aboutsummaryrefslogtreecommitdiffstats
path: root/package
Commit message (Collapse)AuthorAgeFilesLines
* firewall4: update to latest Git HEADJo-Philipp Wich2022-09-011-3/+3
| | | | | | | | | f5fcdcf cli: introduce test mode and refuse firewall restart on errors a540f6d fw4: fix cosmetic issue with per-ruleset and per-table include paths 695e821 doc: fix swapped include positions in nftables.d README Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit ab31ffc425b59afc102f8a3275791c153f39c8f4)
* ucode: update to latest Git HEADJo-Philipp Wich2022-08-311-3/+3
| | | | | | | | | 344fa9e lib: extend render() to support function values 89452b2 lib: improve getenv() and split() implementations Signed-off-by: Jo-Philipp Wich <jo@mein.io> [fix commit subject] (cherry picked from commit c6d6306827e9296faad26981996825ce3e90259d)
* mac80211: disable ft-over-ds by defaultFelix Fietkau2022-08-301-1/+1
| | | | | | | | | Testing has shown it to be very unreliable in variety of configurations. It is not mandatory, so let's disable it by default until we have a better solution. Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 2984a0420649733662ff95b0aff720b8c2c19f8a)
* mbedtls: update to version 2.28.1Hauke Mehrtens2022-08-283-24/+46
| | | | | | | | | | | | Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.1 This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues. The build problem was reported upstream: https://github.com/Mbed-TLS/mbedtls/issues/6243 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit f3870546a544c39c6fde2e7e014394aa085d8057)
* iptables: default to ip(6)tables-nft when using buildrootEtienne Champetier2022-08-281-2/+2
| | | | | | | | | 35fec487e30f05c81bd135326a993dad7f861812 fixed opkg usage, but when using buildroot we were still defaulting to ip(6)tables-legacy Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> (cherry picked from commit 0c8d7e34ab35f6b41f034fd94fec740970e0125b)
* hostapd: fix WPA3 enterprise keys and ciphersJoerg Werner2022-08-261-3/+10
| | | | | | | | | WPA3 enterprise requires group_mgmt_cipher=BIP-GMAC-256 and if 802.11r is active also wpa_key_mgmt FT-EAP-SHA384. This commit also requires corresponding changes in netifd. Signed-off-by: Joerg Werner <schreibubi@gmail.com> (cherry picked from commit 9fbb76c0470fd54f1f34909b1098d0f76078878f)
* iwinfo: update to latest HEADHauke Mehrtens2022-08-261-3/+3
| | | | | | | 0dad3e6 Add support for CCMP-256 and GCMP-256 ciphers Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit cc6a323e2328176b732b13f1f09745354270cd39)
* iproute2: Fix KERNEL_INCLUDE in SDKHauke Mehrtens2022-08-261-1/+1
| | | | | | | | | | | | | | | | | | In the SDK the folder $(LINUX_DIR)/user_headers/include does not exist, but it more or less contains the same content as $(LINUX_DIR)/include/uapi which also exists in the SDK. Since iproute2 commit 1d819dcc741e ("configure: fix parsing issue on include_dir option") it checks if this folder exists and aborts the build if it does not exists. https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=1d819dcc741e25958190e31f8186c940713fa0a8 With this commit the KERNEL_INCLUDE variable points to a valid folder with the kernel include headers. I am not sure if they are actually needed because the build worked before even with an invalid path. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 60738fedede1746922a8b227f24ad5c733661585)
* umbim: bump to git HEADHauke Mehrtens2022-08-261-3/+3
| | | | | | | 146bc77 umbim: fix invalid mbim message string encoding Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 90bedc411b1e98e9adf668dde09f8eafe4490344)
* mt76: update to the latest versionFelix Fietkau2022-08-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | 9485e3b47066 mt76: remove q->qid e5674c4aa402 mt76: mt7921: enable HW beacon filter not depending on PM flag 7fd299e3c921 mt76: mt7921: enable HW beacon filter in the initialization stage d5459efaaf14 mt76: mt7921: make mt7921_pci_driver static b8304b456e23 mt76: connac: move tx initialization/cleanup in mt76_connac module 6e0d7077486c mt76: mt7921: reduce log severity levels for informative messages cb80da974fe6 mt76: mt7921: reduce the mutex lock scope during reset a2d61f4f4063 mt76: mt7915 add ht mpdu density 08ea730c1130 mt76: add len parameter to __mt76_mcu_msg_alloc signature 60ef85fa352c mt76: introduce MT_RXQ_BAND2 and MT_RXQ_BAND2_WA in mt76_rxq_id 8ccbb38ca6e6 mt76: add phy_idx in mt76_rx_status eb19ac83c07e mt76: introduce phys array in mt76_dev structure 30887591e3ab mt76: add phy_idx to mt76_wcid 4bf8c20a9524 mt76: convert MT_TX_HW_QUEUE_EXT_PHY to MT_TX_HW_QUEUE_PHY e6c6bf8cee09 mt76: get rid of mt76_wcid_hw routine 120f73ad992a mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() 111e92cf8c22 mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() 13bedd62ff4a mt76: connac: introduce mt76_connac_reg_map structure 5ec78e1ec43d wifi: mt76: fix reading current per-tid starting sequence number for aggregation Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit ec7d32f3769fbd815f72a7471e4bb7a07aee359d)
* netifd: update to the latest versionFelix Fietkau2022-08-251-3/+3
| | | | | | | 76d2d41b7355 interface: fix use-after-free bug when rewriting resolv.conf Signed-off-by: Felix Fietkau <nbd@nbd.name> (cherry-picked from commit 31648c4b59add5b1cb441073a46c80ab768b588c)
* netifd: update to git HEADHauke Mehrtens2022-08-251-3/+3
| | | | | | | | 87fbefd interface: support "zone" config option bfa039c netifd: fix WPA3 enterprise ciphers Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry-picked from commit 8008816a2ceeb7e66d27d9882685933bb9df4c76)
* rpcd: bump version to 2022-08-24Petr Štetiar2022-08-251-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | gcc 10 with -O2 reports following: In function ‘strncpy’, inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:244:4: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function ‘strncpy’, inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:227:4: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Since it is not possible to avoid truncation by strncpy, it is necessary to make sure the result of strncpy is properly NUL-terminated and the NUL must be inserted explicitly, after strncpy has returned. References: #10442 Reported-by: Alexey Smirnov <s.alexey@gmail.com> Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 34ddd2e545f068e4684ecce98c1da3a6c7c9b04a)
* rpcd: update to latest Git HEADJo-Philipp Wich2022-08-251-3/+3
| | | | | | | ae5afea ucode: parse ucode plugin scripts in raw mode, init search path Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 66a360206e341abdd1e5560e9cb522d8e453b095)
* uhttpd: update to latest Git HEADJo-Philipp Wich2022-08-251-3/+3
| | | | | | | | | | | | | e3395cd ucode: initialize search path before VM init 8cb3f85 ucode: initialize default library search path 188dea2 utils: accept '?' as path terminator in uh_path_match() c5eac5d file: support using dynamic script handlers as error pages 290ff88 relay: trigger close if in header read state with pending data f9db538 ucode: ignore exit exceptions 8ba0b64 cmake: use variables and find_library for dependency Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit 4ee77cfcfadcd2b28678a1f3e8e78383b0b21963)
* ucode: update to latest Git HEADJo-Philipp Wich2022-08-251-4/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bcdd2cb examples: add module search path initialization and freeing ee1946f ubus: fix GCC strncpy() truncation warning 131d99c lib: introduce three new functions call(), loadstring() and loadfile() 8e8dae0 lib: introduce helper function for indenting error messages 476f02b lib: simplify include_path() d84b53a source: avoid null pointer access in uc_source_runpath_set() c43a54f types: gracefully handle unpatched upvalues in ucv_free() e2fb11a README.md: document gc() function b41cb2d main: introduce -g flag to allow enabling periodic gc from cli 85d7885 lib: implement gc() 47528f0 vm: support automatic periodic GC runs 381cc75 types: treat vm->exports as GC roots fcc49e6 compiler: add import statement support for dynamic extensions c9442f1 vm: introduce new I_DYNLOAD opcode b6fd8a2 lib: internally expose new uc_require_library() helper a486adc vm: don't treat offset 0 special for exceptions 41ccd19 compiler: don't treat offset 0 special at syntax errors b4a3f68 compiler: improve formatting of nested syntax error messages 5d5dadc program: remove now unused uc_program_export_lookup() 304995b compiler: rework export index allocation 506cc37 compiler: fix deriving module path from source runpath 54b7fac compiler: enforce stricter module compilation rules d62e372 vm: don't initialize upvalues for module functions b856602 program: add serialization and deserialization for module function flag d7d1bde compiler: add a flag denoting module functions 156d584 treewide: unexport libucode internal functions 10e056d compiler: add support for import/export statements 862e49d compiler: resolve predeclared upvalues 78dfb08 compiler: require a name in function declarations afd78c1 compiler: fix reported source position in inc/dec operator error e1c3db0 tests: run_tests.sh: substitute dynamic test directory path in output 3c168b5 vm, cli: move search path into global configuration structure d85bc71 vm: introduce import and export opcodes 365782e vm: honor constant flag of objects and arrays 6becc64 vm: transparently resolve upvalue references 3418967 vm: gracefully handle unresolved upvalues 50cf572 program: add function to globally lookup exported name c441f65 program: add infrastructure to handle multiple sources per program 2322468 program: fix reporting source position of first instruction 9c9a9ec program: fix en/decoding debuginfo upvalue slots in precompiled bytecode 41114a0 source: add tracking of exported symbols 70ae304 lib: honor constant flag of arrays 3c104f5 types: resolve upvalue references on stringification 3a6f9cb types: add ability to mark array and object values as constant b738f3a lexer: recognize module related keywords 03c8e4b lexer: rewrite token scanner fd433aa lexer: fix parsing with disabled block left stripping 557577a rtnl: fix parsing/creation of IFLA_AF_SPEC RTA for the AF_BRIDGE family 35c6b73 compiler: fix stack mismatch on continue statements nested in switches f673096 uloop: end uloop on exceptions in managed code 2e5426c ubus: end uloop on exceptions in managed code c024270 rtnl: expose IFLA_STATS64 contents d3c58c0 rtnl: expose ifinfomsg.ifi_change member c4dde50 rtnl: update NETLINK_GET_STRICT_CHK socket flag with every request 7ef0d02 nl80211: fix NL80211_SURVEY_INFO_NOISE datatype 9a2e592 compiler: fix stack mismatch on nonmatching switch statements with locals 03c8ca5 nl80211: recognize further NL80211_STA_INFO_* NLAs a1ed566 struct: add optional offset argument to `unpack()` 230e595 rtnl: fix segmentation fault on parsing linkinfo RTA without data 523566d rtnl: zero request message headers 56be30d rtnl: fix premature netlink reply receive abort 1347440 rtnl: avoid stray "netlink: %d bytes leftover after parsing attributes." 44b0a3b struct: fix packing `*` format after other repeated formats Also package uloop binding module which has been introduced by a previous ucode update and introduce a host build with the basic set of modules. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 3446d32616efad335c4eeeafc2f542089839bf20)
* nftables: fix parsing date expressionsJo-Philipp Wich2022-08-252-1/+45
| | | | | | | | | Musl libc does not support the non-POSIX "%F" format for strptime() so replace all occurrences of it with an equivalent "%Y-%m-%d" format. Fixes: #10419 Signed-off-by: Jo-Philipp Wich <jo@mein.io> (backported from commit e6e4f979999393825370e9db9fe04d75cb01acf2)
* firewall4: update to latest Git HEADJo-Philipp Wich2022-08-251-3/+3
| | | | | | | | | | a4484d4 fw4: support automatic includes ca7e3a1 fw4: honour enabled option of include sections 5a02f74 tests: add missing fs.stat) mock data for `nf_conntrack_dummy` 111a7f7 fw4: don't inherit zone family from ct helpers Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit fe86b2ffaaf6059250e3ba0a9e1436312415e23f)
* mac80211: parse the correct set of HE capabilities for AP modeSultan Alsawaf2022-08-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | It is common for 802.11ax NICs to support more than just AP mode, which results in there being a distinct set of HE capabilities for each mode. As (bad) luck would have it, iw prints out info for each HE mode in sequential order according to `enum nl80211_iftype`, and AP mode isn't always first. As a result, the wrong set of HE capabilities can be parsed if an AP NIC supports station (managed) mode or any other mode preceding AP mode, since only the first set of HE capabilities printed by iw is parsed from awk's output. This has a noticeable impact on beamforming for example, since managed mode usually doesn't have beamformer capabilities enabled, while AP mode does. Hostapd won't be set up with the configs to enable beamformer capabilities in this scenario, causing hostapd to disable beamforming to HE stations even when it's supported by the AP. Always parse the correct set of HE capabilities for AP mode to fix this. This is achieved by trimming all of iw's output prior to the AP mode capabilities, which ensures that the first set of HE capabilities are always for AP mode. Signed-off-by: Sultan Alsawaf <sultan@kerneltoast.com> (cherry picked from commit f338f76a66a50d201ae57c98852aa9c74e9e278a)
* base-files: add mtd_get_mac_encrypted_arcadyan functionMikhail Zhilkin2022-08-191-0/+31
| | | | | | | | | | Some Arcadyan devices (e.g. MTS WG430223) keep their config in encrypted mtd. This adds mtd_get_mac_encrypted_arcadyan() function to get the MAC address from the encrypted partition. Function uses uencrypt utility for decryption (and openssl if the uencrypt wasn't found). Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com> (cherry picked from commit 12c971bc26ac0ff04257bc475fff6fa68068c6c0)
* uencrypt: add package to decrypt WG4хх223 configEneas U de Queiroz2022-08-193-0/+194
| | | | | | | | | This adds a simple AES-128-CBC encryption/decryption program using either wolfSSL or OpenSSL as backend to decrypt Arcadyan WG4xx223 configuration partitions. The ipk size is 3,355 bytes. Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com> (cherry picked from commit bc43ad88ed18722c0621fd6dfef0ff68268f4e14)
* odhcp6c: update to git HEADHans Dedecker2022-08-181-3/+3
| | | | | | | 7d21e8d dhcpv6: add option to ignore stateless advertise Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit a23d132cff541210b281ac60de619e7ce7ec3ba0)
* ramips: add support for MTS WG430223Mikhail Zhilkin2022-08-161-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MTS WG430223 is a wireless AC1300 (WiFi 5) router manufactured by Arcadyan company. It's very similar to Beeline Smartbox Flash (Arcadyan WG443223). Device specification -------------------- SoC Type: MediaTek MT7621AT RAM: 128 MiB Flash: 128 MiB (Winbond W29N01HV) Wireless 2.4 GHz (MT7615DN): b/g/n, 2x2 Wireless 5 GHz (MT7615DN): a/n/ac, 2x2 Ethernet: 3xGbE (WAN, LAN1, LAN2) USB ports: No Button: 1 (Reset/WPS) LEDs: 2 (Red, Green) Power: 12 VDC, 1 A Connector type: Barrel Bootloader: U-Boot (Ralink UBoot Version: 5.0.0.2) OEM: Arcadyan WG430223 Installation ------------ 1. Login to the router web interface (superadmin:serial number) 2. Navigate to Administration -> Miscellaneous -> Access control lists & enable telnet & enable "Remote control from any IP address" 3. Connect to the router using telnet (default admin:admin) 4. Place *factory.trx on any web server (192.168.1.2 in this example) 5. Connect to the router using telnet shell (no password required) 6. Save MAC adresses to U-Boot environment: uboot_env --set --name eth2macaddr --value $(ifconfig | grep eth2 | \ awk '{print $5}') uboot_env --set --name eth3macaddr --value $(ifconfig | grep eth3 | \ awk '{print $5}') uboot_env --set --name ra0macaddr --value $(ifconfig | grep ra0 | \ awk '{print $5}') uboot_env --set --name rax0macaddr --value $(ifconfig | grep rax0 | \ awk '{print $5}') 7. Ensure that MACs were saved correctly: uboot_env --get --name eth2macaddr uboot_env --get --name eth3macaddr uboot_env --get --name ra0macaddr uboot_env --get --name rax0macaddr 8. Download and write the OpenWrt images: cd /tmp wget http://192.168.1.2/factory.trx mtd_write erase /dev/mtd4 mtd_write write factory.trx /dev/mtd4 9. Set 1st boot partition and reboot: uboot_env --set --name bootpartition --value 0 Back to Stock ------------- 1. Run in the OpenWrt shell: fw_setenv bootpartition 1 reboot 2. Optional step. Upgrade the stock firmware with any version to overwrite the OpenWrt in Slot 1. MAC addresses ------------- +-----------+-------------------+----------------+ | Interface | MAC | Source | +-----------+-------------------+----------------+ | label | A4:xx:xx:51:xx:F4 | No MACs was | | LAN | A4:xx:xx:51:xx:F6 | found on Flash | | WAN | A4:xx:xx:51:xx:F4 | [1] | | WLAN_2g | A4:xx:xx:51:xx:F5 | | | WLAN_5g | A6:xx:xx:21:xx:F5 | | +-----------+-------------------+----------------+ [1]: a. Label wasb't found neither in factory nor in other places. b. MAC addresses are stored in encrypted partition "glbcfg". Encryption key hasn't known yet. To ensure the correct MACs in OpenWrt, a hack with saving of the MACs to u-boot-env during the installation was applied. c. Default Ralink ethernet MAC address (00:0C:43:28:80:A0) was found in "Factory" 0xfff0. It's the same for all MTS WG430223 devices. OEM firmware also uses this MAC when initialazes ethernet driver. In OpenWrt we use it only as internal GMAC (eth0), all other MACs are unique. Therefore, there is no any barriers to the operation of several MTS WG430223 devices even within the same broadcast domain. Stock firmware image format --------------------------- The same as Beeline Smartbox Flash but with another trx magic +--------------+---------------+----------------------------------------+ | Offset | | Description | +==============+===============+========================================+ | 0x0 | 31 52 48 53 | TRX magic "1RHS" | +--------------+---------------+----------------------------------------+ Signed-off-by: Mikhail Zhilkin <csharper2005@gmail.com> (cherry picked from commit 498c15376bae109bfe130cc5581f83e4cc52c0f9)
* iwinfo: update to latest HEADHauke Mehrtens2022-08-141-3/+3
| | | | | | | 705d3b5 iwinfo: Add missing auth_suites mappings for WPA3 Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit cc2dfc5e4dc2e480203b826749186c73021795df)
* kernel: kmod-phy-smsc: Add new PHYHauke Mehrtens2022-08-142-1/+17
| | | | | | | | This adds the SMSC PHY which is needed by the kmod-usb-net-smsc95xx driver. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 5b016a88f92f25dd7d32438bce3a469f343f4009)
* kernel: kmod-phy-ax88796b: Add new PHYHauke Mehrtens2022-08-142-1/+18
| | | | | | | | This adds the AX88796B PHY which is needed by the kmod-usb-net-asix driver. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 712ff388bcd0811256c07e8e1f4b92a007adaa7f)
* kernel: kmod-ipt-ulog: Remove packageHauke Mehrtens2022-08-142-31/+0
| | | | | | | | The ulog iptables target was removed with kernel 3.17, remove the kernel and also the iptables package in OpenWrt too. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 2a0284fb0325f07e79b9b4c58a7d280ba9999a39)
* kernel: kmod-nft-nat6: Remove packageHauke Mehrtens2022-08-142-12/+1
| | | | | | | | | | | | The nft NAT packages for IPv4 and IPv6 were merged into the common packages with kernel 5.1. The kmod-nft-nat6 package was empty in our build, remove it. Multiple kernel configuration options were also removed, remove them from our generic kernel configuration too. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit b75425370d8de747457c137463bc4d15f6f44d00)
* kernel: ipt-ipset: Add ipset/ip_set_hash_ipmac.koHauke Mehrtens2022-08-141-0/+1
| | | | | | | | Add the ipset/ip_set_hash_ipmac.ko file. The CONFIG_IP_SET_HASH_IPMAC KConfig option is already set by the package. Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com> (cherry picked from commit 6a2e9f3da6d0f0f3ae382db1e77a65c2f0e67d24)
* kernel: netsupport: kmod-sched: explicitly define included modulesThomas Langer2022-08-141-6/+5
| | | | | | | | | | | Change SCHED_MODULES_EXTRA to an explicit list of modules instead of taking everything that is not filtered out. This removes the need of updating the filter each time an extra sch_*, act_* or similar is added with an own kmod definition. Signed-off-by: Thomas Langer <tlanger@maxlinear.com> Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com> (cherry picked from commit 1b956e66ccafc962033260567c2f1e845f71683f)
* kernel: netsupport: kmod-sched: Add kmod-lib-textsearch dependencyHauke Mehrtens2022-08-141-1/+1
| | | | | | | | The CONFIG_NET_EMATCH_TEXT configuration option depends on the kmod-lib-textsearch package. Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com> (cherry picked from commit 3cc878a8d3e4d2d445bf2ee34883e9326bfa0bb2)
* kernel: netsupport: kmod-sched: Remove sch_fq_codel and sch_fifoHauke Mehrtens2022-08-141-3/+1
| | | | | | | | | | The sch_fq_codel.ko and the sch_fifo.ko are always compiled into the kernel, they are activated in the generic kernel configuration. There is no need to activate the build of these kernel modules in the kmod-sched* packages. Signed-off-by: Hauke Mehrtens <hmehrtens@maxlinear.com> (cherry picked from commit 606e357bf824a314a0c6a147539974e99e8aabe1)
* arm-trusted-firmware-mediatek: skip bad blocks on SPI-NAND (SNFI)Daniel Golle2022-08-121-0/+40
| | | | | | | | | | Add patch to skip bad blocks when reading from SPI-NAND. This is needed in case erase block(s) early in the flash inside the FIP area are bad and hence need to be skipped in order to be able to boot on such damaged chips. Signed-off-by: Daniel Golle <daniel@makrotopia.org> (cherry picked from commit c0109537d13650e3cfd4d4840c571a0d557b303a)
* fstools: add uci fstab section to conffiles for package block-mountFlorian Eckert2022-08-121-0/+4
| | | | | | | | | | | The command 'opkg search /etc/config/fstab' does not return a package name for this config file. In order to know to which package this config file belongs to, a 'conffiles' entry was made for this file to package 'block-mount'. Signed-off-by: Florian Eckert <fe@dev.tdt.de> (cherry picked from commit 885f04b30556edddb9378c5e9eb561334e44ac7a) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* kernel: scale nf_conntrack_max more reasonablyVincent Pelletier2022-08-111-1/+0
| | | | | | | | | | | | | | | | | | | | Use the kernel's built-in formula for computing this value. The value applied by OpenWRT's sysctl configuration file does not scale with the available memory, under-using hardware capabilities. Also, that formula also influences net.netfilter.nf_conntrack_buckets, which should improve conntrack performance in average (fewer connections per hashtable bucket). Backport upstream commit for its effect on the number of connections per hashtable bucket. Apply a hack patch to set the RAM size divisor to a more reasonable value (2048, down from 16384) for our use case, a typical router handling several thousands of connections. Signed-off-by: Vincent Pelletier <plr.vincent@gmail.com> Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> (cherry picked from commit 15fbb916669dcdfcc706e9e75263ab63f9f27c00)
* dnsmasq: fix jail_mount for serversfileBruno Victal2022-08-101-1/+8
| | | | | | | | Fix 'serversfile' option not being jail_mounted by the init script. Signed-off-by: Bruno Victal <brunovictal@outlook.com> (cherry picked from commit 0276fab64933dc42bad865974dc224e2672f99fe) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* zlib: backport null dereference fixPetr Štetiar2022-08-092-1/+30
| | | | | | | | | | | | | The curl developers found test case that crashed in their testing when using zlib patched against CVE-2022-37434, same patch we've backported in commit 7df6795d4c25 ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)"). So we need to backport following patch in order to fix issue introduced in that previous CVE-2022-37434 fix. References: https://github.com/curl/curl/issues/9271 Fixes: 7df6795d4c25 ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)") Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit f443e9de7003c00a935b9ea12f168e09e83b48cd)
* zlib: bump PKG_RELEASE after CVE fixPetr Štetiar2022-08-081-1/+1
| | | | | | | | | Fixing missed bump of PKG_RELEASE while backporting commit 7561eab8e86e ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)") as package in master is using AUTORELEASE. Fixes: 7561eab8e86e ("zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)") Signed-off-by: Petr Štetiar <ynezz@true.cz>
* zlib: backport fix for heap-based buffer over-read (CVE-2022-37434)Petr Štetiar2022-08-081-0/+32
| | | | | | | | | | | | | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader. Fixes: CVE-2022-37434 References: https://github.com/ivd38/zlib_overflow Signed-off-by: Petr Štetiar <ynezz@true.cz> (cherry picked from commit 7df6795d4c25447683fd4b4a4813bebcddaea547)
* odhcpd: update to git HEADHans Dedecker2022-08-071-3/+3
| | | | | | | | 860ca90 odhcpd: Support for Option NTP and SNTP 83e14f4 router: advertise removed addresses as invalid in 3 consecutive RAs Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cherry picked from commit 73c6d8fd046298face0e8aea8e52cc0faca67324)
* uboot-mvebu: update to v2022.07Andre Heider2022-08-063-33/+22
| | | | | | | | | | | | | | | | | - Release announcement: https://lore.kernel.org/u-boot/20220711134339.GV1146598@bill-the-cat/ - Changes between 2022.04 and 2022.07: https://source.denx.de/u-boot/u-boot/-/compare/v2022.04...v2022.07?from_project_id=531 Remove one upstreamed patch and add patch to fix issue with sunxi tool as it uses function from newer version libressl (3.5.0). Signed-off-by: Andre Heider <a.heider@gmail.com> Tested-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [Turris Omnia] (cherry picked from commit 24bf6813bad98a8eba5430ed5e4da89d54797274) Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com> [Improve commit message]
* ramips: support fw_printenv for Netgear WAX202Wenli Looi2022-08-061-1/+2
| | | | | | | | | Config partition contains uboot env for the first 0x20000 bytes. The rest of the partition contains other data including the device MAC address and the password printed on the label. Signed-off-by: Wenli Looi <wlooi@ucalgary.ca> (cherry picked from commit 0bfe1cfbb13c58d909951cab9fac8910ccbe74f3)
* umdns: add missing syscall to seccomp filterChen Minqiang2022-08-061-0/+4
| | | | | | | | | | | | | | There is some syscall missing: 'getdents64' 'getrandom' 'statx' 'newfstatat' Found with: 'mkdir /etc/umdns; ln -s /tmp/1.json /etc/umdns/; utrace /usr/sbin/umdns' Signed-off-by: Chen Minqiang <ptpt52@gmail.com> (cherry picked from commit 31cca8f8d3f6218965812c46de35ba30c4ba83ab)
* ramips: Add support command fw_setsys for Xiaomi routersOleg S2022-08-061-4/+10
| | | | | | | | | | | | | The system parameters are contained in the Bdata partition. To use the fw_setsys command, you need to create a file fw_sys.config. This file is created after calling the functions ubootenv_add_uci_sys_config and ubootenv_add_app_config. Signed-off-by: Oleg S <remittor@gmail.com> [ wrapped commit description to 72 char ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> (cherry picked from commit 6c7e337c80f92693c2ca628a4a56aeaec4cc3ca8)
* ltq-vdsl-app: Fix counter overflow resulting in negative valuesRoland Barenbrug2022-08-061-1/+1
| | | | | | | | | | | | | The re-transmit counters can overflow the 32 bit representation resulting in negative values being displayed. Background being that the numbers are treated at some point as signed INT rather than unsigned INT. Change the counters from 32 bit to 64 bit, should provide sufficient room to avoid any overflow. Not the nicest solution but it works Fixes: #10077 Signed-off-by: Roland Barenbrug <roland@treslong.com> Acked-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> (cherry picked from commit 456b9029d764e69f390ee26bca24883b12eb83c2)
* libmnl: fix build when bash is not located at /bin/bashMark Mentovai2022-08-051-0/+11
| | | | | | | | | | | | | This fixes the libmnl build on macOS, which ships with an outdated bash at /bin/bash. During the OpenWrt build, a modern host bash is built and made available at staging_dir/host/bin/bash, which is present before /bin/bash in the build's PATH. This is similar to 8f7ce3aa6dda, presently appearing at package/kernel/mac80211/patches/build/001-fix_build.patch. Signed-off-by: Mark Mentovai <mark@mentovai.com> (cherry picked from commit beeb49740bb4f68aadf92095984a2d1f9a488956)
* OpenWrt v22.03.0-rc6: revert to branch defaultsHauke Mehrtens2022-08-011-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* OpenWrt v22.03.0-rc6: adjust config defaultsv22.03.0-rc6Hauke Mehrtens2022-08-011-2/+2
| | | | Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* mac80211: Update to version 5.15.58-1Hauke Mehrtens2022-07-3128-206/+70
| | | | | | | | | This updates mac80211 to version 5.15.58-1 which is based on kernel 5.15.58. The removed patches were applied upstream. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> (cherry picked from commit 3aa18f71f9c8a5447bdd2deda4e681175338164f)
* wolfssl: fix math library buildJohn Audia2022-07-311-0/+23
| | | | | | | | | | | | | | Apply upstream patch[1] to fix breakage around math libraries. This can likely be removed when 5.5.0-stable is tagged and released. Build system: x86_64 Build-tested: bcm2711/RPi4B Run-tested: bcm2711/RPi4B 1. https://github.com/wolfSSL/wolfssl/pull/5390 Signed-off-by: John Audia <therealgraysky@proton.me> (cherry picked from commit c2aa816f28e0fe2f6f77d0c6da4eba19ea8db4ea)