Backing up the current firmware from U-Boot over serial can take hours.
Booting a working Linux image for backup purposes is not always an option.
Using the tftpput command in U-Boot is the fastest and easiest way.
tftpput will upload the contents of a memory region to the TFTP server.
The IP address of the server is stored in the serverip variable.
Usage:
tftpput <memaddr> <length> <filename>
Example for a complete flash backup of an o2 Box 6431 (VGV7510KW22):
VGV7510KW22 # tftpput 0xB0000000 0x1000000 o2boxbackup.bin
Signed-off-by: Carl-Daniel Hailfinger <c-d.hailfinger.devel.2006@gmx.net>
94e65ee ndp: use IPv4 address list when comparing IPv4 addresses
ff5020d dhcpv6-ia: rework reconfigure accept logic
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
While debugging an issue with a client device, wpa_supplicant did not
seem to log anything at all. Make wpa_supplicant log to syslog instead
of stdout, to make debugging easier and to be consistent with hostapd.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
With failsafe disabled there is no point in early network setup. We
don't send announcement over UDP and there is no way to ssh to the
device.
A side effect of this is avoiding a possibly incorrect network config
(only with failsafe disabled). This problem is related to possible
changes made by user in /etc/config/network.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
If xfer_mode is set to auto the vdsl_cpe_control daemon assumes that
ATM should be used for ADSL and PTM for VDSL.
xfer_mode and line_mode can be set to fixed value independantly from
each other.
The syntax for the tc_layer argument of vdsl_cpe_control is as follow:
-T<TcADSL>:<TcCfgUsADSL>:<TcCfgDsADSL>_<TcVDSL>:<TcCfgUsVDSL>:<TcCfgDsVDSL>
where TcADSL and TcVDSL can be: 1=ATM, 2=PTM/EFM, 4=Auto TC-Layer
and TcCfgUsADSL, TcCfgUsVDSL, TcCfgDsADSL, TcCfgDsVDSL can be:
1=64/65-octet encapsulation supported
2=64/65-octet encapsulation with pre-emption
3=64/65-octet encapsulation with short packets
Default: In case of no '-T' option is given, ADSL will be configured
in ATM and VDSL in PTM/EFM: -T1:0x1:0x1_2:0x1:0x1
The '-M' argument of dsl_cpe_control defines the initial DSL mode
(NextMode) for ADSL/VDSL multimode handling.
Possible Values: 0=API-default, 1=ADSL, 2=VDSL
Default: In case of no '-M' option is given, '0' (API-default) will
be selected.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
This is needed to be able to load the ltq-atm/ltq-ptm driver
from a notify script during synchronization, because the line can
reach showtime state before the driver is fully loaded.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
The esi call was added to workaround a race condition between applying
a configured mac address to the wan interface and starting the protocol
(handler) as it was observed in a DHCP over ATM bridge configuration.
Martin Schiller, TDT GmbH was so kind to test with their local
infrastructure if the race condition still exists. The provided package
dumps captured behind the DSLAM shows that it doesn't. It was most
likely fixed with adding carrier support to the lantiq ptm/atm driver.
Signed-off-by: Mathias Kresin <dev@kresin.me>
296b4a0 dhcpv6: assign all viable DHCPv6 addresses by default (FS#402, FS#524)
f4d38e0 treewide: reflect managed mode is related to RA
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Commits since last 2017-07-11:
4bd8601 pkg_parse: fix segfault when parsing descriptions with leading newlines
Fixes FS#933.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The tftp and irc netfilter modules are provided by nf-nathelper-extra
and not by nf-nathelper.
Signed-off-by: Uwe Arnold <donvipre@gmail.com>
[move the irc module as well]
Signed-off-by: Mathias Kresin <dev@kresin.me>
The flag needs to be cleared for the last packet in the list, not the
first one. Fixes some issues with multicast packet loss for powersave
clients connected to an ath9k AP.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
FCC regulatory rules allow for up to 3 dBi antenna gain. Account for
this in the EEPROM based tx power reduction code.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Browseable is now set through LuCI per share, so remove it. Same with
writeable (inverted synonym for read only). domain master and preferred
master seem to be legacy settings for Windows 9x. encrypt passwords
defaults to yes. Probably should not be disabled either.
Also reordered alphabetically.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message, fix SoB, fix author, bump pkg revsion]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Intent is to link against it, and have the option to
not install the ipset utility (if needed).
One example/use-case is keepalived (from package)
feeds, where it would be nice to just depend on a
`libipset` (sub)package.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Introduce a new UCI list setting `list dhcp_option_force` which is available
in sections of type `dnsmasq` and `dhcp`.
The `dhcp_option_force` setting has the same semantics as `dhcp_option` but
generates `dhcp-option-force` directives instead of `dhcp-option` ones in
emitted native configuration.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
When processes don't die on SIGKILL (usually because of kernel bugs), it's
better to give up instead of looping forever.
upgraded will trigger a reboot in this case (and if this fails, a hardware
watchdog will eventually time out and reset the system, if present).
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
arc-2017.03 is the most recent release toolchain for ARC cores
and it is based on upstream Binutils 2.28 and GCC 6.3.0
Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: John Crispin <john@phrozen.org>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Remove ping check in DHCPDISCOVER case as too many buggy clients leave
an interface in configured state causing the ping check to fail.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
For targets using the generic board detection and board specific
settings in diag.sh, the board name is still unset at the time the
set_state() provided by diag.sh is called by 10_indicate_preinit.
Change the execution order to ensure the boardname is populated before
required the first time. Do the target specific board detection as
early as possible, directly followed by the generic one to allow a
seamless switch to the generic function for populating /tmp/sysinfo/.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw
-I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to
become full when a packet flood with randomly selected source IP addresses
is received from the lan side.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Depending on busybox applet selection, paths of basic utiilties may differ,
and may not work as symlinks to busybox. Simply using whatever binary is
found in PATH and detecting symlinks automatically is more robust and
easier to maintain.
The list of binaries is also slightly cleaned up and duplicates are
removed.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Commit 5cd88f4 "dnsmasq: remove use of uci state for getting network ifname"
broke the ability to specify unmanaged network device names for inclusion
and exclusion in the uci configuration.
Restore support for raw device names by falling back to the input value
when "network_get_device" yields no result.
Fixes FS#876.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This is necessary for devices using the PSB80108/VRX220LD front-end
(currently only known on the Netgear DM200).
Signed-off-by: Thomas Nixon <tom@tomn.co.uk>
f0d78e7 ndp: optimize check_addr6_updates code
94afe3b ndp: fix syslog tracing for netlink neigbor and address events
18df6cc treewide: rework logic to retrieve IPv6 interface addresses
803b83e router: use enum to specify order and index of iov struct
5dad295 treewide: rework code to get rid of fixed IPv6 address arrays
3e4c8ad config: rework code to get rid of IFNAMSIZ usage
ab7813e treewide: use angle-brackets to include libubox header files
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Fixes mt7603 stablity and performance issues
af32615 mt7603: change auto rate control register initialization
01fb9ba mt7603: fix control/status retries count estimation
cf4ba12 mt7603: avoid tx rate sampling using no retransmissions
32eab50 mt7603: set wtbl entry vif index
c4e3dea mt7603: use the real vif index in txwi header for normal tx.
e90a81a mt7603: fix channel width fall back in TXWI
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Other distributions incl. the OpenWrt ImageBuilder and SDK
expect to find the bzip2 executable in /bin.
Create a symlink at that location for compatibility.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This is functionally the same as --server, but provides some syntactic sugar to
make specifying address-to-name queries easier.
For example --rev-server=1.2.3.0/24,192.168.0.1 is exactly equivalent to
--server=/3.2.1.in-addr.arpa/192.168.0.1
Signed-off-by: DUPONCHEEL Sébastien <sebastien.duponcheel@corp.ovh.com>
Backport upstream dnsmasq patch fixing DNS failover when first servers
returns REFUSED in strict mode; fixes issue FS#841.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Add a uci option to set the new max auth tries paramater in dropbear.
Set the default to 3, as 10 seems excessive.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Add support for '-T n' for a run-time specification for maximum number
of authentication attempts where 'n' is between 1 and compile time
option MAX_AUTH_TRIES.
A default number of tries can be specified at compile time using
'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for
backwards compatibility.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
RADIUS protocol could be used not only for authentication but for
accounting too. Accounting could be configured for any type of networks.
However there is no way to configure NAS Identifier for non-WPA
networks without this patch.
Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
[cleanup commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
ath10k-firmware: add qca9888 firmware
the firmware files for qca9888 were previously not packaged. add the meta
information for doing so.
Signed-off-by: John Crispin <john@phrozen.org>
Don't start ping-check of address in DHCP discover if there already
exists a lease for the address. It has been reported under some
circumstances android and netbooted windows devices can reply to
ICMP pings if they have a lease and thus block the allocation of
the IP address the device already has during boot.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Expose "term_timeout" parameter in procd.sh to allow init scripts to
request a longer termination timeout.
This is required to fix FS#859 in a later commit.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Adjust default permissions and ownership of /dev/tty* nodes from
0600/root:root to 0660/root:tty in order to support granting
unprivileged user access when needed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This is needed for an upcoming change to the hotplug default rules which
will cause /dev/tty* nodes to get assigned to the "tty" group in order
to support unprivileged user access when needed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fixes some security issues (no remote exploits), and introduces
some changes. See release notes for details:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.5.1-2.1.8-and-1.3.20-released
* Fixes an unlimited overread of heap-based buffers in mbedtls_ssl_read()
* Adds exponent blinding to RSA private operations
* Wipes stack buffers in RSA private key operations (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt())
* Removes SHA-1 and RIPEMD-160 from the default hash algorithms for certificate verification.
* Fixes offset in FALLBACK_SCSV parsing that caused TLS server to fail to detect it sometimes.
* Tighten parsing of RSA PKCS#1 v1.5 signatures, to avoid a potential Bleichenbacher/BERserk-style attack.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Use the size of the input file as maximum tffs size instead of a fixed
value. The tffs on a AVM Fritz 300E can be up to 512KByte for example.
Fixes a read error for the AVM Fritz 3370 where the tffs partition size
is 64Kbyte and smaller than the former default value of 256KByte.
Signed-off-by: Mathias Kresin <dev@kresin.me>
this is a cherrypick from busybox-git HEAD:
f5470419404d643070db99d058405b714695b817
and can be removed when upgrading to
next busybox release. discussion here:
http://lists.busybox.net/pipermail/busybox/2017-May/085439.html
Signed-off-by: Bastian Bittorf <bb@npl.de>
During auto channel selection we may wish to prefer certain channels
over others.
e.g. we can just squeeze 4 channels into europe so '1:0.8 5:0.8 9:0.8
13:0.8' does that.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
This is a backport from the busybox repository
(192dce4b84fb32346ebc5194de7daa5da3b8d1b4); it enables the use of the
suppress_{prefixlength,ifgroup} flags for policy routing rules.
Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
dnsmasq can match tags in its dhcp-range configuration, this commit adds
the option to configure it in the dhcp section
uci configuration:
config dhcp 'lan'
option interface 'lan'
list tag 'blue'
list tag '!red'
option start '10'
option limit '150'
option leasetime '12h'
generated dnsmasq configuration:
dhcp-range=tag:blue,tag:!red,set:lan,192.168.1.10,192.168.1.159,255.255.255.0,12h
Signed-off-by: Grégoire Delattre <gregoire.delattre@gmail.com>
453116e system: introduce new attribute board_name
e5b963a preinit: define _GNU_SOURCE
e5ff8ca upgraded: cmake: Find and include uloop.h
f367ec6 hotplug: fix a memory leak in handle_button_complete()
796ba3b service/service_stopped(): fix a use-after-free
79bbe6d system: return legacy board name
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
There already exist static assignment of uid/gid 65533 in packages feed
and we have nobody/nogroup taking 65534 as their ids. Let's change the
pid of dynamic assignment to start from 65536 so that the two assignment
scheme will not collide with each other
While at it, fix the scan command checking existence of uid/gid
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The offset and factor are only related for LEDs which can have
different brightness values. But binary LEDs are more common and don't
require any further configuation than setting the factor to 1.
Use offset = 0 and factor = 1 in case nothing else is specified.
Signed-off-by: Mathias Kresin <dev@kresin.me>
As of now OTP is being correctly parsed and the driver requires to parse pre-caldata to follow corresponding routine.
Rename cal file into pre-calfile so the board initialized correctly with API 2 board data (board-2.bin).
Also remove the now unneeded for qca9984 board.bin symlink to 5GHz calfile.
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
With this patch the dnsmasq init script manages resolv.conf if and only if
when dnsmasq will listen on 127.0.0.1#53 (is main resolver instance).
Also, resolvfile is now set irrespective of the value of noresolv.
Fixes (partially) FS#785
Signed-off-by: Paul Oranje <por@xs4all.nl>
'non-wildcard' interfaces enables dnsmasq's '--bind-dynamic' mode. This
binds to interfaces rather than wildcard addresses *and* keeps track of
interface comings/goings via a unique Linux api.
Quoting dnsmasq's author "bind-dynamic (bind individual addresses, keep
up with changes in interface config) ... On linux, there's actually no
sane reason not to use --bind-dynamic, and it's only not the default for
historical reasons."
Let's change history, well on LEDE at least, and change the default!
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Don't pass the value unconditionally to swconfig as a parameter but
instead only call reset if it is 1.
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
split kexec-tools into two packages, kexec and kdump.
* kexec to simply execute a new kernel
* kdump is for loading and collecting debris of a crashed kernel with
support for kdump forensics.
In order to properly support booting into a crashkernel, an init script
as well as UCI configuration has been added.
As modifying the kernel cmdline is required for this to work in x86
platforms use an uci-defaults script to modify /boot/grub/grub.cfg.
To test collecting crash information, use the 'c' sysrq-trigger, ie.
echo c > /proc/sysrq-trigger
This should result in the crash kernel being executed and (depending
on the configution) dmesg and/or vmcore getting saved.
To check if the crash kernel was loaded properly, use the 'status'
command of the kdump init script.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Commit b32689afd6 added support for dhcp-script hook.
Adding dhcp-script config option results into two instances of dnsmasq being run
which triggered oom issues on platforms having low memory.
The dnsmasq dhcp-script config option will now only be added if at least one of the
dhcp, tftp, neigh hotplug dirs has a regular hotplug file or if the dhcpscript uci
config option is specified.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Change network_get_subnet6() to sensibly guess a suitable prefix
Attempt to return the first non-linklocal, non-ula range, then attempt
to return the first non-linklocal range and finally fall back to the
previous behaviour of simply returning the first found item.
* Fix network_get_ipaddrs_all()
Instead of replicating the flawed logic appending a fixed ":1" suffix
to IPv6 addresses, rely on network_get_ipaddrs() and network_get_ipaddrs6()
to build a single list of all interface addresses.
* Fix network_get_subnets6()
Instead of replicating the flawed logic appending a fixed ":1" suffix
to IPv6 addresses, rely on the ipv6-prefix-assignment.local-address
field to figure out the proper network address.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rework the network_get_ipaddr6() and network_get_ipaddrs6() functions to
fetch the effective local IPv6 address of delegated prefix from the
"local-address" field instead of naively hardcoding ":1" as static suffix.
Fixes FS#829.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Error is:
```
ompile-loc2c.o compile-c-support.o inflow.o init.o \
../sim/ppc/libsim.a -lreadline ../opcodes/libopcodes.a ../bfd/libbfd.a -L./../zlib -lz ../libiberty/libiberty.a ../libdecnumber/libdecnumber.a -lncurses -lm ../libiberty/libiberty.a build-gnulib/import/libgnu.a -ldl -Wl,--dynamic-list=./proc-service.list
../sim/ppc/libsim.a(idecode.o): In function `update_time_from_event':
idecode.c:(.text+0x170): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o): In function `event_queue_tick':
idecode.c:(.text+0x1cc): undefined reference to `error'
idecode.c:(.text+0x28c): undefined reference to `error'
idecode.c:(.text+0x318): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o): In function `cpu_halt.constprop.6':
idecode.c:(.text+0x398): undefined reference to `error'
../sim/ppc/libsim.a(idecode.o):idecode.c:(.text+0x4e4): more undefined references to `error' follow
collect2: error: ld returned 1 exit status
Makefile:1420: recipe for target 'gdb' failed
make[5]: *** [gdb] Error 1
```
Seems others are running into this as well.
The problem seems to be that some code may be built
as C++ and not C, which may explain the linker error.
On this thread reply:
https://sourceware.org/ml/gdb/2016-11/msg00045.html
it mentions that the simulator should not call GDB's
"error" function directly, but rather use the "host_callback"
struct.
I have no idea about the use of the GDB simulator within
the OpenWrt/LEDE community.
So, I took the easier route, which is to disable the simulator.
(Also suggested here: https://sourceware.org/ml/gdb/2016-11/msg00047.html )
If needed, I can make an effort to fix the simulator for PPC.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This allows packages to use kernel make options without the forced
-C $(LINUX_DIR). It also makes it more clear that it to be called from
kernel module packages directly.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The kernel needs to have PERF_EVENTS built otherwise we will run into
the following:
root@(none):/# perf top
perf_event_open(..., PERF_FLAG_FD_CLOEXEC) failed with unexpected error
89 (Function not implemented)
perf_event_open(..., 0) failed unexpectedly with error 89 (Function not
implemented)
Error:
The sys_perf_event_open() syscall returned with 89 (Function not
implemented) for event (cycles).
/bin/dmesg may provide additional information.
No CONFIG_PERF_EVENTS=y kernel support configured?
Make sure this functional dependency is captured.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
The ltq-adsl-mei package is used for 3 lantiq device types:
danube, amazon-se and ar9.
These different SoC's need also different definitions.
Signed-off-by: Tino Reichardt <milky-lede@mcmilk.de>
[fix LTQ_USB_OC_INT for AR9 to match documentation]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This patch makes possible to tweak the downstream SNR margin on
Lantiq DSL devices.
The UCI parameter 'network.dsl.ds_snr_offset' is used to set the SNR
margin offset. It accepts values in range -50 to +50 in 0.1 dB units.
The SNR margin can thus be modified in range -5.0 to +5.0 dB in 0.1 dB
steps.
Currently this should only affect ADSL (not VDSL). It should be very
easy to make this work also on VDSL lines, but since I couldn't test
on VDSL lines this patch does not do that yet.
I have also a patch for LUCI about this, that I could submit.
Tested on FB3370 (Lantiq VR9) and Telecom Italia ADSL2+ line.
Signed-off-by: Andrea Merello <andrea.merello@gmail.com>
The umdns init script includes function/network.sh globally, outside of any
service procedure. This causes init script activation to fail in buildroot
and IB context if umdns is set to builtin.
Additionally, the network.sh helper is not actually used.
Drop the entire include in order to repair init script activation in build
host context. Fixes FS#658.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
mvebu was modifying RAMFS_COPY_BIN and RAMFS_COPY_DATA from a
sysupgrade_pre_upgrade hook. As the ramfs is created from stage2, this
did not have an effect anymore after the staged sysupgrade changes.
As it doesn't really hurt to copy fw_printenv and fw_setenv
unconditionally, simply add them in /lib/upgrade/platform.sh, so stage2
will see them.
Config copying is moved to a function called by platform_copy_config, where
it belongs.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: FS#821
Fixes: 30f61a34b4 "base-files: always use staged sysupgrade"
Assign the virtual DHCPv6 interface the firewall zone of the parent interface
so fw3 knows the zone to which the virtual DHCPv6 interface belongs.
This guarantees the firewall settings are applied correctly for the virtual
DHCPv6 interface and allows to query the zone to which the virtual DHCPv6
interface belongs via the fw3 network option.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
remove files which include the following mode options
BlackberryMode OptionMode PantechMode QuantaMode
Signed-off-by: Julian Labus <julian@labus-online.de>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This patch is in continuation of: commit 93aa860405
"procd: nand: make it possible to configure kernel and ubi partition"
The $CI_KERNPART variable should be used in place
of the fixed "kernel" partition name. This allows
targets to specifiy alternate names for the kernel
partition.
Cc: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
easy-rsa v3 is now a single script. It expects a 'vars'
configuration file which path can be set using easy-rsa
options, environment variables or just looking in the
current directory.
The default usage would be:
# cd /etc/easy-rsa
# easy-rsa COMMAND [command-options]
Following upstream changes, /etc/easy-rsa/pki replaces
/etc/easy-rsa/keys directory.
The default /etc/easy-rsa/pki dir is marked to be kept during
upgrade (WARN: priv keys are saved in the system backup)
/etc/easy-rsa/openssl.1.0.cnf is now marked as config file while
index and serial got removed.
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
EnGenius ENS202EXT is an outdoor wireless access point with
2-port 10/100 switch, detachable antennas and proprietery PoE.
The device is based on Qualcomm/Atheros AR9341 v1.
Specifications:
- 535/400/200 MHz (CPU/DDR/AHB)
- 64 MB of RAM
- 16 MB of FLASH
- UART (J1) header on PCB (unpopulated)
- 2x 10/100 Mbps Ethernet
- 2.4 GHz, up to 26dBm
- 2x external, detachable antennas
- 7x LED, 1x button
Flash instructions:
You have three options:
- Use the vendor firmware upgrade page on the web interface and give
it the factory.img. This is the easiest way to go about it.
- If you have serial access during u-boot, interrupt the normal boot
(any key before timeout) and run 'run failsafe_boot'; this will bring
you to a minimal openwrt luci image on ip 192.168.1.1 useful if you've
bricked the normal firmware.
- Use the vendor's management cli, which can be accessed via telnet
with the same credentials as the web login (default admin:admin), then
issue the following commands:
*** Hi admin, welcome to use cli(V-1.6.7) ***
---========= Commands Help =========---
stat -- Status
sys -- System
wless2 -- 2.4G-Wireless
mgmt -- Management
tree -- Tree
help -- Help
reboot -- Reboot
ens202ext>mgmt
Management
---========= Commands Help =========---
admin -- Administration
mvlan -- Management VLAN settings
snmp -- SNMP settings
backup -- Backup/Restore settings
autorb -- Auto reboot settings
fwgrade -- Firmware upgrade
time -- Time settings
wifisch -- Wifi schedule
log -- Log
diag -- Diagnostics
disc -- Device Discovery
logout -- Logout
help -- Help
exit -- Exit
ens202ext/mgmt>fwgrade
Management --> Firmware upgrade
---========= Commands Help =========---
fwup -- Firmware upgrade
help -- Help
exit -- Exit
ens202ext/mgmt/fwgrade>fwup http://web.server/lede-ar71xx-generic-ens202ext-squashfs-factory.bin
Signed-off-by: Marty Plummer <ntzrmtthihu777@gmail.com>
Add a patchfile that implements distro-boot and is meant to go upstream
Also make the other patches git-am'able for easier maintenance.
Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
Some functions only used by stage2 are moved there from common.sh.
One piece that could still use more cleanup is platform_pre_upgrade: many
targets reference files from there are aren't available in the ramfs, so
we need to evaluate it before the switch; conversely, flash writes happen
in that function on some targets. Targets that do the latter should be
fixed eventually to use platform_do_upgrade for that purpose.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
We can reuse the kill_remaining and run_ramfs facilities of the stage2 run
by upgraded.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Support for the -d and -p options is dropped; it may be added again at some
point by adding these flags to the ubus sysupgrade call.
A downside of this is that we get a lot less information about the progress
of the upgrade: as soon as the actual upgrade starts, all shell sessions
are killed to allow unmounting the root filesystem.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
We always want to support staged upgrades now, so it's better to include
upgraded into the main package. /lib/upgrade/nand.sh is moved to
base-files.
The procd-nand-firstboot package is removed for now, it may return later
as a separate package.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
992b796 rcS: add missing fcntl.h include
63789e5 init: add support for sysupgrades triggered from preinit
5b1fb35 Remove code that has become unnecessary after sysupgrade changes
5918b6d upgraded: add support for passing a "command" argument to stage2
056d8dd upgraded: link dynamically, chroot during exec
7c6cf55 system: always support staged sysupgrade
d42b21e procd/rcS: Use /dev/null as stdin
e0098d4 service/instance: add an auto start option
1247db1 procd: Log initscript output prefixed with script name
8d720b2 procd: Don't use syslog before its initialization
2555474 procd: Add missing \n in debug message
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Use install_bin to copy upgraded with all dependencies. The old name
/tmp/upgraded is temporarily retained as a symlink to avoid breaking
things.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The previous commit introduced a faulty continue statement which might
lead to faulty rules not getting freed or reported.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update to latest Git HEAD in order to import a number of fixes and other
improvements:
3d2c18a options: improve handling of negations when parsing space separated values
0e5dd73 iptables: support -i, -o, -s and -d in option extra
4cb06c7 ubus: increase ubus network interface dump timeout
e5dfc82 iptables: add exception handling
f625954 firewall3: add check_snat() function
7d3d9dc firewall3: display the section type for UBUS rules
53ef9f1 firewall3: add UBUS support for include scripts
5cd4af4 firewall3: add UBUS support for ipset sections
02d6832 firewall3: add UBUS support for forwarding sections
0a7d36d firewall3: add UBUS support for redirect sections
d44f418 firewall3: add fw3_attr_parse_name_type() function
e264c8e firewall3: replace warn_rule() by warn_section()
6039c7f firewall3: check the return value of fw3_parse_options()
Fixes FS#548, FS#806, FS#811.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The previous CVE bugfix commit did not adjust PKG_RELEASE, therefor the
fixed samba package does not appear as opkg update.
Bump the PKG_RELEASE to signify upgrades to downstream users.
Ref: https://forum.lede-project.org/t/sambacry-are-lede-devices-affected/3972/4
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
elfutils turns on -Werror by default, and patch 100-musl-compat.patch
changes how strerror_r is used and we no longer use the function's
return value. This causes the following build error/warning to occur
with glibc-based toolchains:
dwfl_error.c: In function 'dwfl_errmsg':
dwfl_error.c:158:18: error: ignoring return value of 'strerror_r',
declared with attribute warn_unused_result [-Werror=unused-result]
strerror_r (error & 0xffff, s, sizeof(s));
^
cc1: all warnings being treated as errors
Fixing this would be tricky as there are two possible signatures for
strerror_r (XSI and GNU), just turn off unused-result warnings instead.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Adds a script which acts as a hook for when dnsmasq creates/destroys a
lease, or completes a TFTP file transfer. The hook loops through scripts
in appropriate directories inside '/etc/hotplug.d', executing each one with
the same arguments supplied by dnsmasq.
In case dnsmasq is jailed by ujail the dhcp-script hook will not work as
expected as ujail does not yet support executing a script within a jail.
Signed-off-by: Nick Brassel <nick@tzarc.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This reverts commit e96a9a9af8.
The change breaks sysupgrade through LuCI and two-stage sysupgrade on
NAND targets. There is also a mismatch of file paths in lock and unlock
operations.
This commit was apparently neither properly tested, nor reviewed, so
drop it for now.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This PR allow the 3G modem embedded in the DWR-512 to be managed
by the wwan-ncm scripts. The modem will use the usb-option and
usb-cdc-ether drivers.
The DWR-512 DT is updated accordingly.
Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
Some small tweaks and improvements :
9828ab1 Fix compiler warning.
f77700a Fix compiler warning.
0fbd980 Fix compiler warning.
43cdf1c Remove automatic IDN support when building i18n.
ff19b1a Fix &/&& confusion.
2aaea18 Add .gitattributes to substitute VERSION on export.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
7573880 system-linux: parse 6rd specific settings as nested json data object
a063705 system-linux: remove redundant check for strtoul() return value
e6ebe0b build: disable unknown warning option error in clang
08d8f47 interface: add new "ifup-failed" hotplug event
20a1bac bridge: reset primary only after marking the member not present
6b9c267 build: suppress format truncation warnings to avoid errors with gcc7
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This includes following changes:
0e8b948 Support specifying instance name in JSON file
49fdb9f Support PTR queries for a specific service
26ce7dc Allow filtering with instance name in service_reply
920c62a Store instance name in the struct service
ff09d9a Rename service_name function to the service_instance_name
64f78f1 Rename mdns_hostname variable to the umdns_host_label
Previous package update pulled commit 70c66fbbcde86 ("Fix sending
replies to PTR questions") which introduced a regression which this
update fixes.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
88d48d5 libfstools: silence mkfs.{ext4,f2fs}
a19f2b3 build: disable the format-truncation warning error to fix gcc 7 build errors
633a8d0 libfstools: fix multiple volume_identify usages with the same volume
c43ae11 fstools: use -Wno-format-truncation instead of -Wno-error=format-truncation
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Addresses CVE-2015-3239: Off-by-one error in the dwarf_to_unw_regnum
function in include/dwarf_i.h in libunwind 1.1 allows local users to
have unspecified impact via invalid dwarf opcodes.
Upstream stable-v1.2 fixed the missing unwind_i.h issue but no new
tarball is released yet
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
- Security: Fix double-free in server TCP listener cleanup A double-free
in the server could be triggered by an authenticated user if dropbear is
running with -a (Allow connections to forwarded ports from any host)
This could potentially allow arbitrary code execution as root by an
authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark
Shepard for reporting the crash.
CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
- Security: Fix information disclosure with ~/.ssh/authorized_keys
symlink. Dropbear parsed authorized_keys as root, even if it were a
symlink. The fix is to switch to user permissions when opening
authorized_keys
A user could symlink their ~/.ssh/authorized_keys to a root-owned file
they couldn't normally read. If they managed to get that file to contain
valid authorized_keys with command= options it might be possible to read
other contents of that file.
This information disclosure is to an already authenticated user.
Thanks to Jann Horn of Google Project Zero for reporting this.
CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
Refresh patches, rework 100-pubkey_path.patch to work with new
authorized_keys validation.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Add support for Realtek RTL8821AE/RTL8812AE PCIe adapter.
This device supports 802.11ac and bluetooth
testet on PC Engines APU with AP and STA mode
Signed-off-by: Hans Ulli Kroll <ulli.kroll@googlemail.com>
Bug introduced with 6713694.
I did not count on procd handling reload as mentioned
in this doc:
https://wiki.openwrt.org/inbox/procd-init-scripts
```
procd_set_param file /var/etc/your_service.conf # /etc/init.d/your_service reload will restart the daemon if these files have changed
procd_set_param netdev dev # likewise, except if dev's ifindex changes.
procd_set_param data name=value ... # likewise, except if this data changes.
```
The service would be restarted regardless of any of those params.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
At some point kernel.org decided to drop xz generated tarballs, switch to gz which they still provide.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Use chanreg and dccal helpers to reduce the size of ePA code.
Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: fixed white-space so patch applies]
I think I added these respawn params [a while back],
when I did the conversion to procd init script format.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This firmware shoul have the same general feature set as the
rest of the 10.4 CT firmware (9984, 9980, etc). Build-tested
only in LEDE, but firmware has been tested with ath10k-ct driver
on other OSs, so likely works just fine.
Signed-off-by: Ben Greear <greearb@candelatech.com>
The 988x and 9887 firmwares include a bugfix for a case where blockack
did not work sometimes, and many fixes for compiler warnings detected
by newer gcc compilers.
The 9980 and 9984 firmware includes a large backport of upstream QCA
firmware changes to bring it up to date.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Supports disabling firmware hex logging that many found too verbose.
Increase BMI timer so system works more often with 9888 Compex NIC
(and maybe others).
Allow configuring a specific board-file per NIC using fwcfg file.
Maybe fix a scan-busy problem when using CT firmware.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Remove support for NCT6775/6 from W83627EHF driver so the NCT6775
driver will still be used for those chips.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
When in ra server mode, configure nameservers passed in router
announcements from the dns value (which is already used by odhcpd).
This also fixes FS#677 by using the global IPv6 address of the router
instead of the link local address (if no nameservers are configured).
Signed-off-by: Arjen de Korte <build+lede@de-korte.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
We enabled lua interpreter by default as it doesn't make any problem in the uhttpd config file and we modify the index page to use it.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Add rut5xx GPIO PIN selection to om-package startup script.
Testet on a RUT500 device, the timeout value of the hardware watchdog
is about 280 sec.
Signed-off-by: Steffen Weinreich <steve@weinreich.org>
[split into two commits, bump PKG_RELEASE]
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>