to calculate the expected
value when verifying a MAC or AEAD tag. This hardens the library in
case the value leaks through a memory disclosure vulnerability. For
example, a memory disclosure vulnerability could have allowed a
man-in-the-middle to inject fake ciphertext into a DTLS connection.
* Fix a double-free that happened after mbedtls_ssl_set_session() or
mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED
(out of memory). After that, calling mbedtls_ssl_session_free()
and mbedtls_ssl_free() would cause an internal session buffer to
be free()'d twice. CVE-2021-44732
The sizes of the ipk changed on MIPS 24Kc like this:
182454 libmbedtls12_2.16.11-2_mips_24kc.ipk
182742 libmbedtls12_2.16.12-1_mips_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 57f38e2c827e3be71d8b1709073e366afe011985)
Merged in https://github.com/u-boot/u-boot/commit/e7510d2,
adjust back to the current 2020.04 version.
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from commit e43eb16efe97a597a2ebaa9f549d1daec2c8c2ab)
945d0d7 utils: fix C style in header file
2cfc26f inittab: detect active console from kernel if no console= specified
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ffeb37047e85a5efd96890db12710e9d60b4b76a)
This adds conflicts between variants of libustream pacakge.
They provide the same file and thus it should not be possible to install
them side by side.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 219e17a35088a90eea664fbb4c66549d701a3cb4)
This allows LEDs to be triggered by custom pattern and not just
predefined ones.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 507911f477cc29531a2fbdf364df42e7e4f3c696)
The name of the module is 'uleds', not 'leds-uleds'.
Signed-off-by: Evgeny Kolesnikov <evgenyz@gmail.com>
[improve commit title]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 3e9318f3c0be1ae14d9d4eb705b02e7441d5d26e)
The allows userspace LEDs to be created and controlled. This can be useful
for testing triggers and can also be used to implement virtual LEDs.
Signed-off-by: Keith T. Garner <kgarner@kgarner.com>
[squash fixup commit and improve option wording]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 6a37286c2add96dba42fdd285162228eb55a99f1)
This is a bugfix release. Changelog:
*) Avoid loading of a dynamic engine twice.
*) Fixed building on Debian with kfreebsd kernels
*) Prioritise DANE TLSA issuer certs over peer certs
*) Fixed random API for MacOS prior to 10.12
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit def9565be632b316c82ffc5a7b28c789e9df75b4)
Right now it includes bcm4908 variant only that is required by BCM4908
family devices with U-Boot.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f18288e26715f8cdef6c6d62a196dfd4ade8265e)
It's very useful flag for handling various formats in sysupgrade. This
commit comes from the 1.34.0 release.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
fdt* utils are needed by targets that use U-Boot FIT images for
sysupgrade. It includes all recent BCM4908 SoC routers as Broadcom
switched from CFE to U-Boot.
fdtget is required for extracting images (bootfs & rootfs) from
Broadcom's ITB. Extracted images can be then flashed to UBI volumes.
sysupgrade is core functionality so it needs dtc as part of base code
base.
Cc: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Based on: 1ac627024de9 ("kernel: ath10k-ct: provide a build variant for
small RAM devices")
Like described in the ath10k-ct-smallbuffers version, oom-killer gets
triggered frequently by devices with small RAM.
That change is necessary for many community mesh networks which use
ath10k based devices with too little RAM. The -ct driver has been
proven unstable if used with 11s meshing and only wave2 chipsets are
supporting 11s. Freifunk Berlin is nowadays assembling its
firmware-based completely of vanilla OpenWRT with some package additions
which are made through the imagebuilder. Therefore we cannot take the
approach other freifunk communities have taken to maintain that patch
downstream [1]. Other communities consider these devices as broken and
that change would pretty much give those devices a second life [2].
[1] - 450b306e54
[2] - https://github.com/freifunk-gluon/gluon/issues/1988#issuecomment-619532909
Signed-off-by: Simon Polack <spolack+git@mailbox.org>
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 694757a08f620a9f24b70003542d9dcd0abeac46)
When the list of packages to be installed in a built image exceeds a certain
number, then 'opkg install' executed for target '$(curdir)/install' in
package/Makefile fails with: /usr/bin/env: Argument list too long.
On Linux, the length of a command-line parameter is limited by
MAX_ARG_STRLEN to max 128 kB.
* https://elixir.bootlin.com/linux/latest/source/include/uapi/linux/binfmts.h#L15
* https://www.in-ulm.de/~mascheck/various/argmax/
To solve the problem, store the package list being passed to 'opkg install'
in a temporary file and use the shell command substitution to pass the
content of the file to 'opkg install'. This guarantees that the length of
the command-line parameters passed to the bash shell is short.
The following bash script demonstrates the problem:
----------------------------------------------------------------------------
count=${1:-1000}
FILES=""
a_file="/home/egorenar/Repositories/openwrt-rel/bin/targets/alpine/generic/packages/base-files_1414-r16464+19-e887049fbb_arm_cortex-a15_neon-vfpv4.ipk"
for i in $(seq 1 $count); do
FILES="$FILES $a_file"
done
env bash -c "echo $FILES >/dev/null"
echo "$FILES" | wc -c
----------------------------------------------------------------------------
Test run:
----------------------------------------------------------------------------
$ ./test.sh 916
130989
$ ./test.sh 917
./test.sh: line 14: /bin/env: Argument list too long
131132
----------------------------------------------------------------------------
Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
[reword commit subject]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 1854aeec4d37079690309dec3171d0864339f73a)
The http://www.us.tcpdump.org mirror will go offline soon, only use the
normal download URL.
Reported-by: Denis Ovsienko <denis@ovsienko.info>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 18bdfc803bef00fad03f90b73b6e65c3c79cb397)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[rebased for OpenWrt 21.02 branch]
this patch consolidates the amd64-microcode
(moved to linux-firmware.git, previously this was an extra
debian source package download), amdgpu and radeon firmwares
into a shared "amd" makefile.
this will include a microcode update for ZEN 3 CPUs that
came with the 20211216 linux-firmware bump.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit cf8ee49c9bd37ea3e17abe710353737e0f5f9608)
The rtl8723bs firmware was removed and a symlink to the rtl8723bu
firmware was created like it is done in upstream linux-firmware.
The following OpenWrt packages are changing:
* amdgpu-firmware: Multiple updates and new files
* ar3k-firmware: Multiple updates and new files
* ath10k-firmware-qca6174: Updated ath10k/QCA6174/hw3.0/board-2.bin
* bnx2x-firmware: Added bnx2x-e1-7.13.21.0.fw, bnx2x-e1h-7.13.21.0.fw and bnx2x-e2-7.13.21.0.fw
* iwlwifi-firmware-iwl8260c: Updated iwlwifi-8000C-36.ucode
* iwlwifi-firmware-iwl8265: Updated iwlwifi-8265-36.ucode
* iwlwifi-firmware-iwl9000: Updated iwlwifi-9000-pu-b0-jf-b0-46.ucode
* iwlwifi-firmware-iwl9260: Updated iwlwifi-9260-th-b0-jf-b0-46.ucode
* r8169-firmware: Updated rtl8153c-1.fw
* rtl8723bs-firmware: removed
* rtl8723bu-firmware: Added rtlwifi/rtl8723bs_nic.bin symlink
* rtl8822ce-firmware: Updated rtw8822c_fw.bin
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 397dfe4a97e61b87f909181ba60b6187d758635f)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> (2012->2021)
In there linux-firmware repository located in kernel, there were removed old
broadcom firmware [1] as they seem to be likely vulnerable to KrØØk vulnerability
(CVE-2019-15126), because Cypress released new versions and superseded
by it.
In OpenWrt, there is Makefile for cypress-firmware, which already provides
the same named packages like it was in linux-firmware. For example, cypress-firmware-43455-sdio
provides brcmfmac-firmware-43455-sdio [2].
Changelog between 2020118 and 20210315:
3568f96 (tag: 20210315) linux-firmware: Update firmware file for Intel Bluetooth AX210
9e96e50 linux-firmware: Update firmware file for Intel Bluetooth AX200
c8d0db5 linux-firmware: Update firmware file for Intel Bluetooth AX201
5e2a387 Merge tag 'iwlwifi-fw-2021-03-05-v3' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware into main
b0d3e31 rtw88: 8822c: Update normal firmware to v9.9.6
5a2fd63 iwlwifi: add new FWs from core59-66 release
4f54906 iwlwifi: update 9000-family firmwares
11b7607 iwlwifi: update 7265D firmware
e425f76 Merge branch 'add-silabs-wf200' of github.com:jerome-pouiller/linux-firmware into main
5ecd13f Mellanox: Add new mlxsw_spectrum firmware xx.2008.2406
58fb90a linux-firmware: add frimware for mediatek bluetooth chip (MT7921)
e576a1b rtw89: 8852a: add firmware v0.9.12.2
048a7cb WHENCE: add missing symlink for BananaPi M3
aa6c6e7 Add symlink for BananaPi M2 to brcmfmac43430-sdio config
58825f7 brcm: Fix Raspberry Pi 4B NVRAM file
520f71b silabs: add new firmware for WF200
f7915a0 amdgpu: add initial firmware for green sardine
80cb579 rtw88: RTL8822C: Update normal firmware to v9.9.5
b79d239 (tag: 20210208) Merge branch 'DG1-guc-huc-ADLS-dmc' of git://anongit.freedesktop.org/drm/drm-firmware into main
66970e1 Merge branch 'qcom-rb5' of https://github.com/lumag/linux-firmware into main
cf6fc2b Mellanox: Add new mlxsw_spectrum firmware xx.2008.2304
391fd50 linux-firmware: add firmware for MT7921
c5e3240 rtw88: RTL8821C: Update firmware to v24.8
d33d2d8 linux-firmware: Update firmware file for Intel Bluetooth AX210
3027ae4 linux-firmware: Update firmware file for Intel Bluetooth AX200
13979c3 linux-firmware: Update firmware file for Intel Bluetooth AX201
348d8a9 i915: Add DMC v2.01 for ADL-S
f33f1f7 i915: Add HuC v7.7.1 for DG1
6a422f5 i915: Add GuC v49.0.1 for DG1
df822a8 qcom: Add venus firmware files for VPU-1.0
11a1db1 qcom: Add SM8250 Compute DSP firmware
e55248b qcom: Add SM8250 Audio DSP firmware
da74cc6 qcom: add firmware files for Adreno a650
0578970 brcm: Link RPi4's WiFi firmware with DMI machine name.
d528862 brcm: Add NVRAM for Vamrs 96boards Rock960
870b805 brcm: Update Raspberry Pi 3B+/4B NVRAM for downstream changes
a28a590 cypress: Fix link direction
060ad8b cypress: Link the new cypress firmware to the old brcm files
0f0aefd brcm: remove old brcm firmwares that have newer cypress variants
f580dc2 rtl_bt: Update RTL8822C BT(UART I/F) FW to 0x059A_25CB
7df2220 rtl_bt: Update RTL8822C BT(USB I/F) FW to 0x099a_7253
e79405d rtl_bt: Add firmware and config files for RTL8852A BT USB chip
ef3813d rtl_bt: Update RTL8821C BT(USB I/F) FW to 0x829a_7644
646f159 (tag: 20201218) make AP6212 in bananpi m2 plus/zero work
28185ec linux-firmware: Update firmware file for Intel Bluetooth AX210
23da869 linux-firmware: Update firmware file for Intel Bluetooth AX200
2099248 linux-firmware: Update firmware file for Intel Bluetooth AX201
94de5e2 linux-firmware: Update firmware file for Intel Bluetooth 9560
27a3689 linux-firmware: Update firmware file for Intel Bluetooth 9260
5c3c4af Merge branch 'lt9611uxc' of https://github.com/lumag/linux-firmware into main
aaed4a8 Merge branch 'v1.1.6' of https://github.com/irui-wang/linux_fw_vpu_v1.1.6 into main
d8c9865 Merge branch 'master' of https://github.com/sampnimm/linux-firmware-BT into main
63ab3db linux-firmware: add firmware for Lontium LT9611UXC DSI to HDMI bridge
0fe0fe0 mediatek: update MT8173 VPU firmware to v1.1.6
1a08ec9 QCA : Updated firmware files for WCN3991
7455a36 Merge branch 'guc_v49' of git://anongit.freedesktop.org/drm/drm-firmware into main
7eb7fda linux-firmware: Update firmware file for Intel Bluetooth AX210
5cbf459 linux-firmware: Update firmware file for Intel Bluetooth AX210
c487f7d i915: Add GuC firmware v49.0.1 for all platforms
d9ffb07 i915: Remove duplicate KBL DMC entry
b362fd4 Mellanox: Add new mlxsw_spectrum firmware xx.2008.2018
bc9cd0b linux-firmware: Update AMD SEV firmware
54c797a amdgpu: add sienna cichlid firmware for 20.45
1340e9c amdgpu: update vega20 firmware for 20.45
b260c9c amdgpu: update vega12 firmware for 20.45
d683bd5 amdgpu: update vega10 firmware for 20.45
7c81cc2 amdgpu: update renoir firmware for 20.45
3619e57 amdgpu: update navi14 firmware for 20.45
68ce0fb amdgpu: update navi12 firmware for 20.45
e889b80 amdgpu: update navi10 firmware for 20.45
f4edc15 amdgpu: update raven2 firmware for 20.45
e71210f amdgpu: update raven firmware for 20.45
[1] https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=0f0aefd733f70beae4c0246edbd2c158d5ce974c
[2] eeda8652f1/package/firmware/cypress-firmware/Makefile (L124)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit ff2bb16730f629d54bde8ba85c75d8614741e3fd)
(removed sinovoip_bananapi-m2-berry)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Add firmware and board file for Qualcomm Atheros QCA9377 802.11ac Wireless
Network Adapter (rev 31) recognized as [168c:0042].
This card supports standard 1x1 802.11ac Wave2, BT5, and MU-MIMO.
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
(cherry picked from commit b2656490855f2a90f8895079a9a3853af6512d83)
Fixes:
brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6
Direct firmware load for brcm/brcmfmac43455-sdio.raspberrypi,4-compute-module.txt failed with error -2
Falling back to sysfs fallback for: brcm/brcmfmac43455-sdio.raspberrypi,4-compute-module.txt
Direct firmware load for brcm/brcmfmac43455-sdio.txt failed with error -2
Falling back to sysfs fallback for: brcm/brcmfmac43455-sdio.txt
Signed-off-by: Nian Bohung <n0404.n0404@gmail.com>
(cherry picked from commit b1db5585557ed069027767a80c31c6f1f2920196)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[improved commit mesage]
The following command checks if a instance of a service is running.
/etc/init.d/<service> running <instance>
In the variable `$@`, which is passed to the function
`service_running`, the first argument is always the `instance` which
should be checked. Because all other variables where removed from `$@`
with `shift`.
Before this change the first argument of `$@` was set to the `$service`
Variable. So the function does not work as expected. The `$service`
variable was always the instance which should be checked. This is not
what we want.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit dd681838d370f1f6f6fa1bf1f22b0414322292f3)
We were missing (not using) the last sector of each partition,
compared with the output of gparted.
Signed-off-by: Javier Marcet <javier@marcet.info>
[moved the dot]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 018ada5403f02921be22ee0cf49b88b2700ee105)
The following patches were backported from upstream before and are not
needed any more:
package/kernel/mac80211/patches/ath/980-ath10k-fix-max-antenna-gain-unit.patch
package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Linksys uses an extra 0x100 bytes long tail for BCM4908 images.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c4d5e60f6115b9a97318774533ea764bf938c2a9)
This simplifies some operations as it doesn't have to be caculated over
and over. It will also allow adding support for more vendor formats.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 063038bcef39802aa65c196a162067f66e5c8621)
Update busybox to 1.33.2, which includes only 5 commits after 1.33.1
Bug fix release. 1.33.2 has fixes for hush and ash (parsing fixes)
and unlzma (fix where we could read before beginning of buffer).
https://git.busybox.net/busybox/log/?h=1_33_2
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
71e08471ab56 mt76: eeprom: fix return code on corrected bit-flips
9a8fc6636d83 mt76: move sar_capa configuration in common code
7cdbea1dc82a mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr
678071ef7029 mt76: mt7615: clear mcu error interrupt status on mt7663
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit fc4398fe71810f3bb5637bdfd0b3975a8ec858f0)
a6451fea5a3d mt76: mt7615: improve wmm index allocation
1911486414dc mt76: mt7915: improve wmm index allocation
7998a41d1321 mt76: clear sta powersave flag after notifying driver
664475574438 mt76: mt7603: introduce SAR support
5c0da39c940b mt76: mt7915: introduce SAR support
77fc6c439a32 mt76: mt7603: improve reliability of tx powersave filtering
094b3d800835 firmware: update mt7663 rebb firmware to 20200904171623
25237b19bcc1 mt76: eeprom: tolerate corrected bit-flips
1463cb4c6ac2 mt76: mt7921: fix boolreturn.cocci warning
586bad6020f7 mt76: mt7921: use correct iftype data on 6GHz cap init
8ec95c910425 mt76: mt7921s: fix bus hang with wrong privilege
688e30c7d854 firmware: update mt7921 firmware to version 20211014
6fad970893dd mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi
95acf972750c mt76: fix 802.3 RX fail by hdr_trans
3f402b0cf6c0 mt76: mt7921s: fix possible kernel crash due to invalid Rx count
929a03a8d65d mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 7e153900566ec1aebdc4f15f5a9d9ff9b9401cc1)
Also fix typo error which will cause build failed.
Fixes: 75954bd ("default-settings: split cnh variant into a separated pkg")
(cherry picked from commit 202742604b2c0c4620419854e720acf649426036)
Follow up to commit c744798cad6a13436f2ba9dd3a280cb16d315c85. Managed to
hit the very same issue again while playing with the NOR SPL builds.
Signed-off-by: Mathias Kresin <dev@kresin.me>
If authentication fails repeatedly e.g. because of a weak signal, the link
can end up in blocked state. If one of the nodes tries to establish a link
again before it is unblocked on the other side, it will block the link to
that other side. The same happens on the other side when it unblocks the
link. In that scenario, the link never recovers on its own.
To fix this, allow restarting authentication even if the link is in blocked
state, but don't initiate the attempt until the blocked period is over.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit f84053af5c0b0a159ea4d3e90b0c06574b4fde8d)
Some drivers that do their own sequence number allocation (e.g. ath9k, mwlwifi) rely
on being able to modify params->ssn on starting tx ampdu sessions.
This was broken by a change that modified it to use sta->tid_seq[tid] instead.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit ddd977fcc5838eb6bfb6cb9dad99dfe09a8ff67e)
When a ubus event handler denies a association with a non-zero return
value, the code jumps to preceeding code, creating an endless loop until
the event handler accepts the assc request.
Move the ubus handler further up the code to avoid creating such a loop.
Signed-off-by: David Bauer <mail@david-bauer.net>
They can be added as hex digit strings via the 'vendor_elements' option
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 1818b038d7275273adbd525b5ee76bc60b7d628c)
This makes it possible to avoid using a RADIUS server for WPA enterprise authentication
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from 98621c97822eb20a80ab2248a253972051ea6f08)
This allows WPA enterprise roaming in the same mobility domain without any
manual key configuration (aside from radius credentials)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 704ab6a002172e76d41612f6d07ff179ef035d10)
Using a pointer one lifter after it freed is not the best idea.
Let's not do that.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry-picked from commit 63c01ad025981eaa841353dc0fc27e5017febe21)
This implements the mapping recommendations from RFC8325, with an
update from RFC8622. This ensures that DSCP marked packets are properly
sorted into WMM classes.
The map can be disabled by setting iw_qos_map_set to something invalid
like 'none'
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit a5e3def1822431ef6436cb493df77006dbacafd6)
This feature is useful on its own even without full interworking support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit efff3520f4d8fe131c4bd54bb2e098139a7efa4d)
Both hostapd and netifd attempt to add a VLAN device to a bridge.
Depending on which one wins the race, bridge vlan settings might be incomplete,
or hostapd might run into an error and refuse to service the client.
Fix this by preventing hostapd from adding interfaces to the bridge and
instead rely entirely on netifd handling this properly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit da4be02fcd5d642954b1c9d9855d9e8d1e6205f4)
(cherry-picked from commit 63c01ad025981eaa841353dc0fc27e5017febe21)
Avoids race conditions on bridge member add/remove
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 17d19a7d4398789ae8da3daf8e0db167d58b0782)
When using htmode 'HE20' with a radio mode that uses wpa-supplicant
(like mesh or sta), it will default to 40 MHz bw if disable_ht40 is not
set. This commit fixes this behaviour.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
(cherry-picked from commit af83e3ce0ff40dcecbe913676343bf86846294f7)
Use the VLAN interface instead of the bridge, to ensure that hostapd receives
untagged DHCP packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 7b46377a0cd9d809a3c340358121de77f005d4cc)
(cherry-picked from commit f1b98fa4fa8a86a9daf2a7177235f28cbd7c53ef)
In setups using VLAN bridge filtering, hostapd may need to communicate using
a VLAN interface on top of the bridge, instead of using the bridge directly
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 305c1b8d746b363f655c2f8d5a6497cca10a5d4e)
- add functionality to configure RADIUS NAS-Id and Operator-Name
- add functionality to configure RADIUS accounting interval
- enable RADIUS "Chargeable User Identity"
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 3bd6c8c728e72444bdf23b8904ef9c52ebb46bb7)
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit c76f1d8330c679774eb568a423feb57d956b3ca4)
Airtime policy configuration is extremely useful in multiple BSS scenarios.
Since nowadays most people configure both private and guest networks (at
least), it makes sense to enable it by default, except for the most limited
of the variants.
Size of the hostapd-basic-openssl binary (mipsel 24Kc -O2):
543944 bytes (airtime policy disabled)
548040 bytes (airtime policy enabled)
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
Acked-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit d38f4565828264731f2a9cfe646491fba80315d3)
netifd is responsible for handling that, except if the vlan bridge
was provided by the config
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit cf45caeff16256f9db777e0e652ec3a38cd476a4)
No functional changes, just some renames to make it easier to keep mt76 in
sync with upstream
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit e62c5504701c7a665c9cf89ddbcb062f5ade6e37)
(cherry-picked from commit a889dcd3f21e50dc3e7f827ff0e486020562a6f8)
Required for an upcoming mt76 update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 978e822db354daf974811f2717c6013fa3eb8079)
(cherry-picked from commit af9d31aacc286786a8765a44c2000d2eba02e61c)
This is needed for an upcoming mt76 update
also sync iw nl80211 with kernel backports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2bfac61483db32f8bd1f5b38702b39f206256265)
(cherry-picked from commit 36019ed5893cd11c86a7dbedca1c6a055654a3c0)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 0f6887972adc48449a1f5efaa143fa3f740a8c36)
(cherry-picked from commit 6f2044c2d74dd0ae2cee3b25b2ac084513c0536a)
Improves airtime fairness, especially for devices with larger firmware buffers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit a5888ad6b33840d913438ce664c0e7da7e7f53e6)
Without this, beamforming is probably not working
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit e2c4998f6dca7d9b74a8b01762040ff2c5e38fd7)
On systems using brmcfmac (e.g. Raspberry Pi Zero W) without this fix,
the final setup-call:
iw dev wlan0 ibss join ...
fails with returncode 161 and message:
"command failed: Not supported (-95)"
So this patch calls an explicit:
iw dev wlan0 set type ibss
just prior to the 'ibss join' command.
I have tested several ath9k and mt76xx devices
with different revisions: this patch does not harm.
please also apply to stable branch.
Signed-off-by: Bastian Bittorf <bb@npl.de>
(cherry-picked from commit ea5fce3f4616df3e4331e6b4e8e79767bded442c)
In some cases, spurious failures might be cleared by teardown and retry
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 42dda0ed3e941bc36661e29b990e2ee2adf7f508)
The channel offset used for VHT segment calculation was missing for HT
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit a0d81ba0d5e9d055c55b5e478cb913c217122317)
Use the right argument to fix setting unsupported capabilities to 0
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 49ef4dbee519e006bb998de11e3bdf1c10c43e6a)
Some drivers advertise it, but it's not supported at the moment
Reported-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 42a99b18ff23fa768a6ae5f1076f15cbfa494f24)
The colon does not directly follow the "VHT Capabilities" string
Reported-by: John Thomson <git@johnthomson.fastmail.com.au>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 3518b793a2f2293e7e9124b5beae7b09887c5e32)
This is needed to disambiguate it from 5 GHz channels
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit c8bcdd561909034a14cbfd785e13848cbd5f5e50)
Emit the new band option instead of hwmode
Support 6 GHz band and HE options
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8504212f65865449dd6b9ed9daa0ba9781f8f287)
Use it to look up frequencies only in the configured band to better deal
with channel number overlap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8b8c1cb09bf2259e647a15d0c881b5dea15330da)
This increases the size of the iw_5.9-8fab0c9e-3_mips_24kc.ipk from
41166 to 41942 bytes by 776 bytes.
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
(cherry-picked from commit 9df7eadcfd3129cecfb30ec78a43ae9b3175869e)
At least since gcc 7.3.0 (OpenWrt 18.06) lwr/lwl are used in the
assembly of LzmaProps_Decode. While the decission made by the compiler
looks perfect fine, it triggers some obscure hang on lantiq danube-s
v1.5 with MX29LV640EB NOR flash chips.
Only if the offset 1 is used, the hang can be observed. Using any other
offset works fine:
lwl s0,0(a1) - s0 == 0x6d000080
lwl s0,1(a1) - hangs
lwl s0,2(a1) - s0 == 0x0080xxxx
lwl s0,3(a1) - s0 == 0x80xxxxxx
It isn't clear whether it is a limitation of the flash chip, the EBU or
something else.
Force 8bit reads to prevent gcc optimizing the read with lwr/lwl
instructions.
Signed-off-by: Mathias Kresin <dev@kresin.me>
e983a25 Update regulatory rules for Ecuador (EC)
a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz
cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz
86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US
6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US
9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately
42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit dbb4c47798b17112cb1eed2a309cdefd33b5f193)
Per FHS 3.0, /var/lock is the location for lock files [1].
However its current permissions (755) are too restrictive
for use by unprivileged processes.
Debian and Ubuntu set them to 1777, and now so do we.
[1] <https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#varlockLockFiles>
Signed-off-by: Deomid Ryabkov <rojer@rojer.me>
[fixed typo in commit message, had to remove "rojer" due to git hooks]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 430f69194388ad6a7826a51e0e2b2dd478e27f0f)
This enables building of rpcapd and adds it as a package.
It is a daemon that allows remote packet capturing from another machine.
E.g. Wireshark can talk to it using the Remote Capture Protocol (RPCAP).
https://www.tcpdump.org/manpages/rpcapd.8.html
Compile and run tested:
OpenWrt 21.02.0-rc4 r16256-2d5ee43dc6 on x86/64 and mvebu/cortexa9
Signed-off-by: Stephan Schmidtmer <hurz@gmx.org>
(cherry picked from commit 891c8676a1602d31adf3ab9f913664ae0d3b4029)
OpenWrt's special gpio-button-hotplug driver is still using
exclusively the legacy GPIO Subsystem gpio_ API.
While it still does work fine for most devices, upstream
linux is starting to convert platform support like that of
the APU2/3/4 to the new GPIOD LOOKUP tables that are not
supported by it.
Hence, this patch replaces the gpio_ calls present in
gpio-button-hotplug with gpiod_ equivalent wherever
it's possible. This allows the driver to use the
gpiod lookup tables and still have a fallback for
legacy platform data code that just sets button->gpio
set to the real button/switch GPIO.
As a bonus: the active_low logic is now being handled
by the linux's gpio subsystem too. Another issue that
was address is the of_handle leak in the dt parser
error path.
Tested with legacy platform data: x86_64: APU2, MX-100
Tested on OF: ATH79; MR18, APM821xx: Netgear WNDR4700,
RAMIPS: WL-330N3G
LANTIQ: AVM FritzBox 7360v1
Reported-by: Chris Blake <chrisrblake93@gmail.com>
Tested-by: Chris Blake <chrisrblake93@gmail.com>
Reviewed-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 2b0378cf9f3163bac29fa9946b3aa1607fc03802)
When doing parallel build on a fast machine with bottleneck in i/o,
m_xt.so may start linking faster than dynsyms.list gets populated,
resulting in error:
ld:dynsyms.list:0: syntax error in dynamic list
Fix this by adding dynsyms.list as make dependency to m_xt.so
Described also here:
https://bugs.openwrt.org/index.php?do=details&task_id=3353
Change from v1:
- add dynsysms.list dependancy only when shared libs are enabled
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Fixes: FS#3353
(cherry-picked from commit edd53df16843a0a6380920ed17b88bfe7d26d71b)
fixing linking error when --enable-devcrypto=yes
fixes: 7d92bb050961 wolfssl: update to 4.8.1-stable
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit be3e260f92643a841f4f83b03cbb07b9a26cff66)
It's the default anyway and this just looks confusing, as if it wasn't.
Switch to AUTORELEASE while at it.
The binary size is unchanged.
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 7cb5af30f48d6788cd471138820a772610a7f8e0)
This gates out anything that might introduce semantically frivolous jitter,
maximizing chance of identical object files.
The binary size shrinks by 8kb:
1244352 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit c76300707e8d705d9efc7ed4bb1b7449d0a5fe00)
Changes from 4.7.0:
Fix one high (OCSP verification issue) and two low vulnerabilities
Improve compatibility layer
Other improvements and fixes
For detailed changes refer to https://github.com/wolfSSL/wolfssl/releases
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 7d92bb0509615550b98e2dc71091073c8258d564)
[Added patch to allow compilation with libtool 2.4]
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Backport upstream patch to fix build with GCC 10 on 32 x86 targets.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 718a4f47806da8f68cb8f1fe2ebecf403e14ae96)
They're preferred terminal descriptions for tmux, with additional support to
some special characters and italic fonts. More info can be found at:
https://github.com/tmux/tmux/wiki/FAQ
Fixes: FS#3404
Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
(cherry picked from commit 917126ff4cfb1ea4795cfc93820ed5d304b084c3)
The terminfo is required by the popular terminal multiplexer screen and
tmux, offer it by default as the size impact is minimal with 885 Bytes.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 6a6b5a677e8c245f6c82ad40cc718e614aa9f7a1)
The terminfo files were all in one row which is terrible to read.
Split them over multiple lines to improve readability.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 75ea474b9002c758e9a23023f7636258a467704c)
Add in a fix for 160Mhz dfs on 5.10 and higher.
Add support for 5.13 and 5.15 kernels.
Add of_get_mac_address support for 5.15 driver.
Signed-off-by: Andrew Robbins <andrew@robbinsa.me>
(cherry picked from commit 1d2bc94f786434e89bc87003b2a2202e92ad84e7)
This driver can be used on AllWinner H6 and rk3399.
Signed-off-by: AmadeusGhost <amadeus@immortalwrt.org>
(cherry picked from commit e34397d950caf5b82b208992240559c007f58a7f)
This driver can be used on AllWinner h3/h5 and rk3328.
Signed-off-by: AmadeusGhost <amadeus@immortalwrt.org>
(cherry picked from commit 971af214bc6652fb5dc67d6a7cd7360cef10ca0e)
"Alternate certification chains, as oppossed to requiring full chain
validataion. Certificate validation behavior is relaxed, similar to
openssl and browsers. Only the peer certificate must validate to a trusted
certificate. Without this, all certificates sent by a peer must be
used in the trust chain or the connection will be rejected."
This fixes e.g. uclient-fetch and curl connecting to servers using a Let's
Encrypt certificate which are cross-signed by the now expired
DST Root CA X3, see [0].
This is the recommended solution from upstream [1].
The binary size increases by ~12.3kb:
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
[0] https://github.com/openwrt/packages/issues/16674
[1] https://github.com/wolfSSL/wolfssl/issues/4443#issuecomment-934926793
Signed-off-by: Andre Heider <a.heider@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 28d8e6a8711ba78f1684a205e11b0dbd4ff2b2f3)
Make the organization (O=) of the cert configurable via uci. If not
configured, use a combination of "OpenWrt" and an unique id like it was
done before.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 2c6c1501af664490ec9b701b46a201e21c670b96)
The official Plasma Cloud firmware adjusted the BDFs to contain new
conformance test limits and target power values. These should be imported
to avoid emissions outside the allowed limits.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit e0721608f9620b570c7f18d94681e86b01c0b9a0)
In hostapd_ubus_add_bss(), ubus objects are not registered for mesh
interfaces. This provokes a segfault when accessing the ubus object in
mesh deinit.
This commit adds the same condition to hostapd_ubus_free_bss() for
discarding those mesh interfaces.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
(cherry picked from commit 5269c47e8db549695ceaf6a19afdd0cb90074622)
This version fixes two vulnerabilities:
- SM2 Decryption Buffer Overflow (CVE-2021-3711)
Severity: High
- Read buffer overruns processing ASN.1 strings (CVE-2021-3712)
Severity: Medium
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7119fd32d397567931e63dbbf72014e95624018f)
Backport a patch from upstream U-Boot to fix the compile with host GCC 10.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8d143784cb8fafccdbcdc0bd5d1aa47d3d676f70)
Backport a patch from upstream U-Boot to fix the compile with host GCC 10.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a1034afba8ea8bec48e2528fdae0fb74a6757e53)
Installing headers and static libraries to the target system seems
to be not required for most use cases, so let's factor them
out into a dedicated -dev package.
This cuts down to disk usage to around 50% of the original
package to ~ 2MB - not that disk space is an issue normally,
but when using inside an initramfs only project, it counts.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Add support for the FriendlyARM NanoPi R2C.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
(cherry picked from commit 2f1747a51f0a94c7afe364a3c4239770b29a53ce)
When having two keys that start with the same characters and the second
key just has one character more nand_tffs_read and tffs_read return the
wrong value for the longer key. This is due to the usage of strncmp in
combination with the length of the shorter key which is usually first in
the list before the longer key and when strncmp matches, the search is
stopped. The problem only occurs when the length of the two keys is
different, not if just the last character is different. The fix is to
use strcmp and as such it will only return the value if the key (name)
and the key to look for (namefilter) have the same value and length. A
sample case returning wrong values is when keys macwlan and macwlan2 are
defined and querying macwlan2 returns the value for macwlan.
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
(cherry picked from commit 12564c5b860f9849c9a2fb7026c2c11150b9a4fc)
EXTRA_MOUNT variable should be reset in dnsmasq_start() rather than
just once at the beginning of the script.
Fixes: ac4e8aa2f8 ("dnsmasq: fix more dnsmasq jail issues")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ddc8d085f39dea998f59680fb556ca72d779a3b1)
* remove superflus mounts of /dev/null and /dev/urandom
* reset EXTRA_MOUNTS at the beginning of the script
* add mount according to ignore_hosts_dir
* don't add mount for file which is inside a directory already in the
EXTRA_MOUNTS list
Fixes: 59c63224e1 ("dnsmasq: rework jail mounts")
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit ac4e8aa2f8d98158ea7b749f877269f1f5fa9c5a)
* split into multiple lines to improve readability
* use EXTRA_MOUNT for addnhosts instead of blindly adding /tmp/hosts
* remove no longer needed mount for /sbin/hotplug-call
* add dhcp-script.sh dependencies (jshn, ubus)
Fixes: 3a94c2ca5c ("dnsmasq: add /tmp/hosts/ to jail_mount")
Fixes: aed95c4cb8 ("dnsmasq: switch to ubus-based hotplug call")
Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 59c63224e11d6c4eca27131a73bf16218e47a271)
'--local' is a synonym for '--server' so let's use '--local' in the
resultant config file for uci's 'local' instead of uci's local
parameter being turned into '--server'. Slightly less confusion all
round.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit e4cfefa9fc3d22da5705b554785ba9c533c373d0)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
When running multiple instances of dnsmasq, for example one being for the lan
and another for a guest network, it might not be desirable to have the same dns names
configured in both networks
Signed-off-by: João Henriques <joaoh88@gmail.com>
(cherry picked from commit e8a5670122e04574fdb5855ecd63d18f317c5bfd)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
440eb0647708 bridge: fix regression in bringing up bridge ports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 39f81b0bf687017b4d086255c94166e662ac177e)
85f01c44a950 bridge: check bridge port vlan membership on link-up events
17e453bd68b4 wireless: add back regular virtual interfaces on hotplug-add events as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2801fe6132c4e2e364e2d5a304594185351b501b)
Currently, when using multiple dnsmasq instances they are all assigned
to the same Ubus instance name. This does not work, as only a single
instance can register with Ubus at a time. In the log, this leads to
`Cannot add object to UBus: Invalid argument` error messages.
Furthermore, upstream 3c93e8eb41952a9c91699386132d6fe83050e9be changes
behaviour so that instead of the log, dnsmasq exits at start instead.
With this patch, all dnsmasq instances are assigned unique names so that
they can register with Ubus concurrently. One of the enabled instances
is always assigned the previous default name "dnsmasq" to avoid breaking
backwards compatibility with other software relying on that default.
Previously, a random instance got assigned that name (while the others
produced error logs). Now, the first unnamed dnsmasq config section is
assigned the default name. If there are no unnamed dnsmasq sections the
first encountered named dnsmasq config section is assigned instead.
A similar issue exists for Dbus and was similarly addressed.
Signed-off-by: Etan Kissling <etan.kissling@gmail.com>
[tweaked commit message] dnsmasq was not crashing it is exiting
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit ba5bd8e556b2e7573d27b16e005ba287e066f795)
Programs like the olsr-name-plugin write hostname files to "/tmp/hosts/".
If you don't add this to the jail_mount, dnsmasq can't read it anymore.
Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 3a94c2ca5cf7c11ca150fa3ae884e7be8d07a281)
7f24a063475e vlan: fix device vlan alias handling
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit d1a812c49b57636efcb9ef6f5f0aff4f11eb6b36)
61a71e5e49c3 bridge: dynamically create vlans for hotplug members
cb6ee9608e10 bridge: fix dynamic delete of hotplug vlans
7f199050f395 wireless: pass the real network ifname to the setup script
50381d0a2998 bridge: allow adding/removing VLANs to configured member ports via hotplug
f12b073c0cc3 wireless: add some comments to functions
b0d090688302 bridge: fix setting pvid for updated vlans
ff3764ce28e0 device: move hotplug handling logic from system-linux.c to device.c
16bff892f415 ubus: add a dummy mode ubus call to simulate hotplug events
7f30b02013f2 examples: make dummy wireless vif names shorter
013a1171e9b0 device: do not treat devices with non-digit characters after . as vlan devices
f037b082923a wireless: handle WDS per-sta devices
db0fa24e1c17 bridge: fix enabling hotplug-added VLANs on the bridge port
4e92ea74273f bridge: bring up pre-existing vlans on hotplug as well
1f283c654aeb bridge: fix hotplug vlan overwrite on big-endian systems
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 1236cbe30cec8e3e8246237005140596f8611ce9)
Backport upstream patch a0a0e02 ("iwinfo: rename hardware.txt to devices.txt")
and split devices.txt (former hardware.txt) into a common libiwinfo-data
package to allow different libiwinfo versions to coexist without file
clashes.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit c13d7c82aa4cd2cbf1f61bad857cd01b795318e3)
In the aftermath of the KRACK attacks, hostapd gained an AP-side workaround
against WNM-Sleep Mode GTK/IGTK reinstallation attacks. WNM Sleep Mode is not
enabled by default on OpenWrt, but it is configurable through the option
wnm_sleep_mode. Thus, make the AP-side workaround configurable as well by
exposing the option wnm_sleep_mode_no_keys. If you use the option
wpa_disable_eapol_key_retries and have wnm_sleep_mode enabled, you might
consider using this workaround.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit bf98faaac8ed24cf7d3d93dd4fcd7304d109363b)
The country3 option in hostapd.conf allows the third octet of the country
string to be set. It can be used e.g. to indicate indoor or outdoor use (see
hostapd.conf for further details). Make this option configurable but optional
in OpenWrt.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[bump PKG_RELEASE, rebase]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 9f09c1936a4a13b67fcba632f7ca02331f685359)
Signed-off-by: Paul Spooren <mail@aparcar.org>
Drop support for building the obsolete broadcom-wl backend and always
forcibly enable the nl82011 support. This allows us to make the package
shared again since no target specific compilation is happening anymore.
This will solve various repository coherency issues related to unavailable
libiwinfo versions in the long run.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5a1065758b88b568a04a50189400321601904bdf)
This partially reverts changes done in commit 72cc44958ef4 ("treewide:
mark selected packages nonshared") as it removes the nonshared flag, but
keeps the PKG_RELEASE as the PKG_RELEASE bump while adding nonshared
flag was incorrect.
Unmark uci, ubus, libubox, lua, libnl-tiny and libjson-c as nonshared
packages as this fix attempt didn't worked out. Currently the
imagebuilder is broken again:
openwrt-imagebuilder-21.02.0-rc3-ipq40xx-generic.Linux-x86_64$ make image PROFILE=avm_fritzbox-7530 PACKAGES=luci-ssl-openssl
...
Collected errors:
* pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for luci-mod-status
* pkg_hash_fetch_best_installation_candidate: Packages for luci-mod-status found, but incompatible with the architectures configured
* pkg_hash_check_unresolved: cannot find dependency libiwinfo20210430 for rpcd-mod-iwinfo
* pkg_hash_fetch_best_installation_candidate: Packages for rpcd-mod-iwinfo found, but incompatible with the architectures configured
* satisfy_dependencies_for: Cannot satisfy the following dependencies for luci-ssl-openssl:
* libiwinfo20210430
* opkg_install_cmd: Cannot install package luci-ssl-openssl.
Everything because iwinfo's ABI was changed two times since rc3 release:
+IWINFO_ABI_VERSION:=20210430
+IWINFO_ABI_VERSION:=20210420
Since iwinfo is marked as nonshared, it wasn't built by phase2 builders, but
luci-mod-status was already updated 2 times since rc3 and was thus rebuilt by
phase2 builders:
d1d452ed2fb3 luci-mod-status: don't set '-' hostname when creating static lease
95b3633055c1 luci-mod-status: switch to html table for wlan channel analysis
So now luci-mod-status depends on libiwinfo20210430 but only
libiwinfo20210106 can be downloaded. This is first part of the fix, in
the upcoming commit Jo is going to remove nonshared flag from iwinfo
package as well.
References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035736.html
References: https://lists.infradead.org/pipermail/openwrt-devel/2021-July/035741.html
Acked-by: Jo-Philipp Wich <jo@mein.io>
Reported-by: Nick Hainke <vincent@systemli.org>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8307da3dbdaff13d5ce99f8aefa32f5b7a2e18e6)
Add forgotten colon to Makefile.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
(cherry picked from commit f0f1d68d528402b4d51a1dd08d2e2c9034167f92)
As the name suggests, act_gact has the generic actions such as dropping
and accepting packets, so move it into kmod-sched-core.
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
(cherry-picked from commit 10aacb9a6ce3445cdee39573f4120e7888beb022)
This script was expecting only add/remove events which has not been the
case since Kernel 4.12 (which added bind/unbind). Bind events were getting
treated as remove events which would cause hotplugged 3g modems to not
work.
More info:
https://lkml.org/lkml/2018/12/23/128https://github.com/systemd/systemd/issues/8221
Signed-off-by: Arjun AK <arjunak234@gmail.com>
(cherry picked from commit 89ef883b92b3a87d9ab1bd289de26b9e72681dac)
commit 5edbd390d321532d9a697d6895a1a7c71c40bd5d rearranged the
"wifi up" code.
This commit tidies up the "wifi reconf" code so as to
keep it aligned with the "wifi up" code.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit e8b54296092118fbef75de796d57799cc6c7b927)
"/sbin/wifi up" makes three ubus calls:
1. ubus call network reload
2. ubus call network.wireless down
3. ubus call network.wireless up
The first and third ubus calls call drv_mac80211_setup,
while the second ubus call triggers wireless_device_setup_cancel,
so the call sequence becomes,
1. drv_mac80211_setup
2. wireless_device_setup_cancel
3. drv_mac80211_setup
This commit swaps the order of the first two ubus calls,
1. ubus call network.wireless down
2. ubus call network reload
3. ubus call network.wireless up
Consequently drv_mac80211_setup is only called once,
and two related bugs (#FS3784 and #FS3902) are no longer triggered
by /sbin/wifi.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit b82cc8071366b8e96904a1b52af503442069b20d)
drv_mac80211_teardown fails silently if the device to be torn down is
not defined. This commit prints an error message.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit 3933e29d1b87c713167cf4730b68e5f18af4f140)
When wifi is turned off, drv_mac80211_teardown sometimes fails (silently)
because the device to be torn down is not defined.
This situation arises if drv_mac80211_setup was called twice when
wifi was turned on.
This commit ensures that the device to be torn down is always defined
in drv_mac80211_teardown.
Steps to reproduce:
1) Use /sbin/wifi to turn on wifi.
uci set wireless.@wifi-iface[0].disabled=0
uci set wireless.@wifi-device[0].disabled=0
uci commit
wifi
2) Use /sbin/wifi to turn off wifi.
uci set wireless.@wifi-device[0].disabled=1
uci commit
wifi
3) Observe that wifi is still up.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit d515f6b6cde357bf480d32a7387f07ea40e85e52)
If drv_mac80211_setup is called twice with the same wifi configuration,
then the second call returns early with error HOSTAPD_START_FAILED.
(wifi works nevertheless, despite the fact that setup is incomplete. But
"ubus call network.wireless status" erroneously reports that radio0 is down.)
The relevant part of drv_mac80211_setup is,
if [ "$no_reload" != "0" ]; then
add_ap=1
ubus wait_for hostapd
local hostapd_res="$(ubus call hostapd config_add "{\"iface\":\"$primary_ap\", \"config\":\"${hostapd_conf_file}\"}")"
ret="$?"
[ "$ret" != 0 -o -z "$hostapd_res" ] && {
wireless_setup_failed HOSTAPD_START_FAILED
return
}
wireless_add_process "$(jsonfilter -s "$hostapd_res" -l 1 -e @.pid)" "/usr/sbin/hostapd" 1 1
fi
This commit sets no_reload = 0 during the second call of drv_mac80211_setup.
It is perhaps worth providing a way to reproduce the situation
where drv_mac80211_setup is called twice.
When /sbin/wifi is used to turn on wifi,
uci set wireless.@wifi-iface[0].disabled=0
uci set wireless.@wifi-device[0].disabled=0
uci commit
wifi
/sbin/wifi makes the following ubus calls,
ubus call network reload
ubus call network.wireless down
ubus call network.wireless up
The first and third ubus calls both call drv_mac80211_setup,
while the second ubus call triggers wireless_device_setup_cancel.
So the call sequence becomes,
drv_mac80211_setup
wireless_device_setup_cancel
drv_mac80211_setup
In contrast, when LuCI is used to turn on wifi only a single call
is made to drv_mac80211_setup.
branches affected: trunk, 21.02
Signed-off-by: Bob Cantor <coxede6557@w3boats.com>
(cherry-picked from commit a29ab3b79affb62fda82e0825ed811eaf482dd3c)
Call rate control handler after intermediate queueuing
Includes follow-up fixes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
cherry-picked from commits:
- 7dd8829ef915f1c5fc728be8f8360c61ddaadf1b
- a603e82dd342680d584c4eb5f1b222e056379890
- 8bb4437c01ca35a5ac67e391630a1b24cb52dbb7
sysntpd server becomes unavailable if the index of the bound
interface changes. So let's add an interface trigger to reload sysntpd.
This patch also adds the ability for the sysntpd script to handle
uci interface name from configuration.
Fixes: 4da60500ebd2 ("busybox: sysntpd: option to bind server to iface")
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 88114f617ae7bffe13d19d7b9575659a3d3cd9b6)
These code are good enough to do this. Now we don’t need to make
this line longer and longer.
(cherry picked from commit 268a5e1191562dff8fbb7c80d08e56e31bfbf2cf)
NTPD in busybox has option -I to bind server to IFACE.
However, capabilities of the busybox are limited, the -I option cannot be
repeated and only one interface can be effectively specified in it.
This option is currently not configurable via UCI.
The patch adds an interface option to the system config, ntp section.
Also sort options for uci_load_validate alphabetically.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
(cherry picked from commit e12fcf0fe5597467f7cc21144e5f4da60500ebd2)
c45f0b5 iwinfo: add 802.11ax HE rate information
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 5515c29029ce7c63b48d1af0cbb3fbdc14ca033b)
