| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
- introduce 'DirectInterface' option to bind exactly to specified interface;
fixes #9666 and late IPv4/IPv6 address assignment
- option 'DirectInterface' takes precedence over 'Interface'
- improve interface/address handling,
e.g. verify count of listening endpoints due to dropbear limit (10 for now)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog
improves f95eecfb
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
runtime:
- adjust ownership/permissions while starting dropbear
build time:
- correct file permissions for preseed files in $(TOPDIR)/files/etc/dropbear/ (if any)
closes #10849
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
end users should have done this since OpenWrt 19.07.
if they didn't do this yet - perform auto-transition.
schedule 'rsakeyfile' removal for next year release.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
dropbear may be configured and compiled with support for different host key types
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
move DROPBEAR_ASKPASS under DROPBEAR_DBCLIENT (in all meanings)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
| |
these options allow one to configure U2F/FIDO support in more granular way
inspired by upstream commit aa6559db
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
reduces binary/package size and increases overall performance
also:
- adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
this takes an effect only if getusershell(3) is missing
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
fixes 65256aee
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms.
A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1]
It has no place in a potentially internet-facing daemon like dropbear.
Upstream has acknowledged this and offered this solution to disable
these two until this is made to be the default in the next release
of dropbear next year. [2]
1. https://www.openssh.com/txt/release-8.2
2. https://github.com/mkj/dropbear/issues/138
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
and DROPBEAR_DBCLIENT_AGENTFORWARD:
describe why and where it should be disabled
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
improves b78aae79
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists:
this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG
which is more likely to be than values with commas;
use $(comma) variable for values with commas.
- sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list.
- allow DB_OPT_COMMON to have values with commas.
- allow to replace multiline definitions in sysoptions.h.
improves e1bd9645
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)
various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels
adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- update dropbear to latest stable 2022.83;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop patches:
- 001-fix-MAX_UNAUTH_CLIENTS-regression.patch
- rework patches:
- 901-bundled-libs-cflags.patch
- refresh remaining patches
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
allow EDP support if compiled and add force EDP option
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
prevent SNMP options being passed unless lldpd supports them
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
increment Makefile package release to reflect changes to init script
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to set LLDP transmit delay, hold timers to set update frequency
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to override system platform instead of using kernel name
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to force SONMP to be enabled even when no peer detected
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to force FDP when no peers detected
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to specify CDPv1 or CDPv2 and separately enable or force each
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to allow LLDP disabling while using other supported protocols
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option portidsubtype to correct port identifiers and descriptions
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to set agent-type to control propogation
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to enable LLDP MED fast-start and set fast-start timer
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to disable LLDP-MED inventory TLV transmission
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to disable advertising kernel version
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add filter option to init script.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
|
| |
Bind to the configured system interfaces only. Switchport interfaces
are no longer ignored and uci interface values for LLDPD are honored.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
|
|
|
| |
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
|
| |
Release Notes:
https://github.com/strace/strace/releases/tag/v6.7
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the possibility that colored LEDs can also be configured via the uci.
config led 'led1'
option name '<name>'
option sysfs '<path>'
option trigger 'default-on'
option default '1'
--> option color_{$color} '<0-255>'
The supported names of the variable "${color}" for the selected LED can be
queried in the file with the name 'multi_index'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
| |
Setting the trigger and checking whether the trigger can be set belong
together and should not be interrupted by other lines of code.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There are monochrome LEDs that can only display one color. However, there
are also LEDs that can display multiple colors. This can be tested in the
led subsystem of the kernel if the files 'multi_index' and 'multi_intensity'
are present in the folder '/sys/class/leds/<ledname>'.
Until now it was not possible to reset the default color. This commit adds
the missing information in the file '/var/run/led.state' so that the bootup
color can be seen on the LED again when the LED configuration has been changed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
| |
Release Notes:
- https://www.spinics.net/lists/kexec/msg32139.html
- https://www.spinics.net/lists/kexec/msg33447.html
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
| |
v4l2-mem2mem.ko needs CONFIG_V4L2_MEM2MEM_DEV symbol.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
|
| |
|
|
|
|
| |
videobuf2-v4l2.ko needs CONFIG_VIDEOBUF2_V4L2 symbol.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
|
| |
|
|
|
|
|
| |
v4l2-common.ko was merged into videodev.ko and no longer exists.
Fixes: ac5671f46cb4 ("kernel: remove obsolete kernel version switches for 4.19")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The maintainer and repository of wireless-regdb has changed.
https://lore.kernel.org/all/CAGb2v657baNMPKU3QADijx7hZa=GUcSv2LEDdn6N=QQaFX8r-g@mail.gmail.com/
Changes:
37dcea0 wireless-regdb: Update keys and maintainer information
9e0aee6 wireless-regdb: Makefile: Reproducible signatures
8c784a1 wireless-regdb: Update regulatory rules for China (CN)
149c709 wireless-regdb: Update regulatory rules for Japan (JP) for December 2023
bd69898 wireless-regdb: Update regulatory rules for Singapore (SG) for September 2023
d695bf2 wireless-regdb: Update and disable 5470-5730MHz band according to TPC requirement for Singapore (SG)
4541300 wireless-regdb: update regulatory database based on preceding changes
Signed-off-by: Yuu Toriyama <PascalCoffeeLake@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a9693e1979c2 linux-firmware: add firmware for MT7996
0258dc90e3a1 wifi: mt76: mt7603: fix reading target power from eeprom
3e81173d9e2b wifi: mt76: mt7603: initialize chainmask
786a339bac36 wifi: mt76: mt7996: fix fortify warning
bc37a7ebc267 wifi: mt76: mt7996: fix fw loading timeout
027bab6a88a3 wifi: mt76: usb: create a dedicated queue for psd traffic
e8909c610c3b wifi: mt76: usb: store usb endpoint in mt76_queue
8b3d96fa4ead wifi: mt76: mt792xu: enable dmashdl support
7864d7ad0ed0 wifi: mt76: mt76x2u: add netgear wdna3100v3 to device table
27c81f7c1480 wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band
b7443c63069a wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band
bab721a65f5a wifi: mt76: mt7925: fix mcu query command fail
1f0f71ed81e8 wifi: mt76: mt7925: fix wmm queue mapping
bcfe2ad966f3 wifi: mt76: mt7925: fix fw download fail
f982c3d67a29 wifi: mt76: mt7925: fix WoW failed in encrypted mode
6a72716ec213 wifi: mt76: mt7925: fix the wrong header translation config
50928b7e1359 wifi: mt76: mt7925: add flow to avoid chip bt function fail
762ab4530e8f wifi: mt76: mt7925: add support to set ifs time by mcu command
87deaf82efa4 wifi: mt76: mt7925: update PCIe DMA settings
c190c1576522 wifi: mt76: mt7925: support temperature sensor
025d5734caba wifi: mt76: mt7996: check txs format before getting skb by pid
4768bfa2baca wifi: mt76: mt7996: fix TWT issues
a65e3eced907 wifi: mt76: mt7996: disable AMSDU for non-data frames
d71716d93aee wifi: mt76: mt7996: fix incorrect interpretation of EHT MCS caps
f21728f3f4bd wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands
68dad7dacd2a wifi: mt76: mt7996: fix HE beamformer phy cap for station vif
66a28f340cdc wifi: mt76: mt7996: mark GCMP IGTK unsupported
b47ad8a7764e wifi: mt76: mt7996: fix efuse reading issue
c2fc7dae7b72 wifi: mt76: mt7996: remove TXS queue setting
e0f1ed168ed5 wifi: mt76: mt7996: add locking for accessing mapped registers
d0cc92c1fd08 wifi: mt76: connac: set correct muar_idx for mt799x chipsets
ae0c62279adc wifi: mt76: mt7996: fix HIF_TXD_V2_1 value
ecc14276af54 wifi: mt76: mt792x: fix ethtool warning
9827df56b241 wifi: mt76: move wed common utilities in wed.c
dccbd2598505 wifi: mt76: mt7925: fix the wrong data type for scan command
9907f4f20261 wifi: mt76: mt792x: add the illegal value check for mtcl table of acpi
1b088a7ac06d wifi: mt76: mt7921e: fix use-after-free in free_irq()
f3c5b4820d7f wifi: mt76: mt7925e: fix use-after-free in free_irq()
d75eac9f5531 wifi: mt76: mt7921: fix incorrect type conversion for CLC command
7bd5401f5bb1 wifi: mt76: mt792x: fix a potential loading failure of the 6Ghz channel config from ACPI
ea55196bc4a0 wifi: mt76: mt792x: update the country list of EU for ACPI SAR
6124ea9135ed wifi: mt76: mt7921: fix the unfinished command of regd_notifier before suspend
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
Also remove remaining wireless extension support, since this package
was the only in-tree user of it
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
Useful for UI and config generators. Will be used as intermediate
step for generating the default wifi configuration
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
| |
The coda kernel modules were moved between 5.15 and 6.1.
Adapt the coda-vpu and imx-vdoa modules for that.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
| |
|
|
|
|
|
|
| |
Linux 6.1 changed DRM_GEM_DMA_HELPER to a module (drm_dma_helper.ko).
Add this to the drm-imx to fix module dependencies.
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
|
| |
|
|
|
|
|
| |
Location of the module file was changed between 5.15 and 6.1. Adapt the
recipe for that.
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
|