aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* bsdiff: Add patches for CVEsHauke Mehrtens2023-10-094-13/+433
| | | | | | | | | | | | | Add two patches from Debian fixing CVEs in the bsdiff application. CVE-2014-9862: Heap vulnerability in bspatch CVE-2020-14315: Memory Corruption Vulnerability in bspatch Copied the patches from this location: https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/20-CVE-2014-9862.patch https://salsa.debian.org/debian/bsdiff/-/blob/debian/latest/debian/patches/33-CVE-2020-14315.patch Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit cac723e8b8748938b8d80603578c60189fc32b24)
* kernel: bump 5.15 to 5.15.134John Audia2023-10-086-37/+6
| | | | | | | | | | | | | | | | | | Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.134 Removed upstreamed: generic/backport-5.15/894-Fix-up-backport-for-13619703038.patch[1] All other patches automatically rebased. 1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.134&id=d7acb7031758141225844bea073860b48fd92092 Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit ac3a5911daeaecc04c6ffd03027b6b75fa4472d2)
* kernel: bump 5.15 to 5.15.133John Audia2023-10-0815-181/+62
| | | | | | | | | | | | | | | | | | | Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.133 Removed upstreamed: bcm47xx/patches-5.15/101-v5.18-mtd-rawnand-brcmnand-Allow-SoC-to-provide-I-O-operations.patch[1] Cherry picked build fix.[2] All other patches automatically rebased. 1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.133&id=56cf9f446b331414a15ef0e8dedf23583ec2c427 2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.15/fix-up-backport-of-136191703038-interconnect-teach-l.patch Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 89895937dd4a24446b7bfd067398b4f7e73dc7b5)
* toolchain: glibc: Update glibc 2.37 to recent HEADHauke Mehrtens2023-10-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the following changes: b4f76ecc9e Ignore MAP_VARIABLE in tst-mman-consts.py f5d377c896 __check_pf: Add a cancellation cleanup handler [BZ #20975] 0e3e9dbb0e Document BZ #20975 fix e2974d26ce io: Fix record locking contants on 32 bit arch with 64 bit default time_t (BZ#30477) 3593050c27 io: Fix F_GETLK, F_SETLK, and F_SETLKW for powerpc64 8dcb1a5181 hppa: xfail debug/tst-ssp-1 when have-ssp is yes (gcc-12 and later) 0930ff8eb3 realloc: Limit chunk reuse to only growing requests [BZ #30579] 3f4b4e2cdd elf: _dl_find_object may return 1 during early startup (bug 30515) 260d4b742b nptl: Fix tst-cancel30 on sparc64 58f7431fd7 sparc: Fix la_symbind for bind-now (BZ 23734) 1caf955269 x86: Increase `non_temporal_threshold` to roughly `sizeof_L3 / 4` 80a8c858a5 x86: Fix slight bug in `shared_per_thread` cache size calculation. cc8243fb0b x86: Use `3/4*sizeof(per-thread-L3)` as low bound for NT threshold. f94ff95e93 x86: Fix incorrect scope of setting `shared_per_thread` [BZ# 30745] 0d500bfdc0 hurd: Make exception subcode a long be26b29262 io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64 3d24d1903d elf: Do not run constructors for proxy objects a7e34a6675 elf: Always call destructors in reverse constructor order (bug 30785) bdb594afa5 elf: Remove unused l_text_end field from struct link_map 1a7cbe52c8 elf: Move l_init_called_next to old place of l_text_end in link map b752934602 CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode 6529a7466c (HEAD) getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) 79310b45af x86/dl-cacheinfo: remove unsused parameter from handle_amd 9d5c6e27ed x86: Fix for cache computation on AMD legacy cpus. 4473d1b87d Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843] 94ef701365 Document CVE-2023-4806 and CVE-2023-5156 in NEWS 2dfd8c77b5 i686: Regenerate ulps b4e23c75ae tunables: Terminate if end of input is reached (CVE-2023-4911) Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit e66eed033f9f9d27fc839d81d3a03d4fad1b9b5b)
* realtek: 5.15: rtl93xx: support 2500baseT and 5000baseT on USXGMII linksTobias Schramm2023-10-081-1/+4
| | | | | | | | | | | | | | | | | | The USXGMII implementation of Realtek switches can not only support 10GbE but also 2.5Gb and 5Gb on top of the usual data rates. Mark those as supported to allow them to be negotiated. This change has been tested on a ZyXEL XGS1250-12 with the following link partners: - NWA50AX Pro (2.5Gb) - RTL8152 USB NIC (2.5Gb) - AQC111 USB NIC (2.5Gb & 5Gb) Gbit and 10GbE has also been tested to still work fine with a variety of devices. Signed-off-by: Tobias Schramm <tobias@t-sys.eu> (cherry picked from commit cd56a682326f9de4d77ee3afb99d13d25c478c08)
* rtl83xx: fix STP by trapping BPDUsRudolf Vesely2023-10-081-1/+1
| | | | | | | | | | | | Fix Spanning Tree Protocol (STP) by changing COPY2CPU which currently makes switch to ignore Bridge Protocol Data Units (BPDUs). Tested on Zyxel GS1900-8, 24 and 48. Signed-off-by: Rudolf Vesely <i@rudolfvesely.com> [ improve commit description and add new line in different sections ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 41fcc617f94601072d304f2f68e12cf1dd058707)
* uqmi: added timeout to fix hanging qmi.shUwe Niethammer2023-10-081-0/+2
| | | | | | | | | | | Modems which are using qmi do not reply on the 1st sync but they do on subsequent. So qmi.sh is hanging on the first call. Since 2020 uqmi supports a timeout parameter. Unfortunately qmi.sh didn't make use of this parameter. So qmi.sh is now invoking an early dummy access to unlock the modem Signed-off-by: Uwe Niethammer <uwe@dr-niethammer.de> (cherry picked from commit 32a696f9e419ebec5b166847a16a5a45d030acbd)
* yafut: add missing PKG_MIRROR_HASHChristian Marangi2023-10-081-0/+1
| | | | | | | | Add missing PKG_MIRROR_HASH. This is always needed as is used to generate and use a tar instead of git clone and validate the hash of it. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit a181b9f0f9269525319024f53d83c7efe9da544b)
* generic: add patch for GPON-ONU-34-20BI quirkChristian Marangi2023-10-054-5/+39
| | | | | | | Backport patch merged upstream adding quirk for SFP GPON-ONU-34-20BI. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 86dadeba482e2ed41f1ccc95fc7739d85a5709c0)
* CI: push-containers: refresh containers also on modify cmake optionsChristian Marangi2023-10-041-0/+1
| | | | | | | Refresh containers also on modify of cmake options in the include file. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit b40c0b54bde81243974cada51cb9a44736c773b3)
* CI: push-containers: fix concurrency groupChristian Marangi2023-10-041-1/+1
| | | | | | | | Fix concurrency group for push-containers workflow to handle running on different branches. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 4c2eab1c27defd154adcd0c4454248112815ffcc)
* rtl93xx: fix condition intended to only select internal serdes portsPeter Körner2023-10-031-1/+1
| | | | | | | | | | | | | | This condition was introduced in commit 51c8f7661244 ("realtek: Improve MAC config handling for all SoCs") to correctly report the speed of the internal serdes ports as 10G, but instead makes all ports read 10G because the or-operator should have been an and-operator. Fixes: #9953 Fixes: 51c8f7661244 ("realtek: Improve MAC config handling for all SoCs") Signed-off-by: Peter Körner <git@mazdermind.de> [ wrap comment to 72 column and improve commit ref ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 9fb5082e258ac4672dc69636e5eb79f426defac8)
* ramips: fix Mercusys MR70X LAN port assignmentsAndreas Böhler2023-10-021-0/+1
| | | | | | | | | A bug report in the forum found that the MR70X lists four LAN ports in LuCI while it has only three. This adds the device to the network setup file to fix the issue. Identified-by: Forum User "Lexeyko" Signed-off-by: Andreas Böhler <dev@aboehler.at>
* OpenWrt v23.05.0-rc4: revert to branch defaultsHauke Mehrtens2023-09-295-11/+9
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v23.05.0-rc4: adjust config defaultsv23.05.0-rc4Hauke Mehrtens2023-09-295-9/+11
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: increase PKG_RELEASE to fix buildsNick Hainke2023-09-291-1/+1
| | | | | | | | Recent hostapd changes just edited the ucode files. It is required to bump the PKG_RELEASE to include the newest changes in the latest builds. Signed-off-by: Nick Hainke <vincent@systemli.org> (cherry picked from commit 91d2ead3c3bf75b279f861ad5d11b64bf31478f0)
* hostapd: fix wpa_supplicant mac address allocation on ap+staFelix Fietkau2023-09-281-9/+10
| | | | | | | | | | | | If the full interface is restarted while bringing up an AP, it can trigger a wpa_supplicant interface start before wpa_supplicant is notified of the allocated mac addresses. Fix this by moving the iface_update_supplicant_macaddr call to just after the point where mac addresses are allocated. Reported-by: Michael-cy Lee (李峻宇) <Michael-cy.Lee@mediatek.com> Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit abceef120d57bf066941882630a76788eb4985a9)
* mpc85xx: add Enterasys WS-AP3715i reset buttonDavid Bauer2023-09-271-0/+11
| | | | | | | | The reset button was missing from the Enterasys WS-AP3715i DTS. Add the node required for making the reset button work. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 0e8641d3b08bf8b9eac8e3338faf11cc058a5124)
* treewide: Add extra CPE identifierHauke Mehrtens2023-09-274-0/+4
| | | | | | | This adds some Common Platform Enumerations (CPE) identifiers which I found. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* toolchain: musl: add PKG_CPE_IDArne Zachlod2023-09-271-0/+1
| | | | | | | Vulnerabilities of musl libc are tracked as cpe:/a:musl-libc:musl Signed-off-by: Arne Zachlod <arne@nerdkeller.org>
* toolchain: assign PKG_CPE_IDAlexander Couzens2023-09-276-0/+6
| | | | | | | | | The PKG_CPE_ID links to NIST CPE version 2.2. Assign PKG_CPE_ID to all remaining package which have a CPE ID. Not every package has a CPE id. Related: https://github.com/openwrt/packages/issues/8534 Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* tools: assign PKG_CPE_IDAlexander Couzens2023-09-279-0/+10
| | | | | | | | | The PKG_CPE_ID links to NIST CPE version 2.2. Assign PKG_CPE_ID to all remaining tools which have a CPE ID. Not every tool has CPE id. Related: https://github.com/openwrt/packages/issues/8534 Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* packages: assign PKG_CPE_ID for all missing packagesAlexander Couzens2023-09-2714-0/+14
| | | | | | | | | The PKG_CPE_ID links to NIST CPE version 2.2. Assign PKG_CPE_ID to all remaining package which have a CPE ID. Not every package has CPE id. Related: https://github.com/openwrt/packages/issues/8534 Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* hostapd: fix mac address of interfaces created via wdev.ucFelix Fietkau2023-09-271-1/+1
| | | | | | | Use the wdev config with the generated MAC address Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 0c43a48735959245f18d79a6e908d3b45cff0a94)
* hostapd: fix rare crash with AP+STA and ACS enabledFelix Fietkau2023-09-271-13/+14
| | | | | | | | Ensure that the iface disable in uc_hostapd_iface_start also clears the ACS state. Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit f1bb528ae7631c60b95499b7e8a1948c3e6a42f0)
* mpc85xx: drop WS-AP3715i label-macDavid Bauer2023-09-261-1/+0
| | | | | | | | Label MAC detection does not work properly, as MAC address is assigned on preinit. Thus, remove the label-mac definition. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit cd14b17cb00cda45819739aa63422a090e3f80e1)
* ipq806x: 5.15: revert upstream commit to fix #11676Oskari Lemmela2023-09-261-0/+155
| | | | | | | | | | Commit d5a05e69ac6e4 ("net: stmmac: Use hrtimer for TX coalescing") causes high CPU usage due to hrtimer raw spin locks. Fixes: #11676 Signed-off-by: Oskari Lemmela <oskari@lemmela.net> [ renumber and rename revert patch ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* kernel: bump 5.15 to 5.15.132John Audia2023-09-25115-446/+331
| | | | | | | | | | | | | | | | | | | | | | | | Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.132 Removed upstreamed: bcm53xx/patches-5.15/037-v6.6-0006-ARM-dts-BCM53573-Add-cells-sizes-to-PCIe-node.patch[1] bcm53xx/patches-5.15/037-v6.6-0007-ARM-dts-BCM53573-Use-updated-spi-gpio-binding-proper.patch[2] bcm53xx/patches-5.15/037-v6.6-0008-ARM-dts-BCM5301X-Extend-RAM-to-full-256MB-for-Linksy.patch[3] All other patches automatically rebased. 1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.132&id=b35f3ca1877e024887df205ede952863d65dad36 2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.132&id=2840d9b9c8750be270fb1153ccd5b983cbb5d592 3. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.132&id=f086e859ddc252c32f0438edff241859c0f022ce Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit ac422c9788fbb3510b1fddaefc8816bea6601479) [Refresh on top of OpenWrt 23.05] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* kernel: bump 5.15 to 5.15.131John Audia2023-09-255-7/+7
| | | | | | | | | | | | | | | Changelog: https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.131 All patches automatically rebased. Build system: x86_64 Build-tested: ramips/tplink_archer-a6-v3 Run-tested: ramips/tplink_archer-a6-v3 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit 58bb5e147ae50391c29c53890f47e3a5420bbfad) [Refresh on top of OpenWrt 23.05] Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* ipq40xx: ZTE MF287 fix sysupgradeAndreas Böhler2023-09-251-0/+1
| | | | | | | | While refactoring support for the MF287 series, an entry in platform.sh was overlooked - this fixes sysupgrade on this devices. Signed-off-by: Andreas Böhler <dev@aboehler.at> (cherry picked from commit 964b576fc133019d0379983df597e4eb343cd635)
* ccache: add missing \Oskari Rauta2023-09-241-1/+1
| | | | | | | -DREDIS_STORAGE_BACKEND=OFF option is ignored due to missing \ Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com> (cherry picked from commit b61ac68b67427ce2eb2c81fa647a21d88ddd2a82)
* openssl: update to 3.0.11Ivan Pavlov2023-09-241-2/+2
| | | | | | | | Changes between 3.0.10 and 3.0.11 [19 Sep 2023] * Fix POLY1305 MAC implementation corrupting XMM registers on Windows. ([CVE-2023-4807]) Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com> (cherry picked from commit bfd54529fac075eeb70f2408042e0da03b5ec8cc)
* procd: create /dev/fd symlinkErik Karlsson2023-09-242-1/+2
| | | | | | | | | This is needed for ksh/bash style process substitution such as <(command) and >(command) which was introduced in ash as of busybox version 1.34.0 to work. Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu> (cherry picked from commit fdce970dbb47a6f91b08bdac21a098e77926549f)
* wireless-regdb: update to 2023.09.01Yuu Toriyama2023-09-241-2/+2
| | | | | | | | | | | | Changes: 9dc0800 wireless-regdb: Update regulatory rules for Philippines (PH) 111ba89 wireless-regdb: Update regulatory rules for Egypt (EG) from March 2022 guidelines ae1421f wireless-regdb: Update regulatory info for Türkiye (TR) 20e5b73 wireless-regdb: Update regulatory rules for Australia (AU) for June 2023 991b1ef wireless-regdb: update regulatory database based on preceding changes Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com> (cherry picked from commit 0e13363de6879a1a8b7d4d2739c92122f2df693e)
* mvebu: cortexa72: enable USB PHYTomasz Maciej Nowak2023-09-241-0/+1
| | | | | | | | | | Since kernel 5.13 this is needed to enable USB ports on all devices in subtarget. Previously TF-A and COMPHY driver might have set up this PHY, but not anymore. Signed-off-by: Tomasz Maciej Nowak <tmn505@gmail.com> Tested-by: Robert Marko <robimarko@gmail.com> (cherry picked from commit eac192843030d16046a0d603284c2b4c89822431)
* ipq40xx: ZTE MF287 series: move to gpio-export for modem-reset GPIOAndreas Böhler2023-09-244-27/+20
| | | | | | | | | | Turn the "gpio-restart" node into a "gpio-export" node for all MF287 variants, similar to the MF287 Pro. Unfortunately, there doesn't seem to be a "power button blocker" GPIO for the MF287 and MF287 Plus, so a modem reset always triggers a system reset. Signed-off-by: Andreas Böhler <dev@aboehler.at> (cherry picked from commit 053f8f92d1395fa5d33b0b8f2fef44a4b926c112)
* ipq40xx: refactor ZTE MF287 seriesAndreas Böhler2023-09-248-7/+260
| | | | | | | | | The ZTE MF287 requires a different board calibration file for ath10k than the ZTE MF287+. The two devices receive their own DTS, thus the device tree is slightly refactored. Signed-off-by: Andreas Böhler <dev@aboehler.at> (cherry picked from commit 9c7578d560708c040dc04d0db37ef682db58f6b5)
* hostapd: fix patch rebase after a crash fixFelix Fietkau2023-09-221-5/+5
| | | | | | | | | The patch refresh accidentally moved the hostapd_ucode_free_iface call to the wrong function Fixes: e9722aef9e84 ("hostapd: fix a crash when disabling an interface during channel list update") Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 3a5ad6e3d74da713c0fc7d63b8026a56d16e198b)
* hostapd: fix wpa_supplicant bringup with non-nl80211 driversFelix Fietkau2023-09-221-0/+17
| | | | | | | Needed for wired 802.1x Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit fd6d7aafb2c3d335a3d192c308ffdace8d292e9f)
* mpc85xx: correct WS-AP3715i eth LED assignmentDavid Bauer2023-09-211-1/+4
| | | | | | | | Ethernet LED assignments were incorrectly swapped. Fix the assignment logic so the correct LED is illuminated for the LAN LEDs. Signed-off-by: David Bauer <mail@david-bauer.net> (cherry picked from commit 80374177449ab7fadcf7c9cd9693cc0e92feba8d)
* hostapd: add missing NULL pointer check in uc_hostapd_iface_stopFelix Fietkau2023-09-201-0/+3
| | | | | | | Avoid crashing if the interface has already been removed Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 4145ff4d8a29c1c7a1569bb06fa4d1fe9808c94f)
* hostapd: fix a crash when disabling an interface during channel list updateFelix Fietkau2023-09-202-4/+32
| | | | | Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit e9722aef9e84110331706f74f7de0942c8d657ed)
* package: base-files: turn error into warningLeon M. Busch-George2023-09-191-2/+1
| | | | | | | | | | | | | | Some users have their routers configured to supply a DHCP range that includes the local interface address. That worked with dnsmasq because it automatically skips the local address. Re-enable those existing configurations for the release and hint at possible future problems. Signed-off-by: Leon M. Busch-George <leon@georgemail.eu> [ wrap commit description and remove unecessary text ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* netifd: update to the latest versionFelix Fietkau2023-09-191-3/+3
| | | | | | | 7a58b995fdbe wireless: update prev_config on SET_DATA notify Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit f52e008d045302976d2ff40f35e91b84a5678d12)
* hostapd: use phy name for hostapd interfaces instead of first-bss ifnameFelix Fietkau2023-09-193-9/+21
| | | | | | | Improves reliability in error handling Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit a511480368a03f754aa6ce7887633247a07ea166)
* mac80211: fix AP reconfiguration on DFS channels in non-ETSI regdomainFelix Fietkau2023-09-182-2/+151
| | | | | | | Allow grace period for DFS available after shutting down beacons on the channel Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 16889141d99d3ec1410f3b4dc22de4022dbe9057)
* netifd: update to the latest versionFelix Fietkau2023-09-182-36/+3
| | | | | | | | | | | f429bd94f99e system-linux: switch to new ETHTOOL_xLINKSETTINGS API 1a07f1dff32b make_ethtool_modes_h.sh: apply anti-bashism 3d425f16d6a6 wireless: rework and fix vlan/station config reload handling 88a3a9e2be07 wireless: clean up prev_config handling afcd3825dad9 wireless: dynamically enable/disable virtual interfaces base on network interface autostart Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit a33f1d35155cf9579065ed76bd17e991d165170e)
* hostapd: select libopenssl-legacy for openssl variantsFelix Fietkau2023-09-181-7/+8
| | | | | | | Without it, a lot of authentication modes fail without obvious error messages Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 560965d5826626e3be8c1f1db194db43cc7002cf)
* hostapd: remove eap-eap192 auth type valueFelix Fietkau2023-09-181-12/+4
| | | | | | | It is no longer used Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit b0501d380f65ae9f82173b35b820c9c6adb92493)
* netifd: update to the latest versionFelix Fietkau2023-09-181-3/+3
| | | | | | | | | | | | | | | | | | | | db3934d2f740 scripts/netifd-wireless.sh: properly fix WPA3 Enterprise support Support the following values for the different WPA3 Enterprise modes: - wpa3-mixed: WPA3 Enterprise transitional mode This supports EAP with both SHA1 and SHA-256, with optional MFP - wpa3: WPA3 Enterprise only mode This supports only SHA256 with mandatory MFP - wpa3-192: WPA3 Enterprise with mandatory 192 bit support This uses only GCMP-256 ciphers Disable 192 bit support and GCMP-256 ciphers for the regular "wpa3" mode. It seems that even leaving in optional 192 bit support breaks auth on some clients, including iOS devices. Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry picked from commit 8c03dc962f8e10f9fef0877a0f8d8235f619ef7d)