netifd does not handle network.@device[x].name properly if it
contains multiple ifaces separated by spaces. Due to this, board.d
lan_mac setup does not work if multiple ifaces are set to LAN by
ucidef_set_interface_lan.
To fix this, create a device node for each member iface when
running config_generate instead. Those are named based on the
member ifname:
ucidef_set_interface_lan "eth0 eth1.1"
ucidef_set_interface_macaddr "lan" "yy:yy:yy:yy:yy:01"
will return
config device 'lan_eth0_dev'
option name 'eth0'
option macaddr 'yy:yy:yy:yy:yy:01'
config device 'lan_eth1_1_dev'
option name 'eth1.1'
option macaddr 'yy:yy:yy:yy:yy:01'
ref: https://github.com/openwrt/openwrt/pull/2542
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[always use new scheme, extend description, change commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 298814e6be)
Commit b3d8b3a introduced a new test:
[ -n "$noscan" -a "$noscan" -gt 0 ] && hostapd_noscan=1
But if length of "$noscan" is zero (noscan is not set) this doesn't stop
the shell to evaluate the rest of the test.
root@hank2:~# [ -n "$noscan" -a "$noscan" -gt 0 ]
ash: out of range
root@hank2:~#
So when radios are brought up this shows in the log:
Sat Nov 23 10:51:38 2019 daemon.info procd: - init complete -
Sat Nov 23 10:52:24 2019 daemon.notice netifd: radio1 (1243): sh: out of range
Sat Nov 23 10:52:25 2019 user.notice firewall: Reloading firewall due to ifup of wan (eth0.2)
Sat Nov 23 10:52:25 2019 daemon.notice netifd: radio0 (1242): sh: out of range
Sat Nov 23 10:52:26 2019 authpriv.info dropbear[1536]: Not backgrounding
This commit sets noscan to 0 if unset and removes the gratuitous length
check, preventing the warning.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 28d84331f4)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Hardware
--------
SoC: Qualcomm IPQ4019
RAM: 256M DDR3
FLASH: 128M NAND
WiFi: 2T2R IPQ4019 bgn
2T2R IPQ4019 a/n/ac
ETH: Atheros AR8033 RGMII PHY
BTN: 1x Connect (WPS)
LED: Power (green/red/yellow)
Installation
------------
1. Grab the uboot for the Device from the 'u-boot-fritz1200'
subdirectory. Place it in the same directory as the 'eva_ramboot.py'
script. It is located in the 'scripts/flashing' subdirectory of the
OpenWRT tree.
2. Assign yourself the IP address 192.168.178.10/24. Connect your
Computer to one of the boxes LAN ports.
3. Connect Power to the Box. As soon as the LAN port of your computer
shows link, load the U-Boot to the box using following command.
> ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz1200.bin
4. The U-Boot will now start. Now assign yourself the IP address
192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
server root directory and rename it to 'FRITZ1200.bin'.
5. The Box will now boot OpenWRT from RAM. This can take up to two
minutes.
6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
scp. SSH into the Box and first write the Bootloader to both previous
kernel partitions.
> mtd write /path/to/uboot-fritz1200.bin uboot0
> mtd write /path/to/uboot-fritz1200.bin uboot1
7. Remove the AVM filesystem partitions to make room for our kernel +
rootfs + overlayfs.
> ubirmvol /dev/ubi0 --name=avm_filesys_0
> ubirmvol /dev/ubi0 --name=avm_filesys_1
8. Flash OpenWRT peristently using sysupgrade.
> sysupgrade -n /path/to/openwrt-sysupgrade.bin
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7f187229a8)
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
8174814 utils: persist effective extra_src and extra_dest options in state file
72a486f zones: fix emitting match rules for zones with only "extra" options
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 482114d3f7)
wireless-regdb fails to build if there is python2 installed from package
feeds, as staging_dir/hostpkg/bin/python is python2 and
staging_dir/hostpkg/bin takes precedence over staging_dir/host/bin
(proper place with python -> python3 symlink) which leads to the build
failure of wireless-regdb, so this patch makes it explicit which python
should be used.
Reported-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Russell Senior <russell@personaltelco.net>
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b6bae4a2c9)
Refresh patches to tidy up some fuzz warnings
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 12840674d0)
This backports a patch to build it work with python2 in addition to
python3.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit d3a8a62692)
Fixes build issues on a python3 host (issues with the print statement
formatting in the current build).
Includes 100-regdb-write-firmware-file-format-version-code-20.patch and
other fixes.
Closes bugs.openwrt.org/index.php?do=details&task_id=1605.
Uses the tarball as requested.
Signed-off-by: Zachary Riedlshah <git@zacharyrs.me>
(cherry picked from commit ef3f868da0)
This potentially fixes some issues seen on IBSS
when interfaces go out of range and then re-appear.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The skb_get_hash_perturb() function now takes a siphash_key_t instead of
an u32. This was changed in commit 55667441c84f ("net/flow_dissector:
switch to siphash"). Use the correct type in the fq header file
depending on the kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit eaa047179a)
AutoLoad parameter must match the exact kernel module name. Fix it.
Fixes: 125f1ce9ad ("kernel: video: add DRM core and IMX DRM support for HDMI/LVDS")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
(cherry picked from commit 6990510aca)
Enables radio resource management to be reported by hostapd to clients.
Ref: https://github.com/lede-project/source/pull/1430
Co-developed-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
[removed the DMARC crap]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 87f9292300)
hostapd will not use the getrandom() syscall and as a fallback use
/dev/random, the syscall is supported since Linux 3.17 and in the musl,
glibc and uclibc version used by OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 998686364d)
All the content of this function is proceeded by IEEE8021X_EAPOL no code
accesses the ssid variable outside of this ifdef.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 0d86bf518a)
Instead of patching the workaround away, just use the config option.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9b4a27455c)
The size of the ipkgs increase a bit (between 0.7% and 1.1%):
old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk
new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 167028b750)
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.
The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*
The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.
The size of the ipkgs increase a bit (between 1.3% and 2.3%):
old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 8af79550e6)
For AP mode, OpenWrt automatically sets ieee80211w to either 1 or 2, depending
on whether the encryption is set to sae-mixed, or sae/owe/eap suite-b.
Mirror the same defaults for client mode connections, in order to allow an
OpenWrt station to associate to an OpenWrt ap with SAE, OWE or Suite-B encryption
without the need to manually specify "option ieee80211w" on the station.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit abb4f4075e)
This changes fixes the generation of the wpa_supplicant client configuration
in WPA3 OWE client mode. Instead of incorrectly emitting key_mgmt=NONE, use
the proper key_mgmt=OWE setting instead.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4209b28d23)
wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if
CONFIG_WPS is not defined. With the later inclusion of
600-ubus_support, the issue manifests in warnings like these:
wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration
struct wpa_bss *bss)
^~~~~~~
This patch forward declares 'struct wpa_bss' regardless.
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f974f8213b)
The original wpa_hexdump uses a 'void *' for the payload. With patch
410-limit_debug_messages, the signature changes and compiler warnings
occur at various places. One such warning is:
wpa_debug.h:106:20: note: expected 'const u8 * {aka const unsigned char *}' but argument is of type 'struct wpa_eapol_key *'
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit a123df2758)
This edjusts the selection of recently removed wolfssl options which
have always been built into the library even in their abscence.
Also remove the selection of libwolfssl itself, allowing the library to
be built as a module.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 94d131332b)
Discovered recent changes had broken sysupgrade for ar71xx mikrotik
rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh after
switching to tmpfs.
Signed-off-by: Russell Senior <russell@personaltelco.net>
Boards added: WNR1000v2, WNR2000v3, WNR612v2, WNDR3700.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit d47b687006)
[removed WNR1000v2/WNR2000v3 since not supported in 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Many bugs were fixed--2 patches removed here.
This release of wolfSSL includes fixes for 5 security vulnerabilities,
including two CVEs with high/critical base scores:
- potential invalid read with TLS 1.3 PSK, including session tickets
- potential hang with ocspstaping2 (always enabled in openwrt)
- CVE-2019-15651: 1-byte overread when decoding certificate extensions
- CVE-2019-16748: 1-byte overread when checking certificate signatures
- DSA attack to recover DSA private keys
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit f4853f7cca)
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure. This applies a couple of upstream
patches fixing this.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit ab19627ecc)
c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect
Fixes: CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 6f9157e6bd)
Instead of depending on kmod-usb2 make it depend on the normal USB
dependencies. This should hopefully fix some problems seen in the build
bot builds for powerpc_8540.
In addition also activate DRIVER_11N_SUPPORT support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3ff3b044c0)
This patch breaks building on PowerPC, like the mpc85xx_generic
target for me.
Fixes: FS#2585
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b01305c8d2)
Forward the OpenWrt TARGET_LDFLAGS to the linker of the fw_printenv tool.
In addition also use the more standard make invocation script.
With this change the fw_printenv tool is built with PIE and Full RELRO
support when activated globally in OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
(cherry picked from commit b7b2be0b26)
Piotr Dymacz
Sungbo Eo
Sebastian Kemper
Hauke Mehrtens
David Bauer
Jo-Philipp Wich
Hans Dedecker
Petr Štetiar
Kevin Darbyshire-Bryant
John Crispin
Zachary Riedlshah
Koen Vandeputte
Rafał Miłecki
Kyle Copperfield
Leon M. George
Eneas U de Queiroz
Russell Senior
Michal Cieslakiewicz
Zoltan HERPAI
Hauke Mehrtens
Rosen Penev