* compat: drop centos 8.1 support as 8.2 is now out
Of note, as well, is that we now have both RHEL7 and RHEL8 in our CI at
<https://www.wireguard.com/build-status/>.
* Kbuild: remove -fvisibility=hidden from cflags
This fixes an issue when compiling wireguard as a module for ARM kernels in
THUMB2 mode without the JUMP11 workaround.
* noise: do not assign initiation time in if condition
Style fix.
* device: avoid circular netns references
Fixes a circular reference issue with network namespaces.
* netns: workaround bad 5.2.y backport
This works around a back backport in the 5.2.y series.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
mac80211_get_addr is called from mac80211_generate_mac, where the local variable
initialisation id="${macidx:-0}" suggests that macidx is not always defined.
Probably, idx was supposed to be used instead of $(($macidx + 1)).
Fixes: 4d99db168c ("mac80211: try to get interface addresses from wiphy sysfs 'addresses' if no mask is set")
Signed-off-by: Leon M. George <leon@georgemail.eu>
urandom-seed has a separate Makefile, we can safely remove the definition here.
Fixes: 27bfde9c9f ("base-files: move urandom seed bits into separate package")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.
This follows up 3519bf4976
As a result, we also need to move the and/or out of the test brackets.
Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
[squash from two patches, adjust commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The original text was copy/pasted from some other package.
Adjust the package title and description to match the description
on the publishers page.
Signed-off-by: Catalin Patulea <catalinp@google.com>
[slightly adjust content and commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
- drop patches (applied upstream):
* 010-backport-change-address-logging.patch
* 020-backport-ed25519-support.patch
* 021-backport-chacha20-poly1305-support.patch
- backport patches:
* 010-backport-disable-toom-and-karatsuba.patch:
reduce dropbear binary size (about ~8Kb).
- refresh patches.
- don't bother anymore with following config options
because they are disabled in upstream too:
* DROPBEAR_3DES
* DROPBEAR_ENABLE_CBC_MODE
* DROPBEAR_SHA1_96_HMAC
- explicitly disable DO_MOTD as it was before commit a1099ed:
upstream has (accidentally) switched it to 0 in release 2019.77,
but reverted back in release 2020.79.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
This replace the shell script header of ldd
when it install to `/usr/bin/ldd` where
`#! /..../staging_dir/host/bin/bash`
should be
`#!/bin/sh`
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
Previously, gpio_switch only accepts GPIO pin number as input. Once a
GPIO pin is exported and named by device tree, its pin state cannot be
configured and saved across reboots by UCI.
This patch adds support for named GPIO pins. Thus GPIO pin can be
exported by device tree with active high/low correctly configured,
having human-readable name in /sys/class/gpio/ is also now possible.
More importantly, GPIO pins which are referenced by name will be immune
from pin mapping breakage while unintentional pin number changes are
introduced by kernel or driver updates.
Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
This option allows adding the ath9k ADC register output as a source
of randomness into the Linux entropy pool at sufficient quality
random data (at least 10 bits and up to 22 bits of min-entropy for
a 32-bit value).
Fixes FS#1444
Signed-off-by: Alan Swanson <reiver@improbability.net>
Ubus patch as it seems have been broken by some rebase in the past as
the location of line that adds ubus object file was in condition for
CONFIG_MACSEC. That condition was adding object files that are not
touched by ubus patch. This means ubus.o does not have to be included in
that case. When it has to be and when build fails is when CONFIG_AP is
set. All files included in wpa_supplicant that are touched by this patch
are in this condition. This means that this is for sure the original
place for it.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.
Stack smashing protection configuration options are now uniform
across all supported libc variants.
This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.
Signed-off-by: Ian Cooper <iancooper@hotmail.com>
After a hardware reconnect, the control device might be unavailable and
attempting to interact with it will lead to hanging gcom calls, leaving
the protocol setup in an unrecoverable state.
Change the protocol handler to bail out early and notify netifd if the
control device is not defined or if the underlying device node does not
exist.
Also ensure that the "disconnect", "connect" and "setmode" commands are
actually defined before trying to invoke them.
Finally attempt to re-query the device manufacturer if it is unset in
the interface state in order to prevent UNUPPORTED_MODEM errors after
a modem hardware reconnect.
Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com>
[reword subject and commit message]
Ref: https://github.com/openwrt/openwrt/pull/2352
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Pass a default --up and --down executable to each started OpenVPN instance
which triggers /etc/hotplug.d/openvpn/ scripts whenever an instance
goes up or down.
User-configured up and down scripts are invoked by the default shipped
01-user hotplug handler to ensure that existing setups continue to work
as before.
As a consequence of this change, the up, down and script_security OpenVPN
options are removed from the option file, since we're always passing them
via the command line, they do not need to get included into the generated
configuration.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[reword commit message, move hotplug executable to /usr/libexec]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
All devices are using nand images. Built-in MMC/SD modules are not needed
anymore.
Run tested: pogo v4
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Bringing up of station vlan fails if the optional mac entry isn't set.
The default mac "00:00:00:00:00:00", which should match all stations,
is mistakenly set to the non used variable "isolate". This results in
a wrong formatted .psk file which has to be "vlan_id mac key".
fixes: 5aa2ddd0: hostapd: add support for wifi-station and wifi-vlan sections
Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
SOC: IPQ4018 / QCA Dakota
CPU: Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM: 256 MiB
NOR: 32 MiB
ETH: Qualcomm Atheros QCA8072 (2 ports)
USB: 1 x 2.0 (Host controller in the SoC)
WLAN1: Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2: Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT: RESET Button
LEDS: White, Blue, Red, Orange
Flash instruction:
From EnGenius firmware to OpenWrt firmware:
In Firmware Upgrade page, upgrade your openwrt-ipq40xx-generic-engenius_emr3500-squashfs-factory.bin directly.
From OpenWrt firmware to EnGenius firmware:
1. Setup a TFTP server on your computer and configure static IP to 192.168.99.8
Put the EnGenius firmware in the TFTP server directory on your computer.
2. Power up EMR3500. Press 4 and then press any key to enter u-boot.
3. Download EnGenius firmware
(IPQ40xx) # tftpboot 0x84000000 openwrt-ipq40xx-emr3500-nor-fw-s.img
4. Flash the firmware
(IPQ40xx) # imgaddr=0x84000000 && source 0x84000000:script
5. Reboot
(IPQ40xx) # reset
Signed-off-by: Yen-Ting-Shen <frank.shen@senao.com>
[squashed update patch, updated to 5.4, dropped BOARD_NAME,
migrated to SOC]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
IPKG_INSTROOT is only set under image builder and we won't be running
this script at build time either, so remove the reference before it gets
cargo-culted into other scripts.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
The folder for the uci-defaults file of this package is wrong, so
the file most probably has not been executed at all for several
years at least.
Fix the folder and remove the useless shebang for the file.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The Netgear WNDRMAC v1 is a hardware variant of the Netgear WNDR3700 v2
Specifications
==============
* SoC: Atheros AR7161
* RAM: 64mb
* Flash on board: 16mb
* WiFi: Atheros AR9220 (a/n), Atheros AR9223 (b/g/n)
* Ethernet: RealTek RTL8366SR (1xWAN, 4xLAN, Gigabit)
* Power: 12 VDC, 2.5 A
* Full specs on [openwrt.org](https://openwrt.org/toh/hwdata/netgear/netgear_wndrmac_v1)
Flash Instructions
==================
It is possible to use the OEM Upgrade page to install the `factory`
variant of the firmware.
After the initial upgrade, you will need to telnet into the router
(default IP 192.168.1.1) to install anything. You may install LuCI
this way. At this point, you will have a web interface to configure
OpenWRT on the WNDRMAC v1.
Please use the `sysupgrade` variant for subsequent flashes.
Recovery Instructions
=====================
A TFTP-based recovery flash is possible if the need arises. Please refer
to the WNDR3700 page on openwrt.org for details.
https://openwrt.org/toh/netgear/wndr3700#troubleshooting_and_recovery
Signed-off-by: Renaud Lepage <root@cybikbase.com>
[update DTSI include name]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Bump to latest Git and refresh all patches in order to get fix for "UPnP
SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695).
General security vulnerability in the way the callback URLs in the UPnP
SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
Some of the described issues may be applicable to the use of UPnP in WPS
AP mode functionality for supporting external registrars.
Ref: https://w1.fi/security/2020-1/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
d13290b Fix advertised IPv6 addresses
Don't just serve link-local addresses via mdns, offer all.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
When bringing up wifi the first time after boot, these warnings appear:
netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.psk': No such file or directory
netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.vlan': No such file or directory
Silence them by adding the "-f" option to rm.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
This updates to the last firmware version before the switch to building
from the common firmware branch, which introduces various issues.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
This reverts commit 9e467a764b.
The Raspberry Pi firmware recently switched to building from the common
firmware branch. This introduces changes in the core clock handling,
causing various issues.
E.g. enable_uart=1 no longer fixes the core clock frequency to 250MHz.
When the disable-bt DT overlay is not loaded, the core clock frequency
is increased to 400MHz. As a result, the UART baud rate is no longer
correct, and this causes garbled serial console, or communication
problems with HATs that use the UART.
As a workaround, the core clock could be fixed to 250MHz by adding
'core_freq=250' in /boot/config.txt, but as there appear to be other
issues than just the UART being broken, the safer bet is to revert the
firmware for now.
Upstream bug: https://github.com/raspberrypi/firmware/issues/1376
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
As reported in https://github.com/openwrt/packages/issues/12072, the
imagebuilder fails due to a dependency resolution error when the userspace
packages are built using a target that has a different kernel version than
that which is being run. To resolve this, add a virtual kernel package with
the conditional dependency currently used in sqm-scripts. The idea is to
move the sqm-scripts dependency to this virtual package, which hopefully
should be consistent with the actual kernel module being built.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
The Linksys devices in mvebu target feature a mixed naming,
where parts are based on the official product name (device
node, image; e.g. WRT3200ACM) and parts are based on the
internal code name (DTS file name, compatible, LED labels;
e.g. rango). This inconsistent naming has been perceived
as quite confusing.
A recent attempt by Paul Spooren to harmonize this naming
in kernel has been declined there. However, for us it still
makes sense to apply at least a part of these changes
locally.
Primarily, this patch changes the compatible in DTS and thus
the board name used in various scripts to have them in line
with the device, model and image names. Due to the recent
switch from swconfig to DSA, this allows us to drop
SUPPORTED_DEVICES and thus prevent seamless upgrade between
these incompatible setups.
However, this does not include the LED label rename from
Paul's initial patch: I don't think it's worth keeping the
enormous diff locally for this case, as we can implement
this much easier in 01_leds if we have to live with the
inconsistency anyway.
Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, extend to all devices, drop DT LED changes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Remove dependencies on core kernel headers in host tools used to build perf,
which break on any non-linux system
Signed-off-by: Felix Fietkau <nbd@nbd.name>
This patch adds support for 2 new uci sections.
config wifi-vlan
# iface is optional. if it is not defined the vlan will apply
# to all interfaces
option iface default_radio0
option name guest
option vid 100
option network guest
config wifi-station
# iface is optional. if it is not defined the station will apply
# to all interfaces
option iface default_radio0
# mac is optional. if it is not defined it will be a catch all
# for any sta using this key
option mac '00:11:22:33:44:55'
# vid is optional. if it is not defined, the sta will be part of
# the primary iface.
option vid 100
option key testtest
With this patch applied it is possible to use multiple PSKs on a single BSS.
Signed-off-by: John Crispin <john@phrozen.org>
db275e1 interface-ip: fix build on non-linux systems
3392046 system-dummy: fix missing return
a56b457 netifd: wireless: add support for tracking wifi-station sections
4ce33ce netifd: wireless: add support for tracking wifi-vlan sections
Signed-off-by: John Crispin <john@phrozen.org>
Add kmod for the ST LSM6DSX IMU driver.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
[fixed missing regmap module dependencies]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
32-bit x86 fail to compile fast-math feature when compiled with frame
pointer, which uses a register used in a couple of inline asm functions.
Previous versions of wolfssl had this by default. Keeping an extra
register available may increase performance, so it's being restored for
all architectures.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This will be moved to packages:
https://github.com/openwrt/packages/pull/12378
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[commit subject facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Does not seem to be needed here. This will be imported into packages.
Ref: https://github.com/openwrt/packages/pull/12256
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[subject facelift, PR ref]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
No package in base uses libconfig. Everything is in the packages feed.
Ref: https://github.com/openwrt/packages/pull/12255
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[subject facelift, PR ref]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Since commit 910df3f06c we have build in
on all X86/64 platforms the gpio-it87 driver.
Since this change I am getting the following error message on boot.
> kern.err kernel: [ 1.009416] gpio_it87: no device
I do not have this device on my system. To prevent the nonsensical
message and the loading of the module I have added this as a package, so
that it can be installed later or during image building.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
Due to filesystem write caching the old configuration data could stay
out of flash for a long time during a first boot after the sysupgrade.
Power loss during this period could damage the overlay data and even
make device inaccessable via the network.
Fix this by syncing data to a flash as soon as the previous
configuration will be unpacked after the sysupgrade. Also sync the FS
state after the sysupgrade.tgz archive removing to prevent duplicative
extraction of a previous configuration.
Tested with AMD Geode based board.
Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
This changes the ide-disk LED trigger to the generic disk-activity as
ide-disk trigger was removed in upstream commit eb25cb9956cc ("leds:
convert IDE trigger to common disk trigger").
Signed-off-by: Thomas Albers <thomas.gameiro@googlemail.com>
[split into separate commit, commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Jason A. Donenfeld
Leon M. George
Sungbo Eo
Sven Roederer
Catalin Patulea
Konstantin Demin
Chen Minqiang
Kuan-Yi Li
Alan Swanson
Karel Kočí
Ian Cooper
Rozhuk Ivan
Florian Eckert
Daniel Golle
Pawel Dembicki
Hans Dedecker
Johann Neuhauser
Yen-Ting-Shen
Stijn Tintel
Kevin Darbyshire-Bryant
Adrian Schmutzler
Renaud Lepage
Felix Fietkau
Christian Lamparter
Petr Štetiar
Toke Høiland-Jørgensen
Paul Spooren
John Crispin
Tim Harvey
Eneas U de Queiroz
Rosen Penev
Sergey Ryazanov
Michael Heimpold
Thomas Albers