Enable support for stronger SHA256-based algorithms in hostapd and
wpa_supplicant when using WPA-EAP or WPA-PSK with 802.11w enabled.
We cannot unconditionally enable it, as it requires hostapd to be
compiled with 802.11w support, which is disabled in the -mini variants.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
Now that wpa_key_mgmt handling for hostapd and wpa_supplicant are
consistent, we can move parts of it to a dedicated function.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
Rework wpa_key_mgmt handling for wpa_supplicant to be consistent with
how it is done for hostapd.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Sebastian Kemper <sebastian_ml@gmx.net>
This chip has write protection enabled on power-up, so this flag is
necessary to support write operations.
Signed-off-by: Victor Shyba <victor1984@riseup.net>
This flag was added to 4.9 with upstream commit
76a4707de5e18dc32d9cb4e990686140c5664a15.
Signed-off-by: Victor Shyba <victor1984@riseup.net>
[refresh and adjust platform patches, fix commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
LS1088A is an ARMv8 implementation combining eight ARM A53 processor
cores. The LS1088ARDB is an evaluatoin platform that supports the
LS1088A family SoCs.
Features summary:
- Eight 64-bit ARM v8 Cortex-A53 CPUs
- Data path acceleration architecture 2.0 (DPAA2)
- Ethernet interfaces
- QUADSPI flash, 3 PCIe, 2 USB, 1 SD, 2 DUARTs etc
Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
This commit modifies the /lib/netifd/proto/gre.sh script so that, when
GRE-TAP tunnels are created, either IPv4 or IPv6, the prefix before the chosen
interface name contains the "tap" substring, to differentiate them from non-TAP
GRE tunnels.
Right now, both GRE and GRE-TAP tunnel (either IPv4 or IPv6) interfaces defined
in /etc/config/network are named equally ("gre-"+$ifname or "grev6"+$ifname)
upon creation. For instance, the following tunnels:
config interface 'tuna'
option peeraddr '172.30.22.1'
option proto 'gre'
config interface 'tunb'
option peeraddr '192.168.233.4'
option proto 'gretap'
config interface 'tunc'
option peer6addr 'fdc5:7c9e:e93d:45af::1'
option proto 'grev6'
config interface 'tund'
option peer6addr 'fdc0:6071:1348:31ff::2'
option proto 'grev6tap'
are named, respectively, "gre-tuna", "gre-tunb", "grev6-tunc" and "grev6-tund".
The current change makes that each GRE tunnel interface of the four different
types available (gre, gretap, grev6 and grev6tap) gets a different prefix.
Therefore, the abovementioned tunnels will be named, respectively:
"gre4-tuna", "gre4t-tunb", "gre6-tunc" and "gre6t-tund".
This is coherent with other types of virtual interfaces (i.e. PPP, PPPoE, PPPoA)
where the whole protocol name is used. For instance, a PPPoA interface named
"p1" and a PPPoE interface named "p2" will respectively appear as "pppoa-p1"
and "pppoe-p2", not as "ppp-p1" and "ppp-p2").
Since Linux interfaces names are limited to 15 characters, these prefixes leave,
for the worst case (TAP tunnels), 9 characters for the actual name.
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Looks like this was meant to workaround some limitations with
non-GNU tar variants (like BSD-tar which are present on Mac os BSD hosts).
Though, I cannot find any use of that `+s` option that's mentioned
in the comment.
Last hash of this I found was 24faf55360
In my case, it now this fails for `python-setuptools` on Mac OS X (the host-build with):
```
trapret 2 tar -C <home-dir>/work/sources-work/lede/build_dir/target-i386_pentium4_musl-1.1.15/python-setuptools-27.2.0 --strip-components=1 -xzf <home-dir>/work/sources-work/lede/dl/setuptools-27.2.0.tar.gz
bash: trapret: command not found
```
So, I was thinking maybe it's time to remove this workaround (9 years later).
I could also fix the `python-setuptools` host build. If that's more preferred.
[ Btw, I just recently transitioned to a Mac machine for dev-ing,
so a lot of (this Mac) stuff I'm finding out is new to me too. ]
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Other changes:
- Project moved to sourceware.org
- musl patch where cleaned up and submitted upstream
- TEMP_FAILURE_RETRY macro fixed and submitted upstream
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[Jo-Philipp Wich: add missing .patch extension to 007-fix_TEMP_FAILURE_RETRY]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Because wget doesn't know how to do Negotiate authentication with a proxy
and curl does, use curl if it's present. The user is expected to have a
~/.curlrc that sets the options necessary for any proxy authentication.
A ~/.curlrc is completely optional however and curl will work in exactly
the same manner as wget without one.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
[Jo-Philipp Wich: Rework code to detect curl usability by checking --version,
Use vararg style open() to bypass the shell when downloading,
Use Text::ParseWords to decompose env vars into arguments]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Brings in the following changes:
84b530a732b1 libfstools: Check return values for fread and system
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Brings in the following changes:
52d955fd802a remove obsolete mac os x /opt/local include/library search path
a4e49b4163b2 Fix unused results warnings
48cfff3fbec9 uclient-http: send correct "Host:" header if port is set
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Increasing CONFIG_SYS_BOOTM_LEN from 8 MB to 16 MB is necessary to
support uncompressing images larger than 8 MB when using the bootm
command.
Signed-off-by: Mathias Kresin <dev@kresin.me>
In case the soft reset in dwc2_core_reset() timeouts, the
hsotg->core_params are freed albeit it is owned by the core. This
results into a kernel panic as shown in FS#351.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Use the the dt-bindings macros and add the reset button.
Set the correct polarity for the LEDs and drop the default state.
Remove all trigger for the LEDs. According to the manual the LEDs are
only used to show the operation state, where blue means normal
operation.
Use the MAC-Addresses stored in EEPROM for the ethernet and the
wireless interface.
Signed-off-by: L. D. Pinney <ldpinney@gmail.com>
[use leds only for boot status indication, add proper commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
currently (after blogic's edit to my commit) it prints like this:
root@lede:/# service aa
aa does not exist. the following services are available :adblock dnsmasq gpio_switch rpcd system
boot done led sqm uhttpd
crelay dropbear log sysctl umount
cron firewall network sysfixtime urandom_seed
ddns fstab odhcpd sysntpd
which looks pretty bad, and is even worse if someone writes only "service" without arguments, as it will print " does not exist. " which is confusing.
with this commit it looks like this:
root@lede:/# service
service "" not found, the following services are available:
adblock dnsmasq gpio_switch rpcd system
boot done led sqm uhttpd
crelay dropbear log sysctl umount
cron firewall network sysfixtime urandom_seed
ddns fstab odhcpd sysntpd
Yes there is some play with " and ', it is to display "name" or just "" if no service name is entered (like in the example).
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
bnx2 driver support for the x86 architecture. Includes module and
firmware for Broadcom BCM5706/5708/5709/5716 ethernet adapters.
Signed-off-by: George Amanakis <g_amanakis@yahoo.com>
This commit introduced a syntax error in ox820-akitio.dts which is
fixed now:
commit 5cde94d9ab
Author: Daniel Golle <daniel@makrotopia.org>
Date: Sat Sep 24 01:14:53 2016 +0200
oxnas: backport upstream NAND driver
This caused the folowing error message in the build bot:
Error: arch/arm/boot/dts/ox820-akitio.dts:146.3-147.1 syntax error
FATAL ERROR: Unable to parse input tree
scripts/Makefile.lib:293: recipe for target 'arch/arm/boot/dts/ox820-akitio.dtb' failed
make[5]: *** [arch/arm/boot/dts/ox820-akitio.dtb] Error 1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This fixes the folowing security problems:
CVE-2016-9586: printf floating point buffer overflow
CVE-2016-9952: Win CE schannel cert wildcard matches too much
CVE-2016-9953: Win CE schannel cert name out of buffer read
CVE-2016-9594: unititialized random
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Currently both libustream-polarssl and libustream-mbedtls
variants define themselves as the DEFAULT_VARIANT
Remove extra DEFAULT_VARIANT from libustream-polarssl.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Later OpenVPN 2.3-openssl versions only enable
TLS cipher suites with perfect forward secrecy, i.e. DHE and ECDHE
cipher suites. ECDHE key exchange is not supported by
OpenVPN 2.3-openssl, enable DHE key exchange to allow LEDE
OpenVPN 2.4-mbedtls clients to connect to such servers.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Reported-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Reported-by: Lucian Cristian <luci@createc.ro>
Secp384r1 is the default curve for OpenVPN 2.4+. Enable this to
make OpenVPN-mbedtls clients able to perform ECDHE key exchange
with remote OpenVPN 2.4-openssl servers that use the default
OpenVPN curve.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
We have profile for this device thanks to DEVICE_PACKAGES now.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Cc: Russell Senior <russell@personaltelco.net>
We don't use this driver since commit 741715331a ("bcm53xx: switch to
m25p80 and drop bcm53xxspiflash").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
There was a typo in Makefile that prevented using these profiles.
Fixes: a75ce960ac ("ramips: use different board names for variants")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
depending packages have been moved to kernel-config
- kmod-xen-kbddev in 9fde361
- kmod-xen-fs, kmod-xen-evtchn, kmod-xen-netdev in 018807d
this will also fix imagebuilder
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
An external reset patch for AR955x accidentally led to external reset
being issued twice on AR913x, once before the RTC reset and once after.
This may be causing some stability issues.
Signed-off-by: Felix Fietkau <nbd@nbd.name>