| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
07315b6 nl80211: handle hidden SSIDs in wpa_supplicant scan results
3ac846e lua: fix string description of mixed WPA3 modes
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit bc61458b73c04f900c358be8b7ed37c84298472a)
|
|
|
|
|
|
|
| |
a29b7d4 nl80211: align path to phy mapping logic with mac80211.sh
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 57b834281b586839b5e2cb00d7907de50c68ebcc)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains following updates squashed from 3 bump commits in master:
02112f9 cli: fix reporting of mixed WPA2/WPA3 versions
7faeaea nl80211: properly detect WEP encryption in wpa_supp scan results
629b5ff nl80211: do not confuse open connections with WEP ones
3d47ddd nl80211: rework hostapd and wpa_supplicant wpa suite parsing
313e827 nl80211: keep awaiting wpa_supplicant scan results on busy response
a766751 nl80211: fix parsing of mixed wpa encryption in wpa_supp scan results
f096bfd utils: support parsing SAE and OWE key management suites from IEs
2a95086 nl80211: recognize SAE encrypted mesh
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
| |
This fixes
* CVE-2019-16275 AP mode PMF disconnection protection bypass
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a6981604b30bc1ddc1713b368fe853d89c2ba40d)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
383eb58 ubus: do not overwrite ipset name attribute
c26f890 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type
487bd0d utils: Fix string format message
4d0c703 firewall3: Fix some format string problems
8c404ef iptables.c: lock the xtables.lock
c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path()
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[cherry picked and squashed from commits
7db655991443a98f84e4c39e733232d41d2d6137,
359bff605244c2cf2bff75bce0f0b16b496a6a77,
2cf209ce9166575d8259b5b4176ee91d8b48d2ff,
5ef9e4f107a94c502908403fdf56cf6bcdc08dd2]
Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
| |
88d9ab6 dhcpv6: retry failed PD assignments on addrlist change
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
| |
a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886
1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7db2f1a71f202023154e80758079193fc47352eb)
|
|
|
|
|
|
|
|
|
| |
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7bed9bf10fc8d05df34c7efc66e8b4ade37a1a0c)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes:
CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment"
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
This should not affect OpenWrt in the default settings as we do not use
EAP-pwd.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9f34bf51d60a237696b1d4cc9b5f4835b95e7ea2)
|
|
|
|
|
|
|
| |
e199804 dhcpv6: sanitize oro options
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 1855c237948e211849d79765ca749cdea6a79987)
|
|
|
|
|
|
|
|
|
| |
f599a8d iwinfo: Fix rate buffer size
71ec9be iwinfo: Fix buffer size
f8ef450 iwinfo: Add support for WPA3
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 6658447534152b72a3341b369f1eb545618fa7cf)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- exclude Python-related stuff from build
- drop patches:
* 010-uclibc-ng.patch, applied upstream
ipkg size decrease by 2.8%:
old:
194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk
new:
189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit b74f1f335a792a15feb0fd839a69486050d3531f)
|
|
|
|
|
|
|
|
|
| |
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7f2b230b3b9d0a7fb758db3a9b1958845506a5a3)
|
|
|
|
|
|
|
| |
bf29c1e firewall3: ipset: Handle reload_set properly
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit bd01346bb463d371627739fad539310ef5bd4146)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update iftop to commit 77901c8c53e01359d83b8090aacfe62214658183
git log --pretty=oneline --abbrev-commit 949ed0f7..77901c8c
77901c8 Support scales beyond 1Gbps
Created with the help of the make-package-update-commit.sh script.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit cfd0748497c5c27c6d0f80b0ad3698ffe4428352)
|
|
|
|
|
|
|
|
|
|
| |
This commit will activate CONFIG_IEEE80211W for all, but the mini
variant when at least one driver supports it. This will add ieee80211w
support for the mesh variant for example.
Fixes: FS#2397
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1d4df52c215874a5238ddef7bccf0139f7758c24)
|
|
|
|
|
|
|
| |
The driver was removed from OpenWrt a long time ago.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f34e8258340f5994a2506bd087fc6e6d4a3d5d5e)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump to latest git HEAD
509e673 firewall3: Improve ipset support
The enabled option did not work properly for ipsets, as it was not
checked on create/destroy of a set. After this commit, sets are only
created/destroyed if enabled is set to true.
Add support for reloading, or recreating, ipsets on firewall reload. By
setting "reload_set" to true, the set will be destroyed and then
re-created when the firewall is reloaded.
Add support for the counters and comment extensions. By setting
"counters" or "comment" to true, then counters or comments are added to
the set.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 51ffce069424f86e894369cee5cd327dd503db5f)
|
|
|
|
|
|
|
| |
Fixes compile issues with nettle 3.5.1
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 63ced140484e072dddbba39bb729adc98d94d522)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the commit 623716dd4318 ("comgt-ncm: Fix NCM protocol")
the dependencies to vendor NCM drivers were removed, because:
> comgt-ncm should not depend on the USB-serial-related kernel modules,
> as the cdc-wdm control device works without them. There is also no need
> to depend on kmod-huawei-cdc-ncm, since other manufacturers (like
> Ericsson and Samsung) which use other kernel modules should also be
> supported.
From a user-perspective this does not make sense, as installing comgt-ncm
(or luci-proto-ncm) should install all needed dependencies for using such
a device.
Furthermore depending on kmod-huawei-cdc-ncm does not mean that Ericsson
and Samsung devices can't be supported. By the way it seems that Ericsson
and Samsung devices never used NCM, but act as serial modems.
Thus this commit adds the dependencies again.
Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com>
[fixed title capitalization, formatted commit message,
renamed Sony-Ericsson to Ericsson]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit ccb4b96b8a4990178512c7a785f998a5e6f74cc3)
|
|
|
|
|
|
|
| |
5e02f94 system-linux: fix resource leak
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit d70a35c365ae607671f8698fee10f29fd9023161)
|
|
|
|
|
|
|
| |
This fixes compilation with -Werror=implicit-function-declaration.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 1b1c47577bac99bdd8ab9ecde928ab0398f78799)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into
account (if set), so that packages do not need to manually override
PKG_BUILD_DIR just to handle variants.
This also updates most base packages with variants to use the updated
default PKG_BUILD_DIR.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e545fac8d968864a965edb9e50c6f90940b0a6c9)
|
|
|
|
|
|
|
|
|
|
| |
379c096 Release version 5.2.
2bce6d9 ethtool: Add 100BaseT1 and 1000BaseT1 link modes
67ffbf5 ethtool: sync ethtool-copy.h with linux-next from 30/05/2019
687152b ethtool.spec: Use standard file location macros
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 018395392c2608698201042bbaa180b82eb7120f)
|
|
|
|
|
|
|
| |
de94097 utils: coverity resource leak warning
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit efb7b7a12af55758458cdb945a0833af411289f7)
|
|
|
|
|
| |
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit edd9b39fab46a7231b8662697ba8c10de42d5a66)
|
|
|
|
|
|
|
| |
899f168 system-linux: Coverity fixes
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 11617bcb3be6778d5427723a09922aae50956a8c)
|
|
|
|
|
|
|
| |
For changes in 7.65.3; see https://curl.haxx.se/changes.html#7_65_3
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit fc2df4f7050adae3ca6284a499fa914e07cba70b)
|
|
|
|
|
|
|
|
| |
To configure the list of allowable TLS 1.3 ciphersuites, the option
tls_ciphersuites is used instead of tls_ciphers.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 261df949faad6dda43454868628f79265e9cc5e7)
|
|
|
|
|
| |
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit 42b3a3a89b6d60e10c6c266d29ebc779b7fee718)
|
|
|
|
|
|
|
|
| |
All protos for wwan (ncm,qmi,mbim) do have a delay option.
To standardize that add also the missing delay option to the 3g proto.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 313444a79e9d1ced42223a9c92cb677b6e6e286e)
|
|
|
|
|
|
|
| |
Fix indentation style and boundary.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit c06f2a2dcb2350d00cc6bd8300ec3861353d96ae)
|
|
|
|
|
|
|
|
|
| |
There are mobile carrier who have different MTU size in their network.
With this change it is now possible to configure this with the qmi
proto handler.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 8eb63cb7df4db3c92a9a010accc9b8444d06d4a2)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* curve25519: not all linkers support bmi2 and adx
This should allow WireGuard to build on older toolchains.
* global: switch to coarse ktime
Our prior use of fast ktime before meant that sometimes, depending on how
broken the motherboard was, we'd wind up calling into the HPET slow path. Here
we move to coarse ktime which is always super speedy. In the process we had to
fix the resolution of the clock, as well as introduce a new interface for it,
landing in 5.3. Older kernels fall back to a fast-enough mechanism based on
jiffies.
https://lore.kernel.org/lkml/tip-e3ff9c3678b4d80e22d2557b68726174578eaf52@git.kernel.org/
https://lore.kernel.org/lkml/20190621203249.3909-3-Jason@zx2c4.com/
* netlink: cast struct over cb->args for type safety
This follow recent upstream changes such as:
https://lore.kernel.org/lkml/20190628144022.31376-1-Jason@zx2c4.com/
* peer: use LIST_HEAD macro
Style nit.
* receive: queue dead packets to napi queue instead of empty rx_queue
This mitigates a WARN_ON being triggered by the workqueue code. It was quite
hard to trigger, except sporadically, or reliably with a PC Engines ALIX, an
extremely slow board with an AMD LX800 that Ryan Whelan of Axatrax was kind
enough to mail me.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 7c23f741e97f6645bb5cd662a4943796a344b26a)
|
|
|
|
|
|
|
|
|
|
| |
This patch is in a series to allow additional STOP indexes after
umount, so that other block devices may stop cleanly.
rssileds.init is now STOP=89
Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com>
(cherry picked from commit 8a5a01a67769f3822e365342d706b3cb57ef97f3)
|
|
|
|
|
|
|
| |
Packages such as xfrm contain only script files, add PKGARCH:=all
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit 6762e72524075c37928ad4ae9a979257759b2703)
|
|
|
|
|
|
|
|
|
|
|
| |
Support to disable the timestamp check for certificates in
wpa_supplicant (Useful for devices without RTC that cannot
reliably get the real date/time) has been accepted in the
upstream hostapd. It's implemented in wpa_supplicant as a
per-AP flag tls_disable_time_checks=[0|1].
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 99bf9a1ac2b754e708ec845059689b293d1abab0)
|
|
|
|
|
|
|
| |
9932ed0 netifd: fix xfrm interface deletion and standardize netlink call
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 1fd900ddc2d10cde8e86d8059bfd112f3d0aae65)
|
|
|
|
|
|
|
|
| |
Add proto_add_host_dependency to add a dependency to the tunlink interface
Signed-off-by: André Valentin <avalentin@marcant.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit f6dab9804413139c3bd2647a81652d04baa1e59d)
|
|
|
|
|
|
|
|
| |
42a3878 interface-ip: fix possible null pointer dereference
c1964d8 system-linux: remove superfluous dev check
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 55fcc77072c9ca0baee8e79c00d2342be26fce47)
|
|
|
|
|
|
|
| |
8f1347b odhcpd: router: Fix out of scope memory access
d37736e dhcpv6-ia: free assignment when validity timer expires
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Preserve optionality of libcap by having configuration script follow the
HAVE_CAP environment variable, used similarly to the HAVE_ELF variable.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase/refresh patches]
(backported from commit a6da3f9ef746101b84a6f530f5a40de28341b69a)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
| |
a9f9557 nl80211: support reading hardware id from phy directly
c586cd3 iwinfo: add device id for MediaTek MT7612E
d4382dd iwinfo: add device id for Atheros AR9390
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b13f3300d5a370305d6ecbd71620a4c1c40a166e)
|
|
|
|
|
|
| |
949476e router: close socket upon NETEV_IFINDEX_CHANGE fixed
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
| |
6b03f96 ubus: increase maximum ubus request size to 64KB
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d1f207ecc9f045e091d7008d86f0449bcf0b35bc)
|
|
|
|
|
|
|
|
|
|
|
|
| |
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by uhttpd
as direct dependencies to the corresponding binary package definition.
This ensures that uhttpd is automatically rebuilt and relinked if any
of these libraries has its ABI_VERSION updated in the future.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit a95ddaba0272f254a3aeade3aa0c086e1625d672)
|
|
|
|
|
|
|
|
|
| |
91fcac34ac uhttpd: Fix multiple format string problems
Fixes: fc454ca15305 libubox: update to latest git HEAD
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3c401f45c988aa6333a03efea1b1ac0318a8c11d)
|
|
|
|
|
|
| |
c2d6032 router: fix previous commit
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
| |
13928b3 router: close socket upon NETEV_IFINDEX_CHANGE
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
| |
e9e8240 router: fix lingering uloop socket descriptor
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|