Calling functions like recv() with a NULL buffer is not explicitly
allowed by the POSIX standard, so it must be avoided to be portable
across different libc implementations. Allocate an initial buffer before
handling requests, and also pass this buffer to the peek recv() call.
Fixes: 531937cf6f ("gluon-neighbour-info: fix broken output with large results")
This removes PKG_VERSION and PKG_RELEASE from most Makefiles, as the
value was never useful for Gluon packages; instead, PKG_VERSION is set
to 1 in gluon.mk.
It also removes two other weird definitions:
- gluon-iptables-clamp-mss-to-pmtu replicating the old PKG_VERSION logic
from gluon-core, but without the fixed PKG_BUILD_DIR to prevent
unnessary rebuilds
- gluon-hoodselector set GLUON_VERSION=3
Sometimes it is useful to override the default version detection, for
example when local patches are applied to a repo. Allow providing a
version number using a file called .scmversion, which is the same that
the Linux kernel and U-Boot use.
Calling git describe directly breaks isolation between the build system
and packages. Replace this with proper .config variables, like we
already do for GLUON_RELEASE.
Also replace the PKG_VERSION hack with a static '1', as we do for other
packages - while having those version numbers in opkg was cute, it was
also entirely useless. Having a fixed PKG_VERSION allows us to remove
the PKG_BUILD_DIR override as well.
Currently a buffer with a fixed size of 8192 bytes is used. However the
result can potentially be larger, which leads to a truncated JSON
output on stdout. UDP packets, without compression and with IP
fragmentation, can be up to 64KiB large.
Instead of using a fixed size buffer on the stack ask the kernel first
about the size of the UDP data and allocate a buffer of appropriate size
on the heap before receiving the UDP data.
The issue was observed with a custom respondd provider.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
7fcb8024d openpyxl: bump to version 3.0.9
c0b23efab [openwrt-21.02] delve: Update to 1.7.2
365b62f4f zerotier: update to 1.6.6
172ebab28 xray-core: Update to 1.4.5
5d3faa6a4 yq: Update to 4.13.2
713051525 attendedsysupgrade-common: use sysupgrade.openwrt.org
ecf1e6575 libmbim: bump to 1.24.8
54a095164 modemmanager: bump to 1.16.6
dab28002f libqmi: bump to 1.28.8
602dbc60f libqmi: bump to 1.28.6
d8f33f73e lxc: remove legacy cgroups from common.conf
67e9ed1d5 syncthing: update to 1.18.2
2cd1fa16b python-astral: update to version 2.2
e1c24c07f fail2ban: patch CVE-2021-32749
6979ce4a6 php7: fix config file upgrade issue (fixes#14623)
2929694f8 php7: update to 7.4.23
54d1c110b yq: Update to 4.13.0
fd21207cf travelmate: update to 2.0.7-2
2bb2a48d1 openpyxl: bump to version 3.0.8
50351667a adguardhome: bump to 0.106.3
a98adbc47 adguardhome: bump to 0.106.2
8236e0441 adguardhome: bump to 0.106.1
b5ad600a7 adguardhome: bump to 0.106.0
be38dc31e adguardhome: bump to 0.105.2
b1b8128e4 adguardhome: bump to 0.105.1
8a06dc026 autoconf: fix shebang
8638a565c parted: add new package
3fdaf7d8d golang: Update to 1.17.1
929b57d85 banip: update 0.7.10-3
af46ac4bf travelmate: update to 2.0.7
40b7ea606 ntfs-3g: patch CVE-2019-9755
e72cc2b0a python3: bump version to 3.9.7
cd82a36ba fail2ban: fix hotplug when disabled
a5109ac20 django: bump to version 3.2.7
98708c83e fail2ban: fix package for fail2ban v0.11.2
f056f252c fail2ban: initial package of fail2ban version 0.11.2 python3-pyinotify: initial package version 0.9.6 of pyinotify for python3
89bdb70f1 nextdns: Update to version 1.37.2
58b23e9bc unbound: backport fix for permission denied error
60a7fc782 unbound: update to 1.3.2
b81785de9 unbound: fix build on non-linux systems
8ca8872b3 cgi-io: update to latest Git HEAD
4ba1aac1f haproxy: Update HAProxy to v2.2.17
178b9484d wsdd2: update to git (2021-08-09), switch to Netgear repo
593931084 samba: update to 4.14.7
ca591b551 tor: update to version 0.4.5.8
a5206895e nextdns: Update to version 1.37.1
642d2b0a5 xray-core: Update to 1.4.3
6071edf17 banip: update 0.7.10-2
9cf487461 nextdns: Update to version 1.37.0
dd093d410 pillow: bump to version 8.2.0
7022e9913 acme: Fix uhttpd restart to load new certificates
6256cf49d python-certifi: update to version 2021.5.30
59dab31e0 squashfs-tools: bump to version 4.5
73364d0c4 hplip: add a patch to respect CFLAGS
6b1133720 collectd: sensors plugin - depend on lm-sensors
090623ac1 mwan3: Use shebang in /etc/mwan3.user
119a05ffd perlbase-data: Add dependency on perlbase-scalar
502ca434c lttng-tools: fix linking with full language support enabled
73bd199ab stoken: fix compilation with BUILD_NLS
7674639c5 augeas: fix compilation with BUILD_NLS
9d4046157 treewide: Remove GO_PKG_LDFLAGS for stripping binaries
0b8baefec openvpn: add OpenVPN option push-peer-info
82dc4c08b python-cryptography: Update to 3.4.8
65057dcbb tailscale: update to version 1.12.3
f818f4a0d tailscale: update to version 1.12.1
13faefa9b tailscale: update to version 1.8.7
a1b8c64c2 tailscale: update to version 1.8.1
d721fea58 libssh: update to 0.9.6
The address of the vpn interface is calculated in the style of
modified EUI-64, based on a virtual mac address. This virtual mac
address consists of 0x00 as first byte and the other five bytes
are taken from the first bytes of md5sum(base64 encoded public key).
The algorithm was taken by the ffmuc, with a slight difference. ffmuc
calculated the result of md5sum(base64 encoded public key + '\n')
which was interpreted as accidential fault and therefore dropped.
Example:
- Public-Key: "gP3VJnTTvnQut+z4O+m0N9RgMyXbgyUbUkF3E3TKX2w="
- Address: "fe80::02ca:b8ff:fedc:2eb3"
The following interfaces are used for wireguard:
- wg_mesh -> wireguard interface
- mesh-vpn -> vxlan iface on top of wg_mesh
If you use this new feature, make sure the NTP servers in your site
config are publicly reachable. This is necessary, since wireguard
requires correct time before the vpn connection is established.
Therefore gluon performs ntp time synchronisation via WAN before it
establishes the vpn connection. Therefore the NTP servers have to
be publicly reachable (and not only via mesh).
Hardware
--------
MediaTek MT7621AT
256M DDR3
32M SPI-NOR
MediaTek MT7603 2T2R 802.11n 2.4GHz
MediaTek MT7915 2T2R 802.11ax 5GHz
Not Working
-----------
- Bluetooth (connected to UART3)
UART
----
UART is located in the lower left corner of the board. Pinout is
0 - 3V3 (don't connect)
1 - RX
2 - TX
3 - GND
Console is 115200 8N1.
Boot
----
1. Connect to the serial console and connect power.
2. Double-press ESC when prompted
3. Set the fdt address
$ fdt addr $(fdtcontroladdr)
4. Remove the signature node from the control FDT
$ fdt rm /signature
5. Transfer and boot the OpenWrt initramfs image to the device.
Make sure to name the file C0A80114.img and have it reachable at
192.168.1.1/24
$ tftpboot; bootm
Installation
------------
1. Connect to the booted device at 192.168.1.20 using username/password
"ubnt".
2. Update the bootloader environment.
$ fw_setenv devmode TRUE
$ fw_setenv boot_openwrt "fdt addr \$(fdtcontroladdr);
fdt rm /signature; bootubnt"
$ fw_setenv bootcmd "run boot_openwrt"
3. Transfer the OpenWrt sysupgrade image to the device using SCP.
4. Check the mtd partition number for bs / kernel0 / kernel1
$ cat /proc/mtd
5. Set the bootselect flag to boot from kernel0
$ dd if=/dev/zero bs=1 count=1 of=/dev/mtdblock4
6. Write the OpenWrt sysupgrade image to both kernel0 as well as kernel1
$ dd if=openwrt.bin of=/dev/mtdblock6
$ dd if=openwrt.bin of=/dev/mtdblock7
7. Reboot the device. It should boot into OpenWrt.
Before this commit, some *.po files contained the same translation
twice within the same file. While this did not led to errors in
gluon yet, it is still invalid. This commit fixes that and removes
the duplicates.
- Move site check for prefix4 and extra_prefixes6 to gluon-core, so the
rules don't need to be duplicated in several packages. This also fixes
gluon-respondd not checking extra_prefixes6 at all when
gluon-ebtables-source-filter is not installed as well.
- A redundant check for prefix6 is removed from gluon-l3roamd (this was
already checked by gluon-core)
- A separate check for prefix4 remains in gluon-client-bridge, as the
setting in mandatory there
* ath79-generic: add support for Onion Omega
support was previously dropped in
commit 45c84a117b ("ar71xx: drop target")
* fixup! ath79-generic: add support for Onion Omega
* fixup! ath79-generic: add support for Onion Omega
- [x] must be flashable from vendor firmware
- [ ] webinterface
- [ ] tftp
- [x] other: Console port available. Manufacturer specific cable required.
Tutorial in OpenWRT commit message https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=c6e972c8772a628a1a2f2e5590d7c6f4acef9ab0
- [x] must support upgrade mechanism
- [x] must have working sysupgrade
- [x] must keep/forget configuration (if applicable)
*think `sysupgrade [-n]` or `firstboot`*
- [x] must have working autoupdate
root@Aruba-AP-303H:~# lua -e 'print(require("platform_info").get_image_name())'
aruba-ap-303h
- [x] reset/wps/phone button must return device into config mode
- [x] primary mac should match address on device label (or packaging) (https://gluon.readthedocs.io/en/latest/dev/hardware.html#notes)
- wired network
- [x] should support all network ports on the device
- [x] must have correct port assignment (WAN/LAN)
- wifi (if applicable)
- [x] association with AP must be possible on all radios
- [x] association with 802.11s mesh must be working on all radios
- [x] ap/mesh mode must work in parallel on all radios
- led mapping
- power/sys led (_critical, because led definitions are setup on firstboot only_)
- [x] lit while the device is on
- [x] should display config mode blink sequence
(https://gluon.readthedocs.io/en/latest/features/configmode.html)
- radio leds
- [x] should map to their respective radio
- [x] should show activity
- switchport leds
- [x] should map to their respective port (or switch, if only one led present)
- [x] should show link state and activity
- outdoor devices only
- [ ] added board name to `is_outdoor_device` function in `package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua`
- ToDo (upstream):
- enable PoE pass through on interface E3
system.poe_passthrough=gpio_switch
system.poe_passthrough.name='PoE Passthrough'
system.poe_passthrough.gpio_pin='446'
system.poe_passthrough.value='0' (0 is active)
e294a22 batman-adv: Refresh patches with quilt
519ef4a batman-adv: Merge bugfixes from 2021.2
8d93475 olsrd: add filtergw plugin
76a7bc7 olsrd: update to 2021-06-21
3912935 olsrd: use SPDX
69e2fe6 bird2: Fix bus error on OSPF on IPQ806X
fa1791dbc htop: Add HTOP_LMSENSORS config option
19998f14f banip: update 0.7.10
36ffcd66f xray-core: fix build under go 1.17
2b17d1ca9 golang: Update to 1.17
0e3c2d959 gpsd: bump to 3.23
3b73213bf yq: Update to 4.12.1
954eba88a auc: update to version 0.2.4
af4098118 yq: Update to 4.12.0
cec17047d apr: patch CVE-2021-35940
1c982c63a nextdns: Update to version 1.36.0
4adf9a1c1 mosquitto: allow auth options with per listener settings
c4f61bf57 mosquitto: init: support more UCI options
6c9d59571 airos-dfs-reset: add airos-dfs-reset
baceb237a [openwrt-21.02] delve: Update to 1.7.1
0bd7e25f2 phantap: update to latest commit
06011c690 travelmate: update to 2.0.6
3733d0a7d travelmate: update to 2.0.5-3
d89bb6bec https-dns-proxy: patch CMakeList.txt to use OpenWrt CFLAGS
8b5002a6e dnscrypt-proxy2: Upgrade to 2.1.0
ffb8b452a c-ares: update to version 1.17.2
ce0c9af93 mc: add a missing Syntax file
f5669e3a6 mblaze: new package
af616fc58 hwdata: update to version 0.350
0240320e8 tvheadend: update to v4.2.8, remove static ffmpeg
4ddc4a613 tvheadend: fix compilation with GCC 9 and 10
fdee10fde python3-setuptools: add _distutils_hack
affb4038c zabbix: Call killall with the -s
d0444c0f5 git: update to 2.33.0
e583b7e3e mc: update to 2.8.27
542aa086e curl: update to 7.78.0
dd49c191a auc: update to version 0.2.0
395f55203 unixodbc: use 'install' when copying host binaries
b3c416b2d perl: perlmod.mk: use 'install' for host binaries
5665c3bdf stubby: Add multi WAN support for procd trigger
1ca9b3c98 stubby: remove maintainer
39b401638 stubby: remove libidn2 and libunwind dependencies
57eab26bb stubby: bump to 0.4.0
cb7030229 sqm-scripts: bump to v1.5.1
eed183c5f travelmate: update to 2.0.5-2
3eab47600 travelmate: update to 2.0.5
20ff270f2 django: bump to version 3.2.6
b3cfba1de dockerd: Updated to 20.10.8
832671029 docker: Updated to 20.10.8
6fb2beb6a containerd: Updated to 1.4.9 for docker 20.10.8
f815bdd72 runc: Updated to 1.0.1 for docker 20.10.8
10b295626 whois: update to 5.5.9
6f82209e4 whois: update to 5.5.8
eda1e1045 gitlab-runner: update to 14.0.1
aa4171673 clamav: update to 0.103.3
2fc25208a irssi: add test.sh
8de166f42 irssi: update to 1.2.3
e264d6689 atlas-sw-probe: fix copypaste error and clean tmp dir on exit
9cb317541 Flash: update to version 2.0.1
eb5e13d37 Jinja2: update to version 3.0.1
573338fe4 Werkzeug: update to version 2.0.1
d1007d29f MarkupSafe: update to version 2.0.1
9fa4ce04a click: update to version 8.0.1
735f9ed87 itsdangerous: update to version 2.0.1
979464c6a net/snort3: Include default configs and snort2lua
dccb98855 knot-resolver: update to version 5.4.0
e38772510 knot: update to version 3.1.0
a2819fab7 golang: Update to 1.16.7
1a3687049 python-twisted: Update to 21.7.0, refresh patches
78a25390b libxslt: fix compilation because of wrong libxml2 check in configure script
beba98240 simple-adblock: update to 1.8.7-6
51de4b108 php7: update to 7.4.22
38fc5d866 libxml2: update to 2.9.12
e928ef733 php8: add CI runtime test
91be67942 php8: update to 8.0.9
bc6d77a7c node: bump to 14.17.4
af5c3af0c curl: enable HTTP/2 support by default
3cb1894b8 https-dns-proxy: update to 2021-07-29-01
c4a323903 nextdns: Update to version 1.35.0
bda6773b9 dawn: update to 2021-07-27
25a0a5cc4 travelmate: update to 2.0.4
877b65214 adblock: bugfix 4.1.3-3
11455c0fd librouteros: don't build docs
2c7ad7ca6 yq: Update to 4.11.2
fefd88227 syslog-ng: update to version 3.33.2
17c4b0332 ddns-scripts: use https for google ipv6 ddns url
d2cb8f4ee erlang: disable PIE
fc598339c yggdrasil: bump to 0.4.0
4ea887e64 vpnbypass: updates to 1.3.2-1
5e69e4108 Revert "net/miniupnpd: ext_ip_reserved_ignore support"
117c6bf76 knot: update to version 3.0.8
1c69a5270 knot: update to version 3.0.7
17809e28a yq: Update to 4.11.0
eabde6aab delve: Update to 1.7.0
ec9700fee golang: Update to 1.16.6
f7ba01cdd sane-backends: use macros (properly), remove chmod
041e28776 sane-backends: fix usbid file generation
48576dba7 vpn-policy-routing: update to 0.3.5-1
a0183d3f6 stress-ng: bump to version 0.12.10
0805c1199 stress-ng: bump to version 0.12.07
43a391e5f stress-ng: bump to version 0.12.06
752da2a8b stress-ng: bump to version 0.12.04
23925c77a ruby: update to 3.0.2
dd1930f03 dawn: update to 2021-07-11
c6fcfda21 dawn: update to 2021-07-08
8aeb26b41 yq: Update to 4.9.8
cc78ba6b5 addrwatch: Various fixes
6a24f88c3 yggdrasil: allow HTTPS connections
0a5ab6882 yggdrasil: bump to 0.3.16
79417f0a3 python-cffi: bump to version 1.14.6
02a0c8a4f python-simplejson: bump to version 3.17.3
1954ed36a openvpn: enable LZO support by default for OpenSSL variant
827fa8e21 syslog-ng: disable mqtt
f58494968 mwan3: bump PKG_VERSION to 2.10.11
7e71550f1 mwan3: add troublshoot command from LuCI
4f5b05ab8 mwan3: cleanup help output
588d781df syslog-ng: update to version 3.33.1
56d7a225e apache: update to 2.4.48
e11d70d0c transmission: add new syscalls to seccomp filter
ee11ce67a netdata: update to version 1.30.1
3ac73fa18 wsdd2: update to git 2021-06-28
7723235f4 samba4: update to 4.14.5
a2a9702f8 softethervpn5: update to 5.02.5180
104af774c rpcbind: update to 1.2.6
90341aa79 libtirpc: update to 1.3.2
c66b3dc45 lxc: add patch to switch GPG server
a5a176d86 yq: Update to 4.9.7
4bc55dd04 python3: do a simple ls on pip & setuptools if not selected for build
ef50ed85a python3: update to version 3.9.6
033b04ee7 mwan3: use default routes from additional tables
790a49c09 libuv: fix CVE-2021-22918
c605f4cb4 django: bump to version 3.2.5
63ca71937 nextdns: Update to version 1.34.2
57ed36db4 tessdata: uncompress tarball only once to speed up builds
3d7d41f71 tessdata: update to 2.1.0
7d9210015 openconnect: backport iconv/intl fix
5201d8739 python-dateutil: add setuptools-scm build dep
c2657a2e9 adblock: update 4.1.3-2
8e1a8026b crun: update to 0.20
15b873947 crun: bump to version 0.19.1
dae7bdd91 crun: Don't build on arc
08abbfd9b crun: add package crun
0f395b994 auc: update to version 0.1.8
51dd1c1fd delve: add package
3fef9fffa cache-domains: Fixed missing wildcard entries
24e67d6fa nextdns: Update to version 1.33.11
4692a31be travelmate: startup fixes
29eab35c6 openvpn: update to 2.5.3
1216b02d4 tcpreplay: bump to version 4.3.4
56e4da231 python-lxml: bump to version 4.6.3
535bcdb57 pillow: bump to version 8.1.2
1e01952ce ddns-scripts: get l3 device for bind network using curl
99f838dd6 ddns-scripts: Fix for domains with dash
12cd69329 ddns-scripts: Fix for wildcard subdomain
94efa1c612 fritz-tools: fix returning wrong values due to strncmp usage
d9be07169e mbedtls: update to 2.16.11
f407b2f43c mvebu: armada-37xx: add patch to forbid cpufreq for 1.2 GHz
b254bd697d Revert "mvebu: 5.4 fix DVFS caused random boot crashes"
4003eeab35 dnsmasq: reset EXTRA_MOUNT in the right place
6ca34c5c0c dnsmasq: fix more dnsmasq jail issues
b88ab44036 dnsmasq: rework jail mounts
8ef5894197 dnsmasq: use local option for local domain parameter
da5fd91073 dnsmasq: add ignore hosts dir to dnsmasq init script
9531e70708 OpenWrt v21.02.0-rc4: revert to branch defaults
134ac824c5 OpenWrt v21.02.0-rc4: adjust config defaults
2d5ee43dc6 kernel: bump 5.4 to 5.4.137