luci using ustream-mbedtls is extremely slow vs ustream-polarssl.
polarssl alias mbedtls v1 is configured to use NIST prime speed
optimisation, so no longer disable the default optimisation for
mbedtls v2.
Compile & run tested: Archer C7v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[Jo-Philipp Wich: refresh patch to use common format]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Adds per-host leasetime support
Various bugfixes :
-Prioritize ifname resolving via ubus
-Free interface if ifindex cannot be resolved
-...
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [update mirror sha256]
This fixes the following error when mounting a ext4 filesystem
----
[ 166.240000] EXT4-fs (sda1): Cannot load crc32c driver.
----
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Commit 8f24ee6382 ("uqmi: Add proper IPv6 support") changed the code
to fetch the IPv4 address via QMI by default instead of using DHCP to
make it consistent with the IPv6 codepath.
This breaks on at least some Sierra Wireless cards, where data exchanges
fail to work until the host has fetched a DHCP lease.
Leave v6 as it is, but always use DHCP for v4.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
nf_tproxy_core was removed during 3.12 development with kernel commit
fd158d79d33d3c8b693e3e2d8c0e3068d529c2dc. The code was moved
to xt_TPROXY.c.
Fixes FS#212
Signed-off-by: Mathias Kresin <dev@kresin.me>
Adds the latest patches from Jes Sorensen for rtl8xxxu, which improve
rtl8732bu, rtl8192eu and rtl8188eu support.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Quote resolveip hostname argument to avoid bad shell injections.
While at it fix pattern match logic in case multiple IPv6 addresses
are returned for a hostname as they're seperated by newline by
resolveip and not a white space
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Adds u-boot for the at91 platform and a couple of boards.
The build honours COPTS to benefit from fortify source et al.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Now that the uhttpd init script can generate certificates using openssl as
well, update the section name and related comment to be more generic.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Before a configuration is generated, an empty file is created to store
it in. (required by UCI)
If something happens during config generation
(power cut, interruption, ..) an empty file exists and it is never
regenerated again, causing some daemons to fail starting
(NTPD, logread, ..)
Fix this by also generating new configs if a critical file
is empty.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The kmod-sound-hda-core module attempts to package snd-hda-core.ko which
does not exist in Linux 3.18, therfore only use it for kernels >= 4.1
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Support the usage of the OpenSSL command-line tool for generating
the SSL certificate for uhttpd. Traditionally 'px5g' based on
PolarSSL (or mbedTLS in LEDE), has been used for the creation.
uhttpd init script is enhanced by adding detection of an installed
openssl command-line binary (provided by 'openssl-util' package),
and if found, the tool is used for certificate generation.
Note: After this patch the script prefers to use the OpenSSL tool
if both it and px5g are installed.
This enables creating a truly OpenSSL-only version of LuCI
without dependency to PolarSSL/mbedTLS based px5g.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Prior to kernel 4.4, the hda-intel module depends on the hda-controller
utility submodule so bundle it for the older kernel versions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This patch removes the non-working wifi driver filter for
the wifi detection script.
I figured that rather than replacing ${2:-$DRIVERS} with
${1:-$DRIVERS}, it would be better to remove it. Nobody
needed it in the previous years.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
vfat filesystem fails to mount due to missing codepages with
factory-formatted flash drives. Depend on cp437 iso8559-1 and
utf8 nls modules as this covers most factory-formatted vfat
filesystems.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
This patch set adds support for PCI Intel HD Audio
sound devices. This is useful for multimedia packages
in the packages feed that one may use to create audio
servers.
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
We have to remove the FPU check, it will run in an endless loop on LEDE
when compile without FPU emulation support.
The second patch fixes this problem: valgrind: mmap(0x400000, 303104)
failed in UME with error 22 (Invalid argument).
valgrind still does not support mips16, build LEDE without mips16 support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The nf_reject_* and nf_nat_masquerade_* modules are moved into the
corresponding kmod-nf- packages. Appropriate dependencies are added to the
kmod-nft- packages.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Since the kernel makefile is using .ONESHELL, we need to add -e to
.SHELLFLAGS so errors are not ignored.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fix rt_names build failure when FORTIFY_SOURCE disabled.
Include limits.h which otherwise gets automatically included
by fortify headers.
Solves FS #194
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Now that the firmware for BCM43430 has been submitted to linux-firmware use it
and remove RPiDistro package.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This patch moves the ath10k firmware packages to the firmware submenu
in the buildroot, where it belongs.
Signed-off-by: Stijn Segers <francesco.borromini@inventati.org>
Use firmware version 10.2.4.70.54 from kvalo's git repository. The old
version (even though it's version number is greater) is an old version
from September 2015.
Using only the firmware versions from kvalo's git repo is recommended,
because those are tested by QCA's internal QCA.
The QCA988X directory received a small reorganization as a "hw2.0"
subdirectory was added - this patch also takes care of that as
board.bin was moved to that subdirectory.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
For 64-bit capable systems, a symbolic link is set up for /lib64 to point to
/lib, so make sure the installation goes into /lib, irrespective of where the C
library files come from in an external toolchain.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
There is a separate package kmod-crypto-echainiv for echainiv.ko. Selecting
both packages led to a conflict, so remove the file from kmod-crypto-iv.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This fixes bug that could cause WARNING on every add_key/del_key call.
It also replaces WARNING with a simple message. They may still occur
e.g. on station going out of range and A-MPDU stall in the firmware.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
Patches applied upstream:
* 301-fix_no_nextprotoneg_build.patch
* 302-Fix_typo_introduced_by_a03f81f4.patch
Security advisory: https://www.openssl.org/news/secadv/20160926.txt
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Adds Google's mirrors as primary source and kernel.org as fallback.
Discussed in #lede-dev on Freenode
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Within the Lua binding, use the same logic as the command line interface for
reporting the used WPA ciphers. Instead of printing the intersection of
pairwise and group ciphers, report both group and pairwise ciphers.
This fixes a case where a connection which uses CCMP for pairwise and TKIP
as groupwise cipher is getting reported as using the NONE cipher.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The Linux kernel uses two distinct fields to denote the routing table ID in
use by network routes; the 8 bit `rtm_table` member of `struct rtmsg` and the
32 bit `RTA_TABLE` netlink attribute.
If a routing table ID is larger than 255, the `RT_TABLE` attribute must be used
and the `rtm_table` field has to be set to the special `RT_TABLE_UNSPEC` value.
This commit adds a patch which...
- switches the *_n2a() and *_a2n() functions of rt_names.c to use dynamically
sized, name-sorted arrays instead of fixed arrays limited to 1024 slots in
order to support IDs up to 65535
- adds proper handling of high table IDs to iprule.c and iproute.c when
adding, removing and dumping ip rules and network routes
After this change, the Busybox ip applet fully supports IP rules with high ID
numbers, using the same logic as the full iproute2.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Remove an invalid local variable declaration in the tunnel update subshell
invocation. Local declarations outside of function scopes are illegal since
the Busybox update to version 1.25.0 .
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
All these patches are in wireless-drirvers-next. There is support for
hidden SSID, few new devices and many fixes.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Now that we know that the password is in /etc/shadow and not in
/etc/passwd, we can properly fix the logic for the empty password check.
Only 'root::' is an empty password, 'root❌' and 'root:!:' allow no
password login at all.
This fixes the empty password warning still showing after the root password
has been locked using 'passwd -l root' (e.g. to allow public-key auth
only).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.
The config symbol is kept (for a while), as packages from feeds depend on
it.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Uboot-mvebu isn't a real package, which will break the image builder
when it tries to install it during the packing step. Instead of cleafog
selecting it through its default packages, make it default to m if the
clearfog profile is selected.
This will ensure it is always build, but never added to the rootfs. This
fixes creating images for clearfog with IB.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
The clearfog image requires u-boot, so package it into KDIR to make sure
it is available in imageBuilder.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Acked-by: Felix Fietkau <nbd@nbd.name>
Running prepare_rootfs on TARGET_DIR deletes the opkg state when
CONFIG_CLEAN_IPKG is enabled, making the per-device rootfs package install
fail.
To avoid this, create a copy of the TARGET_DIR before prepare_rootfs is run
and use this as basis for per-device rootfs generation.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
br_netfilter.ko and the corresponding Kconfig symbol are already provided
by kmod-br-netfilter, which is a dependency of kmod-ebtables.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Local variable declarations outside of functions are illegal since the Busybox
update to v1.25.0, therfore remove them from the appropriate places.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update the linux-firmware package in order to force the buildbots to fetch the
proper mirrored version.
Currently each builder has its own copy of the linux-firmware checkout staged
in its own dl/, since the package was updated before the mirrored copy has
been uploaded. The builders then subsequently uploaded their own copy instead,
leading to md5sum mismatches since each clone produces different tarballs.
By bumping the package to a new version and uploading the mirrored archive
with the proper md5sum beforehand, the builders will fetch that instead and
not upload their own copies.
To properly solve that problem in the future we need to ensure that packed
checkouts become reproducable.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Since the md5sum of the mirrored Git clone archive has been set in the Makefile
before that particular archive was uploaded to the source mirror, the buildbots
uploaded their own, different copy instead invalidating the mirror md5sum for
anyone else.
In order to fix the mismatch, update the md5sum to reflect the archive being
present on the download server.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The Annex A firmware will be updated to:
05.08.01.08.01.06_05.08.00.0B.01.01_osc
The Annex B firmware will be updated to:
05.07.09.09.00.06_05.07.04.04.00.02_osc
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
Some devices (like the Cisco Meraki Z1 Cloud Managed Teleworker Gateway)
need to be able to initialize the PCIe wifi device. Normally, this is done
during the early stages of booting linux, because the necessary init code
is read from the memory mapped SPI and passed to pci_enable_ath9k_fixup.
However,this isn't possible for devices which have the init code for the
Atheros chip stored on NAND in an UBI volume. Hence, this module can be
used to initialze the chip when the user-space is ready to extract the
init code.
Martin Blumenstingl made a few fixes and added support for lantiq:
kernel: owl-loader: add support for OWL emulation PCI devices
kernel: owl-loader: don't re-scan the bus when ath9k_pci_fixup failed
kernel: owl-loader: use dev_* instead of pr_* logging functions
kernel: owl-loader: auto-generate the eeprom filename as fallback
kernel: owl-loader: add a debug message when swapping the eeprom data
kernel: owl-loader: add missing newlines in log messages
kernel: owl-loader: add support for the lantiq platform
These patches have been integrated. Thanks!
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
Match sections allow to set a tag specified by the option networkid if the client
sends an option and optionally the option value specified by the match option.
The force option will convert the dhcp-option to force-dhcp-option if set to 1 in
the dnsmasq config if options are specified in the dhcp_option option.
config match
option networkid tag
option match 12,myhost
option force 1
list dhcp_option '3,192.168.1.1'
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
A padding to align a message should not only be added between
different attributes of a netlink message, but also at the end of the
message to pad it to the correct size.
Without this patch the following command does not work and returns an
error code:
ip link add type nlmon
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Now that we have firmwares separated and brcm2708 being the only target that
actually selects SDIO support, avoid selecting all firmwares by default.
sunxi should select the proper firmwares once SDIO support is enabled and
tested.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Using few packages will allow saving some space by decreasing rootfs
size.
Moreover there are more firmware files that may require packaging and
even more to come later.
This can especially useful now, with per device rootfs.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
clean up usb gadget support:
- rename gadget modules so that they appear together and are easier to
identify as gadget modules
- make usb-lib-composite and usb-gadget hidden as there is no point in
selecting those without gadget drivers that require them as deps
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Now we have firmwares separated and bcm53xx selecting required ones make
use of it to actually save that rootfs space.
Other targets using brcmfmac (brcm2708 and sunxi) use SDIO interface and
firmware so they don't won't be affected.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Using few packages will allow saving some space by decreasing rootfs
size. Dropping 43602a1 firmware saves 316 580 B. Dropping 4366b1 saves
468 188 B.
Moreover there are more firmware files that may require packaging and
even more to come later (e.g. 4366c0).
This can especially useful now, with per device rootfs.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Permit users of the full variant to disable the NO_ID *.bind pseudo
domain masking.
Defaulted 'on' in all variants.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
As security precaution and to limit the attack surface based on
the version reported by tools like nmap mask out the dropbear
version so the version is not visible anymore by snooping on the
wire. Version is still visible by 'dropbear -V'
Based on a patch by Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove trailing _]
Don't expose dnsmasq version & other data to clients via the *.bind
pseudo domain. This uses a new 'NO_ID' compile time option which has been
discussed and submitted upstream.
This is an alternate to replacing version with 'unknown' which affects
the version reported to syslog and 'dnsmasq --version'
Run time tested with & without NO_ID on Archer C7 v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
e2fsprogs would fail linking with external toolchains which would not be able
to find several dependencies, explicit them.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Regression introduced by 3481d0d dnsmasq: run as dedicated UID/GID
dnsmasq is unable to remove its own pidfile as /var/run/dnsmasq is owned
by root and now dnsmasq runs as dnsmasq:dnsmasq. Change directory
ownership to match.
dnsmasq initially starts as root, creates the pidfile, then drops to
requested non-root user. Until this fix dnsmasq had insufficient
privilege to remove its own pidfile.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Add a dependency on DRIVER_11W_SUPPORT in order to enable the IEEE
802.11w functionality in hostapd.
Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
oneshot trigger configurations for LEDs are created, but the on/off
timing configurations are ignored. generate_config is correctly creating
oneshot configs, but the later led script doesn't recognise the trigger
details.
Fixes: c0c3f2d4c9 leds: support oneshot as well as timer triggers
Signed-off-by: Karl Palsson <karlp@etactica.com>
Enable CONFIG_PROCD_ZRAM_TMPFS compatibility via two changes to list_cpu_idx():
* detect if /tmp is being used by /dev/zram0; if yes, offset initial value by 1 to skip first zram device.
* hot-add /dev/zram1, if not already present.
Signed-off-by: Conn O'Griofa >connogriofa@gmail.com>
Add a patch to backport 5185c91385d73cdf79836eb8548e4726e43ae831
from Linux 4.8 adding USB2380 support to the NET2280 driver and
create an OpenWrt menu option to select it as a module.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
This allows kobs-ng to flash the SPL successfully on the 4.4 kernel used by
the Gateworks IMX boards supporting NAND. The previous version of kobs-ng
worked with the 3.14 kernel but will brick a board making its SPL unbootable
for the 4.4 kernel.
See http://trac.gateworks.com/wiki/ventana/bootloader#nandspl for instructions
on updating the SPL from Linux.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
power save response frames can go through the old tx path, and the tid
needs to be set for sequence numbers to be assigned correctly.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit 763f5d7873.
Currently the vfork() code path in opkg is broken and relies on unsupported
ftello() / fseeko() operations on pipes - we need to restructure the code
before we can reconsider this approach.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This reverts commit 02e3c718e9.
Currently the vfork() code path in opkg is broken and relies on unsupported
ftello() / fseeko() operations on pipes - we need to restructure the code
before we can reconsider this approach.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested briefly on Netgear r7800. Firmware failed to load on first
boot, but then it worked after that and I could not reproduce the
failure.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This tool can periodically check for ath10k firmware crashes.
If it finds a crash, it will package up the binary crash dump,
some OS level things like dmesg, lspci, etc into a tar file.
It then notifies the user about the crash and asks them to report
the bug to the appropriate email address.
This is most useful when used with ath10k-ct driver and
CT ath10k firmware, but it should also report issues with stock
ath10k driver and firmware in case one has appropriate contacts
to debug them.
This tool could be extended later for other modules/bugs/etc.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The iwinfo library might get compiled with different backends, depending on
the driver selection of the current target, so mark it as nonshared to avoid
broken libiwinfo support on other targets with same cpu architecture but
different wireless driver types.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The ATH9K_STATION_STATISTICS kernel config variable enables some extra
statistics that are useful for debugging (in particular with the airtime
fairness patches enabled). This adds that kernel config when selecting
ath9k debugging.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
This uses GFP_DMA32 for firmware swap. Fixes issue on x86-64 with
QCA 9984 chipset when host system does not have vt-d enabled.
Also tested on linksys ea8500 with 9980 chipset.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The default configuration might not be suitable for
every use case. Add options to enable/disable additional
options.
Signed-off-by: Andreas Schultz <aschultz@tpip.net>
Without any in-tree users enabled the Kernel's build process doesn't
actually build those modules. Enable some potential in-tree users
during Kernel build, so out-of-tree modules can depend on them.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
With the default priority of 0, the DEU algos would be overlapped
by the generic algos (if available).
To fix this, set the cra_priority of the hardware algos to the
recommended value of 300/400.
Signed-off-by: Martin Schiller <mschiller@tdt.de>
Now that snapshot builds are only publishing SHA-256 checksums, it makes
sense to ship an appropriate utility for verification.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
PPP daemon can be put into persist mode meaning the
daemon will not exit after a connection gets terminated
but will instead try to reopen the connection.
The re-initiation after the link has been terminated
can be controlled via holdoff; this is helpfull in
scenarios where a BRAS is in denial of service mode
due to link setup requests after a BRAS has gone down
Following uci parameters have been added :
persist (boolean) : Puts the ppp daemon in persist mode
maxfail (integer) : Number of consecutive fail attempts which
puts the PPP daemon in exit mode
holdoff (interget) : Specifies how many seconds to wait
before re-initiating link setup after it has been terminated
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
src/linksys_bootcount.c misses to include stdint.h.
Apparently musl doesn't mind and includes this header by default,
but glibc does not and causes the build to fail.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
tools/env/fw_env.c misses to include stdint.h.
Apparently musl doesn't mind and includes this header by default,
but glibc does not and causes the build to fail.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
* Only parse interfaces that are up during init_config (as the
script depends on this to determine the proper IP/subnet range)
* Add reload interface triggers for samba-designated interfaces
* Force full service restart upon config change to ensure Samba
binds to new interfaces (sending HUP signal doesn't work)
* Rename "interface" variable to "samba_iface" and move into
global scope
Needed to fix Samba connectivity for clients connecting from a
different LAN subnet (e.g. pseudobridge configurations) due to the
'bind interfaces only' setting.
Signed-off-by: Conn O'Griofa <connogriofa@gmail.com>
When PKG_CONFIG_LIBDIR was unset in the environment, the configure
script was deducing the PKG_CONFIG_LIBDIR from the location of the
pkg-config binary, which doesn't make a lot of sense, and isn't done
by other autotools based packages.
Patch imported from the Buildroot project:
https://github.com/buildroot/buildroot/blob/master/package/ncurses/0001-fixup-pkg-config-handling.patch
Also refresh patches while we're at.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Due to an empty pi_ifname in the generic failsafe setup, the deconfig
never removed the failsafe networking interface, causing broken
networking later on.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Also configure the switch based on the failsafe config, and create the
failsafe interface as tagged if necessary.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
In preparation of properly setting up vlans and switches, add
support for configuring failsafe on a vlan tagged interface.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Move preinit interface and ip config to its own function to allow
calling it from more than one place.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
Instead of board_detect generating the config as a side effect, let
config_generate call board_detect as needed.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
The security issues were reported by an anonymous researcher working with
Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Among other things, this compiles out support for peer caching.
The feature did not seem to work well in my testing of AP mode,
and totally breaks my own special use of station mode.
Briefly tested on ea8500.
Signed-off-by: Ben Greear <greearb@candelatech.com>
ath10k-ct driver was using bad defaults for 9980 if user
had not specified a fwcfg file to over-ride them.
Also, support configurable station-kickout-threshold,
which might work around issues with flakey connections.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix PKG_VERSION]
9pfs is used by kvm to share files between host and guest,
add proper config option to enable it.
Signed-off-by: Matteo Croce <matteo.croce@canonical.com>
RADIUS accounting can be used even when RADIUS authentication is not
used. Move the accounting configuration outside of the EAP-exclusive
sections.
Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
The pi_* variables and the fs_failsafe_wait_timeout variable are set by
the CONFIG_TARGET_PREINIT_* config options. No need to maintain the same
values twice.
All other fs_ variables were never used.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Change the error message about missing SSL support to be more explicit by
mentioning required package names.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Changes include:
* Higher maximum transmit power in the 5170-5250 band of the BG
regdomain
* Introduction of the CU regdomain
* Introduction of the 5725-5875 band (short-range devices) in the DE
regdomain
* Introduction of 60 GHz channels 1-4 in the KR regdomain
* Introduction of the 5725-5875 band (short-range devices) in the NL
regdomain
Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
sysupgrade immediately reboots after flashing an image and doesn't
allow to unmount filesystems. At least in case the image used for
sysupgrade is stored on a FAT formatted usb flash drive, the following
warning is printed during the next mount of the flash drive:
FAT-fs (sda1): Volume was not properly unmounted. Some data may be
corrupt. Please run fsck.
Although a data corruption during read operations is unlikely, there is
no need to scare the users.
Signed-off-by: Mathias Kresin <dev@kresin.me>
/etc/init.d/boot tried to create /dev/root based on the kernel's
cmdline which won't work on any recent targets. Remove that code now
that fstools can detect the mounted rootfs based on
/proc/self/mountinfo and /dev/root was long gone anyway.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Targets that need switch drivers should select them in their kernel
config. This prevents some bloat from creeping into targets that don't
need switchdev/dsa
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Network drivers typically allocate memory in atomic context. For that to
be reliable, there needs to be enough free memory. Set the value
heuristically based on the total amount of system RAM.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
If option ist not set then ipv6 is still enabled on this Interface.
Check if variable is zero will fix this issue.
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
multiple invocation of dnsmasq script (e.g. by procd and hotplugd)
might cause procd to restart dnsmasq with an incomplete config file.
Config file generation might take quite a long time on larger configs
due ubus calls for each listening interface...
Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
Emits an initial event after the first link-up of a force_link
interface. This is needed for making the dnsmasq dhcp check more
reliable
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Open/close triggers array around service_triggers call to make using
multiple triggers easier to deal with.
The API was quite confusing, because some functions contained implicit
trigger open/close calls and some didn't.
Signed-off-by: Felix Fietkau <nbd@nbd.name>