1. It seems to allow any connections in default mode, I don't want it
https://t.me/rosalinux/63611
2. This package is very heavy (3.5 MB), there is enough space, but still...
31e99fe3da which introduced this code was unfortunately untested.
This commit fixes a number of issues and works around the fact that in
this particular scheme, the LZO payload may be padded at the end which
will trigger a harmless lzo decompression error.
This commit also disambiguates the debug printks.
Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Fixes: 31e99fe3da ("generic: platform/mikrotik: support LZOR encoding")
(cherry picked from commit 2ea481193c)
This backports upstream fixes for the out of bounds write vulnerability in json-c.
It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592
Addresses CVE-2020-12762
Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
[bump PKG_RELEASE, rebase patches on top of json-c 0.12]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit bc0288b768)
So far, specifying "BOARD_NAME := routerboard" is required by the
upgrade code of Mikrotik NAND devices, as "sysupgrade-routerboard"
is hardcoded in platform_do_upgrade_mikrotik_rb().
This patch replaces the latter with a grep for the name like it
is already done in nand_upgrade_tar() in /lib/upgrade/nand.sh.
This should enable upgrades from ar71xx to ath79 without setting
BOARD_NAME for the latter.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(backported from commit 281785d74f)
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
at fstools-2020-05-06-eec16e2f/block.c:1193
1193: if (!m->autofs && (mp = find_mount_point(pr->dev))) {
Fixes: 3b9e4d6d4c ("fstools: update to the latest version")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit b181294b02)
The id parameter in __rb_get_wlan_data() was incorrectly used on the
assumption that id "0" would always be tied to ath9k with RLE encoding
and positive id (in fact, only id "1" was valid) would always be tied to
("external") ath10k with LZO encoding.
Newer hardware revisions of supported devices prove this assumption to
be invalid, with ath9k caldata being now wrapped in MAGIC_ERD and LZO
compressed, so disable this check to allow newer hardware to correctly
decode caldata for ath9k. Since ath10k caldata is no longer pulled from
this implementation, this commit also disables the publication in sysfs
to avoid wasting memory.
Note: this patch assumes that ath9k caldata is never stored with the new
"LZOR" encoding scheme found on some ath10k devices.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Fetch ath10k calibration data from backported mikrotik sysfs driver
which supports the newer "LZOR" encoding.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Some newer MikroTik RouterBOARD devices use a new encoding scheme
for their WLAN calibration data. This patch provides support for
decoding this new scheme.
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
This driver exposes the data encoded in the "hard_config" flash segment
of MikroTik RouterBOARDs devices. It presents the data in a sysfs folder
named "hard_config". The WLAN calibration data is available on demand via
the 'wlan_data' sysfs file in that folder.
This driver permanently allocates a chunk of RAM as large as the
"hard_config" MTD partition (typically 4KB), although it is technically
possible to operate entirely from the MTD device without using a local
buffer (except when requesting WLAN calibration data), at the cost of a
performance penalty.
This driver does not reuse any of the existing code previously found in
routerboot.c.
This driver has been successfully tested on BE (ath79) and LE (ipq40xx
and ramips) hardware.
Tested-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Tested-by: Baptiste Jonglez <git@bitsofnetworks.org>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
Tested-by: Christopher Hill <ch6574@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Out of all devices currently supported based on AR9331 chipset,
this one had the 'serial0' alias missing. Add it to fix setting of
/dev/console and login shell on the onboard UART.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
(cherry picked from commit 94f3449977)
* compat: timeconst.h is a generated artifact
Before we were trying to check for timeconst.h by looking in the kernel
source directory. This isn't quite correct on configurations in which
the object directory is separate from the kernel source directory, for
example when using O="elsewhere" as a make option when building the
kernel. The correct fix is to use $(CURDIR), which should point to
where we want.
* compat: use bash instead of bc for HZ-->USEC calculation
This should make packaging somewhat easier, as bash is generally already
available (at least for dkms), whereas bc isn't provided by distros by
default in their build meta packages.
* socket: remove errant restriction on looping to self
It's already possible to create two different interfaces and loop
packets between them. This has always been possible with tunnels in the
kernel, and isn't specific to wireguard. Therefore, the networking stack
already needs to deal with that. At the very least, the packet winds up
exceeding the MTU and is discarded at that point. So, since this is
already something that happens, there's no need to forbid the not very
exceptional case of routing a packet back to the same interface; this
loop is no different than others, and we shouldn't special case it, but
rather rely on generic handling of loops in general. This also makes it
easier to do interesting things with wireguard such as onion routing.
At the same time, we add a selftest for this, ensuring that both onion
routing works and infinite routing loops do not crash the kernel. We
also add a test case for wireguard interfaces nesting packets and
sending traffic between each other, as well as the loop in this case
too. We make sure to send some throughput-heavy traffic for this use
case, to stress out any possible recursion issues with the locks around
workqueues.
* send: cond_resched() when processing tx ringbuffers
Users with pathological hardware reported CPU stalls on CONFIG_
PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning
these workers would never terminate. That turned out not to be okay on
systems without forced preemption. This commit adds a cond_resched() to
the bottom of each loop iteration, so that these workers don't hog the
core. We don't do this on encryption/decryption because the compat
module here uses simd_relax, which already includes a call to schedule
in preempt_enable.
* selftests: initalize ipv6 members to NULL to squelch clang warning
This fixes a worthless warning from clang.
* send/receive: use explicit unlikely branch instead of implicit coalescing
Some code readibility cleanups.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 4f6343ffe7)
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit ea980fb9c6)
Fixes: 5e8b50da15 (odhcpd : fix lan host reachibility due to identical RIO and PIO prefixes (FS#3056))
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
975dce2 client: allow keep-alive for POST requests
d062f85 file: poke ustream after starting deferred program
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
ar8229 and ar8236 don't allow unknown unicast/multicast frames and
broadcast frames to be flooded to cpu port. This isn't desired behavior
for swconfig as we treat it as a standalone switch.
Current code doesn't enable unicast frame flooding for ar8229 and uses
wrong setup for ar8236. This commit fixes both of them by enabling port
0 flooding for all unknown frames.
Fixes: FS#2848
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 47f17b0662)
Workaround a bug in patches/100-debian_shared_lib.patch - it attemptss to
extract the library major version from debian/changelog which does not exist
in the vanilla upstream tarball.
Create a fake changelog file for now to satisfy the version extraction
routine until we get around to properly augment the patch.
Fixes: FS#2970
Fixes: 96ee7c8bfd ("libpcap: Update shared-lib patch from Debian to fix linking problems")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit b7d6e80fee)
OpenWrt now has a CDN for sources at sources.cdn.openwrt.org which
mirrors sources.openwrt.org.
Downloading sources outside Europe or US (mainland) could
result in low throughput, extremely slowing down the first compilation of
the build system.
This patch adds sources.cdn.openwrt.org as the first mirror to offer
worldwide fast download speeds by default. If the CDN goes down for
whatever reason, the script jumps to the next available mirror and
downloads requested files as before (in regional varying speed).
Signed-off-by: Paul Spooren <mail@aparcar.org>
Acked-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c737a9ee6a)
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
#define _DEFAULT_SOURCE
<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 70a962ca6f)
When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.
This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.
This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1
Fixes: aaf46a8fe2 ("dante: disable sched_getscheduler() - not implemented in musl")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ce1798e915)
Build with NO_LIBCAP=1. This is to resolve build issue.
Package perf is missing dependencies for the following libraries:
libcap.so.2
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
(cherry picked from commit 80f128d2aa)
Before, only frames with a maximum size of 1528 bytes could be
transmitted between two 802.11s nodes.
For batman-adv for instance, which adds its own header to each frame,
we typically need an MTU of at least 1532 bytes to be able to transmit
without fragmentation.
This patch now increases the maxmimum frame size from 1528 to 1656
bytes.
Tested with two ath10k devices in 802.11s mode, as well as with
batman-adv on top of 802.11s with forwarding disabled.
Fix originally found and developed by Ben Greear.
Link: https://github.com/greearb/ath10k-ct/issues/89
Link: 9e5ab25027
Cc: Ben Greear <greearb@candelatech.com>
Signed-off-by: Linus Lüssing <ll@simonwunderlich.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(cherry picked from commit 066ec97167)
Upstream commit dda9f4b9ca ("f2fs: fix to skip verifying block address
for non-regular inode").
On 4.14, attempting to perform operations on a non-regular inode
residing on an f2fs filesystem, such rm-ing a device node, would fail
and lead to a warning / call trace in dmesg. This fix was already
applied to other kernels upstream - including 4.19, from which the patch
was taken.
More info at https://bugzilla.kernel.org/show_bug.cgi?id=202495.
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry picked from commit ee500186a5)
Like for Ubiquiti PowerBeam 5AC Gen2, the highest RSSI LED can
be exploited to indicate boot/failsafe/upgrade for the NanoBeam AC
and Nanostation AC as well.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 80a094aaf3)
This adds some still-missing board names for old TP-Link devices
to ath79 SUPPORTED_DEVICES.
Fixes: FS#3017
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 522f6b7eee)
Refreshed all patches and removed upstreamed:
oxnas/001-irqchip-versatile-fpga-Handle-chained-IRQs-properly.patch
oxnas/002-irqchip-versatile-fpga-Apply-clear-mask-earlier.patch
Fixes: CVE-2020-12114 and CVE-2020-11669
Runtime-tested on: qemu-x86-64
Compile-tested on: ath79/generic, x86/64, imx6
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Backport patch from hostapd.git master that fixes copy/paste error in
crypto_bignum_sub() in crypto_wolfssl.c.
This missing fix was discovered while testing SAE over a mesh interface.
With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with
wpad-mesh-wolfssl.
Cc: Sean Parkinson <sean@wolfssl.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 4b3b8ec81c)
Without this change, wpa-cli features depend on which wpad build variant was
used to build the wpa-cli package
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Tested-by: Jérôme Benoit <jerome.benoit@piment-noir.org> [WRT1900AC v1]
[added missing package version bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 03e9e4ba9e)
Another release is overdue for quite some time, so I'm backporting three
fixes from upstream which I plan to backport into 19.07 as well.
Ref: FS#2880
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 76a0ddf130)
On Windows, refuse paths that start with \\ ... as that might cause an
unexpected SMB connection to a given host name.
Ref: PR#2730
Ref: https://curl.haxx.se/docs/CVE-2019-15601.html
Suggested-by: Jerome Benoit <jerome.benoit@sap.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Before 2019.01 version was introduced patch, which changes cache
routines: 93b283d4 ("ARM: CPU: arm926ejs: Consolidate cache
routines to common file"). Unfortunately that patch make ethernet
and usb in kirkwood broken.
This patch backport commit 599f7aa5 ("ARM: kirkwood: disable dcache
for Kirkwood boards"), which are fix for that problem.
Fixes: dc08514e6d ("uboot-kirkwood: update to 2019.01")
Run tested: pogoplugv4
Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
It's known that ZBT sells 256M variants of these routers. As a result,
our images won't be able to boot on these routers.
This commit removes memory node for them. With previously backported
memory detection patch, kernel is able to detect memory size itself.
Fixes: FS#3053
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
Mikhail Novosyolov
Hauke Mehrtens
Thibaut VARÈNE
Robert Marko
Adrian Schmutzler
Daniel Golle
Koen Vandeputte
Lech Perczak
DENG Qingfang
Jo-Philipp Wich
Jason A. Donenfeld
Hans Dedecker
Rafał Miłecki
Chuanhong Guo
Petr Štetiar
Felix Fietkau
Paul Spooren
Yangbo Lu
Linus Lüssing
Matt Merhar
Antonio Quartulli
Pawel Dembicki