| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
| |
This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
| |
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes:
CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment"
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt
This shouöld not affect OpenWrt in the default settings as we do not use
EAP-pwd.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
| |
e2a7bc4 iwinfo: add WPA3 support
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
Patch getting RAM info got upstreamed. A debugging fs entry for testing
reset feature was added.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
| |
69eeb1b file: refactor message parsing and permission checking
f65527a iwinfo: expose all rate info fields in assoclist reply
7fec636 sys: fix symbol redeclaration
27c24c7 rpcd: sys: actually move timespec declaration
345363b file: add remove operation
604db20 rpcd: Switch to nanosleep
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
| |
487bd0d utils: Fix string format message
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
This allows platform code to check if firmware image can be used with
preserving a backup. It may be used e.g. when installing vendor
firmwares that won't restore appended backup archive.
Suggested-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
| |
4d0c703 firewall3: Fix some format string problems
8c404ef iptables.c: lock the xtables.lock
c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path()
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
| |
e199804 dhcpv6: sanitize oro options
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
| |
Fixes: 853e4dd3 ("ipqx0xx: add Generic subtarget")
Ref: https://forum.openwrt.org/t/ipq40xx-snapshot-not-updated-since-22nd-august/44126
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.
This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
| |
0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code
This update includes a fix for uninitialized variable usage.
Fixes: 7290963d0992 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.
This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
|
|
|
|
|
|
|
|
|
|
|
| |
The mtd_get_mac_text helper method did not support hexadecimal offset
values, resulting them to break after 75bfc393ba6c ("treewide:
convert MAC address location offsets to hexadecimal")
This commit fixes this by evaluating the hexadecimal input,
converting them to decimal.
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
|
| |
1) Add BACKUP_FILE and use it when copying an archive to be restored
after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
34ac88c system: reject sysupgrade of invalid firmware images by default
f55c235 system: reject sysupgrade of broken firmware images
e990e21 system: add "validate_firmware_image" ubus method
This update changes "sysupgrade" ubus method API. It's now required to
pass "force" attribute whenever invalid firmware is meant to be
installed.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
|
| |
This makes sysupgrade work with the most recent procd that validates
firmware before proceeding.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
|
|
| |
415f9e4 uci/file: replace mktemp() with mkstemp()
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
| |
f599a8d iwinfo: Fix rate buffer size
71ec9be iwinfo: Fix buffer size
f8ef450 iwinfo: Add support for WPA3
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* GCC 8 and 9 support.
* Gnulib integration overhaul.
* RISC-V support.
* Xen PVH support.
* Native UEFI secure boot support.
* UEFI TPM driver.
* New IEEE 1275 obdisk driver.
* Btrfs RAID 5 and RIAD 6 support.
* bootin from F2FS support.
* PARTUUID support.
* VLAN support.
* Native DHCP support.
* Many ARM and ARM64 fixes.
* Many SPARC fixes.
* Many IEEE 1275 fixes.
* ...and tons of other fixes and cleanups...
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
|
|
|
|
| |
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- exclude Python-related stuff from build
- drop patches:
* 010-uclibc-ng.patch, applied upstream
ipkg size decrease by 2.8%:
old:
194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk
new:
189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
ABI version is same.
The ipkg size increase by about 2.2%:
old:
47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk
new:
48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
|
|
|
|
|
|
| |
821045f file: add path based read/write/exec ACL checks
fb337e5 file: add stat() information to directory listings
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds an 'eckey' command to generate an EC key, with an optional
curve name argument, with P-256 as default.
For the 'selfsigned' command, it adds an 'ec' algorithm argument to the
'-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option,
mirroring the way openssl specifies the curve name.
Notice that curve names are not necessarily the same in mbedtls and
openssl. In particular, secp256r1 works for mbedtls, but openssl uses
prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256
and P-384 are specifically supported.
Package size increased by about 900 bytes (arm).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
|
|
|
| |
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
|
|
|
|
|
|
|
|
| |
Instead, instruct the configure script to use $(FPIC) only.
Mixing -fPIC and -fpic can cause issues on some platforms like PPC.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
The configure scripts matches Linux with -fPIC, which is not exactly what
is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to
avoid passing -fPIC.
Removed PKG_BUILD_DIR as it is already the default value.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Since the binaries for both lua as well as lua5.3 contain the version
number, invocations of the "lua" binary are failing, as it's not created
anymore for the host package.
Fixes: fe59b46 ("lua: include version number in installed files")
Signed-off-by: David Bauer <mail@david-bauer.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far firmware validation result was binary limited: it was either
successful or not. That meant various limitations, e.g.:
1) Lack of proper feedback on validation problems
2) No way of marking firmware as totally broken (impossible to install)
This change introduces JSON for storing detailed validation info. It
provides a list of performed validation tests and their results. It
allows marking firmware as non-forceable (broken image that can't be
even forced to install).
Example:
{
"tests": {
"fwtool_signature": true,
"fwtool_device_match": true
},
"valid": true,
"forceable": true
}
Implementation is based on *internal* check_image bash script that:
1) Uses existing validation functions
2) Provides helpers for setting extra validation info
This allows e.g. platform_check_image() to call notify_check_broken()
when needed & prevent user from bricking a device.
Right now the new JSON info is used by /sbin/sysupgrade only. It still
doesn't make use of "forceable" as that is planned for later
development.
Further plans for this feature are:
1) Expose firmware validation using some new ubus method
2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
method so:
a) It's possible to safely sysupgrade using ubus only
b) /sbin/sysupgrade can be more like just a CLI
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
|
|
|
|
| |
Signed-off-by: John Crispin <john@phrozen.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Stanislaw Gruszka <sgruszka@redhat.com>
This reverts commit 9ad3b55654455258a9463384edb40077439d879f.
As reported by Sergey:
"I got some problem after upgrade kernel to 5.2 version (debian testing
linux-image-5.2.0-2-amd64). 5Ghz client stopped to see AP.
Some tests with 1metre distance between client-AP: 2.4Ghz -22dBm, for
5Ghz - 53dBm !, for longer distance (8m + walls) 2.4 - 61dBm, 5Ghz not
visible."
It was identified that rx signal level degradation was caused by
9ad3b5565445 ("rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band").
So revert this commit.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
| |
0430252 sysupgrade: add missing _GNU_SOURCE define (FS#2469)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Close cooperation with Lorenzo Bianconi resulted
in these patches which fix all remaining seen issues
when using dynack.
Fix link losses when:
- Late Ack's are not seen or not present
- switching from too low static coverage class to dynack on a live link
These are fixed by setting the Ack Timeout/Slottime to
the max possible value for the currently used channel width when
a new station has been discovered.
When traffic flows, dynack is able to adjust to optimal values
within a few packets received (typically < 1 second)
These changes have been thoroughly tested on ~60 offshore devices
all interconnected using mesh over IBSS and dynack enabled on all.
Distances between devices varied from <100m up to ~35km
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
|
|
|
|
|
|
|
|
|
| |
6a61b9a probe: fallback to libblkid.so.1 when libblkid.so does not exist
Also remove deprecation notices from init script while we're at it.
Fixes: FS#2274
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
a9f9557 nl80211: support reading hardware id from phy directly
c586cd3 iwinfo: add device id for MediaTek MT7612E
d4382dd iwinfo: add device id for Atheros AR9390
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
|
|
|
|
|
|
|
| |
Removed upstream patch
Compile and run tested on mvebu
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This should fix a problem with 1560 MTU, 160Mhz on DFS channels,
some other small issues on < 5.2 kernels, and for 5.2 driver,
it pulls in some upstream stable fixes.
wave-1 firmware changes since last update:
* June 24, 2019: Try allocating low-priority WMI msgs if high-prio are not available.
* June 24, 2019: Init rate-ctrl to start at lowest rate instead of in the middle. Hoping
this helps DHCP when station connects from a long distance.
wave-2:
* June 24, 2019 Start rate-ctrl at minimal values to help DHCP work better for far-away peers.
* July 24, 2019 Fix old regression that made /a (and probably /b/g) perform poorly, at least on
diet-compiled images.
* Aug 8, 2019 Improve a/b/g rate-ctrl by damping the PER swings caused by the all-or-nothing logic
of transmitting non-block-ack frames one at a time.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
|
|
|
|
|
|
| |
It is no longer required by wireless drivers, so we can save some space here
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fb0f432834c0 mt76: stop rx aggregation on station removal
76aada563b66 mt76: dma: reset q->rx_buf on rx reset
3245ca8b8aeb mt76: check of_get_mac_address for NULL as well to restore old kernel compat
8e495245ab3d mt76: mt7615: move mt7615_mac_get_key_info in mac.c
e4f48a8df6aa mt76: mt7615: add mt7615_mac_wtbl_addr routine
e8c95e5a41f0 mt76: mt7615: introduce mt7615_mac_wtbl_set_key routine
d998b90c4bed mt76: mt7615: remove wtbl_sec_key definition
60d279ec2762 mt76: mt7615: add set_key_cmd and mt76_wcid to mt7615_mac_wtbl_set_key signature
4947ad4eab6a mt76: introduce mt76_mmio_read_copy routine
4d9001b8ab1d mt76: mt7615: fix MT7615_WATCHDOG_TIME definition
3d6796b867b6 mt76: mt7603: fix watchdog rescheduling in mt7603_set_channel
8d7a48030005 mt76: mt7615: add 4 WMM sets support
ae0f11149248 mt76: mt7615: update cw_min/max related settings
8b7bbd017654 mt76: mt7603: fix some checkpatch warnings
e6045467848d mt76: mt7615: fix some checkpatch warnings
c415c676e255 mt76: mt76x02: fix some checkpatch warnings
f625afcedc9b mt76: switch to SPDX tag instead of verbose boilerplate text
4d57f1cee4aa mt76: mt7615: rework locking scheme for mt7615_set_channel
2becd13be766 mt76: mt7615: add Smart Carrier Sense support
20f0c196722a mt76: mt76x02: introduce mt76x02_pre_tbtt_enable and mt76x02_beacon_enable macros
ae83a05b1050 mt76: mt76x02: do not copy beacon skb in mt76x02_mac_set_beacon_enable
92fa62ace198 mt76: mt76x02u: enable multi-vif support
c6dabfe953af mt76: mt76x02u: enable survey support
1f44159b41ff mt76: mt7603: move survey_time in mt76_dev
9657e6304322 mt76: mt7615: enable survey support
af860c0decb1 mt76: move mt76_tx_tasklet in mt76 module
a9d2a28b39fc mt76: mt7603: remove unnecessary mcu queue initialization
281b10fc1fe6 mt76: mt7615: add BIP_CMAC_128 cipher support
37673a4181e4 mt76: fix some checkpatch warnings
a7fa32603981 mt76: add default implementation for mt76_sw_scan/mt76_sw_scan_complete
5c35bdf057af mt7615: apply calibration-free data from OTP
0e3baf0213c9 mt76: fix a leaked reference by adding a missing of_node_put
2d5928fef23d net: Remove dev_err() usage after platform_get_irq()
a0824197ab00 mt76: mt76x0e: disable 5GHz band for MT7630E
4d8a9f20610f mt76: do not send BAR frame on tx aggregation flush stop
2a0edbb4473b mt76: remove offchannel check in tx scheduling
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
| |
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update fstools to commit 1539b535ac327a3bc599d1ca871e14fd0dc3bba1
git log --pretty=oneline --abbrev-commit ff1ded63..1539b535
1539b53 libblkid-tiny: increment label size to 256
d563f3c libblkid-tiny: fix wrong btrfs label length
3957dd3 block: prevent mount point confusion
9b36dc2 libfstools: avoid false positives when matching devices and volumes
Created with the help of the make-package-update-commit.sh script.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update ath10k-ct to commit 9e5ab25027e0971fa24ccf93373324c08c4e992d
git log --pretty=oneline --abbrev-commit f0aa8130..9e5ab250
9e5ab25 ath10k-ct: Update to latest 5.2 upstream, support bigger mtu, 160Mhz
Created with the help of the make-package-update-commit.sh script
and refresh patches.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds sysupgrade, uboot-env and networking support
for Methode uDPU device.
Device features 4 partitions:
-----------------------------------------
| boot | recovery | rootfs | misc |
| (ext4) | (ext4) | (fsf2) | (f2fs) |
_________________________________________
Idea was to use f2fs only but the u-boot currently lacks support
so first 2 partition are ext4 to be u-boot readable, and this was
a reason why custom build and sysupgrade sections were required.
On the sysupgrade, boot and rootfs partitions are updated, firmare
image and user configuration is saved on the misc partition and if
the upgrade was successfull, recovery partition will be updated on
after the reboot from preinit script. If the sysupgrade fails for any
reason, device will fallback to recovery initramfs image.
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
|