Lantiq and IPQ806X (which includes IPQ40XX) both define the
same custom function {ipq806x|lantiq}_get_dt_led.
This patch moves the function into the base-file package at
lib/functions/leds.sh to make it more accessible for other
targets as well.
Cc: Mathias Kresin <dev@kresin.me>
Cc: John Crispin <john@phrozen.org>
Cc: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
To not clutter the system when building an opkg free image, generate the
distfeeds.conf only if CLEAN_IPKG is unset.
Since opkg is now a shared package, we can't rely on PACKAGE_opkg, but
since opkg is not reasonably usable without the status information, we
can tie the distfeeds.conf to it.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Ensure /etc/opkg exists before trying to write there. This fixes a build
failure if SIGNED_PACKAGES is disabled.
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
All the relevant options used for distfeeds.conf are part of base-files,
so it makes more sense to move the file there as well.
This has the added benefit that the we can share the opkg package again,
reducing the amount of target specific packages.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Bump to latest WireGuard snapshot release:
44f8e4d version: bump snapshot
bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x
679e53a chacha20: avx512vl implementation
10b1232 poly1305: fix avx512f alignment bug
5fce163 chacha20poly1305: cleaner generic code
63a0031 blake2s-x86_64: fix spacing
d2e13a8 global: add SPDX tags to all files
d94f3dc chacha20-arm: fix with clang -fno-integrated-as.
3004f6b poly1305: update x86-64 kernel to AVX512F only
d452d86 tools: no need to put this on the stack
0ff098f tools: remove undocumented unused syntax
b1aa43c contrib: keygen-html for generating keys in the browser
e35e45a kernel-tree: jury rig is the more common spelling
210845c netlink: rename symbol to avoid clashes
fcf568e device: clear last handshake timer on ifdown
d698467 compat: fix 3.10 backport
5342867 device: do not clear keys during sleep on Android
88624d4 curve25519: explictly depend on AS_AVX
c45ed55 compat: support RAP in assembly
7f29cf9 curve25519: modularize dispatch
Refresh patches.
Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
As MD5 is known weak for many years and more and more
penetration test tools complain about enabled MD5 HMAC
I think it's time to drop it.
By disabling the MD5 HMAC support dropbear will also
automatically use SHA1 for fingerprints.
This shouldn't be a problem too.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Add config option which allows to enable/disable DHCP support at compile
time. Make DHCPv6 support dependant on DHCP support as DHCPv6 support
implies having DHCP support.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
- use %d instead of %n for opkg feed identifiers
- remove %n / %N references from version files
Fixes bf5cef47b3 merge: release/banner: drop release name and update banner.
Fixes FS#1213.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
udhcpc doesn't send a hostname by default. Use the system hostname if
nothing else is specified, to always send a hostname.
It syncs the behaviour to odhcpc, which always sends a hostname.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Kernel and rootfs in a subdirectory matching the userspace boardname,
was intended to use a single sysupgrade-tar archive for multiple boards
with different kernel/rootfs images. This feature was never used.
Use the first found directory in the tar archive instead of relying on
a directory named according to the userspace boardname.
It allows to change the boardname without adding another compatibility
layer - using the nand_board_name() function - for (sub)targets using
the metadata based image validation in favour to
nand_do_platform_check().
Signed-off-by: Mathias Kresin <dev@kresin.me>
This patch fixes two issues with the current get_partitions()
function.
First: "Invalid partition table on $disk" will pop up on
legitimate images on big endian system.
This is because the little-endian representation of "55 AA" is
assumed in the context of little-endian architectures. On these
comparing it to the 16-bit word 0xAA55 does work as intented.
Whereas on big-endian systems, this would have to be 0x55AA.
This patch fixes the issue by replacing the integer conversion
and value match check with just a string comparision.
Second: The extraction of the type, start LBA and LBA num from
the partition table has the same endianness issue. This has been
fixed by using the new hex_le32_to_cpu() function. This function
will translate the stored little-endian data to the correct
byte-order if necessary.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.2.1-00058 firmware for the QCA4019.
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
d02a05b mt7603: update firmware to version 20160107100755
4d4cd05 Partially revert "mt7603: use mcu command to set timing registers, fix OFDM timeout values"
170f334 mt76x2: remove MAC address limitation for multi-vif setups
3563b8f mt76x2: clean up MAC/BSSID address initialization
9de77e1 mt76x2: drop wiphy->addresses
a6a6e25 mt76x2: init: disable APCLI by default
c64633e mt76x2: configure rx filter based on monitor mode setting
ac815fa mt76x2: init: fix rx filter default value during init
e504656 mt7603: configure other-unicast drop based on monitor mode setting
Signed-off-by: Felix Fietkau <nbd@nbd.name>
add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)
Fixes CVEs: CVE-2017-3737, CVE-2017-3738
Signed-off-by: Peter Wagner <tripolar@gmx.at>
Different invocations of the dnsmasq init script (e.g. at startup by procd)
will rewrite the dhcp host file which might result into dnsmasq reading an
empty dhcp host file as it is being rewritten by the dnsmasq init script.
Let the dnsmasq init script first write to a temp dhcp host file so it does
not overwrite the contents of the existing dhcp host file.
Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.
Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.
Make this option configurable via UCI, but disabled by default.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
Tiny variant supports a subset of the ip commands; align the ip help
text so it actually reflects which commands are supported in the
tiny variant.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Preserves optionality of libmnl by letting configuration
script follow the HAVE_MNL environment variable.
Signed-off-by: Russell Senior <russell@personaltelco.net>
If all configured dns servers return refused in response to a query in
strict mode; dnsmasq will end up in an infinite loop retransmitting the
dns query resulting into high CPU load.
Problem is fixed by checking for the end of a dns server list iteration
in strict mode.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
11f42a8 mt76x2: add channel argument to eeprom tx power functions
3bd7e76 mt76x2: initialize channel power limits
19fff41 mt76x2: convert between per-chain tx power and combined output
737cf2b mt7603: rename mt7603_mac_reset to mt7603_pse_reset
8026638 mt7603: rename MT_PSE_RESET register
c4dd32a mt7603: remove watchdog reset on interface stop
d99092b mt7603: remove WARN_ON_ONCE for workaround checks
c8807b4 mt7603: simplify PSE reset
d8a5990 mt7603: warn if PSE reset fails
c079960 mt7603: clean up dma debug reads
96817d6 mt7603: make mt7603_mac_watchdog_reset() static
e953c78 mt7603: clear wtbl PS bit for powersave responses
57a2e33 mt7603: set tx-skip flag for powersave clients
c8e5ab1 mt7603: initialize wtbl ps flag on station add
b4034cf mt76x2: remove some harmless WARN_ONs in tx status and rx path
8e17d36 mt7603: remove some harmless WARN_ONs in rx path
Signed-off-by: Felix Fietkau <nbd@nbd.name>
layerscape firmware package names collide with existing package contributions.
Ex: layerscape mc and midnight-commander(mc) are in conflict.
Firmware packages: mc, ppa, rcw and dpl are renamed to ls-mc, ls-ppa, ls-rcw
and ls-dpl respectively.
Signed-off-by: Ted Hess <thess@kitschensync.net>
CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access
For other bugfixes and changes in 7.57.0 see https://curl.haxx.se/changes.html
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Latencies can be much higher on wifi devices, especially with
aggregation. Tune the network stack setting introduced in the previous
commit to account for that.
This commit reintroduces the previously reverted one with a fix for the
crash issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Due to improper localization of helper variables, "config host" entries
without a given mac address may inherit the mac address of a preceeding,
leading to invalid generated netive configuration.
Fix the issue by marking the "macs" and "tags" helper variables in
dhcp_host_add() local, avoiding the need for explicitely resetting them
with each invocation.
Reported-by: Russell Senior <russell@personaltelco.net>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This reverts commit 2dc485250d.
This patch needs some additional checks in order to avoid overwriting
unrelated fields for request sockets.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
== Changes ==
* compat: support timespec64 on old kernels
* compat: support AVX512BW+VL by lying
* compat: fix typo and ranges
* compat: support 4.15's netlink and barrier changes
* poly1305-avx512: requires AVX512F+VL+BW
Numerous compat fixes which should keep us supporting 3.10-4.15-rc1.
* blake2s: AVX512F+VL implementation
* blake2s: tweak avx512 code
* blake2s: hmac space optimization
Another terrific submission from Samuel Neves: we now have an implementation
of Blake2s using AVX512, which is extremely fast.
* allowedips: optimize
* allowedips: simplify
* chacha20: directly assign constant and initial state
Small performance tweaks.
* tools: fix removing preshared keys
* qemu: use netfilter.org https site
* qemu: take shared lock for untarring
Small bug fixes.
Remove myself from the maintainers list: we have enough and I'm happy to
carry on doing package bumps on ad-hoc basis without the 'official'
title.
Run-tested: ar71xx Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
