Commit 131db36 "build: remove separate /install step for host builds" dropped
the package/*/host/install targets in favor to performing the install steps
within the compile target instead.
Adjust package/Makefile accordingly in order to prevent a missing
staging_dir/host/bin/opkg when staging package archives into the rootfs.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
ntpd from Busybox supports peer-less (standalone) mode when it's started
with option -l and without any peer provided with option -p. In this
mode ntpd uses local time as reference and acts as stratum 1 server.
This mode can be used in isolated networks, where Internet access and/or
other NTP server/s are not available, but the device has some other way
of getting correct time, like e.g. GPS (ugps supports setting local time
by default).
Support for this mode was incorrectly disabled/removed in:
1527f96ca6
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
The ugps tool expects device path in last argument. If it's provided
before other options, they won't be processed at all.
Additionally, make it possible to use absolute path for gps character
device in related uci configuration.
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
Commit 5c20a4fec9 ("ubox: turn logd into a separate package") changed
the PKG_SOURCE_DATE which is also included in the tar file. This change
resulted in a new tar with a different hash, but the sha256 hash was not
updated. Fix the sha256 hash value in this commit to match what would be
created from git and what is already on the mirror.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
The sha256sum added in commit b8567cb44e ("odhcpd: update to git HEAD
version (FS#396)") does not match the sha256sum of the file on the mirror or
when I clone it. Update the sha256 sum to the correct value.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
These are recommended practices by REC-22 and REC-24 of RFC6092:
"Recommended Simple Security Capabilities in Customer Premises Equipment
(CPE) for Providing Residential IPv6 Internet Service"
Fixes FS#640
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Make scan output useful for 802.11s meshes. The common print_ssid function
is used, so this doesn't add any additional code.
Based-on-patch-by: Jan-Tarek Butt <tarek@ring0.de>
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
This includes following changes:
480d7bc Fix sending unicast questions on cache expire
a0403cd Keep source sockaddr for every cached DNS record
1478293 Fix code freeing cached non-A(AAA) records too early
9f1cc22 Fix replying to "QU" questions received on unicast interface
943bedb Fix reading port of incoming packets
c725494 Use MCAST_PORT define for port 5353
ce7e9e9 Use one define for DNS-Based Service Discovery service name
e1bacef Drop entries cached for interface we're going to delete
496aeba Fix comment typo in cache_gc_timer
f89986b Fix refreshing cached A(AAA) records that expire
Previous updates made umdns work as expected on startup but there were
still many bugs. They were mostly related to runtime - cache management
and requests + responses. E.g. umdns was never able to send question on
DNS record expire. It was also ignoring all incoming unicast questions.
Since these issues are quite serious it makes sense to backport this
update to the stable branch.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This includes 3 cleanups:
fd5a160 Don't cache hosts as services
80dd246 Refresh DNS records A and AAAA directly
6515101 Access cached records (instead of services) to read list of hosts
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This fixes the following security problems:
* CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve
* SLOTH vulnerability
* Denial of Service through Certificate Revocation List
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This adds option to build kernel module and firmware packages
for a Marvell 8887 SDIO Wireless device
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
This fixes crash in interface_start caused by freeing interface in
interface_free without stopping a timeout.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Honour the parent interfaces peerdns option when spawning a virtual DHCPv6
interface in order to avoid pulling in IPv6 DNS servers when the user opted
to inhibit peer DNS servers in the configuration.
Fixes#597.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Drops a LEDE carried patch now upstream.
Convert to autotools.
A number of nits fixed upstream (dns & short packet handling most
notable)
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
When not defining 'device' or 'vlan' in relevant switch_port uci
sections, behaviour is inconsistent due to *devn, *port and *vlan
pointers not being zero initialized.
Signed-off-by: Ben Kelly <ben@benjii.net>
stop() is overwritten by rc.common, so implement stop_service instead.
While at it, remove the now unnecessary restart() override
Signed-off-by: Felix Fietkau <nbd@nbd.name>
px5g-standalone only supports SHA1 for certificates, which is strongly
deprecated. The new px5g-standalone is about 27k bigger (compressed),
and has identical behavior to px5g-mbedtls (it uses SHA256).
Signed-off-by: Felix Fietkau <nbd@nbd.name>
as we do for IPv4 PPP interfaces. When we create the
dynamic IPv6 interface we should inherit ip6table from
main interface.
Signed-off-by: Ulrich Weber <ulrich.weber@riverbed.com>
pppoe-discovery performs the same discovery process as pppoe, but does
not initiate a session
Signed-off-by: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
When running wifi detect, the user will be told on error output that
wifi detect is deprecated, that wifi config must be used instead. Also
the commit that changes it is referenced for further info.
Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
Since commit 5f8f8a3661 wifi detect does
not longer work and wifi config it's used to configure not yet
configured wireless devices.
This commit changes command usage to reflect that change.
Signed-off-by: David Pinilla Caparrós <dpinitux@gmail.com>
When calling erase() on a containers derived from __base_associative
(e.g. multimap) and providing a pair of iterators a segfault will
occur.
Example code to reproduce:
typedef std::multimap<int, int> testmap;
testmap t;
t.insert(std::pair<int, int>(1, 1));
t.insert(std::pair<int, int>(2, 1));
t.insert(std::pair<int, int>(3, 1));
t.erase(t.begin(), t.end());
Signed-off-by: Ben Kelly <ben@benjii.net>
Fixes firmware crash in rare cases and a bug
ath10k_pci 0001:01:00.0: received unexpected tx_fetch_ind event: in
push mode
for those who kept experiencing it after previous firmware update.
Signed-off-by: Pavel Kubelun <be.dissent@gmail.com>
And, update support for 9880 chipsets. The new firmware
fixes a regression with EAPOL 4/4 packets added in
a recent commit.
It also fixes a case where the firmware would improperly try
to use STBC when configured for 1x1 (as 9887 always is).
Signed-off-by: Ben Greear <greearb@candelatech.com>
This adds support for the PCB LEDs and Reset Button found on the PC
Engines APU2/APU3 embedded boards.
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
This adds support for the SuperIO chip nct5104d found on the PC Engines
APU boards, which allows for a handful of additional ports, such as 2x
additional UART pinouts, enabling an external watchdog (no driver for
this functionality yet), and 16 GPIO pins. More info can be found at
https://pcengines.ch/ht_gpio.htm
Thanks to @feckert for helping package this.
Cc: Florian Eckert <Eckert.Florian@googlemail.com>
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
The subtarget on which the driver still depends was removed with
dee8986b95 because it was unmaintained
for a long time.
Signed-off-by: Mathias Kresin <dev@kresin.me>
5f91241 procd: add cancel_timeout on rc scripts when a runtime_timeout is specified
961dc69 procd: stop service using SIGKILL if SIGTERM failed to do so
Fixes FS#516.
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 946d1dfb87)
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
- Fix eap test to work with standalone hostapd builds
- Fix 11n test to check the correct define
- Add 11ac, 11r and 11w tests
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
This is required for default wireless configuration of malta target to
work out of the box again. Fixes "77ece30e: hostapd: Add ability to
specify that that wireless driver supports 802.11ac"
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
key_direction shows up as an openvpn option in the user-interface but does not end up in the /var/etc/openvpn*.conf file. Adding it to the list here fixed the issue for me.
Signed-off-by: Brandon Koepke <bdkoepke@fastmail.com>
[Fixes FS#537]
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
c09e4f0 ubusd: fix incomplete copy of shared buf during queue-ing
453b87f cli: add support for subscribing to objects
6eb3c96 cli: do not use default timeout for listen
dfe3383 libubus: reset ctx->sock.error when doing ubus reconnect
34c6e81 cli: fix listen_timeout compile issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Adds the following fixes:
91acde6 libubus: do not modify uloop_cancelled
763b9b2 libubus: reset ctx->sock.eof to fix reconnect issues
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Adds the following changes:
de3f14b uloop: add uloop_cancelling function
3b6181b utils: fix build on Mac OS X 10.12
7f671b1 blobmsg: add support for double
0fe1374 utils: add helper functions useful for allocating a ring buffer
8fc1c30 libubox: replace strtok with _r version.
4a9f74f libubox: allow reading out the pid of uloop process in lua
372e1e6 uloop: remove useless epoll data assignment
f9db1cb libubox: allow reading out the remaining time of a uloop timer in Lua
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Includes the following changes:
9edff13abd mac80211: disable potentially harmful PS software retry for A-MPDU sessions
75216a76b0 mac80211: backport upstream fix for CSA in IBSS mode
368cc8ef47 mac80211: update brcmfmac backporting brcmf_err cleanups
66a63d25c4 mac80211: fix build on linux 3.18
9eacb9d7fc rt2x00: mt7620: lots of improvements
fd94fa61a7 mac80211: brcmfmac: update Raspberry Pi patches for linux 4.9
649e766a64 mac80211: update to wireless-testing 2017-01-31
47540afa5d ath9k: add a warning to the tx99 config option
b367eef21d mac80211: rt2x00: add support for external LNA on MT7620
9200e168f2 mac80211: move (& update) upstream accepted brcmfmac patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The driver had a bug when calculating the rateset. This resolves
that and allows full VHT mcs rates on 2x2 hardware.
Signed-off-by: Ben Greear <greearb@candelatech.com>
This patch splits `kmod-mt76` into three separate packages:
`kmod-mt76-core`, `kmod-mt76x2` and `kmod-mt7603`. By making
`kmod-mt76` a metapackage containing these new packages,
the previous behaviour of including all drivers and firmware
is left unchanged, unless explicitly unselected in
`DEVICE_PACKAGES`.
This splitting is especially beneficial for devices with
small flash chips, since the `kmod-mt76` package currently
requires ~160K on squashfs (after compression).
Signed-off-by: Joseph C. Lehner <joseph.c.lehner@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [cleanup]
This reverts commit cc66f819b4.
This commit causes opkg to install px5g-standalone instead of px5g when
installing luci-ssl. As luci-ssl depends on mbedtls, using
px5g-standalone makes no sense. Next to that, it creates deprecated SHA1
certificates. Revert the commit to avoid pxg5-standalone to be
installed by accident.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit ca8aee0c57)
Goflexhome/net use uImage, and to boot an uImage the u-boot
must use bootm command, not bootz.
Fixes the "i cannot boot LEDE with this u-boot" issue that I
found out myself with my goflexnet.
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
The only HMACs currently available use MD5 and SHA1, both of which have known
weaknesses. We already compile in the SHA256 code since we use Curve25519
by default, so there's no significant size penalty to enabling this.
Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
(cherry picked from commit 0bf85ef048)
Removing redundant spaces from the name of the option. Without fix:
root@LEDE:~# opkg install ugps
Installing ugps (2016-10-24-32a6b2b7-1) to root...
Downloading http://downloads.lede-project.org/releases/17.01-SNAPSHOT/packages/mips_24kc/base/ugps_2016-10-24-32a6b2b7-1_mips_24kc.ipk
Configuring ugps.
uci: Parse error (invalid character in name field) at line 3, byte 23
uci: Parse error (invalid character in name field) at line 3, byte 23
sh: out of range
root@LEDE:~# uci show gps
uci: Parse error (invalid character in name field) at line 3, byte 23
With this fix:
root@LEDE:~# uci show gps
gps.@gps[0]=gps
gps.@gps[0].tty='ttyACM0'
gps.@gps[0].adjust_time='1'
Signed-off-by: Cezary Jackiewicz <cezary@eko.one.pl>
This update includes numerous small fixes for:
1) Interfaces setup
2) Packets parsing
3) Sending replies
Without this there were multiple problems with exchanging information
between (u)mdns and other implementations (including (u)mdns as well).
This also follows project rename to umdns which was required to avoid
confusion with Apple's mdnsd from mDNSResponder project.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This can be used to tweak the buildbot behavior without having to change
buildbot's configuration.
It will also allow us to add more aggressive clean steps (e.g. on
toolchain changes), which would break developers' workflows if enable
by default.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Default trigger action timeout was added to procd.sh in commit f88e3a4c0
(procd: add default timeout for reload trigger actions)
However, the timeout value was not placed under the correct JSON-script
array nesting level and thus did not apply.
To fix this and make the timeout actually apply to the reload triggers,
we place it in the correct scope, that is the per-trigger array.
Fixes: f88e3a4c0a
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
Effects of the bugs could include memory corruption, tx hangs, kernel
crahes, possibly other things as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
I needed a moment to figure out relation between this patchset and the
nl80211: fix validation of scheduled scan info for wowlan netdetect
It appears nl80211 commit will go on top of brcmfmac changes so it's
safe to backport these patches.
One patch that was excluded is commit 2a2a5d1835b6 ("brcmfmac: add
.update_connect_params() callback") as it depends on missing commit
088e8df82f91 ("cfg80211: Add support to update connection parameters").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Some debugging/error messages are printed using wpa_printf and this
change allows finally reading them out of the syslog.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
This will allow starting hostapd with the new -s parameter and finally
read all (error) messages from the syslog.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
It wasn't possible to read hostapd wpa_printf messages unless running
hostapd manually. It was because hostapd was printing them using vprintf
and not directly to the syslog.
We were trying to workaround this problem by redirecting STDIN_FILENO
and STDOUT_FILENO but it was working only for the initialization phase.
As soon as hostapd did os_daemonize our solution stopped working.
Please note despite the subject this change doesn't affect debug level
messages only but just everything printed by hostapd with wpa_printf
including MSG_ERROR-s. This makes it even more important as reading
error messages can be quite useful for debugging.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
samba.org has started to enforce https and
currently plain http downloads with curl/wget fail,
so convert samba.org download links to use https.
Modernise links at the same time.
Also convert samba.org URL fields to have https.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
wash, mpu & some memory optimisation have now made it to the official
cake repository.
Point LEDE to the official repository.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
The libtool target package stages its files into the host staging directory
and moves the libltdl library parts from there into the target staging
directory afterwards.
By doing so, the package essentially renders the host libtool infrastructure
unusable, leading to the below error in subsequent package builds:
libtoolize: $pkgltdldir is not a directory: `.../hostpkg/share/libtool`
Prevent this problem by using a dedicated libltdl install prefix in order to
avoid overwriting and moving away preexisting files belonging to tools/libtool.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
c13b6a0 dhcpv6: fix white space error
e9d80cc dhcpv6: trigger restart of DHCPv6 state machine when not
receiving statefull options
c7122ec update README
419fb63 dhcpv6: server unicast option support
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The name will appear in shell prompt and LuCI page title. Uppercase
letters seem to be more vigorous
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
A given signal-name is now converted to the corresonding number. In general
it's good style to use names (readability) and it's more portable: signal
numbers can be architecture-dependent, so we are more safe giving names.
A real world example is signal 10, which is BUS on ramips and USR1 on PPC.
All users of 'procd_send_signal' must change their code to reflect this.
Signed-off-by: Bastian Bittorf <bb@npl.de>
When relying on x.509 certs for auth and / or encryption of traffic you can't
use package openvpn-nossl.
Just have your package depend on openvpn-crypto to have SSL-encryption and
X.509-support enabled in OpenVPN. If encryption / X.509 is not a must, use
virtual packge openvpn, which is provided by all OpenVPN-variants.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
ap_setup_locked is named wps_ap_setup_locked in uci for consistency with other
wps related uci options.
Signed-off-by: Steven Honson <steven@honson.id.au>
The author of the upstream mwlwifi edited the history of the previous commit.
This commit not only fixes the updated hash but also sends in the latest
commits he made to the code which are mainly testing.
Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
Clarify opkg's messages related to downloads:
* more visible error message for package list download failure
* separate error message for signature file download error
* if wget returns 4, signal the network error more clearly
* remove '.' from end of filenames and URLs
* try signature check only if the package list was downloaded ok.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
- Adds support for passing file descriptors in ubus invoke requests
- Fixes clearing pending timers on ubus_shutdown()
- Fixes checking the amount of written data in ubusd
- Fixes an ubusd crash when trying to subscribe to system objects
Signed-off-by: Felix Fietkau <nbd@nbd.name>
The condition is always true due to the literal string followed the
-n test parameter. A model name set by target scripts always gets
overwritten this way.
Change the condition to check for an already existing destination file
as it was before 5e85ae9 ("base-files: fix error message during boot").
Signed-off-by: Mathias Kresin <dev@kresin.me>
HTB and TBF are the basic traffic shapers used by sqm-scripts. Moving
these into kmod-sched-core enables sqm-scripts to downgrade its
dependency from kmod-sched to kmod-sched-core, potentially making it
useful on devices with smaller flash sizes.
This adds around 30k to the size of kmod-sched-core (20k for sch_htb.ko
and 10k for sch_tbf.ko).
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Updates to openvpn.init were included in early OpenVPN 2.4 patch
series, but got lost along the way and were never merged.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
This fixes the following security problems:
CVE-2017-3731: Truncated packet could crash via OOB read
CVE-2017-3732: BN_mod_exp may produce incorrect results on x86_64
CVE-2016-7055: Montgomery multiplication may produce incorrect results
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
If only a single opkg control file exists (which can happen with
CONFIG_CLEAN_IPKG), grep would not print the file name by default. Instead
of forcing it using -H, we just switch to -l (print only file names) and
get rid of the cut.
Add -s to suppress an error message when no control files exist.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
The radio would stop communicating completely. This issue was easiest to
trigger on AR913x devices, e.g. the TP-Link TL-WR1043ND, but other
hardware was occasionally affected as well.
The most critical issue was a race condition in disabling/enabling IRQs
between the IRQ handler and the IRQ processing tasklet
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This reverts commit c296ba834d.
According to several reports, the issues with the airtime fairness
changes are gone in current versions.
It's time to re-apply the patch now.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
There was a bug in brcmfmac patch that could result in treating random
memory as source of country codes.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
The hostapd_append_wpa_key_mgmt() procedure uses the possibly uninitialized
$ieee80211r and $ieee80211w variables in a numerical comparisation, leading
to stray "netifd: radio0 (0000): sh: out of range" errors in logread when
WPA-PSK security is enabled.
Ensure that those variables are substituted with a default value in order to
avoid emitting this (harmless) shell error.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add PROVIDES:=openvpn to the default recipe in order to let all build variants
provide a virtual openvpn package.
The advantage of this approach is that downstream packages can depend on just
"openvpn" without having to require a specific flavor.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The last two parameters passed between user space tc and kernel space
sched-cake were transposed due to a merge mistake in a parameter header
file.
As such, using a packet overhead figure was likely to set cake to wash
packet DSCP values. Similarly, the DSCP wash flag was used as an offset
to the displayed packet overhead value.
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Update to 1.2.11 as suggested by upstream
Also add SF as primary source and main site as fallback
Note: SF doesn't carry the 1.2.11 update yet.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>