odhcpd daemon has hitless config reload support by means of the
sighup signal; add reload_service function which uses sighup
signal to reload the config
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This fixes building with musl and drops the dependency on the OpenWrt
kernel-header patches:
270-uapi-kernel.h-glibc-specific-inclusion-of-sysinfo.h.patch
271-uapi-libc-compat.h-do-not-rely-on-__GLIBC__.patch
272-uapi-if_ether.h-prevent-redefinition-of-struct-ethhd.patch
Use the new upstream location at netfilter.org and use a define instead
of a patch to "optimize".
See also: https://git.netfilter.org/arptables/log/
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
[Jo-Philipp Wich: add mirror SHA256 sum]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This allows to include optimizations such as ARM neon which
are detected on run-time.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
[Jo-Philipp Wich: picked from openwrt#191 and rebased onto LEDE master]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This adds support for "channels" command which displays more details
about channels. It includes e.g. info about available widths.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
A firmware compiled with BUSYBOX_CONFIG_ARP should also use by default the
arp binary from busybox. Otherwise the extra functionality the user
requested can only be used when running arp with the path to the binary.
Signed-off-by: Marek Lindner <marek.lindner@open-mesh.com>
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
Backport upstream accepted patch which allows to override the EEPROM
mac address with one from device tree.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The patch 615-rt2x00-fix_20mhz_clk.patch fixes code introduced by
611-rt2x00-rf_vals-rt3352-xtal20.patch and makes the the platform data
property clk_is_20mhz obsolete.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This reverts commit 519a199cbc.
Multiple users have reported building failures on ARM architectures, e.g.:
In file included from defs.h:42:0,
from process.c:37:
process.c:51:22: error: 'struct user_regs' has no member named 'ARM_r0'
#define uoff(member) offsetof(struct user, member)
^
./linux/arm/userent.h:1:3: note: in expansion of macro 'uoff'
{ uoff(regs.ARM_r0), "r0" },
^
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Update to latest Git head in order to import several fixes and enhancements.
- Disable drop invalid by default (FS#73, FS#154)
Instead of dropping packets with conntrack state INVALID, only allow streams
with explicit NEW or UNTRACKED conntrack state.
This change gives user defined rules the chance to accept traffic like ICMPv6
multicast which would be filtered away by the very early ctstate INVALID drop
rule otherwise.
The old behaviour can be restored by explicitely setting "drop_invalid" to 1
in the global firewall config section.
- Fix re-initialization of loadable iptables extensions on musl (FS#31)
Since musl does not implement actual dlclose() semantics, it is impossible to
re-run initializers on subsequent dlopen() calls.
The firewall3 executable now intercepts the extension registration calls
instead in order to be able to re-call them when needed.
This also allowed us to switch to libxtables' builtin extension loader as a
positive side-effect.
- Fix masquerade rules for multiple negated IP addresses (FS#248)
When building MASQUERADE rules for zones which specify multiple negated
addresses in masq_src or masq_dest, emit -j RETURN rules which jump out of
the masquerading chain instead of creating multiple rules with inverted "-s"
arguments.
- Tag own rules using comments
Instead of relying on the nonstandard xt_id match, use the xt_comment match
to mark own rules. Existing comments are prefixed with "!fw3: " while
uncommented rules are marked with a sole "!fw3" string.
This allows removing the xt_id match entirely in a later commit.
- Make missing ubus connection nonfatal
Technically, firewall3 is able to operate without ubus just fine as long as
the zones are declared using "option device" or "option subnet" instead of
"option network" so do not abort execution if ubus could not be connected or
of no network namespace is exported in ubus.
This allows running firewall3 on ordinary Linux systems.
- Fix conntrack requirement detection for indirectly connected zones
The current code fails to apply the conntrack requirement flag recursively to
zones, leading to stray NOTRACK rules which break conntrack based traffic
policing.
Change the implementation to iteratively reapply the conntrack fixup logic
until no more zones had been changed in order to ensure that all directly and
indirectly connected zones receive the conntrack requirement flag.
- Add support for iptables 1.6.x
Adds support for the xtables version 11 api in order to allow building
against iptables 1.6.x
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
"This release fixes a few minor bugs, including a
(non-security-impacting) buffer overflow fix ported
from upstream cjson."
<http://software.es.net/iperf/news.html#iperf-3-1-4-released>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Most of the lantiq devices with ralink wifi have the EEPROM stored
in big endian byte order in flash, but the driver expects the EEPROM to
be in little endian.
Signed-off-by: Mathias Kresin <dev@kresin.me>
The ralink,mtd-eeprom device tree property doesn't require the
ralink,eeprom property to work.
Rework the error handling and user notification as well. Do not log an
error if the mtd-eeprom parameter isn't used. It could be intentional
and should not scare the user.
Check if the number of bytes read from the mtd devices matches the
requested number of bytes.
In case of an mtd read error, give a hint to the user which partition
was tried to read from.
In case everything is fine, notify the user as well.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Call the rt2x00lib_get_eeprom_file_name only once and from the function
where the EEPROM filename is required.
Error only out if an EEPROM file is mandatory. Use the
REQUIRE_EEPROM_FILE bit to determine if it is mandatory.
Do not set the REQUIRE_EEPROM_FILE bit while requesting an EEPROM file.
It should be (and is) set before requesting an EEPROM file.
Do not redirect users to upstream while using a function of a custom
patch.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Adds the mac address of the DNS requestor to DNS queries which
are forwarded upstream and can be used to do filtering by the
upstream servers. This only works if the requestor is on the
same subnet as the dnsmasq server
The addmac parameter can hold the following values:
0 : mac address is not added
1 : mac address is added in binary format
base64 : mac address is added base64 encoded
text: : mac address is added in human readable format
as hex and colons
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
moving comgt and its modules to WWAN submenu to join uqmi as both are tools for WWAN modems.
I replaced the link with comgt's ubuntu manpage because the old link isn't working anymore.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Package the driver for the DS1374 chip present on the T4240RDB.
Signed-off-by: Florian Larysch <fl@n621.de>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [fix missing symbol]
For Huawei devices like E3372 proper command for set lte mode is:
AT^SYSCFGEX="03",3fffffff,2,4,7fffffffffffffff,,
Eval is required for proper quotation.
Without this fix:
Fri Nov 4 19:07:49 2016 daemon.notice netifd: Interface 'wan' is setting up now
Fri Nov 4 19:07:52 2016 daemon.notice netifd: wan (2060): sending -> AT
Fri Nov 4 19:07:52 2016 daemon.notice netifd: wan (2060): sending -> ATZ
Fri Nov 4 19:07:53 2016 daemon.notice netifd: wan (2060): sending -> ATQ0
Fri Nov 4 19:07:53 2016 daemon.notice netifd: wan (2060): sending -> ATV1
Fri Nov 4 19:07:54 2016 daemon.notice netifd: wan (2060): sending -> ATE1
Fri Nov 4 19:07:55 2016 daemon.notice netifd: wan (2060): sending -> ATS0=0
Fri Nov 4 19:07:55 2016 daemon.notice netifd: wan (2060): sending -> AT+CGDCONT=1,"IP","internet"
Fri Nov 4 19:07:57 2016 daemon.notice netifd: wan (2060): sending -> AT^SYSCFGEX=\"03\",3fffffff,2,4,7fffffffffffffff,,
Fri Nov 4 19:07:58 2016 daemon.notice netifd: wan (2060): Error running AT-command
Fri Nov 4 19:07:58 2016 daemon.notice netifd: wan (2060): Failed to set operating mode
Fri Nov 4 19:07:58 2016 daemon.notice netifd: wan (2092): Stopping network
...
With this fix:
Fri Nov 4 19:10:59 2016 daemon.notice netifd: Interface 'wan' is setting up now
Fri Nov 4 19:11:01 2016 daemon.notice netifd: wan (2539): sending -> AT
Fri Nov 4 19:11:01 2016 daemon.notice netifd: wan (2539): sending -> ATZ
Fri Nov 4 19:11:02 2016 daemon.notice netifd: wan (2539): sending -> ATQ0
Fri Nov 4 19:11:03 2016 daemon.notice netifd: wan (2539): sending -> ATV1
Fri Nov 4 19:11:03 2016 daemon.notice netifd: wan (2539): sending -> ATE1
Fri Nov 4 19:11:04 2016 daemon.notice netifd: wan (2539): sending -> ATS0=0
Fri Nov 4 19:11:05 2016 daemon.notice netifd: wan (2539): sending -> AT+CGDCONT=1,"IP","internet"
Fri Nov 4 19:11:06 2016 daemon.notice netifd: wan (2539): sending -> AT^SYSCFGEX="03",3fffffff,2,4,7fffffffffffffff,,
Fri Nov 4 19:11:07 2016 daemon.notice netifd: wan (2539): sending -> AT^NDISDUP=1,1,"internet"
Fri Nov 4 19:11:08 2016 daemon.notice netifd: wan (2539): Connected, starting DHCP on wwan0
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan' is now up
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Network device 'wwan0' link is up
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Network alias 'wwan0' link is up
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' is enabled
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' has link connectivity
Fri Nov 4 19:11:08 2016 daemon.notice netifd: Interface 'wan_4' is setting up now
...
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
FS#256
Fix audio not working due to unset SND_PCM_TIMER. CONFIG_SND_PCM_TIMER
is required for ALSA to work (at least for some audio devices),
otherwise applications using sound may fail. Can be reproduced by
installing "alsa-utils-tests" and running "speaker-test":
...
ALSA lib pcm_direct.c:1159:(snd1_pcm_direct_initialize_poll_fd) unable to open timer 'hw:CLASS=3,SCLASS=0,CARD=0,DEV=0,SUBDEV=0'
ALSA lib pcm_dmix.c:1106:(snd_pcm_dmix_open) unable to initialize poll_fd
Playback open error: -19,No such device
The kernel size does not increase, only the size of the kernel module
increases.
Signed-off-by: Dmitry Sutyagin <f3flight@gmail.com>
This reverts commit efd9dec319.
ath10k can take a long time to probe, long enough for netifd to fail to
initialize already configured wireless devices
Signed-off-by: Felix Fietkau <nbd@nbd.name>
LEDE no longer requires all PHYs to be initialized to
create the configuration files during bootup. This patch
removes the now obsolete ath10k patch.
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Currently, the wifi detection script is executed as part of
the (early) boot process. Pluggable wifi USB devices, which
are inserted at a later time are not automatically
detected and therefore they don't show up in LuCI.
A user has to deal with wifi detection manually, or restart
the router.
However, the current "sleep 1" window - which the boot
process waits for wifi devices to "settle down" - is too
short to detect wifi devices for some routers anyway.
For example, this can happen with USB WLAN devices on the
WNDR4700. This is because the usb controller needs to load
its firmware from UBI and initialize, before it can operate.
The issue can be seen on a BT HomeHub 5A as well as soon as
the caldata are on an ubi volume. This is because the ath9k
card has to be initialized by owl-loader first. Which has to
wait for the firmware extraction script to retrieve the pci
initialization values inside the caldata.
This patch moves the wifi configuration to hotplug scripts.
For mac80211, the wifi configuration will now automatically
run any time a "ieee80211" device is added. Likewise
broadcom-wl's script checks for new "net" devices which
have the "wl$NUMBER" moniker.
Issues with spawning multiple interface configuration - in
case the detection script is run concurrently - have been
resolved by using a named section for the initial
configuration. Concurrent configuration scripts will now
simply overwrite the same existing configuration.
A workaround which preserves the "sleep 1" window for just
the first boot has been added. This allows the existing
brcm47xx boot and mvebu uci-default scripts to correctly
setup the initial mac addresses and regulatory domain.
And finally, the patch renames the "wifi detect" into
"wifi config". As the script no longer produces any output
that has to be redirected or appended to the configuration
file.
Thanks to Martin Blumenstingl for helping with the implementation
and testing of the patch.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Previously, wifi detect simply dumped its generated wireless
configuration to STDOUT. A second step was needed to append
the configuration to /etc/config/wireless (or create it, if
it didn't exist).
With this patch, The wifi detection script will now use uci
to update the wireless configuration directly.
This patch also makes the initially created wifi-iface a
named section ('default_radio$X' for mac80211 and
'default_wl$X' for broadcom). With this change, uci will
not print the cfgHASH to STDOUT (which would now corrupt
the wireless configuration). It will also prevent adding
duplicated wifi interface configurations, if the wifi
configuration is run concurrently.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch adds a check in "wifi detect" to test if the wireless
configuration file does exist. If it doesn't exist, an empty
/etc/config/wireless file will be created.
This is necessary because uci doesn't create new files,
instead the tool just exits with "uci: Entry not found".
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Rename the "ip" package declaration to "ip-tiny" and let both "ip-tiny" and
"ip-full" provide the virtual "ip" package. This allows users to freely choose
the "ip" command variant while other packages can continue to depend on "ip"
without needing to enforce a specific variant.
Note that this commit does not add busybox as "ip" provider due to
the following reasons:
- The builtin Busybox ip applet cannot be added or removed at runtime
- Both "ip-tiny" and "ip-full" are able to install without file clashes even
if the busybox applet is enabled
- The system is preferring full "ip-tiny" and "ip-full" at runtime, even
if Busybox ip is still present.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The current uboot default config for the A13 SOM erroneously enables support
for the AXP209 power regulator IC which is not present on the board.
This superfluous support module sets an incorrect initial clock frequency and
confuses the kernel, ultimately leading to a boot failure later on.
Properly disable the PMIC support and enable the EHCI support by translating
the deprecated SYS_EXTRA_OPTIONS values into proper SUNXI_NO_PMIC and
USB_EHCI_HCD symbols respectively.
Also rename 002-add-olimex-a13-som.diff to 002-add-olimex-a13-som.patch and
refresh the remaining patches of the series while we're at it.
Reported-by: Mario Fischer <mario-fischer@web.de>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Introduce support for a new [0-9]u@netdev syntax to ucidev_add_switch() to let
board.d network files request default network switch configurations which do
not use tagged CPU ports.
This commit itself has no effect on generated configurations at the moment
since we still emit untagged configurations by default but it allows boards to
opt-out from default tagged configs in case we start emitting tagged settings
by default.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The libblkid probe support in fstools git head requires blkid/blkid.h for
compilation, so add a build dependency on util-linux which provides libblkid.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The QorIQ LS1012A processor, optimized for battery-backed or
USB-powered, integrates a single ARM Cortex-A53 core with a hardware
packet forwarding engine and high-speed interfaces to deliver
line-rate networking performance.
QorIQ LS1012A Reference Design System (LS1012ARDB) is a high-performance
development platform, with a complete debugging environment.
The LS1012ARDB board supports the QorIQ LS1012A processor and is
optimized to support the high-bandwidth DDR3L memory and
a full complement of high-speed SerDes ports.
LEDE/OPENWRT will auto strip executable program file while make. So we
need select CONFIG_NO_STRIP=y while make menuconfig to avoid the ppfe network
fiemware be destroyed, then run make to build ls1012ardb firmware.
The fsl-quadspi flash with jffs2 fs is unstable and arise some failed message.
This issue have noticed the IP owner for investigate, hope he can solve it
earlier. So the ls1012ardb now also provide a xx-firmware.ext4.bin as default
firmware, and the uboot bootcmd will run wrtboot_ext4rfs for "rootfstype=ext4"
bootargs.
Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
Add support for NXP layerscape ls1043ardb 64b/32b Dev board.
LS1043a is an SoC with 4x64-bit up to 1.6 GHz ARMv8 A53 cores.
ls1043ardb support features as: 2GB DDR4, 128MB NOR/512MB NAND, USB3.0, eSDHC,
I2C, GPIO, PCIe/Mini-PCIe, 6x1G/1x10G network port, etc.
64b/32b ls1043ardb target is using 4.4 kernel, and rcw/u-boot/fman images from
NXP QorIQ SDK release.
All of 4.4 kernel patches porting from SDK release or upstream.
QorIQ SDK ISOs can be downloaded from this location:
http://www.nxp.com/products/software-and-tools/run-time-software/linux-sdk/linux-sdk-for-qoriq-processors:SDKLINUX
Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
(required not-distributable firmware blob - dump it by yourself from original firmware)
Signed-off-by: Eddi De Pieri <eddi@depieri.net>
(cherry picked from commit 47b1ff965b0cb57013b40fbe2bcd7f3c6eb6b606)
Modified after cherry-pick:
FW_MD5SUM in Makefile
Signed-off-by: Stefan Koch <stefan.koch10@gmail.com>
(required not-distributable firmware blob - dump it by yourself from original firmware)
Signed-off-by: Eddi De Pieri <eddi@depieri.net>
(cherry picked from commit ea9e61b8eb61a2e362a50541f03466dc7d087947)
Signed-off-by: Stefan Koch <stefan.koch10@gmail.com>
We need to tell hwclock with -u commandline option, that we would like
to keep our RTC clock in UTC timezone. Linux kernel expects RTC in UTC
timezone anyway.
In current state of things, we don't tell hwclock to load/store time
from/to RTC in UTC timezone so it uses the timezone from the system
time. If it's set to different timezone then UTC, sysfixtime is going to
screw the time in RTC.
I've following in the setup script:
uci set system.@system[0].timezone='CET-1CEST,M3.5.0,M10.5.0/3'
uci set system.@system[0].zonename='Europe/Prague'
I've this RTC setup (rtc1 is RTC on i.MX6 SoC, rtc0 is battery backed RTC mcp7941x):
rtc-ds1307 3-006f: rtc core: registered mcp7941x as rtc0
snvs_rtc 20cc000.snvs:snvs-rtc-lp: rtc core: registered 20cc000.snvs:snvs-r as rtc1
Then we can experience following (current time is 10:15am):
$ date
Fri Oct 21 10:15:07 CEST 2016
$ hwclock -r -f /dev/rtc0
Fri Oct 21 08:14:46 2016 0.000000 seconds
$ hwclock -u -r -f /dev/rtc0
Fri Oct 21 10:14:46 2016 0.000000 seconds
And after current broken sysfixtime:
$ /etc/init.d/sysfixtime stop
$ date
Fri Oct 21 10:15:25 CEST 2016
$ hwclock -r -f /dev/rtc0
Fri Oct 21 10:15:31 2016 0.000000 seconds
Now we've time in our battery backed RTC in CEST timezone instead of
UTC. Then once again, but with this patch applied to sysfixtime, where
hwclock is using correctly the -u parameter:
$ /etc/init.d/sysfixtime stop
$ date
Fri Oct 21 10:15:53 CEST 2016
$ hwclock -r -f /dev/rtc0
Fri Oct 21 08:15:55 2016 0.000000 seconds
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Ensure that selecting the wpa-supplicant-mesh package actually packages the
wpa_supplicant binary with SAE support and add missing dependency on OpenSSL.
Signed-off-by: Alexis Green <alexis@cessp.it>
[Jo-Philipp Wich: slightly reword commit message for clarity]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
We add an 'httpauth' section type that contains the options:
prefix: What virtual or real URL is being protected
username: The username for the Basic Auth dialogue
password: Hashed (crypt()) or plaintext password for the Basic Auth dialogue
httpauth section names are given included as list
items to the instances to which they are to be applied.
Further any existing httpd.conf file (really whatever
is configured in the instance, but default of
/etc/httpd.conf) is appended to the per-instance httpd.conf
Signed-off-by: Daniel Dickinson <lede@cshore.thecshore.com>
During reload, we could send invalid information to the other
side and confuse it.
That's why, during reload we'll pause execution, do the reconfig
and resume + update when reload is done.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
The problem is that interfaces are specified at start as
command line arguments, making them unchange-able via reload.
That means, we have to move (since lldpd allows this) the
interfaces-match-pattern option to be in a config file and reload
the configuration.
It's either that, or do a 'restart'.
Since we're generating the lldpd.conf file, we'll have to
move the 'sysconfdir' of lldpd to /tmp, where the files will
get written ; this will prevent any unncessary flash writes.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Capitalized "disc" submenu name as all submenu names are capitalized (apart from "database", but I'll fix that
later).
moved "swap-utils" to Filesystem submenu as it is "formatting" a partition as swap so it looks out of place in Disc.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Currently the reset script will try to run jffs2reset on boards that are
running a rw rootfs, such as ext4. This will cause jffs2reset to fail
and the board to never reboot while the LED blinks until a manual
reboot.
This commit does two different things:
1. Disables reset on boards that do not have an overlay mount
2. Disables the Blinking LED after 5 seconds if the board does not
support reset
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Fix the default value for the 'bootcmd' environment variable.
Therefore make the default bootcmd work for buildbot's images.
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
Adds support in uci for configuring multiple dnsmasq instances via
multiple dnsmasq sections.
The uci sections host, boot, mac, tag, vendorclass, userclass,
circuitid, ... will refer to a dnsmasq instance via the instance
parameter defined in the section; if the instance parameter is
not specified backwards compatibility is preserved.
Start/Stopping a dnsmasq instance can be achieved by passing the
dnsmasq instance name as argument to start/stop via the init script.
Multiple dnsmasq instances is usefull in scenarios where you want to
bind a dnsmasq instance to an interface in order to isolate networks.
This patch is a rework of a multiple dnsmasq instance patch by Daniel Dickinson
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Fix metadata scan failure in the grub2 package by removing an unexpected
invisible space character and by adding back the missing SECTION variable
which was removed with d140648.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a partially random O= item to the certificate subject in order
to make the automatically generated certificates' subjects unique.
Firefox has problems when several self-signed certificates
with CA:true attribute and identical subjects have been
seen (and stored) by the browser. Reference to upstream bugs:
https://bugzilla.mozilla.org/show_bug.cgi?id=1147544https://bugzilla.mozilla.org/show_bug.cgi?id=1056341https://bugzilla.redhat.com/show_bug.cgi?id=1204670#c34
Certificates created by the OpenSSL one-liner fall into that category.
Avoid identical certificate subjects by including a new 'O=' item
with CommonName + a random part (8 chars). Example:
/CN=LEDE/O=LEDEb986be0b/L=Unknown/ST=Somewhere/C=ZZ
That ensures that the browser properly sees the accumulating
certificates as separate items and does not spend time
trying to form a trust chain from them.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Prefer the old default 'px5g' for certificate creation
as Firefox seems to dislike OpenSSL-created certs.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
This option, defined by RFC3442, allows a DHCP server to send static
routes to a client. But the client has to request this option
explicitely.
Static routes are useful when the gateway configured by DHCP cannot be
in the same subnet as the client. This happens, for instance, when
using DHCP to hand out addresses in /32 subnets.
A new configuration option "classlessroute" is available, allowing
users to disable this feature (the option defaults to true).
Other DHCP clients already request this option by default (dhcpcd, for
instance, and possibly Windows). If a DHCP server does not support
this option, it will simply ignore it.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
moved px5g-standalone to Encryption submenu of Utilities.
Fixed title by removing the first "standalone" word from title.
The name is now consistent with other px5g packages, it is also shorter and will be shown in make menuconfig.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
moved px5g to Encryption submenu of Utilities, in an effort to tidy up a bit the Utilities section of make menuconfig.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
mkfs.ext4 und losetup are needed for sysupgrade support on mmc devices
with automatic rootfs split (loopback device usage).
Signed-off-by: André Valentin <avalentin@marcant.net>
While enable zynq uboot:
CONFIG_PACKAGE_uboot-zynq-zc702
CONFIG_PACKAGE_uboot-zynq-zed
CONFIG_PACKAGE_uboot-zynq-zybo
make will arise dtc error:
./scripts/dtc-version.sh: line 17: dtc: command not found
./scripts/dtc-version.sh: line 18: dtc: command not found
*** Your dtc is too old, please upgrade to dtc 1.4 or newer
make[4]: *** [checkdtc] Error 1
Pass the kernel dtc to uboot for compile.
Signed-off-by: Yutang Jiang <yutang.jiang@nxp.com>
because boot loaders are in Boot Loaders, not in Utilities -> Boot Loaders
Also moved brub2-editenv in Utilities -> Boot Loaders
Part of a wider housekeeping effort on the packages repository.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Boot Loaders submenu of Utilities is the most logical place to find fconfig and other bootloader tools.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
Boot Loaders submenu of Utilities is the most logical place to find rbcfg and other bootloader tools.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
The special prefix of "/" should match any url by definition but the final
assertion which ensures that the matched prefix ends in '\0' or '/' is causing
matches against the "/" prefix to fail.
Update to current HEAD in order to fix this particular case.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This helper allows using usbport trigger directly. It requires usbport
compatible syntax and supports specifying multiple USB ports, e.g.:
ucidef_set_led_usbport "usb" "USB" "devicename:colour:function" "usb1-port1" "usb2-port1"
This adds a proper object to the board.json, e.g.
"usb": {
"name": "USB",
"type": "usbport",
"sysfs": "devicename:colour:function",
"ports": [
"usb1-port1",
"usb2-port1"
]
}
and supports translating it into uci section.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* Adjust download locations:
- use https as busybox.net permanently redirects http to https
- gentoo mirror has neither 1.25.0 nor 1.25.1 available, so drop it
in favor of buildroot.net that has 1.25.1
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
This makes init.d script handle existing UCI entries using the new
trigger. It also switches all targets to use its package.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* Backport much of the 10.2 firmware features from upstream QCA driver.
This includes ANI support, adaptive CCA, tx-hang workarounds,
and lots of other things.
Not all of this may be enabled at this point, and more code waits to
be backported as time and motivation allows.
* Fix some rate-control issues where ath10k in station mode (at least), would
sometimes get stuck at low rates. This appeared to be a probe related
state machine issue in the firmware, so I added some timeout logic to kick
the state machine if it gets stuck. This signicantly improves throughput
tests with many stations.
* Support configuring WMI WD timeout using SET_SPECIAL API.
* Properly configure the rx-mask on bootup to work around problem found
by Mr. Kazior. This should remove the need to add the driver hack he
posted.
* Allow configuring pdev failed-retry threshold. This is how many consecutive
tx failures the firmware will allow before resetting the wifi chip (not a full
firmware crash).
Signed-off-by: Ben Greear <greearb@candelatech.com>
Adds Sebastian's 160Mhz support (un-tested), remove DMA32 change that
broke some x86 systems, allow setting 10.1 CT firmware keepalive watchdog
timeout, support QCA 9887 hardware, and some other tweaks.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This is upstream alternative for LEDE's ledtrig-usbdev. It's main
advantages are:
1) Support for assigning more than 1 USB port to the LED
2) Setting proper state when activating with device already connected
3) FWIW it's an upstream driver
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
changed install path from /sbin to /usr/sbin to be consistent with other filesystem tools
ext2-3-4 and f2fs tools are in /usr/sbin, for example
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
iperf upstream added some bugfixes to the already released 2.0.9 version
without changing the filename. This conflicts with old mirrored files
and the hash that we previously used.
To avoid conflict, use a renamed tarball from mirror2.openwrt.org
containing the new upstream changes
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Commit f5c741b5e0 updated procd to a more recent version, but did not
change the hash of the tar. Update it to the one matching the file on
the download servers.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The file to patch doesn't exists. Due to the fact that a src directory
exists, the patch was never applied.
With 28502a9 the behaviour was changed and revealed the issue.
Signed-off-by: Mathias Kresin <dev@kresin.me>
This more of a demo for the previous commit that comes with
this one, where I added support for copying source from 'src' to
the build dir(s).
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
OpenWrt uses ancient u-boot thats not reproducible.
There are multiple upstream changes that introduce
reproducible builds like:
859e92b775fd8ebcfacc591eaf621b677c95b6f7
(not used here - the CMD_DATE/TIMESTAMP functionality
seems to be disabled by config)
70d39f57146a6cb94736db39c770c3d95e07bedb
f3f431a712729a1af94d01bd1bfde17a252ff02c
2d9efa1227262249d381ed5d9d341cbdba76e62d
Instead of changing the Makefile too much
this changeset just tries to use the
changes in Makefile from current upstream git f5fd45f
*Should* fix issue reported by reproducible lede page:
https://tests.reproducible-builds.org/lede/lede.html
Compile tested only
(verified w. hexdump & md5sum)
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
Tested with VDSL on TP-Link WD8970, I see full 1500-byte PPP data
frames, which end up being 1526 byte Ethernet frames (including
Ethernet+VLAN headers) on the wire.
Fixes: FS#210
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Switch to xz tarball, there's no point pulling two different tarballs of the same source code (tools/libtool uses xz).
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
luci using ustream-mbedtls is extremely slow vs ustream-polarssl.
polarssl alias mbedtls v1 is configured to use NIST prime speed
optimisation, so no longer disable the default optimisation for
mbedtls v2.
Compile & run tested: Archer C7v2
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
[Jo-Philipp Wich: refresh patch to use common format]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Adds per-host leasetime support
Various bugfixes :
-Prioritize ifname resolving via ubus
-Free interface if ifindex cannot be resolved
-...
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [update mirror sha256]
This fixes the following error when mounting a ext4 filesystem
----
[ 166.240000] EXT4-fs (sda1): Cannot load crc32c driver.
----
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Commit 8f24ee6382 ("uqmi: Add proper IPv6 support") changed the code
to fetch the IPv4 address via QMI by default instead of using DHCP to
make it consistent with the IPv6 codepath.
This breaks on at least some Sierra Wireless cards, where data exchanges
fail to work until the host has fetched a DHCP lease.
Leave v6 as it is, but always use DHCP for v4.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
nf_tproxy_core was removed during 3.12 development with kernel commit
fd158d79d33d3c8b693e3e2d8c0e3068d529c2dc. The code was moved
to xt_TPROXY.c.
Fixes FS#212
Signed-off-by: Mathias Kresin <dev@kresin.me>
Adds the latest patches from Jes Sorensen for rtl8xxxu, which improve
rtl8732bu, rtl8192eu and rtl8188eu support.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* Change git packages to xz
* Update mirror checksums in packages where they are used
* Change a few source tarballs to xz if available upstream
* Remove unused lines in packages we're touching, requested by jow- and blogic
* We're relying more on xz-utils so add official mirror as primary source, master site as secondary.
* Add SHA256 checksums to multiple git tarball packages
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Quote resolveip hostname argument to avoid bad shell injections.
While at it fix pattern match logic in case multiple IPv6 addresses
are returned for a hostname as they're seperated by newline by
resolveip and not a white space
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Adds u-boot for the at91 platform and a couple of boards.
The build honours COPTS to benefit from fortify source et al.
Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
Now that the uhttpd init script can generate certificates using openssl as
well, update the section name and related comment to be more generic.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Before a configuration is generated, an empty file is created to store
it in. (required by UCI)
If something happens during config generation
(power cut, interruption, ..) an empty file exists and it is never
regenerated again, causing some daemons to fail starting
(NTPD, logread, ..)
Fix this by also generating new configs if a critical file
is empty.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The kmod-sound-hda-core module attempts to package snd-hda-core.ko which
does not exist in Linux 3.18, therfore only use it for kernels >= 4.1
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Support the usage of the OpenSSL command-line tool for generating
the SSL certificate for uhttpd. Traditionally 'px5g' based on
PolarSSL (or mbedTLS in LEDE), has been used for the creation.
uhttpd init script is enhanced by adding detection of an installed
openssl command-line binary (provided by 'openssl-util' package),
and if found, the tool is used for certificate generation.
Note: After this patch the script prefers to use the OpenSSL tool
if both it and px5g are installed.
This enables creating a truly OpenSSL-only version of LuCI
without dependency to PolarSSL/mbedTLS based px5g.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Prior to kernel 4.4, the hda-intel module depends on the hda-controller
utility submodule so bundle it for the older kernel versions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>