aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
...
* qosify: add missing config option for nat supportFelix Fietkau2021-11-032-0/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: include nls.mk to avoid build error with full NLS support enabledFelix Fietkau2021-11-031-0/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uboot-imx: set BUILD_SUBTARGET to 'cortexa9'Piotr Dymacz2021-11-031-0/+3
| | | | | | All currently supported devices belong to the imx/cortexa9 subtarget. Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* uboot-envtools: move imx to imx_cortexa9Piotr Dymacz2021-11-031-0/+0
| | | | | | | | Subtarget-specific files under 'uboot-envtools' package are supported since 6f3a05ebb0 ("uboot-envtools: support uci-default config also per subtargets"). Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* uboot-imx6: rename to 'uboot-imx'Piotr Dymacz2021-11-034-1/+1
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* uboot-envtools: rename 'imx6' to 'imx'Piotr Dymacz2021-11-031-1/+1
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* kobs-ng: update dependencies after 'imx6' -> 'imx' renamePiotr Dymacz2021-11-031-1/+1
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* kernel: update dependencies after 'imx6' -> 'imx' renamePiotr Dymacz2021-11-037-12/+12
| | | | Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
* strace: remove code coverage makefile varRosen Penev2021-11-022-1/+11
| | | | | | | | | It relies on a custom ax_code_coverage.m4 file included with strace. Unfortunately, this conflicts with the one included with autoconf-macros. Instead of creating a huge patch to fix it, just remove the variable as code coverage is not used here. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* qosify: add missing dependencyFelix Fietkau2021-11-021-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* bpf-headers: unset PKG_CONFIG_PATHFelix Fietkau2021-11-021-0/+2
| | | | | | | This fixes an issue where the kernel would pick up an incompatible target libyaml for building host tools Signed-off-by: Felix Fietkau <nbd@nbd.name>
* iproute2: Avoid unnecessary package rebuildsEneas U de Queiroz2021-11-011-1/+3
| | | | | | | | | | | | | | | | | | Build the tc-mod-iptables before the tc-tiny and tc-full packages. This avoids unnecessary package rebuild when calling make back to back. Before this change, tc-mod-iptables will be built after the main tc binary packages. Both tc-tiny and tc-full depend on tc-mod-ipables. If make is called after the packages are already built, it will check the timestamps of both packages, and will rebuild the main binaries, since the module package will be newer than the tc package. Calling BuildPackage,mod-iptables first ensures that its variant gets built before the other packages' variants. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* f2fstools: set each library package VARIANTEneas U de Queiroz2021-11-011-1/+3
| | | | | | | Set the different libf2fs packages's VARIANT, so that the right settings will be used by each different variant, if they are both being built. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* hostapd: avoid unnecessary package rebuildsEneas U de Queiroz2021-11-011-1/+3
| | | | | | | | | | | | | | | | | Package hostapd-common is a dependency of every other package defined in hostpad Makefile. It is currently built next to the bottom of that Makefile's package list. If you run make back to back, then check-compile will compare the hostapd-common timestamp to the variant being compiled, to decide if the varint needs to be rebuilt or not. Since the hostapd-conf package is built towards the end of the list, it will be newer than most of the variants, causing unnecessary package rebuilds. Move it to the top, so that its timestamp will be older than dependent packages, avoiding unnecessary rebuild of every selected variant. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
* qosify: fix package section/categoryFelix Fietkau2021-11-011-3/+2
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* procd: update to git HEADDaniel Golle2021-11-011-3/+3
| | | | | | | 1056fc4 jail: elf: Use 64 bit variables for elf offsets c1976e5 jail: elf: Remove MIPS 64 warning Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* fstools: update to git HEADDaniel Golle2021-11-011-3/+3
| | | | | | | 19fd7fc libfstools: make sure file is closed on error d390744 libfstools: use uevent instead of relying on custom kernel patch Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: drop get_partition_by_name shell functionDaniel Golle2021-11-011-9/+0
| | | | | | | find_mmc_part provides a better alternative and all users of get_partition_by_name have been removed. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* uboot-envtools: mt7622: make use of find_mmc_partDaniel Golle2021-11-011-1/+1
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* base-files: allow specifiying rootdev for find_mmc_partDaniel Golle2021-11-011-2/+8
| | | | | | | | Some devices got more than one mmc device. Allow specifying the root device as 2nd parameter of find_mmc_part so scripts can avoid matching irrelevant partitions on wrong mmc device. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* build: fix bpf toolchain dependency for qosifyFelix Fietkau2021-11-011-1/+1
| | | | | | Add hidden symbols to fix defaults with CONFIG_DEVEL unset Signed-off-by: Felix Fietkau <nbd@nbd.name>
* qosify: add package for simple qos based on ebpf+cakeFelix Fietkau2021-11-015-0/+209
| | | | | | | | | | | | | | qosify is simple daemon for setting up and managing CAKE along with a custom eBPF based classifier that sets DSCP fields of packets. It is configured via UCI and it supports the following features: - simple TCP/UDP port based mapping - IP address based mapping - priority boosting based on average packet size - bulk flow detection based on number of packets per second - dynamically add IP entries with timeout Signed-off-by: Felix Fietkau <nbd@nbd.name>
* bpf-headers: add a package with kernel headers for ebpfFelix Fietkau2021-11-012-0/+113
| | | | | | | | | | In order to genererate suitable kernel headers, a 5.10 kernel tree is prepared with a default config for mips. The arch is forced to mips in order to avoid issues with inline asm on various architectures in a way that doesn't involve relying on the host toolchain/headers. It also has the advantage of supporting both endian types Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dnsmasq: fix jail mount in case of ignore_hosts_dir being setDaniel Golle2021-11-011-3/+2
| | | | | | | | | Commit a2fcd3900c ("dnsmasq: improve init script") broke the existing handling for hosts_dir. Remove the redundant mount again to fix it. Reported-by: Hartmut Birr <e9hack@gmail.com> Fixes: a2fcd3900c ("dnsmasq: improve init script") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* ubus: update to the latest versionFelix Fietkau2021-11-011-3/+3
| | | | | | | | | b743a331421d ubusd: log ACL init errors 2099bb3ad997 libubus: use list_empty/list_first_entry in ubus_process_pending_msg ef038488edc3 libubus: process pending messages in data handler if stack depth is 0 a72457b61df0 libubus: increase stack depth for processing obj msgs Signed-off-by: Felix Fietkau <nbd@nbd.name>
* base-files: add minimal mmc supportDavide Fioravanti2021-11-013-0/+35
| | | | | | | | | | | | | | | | Added minimal mmc support for helper functions: - find_mmc_part: Look for a given partition name. Returns the coresponding partition path - caldata_extract_mmc: Look for a given partition name and then extracts the calibration data - mmc_get_mac_binary: Returns the mac address from a given partition name and offset Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com> Signed-off-by: Robert Marko <robimarko@gmail.com> [replace dd with caldata_dd, moved sysupgrade mmc to orbi] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* kernel/modules: prevent bonding driver to create default bond0 interfaceFlorian Eckert2021-11-011-0/+1
| | | | | | | | | | | | | | | | | | | | When loading the bonding driver, bonding interface are automatically created on bonding module load. > ip a s bond0 > 14: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN > group default qlen 1000 > link/ether a6:f2:20:64:c1:b9 brd ff:ff:ff:ff:ff:ff This is not necessary in openwrt as we do not use this created interface. The netifd creates a bonding interface based on its network configuration name and configures this over the netifd bonding proto handler. In order to keep the overview of the interfaces clear, bonding interfaces should not be created automatically when loading this module, because they are not used anyway. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* elfutils: enable host buildLucian Cristian2021-11-011-0/+8
| | | | | | | | | | frr 8.0 needs host libelf dev add option for host build tested on x86, ramips, kirkwood Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com> [changed commit author's email] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ath79: add support for Dongwon T&I DW02-412HJihoon Han2021-10-311-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Dongwon T&I DW02-412H is a 2.4/5GHz band 11ac (WiFi-5) router, based on Qualcomm Atheros QCA9557. Specifications -------------- - SoC: Qualcomm Atheros QCA9557-AT4A - RAM: DDR2 128MB - Flash: SPI NOR 2MB (Winbond W25Q16DVSSIG / ESMT F25L16PA(2S)) + NAND 64/128MB - WiFi: - 2.4GHz: QCA9557 WMAC - 5GHz: QCA9882-BR4A - Ethernet: 5x 10/100/1000Mbps - Switch: QCA8337N-AL3C - USB: 1x USB 2.0 - UART: - JP2: 3.3V, TX, RX, GND (3.3V is the square pad) / 115200 8N1 Installation -------------- 1. Connect a serial interface to UART header and interrupt the autostart of kernel. 2. Transfer the factory image via TFTP and write it to the NAND flash. 3. Update U-Boot environment variable. > tftpboot 0x81000000 <your image>-factory.img > nand erase 0x1000000 > nand write 0x81000000 0x1000000 ${filesize} > setenv bootpart 2 > saveenv Revert to stock firmware -------------- 1. Revert to stock U-Boot environment variable. > setenv bootpart 1 > saveenv MAC addresses as verified by OEM firmware -------------- WAN: *:XX (label) LAN: *:XX + 1 2.4G: *:XX + 3 5G: *:XX + 4 The label MAC address was found in art 0x0. Credits -------------- Credit goes to the @manatails who first developed how to port OpenWRT to this device and had a significant impact on this patch. And thanks to @adschm and @mans0n for guiding me to revise the code in many ways. Signed-off-by: Jihoon Han <rapid_renard@renard.ga> Reviewed-by: Sungbo Eo <mans0n@gorani.run> Tested-by: Sungbo Eo <mans0n@gorani.run>
* ramips: add support for Xiaomi MiWifi 3CEduardo Santos2021-10-311-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds support for Xiaomi MiWiFi 3C device. Xiaomi MiWifi 3C has almost the same system architecture as the Xiaomi Mi WiFi Nano, which is already officially supported by OpenWrt. The differences are: - Numbers of antennas (4 instead of 2). The antenna management is done via the µC. There is no configuration needed in the software code. - LAN port assignments are different. LAN1 and WAN are interchanged. OpenWrt Wiki: https://openwrt.org/toh/xiaomi/mir3c OpenWrt developers forum page: https://forum.openwrt.org/t/support-for-xiaomi-mi-3c Specifications: - CPU: MediaTek MT7628AN (575MHz) - Flash: 16MB - RAM: 64MB DDR2 - 2.4 GHz: IEEE 802.11b/g/n with Integrated LNA and PA - Antennas: 4x external single band antennas - WAN: 1x 10/100M - LAN: 2x 10/100M - LED: 1x amber/blue/red. Programmable - Button: Reset MAC addresses as verified by OEM firmware: use address source LAN *:92 factory 0x28 WAN *:92 factory 0x28 2g *:93 factory 0x4 OEM firmware uses VLAN's to create the network interface for WAN and LAN. Bootloader info: The stock bootloader uses a "Dual ROM Partition System". OS1 is a deep copy of OS2. The bootloader start OS2 by default. To force start OS1 it is needed to set "flag_try_sys2_failed=1". How to install: 1- Use OpenWRTInvasion to gain telnet, ssh and ftp access. https://github.com/acecilia/OpenWRTInvasion (IP: 192.168.31.1 - Username: root - Password: root) 2- Connect to router using telnet or ssh. 3- Backup all partitions. Use command "dd if=/dev/mtd0 of=/tmp/mtd0". Copy /tmp/mtd0 to computer using ftp. 4- Copy openwrt-ramips-mt76x8-xiaomi_miwifi-3c-squashfs-sysupgrade.bin to /tmp in router using ftp. 5- Enable UART access and change start image for OS1. ``` nvram set uart_en=1 nvram set flag_last_success=1 nvram set boot_wait=on nvram set flag_try_sys2_failed=1 nvram commit ``` 6- Installing Openwrt on OS1 and free OS2. ``` mtd erase OS1 mtd erase OS2 mtd -r write /tmp/openwrt-ramips-mt76x8-xiaomi_miwifi-3c-squashfs-sysupgrade.bin OS1 ``` Limitations: For the first install the image size needs to be less than 7733248 bits. Thanks for all community and especially for this device: minax007, earth08, S.Farid Signed-off-by: Eduardo Santos <edu.2000.kill@gmail.com> [wrap lines, remove whitespace errors, add mediatek,mtd-eeprom to &wmac, convert to nvmem] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* dnsmasq: improve init scriptDaniel Golle2021-10-311-1/+4
| | | | | | | | * fix restart in LuCI (inherited umask was to restrictive) * make directory of hosts-file (!= /tmp) accessible in ujail Reported-by: Hannu Nyman <hannu.nyman@iki.fi> Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* secilc: update to version 3.3Dominick Grift2021-10-311-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | Update VERSIONs to 3.3 for release. Update VERSIONs to 3.3-rc3 for release. Correct some typos Update VERSIONs to 3.3-rc2 for release. Update VERSIONs and Python bindings version to 3.3-rc1 for release libsepol/secilc/docs: Update the CIL documentation secilc: fix memory leaks in secilc2conf secilc: fix memory leaks in secilc libsepol/cil: Add support for using qualified names to secil2conf libsepol/cil: Add support for using qualified names to secil2tree secilc: Add support for using qualified names to secilc secilc/test: Add test for anonymous args secilc/docs: Relocate and reword macro call name resolution order secilc/docs: Document the order that inherited rules are resolved in secilc: Create the new program called secil2tree to write out CIL AST secilc/docs: Update the CIL documentation for various blocks secilc.c: Don't fail if input file is empty cil_conditional_statements.md: fix expr definition secilc/docs: Lists are now allowed in constraint expressions Signed-off-by: Daniel Golle <daniel@makrotopia.org> [re-apply now that libsepol is up-to-date as well] Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libsepol: update to version 3.3Dominick Grift2021-10-311-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update VERSIONs to 3.3 for release. libsepol/cil: Fix potential undefined shifts libsepol: Fix potential undefined shifts Update VERSIONs to 3.3-rc3 for release. libsepol/cil: Do not skip macros when resolving until later passes libsepol/cil: Limit the amount of reporting for bounds failures libsepol/cil: silence clang void-pointer-to-enum-cast warning libsepol: resolve GCC warning about null-dereference libsepol: use correct cast libsepol: ebitmap: mark nodes of const ebitmaps const Update VERSIONs to 3.3-rc2 for release. libsepol/cil: Handle operations in a class mapping when verifying libsepol/cil: Do not use original type and typeattribute datums libsepol: free memory after policy validation libsepol: avoid implicit conversions libsepol: fix typo libsepol/cil: Free duplicate datums in original calling function libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) Update VERSIONs and Python bindings version to 3.3-rc1 for release libsepol/cil: Limit the number of active line marks libsepol/cil: Add function to get number of items in a stack libsepol: Fix detected RESOURCE_LEAKs libsepol/cil: Fix syntax checking in __cil_verify_syntax() libsepol/cil: Use size_t for len in __cil_verify_syntax() libsepol/cil: Remove redundant syntax checking libsepol/cil: Improve in-statement to allow use after inheritance libsepol/cil: Simplify cil_tree_children_destroy() libsepol/cil: Refactor the function __cil_build_ast_node_helper() libsepol/cil: Don't destroy optionals whose parent will be destroyed libsepol/cil: Properly check for parameter when inserting name libsepol/cil: Reset expandtypeattribute rules when resetting AST libsepol/cil: Properly check parse tree when printing error messages libsepol/cil: Allow some duplicate macro and block declarations libsepol/cil: When writing AST use line marks for src_info nodes libsepol/cil: Report correct high-level language line numbers libsepol/cil: Add line mark kind and line number to src info libsepol/cil: Create common string-to-unsigned-integer functions libsepol/cil: Push line mark state first when processing a line mark libsepol/cil: Check for valid line mark type immediately libsepol/cil: Check the token type after getting the next token libsepol/cil: Check syntax of src_info statement libsepol/cil: move the fuzz target and build script to the selinux repository libsepol: replace strerror by %m libsepol/cil: remove obsolete comment libsepol/cil: do not allow \0 in quoted strings libsepol/cil: Fix handling category sets in an expression libsepol: assure string NUL-termination of ibdev_name libsepol: avoid implicit conversions libsepol: ignore UBSAN false-positives libsepol: avoid unsigned integer overflow libsepol/cil: Improve checking for bad inheritance patterns libsepol: silence -Wextra-semi-stmt warning libsepol/cil: do not override previous results of __cil_verify_classperms libsepol/cil: Provide option to allow qualified names in declarations libsepol/cil: make array cil_sym_sizes const libsepol/cil: Only reset AST if optional has a declaration libsepol/cil: Add function to determine if a subtree has a declaration libsepol/cil: Improve degenerate inheritance check libsepol/cil: Reduce the initial symtab sizes for blocks libsepol/cil: Check for empty list when marking neverallow attributes libsepol/cil: Fix syntax checking of defaultrange rule libsepol/cil: Properly check for loops in sets libsepol/cil: Allow duplicate optional blocks in most cases libsepol: declare read-only arrays const libsepol: declare file local variable static libsepol: drop unnecessary casts libsepol: drop repeated semicolons libsepol/cil: avoid using maybe uninitialized variables libsepol/cil: drop unnecessary casts libsepol/cil: drop dead store libsepol/cil: drop extra semicolon libsepol/cil: silence cast warning libsepol: remove dead stores libsepol: do not allocate memory of size 0 libsepol: mark read-only parameters of type_set_ interfaces const libsepol: mark read-only parameters of ebitmap interfaces const libsepol: remove dead stores libsepol/cil: follow declaration-after-statement libsepol: follow declaration-after-statement libsepol: avoid unsigned integer overflow libsepol: remove unused functions libsepol: resolve missing prototypes libsepol: fix typos libsepol: Quote paths when generating policy.conf from binary policy libsepol/cil: Account for anonymous category sets in an expression libsepol/cil: Fix anonymous IP address call arguments libsepol: quote paths in CIL conversion libsepol/cil: Resolve anonymous levels only once libsepol/cil: Pointers to datums should be set to NULL when resetting libsepol/cil: Resolve anonymous class permission sets only once libsepol/cil: Limit the number of open parenthesis allowed libsepol/cil: Destroy the permission nodes when exiting with an error libsepol/cil: Handle disabled optional blocks in earlier passes libsepol/cil: Do not resolve arguments to declarations in the call libsepo/cil: Refactor macro call resolution libsepol/cil: Do not add NULL node when inserting key into symtab libsepol/cil: Make name resolution in macros work as documented libsepol/cil: Fix name resolution involving inherited blocks libsepol/cil: Check for self-referential loops in sets libsepol/cil: Return an error if a call argument fails to resolve libsepol/cil: Check datum in ordered list for expected flavor libsepol/cil: Detect degenerate inheritance and exit with an error libsepol/cil: Fix instances where an error returns SEPOL_OK libsepol/cil: Properly reset an anonymous classperm set libsepol: use checked arithmetic builtin to perform safe addition libsepol/cil: Add functions to make use of cil_write_ast() libsepol/cil: Create functions to write the CIL AST libsepol/cil: Use CIL_ERR for error messages in cil_compile() libsepol/cil: Make invalid statement error messages consistent libsepol/cil: Do not allow tunable declarations in in-statements libsepol/cil: Sync checks for invalid rules in macros libsepol/cil: Check for statements not allowed in optional blocks libsepol/cil: Sync checks for invalid rules in booleanifs libsepol/cil: Reorder checks for invalid rules when resolving AST libsepol/cil: Use AST to track blocks and optionals when resolving libsepol/cil: Create new first child helper function for building AST libsepol/cil: Cleanup build AST helper functions libsepol/cil: Reorder checks for invalid rules when building AST libsepol/cil: Move check for the shadowing of macro parameters libsepol/cil: Create function cil_add_decl_to_symtab() and refactor libsepol/cil: Refactor helper function for cil_gen_node() libsepol/cil: Allow permission expressions when using map classes libsepol/cil: Exit with an error if declaration name is a reserved word libsepol/cil: More strict verification of constraint leaf expressions libsepol/cil: Set class field to NULL when resetting struct cil_classperms libsepol/cil: cil_reset_classperms_set() should not reset classpermission libsepol/cil: Destroy classperm list when resetting map perms libsepol/cil: Destroy classperms list when resetting classpermission libsepol/cil: Fix out-of-bound read of file context pattern ending with "\" libsepol/cil: Check for duplicate blocks, optionals, and macros libsepol: Write "NO_IDENTIFIER" for empty CIL constraint expression libsepol: Enclose identifier lists in CIL constraint expressions libsepol/cil: Allow lists in constraint expressions libsepol: Enclose identifier lists in constraint expressions libsepol: Write "NO_IDENTIFIER" for empty constraint expression libsepol: make num_* unsigned int in module_to_cil libsepol/cil: do not leak avrulex_ioctl_table memory when an error occurs libsepol/cil: fix NULL pointer dereference in __cil_insert_name libsepol/cil: replace printf with proper cil_tree_log libsepol/cil: remove stray printf libsepol/cil: make cil_post_fc_fill_data static libsepol: Check kernel to CIL and Conf functions for supported versions libsepol: Remove unnecessary copying of declarations from link.c libsepol: Properly handle types associated to role attributes libsepol: Expand role attributes in constraint expressions Signed-off-by: Daniel Golle <daniel@makrotopia.org> [re-apply now that buildbot phase1 has caught up] Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* uboot-sunxi: add support for FriendlyARM NanoPi R1S H5Chukun Pan2021-10-302-0/+281
| | | | | | | Merged in https://github.com/u-boot/u-boot/commit/e7510d2, adjust back to the current 2020.04 version. Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
* ath10k: backport fix for module load regression with iram-recoveryZhijun You2021-10-304-5/+126
| | | | | | | | Backport upstream fix for module load regression caused by IRAM recovery. Without this patch devices using mainline ath10k driver could lost wireless function because ath10k module failed to load. Signed-off-by: Zhijun You <hujy652@gmail.com>
* 6in4: remove 6in4 tunnel delete workaround (FS#3690)Hans Dedecker2021-10-302-3/+1
| | | | | | | | Remove 6in4 tunnel delete workaround as the real issue is now solved in netifd (https://git.openwrt.org/?p=project/netifd.git;a=commit;h=8f82742ca4f47f459284f3a07323d04da72ea5f6) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* 6rd : remove 6rd tunnel delete workaroundHans Dedecker2021-10-302-3/+1
| | | | | | | | Remove 6rd tunnel delete workaround in as the real issue is now solved in netifd (https://git.openwrt.org/?p=project/netifd.git;a=commit;h=8f82742ca4f47f459284f3a07323d04da72ea5f6) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netifd: fix deletion of ip tunnels (FS#4058)Hans Dedecker2021-10-301-3/+3
| | | | | | 8f82742 system-linux: fix deletion of ip tunnels (FS#4058) Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipq40xx: detangle ath10k-board-qca4019 from ath10k-firmware-qca4019*Christian Lamparter2021-10-302-4/+1
| | | | | | | | | | | | | | | | | | | | | | Back in the day, the board-2.bin came with ath10k-firmware-qca4019. This changed with commit c3b2efaf24b5 ("linux-firmware: ath10k: add board firmware packages") which placed the board-2.bin into a separate package: ath10k-board-qca4019. This was great, because it addressed one of the caveat of the original ipq-wifi package: commit fa03d441e96e ("firmware: add custom IPQ wifi board definitions") | 2. updating ath10k-firmware-qca4019 will also replace | the board-2.bin. For this cases the user needs to | manually reinstall the wifi-board package once the | ath10k-firmware-qca4019 is updated. This could be extended further so that ipq-wifi packages no longer use "install-override" and the various QCA4019 variants list the ath10k-board-qca4019 as a CONFLICT package. Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* ath9k: OF: qca,disable-(2|5)ghz => ieee80211-freq-limitChristian Lamparter2021-10-303-22/+30
| | | | | | | | | | | | | | | | | | OpenWrt maintains two special out-of-tree DT properties: "qca,disable-5ghz" and "qca,disable-2ghz". These are implemented in a mac80211 ath9k patch "550-ath9k-disable-bands-via-dt.patch". With the things being what they are, now might be a good point to switch the devices to the generic and upstream "ieee80211-freq-limit" property. This property is much broader and works differently. Instead of disabling the drivers logic which would add the affected band and channels. It now disables all channels which are not within the specified frequency range. Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> # HH5A Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
* dropbear: add config options for agent-forwarding supportSven Roederer2021-10-302-1/+13
| | | | | | | | | | * SSH agent forwarding might cause security issues, locally and on the jump machine (https://defn.io/2019/04/12/ssh-forwarding/). So allow to completely disabling it. * separate options for client and server * keep it enabled by default Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
* Revert "secilc: update to version 3.3"Daniel Golle2021-10-291-3/+3
| | | | | | | | This reverts commit 2da891e7357c83c54a30075fcddbb63eeca0af99. secilc 3.3 requires libsepol to be version 3.3 as well and doesn't build otherwise. Revert for now. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* Revert "libsepol: update to version 3.3"Daniel Golle2021-10-291-3/+3
| | | | | | | | | This reverts commit de8a800ca9bda1171bfe17ee7653532465a8b596. Host build uses host includes instead of staging/hostpkg. This breaks the build in case of selinux host libs being older than version 3.3. Revert for now until better fix is found. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* selinux-policy: update to version 1.0Dominick Grift2021-10-281-3/+3
| | | | | | | | | | | | | | | | | wifi: writes to terminal hotplugcall and sqm read class sysfile symlinks unbound and sqm related loose ends support/example: policycoreutils host-compile is required TODO: this was wrong and it is actually needed linguist detectable does not work this way linguist-detectable updates README adds workflows adds a note about persistent /var option project moved to https://github.com/DefenSec/selinux-policy Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* secilc: update to version 3.3Dominick Grift2021-10-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Update VERSIONs to 3.3 for release. Update VERSIONs to 3.3-rc3 for release. Correct some typos Update VERSIONs to 3.3-rc2 for release. Update VERSIONs and Python bindings version to 3.3-rc1 for release libsepol/secilc/docs: Update the CIL documentation secilc: fix memory leaks in secilc2conf secilc: fix memory leaks in secilc libsepol/cil: Add support for using qualified names to secil2conf libsepol/cil: Add support for using qualified names to secil2tree secilc: Add support for using qualified names to secilc secilc/test: Add test for anonymous args secilc/docs: Relocate and reword macro call name resolution order secilc/docs: Document the order that inherited rules are resolved in secilc: Create the new program called secil2tree to write out CIL AST secilc/docs: Update the CIL documentation for various blocks secilc.c: Don't fail if input file is empty cil_conditional_statements.md: fix expr definition secilc/docs: Lists are now allowed in constraint expressions Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* policycoreutils: update to version 3.3Dominick Grift2021-10-281-3/+3
| | | | | | | | | | | | | | | | | Update VERSIONs to 3.3 for release. Update VERSIONs to 3.3-rc3 for release. libselinux/semodule: Improve extracting message Correct some typos Update VERSIONs to 3.3-rc2 for release. Update VERSIONs and Python bindings version to 3.3-rc1 for release policycoreutils: free memory of allocated context in newrole policycoreutils: free memory of allocated context in run_init policycoreutils: free memory on lstat failure in sestatus policycoreutils: silence -Wextra-semi-stmt warning fixfiles: do not exclude /dev and /run in -C mode policycoreutils/setfiles: do not create useless setfiles.8.man file Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* checkpolicy: update to version 3.3Dominick Grift2021-10-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update VERSIONs to 3.3 for release. checkpolicy: Fix potential undefined shifts Update VERSIONs to 3.3-rc3 for release. checkpolicy: delay down-cast to avoid align warning checkpolicy: drop incorrect cast checkpolicy: update documentation checkpolicy: print reason of fopen failure checkpolicy: policy_define: cleanup declarations Update VERSIONs to 3.3-rc2 for release. checkpolicy: free extended permission memory checkpolicy: print warning on source line overflow checkpolicy: error out on parsing too big integers checkpolicy: avoid implicit conversion checkpolicy: resolve dismod memory leaks checkpolicy: add missing function declarations checkpolicy: mark file local functions in policy_define static checkpolicy: mark read-only parameters in module compiler const checkpolicy: misc checkpolicy tweaks checkpolicy: misc checkmodule tweaks checkpolicy: enclose macro argument in parentheses Update VERSIONs and Python bindings version to 3.3-rc1 for release checkpolicy: mark read-only parameters in policy define const checkpolicy/test: mark file local functions static checkpolicy: parse_util drop unused declaration checkpolicy: drop redundant cast to the same type checkpolicy: avoid potential use of uninitialized variable checkpolicy: check before potential NULL dereference checkpolicy: remove dead assignments checkpolicy: follow declaration-after-statement checkpolicy: use correct format specifier for unsigned checkpolicy: drop dead condition checkpolicy: simplify assignment checkpolicy: drop -pipe compile option checkpolicy: pass CFLAGS at link stage checkpolicy: silence -Wextra-semi-stmt warning checkpolicy: Do not automatically upgrade when using "-b" flag libsepol/checkpolicy: Set user roles using role value instead of dominance Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libsemanage: update to version 3.3Dominick Grift2021-10-281-4/+4
| | | | | | | | | | | | Update VERSIONs to 3.3 for release. Update VERSIONs to 3.3-rc3 for release. Update VERSIONs to 3.3-rc2 for release. Update VERSIONs and Python bindings version to 3.3-rc1 for release libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_write_langext() libsemanage: silence -Wextra-semi-stmt warning libsemanage: fix use-after-free in parse_module_store() Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libselinux: update to version 3.3Dominick Grift2021-10-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update VERSIONs to 3.3 for release. libselinux: Fix potential undefined shifts Update VERSIONs to 3.3-rc3 for release. Update VERSIONs to 3.3-rc2 for release. libselinux/utils: drop requirement to combine compiling and linking Update VERSIONs and Python bindings version to 3.3-rc1 for release Improve error message for label file validation libselinux: replace strerror by %m libselinux: silence -Wextra-semi-stmt warning libselinux/utils/getseuser.c: fix build with gcc 4.8 selinux.8: document how mount flag nosuid affects SELinux libselinux: fix typo libselinux: improve getcon(3) man page libselinux: selinux_status_open: return 1 in fallback mode libselinux: do not use status page fallback mode internally libselinux: make selinux_status_open(3) reentrant libselinux: avc_destroy(3) closes status page libselinux: label_file.c: fix indent libselinux: regex: unify parameter names libselinux: sidtab_sid_stats(): unify parameter name libselinux: drop redundant casts to the same type libselinux: label_db::db_init(): open file with CLOEXEC mode libselinux: matchpathcon: free memory on realloc failure libselinux: label_file::init(): do not pass NULL to strdup libselinux: init_selinux_config(): free resources on error libselinux: matchmediacon(): close file on error libselinux: store_stem(): do not free possible non-heap object libselinux: getdefaultcon: free memory on multiple same arguments libselinux: setexecfilecon(): drop dead assignment libselinux: label_media::init(): drop dead assignment libselinux: label_x::init(): drop dead assignment libselinux: context_new(): drop dead assignment libselinux: exclude_non_seclabel_mounts(): drop unused variable libselinux: getconlist: free memory on multiple level arguments libselinux: selabel_get_digests_all_partial_matches: free memory after FTS_D block libselinux: selinux_restorecon: mark local variable static libselinux: avcstat: use standard length modifier for unsigned long long libselinux: sefcontext_compile: mark local variable static libselinux: Sha1Finalise(): do not discard const qualifier libselinux: label_common(): do not discard const qualifier libselinux: selinux_file_context_cmp(): do not discard const qualifier libselinux: sidtab_hash(): do not discard const qualifier libselinux: silence -Wstringop-overflow warning from gcc 10.3.1 libselinux: selinux_check_passwd_access_internal(): respect deny_unknown libselinux: do not duplicate make target when going into subdirectory Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
* libsepol: update to version 3.3Dominick Grift2021-10-281-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update VERSIONs to 3.3 for release. libsepol/cil: Fix potential undefined shifts libsepol: Fix potential undefined shifts Update VERSIONs to 3.3-rc3 for release. libsepol/cil: Do not skip macros when resolving until later passes libsepol/cil: Limit the amount of reporting for bounds failures libsepol/cil: silence clang void-pointer-to-enum-cast warning libsepol: resolve GCC warning about null-dereference libsepol: use correct cast libsepol: ebitmap: mark nodes of const ebitmaps const Update VERSIONs to 3.3-rc2 for release. libsepol/cil: Handle operations in a class mapping when verifying libsepol/cil: Do not use original type and typeattribute datums libsepol: free memory after policy validation libsepol: avoid implicit conversions libsepol: fix typo libsepol/cil: Free duplicate datums in original calling function libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) Update VERSIONs and Python bindings version to 3.3-rc1 for release libsepol/cil: Limit the number of active line marks libsepol/cil: Add function to get number of items in a stack libsepol: Fix detected RESOURCE_LEAKs libsepol/cil: Fix syntax checking in __cil_verify_syntax() libsepol/cil: Use size_t for len in __cil_verify_syntax() libsepol/cil: Remove redundant syntax checking libsepol/cil: Improve in-statement to allow use after inheritance libsepol/cil: Simplify cil_tree_children_destroy() libsepol/cil: Refactor the function __cil_build_ast_node_helper() libsepol/cil: Don't destroy optionals whose parent will be destroyed libsepol/cil: Properly check for parameter when inserting name libsepol/cil: Reset expandtypeattribute rules when resetting AST libsepol/cil: Properly check parse tree when printing error messages libsepol/cil: Allow some duplicate macro and block declarations libsepol/cil: When writing AST use line marks for src_info nodes libsepol/cil: Report correct high-level language line numbers libsepol/cil: Add line mark kind and line number to src info libsepol/cil: Create common string-to-unsigned-integer functions libsepol/cil: Push line mark state first when processing a line mark libsepol/cil: Check for valid line mark type immediately libsepol/cil: Check the token type after getting the next token libsepol/cil: Check syntax of src_info statement libsepol/cil: move the fuzz target and build script to the selinux repository libsepol: replace strerror by %m libsepol/cil: remove obsolete comment libsepol/cil: do not allow \0 in quoted strings libsepol/cil: Fix handling category sets in an expression libsepol: assure string NUL-termination of ibdev_name libsepol: avoid implicit conversions libsepol: ignore UBSAN false-positives libsepol: avoid unsigned integer overflow libsepol/cil: Improve checking for bad inheritance patterns libsepol: silence -Wextra-semi-stmt warning libsepol/cil: do not override previous results of __cil_verify_classperms libsepol/cil: Provide option to allow qualified names in declarations libsepol/cil: make array cil_sym_sizes const libsepol/cil: Only reset AST if optional has a declaration libsepol/cil: Add function to determine if a subtree has a declaration libsepol/cil: Improve degenerate inheritance check libsepol/cil: Reduce the initial symtab sizes for blocks libsepol/cil: Check for empty list when marking neverallow attributes libsepol/cil: Fix syntax checking of defaultrange rule libsepol/cil: Properly check for loops in sets libsepol/cil: Allow duplicate optional blocks in most cases libsepol: declare read-only arrays const libsepol: declare file local variable static libsepol: drop unnecessary casts libsepol: drop repeated semicolons libsepol/cil: avoid using maybe uninitialized variables libsepol/cil: drop unnecessary casts libsepol/cil: drop dead store libsepol/cil: drop extra semicolon libsepol/cil: silence cast warning libsepol: remove dead stores libsepol: do not allocate memory of size 0 libsepol: mark read-only parameters of type_set_ interfaces const libsepol: mark read-only parameters of ebitmap interfaces const libsepol: remove dead stores libsepol/cil: follow declaration-after-statement libsepol: follow declaration-after-statement libsepol: avoid unsigned integer overflow libsepol: remove unused functions libsepol: resolve missing prototypes libsepol: fix typos libsepol: Quote paths when generating policy.conf from binary policy libsepol/cil: Account for anonymous category sets in an expression libsepol/cil: Fix anonymous IP address call arguments libsepol: quote paths in CIL conversion libsepol/cil: Resolve anonymous levels only once libsepol/cil: Pointers to datums should be set to NULL when resetting libsepol/cil: Resolve anonymous class permission sets only once libsepol/cil: Limit the number of open parenthesis allowed libsepol/cil: Destroy the permission nodes when exiting with an error libsepol/cil: Handle disabled optional blocks in earlier passes libsepol/cil: Do not resolve arguments to declarations in the call libsepo/cil: Refactor macro call resolution libsepol/cil: Do not add NULL node when inserting key into symtab libsepol/cil: Make name resolution in macros work as documented libsepol/cil: Fix name resolution involving inherited blocks libsepol/cil: Check for self-referential loops in sets libsepol/cil: Return an error if a call argument fails to resolve libsepol/cil: Check datum in ordered list for expected flavor libsepol/cil: Detect degenerate inheritance and exit with an error libsepol/cil: Fix instances where an error returns SEPOL_OK libsepol/cil: Properly reset an anonymous classperm set libsepol: use checked arithmetic builtin to perform safe addition libsepol/cil: Add functions to make use of cil_write_ast() libsepol/cil: Create functions to write the CIL AST libsepol/cil: Use CIL_ERR for error messages in cil_compile() libsepol/cil: Make invalid statement error messages consistent libsepol/cil: Do not allow tunable declarations in in-statements libsepol/cil: Sync checks for invalid rules in macros libsepol/cil: Check for statements not allowed in optional blocks libsepol/cil: Sync checks for invalid rules in booleanifs libsepol/cil: Reorder checks for invalid rules when resolving AST libsepol/cil: Use AST to track blocks and optionals when resolving libsepol/cil: Create new first child helper function for building AST libsepol/cil: Cleanup build AST helper functions libsepol/cil: Reorder checks for invalid rules when building AST libsepol/cil: Move check for the shadowing of macro parameters libsepol/cil: Create function cil_add_decl_to_symtab() and refactor libsepol/cil: Refactor helper function for cil_gen_node() libsepol/cil: Allow permission expressions when using map classes libsepol/cil: Exit with an error if declaration name is a reserved word libsepol/cil: More strict verification of constraint leaf expressions libsepol/cil: Set class field to NULL when resetting struct cil_classperms libsepol/cil: cil_reset_classperms_set() should not reset classpermission libsepol/cil: Destroy classperm list when resetting map perms libsepol/cil: Destroy classperms list when resetting classpermission libsepol/cil: Fix out-of-bound read of file context pattern ending with "\" libsepol/cil: Check for duplicate blocks, optionals, and macros libsepol: Write "NO_IDENTIFIER" for empty CIL constraint expression libsepol: Enclose identifier lists in CIL constraint expressions libsepol/cil: Allow lists in constraint expressions libsepol: Enclose identifier lists in constraint expressions libsepol: Write "NO_IDENTIFIER" for empty constraint expression libsepol: make num_* unsigned int in module_to_cil libsepol/cil: do not leak avrulex_ioctl_table memory when an error occurs libsepol/cil: fix NULL pointer dereference in __cil_insert_name libsepol/cil: replace printf with proper cil_tree_log libsepol/cil: remove stray printf libsepol/cil: make cil_post_fc_fill_data static libsepol: Check kernel to CIL and Conf functions for supported versions libsepol: Remove unnecessary copying of declarations from link.c libsepol: Properly handle types associated to role attributes libsepol: Expand role attributes in constraint expressions Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>