aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
* dropbear: adjust file permissionsKonstantin Demin2024-02-09
| | | | | | | | | | | runtime: - adjust ownership/permissions while starting dropbear build time: - correct file permissions for preseed files in $(TOPDIR)/files/etc/dropbear/ (if any) closes #10849 Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: 'rsakeyfile' -> 'keyfile' transitionKonstantin Demin2024-02-09
| | | | | | | | | end users should have done this since OpenWrt 19.07. if they didn't do this yet - perform auto-transition. schedule 'rsakeyfile' removal for next year release. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: failsafe: handle all supported key typesKonstantin Demin2024-02-09
| | | | | | dropbear may be configured and compiled with support for different host key types Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: minor config reorderKonstantin Demin2024-02-09
| | | | | | move DROPBEAR_ASKPASS under DROPBEAR_DBCLIENT (in all meanings) Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: split U2F/FIDO supportKonstantin Demin2024-02-09
| | | | | | | | these options allow one to configure U2F/FIDO support in more granular way inspired by upstream commit aa6559db Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: add option to enable modern crypto onlyKonstantin Demin2024-02-09
| | | | | | | | | | reduces binary/package size and increases overall performance also: - adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256 Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: adjust allowed shell listKonstantin Demin2024-02-09
| | | | | | this takes an effect only if getusershell(3) is missing Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: honor CONFIG_TARGET_INIT_PATHKonstantin Demin2024-02-09
| | | | | | fixes 65256aee Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: disable two weak kex/mac algorithmsKonstantin Demin2024-02-09
| | | | | | | | | | | | | | | | hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms. A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1] It has no place in a potentially internet-facing daemon like dropbear. Upstream has acknowledged this and offered this solution to disable these two until this is made to be the default in the next release of dropbear next year. [2] 1. https://www.openssh.com/txt/release-8.2 2. https://github.com/mkj/dropbear/issues/138 Signed-off-by: John Audia <therealgraysky@proton.me> Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: minor config clarificationKonstantin Demin2024-02-09
| | | | | | | | | | - "default n" is not needed: options are not selected by default - wrap config on 80 characters width (assuming tab is 8 characters long) - add feature cost size and security notes for DROPBEAR_AGENTFORWARD and DROPBEAR_DBCLIENT_AGENTFORWARD: describe why and where it should be disabled Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: better object cleanupKonstantin Demin2024-02-09
| | | | | | improves b78aae79 Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: allow more complex configurationKonstantin Demin2024-02-09
| | | | | | | | | | | | | | - switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists: this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG which is more likely to be than values with commas; use $(comma) variable for values with commas. - sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list. - allow DB_OPT_COMMON to have values with commas. - allow to replace multiline definitions in sysoptions.h. improves e1bd9645 Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: cherry-pick upstream patchesKonstantin Demin2024-02-09
| | | | | | | | | | | | | | | | | | | | | | critical fixes: - libtommath: possible integer overflow (CVE-2023-36328) - implement Strict KEX mode (CVE-2023-48795) various fixes: - fix DROPBEAR_DSS and DROPBEAR_RSA config options - y2038 issues - remove SO_LINGER socket option - make banner reading failure non-fatal - fix "noremotetcp" behavior - don't try to shutdown a pty - fix test for multiuser kernels adds new features: - option to bind to interface - allow inetd with non-syslog - ignore unsupported command line options with dropbearkey Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: bump to 2022.83Konstantin Demin2024-02-09
| | | | | | | | | | | | - update dropbear to latest stable 2022.83; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES - drop patches: - 001-fix-MAX_UNAUTH_CLIENTS-regression.patch - rework patches: - 901-bundled-libs-cflags.patch - refresh remaining patches Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* ipq40xx: fix dts error in LED color/function conversionChristian Marangi2024-02-09
| | | | | | | | Fix DTS error in LED color/function conversion due to a bug in the conversion script. Fixes: a9e0d97e1fc8 ("ipq40xx: convert to new LED color/function format where possible") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* linux: add dtb makefile target to targets listChristian Marangi2024-02-08
| | | | | | | | | Add dtb makefile target to targets list to permit correct working of make target/linux/dtb Fixes: c47532b1ea7f ("kernel-buildOnmk: add support for compiling only DTS") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* kernel-build.mk: add support for compiling only DTSChristian Marangi2024-02-08
| | | | | | | | | | | | Add support for compiling DTS for the selected target. This can be useful for testing if the DTS correctly compile and doesn't produce any error. This adds a new make target. To compile only DTS use: make target/linux/dtb Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* kernel: bump 6.1 to 6.1.77John Audia2024-02-08
| | | | | | | | | | | | | | | | | | | Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.77 Removed upstreamed: generic/backport-6.1/707-v6.8-01-net-phy-at803x-fix-passing-the-wrong-reference-for-c.patch[1] generic/backport-6.1/796-v6.8-ipmr-fix-kernel-panic-when-forwarding-mcast-packets.patch[2] All other patches automatically rebased. 1. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.1.77&id=7dc0fefd37dd5fb03fdac6e3e01b1c2291148ccb 2. https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v6.1.77&id=d2f1b7fe74afd66298dbb3c7b39e7b62e4df1724 Build system: x86/64 Build-tested: x86/64/AMD Cezanne Run-tested: x86/64/AMD Cezanne Signed-off-by: John Audia <therealgraysky@proton.me>
* kernel: bump 6.1 to 6.1.76John Audia2024-02-08
| | | | | | | | | | | | Changelog: https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.76 All patches automatically rebased. Build system: x86/64 Build-tested: x86/64/AMD Cezanne Run-tested: x86/64/AMD Cezanne Signed-off-by: John Audia <therealgraysky@proton.me>
* lldpd: add option to force EDPStephen Howell2024-02-08
| | | | | | allow EDP support if compiled and add force EDP option Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: only use snmp options when compiled inStephen Howell2024-02-08
| | | | | | prevent SNMP options being passed unless lldpd supports them Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: Update Makefile package releaseStephen Howell2024-02-08
| | | | | | increment Makefile package release to reflect changes to init script Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: add option for tx delay and tx holdStephen Howell2024-02-08
| | | | | | add option to set LLDP transmit delay, hold timers to set update frequency Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: add option to set system platformStephen Howell2024-02-08
| | | | | | add option to override system platform instead of using kernel name Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: add option to force SONMP enabledStephen Howell2024-02-08
| | | | | | add option to force SONMP to be enabled even when no peer detected Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: add option to force FDP onStephen Howell2024-02-08
| | | | | | add option to force FDP when no peers detected Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: set CDP version and allow forcing CDP onStephen Howell2024-02-08
| | | | | | add option to specify CDPv1 or CDPv2 and separately enable or force each Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: allow disabling LLDP protcolStephen Howell2024-02-08
| | | | | | add option to allow LLDP disabling while using other supported protocols Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: add portidsubtype optionStephen Howell2024-02-08
| | | | | | add option portidsubtype to correct port identifiers and descriptions Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: add agent-type optionStephen Howell2024-02-08
| | | | | | add option to set agent-type to control propogation Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: add LLDP MED optionsStephen Howell2024-02-08
| | | | | | add option to enable LLDP MED fast-start and set fast-start timer Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: option to disable LLDP-MED inventory TLVStephen Howell2024-02-08
| | | | | | add option to disable LLDP-MED inventory TLV transmission Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: Init adds no-version optionStephen Howell2024-02-08
| | | | | | add option to disable advertising kernel version Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: Allow neighbour filteringStephen Howell2024-02-08
| | | | | | add filter option to init script. Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: LLDPD binds to only specified interfacesStephen Howell2024-02-08
| | | | | | | Bind to the configured system interfaces only. Switchport interfaces are no longer ignored and uci interface values for LLDPD are honored. Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* lldpd: Init config read on reloadStephen Howell2024-02-08
| | | | | | | | | Init script reload with trigger to detect config file update. Reload command added to attempt non-impactful lldpd reload where lldpcli can be used to update config without process restart. Config hash function used to track whether process restart is needed. Signed-off-by: Stephen Howell <howels@allthatwemight.be>
* bmips: dts: move leds dt-bindings include to SoCsÁlvaro Fernández Rojas2024-02-08
| | | | | | | bmips has all the dt-bindings includes inside each SoC .dtsi files, so let's move the new includes there instead of adding them to each board .dts files. Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
* ramips: fix dts error in LED color/function conversionChristian Marangi2024-02-08
| | | | | | | | Fix DTS error in LED color/function conversion due to a bug in the conversion script. Fixes: 19c45b95dbb5 ("ramips: convert to new LED color/function format where possible") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* lantiq: fix dts error in LED color/function conversionChristian Marangi2024-02-08
| | | | | | | | Fix DTS error in LED color/function conversion due to a bug in the conversion script. Fixes: 0c3f3eb229e4 ("lantiq: convert to new LED color/function format where possible") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* ipq806x: fix dts error in LED color/function conversionChristian Marangi2024-02-08
| | | | | | | | Fix DTS error in LED color/function conversion due to a bug in the conversion script. Fixes: 33e796232911 ("ipq806x: convert to new LED color/function format where possible") Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* strace: update to 6.7Nick Hainke2024-02-07
| | | | | | | Release Notes: https://github.com/strace/strace/releases/tag/v6.7 Signed-off-by: Nick Hainke <vincent@systemli.org>
* base-files/leds: add setting the LED color via uciFlorian Eckert2024-02-07
| | | | | | | | | | | | | | | | Add the possibility that colored LEDs can also be configured via the uci. config led 'led1' option name '<name>' option sysfs '<path>' option trigger 'default-on' option default '1' --> option color_{$color} '<0-255>' The supported names of the variable "${color}" for the selected LED can be queried in the file with the name 'multi_index'. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* base-files/leds: merging code sequences that belongs togetherFlorian Eckert2024-02-07
| | | | | | | Setting the trigger and checking whether the trigger can be set belong together and should not be interrupted by other lines of code. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* base-files/leds: save led color value if availableFlorian Eckert2024-02-07
| | | | | | | | | | | | | There are monochrome LEDs that can only display one color. However, there are also LEDs that can display multiple colors. This can be tested in the led subsystem of the kernel if the files 'multi_index' and 'multi_intensity' are present in the folder '/sys/class/leds/<ledname>'. Until now it was not possible to reset the default color. This commit adds the missing information in the file '/var/run/led.state' so that the bootup color can be seen on the LED again when the LED configuration has been changed. Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* realtek: convert to new LED color/function format where possibleChristian Marangi2024-02-07
| | | | | | | | Initial conversion to new LED color/function format and drop label format where possible. The same label is composed at runtime. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* realtek: drop redundant label with new LED color/function formatChristian Marangi2024-02-07
| | | | | | | | | Drop redundant label with new LED color/function format declared. This was needed previously when the new format wasn't supported by leds.sh functions script. Now that is supported this property can be removed in favor of the new format. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* ramips: convert to new LED color/function format where possibleChristian Marangi2024-02-07
| | | | | | | | Initial conversion to new LED color/function format and drop label format where possible. The same label is composed at runtime. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* ramips: drop redundant label with new LED color/function formatChristian Marangi2024-02-07
| | | | | | | | | Drop redundant label with new LED color/function format declared. This was needed previously when the new format wasn't supported by leds.sh functions script. Now that is supported this property can be removed in favor of the new format. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* qualcommax: convert to new LED color/function format where possibleChristian Marangi2024-02-07
| | | | | | | | Initial conversion to new LED color/function format and drop label format where possible. The same label is composed at runtime. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
* qualcommax: drop redundant label with new LED color/function formatChristian Marangi2024-02-07
| | | | | | | | | Drop redundant label with new LED color/function format declared. This was needed previously when the new format wasn't supported by leds.sh functions script. Now that is supported this property can be removed in favor of the new format. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Powered by cgit, Themed by Ted Yin.