Recent versions of Chrome require this ciphers to successfully handshake with
a TLS enabled uhttpd server using the ustream-polarssl backend.
If `CONFIG_GCM` is disabled, `ssl_ciphersuite_from_id()` will return `NULL`
when cipher `0x9d` is looked up, causing the calling `ssl_ciphersuite_match()`
to fail with `POLARSSL_ERR_SSL_INTERNAL_ERROR`.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add support for hostid dhcp config entry to dnsmasq. This allows
specification of dhcpv6 hostid suffix and works in the same way as
odhcpd.
Entries in auto generated dnsmasq.conf should conform to:
dhcp-host=mm:mm:mm:mm:mm:mm,IPv4addr,[::V6su:ffix],hostname
example based on sample config/dhcp entry:
config host
option name 'Kermit'
option mac 'E0:3F:49:A1:D4:AA'
option ip '192.168.235.4'
option hostid '4'
dhcp-host=E0:3F:49:A1:D4:AA,192.168.235.4,[::0:4],Kermit
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
- Fix calculation of `$vht_cap` bit field
- Replace wrong reference to `$tx_stbc` variable with proper `$tx_stbc_2by1` one
- Emit proper `RX-STBC-{1,12,123,1234}` tokens for the VHT capability list
See https://dev.openwrt.org/ticket/22535 for reference.
Signed-off-by: Scott Shambarger <devel@shambarger.net>
Daemons that are waiting for a timesync are only triggered when the action is stratum.
As step is the first sync action pass all actions to the ntpd hotplug scripts; it's up
to the ntpd hotplugscript to filter out the actions it is interested in.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
By default dnsmasq uses random ports for outbound dns queries;
when the maxport UCI option is specified the ports used will
always be smaller than the specified value.
This is usefull for systems behind firewalls.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Increase the default system log buffer size
from 16 kB (default both in logd source and in the startup script)
to 64 kB by adjusting the default value in startup script.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Increase the default system log buffer size
from 16 kB (built-in default in ubox logd)
to 64 kB by setting the option in /etc/config/system.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Record the state of any hardware LED configured through UCI and use that
information to revert the state when applying updated settings while
maintaining default behaviour of system LEDs.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The board_detect framework is now able to create the entire system config from
scratch so we can finally drop the copy shipped by base-files.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Now that config_generate is able to generate the entire /etc/config/system
from scratch we can apply the same logic as used for /etc/config/network;
when the configuration file exists already then do not do anything, else
generate it from the values provided by /etc/board.json .
In order to facilitate that move the file existance checking inside
/bin/config_generate and call it unconditionally from /bin/board_detect.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Currently, the uci data model does not provide support for specifying
the minimum TLS version supported in an OpenVPN instance (be it server
or client).
This patch adds support for writing the relevant option to the openvpn
configuration file at service startup.
Signed-off-by: Matteo Panella <morpheus@level28.org>
[Jo-Philipp Wich: shorten commit title, bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Attempt to reset all LED states before applying the UCI configuration to
avoid leaving disabled LEDs behind in lingering glowing state, e.g. when
changing the sysfs entry in the config from one hardware LED to another.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
>From wolfssl/openssl/opensslv.h, and from skimming the contents of what
"--enable-stunnel" actually does, it seems that --enable-opensslextra
doesn't give you the "full" openssl compatibility that you may wish for
these days. Unfortuantely, while wolfssl writes the build time options
into wolfssl/options.h, it doesn't include that file itself. User
applications must include that directly.
Signed-off-by: Karl Palsson <karlp@etactica.com>
Add 'cake' qdisc kernel module package.
V2 - KDB Small update to base on latest cake tc changes (wash option
deprecated)
V3 - KDB Move kmod-sched-cake package to kernel as is kernel related
V4 - KDB Split into individual patches, kmod & tc
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Add cake support to 'tc' in iproute2
- Use a patch to modify tc instead of adding a new tc-adv package.
Patch creates q_cake.c that matches commit 3314230bc4
- Do not include the other things from tc-adv (cake0, cake2, pie etc.).
V2 - KDB Small update to base on latest cake tc changes (wash option
deprecated)
V3 - KDB Move kmod-sched-cake package to kernel as is kernel related
v4 - KDB Split into individual patches, tc & kmod
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Acked-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
uClibc-ng pretends to be GNU libc 2.2 and then a fallback
scanf check is tried, so that libmount is disabled
afterwards. Add a fix already suggested upstream.
Add librt dependency required for other apps, too.
Signed-off-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
It turns out most device vendors don't set the correct country code
in their devices' on-flash-EEPROM sections as they apparently rather
provide a complete per-target-market firmware with patched drivers
instead of just setting the country code.
This results in the driver to incorrectly assume the value stored in
the on-flash-EERPOM (usually US or China) being the regulatory domain
inside which the device is being used.
To work around this issue, OpenWrt introduced the ATH_USER_REGD config
variable to decide during build whether or not to allow the user to
override the regulatory domain setting. This option, however, is not
enabled by default and thus ends up being disabled for snapshots builds
and released binaries.
As we know for a long time that most devices got borked regulatory
domain values set in their EEPROMs we should allow our users to respect
their local law (instead of just assume US or China laws).
Note that also the current default has great potential of users not
ever setting their regulatory domain and thus using inapproriate and
potentially illegal frequencies and/or tx-power settings
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This allows one to select CT firmware for ath10k
if one prefers to try this firmware instead of stock
ath10k firmware.
The 10.1 (988X) firmware can actually be installed beside the
default firmware, but it will not be used as long as the firmware-5.bin
file exists. Users could rename the files and reboot to use different
images.
The 99X0 (wave-2) firmware uses the same firmware-5.bin name as default
firmware, so it cannot be installed at the same time as default firmware.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Kernel module for the OMAP Random Number Generator
found on OMAP16xx, OMAP2/3/4/5 and AM33xx/AM43xx
multimedia processors.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
When the gettext-full host build phase finds an `emacs` exectuble during the
build it will launch an `emacs --batch` command to run some Lisp code.
On certain Debian systems the `/usr/bin/emacs` path might point, via
alternatives, to the `/usr/bin/jove` editor which will then launch an
interactive session when invoked by the gettext build.
In order to avoid this problem, explicitely disable emacs handling during
the build through a configure environment variable.
Also remove my now unreachable maintainer address.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>