aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* base-files: fix LED IDE triggerThomas Albers2020-06-031-1/+1
| | | | | | | | | | This changes the ide-disk LED trigger to the generic disk-activity as ide-disk trigger was removed in upstream commit eb25cb9956cc ("leds: convert IDE trigger to common disk trigger"). Signed-off-by: Thomas Albers <thomas.gameiro@googlemail.com> [split into separate commit, commit description facelift] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* uhttpd: fix script timeoutDaniel Golle2020-06-031-3/+3
| | | | | | 939c281 proc: do not cancel script killing after writing headers Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ppp: update to version 2.4.8.git-2020-05-25Hans Dedecker2020-05-3111-170/+20
| | | | | | | | | | | | | | ddd57c2 pppd: Add lcp-echo-adaptive option c319558 pppd: Handle SIGINT and SIGTERM during interrupted syscalls (#148) 0bc11fb Added missing options to manual pages. (#149) b1fcf16 Merge branch 'monotonic-time' of https://github.com/themiron/ppp c78e312 pppd: linux: use monotonic time if possible Remove patch 121-debian_adaptive_lcp_echo as patch is upstream accepted Remove patch 206-compensate_time_change.patch as timewrap issues are solved by a patch making use of monotonic time Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mt76: update to the latest version (adds 7663e, 7663u, 7915 drivers)Felix Fietkau2020-05-311-10/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7aabfd0c9282 mt7615: add CONFIG_MT76_LEDS to cflags 10a5b7630a37 mt76: mt7615: fix getting maximum tx power from eeprom 8688ed70c987 mt76: mt7615: use module parameter option for offload firmware preference 04798aab1257 net: mt7603: remove duplicate error message 9636177117d8 mt76: mt7615: fix ssid configuration in mt7615_mcu_hw_scan d4ba139d8b8b mt76: mt7615: introduce mt7615_check_offload_capability routine 2cc0d54b65a1 mt76: mt7615: do not mark sched_scan disabled in mt7615_scan_work 5b73be962388 mt76: mt7615: add passive mode for hw scan 96e429e18174 mt76: mt7615: free pci_vector if mt7615_pci_probe fails 8fddbf6390ac mt76: mt7615: introduce support for hardware beacon filter f2c760177bdd mt76: mt7615: introduce mt7615_mcu_set_hif_suspend mcu command db454605106f mt76: mt7615: add WoW support 20b87321c39f mt76: mt7663u: introduce suspend/resume to mt7663u 20db7e73c586 mt76: mt7615: introduce PM support 523716bba561 mt76: mt7615: add gtk rekey offload support 50d377a825cc mt76: mt7615: introduce beacon_loss mcu event 4ef1957cea35 mt76: mt7663: read tx streams from eeprom f25a43cc53e7 mt76: mt7615: check return value of mt7615_eeprom_get_power_index 0a9f71652927 mt76: mt7615: fix ibss mode for mt7663 83f2ba3101b4 mt76: mt7663: fix target power parsing 3e6968593b61 mt76: mt7615: fix delta tx power for mt7663 c1d3ad194ae4 mt76: mt7663: introduce WoW with net detect support 891136ab99da mt76: mt7663: add support to sched scan with randomise addr 82e4d3ebe967 mt76: mt7615: scan all channels if not specified 690b84821cd3 mt76: avoid rx reorder buffer overflow f0117d3107b4 mt76: add support for HE RX rate reporting cc68782bab1a mt76: add Rx stats support for radiotap 3ec47f2fba61 mt76: adjust wcid size to support new 802.11ax generation 0a9f4173dd07 mt76: add HE phy modes and hardware queue c6b002bcdfa6 mt76: add mac80211 driver for MT7915 PCIe-based chipsets b96af5039581 mt76: mt7915: enable Rx HE rate reporting 230054096155 mt76: mt7915: implement HE per-rate tx power support c8f4b6cf1add mt76: mt7915: register per-phy HE capabilities for each interface de1e8af96e19 mt76: mt7915: add HE bss_conf support for interfaces 135a5085932b mt76: mt7915: add HE capabilities support for peers 3b5d908dae2f mt76: mt7915: add Rx radiotap header support 158253e2c11e mt76: mt7915: add .sta_add_debugfs support 7f40e8c2b98d mt76: mt7915: add .sta_statistics support a5368e5cad11 mt76: mt7915: set peer Tx fixed rate through debugfs 4f79c516be5c mt76: mt7915: add tsf related callbacks 509fceb43235 mt76: mt7915: enable firmware module debug support 56405976fc7b mt76: set runtime stream caps by mt76_phy 6bbf1a35c0da linux-firmware: add rebb firmware for mt7663 d7a10094c4e5 mt7663: add client offload firmware 9200732e8534 mt76: mt7663u: copy key pointer in mt7663u_mac_write_txwi 3aa810bde810 mt76: mt7663u: add missing register definitions e236ea5be344 mt76: mt7615: usb: cancel ps work stopping the vif 1d0903de2131 mt76: mt7915: introduce mt7915_get_he_phy_cap 095c72c81c74 mt76: mt7915: add Tx beamformer support 5f9e7664cd26 mt76: mt7915: add Tx beamformee support ac505404c385 mt76: mt7915: add TxBF capabilities 6656bebd39cd mt76: mt7915: add debugfs to track TxBF status 9590db025475 mt76: mt7915: allocate proper size for tlv tags 26eb1ed65987 mt76: mt7915: fix possible deadlock in mt7915_stop f85c1f3fc189 firmware: add mt7915 firmware 9b07251b00b0 mt76: mt7615: fix typo defining ps work 060e375a9244 mt76: fix per-driver wcid range checks after wcid array size bump 7270b56389a9 mt76: mt7615: do not report scan_complete twice to mac80211 8c9e4847d01e mt76: mt7615: reduce hw scan timeout 8bd88a1b1880 mt76: enable p2p support 1ea444d0e8e5 mt76: mt7615: configure bss info adding the interface fa81da5bb4e9 mt76: mt7615: introduce remain_on_channel support 44f2262c0289 mt76: mt76x02: remove check in mt76x02_mcu_msg_send 7005aa891440 mt76: mt7915: add spatial reuse support 1e3dc5b76649 mt76: mt7915: fix some sparse warnings 01b784174cd5 mt76: mt7915: fix sparse warnings: incorrect type initializer 40b7b5354a16 mt76: mt7615: fix NULL pointer deref in mt7615_register_ext_phy 6d731d188d31 mt76: mt7915: fix decoded radiotap HE flags b74d5b1c14cf mt76: mt7915: fix some sparse warnings 6679d35be5cc mt76: mt7615: switch to per-vif power_save support 01e870b44769 mt76: mt7915: fix a handful of spelling mistakes 7b2d16655904 mt76: mt7663: fix the usage WoW with net detect support ed3a244fb647 mt76: mt7915: Fix build error 5396a61cec99 mt76: mt7615: fix hw_scan with ssid_type for specified SSID only 466a5b4d041d mt76: mt7915: fix possible NULL pointer dereference in mt7915_register_ext_phy 984a172609c0 mt76: fix wcid allocation issues 6e02acddcb1a mt76: mt7615: add support for MT7611N 4e6f4e432d0d mt76: only iterate over initialized rx queues 9ad940fee593 mt76: mt7615: Use kmemdup in mt7615_queue_key_update() 85c516081338 mt76: mt7915: remove set but not used variable 'msta' Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: add ed25519 and chacha20-poly1305Vladislav Grishenko2020-05-305-3/+3613
| | | | | | | | | | | | - add Ed25519 support (backport): * DROPBEAR_ED25519 option for ssh-ed25519, * disabled by default - add Chacha20-Poly1305 support (backport): * DROPBEAR_CHACHA20POLY1305 for chacha20-poly1305@openssh.com, * enabled by default - update feature costs in binary size Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
* mac80211: fix wifi teardownJohn Crispin2020-05-301-4/+6
| | | | | | reverts part of the recent wifi reconf patch. Signed-off-by: John Crispin <john@phrozen.org>
* mac80211: rt2x00: backport patch enabling MFPDaniel Golle2020-05-301-0/+44
| | | | | | | | | | | | From: Rui Salvaterra <rsalvaterra@gmail.com> Date: Mon, 25 May 2020 14:49:07 +0100 Subject: [PATCH] rt2800: enable MFP support unconditionally This gives us WPA3 support out of the box without having to manually disable hardware crypto. The driver will fall back to software crypto if the connection requires management frame protection. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ugps: nmea: make sure date is validDaniel Golle2020-05-291-3/+3
| | | | | | | | | | | GPS time without date was previously used to set system date: Tue Oct 10 11:48:21 2000 user.info kernel: [ 108.786639] ugps: system time differs from GPS time by more than 5 seconds. Using 2000-10-10T10:48:21 UTC as the new time Tue Oct 10 11:49:27 2000 user.info kernel: [ 174.794699] ugps: system time differs from GPS time by more than 5 seconds. Using 2020-05-26T10:49:27 UTC as the new time Fix this by ignoring incomplete dates and wait for complete time information before adjusting system date/time. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* qos-scripts: fix interface resolvingJo-Philipp Wich2020-05-292-8/+14
| | | | | | | | Also ensure that the error message is actually printed to stderr and that the rule generation is aborted if an interface cannot be resolved. Ref: https://github.com/openwrt/luci/issues/3975 Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* bcm27xx-userland: update to latest versionÁlvaro Fernández Rojas2020-05-282-2/+79
| | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* procd: update to git HEADDaniel Golle2020-05-281-3/+3
| | | | | | | b84a329 jail: use sane termios settings for console pts b9b39e2 jail: handle containers seperately Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* hostapd: Add disable_vht when using NOHT/HT* modesEnrique Rodríguez Valencia2020-05-281-1/+2
| | | | | | disable_vht parameter needs to be set when using wpa_supplicant NOHT/HT* modes. Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
* mac80211: Fix setting radio htmode when using mesh modeEnrique Rodríguez Valencia2020-05-281-0/+1
| | | | | | | When configuring the radio in legacy mode from luci, the htmode is not set correctly to NOHT, causing the radio in mesh mode to be set to HT40. Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
* broadcom-wl: don't inherit lock descriptor in nas processJo-Philipp Wich2020-05-282-2/+5
| | | | | | | | | | | Add a local hack to prevent the Broadcom WPA authenticator process from inheriting the lock descriptor 1000 used to prevent concurrent executions of the init script. Without this fix, repeated invocations of /etc/init.d/network, e.g. for obtaining the enabled state, would hang forever. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* bcm27xx-userland: update to latest version with 64 bit supportÁlvaro Fernández Rojas2020-05-281-2/+2
| | | | | | | | Support for 64 bits has been remove on latest master of raspberry/firmware. Update to latest commit with 64 bit support since we don't support installing 32 bit packages on 64 bit targets. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* packages/utils: fbtest fix MakefileThibaut VARÈNE2020-05-281-1/+1
| | | | | | | | | The clean target tries to remove what looks like a bogus 'rbcfg', probably carried over copy-pasta. Remove the name of the generated executable ('fbtest') instead. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org> Fixes: 8099f4e0d3af ("fbtest utility ")
* package/base-files: caldata: work around dd's limitationThibaut VARÈNE2020-05-282-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tl;dr: dd will silently truncate the output if reading from special files (e.g. sysfs attributes) with a too large bs parameter. This problem was exposed on some RouterBOARD ipq40xx devices which use a caldata payload which is larger than PAGE_SIZE, contrary to all other currently supported RouterBOARD devices: the caldata would fail to properly load with the current scripts. Background: dd doesn't seem to correctly handle read() results that return less than requested data. sysfs attributes have a kernel exchange buffer which is at most PAGE_SIZE big, so only 1 page can be read() at a time. In this case, if bs is larger than PAGE_SIZE, dd will silently truncate blocks to PAGE_SIZE. With the current scripts using bs=<size> count=1, the data is truncated to PAGE_SIZE as soon as the requested <size> exceeds this value. This commit works around this problem by using `cat` in the caldata routines that can read from a file (routines that read from mtd devices are untouched). cat correctly handles partial read requests. The output is then piped to dd with the same parameters as before, to ensure that the resulting file remains exactly the same. This is a simple workaround, the downside is that it uses a pipe and one more executable, and therefore has a larger memory footprint and is slower. This is deemed acceptable considering these routines are only used at boot time. Tested-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* packages/boot: remove rbcfgThibaut VARÈNE2020-05-286-1349/+0
| | | | | | | The new sysfs soft_config driver makes buggy rbcfg obsolete and entirely replaces it. Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
* cypress-firmware: add PROVIDES sectionsÁlvaro Fernández Rojas2020-05-281-0/+4
| | | | | | Some firmwares are already provided by linux-firmware. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm27xx-gpu-fw: update to latest versionÁlvaro Fernández Rojas2020-05-281-15/+15
| | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* rpcd: update to latest Git HEADJo-Philipp Wich2020-05-261-4/+4
| | | | | | | 078bb57 uci: reset uci_ptr flags when merging options during section add 3df62bc session: deny access if password login is disabled Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uboot-envtools: ath79: add Netgear WNDR4300SWStijn Segers2020-05-261-1/+2
| | | | | | Add Netgear WNDR4300SW to the list of supported boards. Signed-off-by: Stijn Segers <foss@volatilesystems.org>
* libubox: update to the latest versionFelix Fietkau2020-05-261-3/+3
| | | | | | | | | | 86818eaa976b blob: make blob_parse_untrusted more permissive cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len c2fc622b771f blobmsg: fix length in blobmsg_check_array 639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name 66195aee5042 blobmsg: fix missing length checks Signed-off-by: Felix Fietkau <nbd@nbd.name>
* libubox: update to the latest masterRafał Miłecki2020-05-241-3/+3
| | | | | | | | | | 5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len() eeddf22 tests: runqueue: try to fix race on GitLab CI 89fb613 libubox: runqueue: fix use-after-free bug 1db3e7d libubox: runqueue fix comment in header 7c4ef0d tests: list: add test case for list_empty iterator Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* ucert: update to latest git HEADMatthias Schiffer2020-05-241-3/+3
| | | | | | | | | | | | | | | | | | | | 00b921d80ac0 Do not print line number in debug messages 96c42c5ed320 Fix length checks in cert_load() fe06b4b836b3 usign-exec: improve usign -F output handling 19f9e1917e1b usign-exec: return code fixes 077feb5b5824 usign-exec: close writing end of pipe early in parent process 7ec4bb764e1e usign-exec: remove redundant return statements 5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17] 112488bbbccc usign-exec: do not close stdin and stderr before exec 38dcb1a6f121 usign-exec: fix exec error handling a9be4fb17df2 usign-exec: simplify usign execv calls 854d93e2326a Introduce read_file() helper, improve error reporting afc86f352bf7 Fix return code of write_file() fdff10852326 stdout/stderr improvements dddb2aa8124d ci: fix unit test failures by enabling full ucert build 5f206bcfe5c2 ci: enable unit testing Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* usign: update to latest git HEADMatthias Schiffer2020-05-231-3/+3
| | | | | | f1f65026a941 Always pad fingerprints to 16 characters Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* hostapd: add WEP as queryable build featureDavid Bauer2020-05-221-0/+4
| | | | | | | | | | | Commit 472fd98c5b12 ("hostapd: disable support for Wired Equivalent Privacy by default") made support for WEP optional. Expose the WEP support to LuCi or other userspace tools using the existing interface. This way they are able to remove WEP from the available ciphers if hostapd is built without WEP support. Signed-off-by: David Bauer <mail@david-bauer.net>
* mac80211: Fix build on mpc85xx targetHauke Mehrtens2020-05-212-1/+32
| | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following compile error seen on the mpc85xx target: CC [M] /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89: /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t' typedef _Addr ptrdiff_t; ^~~~~~~~~ In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4, from ./include/linux/list.h:5, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3, from ./include/linux/module.h:9, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3, from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79: ./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here typedef __kernel_ptrdiff_t ptrdiff_t; ^~~~~~~~~ scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed Fixes: 289c6324259e ("mac80211: Update to version 5.7-rc3-1") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* firewall: add rule for traceroute supportPhilip Prindeville2020-05-211-0/+13
| | | | | | | | | | | | | | | | | Running your firewall's "wan" zone in REJECT zone (1) exposes the presence of the router, (2) depending on the sophistication of fingerprinting tools might identify the OS and release running on the firewall which then identifies known vulnerabilities with it and (3) perhaps most importantly of all, your firewall can be used in a DDoS reflection attack with spoofed traffic generating ICMP Unreachables or TCP RST's to overwhelm a victim or saturate his link. This rule, when enabled, allows traceroute to work even when the default input policy of the firewall for the wan zone has been set to DROP. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
* netifd: ingress/egress vlan qos mapping supportHans Dedecker2020-05-211-3/+3
| | | | | | 74e0222 vlandev: support setting ingress/egress QoS mappings Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* mac80211: Update to version 5.7-rc3-1Hauke Mehrtens2020-05-2124-297/+511
| | | | | | | | | | | This updates the mac80211 backport. The removed patches are already integrated in the upstream version. The 131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch patch was manually adapted to the changes in kernel 5.7. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.6.8-1Hauke Mehrtens2020-05-2138-1419/+58
| | | | | | | | This updates the mac80211 backport. The removed patches are already integrated in the upstream version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.5.19Hauke Mehrtens2020-05-2143-2899/+420
| | | | | | | | This updates the mac80211 backport. The removed patches are already integrated in the upstream version. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.4.36-1Hauke Mehrtens2020-05-2117-198/+50
| | | | | | | | | This updates the mac80211 backport to the latest minor version. The removed patch was a backport from the upstream kernel which is now integrated. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* hostapd: bring back mesh patchesDaniel Golle2020-05-2128-108/+792
| | | | | | | | | | | | | Bring back 802.11s mesh features to the level previously available before the recent hostapd version bump. This is mostly to support use of 802.11s on DFS channels, but also making mesh forwarding configurable which is crucial for use of 802.11s MAC with other routing protocols, such as batman-adv, on top. While at it, fix new compiler warning by adapting 700-wifi-reload.patch to upstream changes, now building without any warnings again. Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* wireguard: bump to 1.0.20200520Jason A. Donenfeld2020-05-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This version has the various slew of bug fixes and compat fixes and such, but the most interesting thing from an OpenWRT perspective is that WireGuard now plays nicely with cake and fq_codel. I'll be very interested to hear from OpenWRT users whether this makes a measurable difference. Usual set of full changes follows. This release aligns with the changes I sent to DaveM for 5.7-rc7 and were pushed to net.git about 45 minutes ago. * qemu: use newer iproute2 for gcc-10 * qemu: add -fcommon for compiling ping with gcc-10 These enable the test suite to compile with gcc-10. * noise: read preshared key while taking lock Matt noticed a benign data race when porting the Linux code to OpenBSD. * queueing: preserve flow hash across packet scrubbing * noise: separate receive counter from send counter WireGuard now works with fq_codel, cake, and other qdiscs that make use of skb->hash. This should significantly improve latency spikes related to buffer bloat. Here's a before and after graph from some data Toke measured: https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png * compat: support RHEL 8 as 8.2, drop 8.1 support * compat: support CentOS 8 explicitly * compat: RHEL7 backported the skb hash renamings The usual RHEL churn. * compat: backport renamed/missing skb hash members The new support for fq_codel and friends meant more backporting work. * compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4 The main motivation for releasing this now: three stable kernels were released at the same time, with a patch that necessitated updating in our compat layer. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* hostapd: disable support for Wired Equivalent Privacy by defaultPetr Štetiar2020-05-212-0/+14
| | | | | | | | | | | | | | | | | | | Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional build parameter") has made WEP functionality an optional build parameter disabled as default, because WEP should not be used for anything anymore. As a step towards removing it completely, they moved all WEP related functionality behind CONFIG_WEP blocks and disabled it by default. This functionality is subject to be completely removed in a future release. So follow this good security advice, deprecation notice and disable WEP by default, but still allow custom builds with WEP support via CONFIG_WPA_ENABLE_WEP config option till upstream removes support for WEP completely. Signed-off-by: Petr Štetiar <ynezz@true.cz>
* hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848edPetr Štetiar2020-05-2147-1327/+262
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump package to latest upstream Git HEAD which is commit dd2daf0848ed ("HE: Process HE 6 GHz band capab from associating HE STA"). Since last update there was 1238 commits done in the upstream tree with 618 files changed, 53399 insertions, 24928 deletions. I didn't bothered to rebase mesh patches as the changes seems not trivial and I don't have enough knowledge of those parts to do/test that properly, so someone else has to forward port them, ideally upstream them so we don't need to bother anymore. I've just deleted them for now: 004-mesh-use-setup-completion-callback-to-complete-mesh-.patch 005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch 006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch 007-mesh-apply-channel-attributes-before-running-Mesh.patch 011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch 013-mesh-do-not-allow-pri-sec-channel-switch.patch 015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch 016-mesh-fix-channel-switch-error-during-CAC.patch 018-mesh-make-forwarding-configurable.patch Refreshed all other patches, removed upstreamed patches: 051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch 067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch 070-driver_nl80211-fix-WMM-queue-mapping-for-regulatory-.patch 071-driver_nl80211-fix-regulatory-limits-for-wmm-cwmin-c.patch 090-wolfssl-fix-crypto_bignum_sum.patch 091-0001-wolfssl-Fix-compiler-warnings-on-size_t-printf-forma.patch 091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch 091-0003-wolfssl-Do-not-hardcode-include-directory-in-wpa_sup.patch 800-usleep.patch Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq8065/NBG6817; ipq40xx/MAP-AC2200] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* fuse: move package to packages feedRosen Penev2020-05-204-154/+0
| | | | | | | | | | This package was last updated in 2016. All of the dependent packages are in the packages feeds, where this will be moved. Ref: https://github.com/openwrt/packages/pull/12190 Signed-off-by: Rosen Penev <rosenp@gmail.com> [commit subject/description tweaks] Signed-off-by: Petr Štetiar <ynezz@true.cz>
* wolfssl: update to 4.4.0-stableEneas U de Queiroz2020-05-201-2/+2
| | | | | | | | | | | | This version adds many bugfixes, including a couple of security vulnerabilities: - For fast math (enabled by wpa_supplicant option), use a constant time modular inverse when mapping to affine when operation involves a private key - keygen, calc shared secret, sign. - Change constant time and cache resistant ECC mulmod. Ensure points being operated on change to make constant time. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* kernel: kmod-ptp-qoriq: Package kernel object fileJeffery To2020-05-201-2/+2
| | | | | | | This updates the package to contain the kernel object (.ko) file instead of the plain object (.o) file. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* ramips: Add support for Xiaomi Redmi Router AC2100 (RM2100)Richard Huynh2020-05-201-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Specification: - CPU: MediaTek MT7621A - RAM: 128 MB DDR3 - FLASH: 128 MB ESMT NAND - WIFI: 2x2 802.11bgn (MT7603) - WIFI: 4x4 802.11ac (MT7615) - ETH: 3xLAN+1xWAN 1000base-T - LED: Power, WAN, in Amber and White - UART: On board near ethernet, opposite side from power - Modified u-boot Installation: 1. Run linked exploit to get shell, startup telnet and wget the files over 2. mtd write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-kernel1.bin kernel1 3. nvram set uart_en=1 4. nvram set bootdelay=5 5. nvram set flag_try_sys1_failed=1 6. nvram commit 7. mtd -r write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-rootfs0.bin rootfs0 Restore to stock: 1. Setup PXE and TFTP server serving stock firmware image (See dhcp-boot option of dnsmasq) 2. Hold reset button down before powering on and wait for flashing amber led 3. Release reset button 4. Wait until status led changes from flashing amber to white Notes: This device has dual kernel and rootfs slots like other Xiaomi devices currently supported (mir3g, etc.) thus, we use the second slot and overwrite the first rootfs onwards in order to get more space. Exploit and detailed instructions: https://openwrt.org/toh/xiaomi/xiaomi_redmi_router_ac2100 An implementation of CVE-2020-8597 against stock firmware version 1.0.14 This requires a computer with ethernet plugged into the wan port and an active PPPoE session, and if successful will open a reverse shell to 192.168.31.177 on port 31337. As this shell is somewhat unreliable and likely to be killed in a random amount of time, it is recommended to wget a static compiled busybox binary onto the device and start telnetd with it. The stock telnetd and dropbear unfortunately appear inoperable. (Disabled on release versions of stock firmware likely) Ie. wget https://yourip/busybox-mipsel -O /tmp/busybox chmod a+x /tmp/busybox /tmp/busybox telnetd -l /bin/sh Tested-by: David Martinez <bonkilla@gmail.com> Signed-off-by: Richard Huynh <voxlympha@gmail.com>
* bcm63xx-cfe: fix build with CONFIG_AUTOREMOVEÁlvaro Fernández Rojas2020-05-201-6/+7
| | | | | | | | | | | When CONFIG_AUTOREMOVE is enabled, CFE binaries are removed before the image creation. Install CFE binaries to kernel directory and let autoremove clean the files in PKG_BUILD_DIR. Also drop unneeded tar cmd/options. Fixes: dcee4eaa4214 ("bcm63xx-cfe: add package with CFE RAM binaries") Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* wireguard-tools: bump to 1.0.20200513Jason A. Donenfeld2020-05-201-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ipc: add support for openbsd kernel implementation * ipc: cleanup openbsd support * wg-quick: add support for openbsd kernel implementation * wg-quick: cleanup openbsd support Very exciting! wg(8) and wg-quick(8) now support the kernel implementation for OpenBSD. OpenBSD is the second kernel, after Linux, to receive full fledged and supported WireGuard kernel support. We'll probably send our patch set up to the list during this next week. `ifconfig wg0 create` to make an interface, and `wg ...` like usual to configure WireGuard aspects of it, like usual. * wg-quick: support dns search domains If DNS= has a non-IP in it, it is now treated as a search domain in resolv.conf. This new feature will be rolling out across our various GUI clients in the next week or so. * Makefile: simplify silent cleaning * ipc: remove extra space * git: add gitattributes so tarball doesn't have gitignore files * terminal: specialize color_mode to stdout only Small cleanups. * highlighter: insist on 256-bit keys, not 257-bit or 258-bit The highlighter's key checker is now stricter with base64 validation. * wg-quick: android: support application whitelist Android users can now have an application whitelist instead of application blacklist. * systemd: add wg-quick.target This enables all wg-quick at .services to be restarted or managed as a unit via wg-quick.target. * Makefile: remember to install all systemd units Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* bcm63xx: smp: add NAND supportÁlvaro Fernández Rojas2020-05-181-1/+1
| | | | | | NAND controller is present on BCM6328, BCM6362, BCM6368 and BCM63268. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* bcm63xx-cfe: add package with CFE RAM binariesÁlvaro Fernández Rojas2020-05-181-0/+42
| | | | | | | CFE RAM is a second stage bootloader which is usually loaded by CFE ROM (first stage bootloader) from a JFFS2 partition stored on the NAND. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* base-files: switch_to_ramfs: add nand-utilsÁlvaro Fernández Rojas2020-05-182-2/+2
| | | | Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* ramips: add support for Linksys EA7500 v2Davide Fioravanti2020-05-171-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Linksys EA7500 v2 is advertised as AC1900, but its internal hardware is AC2600 capable. Hardware -------- SoC: Mediatek MT7621AT (880 MHz, 2 cores 4 threads) RAM: 256M (Nanya NT5CC128M16IP-DI) FLASH: 128MB NAND (Macronix MX30LF1G18AC-TI) ETH: 5x 10/100/1000 Mbps Ethernet (MT7530) WIFI: - 2.4GHz: 1x MT7615N (4x4:4) - 5GHz: 1x MT7615N (4x4:4) - 4 antennas: 3 external detachable antennas and 1 internal USB: - 1x USB 3.0 - 1x USB 2.0 BTN: - 1x Reset button - 1x WPS button LEDS: - 1x White led (Power) - 6x Green leds (link lan1-lan4, link wan, wps) - 5x Orange leds (act lan1-lan4, act wan) (working but unmodifiable) Everything works correctly. Installation ------------ The “factory” openwrt image can be flashed directly from OEM stock firmware. After the flash the router will reboot automatically. However, due to the dual boot system, the first installation could fail (if you want to know why, read the footnotes). If the flash succeed and you can reach OpenWrt through the web interface or ssh, you are done. Otherwise the router will try to boot 3 times and then will automatically boot the OEM firmware (don’t turn off the router. Simply wait and try to reach the router through the web interface every now and then, it will take few minutes). After this, you should be back in the OEM firmware. Now you have to flash the OEM Firmware over itself using the OEM web interface (I tested it using the FW_EA7500v2_2.0.8.194281_prod.img downloaded from the Linksys website). When the router reboots flash the “factory” OpenWrt image and this time it should work. After the OpenWrt installation you have to use the sysupgrade image for future updates. Restore OEM Firmware -------------------- After the OpenWrt flash, the OEM firmware is still stored in the second partition thanks to the dual boot system. You can switch from OpenWrt to OEM firmware and vice-versa failing the boot 3 times in a row: 1) power on the router 2) wait 15 seconds 3) power off the router 4) repeat steps 1-2-3 twice more. 5) power on the router and you should be in the “other” firmware If you want to completely remove OpenWrt from your router, switch to the OEM firmware and then flash OEM firmware from the web interface as a normal update. This procedure will overwrite the OpenWrt partition. Footnotes --------- The Linksys EA7500-v2 has a dual boot system to avoid bricks. This system works using 2 pair of partitions: 1) "kernel" and "rootfs" 2) "alt_kernel" and "alt_rootfs". After 3 failed boot attempts, the bootloader tries to boot the other pair of partitions and so on. This system is managed by the bootloader, which writes a bootcount in the s_env partition, and if successfully booted, the system add a "zero-bootcount" after the previous value. A system update performed from OEM firmware, writes the firmware on the other pair of partitions and sets the bootloader to boot the new pair of partitions editing the “boot_part” variable in the bootloader vars. Effectively it's a quick and safe system to switch the selected boot partition. Another way to switch the boot partition is: 1) power on the router 2) wait 15 seconds 3) power off the router 4) repeat steps 1-2-3 twice more. 5) power on the router and you should be in the “other” firmware In this OpenWrt port, this dual boot system is partially working because the bootloader sets the right rootfs partition in the cmdline but unfortunately OpenWrt for ramips platform overwrites the cmdline so is not possible to detect the right rootfs partition. Because all of this, I preferred to simply use the first pair of partitions and set read-only the other pair. However this solution is not optimal because is not possible to know without opening the case which is the current booted partition. Let’s take for example a router booting the OEM firmware from the first pair of partitions. If we flash the OpenWrt image, it will be written on the second pair. In this situation the router will bootloop 3 times and then will automatically come back to the first pair of partitions containg the OEM firmware. In this situation, to flash OpenWrt correctly is necessary to switch the booting partition, flashing again the OEM firmware over itself. At this point the OEM firmware is on both pair of partitions but the current booted pair is the second one. Now, flashing the OpenWrt factory image will write the firmware on the first pair and then will boot correctly. If this limitation in the ramips platform about the cmdline will be fixed, the dual boot system can also be implemented in OpenWrt with almost no effort. Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com> Co-Developed-by: Jackson Lim <jackcolentern@gmail.com> Signed-off-by: Jackson Lim <jackcolentern@gmail.com>
* mtd: add linksys_bootcount for ramipsDavide Fioravanti2020-05-171-1/+1
| | | | | | | | | | | | | Reset bc is needed for Linksys EA7500 v2's dual boot. Size impact (tested with Linksys EA7500 v2 @ mt7621): mtd_25_mipsel_24kc.ipk: 13174 -> 13628 (454 bytes) initramfs: 3660350 -> 3660688 (338 bytes) Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com> [add size impact information] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: drop outdated kernel version switches for local codeAdrian Schmutzler2020-05-1715-174/+0
| | | | | | | | This drops kernel version switches for versions not supported by OpenWrt master at the moment. This only adjusts local code, but doesn't touch patches to existing external packages. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>