Init script reload with trigger to detect config file update.
Reload command added to attempt non-impactful lldpd reload where
lldpcli can be used to update config without process restart.
Config hash function used to track whether process restart is needed.
Signed-off-by: Stephen Howell <howels@allthatwemight.be>
(cherry picked from commit e483c247dc)
Link: https://github.com/openwrt/openwrt/pull/15299
Signed-off-by: Robert Marko <robimarko@gmail.com>
The file contains the the /usr/lib path from the toolchain directory and
not from the target directory. The /usr/lib directory for the toolchain
is empty and the shared library is not in the specified paths. On RISCV
the linker of util-linux was finding the libncursesw.so in my host
system, tried to link against it and failed. Fix the .pc file.
Fixes: #15942
Co-authored-by: Thomas Weißschuh <thomas@t-8ch.de>
Link: https://github.com/openwrt/openwrt/pull/16018
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 91573ac145)
Link: https://github.com/openwrt/openwrt/pull/16390
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This updates mac80211 to version 6.1.110-1. This code is based on Linux
6.1.110 and contains all fixes included in the upstream wireless
subsystem from that kernel version. This includes many bugfixes and also
some security fixes.
The removed patches are already integrated in upstream Linux 6.1.110.
The following patches were integrated in upstream Linux:
subsys/311-v6.2-wifi-mac80211-fix-and-simplify-unencrypted-drop-chec.patch
subsys/312-v6.3-wifi-cfg80211-move-A-MSDU-check-in-ieee80211_data_to.patch
subsys/313-v6.3-wifi-cfg80211-factor-out-bridge-tunnel-RFC1042-heade.patch
subsys/314-v6.3-wifi-mac80211-remove-mesh-forwarding-congestion-chec.patch
subsys/315-v6.3-wifi-mac80211-fix-receiving-A-MSDU-frames-on-mesh-in.patch
subsys/316-v6.3-wifi-mac80211-add-a-workaround-for-receiving-non-sta.patch
subsys/321-mac80211-fix-mesh-forwarding.patch
subsys/322-wifi-mac80211-fix-mesh-path-discovery-based-on-unica.patch
subsys/329-wifi-mac80211-fix-receiving-mesh-packets-in-forwardi.patch
subsys/339-wifi-cfg80211-fix-receving-mesh-packets-without-RFC1.patch
subsys/350-v6.3-wifi-mac80211-Allow-NSS-change-only-up-to-capability.patch
subsys/351-v6.9-wifi-mac80211-track-capability-opmode-NSS-separately.patch
Link: https://github.com/openwrt/openwrt/pull/16368
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this release is Moderate.
This release incorporates the following bug fixes and mitigations:
* Fixed possible denial of service in X.509 name checks (CVE-2024-6119)
* Fixed possible buffer overread in SSL_select_next_proto() (CVE-2024-5535)
Added github releases url as source mirror
Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
Link: https://github.com/openwrt/openwrt/pull/16332
(cherry picked from commit 62d3773bf1)
Link: https://github.com/openwrt/openwrt/pull/16346
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This contains a fix for:
CVE-2024-45157:
Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
Link: https://github.com/openwrt/openwrt/pull/16367
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
The path for linking libucode.so was not specified for the ucode binary.
This breaks execution of ucode in the host context.
Signed-off-by: David Bauer <david.bauer@uniberg.com>
(cherry picked from commit ae42ecaad4)
Empty trailing fields get lost when the lines are split and merged again
at colons, resulting in unparsable entries. Only use the split fields for
matching against the other file, but emit the original line unchanged
to fix the issue.
Fixes: de7ca7dafa ("base-files: merge /etc/passwd et al at sysupgrade config restore")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 9bbaa6f2c0)
This patch fixes the list delimiter between 3GPP networks
passed to hostapd.
> list iw_anqp_3gpp_cell_net '262,001'
> list iw_anqp_3gpp_cell_net '262,002'
When passing a list of "iw_anqp_3gpp_cell_net" parameters via UCI,
hostapd would crash at startup:
> daemon.err hostapd: Line 73: Invalid anqp_3gpp_cell_net: 262,001:262,002
Using a semicolon as a delimiter, hostapd will start as expected.
Signed-off-by: Sarah Maedel <git@tbspace.de>
(cherry picked from commit 8de185a176)
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from 5d2a008670)
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from a57a3e5cc5)
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from 2f846a3315)
Like other Ethernet drivers, print link speed and duplex mode
when the interface is up. Formatting output at the same time.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from fe0240f27e)
This log is noisy and useless, just ignore it.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from 8d9893ff34)
This log is noisy and useless, just ignore it.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
(cherry picked from 2fd0102cc3)
Instead of enabling RSS support, let's introduce a variant and let users
choose between both variants since it can cause network issues.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from bfeef9b3d7)
r8126 is an out of tree driver provided by Realtek for RTL8126 devices.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from 54623c6a1d)
Instead of enabling RSS support, let's introduce a variant and let users
choose between both variants since it can cause network issues.
Signed-off-by: Milinda Brantini <C_A_T_T_E_R_Y@outlook.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from f063f4620c)
r8125 is an out of tree driver provided by Realtek for RTL8125 devices.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from ddb4070c96)
r8168 is an out of tree driver provided by Realtek for RTL8168 devices.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
((cherry picked from commit 1565eeda4e)
r8101 is an out of tree driver provided by Realtek for RTL8101 devices.
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry picked from commit b72c4b5386)
The vendor U-Boot implementaion on Telenor branded ZyXEL EX5700
devices does not store its environment on flash. It is instead
kept in a memory region. This is persistent over reboots, but
not over power cycling.
The dual partition failsafe system used by the vendor U-Boot
requires the OS to modify a variable in this memory environment.
This driver allows the ordinary uboot-envtools to access a
memory region like it was a partition on NOR flash.
The specific vendor U-Boot adds a "no-map" /reserved-memory
section and a top level /ubootenv node pointing to the memory
environment. The driver uses this device specific fact to
locate the region. The matching and probing code will likely
have to be adjusted for any other devices to be supported.
Example partial device tree:
/ {
..
ubootenv {
memory-region = <&uenv>;
compatible = "ubootenv";
};
..
reserved-memory {
..
uenv: ubootenv@7ffe8000 {
no-map;
reg = <0 0x7ffe8000 0 0x4000>;
};
Signed-off-by: Bjørn Mork <bjorn@mork.no>
(cherry picked from commit b2e810f495)
This patch backports fixes for a security vulnerability impacting the
hostapd implementation of SAE H2E.
As upgrading hostapd would require more testing, the second mitigation
step which involves backporting several patches was adopted as outlined
in the official advisory[1].
An explanation of the impact of the vulnerability is provided from the
advisory[1]:
This vulnerability allows the attacker to downgrade the negotiated group
to another enabled group if both the AP and STA have enabled SAE H2E and
multiple groups. It should be noted that the H2E option is not enabled
by default and the attack is not applicable to the default option, i.e.,
hunting-and-pecking, since it does not have any downgrade protection for
group negotiation. In addition, the default configuration for enabled
SAE groups in hostapd is to enable only a single group, so the
vulnerability is not applicable unless hostapd has been explicitly
configured to enable more groups for SAE.
[1]: https://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt
Signed-off-by: Rany Hany <rany_hany@riseup.net>
Link: https://github.com/openwrt/openwrt/pull/16043
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit db7f70fe61)
