In order to properly support 802.11w, hostapd needs to advertise a group
management cipher when negotiating associations.
Introduce a new per-wifi-iface option "ieee80211w_mgmt_cipher" which
defaults to the standard AES-128-CMAC cipher and always emit a
"group_mgmt_cipher" setting in native hostapd config when 802.11w is
enabled.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The Annex A and Annex B version are using the same (old) userspace
boardname. Update the SUPPORTED_DEVICES to allow an update from lede-17.01.
Signed-off-by: Mathias Kresin <dev@kresin.me>
A self-dependency is not an error worth a warning; rather, it is very
common: whenever there are dependencies between different binary packages
originating from the same source package, such dependencies occur. Not
actually generating dependency rules is correct, but already handled a few
lines below.
A typo prevented this redundant rule from working, which is the reason the
warning was not actually printed.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Supermicro puts "Super Server" into their product_name DMI value
for a whole slew of products, making this value about as useful
as not having been filled in at all. Instead, fall back on the
board_name instead.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
There might be other places (such as vendor-supplied preinit scripts)
where we wish to take a DMI name and clean it up in a consistent way,
so make the sed command into a function.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Rename unwinder config symbols to match upstream changes.
Refresh patches.
Update patch that no longer applies: 202-reduce_module_size.patch
Also enable CONFIG_PAGE_TABLE_ISOLATION. This feature was backported
from 4.15 to the 4.14 stable series. It is enabled by default, so enable
it in OpenWrt as well.
Compile-tested on x86/64.
Runtime-tested on x86/64.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
While bumping 4.14, the kernel build failed due to missing CONFIG_KASAN
symbol. Move it to generic config instead of defining it for all arm64
and x86/64 targets.
It was only added in 4.0, so not needed in config-3.18.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
When using the uci.sh wrapper, allow parameters to match those supported
by the uci binary i.e. "uci rename <config>.<section>[.<option>]=<name>".
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Some packages such as Python/Python3 (host pip/pip3) needs this
to compile.
More detailed explanation provided by Alexandru:
"i need the zlib/host for Python/Python3 ; because, it seems the
host pip/pip3 needs this to work ; i suspect in older versions
this worked, because some of the host's build env would be used
in the build, and then the zlib-dev from the host distro would
be used ; now, the host-build does not seem to have any
-I/usr/include stuff, which is good
and it also seems that Python/Python3 does not like it if the
zlib-dev package is too old, so using this zlib/host would be
good for this as well"
Source:
https://github.com/lede-project/source/pull/1329#issuecomment-351055861
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Add option to use O3 optimization as not all devices have
space constraints. This option is default using GCC in upstream
but isn't in the CMake makefile for some reason.
Source: https://github.com/madler/zlib/blob/master/configure#L170
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Usage documentation for 'procd_send_signal' states "The signal is SIGHUP
by default, and must be specified by NAME." Make actual behaviour match
the stated documented behaviour.
https://wiki.openwrt.org/inbox/procd-init-scripts
Suggested-by: Jo-Philip Wich <jow@mein.io>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
a5954cf procd: Add %m to several functions that return errno.
810d7a5 procd: Remove redundant errno variable in several printf functions.
fa5ce1c procd: Replace strerror(errno) with %m.
Signed-off-by: John Crispin <john@phrozen.org>
Add the uas(p) module to the modules loaded early on the boot process.
The uas(p) is an modern alternative, which is used by the modern USB3
storage cases, compared to the bot protocol. To be able to use uas(p)
storage cases for extroot, the kernel module has to be loaded before the
search for extroot has been called. This patch changes the load order to
support uas(p) storage cases for extroot.
Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
11efbf3 overlay: fix race condition when switching to jffs2
bdeb95a libblkid-tiny: add support for NTFS superblock
ef2cc03 fstools: Replace strerror(errno) with %m format.
98fd5b4 libblkid-tiny: add support for UBI superblock
Signed-off-by: John Crispin <john@phrozen.org>
Use flock to protect init script from concurrent execution
(of the same script).
Important for services which generate native config files.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Andrejs Hanins <ahanins@gmail.com>
This is needed for procd init script protection to work.
flock adds 4248 bytes to stripped busybox binary.
Signed-off-by: Roman Yeryomin <roman@advem.lv>
The CPU sub type was set to a CPU version with FPU, but the FPU feature
was not activated before, so a soft float toolchain was created.
Activate also the FPU feature to create the correct toolchain.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This activates neon and VFPv4 support for this target. The CPU support
these feature so also use them.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.
Fixes: FS#1181 - CVE-2017-16544:
Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8https://nvd.nist.gov/vuln/detail/CVE-2017-16544
Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
In current state, if there is START but no STOP, enbale()
will return 1 (failure), which is wrong.
Moreover there is no need to check for START/STOP twice.
Instead, add err variable to save success state and
and return it's value.
Also eliminate the need to disable() by using 'ln -sf',
which will first delete the old symlink if one exists.
Changes from v1:
- fixed description
Signed-off-by: Roman Yeryomin <roman@advem.lv>
5beb95d lua: additionally return name when looking up sections
ff33bb2 lua: support extended section notation
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fix overhead accounting error introduced by f33c4d6 refactor
cake_advance_shaper and ack_filter
Symptoms were links running under rate.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Since BusyBox 1.25.0 dd command supports iflag=skip_bytes which allows
skipping requested amount of bytes without reducing blocksize. Thanks to
this we can leave default blocksize and let dd work more efficiently.
On Netgear R6250 "dd skip=58 iflag=skip_bytes" can be 5 times faster
than "dd bs=58 skip=1" when extracting TRX out of CHK.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It's a device based on BCM5365P (0x5365 package 0x00). This SoC has
USB 1.1 controller but device has two USB 2.0 parts. They are handled by
PCI-based controllers: 1106:3038 UHCI and 1106:3104 EHCI.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This was broken in 7bab49fd ("lantiq: add compatible strings to dts
files"), causing for the dm200 garbled serial output during boot, and
likely other issues.
Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
[fix the compat string of the P2601HNFX as well]
Signed-off-by: Mathias Kresin <dev@kresin.me>
Enabling IPTABLES_NFTABLES resulted in an error during build:#
*** No rule to make target '../extensions/libext.a',
needed by 'xtables-compat-multi'."
Comments from Alexander Lochmann and Fedor Konstantinov in FS#711
provided fixes for this build error, allowing iptables to compile.
https://bugs.lede-project.org/index.php?do=details&task_id=711.
This commit updates the Makefile.am xtables_compat_multi_LDFLAGS
and _LDADD, moving linking of extensions to LDFLAGS.
Signed-off-by: rektide de la faye <rektide@voodoowarez.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 8170f280c4 ("base-files: set FAILSAFE in /etc/profile when
/tmp/.failsafe exists")
That patch fixes handling SPI messages with two writing transfers. It's
important when using e.g. by m25p80 driver which uses one transfer for
opcode and another one for data.
Thanks to that fix we can now drop m25p80 workaround patch. It means one
less hack and also a better flash writing performance as there is no
more data buf copying.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>