Nanako/openwrt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Nanako:v19.07.4
Branches Tags
Nanako:main Nanako:openwrt-24.10 Nanako:openwrt-23.05 Nanako:master Nanako:openwrt-22.03 Nanako:openwrt-21.02 Nanako:openwrt-19.07 Nanako:openwrt-18.06 Nanako:lede-17.01
Nanako:v24.10.0 Nanako:v24.10.0-rc7 Nanako:v24.10.0-rc6 Nanako:v24.10.0-rc5 Nanako:v24.10.0-rc4 Nanako:v24.10.0-rc3 Nanako:v24.10.0-rc2 Nanako:v24.10.0-rc1 Nanako:v23.05.5 Nanako:v22.03.7 Nanako:v23.05.4 Nanako:v23.05.3 Nanako:v22.03.6 Nanako:v23.05.2 Nanako:v23.05.1 Nanako:v23.05.0 Nanako:v23.05.0-rc4 Nanako:v23.05.0-rc3 Nanako:v23.05.0-rc2 Nanako:v23.05.0-rc1 Nanako:v21.02.7 Nanako:v22.03.5 Nanako:v21.02.6 Nanako:v22.03.4 Nanako:v22.03.3 Nanako:v21.02.5 Nanako:v22.03.2 Nanako:v22.03.1 Nanako:v21.02.4 Nanako:v22.03.0 Nanako:v22.03.0-rc6 Nanako:v22.03.0-rc5 Nanako:v22.03.0-rc4 Nanako:v22.03.0-rc3 Nanako:v22.03.0-rc2 Nanako:v22.03.0-rc1 Nanako:v21.02.3 Nanako:v19.07.10 Nanako:v19.07.9 Nanako:v21.02.2 Nanako:v21.02.1 Nanako:v21.02.0 Nanako:v21.02.0-rc4 Nanako:v19.07.8 Nanako:v21.02.0-rc3 Nanako:v21.02.0-rc2 Nanako:v21.02.0-rc1 Nanako:v19.07.7 Nanako:v19.07.6 Nanako:v19.07.5 Nanako:v18.06.9 Nanako:v19.07.4 Nanako:v19.07.3 Nanako:v19.07.2 Nanako:v18.06.8 Nanako:v18.06.7 Nanako:v19.07.1 Nanako:v19.07.0 Nanako:v18.06.6 Nanako:v19.07.0-rc2 Nanako:v18.06.5 Nanako:v19.07.0-rc1 Nanako:v18.06.4 Nanako:v18.06.3 Nanako:v17.01.7 Nanako:v18.06.2 Nanako:v17.01.6 Nanako:v18.06.1 Nanako:v18.06.0 Nanako:v17.01.5 Nanako:v18.06.0-rc2 Nanako:v18.06.0-rc1 Nanako:v17.01.4 Nanako:v17.01.3 Nanako:v17.01.2 Nanako:v17.01.1 Nanako:v17.01.0 Nanako:v17.01.0-rc2 Nanako:v17.01.0-rc1 Nanako:reboot
..
compare: Nanako:v19.07.7
Branches Tags
Nanako:openwrt-24.10 Nanako:openwrt-23.05 Nanako:main Nanako:master Nanako:openwrt-22.03 Nanako:openwrt-21.02 Nanako:openwrt-19.07 Nanako:openwrt-18.06 Nanako:lede-17.01
Nanako:v24.10.0 Nanako:v24.10.0-rc7 Nanako:v24.10.0-rc6 Nanako:v24.10.0-rc5 Nanako:v24.10.0-rc4 Nanako:v24.10.0-rc3 Nanako:v24.10.0-rc2 Nanako:v24.10.0-rc1 Nanako:v23.05.5 Nanako:v22.03.7 Nanako:v23.05.4 Nanako:v23.05.3 Nanako:v22.03.6 Nanako:v23.05.2 Nanako:v23.05.1 Nanako:v23.05.0 Nanako:v23.05.0-rc4 Nanako:v23.05.0-rc3 Nanako:v23.05.0-rc2 Nanako:v23.05.0-rc1 Nanako:v21.02.7 Nanako:v22.03.5 Nanako:v21.02.6 Nanako:v22.03.4 Nanako:v22.03.3 Nanako:v21.02.5 Nanako:v22.03.2 Nanako:v22.03.1 Nanako:v21.02.4 Nanako:v22.03.0 Nanako:v22.03.0-rc6 Nanako:v22.03.0-rc5 Nanako:v22.03.0-rc4 Nanako:v22.03.0-rc3 Nanako:v22.03.0-rc2 Nanako:v22.03.0-rc1 Nanako:v21.02.3 Nanako:v19.07.10 Nanako:v19.07.9 Nanako:v21.02.2 Nanako:v21.02.1 Nanako:v21.02.0 Nanako:v21.02.0-rc4 Nanako:v19.07.8 Nanako:v21.02.0-rc3 Nanako:v21.02.0-rc2 Nanako:v21.02.0-rc1 Nanako:v19.07.7 Nanako:v19.07.6 Nanako:v19.07.5 Nanako:v18.06.9 Nanako:v19.07.4 Nanako:v19.07.3 Nanako:v19.07.2 Nanako:v18.06.8 Nanako:v18.06.7 Nanako:v19.07.1 Nanako:v19.07.0 Nanako:v18.06.6 Nanako:v19.07.0-rc2 Nanako:v18.06.5 Nanako:v19.07.0-rc1 Nanako:v18.06.4 Nanako:v18.06.3 Nanako:v17.01.7 Nanako:v18.06.2 Nanako:v17.01.6 Nanako:v18.06.1 Nanako:v18.06.0 Nanako:v17.01.5 Nanako:v18.06.0-rc2 Nanako:v18.06.0-rc1 Nanako:v17.01.4 Nanako:v17.01.3 Nanako:v17.01.2 Nanako:v17.01.1 Nanako:v17.01.0 Nanako:v17.01.0-rc2 Nanako:v17.01.0-rc1 Nanako:reboot

98 Commits
v19.07.4 ... v19.07.7

Author SHA1 Message Date
Hauke Mehrtens
d5ae565873 OpenWrt v19.07.7: adjust config defaults 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-02-16 23:30:28 +01:00
Koen Vandeputte
c4a6851c72 kernel: bump 4.14 to 4.14.221 
Refreshed all patches.

Remove upstreamed hunk in:
- 302-dts-support-layerscape.patch

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2021-02-15 16:22:37 +01:00
Baptiste Jonglez
f8b849103d ramips: ethernet: Disable TSO support to improve stability 
Stability of this Ethernet driver has been a long-standing issue, with
many people reporting frequent "transmit queue timeouts" and even
occasional crashes.

Disabling TSO in the driver helps with stability, although it is likely a
workaround and might not fix the issue completely.

There is a slight slowdown in forwarding performance for TCP packets
(75 kpps vs. 80 kpps with comparable CPU utilization), but this is still
enough to forward close to 1 Gbit/s of full-sized packets across multiple
flows.

Master is using a different ethernet driver, so this is not a backport.
Because of this different driver, the upcoming 21.02 release does not seem
to be affected by these stability issues.

Thanks to mrakotiq for the initial patch.

Fixes: FS#2628
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
 2021-02-15 10:12:59 +01:00
David Bauer
fec1aa6dfb mt76: update to the latest version 
5c768de mt76: mt76x0: disable GTK offloading

Signed-off-by: David Bauer <mail@david-bauer.net>
 2021-02-15 01:21:54 +01:00
Kurt Roeckx
224fa47bf9 ramips: mark toggle input on EX6150 as a switch 
The Netgear EX6150 has an Access Point/Extender switch. Set it as
an EV_SW. Otherwise when it's set to Access Point, it will trigger
failsafe mode during boot.

Fixes: FS#3590
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
(cherry picked from commit 539966554d)
 2021-02-15 00:02:23 +01:00
Hauke Mehrtens
3a05aa17db mac80211: Remove 357-mac80211-optimize-skb-resizing.patch 
This patch was adapted to apply on top of some stable changes, but we
are not sure if this is working correctly. Felix suggested to remove
this patch for now.

Fixes: 0a59e2a76e ("mac80211: Update to version 4.19.161-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-02-14 20:27:50 +01:00
Stijn Segers
171d8bce0c ramips: remove factory image for TP-Link Archer C2 v1 
Initial commit 8375623a06 ("ramips: add support for TP-Link Archer
C2") contains detailed installation instructions, which do not mention
a factory image. From what I can see, no support to install OpenWrt
through the vendor web interface has been added since. The factory
image is also conspicuously absent from the device page in the wiki.
Yet, it is available for download.

I bricked my Archer C2 loading the factory image through the web UI.
Serial showed this error during bootloop:

  Uncompressing Kernel Image ... LZMA ERROR 1 - must RESET board to recover

This patch disables the undocumented factory image so users won't get
tricked into thinking easy web UI flashing actually works.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
(backported from commit ad5e29d38a)
 2021-02-14 18:56:05 +01:00
Adrian Schmutzler
2eb8444363 ath79: fix USB power GPIO for TP-Link TL-WR810N v1 
The TP-Link TL-WR810N v1 is known to cause soft-brick on ath79 and
work fine for ar71xx [1]. On closer inspection, the only apparent
difference is the GPIO used for the USB regulator, which deviates
between the two targets.

This applies the value from ar71xx to ath79.

Tested successfully by a forum user.

[1] https://forum.openwrt.org/t/tp-link-tl-wr810n-v1-ath79/48267

Fixes: cdbf2de777 ("ath79: Add support for TP-Link WR810N")
Fixes: FS#3522

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6934d30cf8)
 2021-02-12 00:02:05 +01:00
Hauke Mehrtens
d5a8e85878 wolfssl: Backport fix for CVE-2021-3336 
This should fix CVE-2021-3336:
DoTls13CertificateVerify in tls13.c in wolfSSL through 4.6.0 does not
cease processing for certain anomalous peer behavior (sending an
ED22519, ED448, ECC, or RSA signature without the corresponding
certificate).

The patch is backported from the upstream wolfssl development branch.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1f559cafe5)
 2021-02-10 00:23:45 +01:00
Daniel González Cabanelas
cf5e5204d9 bcm63xx: sprom: override the PCI device ID 
The PCI device ID detected by the wifi drivers on devices using a fallback
SPROM is wrong. Currently the chipnum is used for this parameter.

Most SSB based Broadcom wifi chips are 2.4 and 5GHz capable. But on
devices without a physical SPROM, the only one way to detect if the device
suports both bands or only the 5GHz band, is by reading the device ID from
the fallback SPROM.

In some devices, this may lead to a non working wifi on a 5GHz-only card,
or in the best case a working 2.4GHz-only in a dual band wifi card.

The offset for the deviceid in SSB SPROMs is 0x0008, whereas in BCMA is
0x0060. This is true for any SPROM version.

Override the PCI device ID with the one defined at the fallback SPROM, to
detect the correct wifi card model and allow using the 5GHz band if
supported.

The patch has been tested with the following wifi radios:

BCM43222: b43: both 2.4/5GHz working
          brcm-wl: both 2.4/5GHz working

BCM43225: b43: 2.4GHz, working
	 brcmsmac: working
	 brcm-wl: it lacks support

BCM43217: b43: 2.4GHz, working
	 brcmsmac: it lacks support
	 brcm-wl: it lacks support

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>

Backported from a0e0e621ca
 2021-02-07 19:08:08 +01:00
Koen Vandeputte
4465b44fc1 kernel: bump 4.14 to 4.14.219 
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2021-02-05 09:30:47 +01:00
Daniel González Cabanelas
4b9ade65ec bcm63xx: R5010UNv2: fix flash partitions for 16MB flash 
The router Nucom R5010UN v2 has the partitions defined for a 8MB flash,
but the flash chip is 16MB size. We are wasting half of the flash.

Fix it and use generic names for partitions.

Fixes: 474cde6123 ("brcm63xx: probe SPI flash through DT")

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
(cherry picked from commit cef9e5a49f)
 2021-02-04 22:19:13 +01:00
Daniel Golle
ab9cb390be hostapd: fix P2P group information processing vulnerability 
A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners.
This issue was discovered by fuzz testing of wpa_supplicant by Google's
OSS-Fuzz.

https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[added the missing patch]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit 7c8c4f1be6)
 2021-02-04 09:19:29 +01:00
Baptiste Jonglez
1e90091c5d opkg: update to latest git HEAD of branch openwrt-19.07 
c5dccea libopkg: fix md5sum calculation
7cad0c0 opkg_verify_integrity: better logging and error conditions
14d6480 download: purge cached packages that have incorrect checksum
456efac download: factor out the logic for building cache filenames
b145030 libopkg: factor out checksum and size verification
74bac7a download: remove compatibility with old cache naming scheme

Fixes: FS#2690

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
 2021-02-03 22:37:31 +01:00
Koen Vandeputte
312c05611b kernel: bump 4.14 to 4.14.218 
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2021-02-02 11:52:31 +01:00
Felix Fietkau
3100649458 wolfssl: enable HAVE_SECRET_CALLBACK 
Fixes wpad-wolfssl build

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit 55e23f2c02)
 2021-02-02 10:09:37 +01:00
Hauke Mehrtens
e9d2aa9dc6 wolfssl: Fix hostapd build with wolfssl 4.6.0 
This fixes the following build problem in hostapd:
mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_add':
<artificial>:(.text.crypto_ec_point_add+0x170): undefined reference to `ecc_projective_add_point'
mipsel-openwrt-linux-musl/bin/ld: <artificial>:(.text.crypto_ec_point_add+0x18c): undefined reference to `ecc_map'
mipsel-openwrt-linux-musl/bin/ld: /builder/shared-workdir/build/tmp/ccN4Wwer.ltrans7.ltrans.o: in function `crypto_ec_point_to_bin':
<artificial>:(.text.crypto_ec_point_to_bin+0x40): undefined reference to `ecc_map'

Fixes: ba40da9045 ("wolfssl: Update to v4.6.0-stable")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e7d0d2e9dc)
 2021-02-02 10:09:19 +01:00
Eneas U de Queiroz
2044c01de8 wolfssl: Update to v4.6.0-stable 
This version fixes a large number of bugs and fixes CVE-2020-36177.

Full changelog at:
https://www.wolfssl.com/docs/wolfssl-changelog/
or, as part of the version's README.md:
https://github.com/wolfSSL/wolfssl/blob/v4.6.0-stable/README.md

Due a number of API additions, size increases from 374.7K to 408.8K for
arm_cortex_a9_vfpv3-d16.  The ABI does not change from previous version.

Backported patches were removed; remaining patch was refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
[added reference to CVE]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ba40da9045)
 2021-02-02 10:08:11 +01:00
Petr Štetiar
5ac0b2b431 mvebu: omnia: make initramfs image usable out of the box 
Currently it's not possible to boot the device with just initramfs image
without additional effort as the initramfs image doesn't contain device
tree.  Fix it by producing FIT based image which could be booted with
following commands:

 setenv bootargs earlyprintk console=ttyS0,115200
 tftpboot ${kernel_addr_r} openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs-kernel.bin
 bootm ${kernel_addr_r}

Acked-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tmn505@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry-picked from commit 337ff74894)
 2021-02-02 10:06:04 +01:00
David Bauer
a7a207e18b mt76: update to the latest version 
4ba1709 mt76: mt7603: add additional EEPROM chip ID

Signed-off-by: David Bauer <mail@david-bauer.net>
 2021-02-01 13:09:37 +01:00
Hauke Mehrtens
1ce5008597 wireguard: Fix compile with kernel 4.14.217 
Backport a patch from wireguard to fix a compile problem with kernel
4.14.217.

Fixes: 2ecb22dc51 ("kernel: bump 4.14 to 4.14.217")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-29 21:12:43 +01:00
Hauke Mehrtens
2ecb22dc51 kernel: bump 4.14 to 4.14.217 
Refreshed all patches.

Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-25 23:18:42 +01:00
Hauke Mehrtens
11f4918ebb dnsmasq: backport fixes 
This should fix some error messages shown in the log like this one:
dnsmasq[16020]: failed to send packet: Network unreachable
dnsmasq[16020]: failed to send packet: Address family not supported by protocol

Fixes: e87c0d934c ("dnsmasq: Update to version 2.83")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-24 17:42:53 +01:00
Hans Dedecker
9999c87d3a netifd: fix IPv6 routing loop on point-to-point links 
753c351 interface-ip: add unreachable route if address is offlink

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
 2021-01-21 21:06:20 +01:00
Hans Dedecker
250dbb3a60 odhcp6c: fix IPv6 routing loop on point-to-point links 
64e1b4e ra: fix routing loop on point to point links
f16afb7 ra: align ifindex resolving

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
 2021-01-21 21:06:20 +01:00
Koen Vandeputte
d816c6cd31 kernel: bump 4.14 to 4.14.216 
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2021-01-21 15:36:18 +01:00
Paul Spooren
c21d59dc11 imagebuilder: pass IB=1 on checking requirements 
The patch 4a1a58a3  build, imagebuilder: Do not require libncurses-dev
was supposed to remove libncurses as a requirement for the ImageBuilder.
However as the IB=1 is only exported during building, not for checking
requirements, it did never actually work.

This commit export IB=1 to the requirement check.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 4f38063640)
 2021-01-19 12:59:49 -10:00
Hauke Mehrtens
6fc02f2a45 OpenWrt v19.07.6: revert to branch defaults 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-19 15:12:28 +01:00
Hauke Mehrtens
b12284a14c OpenWrt v19.07.6: adjust config defaults 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-19 15:12:19 +01:00
Hauke Mehrtens
8055e38794 dnsmasq: Backport some security updates 
This fixes the following security problems in dnsmasq:
* CVE-2020-25681:
  Dnsmasq versions before 2.83 is susceptible to a heap-based buffer
  overflow in sort_rrset() when DNSSEC is used. This can allow a remote
  attacker to write arbitrary data into target device's memory that can
  lead to memory corruption and other unexpected behaviors on the target
  device.
* CVE-2020-25682:
  Dnsmasq versions before 2.83 is susceptible to buffer overflow in
  extract_name() function due to missing length check, when DNSSEC is
  enabled. This can allow a remote attacker to cause memory corruption
  on the target device.
* CVE-2020-25683:
  Dnsmasq version before 2.83 is susceptible to a heap-based buffer
  overflow when DNSSEC is enabled. A remote attacker, who can create
  valid DNS replies, could use this flaw to cause an overflow in a heap-
  allocated memory. This flaw is caused by the lack of length checks in
  rtc1035.c:extract_name(), which could be abused to make the code
  execute memcpy() with a negative size in get_rdata() and cause a crash
  in Dnsmasq, resulting in a Denial of Service.
* CVE-2020-25684:
  A lack of proper address/port check implemented in Dnsmasq version <
  2.83 reply_query function makes forging replies easier to an off-path
  attacker.
* CVE-2020-25685:
  A lack of query resource name (RRNAME) checks implemented in Dnsmasq's
  versions before 2.83 reply_query function allows remote attackers to
  spoof DNS traffic that can lead to DNS cache poisoning.
* CVE-2020-25686:
  Multiple DNS query requests for the same resource name (RRNAME) by
  Dnsmasq versions before 2.83 allows for remote attackers to spoof DNS
  traffic, using a birthday attack (RFC 5452), that can lead to DNS
  cache poisoning.
* CVE-2020-25687:
  Dnsmasq versions before 2.83 is vulnerable to a heap-based buffer
  overflow with large memcpy in sort_rrset() when DNSSEC is enabled. A
  remote attacker, who can create valid DNS replies, could use this flaw
  to cause an overflow in a heap-allocated memory. This flaw is caused
  by the lack of length checks in rtc1035.c:extract_name(), which could
  be abused to make the code execute memcpy() with a negative size in
  sort_rrset() and cause a crash in dnsmasq, resulting in a Denial of
  Service.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-19 14:10:02 +01:00
Hauke Mehrtens
733e62a8e1 uboot-at91: Add PKG_MIRROR_HASH to fix download 
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 20a7c9d5c9)
 2021-01-18 22:13:08 +01:00
Hauke Mehrtens
53814dadaf at91bootstrap: Add PKG_MIRROR_HASH to fix download 
The referenced commit is gone, but we already have this file on our
mirror, use that one by providing the correct mirror hash.

I generated a tar.xz file with the given git commit hash using a random
fork on github and it generated the same tar.xz file as found on our
mirror so this looks correct.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit a141e7a00e)
 2021-01-18 22:12:21 +01:00
Rosen Penev
e30d3ea95f mbedtls: update to 2.16.9 
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f13b623f5e)
 2021-01-18 01:42:26 +01:00
Hauke Mehrtens
c7b9c85819 kernel: bump 4.14 to 4.14.215 
Refreshed all patches.

Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-17 17:21:00 +01:00
Hauke Mehrtens
c9388fa986 kernel: bump 4.14 to 4.14.214 
Refreshed all patches.

Removed patches because included in upstream:
- 499-mtd-parser-cmdline-Fix-parsing-of-part-names-with-co.patch
- 0071-2-PCI-qcom-Fixed-IPQ806x-PCIE-reset-changes.patch

Compile-tested on: ipq40xx, lantiq/xrx200, x86/64, ipq806x
Runtime-tested on: ipq40xx, lantiq/xrx200, x86/64

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-12 23:55:26 +01:00
Hauke Mehrtens
e290024717 glibc: update to latest 2.27 commit 
daf88b1dd1 Add NEWS entry for CVE-2020-6096 (bug 25620)
b29853702e arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
bad8d5ff60 arm: CVE-2020-6096: fix memcpy and memmove for negative length [BZ #25620]
d64ad0a517 Fix use-after-free in glob when expanding ~user (bug 25414)
34ce87638c Fix array overflow in backtrace on PowerPC (bug 25423)
0df8ecff9e misc/test-errno-linux: Handle EINVAL from quotactl
26f5442ec1 <string.h>: Define __CORRECT_ISO_CPP_STRING_H_PROTO for Clang [BZ #25232]
4b64a4245c intl/tst-gettext: fix failure with newest msgfmt
dc7f51bda9 aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798]
8edc96aa33 aarch64: add HWCAP_ATOMICS to HWCAP_IMPORTANT
599ebfacc0 aarch64: Remove HWCAP_CPUID from HWCAP_IMPORTANT

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2021-01-01 14:31:49 +01:00
Paul Spooren
2c37993c8a build/prereq: merge ifndef IB block together 
Multiple prereq checks are only required within the build system but not
for the ImageBuilder. These checks are excluded by using ifndef IB.

This commit merges the three ifndef IB blocks together.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit cc9d5b5a48)
 2020-12-31 09:33:07 -10:00
Sven Roederer
79b1fa1702 build, imagebuilder: Do not require compilers 
The buildroot and SDK both require the compilers (gcc, g++) to be
installed on the host system, however the ImageBuilder uses precompiled
binaries.

This patch changes the prerequirements checks to skip the checking for
the compilers if running as ImageBuilder. A similar change has been
made for libncurses-dev in 4a1a58a3e2.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Acked-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit ae12a747ca)
 2020-12-31 09:32:33 -10:00
Paul Spooren
58138df2d5 build, imagebuilder: Do not require libncurses-dev 
The buildroot and SDK both require `libncurses-dev` to be installed on
the system, however the ImageBuilder uses precompiled binaries.

This patch changes the prerequirements checks to skip the
`libncurses-dev` part if running as ImageBuilder.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 4a1a58a3e2)
 2020-12-31 09:31:54 -10:00
Paul Spooren
42e478eb0d build/json: add filesystem information 
Some images are created using different filesystems, most popular
squashfs and ext4. To allow downstream projects to distinguesh between
those, add the `filesystem` information to created json files.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit bc0ffff36a)
 2020-12-17 11:16:36 -10:00
Petr Štetiar
b14eeccdfe ath79: image: fix initramfs for safeloader devices 
Currently it's not possible to tftpboot initramfs image on archer-c7-v5
as the image contains tplink-v1-header which leads to:

 ath> bootm
 ## Booting image at 81000000 ...
 Bad Magic Number

as U-Boot expects uImage wrapped image. This is caused by following
inheritance issue:

  define Device/Init
    KERNEL_INITRAMFS = $$(KERNEL)

  define Device/tplink-v1
    KERNEL := kernel-bin | append-dtb | lzma
    KERNEL_INITRAMFS := kernel-bin | append-dtb | lzma | tplink-v1-header

  define Device/tplink-safeloader
    $(Device/tplink-v1)

  define Device/tplink-safeloader-uimage
    $(Device/tplink-safeloader)
    KERNEL := kernel-bin | append-dtb | lzma | uImageArcher lzma

  define Device/tplink_archer-c7-v5
    $(Device/tplink-safeloader-uimage)

where tplink-v1 defines KERNEL_INITRAMFS with tplink-v1-header and it's
then used by all devices inheriting from tplink-safeloader. Fix this by
overriding KERNEL_INITRAMFS to KERNEL variable again.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit ceeece9ffa)
 2020-12-17 15:51:43 +01:00
Hauke Mehrtens
cb58c7fe73 kernel: bump 4.14 to 4.14.212 
Refreshed all patches.

Removed patches because included in upstream:
- 315-v5.10-usbnet-ipeth-fix-connectivity-with-ios-14.patch

Compile-tested on: ipq40xx, ath79, x86/64
Runtime-tested on: ipq40xx, ath79

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-12-16 22:23:52 +01:00
Hauke Mehrtens
fb52c40531 wireless-regdb: Update to version 2020.11.20 
9efa1da wireless-regdb: update regulatory rules for Egypt (EG)
ede87f5 wireless-regdb: restore channel 12 & 13 limitation in the US
5bcafa3 wireless-regdb: Update regulatory rules for Croatia (HR)
4e052f1 wireless-regdb: Update regulatory rules for Pakistan (PK) on 5GHz
f9dfc58 wireless-regdb: update 5.8 GHz regulatory rule for GB
c19aad0 wireless-regdb: Update regulatory rules for Kazakhstan (KZ)
07057d3 wireless-regdb: update regulatory database based on preceding changes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 94d1b2508c)
 2020-12-16 22:23:52 +01:00
Petr Štetiar
7711a5906a wireless-regdb: bump to latest release 2020-04-29 
Update to latest release.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 493eef5b27)
 2020-12-16 21:32:27 +01:00
Eneas U de Queiroz
c03f018220 openssl: update to 1.1.1i 
Fixes: CVE-2020-1971, defined as high severity, summarized as:
NULL pointer deref in GENERAL_NAME_cmp function can lead to a DOS
attack.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 882ca13d92)
 2020-12-16 21:31:52 +01:00
Hauke Mehrtens
0a59e2a76e mac80211: Update to version 4.19.161-1 
The removed patches were applied upstream.

The changes to 357-mac80211-optimize-skb-resizing.patch are more
complex. I think the patch already took care of the new changes done
upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-12-11 20:20:16 +01:00
Davide Fioravanti
3f5fecfd33 ramips: enable LED VCC for Asus RT-AC51U 
Previously only the power LED was working.
With this patch all leds except 5GHz are working.

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
[rephrased commit title, drop status property]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 67d019ac94)
 2020-12-10 13:41:10 +01:00
David Bauer
d0b8be75ff generic: ipeth: fix iOS 14 tethering 
This fixes tethering with devices using iOS 14. Prior to this patch,
connections to remote endpoints were not possible while data transfers
between the OpenWrt device and the iOS endpoints worked fine.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit f64496f30f)
 2020-12-07 04:21:14 +01:00
Hauke Mehrtens
bdc2f19f9d OpenWrt v19.07.5: revert to branch defaults 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-12-07 00:51:12 +01:00
Hauke Mehrtens
c37eb9a9f9 OpenWrt v19.07.5: adjust config defaults 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-12-07 00:51:00 +01:00
Andre Heider
5090152ae3 tools: always create $STAGING_DIR/usr/{include,lib} 
rules.mk always passes these as -I/-L to the toolchain.

Fixes rare errors like:
cc1: error: staging_dir/target-aarch64_cortex-a53_musl/usr/include: No such file or directory [-Werror=missing-include-dirs]

Signed-off-by: Andre Heider <a.heider@gmail.com>
Acked-by: Paul Spooren <mail@aparcar.org>
Acked-by: Rosen Penev <rosenp@gmail.com>
[fixed merge conflict]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b0cb305236)
 2020-12-06 08:31:03 +01:00
Petr Štetiar
d830403133 toolchain: kernel-headers: kernel Git tree mirror hash 
Allow setting of mirror hash for Git kernel tree.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 796d51834c)
 2020-12-05 20:50:19 +01:00
Petr Štetiar
8c2bb1d9b6 toolchain: kernel-headers: fix check target for kernel Git tree 
Currently the check target fails if the kernel Git tree is used:

 $ make toolchain/kernel-headers/{download,check}

  make[2]: Entering directory 'toolchain/kernel-headers'
  Makefile:105: *** ERROR: Unknown pack format for file openwrt/tmp/dl/.  Stop.
  make[2]: Leaving directory 'toolchain/kernel-headers'
  toolchain/Makefile💯 recipe for target 'toolchain/kernel-headers/check' failed

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit bb7ba6b6a8)
 2020-12-05 20:50:19 +01:00
Petr Štetiar
a47caacaf3 download.pl: properly cleanup intermediate .hash file 
It seems like after a build the /dl dir seems to now contain a .hash
file for each source file due to inproper cleanup so fix it by removing
those intermediate files before leaving the download action.

Fixes: 4e19cbc553 ("download: handle possibly invalid local tarballs")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 52a5d0d27f)
 2020-12-05 20:50:19 +01:00
Petr Štetiar
605adb1023 download: handle possibly invalid local tarballs 
Currently it's assumed, that already downloaded tarballs are always
fine, so no checksum checking is performed and the tarball is used even
if it might be corrupted.

From now on, we're going to always check the downloaded tarballs before
considering them valid.

Steps to reproduce:

 1. Remove cached tarball

   rm dl/libubox-2020-08-06-9e52171d.tar.xz

 2. Download valid tarball again

   make package/libubox/download

 3. Invalidate the tarball

   sed -i 's/PKG_MIRROR_HASH:=../PKG_MIRROR_HASH:=ff/' package/libs/libubox/Makefile

 4. Now compile with corrupt tarball source

   make package/libubox/{clean,compile}

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 4e19cbc553)
 2020-12-05 20:50:19 +01:00
Petr Štetiar
5abe989475 cmake.mk,rules.mk: fix host builds using CMake and ccache 
Commit f98878e4c1 ("cmake.mk: set C/CXX compiler for host builds as
well") has introduced regression as it didn't taken usage of ccache into
the account so fix it by handling ccache use cases as well.

In order to get this working we need to export HOSTCXX_NOCACHE in
rules.mk as well.

Fixes: f98878e4c1 ("cmake.mk: set C/CXX compiler for host builds as well")
Reported-by: Ansuel Smith <ansuelsmth@gmail.com>
Tested-by: Ansuel Smith <ansuelsmth@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 524fb5646e)
 2020-12-05 20:50:19 +01:00
Rosen Penev
77734ce82a cmake.mk: set C/CXX compiler for host builds as well 
Without this, cmake will use whatever CC/CXX is set to, which could be
clang. In that case, at least libjson-c/host will fail to compile.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f98878e4c1)
 2020-12-05 20:50:19 +01:00
Klaus Kudielka
ebe8cc2b2a mvebu: fixup Turris Omnia U-Boot environment 
Fixup dfa357a3de "mvebu: base-files: Update Turris Omnia U-Boot
environment" which should have included this file as well.

By rebasing the initial patch this file somehow disappeared.

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
Tested-by: Klaus Kudielka <klaus.kudielka@gmail.com> (Turris Omnia)
[explain fixup in commit message]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(backported from commit 485ce5bbe5)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
 2020-12-04 17:57:25 +01:00
Klaus Kudielka
f10332c292 mvebu: base-files: Update Turris Omnia U-Boot environment 
Move the update procedure from sysupgrade to first boot, which is much
more convenient in the sysupgrade case (otherwise the environment is
always one generation behind).

Check whether we have an old U-Boot release installed, and update the
environment only if necessary.

Some notes on the U-Boot environment:

The first 9 lines are a copy of the default environment of the old U-Boot
release - only modified, to run "distro_bootcmd", in case "mmcboot" fails
to boot the factory OS.

The remaining 16 lines are a backport of the default environment of the
new U-Boot release (shipped with CZ11NIC23). The main entry point is
"distro_bootcmd", which eventually sources boot.scr. This way, we have
a unified boot protocol for all Turris Omnia revisions so far.

This commit also fixes a shortcoming of previous Turris Omnia support:

Users may install OpenWrt with the Turris Omnia in factory state
(i.e. invalid environment store). In that case, neither fw_setenv, nor
U-Boot itself, would import the default environment from the image -
screwing up the rescue system, at least!

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
Tested-by: Klaus Kudielka <klaus.kudielka@gmail.com> (Turris Omnia)
(cherry picked from commit dfa357a3de)
 2020-12-04 17:57:25 +01:00
Klaus Kudielka
ca1ee39854 mvebu: Add turris-omnia.bootscript 
In contrast to the U-Boot version shipped with older versions of Turris
Omnia (CZ11NIC13, CZ11NIC20), the version shipped with Turris Omnia 2019
(CZ11NIC23) relies on the existence of /boot.scr.

Consequently, add a suitable boot script to the sysupgrade image.

Flash instructions for Turris Omnia 2019:
- Download openwrt-...-sysupgrade.img.gz, gunzip it, and copy the resulting
  .img file to the root of a USB flash drive (FAT32 or ext2/3/4).
- Enter a rescue shell: Either via 5-LED reset and ssh root@192.168.1.1
  on LAN port 4, or via 7-LED reset and the serial console.
- Insert the USB drive and mount it:
  mkdir /mnt; mount /dev/sda1 /mnt
- Flash the OpenWrt image to eMMC:
  dd if=/mnt/openwrt-...-sysupgrade.img of=/dev/mmcblk0 bs=4096 conv=fsync
- Reboot.

Flash instructions using a temporary "medkit" installation were written for
the older versions of Turris Omnia, and will *not* work on the Turris Omnia
2019.

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: W. Michael Petullo <mike@flyn.org> (Turris Omnia "2020")
(cherry picked from commit afd4375a33)
 2020-12-04 17:57:25 +01:00
Klaus Kudielka
f61e053e72 uboot-envtools: mvebu: update uci defaults for Turris Omnia 
On the Turris Omnia 2019, u-boot environment is located at 0xF0000, instead
of 0xC0000. The switch happened with u-boot-omnia package version 2019-04-2
(May 10, 2019).

Check the installed u-boot release, and set the default accordingly.

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
[bump PKG_RELEASE, use lower case for hex offset]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 04d3b517dc)
 2020-12-04 17:57:25 +01:00
Kuan-Yi Li
f1525e785e kernel: backport GD25Q256 support from 4.15 
Backport below changes for GigaDevice GD25Q256 support from v4.15:

  e27072851bf7 mtd: spi-nor: add a quad_enable callback in struct flash_info
  65153846b18c mtd: spi-nor: add support for GD25Q256

This chip is used on newer Quad-E4G boards.

Before:

[    2.366493] m25p80 spi0.0: unrecognized JEDEC id bytes: c8, 40, 19
[    2.372853] m25p80: probe of spi0.0 failed with error -2

After:

[    2.371722] m25p80 spi0.0: gd25q256 (32768 Kbytes)
[    2.376694] 5 fixed-partitions partitions found on MTD device spi0.0
[    2.383043] Creating 5 MTD partitions on "spi0.0":
[    2.387824] 0x000000000000-0x000000030000 : "u-boot"
[    2.394138] 0x000000030000-0x000000031000 : "u-boot-env"
[    2.400608] 0x000000031000-0x000000040000 : "config"
[    2.406830] 0x000000040000-0x000000050000 : "factory"
[    2.413169] 0x000000050000-0x000002000000 : "firmware"

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
 2020-12-01 21:59:30 +01:00
Hauke Mehrtens
c72b7a4f0d kernel: bump 4.14 to 4.14.209 
Refreshed all patches.

Altered patches:
- 804-i2c-support-layerscape.patch

Compile-tested on: ipq40xx, ath79, layerscape/armv8_64b
Runtime-tested on: ipq40xx, ath79

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-12-01 21:57:55 +01:00
Alberto Bursi
c420f77678 wireguard-tools: fix category/description in menuconfig 
wireguard-tools is trying to import the menuconfig section
from the wireguard package, but since it's not anymore in
the same makefile this seems to fail and wireguard-tools
ends up in "extra packages" category instead with other
odds and ends.

Same for the description, it's trying to import it from the
wireguard package but it fails so it only shows the line
written in this makefile.

remove the broken imports and add manually the entries
and description they were supposed to load

Fixes: ea980fb9c6 ("wireguard: bump to 20191226")

Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
[fix trailing whitespaces, add Fixes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit a4d52522c7)
 2020-12-01 13:31:18 +01:00
David Bauer
0ce0d687de ipq40xx: disable double-tagging for PSGMII devices 
This commit disables the double tagging recently backported to 19.07.

Operating the switch on the S-Tag had the advantage of being able to
have separate VLANs for the same C-VID on LAN and WAN. However, this
broke the ability to configure C-TAG modifications on the switch. Also
performance took a significant toll.

Fixes: commit 8c19171255 ("ipq40xx: fix ethernet vlan double tagging")

Signed-off-by: David Bauer <mail@david-bauer.net>
 2020-11-30 15:27:58 +01:00
Jan Pavlinec
6703abb7ca tcpdump: patch CVE-2020-8037 
This PR backports upstream fix for CVE-2020-8037.  This fix is only
relevant for tcpdump package, tcpdump-mini is not affeted by this issue.

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 5bb3cc749e)
 2020-11-25 06:02:08 +01:00
Sven Eckelmann
b4698d87c8 kernel: mtd: parser: cmdline: Fix parsing of part-names with colons 
Some devices (especially QCA ones) are already using hardcoded partition
names with colons in it. The OpenMesh A62 for example provides following
mtd relevant information via cmdline:

  root=31:11 mtdparts=spi0.0:256k(0:SBL1),128k(0:MIBIB),384k(0:QSEE),64k(0:CDT),64k(0:DDRPARAMS),64k(0:APPSBLENV),512k(0:APPSBL),64k(0:ART),64k(custom),64k(0:KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive) rootfsname=rootfs rootwait

The change to split only on the last colon between mtd-id and partitions
will cause newpart to see following string for the first partition:

  KEYS),0x002b0000(kernel),0x00c80000(rootfs),15552k(inactive)

Such a partition list cannot be parsed and thus the device fails to boot.

Avoid this behavior by making sure that the start of the first part-name
("(") will also be the last byte the mtd-id split algorithm is using for
its colon search.

Fixes: 9c718b5478 ("kernel: bump 4.14 to 4.14.200")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
(backported from commit 223eec7e81)
 2020-11-24 09:48:48 +01:00
Petr Štetiar
193adc94d1 ar71xx,ath79: refresh 910-unaligned_access_hacks.patch 
Commit c9c7b4b394 ("kernel: add netfilter-actual-sk patch") has
touched net/ipv6/netfilter/ip6table_mangle.c which in turn has affected
910-unaligned_access_hacks.patch so the patch needs to be refreshed.

Fixes: c9c7b4b394 ("kernel: add netfilter-actual-sk patch")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
 2020-11-24 09:27:50 +01:00
Petr Štetiar
733a482733 musl: handle wcsnrtombs destination buffer overflow (CVE-2020-28928) 
The wcsnrtombs function in all musl libc versions up through 1.2.1 has
been found to have multiple bugs in handling of destination buffer
size when limiting the input character count, which can lead to
infinite loop with no forward progress (no overflow) or writing past
the end of the destination buffera.

This function is not used internally in musl and is not widely used,
but does appear in some applications. The non-input-limiting form
wcsrtombs is not affected.

All users of musl 1.2.1 and prior versions should apply the attached
patch, which replaces the overly complex and erroneous implementation.
The upcoming 1.2.2 release will adopt this new implementation.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 4d4ef1058c)
 2020-11-23 22:37:03 +01:00
Aaron Goodman
c9c7b4b394 kernel: add netfilter-actual-sk patch 
Backport of linux kernel commit 46d6c5a to 4.14 kernel.

netfilter: use actual socket sk rather than skb sk when routing harder

Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
 2020-11-23 22:34:37 +01:00
Jo-Philipp Wich
a448ad7490 uhttpd: update to 19.07 Git HEAD 
3abcc89 client: fix spurious keepalive connection timeouts

Fixes: FS#3443
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-11-20 22:53:04 +01:00
David Bauer
39c5635714 scripts: download.pl: retry download using filename 
With this commit, the download script will try downloading source files
using the filename instead of the url-filename in case the previous
download attempt using the url-filename failed.

This is required, as the OpenWrt sources mirrors serve files using the
filename files might be renamed to after downloading. If the original
mirror for a file where url-filename and filename do not match goes
down, the download failed prior to this patch.

Further improvement can be done by performing this only for the
OpenWrt sources mirrors.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit d369993898)
 2020-11-20 11:58:01 +01:00
Hauke Mehrtens
2a8279c161 layerscape: Fix check after kernel update 
The fsl_destroy_mc_io() function was moved, add the new checks to the
moved copy and not just remove it.

Fixes: ac5297340e ("kernel: bump 4.14 to 4.14.206")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-11-16 19:31:23 +01:00
Koen Vandeputte
ac5297340e kernel: bump 4.14 to 4.14.206 
Refreshed all patches.

Altered patches:
- 210-dwc2_defaults.patch
- 708-mc-bus-support-layerscape.patch

Fixes:
- CVE-2020-25656

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2020-11-16 09:35:05 +01:00
Roger Pueyo Centelles
589c3cf4e0 ath79: remove wmac mtd-mac-address for UniFi AC family 
The MAC address for the wmac 2.4 GHz radio of the Ubiquiti UniFi AC
family of devices is actually embedded in the mtd-cal-data, so there
is no need for mtd-mac-address (which was incorrectly forcing wmac
to have the same MAC as eth0). This makes it coherent with the stock
firmware and the ar71xx target:

 · XX:XX:XX:X0:XX:XX eth0
 · XX:XX:XX:X1:XX:XX ath0/wlan1 (2.4 GHz)
 · XX:XX:XX:X2:XX:XX ath1/wlan0 (5 GHz)

Checked on a UniFi AC Mesh, a UniFi AC LR and a UniFi Lite.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(cherry picked from commit 20ace70db6)
 2020-11-12 18:04:50 +01:00
Sven Roederer
2a3dbded93 feeds: add freifunk feed 
Read the freifunk packages, that have been moved from the LuCI feed
into its own feed in January 2019.
Use openwrt-19.07 branch of that repository for openwrt-19.07.

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
(cherry picked from commit 221f97ff47)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
 2020-11-11 16:35:50 +00:00
David Bauer
ad3c2b9736 ath79: use correct firmware name for UniFi AP 
The Ubiquiti UniFi AP does not have a AHB connected radio but a PCI one.
Also the EEPROM ist only 0x440 bytes of length.

Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net>
Tested-by: Martin Weinelt <martin@darmstadt.freifunk.net>
Signed-off-by: David Bauer <mail@david-bauer.net>
(backported from commit 4c5eb1040f)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
 2020-11-11 17:32:25 +01:00
David Bauer
84ae238324 ramips: fix logic level for DIR-645 buttons 
The D-Link DIR-645 currently uses an incorrect logic level for its
buttons.

Correct them in order to prevent unintentional activation of failsafe
mode.

Reported-by: Perry Melange <isprotejesvalkata@gmail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 929e8f0f55)
 2020-11-11 17:28:30 +01:00
Adrian Schmutzler
c25e3275ac ath79: fix LED labels for PowerCloud CAP324 
The order of function and color in the labels in inverted for the
LAN LEDs. Fix it.

Fixes: 915966d861 ("ath79: Port PowerCloud Systems CAP324 support")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 96023cd4ba)
 2020-11-11 17:26:52 +01:00
Hauke Mehrtens
78c4c04dd7 uci: Backport security fixes 
This packports two security fixes from master.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit f9005d4f80)
 2020-10-28 23:22:44 +01:00
Andre Heider
3af9c5fefd uboot-envtools: mvebu: fix config for mainline u-boot 
Mainline u-boot dynamically passes the mtd partitions via devicetree:
$ cat /proc/mtd
dev:    size   erasesize  name
mtd0: 003f0000 00001000 "firmware"
mtd1: 00010000 00001000 "u-boot-env"

Add support for this setup.

Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 60c9a27cbc)
 2020-10-28 23:22:44 +01:00
Andre Heider
7fbee0c7b2 mvebu: Add bootscript for espressobin to support mainline firmware 
The generic bootscript is tailored around a downstream firmware and
doesn't work on a firmware built from mainline components.

Add a bootscript which:
* sets $console since mainline u-boot doesn't do that
* uses distro boot variables, so OpenWRT can be booted off any supported
  device when using a mainline firmware
* sets missing distro boot variables for the downstream firmware

Booting with a downstream firmware is unchanged.
Booting with a mainline firmware now works.

Signed-off-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit c43b45863e)
 2020-10-28 23:22:44 +01:00
Koen Vandeputte
14903d9d8c kernel: bump 4.14 to 4.14.202 
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2020-10-21 15:34:11 +02:00
Tan Zien
03a029745f firmware: intel-microcode: update to 20200616 
intel-microcode (3.20200616.1)

  * New upstream microcode datafile 20200616
    + Downgraded microcodes (to a previously shipped revision):
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
  * Works around hangs on boot on Skylake-U/Y and Skylake Xeon E3,
  * This update *removes* the SRBDS mitigations from the above processors
  * Note that Debian had already downgraded 0x406e3 in release 3.20200609.2

intel-microcode (3.20200609.2)

  * REGRESSION FIX: 0x406e3: rollback to rev 0xd6 and document regression
    * Microcode rollbacks (closes: LP#1883002)
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
    * THIS REMOVES THE SECURITY FIXES FOR SKYLAKE-U/Y PROCESSORS
    * Avoid hangs on boot on (some?) Skylake-U/Y processors,
  * ucode-blacklist: blacklist models 0x8e and 0x9e from late-loading,
    just in case.  Note that Debian does not do late loading by itself.
    Refer to LP#1883002 for the report, 0x806ec hangs upon late load.

intel-microcode (3.20200609.1)

  * SECURITY UPDATE
    * For most processors: SRBDS and/or VRDS, L1DCES mitigations depending
      on the processor model
    * For Skylake HEDT and Skylake Xeons with signature 0x50654: VRDS and
      L1DCES mitigations, plus mitigations described in the changelog entry
      for package release 3.20191112.1.
    * Expect some performance impact, the mitigations are enabled by
      default.  A Linux kernel update will be issued that allows one to
      selectively disable the mitigations.
  * New upstream microcode datafile 20200609
    * Implements mitigation for CVE-2020-0543 Special Register Buffer Data
      Sampling (SRBDS), INTEL-SA-00320, CROSSTalk
    * Implements mitigation for CVE-2020-0548 Vector Register Data Sampling
      (VRDS), INTEL-SA-00329
    * Implements mitigation for CVE-2020-0549 L1D Cache Eviction Sampling
      (L1DCES), INTEL-SA-00329
    * Known to fix the regression introduced in release 2019-11-12 (sig
      0x50564, rev. 0x2000065), which would cause several systems with
      Skylake Xeon, Skylake HEDT processors to hang while rebooting
    * Updated Microcodes:
      sig 0x000306c3, pf_mask 0x32, 2019-11-12, rev 0x0028, size 23552
      sig 0x000306d4, pf_mask 0xc0, 2019-11-12, rev 0x002f, size 19456
      sig 0x00040651, pf_mask 0x72, 2019-11-12, rev 0x0026, size 22528
      sig 0x00040661, pf_mask 0x32, 2019-11-12, rev 0x001c, size 25600
      sig 0x00040671, pf_mask 0x22, 2019-11-12, rev 0x0022, size 14336
      sig 0x000406e3, pf_mask 0xc0, 2020-04-27, rev 0x00dc, size 104448
      sig 0x00050653, pf_mask 0x97, 2020-04-24, rev 0x1000157, size 32768
      sig 0x00050654, pf_mask 0xb7, 2020-04-24, rev 0x2006906, size 34816
      sig 0x00050656, pf_mask 0xbf, 2020-04-23, rev 0x4002f01, size 52224
      sig 0x00050657, pf_mask 0xbf, 2020-04-23, rev 0x5002f01, size 52224
      sig 0x000506e3, pf_mask 0x36, 2020-04-27, rev 0x00dc, size 104448
      sig 0x000806e9, pf_mask 0x10, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806e9, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806ea, pf_mask 0xc0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2020-04-27, rev 0x00d6, size 103424
      sig 0x000806ec, pf_mask 0x94, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906e9, pf_mask 0x2a, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906ea, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
      sig 0x000906eb, pf_mask 0x02, 2020-04-23, rev 0x00d6, size 103424
      sig 0x000906ec, pf_mask 0x22, 2020-04-27, rev 0x00d6, size 102400
      sig 0x000906ed, pf_mask 0x22, 2020-04-23, rev 0x00d6, size 103424
  * Restores the microcode-level fixes that were reverted by release
    3.20191115.2 for sig 0x50654 (Skylake Xeon, Skylake HEDT)

intel-microcode (3.20200520.1)

  * New upstream microcode datafile 20200520
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2020-03-04, rev 0x0621, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2020-03-24, rev 0x071a, size 19456

intel-microcode (3.20200508.1)

  * New upstream microcode datafile 20200508
    + Updated Microcodes:
      sig 0x000706e5, pf_mask 0x80, 2020-03-12, rev 0x0078, size 107520
    * Likely fixes several critical errata on IceLake-U/Y causing system
      hangs

intel-microcode (3.20191115.2)

  * Microcode rollbacks (closes: #946515, LP#1854764):
    sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
  * Avoids hangs on warm reboots (cold boots work fine) on HEDT and
    Xeon processors with signature 0x50654.

intel-microcode (3.20191115.1)

  * New upstream microcode datafile 20191115
    + Updated Microcodes:
      sig 0x000406e3, pf_mask 0xc0, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000506e3, pf_mask 0x36, 2019-10-03, rev 0x00d6, size 101376
      sig 0x000806e9, pf_mask 0x10, 2019-10-15, rev 0x00ca, size 100352
      sig 0x000806e9, pf_mask 0xc0, 2019-09-26, rev 0x00ca, size 100352
      sig 0x000806ea, pf_mask 0xc0, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000806eb, pf_mask 0xd0, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000806ec, pf_mask 0x94, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906e9, pf_mask 0x2a, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906ea, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
      sig 0x000906eb, pf_mask 0x02, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000906ec, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 99328
      sig 0x000906ed, pf_mask 0x22, 2019-10-03, rev 0x00ca, size 100352
      sig 0x000a0660, pf_mask 0x80, 2019-10-03, rev 0x00ca, size 91136

intel-microcode (3.20191113.1)

  * New upstream microcode datafile 20191113
    + SECURITY UPDATE, refer to the 3.20191112.1 changelog entry for details
      Adds microcode update for CFL-S (Coffe Lake Desktop)
      INTEL-SA-00270, CVE-2019-11135, CVE-2019-0117
    + Updated Microcodes (previously removed):
      sig 0x000906ec, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328

intel-microcode (3.20191112.1)

  * New upstream microcode datafile 20191112
    + SECURITY UPDATE
      - Implements MDS mitigation (TSX TAA), INTEL-SA-00270, CVE-2019-11135
      - Implements TA Indirect Sharing mitigation, and improves the
        MDS mitigation (VERW)
      - Fixes FIVR (Xeon Voltage Modulation) vulnerability, INTEL-SA-00271,
        CVE-2019-11139
      - Fixes SGX vulnerabilities and errata (including CVE-2019-0117)
    + CRITICAL ERRATA FIXES
      - Fixes Jcc conditional jump macro-fusion erratum (Skylake+, except
        Ice Lake), causes a 0-3% typical perforance hit (can be as bad
        as 10%).  But ensures the processor will actually jump where it
        should, so don't even *dream* of not applying this fix.
      - Fixes AVX SHUF* instruction implementation flaw erratum
    + Removed Microcodes:
      sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
    + New Microcodes:
      sig 0x000406d8, pf_mask 0x01, 2019-09-16, rev 0x012d, size 84992
      sig 0x00050656, pf_mask 0xbf, 2019-09-05, rev 0x400002c, size 51200
      sig 0x00060663, pf_mask 0x80, 2018-04-17, rev 0x002a, size 87040
      sig 0x000706a8, pf_mask 0x01, 2019-08-29, rev 0x0016, size 74752
      sig 0x000706e5, pf_mask 0x80, 2019-09-05, rev 0x0046, size 102400
      sig 0x000a0660, pf_mask 0x80, 2019-08-27, rev 0x00c6, size 91136
    + Updated Microcodes:
      sig 0x000406e3, pf_mask 0xc0, 2019-08-14, rev 0x00d4, size 101376
      sig 0x00050654, pf_mask 0xb7, 2019-09-05, rev 0x2000065, size 34816
      sig 0x00050657, pf_mask 0xbf, 2019-09-05, rev 0x500002c, size 51200
      sig 0x000506e3, pf_mask 0x36, 2019-08-14, rev 0x00d4, size 101376
      sig 0x000706a1, pf_mask 0x01, 2019-08-28, rev 0x0032, size 73728
      sig 0x000806e9, pf_mask 0x10, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000806e9, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000806ea, pf_mask 0xc0, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000806eb, pf_mask 0xd0, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000806ec, pf_mask 0x94, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906e9, pf_mask 0x2a, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906ea, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
      sig 0x000906eb, pf_mask 0x02, 2019-08-14, rev 0x00c6, size 100352
      sig 0x000906ed, pf_mask 0x22, 2019-08-14, rev 0x00c6, size 99328
    + Updated Microcodes (previously removed):
      sig 0x00050653, pf_mask 0x97, 2019-09-09, rev 0x1000151, size 32768

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
(cherry picked from commit e826e00765)
 2020-10-18 00:07:23 +02:00
Tan Zien
95d60bf881 firmware: amd64-microcode: update to 20191218 
amd64-microcode (3.20191218.1)

  * New microcode update packages from AMD upstream:
    + Removed Microcode updates (known to cause issues):
      sig 0x00830f10, patch id 0x08301025, 2019-07-11
  * README: update for new release

amd64-microcode (3.20191021.1)

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00830f10, patch id 0x08301025, 2019-07-11
    + Updated Microcodes:
      sig 0x00800f12, patch id 0x08001250, 2019-04-16
      sig 0x00800f82, patch id 0x0800820d, 2019-04-16

amd64-microcode (3.20181128.1)

  * New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00800f82, patch id 0x0800820b, 2018-06-20

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
(cherry picked from commit 182c7d955f)
 2020-10-18 00:07:16 +02:00
Hauke Mehrtens
dda5e3db19 firewall: options: fix parsing of boolean attributes 
Boolean attributes were parsed the same way as string attributes,
so a value of { "bool_attr": "true" } would be parsed correctly, but
{ "bool_attr": true } (without quotes) was parsed as false.

Fixes FS#3284

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7f676b5ed6)
 2020-10-16 21:37:22 +02:00
Koen Vandeputte
7dd822983b kernel: bump 4.14 to 4.14.201 
Refreshed all patches.

Fixes:
- CVE-2020-14386

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2020-10-14 17:18:54 +02:00
Adrian Schmutzler
aee081e62e oxnas: fix qc_prep return in sata driver after kernel 4.14.200 
This fixes a regression after a kernel change in 4.14.200 [1] that
led to build failure on oxnas/ox820:

  drivers/ata/sata_oxnas.c:2238:13: error: initialization of
  'enum ata_completion_errors (*)(struct ata_queued_cmd *)'
  from incompatible pointer type
  'void (*)(struct ata_queued_cmd *)' [-Werror=incompatible-pointer-types]
    .qc_prep = sata_oxnas_qc_prep,
               ^~~~~~~~~~~~~~~~~~
  drivers/ata/sata_oxnas.c:2238:13: note:
  (near initialization for 'sata_oxnas_ops.qc_prep')

Our local driver is changed the same way as prototyped in the
kernel patch, i.e. return type is changed and AC_ERR_OK return
value is added.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=306a1c5b5683c1d37565e575386139a64bdbec6f

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit f6ca57e4f4)
 2020-10-12 11:31:19 +01:00
Felix Fietkau
6696fddfd9 mac80211: do not allow bigger VHT MPDUs than the hardware supports 
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry picked from commit caf727767a)
[Refreshed patch]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2020-10-12 09:45:54 +02:00
Koen Vandeputte
9c718b5478 kernel: bump 4.14 to 4.14.200 
Refreshed all patches.

Compile-tested on: ar71xx, cns3xxx, imx6, x86_64
Runtime-tested on: ar71xx, cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
 2020-10-12 09:45:54 +02:00
Chuanhong Guo
b21bea7b1b ath79: ar8216: make switch register access atomic 
reg accesses on integrated ar8229 sometimes fails. As a result, phy read
got incorrect port status and wan link goes down and up mysteriously.
After comparing ar8216 with the old driver, these local_irq_save/restore
calls are the only meaningful differences I could find and it does fix
the issue.
The same changes were added in svn r26856 by Gabor Juhos:
ar71xx: ag71xx: make switch register access atomic

As I can't find the underlying problem either, this hack is broght
back to fix the unstable link issue.
This hack is only suitable for ath79 mdio and may easily break the
driver on other platform. Limit it to ath79-only as a target patch.

Fixes: FS#2216
Fixes: FS#3226
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
(cherry picked from commit 86fdc8abed)
 2020-10-11 11:57:55 +08:00
Baptiste Jonglez
891022918d scripts: getver.sh: fix version based on stable branch 
When building from a local branch based off the "openwrt-19.07" branch,
version computation is wrong, for instance:

    r10194+1004-c53f62b111

The number of local commits (1004 in this case) is wrong because it is
computed against master.  As a result, it wrongly counts *all* commits
since the beginning of the openwrt-19.07 branch as local commits.

The fix is to compare to the openwrt-19.07 branch instead, which gives the
expected result such as:

    r11192+6-8b0278a17e

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
[shorten commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
 2020-10-07 23:13:00 +02:00
Eneas U de Queiroz
8076fb59ab openssl: bump to 1.1.1h 
This is a bug-fix release.  Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 475838de1a)
 2020-09-28 17:14:31 +02:00
Adrian Schmutzler
f4286d7bc2 ath79: fix rssi-low LED for My Net Range Extender 
The LED color was missing in 01_leds.

Fixes: 745dee11ac ("ath79: add support for WD My Net Wi-Fi Range
Extender")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit d232a8ac7d)
 2020-09-28 13:33:28 +02:00
Hauke Mehrtens
d82e6a2f10 kernel: Update to version 4.14.199 
Compile and runtime tested on lantiq/xrx200 + ath79/generic.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-09-28 01:04:35 +02:00
Rozhuk Ivan
86b44028e2 comgt: fix hotplug event handling 
Hotplug manager send: "remove" -> "add" -> "bind" events,
script interpret bind as "not add" = "remove" and mark device
as unavailable.

Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit 4821ff064b)
Fixes: FS#3351
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-09-19 19:48:27 +02:00
Jo-Philipp Wich
34a9652904 Revert "ramips: ethernet: fix to interrupt handling" 
This reverts commit 7ac454014a.

The change reportedly causes regressions in ethernet performance.

Fixes: FS#3332
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
 2020-09-18 08:53:53 +02:00
Hauke Mehrtens
29b4104d69 OpenWrt v19.07.4: revert to branch defaults 
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
 2020-09-07 20:27:30 +02:00
302 changed files with 4190 additions and 2250 deletions
Expand all files Collapse all files

5
config/Config-devel.in
View File

@@ -100,6 +100,11 @@ menuconfig DEVEL
It can be a git hash or a branch name.
If unused, the clone's repository HEAD will be checked-out.
config KERNEL_GIT_MIRROR_HASH
string "Enter hash of Git kernel tree source checkout tarball" if DEVEL
depends on (KERNEL_GIT_CLONE_URI != "")
default ""
config BUILD_LOG
bool "Enable log files during build process" if DEVEL
help

9
feeds.conf.default
View File

@@ -1,4 +1,5 @@
src-git packages https://git.openwrt.org/feed/packages.git^eae1bb397f064befe003b01a36ae318321e81d35
src-git luci https://git.openwrt.org/project/luci.git^0d0ab01a64f25d15325d3c98a7df252085382f1d
src-git routing https://git.openwrt.org/feed/routing.git^b77498bd56d5e45ab4577a1f4ad6ffc55b4a86b7
src-git telephony https://git.openwrt.org/feed/telephony.git^91b34e7eefa1d37a18390d0c6881978cd76804a1
src-git packages https://git.openwrt.org/feed/packages.git^90af10d01579425369bd474051b6d3ddaf32a7e3
src-git luci https://git.openwrt.org/project/luci.git^34e0d656a41befd9720be35c4831c9f136a67c59
src-git routing https://git.openwrt.org/feed/routing.git^e26b4745209655976b7d124465b1dc53ade632f9
src-git telephony https://git.openwrt.org/feed/telephony.git^6e019c94d0fa7162548d528bf4ba060a61f8cb59
src-git freifunk https://github.com/freifunk/openwrt-packages.git^c621a4283870fe062489fe5e26a15deda7ef4ed7

16
include/cmake.mk
View File

@@ -22,12 +22,22 @@ ifeq ($(CONFIG_CCACHE),)
CMAKE_CXX_COMPILER:=$(call cmake_tool,$(TARGET_CXX))
CMAKE_C_COMPILER_ARG1:=
CMAKE_CXX_COMPILER_ARG1:=
CMAKE_HOST_C_COMPILER:=$(HOSTCC)
CMAKE_HOST_CXX_COMPILER:=$(HOSTCXX)
CMAKE_HOST_C_COMPILER_ARG1:=
CMAKE_HOST_CXX_COMPILER_ARG1:=
else
CCACHE:=$(STAGING_DIR_HOST)/bin/ccache
CMAKE_C_COMPILER:=$(CCACHE)
CMAKE_C_COMPILER_ARG1:=$(TARGET_CC_NOCACHE)
CMAKE_CXX_COMPILER:=$(CCACHE)
CMAKE_CXX_COMPILER_ARG1:=$(TARGET_CXX_NOCACHE)
CMAKE_HOST_C_COMPILER:=$(CCACHE)
CMAKE_HOST_C_COMPILER_ARG1:=$(HOSTCC_NOCACHE)
CMAKE_HOST_CXX_COMPILER:=$(CCACHE)
CMAKE_HOST_CXX_COMPILER_ARG1:=$(HOSTCXX_NOCACHE)
endif
CMAKE_AR:=$(call cmake_tool,$(TARGET_AR))
CMAKE_NM:=$(call cmake_tool,$(TARGET_NM))
@@ -90,6 +100,12 @@ define Host/Configure/Default
LDFLAGS="$(HOST_LDFLAGS)" \
cmake \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_C_COMPILER="$(CMAKE_HOST_C_COMPILER)" \
-DCMAKE_C_COMPILER_ARG1="$(CMAKE_HOST_C_COMPILER_ARG1)" \
-DCMAKE_CXX_COMPILER="$(CMAKE_HOST_CXX_COMPILER)" \
-DCMAKE_CXX_COMPILER_ARG1="$(CMAKE_HOST_CXX_COMPILER_ARG1)" \
-DCMAKE_ASM_COMPILER="$(CMAKE_HOST_C_COMPILER)" \
-DCMAKE_ASM_COMPILER_ARG1="$(CMAKE_HOST_C_COMPILER_ARG1)" \
-DCMAKE_C_FLAGS_RELEASE="-DNDEBUG" \
-DCMAKE_CXX_FLAGS_RELEASE="-DNDEBUG" \
-DCMAKE_EXE_LINKER_FLAGS:STRING="$(HOST_LDFLAGS)" \

2
include/host-build.mk
View File

@@ -184,6 +184,8 @@ ifndef DUMP
clean-build: host-clean-build
endif
$(DL_DIR)/$(FILE): FORCE
$(_host_target)host-prepare: $(HOST_STAMP_PREPARED)
$(_host_target)host-configure: $(HOST_STAMP_CONFIGURED)
$(_host_target)host-compile: $(HOST_STAMP_BUILT) $(HOST_STAMP_INSTALLED)

1
include/image.mk
View File

@@ -534,6 +534,7 @@ define Device/Build/image
BIN_DIR="$(BIN_DIR)" \
IMAGE_NAME="$(IMAGE_NAME)" \
IMAGE_TYPE=$(word 1,$(subst ., ,$(2))) \
IMAGE_FILESYSTEM="$(1)" \
IMAGE_PREFIX="$(IMAGE_PREFIX)" \
DEVICE_TITLE="$(DEVICE_TITLE)" \
DEVICE_PACKAGES="$(DEVICE_PACKAGES)" \

4
include/kernel-version.mk
View File

@@ -6,9 +6,9 @@ ifdef CONFIG_TESTING_KERNEL
KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
endif
LINUX_VERSION-4.14 = .195
LINUX_VERSION-4.14 = .221
LINUX_KERNEL_HASH-4.14.195 = 394f28798670240baacd9e2cce521fbd79f8da5e1fc191695b0e11381445a021
LINUX_KERNEL_HASH-4.14.221 = ce2254075ff4846f13380c1cf4bec1e351e5996a7dd109c200e222e49fd2c7e9
remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))

2
include/package.mk
View File

@@ -185,6 +185,8 @@ define Build/CoreTargets
$(call Build/Autoclean)
$(call DefaultTargets)
$(DL_DIR)/$(FILE): FORCE
download:
$(foreach hook,$(Hooks/Download),
$(call $(hook))$(sep)

2
include/prereq-build.mk
View File

@@ -26,6 +26,7 @@ $(eval $(call TestHostCommand,proper-umask, \
Please build with umask 022 - other values produce broken packages, \
umask | grep -xE 0?0[012][012]))
ifndef IB
$(eval $(call SetupHostCommand,gcc, \
Please install the GNU C Compiler (gcc) 4.8 or later, \
$(CC) -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?|10\.?)', \
@@ -55,6 +56,7 @@ $(eval $(call TestHostCommand,ncurses, \
Please install ncurses. (Missing libncurses.so or ncurses.h), \
echo 'int main(int argc, char **argv) { initscr(); return 0; }' | \
gcc -include ncurses.h -x c -o $(TMP_DIR)/a.out - -lncurses))
endif # IB
ifeq ($(HOST_OS),Linux)
zlib_link_flags := -Wl,-Bstatic -lz -Wl,-Bdynamic

6
include/version.mk
View File

@@ -26,13 +26,13 @@ PKG_CONFIG_DEPENDS += \
sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),19.07.4)
VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),19.07.7)
VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r11208-ce6496d796)
VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),r11306-c4a6851c72)
VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/releases/19.07.4)
VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/releases/19.07.7)
VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

2
package/base-files/image-config.in
View File

@@ -183,7 +183,7 @@ if VERSIONOPT
config VERSION_REPO
string
prompt "Release repository"
default "http://downloads.openwrt.org/releases/19.07.4"
default "http://downloads.openwrt.org/releases/19.07.7"
help
This is the repository address embedded in the image, it defaults
to the trunk snapshot repo; the url may contain the following placeholders:

1
package/boot/at91bootstrap/Makefile
View File

@@ -14,6 +14,7 @@ PKG_RELEASE:=
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/linux4sam/at91bootstrap.git
PKG_MIRROR_HASH:=783100ce586460b8230f7b5b56cbc2e6473b888f38330c1d1b64777e3ae59473
PKG_SOURCE_VERSION:=04efa5500d60a0211d14b6ee60df7ce0a828704d
PKG_BUILD_DIR = \

1
package/boot/uboot-at91/Makefile
View File

@@ -12,6 +12,7 @@ PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/linux4sam/u-boot-at91.git
PKG_MIRROR_HASH:=03ae55f16e716c2c06481372174f9d8506fa077459bf321a024e0d23a9bb013a
PKG_SOURCE_VERSION:=59f202622154f82e708a6ca2bf86350a5c1b2d33
include $(INCLUDE_DIR)/u-boot.mk

2
package/boot/uboot-envtools/Makefile
View File

@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=uboot-envtools
PKG_DISTNAME:=u-boot
PKG_VERSION:=2018.03
PKG_RELEASE:=3
PKG_RELEASE:=3.1
PKG_SOURCE_PROTO:=git
PKG_SOURCE:=$(PKG_DISTNAME)-$(PKG_VERSION).tar.xz

15
package/boot/uboot-envtools/files/mvebu
View File

@@ -15,12 +15,23 @@ board=$(board_name)
case "$board" in
cznic,turris-omnia)
ubootenv_add_uci_config "/dev/mtd0" "0xC0000" "0x10000" "0x40000"
if grep -q 'U-Boot 2015.10-rc2' /dev/mtd0; then
ubootenv_add_uci_config "/dev/mtd0" "0xc0000" "0x10000" "0x40000"
else
ubootenv_add_uci_config "/dev/mtd0" "0xf0000" "0x10000" "0x10000"
fi
;;
globalscale,espressobin|\
globalscale,espressobin-emmc|\
globalscale,espressobin-v7|\
globalscale,espressobin-v7-emmc|\
globalscale,espressobin-v7-emmc)
idx="$(find_mtd_index u-boot-env)"
if [ -n "$idx" ]; then
ubootenv_add_uci_config "/dev/mtd$idx" "0x0" "0x10000" "0x10000" "1"
else
ubootenv_add_uci_config "/dev/mtd0" "0x3f0000" "0x10000" "0x10000" "1"
fi
;;
marvell,armada8040-mcbin)
ubootenv_add_uci_config "/dev/mtd0" "0x3f0000" "0x10000" "0x10000" "1"
;;

4
package/firmware/amd64-microcode/Makefile
View File

@@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=amd64-microcode
PKG_VERSION:=20180524
PKG_VERSION:=20191218
PKG_RELEASE:=1
PKG_SOURCE:=amd64-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz
PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/a/amd64-microcode/
PKG_HASH:=7c389c357c242e7161f6872bf4e12011a71e4c0683f06fb1bcfad650a78bf0a9
PKG_HASH:=f469b79348097c5f04641b67a39d0ee5a2a1916c9556281626c04f2275d4132d
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
PKG_LICENSE_FILE:=LICENSE.amd-ucode

4
package/firmware/intel-microcode/Makefile
View File

@@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=intel-microcode
PKG_VERSION:=20190918
PKG_VERSION:=20200616
PKG_RELEASE:=1
PKG_SOURCE:=intel-microcode_3.$(PKG_VERSION).$(PKG_RELEASE).tar.xz
PKG_SOURCE_URL:=http://ftp.debian.org/debian/pool/non-free/i/intel-microcode/
PKG_HASH:=b7ecb5dd30d71e9b3c2ab184693a876171392e0d80d138c3560c662e5f2a2247
PKG_HASH:=bcc3b81c452fe4649a948c022475d76c1cdfbb730f36749a082f412f1406a3b9
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-3.$(PKG_VERSION).$(PKG_RELEASE)
PKG_BUILD_DEPENDS:=iucode-tool/host

4
package/firmware/wireless-regdb/Makefile
View File

@@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=wireless-regdb
PKG_VERSION:=2019.06.03
PKG_VERSION:=2020.11.20
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@KERNEL/software/network/wireless-regdb/
PKG_HASH:=cd917ed86b63ce8d93947979f1f18948f03a4ac0ad89ec25227b36ac00dc54bf
PKG_HASH:=b4164490d82ff7b0086e812ac42ab27baf57be24324d4c0ee1c5dd6ba27f2a52
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>

58
package/firmware/wireless-regdb/patches/010-regdb-fix-compatibility-with-python2.patch
View File

@@ -1,58 +0,0 @@
From 651e39dee8605995b736b6056c6f7dc5c5a9c948 Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@intel.com>
Date: Thu, 22 Aug 2019 21:46:27 +0200
Subject: [PATCH] regdb: fix compatibility with python2
Various changes in the commit mentioned below broke
compatibility with python2. Restore it in a way that
makes it worth with both versions.
Fixes: f3c4969c2485 ("wireless-regdb: make scripts compatible with Python 3")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
db2bin.py | 2 +-
db2fw.py | 2 +-
dbparse.py | 3 +--
3 files changed, 3 insertions(+), 4 deletions(-)
--- a/db2bin.py
+++ b/db2bin.py
@@ -118,7 +118,7 @@ reg_country_ptr.set()
for alpha2 in countrynames:
coll = countries[alpha2]
# struct regdb_file_reg_country
- output.write(struct.pack('>BBxBI', alpha2[0], alpha2[1], coll.dfs_region, reg_rules_collections[coll.permissions]))
+ output.write(struct.pack('>2sxBI', alpha2, coll.dfs_region, reg_rules_collections[coll.permissions]))
if len(sys.argv) > 3:
--- a/db2fw.py
+++ b/db2fw.py
@@ -85,7 +85,7 @@ countrynames = list(countries)
countrynames.sort()
for alpha2 in countrynames:
coll = countries[alpha2]
- output.write(struct.pack('>BB', alpha2[0], alpha2[1]))
+ output.write(struct.pack('>2s', alpha2))
country_ptrs[alpha2] = PTR(output)
output.write(b'\x00' * 4)
--- a/dbparse.py
+++ b/dbparse.py
@@ -1,6 +1,5 @@
#!/usr/bin/env python
-from builtins import bytes
from functools import total_ordering
import sys, math
from math import ceil, log
@@ -359,7 +358,7 @@ class DBParser(object):
for cname in cnames:
if len(cname) != 2:
self._warn("country '%s' not alpha2" % cname)
- cname = bytes(cname, 'ascii')
+ cname = cname.encode('ascii')
if not cname in self._countries:
self._countries[cname] = Country(dfs_region, comments=self._comments)
self._current_countries[cname] = self._countries[cname]

47
package/firmware/wireless-regdb/patches/600-wireless-regdb-Fix-overlapping-ranges-for-Switzerlan.patch
View File

@@ -1,47 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@strongswan.org>
Date: Tue, 2 Jul 2019 16:19:44 +0200
Subject: [PATCH] wireless-regdb: Fix overlapping ranges for Switzerland and
Liechtenstein
The commit referenced below changes the 5GHz frequency range 5250-5330
to 5150-5330, making that range overlapping with the existing range
5170-5250. This imposes DFS limitations and a reduced maximum power
level for the range 5170-5250.
The change of the frequency range seems not intentional. Instead the
commit should have changed the 5170-5250 range to 5150-5250, and the
5250-5330 range to 5250-5350 (see [1]).
[1] https://www.ofcomnet.ch/api/rir/1010/05
Fixes: 957a7cff72a3 ("wireless-regdb: update regulatory rules for Switzerland (CH), and Liechtenstein (LI) on 5GHz")
Signed-off-by: Martin Willi <martin@strongswan.org>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
diff --git a/db.txt b/db.txt
index d47ab94c3aa5..37393e6a793e 100644
--- a/db.txt
+++ b/db.txt
@@ -271,8 +271,8 @@ country CF: DFS-FCC
# transmitter power control is in use: 5250-5330@23db, 5490-5710@30db
country CH: DFS-ETSI
(2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5150 - 5330 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
(5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
# 60 GHz band channels 1-4, ref: Etsi En 302 567
(57000 - 66000 @ 2160), (40)
@@ -747,8 +747,8 @@ country LC: DFS-ETSI
# transmitter power control is in use: 5250-5330@23db, 5490-5710@30db
country LI: DFS-ETSI
(2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5150 - 5330 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
(5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
# 60 GHz band channels 1-4, ref: Etsi En 302 567
(57000 - 66000 @ 2160), (40)

843
package/firmware/wireless-regdb/patches/601-wireless-regdb-Fix-ranges-of-EU-countries-as-they-ar.patch
View File

@@ -1,843 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Emil Petersky <emil.petersky@streamunlimited.com>
Date: Tue, 17 Sep 2019 09:49:19 +0200
Subject: [PATCH] wireless-regdb: Fix ranges of EU countries as they are
harmonized since 2014
This patch unites entries for EU countries, as they have been harmonized
latest by July 2014...
EU decision 2005/513/EC:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
EU decision 2006/771/EC:
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
Signed-off-by: Emil Petersky <emil.petersky@streamunlimited.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
diff --git a/db.txt b/db.txt
index 2e149b6e0ea2..a57452479a9b 100644
--- a/db.txt
+++ b/db.txt
@@ -87,12 +87,20 @@ country AS: DFS-FCC
(5490 - 5730 @ 160), (24), DFS
(5735 - 5835 @ 80), (30)
+# AT as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# AT: https://www.rtr.at/en/tk/Spektrum5GHz/1997_bmvit-info-052010en.pdf
+# AT: acceptance https://www.ris.bka.gv.at/Dokumente/BgblAuth/BGBLA_2014_II_63/BGBLA_2014_II_63.pdfsig
country AT: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
# Source:
@@ -139,12 +147,22 @@ country BD: DFS-JP
(2402 - 2482 @ 40), (20)
(5735 - 5835 @ 80), (30)
+# BE as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# BE: https://www.ibpt.be/public/files/en/21760/B03-01_2.1_EN.pdf
+# BE: https://www.ibpt.be/public/files/en/21761/B03-02_2.1_EN.pdf
+# BE: https://www.ibpt.be/public/files/en/21762/B03-03_2.1_EN.pdf
+# BE: https://www.ibpt.be/public/files/en/22165/B01-28_3.1_EN.pdf
country BE: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country BF: DFS-FCC
@@ -167,22 +185,29 @@ country BF: DFS-FCC
#
# Note: The transmit power limits in the 5250-5350 MHz and 5470-5725 MHz bands
# can be raised by 3 dBm if TPC is enabled. Refer to BDS EN 301 893 for details.
+#
+# BG as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# BG: https://crc.bg/files/_en/Electronic_Communications_Revised_EN1.pdf
+# BG: acceptance of 2006/771/EC https://crc.bg/files/Pravila_06_12_2018.pdf
country BG: DFS-ETSI
# Wideband data transmission systems (WDTS) in the 2.4GHz ISM band, ref:
# I.22 of the List, BDS EN 300 328
- (2402 - 2482 @ 40), (20)
+ (2400 - 2483.5 @ 40), (100 mW)
# 5 GHz Radio Local Area Networks (RLANs), ref:
# II.H01 of the List, BDS EN 301 893
- (5170 - 5250 @ 80), (23), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
# II.H01 of the List, I.54 from the List, BDS EN 301 893
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # Short range devices (SRDs) in the 5725-5875 MHz frequency range, ref:
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
# I.43 of the List, BDS EN 300 440-2, BDS EN 300 440-1
- (5725 - 5875 @ 80), (14)
- # 60 GHz Multiple-Gigabit RLAN Systems, ref:
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
# II.H03 of the List, BDS EN 302 567-2
- (57000 - 66000 @ 2160), (40), NO-OUTDOOR
+ (57000 - 66000 @ 2160), (40)
country BH: DFS-JP
(2402 - 2482 @ 40), (20)
@@ -265,16 +290,22 @@ country CF: DFS-FCC
(5490 - 5730 @ 40), (24), DFS
(5735 - 5835 @ 40), (30)
-# Source:
-# https://www.ofcomnet.ch/#/fatTable
-# Note that the maximum transmitter power can be doubled for 5250-5710MHz if
-# transmitter power control is in use: 5250-5330@23db, 5490-5710@30db
+# CH as part of CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# CH: https://www.ofcomnet.ch/api/rir/1010/05
+# CH: https://www.ofcomnet.ch/api/rir/1010/04
+# CH: https://www.ofcomnet.ch/api/rir/1008/12
+# CH: https://www.ofcomnet.ch/#/fatTable
country CH: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country CI: DFS-FCC
@@ -329,26 +360,42 @@ country CX: DFS-FCC
(5490 - 5730 @ 160), (24), DFS
(5735 - 5835 @ 80), (30)
+# CY as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# CY: http://www.mcw.gov.cy/mcw/dec/dec.nsf/all/292484CFC7013DD4C2256EBA0023D447/$file/Sxedio%20Radiosyxnothtwn%20ths%20Dhmokratias-3-8-2018-E2.2(English%20Unified%20Unofficial).pdf?openelement
country CY: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
-# Data from http://www.ctu.eu/164/download/VOR/VOR-12-08-2005-34.pdf
-# and http://www.ctu.eu/164/download/VOR/VOR-12-05-2007-6-AN.pdf
-# Power at 5250 - 5350 MHz and 5470 - 5725 MHz can be doubled if TPC is
-# implemented.
+# CZ as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# CZ: https://www.ctu.cz/cs/download/vseobecna-opravneni/archiv/vo-r_12-06_2010-09.pdf
+# CZ: https://www.ctu.cz/sites/default/files/obsah/ctu/vseobecne-opravneni-c.vo-r/10/12.2017-10/obrazky/vo-r10-122017-10.pdf
country CZ: DFS-ETSI
(2400 - 2483.5 @ 40), (100 mW)
(5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
(5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
(5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
+# DE as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+#
# Allocation for the 2.4 GHz band (Vfg 10 / 2013, Allgemeinzuteilung von
# Frequenzen für die Nutzung in lokalen Netzwerken; Wireless Local Area
# Networks (WLAN-Funkanwendungen).
@@ -379,16 +426,22 @@ country DE: DFS-ETSI
# 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
-# Sources:
+# DK as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# DK: https://ens.dk/sites/ens.dk/files/Tele/frekvensplan_0.pdf
# 5GHz: https://erhvervsstyrelsen.dk/sites/default/files/007_interface-datanet_5-6_ghz.pdf.pdf
# 60GHz: https://erhvervsstyrelsen.dk/sites/default/files/radiograenseflader-63.pdf
country DK: DFS-ETSI
- (2400 - 2483.5 @ 40), (20)
- (5150 - 5250 @ 80), (23), AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5725 @ 160), (27), DFS, wmmrule=ETSI
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
# 60 GHz band channels 1-4 (ETSI EN 302 567)
- (57000 - 66000 @ 2160), (40), NO-OUTDOOR
+ (57000 - 66000 @ 2160), (40)
# Source:
# http://www.ntrcdom.org/index.php?option=com_content&view=category&layout=blog&id=10&Itemid=55
@@ -417,12 +470,20 @@ country EC: DFS-FCC
(5490 - 5730 @ 20), (24), DFS
(5735 - 5835 @ 20), (30)
+# EE as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# EE: https://www.ttja.ee/et/ettevottele-organisatsioonile/sideteenused/raadioseadmed/wifi-seade
+# EE: https://www.itu.int/ITU-D/study_groups/SGP_1998-2002/JGRES09/pdf/estonia.pdf
country EE: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country EG: DFS-ETSI
@@ -430,17 +491,19 @@ country EG: DFS-ETSI
(5170 - 5250 @ 40), (20)
(5250 - 5330 @ 40), (20), DFS
-# Source:
-# Cuadro nacional de atribución de frecuencias (CNAF)
-# https://avancedigital.gob.es/espectro/Paginas/cnaf.aspx
+# ES as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# ES: https://avancedigital.gob.es/espectro/Paginas/cnaf.aspx
country ES: DFS-ETSI
(2400 - 2483.5 @ 40), (100 mW)
(5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
(5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
(5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
- # Short Range Devices (SRD) (ETSI EN 300 440)
+ # short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country ET: DFS-ETSI
@@ -449,14 +512,18 @@ country ET: DFS-ETSI
(5250 - 5330 @ 80), (20), DFS, AUTO-BW
(5490 - 5710 @ 160), (27), DFS
+# FI as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
country FI: DFS-ETSI
- (2400 - 2483.5 @ 40), (20)
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5725 @ 160), (27), DFS, wmmrule=ETSI
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
# short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country FM: DFS-FCC
@@ -466,22 +533,34 @@ country FM: DFS-FCC
(5490 - 5730 @ 160), (24), DFS
(5735 - 5835 @ 80), (30)
+# FR as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
country FR: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5725 @ 160), (27), DFS, wmmrule=ETSI
- # short range devices (ETSI EN 300 440)
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
+# GB as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# GB: https://www.ofcom.org.uk/__data/assets/pdf_file/0019/136009/Ofcom-Information-Sheet-5-GHz-RLANs.pdf
+# GB: https://www.ofcom.org.uk/__data/assets/pdf_file/0028/84970/ir-2030.pdf
country GB: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country GD: DFS-FCC
@@ -523,12 +602,20 @@ country GP: DFS-ETSI
(5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
(5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
+# GR as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# GR: https://www.eett.gr/opencms/export/sites/default/EETT_EN/Electronic_Communications/Radio_Communications/TelecommunicationEquipment/Radio_equipment_interface_requirement_2012.pdf
+# GR: https://www.eett.gr/opencms/export/sites/default/EETT_EN/Electronic_Communications/Radio_Communications/TelecommunicationEquipment/Radio_equipment_interface_requirement_107.pdf
country GR: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country GT: DFS-FCC
@@ -563,11 +650,18 @@ country HN: DFS-FCC
(5735 - 5835 @ 80), (30)
country HR: DFS-ETSI
- (2400 - 2483.5 @ 40), (20)
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5725 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+# HR as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# HR: http://tablice.hakom.hr:8080/vis?lang=en
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country HT: DFS-FCC
@@ -577,37 +671,42 @@ country HT: DFS-FCC
(5490 - 5730 @ 160), (24), DFS
(5735 - 5835 @ 80), (30)
-# http://stir.nmhh.hu/?oldal=dokumentumGeneralo&root_rendeletelem_id=3&hatalyos=1
-# http://english.nmhh.hu/cikk/297/Eljarasi_tajekoztato_a_24_GHzes_es_az_5_GHzes_savban_mukodo_berendezesek_engedelyezeserol
-# http://nmhh.hu/dokumentum/319/kis_hatotavolsagu_eszkozok_srdk.pdf
+# HU as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# HU: http://stir.nmhh.hu/?oldal=dokumentumGeneralo&root_rendeletelem_id=3&hatalyos=1
+# HU: http://english.nmhh.hu/cikk/297/Eljarasi_tajekoztato_a_24_GHzes_es_az_5_GHzes_savban_mukodo_berendezesek_engedelyezeserol
+# HU: http://nmhh.hu/dokumentum/319/kis_hatotavolsagu_eszkozok_srdk.pdf
country HU: DFS-ETSI
- # ref: 2006/771/EK, (EU) 2017/1483, MSZ EN 300 328
- # additionally: 100mW @ 10MHz channels, 50mW @ 5MHz (max. 10mW/MHz)
- (2400 - 2483.5 @ 40), (20)
- # ref: 2005/513/EK
- # note: TPC not needed @ 5150-5250
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- # note: max would be +3dB with TPC @ 5250-5725
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5725 @ 160), (27), DFS, wmmrule=ETSI
- # "Short Range Devices (SRD)"
- # ref: 2006/771/EK, (EU) 2017/1483, MSZ EN 300 440, MSZ EN 302 064
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, "Fixed outdoor installation not allowed"
- # ref: 2006/771/EK, (EU) 2017/1483, MSZ EN 302 567
- (57000 - 66000 @ 2160), (40), NO-OUTDOOR
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
+ (57000 - 66000 @ 2160), (40)
country ID: DFS-JP
# ref: http://www.postel.go.id/content/ID/regulasi/standardisasi/kepdir/bwa%205,8%20ghz.pdf
(2402 - 2482 @ 20), (20)
(5735 - 5815 @ 20), (23)
+# IE as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# IE: https://www.comreg.ie/publication-download/interface-requirements-for-radio-services-in-ireland
+# IE: https://www.comreg.ie/publication-download/permitted-short-range-devices-ireland
country IE: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country IL: DFS-ETSI
@@ -626,20 +725,33 @@ country IR: DFS-JP
(2402 - 2482 @ 40), (20)
(5735 - 5835 @ 80), (30)
+# IS as part of CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# IS: https://www.pfs.is/library/Skrar/Tidnir-og-taekni/MHZ_21022019.pdf
country IS: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
+# IT as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
country IT: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country JM: DFS-FCC
@@ -741,16 +853,22 @@ country LC: DFS-ETSI
(5490 - 5710 @ 160), (30), DFS
(5735 - 5815 @ 80), (30)
-# Source:
-# https://www.ofcomnet.ch/#/fatTable
-# Note that the maximum transmitter power can be doubled for 5250-5710MHz if
-# transmitter power control is in use: 5250-5330@23db, 5490-5710@30db
+# LI as part of CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# LI: https://www.ofcomnet.ch/api/rir/1010/05
+# LI: https://www.ofcomnet.ch/api/rir/1010/04
+# LI: https://www.ofcomnet.ch/api/rir/1008/12
+# LI: https://www.ofcomnet.ch/#/fatTable
country LI: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country LK: DFS-FCC
@@ -768,28 +886,50 @@ country LS: DFS-ETSI
(5250 - 5330 @ 80), (20), DFS, AUTO-BW
(5490 - 5710 @ 160), (27), DFS
+# LT as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# LT: https://www.rrt.lt/en/radio-spectrum/frequency-management/ or direct link:
+# LT: https://www.e-tar.lt/portal/lt/legalAct/6e718fd037a011e69101aaab2992cbcd/dGRioCBBHb
country LT: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
+# LU as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# LU: https://assets.ilr.lu/frequences/Documents/ILRLU-1723895916-183.pdf#search=en%20300%20440
country LU: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
+# LV as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# LV: http://likumi.lv/doc.php?id=198903
country LV: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country MA: DFS-ETSI
@@ -875,12 +1015,19 @@ country MR: DFS-ETSI
(5250 - 5330 @ 80), (20), DFS, AUTO-BW
(5490 - 5710 @ 160), (27), DFS
+# MT as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# MT: https://www.mca.org.mt/sites/default/files/NFP_edition%206-1.pdf
country MT: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country MU: DFS-FCC
@@ -930,34 +1077,36 @@ country NI: DFS-FCC
(5490 - 5730 @ 160), (24), DFS
(5735 - 5835 @ 80), (30)
-# Regulation on the use of frequency space without a license and
-# without notification 2015
-#
-# http://wetten.overheid.nl/BWBR0036378/2015-03-05
-
+# NL as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# NL: http://wetten.overheid.nl/BWBR0036378/2015-03-05
country NL: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
# short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
-# Data from http://www.lovdata.no/dokument/SF/forskrift/2012-01-19-77
-# Power at 5250 - 5350 MHz, 5470 - 5725 MHz and 5815 5850 MHz can
-# be doubled if TPC is implemented.
-# Up to 2W (or 4W with TPC) is allowed in the 5725 5795 MHz band
-# which has been merged with 5470 - 5725 MHz to allow wide channels
+# NO as part of CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# NO: https://eng.nkom.no/technical/temporary-licenses/mobile-videolink/wireless-cameras-mobile-video-links/_attachment/9947
+# NO: http://www.lovdata.no/dokument/SF/forskrift/2012-01-19-77
+# In addition to EU NO can use 57255795 MHz and 58155850 bands with limit of 4 W EIRP (with DFS and TPC)
country NO: DFS-ETSI
(2400 - 2483.5 @ 40), (100 mW)
- (5150 - 5250 @ 80), (200 mW), AUTO-BW, wmmrule=ETSI
- (5250 - 5350 @ 80), (100 mW), DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5795 @ 160), (500 mW), DFS, wmmrule=ETSI
- (5815 - 5850 @ 35), (2000 mW), DFS
- (17100 - 17300 @ 200), (100 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country NP: DFS-JP
@@ -1020,12 +1169,18 @@ country PK: DFS-JP
(2402 - 2482 @ 40), (20)
(5735 - 5835 @ 80), (30)
+# PL as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
country PL: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country PM: DFS-ETSI
@@ -1041,14 +1196,19 @@ country PR: DFS-FCC
(5490 - 5730 @ 160), (24), DFS
(5735 - 5835 @ 80), (30)
+# PT as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# PT: https://www.anacom.pt/render.jsp?categoryId=336334
country PT: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
# short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
country PW: DFS-FCC
@@ -1079,15 +1239,21 @@ country RE: DFS-ETSI
(5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
(5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
+# RO as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# RO: http://www.ancom.org.ro/en/uploads/links_files/ordin_262_2006.pdf
country RO: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
-
# Source:
# http://www.ratel.rs/upload/documents/Plan_namene/Plan_namene-sl_glasnik.pdf
country RS: DFS-ETSI
@@ -1119,18 +1285,20 @@ country SA: DFS-ETSI
(5250 - 5330 @ 80), (20), DFS, AUTO-BW
(5490 - 5710 @ 160), (27), DFS
-# Source:
-# https://pts.se/globalassets/startpage/dokument/legala-dokument/foreskrifter/radio/beslutade_ptsfs-2018-3-undantagsforeskrifter.pdf
+# SE as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# SE: https://pts.se/globalassets/startpage/dokument/legala-dokument/foreskrifter/radio/beslutade_ptsfs-2018-3-undantagsforeskrifter.pdf
country SE: DFS-ETSI
- (2400 - 2483.5 @ 40), (20)
- (5150 - 5250 @ 80), (23), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
- # note: max would be +3dB with TPC @ 5250-5725
- (5250 - 5350 @ 80), (20), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
- (5470 - 5725 @ 160), (27), DFS, wmmrule=ETSI
- # short range devices (ETSI EN 300 440)
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
(5725 - 5875 @ 80), (25 mW)
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
- (57000 - 66000 @ 2160), (40), NO-OUTDOOR
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
+ (57000 - 66000 @ 2160), (40)
# Source
# https://www.imda.gov.sg/~/media/imda/files/regulation%20licensing%20and%20consultations/ict%20standards/telecommunication%20standards/radio-comms/imdatssrd.pdf?la=en
@@ -1144,20 +1312,36 @@ country SG: DFS-FCC
# (5470 - 5725 @ 160), (30), DFS
(5725 - 5850 @ 80), (30)
+# SI as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# SI: https://www.akos-rs.si/bwa
country SI: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
+# SK as part of EU/CEPT accepted decisions 2005/513/EC (5GHz RLAN, EN 301 893)
+# and 2006/771/EC (amended by 2008/432/EC, Short-Range Devices, EN 300 440)
+# EU decision 2005/513/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02005D0513-20070213
+# EU decision 2006/771/EC: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:02008D0432-20080611
+# SK: https://www.teleoff.gov.sk/data/files/25911.pdf
+# SK: https://www.teleoff.gov.sk/data/files/41072.pdf
+# SK: https://www.teleoff.gov.sk/data/files/49125_vpr-01_2018-rusi-vpr-10_2014a21_2012-nespecifik-srd_021018.pdf
country SK: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW, wmmrule=ETSI
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW, wmmrule=ETSI
- (5490 - 5710 @ 160), (27), DFS, wmmrule=ETSI
- # 60 GHz band channels 1-4, ref: Etsi En 302 567
+ (2400 - 2483.5 @ 40), (100 mW)
+ (5150 - 5250 @ 80), (200 mW), NO-OUTDOOR, AUTO-BW, wmmrule=ETSI
+ (5250 - 5350 @ 80), (100 mW), NO-OUTDOOR, DFS, AUTO-BW, wmmrule=ETSI
+ (5470 - 5725 @ 160), (500 mW), DFS, wmmrule=ETSI
+ # short range devices (ETSI EN 300 440-1)
+ (5725 - 5875 @ 80), (25 mW)
+ # 60 GHz band channels 1-4 (ETSI EN 302 567)
(57000 - 66000 @ 2160), (40)
# Source:

44
package/firmware/wireless-regdb/patches/602-wireless-regdb-Update-regulatory-rules-for-Russia-RU.patch
View File

@@ -1,44 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Dmitry Tunin <hanipouspilot@gmail.com>
Date: Sat, 24 Aug 2019 11:48:10 +0300
Subject: [PATCH] wireless-regdb: Update regulatory rules for Russia (RU)
Russian entry is incorrect. According to the last regulations
document of Feb 29, 2016, 160 MHz channels and 802.11ad are allowed.
http://rfs-rf.ru/upload/medialibrary/c1a/prilozhenie-1-k-resheniyu-gkrch-_-16_36_03.pdf
Note that there was never a DFS requirement in Russia, but always was
NO-OUTDOOR on 5GHz.
Maximum power is 200mW that is ~23dBm on all 5GHz channels.
Also Russia has never been regulated by ETSI.
EIRP has been reduced by 4dBm because of TPC requirement.
Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
diff --git a/db.txt b/db.txt
index f6b2f921416c..9c4b447536e4 100644
--- a/db.txt
+++ b/db.txt
@@ -1349,14 +1349,12 @@ country RS: DFS-ETSI
# 60 GHz band channels 1-4, ref: Etsi En 302 567
(57000 - 66000 @ 2160), (40)
-country RU: DFS-ETSI
- (2402 - 2482 @ 40), (20)
- (5170 - 5250 @ 80), (20), AUTO-BW
- (5250 - 5330 @ 80), (20), DFS, AUTO-BW
- (5650 - 5730 @ 80), (30), DFS
- (5735 - 5835 @ 80), (30)
+country RU:
+ (2400 - 2483.5 @ 40), (20)
+ (5150 - 5350 @ 160), (20), NO-OUTDOOR
+ (5650 - 5850 @ 160), (20), NO-OUTDOOR
# 60 GHz band channels 1-4, ref: Changes to NLA 124_Order №129_22042015.pdf
- (57000 - 66000 @ 2160), (40)
+ (57000 - 66000 @ 2160), (40), NO-OUTDOOR
country RW: DFS-FCC
(2402 - 2482 @ 40), (20)

8
package/kernel/mac80211/Makefile
View File

@@ -10,10 +10,10 @@ include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=mac80211
PKG_VERSION:=4.19.137-1
PKG_RELEASE:=2
PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v4.19.137/
PKG_HASH:=dc5eea4f77fc5c43b69e38f46fbf766880fa4bdeef83dcc8dcc85aa6b645bb7c
PKG_VERSION:=4.19.161-1
PKG_RELEASE:=1
PKG_SOURCE_URL:=@KERNEL/linux/kernel/projects/backports/stable/v4.19.161/
PKG_HASH:=01a4173ba180eb8ca67c898239d5accb49a3ea9aea51510e17d5c937d6e93f9a
PKG_SOURCE:=backports-$(PKG_VERSION).tar.xz
PKG_BUILD_DIR:=$(KERNEL_BUILD_DIR)/backports-$(PKG_VERSION)

4
package/kernel/mac80211/patches/ath/404-regd_no_assoc_hints.patch
View File

@@ -1,6 +1,6 @@
--- a/net/wireless/reg.c
+++ b/net/wireless/reg.c
@@ -3034,6 +3034,8 @@ void regulatory_hint_country_ie(struct w
@@ -3037,6 +3037,8 @@ void regulatory_hint_country_ie(struct w
enum environment_cap env = ENVIRON_ANY;
struct regulatory_request *request = NULL, *lr;
@@ -9,7 +9,7 @@
/* IE len must be evenly divisible by 2 */
if (country_ie_len & 0x01)
return;
@@ -3259,6 +3261,7 @@ static bool is_wiphy_all_set_reg_flag(en
@@ -3262,6 +3264,7 @@ static bool is_wiphy_all_set_reg_flag(en
void regulatory_hint_disconnect(void)
{

2
package/kernel/mac80211/patches/ath/972-ath10k_fix-crash-due-to-wrong-handling-of-peer_bw_rxnss_override-parameter.patch
View File

@@ -105,7 +105,7 @@ v9: use SM/MS macros from code.h to simplify shift/mask handling
}
--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -7378,12 +7378,7 @@ ath10k_wmi_peer_assoc_fill_10_4(struct a
@@ -7391,12 +7391,7 @@ ath10k_wmi_peer_assoc_fill_10_4(struct a
struct wmi_10_4_peer_assoc_complete_cmd *cmd = buf;
ath10k_wmi_peer_assoc_fill_10_2(ar, buf, arg);

12
package/kernel/mac80211/patches/ath/974-ath10k_add-LED-and-GPIO-controlling-support-for-various-chipsets.patch
View File

@@ -475,7 +475,7 @@ v13:
static const struct wmi_peer_flags_map wmi_tlv_peer_flags_map = {
--- a/drivers/net/wireless/ath/ath10k/wmi.c
+++ b/drivers/net/wireless/ath/ath10k/wmi.c
@@ -7198,6 +7198,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
@@ -7211,6 +7211,49 @@ ath10k_wmi_op_gen_peer_set_param(struct
return skb;
}
@@ -525,7 +525,7 @@ v13:
static struct sk_buff *
ath10k_wmi_op_gen_set_psmode(struct ath10k *ar, u32 vdev_id,
enum wmi_sta_ps_mode psmode)
@@ -8809,6 +8852,9 @@ static const struct wmi_ops wmi_ops = {
@@ -8822,6 +8865,9 @@ static const struct wmi_ops wmi_ops = {
.fw_stats_fill = ath10k_wmi_main_op_fw_stats_fill,
.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
.gen_echo = ath10k_wmi_op_gen_echo,
@@ -535,7 +535,7 @@ v13:
/* .gen_bcn_tmpl not implemented */
/* .gen_prb_tmpl not implemented */
/* .gen_p2p_go_bcn_ie not implemented */
@@ -8879,6 +8925,8 @@ static const struct wmi_ops wmi_10_1_ops
@@ -8892,6 +8938,8 @@ static const struct wmi_ops wmi_10_1_ops
.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
.gen_echo = ath10k_wmi_op_gen_echo,
@@ -544,7 +544,7 @@ v13:
/* .gen_bcn_tmpl not implemented */
/* .gen_prb_tmpl not implemented */
/* .gen_p2p_go_bcn_ie not implemented */
@@ -8950,6 +8998,8 @@ static const struct wmi_ops wmi_10_2_ops
@@ -8963,6 +9011,8 @@ static const struct wmi_ops wmi_10_2_ops
.gen_delba_send = ath10k_wmi_op_gen_delba_send,
.fw_stats_fill = ath10k_wmi_10x_op_fw_stats_fill,
.get_vdev_subtype = ath10k_wmi_op_get_vdev_subtype,
@@ -553,7 +553,7 @@ v13:
/* .gen_pdev_enable_adaptive_cca not implemented */
};
@@ -9020,6 +9070,8 @@ static const struct wmi_ops wmi_10_2_4_o
@@ -9033,6 +9083,8 @@ static const struct wmi_ops wmi_10_2_4_o
.gen_pdev_enable_adaptive_cca =
ath10k_wmi_op_gen_pdev_enable_adaptive_cca,
.get_vdev_subtype = ath10k_wmi_10_2_4_op_get_vdev_subtype,
@@ -562,7 +562,7 @@ v13:
/* .gen_bcn_tmpl not implemented */
/* .gen_prb_tmpl not implemented */
/* .gen_p2p_go_bcn_ie not implemented */
@@ -9099,6 +9151,8 @@ static const struct wmi_ops wmi_10_4_ops
@@ -9112,6 +9164,8 @@ static const struct wmi_ops wmi_10_4_ops
.gen_pdev_bss_chan_info_req = ath10k_wmi_10_2_op_gen_pdev_bss_chan_info,
.gen_echo = ath10k_wmi_op_gen_echo,
.gen_pdev_get_tpc_config = ath10k_wmi_10_2_4_op_gen_pdev_get_tpc_config,

2
package/kernel/mac80211/patches/brcm/320-v5.0-0004-brcmfmac-Set-board_type-used-for-nvram-file-selectio.patch
View File

@@ -67,7 +67,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
fwreq->bus_nr = devinfo->pdev->bus->number;
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
@@ -4215,6 +4215,7 @@ brcmf_sdio_prepare_fw_request(struct brc
@@ -4219,6 +4219,7 @@ brcmf_sdio_prepare_fw_request(struct brc
fwreq->items[BRCMF_SDIO_FW_CODE].type = BRCMF_FW_TYPE_BINARY;
fwreq->items[BRCMF_SDIO_FW_NVRAM].type = BRCMF_FW_TYPE_NVRAM;

10
package/kernel/mac80211/patches/brcm/328-v5.0-0001-brcmfmac-add-credit-numbers-updating-support.patch
View File

@@ -27,7 +27,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
int credits_borrowed[BRCMF_FWS_FIFO_AC_VO + 1];
int deq_node_pos[BRCMF_FWS_FIFO_COUNT];
u32 fifo_credit_map;
@@ -1241,6 +1242,9 @@ static void brcmf_fws_return_credits(str
@@ -1245,6 +1246,9 @@ static void brcmf_fws_return_credits(str
}
fws->fifo_credit[fifo] += credits;
@@ -37,7 +37,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
}
static void brcmf_fws_schedule_deq(struct brcmf_fws_info *fws)
@@ -1599,19 +1603,21 @@ static int brcmf_fws_notify_credit_map(s
@@ -1603,19 +1607,21 @@ static int brcmf_fws_notify_credit_map(s
brcmf_err("event payload too small (%d)\n", e->datalen);
return -EINVAL;
}
@@ -63,7 +63,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
}
brcmf_fws_schedule_deq(fws);
brcmf_fws_unlock(fws);
@@ -2017,7 +2023,7 @@ static int brcmf_fws_borrow_credit(struc
@@ -2021,7 +2027,7 @@ static int brcmf_fws_borrow_credit(struc
}
for (lender_ac = 0; lender_ac <= BRCMF_FWS_FIFO_AC_VO; lender_ac++) {
@@ -72,7 +72,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
fws->credits_borrowed[lender_ac]++;
fws->fifo_credit[lender_ac]--;
if (fws->fifo_credit[lender_ac] == 0)
@@ -2216,8 +2222,9 @@ static void brcmf_fws_dequeue_worker(str
@@ -2220,8 +2226,9 @@ static void brcmf_fws_dequeue_worker(str
}
continue;
}
@@ -84,7 +84,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
skb = brcmf_fws_deq(fws, fifo);
if (!skb)
break;
@@ -2228,7 +2235,7 @@ static void brcmf_fws_dequeue_worker(str
@@ -2232,7 +2239,7 @@ static void brcmf_fws_dequeue_worker(str
break;
}
if ((fifo == BRCMF_FWS_FIFO_AC_BE) &&

16
package/kernel/mac80211/patches/brcm/328-v5.0-0003-brcmfmac-handle-compressed-tx-status-signal.patch
View File

@@ -18,7 +18,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
@@ -1459,9 +1459,10 @@ static int brcmf_fws_txstatus_suppressed
@@ -1463,9 +1463,10 @@ static int brcmf_fws_txstatus_suppressed
static int
brcmf_fws_txs_process(struct brcmf_fws_info *fws, u8 flags, u32 hslot,
@@ -30,7 +30,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
int ret;
bool remove_from_hanger = true;
struct sk_buff *skb;
@@ -1472,60 +1473,71 @@ brcmf_fws_txs_process(struct brcmf_fws_i
@@ -1476,60 +1477,71 @@ brcmf_fws_txs_process(struct brcmf_fws_i
brcmf_dbg(DATA, "flags %d\n", flags);
if (flags == BRCMF_FWS_TXSTATUS_DISCARD)
@@ -144,7 +144,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
return 0;
}
@@ -1551,7 +1563,8 @@ static int brcmf_fws_fifocreditback_indi
@@ -1555,7 +1567,8 @@ static int brcmf_fws_fifocreditback_indi
return BRCMF_FWS_RET_OK_SCHEDULE;
}
@@ -154,7 +154,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
{
__le32 status_le;
__le16 seq_le;
@@ -1560,23 +1573,31 @@ static int brcmf_fws_txstatus_indicate(s
@@ -1564,23 +1577,31 @@ static int brcmf_fws_txstatus_indicate(s
u32 genbit;
u8 flags;
u16 seq;
@@ -189,7 +189,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
brcmf_fws_unlock(fws);
return BRCMF_FWS_RET_OK_NOSCHEDULE;
}
@@ -1892,8 +1913,6 @@ void brcmf_fws_hdrpull(struct brcmf_if *
@@ -1896,8 +1917,6 @@ void brcmf_fws_hdrpull(struct brcmf_if *
err = BRCMF_FWS_RET_OK_NOSCHEDULE;
switch (type) {
@@ -198,7 +198,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
case BRCMF_FWS_TYPE_HOST_REORDER_RXPKTS:
rd = (struct brcmf_skb_reorder_data *)skb->cb;
rd->reorder = data;
@@ -1916,7 +1935,8 @@ void brcmf_fws_hdrpull(struct brcmf_if *
@@ -1920,7 +1939,8 @@ void brcmf_fws_hdrpull(struct brcmf_if *
err = brcmf_fws_request_indicate(fws, type, data);
break;
case BRCMF_FWS_TYPE_TXSTATUS:
@@ -208,7 +208,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
break;
case BRCMF_FWS_TYPE_FIFO_CREDITBACK:
err = brcmf_fws_fifocreditback_indicate(fws, data);
@@ -2005,7 +2025,7 @@ static void brcmf_fws_rollback_toq(struc
@@ -2009,7 +2029,7 @@ static void brcmf_fws_rollback_toq(struc
fws->stats.rollback_failed++;
hslot = brcmf_skb_htod_tag_get_field(skb, HSLOT);
brcmf_fws_txs_process(fws, BRCMF_FWS_TXSTATUS_HOST_TOSSED,
@@ -217,7 +217,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
} else {
fws->stats.rollback_success++;
brcmf_fws_return_credits(fws, fifo, 1);
@@ -2476,7 +2496,8 @@ void brcmf_fws_bustxfail(struct brcmf_fw
@@ -2480,7 +2500,8 @@ void brcmf_fws_bustxfail(struct brcmf_fw
}
brcmf_fws_lock(fws);
hslot = brcmf_skb_htod_tag_get_field(skb, HSLOT);

4
package/kernel/mac80211/patches/brcm/329-v5.0-0004-brcmfmac-add-support-for-CYW43012-SDIO-chipset.patch
View File

@@ -209,7 +209,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
if (err) {
brcmf_err("error writing SBSDIO_FUNC1_CHIPCLKCSR\n");
return;
@@ -4067,7 +4114,7 @@ static void brcmf_sdio_firmware_callback
@@ -4071,7 +4118,7 @@ static void brcmf_sdio_firmware_callback
const struct firmware *code;
void *nvram;
u32 nvram_len;
@@ -218,7 +218,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
u8 devctl;
brcmf_dbg(TRACE, "Enter: dev=%s, err=%d\n", dev_name(dev), err);
@@ -4101,8 +4148,11 @@ static void brcmf_sdio_firmware_callback
@@ -4105,8 +4152,11 @@ static void brcmf_sdio_firmware_callback
/* Force clocks on backplane to be sure F2 interrupt propagates */
saveclk = brcmf_sdiod_readb(sdiod, SBSDIO_FUNC1_CHIPCLKCSR, &err);
if (!err) {

2
package/kernel/mac80211/patches/brcm/329-v5.0-0006-brcmfmac-update-43012-F2-watermark-setting-to-fix-DM.patch
View File

@@ -29,7 +29,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
#ifdef DEBUG
@@ -4189,6 +4190,17 @@ static void brcmf_sdio_firmware_callback
@@ -4193,6 +4194,17 @@ static void brcmf_sdio_firmware_callback
CY_4373_F2_WATERMARK |
SBSDIO_MESBUSYCTRL_ENAB, &err);
break;

6
package/kernel/mac80211/patches/brcm/349-v5.1-0005-brcmfmac-check-and-dump-trap-info-during-sdio-probe.patch
View File

@@ -81,7 +81,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
return 0;
}
@@ -4213,7 +4229,7 @@ static void brcmf_sdio_firmware_callback
@@ -4217,7 +4233,7 @@ static void brcmf_sdio_firmware_callback
} else {
/* Disable F2 again */
sdio_disable_func(sdiod->func2);
@@ -90,7 +90,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
}
if (brcmf_chip_sr_capable(bus->ci)) {
@@ -4234,8 +4250,10 @@ static void brcmf_sdio_firmware_callback
@@ -4238,8 +4254,10 @@ static void brcmf_sdio_firmware_callback
}
/* If we didn't come up, turn off backplane clock */
@@ -102,7 +102,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
sdio_release_host(sdiod->func1);
@@ -4249,12 +4267,15 @@ static void brcmf_sdio_firmware_callback
@@ -4253,12 +4271,15 @@ static void brcmf_sdio_firmware_callback
err = brcmf_attach(sdiod->dev, sdiod->settings);
if (err != 0) {
brcmf_err("brcmf_attach failed\n");

30
package/kernel/mac80211/patches/brcm/354-v5.1-brcmfmac-use-bphy_err-in-all-wiphy-related-code.patch
View File

@@ -690,7 +690,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
ifp->bsscfgidx, name, len);
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
@@ -1259,6 +1259,7 @@ static int brcmf_fws_enq(struct brcmf_fw
@@ -1263,6 +1263,7 @@ static int brcmf_fws_enq(struct brcmf_fw
enum brcmf_fws_skb_state state, int fifo,
struct sk_buff *p)
{
@@ -698,7 +698,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
int prec = 2 * fifo;
u32 *qfull_stat = &fws->stats.delayq_full_error;
struct brcmf_fws_mac_descriptor *entry;
@@ -1271,7 +1272,7 @@ static int brcmf_fws_enq(struct brcmf_fw
@@ -1275,7 +1276,7 @@ static int brcmf_fws_enq(struct brcmf_fw
entry = brcmf_skbcb(p)->mac;
if (entry == NULL) {
@@ -707,7 +707,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
return -ENOENT;
}
@@ -1461,6 +1462,7 @@ static int
@@ -1465,6 +1466,7 @@ static int
brcmf_fws_txs_process(struct brcmf_fws_info *fws, u8 flags, u32 hslot,
u32 genbit, u16 seq, u8 compcnt)
{
@@ -715,7 +715,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
u32 fifo;
u8 cnt = 0;
int ret;
@@ -1485,14 +1487,14 @@ brcmf_fws_txs_process(struct brcmf_fws_i
@@ -1489,14 +1491,14 @@ brcmf_fws_txs_process(struct brcmf_fws_i
else if (flags == BRCMF_FWS_TXSTATUS_HOST_TOSSED)
fws->stats.txs_host_tossed += compcnt;
else
@@ -733,7 +733,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
goto cont;
}
@@ -1616,12 +1618,13 @@ static int brcmf_fws_notify_credit_map(s
@@ -1620,12 +1622,13 @@ static int brcmf_fws_notify_credit_map(s
const struct brcmf_event_msg *e,
void *data)
{
@@ -749,7 +749,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
return -EINVAL;
}
@@ -1685,6 +1688,7 @@ static void brcmf_rxreorder_get_skb_list
@@ -1689,6 +1692,7 @@ static void brcmf_rxreorder_get_skb_list
void brcmf_fws_rxreorder(struct brcmf_if *ifp, struct sk_buff *pkt)
{
@@ -757,7 +757,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
u8 *reorder_data;
u8 flow_id, max_idx, cur_idx, exp_idx, end_idx;
struct brcmf_ampdu_rx_reorder *rfi;
@@ -1699,7 +1703,7 @@ void brcmf_fws_rxreorder(struct brcmf_if
@@ -1703,7 +1707,7 @@ void brcmf_fws_rxreorder(struct brcmf_if
/* validate flags and flow id */
if (flags == 0xFF) {
@@ -766,7 +766,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
brcmf_netif_rx(ifp, pkt);
return;
}
@@ -1736,7 +1740,7 @@ void brcmf_fws_rxreorder(struct brcmf_if
@@ -1740,7 +1744,7 @@ void brcmf_fws_rxreorder(struct brcmf_if
flow_id, max_idx);
rfi = kzalloc(buf_size, GFP_ATOMIC);
if (rfi == NULL) {
@@ -775,7 +775,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
brcmf_netif_rx(ifp, pkt);
return;
}
@@ -2000,6 +2004,7 @@ static u8 brcmf_fws_precommit_skb(struct
@@ -2004,6 +2008,7 @@ static u8 brcmf_fws_precommit_skb(struct
static void brcmf_fws_rollback_toq(struct brcmf_fws_info *fws,
struct sk_buff *skb, int fifo)
{
@@ -783,7 +783,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
struct brcmf_fws_mac_descriptor *entry;
struct sk_buff *pktout;
int qidx, hslot;
@@ -2013,11 +2018,11 @@ static void brcmf_fws_rollback_toq(struc
@@ -2017,11 +2022,11 @@ static void brcmf_fws_rollback_toq(struc
pktout = brcmu_pktq_penq_head(&entry->psq, qidx, skb);
if (pktout == NULL) {
@@ -797,7 +797,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
rc = -ENOENT;
}
@@ -2122,7 +2127,8 @@ static int brcmf_fws_assign_htod(struct
@@ -2126,7 +2131,8 @@ static int brcmf_fws_assign_htod(struct
int brcmf_fws_process_skb(struct brcmf_if *ifp, struct sk_buff *skb)
{
@@ -807,7 +807,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
struct brcmf_skbuff_cb *skcb = brcmf_skbcb(skb);
struct ethhdr *eh = (struct ethhdr *)(skb->data);
int fifo = BRCMF_FWS_FIFO_BCMC;
@@ -2150,7 +2156,7 @@ int brcmf_fws_process_skb(struct brcmf_i
@@ -2154,7 +2160,7 @@ int brcmf_fws_process_skb(struct brcmf_i
brcmf_fws_enq(fws, BRCMF_FWS_SKBSTATE_DELAYED, fifo, skb);
brcmf_fws_schedule_deq(fws);
} else {
@@ -816,7 +816,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
brcmf_txfinalize(ifp, skb, false);
rc = -ENOMEM;
}
@@ -2371,7 +2377,7 @@ struct brcmf_fws_info *brcmf_fws_attach(
@@ -2375,7 +2381,7 @@ struct brcmf_fws_info *brcmf_fws_attach(
fws->fws_wq = create_singlethread_workqueue("brcmf_fws_wq");
if (fws->fws_wq == NULL) {
@@ -825,7 +825,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
rc = -EBADF;
goto fail;
}
@@ -2387,13 +2393,13 @@ struct brcmf_fws_info *brcmf_fws_attach(
@@ -2391,13 +2397,13 @@ struct brcmf_fws_info *brcmf_fws_attach(
rc = brcmf_fweh_register(drvr, BRCMF_E_FIFO_CREDIT_MAP,
brcmf_fws_notify_credit_map);
if (rc < 0) {
@@ -841,7 +841,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
brcmf_fweh_unregister(drvr, BRCMF_E_FIFO_CREDIT_MAP);
goto fail;
}
@@ -2405,7 +2411,7 @@ struct brcmf_fws_info *brcmf_fws_attach(
@@ -2409,7 +2415,7 @@ struct brcmf_fws_info *brcmf_fws_attach(
fws->fw_signals = true;
ifp = brcmf_get_ifp(drvr, 0);
if (brcmf_fil_iovar_int_set(ifp, "tlv", tlv)) {

2
package/kernel/mac80211/patches/brcm/384-v5.4-0001-Revert-brcmfmac-fix-NULL-pointer-derefence-during-US.patch
View File

@@ -85,7 +85,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
wiphy_free(drvr->wiphy);
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
@@ -2432,25 +2432,17 @@ struct brcmf_fws_info *brcmf_fws_attach(
@@ -2436,25 +2436,17 @@ struct brcmf_fws_info *brcmf_fws_attach(
return fws;
fail:

2
package/kernel/mac80211/patches/brcm/392-v5.4-0002-brcmfmac-split-brcmf_attach-and-brcmf_detach-functio.patch
View File

@@ -153,7 +153,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
kfree(bus->msgbuf->flowrings);
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
@@ -4254,17 +4254,26 @@ static void brcmf_sdio_firmware_callback
@@ -4258,17 +4258,26 @@ static void brcmf_sdio_firmware_callback
sdiod->bus_if->chip = bus->ci->chip;
sdiod->bus_if->chiprev = bus->ci->chiprev;

2
package/kernel/mac80211/patches/brcm/414-v5.6-0002-brcmfmac-set-F2-blocksize-and-watermark-for-4359.patch
View File

@@ -57,7 +57,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
#ifdef DEBUG
@@ -4212,6 +4214,19 @@ static void brcmf_sdio_firmware_callback
@@ -4216,6 +4218,19 @@ static void brcmf_sdio_firmware_callback
brcmf_sdiod_writeb(sdiod, SBSDIO_DEVICE_CTL, devctl,
&err);
break;

2
package/kernel/mac80211/patches/brcm/417-v5.6-brcmfmac-use-true-false-for-bool-variable.patch
View File

@@ -16,7 +16,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/fwsignal.c
@@ -908,7 +908,7 @@ static u8 brcmf_fws_hdrpush(struct brcmf
@@ -912,7 +912,7 @@ static u8 brcmf_fws_hdrpush(struct brcmf
wlh += wlh[1] + 2;
if (entry->send_tim_signal) {

4
package/kernel/mac80211/patches/brcm/418-v5.6-brcmfmac-sdio-Fix-OOB-interrupt-initialization-on-br.patch
View File

@@ -29,7 +29,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/sdio.c
@@ -4249,6 +4249,12 @@ static void brcmf_sdio_firmware_callback
@@ -4253,6 +4253,12 @@ static void brcmf_sdio_firmware_callback
}
if (err == 0) {
@@ -42,7 +42,7 @@ Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
/* Allow full data communication using DPC from now on. */
brcmf_sdiod_change_state(bus->sdiodev, BRCMF_SDIOD_DATA);
@@ -4265,12 +4271,6 @@ static void brcmf_sdio_firmware_callback
@@ -4269,12 +4275,6 @@ static void brcmf_sdio_firmware_callback
sdio_release_host(sdiod->func1);

33
package/kernel/mac80211/patches/subsys/090-wireless-Use-linux-stddef.h-instead-of-stddef.h.patch
View File

@@ -1,33 +0,0 @@
From 1b9ae0c92925ac40489be526d67d0010d0724ce0 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Thu, 21 May 2020 22:14:22 +0200
Subject: [PATCH] wireless: Use linux/stddef.h instead of stddef.h
When compiling inside the kernel include linux/stddef.h instead of
stddef.h. When I compile this header file in backports for power PC I
run into a conflict with ptrdiff_t. I was unable to reproduce this in
mainline kernel. I still would like to fix this problem in the kernel.
Fixes: 6989310f5d43 ("wireless: Use offsetof instead of custom macro.")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Link: https://lore.kernel.org/r/20200521201422.16493-1-hauke@hauke-m.de
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
include/uapi/linux/wireless.h | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
--- a/include/uapi/linux/wireless.h
+++ b/include/uapi/linux/wireless.h
@@ -74,7 +74,11 @@
#include <linux/socket.h> /* for "struct sockaddr" et al */
#include <linux/if.h> /* for IFNAMSIZ and co... */
-#include <stddef.h> /* for offsetof */
+#ifdef __KERNEL__
+# include <linux/stddef.h> /* for offsetof */
+#else
+# include <stddef.h> /* for offsetof */
+#endif
/***************************** VERSION *****************************/
/*

2
package/kernel/mac80211/patches/subsys/110-mac80211_keep_keys_on_stop_ap.patch
View File

@@ -2,7 +2,7 @@ Used for AP+STA support in OpenWrt - preserve AP mode keys across STA reconnects
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1067,7 +1067,6 @@ static int ieee80211_stop_ap(struct wiph
@@ -1068,7 +1068,6 @@ static int ieee80211_stop_ap(struct wiph
sdata->u.ap.driver_smps_mode = IEEE80211_SMPS_OFF;
__sta_info_flush(sdata, true);

2
package/kernel/mac80211/patches/subsys/140-tweak-TSQ-setting.patch
View File

@@ -1,6 +1,6 @@
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3822,6 +3822,12 @@ out:
@@ -3833,6 +3833,12 @@ out:
netdev_tx_t ieee80211_subif_start_xmit(struct sk_buff *skb,
struct net_device *dev)
{

2
package/kernel/mac80211/patches/subsys/210-ap_scan.patch
View File

@@ -1,6 +1,6 @@
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2189,7 +2189,7 @@ static int ieee80211_scan(struct wiphy *
@@ -2190,7 +2190,7 @@ static int ieee80211_scan(struct wiphy *
* the frames sent while scanning on other channel will be
* lost)
*/

4
package/kernel/mac80211/patches/subsys/300-mac80211-add-stop-start-logic-for-software-TXQs.patch
View File

@@ -100,7 +100,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
(unsigned long) local);
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3487,13 +3487,19 @@ struct sk_buff *ieee80211_tx_dequeue(str
@@ -3498,13 +3498,19 @@ struct sk_buff *ieee80211_tx_dequeue(str
struct ieee80211_tx_info *info;
struct ieee80211_tx_data tx;
ieee80211_tx_result r;
@@ -122,7 +122,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
/* Make sure fragments stay together. */
skb = __skb_dequeue(&txqi->frags);
if (skb)
@@ -3606,6 +3612,7 @@ begin:
@@ -3617,6 +3623,7 @@ begin:
}
IEEE80211_SKB_CB(skb)->control.vif = vif;

12
package/kernel/mac80211/patches/subsys/304-mac80211-minstrel-remove-unnecessary-debugfs-cleanup.patch
View File

@@ -10,7 +10,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -689,8 +689,8 @@ minstrel_alloc(struct ieee80211_hw *hw,
@@ -672,8 +672,8 @@ minstrel_alloc(struct ieee80211_hw *hw,
#ifdef CPTCFG_MAC80211_DEBUGFS
mp->fixed_rate_idx = (u32) -1;
@@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
#endif
minstrel_init_cck_rates(mp);
@@ -701,9 +701,6 @@ minstrel_alloc(struct ieee80211_hw *hw,
@@ -684,9 +684,6 @@ minstrel_alloc(struct ieee80211_hw *hw,
static void
minstrel_free(void *priv)
{
@@ -31,7 +31,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
kfree(priv);
}
@@ -735,7 +732,6 @@ const struct rate_control_ops mac80211_m
@@ -718,7 +715,6 @@ const struct rate_control_ops mac80211_m
.free_sta = minstrel_free_sta,
#ifdef CPTCFG_MAC80211_DEBUGFS
.add_sta_debugfs = minstrel_add_sta_debugfs,
@@ -41,7 +41,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
};
--- a/net/mac80211/rc80211_minstrel.h
+++ b/net/mac80211/rc80211_minstrel.h
@@ -109,11 +109,6 @@ struct minstrel_sta_info {
@@ -108,11 +108,6 @@ struct minstrel_sta_info {
/* sampling table */
u8 *sample_table;
@@ -53,7 +53,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
};
struct minstrel_priv {
@@ -137,7 +132,6 @@ struct minstrel_priv {
@@ -136,7 +131,6 @@ struct minstrel_priv {
* - setting will be applied on next update
*/
u32 fixed_rate_idx;
@@ -61,7 +61,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
#endif
};
@@ -156,7 +150,6 @@ minstrel_get_ewmsd10(struct minstrel_rat
@@ -155,7 +149,6 @@ minstrel_get_ewmsd10(struct minstrel_rat
extern const struct rate_control_ops mac80211_minstrel;
void minstrel_add_sta_debugfs(void *priv, void *priv_sta, struct dentry *dir);

6
package/kernel/mac80211/patches/subsys/305-mac80211-minstrel-merge-with-minstrel_ht-always-enab.patch
View File

@@ -117,7 +117,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
#endif /* IEEE80211_RATE_H */
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -572,138 +572,6 @@ minstrel_rate_init(void *priv, struct ie
@@ -555,138 +555,6 @@ minstrel_rate_init(void *priv, struct ie
minstrel_update_rates(mp, mi);
}
@@ -256,7 +256,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
static u32 minstrel_get_expected_throughput(void *priv_sta)
{
struct minstrel_sta_info *mi = priv_sta;
@@ -722,28 +590,8 @@ static u32 minstrel_get_expected_through
@@ -705,28 +573,8 @@ static u32 minstrel_get_expected_through
}
const struct rate_control_ops mac80211_minstrel = {
@@ -287,7 +287,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
-}
--- a/net/mac80211/rc80211_minstrel.h
+++ b/net/mac80211/rc80211_minstrel.h
@@ -158,7 +158,5 @@ int minstrel_get_tp_avg(struct minstrel_
@@ -157,7 +157,5 @@ int minstrel_get_tp_avg(struct minstrel_
/* debugfs */
int minstrel_stats_open(struct inode *inode, struct file *file);
int minstrel_stats_csv_open(struct inode *inode, struct file *file);

2
package/kernel/mac80211/patches/subsys/316-mac80211-minstrel_ht-improve-rate-probing-for-device.patch
View File

@@ -41,7 +41,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/mac80211/rc80211_minstrel.h
+++ b/net/mac80211/rc80211_minstrel.h
@@ -114,6 +114,7 @@ struct minstrel_sta_info {
@@ -113,6 +113,7 @@ struct minstrel_sta_info {
struct minstrel_priv {
struct ieee80211_hw *hw;
bool has_mrr;

4
package/kernel/mac80211/patches/subsys/320-mac80211-Add-TXQ-scheduling-API.patch
View File

@@ -191,7 +191,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -1249,7 +1249,7 @@ void ieee80211_sta_ps_deliver_wakeup(str
@@ -1261,7 +1261,7 @@ void ieee80211_sta_ps_deliver_wakeup(str
if (!txq_has_queue(sta->sta.txq[i]))
continue;
@@ -229,7 +229,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
return true;
}
@@ -3620,6 +3624,60 @@ out:
@@ -3631,6 +3635,60 @@ out:
}
EXPORT_SYMBOL(ieee80211_tx_dequeue);

6
package/kernel/mac80211/patches/subsys/321-cfg80211-Add-airtime-statistics-and-settings.patch
View File

@@ -156,7 +156,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
};
/* policy for the key attributes */
@@ -4709,6 +4710,11 @@ static int nl80211_send_station(struct s
@@ -4715,6 +4716,11 @@ static int nl80211_send_station(struct s
PUT_SINFO(PLID, plid, u16);
PUT_SINFO(PLINK_STATE, plink_state, u8);
PUT_SINFO_U64(RX_DURATION, rx_duration);
@@ -168,7 +168,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
switch (rdev->wiphy.signal_type) {
case CFG80211_SIGNAL_TYPE_MBM:
@@ -5345,6 +5351,15 @@ static int nl80211_set_station(struct sk
@@ -5351,6 +5357,15 @@ static int nl80211_set_station(struct sk
nla_get_u8(info->attrs[NL80211_ATTR_OPMODE_NOTIF]);
}
@@ -184,7 +184,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
/* Include parameters for TDLS peer (will check later) */
err = nl80211_set_station_tdls(info, &params);
if (err)
@@ -5483,6 +5498,15 @@ static int nl80211_new_station(struct sk
@@ -5489,6 +5504,15 @@ static int nl80211_new_station(struct sk
return -EINVAL;
}

12
package/kernel/mac80211/patches/subsys/322-mac80211-Add-airtime-accounting-and-scheduling-to-TX.patch
View File

@@ -125,7 +125,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* The values are not guaranteed to be coherent with regard to each other, i.e.
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -1390,6 +1390,9 @@ static int sta_apply_parameters(struct i
@@ -1391,6 +1391,9 @@ static int sta_apply_parameters(struct i
if (ieee80211_vif_is_mesh(&sdata->vif))
sta_apply_mesh_params(local, sta, params);
@@ -289,7 +289,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
}
}
@@ -381,9 +378,12 @@ struct sta_info *sta_info_alloc(struct i
@@ -399,9 +396,12 @@ struct sta_info *sta_info_alloc(struct i
if (sta_prepare_rate_control(local, sta, gfp))
goto free_txq;
@@ -302,7 +302,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
}
for (i = 0; i < IEEE80211_NUM_TIDS; i++)
@@ -1826,6 +1826,27 @@ void ieee80211_sta_set_buffered(struct i
@@ -1838,6 +1838,27 @@ void ieee80211_sta_set_buffered(struct i
}
EXPORT_SYMBOL(ieee80211_sta_set_buffered);
@@ -330,7 +330,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
int sta_info_move_state(struct sta_info *sta,
enum ieee80211_sta_state new_state)
{
@@ -2192,6 +2213,23 @@ void sta_set_sinfo(struct sta_info *sta,
@@ -2208,6 +2229,23 @@ void sta_set_sinfo(struct sta_info *sta,
sinfo->filled |= BIT_ULL(NL80211_STA_INFO_TX_FAILED);
}
@@ -412,7 +412,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
spin_lock_bh(&local->active_txq_lock[txqi->txq.ac]);
list_del_init(&txqi->schedule_order);
spin_unlock_bh(&local->active_txq_lock[txqi->txq.ac]);
@@ -3631,11 +3634,28 @@ struct ieee80211_txq *ieee80211_next_txq
@@ -3642,11 +3645,28 @@ struct ieee80211_txq *ieee80211_next_txq
lockdep_assert_held(&local->active_txq_lock[ac]);
@@ -442,7 +442,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
return NULL;
list_del_init(&txqi->schedule_order);
@@ -3653,12 +3673,74 @@ void ieee80211_return_txq(struct ieee802
@@ -3664,12 +3684,74 @@ void ieee80211_return_txq(struct ieee802
lockdep_assert_held(&local->active_txq_lock[txq->ac]);
if (list_empty(&txqi->schedule_order) &&

2
package/kernel/mac80211/patches/subsys/323-mac80211-Expose-ieee80211_schedule_txq-function.patch
View File

@@ -51,7 +51,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3693,6 +3693,19 @@ void ieee80211_return_txq(struct ieee802
@@ -3704,6 +3704,19 @@ void ieee80211_return_txq(struct ieee802
}
EXPORT_SYMBOL(ieee80211_return_txq);

6
package/kernel/mac80211/patches/subsys/350-mac80211-add-hdrlen-to-ieee80211_tx_data.patch
View File

@@ -48,7 +48,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (likely(sta)) {
if (!IS_ERR(sta))
tx->sta = sta;
@@ -3525,6 +3525,7 @@ begin:
@@ -3536,6 +3536,7 @@ begin:
tx.local = local;
tx.skb = skb;
tx.sdata = vif_to_sdata(info->control.vif);
@@ -56,7 +56,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (txq->sta) {
tx.sta = container_of(txq->sta, struct sta_info, sta);
@@ -3569,7 +3570,7 @@ begin:
@@ -3580,7 +3581,7 @@ begin:
if (tx.key &&
(tx.key->conf.flags & IEEE80211_KEY_FLAG_GENERATE_IV))
@@ -65,7 +65,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
ieee80211_xmit_fast_finish(sta->sdata, sta, pn_offs,
tx.key, skb);
@@ -4028,6 +4029,7 @@ ieee80211_build_data_template(struct iee
@@ -4039,6 +4040,7 @@ ieee80211_build_data_template(struct iee
hdr = (void *)skb->data;
tx.sta = sta_info_get(sdata, hdr->addr1);
tx.skb = skb;

14
package/kernel/mac80211/patches/subsys/351-mac80211-add-TX_NEEDS_ALIGNED4_SKBS-hw-flag.patch
View File

@@ -227,7 +227,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (likely(sta)) {
if (!IS_ERR(sta))
@@ -2222,7 +2221,7 @@ netdev_tx_t ieee80211_monitor_start_xmit
@@ -2233,7 +2232,7 @@ netdev_tx_t ieee80211_monitor_start_xmit
goto fail;
hdr = (struct ieee80211_hdr *)(skb->data + len_rthdr);
@@ -236,7 +236,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (skb->len < len_rthdr + hdrlen)
goto fail;
@@ -2441,7 +2440,7 @@ static struct sk_buff *ieee80211_build_h
@@ -2452,7 +2451,7 @@ static struct sk_buff *ieee80211_build_h
struct ieee80211_chanctx_conf *chanctx_conf;
struct ieee80211_sub_if_data *ap_sdata;
enum nl80211_band band;
@@ -245,7 +245,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (IS_ERR(sta))
sta = NULL;
@@ -2740,7 +2739,9 @@ static struct sk_buff *ieee80211_build_h
@@ -2751,7 +2750,9 @@ static struct sk_buff *ieee80211_build_h
}
skb_pull(skb, skip_header_bytes);
@@ -255,7 +255,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/*
* So we need to modify the skb header and hence need a copy of
@@ -2773,6 +2774,9 @@ static struct sk_buff *ieee80211_build_h
@@ -2784,6 +2785,9 @@ static struct sk_buff *ieee80211_build_h
memcpy(skb_push(skb, meshhdrlen), &mesh_hdr, meshhdrlen);
#endif
@@ -265,7 +265,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (ieee80211_is_data_qos(fc)) {
__le16 *qos_control;
@@ -2949,6 +2953,8 @@ void ieee80211_check_fast_xmit(struct st
@@ -2960,6 +2964,8 @@ void ieee80211_check_fast_xmit(struct st
fc |= cpu_to_le16(IEEE80211_STYPE_QOS_DATA);
}
@@ -274,7 +274,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/* We store the key here so there's no point in using rcu_dereference()
* but that's fine because the code that changes the pointers will call
* this function after doing so. For a single CPU that would be enough,
@@ -3525,7 +3531,7 @@ begin:
@@ -3536,7 +3542,7 @@ begin:
tx.local = local;
tx.skb = skb;
tx.sdata = vif_to_sdata(info->control.vif);
@@ -283,7 +283,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (txq->sta) {
tx.sta = container_of(txq->sta, struct sta_info, sta);
@@ -4029,7 +4035,7 @@ ieee80211_build_data_template(struct iee
@@ -4040,7 +4046,7 @@ ieee80211_build_data_template(struct iee
hdr = (void *)skb->data;
tx.sta = sta_info_get(sdata, hdr->addr1);
tx.skb = skb;

10
package/kernel/mac80211/patches/subsys/352-mac80211-rework-locking-for-txq-scheduling-airtime-f.patch
View File

@@ -95,7 +95,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
* ieee80211_txq_may_transmit - check whether TXQ is allowed to transmit
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3637,16 +3637,17 @@ EXPORT_SYMBOL(ieee80211_tx_dequeue);
@@ -3648,16 +3648,17 @@ EXPORT_SYMBOL(ieee80211_tx_dequeue);
struct ieee80211_txq *ieee80211_next_txq(struct ieee80211_hw *hw, u8 ac)
{
struct ieee80211_local *local = hw_to_local(hw);
@@ -115,7 +115,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (txqi->txq.sta) {
struct sta_info *sta = container_of(txqi->txq.sta,
@@ -3663,21 +3664,25 @@ struct ieee80211_txq *ieee80211_next_txq
@@ -3674,21 +3675,25 @@ struct ieee80211_txq *ieee80211_next_txq
if (txqi->schedule_round == local->schedule_round[ac])
@@ -146,7 +146,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (list_empty(&txqi->schedule_order) &&
(!skb_queue_empty(&txqi->frags) || txqi->tin.backlog_packets)) {
@@ -3697,18 +3702,7 @@ void ieee80211_return_txq(struct ieee802
@@ -3708,18 +3713,7 @@ void ieee80211_return_txq(struct ieee802
list_add_tail(&txqi->schedule_order,
&local->active_txqs[txq->ac]);
}
@@ -165,7 +165,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
spin_unlock_bh(&local->active_txq_lock[txq->ac]);
}
EXPORT_SYMBOL(ieee80211_schedule_txq);
@@ -3721,7 +3715,7 @@ bool ieee80211_txq_may_transmit(struct i
@@ -3732,7 +3726,7 @@ bool ieee80211_txq_may_transmit(struct i
struct sta_info *sta;
u8 ac = txq->ac;
@@ -174,7 +174,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
if (!txqi->txq.sta)
goto out;
@@ -3751,34 +3745,27 @@ bool ieee80211_txq_may_transmit(struct i
@@ -3762,34 +3756,27 @@ bool ieee80211_txq_may_transmit(struct i
sta->airtime[ac].deficit += sta->airtime_weight;
list_move_tail(&txqi->schedule_order, &local->active_txqs[ac]);

6
package/kernel/mac80211/patches/subsys/354-mac80211-calculate-hash-for-fq-without-holding-fq-lo.patch
View File

@@ -111,7 +111,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
schedule_and_wake_txq(local, txqi);
@@ -3200,6 +3201,7 @@ static bool ieee80211_amsdu_aggregate(st
@@ -3211,6 +3212,7 @@ static bool ieee80211_amsdu_aggregate(st
u8 max_subframes = sta->sta.max_amsdu_subframes;
int max_frags = local->hw.max_tx_fragments;
int max_amsdu_len = sta->sta.max_amsdu_len;
@@ -119,7 +119,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
int orig_truesize;
__be16 len;
void *data;
@@ -3222,6 +3224,8 @@ static bool ieee80211_amsdu_aggregate(st
@@ -3233,6 +3235,8 @@ static bool ieee80211_amsdu_aggregate(st
max_amsdu_len = min_t(int, max_amsdu_len,
sta->sta.max_rc_amsdu_len);
@@ -128,7 +128,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
spin_lock_bh(&fq->lock);
/* TODO: Ideally aggregation should be done on dequeue to remain
@@ -3229,7 +3233,8 @@ static bool ieee80211_amsdu_aggregate(st
@@ -3240,7 +3244,8 @@ static bool ieee80211_amsdu_aggregate(st
*/
tin = &txqi->tin;

8
package/kernel/mac80211/patches/subsys/355-mac80211-run-late-dequeue-late-tx-handlers-without-h.patch
View File

@@ -10,7 +10,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3507,6 +3507,7 @@ struct sk_buff *ieee80211_tx_dequeue(str
@@ -3518,6 +3518,7 @@ struct sk_buff *ieee80211_tx_dequeue(str
ieee80211_tx_result r;
struct ieee80211_vif *vif = txq->vif;
@@ -18,7 +18,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
spin_lock_bh(&fq->lock);
if (test_bit(IEEE80211_TXQ_STOP, &txqi->flags) ||
@@ -3523,11 +3524,12 @@ struct sk_buff *ieee80211_tx_dequeue(str
@@ -3534,11 +3535,12 @@ struct sk_buff *ieee80211_tx_dequeue(str
if (skb)
goto out;
@@ -32,7 +32,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
hdr = (struct ieee80211_hdr *)skb->data;
info = IEEE80211_SKB_CB(skb);
@@ -3591,8 +3593,11 @@ begin:
@@ -3602,8 +3604,11 @@ begin:
skb = __skb_dequeue(&tx.skbs);
@@ -45,7 +45,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
}
if (skb && skb_has_frag_list(skb) &&
@@ -3631,6 +3636,7 @@ begin:
@@ -3642,6 +3647,7 @@ begin:
}
IEEE80211_SKB_CB(skb)->control.vif = vif;

202
package/kernel/mac80211/patches/subsys/357-mac80211-optimize-skb-resizing.patch
View File

@@ -1,202 +0,0 @@
From: Felix Fietkau <nbd@nbd.name>
Date: Sun, 17 Mar 2019 18:11:30 +0100
Subject: [PATCH] mac80211: optimize skb resizing
When forwarding unicast packets from ethernet to batman-adv over 802.11s
(with forwarding disabled), the typical required headroom to transmit
encrypted packets on mt76 is 32 (802.11) + 6 (802.11s) + 8 (CCMP) +
2 (padding) + 6 (LLC) + 18 (batman-adv) - 14 (old ethernet header) = 58 bytes.
On systems where NET_SKB_PAD is 64 this leads to a call to pskb_expand_head
for every packet, since mac80211 also tries to allocate 16 bytes status
headroom for radiotap headers.
This patch fixes these unnecessary reallocations by only requiring the extra
status headroom in ieee80211_tx_monitor()
If however a reallocation happens before that call, the status headroom gets
added there as well, in order to avoid double reallocation.
The patch also cleans up the code by moving the headroom calculation to
ieee80211_skb_resize.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -1762,6 +1762,9 @@ void ieee80211_clear_fast_xmit(struct st
int ieee80211_tx_control_port(struct wiphy *wiphy, struct net_device *dev,
const u8 *buf, size_t len,
const u8 *dest, __be16 proto, bool unencrypted);
+int ieee80211_skb_resize(struct ieee80211_local *local,
+ struct ieee80211_sub_if_data *sdata,
+ struct sk_buff *skb, int hdrlen, int hdr_add);
/* HT */
void ieee80211_apply_htcap_overrides(struct ieee80211_sub_if_data *sdata,
--- a/net/mac80211/status.c
+++ b/net/mac80211/status.c
@@ -671,6 +671,11 @@ void ieee80211_tx_monitor(struct ieee802
}
}
+ if (ieee80211_skb_resize(local, NULL, skb, 0, 0)) {
+ dev_kfree_skb(skb);
+ return;
+ }
+
/* send frame to monitor interfaces now */
rtap_len = ieee80211_tx_radiotap_len(info);
if (WARN_ON_ONCE(skb_headroom(skb) < rtap_len)) {
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -1914,37 +1914,53 @@ static bool ieee80211_tx(struct ieee8021
}
/* device xmit handlers */
-
-static int ieee80211_skb_resize(struct ieee80211_sub_if_data *sdata,
- struct sk_buff *skb,
- int head_need, bool may_encrypt)
+int ieee80211_skb_resize(struct ieee80211_local *local,
+ struct ieee80211_sub_if_data *sdata,
+ struct sk_buff *skb, int hdr_len, int hdr_extra)
{
- struct ieee80211_local *local = sdata->local;
+ struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
struct ieee80211_hdr *hdr;
- bool enc_tailroom;
- int tail_need = 0;
-
- hdr = (struct ieee80211_hdr *) skb->data;
- enc_tailroom = may_encrypt &&
- (sdata->crypto_tx_tailroom_needed_cnt ||
- ieee80211_is_mgmt(hdr->frame_control));
-
- if (enc_tailroom) {
- tail_need = IEEE80211_ENCRYPT_TAILROOM;
- tail_need -= skb_tailroom(skb);
- tail_need = max_t(int, tail_need, 0);
+ int head_need, head_max;
+ int tail_need, tail_max;
+ bool enc_tailroom = false;
+
+ if (sdata && !hdr_len &&
+ !(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT)) {
+ hdr = (struct ieee80211_hdr *) skb->data;
+ enc_tailroom = (sdata->crypto_tx_tailroom_needed_cnt ||
+ ieee80211_is_mgmt(hdr->frame_control));
+ hdr_len += sdata->encrypt_headroom;
+ }
+
+ head_need = head_max = hdr_len;
+ tail_need = tail_max = 0;
+ if (!sdata) {
+ head_need = head_max = local->tx_headroom;
+ } else {
+ head_max += hdr_extra;
+ head_max += max_t(int, local->tx_headroom,
+ local->hw.extra_tx_headroom);
+ head_need += local->hw.extra_tx_headroom;
+
+ tail_max = IEEE80211_ENCRYPT_TAILROOM;
+ if (enc_tailroom)
+ tail_need = tail_max;
}
if (skb_cloned(skb) &&
(!ieee80211_hw_check(&local->hw, SUPPORTS_CLONED_SKBS) ||
!skb_clone_writable(skb, ETH_HLEN) || enc_tailroom))
I802_DEBUG_INC(local->tx_expand_skb_head_cloned);
- else if (head_need || tail_need)
+ else if (head_need > skb_headroom(skb) ||
+ tail_need > skb_tailroom(skb))
I802_DEBUG_INC(local->tx_expand_skb_head);
else
return 0;
- if (pskb_expand_head(skb, head_need, tail_need, GFP_ATOMIC)) {
+ head_max = max_t(int, 0, head_max - skb_headroom(skb));
+ tail_max = max_t(int, 0, tail_max - skb_tailroom(skb));
+
+ if (pskb_expand_head(skb, head_max, tail_max, GFP_ATOMIC)) {
wiphy_debug(local->hw.wiphy,
"failed to reallocate TX buffer\n");
return -ENOMEM;
@@ -1960,18 +1976,8 @@ void ieee80211_xmit(struct ieee80211_sub
struct ieee80211_local *local = sdata->local;
struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
struct ieee80211_hdr *hdr;
- int headroom;
- bool may_encrypt;
-
- may_encrypt = !(info->flags & IEEE80211_TX_INTFL_DONT_ENCRYPT);
- headroom = local->tx_headroom;
- if (may_encrypt)
- headroom += sdata->encrypt_headroom;
- headroom -= skb_headroom(skb);
- headroom = max_t(int, 0, headroom);
-
- if (ieee80211_skb_resize(sdata, skb, headroom, may_encrypt)) {
+ if (ieee80211_skb_resize(local, sdata, skb, 0, 0)) {
ieee80211_free_txskb(&local->hw, skb);
return;
}
@@ -2741,30 +2747,14 @@ static struct sk_buff *ieee80211_build_h
skb_pull(skb, skip_header_bytes);
padsize = ieee80211_hdr_padsize(&local->hw, hdrlen);
- head_need = hdrlen + encaps_len + meshhdrlen - skb_headroom(skb);
+ head_need = hdrlen + encaps_len + meshhdrlen;
head_need += padsize;
- /*
- * So we need to modify the skb header and hence need a copy of
- * that. The head_need variable above doesn't, so far, include
- * the needed header space that we don't need right away. If we
- * can, then we don't reallocate right now but only after the
- * frame arrives at the master device (if it does...)
- *
- * If we cannot, however, then we will reallocate to include all
- * the ever needed space. Also, if we need to reallocate it anyway,
- * make it big enough for everything we may ever need.
- */
-
- if (head_need > 0 || skb_cloned(skb)) {
- head_need += sdata->encrypt_headroom;
- head_need += local->tx_headroom;
- head_need = max_t(int, 0, head_need);
- if (ieee80211_skb_resize(sdata, skb, head_need, true)) {
- ieee80211_free_txskb(&local->hw, skb);
- skb = NULL;
- return ERR_PTR(-ENOMEM);
- }
+ if (ieee80211_skb_resize(local, sdata, skb, head_need,
+ sdata->encrypt_headroom)) {
+ ieee80211_free_txskb(&local->hw, skb);
+ skb = NULL;
+ return ERR_PTR(-ENOMEM);
}
if (encaps_data)
@@ -3377,7 +3367,6 @@ static bool ieee80211_xmit_fast(struct i
struct ieee80211_local *local = sdata->local;
u16 ethertype = (skb->data[12] << 8) | skb->data[13];
int extra_head = fast_tx->hdr_len - (ETH_HLEN - 2);
- int hw_headroom = sdata->local->hw.extra_tx_headroom;
struct ethhdr eth;
struct ieee80211_tx_info *info;
struct ieee80211_hdr *hdr = (void *)fast_tx->hdr;
@@ -3429,10 +3418,7 @@ static bool ieee80211_xmit_fast(struct i
* as the may-encrypt argument for the resize to not account for
* more room than we already have in 'extra_head'
*/
- if (unlikely(ieee80211_skb_resize(sdata, skb,
- max_t(int, extra_head + hw_headroom -
- skb_headroom(skb), 0),
- false))) {
+ if (unlikely(ieee80211_skb_resize(local, sdata, skb, extra_head, 0))) {
kfree_skb(skb);
return true;
}

6
package/kernel/mac80211/patches/subsys/358-mac80211-make-ieee80211_schedule_txq-schedule-empty-.patch
View File

@@ -72,7 +72,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/**
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3673,8 +3673,9 @@ out:
@@ -3698,8 +3698,9 @@ out:
}
EXPORT_SYMBOL(ieee80211_next_txq);
@@ -84,7 +84,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
{
struct ieee80211_local *local = hw_to_local(hw);
struct txq_info *txqi = to_txq_info(txq);
@@ -3682,7 +3683,8 @@ void ieee80211_schedule_txq(struct ieee8
@@ -3707,7 +3708,8 @@ void ieee80211_schedule_txq(struct ieee8
spin_lock_bh(&local->active_txq_lock[txq->ac]);
if (list_empty(&txqi->schedule_order) &&
@@ -94,7 +94,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/* If airtime accounting is active, always enqueue STAs at the
* head of the list to ensure that they only get moved to the
* back by the airtime DRR scheduler once they have a negative
@@ -3702,7 +3704,7 @@ void ieee80211_schedule_txq(struct ieee8
@@ -3727,7 +3729,7 @@ void ieee80211_schedule_txq(struct ieee8
spin_unlock_bh(&local->active_txq_lock[txq->ac]);
}

4
package/kernel/mac80211/patches/subsys/360-mac80211-when-using-iTXQ-select-the-queue-in-ieee802.patch
View File

@@ -13,7 +13,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/mac80211/tx.c
+++ b/net/mac80211/tx.c
@@ -3772,6 +3772,7 @@ void __ieee80211_subif_start_xmit(struct
@@ -3797,6 +3797,7 @@ void __ieee80211_subif_start_xmit(struct
u32 ctrl_flags)
{
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
@@ -21,7 +21,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
struct sta_info *sta;
struct sk_buff *next;
@@ -3785,7 +3786,15 @@ void __ieee80211_subif_start_xmit(struct
@@ -3810,7 +3811,15 @@ void __ieee80211_subif_start_xmit(struct
if (ieee80211_lookup_ra_sta(sdata, skb, &sta))
goto out_free;

6
package/kernel/mac80211/patches/subsys/362-mac80211-minstrel-remove-divisions-in-tx-status-path.patch
View File

@@ -11,9 +11,9 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
--- a/net/mac80211/rc80211_minstrel.c
+++ b/net/mac80211/rc80211_minstrel.c
@@ -295,8 +295,7 @@ minstrel_tx_status(void *priv, struct ie
if (mi->sample_deferred > 0)
mi->sample_deferred--;
@@ -289,8 +289,7 @@ minstrel_tx_status(void *priv, struct ie
mi->r[ndx].stats.success += success;
}
- if (time_after(jiffies, mi->last_stats_update +
- (mp->update_interval * HZ) / 1000))

10
package/kernel/mac80211/patches/subsys/363-mac80211-minstrel_ht-replace-rate-stats-ewma-with-a-.patch
View File

@@ -64,9 +64,9 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/* Sample less often below the 10% chance of success.
* Sample less often above the 95% chance of success. */
@@ -295,7 +299,8 @@ minstrel_tx_status(void *priv, struct ie
if (mi->sample_deferred > 0)
mi->sample_deferred--;
@@ -289,7 +293,8 @@ minstrel_tx_status(void *priv, struct ie
mi->r[ndx].stats.success += success;
}
- if (time_after(jiffies, mi->last_stats_update + mp->update_interval))
+ if (time_after(jiffies, mi->last_stats_update +
@@ -149,7 +149,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/* statistis of packet delivery probability
* prob_ewma - exponential weighted moving average of prob
* prob_ewmsd - exp. weighted moving standard deviation of prob */
@@ -114,6 +166,7 @@ struct minstrel_sta_info {
@@ -113,6 +165,7 @@ struct minstrel_sta_info {
struct minstrel_priv {
struct ieee80211_hw *hw;
bool has_mrr;
@@ -157,7 +157,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
u32 sample_switch;
unsigned int cw_min;
unsigned int cw_max;
@@ -153,7 +206,8 @@ extern const struct rate_control_ops mac
@@ -152,7 +205,8 @@ extern const struct rate_control_ops mac
void minstrel_add_sta_debugfs(void *priv, void *priv_sta, struct dentry *dir);
/* Recalculate success probabilities and counters for a given rate using EWMA */

6
package/kernel/mac80211/patches/subsys/364-mac80211-minstrel_ht-rename-prob_ewma-to-prob_avg-us.patch
View File

@@ -106,7 +106,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
tmp_prob_rate = i;
}
}
@@ -436,7 +436,7 @@ minstrel_get_rate(void *priv, struct iee
@@ -418,7 +418,7 @@ minstrel_get_rate(void *priv, struct iee
* has a probability of >95%, we shouldn't be attempting
* to use it, as this only wastes precious airtime */
if (!mrr_capable &&
@@ -115,7 +115,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
return;
mi->prev_sample = true;
@@ -587,7 +587,7 @@ static u32 minstrel_get_expected_through
@@ -570,7 +570,7 @@ static u32 minstrel_get_expected_through
* computing cur_tp
*/
tmp_mrs = &mi->r[idx].stats;
@@ -174,7 +174,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
/* maximum retry counts */
u8 retry_count;
u8 retry_count_rtscts;
@@ -208,7 +205,7 @@ void minstrel_add_sta_debugfs(void *priv
@@ -207,7 +204,7 @@ void minstrel_add_sta_debugfs(void *priv
/* Recalculate success probabilities and counters for a given rate using EWMA */
void minstrel_calc_rate_stats(struct minstrel_priv *mp,
struct minstrel_rate_stats *mrs);

2
package/kernel/mac80211/patches/subsys/365-mac80211-IBSS-send-deauth-when-expiring-inactive-STA.patch
View File

@@ -54,7 +54,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
}
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -2071,7 +2071,8 @@ void ieee80211_send_auth(struct ieee8021
@@ -2068,7 +2068,8 @@ void ieee80211_send_auth(struct ieee8021
const u8 *da, const u8 *key, u8 key_len, u8 key_idx,
u32 tx_flags);
void ieee80211_send_deauth_disassoc(struct ieee80211_sub_if_data *sdata,

2
package/kernel/mac80211/patches/subsys/367-mac80211-sta-randomize-BA-session-dialog-token-alloc.patch
View File

@@ -28,7 +28,7 @@ Signed-off-by: Johannes Berg <johannes.berg@intel.com>
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -322,6 +322,7 @@ struct sta_info *sta_info_alloc(struct i
@@ -340,6 +340,7 @@ struct sta_info *sta_info_alloc(struct i
INIT_WORK(&sta->drv_deliver_wk, sta_deliver_ps_frames);
INIT_WORK(&sta->ampdu_mlme.work, ieee80211_ba_session_work);
mutex_init(&sta->ampdu_mlme.mtx);

2
package/kernel/mac80211/patches/subsys/368-cfg80211-add-local-BSS-receive-time-to-survey-inform.patch
View File

@@ -64,7 +64,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
__NL80211_SURVEY_INFO_AFTER_LAST,
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -8373,6 +8373,10 @@ static int nl80211_send_survey(struct sk
@@ -8379,6 +8379,10 @@ static int nl80211_send_survey(struct sk
nla_put_u64_64bit(msg, NL80211_SURVEY_INFO_TIME_SCAN,
survey->time_scan, NL80211_SURVEY_INFO_PAD))
goto nla_put_failure;

31
package/kernel/mac80211/patches/subsys/370-mac80211-fix-misplaced-while-instead-of-if.patch
View File

@@ -1,31 +0,0 @@
From 5981fe5b0529ba25d95f37d7faa434183ad618c5 Mon Sep 17 00:00:00 2001
From: Johannes Berg <johannes.berg@intel.com>
Date: Mon, 3 Aug 2020 11:02:10 +0200
Subject: [PATCH] mac80211: fix misplaced while instead of if
This never was intended to be a 'while' loop, it should've
just been an 'if' instead of 'while'. Fix this.
I noticed this while applying another patch from Ben that
intended to fix a busy loop at this spot.
Cc: stable@vger.kernel.org
Fixes: b16798f5b907 ("mac80211: mark station unauthorized before key removal")
Reported-by: Ben Greear <greearb@candelatech.com>
Link: https://lore.kernel.org/r/20200803110209.253009ae41ff.I3522aad099392b31d5cf2dcca34cbac7e5832dde@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/mac80211/sta_info.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/mac80211/sta_info.c
+++ b/net/mac80211/sta_info.c
@@ -980,7 +980,7 @@ static void __sta_info_destroy_part2(str
might_sleep();
lockdep_assert_held(&local->sta_mtx);
- while (sta->sta_state == IEEE80211_STA_AUTHORIZED) {
+ if (sta->sta_state == IEEE80211_STA_AUTHORIZED) {
ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC);
WARN_ON_ONCE(ret);
}

6
package/kernel/mac80211/patches/subsys/522-mac80211_configure_antenna_gain.patch
View File

@@ -57,7 +57,7 @@
__NL80211_ATTR_AFTER_LAST,
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -2457,6 +2457,19 @@ static int ieee80211_get_tx_power(struct
@@ -2458,6 +2458,19 @@ static int ieee80211_get_tx_power(struct
return 0;
}
@@ -77,7 +77,7 @@
static int ieee80211_set_wds_peer(struct wiphy *wiphy, struct net_device *dev,
const u8 *addr)
{
@@ -3846,6 +3859,7 @@ const struct cfg80211_ops mac80211_confi
@@ -3847,6 +3860,7 @@ const struct cfg80211_ops mac80211_confi
.set_wiphy_params = ieee80211_set_wiphy_params,
.set_tx_power = ieee80211_set_tx_power,
.get_tx_power = ieee80211_get_tx_power,
@@ -137,7 +137,7 @@
};
/* policy for the key attributes */
@@ -2629,6 +2630,20 @@ static int nl80211_set_wiphy(struct sk_b
@@ -2632,6 +2633,20 @@ static int nl80211_set_wiphy(struct sk_b
if (result)
return result;
}

6
package/kernel/mt76/Makefile
View File

@@ -8,9 +8,9 @@ PKG_LICENSE_FILES:=
PKG_SOURCE_URL:=https://github.com/openwrt/mt76
PKG_SOURCE_PROTO:=git
PKG_SOURCE_DATE:=2020-03-10
PKG_SOURCE_VERSION:=08054d5ab1350fcb8563feb90e6ab7f8f4a0a1b7
PKG_MIRROR_HASH:=b41a3cab1485c68befb1dcb4c1e426d41705db1b2a57851dafd6e8f75eeea3d7
PKG_SOURCE_DATE:=2021-02-15
PKG_SOURCE_VERSION:=5c768dec13389700ff3fa3d25083fb43d8e7adda
PKG_MIRROR_HASH:=2ef0cf233bedc20e77c61cd6dd6085e162cce5c2719b5285bcdd8bf92ebf88eb
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_BUILD_PARALLEL:=1

4
package/libs/mbedtls/Makefile
View File

@@ -8,13 +8,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=mbedtls
PKG_VERSION:=2.16.8
PKG_VERSION:=2.16.9
PKG_RELEASE:=1
PKG_USE_MIPS16:=0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ARMmbed/mbedtls/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=fe9e3b15c3375943bdfebbbb20dd6b4f1147b3b5d926248bd835d73247407430
PKG_HASH:=fc17ff7d8c11d08f23ae2800a18269408ad2c24ea6bb8b9363e41a01c2425697
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=GPL-2.0+

4
package/libs/openssl/Makefile
View File

@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openssl
PKG_BASE:=1.1.1
PKG_BUGFIX:=g
PKG_BUGFIX:=i
PKG_VERSION:=$(PKG_BASE)$(PKG_BUGFIX)
PKG_RELEASE:=1
PKG_USE_MIPS16:=0
@@ -24,7 +24,7 @@ PKG_SOURCE_URL:= \
ftp://ftp.pca.dfn.de/pub/tools/net/openssl/source/ \
http://www.openssl.org/source/ \
http://www.openssl.org/source/old/$(PKG_BASE)/
PKG_HASH:=ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46
PKG_HASH:=e8be6a35fe41d10603c3cc635e93289ed00bf34b79671a3a4de64fcee00d5242
PKG_LICENSE:=OpenSSL
PKG_LICENSE_FILES:=LICENSE

2
package/libs/openssl/patches/100-Configure-afalg-support.patch
View File

@@ -12,7 +12,7 @@ diff --git a/Configure b/Configure
index 5a699836f3..74d057c219 100755
--- a/Configure
+++ b/Configure
@@ -1532,7 +1532,9 @@ unless ($disabled{"crypto-mdebug-backtrace"})
@@ -1545,7 +1545,9 @@ unless ($disabled{"crypto-mdebug-backtrace"})
unless ($disabled{afalgeng}) {
$config{afalgeng}="";

4
package/libs/openssl/patches/130-dont-build-tests-fuzz.patch
View File

@@ -11,7 +11,7 @@ diff --git a/Configure b/Configure
index 74d057c219..5813e9f8fe 100755
--- a/Configure
+++ b/Configure
@@ -296,7 +296,7 @@ my $auto_threads=1; # enable threads automatically? true by default
@@ -318,7 +318,7 @@ my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
# Top level directories to build
@@ -20,7 +20,7 @@ index 74d057c219..5813e9f8fe 100755
# crypto/ subdirectories to build
$config{sdirs} = [
"objects",
@@ -308,7 +308,7 @@ $config{sdirs} = [
@@ -330,7 +330,7 @@ $config{sdirs} = [
"cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
];
# test/ subdirectories to build

6
package/libs/wolfssl/Makefile
View File

@@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=wolfssl
PKG_VERSION:=4.5.0-stable
PKG_RELEASE:=1
PKG_VERSION:=4.6.0-stable
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/wolfSSL/wolfssl/archive/v$(PKG_VERSION)
PKG_HASH:=7de62300ce14daa0051bfefc7c4d6302f96cabc768b6ae49eda77523b118250c
PKG_HASH:=053aefbb02d0b06b27c5e2df6875b4b587318755b7db9d6aa8d72206b310a848
PKG_FIXUP:=libtool
PKG_INSTALL:=1

53
package/libs/wolfssl/patches/010-CVE-2021-3336.patch Normal file
View File

@@ -0,0 +1,53 @@
From fad1e67677bf7797b6bd6e1f21a513c289d963a7 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Thu, 21 Jan 2021 08:24:38 +1000
Subject: [PATCH] TLS 1.3: ensure key for signature in CertificateVerify
---
src/tls13.c | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -5624,28 +5624,36 @@ static int DoTls13CertificateVerify(WOLF
#ifdef HAVE_ED25519
if (args->sigAlgo == ed25519_sa_algo &&
!ssl->peerEd25519KeyPresent) {
- WOLFSSL_MSG("Oops, peer sent ED25519 key but not in verify");
+ WOLFSSL_MSG("Peer sent ED22519 sig but not ED22519 cert");
+ ret = SIG_VERIFY_E;
+ goto exit_dcv;
}
#endif
#ifdef HAVE_ED448
if (args->sigAlgo == ed448_sa_algo && !ssl->peerEd448KeyPresent) {
- WOLFSSL_MSG("Oops, peer sent ED448 key but not in verify");
+ WOLFSSL_MSG("Peer sent ED448 sig but not ED448 cert");
+ ret = SIG_VERIFY_E;
+ goto exit_dcv;
}
#endif
#ifdef HAVE_ECC
if (args->sigAlgo == ecc_dsa_sa_algo &&
!ssl->peerEccDsaKeyPresent) {
- WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
+ WOLFSSL_MSG("Peer sent ECC sig but not ECC cert");
+ ret = SIG_VERIFY_E;
+ goto exit_dcv;
}
#endif
#ifndef NO_RSA
if (args->sigAlgo == rsa_sa_algo) {
- WOLFSSL_MSG("Oops, peer sent PKCS#1.5 signature");
+ WOLFSSL_MSG("Peer sent PKCS#1.5 algo but not in certificate");
ERROR_OUT(INVALID_PARAMETER, exit_dcv);
}
if (args->sigAlgo == rsa_pss_sa_algo &&
(ssl->peerRsaKey == NULL || !ssl->peerRsaKeyPresent)) {
- WOLFSSL_MSG("Oops, peer sent RSA key but not in verify");
+ WOLFSSL_MSG("Peer sent RSA sig but not RSA cert");
+ ret = SIG_VERIFY_E;
+ goto exit_dcv;
}
#endif

2
package/libs/wolfssl/patches/100-disable-hardening-check.patch
View File

@@ -1,6 +1,6 @@
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2128,7 +2128,7 @@ extern void uITRON4_free(void *p) ;
@@ -2248,7 +2248,7 @@ extern void uITRON4_free(void *p) ;
#endif
/* warning for not using harden build options (default with ./configure) */

25
package/libs/wolfssl/patches/110-Fix-linking-against-hostapd-with-LTO.patch Normal file
View File

@@ -0,0 +1,25 @@
From 391ecbd647c121300dc7dcf209e412ccb7b8d432 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Fri, 1 Jan 2021 21:57:56 +0100
Subject: [PATCH] Fix linking against hostapd with LTO
When running LTO on wolfssl the ecc_map() function is removed from the
binary by GCC 8.4.0. This function is used by multiple functions from
the crypto_wolfssl.c implementation of hostapd master.
Fixes: 780e8a4619b6 ("Fixes for building `--enable-wpas=small` with WPA Supplicant v2.7.")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
configure.ac | 1 +
1 file changed, 1 insertion(+)
--- a/configure.ac
+++ b/configure.ac
@@ -947,6 +947,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_MP"
+ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DER_LOAD"
AM_CFLAGS="$AM_CFLAGS -DATOMIC_USER"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"

27
package/libs/wolfssl/patches/110-fix-build-on-big-endian.patch
View File

@@ -1,27 +0,0 @@
From b90acc91d0cd276befe7f08f87ba2dc5ee7122ff Mon Sep 17 00:00:00 2001
From: Tesfa Mael <tesfa@wolfssl.com>
Date: Wed, 26 Aug 2020 10:13:06 -0700
Subject: [PATCH] Make ByteReverseWords available for big and little endian
---
wolfcrypt/src/misc.c | 2 --
1 file changed, 2 deletions(-)
--- a/wolfcrypt/src/misc.c
+++ b/wolfcrypt/src/misc.c
@@ -120,7 +120,6 @@ WC_STATIC WC_INLINE word32 ByteReverseWo
return rotlFixed(value, 16U);
#endif
}
-#if defined(LITTLE_ENDIAN_ORDER)
/* This routine performs a byte swap of words array of a given count. */
WC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in,
word32 byteCount)
@@ -131,7 +130,6 @@ WC_STATIC WC_INLINE void ByteReverseWord
out[i] = ByteReverseWord32(in[i]);
}
-#endif /* LITTLE_ENDIAN_ORDER */
#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS)

10
package/libs/wolfssl/patches/120-enable-secret-callback.patch Normal file
View File

@@ -0,0 +1,10 @@
--- a/configure.ac
+++ b/configure.ac
@@ -943,6 +943,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_KEEP_SNI"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
+ AM_CFLAGS="$AM_CFLAGS -DHAVE_SECRET_CALLBACK"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EITHER_SIDE"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA_X509_SMALL"

2
package/network/config/firewall/Makefile
View File

@@ -9,7 +9,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git

38
package/network/config/firewall/patches/0002-options-fix-parsing-of-boolean-attributes.patch Normal file
View File

@@ -0,0 +1,38 @@
From 78d52a28c66ad0fd2af250038fdcf4239ad37bf2 Mon Sep 17 00:00:00 2001
From: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com>
Date: Sat, 15 Aug 2020 13:50:27 +0900
Subject: [PATCH] options: fix parsing of boolean attributes
Boolean attributes were parsed the same way as string attributes,
so a value of { "bool_attr": "true" } would be parsed correctly, but
{ "bool_attr": true } (without quotes) was parsed as false.
Fixes FS#3284
Signed-off-by: Remi NGUYEN VAN <remi.nguyenvan+openwrt@gmail.com>
---
options.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/options.c
+++ b/options.c
@@ -1170,6 +1170,9 @@ fw3_parse_blob_options(void *s, const st
if (blobmsg_type(e) == BLOBMSG_TYPE_INT32) {
snprintf(buf, sizeof(buf), "%d", blobmsg_get_u32(e));
v = buf;
+ } else if (blobmsg_type(o) == BLOBMSG_TYPE_BOOL) {
+ snprintf(buf, sizeof(buf), "%d", blobmsg_get_bool(o));
+ v = buf;
} else {
v = blobmsg_get_string(e);
}
@@ -1189,6 +1192,9 @@ fw3_parse_blob_options(void *s, const st
if (blobmsg_type(o) == BLOBMSG_TYPE_INT32) {
snprintf(buf, sizeof(buf), "%d", blobmsg_get_u32(o));
v = buf;
+ } else if (blobmsg_type(o) == BLOBMSG_TYPE_BOOL) {
+ snprintf(buf, sizeof(buf), "%d", blobmsg_get_bool(o));
+ v = buf;
} else {
v = blobmsg_get_string(o);
}

6
package/network/config/netifd/Makefile
View File

@@ -5,9 +5,9 @@ PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/netifd.git
PKG_SOURCE_DATE:=2019-08-05
PKG_SOURCE_VERSION:=5e02f94411b06f192fb2a7d9be9abde3549153a8
PKG_MIRROR_HASH:=96e158584c605e96aceb3ce7e8ad8faa8e774ffd67d59558b2d6c2ff49d0f1a5
PKG_SOURCE_DATE:=2021-01-09
PKG_SOURCE_VERSION:=753c351bc729967a691d99e27693be5aec334028
PKG_MIRROR_HASH:=e7d95bde520fc660d0a49e28c5bb50fff3071d7f48fe7fc3fc610f38edfc7df1
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=GPL-2.0

6
package/network/ipv6/odhcp6c/Makefile
View File

@@ -12,9 +12,9 @@ PKG_RELEASE:=16
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/odhcp6c.git
PKG_SOURCE_DATE:=2019-01-11
PKG_SOURCE_VERSION:=e199804b602a48eb69f0752584c0ad28495b82ad
PKG_MIRROR_HASH:=e7e483d9fe066b8d270474b987227593a7f5c5fc8e2a46aebc5cd9d16f61805a
PKG_SOURCE_DATE:=2021-01-09
PKG_SOURCE_VERSION:=64e1b4e78f65bd8ea41320be6ab732f6143955fe
PKG_MIRROR_HASH:=a5face4705d71852c8e2c81e99feb46485b6044f01e6123b69605c77aa114f5a
PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
PKG_LICENSE:=GPL-2.0

2
package/network/services/dnsmasq/Makefile
View File

@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.80
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
PKG_RELEASE:=16.1
PKG_RELEASE:=16.3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq

375
package/network/services/dnsmasq/patches/0102-Fix-remote-buffer-overflow-CERT-VU-434904.patch Normal file
View File

@@ -0,0 +1,375 @@
From 4e96a4be685c9e4445f6ee79ad0b36b9119b502a Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 11 Nov 2020 23:25:04 +0000
Subject: Fix remote buffer overflow CERT VU#434904
The problem is in the sort_rrset() function and allows a remote
attacker to overwrite memory. Any dnsmasq instance with DNSSEC
enabled is vulnerable.
---
CHANGELOG | 7 +-
src/dnssec.c | 273 ++++++++++++++++++++++++++++-----------------------
2 files changed, 158 insertions(+), 122 deletions(-)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,9 @@
+ Fix a remote buffer overflow problem in the DNSSEC code. Any
+ dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
+ referenced by CERT VU#434904.
+
+
+>>>>>>> Fix remote buffer overflow CERT VU#434904
version 2.81
Impove cache behaviour for TCP connections. For ease of
implementaion, dnsmasq has always forked a new process to handle
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -222,138 +222,147 @@ static int check_date_range(u32 date_sta
&& serial_compare_32(curtime, date_end) == SERIAL_LT;
}
-/* Return bytes of canonicalised rdata, when the return value is zero, the remaining
- data, pointed to by *p, should be used raw. */
-static int get_rdata(struct dns_header *header, size_t plen, unsigned char *end, char *buff, int bufflen,
- unsigned char **p, u16 **desc)
+/* Return bytes of canonicalised rrdata one by one.
+ Init state->ip with the RR, and state->end with the end of same.
+ Init state->op to NULL.
+ Init state->desc to RR descriptor.
+ Init state->buff with a MAXDNAME * 2 buffer.
+
+ After each call which returns 1, state->op points to the next byte of data.
+ On returning 0, the end has been reached.
+*/
+struct rdata_state {
+ u16 *desc;
+ size_t c;
+ unsigned char *end, *ip, *op;
+ char *buff;
+};
+
+static int get_rdata(struct dns_header *header, size_t plen, struct rdata_state *state)
{
- int d = **desc;
+ int d;
- /* No more data needs mangling */
- if (d == (u16)-1)
+ if (state->op && state->c != 1)
{
- /* If there's more data than we have space for, just return what fits,
- we'll get called again for more chunks */
- if (end - *p > bufflen)
- {
- memcpy(buff, *p, bufflen);
- *p += bufflen;
- return bufflen;
- }
-
- return 0;
+ state->op++;
+ state->c--;
+ return 1;
}
-
- (*desc)++;
-
- if (d == 0 && extract_name(header, plen, p, buff, 1, 0))
- /* domain-name, canonicalise */
- return to_wire(buff);
- else
- {
- /* plain data preceding a domain-name, don't run off the end of the data */
- if ((end - *p) < d)
- d = end - *p;
+
+ while (1)
+ {
+ d = *(state->desc);
- if (d != 0)
+ if (d == (u16)-1)
{
- memcpy(buff, *p, d);
- *p += d;
+ /* all the bytes to the end. */
+ if ((state->c = state->end - state->ip) != 0)
+ {
+ state->op = state->ip;
+ state->ip = state->end;;
+ }
+ else
+ return 0;
+ }
+ else
+ {
+ state->desc++;
+
+ if (d == (u16)0)
+ {
+ /* domain-name, canonicalise */
+ int len;
+
+ if (!extract_name(header, plen, &state->ip, state->buff, 1, 0) ||
+ (len = to_wire(state->buff)) == 0)
+ continue;
+
+ state->c = len;
+ state->op = (unsigned char *)state->buff;
+ }
+ else
+ {
+ /* plain data preceding a domain-name, don't run off the end of the data */
+ if ((state->end - state->ip) < d)
+ d = state->end - state->ip;
+
+ if (d == 0)
+ continue;
+
+ state->op = state->ip;
+ state->c = d;
+ state->ip += d;
+ }
}
- return d;
+ return 1;
}
}
-/* Bubble sort the RRset into the canonical order.
- Note that the byte-streams from two RRs may get unsynced: consider
- RRs which have two domain-names at the start and then other data.
- The domain-names may have different lengths in each RR, but sort equal
-
- ------------
- |abcde|fghi|
- ------------
- |abcd|efghi|
- ------------
-
- leaving the following bytes as deciding the order. Hence the nasty left1 and left2 variables.
-*/
+/* Bubble sort the RRset into the canonical order. */
static int sort_rrset(struct dns_header *header, size_t plen, u16 *rr_desc, int rrsetidx,
unsigned char **rrset, char *buff1, char *buff2)
{
- int swap, quit, i, j;
+ int swap, i, j;
do
{
for (swap = 0, i = 0; i < rrsetidx-1; i++)
{
- int rdlen1, rdlen2, left1, left2, len1, len2, len, rc;
- u16 *dp1, *dp2;
- unsigned char *end1, *end2;
+ int rdlen1, rdlen2;
+ struct rdata_state state1, state2;
+
/* Note that these have been determined to be OK previously,
so we don't need to check for NULL return here. */
- unsigned char *p1 = skip_name(rrset[i], header, plen, 10);
- unsigned char *p2 = skip_name(rrset[i+1], header, plen, 10);
-
- p1 += 8; /* skip class, type, ttl */
- GETSHORT(rdlen1, p1);
- end1 = p1 + rdlen1;
-
- p2 += 8; /* skip class, type, ttl */
- GETSHORT(rdlen2, p2);
- end2 = p2 + rdlen2;
-
- dp1 = dp2 = rr_desc;
-
- for (quit = 0, left1 = 0, left2 = 0, len1 = 0, len2 = 0; !quit;)
+ state1.ip = skip_name(rrset[i], header, plen, 10);
+ state2.ip = skip_name(rrset[i+1], header, plen, 10);
+ state1.op = state2.op = NULL;
+ state1.buff = buff1;
+ state2.buff = buff2;
+ state1.desc = state2.desc = rr_desc;
+
+ state1.ip += 8; /* skip class, type, ttl */
+ GETSHORT(rdlen1, state1.ip);
+ if (!CHECK_LEN(header, state1.ip, plen, rdlen1))
+ return rrsetidx; /* short packet */
+ state1.end = state1.ip + rdlen1;
+
+ state2.ip += 8; /* skip class, type, ttl */
+ GETSHORT(rdlen2, state2.ip);
+ if (!CHECK_LEN(header, state2.ip, plen, rdlen2))
+ return rrsetidx; /* short packet */
+ state2.end = state2.ip + rdlen2;
+
+ while (1)
{
- if (left1 != 0)
- memmove(buff1, buff1 + len1 - left1, left1);
-
- if ((len1 = get_rdata(header, plen, end1, buff1 + left1, (MAXDNAME * 2) - left1, &p1, &dp1)) == 0)
- {
- quit = 1;
- len1 = end1 - p1;
- memcpy(buff1 + left1, p1, len1);
- }
- len1 += left1;
-
- if (left2 != 0)
- memmove(buff2, buff2 + len2 - left2, left2);
-
- if ((len2 = get_rdata(header, plen, end2, buff2 + left2, (MAXDNAME *2) - left2, &p2, &dp2)) == 0)
- {
- quit = 1;
- len2 = end2 - p2;
- memcpy(buff2 + left2, p2, len2);
- }
- len2 += left2;
-
- if (len1 > len2)
- left1 = len1 - len2, left2 = 0, len = len2;
- else
- left2 = len2 - len1, left1 = 0, len = len1;
+ int ok1, ok2;
- rc = (len == 0) ? 0 : memcmp(buff1, buff2, len);
-
- if (rc > 0 || (rc == 0 && quit && len1 > len2))
- {
- unsigned char *tmp = rrset[i+1];
- rrset[i+1] = rrset[i];
- rrset[i] = tmp;
- swap = quit = 1;
- }
- else if (rc == 0 && quit && len1 == len2)
+ ok1 = get_rdata(header, plen, &state1);
+ ok2 = get_rdata(header, plen, &state2);
+
+ if (!ok1 && !ok2)
{
/* Two RRs are equal, remove one copy. RFC 4034, para 6.3 */
for (j = i+1; j < rrsetidx-1; j++)
rrset[j] = rrset[j+1];
rrsetidx--;
i--;
+ break;
+ }
+ else if (ok1 && (!ok2 || *state1.op > *state2.op))
+ {
+ unsigned char *tmp = rrset[i+1];
+ rrset[i+1] = rrset[i];
+ rrset[i] = tmp;
+ swap = 1;
+ break;
}
- else if (rc < 0)
- quit = 1;
+ else if (ok2 && (!ok1 || *state2.op > *state1.op))
+ break;
+
+ /* arrive here when bytes are equal, go round the loop again
+ and compare the next ones. */
}
}
} while (swap);
@@ -549,15 +558,18 @@ static int validate_rrset(time_t now, st
wire_len = to_wire(keyname);
hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
from_wire(keyname);
+
+#define RRBUFLEN 300 /* Most RRs are smaller than this. */
for (i = 0; i < rrsetidx; ++i)
{
- int seg;
- unsigned char *end, *cp;
- u16 len, *dp;
+ int j;
+ struct rdata_state state;
+ u16 len;
+ unsigned char rrbuf[RRBUFLEN];
p = rrset[i];
-
+
if (!extract_name(header, plen, &p, name, 1, 10))
return STAT_BOGUS;
@@ -566,12 +578,11 @@ static int validate_rrset(time_t now, st
/* if more labels than in RRsig name, hash *.<no labels in rrsig labels field> 4035 5.3.2 */
if (labels < name_labels)
{
- int k;
- for (k = name_labels - labels; k != 0; k--)
+ for (j = name_labels - labels; j != 0; j--)
{
while (*name_start != '.' && *name_start != 0)
name_start++;
- if (k != 1 && *name_start == '.')
+ if (j != 1 && *name_start == '.')
name_start++;
}
@@ -592,24 +603,44 @@ static int validate_rrset(time_t now, st
if (!CHECK_LEN(header, p, plen, rdlen))
return STAT_BOGUS;
- end = p + rdlen;
-
- /* canonicalise rdata and calculate length of same, use name buffer as workspace.
- Note that name buffer is twice MAXDNAME long in DNSSEC mode. */
- cp = p;
- dp = rr_desc;
- for (len = 0; (seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp)) != 0; len += seg);
- len += end - cp;
- len = htons(len);
+ /* canonicalise rdata and calculate length of same, use
+ name buffer as workspace for get_rdata. */
+ state.ip = p;
+ state.op = NULL;
+ state.desc = rr_desc;
+ state.buff = name;
+ state.end = p + rdlen;
+
+ for (j = 0; get_rdata(header, plen, &state); j++)
+ if (j < RRBUFLEN)
+ rrbuf[j] = *state.op;
+
+ len = htons((u16)j);
hash->update(ctx, 2, (unsigned char *)&len);
+
+ /* If the RR is shorter than RRBUFLEN (most of them, in practice)
+ then we can just digest it now. If it exceeds RRBUFLEN we have to
+ go back to the start and do it in chunks. */
+ if (j >= RRBUFLEN)
+ {
+ state.ip = p;
+ state.op = NULL;
+ state.desc = rr_desc;
+
+ for (j = 0; get_rdata(header, plen, &state); j++)
+ {
+ rrbuf[j] = *state.op;
+
+ if (j == RRBUFLEN - 1)
+ {
+ hash->update(ctx, RRBUFLEN, rrbuf);
+ j = -1;
+ }
+ }
+ }
- /* Now canonicalise again and digest. */
- cp = p;
- dp = rr_desc;
- while ((seg = get_rdata(header, plen, end, name, MAXDNAME * 2, &cp, &dp)))
- hash->update(ctx, seg, (unsigned char *)name);
- if (cp != end)
- hash->update(ctx, end - cp, cp);
+ if (j != 0)
+ hash->update(ctx, j, rrbuf);
}
hash->digest(ctx, hash->digest_size, digest);

106
package/network/services/dnsmasq/patches/0103-Check-destination-of-DNS-UDP-query-replies.patch Normal file
View File

@@ -0,0 +1,106 @@
From 257ac0c5f7732cbc6aa96fdd3b06602234593aca Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 12 Nov 2020 18:49:23 +0000
Subject: Check destination of DNS UDP query replies.
At any time, dnsmasq will have a set of sockets open, bound to
random ports, on which it sends queries to upstream nameservers.
This patch fixes the existing problem that a reply for ANY in-flight
query would be accepted via ANY open port, which increases the
chances of an attacker flooding answers "in the blind" in an
attempt to poison the DNS cache. CERT VU#434904 refers.
---
CHANGELOG | 6 +++++-
src/forward.c | 37 ++++++++++++++++++++++++++++---------
2 files changed, 33 insertions(+), 10 deletions(-)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,8 +2,12 @@
dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
referenced by CERT VU#434904.
+ Be sure to only accept UDP DNS query replies at the address
+ from which the query was originated. This keeps as much entropy
+ in the {query-ID, random-port} tuple as possible, help defeat
+ cache poisoning attacks. Refer: CERT VU#434904.
+
->>>>>>> Fix remote buffer overflow CERT VU#434904
version 2.81
Impove cache behaviour for TCP connections. For ease of
implementaion, dnsmasq has always forked a new process to handle
--- a/src/forward.c
+++ b/src/forward.c
@@ -16,7 +16,7 @@
#include "dnsmasq.h"
-static struct frec *lookup_frec(unsigned short id, void *hash);
+static struct frec *lookup_frec(unsigned short id, int fd, int family, void *hash);
static struct frec *lookup_frec_by_sender(unsigned short id,
union mysockaddr *addr,
void *hash);
@@ -797,7 +797,7 @@ void reply_query(int fd, int family, tim
crc = questions_crc(header, n, daemon->namebuff);
#endif
- if (!(forward = lookup_frec(ntohs(header->id), hash)))
+ if (!(forward = lookup_frec(ntohs(header->id), fd, family, hash)))
return;
#ifdef HAVE_DUMPFILE
@@ -2289,14 +2289,25 @@ struct frec *get_new_frec(time_t now, in
}
/* crc is all-ones if not known. */
-static struct frec *lookup_frec(unsigned short id, void *hash)
+static struct frec *lookup_frec(unsigned short id, int fd, int family, void *hash)
{
struct frec *f;
for(f = daemon->frec_list; f; f = f->next)
if (f->sentto && f->new_id == id &&
(!hash || memcmp(hash, f->hash, HASH_SIZE) == 0))
- return f;
+ {
+ /* sent from random port */
+ if (family == AF_INET && f->rfd4 && f->rfd4->fd == fd)
+ return f;
+
+ if (family == AF_INET6 && f->rfd6 && f->rfd6->fd == fd)
+ return f;
+
+ /* sent to upstream from bound socket. */
+ if (f->sentto->sfd && f->sentto->sfd->fd == fd)
+ return f;
+ }
return NULL;
}
@@ -2357,12 +2368,20 @@ void server_gone(struct server *server)
static unsigned short get_id(void)
{
unsigned short ret = 0;
+ struct frec *f;
- do
- ret = rand16();
- while (lookup_frec(ret, NULL));
-
- return ret;
+ while (1)
+ {
+ ret = rand16();
+
+ /* ensure id is unique. */
+ for (f = daemon->frec_list; f; f = f->next)
+ if (f->sentto && f->new_id == ret)
+ break;
+
+ if (!f)
+ return ret;
+ }
}

581
package/network/services/dnsmasq/patches/0104-Use-SHA-256-to-provide-security-against-DNS-cache-po.patch Normal file
View File

@@ -0,0 +1,581 @@
From 2d765867c597db18be9d876c9c17e2c0fe1953cd Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 12 Nov 2020 22:06:07 +0000
Subject: Use SHA-256 to provide security against DNS cache poisoning.
Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
---
CHANGELOG | 5 +
Makefile | 3 +-
bld/Android.mk | 2 +-
src/dnsmasq.h | 11 +-
src/dnssec.c | 31 -----
src/forward.c | 43 ++-----
src/hash_questions.c | 281 +++++++++++++++++++++++++++++++++++++++++++
src/rfc1035.c | 49 --------
8 files changed, 301 insertions(+), 124 deletions(-)
create mode 100644 src/hash_questions.c
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -7,6 +7,11 @@
in the {query-ID, random-port} tuple as possible, help defeat
cache poisoning attacks. Refer: CERT VU#434904.
+ Use the SHA-256 hash function to verify that DNS answers
+ received are for the questions originally asked. This replaces
+ the slightly insecure SHA-1 (when compiled with DNSSEC) or
+ the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
+
version 2.81
Impove cache behaviour for TCP connections. For ease of
--- a/Makefile
+++ b/Makefile
@@ -77,7 +77,8 @@ objs = cache.o rfc1035.o util.o option.o
helper.o tftp.o log.o conntrack.o dhcp6.o rfc3315.o \
dhcp-common.o outpacket.o radv.o slaac.o auth.o ipset.o \
domain.o dnssec.o blockdata.o tables.o loop.o inotify.o \
- poll.o rrfilter.o edns0.o arp.o crypto.o dump.o ubus.o metrics.o
+ poll.o rrfilter.o edns0.o arp.o crypto.o dump.o ubus.o \
+ metrics.o hash_questions.o
hdrs = dnsmasq.h config.h dhcp-protocol.h dhcp6-protocol.h \
dns-protocol.h radv-protocol.h ip6addr.h metrics.h
--- a/bld/Android.mk
+++ b/bld/Android.mk
@@ -11,7 +11,7 @@ LOCAL_SRC_FILES := bpf.c cache.c dbus.c
radv.c slaac.c auth.c ipset.c domain.c \
dnssec.c dnssec-openssl.c blockdata.c tables.c \
loop.c inotify.c poll.c rrfilter.c edns0.c arp.c \
- crypto.c dump.c ubus.c
+ crypto.c dump.c ubus.c metrics.c hash_questions.c
LOCAL_MODULE := dnsmasq
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -644,11 +644,7 @@ struct hostsfile {
#define FREC_TEST_PKTSZ 256
#define FREC_HAS_EXTRADATA 512
-#ifdef HAVE_DNSSEC
-#define HASH_SIZE 20 /* SHA-1 digest size */
-#else
-#define HASH_SIZE sizeof(int)
-#endif
+#define HASH_SIZE 32 /* SHA-256 digest size */
struct frec {
union mysockaddr source;
@@ -1199,7 +1195,6 @@ int check_for_bogus_wildcard(struct dns_
struct bogus_addr *baddr, time_t now);
int check_for_ignored_address(struct dns_header *header, size_t qlen, struct bogus_addr *baddr);
int check_for_local_domain(char *name, time_t now);
-unsigned int questions_crc(struct dns_header *header, size_t plen, char *name);
size_t resize_packet(struct dns_header *header, size_t plen,
unsigned char *pheader, size_t hlen);
int add_resource_record(struct dns_header *header, char *limit, int *truncp,
@@ -1227,9 +1222,11 @@ int dnssec_validate_reply(time_t now, st
int check_unsigned, int *neganswer, int *nons);
int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen);
size_t filter_rrsigs(struct dns_header *header, size_t plen);
-unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name);
int setup_timestamp(void);
+/* hash_questions.c */
+unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name);
+
/* crypto.c */
const struct nettle_hash *hash_find(char *name);
int hash_init(const struct nettle_hash *hash, void **ctxp, unsigned char **digestp);
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -2082,35 +2082,4 @@ size_t dnssec_generate_query(struct dns_
return ret;
}
-unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name)
-{
- int q;
- unsigned int len;
- unsigned char *p = (unsigned char *)(header+1);
- const struct nettle_hash *hash;
- void *ctx;
- unsigned char *digest;
-
- if (!(hash = hash_find("sha1")) || !hash_init(hash, &ctx, &digest))
- return NULL;
-
- for (q = ntohs(header->qdcount); q != 0; q--)
- {
- if (!extract_name(header, plen, &p, name, 1, 4))
- break; /* bad packet */
-
- len = to_wire(name);
- hash->update(ctx, len, (unsigned char *)name);
- /* CRC the class and type as well */
- hash->update(ctx, 4, p);
-
- p += 4;
- if (!CHECK_LEN(header, p, plen, 0))
- break; /* bad packet */
- }
-
- hash->digest(ctx, hash->digest_size, digest);
- return digest;
-}
-
#endif /* HAVE_DNSSEC */
--- a/src/forward.c
+++ b/src/forward.c
@@ -248,19 +248,16 @@ static int forward_query(int udpfd, unio
union all_addr *addrp = NULL;
unsigned int flags = 0;
struct server *start = NULL;
-#ifdef HAVE_DNSSEC
void *hash = hash_questions(header, plen, daemon->namebuff);
+#ifdef HAVE_DNSSEC
int do_dnssec = 0;
-#else
- unsigned int crc = questions_crc(header, plen, daemon->namebuff);
- void *hash = &crc;
#endif
unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL);
unsigned char *oph = find_pseudoheader(header, plen, NULL, NULL, NULL, NULL);
(void)do_bit;
/* may be no servers available. */
- if (forward || (hash && (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, hash))))
+ if (forward || (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, hash)))
{
/* If we didn't get an answer advertising a maximal packet in EDNS,
fall back to 1280, which should work everywhere on IPv6.
@@ -761,9 +758,6 @@ void reply_query(int fd, int family, tim
size_t nn;
struct server *server;
void *hash;
-#ifndef HAVE_DNSSEC
- unsigned int crc;
-#endif
/* packet buffer overwritten */
daemon->srv_save = NULL;
@@ -790,12 +784,7 @@ void reply_query(int fd, int family, tim
if (difftime(now, server->pktsz_reduced) > UDP_TEST_TIME)
server->edns_pktsz = daemon->edns_pktsz;
-#ifdef HAVE_DNSSEC
hash = hash_questions(header, n, daemon->namebuff);
-#else
- hash = &crc;
- crc = questions_crc(header, n, daemon->namebuff);
-#endif
if (!(forward = lookup_frec(ntohs(header->id), fd, family, hash)))
return;
@@ -1100,8 +1089,7 @@ void reply_query(int fd, int family, tim
log_query(F_NOEXTRA | F_DNSSEC | F_IPV6, daemon->keyname, (union all_addr *)&(server->addr.in6.sin6_addr),
querystr("dnssec-query", querytype));
- if ((hash = hash_questions(header, nn, daemon->namebuff)))
- memcpy(new->hash, hash, HASH_SIZE);
+ memcpy(new->hash, hash_questions(header, nn, daemon->namebuff), HASH_SIZE);
new->new_id = get_id();
header->id = htons(new->new_id);
/* Save query for retransmission */
@@ -1937,15 +1925,9 @@ unsigned char *tcp_request(int confd, ti
if (!flags && last_server)
{
struct server *firstsendto = NULL;
-#ifdef HAVE_DNSSEC
- unsigned char *newhash, hash[HASH_SIZE];
- if ((newhash = hash_questions(header, (unsigned int)size, daemon->namebuff)))
- memcpy(hash, newhash, HASH_SIZE);
- else
- memset(hash, 0, HASH_SIZE);
-#else
- unsigned int crc = questions_crc(header, (unsigned int)size, daemon->namebuff);
-#endif
+ unsigned char hash[HASH_SIZE];
+ memcpy(hash, hash_questions(header, (unsigned int)size, daemon->namebuff), HASH_SIZE);
+
/* Loop round available servers until we succeed in connecting to one.
Note that this code subtly ensures that consecutive queries on this connection
which can go to the same server, do so. */
@@ -2068,20 +2050,11 @@ unsigned char *tcp_request(int confd, ti
/* If the crc of the question section doesn't match the crc we sent, then
someone might be attempting to insert bogus values into the cache by
sending replies containing questions and bogus answers. */
-#ifdef HAVE_DNSSEC
- newhash = hash_questions(header, (unsigned int)m, daemon->namebuff);
- if (!newhash || memcmp(hash, newhash, HASH_SIZE) != 0)
+ if (memcmp(hash, hash_questions(header, (unsigned int)m, daemon->namebuff), HASH_SIZE) != 0)
{
m = 0;
break;
}
-#else
- if (crc != questions_crc(header, (unsigned int)m, daemon->namebuff))
- {
- m = 0;
- break;
- }
-#endif
m = process_reply(header, now, last_server, (unsigned int)m,
option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, cache_secure, bogusanswer,
@@ -2295,7 +2268,7 @@ static struct frec *lookup_frec(unsigned
for(f = daemon->frec_list; f; f = f->next)
if (f->sentto && f->new_id == id &&
- (!hash || memcmp(hash, f->hash, HASH_SIZE) == 0))
+ (memcmp(hash, f->hash, HASH_SIZE) == 0))
{
/* sent from random port */
if (family == AF_INET && f->rfd4 && f->rfd4->fd == fd)
--- /dev/null
+++ b/src/hash_questions.c
@@ -0,0 +1,281 @@
+/* Copyright (c) 2012-2020 Simon Kelley
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 dated June, 1991, or
+ (at your option) version 3 dated 29 June, 2007.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+/* Hash the question section. This is used to safely detect query
+ retransmission and to detect answers to questions we didn't ask, which
+ might be poisoning attacks. Note that we decode the name rather
+ than CRC the raw bytes, since replies might be compressed differently.
+ We ignore case in the names for the same reason.
+
+ The hash used is SHA-256. If we're building with DNSSEC support,
+ we use the Nettle cypto library. If not, we prefer not to
+ add a dependency on Nettle, and use a stand-alone implementaion.
+*/
+
+#include "dnsmasq.h"
+
+#ifdef HAVE_DNSSEC
+unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name)
+{
+ int q;
+ unsigned char *p = (unsigned char *)(header+1);
+ const struct nettle_hash *hash;
+ void *ctx;
+ unsigned char *digest;
+
+ if (!(hash = hash_find("sha256")) || !hash_init(hash, &ctx, &digest))
+ {
+ /* don't think this can ever happen. */
+ static unsigned char dummy[HASH_SIZE];
+ static int warned = 0;
+
+ if (warned)
+ my_syslog(LOG_ERR, _("Failed to create SHA-256 hash object"));
+ warned = 1;
+
+ return dummy;
+ }
+
+ for (q = ntohs(header->qdcount); q != 0; q--)
+ {
+ char *cp, c;
+
+ if (!extract_name(header, plen, &p, name, 1, 4))
+ break; /* bad packet */
+
+ for (cp = name; (c = *cp); cp++)
+ if (c >= 'A' && c <= 'Z')
+ *cp += 'a' - 'A';
+
+ hash->update(ctx, cp - name, (unsigned char *)name);
+ /* CRC the class and type as well */
+ hash->update(ctx, 4, p);
+
+ p += 4;
+ if (!CHECK_LEN(header, p, plen, 0))
+ break; /* bad packet */
+ }
+
+ hash->digest(ctx, hash->digest_size, digest);
+ return digest;
+}
+
+#else /* HAVE_DNSSEC */
+
+#define SHA256_BLOCK_SIZE 32 // SHA256 outputs a 32 byte digest
+typedef unsigned char BYTE; // 8-bit byte
+typedef unsigned int WORD; // 32-bit word, change to "long" for 16-bit machines
+
+typedef struct {
+ BYTE data[64];
+ WORD datalen;
+ unsigned long long bitlen;
+ WORD state[8];
+} SHA256_CTX;
+
+static void sha256_init(SHA256_CTX *ctx);
+static void sha256_update(SHA256_CTX *ctx, const BYTE data[], size_t len);
+static void sha256_final(SHA256_CTX *ctx, BYTE hash[]);
+
+
+unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name)
+{
+ int q;
+ unsigned char *p = (unsigned char *)(header+1);
+ SHA256_CTX ctx;
+ static BYTE digest[SHA256_BLOCK_SIZE];
+
+ sha256_init(&ctx);
+
+ for (q = ntohs(header->qdcount); q != 0; q--)
+ {
+ char *cp, c;
+
+ if (!extract_name(header, plen, &p, name, 1, 4))
+ break; /* bad packet */
+
+ for (cp = name; (c = *cp); cp++)
+ if (c >= 'A' && c <= 'Z')
+ *cp += 'a' - 'A';
+
+ sha256_update(&ctx, (BYTE *)name, cp - name);
+ /* CRC the class and type as well */
+ sha256_update(&ctx, (BYTE *)p, 4);
+
+ p += 4;
+ if (!CHECK_LEN(header, p, plen, 0))
+ break; /* bad packet */
+ }
+
+ sha256_final(&ctx, digest);
+ return (unsigned char *)digest;
+}
+
+/* Code from here onwards comes from https://github.com/B-Con/crypto-algorithms
+ and was written by Brad Conte (brad@bradconte.com), to whom all credit is given.
+
+ This code is in the public domain, and the copyright notice at the head of this
+ file does not apply to it.
+*/
+
+
+/****************************** MACROS ******************************/
+#define ROTLEFT(a,b) (((a) << (b)) | ((a) >> (32-(b))))
+#define ROTRIGHT(a,b) (((a) >> (b)) | ((a) << (32-(b))))
+
+#define CH(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
+#define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#define EP0(x) (ROTRIGHT(x,2) ^ ROTRIGHT(x,13) ^ ROTRIGHT(x,22))
+#define EP1(x) (ROTRIGHT(x,6) ^ ROTRIGHT(x,11) ^ ROTRIGHT(x,25))
+#define SIG0(x) (ROTRIGHT(x,7) ^ ROTRIGHT(x,18) ^ ((x) >> 3))
+#define SIG1(x) (ROTRIGHT(x,17) ^ ROTRIGHT(x,19) ^ ((x) >> 10))
+
+/**************************** VARIABLES *****************************/
+static const WORD k[64] = {
+ 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
+ 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
+ 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
+ 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
+ 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
+ 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
+ 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
+ 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+};
+
+/*********************** FUNCTION DEFINITIONS ***********************/
+static void sha256_transform(SHA256_CTX *ctx, const BYTE data[])
+{
+ WORD a, b, c, d, e, f, g, h, i, j, t1, t2, m[64];
+
+ for (i = 0, j = 0; i < 16; ++i, j += 4)
+ m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | (data[j + 3]);
+ for ( ; i < 64; ++i)
+ m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16];
+
+ a = ctx->state[0];
+ b = ctx->state[1];
+ c = ctx->state[2];
+ d = ctx->state[3];
+ e = ctx->state[4];
+ f = ctx->state[5];
+ g = ctx->state[6];
+ h = ctx->state[7];
+
+ for (i = 0; i < 64; ++i)
+ {
+ t1 = h + EP1(e) + CH(e,f,g) + k[i] + m[i];
+ t2 = EP0(a) + MAJ(a,b,c);
+ h = g;
+ g = f;
+ f = e;
+ e = d + t1;
+ d = c;
+ c = b;
+ b = a;
+ a = t1 + t2;
+ }
+
+ ctx->state[0] += a;
+ ctx->state[1] += b;
+ ctx->state[2] += c;
+ ctx->state[3] += d;
+ ctx->state[4] += e;
+ ctx->state[5] += f;
+ ctx->state[6] += g;
+ ctx->state[7] += h;
+}
+
+static void sha256_init(SHA256_CTX *ctx)
+{
+ ctx->datalen = 0;
+ ctx->bitlen = 0;
+ ctx->state[0] = 0x6a09e667;
+ ctx->state[1] = 0xbb67ae85;
+ ctx->state[2] = 0x3c6ef372;
+ ctx->state[3] = 0xa54ff53a;
+ ctx->state[4] = 0x510e527f;
+ ctx->state[5] = 0x9b05688c;
+ ctx->state[6] = 0x1f83d9ab;
+ ctx->state[7] = 0x5be0cd19;
+}
+
+static void sha256_update(SHA256_CTX *ctx, const BYTE data[], size_t len)
+{
+ WORD i;
+
+ for (i = 0; i < len; ++i)
+ {
+ ctx->data[ctx->datalen] = data[i];
+ ctx->datalen++;
+ if (ctx->datalen == 64) {
+ sha256_transform(ctx, ctx->data);
+ ctx->bitlen += 512;
+ ctx->datalen = 0;
+ }
+ }
+}
+
+static void sha256_final(SHA256_CTX *ctx, BYTE hash[])
+{
+ WORD i;
+
+ i = ctx->datalen;
+
+ // Pad whatever data is left in the buffer.
+ if (ctx->datalen < 56)
+ {
+ ctx->data[i++] = 0x80;
+ while (i < 56)
+ ctx->data[i++] = 0x00;
+ }
+ else
+ {
+ ctx->data[i++] = 0x80;
+ while (i < 64)
+ ctx->data[i++] = 0x00;
+ sha256_transform(ctx, ctx->data);
+ memset(ctx->data, 0, 56);
+ }
+
+ // Append to the padding the total message's length in bits and transform.
+ ctx->bitlen += ctx->datalen * 8;
+ ctx->data[63] = ctx->bitlen;
+ ctx->data[62] = ctx->bitlen >> 8;
+ ctx->data[61] = ctx->bitlen >> 16;
+ ctx->data[60] = ctx->bitlen >> 24;
+ ctx->data[59] = ctx->bitlen >> 32;
+ ctx->data[58] = ctx->bitlen >> 40;
+ ctx->data[57] = ctx->bitlen >> 48;
+ ctx->data[56] = ctx->bitlen >> 56;
+ sha256_transform(ctx, ctx->data);
+
+ // Since this implementation uses little endian byte ordering and SHA uses big endian,
+ // reverse all the bytes when copying the final state to the output hash.
+ for (i = 0; i < 4; ++i)
+ {
+ hash[i] = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 4] = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 8] = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 20] = (ctx->state[5] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 24] = (ctx->state[6] >> (24 - i * 8)) & 0x000000ff;
+ hash[i + 28] = (ctx->state[7] >> (24 - i * 8)) & 0x000000ff;
+ }
+}
+
+#endif
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -333,55 +333,6 @@ unsigned char *skip_section(unsigned cha
return ansp;
}
-/* CRC the question section. This is used to safely detect query
- retransmission and to detect answers to questions we didn't ask, which
- might be poisoning attacks. Note that we decode the name rather
- than CRC the raw bytes, since replies might be compressed differently.
- We ignore case in the names for the same reason. Return all-ones
- if there is not question section. */
-#ifndef HAVE_DNSSEC
-unsigned int questions_crc(struct dns_header *header, size_t plen, char *name)
-{
- int q;
- unsigned int crc = 0xffffffff;
- unsigned char *p1, *p = (unsigned char *)(header+1);
-
- for (q = ntohs(header->qdcount); q != 0; q--)
- {
- if (!extract_name(header, plen, &p, name, 1, 4))
- return crc; /* bad packet */
-
- for (p1 = (unsigned char *)name; *p1; p1++)
- {
- int i = 8;
- char c = *p1;
-
- if (c >= 'A' && c <= 'Z')
- c += 'a' - 'A';
-
- crc ^= c << 24;
- while (i--)
- crc = crc & 0x80000000 ? (crc << 1) ^ 0x04c11db7 : crc << 1;
- }
-
- /* CRC the class and type as well */
- for (p1 = p; p1 < p+4; p1++)
- {
- int i = 8;
- crc ^= *p1 << 24;
- while (i--)
- crc = crc & 0x80000000 ? (crc << 1) ^ 0x04c11db7 : crc << 1;
- }
-
- p += 4;
- if (!CHECK_LEN(header, p, plen, 0))
- return crc; /* bad packet */
- }
-
- return crc;
-}
-#endif
-
size_t resize_packet(struct dns_header *header, size_t plen, unsigned char *pheader, size_t hlen)
{
unsigned char *ansp = skip_questions(header, plen);

122
package/network/services/dnsmasq/patches/0105-Optimse-RR-digest-calculation-in-DNSSEC.patch Normal file
View File

@@ -0,0 +1,122 @@
From 059aded0700309308dafd9720b0313ce52f6e189 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Thu, 12 Nov 2020 23:09:15 +0000
Subject: Optimse RR digest calculation in DNSSEC.
If an RR is of a type which doesn't need canonicalisation,
bypass the relatively slow canonicalisation code, and insert
it direct into the digest.
---
src/dnssec.c | 82 +++++++++++++++++++++++++++++++---------------------
1 file changed, 49 insertions(+), 33 deletions(-)
--- a/src/dnssec.c
+++ b/src/dnssec.c
@@ -559,7 +559,7 @@ static int validate_rrset(time_t now, st
hash->update(ctx, (unsigned int)wire_len, (unsigned char*)keyname);
from_wire(keyname);
-#define RRBUFLEN 300 /* Most RRs are smaller than this. */
+#define RRBUFLEN 128 /* Most RRs are smaller than this. */
for (i = 0; i < rrsetidx; ++i)
{
@@ -597,50 +597,66 @@ static int validate_rrset(time_t now, st
hash->update(ctx, (unsigned int)wire_len, (unsigned char *)name_start);
hash->update(ctx, 4, p); /* class and type */
hash->update(ctx, 4, (unsigned char *)&nsigttl);
-
- p += 8; /* skip class, type, ttl */
+
+ p += 8; /* skip type, class, ttl */
GETSHORT(rdlen, p);
if (!CHECK_LEN(header, p, plen, rdlen))
return STAT_BOGUS;
-
- /* canonicalise rdata and calculate length of same, use
- name buffer as workspace for get_rdata. */
- state.ip = p;
- state.op = NULL;
- state.desc = rr_desc;
- state.buff = name;
- state.end = p + rdlen;
-
- for (j = 0; get_rdata(header, plen, &state); j++)
- if (j < RRBUFLEN)
- rrbuf[j] = *state.op;
- len = htons((u16)j);
- hash->update(ctx, 2, (unsigned char *)&len);
-
- /* If the RR is shorter than RRBUFLEN (most of them, in practice)
- then we can just digest it now. If it exceeds RRBUFLEN we have to
- go back to the start and do it in chunks. */
- if (j >= RRBUFLEN)
+ /* Optimisation for RR types which need no cannonicalisation.
+ This includes DNSKEY DS NSEC and NSEC3, which are also long, so
+ it saves lots of calls to get_rdata, and avoids the pessimal
+ segmented insertion, even with a small rrbuf[].
+
+ If canonicalisation is not needed, a simple insertion into the hash works.
+ */
+ if (*rr_desc == (u16)-1)
+ {
+ len = htons(rdlen);
+ hash->update(ctx, 2, (unsigned char *)&len);
+ hash->update(ctx, rdlen, p);
+ }
+ else
{
+ /* canonicalise rdata and calculate length of same, use
+ name buffer as workspace for get_rdata. */
state.ip = p;
state.op = NULL;
state.desc = rr_desc;
-
+ state.buff = name;
+ state.end = p + rdlen;
+
for (j = 0; get_rdata(header, plen, &state); j++)
+ if (j < RRBUFLEN)
+ rrbuf[j] = *state.op;
+
+ len = htons((u16)j);
+ hash->update(ctx, 2, (unsigned char *)&len);
+
+ /* If the RR is shorter than RRBUFLEN (most of them, in practice)
+ then we can just digest it now. If it exceeds RRBUFLEN we have to
+ go back to the start and do it in chunks. */
+ if (j >= RRBUFLEN)
{
- rrbuf[j] = *state.op;
-
- if (j == RRBUFLEN - 1)
- {
- hash->update(ctx, RRBUFLEN, rrbuf);
- j = -1;
- }
+ state.ip = p;
+ state.op = NULL;
+ state.desc = rr_desc;
+
+ for (j = 0; get_rdata(header, plen, &state); j++)
+ {
+ rrbuf[j] = *state.op;
+
+ if (j == RRBUFLEN - 1)
+ {
+ hash->update(ctx, RRBUFLEN, rrbuf);
+ j = -1;
+ }
+ }
}
+
+ if (j != 0)
+ hash->update(ctx, j, rrbuf);
}
-
- if (j != 0)
- hash->update(ctx, j, rrbuf);
}
hash->digest(ctx, hash->digest_size, digest);

64
package/network/services/dnsmasq/patches/0107-Add-missing-check-for-NULL-return-from-allocate_rfd.patch Normal file
View File

@@ -0,0 +1,64 @@
From 824461192ca5098043f9ca4ddeba7df1f65b30ba Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sun, 15 Nov 2020 22:13:25 +0000
Subject: Add missing check for NULL return from allocate_rfd().
---
src/forward.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
--- a/src/forward.c
+++ b/src/forward.c
@@ -815,7 +815,6 @@ void reply_query(int fd, int family, tim
int is_sign;
#ifdef HAVE_DNSSEC
- /* For DNSSEC originated queries, just retry the query to the same server. */
if (forward->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY))
{
struct server *start;
@@ -841,6 +840,8 @@ void reply_query(int fd, int family, tim
}
+ fd = -1;
+
if (start->sfd)
fd = start->sfd->fd;
else
@@ -848,19 +849,21 @@ void reply_query(int fd, int family, tim
if (start->addr.sa.sa_family == AF_INET6)
{
/* may have changed family */
- if (!forward->rfd6)
- forward->rfd6 = allocate_rfd(AF_INET6);
- fd = forward->rfd6->fd;
+ if (forward->rfd6 || (forward->rfd6 = allocate_rfd(AF_INET6)))
+ fd = forward->rfd6->fd;
}
else
{
/* may have changed family */
- if (!forward->rfd4)
- forward->rfd4 = allocate_rfd(AF_INET);
- fd = forward->rfd4->fd;
+ if (forward->rfd4 || (forward->rfd4 = allocate_rfd(AF_INET)))
+ fd = forward->rfd4->fd;
}
}
+ /* Can't get socket. */
+ if (fd == -1)
+ return;
+
while (retry_send(sendto(fd, (char *)header, plen, 0,
&start->addr.sa,
sa_len(&start->addr))));
@@ -2261,7 +2264,6 @@ struct frec *get_new_frec(time_t now, in
return f; /* OK if malloc fails and this is NULL */
}
-/* crc is all-ones if not known. */
static struct frec *lookup_frec(unsigned short id, int fd, int family, void *hash)
{
struct frec *f;

352
package/network/services/dnsmasq/patches/0108-Handle-multiple-identical-near-simultaneous-DNS-quer.patch Normal file
View File

@@ -0,0 +1,352 @@
From 15b60ddf935a531269bb8c68198de012a4967156 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 18 Nov 2020 18:34:55 +0000
Subject: Handle multiple identical near simultaneous DNS queries better.
Previously, such queries would all be forwarded
independently. This is, in theory, inefficent but in practise
not a problem, _except_ that is means that an answer for any
of the forwarded queries will be accepted and cached.
An attacker can send a query multiple times, and for each repeat,
another {port, ID} becomes capable of accepting the answer he is
sending in the blind, to random IDs and ports. The chance of a
succesful attack is therefore multiplied by the number of repeats
of the query. The new behaviour detects repeated queries and
merely stores the clients sending repeats so that when the
first query completes, the answer can be sent to all the
clients who asked. Refer: CERT VU#434904.
---
CHANGELOG | 16 +++++-
src/dnsmasq.h | 19 ++++---
src/forward.c | 142 ++++++++++++++++++++++++++++++++++++++++++--------
3 files changed, 147 insertions(+), 30 deletions(-)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,13 +4,27 @@
Be sure to only accept UDP DNS query replies at the address
from which the query was originated. This keeps as much entropy
- in the {query-ID, random-port} tuple as possible, help defeat
+ in the {query-ID, random-port} tuple as possible, to help defeat
cache poisoning attacks. Refer: CERT VU#434904.
Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
+
+ Handle multiple identical near simultaneous DNS queries better.
+ Previously, such queries would all be forwarded
+ independently. This is, in theory, inefficent but in practise
+ not a problem, _except_ that is means that an answer for any
+ of the forwarded queries will be accepted and cached.
+ An attacker can send a query multiple times, and for each repeat,
+ another {port, ID} becomes capable of accepting the answer he is
+ sending in the blind, to random IDs and ports. The chance of a
+ succesful attack is therefore multiplied by the number of repeats
+ of the query. The new behaviour detects repeated queries and
+ merely stores the clients sending repeats so that when the
+ first query completes, the answer can be sent to all the
+ clients who asked. Refer: CERT VU#434904.
version 2.81
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -642,19 +642,24 @@ struct hostsfile {
#define FREC_DO_QUESTION 64
#define FREC_ADDED_PHEADER 128
#define FREC_TEST_PKTSZ 256
-#define FREC_HAS_EXTRADATA 512
+#define FREC_HAS_EXTRADATA 512
+#define FREC_HAS_PHEADER 1024
#define HASH_SIZE 32 /* SHA-256 digest size */
struct frec {
- union mysockaddr source;
- union all_addr dest;
+ struct frec_src {
+ union mysockaddr source;
+ union all_addr dest;
+ unsigned int iface, log_id;
+ unsigned short orig_id;
+ struct frec_src *next;
+ } frec_src;
struct server *sentto; /* NULL means free */
struct randfd *rfd4;
struct randfd *rfd6;
- unsigned int iface;
- unsigned short orig_id, new_id;
- int log_id, fd, forwardall, flags;
+ unsigned short new_id;
+ int fd, forwardall, flags;
time_t time;
unsigned char *hash[HASH_SIZE];
#ifdef HAVE_DNSSEC
@@ -1069,6 +1074,8 @@ extern struct daemon {
int back_to_the_future;
#endif
struct frec *frec_list;
+ struct frec_src *free_frec_src;
+ int frec_src_count;
struct serverfd *sfds;
struct irec *interfaces;
struct listener *listeners;
--- a/src/forward.c
+++ b/src/forward.c
@@ -20,6 +20,8 @@ static struct frec *lookup_frec(unsigned
static struct frec *lookup_frec_by_sender(unsigned short id,
union mysockaddr *addr,
void *hash);
+static struct frec *lookup_frec_by_query(void *hash, unsigned int flags);
+
static unsigned short get_id(void);
static void free_frec(struct frec *f);
@@ -247,6 +249,7 @@ static int forward_query(int udpfd, unio
int type = SERV_DO_DNSSEC, norebind = 0;
union all_addr *addrp = NULL;
unsigned int flags = 0;
+ unsigned int fwd_flags = 0;
struct server *start = NULL;
void *hash = hash_questions(header, plen, daemon->namebuff);
#ifdef HAVE_DNSSEC
@@ -255,7 +258,18 @@ static int forward_query(int udpfd, unio
unsigned int gotname = extract_request(header, plen, daemon->namebuff, NULL);
unsigned char *oph = find_pseudoheader(header, plen, NULL, NULL, NULL, NULL);
(void)do_bit;
-
+
+ if (header->hb4 & HB4_CD)
+ fwd_flags |= FREC_CHECKING_DISABLED;
+ if (ad_reqd)
+ fwd_flags |= FREC_AD_QUESTION;
+ if (oph)
+ fwd_flags |= FREC_HAS_PHEADER;
+#ifdef HAVE_DNSSEC
+ if (do_bit)
+ fwd_flags |= FREC_DO_QUESTION;
+#endif
+
/* may be no servers available. */
if (forward || (forward = lookup_frec_by_sender(ntohs(header->id), udpaddr, hash)))
{
@@ -328,6 +342,39 @@ static int forward_query(int udpfd, unio
}
else
{
+ /* Query from new source, but the same query may be in progress
+ from another source. If so, just add this client to the
+ list that will get the reply.
+
+ Note that is the EDNS client subnet option is in use, we can't do this,
+ as the clients (and therefore query EDNS options) will be different
+ for each query. The EDNS subnet code has checks to avoid
+ attacks in this case. */
+ if (!option_bool(OPT_CLIENT_SUBNET) && (forward = lookup_frec_by_query(hash, fwd_flags)))
+ {
+ /* Note whine_malloc() zeros memory. */
+ if (!daemon->free_frec_src &&
+ daemon->frec_src_count < daemon->ftabsize &&
+ (daemon->free_frec_src = whine_malloc(sizeof(struct frec_src))))
+ daemon->frec_src_count++;
+
+ /* If we've been spammed with many duplicates, just drop the query. */
+ if (daemon->free_frec_src)
+ {
+ struct frec_src *new = daemon->free_frec_src;
+ daemon->free_frec_src = new->next;
+ new->next = forward->frec_src.next;
+ forward->frec_src.next = new;
+ new->orig_id = ntohs(header->id);
+ new->source = *udpaddr;
+ new->dest = *dst_addr;
+ new->log_id = daemon->log_id;
+ new->iface = dst_iface;
+ }
+
+ return 1;
+ }
+
if (gotname)
flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain, &norebind);
@@ -335,22 +382,22 @@ static int forward_query(int udpfd, unio
do_dnssec = type & SERV_DO_DNSSEC;
#endif
type &= ~SERV_DO_DNSSEC;
-
+
if (daemon->servers && !flags)
forward = get_new_frec(now, NULL, 0);
/* table full - flags == 0, return REFUSED */
if (forward)
{
- forward->source = *udpaddr;
- forward->dest = *dst_addr;
- forward->iface = dst_iface;
- forward->orig_id = ntohs(header->id);
+ forward->frec_src.source = *udpaddr;
+ forward->frec_src.orig_id = ntohs(header->id);
+ forward->frec_src.dest = *dst_addr;
+ forward->frec_src.iface = dst_iface;
forward->new_id = get_id();
forward->fd = udpfd;
memcpy(forward->hash, hash, HASH_SIZE);
forward->forwardall = 0;
- forward->flags = 0;
+ forward->flags = fwd_flags;
if (norebind)
forward->flags |= FREC_NOREBIND;
if (header->hb4 & HB4_CD)
@@ -405,9 +452,9 @@ static int forward_query(int udpfd, unio
unsigned char *pheader;
/* If a query is retried, use the log_id for the retry when logging the answer. */
- forward->log_id = daemon->log_id;
+ forward->frec_src.log_id = daemon->log_id;
- plen = add_edns0_config(header, plen, ((unsigned char *)header) + PACKETSZ, &forward->source, now, &subnet);
+ plen = add_edns0_config(header, plen, ((unsigned char *)header) + PACKETSZ, &forward->frec_src.source, now, &subnet);
if (subnet)
forward->flags |= FREC_HAS_SUBNET;
@@ -544,7 +591,7 @@ static int forward_query(int udpfd, unio
return 1;
/* could not send on, prepare to return */
- header->id = htons(forward->orig_id);
+ header->id = htons(forward->frec_src.orig_id);
free_frec(forward); /* cancel */
}
@@ -796,8 +843,8 @@ void reply_query(int fd, int family, tim
/* log_query gets called indirectly all over the place, so
pass these in global variables - sorry. */
- daemon->log_display_id = forward->log_id;
- daemon->log_source_addr = &forward->source;
+ daemon->log_display_id = forward->frec_src.log_id;
+ daemon->log_source_addr = &forward->frec_src.source;
if (daemon->ignore_addr && RCODE(header) == NOERROR &&
check_for_ignored_address(header, n, daemon->ignore_addr))
@@ -1065,6 +1112,7 @@ void reply_query(int fd, int family, tim
new->sentto = server;
new->rfd4 = NULL;
new->rfd6 = NULL;
+ new->frec_src.next = NULL;
new->flags &= ~(FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_HAS_EXTRADATA);
new->forwardall = 0;
@@ -1199,9 +1247,11 @@ void reply_query(int fd, int family, tim
if ((nn = process_reply(header, now, forward->sentto, (size_t)n, check_rebind, no_cache_dnssec, cache_secure, bogusanswer,
forward->flags & FREC_AD_QUESTION, forward->flags & FREC_DO_QUESTION,
- forward->flags & FREC_ADDED_PHEADER, forward->flags & FREC_HAS_SUBNET, &forward->source)))
+ forward->flags & FREC_ADDED_PHEADER, forward->flags & FREC_HAS_SUBNET, &forward->frec_src.source)))
{
- header->id = htons(forward->orig_id);
+ struct frec_src *src;
+
+ header->id = htons(forward->frec_src.orig_id);
header->hb4 |= HB4_RA; /* recursion if available */
#ifdef HAVE_DNSSEC
/* We added an EDNSO header for the purpose of getting DNSSEC RRs, and set the value of the UDP payload size
@@ -1217,13 +1267,26 @@ void reply_query(int fd, int family, tim
}
#endif
+ for (src = &forward->frec_src; src; src = src->next)
+ {
+ header->id = htons(src->orig_id);
+
#ifdef HAVE_DUMPFILE
- dump_packet(DUMP_REPLY, daemon->packet, (size_t)nn, NULL, &forward->source);
+ dump_packet(DUMP_REPLY, daemon->packet, (size_t)nn, NULL, &src->source);
#endif
-
- send_from(forward->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn,
- &forward->source, &forward->dest, forward->iface);
+
+ send_from(forward->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn,
+ &src->source, &src->dest, src->iface);
+
+ if (option_bool(OPT_EXTRALOG) && src != &forward->frec_src)
+ {
+ daemon->log_display_id = src->log_id;
+ daemon->log_source_addr = &src->source;
+ log_query(F_UPSTREAM, "query", NULL, "duplicate");
+ }
+ }
}
+
free_frec(forward); /* cancel */
}
}
@@ -2153,6 +2216,17 @@ void free_rfd(struct randfd *rfd)
static void free_frec(struct frec *f)
{
+ struct frec_src *src, *tmp;
+
+ /* add back to freelist of not the record builtin to every frec. */
+ for (src = f->frec_src.next; src; src = tmp)
+ {
+ tmp = src->next;
+ src->next = daemon->free_frec_src;
+ daemon->free_frec_src = src;
+ }
+
+ f->frec_src.next = NULL;
free_rfd(f->rfd4);
f->rfd4 = NULL;
f->sentto = NULL;
@@ -2292,17 +2366,39 @@ static struct frec *lookup_frec_by_sende
void *hash)
{
struct frec *f;
+ struct frec_src *src;
+
+ for (f = daemon->frec_list; f; f = f->next)
+ if (f->sentto &&
+ !(f->flags & (FREC_DNSKEY_QUERY | FREC_DS_QUERY)) &&
+ memcmp(hash, f->hash, HASH_SIZE) == 0)
+ for (src = &f->frec_src; src; src = src->next)
+ if (src->orig_id == id &&
+ sockaddr_isequal(&src->source, addr))
+ return f;
+
+ return NULL;
+}
+
+static struct frec *lookup_frec_by_query(void *hash, unsigned int flags)
+{
+ struct frec *f;
+
+ /* FREC_DNSKEY and FREC_DS_QUERY are never set in flags, so the test below
+ ensures that no frec created for internal DNSSEC query can be returned here. */
+
+#define FLAGMASK (FREC_CHECKING_DISABLED | FREC_AD_QUESTION | FREC_DO_QUESTION \
+ | FREC_HAS_PHEADER | FREC_DNSKEY_QUERY | FREC_DS_QUERY)
for(f = daemon->frec_list; f; f = f->next)
if (f->sentto &&
- f->orig_id == id &&
- memcmp(hash, f->hash, HASH_SIZE) == 0 &&
- sockaddr_isequal(&f->source, addr))
+ (f->flags & FLAGMASK) == flags &&
+ memcmp(hash, f->hash, HASH_SIZE) == 0)
return f;
-
+
return NULL;
}
-
+
/* Send query packet again, if we can. */
void resend_query()
{

350
package/network/services/dnsmasq/patches/0109-Handle-caching-with-EDNS-options-better.patch Normal file
View File

@@ -0,0 +1,350 @@
From 25e63f1e56f5acdcf91893a1b92ad1e0f2f552d8 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Wed, 25 Nov 2020 21:17:52 +0000
Subject: Handle caching with EDNS options better.
If we add the EDNS client subnet option, or the client's
MAC address, then the reply we get back may very depending on
that. Since the cache is ignorant of such things, it's not safe to
cache such replies. This patch determines when a dangerous EDNS
option is being added and disables caching.
Note that for much the same reason, we can't combine multiple
queries for the same question when dangerous EDNS options are
being added, and the code now handles that in the same way. This
query combining is required for security against cache poisoning,
so disabling the cache has a security function as well as a
correctness one.
---
man/dnsmasq.8 | 4 +--
src/dnsmasq.h | 3 ++-
src/edns0.c | 75 ++++++++++++++++++++++++++++++++-------------------
src/forward.c | 41 ++++++++++++++++++----------
4 files changed, 78 insertions(+), 45 deletions(-)
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -690,8 +690,8 @@ still marks the request so that no upstr
address information either. The default is zero for both IPv4 and
IPv6. Note that upstream nameservers may be configured to return
different results based on this information, but the dnsmasq cache
-does not take account. If a dnsmasq instance is configured such that
-different results may be encountered, caching should be disabled.
+does not take account. Caching is therefore disabled for such replies,
+unless the subnet address being added is constant.
For example,
.B --add-subnet=24,96
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -644,6 +644,7 @@ struct hostsfile {
#define FREC_TEST_PKTSZ 256
#define FREC_HAS_EXTRADATA 512
#define FREC_HAS_PHEADER 1024
+#define FREC_NO_CACHE 2048
#define HASH_SIZE 32 /* SHA-256 digest size */
@@ -1628,7 +1629,7 @@ size_t add_pseudoheader(struct dns_heade
unsigned short udp_sz, int optno, unsigned char *opt, size_t optlen, int set_do, int replace);
size_t add_do_bit(struct dns_header *header, size_t plen, unsigned char *limit);
size_t add_edns0_config(struct dns_header *header, size_t plen, unsigned char *limit,
- union mysockaddr *source, time_t now, int *check_subnet);
+ union mysockaddr *source, time_t now, int *check_subnet, int *cacheable);
int check_source(struct dns_header *header, size_t plen, unsigned char *pseudoheader, union mysockaddr *peer);
/* arp.c */
--- a/src/edns0.c
+++ b/src/edns0.c
@@ -264,7 +264,8 @@ static void encoder(unsigned char *in, c
out[3] = char64(in[2]);
}
-static size_t add_dns_client(struct dns_header *header, size_t plen, unsigned char *limit, union mysockaddr *l3, time_t now)
+static size_t add_dns_client(struct dns_header *header, size_t plen, unsigned char *limit,
+ union mysockaddr *l3, time_t now, int *cacheablep)
{
int maclen, replace = 2; /* can't get mac address, just delete any incoming. */
unsigned char mac[DHCP_CHADDR_MAX];
@@ -273,6 +274,7 @@ static size_t add_dns_client(struct dns_
if ((maclen = find_mac(l3, mac, 1, now)) == 6)
{
replace = 1;
+ *cacheablep = 0;
if (option_bool(OPT_MAC_HEX))
print_mac(encode, mac, maclen);
@@ -288,14 +290,18 @@ static size_t add_dns_client(struct dns_
}
-static size_t add_mac(struct dns_header *header, size_t plen, unsigned char *limit, union mysockaddr *l3, time_t now)
+static size_t add_mac(struct dns_header *header, size_t plen, unsigned char *limit,
+ union mysockaddr *l3, time_t now, int *cacheablep)
{
int maclen;
unsigned char mac[DHCP_CHADDR_MAX];
if ((maclen = find_mac(l3, mac, 1, now)) != 0)
- plen = add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_MAC, mac, maclen, 0, 0);
-
+ {
+ *cacheablep = 0;
+ plen = add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_MAC, mac, maclen, 0, 0);
+ }
+
return plen;
}
@@ -313,17 +319,18 @@ static void *get_addrp(union mysockaddr
return &addr->in.sin_addr;
}
-static size_t calc_subnet_opt(struct subnet_opt *opt, union mysockaddr *source)
+static size_t calc_subnet_opt(struct subnet_opt *opt, union mysockaddr *source, int *cacheablep)
{
/* http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-02 */
int len;
void *addrp = NULL;
int sa_family = source->sa.sa_family;
-
+ int cacheable = 0;
+
opt->source_netmask = 0;
opt->scope_netmask = 0;
-
+
if (source->sa.sa_family == AF_INET6 && daemon->add_subnet6)
{
opt->source_netmask = daemon->add_subnet6->mask;
@@ -331,6 +338,7 @@ static size_t calc_subnet_opt(struct sub
{
sa_family = daemon->add_subnet6->addr.sa.sa_family;
addrp = get_addrp(&daemon->add_subnet6->addr, sa_family);
+ cacheable = 1;
}
else
addrp = &source->in6.sin6_addr;
@@ -343,6 +351,7 @@ static size_t calc_subnet_opt(struct sub
{
sa_family = daemon->add_subnet4->addr.sa.sa_family;
addrp = get_addrp(&daemon->add_subnet4->addr, sa_family);
+ cacheable = 1; /* Address is constant */
}
else
addrp = &source->in.sin_addr;
@@ -350,8 +359,6 @@ static size_t calc_subnet_opt(struct sub
opt->family = htons(sa_family == AF_INET6 ? 2 : 1);
- len = 0;
-
if (addrp && opt->source_netmask != 0)
{
len = ((opt->source_netmask - 1) >> 3) + 1;
@@ -359,18 +366,26 @@ static size_t calc_subnet_opt(struct sub
if (opt->source_netmask & 7)
opt->addr[len-1] &= 0xff << (8 - (opt->source_netmask & 7));
}
+ else
+ {
+ cacheable = 1; /* No address ever supplied. */
+ len = 0;
+ }
+
+ if (cacheablep)
+ *cacheablep = cacheable;
return len + 4;
}
-static size_t add_source_addr(struct dns_header *header, size_t plen, unsigned char *limit, union mysockaddr *source)
+static size_t add_source_addr(struct dns_header *header, size_t plen, unsigned char *limit, union mysockaddr *source, int *cacheable)
{
/* http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-02 */
int len;
struct subnet_opt opt;
- len = calc_subnet_opt(&opt, source);
+ len = calc_subnet_opt(&opt, source, cacheable);
return add_pseudoheader(header, plen, (unsigned char *)limit, PACKETSZ, EDNS0_OPTION_CLIENT_SUBNET, (unsigned char *)&opt, len, 0, 0);
}
@@ -383,18 +398,18 @@ int check_source(struct dns_header *head
unsigned char *p;
int code, i, rdlen;
- calc_len = calc_subnet_opt(&opt, peer);
-
- if (!(p = skip_name(pseudoheader, header, plen, 10)))
- return 1;
-
- p += 8; /* skip UDP length and RCODE */
+ calc_len = calc_subnet_opt(&opt, peer, NULL);
- GETSHORT(rdlen, p);
- if (!CHECK_LEN(header, p, plen, rdlen))
- return 1; /* bad packet */
-
- /* check if option there */
+ if (!(p = skip_name(pseudoheader, header, plen, 10)))
+ return 1;
+
+ p += 8; /* skip UDP length and RCODE */
+
+ GETSHORT(rdlen, p);
+ if (!CHECK_LEN(header, p, plen, rdlen))
+ return 1; /* bad packet */
+
+ /* check if option there */
for (i = 0; i + 4 < rdlen; i += len + 4)
{
GETSHORT(code, p);
@@ -412,24 +427,28 @@ int check_source(struct dns_header *head
return 1;
}
+/* Set *check_subnet if we add a client subnet option, which needs to checked
+ in the reply. Set *cacheable to zero if we add an option which the answer
+ may depend on. */
size_t add_edns0_config(struct dns_header *header, size_t plen, unsigned char *limit,
- union mysockaddr *source, time_t now, int *check_subnet)
+ union mysockaddr *source, time_t now, int *check_subnet, int *cacheable)
{
*check_subnet = 0;
-
+ *cacheable = 1;
+
if (option_bool(OPT_ADD_MAC))
- plen = add_mac(header, plen, limit, source, now);
+ plen = add_mac(header, plen, limit, source, now, cacheable);
if (option_bool(OPT_MAC_B64) || option_bool(OPT_MAC_HEX))
- plen = add_dns_client(header, plen, limit, source, now);
-
+ plen = add_dns_client(header, plen, limit, source, now, cacheable);
+
if (daemon->dns_client_id)
plen = add_pseudoheader(header, plen, limit, PACKETSZ, EDNS0_OPTION_NOMCPEID,
(unsigned char *)daemon->dns_client_id, strlen(daemon->dns_client_id), 0, 1);
if (option_bool(OPT_CLIENT_SUBNET))
{
- plen = add_source_addr(header, plen, limit, source);
+ plen = add_source_addr(header, plen, limit, source, cacheable);
*check_subnet = 1;
}
--- a/src/forward.c
+++ b/src/forward.c
@@ -344,13 +344,10 @@ static int forward_query(int udpfd, unio
{
/* Query from new source, but the same query may be in progress
from another source. If so, just add this client to the
- list that will get the reply.
+ list that will get the reply.*/
- Note that is the EDNS client subnet option is in use, we can't do this,
- as the clients (and therefore query EDNS options) will be different
- for each query. The EDNS subnet code has checks to avoid
- attacks in this case. */
- if (!option_bool(OPT_CLIENT_SUBNET) && (forward = lookup_frec_by_query(hash, fwd_flags)))
+ if (!option_bool(OPT_ADD_MAC) && !option_bool(OPT_MAC_B64) &&
+ (forward = lookup_frec_by_query(hash, fwd_flags)))
{
/* Note whine_malloc() zeros memory. */
if (!daemon->free_frec_src &&
@@ -447,18 +444,21 @@ static int forward_query(int udpfd, unio
if (!flags && forward)
{
struct server *firstsentto = start;
- int subnet, forwarded = 0;
+ int subnet, cacheable, forwarded = 0;
size_t edns0_len;
unsigned char *pheader;
/* If a query is retried, use the log_id for the retry when logging the answer. */
forward->frec_src.log_id = daemon->log_id;
- plen = add_edns0_config(header, plen, ((unsigned char *)header) + PACKETSZ, &forward->frec_src.source, now, &subnet);
+ plen = add_edns0_config(header, plen, ((unsigned char *)header) + PACKETSZ, &forward->frec_src.source, now, &subnet, &cacheable);
if (subnet)
forward->flags |= FREC_HAS_SUBNET;
-
+
+ if (!cacheable)
+ forward->flags |= FREC_NO_CACHE;
+
#ifdef HAVE_DNSSEC
if (option_bool(OPT_DNSSEC_VALID) && do_dnssec)
{
@@ -642,7 +642,7 @@ static size_t process_reply(struct dns_h
}
}
#endif
-
+
if ((pheader = find_pseudoheader(header, n, &plen, &sizep, &is_sign, NULL)))
{
/* Get extended RCODE. */
@@ -1244,6 +1244,11 @@ void reply_query(int fd, int family, tim
header->hb4 |= HB4_CD;
else
header->hb4 &= ~HB4_CD;
+
+ /* Never cache answers which are contingent on the source or MAC address EDSN0 option,
+ since the cache is ignorant of such things. */
+ if (forward->flags & FREC_NO_CACHE)
+ no_cache_dnssec = 1;
if ((nn = process_reply(header, now, forward->sentto, (size_t)n, check_rebind, no_cache_dnssec, cache_secure, bogusanswer,
forward->flags & FREC_AD_QUESTION, forward->flags & FREC_DO_QUESTION,
@@ -1788,7 +1793,7 @@ unsigned char *tcp_request(int confd, ti
int local_auth = 0;
#endif
int checking_disabled, do_bit, added_pheader = 0, have_pseudoheader = 0;
- int check_subnet, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
+ int check_subnet, cacheable, no_cache_dnssec = 0, cache_secure = 0, bogusanswer = 0;
size_t m;
unsigned short qtype;
unsigned int gotname;
@@ -1959,7 +1964,7 @@ unsigned char *tcp_request(int confd, ti
char *domain = NULL;
unsigned char *oph = find_pseudoheader(header, size, NULL, NULL, NULL, NULL);
- size = add_edns0_config(header, size, ((unsigned char *) header) + 65536, &peer_addr, now, &check_subnet);
+ size = add_edns0_config(header, size, ((unsigned char *) header) + 65536, &peer_addr, now, &check_subnet, &cacheable);
if (gotname)
flags = search_servers(now, &addrp, gotname, daemon->namebuff, &type, &domain, &norebind);
@@ -2122,6 +2127,11 @@ unsigned char *tcp_request(int confd, ti
break;
}
+ /* Never cache answers which are contingent on the source or MAC address EDSN0 option,
+ since the cache is ignorant of such things. */
+ if (!cacheable)
+ no_cache_dnssec = 1;
+
m = process_reply(header, now, last_server, (unsigned int)m,
option_bool(OPT_NO_REBIND) && !norebind, no_cache_dnssec, cache_secure, bogusanswer,
ad_reqd, do_bit, added_pheader, check_subnet, &peer_addr);
@@ -2385,10 +2395,13 @@ static struct frec *lookup_frec_by_query
struct frec *f;
/* FREC_DNSKEY and FREC_DS_QUERY are never set in flags, so the test below
- ensures that no frec created for internal DNSSEC query can be returned here. */
+ ensures that no frec created for internal DNSSEC query can be returned here.
+
+ Similarly FREC_NO_CACHE is never set in flags, so a query which is
+ contigent on a particular source address EDNS0 option will never be matched. */
#define FLAGMASK (FREC_CHECKING_DISABLED | FREC_AD_QUESTION | FREC_DO_QUESTION \
- | FREC_HAS_PHEADER | FREC_DNSKEY_QUERY | FREC_DS_QUERY)
+ | FREC_HAS_PHEADER | FREC_DNSKEY_QUERY | FREC_DS_QUERY | FREC_NO_CACHE)
for(f = daemon->frec_list; f; f = f->next)
if (f->sentto &&

181
package/network/services/dnsmasq/patches/0110-Support-hash-function-from-nettle-only.patch Normal file
View File

@@ -0,0 +1,181 @@
From 2024f9729713fd657d65e64c2e4e471baa0a3e5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
Date: Wed, 25 Nov 2020 17:18:55 +0100
Subject: Support hash function from nettle (only)
Unlike COPTS=-DHAVE_DNSSEC, allow usage of just sha256 function from
nettle, but keep DNSSEC disabled at build time. Skips use of internal
hash implementation without support for validation built-in.
---
Makefile | 8 +++++---
bld/pkg-wrapper | 41 ++++++++++++++++++++++-------------------
src/config.h | 8 ++++++++
src/crypto.c | 7 +++++++
src/dnsmasq.h | 2 +-
src/hash_questions.c | 2 +-
6 files changed, 44 insertions(+), 24 deletions(-)
--- a/Makefile
+++ b/Makefile
@@ -53,7 +53,7 @@ top?=$(CURDIR)
dbus_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --cflags dbus-1`
dbus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DBUS $(PKG_CONFIG) --libs dbus-1`
-ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS "" --copy -lubox -lubus`
+ubus_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_UBUS "" --copy '-lubox -lubus'`
idn_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --cflags libidn`
idn_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_IDN $(PKG_CONFIG) --libs libidn`
idn2_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LIBIDN2 $(PKG_CONFIG) --cflags libidn2`
@@ -62,8 +62,10 @@ ct_cflags = `echo $(COPTS) | $(top)/
ct_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_CONNTRACK $(PKG_CONFIG) --libs libnetfilter_conntrack`
lua_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --cflags lua5.2`
lua_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_LUASCRIPT $(PKG_CONFIG) --libs lua5.2`
-nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags nettle hogweed`
-nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs nettle hogweed`
+nettle_cflags = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --cflags 'nettle hogweed' \
+ HAVE_NETTLEHASH $(PKG_CONFIG) --cflags nettle`
+nettle_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC $(PKG_CONFIG) --libs 'nettle hogweed' \
+ HAVE_NETTLEHASH $(PKG_CONFIG) --libs nettle`
gmp_libs = `echo $(COPTS) | $(top)/bld/pkg-wrapper HAVE_DNSSEC NO_GMP --copy -lgmp`
sunos_libs = `if uname | grep SunOS >/dev/null 2>&1; then echo -lsocket -lnsl -lposix4; fi`
version = -DVERSION='\"`$(top)/bld/get-version $(top)`\"'
--- a/bld/pkg-wrapper
+++ b/bld/pkg-wrapper
@@ -1,35 +1,37 @@
#!/bin/sh
-search=$1
-shift
-pkg=$1
-shift
-op=$1
-shift
-
in=`cat`
-if grep "^\#[[:space:]]*define[[:space:]]*$search" config.h >/dev/null 2>&1 || \
- echo $in | grep $search >/dev/null 2>&1; then
+search()
+{
+ grep "^\#[[:space:]]*define[[:space:]]*$1" config.h >/dev/null 2>&1 || \
+ echo $in | grep $1 >/dev/null 2>&1
+}
+
+while [ "$#" -gt 0 ]; do
+ search=$1
+ pkg=$2
+ op=$3
+ lib=$4
+ shift 4
+if search "$search"; then
+
# Nasty, nasty, in --copy, arg 2 (if non-empty) is another config to search for, used with NO_GMP
if [ $op = "--copy" ]; then
if [ -z "$pkg" ]; then
- pkg="$*"
- elif grep "^\#[[:space:]]*define[[:space:]]*$pkg" config.h >/dev/null 2>&1 || \
- echo $in | grep $pkg >/dev/null 2>&1; then
+ pkg="$lib"
+ elif search "$pkg"; then
pkg=""
else
- pkg="$*"
+ pkg="$lib"
fi
- elif grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
- echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
- pkg=`$pkg --static $op $*`
+ elif search "${search}_STATIC"; then
+ pkg=`$pkg --static $op $lib`
else
- pkg=`$pkg $op $*`
+ pkg=`$pkg $op $lib`
fi
- if grep "^\#[[:space:]]*define[[:space:]]*${search}_STATIC" config.h >/dev/null 2>&1 || \
- echo $in | grep ${search}_STATIC >/dev/null 2>&1; then
+ if search "${search}_STATIC"; then
if [ $op = "--libs" ] || [ $op = "--copy" ]; then
echo "-Wl,-Bstatic $pkg -Wl,-Bdynamic"
else
@@ -40,3 +42,4 @@ if grep "^\#[[:space:]]*define[[:space:]
fi
fi
+done
--- a/src/config.h
+++ b/src/config.h
@@ -117,6 +117,9 @@ HAVE_AUTH
define this to include the facility to act as an authoritative DNS
server for one or more zones.
+HAVE_NETTLEHASH
+ include just hash function from nettle, but no DNSSEC.
+
HAVE_DNSSEC
include DNSSEC validator.
@@ -184,6 +187,7 @@ RESOLVFILE
/* #define HAVE_IDN */
/* #define HAVE_LIBIDN2 */
/* #define HAVE_CONNTRACK */
+/* #define HAVE_NETTLEHASH */
/* #define HAVE_DNSSEC */
@@ -408,6 +412,10 @@ static char *compile_opts =
"no-"
#endif
"auth "
+#if !defined(HAVE_NETTLEHASH) && !defined(HAVE_DNSSEC)
+"no-"
+#endif
+"nettlehash "
#ifndef HAVE_DNSSEC
"no-"
#endif
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -23,6 +23,9 @@
#include <nettle/ecdsa.h>
#include <nettle/ecc-curve.h>
#include <nettle/eddsa.h>
+#endif
+
+#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
#include <nettle/nettle-meta.h>
#include <nettle/bignum.h>
@@ -165,6 +168,10 @@ int hash_init(const struct nettle_hash *
return 1;
}
+
+#endif
+
+#ifdef HAVE_DNSSEC
static int dnsmasq_rsa_verify(struct blockdata *key_data, unsigned int key_len, unsigned char *sig, size_t sig_len,
unsigned char *digest, size_t digest_len, int algo)
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -150,7 +150,7 @@ extern int capget(cap_user_header_t head
#include <priv.h>
#endif
-#ifdef HAVE_DNSSEC
+#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
# include <nettle/nettle-meta.h>
#endif
--- a/src/hash_questions.c
+++ b/src/hash_questions.c
@@ -28,7 +28,7 @@
#include "dnsmasq.h"
-#ifdef HAVE_DNSSEC
+#if defined(HAVE_DNSSEC) || defined(HAVE_NETTLEHASH)
unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name)
{
int q;

56
package/network/services/dnsmasq/patches/0111-Small-cleanups-in-frec_src-datastucture-handling.patch Normal file
View File

@@ -0,0 +1,56 @@
From 6a6e06fbb0d4690507ceaf2bb6f0d8910f3d4914 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 4 Dec 2020 18:35:11 +0000
Subject: Small cleanups in frec_src datastucture handling.
---
src/forward.c | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
--- a/src/forward.c
+++ b/src/forward.c
@@ -353,7 +353,10 @@ static int forward_query(int udpfd, unio
if (!daemon->free_frec_src &&
daemon->frec_src_count < daemon->ftabsize &&
(daemon->free_frec_src = whine_malloc(sizeof(struct frec_src))))
- daemon->frec_src_count++;
+ {
+ daemon->frec_src_count++;
+ daemon->free_frec_src->next = NULL;
+ }
/* If we've been spammed with many duplicates, just drop the query. */
if (daemon->free_frec_src)
@@ -390,6 +393,7 @@ static int forward_query(int udpfd, unio
forward->frec_src.orig_id = ntohs(header->id);
forward->frec_src.dest = *dst_addr;
forward->frec_src.iface = dst_iface;
+ forward->frec_src.next = NULL;
forward->new_id = get_id();
forward->fd = udpfd;
memcpy(forward->hash, hash, HASH_SIZE);
@@ -2226,16 +2230,16 @@ void free_rfd(struct randfd *rfd)
static void free_frec(struct frec *f)
{
- struct frec_src *src, *tmp;
-
- /* add back to freelist of not the record builtin to every frec. */
- for (src = f->frec_src.next; src; src = tmp)
+ struct frec_src *last;
+
+ /* add back to freelist if not the record builtin to every frec. */
+ for (last = f->frec_src.next; last && last->next; last = last->next) ;
+ if (last)
{
- tmp = src->next;
- src->next = daemon->free_frec_src;
- daemon->free_frec_src = src;
+ last->next = daemon->free_frec_src;
+ daemon->free_frec_src = f->frec_src.next;
}
-
+
f->frec_src.next = NULL;
free_rfd(f->rfd4);
f->rfd4 = NULL;

41
package/network/services/dnsmasq/patches/0112-Add-CVE-numbers-to-security-update-descriptions-in-C.patch Normal file
View File

@@ -0,0 +1,41 @@
From e01e09c7125b40646aff4a582672e711a18a69a4 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 8 Jan 2021 22:50:03 +0000
Subject: Add CVE numbers to security update descriptions in CHANGELOG
---
CHANGELOG | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,16 +1,17 @@
Fix a remote buffer overflow problem in the DNSSEC code. Any
dnsmasq with DNSSEC compiled in and enabled is vulnerable to this,
- referenced by CERT VU#434904.
+ referenced by CVE-2020-25681, CVE-2020-25682, CVE-2020-25683
+ CVE-2020-25687.
Be sure to only accept UDP DNS query replies at the address
from which the query was originated. This keeps as much entropy
in the {query-ID, random-port} tuple as possible, to help defeat
- cache poisoning attacks. Refer: CERT VU#434904.
+ cache poisoning attacks. Refer: CVE-2020-25684.
Use the SHA-256 hash function to verify that DNS answers
received are for the questions originally asked. This replaces
the slightly insecure SHA-1 (when compiled with DNSSEC) or
- the very insecure CRC32 (otherwise). Refer: CERT VU#434904.
+ the very insecure CRC32 (otherwise). Refer: CVE-2020-25685.
Handle multiple identical near simultaneous DNS queries better.
Previously, such queries would all be forwarded
@@ -24,7 +25,7 @@
of the query. The new behaviour detects repeated queries and
merely stores the clients sending repeats so that when the
first query completes, the answer can be sent to all the
- clients who asked. Refer: CERT VU#434904.
+ clients who asked. Refer: CVE-2020-25686.
version 2.81

20
package/network/services/dnsmasq/patches/0113-Fix-warning-message-logic.patch Normal file
View File

@@ -0,0 +1,20 @@
From 503f68dbc437df20a45aab440e6fad92062af229 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 15 Jan 2021 21:53:29 +0000
Subject: Fix warning message logic.
---
src/hash_questions.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/hash_questions.c
+++ b/src/hash_questions.c
@@ -43,7 +43,7 @@ unsigned char *hash_questions(struct dns
static unsigned char dummy[HASH_SIZE];
static int warned = 0;
- if (warned)
+ if (!warned)
my_syslog(LOG_ERR, _("Failed to create SHA-256 hash object"));
warned = 1;

29
package/network/services/dnsmasq/patches/0115-Update-to-new-struct-frec-fields-in-conntrack-code.patch Normal file
View File

@@ -0,0 +1,29 @@
From cc0b4489c782f6b90ca118abb18e716a7a831289 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 15 Jan 2021 22:21:52 +0000
Subject: Update to new struct frec fields in conntrack code.
---
src/forward.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/src/forward.c
+++ b/src/forward.c
@@ -530,7 +530,7 @@ static int forward_query(int udpfd, unio
if (option_bool(OPT_CONNTRACK))
{
unsigned int mark;
- if (get_incoming_mark(&forward->source, &forward->dest, 0, &mark))
+ if (get_incoming_mark(&forward->frec_src.source, &forward->frec_src.dest, 0, &mark))
setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
}
#endif
@@ -1178,7 +1178,7 @@ void reply_query(int fd, int family, tim
if (option_bool(OPT_CONNTRACK))
{
unsigned int mark;
- if (get_incoming_mark(&orig->source, &orig->dest, 0, &mark))
+ if (get_incoming_mark(&orig->frec_src.source, &orig->frec_src.dest, 0, &mark))
setsockopt(fd, SOL_SOCKET, SO_MARK, &mark, sizeof(unsigned int));
}
#endif

57
package/network/services/dnsmasq/patches/0120-Move-fd-into-frec_src-fixes-15b60ddf935a531269bb8c68.patch Normal file
View File

@@ -0,0 +1,57 @@
From 04490bf622ac84891aad6f2dd2edf83725decdee Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 22 Jan 2021 16:49:12 +0000
Subject: Move fd into frec_src, fixes 15b60ddf935a531269bb8c68198de012a4967156
If identical queries from IPv4 and IPv6 sources are combined by the
new code added in 15b60ddf935a531269bb8c68198de012a4967156 then replies
can end up being sent via the wrong family of socket. The ->fd
should be per query, not per-question.
In bind-interfaces mode, this could also result in replies being sent
via the wrong socket even when IPv4/IPV6 issues are not in play.
---
src/dnsmasq.h | 3 ++-
src/forward.c | 4 ++--
2 files changed, 4 insertions(+), 3 deletions(-)
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -653,6 +653,7 @@ struct frec {
union mysockaddr source;
union all_addr dest;
unsigned int iface, log_id;
+ int fd;
unsigned short orig_id;
struct frec_src *next;
} frec_src;
@@ -660,7 +661,7 @@ struct frec {
struct randfd *rfd4;
struct randfd *rfd6;
unsigned short new_id;
- int fd, forwardall, flags;
+ int forwardall, flags;
time_t time;
unsigned char *hash[HASH_SIZE];
#ifdef HAVE_DNSSEC
--- a/src/forward.c
+++ b/src/forward.c
@@ -394,8 +394,8 @@ static int forward_query(int udpfd, unio
forward->frec_src.dest = *dst_addr;
forward->frec_src.iface = dst_iface;
forward->frec_src.next = NULL;
+ forward->frec_src.fd = udpfd;
forward->new_id = get_id();
- forward->fd = udpfd;
memcpy(forward->hash, hash, HASH_SIZE);
forward->forwardall = 0;
forward->flags = fwd_flags;
@@ -1284,7 +1284,7 @@ void reply_query(int fd, int family, tim
dump_packet(DUMP_REPLY, daemon->packet, (size_t)nn, NULL, &src->source);
#endif
- send_from(forward->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn,
+ send_from(src->fd, option_bool(OPT_NOWILD) || option_bool (OPT_CLEVERBIND), daemon->packet, nn,
&src->source, &src->dest, src->iface);
if (option_bool(OPT_EXTRALOG) && src != &forward->frec_src)

19
package/network/services/dnsmasq/patches/0121-Fix-to-75e2f0aec33e58ef5b8d4d107d821c215a52827c.patch Normal file
View File

@@ -0,0 +1,19 @@
From 12af2b171de0d678d98583e2190789e544440e02 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 22 Jan 2021 18:24:03 +0000
Subject: Fix to 75e2f0aec33e58ef5b8d4d107d821c215a52827c
---
src/forward.c | 1 +
1 file changed, 1 insertion(+)
--- a/src/forward.c
+++ b/src/forward.c
@@ -370,6 +370,7 @@ static int forward_query(int udpfd, unio
new->dest = *dst_addr;
new->log_id = daemon->log_id;
new->iface = dst_iface;
+ forward->frec_src.fd = udpfd;
}
return 1;

20
package/network/services/dnsmasq/patches/0123-Fix-for-12af2b171de0d678d98583e2190789e544440e02.patch Normal file
View File

@@ -0,0 +1,20 @@
From 3f535da79e7a42104543ef5c7b5fa2bed819a78b Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Fri, 22 Jan 2021 22:26:25 +0000
Subject: Fix for 12af2b171de0d678d98583e2190789e544440e02
---
src/forward.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/src/forward.c
+++ b/src/forward.c
@@ -370,7 +370,7 @@ static int forward_query(int udpfd, unio
new->dest = *dst_addr;
new->log_id = daemon->log_id;
new->iface = dst_iface;
- forward->frec_src.fd = udpfd;
+ new->fd = udpfd;
}
return 1;

4
package/network/services/dnsmasq/patches/050-crypto-use-nettle-ecc_curve-access-functions.patch
View File

@@ -15,7 +15,7 @@ Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -294,7 +294,7 @@ static int dnsmasq_ecdsa_verify(struct b
@@ -301,7 +301,7 @@ static int dnsmasq_ecdsa_verify(struct b
if (!(key_256 = whine_malloc(sizeof(struct ecc_point))))
return 0;
@@ -24,7 +24,7 @@ Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
}
key = key_256;
@@ -307,7 +307,7 @@ static int dnsmasq_ecdsa_verify(struct b
@@ -314,7 +314,7 @@ static int dnsmasq_ecdsa_verify(struct b
if (!(key_384 = whine_malloc(sizeof(struct ecc_point))))
return 0;

2
package/network/services/hostapd/Makefile
View File

@@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
PKG_RELEASE:=4
PKG_RELEASE:=5
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git

38
package/network/services/hostapd/patches/801-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch Normal file
View File

@@ -0,0 +1,38 @@
From 947272febe24a8f0ea828b5b2f35f13c3821901e Mon Sep 17 00:00:00 2001
From: Jouni Malinen <jouni@codeaurora.org>
Date: Mon, 9 Nov 2020 11:43:12 +0200
Subject: [PATCH] P2P: Fix copying of secondary device types for P2P group
client
Parsing and copying of WPS secondary device types list was verifying
that the contents is not too long for the internal maximum in the case
of WPS messages, but similar validation was missing from the case of P2P
group information which encodes this information in a different
attribute. This could result in writing beyond the memory area assigned
for these entries and corrupting memory within an instance of struct
p2p_device. This could result in invalid operations and unexpected
behavior when trying to free pointers from that corrupted memory.
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27269
Fixes: e57ae6e19edf ("P2P: Keep track of secondary device types for peers")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
---
src/p2p/p2p.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/p2p/p2p.c b/src/p2p/p2p.c
index 74b7b52ae05c..5cbfc217fc1f 100644
--- a/src/p2p/p2p.c
+++ b/src/p2p/p2p.c
@@ -453,6 +453,8 @@ static void p2p_copy_client_info(struct p2p_device *dev,
dev->info.config_methods = cli->config_methods;
os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8);
dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types;
+ if (dev->info.wps_sec_dev_type_list_len > WPS_SEC_DEV_TYPE_MAX_LEN)
+ dev->info.wps_sec_dev_type_list_len = WPS_SEC_DEV_TYPE_MAX_LEN;
os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types,
dev->info.wps_sec_dev_type_list_len);
}
--
2.25.1

6
package/network/services/uhttpd/Makefile
View File

@@ -12,9 +12,9 @@ PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/uhttpd.git
PKG_SOURCE_DATE:=2020-03-13
PKG_SOURCE_VERSION:=975dce23257e713e5e52eb87b194513eb81110a5
PKG_MIRROR_HASH:=e5fba74f1519ce461a09bf7e52685d67e99c1157b050b4f91e718146e690e0c1
PKG_SOURCE_DATE:=2020-10-01
PKG_SOURCE_VERSION:=3abcc89103799aaa79870fffcd58ec4370815024
PKG_MIRROR_HASH:=755863ef113648c7f4863b5ac93593e7a8c46f1937217641d0ec4bde34e45883
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=ISC

Some files were not shown because too many files have changed in this diff Show More