| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
7e5830edfb38 nl80211: fix datatype of NL80211_BAND_IFTYPE_ATTR_HE_CAP_{MAC,PHY} attrs
5c8fd34bac42 nl80211: fix parsing of NL80211_BAND_ATTR_VHT_MCS_SET attribute
e8d4e4fe967d nl80211: fix decoding of NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET attribute
30a3f7ad0433 rtnl: store callback in listener registry only on success
9cbe8294909f rtnl: optimize reception of rtnl events
534417132e18 rtnl: increase event socket rx buffer size limit to 1 MiB
3f9811d2f7b7 compiler: close upvalues on loop control statements
Fixes: https://github.com/jow-/ucode.git/issues/187
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
| |
|
|
|
|
|
|
| |
Release Notes:
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.12.5
Fixes: CVE-2024-25062
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
|
| |
Refresh patch:
- 001-replace-attribute_const.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
|
|
|
| |
PoE devices in the realtek target have the possibility to add PSE info
to the board description via 02_network. Make this available for all
targets, by moving the uci_set_poe() function to the globally available
uci-default.sh script.
Signed-off-by: Sander Vanheule <sander@svanheule.net>
|
| |
|
|
|
|
|
| |
Drop deprecated Xiaomi LEDs quirk patches as they are not needed anymore
as LEDs are now supported by the upstream qca807x driver.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
If a PHY doesn't use the integrated driver, SSDK use poll the phydev to
get the real PHY mode. qca807x use PSGMII as PHY mode and this specific
mode is not detected in qca SSDK while used in the entire driver.
Add support for it in the hsl_port_phydev_interface_mode_status_get
function used to translate PHY mode to the internal SSDK value.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Disable Malibu PHY driver in Qca SSDK in favor of the upstream version.
The same workaround are applied and the version upstream is just a drop
in replacement and is well tested from the ipq40xx target.
Also using the upstream version permits further support for LEDs.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
|
| |
Highlights:
- Silence small page read warning.
- Autodetect NAND erase size and env sectors.
Signed-off-by: Shiji Yang <yangshiji66@qq.com>
|
| |
|
|
|
|
|
|
|
| |
IPQ60xx uses a different codename for SSDK, so lets pass the correct one
as otherwise SSDK asumes we are building for the old MIPS SoC-s.
Signed-off-by: Robert Marko <robimarko@gmail.com>
[ drop outdated commit description info ]
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Update to latest version.
Refresh patches:
- 002-Revert-tools-env-use-run-to-store-lockfile.patch
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
|
|
|
| |
Checking for AP_VLAN misdetects ath10k-ath12k as fullmac, because of software
crypto limitations. Check for monitor mode support instead, which is more
reliable.
Fixes: https://github.com/openwrt/openwrt/issues/14575
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
| |
|
|
|
|
|
|
|
|
| |
- introduce 'DirectInterface' option to bind exactly to specified interface;
fixes #9666 and late IPv4/IPv6 address assignment
- option 'DirectInterface' takes precedence over 'Interface'
- improve interface/address handling,
e.g. verify count of listening endpoints due to dropbear limit (10 for now)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
- correct maximum receive window size
- adjust receive window size against maximum allowed value
- warn about too high receive window size in syslog
improves f95eecfb
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
runtime:
- adjust ownership/permissions while starting dropbear
build time:
- correct file permissions for preseed files in $(TOPDIR)/files/etc/dropbear/ (if any)
closes #10849
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
end users should have done this since OpenWrt 19.07.
if they didn't do this yet - perform auto-transition.
schedule 'rsakeyfile' removal for next year release.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
dropbear may be configured and compiled with support for different host key types
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
move DROPBEAR_ASKPASS under DROPBEAR_DBCLIENT (in all meanings)
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
| |
these options allow one to configure U2F/FIDO support in more granular way
inspired by upstream commit aa6559db
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
reduces binary/package size and increases overall performance
also:
- adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
this takes an effect only if getusershell(3) is missing
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
fixes 65256aee
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
hmac-sha1 and diffie-hellman-group14-sha1 are weak algorithms.
A future deprecation notice of ssh-rsa (2048-bit) has been issued. [1]
It has no place in a potentially internet-facing daemon like dropbear.
Upstream has acknowledged this and offered this solution to disable
these two until this is made to be the default in the next release
of dropbear next year. [2]
1. https://www.openssh.com/txt/release-8.2
2. https://github.com/mkj/dropbear/issues/138
Signed-off-by: John Audia <therealgraysky@proton.me>
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
- "default n" is not needed: options are not selected by default
- wrap config on 80 characters width (assuming tab is 8 characters long)
- add feature cost size and security notes for DROPBEAR_AGENTFORWARD
and DROPBEAR_DBCLIENT_AGENTFORWARD:
describe why and where it should be disabled
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
improves b78aae79
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- switch DB_OPT_COMMON and DB_OPT_CONFIG to comma-separated lists:
this allows to have values with "|" in DB_OPT_COMMON and DB_OPT_CONFIG
which is more likely to be than values with commas;
use $(comma) variable for values with commas.
- sort DB_OPT_COMMON and DB_OPT_CONFIG to have "overrides" on top of list.
- allow DB_OPT_COMMON to have values with commas.
- allow to replace multiline definitions in sysoptions.h.
improves e1bd9645
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)
various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels
adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- update dropbear to latest stable 2022.83;
for the changes see https://matt.ucc.asn.au/dropbear/CHANGES
- drop patches:
- 001-fix-MAX_UNAUTH_CLIENTS-regression.patch
- rework patches:
- 901-bundled-libs-cflags.patch
- refresh remaining patches
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
| |
|
|
|
|
| |
allow EDP support if compiled and add force EDP option
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
prevent SNMP options being passed unless lldpd supports them
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
increment Makefile package release to reflect changes to init script
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to set LLDP transmit delay, hold timers to set update frequency
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to override system platform instead of using kernel name
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to force SONMP to be enabled even when no peer detected
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to force FDP when no peers detected
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to specify CDPv1 or CDPv2 and separately enable or force each
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to allow LLDP disabling while using other supported protocols
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option portidsubtype to correct port identifiers and descriptions
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to set agent-type to control propogation
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to enable LLDP MED fast-start and set fast-start timer
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to disable LLDP-MED inventory TLV transmission
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add option to disable advertising kernel version
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
| |
add filter option to init script.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
|
| |
Bind to the configured system interfaces only. Switchport interfaces
are no longer ignored and uci interface values for LLDPD are honored.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
|
|
|
| |
Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
|
| |
|
|
|
|
|
| |
Release Notes:
https://github.com/strace/strace/releases/tag/v6.7
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the possibility that colored LEDs can also be configured via the uci.
config led 'led1'
option name '<name>'
option sysfs '<path>'
option trigger 'default-on'
option default '1'
--> option color_{$color} '<0-255>'
The supported names of the variable "${color}" for the selected LED can be
queried in the file with the name 'multi_index'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
| |
Setting the trigger and checking whether the trigger can be set belong
together and should not be interrupted by other lines of code.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There are monochrome LEDs that can only display one color. However, there
are also LEDs that can display multiple colors. This can be tested in the
led subsystem of the kernel if the files 'multi_index' and 'multi_intensity'
are present in the folder '/sys/class/leds/<ledname>'.
Until now it was not possible to reset the default color. This commit adds
the missing information in the file '/var/run/led.state' so that the bootup
color can be seen on the LED again when the LED configuration has been changed.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
|
| |
|
|
|
|
|
|
| |
Release Notes:
- https://www.spinics.net/lists/kexec/msg32139.html
- https://www.spinics.net/lists/kexec/msg33447.html
Signed-off-by: Nick Hainke <vincent@systemli.org>
|
| |
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|