aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* kernel: bump 5.4 to 5.4.90John Audia2021-01-194-5/+5
| | | | | | | | | | | | | | All modification made by update_kernel.sh in a fresh clone without existing toolchains. Build system: x86_64 Build-tested: ipq806x/R7800, bcm27xx/bcm2711 Run-tested: ipq806x/R7800 No dmesg regressions, everything functional Signed-off-by: John Audia <graysky@archlinux.us> Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
* dnsmasq: Update to version 2.83Hauke Mehrtens2021-01-192-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following security problems in dnsmasq: * CVE-2020-25681: Dnsmasq versions before 2.83 is susceptible to a heap-based buffer overflow in sort_rrset() when DNSSEC is used. This can allow a remote attacker to write arbitrary data into target device's memory that can lead to memory corruption and other unexpected behaviors on the target device. * CVE-2020-25682: Dnsmasq versions before 2.83 is susceptible to buffer overflow in extract_name() function due to missing length check, when DNSSEC is enabled. This can allow a remote attacker to cause memory corruption on the target device. * CVE-2020-25683: Dnsmasq version before 2.83 is susceptible to a heap-based buffer overflow when DNSSEC is enabled. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap- allocated memory. This flaw is caused by the lack of length checks in rtc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in Dnsmasq, resulting in a Denial of Service. * CVE-2020-25684: A lack of proper address/port check implemented in Dnsmasq version < 2.83 reply_query function makes forging replies easier to an off-path attacker. * CVE-2020-25685: A lack of query resource name (RRNAME) checks implemented in Dnsmasq's versions before 2.83 reply_query function allows remote attackers to spoof DNS traffic that can lead to DNS cache poisoning. * CVE-2020-25686: Multiple DNS query requests for the same resource name (RRNAME) by Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS traffic, using a birthday attack (RFC 5452), that can lead to DNS cache poisoning. * CVE-2020-25687: Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rtc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of Service. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* uboot-at91: Add PKG_MIRROR_HASH to fix downloadHauke Mehrtens2021-01-181-0/+1
| | | | | | | | | | | The referenced commit is gone, but we already have this file on our mirror, use that one by providing the correct mirror hash. I generated a tar.xz file with the given git commit hash using a random fork on github and it generated the same tar.xz file as found on our mirror so this looks correct. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* at91bootstrap: Add PKG_MIRROR_HASH to fix downloadHauke Mehrtens2021-01-181-0/+1
| | | | | | | | | | | The referenced commit is gone, but we already have this file on our mirror, use that one by providing the correct mirror hash. I generated a tar.xz file with the given git commit hash using a random fork on github and it generated the same tar.xz file as found on our mirror so this looks correct. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* include: update logo with better kerningPaul Spooren2021-01-182-453/+241
| | | | | | | | Kerning seems to be very off-putting for some people so the logo designer thankfully updated guidelines to something which is now considered final. Signed-off-by: Paul Spooren <mail@aparcar.org>
* ath79: rename UniFi AC kernel1 partitionDavid Bauer2021-01-181-1/+1
| | | | | | | These devices do not run Ubiquiti AirOS. Rename the partition to the name used by other UniFi devices with vendor dualboot support. Signed-off-by: David Bauer <mail@david-bauer.net>
* rockchip: use stable MAC-address for NanoPi R2SDavid Bauer2021-01-181-1/+8
| | | | | | | | | | | | | | | | The NanoPi R2S does not have a board specific MAC address written inside e.g. an EEPROM, hence why it is randomly generated on first boot. The issue with that however is the lack of a driver for the PRNG. It often results to the same MAC address used on multiple boards by default, as urngd is not active at this early stage resulting in low available entropy. There is however a semi-unique identifier available to us, which is the CID of the used SD card. It is unique to each SD card, hence we can use it to generate the MAC address used for LAN and WAN. Signed-off-by: David Bauer <mail@david-bauer.net>
* bcm63xx-cfe: enable package for bcm4908Rafał Miłecki2021-01-181-2/+2
| | | | | | bcm4908 target needs to include cferam images in firmware files too Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* firmware-utils: bcm4908img: tool adding BCM4908 image tailRafał Miłecki2021-01-182-0/+380
| | | | | | | | | | Flashing image with BCM4908 CFE bootloader requires specific firmware format. It needs 20 extra bytes with magic numbers and CRC32 appended. This tools allows appending such a tail to the specified image and also verifying CRC32 of existing BCM4908 image. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* mbedtls: update to 2.16.9Rosen Penev2021-01-181-2/+2
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* netifd: fix IPv6 routing loop on point-to-point linksHans Dedecker2021-01-171-3/+3
| | | | | | | | c00c833 interface-ip: add unreachable route if address is offlink e71909c interface-ip: coding style fixes Tested-by: Karl Vogel <karl.vogel@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* odhcp6c: fix routing loop on point-to-point linksHans Dedecker2021-01-171-3/+3
| | | | | | | | 53f07e9 ra: fix routing loop on point to point links 2b6959d ra: align ifindex resolving Tested-by: Karl Vogel <karl.vogel@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ipq40xx: mikrotik: enable MikroTik platform driverRobert Marko2021-01-171-0/+2
| | | | | | | | This enables the MikroTik platform driver, it enables us to parse valuable info from hard_config including WLAN calibration data extraction from sysfs. Signed-off-by: Robert Marko <robimarko@gmail.com>
* ipq40xx: mikrotik: enable MikroTik NOR parserRobert Marko2021-01-171-0/+1
| | | | | | Needed for SPI-NOR based MikroTik IPQ40xx devices like hAP ac2. Signed-off-by: Robert Marko <robimarko@gmail.com>
* ipq40xx: mikrotik: enable CONFIG_MTD_ROUTERBOOT_PARTSRobert Marko2021-01-171-0/+1
| | | | | | | | | This enables the new MikroTik specific partition parser. This avoids manually specifying the MikroTik specific partitions as they can be detected by their magic values. Signed-off-by: Robert Marko <robimarko@gmail.com>
* ipq40xx: add MikroTik subtargetRobert Marko2021-01-173-1/+5
| | | | | | | | | | | | | MikroTik devices require the use of raw vmlinux out of the self extracting compressed kernels. They also require 4K sectors, kernel2minor, partition parser as well as RouterBoard platform drivers. So in order to not add unnecessary code to the generic sub target lets introduce a MikroTik sub target. Signed-off-by: Robert Marko <robimarko@gmail.com>
* ipq40xx: kernel compressed boot: reset watchdog countdownJohn Thomson2021-01-171-0/+66
| | | | | | | | | | | | | | If the watchdog is enabled, set the timeout to 30 seconds before decompress is started. Mikrotik ipq40xx devices running with RouterBoot have the SoC watchdog enabled and running with a timeout that does not allow time for the kernel to decompress and manage the watchdog. On ipq40xx RouterBoot TFTP boot the watchdog countdown is reset before: Jumping to kernel Signed-off-by: John Thomson <git@johnthomson.fastmail.com.au>
* ipq40xx: arm: compressed: add appended DTB sectionRobert Marko2021-01-171-0/+48
| | | | | | | | | | | | | | | | | | | | This adds a appended_dtb section to the ARM decompressor linker script. This allows using the existing ARM zImage appended DTB support for appending a DTB to the raw ELF kernel. Its size is set to 1MB max to match the zImage appended DTB size limit. To use it to pass the DTB to the kernel, objcopy is used: objcopy --set-section-flags=.appended_dtb=alloc,contents \ --update-section=.appended_dtb=<target>.dtb vmlinux This is based off the following patch: https://github.com/openwrt/openwrt/commit/c063e27e02a9dcac0e7f5877fb154e58fa3e1a69 Signed-off-by: Robert Marko <robimarko@gmail.com>
* libusb: make InstallDev explicitRosen Penev2021-01-161-2/+7
| | | | | | Helps to see what actually gets installed. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libusb: cleanup PKG_ variablesRosen Penev2021-01-161-4/+5
| | | | | | | | | | Reordered for consistency between packages. Fixed license information. Change PKG_BUILD_PARALLEL to 1. This is no longer a problem.1 Signed-off-by: Rosen Penev <rosenp@gmail.com>
* libusb: update to 1.0.24Rosen Penev2021-01-161-3/+3
| | | | Signed-off-by: Rosen Penev <rosenp@gmail.com>
* ipq40xx: split generic images into own fileAlexander Couzens2021-01-172-806/+810
| | | | | | | In preparation of the new mikrotik subtarget split the generic images into generic.mk Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* glibc: update to latest 2.32 commit (BZ #20019, BZ #27177, BZ #27130)Hans Dedecker2021-01-151-2/+2
| | | | | | | | | 4c619b3eed x86: Check IFUNC definition in unrelocated executable [BZ #20019] 87450ecf8a x86: Set header.feature_1 in TCB for always-on CET [BZ #27177] 2b4f67c2b3 Update for [BZ #27130] fix 1a24bbd43e x86-64: Avoid rep movsb with short distance [BZ #27130] Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* ramips: mt7621: refresh the kernel configRui Salvaterra2021-01-151-50/+4
| | | | | | | | The removed config symbols are already enabled by the generic kernel configuration (or by default), while the added ones are forcefully enabled by the specific architecture. Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* ath79: remove USB port definition for TP-Link TL-WR810N v1Adrian Schmutzler2021-01-151-7/+1
| | | | | | | | The USB port definition is only needed when it is linked to a USB LED. Since there is none for this device, we might as well remove the port definition. Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* ath79: Add support for Ubiquiti Bullet ACRussell Senior2021-01-155-10/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CPU: Atheros AR9342 rev 3 SoC RAM: 64 MB DDR2 Flash: 16 MB NOR SPI WLAN 2.4GHz: Atheros AR9342 v3 (ath9k) WLAN 5.0GHz: QCA988X Ports: 1x GbE Flashing procedure is identical to other ubnt devices. https://openwrt.org/toh/ubiquiti/common Flashing through factory firmware 1. Ensure firmware version v8.7.0 is installed. Up/downgrade to this exact version. 2. Patch fwupdate.real binary using `hexdump -Cv /bin/ubntbox | sed 's/14 40 fe 27/00 00 00 00/g' | \ hexdump -R > /tmp/fwupdate.real` 3. Make the patched fwupdate.real binary executable using `chmod +x /tmp/fwupdate.real` 4. Copy the squashfs factory image to /tmp on the device 5. Flash OpenWrt using `/tmp/fwupdate.real -m <squashfs-factory image>` 6. Wait for the device to reboot (copied from Ubiquiti NanoBeam AC and modified) Flashing from serial console 1. Connect serial console (115200 baud) 2. Connect ethernet to a network with a TFTP server, through a passive PoE injector. 3. Press a key to obtain a u-boot prompt 4. Set your TFTP server's ip address, with: setenv serverip <tftp-server-address> 5. Set the Bullet AC's ip address, with: setenv ipaddr <bullet-ac-address> 6. Set the boot file, with: setenv bootfile <name-of-initramfs-binary-on-tftp-server> 7. Fetch the binary with tftp: tftpboot 8. Boot the initramfs binary: bootm 9. From the initramfs, fetch the sysupgrade binary, and flash it with sysupgrade. The Bullet AC is identified as a 2WA board by Ubiquiti. As such, the UBNT_TYPE must match from the "Flashing through factory firmware" install instructions to work. Phy0 is QCA988X which can tune either band (2.4 or 5GHz). Phy1 is AR9342, on which 5GHz is disabled. It isn't currently known whether phy1 is routed to the N connector at all. Signed-off-by: Russell Senior <russell@personaltelco.net>
* kernel: drop empty kmod-ledtrig-* packagesSungbo Eo2021-01-1514-96/+29
| | | | | | | | | | | | | | The following four led triggers are enabled in generic config. * kmod-ledtrig-default-on * kmod-ledtrig-heartbeat * kmod-ledtrig-netdev * kmod-ledtrig-timer Drop the packages and remove them from DEVICE_PACKAGES. There's no other package depending on them in this repo. Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* treewide: do not disable LED triggers in target configSungbo Eo2021-01-154-4/+0
| | | | | | | Those targets have already enabled some other LED triggers, so enabling a few more won't be a big problem. Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* kernel: enable CONFIG_LEDS_TRIGGER_HEARTBEATSungbo Eo2021-01-159-9/+1
| | | | | | | | | | The heartbeat trigger is used by luci-mod-system, which is installed as a part of the standard luci package set. It seems the LED trigger will be required quite often, so let's enable it by default. This increases uncompressed kernel size by about 100 bytes on ath79/generic. Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* hostapd: fix setting wps_state to "not configured"Leon M. George2021-01-152-2/+2
| | | | | | | | | | | | | | | With encryption disabled, it was intended to set wpa_state=1 (enabled, not configured) through the 'wps_not_configured' flag. The flag is set appropriately but the condition using it is broken. Instead, 'wps_configured' is checked and wpa_state is always 2 (enabled, configured). Fix it by using the correct variable name. Fixes: 498d84fc4e00 ("netifd: add wireless configuration support and port mac80211 to the new framework") Signed-off-by: Leon M. George <leon@georgemail.eu> [commit title/message improvements] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* kernel: update kmod-thermal packageSungbo Eo2021-01-151-7/+4
| | | | | | | | | | | CONFIG_THERMAL option was changed to boolean in upstream linux commit 554b3529fe01 ("thermal/drivers/core: Remove the module Kconfig's option"). Switch it to 'y' and remove FILES and AUTOLOAD for non-existant module file. And update the descripton text for the package as in upstream linux commit eb8504620381 ("thermal: Rephrase the Kconfig text for thermal"). Signed-off-by: Sungbo Eo <mans0n@gorani.run>
* owipcalc: use v6 in cidr_parse6 functionNick Hainke2021-01-152-5/+5
| | | | | | | | | | | The cidr_parse6 function parses a string to an ipv6-address. The cidr struct contains a union called buf for the ipv4 and ipv6 address. Since it is a char pointer and the struct is initialized with the maximum size (so ipv6 string) it does not make any difference. However, we should access the buffer using the v6 name, since it could be confusing otherwise. Signed-off-by: Nick Hainke <vincent@systemli.org>
* ipq806x: fix Ubiquiti UniFi AC HD partition mapJan Alexander2021-01-151-1/+1
| | | | | | | | | | This fixes a typo in the previously committed partition map that led to the extension of the read-only mtd partition "SSD" into the following partitions. Fixes: 4e46beb31342 ("ipq806x: add support for Ubiquiti UniFi AC HD") Signed-off-by: Jan Alexander <jan@nalx.net>
* kernel: bump 5.4 to 5.4.89John Audia2021-01-159-14/+14
| | | | | | | | | | | | | | All modification made by update_kernel.sh in a fresh clone without existing toolchains. Build system: x86_64 Build-tested: ipq806x/R7800, bcm27xx/bcm2711 Run-tested: ipq806x/R7800 No dmesg regressions, everything functional Signed-off-by: John Audia <graysky@archlinux.us> Tested-by: Curtis Deptuck <curtdept@me.com> [x86/64]
* mac80211: fix rounding error in minstrel_ht throughput calculationFelix Fietkau2021-01-151-0/+34
| | | | | | Fixes rate selection with lower data rates Signed-off-by: Felix Fietkau <nbd@nbd.name>
* scripts: target-metadata don't add PROFILES twicePaul Spooren2021-01-141-1/+2
| | | | | | | | | | | | | | | Since 4ee3cf2b5a profiles with alternative vendor names may appear multiple times in `tmp/.targetinfo` or `.targetinfo` (for ImageBuilders). The `target-metadata.pl` script adds these profiles then twice to `PROFILE_NAMES` and the ImageBuilder show the profile twice when running `make info`. This patch removes duplicate profile IDs and only adds them once to `.profiles.mk`. Signed-off-by: Paul Spooren <mail@aparcar.org>
* kernel: make lwtunnel support optionalRui Salvaterra2021-01-141-2/+3
| | | | | | | | | | Not everyone will want to bloat their kernel by 24 kiB for such a niche feature. Fixes: a1a7f3274e0ed27511d45f62ee20281d8d57c7af "kernel: enable SRv6 support by enabling lwtunnel" Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
* bcm4908: prepend kernel images with a custom headerRafał Miłecki2021-01-151-2/+7
| | | | | | It's required for CFE to accept kernel. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* firmware-utils: bcm4908kernel: tool adding BCM4908 kernel headerRafał Miłecki2021-01-152-0/+128
| | | | | | | BCM4908 CFE bootloader requires kernel to be prepended with a custom header. This simple tool implements support for such headers. Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* glibc: add arc700 patchRosen Penev2021-01-144-58/+87
| | | | | | | | | glibc does not officially support ARC700 so this adds the missing pieces. I looked at uClibc-ng and a patch by Synopsis for glibc. ran make toolchain/glibc/refresh to clean up fuzz. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* mac80211: fix an uninitialized stack variable in the minstrel updateFelix Fietkau2021-01-142-3/+11
| | | | | | It can lead to out-of-bounds access and invalid rates Signed-off-by: Felix Fietkau <nbd@nbd.name>
* mt76: update to the latest versionFelix Fietkau2021-01-142-28/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a46f9a9160e9 mt76: mt7915: add vif check in mt7915_update_vif_beacon() 27ad12352ac9 mt76: mt7615: add vif check in mt7615_update_vif_beacon() 0a449cef024e mt76: mt7915: fix MT_CIPHER_BIP_CMAC_128 setkey eacd2d493c61 mt76: mt7915: reset token when mac_reset happens e4b23301e6c9 mt76: mt7615: reset token when mac_reset happens 6e22bbfe0360 mt76: mt7615: convert comma to semicolon 37865118ae2d mt76: mt7915: convert comma to semicolon 742c36b2e527 mt76: mt7915: run mt7915_configure_filter holding mt76 mutex a515727e8423 mt76: mt7915: add support for flash mode b6f7b3da5216 mt76: mt7915: fix endianness warning in mt7915_mcu_set_radar_th 062f3f4f06a2 mt76: mt7915: simplify mt7915_mcu_send_message routine dbba9b993300 mt76: mt7915: drop zero-length packet to avoid Tx hang 36a745d0f71c mt76: Fix queue ID variable types after mcu queue split a4539760b0b1 mt7915: update the testmode support to the latest upstream patch 64bd6f87e4c2 mt7915: fix crash on failure in pci_set_dma_mask c202ace409e0 mt76: remove unused variable q d1b827781f84 mt76: mt7915: add partial add_bss_info command on testmode init a897a69769f5 mt76: testmode: introduce dbdc support b44472e99822 mt76: testmode: move mtd part to mt76_dev 45e27e6cdc12 mt76: mt7915: move testmode data from dev to phy b6673b005770 mt76: mt7615: move testmode data from dev to phy abdd471e9f2d mt76: mt7915: fix ht mcs in mt7915_mcu_get_rx_rate() d679b56b9585 mt76: move mac_work in mt76_core module 36cd48ab4454 mt76: move chainmask in mt76_phy 89a6781ed045 mt76: mt7915: force ldpc for bw larger than 20MHz in testmode 3d0834e78005 mt76: testmode: add support to set user-defined spe index cc05f4679667 mt76: testmode: add attributes for ipg related parameters 77b18b16fe16 mt76: testmode: make tx queued limit adjustable 6365a58573cb mt76: mt7915: split edca update function e56282bf67f6 mt76: mt7915: add support for ipg in testmode 6fa642903e4e mt76: mt7915: calculate new packet length when tx_time is set in testmode 729ec5daeba5 mt76: mt7915: clean hw queue before starting new testmode tx 981443da5cf7 mt76: testmode: add a new state for continuous tx 4793fc9b3d48 mt76: mt7915: rework set state part in testmode 11a1e86e5946 mt76: mt7915: add support for continuous tx in testmode 364affef82fc mt76: mt7615: mt7915: disable txpower sku when testmode enabled 9fc19db51293 mt76: mt7915: simplify peer's TxBF capability check 6377b7f330be mt76: mt7915: add implicit Tx beamforming support 983091a40633 mt76: mt7915: fix MESH ifdef block bbb7a9e77751 mt76: mt76u: fix NULL pointer dereference in mt76u_status_worker a28a8dd2f7de mt76: usb: fix crash on device removal 9c312f2ce2c5 mt76: mt7915: rework mcu API e6fe82acb111 mt76: mt7915: disable RED support in the WA firmware 25d7429bdc41 mt76: mt7915: fix eeprom parsing for DBDC 7a93026dd3dc mt76: mt7915: fix eeprom DBDC band selection 4c8a09cc45d0 tools: Set mode for new file /tmp/mt76-test-%s Signed-off-by: Felix Fietkau <nbd@nbd.name>
* tools/fakeroot: fix build regression on macOSFelix Fietkau2021-01-141-2/+18
| | | | | | AT_EMPTY_PATH and AT_NO_AUTOMOUNT does not exist there Signed-off-by: Felix Fietkau <nbd@nbd.name>
* bcm4908: backport brcmstb USB PHY driver changesRafał Miłecki2021-01-1424-0/+3746
| | | | | | This includes BCM4908 support Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
* hostapd: fix key_mgmt typoLeon M. George2021-01-142-2/+2
| | | | | | | | | | | The key_mgmt variable was mistyped when checking against "WPS", so the if clause was never entered. Fixes: f5753aae233f ("hostapd: add support for WPS pushbutton station") Signed-off-by: Leon M. George <leon@georgemail.eu> [add commit message, bump PKG_RELEASE] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
* hostapd: remove trailing whitespacesLeon M. George2021-01-141-2/+2
| | | | Signed-off-by: Leon M. George <leon@georgemail.eu>
* hostapd: remove unused variableLeon M. George2021-01-141-1/+0
| | | | | | | | | 'base' was never used. Fixes: 498d84fc4e00 ("netifd: add wireless configuration support and port mac80211 to the new framework") Signed-off-by: Leon M. George <leon@georgemail.eu>
* hostapd: remove unused variableLeon M. George2021-01-141-1/+0
| | | | | | | | | 'enc_str' was never used. Fixes: 498d84fc4e00 ("netifd: add wireless configuration support and port mac80211 to the new framework") Signed-off-by: Leon M. George <leon@georgemail.eu>
* hostapd: run as user 'network' if procd-ujail is installedDaniel Golle2021-01-144-2/+55
| | | | | | | Granting capabilities CAP_NET_ADMIN and CAP_NET_RAW allows running hostapd and wpa_supplicant without root priviledges. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
* mac80211: improve error handling when adding hostapd configDaniel Golle2021-01-142-8/+8
| | | | Signed-off-by: Daniel Golle <daniel@makrotopia.org>