Since kernel 4.2, DRBG is the default crypto API RNG, replacing krng. As
DRBG is not enabled, there is no crypto API RNG available when running
kernel 4.2 or later. Because of this, IPsec SAs fail to install. In
strongSwan, this results in a vague error that is difficult to debug:
received netlink error: No such file or directory (2)
Solve this by adding DRBG to the kmod-crypto-rng package. As enabling
DRBG in the kernel config also enables the Jitterentropy RNG, include it
in kmod-crypto-rng instead of having it in a separate package.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
SVN-Revision: 47827
Bump ubus to current Git HEAD in order to:
* Fix a null pointer access when user ACLs are loaded into memory
* Fix wrong permission handling for uid=0, gid!=0 peers
* Fix return code for permission defined cases
* Fix socket error handling when the server connection dies
* Make ACL file path configurable
* Remove invalid usages of poll() when using a zero timeout
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47816
The "iw" utility expects the VHT80 to be specified as uppercase "80MHZ",
change the script to reflect that.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47814
This version and version 3.6.8 are fixing the following security problems:
* CVE-2015-7744
* CVE-2015-6925
The activation of SSLv3 support is needed for curl.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47791
This should ensure that lldpd is among the first processes to stop,
so that it has time to send the shutdown LLDPU to the other side,
before the network goes down.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
SVN-Revision: 47786
Support next to the non-HT/HT channel widths like HT20 or NOHT also VHT80
channels during the mesh join
iw dev mesh0 mesh join "meshnet" freq 5180 80MHz
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
SVN-Revision: 47782
Fix the id of NL80211_ATTR_WIPHY_ANTENNA_GAIN for antenna_gain command when
using compat-wireless 2015-10-26.
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
SVN-Revision: 47778
r47288 updated to Busybox 1.24.1 but did not update the configuration.
The configuration is updated by running
cd config
../convert_menuconfig.pl .../build_dir/target-*/busybox-1.24.1
cd ..
./convert_defaults.pl < .../build_dir/target-*/busybox-1.24.1/.config > \
Config-defaults.in
Signed-off-by: Mark Mentovai <mark@moxienet.com>
SVN-Revision: 47775
Use the 'typical' compile configuration instead of 'full', which most
notably excludes the soap support.
/sbin/vdsl_cpe_control shrinks down to ~50%, from 178kb(!) to 90kb.
Signed-off-by: Andre Heider <a.heider@gmail.com>
SVN-Revision: 47769
This adds support for specifying the dsl modem, atm bridge configs and setting
the pppoe protocol for wan.
These additions are required to port the Lantiq target to board.d.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47750
Some boards, e.g. the Sheeva Plug, require the lan interface to be set
to DHCP instead of a static address, therfore support that.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47732
This is a minor version update which fixes some small bugs. None of
these bugs were exploitable according to the release notes.
Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
SVN-Revision: 47724
This changes uci-defaults-new.sh, config_generate and all relevant board.d
files in order combine ucidef_add_switch() and ucidef_add_switch_ports() into
a single function.
Also removes now superfluous enable and reset arguments.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47721
Out of 69 switch definitions, only 3 pass something different than "1" as
values for reset and enable, with one of those three being invalid.
This change ...
* removes the reset and enable arguments from ucidef_add_switch()
* unconditionally writes reset:1 and enable:1 to JSON
* converts the three users of nonstandard values to ucidef_add_switch_attr()
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47720
Remove support for now unused ucidef_add_switch_vlan(), move port->vlan and
vlan->interfaces conversion to uci-defaults-new.sh and massively simplify
config_generate.
This change prepares the following upcoming steps:
* Eliminate use of ucidef_set_interface_lan_wan() for switch only devices
* Merge ucidef_add_switch() with ucidef_add_switch_ports()
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47719
Update dependencies for linux 4.4 and mark as broken where source code
needs updating.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 47700
Only se4t the force_link property for non-lan, non-wan ifaces as it is
unnecessary in the default cases.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47675
Properly quote variables in ucidef_set_interface_lan() and
ucidef_set_interface_lan(), otherwise interfaces with multiple devices
are not properly written into the configuration.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47673
Add ucidef_set_board_id() and ucidef_set_model_name() procedures to store
model information in the board.json file.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47671
The only user was the hg255d board and config_generate did not even emit
proper uci for it.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47658
Remove extra nesting of rssi leds in the led object and move rssi monitor
declaration to its own object.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47655
This just renamed the package to indicate that this is the annex a version.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>
SVN-Revision: 47649
Add support for generating vlans solely from the port layout description
given through ucidef_add_switch_ports().
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47639
Add further helper functions to uci-defaults-new.sh for easier declarations
of complex switch layouts.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47638
In this upstream dsl driver app version the autoboot is deactivated activate
it again.
In addition to the update this also fixes some build warnings and makes it
use the same configure option as used in Lantiq UGW.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>
SVN-Revision: 47637
In addition to the update this also fixes some build warnings and makes it
use the same configure option as used in Lantiq UGW.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>
SVN-Revision: 47635
In addition to the update this also fixes some build warnings and makes it
use the same configure option as used in Lantiq UGW.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>
SVN-Revision: 47634
This application helps to debug some internal problems in the MEI driver.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>
SVN-Revision: 47632
This makes the build script use the same configure options as used by
Lantiq UGW and fixes some warnings and cleans up some of the patches.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@lantiq.com>
SVN-Revision: 47630
since r45833 and r45848 the overlayfs is automatically mounted read-only
(and blocks remounts as r/w) when JFFS2 is full. see ticket #19564
because of this normal file deletion is not possible anymore.
if a user logins interactively (e.g. SSH) show a hint for this,
that files must be removed in /overlay/upper/...
v2: fix subject line
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
SVN-Revision: 47623
The scripts for authsae and iw use the option mesh_id to get set the
"meshid" during a mesh join. But the script for wpad-mesh ignores the
option mesh_id and instead uses the option ssid. Unify the mesh
configuration and let the wpa_supplicant script also use the mesh_id from
the configuration.
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
SVN-Revision: 47615
The OpenWrt wireless configuration for mcast_rate is defined as Kbit/s when
using wpa_supplicant for IBSS/802.11s and iw for unencrypted IBSS/802.11s.
But when using authsae, the unit for the same option is redefined as
Mbit/s. Better use the same unit for this option independent of the backend
which is used.
Old values for mcast_rate (< 1000) are still interpreted Mbit/s to avoid
problems during upgrades from older versions.
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
SVN-Revision: 47614
The variable $mesh_id was never defined in authsae_start_interface and thus
the option meshid in $authsae_conf_file was always set to "".
Signed-off-by: Sven Eckelmann <sven@open-mesh.com>
SVN-Revision: 47613
This version fixes a potential uncontrolled format string problem. This
makes it possible to activate the format security check.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47600
This version fixes a potential uncontrolled format string problem. This
makes it possible to activate the format security check.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47599
This version fixes a potential uncontrolled format string problem. This
makes it possible to activate the format security check.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47598
If the user sets any preinit options in .config, the wrong path may get
applied due to wrong default value in image-config.in and due to Makefile
writing also the unchanged options into 00_preinit.conf
Modify the default path in image-config.in to match the current default
path set by r47080. Also modify the fall-back default in Makefile.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 47590
I accidentally deactivated it. This should be set to active it in any case
independently what was set in the user config.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47587
All RTC drivers require the kernel to be built with CONFIG_RTC_CLASS=y.
Set it accordingly.
Tested only with DS1307.
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
SVN-Revision: 47564
gcc-5 handles inline without static differently and that makes
uboot-mxs fail to build. Remove the inline so it gets exported and can
be used in other functions.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47533
Now we have all targets using platform_pre_upgrade (and calling
nand_do_upgrade directly) we don't need nand_upgrade_stage1 to be in
sysupgrade_pre_upgrade hooks anymore.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47489
Spotted a missing 'ip6_udp_tunnel.ko' build failure during a local
build with all kmods enabled but globally disabled IPv6 support.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 47487
Support for scsi tape devices as kernel module.
This allow to use scsi tape devices in openwrt.
Signed-off-by: Giuseppe Magnotta <giuseppe.magnotta@gmail.com>
[moved to block.mk]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47482
Fixes compilation with Linux 4.3. Runtime tested on Ubiquiti EdgeRouter
Lite with Linux 3.18, 4.1 and 4.3.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
SVN-Revision: 47470
Updates the ath10-firmware release to current git and updates the
QCA988X firmware in use to version 10.2.4.70.12-2 which appears to
actually fix the stability problems when using a Nexus 5X phone as
per issue #20854. Also updates the Makefile for a change in the
location of the board.bin file for QCA988X in the source repository.
Signed-off-by: Robert Hancock <hancockrwd@gmail.com>
SVN-Revision: 47469
compat-wireless/backports now contains a bcm47xx_nvram.h file to
backport some of the functions in it which are used by the bcmfmac
driver. This file just checks for the kernel versions and provide an
empty implementations on older kernel versions. This is OK on most
systems, but on bcm47xx / bcm53xx systems we want to call the real
functions here. This commit removes the file from backports in our
build process like we do it with the bcma and ssb header files. Instead
we add a recent version into our kernel so all code uses only one
header file. On bcm47xx / bcm53xx the real implementations of this code
will be used.
Reported-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
SVN-Revision: 47467
Currently some libnl headers require application code to include
dependencies on its own. E.g. a simple include of <linux/netlink.h>
will trigger an error:
/usr/include/libnl-tiny/linux/netlink.h:32:2: error: unknown type name 'sa_family_t'
Similarly including <netlink/handlers.h> causes:
/usr/include/libnl-tiny/netlink/handlers.h:133:19: warning: 'struct ucred' declared inside parameter list [enabled by default]
Fix it by including <sys/socket.h> where needed in libnl headers.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
SVN-Revision: 47456
Updates the ath10k firmware version for QCA988X to version
10.2.4.70.10-2, which appears to fix problems with the 5GHz wireless
failing on TP-Link Archer C7 v2 when using a Nexus 5X phone. Fixes
issue #20854.
Signed-off-by: Robert Hancock <hancockrwd@gmail.com>
SVN-Revision: 47454
Only costs about 3k compressed, but significantly improves handling of
configuration mismatch
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 47439
This is done with existing code from the WRT1900AC port.
It makes sure the "auto_recovery" bootloader option is set,
and resets the s_env boot counter after a successful boot.
This gives users without a serial console connection some
measure of safety.
Signed-off-by: Claudio Leite <leitec@staticky.com>
SVN-Revision: 47433
- Use board engineering names rather than marketing names
- Linksys uses a dual firmware layout, where the bootloader
will switch to the other stored image when one fails to
boot three consecutive times.
In order to make this firmware compatible with the factory
images and the stock bootloader we must match this layout.
Signed-off-by: Claudio Leite <leitec@staticky.com>
SVN-Revision: 47429
Add a new config option "channels" for mac80211 wifi devices. It's only
valid if automatic channel selection is used and restricts the channel
selection to one of the given channels.
config wifi-device
list channels 1
list channels 6
list channels 11
Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
SVN-Revision: 47427
as conntrack and conntrackd are completely independent programs,
serving a different purpose.
Also split by other distributions, as Debian and Ubuntu.
Signed-off-by: Ulrich Weber <uw@ocedo.com>
SVN-Revision: 47424
default configuration will fill up disk by
writing /var/log/conntrackd-stats.log
Introduced due init script auto start.
Signed-off-by: Ulrich Weber <uw@ocedo.com>
SVN-Revision: 47422
