Merge pull request from GHSA-xqhj-fmc7-f8mv

ecdsautils: verify: fix signature verification (CVE-2022-24884)

CONTRIBUTING.md

@@ -50,4 +50,4 @@ existing commit messages to get the idea.
 [packages]: https://gluon.readthedocs.io/en/latest/user/site.html#packages
 [#gluon]: https://webirc.hackint.org/#gluon
 [mailing list]: mailto:gluon@luebeck.freifunk.net
-[list of rejected features]: https://github.com/freifunk-gluon/gluon/issues?q=label%3Arejected
+[list of rejected features]: https://github.com/freifunk-gluon/gluon/issues?q=label%3A%222.+status%3A+rejected%22

Makefile

@@ -106,6 +106,8 @@ list-targets: FORCE
 	@$(foreach target,$(GLUON_TARGETS),echo '$(target)';)
 
 
+GLUON_DEFAULT_PACKAGES := hostapd-mini
+
 GLUON_FEATURE_PACKAGES := $(shell scripts/features.sh '$(GLUON_FEATURES)' || echo '__ERROR__')
 ifneq ($(filter __ERROR__,$(GLUON_FEATURE_PACKAGES)),)
 $(error Error while evaluating GLUON_FEATURES)
@@ -118,7 +120,7 @@ define merge_packages
     GLUON_PACKAGES := $$(strip $$(filter-out -$$(patsubst -%,%,$(pkg)) $$(patsubst -%,%,$(pkg)),$$(GLUON_PACKAGES)) $(pkg))
   )
 endef
-$(eval $(call merge_packages,$(GLUON_FEATURE_PACKAGES) $(GLUON_SITE_PACKAGES)))
+$(eval $(call merge_packages,$(GLUON_DEFAULT_PACKAGES) $(GLUON_FEATURE_PACKAGES) $(GLUON_SITE_PACKAGES)))
 
 config: FORCE
 	@$(CheckExternal)

README.md

@@ -4,7 +4,9 @@ https://gluon.readthedocs.io/.
 If you're new to Gluon and ready to get your feet wet, have a look at the
 [Getting Started Guide](https://gluon.readthedocs.io/en/latest/user/getting_started.html).
 
-**Gluon IRC channel: `#gluon` in [hackint](https://hackint.org/)**
+Gluon's developers frequent an IRC chatroom at [#gluon](ircs://irc.hackint.org/#gluon)
+on [hackint](https://hackint.org/). There is also a [webchat](https://webirc.hackint.org/#irc://irc.hackint.org/#gluon)
+that allows for access from within your browser.
 
 ## Issues & Feature requests
 
@@ -19,7 +21,7 @@ the future development of Gluon.
 
 Please refrain from using the `master` branch for anything else but development purposes!
 Use the most recent release instead. You can list all releases by running `git tag`
-and switch to one by running `git checkout v2018.2 && make update`.
+and switch to one by running `git checkout v2018.2.4 && make update`.
 
 If you're using the autoupdater, do not autoupdate nodes with anything but releases.
 If you upgrade using random master commits the nodes *will break* eventually.

docs/conf.py

@@ -47,12 +47,12 @@ master_doc = 'index'
 
 # General information about the project.
 project = 'Gluon'
-copyright = '2015-2018, Project Gluon'
+copyright = '2015-2019, Project Gluon'
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
-version = release = '2018.2'
+version = release = '2018.2.3'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

docs/dev/basics.rst

@@ -15,9 +15,13 @@ The `main repo`_ does have issues enabled.
 IRC
 ---
 
-Gluon's developers frequent `#gluon on hackint`_. You're welcome to join us!
+Gluon's developers frequent the IRC chatroom `#gluon`_ on `hackint`_.
+There is a `webchat`_ that allows for easy access from within your
+webbrowser. You're welcome to join us!
 
-.. _#gluon on hackint: irc://irc.hackint.org/#gluon
+.. _#gluon: ircs://irc.hackint.org/#gluon
+.. _hackint: https://hackint.org/
+.. _webchat: https://webirc.hackint.org/#irc://irc.hackint.org/#gluon
 
 
 Working with repositories
@@ -32,9 +36,9 @@ rerun
 
 `make update` also applies the patches that can be found in the directories found in
 `patches`; the resulting branch will be called `patched`, while the commit specified in `modules`
-can be refered to by the branch `base`.
+can be referred to by the branch `base`.
 
-After new patches have been commited on top of the `patched` branch (or existing commits
+After new patches have been committed on top of the `patched` branch (or existing commits
 since the base commit have been edited or removed), the patch directories can be regenerated
 using
 

docs/dev/hardware.rst

@@ -31,14 +31,14 @@ can work::
 
     lua -e 'print(require("platform_info").get_image_name())'
 
-While porting Gluon to a new device, it might happen that the profile name is un-
-known. Best practise is to generate an image first by using an arbitrary value
+While porting Gluon to a new device, it might happen that the profile name is
+unknown. Best practise is to generate an image first by using an arbitrary value
 and then executing the lua command on the device and use its output from then on.
 
 The second parameter defines the name of the image files generated by OpenWrt. Usually,
 it is also the OpenWrt profile name; for devices that still use the old image build
 code, a third parameter with the OpenWrt profile name can be passed. The profile names
-can be found in the image Makefiles in ``lede/target/linux/<target>/image/Makefile``.
+can be found in the image Makefiles in ``openwrt/target/linux/<target>/image/Makefile``.
 
 Examples::
 
@@ -99,7 +99,7 @@ target supports *per-default rootfs*).
 Configuration
 '''''''''''''
 
-The ``config`` command allows to add arbitary target-specific OpenWrt configuration
+The ``config`` command allows to add arbitrary target-specific OpenWrt configuration
 to be emitted to ``.config``.
 
 Notes

docs/dev/packages.rst

@@ -10,7 +10,7 @@ Gluon package makefiles
 As many packages share the same or a similar structure, Gluon provides a ``package/gluon.mk`` that
 can be included for common definitions. This file replaces OpenWrt's ``$(INCLUDE_DIR)/package.mk``;
 it is usually included as ``include ../gluon.mk`` from Gluon core packages, or as
-``include $(TOPDIR)../package/gluon.mk`` from feeds.
+``include $(TOPDIR)/../package/gluon.mk`` from feeds.
 
 Provided macros
 ***************
@@ -74,7 +74,7 @@ Feature flags provide a convenient way to define package selections without
 making it necessary to list each package explicitly.
 
 The main feature flag definition file is ``package/features``, but each package
-feed can provide additional defintions in a file called ``features`` at the root
+feed can provide additional definitions in a file called ``features`` at the root
 of the feed repository.
 
 Each flag *$flag* without any explicit definition will simply include the package

docs/dev/site_library.rst

@@ -11,7 +11,7 @@ from Lua scripts. Example:
 
 The *site* object in this example does not directly represent the *site.conf* data structure;
 instead, it is wrapped in a way that makes it more convenient to access deeply nested elements.
-To access the the underlying values, they must be unwrapped using the function call notation
+To access the underlying values, they must be unwrapped using the function call notation
 (the ``()`` after ``site.wifi24.ap.ssid`` in the example).
 
 The wrapper objects have two advantages over simple Lua tables:

docs/dev/upgrade.rst

@@ -23,7 +23,7 @@ Best practices
   This allows using the same code to create the initial configuration and upgrade configurations on upgrades.
 
 * If it is unavoidable to run different code during the initial installation, the ``sysconfig.gluon_version`` variable
-  can be checked. This variable is ``nil`` during the initial installation and contains the previously install Gluon
+  can be checked. This variable is ``nil`` during the initial installation and contains the previously installed Gluon
   version otherwise.
 
 Script ordering

docs/dev/wan.rst

@@ -5,7 +5,7 @@ As the WAN port of a node will be connected to a user's private network, it
 is essential that the node only uses the WAN when it is absolutely necessary.
 There are two cases in which the WAN port is used:
 
-* Mesh VPN (package ``gluon-mesh-vpn-fastd``
+* Mesh VPN (package ``gluon-mesh-vpn-fastd``)
 * DNS to resolve the VPN servers' addresses (package ``gluon-wan-dnsmasq``)
 
 After the VPN connection has been established, the node should be able to reach

docs/dev/web/config-mode.rst

@@ -2,7 +2,7 @@ Config Mode
 ===========
 
 The `Config Mode` consists of several modules that provide a range of different
-condiguration options:
+configuration options:
 
 gluon-config-mode-core
     This modules provides the core functionality for the config mode.

docs/dev/web/controller.rst

@@ -71,7 +71,7 @@ Useful functions:
     values for the given key.
   - *status* (*code*, *message*): Writes the HTTP status to the reply. Has no effect
     if a status has already been sent or non-header data has been written.
-  - *header* (*key*, *value*): Adds an HTTP header to the reply to be sent to to
+  - *header* (*key*, *value*): Adds an HTTP header to the reply to be sent to
     the client. Has no effect when non-header data has already been written.
   - *prepare_content* (*mime*): Sets the *Content-Type* header to the given MIME
     type, potentially setting additional headers or modifying the MIME type to

docs/dev/web/model.rst

@@ -51,14 +51,14 @@ Classes and methods
 
     - *Form:write* ()
 
-      Is called after the form has beed submitted (but only if the data is valid). It
+      Is called after the form has been submitted (but only if the data is valid). It
       is called last (after all options' *write* methods) and is usually used
       to commit changed UCI packages.
 
       The default implementation of *write* doesn't do anything, but it can be
       overridden.
 
-  - *Section* (usually instanciated through *Form:section*)
+  - *Section* (usually instantiated through *Form:section*)
 
     - *Section:option* (*type*, *id*, *title*, *description*)
 

docs/dev/web/view.rst

@@ -11,7 +11,9 @@ Views are partial HTML pages, with additional template tags that allow
 to embed Lua code and translation strings. The following tags are defined:
 
   - ``<%`` ... ``%>`` evaluates the enclosed Lua expression.
-  - ``<%=`` ... ``%>`` evaluates the enclosed Lua expression and prints its value.
+  - ``<%|`` ... ``%>`` evaluates the enclosed Lua expression and prints its value.
+  - ``<%=`` ... ``%>`` evaluates the enclosed Lua expression and prints its value
+    *without escaping HTML entities*. This is useful when the value contains HTML code.
   - ``<%+`` ... ``%>`` includes another template.
   - ``<%:`` ... ``%>`` translates the enclosed string using the loaded i18n catalog.
   - ``<%_`` ... ``%>`` translates the enclosed string *without escaping HTML entities*

docs/features/autoupdater.rst

@@ -39,8 +39,8 @@ A fully automated nightly build could use the following commands:
     make update
     make clean GLUON_TARGET=ar71xx-generic
     NUM_CORES_PLUS_ONE=$(expr $(nproc) + 1)
-    make -j$NUM_CORES_PLUS_ONE GLUON_TARGET=ar71xx-generic GLUON_BRANCH=experimental
-    make manifest GLUON_BRANCH=$GLUON_BRANCH GLUON_RELEASE=$GLUON_RELEASE
+    make -j$NUM_CORES_PLUS_ONE GLUON_TARGET=ar71xx-generic GLUON_BRANCH=experimental GLUON_RELEASE=$GLUON_RELEASE
+    make manifest GLUON_BRANCH=experimental GLUON_RELEASE=$GLUON_RELEASE
     contrib/sign.sh $SECRETKEY output/images/sysupgrade/experimental.manifest
 
     rm -rf /where/to/put/this/experimental

docs/features/configmode.rst

@@ -15,7 +15,7 @@ Activating Config Mode
 
 Config Mode is automatically entered at the first boot. You can re-enter
 Config Mode by pressing and holding the RESET/WPS button for about three
-seconds. The device should reboot (all LEDs will turn of briefly) and 
+seconds. The device should reboot (all LEDs will turn off briefly) and
 Config Mode will be available.
 
 

docs/features/monitoring.rst

@@ -24,7 +24,7 @@ Information to be announced is currently split into three categories:
     interfaces. This data can be used to determine the network topology.
 
 All categories will have a ``node_id`` key. It should be used to
-relate data of different catagories.
+relate data of different categories.
 
 Accessing Node Information
 --------------------------
@@ -117,7 +117,7 @@ The supported requests are:
 gluon-neighbour-info
 ~~~~~~~~~~~~~~~~~~~~
 
-The programm `gluon-neighbour-info` can be used to retrieve
+The program `gluon-neighbour-info` can be used to retrieve
 information from other nodes.
 
 ::

docs/features/multidomain.rst

@@ -161,7 +161,7 @@ site.conf only variables
 
    -  mesh_vpn.fastd.syslog_level
    -  wifi*.supported_rates
-   -  wifi*.basic_rates
+   -  wifi*.basic_rate
    -  timezone
    -  regdom
 
@@ -193,8 +193,8 @@ domain.conf only variables
    -  prefix4
    -  extra_prefixes6
 
--  To prevent accidential bridging of different domains, all meshing
-   technologies should be seperated:
+-  To prevent accidental bridging of different domains, all meshing
+   technologies should be separated:
 
    -  domain_seed (wired mesh)
 

docs/features/private-wlan.rst

@@ -1,7 +1,7 @@
 Private WLAN
 ============
 
-It is possible to set up a private WLAN that bridges the WAN port and is seperated from the mesh network.
+It is possible to set up a private WLAN that bridges the WAN port and is separated from the mesh network.
 Please note that you should not enable ``mesh_on_wan`` simultaneously.
 
 The private WLAN can be enabled through the config mode if the package ``gluon-web-private-wifi`` is installed.
@@ -19,7 +19,7 @@ You may also enable a private WLAN using the command line::
   uci set wireless.wan_radio$RID.ssid="$SSID"
   uci set wireless.wan_radio$RID.key="$KEY"
   uci set wireless.wan_radio$RID.disabled=0
-  uci set wireless.wan_radio$RID.macaddr="$($(echo "lua -e print(require('gluon.util').generate_mac(3+4*$RID))"))"
+  uci set wireless.wan_radio$RID.macaddr=$(lua -e "print(require('gluon.util').generate_mac(3+4*$RID))")
   uci commit
   wifi
 

docs/features/wired-mesh.rst

@@ -20,7 +20,7 @@ Wired mesh encapsulation
 
 Since version 2018.1, Gluon supports encapsulating wired mesh traffic in
 `VXLAN <https://en.wikipedia.org/wiki/Virtual_Extensible_LAN>`_, a new standard with
-usecases similar to VLANs, but a much greater ID space of 24bit; in addition, VXLAN
+use cases similar to VLANs, but a much greater ID space of 24bit; in addition, VXLAN
 packets pass through VLAN-aware switches without any special configuration.
 
 Encapsulating mesh traffic has two advantages:

docs/index.rst

@@ -1,8 +1,8 @@
 Welcome to Gluon
 ================
 
-Gluon is a modular framework for creating OpenWrt-based firmwares for wireless mesh nodes.
-Several Freifunk communities in Germany use Gluon as the foundation of their Freifunk firmwares.
+Gluon is a modular framework for creating OpenWrt-based firmware images for wireless mesh nodes.
+Several Freifunk communities in Germany use Gluon as the foundation of their Freifunk firmware.
 
 
 .. toctree::
@@ -63,6 +63,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
    package/gluon-ebtables-limit-arp
    package/gluon-ebtables-source-filter
    package/gluon-radv-filterd
+   package/gluon-scheduled-domain-switch
    package/gluon-web-admin
    package/gluon-web-logging
 
@@ -70,6 +71,10 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
    :caption: Releases
    :maxdepth: 1
 
+   releases/v2018.2.4
+   releases/v2018.2.3
+   releases/v2018.2.2
+   releases/v2018.2.1
    releases/v2018.2
    releases/v2018.1.4
    releases/v2018.1.3
@@ -135,6 +140,7 @@ ar71xx-generic
 * AVM
 
   - Fritz!Box 4020 [#avmflash]_
+  - Fritz!WLAN Repeater 300E [#avmflash]_
   - Fritz!WLAN Repeater 450E [#avmflash]_
 
 * Buffalo
@@ -163,7 +169,7 @@ ar71xx-generic
 
 * Netgear
 
-  - WNDR3700 (v1, v2, v5)
+  - WNDR3700 (v1, v2)
   - WNDR3800
   - WNDRMAC (v2)
 
@@ -171,10 +177,6 @@ ar71xx-generic
 
   - Koala [#ath10k]_
 
-* Onion
-
-  - Omega
-
 * OpenMesh
 
   - A40
@@ -194,7 +196,7 @@ ar71xx-generic
   - Archer C5 (v1) [#ath10k]_
   - Archer C59 (v1) [#80211s]_
   - Archer C7 (v2, v4, v5) [#ath10k]_
-  - CPE210 (v1.0, v1.1, v2.0)
+  - CPE210 (v1.0, v1.1, v2.0, v3.0)
   - CPE220 (v1.1)
   - CPE510 (v1.0, v1.1)
   - CPE520 (v1.1)
@@ -221,7 +223,7 @@ ar71xx-generic
   - Loco M2/M5 XW
   - Nanostation M2/M5
   - Nanostation M2/M5 XW
-  - Picostation M2/M5
+  - Picostation M2
   - Rocket M2/M5
   - Rocket M2/M5 Ti
   - Rocket M2/M5 XW
@@ -248,6 +250,10 @@ ar71xx-generic
 ar71xx-nand
 ^^^^^^^^^^^
 
+* Aerohive
+
+  - HiveAP 121
+
 * Netgear
 
   - WNDR3700 (v4)
@@ -282,7 +288,7 @@ ar71xx-tiny
   - TL-WA7210N (v2)
   - TL-WA7510N (v1)
   - TL-WR703N (v1)
-  - TL-WR710N (v1, v2, v2.1)
+  - TL-WR710N (v2)
   - TL-WR740N (v1, v3, v4, v5)
   - TL-WR741N/ND (v1, v2, v4, v5)
   - TL-WR743N/ND (v1, v2)
@@ -302,38 +308,31 @@ brcm2708-bcm2709
 * RaspberryPi 2
 
 
-ipq40xx
-^^^^^^^
+ipq40xx [#80211s]_
+^^^^^^^^^^^^^^^^^^
 
 * AVM
 
-  - FRITZ!Box 4040 [#80211s]_ [#avmflash]_
+  - FRITZ!Box 4040 [#avmflash]_
 
 * GL.iNet
 
-  - GL-B1300 [#80211s]_
+  - GL-B1300
 
 * NETGEAR
 
-  - EX6100v2 [#80211s]_
-  - EX6150v2 [#80211s]_
+  - EX6100v2
+  - EX6150v2
 
 * OpenMesh
 
-  - A42 [#80211s]_
-  - A62 [#80211s]_
+  - A42
+  - A62
 
 * ZyXEL
 
-  - NBG6617 [#80211s]_
-  - WRE6606 [#80211s]_
-
-ipq806x
-^^^^^^^
-
-* TP-Link
-
-  - Archer C2600 [#80211s]_
+  - NBG6617
+  - WRE6606
 
 mpc85xx-generic
 ^^^^^^^^^^^^^^^
@@ -342,14 +341,25 @@ mpc85xx-generic
 
   - TL-WDR4900 (v1)
 
-ramips-mt7620
-^^^^^^^^^^^^^
+mpc85xx-p1020
+^^^^^^^^^^^^^^^
+
+* Aerohive
+
+  - HiveAP 330
+
+ramips-mt7620 [#80211s]_
+^^^^^^^^^^^^^^^^^^^^^^^^
 
 * GL Innovations
 
-  - GL-MT300A [#80211s]_
-  - GL-MT300N [#80211s]_
-  - GL-MT750 [#80211s]_
+  - GL-MT300A
+  - GL-MT300N
+  - GL-MT750
+
+* Nexx
+
+  - WT3020AD/F/H
 
 ramips-mt7621
 ^^^^^^^^^^^^^
@@ -368,28 +378,43 @@ ramips-mt7621
   - WG3526-16M [#80211s]_
   - WG3526-32M [#80211s]_
 
-ramips-mt76x8
-^^^^^^^^^^^^^
+ramips-mt76x8 [#80211s]_
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+* GL.iNet
+
+  - GL-MT300N v2
+
+* NETGEAR
+
+  - R6120
+
+* TP-Link
+
+  - TL-MR3420 v5
+  - TL-WR841N v13
+  - Archer C50 v3
+  - Archer C50 v4
 
 * VoCore
 
-  - VoCore2 [#80211s]_
+  - VoCore2
 
-ramips-rt305x
-^^^^^^^^^^^^^
+ramips-rt305x [#80211s]_
+^^^^^^^^^^^^^^^^^^^^^^^^
 
-* A5-V11 [#80211s]_
+* A5-V11
 
 * D-Link
 
-  - DIR-615 (D1, D2, D3, D4, H1) [#80211s]_
+  - DIR-615 (D1, D2, D3, D4, H1)
 
 * VoCore
 
-  - VoCore (8M, 16M) [#80211s]_
+  - VoCore (8M, 16M)
 
-sunxi
-^^^^^
+sunxi-cortexa7
+^^^^^^^^^^^^^^
 
 * LeMaker
 
@@ -424,15 +449,16 @@ Footnotes
 ^^^^^^^^^
 
 .. [#ath10k]
-  Device uses the ath10k WLAN driver; images are built for 11s by default unless GLUON_WLAN_MESH
-  is set as described in :ref:`getting-started-make-variables`
+  Device uses the ath10k WLAN driver. Images are built for 11s by default unless GLUON_WLAN_MESH
+  is set as described in :ref:`getting-started-make-variables`.
 
 .. [#80211s]
-  Device does not support IBSS; images are built by default unless GLUON_WLAN_MESH
-  is explicitly set to something other than *11s*
+  Device or target does not support IBSS. Images are built by default unless
+  GLUON_WLAN_MESH is explicitly set to something other than *11s*. Targets that
+  are affected as a whole may not be selected for build in this case.
 
 .. [#avmflash]
-  For instructions on how to flash AVM devices, visit https://www.fritzfla.sh
+  For instructions on how to flash AVM devices, visit https://fritzfla.sh
 
 License
 -------

docs/package/gluon-config-mode-domain-select.rst

@@ -5,7 +5,7 @@ the node will be placed in. If the selection has changed the upgrade scripts in
 ``/lib/gluon/upgrade/`` are triggered to update the nodes configuration.
 
 Hiding domains could be useful for default or testing domains, which should not
-be accidentally selected by a node operater.
+be accidentally selected by a node operator.
 
 domains/\*.conf
 ---------------

docs/package/gluon-radv-filterd.rst

@@ -11,7 +11,7 @@ Selected router
 ---------------
 
 The router selection mechanism is independent from the batman-adv gateway mode.
-In contrast, the device originating the router advertisment could be any router
+In contrast, the device originating the router advertisement could be any router
 or client connected to the mesh, as radv-filterd captures all router
 advertisements originating  from it. All nodes announcing router advertisement
 **with** a default lifetime greater than 0 are being considered as candidates.

docs/package/gluon-scheduled-domain-switch.rst

@@ -0,0 +1,38 @@
+gluon-scheduled-domain-switch
+=============================
+
+This package allows to switch a routers domain at a given point
+in time. This is needed for switching between incompatible transport
+protocols (e.g. 802.11s and IBSS or VXLAN).
+
+Nodes will switch when the defined *switch-time* has passed. In case the node was
+powered off while this was supposed to happen, it might not be able to acquire the
+correct time. In this case, the node will switch after it has not seen any gateway
+for a given period of time.
+
+site.conf
+---------
+All those settings have to be defined exclusively in the domain, not the site.
+
+domain_switch : optional (needed for domains to switch)
+    target_domain :
+        - target domain to switch to
+    switch_after_offline_mins :
+        - amount of time without reachable gateway to switch unconditionally
+    switch_time :
+        - UNIX epoch after which domain will be switched
+    connection_check_targets :
+        - array of IPv6 addresses which are probed to determine if the node is
+	  connected to the mesh
+
+Example::
+
+  domain_switch = {
+    target_domain = 'new_domain',
+    switch_after_offline_mins = 120,
+    switch_time = 1546344000, -- 01.01.2019 - 12:00 UTC
+    connection_check_targets = {
+      '2001:4860:4860::8888',
+      '2001:4860:4860::8844',
+    },
+  },

docs/package/gluon-web-admin.rst

@@ -3,7 +3,7 @@ gluon-web-admin
 
 This package allows the user to set options like the password for ssh access
 within config mode. You can define in your ``site.conf`` whether it should be
-possible to access the nodes via ssh with a password or not and what the mimimum
+possible to access the nodes via ssh with a password or not and what the minimum
 password length must be.
 
 site.conf

docs/releases/v2014.3.rst

@@ -31,7 +31,7 @@ and slowly increase to 1 until ``PRIORITY`` days have passed. From then, the pro
 be configured in ``site.conf``. If the autoupdater is unable to determine the correct time, it will fall back to
 a behavior similar to the old implementation (i.e. hourly update attempts).
 
-Seperation of announced data
+Separation of announced data
 ----------------------------
 The data announced by alfred has been split into two data types:
 
@@ -73,7 +73,7 @@ which allows simple configuration of batman-adv on the WAN interface.
 
 Site validators
 ---------------
-The content of the ``site.conf`` is now validated when the images are built to make it less likely to accidentially
+The content of the ``site.conf`` is now validated when the images are built to make it less likely to accidentally
 build broken images.
 
 gluon-firewall

docs/releases/v2014.4.rst

@@ -43,7 +43,7 @@ See the *Site changes* section for details.
 
 Experimental support for batman-adv compat 15
 ---------------------------------------------
-As batman-adv has broken compatiblity starting with batman-adv 2014.0
+As batman-adv has broken compatibility starting with batman-adv 2014.0
 (bumping the "compat level" to 15), Gluon users must decide which
 batman-adv version to use. The package for the old batman-adv version
 ``gluon-mesh-batman-adv`` has been renamed to ``gluon-mesh-batman-adv-14``,

docs/releases/v2015.1.2.rst

@@ -24,7 +24,7 @@ Bugfixes
 ~~~~~~~~
 
 * Fix download of OpenSSL during build because of broken OpenSSL download servers (again...)
-* Fix another ABI incompatiblity with the upstream kernel modules which prevented loading some filesystem-related modules
+* Fix another ABI incompatibility with the upstream kernel modules which prevented loading some filesystem-related modules
 * Fix potential MAC address conflicts on x86 target when using mesh-on-wan/lan
 * Fix signal strength indicators on TP-LINK CPE210/510
 * Fix the model name string on some NETGEAR WNDR3700v2

docs/releases/v2015.1.rst

@@ -82,7 +82,7 @@ All config and expert mode modules contain both English and German texts now. Th
 locale should always be enabled in ``site.mk`` (as English is the fallback language),
 German can be enabled in addition using the ``GLUON_LANGS`` setting.
 
-The language shown is autmatically determined from the headers sent by the user's
+The language shown is automatically determined from the headers sent by the user's
 browser.
 
 Mesh-on-LAN
@@ -106,7 +106,7 @@ the WLAN adapters' transmission power can be changed in this package.
 fastd "performance mode"
 ^^^^^^^^^^^^^^^^^^^^^^^^
 The new package `gluon-luci-mesh-vpn-fastd` allows the user to switch between the `security` and
-`performance` VPN settions. In `performance mode`, the method `null` will be prepended to the
+`performance` VPN sections. In `performance mode`, the method `null` will be prepended to the
 method list.
 
 The new option ``configurable`` in the ``fastd_mesh_vpn`` section of ``site.conf`` must be set to `true`
@@ -131,7 +131,7 @@ ffmap backend has been adjusted accordingly.
 Nested peer groups
 ^^^^^^^^^^^^^^^^^^
 Nested peer groups for the `fastd-mesh-vpn-fastd` package can now be configured in ``site.conf``,
-each with its own peer limit. This allows to add additional constaints, for example to connect
+each with its own peer limit. This allows to add additional constraints, for example to connect
 to 2 peers altogether, but only 1 peer in each data center.
 
 Autoupdater manual branch override

docs/releases/v2016.1.1.rst

@@ -19,8 +19,8 @@ Build
 
 Don't overwrite the opkg repository key on each build.
 
-AirOS 5.6.x compatiblity
-^^^^^^^^^^^^^^^^^^^^^^^^
+AirOS 5.6.x compatibility
+^^^^^^^^^^^^^^^^^^^^^^^^^
 
 Downgrading to AirOS 5.5.x before flashing Gluon on Airmax M XM/XW devices
 (NanoStation, Bullet, ...) is not necessary anymore.
@@ -28,9 +28,9 @@ Downgrading to AirOS 5.5.x before flashing Gluon on Airmax M XM/XW devices
 Status page
 ^^^^^^^^^^^
 
-* Fix purging of disappered neighbours from the list
+* Fix purging of disappeared neighbours from the list
 * Don't clear the signal graphs when scrolling in mobile browsers
-* Improve browser compability (don't assume the Internationalization API is available,
+* Improve browser compatibility (don't assume the Internationalization API is available,
   fixes the display of numbers in Firefox for Android)
 
 Config mode
@@ -53,7 +53,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd/announced API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.1.2.rst

@@ -22,7 +22,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.1.3.rst

@@ -27,7 +27,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.1.4.rst

@@ -30,7 +30,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.1.5.rst

@@ -59,7 +59,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.1.6.rst

@@ -48,7 +48,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.1.rst

@@ -54,7 +54,7 @@ New features
 Kernel module opkg repository
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-We've not been able to keep ABI compatiblity with the kernel of the official OpenWrt images.
+We've not been able to keep ABI compatibility with the kernel of the official OpenWrt images.
 Therefore, Gluon now generates an opkg repository with modules itself.
 
 The repository can be found at `output/modules/` by default, the image output directory has
@@ -269,7 +269,7 @@ Known Issues
 * batman-adv causes stability issues for both alfred and respondd/announced (`#177 <https://github.com/freifunk-gluon/gluon/issues/177>`_)
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd/announced API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.2.1.rst

@@ -45,7 +45,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.2.2.rst

@@ -71,7 +71,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.2.3.rst

@@ -55,7 +55,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.2.4.rst

@@ -48,7 +48,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.2.5.rst

@@ -29,7 +29,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.2.6.rst

@@ -50,7 +50,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.2.7.rst

@@ -24,7 +24,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2016.2.rst

@@ -172,7 +172,7 @@ Known Issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2017.1.1.rst

@@ -34,7 +34,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2017.1.2.rst

@@ -71,7 +71,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2017.1.3.rst

@@ -14,7 +14,7 @@ Bugfixes
   CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495 and
   2017-CVE-14496
 
-  While many of the most severe (remote code execution) vulnarabilities are in
+  While many of the most severe (remote code execution) vulnerabilities are in
   the DHCP component of dnsmasq, which is not active on a Gluon node unless in
   Config Mode, CVE-2017-14491 does affect us. An attacker can cause memory
   corruption and possibly remote code execution by deploying a malicious DNS
@@ -26,7 +26,7 @@ Bugfixes
   of the Gluon build, including tcpdump, curl and mbedtls
 
   Please refer to the
-  `LEDE commit log <https://git.openwrt.org/?p=source.git;a=shortlog;h=refs/heads/lede-17.01>`_
+  `LEDE commit log <https://git.openwrt.org/?p=openwrt/openwrt.git;a=shortlog;h=refs/heads/lede-17.01>`_
   for details.
 
 * Filtering of multicast packets between the mesh and the *local-node* interface
@@ -52,7 +52,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2017.1.4.rst

@@ -43,7 +43,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2017.1.5.rst

@@ -41,7 +41,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2017.1.6.rst

@@ -81,7 +81,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2017.1.7.rst

@@ -24,7 +24,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2017.1.8.rst

@@ -36,7 +36,7 @@ Bugfixes
   and a number of other minor issues)
 
   The listed bugs could lead to high rates of batman-adv management traffic
-  (causing considerable load), trigger warnings about packet checksum failues
+  (causing considerable load), trigger warnings about packet checksum failures
   in certain non-standard interface configurations, and possibly other issues.
 
 
@@ -61,7 +61,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2017.1.rst

@@ -71,7 +71,7 @@ x86-generic
 ^^^^^^^^^^^
 
 The *x86-kvm* and *x86-xen_domu* targets have been removed; the *x86-generic*
-images now support these usecases as well, so no separate targets are needed
+images now support these use cases as well, so no separate targets are needed
 anymore.
 
 x86-geode
@@ -225,7 +225,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2018.1.1.rst

@@ -40,7 +40,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2018.1.2.rst

@@ -46,7 +46,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2018.1.3.rst

@@ -17,7 +17,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2018.1.4.rst

@@ -18,7 +18,7 @@ Bugfixes
 * Fix unintended difference between autoupdater version comparison and dpkg/opkg
 
   Alphanumeric characters were considered less than end-of-string, when the
-  intended bahaviour (as implemented by dpkg and opkg) is that only ``~`` is
+  intended behaviour (as implemented by dpkg and opkg) is that only ``~`` is
   less than end-of-string. This broke relations like the following:
 
   * ``1.0`` < ``1.0a``
@@ -35,7 +35,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2018.1.rst

@@ -150,7 +150,7 @@ anymore.
 Filtering IGMP/MLD queries directed towards the mesh ensures that each node becomes the multicast querier
 for its own clients (unless there are other multicast-aware switches connected to the node), rather
 than electing a single, basically arbitrary node in the mesh to become the querier. Overall,
-this should significantly improve the reliablity of multicast in the mesh. This is especially
+this should significantly improve the reliability of multicast in the mesh. This is especially
 important for IPv6, as the IPv6 Neighbour Discovery Protocol (NDP) is based on local multicast.
 
 See also the documentation of the :ref:`site.conf mesh section <user-site-mesh>`.
@@ -176,7 +176,7 @@ Public key in respondd data (optional)
 ======================================
 
 If desired, the fastd public key of a node can be included in the respondd nodeinfo data,
-faciliating the correlations of VPN peers and nodes. As the VPN key is transmitted unencrypted
+facilitating the correlations of VPN peers and nodes. As the VPN key is transmitted unencrypted
 in the fastd handshake, this would theoretically allow an ISP to determine which nodes
 are operated behind which internet line. Therefore, this feature must be enabled explicitly
 by setting *mesh_vpn.pubkey_privacy* to ``false`` in *site.conf*.
@@ -389,7 +389,7 @@ Known issues
 
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
-  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
 

docs/releases/v2018.2.1.rst

@@ -0,0 +1,132 @@
+Gluon 2018.2.1
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* AVM
+
+  - Fritz!WLAN Repeater 300E
+
+ramips-mt7620
+^^^^^^^^^^^^^
+
+* Nexx
+
+  - WT3020AD/F/H [#noibss]_
+
+ramips-mt76x8
+^^^^^^^^^^^^^
+
+* Gl.iNet
+
+  - MT300N (v2) [#noibss]_
+
+* Netgear
+
+  - R6120 [#noibss]_
+
+* TP-Link
+
+  - Archer C50 (v3, v4) [#noibss]_
+  - TL-WR841N (v13) [#noibss]_
+
+.. [#noibss]
+  Device or target does not support AP+IBSS mode: This device or target will not be built
+  when *GLUON_WLAN_MESH* is set to ``ibss``.
+
+Bugfixes
+~~~~~~~~
+
+* Fixes a bug in the batman-adv respondd module that caused duplicate
+  IPv6 addresses in nodeinfo replies (`#1615 <https://github.com/freifunk-gluon/gluon/issues/1615>`_)
+
+  This was visible on the status page and several map implementations.
+  The new implementation uses netlink instead of parsing `/proc/net/if_inet6`.
+
+* Fixes a localization issue in gluon-config-mode-geo-location which 
+  resulted in a partial translation of the wizard's location section
+  text. (`#1611 <https://github.com/freifunk-gluon/gluon/issues/1611>`_)
+
+* Fixes the display of the improved memory usage estimation in gluon-status-page
+
+  This change was actually already merged in time for v2018.2 but the 
+  JavaScript was not rebuilt.
+
+* Fixes automatic updates for several devices by adding and updating 
+  the autoupdater image names
+
+  This affects the following devices:
+
+  * GL.iNet GL-AR150, 
+  * GL.iNet GL-AR300M
+  * GL.iNet GL-AR750
+  * Raspberry Pi Model B+ Rev 1.2
+
+* Fixes the primary MAC address selection for Unifi AC 
+  Lite/Mesh/Pro/Mesh Pro (`#1629 <https://github.com/freifunk-gluon/gluon/issues/1629>`_)
+
+* Fixes low data rate selection for multicast and management frames on
+  ath10k and ath10k-ct (`#1644 <https://github.com/freifunk-gluon/gluon/pull/1644>`_)
+
+  A patchset has been backported that notifies these drivers of requested data rate changes
+
+* Fixes the data rate selection in ath10k and ath10k-ct when no 
+  `mcast_rate` is configured (`#1657 <https://github.com/freifunk-gluon/gluon/pull/1657>`_)
+
+  Previously a missing mcast_rate could result in broken 5 GHz connectivity
+
+New features
+~~~~~~~~~~~~
+
+Scheduled domain switch
+^^^^^^^^^^^^^^^^^^^^^^^
+
+Gluon has support for multiple domains since its v2018.1 release.
+The scheduled domain switch allows for reliable migrations between 
+domains at a preconfigured time.
+This can be useful for communities that, among other things, plan to
+
+  * migrate between IBSS and 802.11s
+  * activate VXLAN encapsulation on wired mesh links
+
+Improved frequency band distribution of dual-band radios
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+A new algorithm that improves the distribution of dual-band radios was
+added. They will now be evenly distributed between the 2.4 and 5 GHz
+band, with a preference towards 2.4 GHz. 
+
+If a device has only a single dual-band radio, like the AVM FRITZ!WLAN
+Repeater 300E, it will be configured for 2.4 GHz.
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are
+  unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is
+  disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected
+  (like VMware when promiscuous mode is disallowed).
+
+* Inconsistent respondd API
+  (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API
+  will still be supported for a while.
+
+* Frequent reboots due to out-of-memory or high load due to memory pressure on
+  weak hardware specially in larger meshes
+  (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
+
+  Optimizations in Gluon 2018.1 have significantly improved memory usage.
+  There are still known bugs leading to unreasonably high load that we hope to
+  solve in future releases.

docs/releases/v2018.2.2.rst

@@ -0,0 +1,69 @@
+Gluon 2018.2.2
+==============
+
+Removed hardware support
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+Support for the Onion Omega has been removed since the device does not
+have an ethernet port, and even with the ethernet shield connected the
+interface would not have been configured.
+
+Bugfixes
+~~~~~~~~
+
+* Fixes vulnerabilities that allowed for remote crashes and denial of service attacks through the Linux kernels
+  TCP selective acknowledgement implementation. (CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479)
+
+* Fixes a bug in the image generation for the Netgear R6120 where the OverlayFS might not be created on boot as
+  the JFFS2 end-of-filesystem marker was omitted by the vendor firmware. This resulted in the router not being
+  able to save its configuration and seemingly "being stuck" in config-mode. (`#1722 <https://github.com/freifunk-gluon/gluon/pull/1722>`_)
+
+* Fixes oddities in the calculation of non-wireless clients published through respondd on batman-adv networks.
+  Previously both the kernel wifi layer and batman-adv were consulted, which led to issues because they use 
+  different timeout values. (`#1676 <https://github.com/freifunk-gluon/gluon/pull/1676>`_)
+
+* Fixes doubled batman-adv management overhead, introduced with Gluon v2017.1. A timer in batman-adv was
+  wrongly started twice, resulting in each node emitting not one but two OGMs from the same originator per 5 seconds.
+  (`#1446 <https://github.com/freifunk-gluon/gluon/issues/1446>`_)
+
+* Fixes an issue, where services provided by a node (such as DNS resolver or status-page)
+  might become unavailable due to other misbehaving nodes on the same layer 2 segment.
+  (`#1659 <https://github.com/freifunk-gluon/gluon/issues/1659>`_)
+
+* Fixes traffic shaping not working correctly when using tunneldigger, as well as the migration between fastd 
+  and tunneldigger (`#1736 <https://github.com/freifunk-gluon/gluon/issues/1736>`_)
+
+
+Other changes
+~~~~~~~~~~~~~
+
+* Linux kernel has been updated to 4.9.182 or 4.14.128, depending on the target
+
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are
+  unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is
+  disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected
+  (like VMware when promiscuous mode is disallowed).
+
+* Inconsistent respondd API
+  (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API
+  will still be supported for a while.
+
+* Frequent reboots due to out-of-memory or high load due to memory pressure on
+  weak hardware specially in larger meshes
+  (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
+
+  Optimizations in Gluon 2018.1 have significantly improved memory usage.
+  There are still known bugs leading to unreasonably high load that we hope to
+  solve in future releases.

docs/releases/v2018.2.3.rst

@@ -0,0 +1,89 @@
+Gluon 2018.2.3
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* TP-Link
+
+  - CPE210 v3
+  
+ar71xx-nand
+^^^^^^^^^^^
+
+* Aerohive
+
+  - HiveAP 121
+
+mcp85xx-p1020
+^^^^^^^^^^^^^
+
+* Aerohive
+
+  - HiveAP 330
+
+ramips-mt76x8
+^^^^^^^^^^^^^
+
+* TP-Link
+
+  - TL-MR3420 v5 [#noibss]_
+  
+.. [#noibss]
+  Device or target does not support AP+IBSS mode: This device or target will not be built
+  when *GLUON_WLAN_MESH* is set to ``ibss``.
+
+
+Bugfixes
+~~~~~~~~
+
+* Fixes passwordless SSH access when gluon-authorized-keys was used without gluon-setup-mode. (`#1777 <https://github.com/freifunk-gluon/gluon/issues/1777>`_)
+
+* Fixes ingress traffic shaping. A necessary kernel config value was not set. (`#1790 <https://github.com/freifunk-gluon/gluon/issues/1790>`_)
+
+* Fixes the generation of the bootloader image for the AVM FRITZ!Box 4040. (`#1766 <https://github.com/freifunk-gluon/gluon/issues/1766>`_)
+
+* Fixes the IBSS mesh on the GL.iNet AR750. The wrong driver/firmware package was previously selected. (`#1792 <https://github.com/freifunk-gluon/gluon/pull/1792>`_)
+
+* Fixes the primary mac selection on the TP-Link Archer C25 v1. (`#1771 <https://github.com/freifunk-gluon/gluon/issues/1771>`_)
+
+
+Other changes
+~~~~~~~~~~~~~
+
+* Linux kernel has been updated to either
+  
+  - 4.9.188 (ar71xx, brcm2708, mpc85xx) or
+  - 4.14.137 (ipq40xx, ipq806x, mvebu, ramips, sunxi, x86).
+
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are
+  unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is
+  disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected
+  (like VMware when promiscuous mode is disallowed).
+
+* Inconsistent respondd API
+  (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API
+  will still be supported for a while.
+
+* Frequent reboots due to out-of-memory or high load due to memory pressure on
+  weak hardware especially in larger meshes
+  (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
+
+  Optimizations in Gluon 2018.1 have significantly improved memory usage.
+  There are still known bugs leading to unreasonably high load that we hope to
+  solve in future releases.

docs/releases/v2018.2.4.rst

@@ -0,0 +1,53 @@
+Gluon 2018.2.4
+==============
+
+End of life
+~~~~~~~~~~~~~~
+
+This will be the final release of the v2018.2.x series. Updating to the v2019.1.x release series is the recommended course of action, which should be fairly easy.
+
+Bugfixes
+~~~~~~~~
+
+* Fixes device alias for Ubiquiti UniFi AC LR. (`#1834 <https://github.com/freifunk-gluon/gluon/issues/1834>`_)
+  Autoupdates on this model were impossible before, since we were missing the proper device alias.
+
+* Add correct ath10k firmware package for OCEDO Koala. (`#1838 <https://github.com/freifunk-gluon/gluon/pull/1838>`_)
+
+* Fixes various batman-adv bugs with backports from 2019.4 and 2019.5 by updating the openwrt-routing packages feed
+
+Other changes
+~~~~~~~~~~~~~
+
+* Linux kernel has been updated to either
+  
+  - 4.9.207 (ar71xx, brcm2708, mpc85xx) or
+  - 4.14.160 (ipq40xx, ipq806x, mvebu, ramips, sunxi, x86).
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are
+  unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is
+  disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected
+  (like VMware when promiscuous mode is disallowed).
+
+* Inconsistent respondd API
+  (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API
+  will still be supported for a while.
+
+* Frequent reboots due to out-of-memory or high load due to memory pressure on
+  weak hardware especially in larger meshes
+  (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
+
+  Optimizations in Gluon 2018.1 have significantly improved memory usage.
+  There are still known bugs leading to unreasonably high load that we hope to
+  solve in future releases.

docs/releases/v2018.2.rst

@@ -81,6 +81,12 @@ ramips-mt7621 [#noibss]_
   AP+IBSS mode unsupported: This target is not built when *GLUON_WLAN_MESH* is
   set to ``ibss``.
 
+.. note::
+
+    The *ramips-mt7628* target has been renamed to *ramips-mt76x8*, and the *sunxi*
+    target has been renamed to *sunxi-cortexa7*. You might have to update your build
+    scripts accordingly.
+
 New features
 ************
 
@@ -90,10 +96,11 @@ following larger new features:
 OpenStreetMap-based map in config wizard
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-When the features *web-wizard* and *web-osm* are enabled, the configuration
-wizard will try to load an OSM-based map to allow the user to specify the node
-location. Loading the map requires a working internet connection, for example
-via WLAN (while connected to the Gluon node via Ethernet).
+When the feature *config-mode-geo-location-osm* (package
+*gluon-config-mode-geo-location-osm*) is enabled, the configuration wizard will
+try to load an OSM-based map to allow the user to specify the node location.
+Loading the map requires a working internet connection, for example via WLAN
+(while connected to the Gluon node via Ethernet).
 
 See the :ref:`config_mode <user-site-config_mode>` section for the *site.conf*
 configuration of this feature.
@@ -120,8 +127,12 @@ adding ``-gluon-ebtables-limit-arp`` to *GLUON_SITE_PACKAGES*.
 Site changes
 ************
 
-No changes need to be made to *site.conf* or *site.mk* when upgrading from
-Gluon v2018.1.x.
+If an opkg repository for ``lede`` was configured the key needs to be migrated
+to ``openwrt``. ``lede`` is ignored and without an ``openwrt`` key the default
+OpenWrt repository is used.
+
+No other changes need to be made to *site.conf* or *site.mk* when upgrading
+from Gluon v2018.1.x.
 
 Internals
 *********
@@ -141,7 +152,7 @@ Known issues
   disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
 
   This may lead to issues in environments where a fixed MAC address is expected
-  (like VMware when promicious mode is disallowed).
+  (like VMware when promiscuous mode is disallowed).
 
 * Inconsistent respondd API
   (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)

docs/site-example/site.conf

@@ -1,4 +1,4 @@
--- This is an example site configuration for Gluon v2018.2
+-- This is an example site configuration for Gluon v2018.2.4
 --
 -- Take a look at the documentation located at
 -- https://gluon.readthedocs.io/ for details.

docs/user/faq.rst

@@ -1,10 +1,20 @@
 Frequently Asked Questions
 ==========================
 
+.. _faq-hardware:
+
+What hardware is supported?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+A table with hardware supported by Gluon can be found on the `OpenWrt Wiki`_.
+If you want to find out if your device can potentially be supported 
+have a look at :doc:`../dev/hardware` for detailed hardware requirements.
+
+.. _OpenWrt Wiki: https://openwrt.org/toh/views/toh_gluon_supported
+
 .. _faq-dns:
 
-DNS does not work on the nodes
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Why does DNS not work on the nodes?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Gluon nodes will ignore the DNS server on the WAN port for everything except
 the mesh VPN, which can lead to confusion.
@@ -18,8 +28,8 @@ in this case, the *radvd* is only used to announce the DNS server.
 
 .. _faq-mtu:
 
-What is a good MTU on the mesh-vpn
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+What is a good MTU on the mesh-vpn?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 Setting the MTU on the transport interface requires careful consideration, as
 setting it too low will cause excessive fragmentation and setting it too high
@@ -30,7 +40,7 @@ Consider these key values:
 - Payload: Allow for the transport of IPv6 packets, by adhering to the minimum MTU
   of 1280 Byte specified in RFC 2460
   - and configure `MSS clamping`_ accordingly,
-  - and announce your link MTU via Router Advertisments and DHCP
+  - and announce your link MTU via Router Advertisements and DHCP
 
   .. _MSS clamping: https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html
 
@@ -48,7 +58,7 @@ For reference, the complete MTU stack looks like this:
 Minimum MTU
 -----------
 
-Calculcate the minimum transport MTU by adding the encapsulation overhead to the
+Calculate the minimum transport MTU by adding the encapsulation overhead to the
 minimum payload MTU required. This is the lowest recommended value, since going
 lower would cause unnecessary fragmentation for clients which respect the announced
 link MTU.

docs/user/getting_started.rst

@@ -8,7 +8,7 @@ Gluon's releases are managed using `Git tags`_. If you are just getting
 started with Gluon we recommend to use the latest stable release of Gluon.
 
 Take a look at the `list of gluon releases`_ and notice the latest release,
-e.g. *v2018.2*. Always get Gluon using git and don't try to download it
+e.g. *v2018.2.4*. Always get Gluon using git and don't try to download it
 as a Zip archive as the archive will be missing version information.
 
 Please keep in mind that there is no "default Gluon" build; a site configuration
@@ -44,7 +44,7 @@ Building the images
 -------------------
 
 To build Gluon, first check out the repository. Replace *RELEASE* with the
-version you'd like to checkout, e.g. *v2018.2*.
+version you'd like to checkout, e.g. *v2018.2.4*.
 
 ::
 
@@ -86,11 +86,20 @@ Next go back to the top-level Gluon directory and build Gluon::
     make update                        # Get other repositories used by Gluon
     make GLUON_TARGET=ar71xx-generic   # Build Gluon
 
-In case of errors read the messages carefully and try to fix the stated issues (e.g. install tools not available yet).
+In case of errors read the messages carefully and try to fix the stated issues
+(e.g. install missing tools not available or look for Troubleshooting_ in the wiki.
+
+.. _Troubleshooting: https://github.com/freifunk-gluon/gluon/wiki/Troubleshooting
 
 ``ar71xx-generic`` is the most common target and will generate images for most of the supported hardware.
 To see a complete list of supported targets, call ``make`` without setting ``GLUON_TARGET``.
 
+To build all targets use a loop like this:
+
+    for TARGET in $(make list-targets); do
+      make GLUON_TARGET=$TARGET
+    done
+
 You should generally reserve 5GB of disk space and additionally about 10GB for each `GLUON_TARGET`.
 
 The built images can be found in the directory `output/images`. Of these, the `factory`
@@ -172,7 +181,7 @@ GLUON_PRIORITY
 GLUON_REGION
   Some devices (at the moment the TP-Link Archer C7) contain a region code that restricts
   firmware installations. Set GLUON_REGION to ``eu`` or ``us`` to make the resulting
-  images installable from the respective stock firmwares.
+  images installable from the respective stock firmware.
 
 GLUON_RELEASE
   Firmware release number: This string is displayed in the config mode, announced
@@ -186,9 +195,6 @@ GLUON_TARGET
 Special variables
 .................
 
-GLUON_BUILDDIR
-  Working directory during build. Defaults to ``build``.
-
 GLUON_IMAGEDIR
   Path where images will be stored. Defaults to ``$(GLUON_OUTPUTDIR)/images``.
 

docs/user/site.rst

@@ -24,7 +24,7 @@ site_code
 domain_seed
     32 bytes of random data, encoded in hexadecimal, used to seed other random
     values specific to the mesh domain. It must be the same for all nodes of one
-    mesh, but should be different for firmwares that are not supposed to mesh with
+    mesh, but should be different for firmware that is not supposed to mesh with
     each other.
 
     The recommended way to generate a value for a new site is:
@@ -69,7 +69,7 @@ timezone
       -- Europe/Berlin
       timezone = 'CET-1CEST,M3.5.0,M10.5.0/3'
 
-ntp_server
+ntp_servers
     List of NTP servers available in your community or used by your community, e.g.:
     ::
 
@@ -152,7 +152,7 @@ wifi24 \: optional
     don't want users to connect to this mesh-SSID, so use a cryptic id that no
     one will accidentally mistake for the client WiFi.
 
-    ``ibss`` requires two parametersr: ``ssid`` (a string) and ``bssid`` (a MAC).
+    ``ibss`` requires two parameters: ``ssid`` (a string) and ``bssid`` (a MAC).
     An optional parameter ``vlan`` (integer) is supported.
 
     Both ``mesh`` and ``ibss`` accept an optional ``mcast_rate`` (kbit/s) parameter for
@@ -247,7 +247,7 @@ mesh
       throughput is at least 1500 kbit/s faster than the throughput of the
       currently selected gateway. 
 
-    For details on determining the threshhold, when to switch to a new gateway,
+    For details on determining the threshold, when to switch to a new gateway,
     see `batctl manpage`_, section "gw_mode".
     
     .. _batctl manpage: https://www.open-mesh.org/projects/batman-adv/wiki/Gateways
@@ -546,7 +546,7 @@ Feature flags
 
 With the addition of more and more features that interact in complex ways, it
 has become necessary to split certain packages into multiple parts, so it is
-possible to install just what is needed for a specific usecase. One example
+possible to install just what is needed for a specific use case. One example
 is the package *gluon-status-page-mesh-batman-adv*: There are batman-adv-specific
 status page components; they should only be installed when both batman-adv and
 the status page are enabled, making the addition of a specific package for this
@@ -661,7 +661,7 @@ Site modules
 The file ``modules`` in the site repository is completely optional and can be used
 to supply additional package feeds from which packages are built. The git repositories
 specified here are retrieved in addition to the default feeds when ``make update``
-it called.
+is called.
 
 This file's format is very similar to the toplevel ``modules`` file of the Gluon
 tree, with the important different that the list of feeds must be assigned to

docs/user/x86.rst

@@ -19,8 +19,8 @@ The following targets for x86 images exist:
     * `virtualbox` (VDI image)
     * `vmware` (VMDK image)
 
-    These images only differ in the image file format, the content is the same. Therefore there is
-    only a single `x86-generic` sysupgrade image instead of three.
+    These images differ in the image file format, the content is the same. Therefore
+    a single `x86-generic` sysupgrade image is provided, only.
 
 `x86-geode`
     x86 image for Geode CPUs.

modules

@@ -2,19 +2,20 @@ GLUON_FEEDS='packages routing luci gluon'
 
 OPENWRT_REPO=https://git.openwrt.org/openwrt/openwrt.git
 OPENWRT_BRANCH=openwrt-18.06
-OPENWRT_COMMIT=eef6bd3393f406f73187a670fa34d5e6a228f9e8
+OPENWRT_COMMIT=6bfde6758188fe4a19f506edfc21ece15c4a8c77
 
 PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git
 PACKAGES_PACKAGES_BRANCH=openwrt-18.06
-PACKAGES_PACKAGES_COMMIT=d05b98c6c86da58db5cbda3c945007be09583609
+PACKAGES_PACKAGES_COMMIT=998ef11cb4250309ec69505d9ee4a0f376815dbe
 
 PACKAGES_ROUTING_REPO=https://github.com/openwrt-routing/packages.git
 PACKAGES_ROUTING_BRANCH=openwrt-18.06
-PACKAGES_ROUTING_COMMIT=bc6e7f6903c8237c77131aedfc92dba40e1bc6ac
+PACKAGES_ROUTING_COMMIT=b3125f0d4cf02e4c37c56c4cd7ad82166025efea
 
 PACKAGES_LUCI_REPO=https://github.com/openwrt/luci.git
 PACKAGES_LUCI_BRANCH=openwrt-18.06
 PACKAGES_LUCI_COMMIT=4ba85e3d82b684262c570e38a72d2dc3bb712a13
 
 PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git
-PACKAGES_GLUON_COMMIT=a52d5ced54acfe399b3ac36b33d53034f341f06b
+PACKAGES_GLUON_BRANCH=v2018.2.x
+PACKAGES_GLUON_COMMIT=a0ab6d6e712f9cc736e834ef3a8a5d2b4fc2a708

package/gluon-authorized-keys/Makefile

@@ -7,7 +7,7 @@ include ../gluon.mk
 
 define Package/gluon-authorized-keys
   TITLE:=Fill /etc/dropbear/authorized_keys from site.conf
-  DEPENDS:=+gluon-core
+  DEPENDS:=+gluon-core +gluon-lock-password
 endef
 
 $(eval $(call BuildPackageGluon,gluon-authorized-keys))

package/gluon-config-mode-geo-location/luasrc/lib/gluon/config-mode/wizard/0400-geo-location.lua

@@ -15,7 +15,7 @@ return function(form, uci)
 	if not text then
 		text = pkg_i18n.translate(
 			'If you want the location of your node to ' ..
-			'be displayed on the map, you can enter its coordinates here.'
+			'be displayed on public maps, you can enter its coordinates here.'
 		)
 		if osm then
 			text = text .. ' ' .. osm.help(i18n)

package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/wizard/0300-mesh-vpn.lua

@@ -24,51 +24,39 @@ return function(form, uci)
 	local o
 
 	local meshvpn = s:option(Flag, "meshvpn", pkg_i18n.translate("Use internet connection (mesh VPN)"))
-	meshvpn.default = uci:get_bool("fastd", "mesh_vpn", "enabled") or uci:get_bool("tunneldigger", "mesh_vpn", "enabled")
+	meshvpn.default = uci:get_bool("gluon", "mesh_vpn", "enabled")
 	function meshvpn:write(data)
-		if has_fastd then
-			uci:set("fastd", "mesh_vpn", "enabled", data)
-		end
-		if has_tunneldigger then
-			uci:set("tunneldigger", "mesh_vpn", "enabled", data)
-		end
+		uci:set("gluon", "mesh_vpn", "enabled", data)
 	end
 
 	local limit = s:option(Flag, "limit_enabled", pkg_i18n.translate("Limit bandwidth"))
 	limit:depends(meshvpn, true)
-	limit.default = uci:get_bool("simple-tc", "mesh_vpn", "enabled")
+	limit.default = uci:get_bool("gluon", "mesh_vpn", "limit_enabled")
 	function limit:write(data)
-		uci:set("simple-tc", "mesh_vpn", "interface")
-		uci:set("simple-tc", "mesh_vpn", "enabled", data)
-		uci:set("simple-tc", "mesh_vpn", "ifname", "mesh-vpn")
-		if not data and has_tunneldigger then
-			uci:delete("tunneldigger", "mesh_vpn", "limit_bw_down")
-		end
+		uci:set("gluon", "mesh_vpn", "limit_enabled", data)
 	end
 
 	o = s:option(Value, "limit_ingress", pkg_i18n.translate("Downstream (kbit/s)"))
 	o:depends(limit, true)
-	if has_tunneldigger then
-		o.default = uci:get("tunneldigger", "mesh_vpn", "limit_bw_down")
-	else
-		o.default = uci:get("simple-tc", "mesh_vpn", "limit_ingress")
-	end
+	o.default = uci:get("gluon", "mesh_vpn", "limit_ingress")
 	o.datatype = "uinteger"
 	function o:write(data)
-		if has_tunneldigger then
-			uci:set("tunneldigger", "mesh_vpn", "limit_bw_down", data)
-		else
-			uci:set("simple-tc", "mesh_vpn", "limit_ingress", data)
-		end
+		uci:set("gluon", "mesh_vpn", "limit_ingress", data)
 	end
 
 	o = s:option(Value, "limit_egress", pkg_i18n.translate("Upstream (kbit/s)"))
 	o:depends(limit, true)
-	o.default = uci:get("simple-tc", "mesh_vpn", "limit_egress")
+	o.default = uci:get("gluon", "mesh_vpn", "limit_egress")
 	o.datatype = "uinteger"
 	function o:write(data)
-		uci:set("simple-tc", "mesh_vpn", "limit_egress", data)
+		uci:set("gluon", "mesh_vpn", "limit_egress", data)
 	end
 
-	return {'fastd', 'tunneldigger', 'simple-tc'}
+	function s:handle()
+		Section.handle(s)
+		uci:save('gluon')
+		os.execute('exec /lib/gluon/mesh-vpn/update-config')
+	end
+
+	return {'gluon', 'fastd', 'tunneldigger', 'simple-tc'}
 end

package/gluon-core/Config.in

@@ -50,6 +50,10 @@ config KERNEL_NET_CLS_ACT
 	bool
 	select KERNEL_NET_CLS
 
+config KERNEL_NET_ACT_POLICE
+	bool
+	select KERNEL_NET_CLS_ACT
+
 config KERNEL_NET_CLS_BASIC
 	bool
 	select KERNEL_NET_CLS

package/gluon-core/check_site.lua

@@ -3,15 +3,6 @@ need_string(in_site({'site_name'}))
 
 -- this_domain() returns nil when multidomain support is disabled
 if this_domain() then
-	function need_domain_name(path)
-		need_string(path)
-		need(path, function(default_domain)
-			local f = io.open(os.getenv('IPKG_INSTROOT') .. '/lib/gluon/domains/' .. default_domain .. '.json')
-			if not f then return false end
-			f:close()
-			return true
-		end, nil, 'be a valid domain name')
-	end
 	need_domain_name(in_site({'default_domain'}))
 
 	need_table(in_domain({'domain_names'}), function(domain)

package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac

@@ -26,10 +26,11 @@ end
 if platform.match('ar71xx', 'generic', {'tl-wdr3600', 'tl-wdr4300',
                                         'tl-wr902ac-v1'}) then
   table.insert(try_files, 1, '/sys/class/ieee80211/phy1/macaddress')
-elseif platform.match('ramips', 'mt7621', {'dir-860l-b1'}) then
-  table.insert(try_files, 1, '/sys/class/ieee80211/phy1/macaddress')
-elseif platform.match('ar71xx', 'generic', {'unifi-outdoor-plus', 'carambola2',
-                                            'a40', 'a60', 'koala',
+elseif platform.match('ar71xx', 'generic', {'a40', 'a60',
+                                            'archer-c25-v1',
+                                            'archer-c7-v4', 'archer-c7-v5',
+                                            'carambola2',
+                                            'koala',
                                             'mr600', 'mr600v2',
                                             'mr900', 'mr900v2',
                                             'mr1750', 'mr1750v2',
@@ -39,15 +40,22 @@ elseif platform.match('ar71xx', 'generic', {'unifi-outdoor-plus', 'carambola2',
                                             'om2p-lc',
                                             'om5p', 'om5p-an',
                                             'om5p-ac', 'om5p-acv2',
-                                            'archer-c7-v4', 'archer-c7-v5'}) then
+                                            'unifi-outdoor-plus',
+                                            'unifiac-lite', 'unifiac-pro'}) then
   table.insert(try_files, 1, '/sys/class/net/eth0/address')
 elseif platform.match('ar71xx', 'generic', {'archer-c5', 'archer-c58-v1',
                                             'archer-c59-v1', 'archer-c60-v1',
                                             'archer-c7'}) then
   table.insert(try_files, 1, '/sys/class/net/eth1/address')
+elseif platform.match('ar71xx', 'nand', {'hiveap-121'}) then
+  table.insert(try_files, 1, '/sys/class/net/eth0/address')
 elseif platform.match('ipq40xx', nil, {'avm,fritzbox-4040',
                                        'openmesh,a42', 'openmesh,a62'}) then
   table.insert(try_files, 1, '/sys/class/net/eth0/address')
+elseif platform.match('mpc85xx', 'p1020', {'aerohive,hiveap-330'}) then
+  table.insert(try_files, 1, '/sys/class/net/eth0/address')
+elseif platform.match('ramips', 'mt7621', {'dir-860l-b1'}) then
+  table.insert(try_files, 1, '/sys/class/ieee80211/phy1/macaddress')
 end
 
 

package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless

@@ -10,6 +10,43 @@ local uci = require('simple-uci').cursor()
 -- Initial
 if not sysconfig.gluon_version then
 	uci:delete_all('wireless', 'wifi-iface')
+
+	-- First count all radios with a fixed frequency band.
+	-- This is needed to distribute devices which have radios
+	-- capable of operating in the 2.4 GHz and 5 GHz band need
+	-- to be distributed evenly.
+	local radio_band_count = {band24=0, band5=0}
+	util.foreach_radio(uci, function(radio, index, config)
+		local hwmodes = iwinfo.nl80211.hwmodelist(util.find_phy(radio))
+		if (hwmodes.a or hwmodes.ac) and hwmodes.g then
+			-- Dualband - do nothing in this step
+		elseif hwmodes.g then
+			-- 2.4 GHz
+			radio_band_count["band24"] = radio_band_count["band24"] + 1
+		elseif hwmodes.a or hwmodes.ac then
+			-- 5 GHz
+			radio_band_count["band5"] = radio_band_count["band5"] + 1
+		end
+	end)
+
+	-- Use the number of all fixed 2.4G GHz and 5 GHz radios to
+	-- distribute dualband radios in this step.
+	util.foreach_radio(uci, function(radio, index, config)
+		local radio_name = radio['.name']
+		local hwmodes = iwinfo.nl80211.hwmodelist(util.find_phy(radio))
+		if (hwmodes.a or hwmodes.ac) and hwmodes.g then
+			-- Dualband radio
+			if radio_band_count["band24"] <= radio_band_count["band5"] then
+				-- Assign radio to 2.4GHz band
+				radio_band_count["band24"] = radio_band_count["band24"] + 1
+				uci:set('wireless', radio_name, 'hwmode', '11g')
+			else
+				-- Assign radio to 5GHz band
+				radio_band_count["band5"] = radio_band_count["band5"] + 1
+				uci:set('wireless', radio_name, 'hwmode', '11a')
+			end
+		end
+	end)
 end
 
 local function get_channel(radio, config)

package/gluon-core/luasrc/usr/lib/lua/gluon/util.lua

@@ -253,3 +253,12 @@ function foreach_radio(uci, f)
 		end
 	end
 end
+
+function get_uptime()
+	local uptime_file = readfile("/proc/uptime")
+	if uptime_file == nil then
+		-- Something went wrong reading "/proc/uptime"
+		return nil
+	end
+	return tonumber(uptime_file:match('^[^ ]+'))
+end

package/gluon-mesh-batman-adv/files/lib/gluon/ebtables/250-next-node

@@ -7,6 +7,9 @@ local macaddr = client_bridge.next_node_macaddr()
 rule('FORWARD --logical-out br-client -i bat0 -o local-port -j DROP')
 rule('FORWARD --logical-out br-client -i local-port -o bat0 -j DROP')
 
+rule('PREROUTING --logical-in br-client -i bat0 -s ' .. macaddr .. ' -j DROP', 'nat')
+rule('PREROUTING --logical-in br-client -i bat0 -d ' .. macaddr .. ' -j DROP', 'nat')
+
 rule('FORWARD --logical-out br-client -o bat0 -d ' .. macaddr .. ' -j DROP')
 rule('OUTPUT --logical-out br-client -o bat0 -d ' .. macaddr .. ' -j DROP')
 rule('FORWARD --logical-out br-client -o bat0 -s ' .. macaddr .. ' -j DROP')

package/gluon-mesh-batman-adv/src/respondd.c

@@ -26,6 +26,7 @@
 
 #include <respondd.h>
 
+#include <ifaddrs.h>
 #include <iwinfo.h>
 #include <json-c/json.h>
 #include <libgluonutil.h>
@@ -43,12 +44,16 @@
 #include <net/if.h>
 #include <netinet/in.h>
 
+#include <netlink/netlink.h>
+#include <netlink/genl/genl.h>
+
 #include <sys/types.h>
 #include <sys/ioctl.h>
 #include <sys/socket.h>
 
 #include <linux/ethtool.h>
 #include <linux/if_addr.h>
+#include <linux/rtnetlink.h>
 #include <linux/sockios.h>
 
 #include <batadv-genl.h>
@@ -71,55 +76,73 @@ struct gw_netlink_opts {
 };
 
 struct clients_netlink_opts {
-	size_t total;
-	size_t wifi;
+	size_t non_wifi;
 	struct batadv_nlquery_opts query_opts;
 };
 
+struct ip_address_information {
+	unsigned int ifindex;
+	struct json_object *addresses;
+};
 
-static struct json_object * get_addresses(void) {
-	FILE *f = fopen("/proc/net/if_inet6", "r");
-	if (!f)
-		return NULL;
+static int get_addresses_cb(struct nl_msg *msg, void *arg) {
+	struct ip_address_information *info = (struct ip_address_information*) arg;
 
-	char *line = NULL;
-	size_t len = 0;
+	struct nlmsghdr *nlh = nlmsg_hdr(msg);
+	struct ifaddrmsg *msg_content = NLMSG_DATA(nlh);
+	int remaining = nlh->nlmsg_len - NLMSG_LENGTH(sizeof(struct ifaddrmsg));
+	struct rtattr *hdr;
 
-	struct json_object *ret = json_object_new_array();
+	for (hdr = IFA_RTA(msg_content); RTA_OK(hdr, remaining); hdr = RTA_NEXT(hdr, remaining)) {
+		char addr_str_buf[INET6_ADDRSTRLEN];
 
-	while (getline(&line, &len, f) >= 0) {
-		/* IF_NAMESIZE would be enough, but adding 1 here is simpler than subtracting 1 in the format string */
-		char ifname[IF_NAMESIZE+1];
-		unsigned int flags;
-		struct in6_addr addr;
-		char buf[INET6_ADDRSTRLEN];
-
-		if (sscanf(line,
-			   "%2"SCNx8"%2"SCNx8"%2"SCNx8"%2"SCNx8"%2"SCNx8"%2"SCNx8"%2"SCNx8"%2"SCNx8
-			   "%2"SCNx8"%2"SCNx8"%2"SCNx8"%2"SCNx8"%2"SCNx8"%2"SCNx8"%2"SCNx8"%2"SCNx8
-			   "  %*x %*x %*x %x %"STRINGIFY(IF_NAMESIZE)"s",
-			   &addr.s6_addr[0], &addr.s6_addr[1], &addr.s6_addr[2], &addr.s6_addr[3],
-			   &addr.s6_addr[4], &addr.s6_addr[5], &addr.s6_addr[6], &addr.s6_addr[7],
-			   &addr.s6_addr[8], &addr.s6_addr[9], &addr.s6_addr[10], &addr.s6_addr[11],
-			   &addr.s6_addr[12], &addr.s6_addr[13], &addr.s6_addr[14], &addr.s6_addr[15],
-			   &flags, ifname) != 18)
+		/* We are only interested in IP-addresses of br-client */
+		if (hdr->rta_type != IFA_ADDRESS ||
+			msg_content->ifa_index != info->ifindex ||
+			msg_content->ifa_flags & (IFA_F_TENTATIVE|IFA_F_DEPRECATED)) {
 			continue;
+		}
 
-		if (strcmp(ifname, "br-client"))
-			continue;
-
-		if (flags & (IFA_F_TENTATIVE|IFA_F_DEPRECATED))
-			continue;
-
-		inet_ntop(AF_INET6, &addr, buf, sizeof(buf));
-
-		json_object_array_add(ret, json_object_new_string(buf));
+		if (inet_ntop(AF_INET6, (struct in6_addr *) RTA_DATA(hdr), addr_str_buf, INET6_ADDRSTRLEN)) {
+			json_object_array_add(info->addresses, json_object_new_string(addr_str_buf));
+		}
 	}
 
-	fclose(f);
-	free(line);
+	return NL_OK;
+}
 
-	return ret;
+static struct json_object *get_addresses(void) {
+	struct ip_address_information info = {
+		.ifindex = if_nametoindex("br-client"),
+		.addresses = json_object_new_array(),
+	};
+	int err;
+
+	/* Open socket */
+	struct nl_sock *socket = nl_socket_alloc();
+	if (!socket) {
+		return info.addresses;
+	}
+
+	err = nl_connect(socket, NETLINK_ROUTE);
+	if (err < 0) {
+		goto out_free;
+	}
+
+	/* Send message */
+	struct ifaddrmsg rt_hdr = { .ifa_family = AF_INET6, };
+	err = nl_send_simple(socket, RTM_GETADDR, NLM_F_REQUEST | NLM_F_ROOT, &rt_hdr, sizeof(struct ifaddrmsg));
+	if (err < 0) {
+		goto out_free;
+	}
+
+	/* Retrieve answer. Message is handled by get_addresses_cb */
+	nl_socket_modify_cb(socket, NL_CB_VALID, NL_CB_CUSTOM, get_addresses_cb, &info);
+	nl_recvmsgs_default(socket);
+
+out_free:
+	nl_socket_free(socket);
+	return info.addresses;
 }
 
 static void add_if_not_empty(struct json_object *obj, const char *key, struct json_object *val) {
@@ -529,26 +552,24 @@ static int parse_clients_list_netlink_cb(struct nl_msg *msg, void *arg)
 
 	flags = nla_get_u32(attrs[BATADV_ATTR_TT_FLAGS]);
 
-	if (flags & BATADV_TT_CLIENT_NOPURGE)
+	if (flags & (BATADV_TT_CLIENT_NOPURGE | BATADV_TT_CLIENT_WIFI))
 		return NL_OK;
 
 	lastseen = nla_get_u32(attrs[BATADV_ATTR_LAST_SEEN_MSECS]);
 	if (lastseen > MAX_INACTIVITY)
 		return NL_OK;
 
-	if (flags & BATADV_TT_CLIENT_WIFI)
-		opts->wifi++;
-
-	opts->total++;
+	opts->non_wifi++;
 
 	return NL_OK;
 }
 
 static struct json_object * get_clients(void) {
 	size_t wifi24 = 0, wifi5 = 0;
+	size_t total;
+	size_t wifi;
 	struct clients_netlink_opts opts = {
-		.total = 0,
-		.wifi = 0,
+		.non_wifi = 0,
 		.query_opts = {
 			.err = 0,
 		},
@@ -559,10 +580,12 @@ static struct json_object * get_clients(void) {
 			  &opts.query_opts);
 
 	count_stations(&wifi24, &wifi5);
+	wifi = wifi24 + wifi5;
+	total = wifi + opts.non_wifi;
 
 	struct json_object *ret = json_object_new_object();
-	json_object_object_add(ret, "total", json_object_new_int(opts.total));
-	json_object_object_add(ret, "wifi", json_object_new_int(opts.wifi));
+	json_object_object_add(ret, "total", json_object_new_int(total));
+	json_object_object_add(ret, "wifi", json_object_new_int(wifi));
 	json_object_object_add(ret, "wifi24", json_object_new_int(wifi24));
 	json_object_object_add(ret, "wifi5", json_object_new_int(wifi5));
 	return ret;

package/gluon-mesh-vpn-core/Makefile

@@ -13,6 +13,7 @@ define Package/gluon-mesh-vpn-core
 	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_PKTTYPE \
 	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NETFILTER_XT_MATCH_QUOTA \
 	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_CLS_BASIC \
+	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_ACT_POLICE \
 	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_SCH_TBF \
 	+@GLUON_SPECIALIZE_KERNEL:KERNEL_NET_SCH_INGRESS
   USERID:=:gluon-mesh-vpn=800

package/gluon-mesh-vpn-core/luasrc/lib/gluon/mesh-vpn/update-config

@@ -0,0 +1,48 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+local unistd = require 'posix.unistd'
+
+local vpn
+if unistd.access('/lib/gluon/mesh-vpn/fastd') then
+	vpn = 'fastd'
+elseif unistd.access('/lib/gluon/mesh-vpn/tunneldigger') then
+	vpn = 'tunneldigger'
+end
+
+local vpn_config = {
+	enabled = uci:get_bool('gluon', 'mesh_vpn', 'enabled'),
+	limit_enabled = uci:get_bool('gluon', 'mesh_vpn', 'limit_enabled'),
+	limit_egress = uci:get('gluon', 'mesh_vpn', 'limit_egress'),
+	limit_ingress = uci:get('gluon', 'mesh_vpn', 'limit_ingress'),
+}
+
+uci:delete('simple-tc', 'mesh_vpn')
+uci:section('simple-tc', 'interface', 'mesh_vpn', {
+	ifname = 'mesh-vpn',
+	enabled = vpn_config.limit_enabled,
+	limit_egress = vpn_config.limit_egress,
+})
+
+if vpn == 'fastd' then
+	uci:set('fastd', 'mesh_vpn', 'enabled', vpn_config.enabled)
+	uci:set('simple-tc', 'mesh_vpn', 'limit_ingress', vpn_config.limit_ingress)
+else
+	uci:set('fastd', 'mesh_vpn', 'enabled', false)
+end
+uci:save('fastd')
+
+if vpn == 'tunneldigger' then
+	uci:set('tunneldigger', 'mesh_vpn', 'enabled', vpn_config.enabled)
+
+	if vpn_config.limit_enabled then
+		uci:set('tunneldigger', 'mesh_vpn', 'limit_bw_down', vpn_config.limit_ingress)
+	else
+		uci:delete('tunneldigger', 'mesh_vpn', 'limit_bw_down')
+	end
+else
+	uci:set('tunneldigger', 'mesh_vpn', 'enabled', false)
+end
+uci:save('tunneldigger')
+
+uci:save('simple-tc')

package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn

@@ -24,16 +24,6 @@ if unistd.access('/etc/config/gluon-simple-tc') then
 	os.rename('/etc/config/gluon-simple-tc', '/etc/config/simple-tc')
 end
 
-if not uci:get('simple-tc', 'mesh_vpn') then
-	uci:section('simple-tc', 'interface', 'mesh_vpn', {
-		ifname = 'mesh-vpn',
-		enabled = site.mesh_vpn.bandwidth_limit.enabled(false),
-		limit_ingress = site.mesh_vpn.bandwidth_limit.ingress(),
-		limit_egress = site.mesh_vpn.bandwidth_limit.egress(),
-	})
-	uci:save('simple-tc')
-end
-
 
 -- The previously used user and group are removed, we now have a generic group
 users.remove_user('gluon-fastd')
@@ -49,42 +39,59 @@ uci:save('firewall')
 
 
 -- VPN migration
-local has_fastd = unistd.access('/lib/gluon/mesh-vpn/fastd')
-local fastd_enabled = uci:get('fastd', 'mesh_vpn', 'enabled')
-
-local has_tunneldigger = unistd.access('/lib/gluon/mesh-vpn/tunneldigger')
-local tunneldigger_enabled = uci:get('tunneldigger', 'mesh_vpn', 'enabled')
-
-local enabled
-
--- If the installed VPN package has its enabled state set, keep the value
-if has_fastd and fastd_enabled then
-	enabled = fastd_enabled == '1'
-elseif has_tunneldigger and tunneldigger_enabled then
-	enabled = tunneldigger_enabled == '1'
--- Otherwise, migrate the other package's value if any is set
-elseif fastd_enabled or tunneldigger_enabled then
-	enabled = fastd_enabled == '1' or tunneldigger_enabled == '1'
--- If nothing is set, use the default
-else
-	enabled = site.mesh_vpn.enabled(false)
-end
-
-if has_fastd then
-	uci:set('fastd', 'mesh_vpn', 'enabled', enabled)
-else
-	uci:delete('fastd', 'mesh_vpn')
-end
-uci:save('fastd')
-
-if has_tunneldigger then
-	uci:set('tunneldigger', 'mesh_vpn', 'enabled', enabled)
-	if site.mesh_vpn.bandwidth_limit.enabled(false) then
-		uci:set('tunneldigger', 'mesh_vpn', 'limit_bw_down', site.mesh_vpn.bandwidth_limit.ingress())
-		uci:set('simple-tc', 'mesh_vpn', 'limit_ingress', 0)
-		uci:save('simple-tc')
+if not uci:get('gluon', 'mesh_vpn') then
+	local vpn
+	if unistd.access('/lib/gluon/mesh-vpn/fastd') then
+		vpn = 'fastd'
+	elseif unistd.access('/lib/gluon/mesh-vpn/tunneldigger') then
+		vpn = 'tunneldigger'
 	end
-else
-	uci:delete('tunneldigger', 'mesh_vpn')
+
+	local fastd_enabled = uci:get('fastd', 'mesh_vpn', 'enabled')
+	local tunneldigger_enabled = uci:get('tunneldigger', 'mesh_vpn', 'enabled')
+
+	local enabled
+
+	-- If the installed VPN package has its enabled state set, keep the value
+	if vpn == 'fastd' and fastd_enabled then
+		enabled = fastd_enabled == '1'
+	elseif vpn == 'tunneldigger' and tunneldigger_enabled then
+		enabled = tunneldigger_enabled == '1'
+	-- Otherwise, migrate the other package's value if any is set
+	elseif fastd_enabled or tunneldigger_enabled then
+		enabled = fastd_enabled == '1' or tunneldigger_enabled == '1'
+	-- If nothing is set, use the default
+	else
+		enabled = site.mesh_vpn.enabled(false)
+	end
+
+
+	local limit_enabled = tonumber((uci:get('simple-tc', 'mesh_vpn', 'enabled')))
+	if limit_enabled == nil then
+		limit_enabled = site.mesh_vpn.bandwidth_limit.enabled(false)
+	end
+
+	local limit_ingress = tonumber((uci:get('tunneldigger', 'mesh_vpn', 'limit_bw_down')))
+	if limit_ingress == nil then
+		limit_ingress = tonumber((uci:get('simple-tc', 'mesh_vpn', 'limit_ingress')))
+	end
+	if limit_ingress == nil then
+		limit_ingress = site.mesh_vpn.bandwidth_limit.ingress()
+	end
+
+	local limit_egress = tonumber((uci:get('simple-tc', 'mesh_vpn', 'limit_egress')))
+	if limit_egress == nil then
+		limit_egress = site.mesh_vpn.bandwidth_limit.egress()
+	end
+
+
+	uci:section('gluon', 'mesh_vpn', 'mesh_vpn', {
+		enabled = enabled,
+		limit_enabled = limit_enabled,
+		limit_ingress = limit_ingress,
+		limit_egress = limit_egress,
+	})
+	uci:save('gluon')
 end
-uci:save('tunneldigger')
+
+os.execute('exec /lib/gluon/mesh-vpn/update-config')

package/gluon-scheduled-domain-switch/Makefile

@@ -0,0 +1,13 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=gluon-scheduled-domain-switch
+PKG_VERSION:=1
+
+include ../gluon.mk
+
+define Package/gluon-scheduled-domain-switch
+  TITLE:=Allows scheduled migrations between domains
+  DEPENDS:=+gluon-core @GLUON_MULTIDOMAIN
+endef
+
+$(eval $(call BuildPackageGluon,gluon-scheduled-domain-switch))

package/gluon-scheduled-domain-switch/check_site.lua

@@ -0,0 +1,6 @@
+if need_table(in_domain({'domain_switch'}), check_domain_switch, false) then
+	need_domain_name(in_domain({'domain_switch', 'target_domain'}))
+	need_number(in_domain({'domain_switch', 'switch_after_offline_mins'}))
+	need_number(in_domain({'domain_switch', 'switch_time'}))
+	need_string_array_match(in_domain({'domain_switch', 'connection_check_targets'}), '^[%x:]+$')
+end

package/gluon-scheduled-domain-switch/luasrc/lib/gluon/upgrade/950-gluon-scheduled-domain-switch

@@ -0,0 +1,20 @@
+#!/usr/bin/lua
+
+local json = require 'jsonc'
+local site = require 'gluon.site'
+local unistd = require 'posix.unistd'
+
+local cronfile = "/usr/lib/micron.d/gluon-scheduled-domain-switch"
+
+-- Check if domain switch is scheduled
+if site.domain_switch() == nil then
+	-- In case no domain switch is scheduled, remove cronfile
+	os.remove(cronfile)
+	os.exit(0)
+end
+
+-- Only in case domain switch is scheduled
+local f = io.open(cronfile, "w")
+f:write("* * * * *  /usr/bin/gluon-check-connection\n")
+f:write("*/5 * * * *  /usr/bin/gluon-switch-domain\n")
+f:close()

package/gluon-scheduled-domain-switch/luasrc/usr/bin/gluon-check-connection

@@ -0,0 +1,36 @@
+#!/usr/bin/lua
+
+local unistd = require 'posix.unistd'
+local util = require 'gluon.util'
+local site = require 'gluon.site'
+
+local offline_flag_file = "/tmp/gluon_offline"
+local is_offline = true
+
+-- Check if domain-switch is scheduled
+if site.domain_switch() == nil then
+	-- Switch not applicable for current domain
+	os.exit(0)
+end
+
+-- Check reachability of pre-defined targets
+for _, ip in ipairs(site.domain_switch.connection_check_targets()) do
+	local exit_code = os.execute("ping -c 1 -w 10 " .. ip)
+	if exit_code == 0 then
+		is_offline = false
+		break
+	end
+end
+
+if is_offline then
+	-- Check if we were previously offline
+	if unistd.access(offline_flag_file) then
+		os.exit(0)
+	end
+	-- Create offline flag
+	local f = io.open(offline_flag_file, "w")
+	f:write(tostring(util.get_uptime()))
+	f:close()
+else
+	os.remove(offline_flag_file)
+end

package/gluon-scheduled-domain-switch/luasrc/usr/bin/gluon-switch-domain

@@ -0,0 +1,67 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+local unistd = require 'posix.unistd'
+local util = require 'gluon.util'
+local site = require 'gluon.site'
+
+-- Returns true if node was offline long enough to perform domain switch
+function switch_after_min_reached()
+	if not unistd.access("/tmp/gluon_offline") then
+		return false
+	end
+
+	local switch_after_sec = site.domain_switch.switch_after_offline_mins() * 60
+
+	local current_uptime = util.get_uptime()
+	if current_uptime == nil then
+		return false
+	end
+
+	local f = util.readfile("/tmp/gluon_offline")
+	if f == nil then
+		return false
+	end
+	local offline_since = tonumber(f)
+
+	local offline_time_sec = current_uptime - offline_since
+
+	if offline_time_sec > switch_after_sec then
+		return true
+	end
+	return false
+end
+
+-- Returns true in case switch time has passed
+function switch_time_passed()
+	local current_time = os.time()
+	local switch_time = site.domain_switch.switch_time()
+
+	return switch_time < current_time
+end
+
+if site.domain_switch() == nil then
+	-- Switch not applicable for current domain
+	print("No domain switch defined for the current domain.")
+	os.exit(0)
+end
+
+local current_domain = uci:get("gluon", "core", "domain")
+local target_domain = site.domain_switch.target_domain()
+
+if target_domain == current_domain then
+	-- Current and target domain are equal
+	print("Domain '" .. target_domain .. "' equals current domain.")
+	os.exit(1)
+end
+
+if not switch_after_min_reached() and not switch_time_passed() then
+	-- Neither switch-time passed nor switch_after_min reached
+	os.exit(0)
+end
+
+uci:set("gluon", "core", "domain", target_domain)
+uci:commit("gluon")
+
+os.execute("gluon-reconfigure")
+os.execute("reboot")

package/gluon-site/Makefile

@@ -49,9 +49,16 @@ define Build/Compile
 	$(foreach domain,$(patsubst $(GLUON_SITEDIR)/domains/%.conf,%,$(wildcard $(GLUON_SITEDIR)/domains/*.conf)),
 		[ ! -e '$(PKG_BUILD_DIR)/domains/$(domain).json' ]
 		$(call GenerateJSON,domains/$(domain))
-		lua ../../scripts/domain_aliases.lua '$(PKG_BUILD_DIR)/domains/$(domain).json' | while read alias; do \
+		@lua ../../scripts/domain_aliases.lua '$(PKG_BUILD_DIR)/domains/$(domain).json' | while read alias; do \
 			[ "$$$${alias}" != '$(domain)' ] || continue; \
-			ln -s '$(domain).json' $(PKG_BUILD_DIR)/domains/$$$${alias}.json || exit 1; \
+			link="$(PKG_BUILD_DIR)/domains/$$$${alias}.json"; \
+			if ! ln -s '$(domain).json' "$$$$link"; then \
+				other="$$$$(basename $$$$(readlink -f "$$$$link") .json)"; \
+				if [ "$$$$other" ]; then \
+					echo >&2 "Failed to alias domain '"'$(domain)'"' as '$$$$alias', name already taken by domain '$$$$other'."; \
+				fi; \
+				exit 1; \
+			fi; \
 		done
 	)
   endif

package/gluon-web-node-role/i18n/de.po

@@ -10,18 +10,18 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-msgid "Node role"
-msgstr "Verwendungszweck"
-
-msgid "Role"
-msgstr "Rolle"
-
 msgid ""
 "If this node has a special role within the mesh network you can specify this "
 "role here. Please find out about the available roles and their impact first. "
 "Only change the role if you know what you are doing."
 msgstr ""
-"Wenn dein Knoten eine besondere Rolle im Mesh-Netzwerk einnimmt, "
-"kannst du diese hier angeben. Bringe bitte zuvor in Erfahrung, welche "
-"Bedeutung die zur Verfügung stehenden Rollen haben. "
-"Setze die Rolle nur, wenn du weißt, was du tust."
+"Wenn dein Knoten eine besondere Rolle im Mesh-Netzwerk einnimmt, kannst du "
+"diese hier angeben. Bringe bitte zuvor in Erfahrung, welche Bedeutung die "
+"zur Verfügung stehenden Rollen haben. Setze die Rolle nur, wenn du weißt, "
+"was du tust."
+
+msgid "Node role"
+msgstr "Verwendungszweck"
+
+msgid "Role"
+msgstr "Rolle"

package/gluon-web-node-role/i18n/fr.po

@@ -10,18 +10,18 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
-msgid "Node role"
-msgstr "Rôle du nœud"
-
-msgid "Role"
-msgstr "Rôle"
-
 msgid ""
 "If this node has a special role within the mesh network you can specify this "
 "role here. Please find out about the available roles and their impact first. "
 "Only change the role if you know what you are doing."
 msgstr ""
-"Si votre nœud a un rôle spécial dans le réseau MESH, vous pouvez "
-"spécifier ce rôle ici. Avant de changer, informez vous sur les rôles "
-"disponibles et sur leur impacts. Changez de rôle uniquement si vous "
-"comprenez ce que vous faites."
+"Si votre nœud a un rôle spécial dans le réseau MESH, vous pouvez spécifier "
+"ce rôle ici. Avant de changer, informez vous sur les rôles disponibles et "
+"sur leur impacts. Changez de rôle uniquement si vous comprenez ce que vous "
+"faites."
+
+msgid "Node role"
+msgstr "Rôle du nœud"
+
+msgid "Role"
+msgstr "Rôle"

package/gluon-web-node-role/i18n/gluon-web-node-role.pot

@@ -1,14 +1,14 @@
 msgid ""
 msgstr "Content-Type: text/plain; charset=UTF-8"
 
+msgid ""
+"If this node has a special role within the mesh network you can specify this "
+"role here. Please find out about the available roles and their impact first. "
+"Only change the role if you know what you are doing."
+msgstr ""
+
 msgid "Node role"
 msgstr ""
 
 msgid "Role"
 msgstr ""
-
-msgid ""
-"If this node has a special role within the mesh network you can specify this role here. "
-"Please find out about the available roles and their impact first. "
-"Only change the role if you know what you are doing."
-msgstr ""

package/gluon-web-node-role/luasrc/lib/gluon/config-mode/model/admin/noderole.lua

@@ -1,5 +1,6 @@
 local f, s, o
 local site = require 'gluon.site'
+local site_i18n = i18n 'gluon-site'
 local uci = require("simple-uci").cursor()
 local config = 'gluon-node-info'
 
@@ -9,7 +10,7 @@ local role = uci:get(config, uci:get_first(config, "system"), "role")
 f = Form(translate("Node role"))
 
 s = f:section(Section, nil, translate(
-	"If this node has a special role within the freifunk network you can specify this role here. "
+	"If this node has a special role within the mesh network you can specify this role here. "
 	.. "Please find out about the available roles and their impact first. "
 	.. "Only change the role if you know what you are doing."
 ))
@@ -17,7 +18,7 @@ s = f:section(Section, nil, translate(
 o = s:option(ListValue, "role", translate("Role"))
 o.default = role
 for _, role in ipairs(site.roles.list()) do
-	o:value(role, translate('gluon-web-node-role:role:' .. role))
+	o:value(role, site_i18n.translate('gluon-web-node-role:role:' .. role))
 end
 
 function o:write(data)

package/gluon-web/i18n/de.po

@@ -17,7 +17,7 @@ msgid "Not Found"
 msgstr "Nicht Gefunden"
 
 msgid "Sorry, the object you requested was not found."
-msgstr "Entschuldigung, das anfgeforderte Objekt wurde nicht gefunden."
+msgstr "Entschuldigung, das angeforderte Objekt wurde nicht gefunden."
 
 msgid "Sorry, the server encountered an unexpected error."
 msgstr ""

package/gluon-web/luasrc/usr/lib/lua/gluon/web/http/protocol.lua

@@ -103,13 +103,13 @@ end
 -- Content-Type. Stores all extracted data associated with its parameter name
 -- in the params table withing the given message object. Multiple parameter
 -- values are stored as tables, ordinary ones as strings.
--- If an optional file callback function is given then it is feeded with the
+-- If an optional file callback function is given then it is fed with the
 -- file contents chunk by chunk and only the extracted file name is stored
 -- within the params table. The callback function will be called subsequently
 -- with three arguments:
 --  o Table containing decoded (name, file) and raw (headers) mime header data
 --  o String value containing a chunk of the file data
---  o Boolean which indicates wheather the current chunk is the last one (eof)
+--  o Boolean which indicates whether the current chunk is the last one (eof)
 function mimedecode_message_body(src, msg, filecb)
 
 	if msg and msg.env.CONTENT_TYPE then

package/gluon-web/luasrc/usr/lib/lua/gluon/web/template.lua

@@ -58,7 +58,7 @@ return function(config, env)
 		-- Now finally render the thing
 		local stat, err = pcall(template)
 		assert(stat, "Failed to execute template '" .. name .. "'.\n" ..
-			      "A runtime error occured: " .. tostring(err or "(nil)"))
+			      "A runtime error occurred: " .. tostring(err or "(nil)"))
 	end
 
 	--- Render a certain template.

package/gluon-web/src/template_utils.c

@@ -235,7 +235,7 @@ static size_t validate_utf8(const unsigned char **s, size_t l, struct template_b
 				break;
 		}
 
-		/* advance beyound the last found valid continuation char */
+		/* advance beyond the last found valid continuation char */
 		o = v;
 		ptr += v;
 	}

patches/openwrt/0006-generic-vxlan-backport-support-for-VXLAN-over-link-local-IPv6-to-4.9.patch

@@ -182,10 +182,10 @@ index 0000000000000000000000000000000000000000..b38b9977bca192eafe9a0d9b8c36a120
 +
 diff --git a/target/linux/generic/backport-4.9/095-0003-vxlan-fix-snooping-for-link-local-IPv6-addresses.patch b/target/linux/generic/backport-4.9/095-0003-vxlan-fix-snooping-for-link-local-IPv6-addresses.patch
 new file mode 100644
-index 0000000000000000000000000000000000000000..dcfd1ce7c2f015354d21a65f12f6ebd00331b629
+index 0000000000000000000000000000000000000000..89523ac027b227a9f84b1130db06a7fc67ff68ce
 --- /dev/null
 +++ b/target/linux/generic/backport-4.9/095-0003-vxlan-fix-snooping-for-link-local-IPv6-addresses.patch
-@@ -0,0 +1,93 @@
+@@ -0,0 +1,88 @@
 +From 010b2b541d958e12d78ba1c79734c700f169610b Mon Sep 17 00:00:00 2001
 +Message-Id: <010b2b541d958e12d78ba1c79734c700f169610b.1515533863.git.mschiffer@universe-factory.net>
 +In-Reply-To: <f45ba82cd83d27b5d44d3dc417e0e480ba0d3703.1515533863.git.mschiffer@universe-factory.net>
@@ -209,11 +209,9 @@ index 0000000000000000000000000000000000000000..dcfd1ce7c2f015354d21a65f12f6ebd0
 + drivers/net/vxlan.c | 20 +++++++++++++++-----
 + 1 file changed, 15 insertions(+), 5 deletions(-)
 +
-+diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
-+index 863d9528b900..c28c6f34b3b3 100644
 +--- a/drivers/net/vxlan.c
 ++++ b/drivers/net/vxlan.c
-+@@ -917,16 +917,25 @@ static int vxlan_fdb_dump(struct sk_buff *skb, struct netlink_callback *cb,
++@@ -917,16 +917,25 @@ out:
 +  * Return true if packet is bogus and should be dropped.
 +  */
 + static bool vxlan_snoop(struct net_device *dev,
@@ -241,7 +239,7 @@ index 0000000000000000000000000000000000000000..dcfd1ce7c2f015354d21a65f12f6ebd0
 + 			return false;
 + 
 + 		/* Don't migrate static entries, drop packets */
-+@@ -952,7 +961,7 @@ static bool vxlan_snoop(struct net_device *dev,
++@@ -952,7 +961,7 @@ static bool vxlan_snoop(struct net_devic
 + 					 NLM_F_EXCL|NLM_F_CREATE,
 + 					 vxlan->cfg.dst_port,
 + 					 vxlan->default_dst.remote_vni,
@@ -250,7 +248,7 @@ index 0000000000000000000000000000000000000000..dcfd1ce7c2f015354d21a65f12f6ebd0
 + 		spin_unlock(&vxlan->hash_lock);
 + 	}
 + 
-+@@ -1223,6 +1232,7 @@ static bool vxlan_set_mac(struct vxlan_dev *vxlan,
++@@ -1223,6 +1232,7 @@ static bool vxlan_set_mac(struct vxlan_d
 + 			  struct sk_buff *skb)
 + {
 + 	union vxlan_addr saddr;
@@ -258,7 +256,7 @@ index 0000000000000000000000000000000000000000..dcfd1ce7c2f015354d21a65f12f6ebd0
 + 
 + 	skb_reset_mac_header(skb);
 + 	skb->protocol = eth_type_trans(skb, vxlan->dev);
-+@@ -1244,7 +1254,7 @@ static bool vxlan_set_mac(struct vxlan_dev *vxlan,
++@@ -1244,7 +1254,7 @@ static bool vxlan_set_mac(struct vxlan_d
 + 	}
 + 
 + 	if ((vxlan->flags & VXLAN_F_LEARN) &&
@@ -267,18 +265,15 @@ index 0000000000000000000000000000000000000000..dcfd1ce7c2f015354d21a65f12f6ebd0
 + 		return false;
 + 
 + 	return true;
-+@@ -1932,7 +1942,7 @@ static void vxlan_encap_bypass(struct sk_buff *skb, struct vxlan_dev *src_vxlan,
++@@ -1939,7 +1949,7 @@ static void vxlan_encap_bypass(struct sk
 + 	}
 + 
 + 	if (dst_vxlan->flags & VXLAN_F_LEARN)
-+-		vxlan_snoop(skb->dev, &loopback, eth_hdr(skb)->h_source);
-++		vxlan_snoop(skb->dev, &loopback, eth_hdr(skb)->h_source, 0);
++-		vxlan_snoop(dev, &loopback, eth_hdr(skb)->h_source);
+++		vxlan_snoop(dev, &loopback, eth_hdr(skb)->h_source, 0);
 + 
 + 	u64_stats_update_begin(&tx_stats->syncp);
 + 	tx_stats->tx_packets++;
-+-- 
-+2.15.1
-+
 diff --git a/target/linux/generic/backport-4.9/095-0004-vxlan-allow-multiple-VXLANs-with-same-VNI-for-IPv6-l.patch b/target/linux/generic/backport-4.9/095-0004-vxlan-allow-multiple-VXLANs-with-same-VNI-for-IPv6-l.patch
 new file mode 100644
 index 0000000000000000000000000000000000000000..18ae230a3b04d2b57184109fa14f9533f0fb7192

patches/openwrt/0008-ipq40xx-add-support-for-the-ZyXEL-NBG6617.patch

@@ -891,7 +891,7 @@ index 0000000000000000000000000000000000000000..d7f8c5955caee15d373a342b75c8c194
 +	status = "okay";
 +};
 diff --git a/target/linux/ipq40xx/image/Makefile b/target/linux/ipq40xx/image/Makefile
-index 38600cf979242142aa08c30163e63d911f0ddb63..d1ee1004fddce6cf6007259229d8eee5b5b2ea3b 100644
+index 90d9dfeff0c228765ac24247ce72dec497dc63f0..cb79baccd21b3fa7f35df543bfca1a7d6ba8f83f 100644
 --- a/target/linux/ipq40xx/image/Makefile
 +++ b/target/linux/ipq40xx/image/Makefile
 @@ -1,6 +1,8 @@

patches/openwrt/0009-build-add-mkrasimage.patch

@@ -267,7 +267,7 @@ index 640557532c8a02f37bc6f84ade8cb34e7172162d..4568b656219419e9ca1156c6716bd212
    # We cannot currently build a factory image. It is the sysupgrade image
    # prefixed with a header (which is actually written into the MTD device).
 diff --git a/target/linux/ipq40xx/image/Makefile b/target/linux/ipq40xx/image/Makefile
-index d1ee1004fddce6cf6007259229d8eee5b5b2ea3b..5cd11cae237b4658906652967d8120bd0dc080a8 100644
+index cb79baccd21b3fa7f35df543bfca1a7d6ba8f83f..a0f81f7d631b6c53a5612dee172e752a9fecd06d 100644
 --- a/target/linux/ipq40xx/image/Makefile
 +++ b/target/linux/ipq40xx/image/Makefile
 @@ -221,7 +221,7 @@ define Device/zyxel_nbg6617