Starting from OpenSSH 9.0p, scp started to use sftp in favor of the
scp protocol by default. As dropbear in OpenWrt currently does not
support sftp by default, we now use the fallback cli switch "-O"
to use the scp protocol for scp.
An invalid branch may be set for various reasons:
- Previous firmware had an invalid default branch
- Branch list has changed and old UCI branch config was removed by a
site-specific upgrade script
- Manual UCI configuration
Re-add mikrotik target
Note that previous images were generic ones and as such no migration
path is provided other than manually flashing the image via config-mode.
If a community uses different vpn providers, they typically
assume the same MTU for the wan device underneath the VPN. As
different VPN providers however have different overhead, the MTU
of the VPN device differs for each provider. Therefore this
commit makes the MTU of the VPN device provider specific.
This has two advantages:
1. The same site.conf can used to bake firmwares for different
VPN providers (only by selecting a diferent vpn feature in the
site.mk).
2. We are coming closer to the option of integrating multiple VPN
providers into one firmware.
b708cf5a1 ffmpeg: update to 5.0.1
2d0893afb pigeonhole: update to 2.3.18
2904343fb dovecot: update to 2.3.18
771fc2373 openconnect: bump to version 9.01
6621ab68b miniflux: update to 2.0.36
aaab4075c openldap: drop use of HTTP in favor of HTTPS
2abb60c16 audit: avoid interferece with base libaudit build
964e972af audit: remove host build
0c44bdcea audit: Fix compilation with kernel 5.15
223f6215b poemgr: add package
9f4253df4 shadowsocks-libev: fix compat issue with newer version of ucode
044425dc4 bluez: Update to 5.64, update/refresh patches
30c39ca1d docker: Update to v20.10.16
b23eb24dc dockerd: Update to v20.10.16
6f3e7f879 libnetwork: Updated to 339b97 for docker v20.10.16
c5061b93d containerd: Update to v1.6.4 for docker v20.10.16 * Overrode `PREFIX` to have the old behaviour
33d3642c8 runc: Update to v1.1.1 for docker v20.10.16
001ab241e icu: bump to 71.1
136fb020f usteer: update to latest HEAD
db966f719 telegraf: Update to version 1.22.4
864bc0eac golang: Update to 1.18.2
867ad434f micropython-lib: Update to latest master
0cd609b67 ci: Look for changed packages in the PR branch only
9d2246b28 docker: fix compilation with glibc
5af6f2592 dockerd: fix compilation with glibc
8905f9808 dockerd: Add firewall independent dependencies
79614bb2a dockerd: Sorted dependencies for better diffs
c227c65c6 docker: Update to 20.10.14
df8b28232 dockerd: Update to 20.10.14, and update version checking mechanism
23547de3c containerd: Update to 1.5.11
c79b4f85b runc: update to 1.0.3
f8892740c privoxy: update to 3.0.33 and fix the init script
6f606107e lxc: export systemd cgroups after install
245c658fa cloudflared: Update to 2022.5.1
61a2e96d2 dnsproxy: Update to 0.42.3
f8e2c5dca dawn: update to 2022-05-09
68c7cb1d3 haproxy: Update HAProxy to v2.4.16
db148cc08 adblock: list maintenance
821fd2499 strongswan: add wolfssl plugin
220c75cef htop: update to 3.2.0
dad9ae19e v2rayA: Update to 1.5.7
2aa2a157b cloudreve: Update to 3.5.3
d51f7c20b cloudreve: Update to 3.5.2
0e639eb47 cloudflared: Update to 2022.5.0
23fc3e63c youtube-dl: update to 2021.12.17
50e306326 usteer: update to latest HEAD
f26d5e546 passh: updated per OpenWrt's common practice
3bd1d510e passh: an sshpass alternative
7fddd201f sexpect: updated per OpenWrt's common practice
40e42950c sexpect: Expect for Shells
b282f5bba https-dns-proxy: 2021-11-22-3: add support for Canary Domains
b93534691 zerotier: fix segfault on ARM platforms
34b6abf5a8 ath79: add support for MikroTik hAP (RB951Ui-2nD)
03cfdf72e2 ath79: add support for MikroTik RouterBOARD hAP ac lite
80baa60259 firewall4: update to latest Git HEAD
4575498276 ucode: update to latest Git HEAD
e90f74feb6 kernel: bump 5.10 to 5.10.116
95c315f200 ath79: fix ar934x spi driver delays
97a2012ecc openssl: bump to 1.1.1o
6f8db8fee3 wolfssl: bump to v5.3.0-stable
3aeb6e975f ipq806x: add support for Arris TR4400 v2 / RAC2V1A
a11c3cde27 realtek: add support for ZyXEL GS1900-16
9b20e2a699 ath79: add Netgear WNDAP360
6729fa2dd2 ath79: add support for TP-Link Deco M4R v1 and v2
3c57430d1c ramips: add led_source for Asus RT-AC1200 devices
e431195abf ramips: add support for Cudy X6
5439efe37d ramips: Add support for SERCOMM NA502S
fe5943a7bd ramips: add support for Wavlink WL-WN533A8
5454735574 ramips: create shared DTSI for Wavlink WN53XAX devices
7152bc84f4 ramips: add support for TP-Link RE650 v2
d627ea510c ramips: add support for YunCore AX820/HWAP-AX820
9c2ed54aa2 firmware-utils: bump to git HEAD
87f9dd665a firmware-utils: bump to git HEAD
3963a90df8 kernel: Add missing devm_regulator_get_exclusive()
7a0af40e37 kernel: bump 5.10 to 5.10.115
e0aaecdbb8 kernel: bump 5.10 to 5.10.114
416e8aefe1 IPQ4019: AVM FRITZ!Box 7530: Remove NAND ECC restrictions from DTS
ec45e1ff68 kernel: add support for Toshiba TC58NVG0S3HTA00 NAND flash
144d9c4a43 uboot-fritz4040: Add support for Toshiba NAND
9ef931f96b ath79: ZTE MF286[A,R]: add "Power button blocker" GPIO switch
54e759d05d ipq40xx: revert Cell-C RTL30VW to legacy caldata extraction
0f8eba4f95 ath79: fix I2C on GL-AR300M devices
308ce46076 ipq40xx: Lyra: update RGB LED-Controller node for 5.10+
19a8c723b6 lantiq: xway: disable unused switch drivers
a374a959b9 realtek: do not reset SerDes on link change
7b4702afef realtek: Trap all frames with switch as destination to CPU-port
1c6a179e1a ramips: fix booting on Samknows SK-WB8
6120a66e6a bcm27xx: include 'rtc' in target's 'FEATURES'
ae64d0624c kernel: fix corrupted padding on small packets with mt753x dsa
53fc6e9ede kernel: fix flow offload issues with pppoe
77e123340f mediatek: add patches for MT7622 WED (wireless ethernet dispatch)
- [x] Must be flashable from vendor firmware
- [x] Web interface
- [ ] TFTP (untested, but possible according to OpenWrt wiki)
- [ ] Other: <specify>
- [x] Must support upgrade mechanism
- [x] Must have working sysupgrade
- [x] Must keep/forget configuration (`sysupgrade [-n]`, `firstboot`)
- [x] Gluon profile name matches autoupdater image name
(`lua -e 'print(require("platform_info").get_image_name())'`)
- [x] Reset/WPS/... button must return device into config mode
- [x] Primary MAC address should match address on device label (or packaging)
(https://gluon.readthedocs.io/en/latest/dev/hardware.html#notes)
- When re-adding a device that was supported by an earlier version of Gluon, a
factory reset must be performed before checking the primary MAC address, as
the setting from the old version is not reset otherwise.
- Wired network
- [x] should support all network ports on the device
- [x] must have correct port assignment (WAN/LAN)
- On devices supplied via PoE, there is usually no explicit WAN/LAN labeling on the hardware.
The PoE input should be the WAN port in this case.
- Wireless network (if applicable)
- [x] Association with AP must be possible on all radios
- [x] Association with 802.11s mesh must work on all radios
- [x] AP+mesh mode must work in parallel on all radios
- LED mapping
- Power/system LED
- [x] Lit while the device is on
- [x] Should display config mode blink sequence
(https://gluon.readthedocs.io/en/latest/features/configmode.html)
- Radio LEDs
- [x] Should map to their respective radio
- [x] Should show activity
- Switch port LEDs
- [x] Should map to their respective port (or switch, if only one led present)
- [x] Should show link state and activity
Replace most of the page to account for the changes that have happened
in Gluon and OpenWrt in the last 4 years:
- Switch from Shell-based target definition language to Lua
- Removal of targets using legacy build code
Closes#2360
WolfSSL has a significant lower flash footprint. Also, issues with OWE /
SAE connections were fixed in OpenWrt a while ago.
See ddcb970274
Signed-off-by: David Bauer <mail@david-bauer.net>
948ea0e9c046 ecdsautils: update to v0.4.1
97333939dbcc hwdata: update to version 0.359
22c8efd9377c tor: bump to 0.4.7.7 stable
241e70f5fd84 etherwake-nfqueue: swap iptables for nftables dependency
61e0ee2e8e30 rclone: Update to 1.58.1
a8374c48e14f apfree-wifidog: fix compile error
2af08fe724f3 gst1-libav: fix compilation with ffmpeg5
419054a05f56 libtorrent-rasterbar: Update to 2.0.6
With the update to ecdsautils 0.4.1, we can remove the downstream patch
again.
5ff900e0ade7 firewall: config: remove restictions on DHCPv6 allow rule
2ac5ee7f8a99 fstools: update to git HEAD
ffe12f8b48cf procd: update to git HEAD
0dc3ecf0da1c base-files: simplify restorecon logic
efc38b315e9b selinux-policy: update to version 1.1
6cb08b17979c base-files: add missing $IPKG_INSTROOT to restorecon call
9282cb0be06c base-files: address sed in-place without SELinux awareness
dc71658a802b fstools: update to git HEAD
3a974b5bcd77 ipq40xx: fix BDF file for pcie wifi chip on the GL.Inet GL-B2200
d90c7621f40f kernel: bump 5.10 to 5.10.113
e9c14fa85f4d kernel: bump 5.10 to 5.10.112
fa8e050c4bcb f2fs-tools: fix resize.f2fs (#9800)
0c25b9cb11bf ath79: add USB power control for GL-AR300M series
a142d96ade46 mpc85xx: Fix output location of padded dtb
fbd9605a908d build: don't remove BUILD_LOG_DIR in _clean
946f60aaebc6 dnsmasq: add logfacility file to jail mounts
6d5a097232b0 ath79: ubnt: drop swconfig on ac-{lite,lr,mesh}
18649fbff04a bcm63xx: fix description fix name case
d79380ac1dff ath79: ZTE MF286R: add comgt-ncm to DEVICE_PACKAGES
4c5d2cde1307 ramips: zbt-wg2626: Add the reset gpio for PCIe port 1
A vulnerability was found in ecdsautils which allows forgery of ECDSA
signatures. An adversary exploiting this vulnerability can create an update
manifest accepted by the autoupdater, which can be used to distribute
malicious firmware updates by spoofing a Gluon node's connection to the
update server.
Remove support for the TP-Link WDR4900, as it us currently unable to
load its kernel sure to factory bootloader constraints.
Progress on this topic is tracked in #2491
