With the update to OpenWrt 21.02 the bridge MLD wakeup call feature was
removed. However the issue with Android devices and MLD is still
present. Therefore readding the bridge MLD wakeup call patch and porting
it to Linux 5.10 / OpenWrt 22.03.
Link: https://issuetracker.google.com/issues/149630944
Fixes: aab2b914b8 ("modules: switch to OpenWrt 21.02")
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
d1f14d17aa ramips: fix GB-PC1 and GB-PC2 device support
0197cc553a hostapd: fix WPA3 enterprise keys and ciphers
567f64df57 iwinfo: update to latest HEAD
f543588812 iproute2: Fix KERNEL_INCLUDE in SDK
8de88a2aa9 umbim: bump to git HEAD
e0832778a3 mt76: update to the latest version
da3dc96b64 netifd: update to the latest version
237f8e2cfc netifd: update to git HEAD
8a9733ee0d rpcd: bump version to 2022-08-24
8f4a2e4234 rpcd: update to latest Git HEAD
f92ac40ebd uhttpd: update to latest Git HEAD
d4f20964ff ucode: update to latest Git HEAD
469db326ac nftables: fix parsing date expressions
fd268e3973 firewall4: update to latest Git HEAD
296c9aeb39 ipq806x: add missing scaling_available_frequencies for dedicated cpufreq
97213c7335 mac80211: parse the correct set of HE capabilities for AP mode
ecd8f7e294 ramips: get MAC addr from the encrypted partition (WG4хх223)
290ace2fe6 base-files: add mtd_get_mac_encrypted_arcadyan function
d94a28f7d2 uencrypt: add package to decrypt WG4хх223 config
bfb37d363c odhcp6c: update to git HEAD
464f349fad ramips: allow custom trx magic for Arcadyan
7edaae16db ramips: create new dtsi for Arcadyan routers
206581018c ramips: add support for MTS WG430223
1320a78aab ramips: add support for ASUS RT-AX53U
e06f97eb33 mvebu: backport pending Turris Omnia LEDs improvements
93ac163dea mvebu: backport DTS changes for Turris Omnia from mvebu/dt
659bb7638d mpc85xx: enable NAND support for all subtargets
89b7714cf6 kernel: add kmod-leds-turris-omnia
5e39f37caa toolchain: Update glibc 2.34 to recent HEAD
da7e9b201e build: add support for python3.11 and higher
dfe5c23592 iwinfo: update to latest HEAD
1d16b928b3 ath25: fix initramfs image generation
2728d13030 ath25: fix ELF image generation
46e62907f1 kernel: bump 5.10 to 5.10.136
be29de706c kernel: bump 5.10 to 5.10.135
6c901ec97d kernel: Backport upstream flowtable patches from 5.15
6a638c134d pkg-config: always use correct path for pkg-config.real
1c7a167366 kernel: kmod-phy-smsc: Add new PHY
fd4a354f3e kernel: kmod-phy-ax88796b: Add new PHY
13d66ef33f kernel: kmod-ipt-ulog: Remove package
534e256c02 kernel: kmod-nft-nat6: Remove package
2a6fa77b77 kernel: ipt-ipset: Add ipset/ip_set_hash_ipmac.ko
fc05102d51 kernel: netsupport: kmod-sched: explicitly define included modules
3b51f74a91 kernel: netsupport: kmod-sched: Add kmod-lib-textsearch dependency
9727b71147 kernel: netsupport: kmod-sched: Remove sch_fq_codel and sch_fifo
0038e96c27 arm-trusted-firmware-mediatek: skip bad blocks on SPI-NAND (SNFI)
5c69416246 fstools: add uci fstab section to conffiles for package block-mount
0855549b4b kernel: scale nf_conntrack_max more reasonably
0179ba7851 dnsmasq: fix jail_mount for serversfile
Update the device-support version for image-metadata so that older Gluon
versions not implementing skipping minor compat-version checks are able
to update to newer Gluon versions.
Signed-off-by: David Bauer <mail@david-bauer.net>
Add a migration script to migrate the device path of PCIe WiFi hardware
from OpenWrt 19.07 to the one used with OpenWrt 21.02+.
Signed-off-by: David Bauer <mail@david-bauer.net>
Set the compat-version of the sysupgrade image to 1.0 in order to allow
upgrades from Gluon-sources which are based on swconfig and do not
ignore mismatching minor compat-versions.
Signed-off-by: David Bauer <mail@david-bauer.net>
948ea0e9c046 ecdsautils: update to v0.4.1
97333939dbcc hwdata: update to version 0.359
22c8efd9377c tor: bump to 0.4.7.7 stable
241e70f5fd84 etherwake-nfqueue: swap iptables for nftables dependency
61e0ee2e8e30 rclone: Update to 1.58.1
a8374c48e14f apfree-wifidog: fix compile error
2af08fe724f3 gst1-libav: fix compilation with ffmpeg5
419054a05f56 libtorrent-rasterbar: Update to 2.0.6
With the update to ecdsautils 0.4.1, we can remove the downstream patch
again.
A vulnerability was found in ecdsautils which allows forgery of ECDSA
signatures. An adversary exploiting this vulnerability can create an update
manifest accepted by the autoupdater, which can be used to distribute
malicious firmware updates by spoofing a Gluon node's connection to the
update server.
5b7d01b427 iwinfo: update to latest HEAD
39aaec62ca hostapd: refresh patches
e2030fcfa7 hostapd: add ubus link-measurements notifications
1a2940f68e hostapd: add ubus method for requesting link measurements
b4a9597154 hostapd: add support for enabling link measurements
5a18028c69 iwinfo: update to latest HEAD
b519d76276 iwinfo: update to latest Git head
01cc5e195d iwinfo: update to latest Git HEAD
44781b265c iwinfo: update to the latest version
f7c445aa7d iwinfo: update to the latest version
75cbd8de00 wolfssl: fix compilation with /dev/crypto
1418439da9 kernel: add missing config symbols
39f1815b3e mac80211: fix QCA9561 PA bias
1769e3162e ramips: mt7620: disable SOC VLANs for external switches
30e47fb1e4 ramips: mt7620: ethernet: use more macros and bump version
3f976d0225 ramips: mt7620: fix RGMII TXID PHY mode
6685eb29e5 ramips: mt7620: add ephy-disable option to switch driver
47db830b82 ramips: mt7620: move mt7620_mdio_mode() to ethernet driver
6876465875 ramips: mt7620: use DTS to set PHY base address for external PHYs
5d7805c78b ramips: mt7620: allow both internal and external PHYs
01bbed7444 ramips: mt7620: fix ethernet driver GMAC port init
6491212ea7 ramips: mt7620: remove useless GMAC nodes
a14c2d409c ramips: mt7620: simplify DTS properties for GMAC
c652a06eef ramips: mt7620: enable autonegotiation for all ports
08ec622c46 ramips: make PHY initialization more descriptive
4123f177f9 ramips: add support for the Wavlink WL-WN579X3
92af15077f ramips: split Youku YK1 to YK-L1 and YK-L1c
55f8eb84d2 ramips: improve pinctrl for Youku YK-L1
92489b4f82 ramips: speed up spi frequency for Youku YK-L1
bea1891182 ramips: remove obsolete mx25l25635f compatible hack
6c44b157e5 mvebu: kernel: enable CONFIG_BLK_DEV_NVME
f0f9b7ac5c OpenWrt v21.02.3: revert to branch defaults
42a15ca378 OpenWrt v21.02.3: adjust config defaults
1d4dea6d4f ath79: Move TPLink WPA8630Pv2 to ath79-tiny target
41a97c2074 bcm27xx: add AMP2 to HifiBerry DAC+ / DAC+ Pro package
9a765554f4 ath79: add support for MikroTik RouterBOARD mAP lite
2cc9ee8000 ath79: add support for Yuncore A930
06874171d1 ath79: add support for Yuncore XD3200
c5ef62a218 wolfssl: bump to 5.2.0
99b00edf35 mac80211: Update to version 5.10.110-1
9132344444 bpftools: fix feature override for masking clang
169c9e3a88 ramips: fix reboot for remaining 32 MB boards
39bf2aee0e kernel: bump 5.4 to 5.4.188
3008f1f441 imagebuilder: fix broken image generation with external targets
Device specifications:
======================
* Qualcomm/Atheros AR9344 rev 2
* 560/450/225 MHz (CPU/DDR/AHB)
* 64 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 1T1R 2.4 GHz Wi-Fi
* 2T2R 5 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* TI tmp423 (package kmod-hwmon-tmp421) for temperature monitoring
* 2x ethernet
- eth0
+ AR8035 ethernet PHY
+ 10/100/1000 Mbps Ethernet
+ 802.3af POE
+ used as LAN interface
- eth1
+ 10/100 Mbps Ethernet
+ builtin switch port 1
+ 18-24V passive POE (mode B)
+ used as WAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Device specifications:
======================
* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi (11n)
* 2T2R 5 GHz Wi-Fi (11ac)
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* TI tmp423 (package kmod-hwmon-tmp421) for temperature monitoring
* 2x ethernet
- eth0
+ AR8035 ethernet PHY (RGMII)
+ 10/100/1000 Mbps Ethernet
+ 802.3af POE
+ used as LAN interface
- eth1
+ AR8035 ethernet PHY (SGMII)
+ 10/100/1000 Mbps Ethernet
+ 18-24V passive POE (mode B)
+ used as WAN interface
* 12-24V 1A DC
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Gluon image name change
=======================
The device had the image name "openmesh-om5p-ac" in older versions of Gluon.
This had to be changed with the new name in the device trees of the ath79
device tree.
Device specifications:
======================
* Qualcomm/Atheros AR7240 rev 2
* 350/350/175 MHz (CPU/DDR/AHB)
* 32 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2x 10/100 Mbps Ethernet
* 1T1R 2.4 GHz Wi-Fi
* 6x GPIO-LEDs (3x wifi, 2x ethernet, 1x power)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x fast ethernet
- eth0
+ 18-24V passive POE (mode B)
+ used as WAN interface
- eth1
+ builtin switch port 4
+ used as LAN interface
* 12-24V 1A DC
* external antenna
The device itself requires the mtdparts from the uboot arguments to
properly boot the flashed image and to support dual-boot (primary +
recovery image). Unfortunately, the name of the mtd device in mtdparts is
still using the legacy name "ar7240-nor0" which must be supplied using the
Linux-specfic DT parameter linux,mtd-name to overwrite the generic name
"spi0.0".
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Gluon image name change
=======================
The device had the image name "openmesh-om2p" in older versions of Gluon.
This had to be changed with the new name in the device trees of the ath79
device tree.
Device specifications:
======================
* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 2T2R 2.4 GHz Wi-Fi (11n)
* 2T2R 5 GHz Wi-Fi (11ac)
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x ethernet
- eth0
+ Label: Ethernet 1
+ AR8035 ethernet PHY (RGMII)
+ 10/100/1000 Mbps Ethernet
+ 802.3af POE
+ used as WAN interface
- eth1
+ Label: Ethernet 2
+ AR8035 ethernet PHY (SGMII)
+ 10/100/1000 Mbps Ethernet
+ used as LAN interface
* 1x USB
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
Device specifications:
======================
* Qualcomm/Atheros QCA9558 ver 1 rev 0
* 720/600/240 MHz (CPU/DDR/AHB)
* 128 MB of RAM
* 16 MB of SPI NOR flash
- 2x 7 MB available; but one of the 7 MB regions is the recovery image
* 3T3R 2.4 GHz Wi-Fi (11n)
* 3T3R 5 GHz Wi-Fi (11ac)
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x GPIO-button (reset)
* external h/w watchdog (enabled by default))
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x ethernet
- eth0
+ Label: Ethernet 1
+ AR8035 ethernet PHY (RGMII)
+ 10/100/1000 Mbps Ethernet
+ 802.3af POE
+ used as WAN interface
- eth1
+ Label: Ethernet 2
+ AR8031 ethernet PHY (SGMII)
+ 10/100/1000 Mbps Ethernet
+ used as LAN interface
* 1x USB
* internal antennas
Flashing instructions:
======================
Various methods can be used to install the actual image on the flash.
Two easy ones are:
ap51-flash
----------
The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the image to the u-boot when the device boots up.
initramfs from TFTP
-------------------
The serial console must be used to access the u-boot shell during bootup.
It can then be used to first boot up the initramfs image from a TFTP server
(here with the IP 192.168.1.21):
setenv serverip 192.168.1.21
setenv ipaddr 192.168.1.1
tftpboot 0c00000 <filename-of-initramfs-kernel>.bin && bootm $fileaddr
The actual sysupgrade image can then be transferred (on the LAN port) to the
device via
scp <filename-of-squashfs-sysupgrade>.bin root@192.168.1.1:/tmp/
On the device, the sysupgrade must then be started using
sysupgrade -n /tmp/<filename-of-squashfs-sysupgrade>.bin
The address of the vpn interface is calculated in the style of
modified EUI-64, based on a virtual mac address. This virtual mac
address consists of 0x00 as first byte and the other five bytes
are taken from the first bytes of md5sum(base64 encoded public key).
The algorithm was taken by the ffmuc, with a slight difference. ffmuc
calculated the result of md5sum(base64 encoded public key + '\n')
which was interpreted as accidential fault and therefore dropped.
Example:
- Public-Key: "gP3VJnTTvnQut+z4O+m0N9RgMyXbgyUbUkF3E3TKX2w="
- Address: "fe80::02ca:b8ff:fedc:2eb3"
The following interfaces are used for wireguard:
- wg_mesh -> wireguard interface
- mesh-vpn -> vxlan iface on top of wg_mesh
If you use this new feature, make sure the NTP servers in your site
config are publicly reachable. This is necessary, since wireguard
requires correct time before the vpn connection is established.
Therefore gluon performs ntp time synchronisation via WAN before it
establishes the vpn connection. Therefore the NTP servers have to
be publicly reachable (and not only via mesh).
This mark prevents a multicast packet being flooded through the whole
mesh. The advantage of marking certain multicast packets via e.g.
ebtables instead of dropping is then the following:
This allows an administrator to let specific multicast packets pass as
long as they are forwarded to a limited number of nodes only and are
therefore creating no burdon to unrelated nodes.
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
fec1aa6dfb mt76: update to the latest version
224fa47bf9 ramips: mark toggle input on EX6150 as a switch
3a05aa17db mac80211: Remove 357-mac80211-optimize-skb-resizing.patch
171d8bce0c ramips: remove factory image for TP-Link Archer C2 v1
2eb8444363 ath79: fix USB power GPIO for TP-Link TL-WR810N v1
d5a8e85878 wolfssl: Backport fix for CVE-2021-3336
cf5e5204d9 bcm63xx: sprom: override the PCI device ID
4465b44fc1 kernel: bump 4.14 to 4.14.219
4b9ade65ec bcm63xx: R5010UNv2: fix flash partitions for 16MB flash
ab9cb390be hostapd: fix P2P group information processing vulnerability
1e90091c5d opkg: update to latest git HEAD of branch openwrt-19.07
312c05611b kernel: bump 4.14 to 4.14.218
3100649458 wolfssl: enable HAVE_SECRET_CALLBACK
e9d2aa9dc6 wolfssl: Fix hostapd build with wolfssl 4.6.0
2044c01de8 wolfssl: Update to v4.6.0-stable
5ac0b2b431 mvebu: omnia: make initramfs image usable out of the box
[ Upstream commit 851d0a73c90e6c8c63fef106c6c1e73df7e05d9d ]
From: Joseph Huang <Joseph.Huang@garmin.com>
When enabling multicast snooping, bridge module deadlocks on multicast_lock
if 1) IPv6 is enabled, and 2) there is an existing querier on the same L2
network.
The deadlock was caused by the following sequence: While holding the lock,
br_multicast_open calls br_multicast_join_snoopers, which eventually causes
IP stack to (attempt to) send out a Listener Report (in igmp6_join_group).
Since the destination Ethernet address is a multicast address, br_dev_xmit
feeds the packet back to the bridge via br_multicast_rcv, which in turn
calls br_multicast_add_group, which then deadlocks on multicast_lock.
The fix is to move the call br_multicast_join_snoopers outside of the
critical section. This works since br_multicast_join_snoopers only deals
with IP and does not modify any multicast data structures of the bridge,
so there's no need to hold the lock.
Steps to reproduce:
1. sysctl net.ipv6.conf.all.force_mld_version=1
2. have another querier
3. ip link set dev bridge type bridge mcast_snooping 0 && \
ip link set dev bridge type bridge mcast_snooping 1 < deadlock >
A typical call trace looks like the following:
[ 936.251495] _raw_spin_lock+0x5c/0x68
[ 936.255221] br_multicast_add_group+0x40/0x170 [bridge]
[ 936.260491] br_multicast_rcv+0x7ac/0xe30 [bridge]
[ 936.265322] br_dev_xmit+0x140/0x368 [bridge]
[ 936.269689] dev_hard_start_xmit+0x94/0x158
[ 936.273876] __dev_queue_xmit+0x5ac/0x7f8
[ 936.277890] dev_queue_xmit+0x10/0x18
[ 936.281563] neigh_resolve_output+0xec/0x198
[ 936.285845] ip6_finish_output2+0x240/0x710
[ 936.290039] __ip6_finish_output+0x130/0x170
[ 936.294318] ip6_output+0x6c/0x1c8
[ 936.297731] NF_HOOK.constprop.0+0xd8/0xe8
[ 936.301834] igmp6_send+0x358/0x558
[ 936.305326] igmp6_join_group.part.0+0x30/0xf0
[ 936.309774] igmp6_group_added+0xfc/0x110
[ 936.313787] __ipv6_dev_mc_inc+0x1a4/0x290
[ 936.317885] ipv6_dev_mc_inc+0x10/0x18
[ 936.321677] br_multicast_open+0xbc/0x110 [bridge]
[ 936.326506] br_multicast_toggle+0xec/0x140 [bridge]
Fixes: 4effd28c1245 ("bridge: join all-snoopers multicast address")
Signed-off-by: Joseph Huang <Joseph.Huang@garmin.com>
Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Link: https://lore.kernel.org/r/20201204235628.50653-1-Joseph.Huang@garmin.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[linus.luessing@c0d3.blue: backported to 4.4]
This device is a dual 5GHz device. It is recommended to manually change the
radio of the first device to the lower 5GHz channels and the second radio
to the upper 5GHz channels
Gluon v2020.2.x uses fastd v19, so we keep that in a separate patch. The
fastd memory leak fix from v18 is not removed in this patch anymore, as
the fix is needed for v19 as well.
The v20 and v21 patches are squashed into one, as they aren't backports
anymore after the rebase onto current openwrt-19.07.
a2673dc53 fastd: fix buffer leak when receiving invalid packets
51bf00834 logrotate: update to version 3.17.0
8715cef64 logrotate: update to 3.16.0
acb77d5be python3: Update to 3.7.9, refresh/remove backported patches
4af889f20 travelmate: bugfix single radio mode
cb3bab180 netdata: update to version 1.26.0
70bb0b4c8 bind: update to version 9.16.7
d05698fae freeradius3: move "release_" from PKG_VERSION
93360e625 freeradius3: add meta-package for default modules
2f7338b62 python-urllib3: update to version 1.25.10 (security fix)
50a67ed74 nextdns: Update to version 1.8.6
b48575ef4 chrony: update to 3.5.1
35e6986a0 nextdns: mark /etc/config/nextdns as configuration file
418e3b294 simple-adblock: config update file fix
9ac587ca8 libuv: update to 1.40.0
613d21085 nano: update to 5.3
992746571 btrfs-progs: update to version 5.7
cedba1ca2 btrfs-progs: update to version 5.6
25b2751f8 python-pytz: update to 2019.03
f3b424139 adblock: refresh blocklist sources
ec628b10d syslog-ng: bump version in config file
d0a74afad syslog-ng: tweak shell code of network_localhost little bit
f705a5a93 python-sentry-sdk: Update to version 0.12.3
2976a5a0e haproxy: Update HAProxy to v2.0.18
eec7bd646 tor: update to version 0.4.4.5
91af4cf72 mariadb: Update to the latest version from 10.2 branch
9461ae47a Werkzeug: Update to version 0.16.0
f9d9ae8c8 Flask: update to version 1.1.2
4a833e3a8 Flask: Update to version 1.1.1
a4534f160 gstreamer1: enable build options necessary for most applications
8a71cdd6a python-ifaddr: update to version 0.1.7
05ea7dfc6 nextdns: Update to version 1.8.5
9069ad925 ipmitool: fix CVE-2020-5208
826fc8921 nextdns: Update to version 1.8.4
ac7f78285 openconnect: updated to 8.10 to address CVE-2020-12823
3f0e26637 python-zeroconf: update to version 0.28.0
fe7ceaa65 python-zeroconf: update to version 0.24.4
49459505e mwan3: fix typo in mwan3_set_sticky_iptables
cae961784 ocserv: include ocserv-worker
2af61c9a4 vpnbypass: README update, code cleanup
b00feac4b ocserv: updated to 1.1.1
c614914da miniupnpd: add miniupnpd ipv6_disable option, #11971 close
70e57317b simple-adblock: add config auto-update feature
94866d76a collectd: update to 5.12.0
b60fa2de9 collectd: update PKG_RELEASE
aeefbbe34 collectd: remove quotation on interval this is an number
b0ad32a3e collectd: move include line
fbe7abcd5 collectd: update PKG_RELEASE
f53b79ced collectd: fix ubi data source type
67a403bfe collectd: add ubi uci and plugin info
37335cf65 collectd: enable ubi plugin
Some newer MT7628 based routers (notably the TP-Link Archer C50 v4) are
shipped with a chip-id of 0x7600 in the on-flash EEPROM. Add this as a
possible valid ID.
This fixes unstable WiFi on some units of the TP-Link Archer C50 v4.
Implement a configurable MLD Querier wake-up calls "feature" which
works around a widely spread Android bug in connection with IGMP/MLD
snooping.
Currently there are mobile devices (e.g. Android) which are not able
to receive and respond to MLD Queries reliably because the Wifi driver
filters a lot of ICMPv6 when the device is asleep - including
MLD. This in turn breaks IPv6 communication when MLD Snooping is
enabled. However there is one ICMPv6 type which is allowed to pass and
which can be used to wake up the mobile device: ICMPv6 Echo Requests.
If this bridge is the selected MLD Querier then setting
"multicast_wakeupcall" to a number n greater than 0 will send n
ICMPv6 Echo Requests to each host behind this port to wake
them up with each MLD Query. Upon receiving a matching ICMPv6 Echo
Reply an MLD Query with a unicast ethernet destination will be sent
to the specific host(s).
Link: https://issuetracker.google.com/issues/149630944
Link: https://github.com/freifunk-gluon/gluon/issues/1832
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
This backports two fixes related to operation on DFS-required
channels.
When a DFS-required channel was selected as the regular
(non-outdoor-mode) 5 GHz channel, hostapd would switch to a non-DFS
channel as OpenWrt did not pass a chanlist of allowed ACS channels.
When hostapd is given a single channel for the chanlist or there's no
available channel left (all allowed channels are in the no-occupancy
period), hostapd prints "no DFS channels left, waiting for NOP to
finish" to the syslog but never stopped transmitting on this channel,
still sending out beacon frames and allowing client data transfer.
When the GTK is offloaded, MT7610 won't transmit any multicast frames.
This is most likely due to a bug in the offloading datapath. MT7612 is
not affected.
Disable GTK offloading for now. It can be re-enabled once the bug in the
offloading path is fixed.
Signed-off-by: David Bauer <mail@david-bauer.net>
This gives us WPA3 support out of the box without having to manually disable
hardware crypto. The driver will fall back to software crypto if the connection
requires management frame protection.
THis allows us to use WPA3 features (Private-WiFi SAE & OWE) on
ramips-mt7620.
