zstd with its default settings (compression level -3) compresses better
than bzip2 -9 (which is the default setting), and is an order of magnitude
faster.
I made the following measurements for the most common compression tools
(all standard Debian Buster versions, default flags unless noted
otherwise), using the debug information of a large x86-64 kernel with
ALL_KMODS:
* kernel-debug.tar: 376M
* kernel-debug.tar.gz: 101M, compressed in ~12s
* kernel-debug.tar.bz2: 91M, compressed in ~15s
* kernel-debug.tar.xz: 57M, compressed in ~101s
* kernel-debug.tar.zst: 86M, compressed in ~1s
With zstd, there is still some room for improvement by increasing the
compression, but the slight increase in compression ratio
(22.83% -> 19.46%) does not justify the significant increase in
compression time (about 5 times on my machine) in my opinion.
Note that multithreaded compression (-T argument) does not affect
reproducibility with zstd.
- add Ed25519 support (backport):
* DROPBEAR_ED25519 option for ssh-ed25519,
* disabled by default
- add Chacha20-Poly1305 support (backport):
* DROPBEAR_CHACHA20POLY1305 for chacha20-poly1305@openssh.com,
* enabled by default
- update feature costs in binary size
Daniel Golle [Sat, 30 May 2020 08:36:17 +0000 (09:36 +0100)]
mac80211: rt2x00: backport patch enabling MFP
From: Rui Salvaterra <rsalvaterra@gmail.com>
Date: Mon, 25 May 2020 14:49:07 +0100
Subject: [PATCH] rt2800: enable MFP support unconditionally
This gives us WPA3 support out of the box without having to manually disable
hardware crypto. The driver will fall back to software crypto if the connection
requires management frame protection.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Fri, 29 May 2020 22:58:20 +0000 (23:58 +0100)]
ugps: nmea: make sure date is valid
GPS time without date was previously used to set system date:
Tue Oct 10 11:48:21 2000 user.info kernel: [ 108.786639] ugps: system time differs from GPS time by more than 5 seconds. Using 2000-10-10T10:48:21 UTC as the new time
Tue Oct 10 11:49:27 2000 user.info kernel: [ 174.794699] ugps: system time differs from GPS time by more than 5 seconds. Using 2020-05-26T10:49:27 UTC as the new time
Fix this by ignoring incomplete dates and wait for complete time
information before adjusting system date/time.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
ar71xx: fix splitting firmware partition for TL-WR902AC v1
The -O option for the tplink-v1-header was missing for the TP-Link
TL-WR902AC v1, while safeloader and MTDPARTS where set up with a
single firmware partition.
This led to bootloops after using sysupgrade.
Fixes: FS#3118 Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Jo-Philipp Wich [Thu, 28 May 2020 11:03:02 +0000 (13:03 +0200)]
broadcom-wl: don't inherit lock descriptor in nas process
Add a local hack to prevent the Broadcom WPA authenticator process from
inheriting the lock descriptor 1000 used to prevent concurrent executions
of the init script.
Without this fix, repeated invocations of /etc/init.d/network, e.g. for
obtaining the enabled state, would hang forever.
bcm27xx-userland: update to latest version with 64 bit support
Support for 64 bits has been remove on latest master of raspberry/firmware.
Update to latest commit with 64 bit support since we don't support
installing 32 bit packages on 64 bit targets.
Jakov Petrina [Mon, 25 May 2020 12:14:40 +0000 (14:14 +0200)]
linux: mvebu: backport mvneta XDP support fixes
This patch backports additional fixes for XDP support in the mvneta driver. These
changes are found upstream as commits:
b37fa92e20ef2 net: mvneta: fix build skb for bm capable devices f383b2950070c net: mvneta: rely on page_pool_recycle_direct in mvneta_run_xdp 79572c98c554d mvneta driver disallow XDP program on hardware buffer management 44efc78d0e464 net: mvneta: fix XDP support if sw bm is used as fallback
Thibaut VARÈNE [Thu, 21 May 2020 15:40:54 +0000 (17:40 +0200)]
packages/utils: fbtest fix Makefile
The clean target tries to remove what looks like a bogus 'rbcfg',
probably carried over copy-pasta. Remove the name of the generated
executable ('fbtest') instead.
Thibaut VARÈNE [Sat, 16 May 2020 20:18:15 +0000 (22:18 +0200)]
package/base-files: caldata: work around dd's limitation
tl;dr: dd will silently truncate the output if reading from special
files (e.g. sysfs attributes) with a too large bs parameter.
This problem was exposed on some RouterBOARD ipq40xx devices which use a
caldata payload which is larger than PAGE_SIZE, contrary to all other
currently supported RouterBOARD devices: the caldata would fail to
properly load with the current scripts.
Background: dd doesn't seem to correctly handle read() results that
return less than requested data. sysfs attributes have a kernel exchange
buffer which is at most PAGE_SIZE big, so only 1 page can be read() at a
time. In this case, if bs is larger than PAGE_SIZE, dd will silently
truncate blocks to PAGE_SIZE. With the current scripts using bs=<size>
count=1, the data is truncated to PAGE_SIZE as soon as the requested
<size> exceeds this value.
This commit works around this problem by using `cat` in the caldata
routines that can read from a file (routines that read from mtd devices
are untouched). cat correctly handles partial read requests. The output
is then piped to dd with the same parameters as before, to ensure that
the resulting file remains exactly the same.
This is a simple workaround, the downside is that it uses a pipe and one
more executable, and therefore has a larger memory footprint and is
slower. This is deemed acceptable considering these routines are only
used at boot time.
Tested-by: Robert Marko <robimarko@gmail.com> Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Thibaut VARÈNE [Wed, 13 May 2020 20:12:41 +0000 (22:12 +0200)]
generic: routerboot sysfs: add support for soft_config
This driver exposes the data encoded in the "soft_config" flash segment
of MikroTik RouterBOARDs devices. It presents the data in a sysfs folder
named "soft_config" through a set of human-and-machine-parseable
attributes. Changes can be discarded by writing 0 to the 'commit'
attribute, or they can be committed to flash storage by writing 1.
This driver does not reuse any of the existing code previously found in
the "rbcfg" utility and makes this utility obsolete by providing a clean
sysfs interface.
Like "rbcfg", this driver requires 4K_SECTORS support since the flash
partition in which these parameters are stored is typically 4KB in size.
Thibaut VARÈNE [Wed, 13 May 2020 16:42:45 +0000 (18:42 +0200)]
generic: platform/mikrotik: rb_hardconfig.c minor fixes
For the sake of strictly typed code, add a missing const qualifier.
Add a missing return value in error path.
Check the return value of mtd_read(), for good measure.
Also demote the error printks of failed sysfs file creation to warn
level since they are not fatal in the init() sequence.
Finally, add a note regarding PAGE_SIZE and clarify a comment.
Pavel Balan [Fri, 27 Mar 2020 03:32:55 +0000 (03:32 +0000)]
ath79: add support for COMFAST CF-E130N v2
This patch adds support for the COMFAST CF-E130N v2, an outdoor wireless
CPE with a single Ethernet port and a 802.11bgn radio.
Specifications:
- QCA9531 SoC
- 1x 10/100 Mbps Ethernet with PoE-in support
- 64 MB of RAM (DDR2)
- 16 MB of FLASH
- 5 dBi built-in antenna
- POWER/LAN/WLAN green LEDs
- 4x RSSI LEDs (2x red, 2x green)
- UART (115200 8N1) and GPIO (J9) headers on PCB
Flashing instructions:
The original firmware is based on OpenWrt so a sysupgrade image can be
installed via the stock web GUI.
The U-boot bootloader also contains a backup TFTP client to upload the
firmware from. Upon boot, it checks its ethernet network for the IP
192.168.1.10. Host a TFTP server and provide the image to be flashed as
file firmware_auto.bin.
MAC address setup:
The art partition contains four consecutive MAC addresses:
However, the manufacturer in its infinite wisdom decided that one address
is enough and both eth0 and WiFi get the MAC address from 0x0 (yes, that's
overwriting the existing and valid address in 0x1002). This is obviously
also the address on the device's label.
Signed-off-by: Pavel Balan <admin@kryma.net>
[fix configs partition, fix IMAGE_SIZE, add MAC address comment, rename
ATH_SOC to SOC] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The device has a total of 8 LEDs, 5 of which are controlled by the switch
(LAN 1-4, WAN). Only power, wifi and wps are controlled by the SoC.
* led_power is on GPIO 5 (not 15), boot flashing sequence is now visible
* remove led 'internet', since it is only connected to the switch
* remove ucidef_set_led_switch for WAN from 01_leds, as it has no effect
Tested on revisions C1 and C3.
Signed-off-by: Sebastian Schaper <openwrt@sebastianschaper.net>
[adjust commit title] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
J. Scott Heppler [Tue, 26 May 2020 01:24:40 +0000 (18:24 -0700)]
ramips: add support for TRENDnet TEW-810DR
Specifications:
* MediaTek MT7620A (580 Mhz)
* 8 MB of FLASH
* 64 MB of RAM
* 2.4Ghz and 5.0Ghz radios
* 5x 10/100 Mbps Ethernet (1 WAN and 4 LAN)
* UART header on PCB (57600 8n1)
* Green/Orange Power LEDs illuminating a Power-Button Lens
* Green/Orange Internet LEDs GPIO controlled illuminating a Globe/Internet Lens
* 3x button - wps, power and reset
* U-boot bootloader
Installation:
The sysupgrade.bin image is reported to be OEM web flashed with an ncc_att_hwid
appended. ncc_att_hwid is a 32bit binary in the GPL Source download for either
the TEW-810DR or DIR-810L and is located at
source/user/wolf/cameo/ncc/hostTools.
The invocation is: ncc_att_hwid -f tew-810dr-squashfs-factory.bin -a -m "TEW-810DR" -H "1.0R" -r "WW" -c "1.0"
This may need to be altered if your hardware version is "1.1R".
The image can also be directly flashed via serial tftp:
1. Load *.sysupgrade.bin to your tftp server directory and rename for
convenience.
2. Set a static ip 192.168.10.100.
3. NIC cable to a lan port.
4. Serial connection parameters 57600,8N1
5. Power on the TEW-810 and press 4 for a u-boot command line prompt.
6. Verify IP's with U-Boot command "printenv".
7. Adjust tftp settings if needed per the tftp documentation
8. Boot the tftp image to test the build.
9. If the image loads, reset your server ip to 192.168.1.10 and restart network.
10. Log in to Luci, 192.168.1.1, and flash the *sysupgrade.bin image.
Notes:
The only valid MAC address is found in 0x28 of the factory partition.
Other typical offsets/caldata only contain example data: 00:11:22:00:0f:xx
Signed-off-by: J. Scott Heppler <shep971@centurylink.net>
[remove "link rx tx" in 01_leds, format and extend commit message,
fix DTS led node names] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Felix Fietkau [Tue, 26 May 2020 08:45:06 +0000 (10:45 +0200)]
libubox: update to the latest version
86818eaa976b blob: make blob_parse_untrusted more permissive cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len c2fc622b771f blobmsg: fix length in blobmsg_check_array 639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name 66195aee5042 blobmsg: fix missing length checks
kernel: properly insert local mtd partition parsers
Between 4.19 and 5.4, the kernel moved the partition parsers into
the parsers subdirectory. This led to some necessary rebasing of
our local patches for parsers, which partially has been performed
without caring about where the code was inserted.
This commit tries to adjust our local patches so that parsers are
inserted at the "proper" positions with respect to alphabetic sorting
(if possible). Thus, the commit is cosmetic.
While this might look useless now, it will make life easier when
adding other parsers in the future or for rebasing on kernel changes.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Kernel 5.4 is stable for about two months now and there is only a few
patches anyway, so this is mostly upstream stuff. Therefore, it does
not look like we need to keep old 4.14 around any longer.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Kernel 5.4 is stable for about two months now and there is only one
patch anyway, so this is mostly upstream stuff. Therefore, it does
not look like we need to keep old 4.14 around any longer.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
1. Set PC network interface to 192.168.1.75/24.
2. Connect PC to the router via LAN.
3. Turn router off, press and hold reset button, then turn it on.
4. Keep the button pressed till power led starts to blink.
5. Upload the firmware file via TFTP. (Any filename is accepted.)
6. Wait until the router reboots.
Signed-off-by: Ernst Spielmann <endspiel@disroot.org>
[fix node/property name for state_default] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Rafał Miłecki [Sun, 24 May 2020 14:30:02 +0000 (16:30 +0200)]
libubox: update to the latest master
5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len() eeddf22 tests: runqueue: try to fix race on GitLab CI 89fb613 libubox: runqueue: fix use-after-free bug 1db3e7d libubox: runqueue fix comment in header 7c4ef0d tests: list: add test case for list_empty iterator
00b921d80ac0 Do not print line number in debug messages 96c42c5ed320 Fix length checks in cert_load() fe06b4b836b3 usign-exec: improve usign -F output handling 19f9e1917e1b usign-exec: return code fixes 077feb5b5824 usign-exec: close writing end of pipe early in parent process 7ec4bb764e1e usign-exec: remove redundant return statements 5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17] 112488bbbccc usign-exec: do not close stdin and stderr before exec 38dcb1a6f121 usign-exec: fix exec error handling a9be4fb17df2 usign-exec: simplify usign execv calls 854d93e2326a Introduce read_file() helper, improve error reporting afc86f352bf7 Fix return code of write_file() fdff10852326 stdout/stderr improvements dddb2aa8124d ci: fix unit test failures by enabling full ucert build 5f206bcfe5c2 ci: enable unit testing
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[cut out of patch with different subject] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Stijn Segers [Sat, 23 May 2020 08:50:03 +0000 (10:50 +0200)]
ath79/nand: add support for Netgear WNDR4300SW
This patch adds support for the WNDR4300SW, marketed by California ISP
SureWest (hence the 'SW' suffix). Hardware wise, it's identical to the
WNDR4300 v1.
Specifications:
* SoC: Atheros AR9344
* RAM: 128 MB
* Flash: 128 MB NAND flash
* WiFi: Atheros AR9580 (5 GHz) and AR9344 (2,4 GHz)
* Ethernet: 5x 1000Base-T
* LED: Power, WAN, LAN, WiFi, USB, WPS
* UART: on board, to the right of the RF shield at the top of the board
Installation:
* Flashing through the OEM web interface:
+ Connect your computer to the router with an ethernet cable and browse
to http://192.168.1.1/
+ Log in with the default credentials are admin:password
+ Browse to Advanced > Administration > Firmware Upgrade in the Netgear
interface
+ Upload the Openwrt firmware: openwrt-ath79-nand-netgear_wndr4300sw-squashfs-factory.img
+ Proceed with the firmware installation and give the device a few
minutes to finish and reboot.
* Flashing through TFTP:
+ Configure your wired client with a static IP in the 192.168.1.x range,
e.g. 192.168.1.10 and netmask 255.255.255.0.
+ Power off the router.
+ Press and hold the RESET button (the factory reset button on the bottom
of the device, with the red circle around it) and turn the router on
while keeping the button pressed.
+ The power LED will start flashing orange. You can release the button
once it switches to flashing green.
+ Transfer the image over TFTP:
$ tftp 192.168.1.1 -m binary -c put openwrt-ath79-nand-netgear_wndr4300sw-squashfs-factory.img
Hauke Mehrtens [Sun, 24 May 2020 10:23:31 +0000 (12:23 +0200)]
squashfs: Fix compile with GCC 10
Fixes the following build error with GCC 10:
/usr/bin/ld: read_fs.o:(.bss+0x0): multiple definition of `swap'; mksquashfs.o:(.bss+0x1b2a88): first defined here
And a compile warning.
Russell Senior [Sat, 23 May 2020 08:19:50 +0000 (01:19 -0700)]
ramips: fix 04_led_migration case syntax for mt7621
Commit f761f4052c4 had bogus case syntax, the uci-defaults script threw
errors as a result and exited non-zero, probably didn't do what was
intended, but tried over and over since the non-zero exit prevents the
script from being deleted.
Fixes: f761f4052c41 ("ramips: mt7621: harmonize naming scheme for Mikrotik") Signed-off-by: Russell Senior <russell@personaltelco.net>
[extend commit title, add Fixes] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The U-Boot CLI is password protected (using the same credentials as the
OS). Default is admin/new2day.
1. Download the OpenWrt initramfs-image. Place it into a TFTP server
root directory and rename it to 1401A8C0.img. Configure the TFTP
server to listen at 192.168.1.66/24.
2. Connect the TFTP server to the access point.
3. Connect to the serial console of the access point. Attach power and
interrupt the boot procedure when prompted (bootdelay is 1 second).
4. Configure the U-Boot environment for booting OpenWrt from Ram and
flash:
David Bauer [Thu, 21 May 2020 07:50:37 +0000 (09:50 +0200)]
hostapd: add WEP as queryable build feature
Commit 472fd98c5b12 ("hostapd: disable support for Wired Equivalent
Privacy by default") made support for WEP optional.
Expose the WEP support to LuCi or other userspace tools using the
existing interface. This way they are able to remove WEP from the
available ciphers if hostapd is built without WEP support.
Daniele Castro [Mon, 2 Dec 2019 15:13:44 +0000 (16:13 +0100)]
brcm63xx: add support for ADB P.DG A4001N A-000-1A1-AX
ADB P.DG A4001N A-000-1A1-AX a.k.a. Telecom Italia ADSL2+ Wi-Fi N (AGPWI)
has the same PCB as the OpenWrt's ADB P.DG A4001N1 with LEDs connected
to different GPIO PINs in active low configuration.
OpenWrt's ADB P.DG A4001N image is made for the ADB P.DG A4001N A-000-1A1-AE.
It has different LEDs configuration and flash size/layout
w.r.t the ADB P.DG A4001N A-000-1A1-AX.
Installation via CFE:
* Stock CFE has to be overwriten with one for 96328avng boards that can upload
.bin images with no signature check (cfe-A4001N-V0000_96328avng.bin)
* connect a serial port to the board
* Stop the boot process after power on by pressing enter
* set static IP 192.168.1.2 and subnet mask 255.255.255.0
* navigate to http://192.168.1.1/
* upload the OpenWrt image file
bcm63xx: use model part of board name as variable in 01_leds
This extracts the model part of the board name and uses it for the
LED string identifiers in 01_leds. As this makes statements more
generic, it will allow to merge more cases in the future.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Hauke Mehrtens [Thu, 21 May 2020 19:49:21 +0000 (21:49 +0200)]
mac80211: Fix build on mpc85xx target
This fixes the following compile error seen on the mpc85xx target:
CC [M] /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o
In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89:
/builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t'
typedef _Addr ptrdiff_t;
^~~~~~~~~
In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4,
from ./include/linux/list.h:5,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3,
from ./include/linux/module.h:9,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3,
from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79:
./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here
typedef __kernel_ptrdiff_t ptrdiff_t;
^~~~~~~~~
scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed
Fixes: 289c6324259e ("mac80211: Update to version 5.7-rc3-1") Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Running your firewall's "wan" zone in REJECT zone (1) exposes the
presence of the router, (2) depending on the sophistication of
fingerprinting tools might identify the OS and release running on
the firewall which then identifies known vulnerabilities with it
and (3) perhaps most importantly of all, your firewall can be
used in a DDoS reflection attack with spoofed traffic generating
ICMP Unreachables or TCP RST's to overwhelm a victim or saturate
his link.
This rule, when enabled, allows traceroute to work even when the
default input policy of the firewall for the wan zone has been
set to DROP.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Some BCM63xx NAND devices require a specific JFFS2 partition tag to verify
the JFFS2 partition validity:
u32 part_id;
u32 part_size;
u16 flags;
char part_name[33];
char part_version[21];
u32 part_crc32;
Daniel Golle [Thu, 21 May 2020 09:15:46 +0000 (10:15 +0100)]
hostapd: bring back mesh patches
Bring back 802.11s mesh features to the level previously available
before the recent hostapd version bump. This is mostly to support use
of 802.11s on DFS channels, but also making mesh forwarding
configurable which is crucial for use of 802.11s MAC with other routing
protocols, such as batman-adv, on top.
While at it, fix new compiler warning by adapting 700-wifi-reload.patch
to upstream changes, now building without any warnings again.
Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed") Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This version has the various slew of bug fixes and compat fixes and
such, but the most interesting thing from an OpenWRT perspective is that
WireGuard now plays nicely with cake and fq_codel. I'll be very
interested to hear from OpenWRT users whether this makes a measurable
difference. Usual set of full changes follows.
This release aligns with the changes I sent to DaveM for 5.7-rc7 and were
pushed to net.git about 45 minutes ago.
* qemu: use newer iproute2 for gcc-10
* qemu: add -fcommon for compiling ping with gcc-10
These enable the test suite to compile with gcc-10.
* noise: read preshared key while taking lock
Matt noticed a benign data race when porting the Linux code to OpenBSD.
* queueing: preserve flow hash across packet scrubbing
* noise: separate receive counter from send counter
WireGuard now works with fq_codel, cake, and other qdiscs that make use of
skb->hash. This should significantly improve latency spikes related to
buffer bloat. Here's a before and after graph from some data Toke measured:
https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png
* compat: support RHEL 8 as 8.2, drop 8.1 support
* compat: support CentOS 8 explicitly
* compat: RHEL7 backported the skb hash renamings
The usual RHEL churn.
* compat: backport renamed/missing skb hash members
The new support for fq_codel and friends meant more backporting work.
* compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4
The main motivation for releasing this now: three stable kernels were released
at the same time, with a patch that necessitated updating in our compat layer.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Petr Štetiar [Mon, 4 May 2020 08:14:32 +0000 (10:14 +0200)]
hostapd: disable support for Wired Equivalent Privacy by default
Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional
build parameter") has made WEP functionality an optional build parameter
disabled as default, because WEP should not be used for anything
anymore. As a step towards removing it completely, they moved all WEP
related functionality behind CONFIG_WEP blocks and disabled it by
default.
This functionality is subject to be completely removed in a future
release.
So follow this good security advice, deprecation notice and disable WEP
by default, but still allow custom builds with WEP support via
CONFIG_WPA_ENABLE_WEP config option till upstream removes support for
WEP completely.
Bump package to latest upstream Git HEAD which is commit dd2daf0848ed
("HE: Process HE 6 GHz band capab from associating HE STA"). Since last
update there was 1238 commits done in the upstream tree with 618 files
changed, 53399 insertions, 24928 deletions.
I didn't bothered to rebase mesh patches as the changes seems not
trivial and I don't have enough knowledge of those parts to do/test that
properly, so someone else has to forward port them, ideally upstream
them so we don't need to bother anymore. I've just deleted them for now:
projects / thirdparty / openwrt.git / log
