| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
f5fcdcf cli: introduce test mode and refuse firewall restart on errors
a540f6d fw4: fix cosmetic issue with per-ruleset and per-table include paths
695e821 doc: fix swapped include positions in nftables.d README
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit ab31ffc425b59afc102f8a3275791c153f39c8f4)
|
|
|
|
|
|
|
|
|
| |
344fa9e lib: extend render() to support function values
89452b2 lib: improve getenv() and split() implementations
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
[fix commit subject]
(cherry picked from commit c6d6306827e9296faad26981996825ce3e90259d)
|
|
|
|
|
|
|
|
|
| |
Testing has shown it to be very unreliable in variety of configurations.
It is not mandatory, so let's disable it by default until we have a better
solution.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 2984a0420649733662ff95b0aff720b8c2c19f8a)
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.
The build problem was reported upstream:
https://github.com/Mbed-TLS/mbedtls/issues/6243
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f3870546a544c39c6fde2e7e014394aa085d8057)
|
|
|
|
|
|
|
|
|
| |
35fec487e30f05c81bd135326a993dad7f861812 fixed opkg usage,
but when using buildroot we were still defaulting to
ip(6)tables-legacy
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
(cherry picked from commit 0c8d7e34ab35f6b41f034fd94fec740970e0125b)
|
|
|
|
|
|
|
|
|
| |
WPA3 enterprise requires group_mgmt_cipher=BIP-GMAC-256 and if 802.11r is
active also wpa_key_mgmt FT-EAP-SHA384. This commit also requires
corresponding changes in netifd.
Signed-off-by: Joerg Werner <schreibubi@gmail.com>
(cherry picked from commit 9fbb76c0470fd54f1f34909b1098d0f76078878f)
|
|
|
|
|
|
|
| |
0dad3e6 Add support for CCMP-256 and GCMP-256 ciphers
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cc6a323e2328176b732b13f1f09745354270cd39)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the SDK the folder $(LINUX_DIR)/user_headers/include does not exist,
but it more or less contains the same content as
$(LINUX_DIR)/include/uapi which also exists in the SDK.
Since iproute2 commit 1d819dcc741e ("configure: fix parsing issue on
include_dir option") it checks if this folder exists and aborts the
build if it does not exists.
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1d819dcc741e25958190e31f8186c940713fa0a8
With this commit the KERNEL_INCLUDE variable points to a valid folder
with the kernel include headers. I am not sure if they are actually
needed because the build worked before even with an invalid path.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 60738fedede1746922a8b227f24ad5c733661585)
|
|
|
|
|
|
|
| |
146bc77 umbim: fix invalid mbim message string encoding
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 90bedc411b1e98e9adf668dde09f8eafe4490344)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
9485e3b47066 mt76: remove q->qid
e5674c4aa402 mt76: mt7921: enable HW beacon filter not depending on PM flag
7fd299e3c921 mt76: mt7921: enable HW beacon filter in the initialization stage
d5459efaaf14 mt76: mt7921: make mt7921_pci_driver static
b8304b456e23 mt76: connac: move tx initialization/cleanup in mt76_connac module
6e0d7077486c mt76: mt7921: reduce log severity levels for informative messages
cb80da974fe6 mt76: mt7921: reduce the mutex lock scope during reset
a2d61f4f4063 mt76: mt7915 add ht mpdu density
08ea730c1130 mt76: add len parameter to __mt76_mcu_msg_alloc signature
60ef85fa352c mt76: introduce MT_RXQ_BAND2 and MT_RXQ_BAND2_WA in mt76_rxq_id
8ccbb38ca6e6 mt76: add phy_idx in mt76_rx_status
eb19ac83c07e mt76: introduce phys array in mt76_dev structure
30887591e3ab mt76: add phy_idx to mt76_wcid
4bf8c20a9524 mt76: convert MT_TX_HW_QUEUE_EXT_PHY to MT_TX_HW_QUEUE_PHY
e6c6bf8cee09 mt76: get rid of mt76_wcid_hw routine
120f73ad992a mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
111e92cf8c22 mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node()
13bedd62ff4a mt76: connac: introduce mt76_connac_reg_map structure
5ec78e1ec43d wifi: mt76: fix reading current per-tid starting sequence number for aggregation
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit ec7d32f3769fbd815f72a7471e4bb7a07aee359d)
|
|
|
|
|
|
|
| |
76d2d41b7355 interface: fix use-after-free bug when rewriting resolv.conf
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 31648c4b59add5b1cb441073a46c80ab768b588c)
|
|
|
|
|
|
|
|
| |
87fbefd interface: support "zone" config option
bfa039c netifd: fix WPA3 enterprise ciphers
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry-picked from commit 8008816a2ceeb7e66d27d9882685933bb9df4c76)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc 10 with -O2 reports following:
In function ‘strncpy’,
inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:244:4:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:227:4:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Since it is not possible to avoid truncation by strncpy, it is necessary
to make sure the result of strncpy is properly NUL-terminated and the
NUL must be inserted explicitly, after strncpy has returned.
References: #10442
Reported-by: Alexey Smirnov <s.alexey@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 34ddd2e545f068e4684ecce98c1da3a6c7c9b04a)
|
|
|
|
|
|
|
| |
ae5afea ucode: parse ucode plugin scripts in raw mode, init search path
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 66a360206e341abdd1e5560e9cb522d8e453b095)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
e3395cd ucode: initialize search path before VM init
8cb3f85 ucode: initialize default library search path
188dea2 utils: accept '?' as path terminator in uh_path_match()
c5eac5d file: support using dynamic script handlers as error pages
290ff88 relay: trigger close if in header read state with pending data
f9db538 ucode: ignore exit exceptions
8ba0b64 cmake: use variables and find_library for dependency
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit 4ee77cfcfadcd2b28678a1f3e8e78383b0b21963)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bcdd2cb examples: add module search path initialization and freeing
ee1946f ubus: fix GCC strncpy() truncation warning
131d99c lib: introduce three new functions call(), loadstring() and loadfile()
8e8dae0 lib: introduce helper function for indenting error messages
476f02b lib: simplify include_path()
d84b53a source: avoid null pointer access in uc_source_runpath_set()
c43a54f types: gracefully handle unpatched upvalues in ucv_free()
e2fb11a README.md: document gc() function
b41cb2d main: introduce -g flag to allow enabling periodic gc from cli
85d7885 lib: implement gc()
47528f0 vm: support automatic periodic GC runs
381cc75 types: treat vm->exports as GC roots
fcc49e6 compiler: add import statement support for dynamic extensions
c9442f1 vm: introduce new I_DYNLOAD opcode
b6fd8a2 lib: internally expose new uc_require_library() helper
a486adc vm: don't treat offset 0 special for exceptions
41ccd19 compiler: don't treat offset 0 special at syntax errors
b4a3f68 compiler: improve formatting of nested syntax error messages
5d5dadc program: remove now unused uc_program_export_lookup()
304995b compiler: rework export index allocation
506cc37 compiler: fix deriving module path from source runpath
54b7fac compiler: enforce stricter module compilation rules
d62e372 vm: don't initialize upvalues for module functions
b856602 program: add serialization and deserialization for module function flag
d7d1bde compiler: add a flag denoting module functions
156d584 treewide: unexport libucode internal functions
10e056d compiler: add support for import/export statements
862e49d compiler: resolve predeclared upvalues
78dfb08 compiler: require a name in function declarations
afd78c1 compiler: fix reported source position in inc/dec operator error
e1c3db0 tests: run_tests.sh: substitute dynamic test directory path in output
3c168b5 vm, cli: move search path into global configuration structure
d85bc71 vm: introduce import and export opcodes
365782e vm: honor constant flag of objects and arrays
6becc64 vm: transparently resolve upvalue references
3418967 vm: gracefully handle unresolved upvalues
50cf572 program: add function to globally lookup exported name
c441f65 program: add infrastructure to handle multiple sources per program
2322468 program: fix reporting source position of first instruction
9c9a9ec program: fix en/decoding debuginfo upvalue slots in precompiled bytecode
41114a0 source: add tracking of exported symbols
70ae304 lib: honor constant flag of arrays
3c104f5 types: resolve upvalue references on stringification
3a6f9cb types: add ability to mark array and object values as constant
b738f3a lexer: recognize module related keywords
03c8e4b lexer: rewrite token scanner
fd433aa lexer: fix parsing with disabled block left stripping
557577a rtnl: fix parsing/creation of IFLA_AF_SPEC RTA for the AF_BRIDGE family
35c6b73 compiler: fix stack mismatch on continue statements nested in switches
f673096 uloop: end uloop on exceptions in managed code
2e5426c ubus: end uloop on exceptions in managed code
c024270 rtnl: expose IFLA_STATS64 contents
d3c58c0 rtnl: expose ifinfomsg.ifi_change member
c4dde50 rtnl: update NETLINK_GET_STRICT_CHK socket flag with every request
7ef0d02 nl80211: fix NL80211_SURVEY_INFO_NOISE datatype
9a2e592 compiler: fix stack mismatch on nonmatching switch statements with locals
03c8ca5 nl80211: recognize further NL80211_STA_INFO_* NLAs
a1ed566 struct: add optional offset argument to `unpack()`
230e595 rtnl: fix segmentation fault on parsing linkinfo RTA without data
523566d rtnl: zero request message headers
56be30d rtnl: fix premature netlink reply receive abort
1347440 rtnl: avoid stray "netlink: %d bytes leftover after parsing attributes."
44b0a3b struct: fix packing `*` format after other repeated formats
Also package uloop binding module which has been introduced by a previous
ucode update and introduce a host build with the basic set of modules.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 3446d32616efad335c4eeeafc2f542089839bf20)
|
|
|
|
|
|
|
|
|
| |
Musl libc does not support the non-POSIX "%F" format for strptime() so
replace all occurrences of it with an equivalent "%Y-%m-%d" format.
Fixes: #10419
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit e6e4f979999393825370e9db9fe04d75cb01acf2)
|
|
|
|
|
|
|
|
|
|
| |
a4484d4 fw4: support automatic includes
ca7e3a1 fw4: honour enabled option of include sections
5a02f74 tests: add missing fs.stat) mock data for `nf_conntrack_dummy`
111a7f7 fw4: don't inherit zone family from ct helpers
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit fe86b2ffaaf6059250e3ba0a9e1436312415e23f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is common for 802.11ax NICs to support more than just AP mode, which
results in there being a distinct set of HE capabilities for each mode. As
(bad) luck would have it, iw prints out info for each HE mode in sequential
order according to `enum nl80211_iftype`, and AP mode isn't always first.
As a result, the wrong set of HE capabilities can be parsed if an AP NIC
supports station (managed) mode or any other mode preceding AP mode, since
only the first set of HE capabilities printed by iw is parsed from awk's
output.
This has a noticeable impact on beamforming for example, since managed mode
usually doesn't have beamformer capabilities enabled, while AP mode does.
Hostapd won't be set up with the configs to enable beamformer capabilities
in this scenario, causing hostapd to disable beamforming to HE stations
even when it's supported by the AP.
Always parse the correct set of HE capabilities for AP mode to fix this.
This is achieved by trimming all of iw's output prior to the AP mode
capabilities, which ensures that the first set of HE capabilities are
always for AP mode.
Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com>
(cherry picked from commit f338f76a66a50d201ae57c98852aa9c74e9e278a)
|
|
|
|
|
|
|
|
|
|
| |
Some Arcadyan devices (e.g. MTS WG430223) keep their config in encrypted
mtd. This adds mtd_get_mac_encrypted_arcadyan() function to get the MAC
address from the encrypted partition. Function uses uencrypt utility for
decryption (and openssl if the uencrypt wasn't found).
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
(cherry picked from commit 12c971bc26ac0ff04257bc475fff6fa68068c6c0)
|
|
|
|
|
|
|
|
|
| |
This adds a simple AES-128-CBC encryption/decryption program using
either wolfSSL or OpenSSL as backend to decrypt Arcadyan WG4xx223
configuration partitions. The ipk size is 3,355 bytes.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit bc43ad88ed18722c0621fd6dfef0ff68268f4e14)
|
|
|
|
|
|
|
| |
7d21e8d dhcpv6: add option to ignore stateless advertise
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit a23d132cff541210b281ac60de619e7ce7ec3ba0)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MTS WG430223 is a wireless AC1300 (WiFi 5) router manufactured by
Arcadyan company. It's very similar to Beeline Smartbox Flash (Arcadyan
WG443223).
Device specification
--------------------
SoC Type: MediaTek MT7621AT
RAM: 128 MiB
Flash: 128 MiB (Winbond W29N01HV)
Wireless 2.4 GHz (MT7615DN): b/g/n, 2x2
Wireless 5 GHz (MT7615DN): a/n/ac, 2x2
Ethernet: 3xGbE (WAN, LAN1, LAN2)
USB ports: No
Button: 1 (Reset/WPS)
LEDs: 2 (Red, Green)
Power: 12 VDC, 1 A
Connector type: Barrel
Bootloader: U-Boot (Ralink UBoot Version: 5.0.0.2)
OEM: Arcadyan WG430223
Installation
------------
1. Login to the router web interface (superadmin:serial number)
2. Navigate to Administration -> Miscellaneous -> Access control lists &
enable telnet & enable "Remote control from any IP address"
3. Connect to the router using telnet (default admin:admin)
4. Place *factory.trx on any web server (192.168.1.2 in this example)
5. Connect to the router using telnet shell (no password required)
6. Save MAC adresses to U-Boot environment:
uboot_env --set --name eth2macaddr --value $(ifconfig | grep eth2 | \
awk '{print $5}')
uboot_env --set --name eth3macaddr --value $(ifconfig | grep eth3 | \
awk '{print $5}')
uboot_env --set --name ra0macaddr --value $(ifconfig | grep ra0 | \
awk '{print $5}')
uboot_env --set --name rax0macaddr --value $(ifconfig | grep rax0 | \
awk '{print $5}')
7. Ensure that MACs were saved correctly:
uboot_env --get --name eth2macaddr
uboot_env --get --name eth3macaddr
uboot_env --get --name ra0macaddr
uboot_env --get --name rax0macaddr
8. Download and write the OpenWrt images:
cd /tmp
wget http://192.168.1.2/factory.trx
mtd_write erase /dev/mtd4
mtd_write write factory.trx /dev/mtd4
9. Set 1st boot partition and reboot:
uboot_env --set --name bootpartition --value 0
Back to Stock
-------------
1. Run in the OpenWrt shell:
fw_setenv bootpartition 1
reboot
2. Optional step. Upgrade the stock firmware with any version to
overwrite the OpenWrt in Slot 1.
MAC addresses
-------------
+-----------+-------------------+----------------+
| Interface | MAC | Source |
+-----------+-------------------+----------------+
| label | A4:xx:xx:51:xx:F4 | No MACs was |
| LAN | A4:xx:xx:51:xx:F6 | found on Flash |
| WAN | A4:xx:xx:51:xx:F4 | [1] |
| WLAN_2g | A4:xx:xx:51:xx:F5 | |
| WLAN_5g | A6:xx:xx:21:xx:F5 | |
+-----------+-------------------+----------------+
[1]:
a. Label wasb't found neither in factory nor in other places.
b. MAC addresses are stored in encrypted partition "glbcfg". Encryption
key hasn't known yet. To ensure the correct MACs in OpenWrt, a hack
with saving of the MACs to u-boot-env during the installation was
applied.
c. Default Ralink ethernet MAC address (00:0C:43:28:80:A0) was found in
"Factory" 0xfff0. It's the same for all MTS WG430223 devices. OEM
firmware also uses this MAC when initialazes ethernet driver. In
OpenWrt we use it only as internal GMAC (eth0), all other MACs are
unique. Therefore, there is no any barriers to the operation of several
MTS WG430223 devices even within the same broadcast domain.
Stock firmware image format
---------------------------
The same as Beeline Smartbox Flash but with another trx magic
+--------------+---------------+----------------------------------------+
| Offset | | Description |
+==============+===============+========================================+
| 0x0 | 31 52 48 53 | TRX magic "1RHS" |
+--------------+---------------+----------------------------------------+
Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com>
(cherry picked from commit 498c15376bae109bfe130cc5581f83e4cc52c0f9)
|
|
|
|
|
|
|
| |
705d3b5 iwinfo: Add missing auth_suites mappings for WPA3
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit cc2dfc5e4dc2e480203b826749186c73021795df)
|
|
|
|
|
|
|
|
| |
This adds the SMSC PHY which is needed by the kmod-usb-net-smsc95xx
driver.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 5b016a88f92f25dd7d32438bce3a469f343f4009)
|
|
|
|
|
|
|
|
| |
This adds the AX88796B PHY which is needed by the kmod-usb-net-asix
driver.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 712ff388bcd0811256c07e8e1f4b92a007adaa7f)
|
|
|
|
|
|
|
|
| |
The ulog iptables target was removed with kernel 3.17, remove the kernel
and also the iptables package in OpenWrt too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 2a0284fb0325f07e79b9b4c58a7d280ba9999a39)
|
|
|
|
|
|
|
|
|
|
|
|
| |
The nft NAT packages for IPv4 and IPv6 were merged into the common
packages with kernel 5.1. The kmod-nft-nat6 package was empty in our
build, remove it.
Multiple kernel configuration options were also removed, remove them
from our generic kernel configuration too.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b75425370d8de747457c137463bc4d15f6f44d00)
|
|
|
|
|
|
|
|
| |
Add the ipset/ip_set_hash_ipmac.ko file. The CONFIG_IP_SET_HASH_IPMAC
KConfig option is already set by the package.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 6a2e9f3da6d0f0f3ae382db1e77a65c2f0e67d24)
|
|
|
|
|
|
|
|
|
|
|
| |
Change SCHED_MODULES_EXTRA to an explicit list of modules
instead of taking everything that is not filtered out.
This removes the need of updating the filter each time an extra
sch_*, act_* or similar is added with an own kmod definition.
Signed-off-by: Thomas Langer <tlanger@maxlinear.com>
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 1b956e66ccafc962033260567c2f1e845f71683f)
|
|
|
|
|
|
|
|
| |
The CONFIG_NET_EMATCH_TEXT configuration option depends on the
kmod-lib-textsearch package.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 3cc878a8d3e4d2d445bf2ee34883e9326bfa0bb2)
|
|
|
|
|
|
|
|
|
|
| |
The sch_fq_codel.ko and the sch_fifo.ko are always compiled into the
kernel, they are activated in the generic kernel configuration. There is
no need to activate the build of these kernel modules in the kmod-sched*
packages.
Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com>
(cherry picked from commit 606e357bf824a314a0c6a147539974e99e8aabe1)
|
|
|
|
|
|
|
|
|
|
| |
Add patch to skip bad blocks when reading from SPI-NAND. This is needed
in case erase block(s) early in the flash inside the FIP area are bad
and hence need to be skipped in order to be able to boot on such damaged
chips.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit c0109537d13650e3cfd4d4840c571a0d557b303a)
|
|
|
|
|
|
|
|
|
|
|
| |
The command 'opkg search /etc/config/fstab' does not return a package
name for this config file. In order to know to which package this config
file belongs to, a 'conffiles' entry was made for this file to package
'block-mount'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 885f04b30556edddb9378c5e9eb561334e44ac7a)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the kernel's built-in formula for computing this value.
The value applied by OpenWRT's sysctl configuration file does not scale
with the available memory, under-using hardware capabilities.
Also, that formula also influences net.netfilter.nf_conntrack_buckets,
which should improve conntrack performance in average (fewer connections
per hashtable bucket).
Backport upstream commit for its effect on the number of connections per
hashtable bucket.
Apply a hack patch to set the RAM size divisor to a more reasonable value (2048,
down from 16384) for our use case, a typical router handling several thousands
of connections.
Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com>
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 15fbb916669dcdfcc706e9e75263ab63f9f27c00)
|
|
|
|
|
|
|
|
| |
Fix 'serversfile' option not being jail_mounted by the init script.
Signed-off-by: Bruno Victal <brunovictal@outlook.com>
(cherry picked from commit 0276fab64933dc42bad865974dc224e2672f99fe)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The curl developers found test case that crashed in their testing when
using zlib patched against CVE-2022-37434, same patch we've backported
in commit 7df6795d4c25 ("zlib: backport fix for heap-based buffer
over-read (CVE-2022-37434)"). So we need to backport following patch in
order to fix issue introduced in that previous CVE-2022-37434 fix.
References: https://github.com/curl/curl/issues/9271
Fixes: 7df6795d4c25 ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f443e9de7003c00a935b9ea12f168e09e83b48cd)
|
|
|
|
|
|
|
|
|
| |
Fixing missed bump of PKG_RELEASE while backporting commit 7561eab8e86e
("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)")
as package in master is using AUTORELEASE.
Fixes: 7561eab8e86e ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow
in inflate in inflate.c via a large gzip header extra field. NOTE: only
applications that call inflateGetHeader are affected. Some common
applications bundle the affected zlib source code but may be unable to
call inflateGetHeader.
Fixes: CVE-2022-37434
References: https://github.com/ivd38/zlib_overflow
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 7df6795d4c25447683fd4b4a4813bebcddaea547)
|
|
|
|
|
|
|
|
| |
860ca90 odhcpd: Support for Option NTP and SNTP
83e14f4 router: advertise removed addresses as invalid in 3 consecutive RAs
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 73c6d8fd046298face0e8aea8e52cc0faca67324)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Release announcement:
https://lore.kernel.org/u-boot/20220711134339.GV1146598@bill-the-cat/
- Changes between 2022.04 and 2022.07:
https://source.denx.de/u-boot/u-boot/-/compare/v2022.04...v2022.07?from_project_id=531
Remove one upstreamed patch and add patch to fix issue with sunxi tool
as it uses function from newer version libressl (3.5.0).
Signed-off-by: Andre Heider <a.heider@gmail.com>
Tested-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [Turris Omnia]
(cherry picked from commit 24bf6813bad98a8eba5430ed5e4da89d54797274)
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
[Improve commit message]
|
|
|
|
|
|
|
|
|
| |
Config partition contains uboot env for the first 0x20000 bytes.
The rest of the partition contains other data including the device MAC
address and the password printed on the label.
Signed-off-by: Wenli Looi <wlooi@ucalgary.ca>
(cherry picked from commit 0bfe1cfbb13c58d909951cab9fac8910ccbe74f3)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is some syscall missing:
'getdents64'
'getrandom'
'statx'
'newfstatat'
Found with:
'mkdir /etc/umdns; ln -s /tmp/1.json /etc/umdns/; utrace /usr/sbin/umdns'
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
(cherry picked from commit 31cca8f8d3f6218965812c46de35ba30c4ba83ab)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The system parameters are contained in the Bdata partition.
To use the fw_setsys command, you need to create a file
fw_sys.config.
This file is created after calling the functions
ubootenv_add_uci_sys_config and ubootenv_add_app_config.
Signed-off-by: Oleg S <remittor@gmail.com>
[ wrapped commit description to 72 char ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
(cherry picked from commit 6c7e337c80f92693c2ca628a4a56aeaec4cc3ca8)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The re-transmit counters can overflow the 32 bit representation resulting
in negative values being displayed. Background being that the numbers are
treated at some point as signed INT rather than unsigned INT.
Change the counters from 32 bit to 64 bit, should provide sufficient room
to avoid any overflow. Not the nicest solution but it works
Fixes: #10077
Signed-off-by: Roland Barenbrug <roland@treslong.com>
Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
(cherry picked from commit 456b9029d764e69f390ee26bca24883b12eb83c2)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the libmnl build on macOS, which ships with an outdated bash
at /bin/bash. During the OpenWrt build, a modern host bash is built and
made available at staging_dir/host/bin/bash, which is present before
/bin/bash in the build's PATH.
This is similar to 8f7ce3aa6dda, presently appearing at
package/kernel/mac80211/patches/build/001-fix_build.patch.
Signed-off-by: Mark Mentovai <mark@mentovai.com>
(cherry picked from commit beeb49740bb4f68aadf92095984a2d1f9a488956)
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
| |
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
|
|
|
|
|
|
|
| |
This updates mac80211 to version 5.15.58-1 which is based on kernel
5.15.58.
The removed patches were applied upstream.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3aa18f71f9c8a5447bdd2deda4e681175338164f)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply upstream patch[1] to fix breakage around math libraries.
This can likely be removed when 5.5.0-stable is tagged and released.
Build system: x86_64
Build-tested: bcm2711/RPi4B
Run-tested: bcm2711/RPi4B
1. https://github.com/wolfSSL/wolfssl/pull/5390
Signed-off-by: John Audia <therealgraysky@proton.me>
(cherry picked from commit c2aa816f28e0fe2f6f77d0c6da4eba19ea8db4ea)
|