Felix Fietkau [Wed, 24 Nov 2021 16:02:26 +0000 (17:02 +0100)]
hostapd: add a patch that allows processing auth requests for peers in blocked state
If authentication fails repeatedly e.g. because of a weak signal, the link
can end up in blocked state. If one of the nodes tries to establish a link
again before it is unblocked on the other side, it will block the link to
that other side. The same happens on the other side when it unblocks the
link. In that scenario, the link never recovers on its own.
To fix this, allow restarting authentication even if the link is in blocked
state, but don't initiate the attempt until the blocked period is over.
Felix Fietkau [Wed, 24 Nov 2021 09:45:28 +0000 (10:45 +0100)]
mac80211: fix regression in SSN handling of addba tx
Some drivers that do their own sequence number allocation (e.g. ath9k, mwlwifi) rely
on being able to modify params->ssn on starting tx ampdu sessions.
This was broken by a change that modified it to use sta->tid_seq[tid] instead.
David Bauer [Tue, 23 Nov 2021 21:25:02 +0000 (22:25 +0100)]
hostapd: fix goto loop for ubus assoc handler
When a ubus event handler denies a association with a non-zero return
value, the code jumps to preceeding code, creating an endless loop until
the event handler accepts the assc request.
Move the ubus handler further up the code to avoid creating such a loop.
Felix Fietkau [Wed, 3 Nov 2021 21:40:53 +0000 (22:40 +0100)]
hostapd: add wmm qos map set by default
This implements the mapping recommendations from RFC8325, with an
update from RFC8622. This ensures that DSCP marked packets are properly
sorted into WMM classes.
The map can be disabled by setting iw_qos_map_set to something invalid
like 'none'
Felix Fietkau [Wed, 20 Oct 2021 19:13:10 +0000 (21:13 +0200)]
hostapd: fix a race condition on adding AP mode wds sta interfaces
Both hostapd and netifd attempt to add a VLAN device to a bridge.
Depending on which one wins the race, bridge vlan settings might be incomplete,
or hostapd might run into an error and refuse to service the client.
Fix this by preventing hostapd from adding interfaces to the bridge and
instead rely entirely on netifd handling this properly
When using htmode 'HE20' with a radio mode that uses wpa-supplicant
(like mesh or sta), it will default to 40 MHz bw if disable_ht40 is not
set. This commit fixes this behaviour.
Felix Fietkau [Fri, 4 Jun 2021 07:12:07 +0000 (09:12 +0200)]
hostapd: configure inter-AP communication interface for 802.11r
In setups using VLAN bridge filtering, hostapd may need to communicate using
a VLAN interface on top of the bridge, instead of using the bridge directly
Rui Salvaterra [Wed, 25 Nov 2020 23:03:48 +0000 (23:03 +0000)]
hostapd: enable airtime policy for the -basic variants
Airtime policy configuration is extremely useful in multiple BSS scenarios.
Since nowadays most people configure both private and guest networks (at
least), it makes sense to enable it by default, except for the most limited
of the variants.
Size of the hostapd-basic-openssl binary (mipsel 24Kc -O2):
543944 bytes (airtime policy disabled)
548040 bytes (airtime policy enabled)
Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com> Acked-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit d38f4565828264731f2a9cfe646491fba80315d3)
Felix Fietkau [Wed, 2 Jun 2021 05:45:31 +0000 (07:45 +0200)]
mac80211: do not enable VHT in the default config on 2.4 GHz
Some drivers advertise it, but it's not supported at the moment
Reported-by: John Thomson <git@johnthomson.fastmail.com.au> Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 42a99b18ff23fa768a6ae5f1076f15cbfa494f24)
Felix Fietkau [Wed, 2 Jun 2021 05:42:40 +0000 (07:42 +0200)]
mac80211: fix detecting VHT capabilities when generating the default config
The colon does not directly follow the "VHT Capabilities" string
Reported-by: John Thomson <git@johnthomson.fastmail.com.au> Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 3518b793a2f2293e7e9124b5beae7b09887c5e32)
At least since gcc 7.3.0 (OpenWrt 18.06) lwr/lwl are used in the
assembly of LzmaProps_Decode. While the decission made by the compiler
looks perfect fine, it triggers some obscure hang on lantiq danube-s
v1.5 with MX29LV640EB NOR flash chips.
Only if the offset 1 is used, the hang can be observed. Using any other
offset works fine:
Christian Lamparter [Sat, 23 Oct 2021 16:08:51 +0000 (18:08 +0200)]
wireless-regdb: update to version 2021.08.28
e983a25 Update regulatory rules for Ecuador (EC) a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz 86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US 6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US 9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately 42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB
Deomid Ryabkov [Sat, 23 Oct 2021 13:22:39 +0000 (16:22 +0300)]
base-files: chmod 1777 /var/lock
Per FHS 3.0, /var/lock is the location for lock files [1].
However its current permissions (755) are too restrictive
for use by unprivileged processes.
Debian and Ubuntu set them to 1777, and now so do we.
Signed-off-by: Deomid Ryabkov <rojer@rojer.me>
[fixed typo in commit message, had to remove "rojer" due to git hooks] Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 430f69194388ad6a7826a51e0e2b2dd478e27f0f)
Stephan Schmidtmer [Tue, 10 Aug 2021 20:21:30 +0000 (20:21 +0000)]
libpcap: add rpcapd as package
This enables building of rpcapd and adds it as a package.
It is a daemon that allows remote packet capturing from another machine.
E.g. Wireshark can talk to it using the Remote Capture Protocol (RPCAP).
https://www.tcpdump.org/manpages/rpcapd.8.html
Compile and run tested:
OpenWrt 21.02.0-rc4 r16256-2d5ee43dc6 on x86/64 and mvebu/cortexa9
Christian Lamparter [Thu, 5 Aug 2021 13:29:25 +0000 (15:29 +0200)]
gpio-button-hotplug: convert to gpio descriptor (gpiod_) API
OpenWrt's special gpio-button-hotplug driver is still using
exclusively the legacy GPIO Subsystem gpio_ API.
While it still does work fine for most devices, upstream
linux is starting to convert platform support like that of
the APU2/3/4 to the new GPIOD LOOKUP tables that are not
supported by it.
Hence, this patch replaces the gpio_ calls present in
gpio-button-hotplug with gpiod_ equivalent wherever
it's possible. This allows the driver to use the
gpiod lookup tables and still have a fallback for
legacy platform data code that just sets button->gpio
set to the real button/switch GPIO.
As a bonus: the active_low logic is now being handled
by the linux's gpio subsystem too. Another issue that
was address is the of_handle leak in the dt parser
error path.
Bruno Randolf [Mon, 25 Oct 2021 10:38:15 +0000 (11:38 +0100)]
ramips: minew g1-c: Allow dynamic RAM sizes
Allow RAM size to be passed thru U-Boot. There are 128MB and 64MB
versions of Minew G1-C. This is also in line with the behaviour of
most other RAMIPS boards.
Roman Yeryomin [Fri, 3 Sep 2021 14:31:11 +0000 (17:31 +0300)]
iproute2: m_xt.so depends on dynsyms.list
When doing parallel build on a fast machine with bottleneck in i/o,
m_xt.so may start linking faster than dynsyms.list gets populated,
resulting in error:
ld:dynsyms.list:0: syntax error in dynamic list
Fix this by adding dynsyms.list as make dependency to m_xt.so
Described also here:
https://bugs.openwrt.org/index.php?do=details&task_id=3353
Change from v1:
- add dynsysms.list dependancy only when shared libs are enabled
Andre Heider [Sat, 2 Oct 2021 08:50:49 +0000 (10:50 +0200)]
wolfssl: always build with --enable-reproducible-build
This gates out anything that might introduce semantically frivolous jitter,
maximizing chance of identical object files.
The binary size shrinks by 8kb: 1244352 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f 1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
Roger Pueyo Centelles [Tue, 31 Aug 2021 14:45:17 +0000 (16:45 +0200)]
ath79: mikrotik: use 64 KiB SPI NOR erase sectors
This patch removes CONFIG_MTD_SPI_NOR_USE_4K_SECTORS from the default
symbols for the ath79/mikrotik target.
MikroTik devices hold some of their user-configurable settings in the
soft_config partition, which is typically sized 4 KiB, of the SPI NOR
flash memory. Previously, in the ar71xx target, it was possible to use
64 KiB erase sectors but also smaller 4 KiB ones when needed. This is
no longer the case in ath79 with newer kernels so, to be able to write
to these 4 KiB small partitions without erasing 60 KiB around, the
CONFIG_MTD_SPI_NOR_USE_4K_SECTORS symbol was added to the defaults.
However, this ended up making sysupgrade images which were built with
64 KiB size blocks not to keep settings (e.g., the files under
/etc/config/) over the flashing process.
Using 4 KiB erase sector size on the sysupgrade images (by setting
BLOCKSIZE = 4k) allows keeping settings over a flashing process, but
renders the process terribly slow, possibly causing a user to
mistakenly force a manual device reboot while the process is still on-
going. Instead, ditching the 4 KiB erase sectors for the default
64 KiB erase size provides normal SPI write speed and sysupgrade times,
at the expense of not being able to modify the soft_config partition
(which is rarely a required thing).
An OpenWrt patch for MTD_SPI_NOR_USE_4K_SECTORS_LIMIT may once have
allowed to use different per-partition erase sector sizes. Due to
changes on recent kernels it now only works on a per-device basis.
Also, partial eraseblock write can be performed in ath79 with kernels
5.4 and lower, by copying the blocks from the 64 KiB, erasing the whole
sector and restoring those blocks not meant to be modified. A kernel
bump had that patch broken for a long time, but got fixed in bf2870c.
Note: the settings in the soft_config partition can be reset to their
defaults by holding the reset button for 5 seconds (and less than 10
seconds) at device boot.
Ivan Pavlov [Tue, 14 Sep 2021 15:06:32 +0000 (12:06 -0300)]
wolfssl: update to 4.8.1-stable
Changes from 4.7.0:
Fix one high (OCSP verification issue) and two low vulnerabilities
Improve compatibility layer
Other improvements and fixes
For detailed changes refer to https://github.com/wolfSSL/wolfssl/releases
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
(cherry picked from commit 7d92bb0509615550b98e2dc71091073c8258d564)
[Added patch to allow compilation with libtool 2.4] Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Jitao Lu [Sun, 17 Oct 2021 06:16:57 +0000 (14:16 +0800)]
ncurses: add tmux terminfo
They're preferred terminal descriptions for tmux, with additional support to
some special characters and italic fonts. More info can be found at:
https://github.com/tmux/tmux/wiki/FAQ
Andre Heider [Wed, 6 Oct 2021 08:54:48 +0000 (10:54 +0200)]
wolfssl: build with WOLFSSL_ALT_CERT_CHAINS
"Alternate certification chains, as oppossed to requiring full chain
validataion. Certificate validation behavior is relaxed, similar to
openssl and browsers. Only the peer certificate must validate to a trusted
certificate. Without this, all certificates sent by a peer must be
used in the trust chain or the connection will be rejected."
This fixes e.g. uclient-fetch and curl connecting to servers using a Let's
Encrypt certificate which are cross-signed by the now expired
DST Root CA X3, see [0].
This is the recommended solution from upstream [1].
The binary size increases by ~12.3kb: 1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f 1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
Signed-off-by: Andre Heider <a.heider@gmail.com>
[bump PKG_RELEASE] Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 28d8e6a8711ba78f1684a205e11b0dbd4ff2b2f3)
* 4 MB (SPI Flash)
* 6 x 2.5 Gigabit ports (Puzzle-M901)
- External PHY with 6 ports (AQR112R)
* 6 x 2.5 Gigabit ports (Puzzle-M902)
- External PHY with 6 ports (AQR112R)
3 x 10 Gigabit ports (Puzzle-M902)
- External PHY with 3 ports (AQR113R)
* 4 x Front panel LED
* 1 x USB 3.0
* Reset button on Rear panel
* UART (115200 8N1,header on PCB)
Flash instructions:
The original firmware is based on OpenWrt.
Flash firmware using LuCI and CLI
Signed-off-by: Ian Chang <ianchang@ieiworld.com>
(cherry picked from commit 70c75965a97799b44871249c205bad48fea9a4ae) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ian Chang [Thu, 2 Sep 2021 09:47:01 +0000 (17:47 +0800)]
mvebu: backport CN9130 dts necessary files changes to 5.4
1. Add support for Marvell CN9130 SoC
2. Add support for CP115,and create an armada-cp11x.dtsi file which will be used to instantiate both CP110 and CP115
3. Add support for AP807/AP807-quad,AP807 is a major component of CN9130 SoC series
4. Drop PCIe I/O ranges from CP11x file and externalize PCIe macros from CP11x file
Signed-off-by: Ian Chang <ianchang@ieiworld.com>
(cherry picked from commit c98ddf0f019986bbb4c868bfcaf97e0d1f4ee2dc) Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Paul Spooren [Sun, 10 Oct 2021 09:09:46 +0000 (23:09 -1000)]
build: prereq detect Python 3.10 for `python3` binary
While the binary `python3.10` is correctly detected by the build system
the default `python3` binary is currently not detected if pointing to a
Python 3.10 installation.
David Bauer [Wed, 2 Jun 2021 17:34:01 +0000 (19:34 +0200)]
kernel: ar8216: add get_features method
Modifying PHY capabilities in the probe function broke with upstream
commit 92ed2eb7f4b7 ("net: phy: probe the PHY before determining the
supported features").
AR8316 switches only support 10/100 Mbit/s link modes because of this
change.
Provide a get_features method for the PHY driver, so Gigabit link mode
will be advertised to link partners again.
Martin Schiller [Mon, 4 May 2020 14:13:13 +0000 (16:13 +0200)]
uhttpd: make organization (O=) of the cert configurable via uci
Make the organization (O=) of the cert configurable via uci. If not
configured, use a combination of "OpenWrt" and an unique id like it was
done before.
Sven Eckelmann [Wed, 22 Sep 2021 15:56:30 +0000 (17:56 +0200)]
ipq-wifi: Work around Plasma Cloud PA1200 5GHz crash
It was noticed [1] that the ath10k firmware crashes on 5GHz since OpenWrt
21.02.0. The problem seems to be triggered by the the nonLinearTxFir field
in the 5GHz BDF. If baseEepHeader.nonLinearTxFir (offset 0xc2) is 1 then
the firmware just crashes when setting up the 5Ghz radio using `ifconfig
wlan1 up`:
Sven Eckelmann [Wed, 22 Sep 2021 15:56:30 +0000 (17:56 +0200)]
ipq-wifi: Update Plasma Cloud PA1200 BDFs to firmware 3.5.12
The official Plasma Cloud firmware adjusted the BDFs to contain new
conformance test limits and target power values. These should be imported
to avoid emissions outside the allowed limits.
In hostapd_ubus_add_bss(), ubus objects are not registered for mesh
interfaces. This provokes a segfault when accessing the ubus object in
mesh deinit.
This commit adds the same condition to hostapd_ubus_free_bss() for
discarding those mesh interfaces.
David Bauer [Thu, 23 Sep 2021 19:01:37 +0000 (21:01 +0200)]
rockchip: fix broken squashfs sysupgrade
The rockchip platform supports squashfs SD card images. However, the
resulting image is not padded to completely fill the rootfs partition.
Because of that, the f2fs overlay might not be erased, resulting in
uci-defaults not bing executed or the configuration not being erased,
even though drop config was selected.
Modify the image generation process so the image is padded to cover the
entire root filesystem partition.
Christian Lamparter [Thu, 23 Sep 2021 16:37:38 +0000 (18:37 +0200)]
apm821xx: MBL: band-aid MBL DUO
Takimata reported on the OpenWrt forum in thread [0], that his
MyBook Live Duo wasn't booting OpenWrt 21.02 after upgrading
from the previous OpenWrt 19.07.
The last logged entries on his console
|[ 0.531599] sata1-regulator GPIO handle specifies active low - ignored
|[ 0.538391] sata0-regulator GPIO handle specifies active low - ignored
|[ 0.759791] ata2: SATA link down (SStatus 0 SControl 300)
|[ 0.765251] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)
|[ 5.909555] ata1.00: qc timeout (cmd 0xec)
|[ 5.913656] ata1.00: failed to IDENTIFY (I/O error, err_mask=0x4)
|[ 6.231757] ata1: SATA link down (SStatus 0 SControl 300)
This extract clearly showed that the HDD on which OpenWrt is installed,
simply disappeared after the SATA power regulators had been initialized.
Since the device-tree regulators haven't changed since the OpenWrt 19.07
days this will require further investigation on the snapshot/master/trunk
branch.
For the time being, it was requested to just delete the nodes so,
the device will boot again. Which unfortunately, will have to wait
until 21.02.1 is released.
He also confirmed that the My Book Live Single wasn't affected.
It works with or without this change.
Refresh all patches.
The removed patches were integrated upstream.
This contains fixes for CVE-2020-3702
1. These patches (ath, ath9k, mac80211) were included in kernel
versions since 4.14.245 and 4.19.205. They fix security vulnerability
CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2].
Thank you Josef Schlehofer for reporting this problem.
Alexander Couzens [Tue, 1 Jun 2021 21:09:26 +0000 (21:09 +0000)]
ramips: add support for minew g1-c
The minew g1-c is a smart home gateway / BLE gateway.
A Nordic nRF52832 is available via USB UART (cp210x) to support BLE.
The LED ring is a ring of 24x ws2812b connect to a generic GPIO (unsupported).
There is a small LED which is only visible when the device is open which
will be used as LED until the ws2812b is supported.
The board has also a micro sdcard/tfcard slot (untested).
The Nordic nRF52832 exposes SWD over a 5pin header (GND, VCC, SWD, SWC, RST).
The vendor uses an older OpenWrt version, sysupgrade can be used via
serial or ssh.
CPU: MT7628AN / 580MHz
RAM: DDR2 128 MiB RAM
Flash: SPI NOR 16 MiB W25Q128
Ethernet: 1x 100 mbit (Port 0) (PoE in)
USB: USB hub, 2x external, 1x internal to USB UART
Power: via micro usb or PoE 802.11af
UART: 3.3V, 115200 8n1
projects / users / dwmw2 / openwrt.git / log