When relying on x.509 certs for auth and / or encryption of traffic you can't
use package openvpn-nossl.
Just have your package depend on openvpn-crypto to have SSL-encryption and
X.509-support enabled in OpenVPN. If encryption / X.509 is not a must, use
virtual packge openvpn, which is provided by all OpenVPN-variants.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
ap_setup_locked is named wps_ap_setup_locked in uci for consistency with other
wps related uci options.
Signed-off-by: Steven Honson <steven@honson.id.au>
The author of the upstream mwlwifi edited the history of the previous commit.
This commit not only fixes the updated hash but also sends in the latest
commits he made to the code which are mainly testing.
Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
Clarify opkg's messages related to downloads:
* more visible error message for package list download failure
* separate error message for signature file download error
* if wget returns 4, signal the network error more clearly
* remove '.' from end of filenames and URLs
* try signature check only if the package list was downloaded ok.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
- Adds support for passing file descriptors in ubus invoke requests
- Fixes clearing pending timers on ubus_shutdown()
- Fixes checking the amount of written data in ubusd
- Fixes an ubusd crash when trying to subscribe to system objects
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Running ar8327_get_arl_entry() early after boot leads to MDIO related system
lockups on several devices using this driver.
Since dumping the ARL table contens is an optional, uncritical feature, simply
disable the code for now.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
We override default Ethernet interface with eth0 which often uses random
MAC due to missing proper NVRAM entry. Fix this by manually assigning
MAC in the config.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The soft_config partition must be writeable for rbcfg to be able to
enact changes to the routerboot configuration.
The read-only flag was a mistake in the initial patch. Removing it
brings mach-rb941.c in line with all other RB platforms.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
Mikrotik RB411U has only one ethernet port - eth0. This patch allows to create
correct config with one lan section.
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
Add full support for Mikrotik RB-941-2nD (hAP lite)
Original patch by Sergey Sergeev <adron@yapic.net> and
more information is available here:
https://wiki.openwrt.org/toh/mikrotik/rb941_2nd
I updated and adapted the patch to apply cleanly to LEDE trunk
and added proper numbering for the switch ports (matching case
labels).
Tested working on actual hardware with the information
provided in the above webpage. Sysupgrade works.
Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Remove the wget2nand script, drop the need for manual installation,
use sysupgrade instead.
There are now two different NAND images, one for 64 MiB flashes, the
other for >= 128 MiB
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The condition is always true due to the literal string followed the
-n test parameter. A model name set by target scripts always gets
overwritten this way.
Change the condition to check for an already existing destination file
as it was before 5e85ae9 ("base-files: fix error message during boot").
Signed-off-by: Mathias Kresin <dev@kresin.me>
Qemu's local AES code defines symbols that conflict with
LibreSSL/OpenSSL's libcrypto. Rename them to avoid build problems.
See upstream commit c8d70e59738e672021926c7747af8ef9dea15c82.
Fixes FS#444.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Admittedly, this is my own OCD wanting to get rid of this.
Because I tried (a while back to upgrade QEMU to a newer version),
and (during that attempt) I tried to get rid of this.
Tested on Linux & Mac.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
This fixes logic bug(in function netdev_trig_notify) introduced in
0b2991a8ed commit.
Events triggered by different interfaces were stopping work queue so it
wasn't working for tx/rx mode.
Signed-off-by: Sergey Sergeev <adron@yapic.net>
HTB and TBF are the basic traffic shapers used by sqm-scripts. Moving
these into kmod-sched-core enables sqm-scripts to downgrade its
dependency from kmod-sched to kmod-sched-core, potentially making it
useful on devices with smaller flash sizes.
This adds around 30k to the size of kmod-sched-core (20k for sch_htb.ko
and 10k for sch_tbf.ko).
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Commit 29443e2 (mxs: remove modules.mk, select drivers in the kernel config)
missed to remove these references, so cleanup it now.
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Updates to openvpn.init were included in early OpenVPN 2.4 patch
series, but got lost along the way and were never merged.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
This fixes the following security problems:
CVE-2017-3731: Truncated packet could crash via OOB read
CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055: Montgomery multiplication may produce incorrect results
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The VGV7510KW22BRN and VGV7519BRN do not have the same brnImage
signature. It was accidentally changed with ba42c1d ("lantiq: un-macro
the image building code").
Signed-off-by: Mathias Kresin <dev@kresin.me>
If only a single opkg control file exists (which can happen with
CONFIG_CLEAN_IPKG), grep would not print the file name by default. Instead
of forcing it using -H, we just switch to -l (print only file names) and
get rid of the cut.
Add -s to suppress an error message when no control files exist.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Require-User is handled by /etc/uci-defaults/13_fix_group_user on first
boot, so we need to keep these when removing all opkg data with
CONFIG_CLEAN_IPKG.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The name "Plat'Home OpenBlocks AX3" causes the imagebuilders "make info"
command to fail with:
bash: -c: line 0: syntax error near unexpected token `('
bash: -c: line 0: `echo; [...]'
Makefile:99: recipe for target '_call_info' failed
Properly escape single quotes to avoid breaking the echo commands.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The radio would stop communicating completely. This issue was easiest to
trigger on AR913x devices, e.g. the TP-Link TL-WR1043ND, but other
hardware was occasionally affected as well.
The most critical issue was a race condition in disabling/enabling IRQs
between the IRQ handler and the IRQ processing tasklet
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit c296ba834d.
According to several reports, the issues with the airtime fairness
changes are gone in current versions.
It's time to re-apply the patch now.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This device has 2 TRX partitions (main one and failsafe one) and Linux
may not detect them properly failing to run userspace.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>