Maintainer: Rob White rob@blue-wave.net

Compile tested: All

Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, mips_24kc, aarch64_cortex-a53, x86-64
    On 23.5 and master/snapshot.

Description:
    mesh11sd (3.1.0)
    This release contains new functionality and numerous fixes.
    New functionality includes support of non-mesh segments of backhaul
    with blocking of bridge loops and spanning tree priority settable in the configuration

Details can be found here:
    https://github.com/openNDS/mesh11sd/releases/tag/v3.1.0



Signed-off-by: Rob White <rob@blue-wave.net>

With the commit 01e5cfc "CI: Add target/arch tags (no suffix) for
snapshot images"[1] the os/platform is set for all images, which is usually
different from what the GitHub action runner uses (x86). The Docker
deamon still tries to fetch the x86 version and fails.

This commit explicitly sets the fitting arch.

[1]: https://github.com/openwrt/docker/commit/01e5cfccd73a72ecab730496607c7c22b904f366



Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit d359fa04eda29638b9326c194490685c1177fd49)

This goes in accordance with the Linux Kernel:

> using a known identity (sorry, no anonymous contributions.)

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/process/submitting-patches.rst?id=HEAD#n442



Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 7e6cd98ad481184b1a620a9862aa3713d1ab85cc)

batman-adv: Provide teardown hook for batadv_vlan proto

The batadv_vlan proto doesn't need to do anything when it gets teared down.
But the scripts are still trying to call the teardown function of this
proto. This results in warnings like:

    daemon.notice netifd: batmesh1 (18940): ./batadv_vlan.sh: eval: line 37: proto_batadv_vlan_teardown: not found

Just providing a stub function avoids this log spam.

Fixes: #1044
Reported-by: Rani Hod <rani.hod@gmail.com>
Fixes: f5205d7d

 ("batman-adv: upgrade package to latest release 2014.2.0")
Signed-off-by: Sven Eckelmann <sven@narfation.org>

* support latest kernels (4.19 - 6.8)
* coding style cleanups and refactoring
* add stateless multicast packet format support

Signed-off-by: Sven Eckelmann <sven@narfation.org>

* add stateless multicast packet format support
* bugs squashed:
  - Fix various length checks in tcpdump-like subcommand

Signed-off-by: Sven Eckelmann <sven@narfation.org>

* (no changes)

Signed-off-by: Sven Eckelmann <sven@narfation.org>

batman-adv: compat: Fix skb_vlan_eth_hdr conflict in stable kernels

The newest Linux stable kernel releases:

* v5.10.205
* v5.15.144
* v6.1.69

received a backported version of commit 1f5020acb33f ("net: vlan: introduce
skb_vlan_eth_hdr()"). batman-adv must therefore not provide this function
any longer for these kernel versions.

Signed-off-by: Sven Eckelmann <sven@narfation.org>

Maintainer: Rob White rob@blue-wave.net

Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64

Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03

Description:
opennds (10.2.0) - This version is a minor upgrade that introduces some significant additional functionality.
In addition it includes numerous enhancements bug fixes and cosmetic fixes.

Additional functionality includes:

 * Pre-emptive Client Lists
 * Autonomous Block Lists
 * Internet hosted https FAS support for resource limited routers
 * Fair Usage Policy

Details can be found here:
https://github.com/openNDS/openNDS/releases/tag/v10.2.0



Signed-off-by: Rob White <rob@blue-wave.net>

batman-adv: update packages to version 2023.3

* support latest kernels (4.14 - 6.7)
* coding style cleanups and refactoring
* only warn about too small MTU when soft interfaces wasn't already reduced
* bugs squashed:
  - Hold rtnl lock during MTU update via netlink

Signed-off-by: Sven Eckelmann <sven@narfation.org>

* (no changes)

Signed-off-by: Sven Eckelmann <sven@narfation.org>

* (no changes)

Signed-off-by: Sven Eckelmann <sven@narfation.org>

Signed-off-by: William Fleurant <meshnet@protonmail.com>

Signed-off-by: Moritz Warning <moritzwarning@web.de>

Signed-off-by: Bradford Zhang <zyc@zyc.name>

Fix a buffer overflow in case the
query string is too long.

Signed-off-by: Moritz Warning <moritzwarning@web.de>

DependencyBot, which are using is sending us emails about these CVEs:
CVE-2012-6708
CVE-2020-23064
CVE-2019-11358

This was reported to maintainer in April 2023, but no one stepped it to fix that,
so let's drop this.

Replacement could be luci-app-bmx7.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

This package is no longer maintained by us or by upstream developers.
The last version in the GitHub repository is from 2020 with no activity so far.
We are using version 0.1-alpha.

Because LuCI app is vulnerable to several CVEs and DependencyBot still
sends emails about it, let's drop it.

If anyone wants, they can use bmx7.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>

Maintainer: Rob White rob@blue-wave.net

Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64

Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03

Description:
opennds (10.1.3)

Security Advisory. This version contains fixes for multiple potential security vulnerabilities
Credit - Stanislav Dashevskyi - standash.github.io [standash]
It also contains some minor bug fixes

  * Fix - Buffer overflow causing segfault - CVE-2023-41101 [bluewavenet]
  * Fix - Memory leaks due to passing allocated buffer into safe_asprintf() - CVE-2023-41102 [bluewavenet]
  * Fix - Remove deprecated preauth option [bluewavenet]
  * Fix - missing free in show_preauth_page if MHD does not respond [bluewavenet]
  * Fix - more safe_asprintf memory leaks [bluewavenet]
  * Fix - missing free for mark_auth [bluewavenet]
  * Fix - memory leak after starting authmon daemon [bluewavenet]
  * Fix - memory leak in encode_and_redirect_to_splashpage [bluewavenet]
  * Fix - Community themespec, voucher css and logo image [bluewavenet]
  * Fix - ThemeSpec, path to logo in page footer [bluewavenet]
  * Fix - ensure gatewayurl is urldecoded to fix broken css and images in themespec [bluewavenet]
  * Add - set default fas remote fqdn to disabled [bluewavenet]

Signed-off-by: Rob White <rob@blue-wave.net>

batman-adv: Fix lock assert after fragmentation change

The automatic recalculation of the maximum allowed MTU is usually triggered
by code sections which are already rtnl lock protected by callers outside
of batman-adv. But when the fragmentation setting is changed via
batman-adv's own batadv genl family, then the rtnl lock is not yet taken.

But dev_set_mtu requires that the caller holds the rtnl lock because it
uses netdevice notifiers. And this code will then fail the check for this
lock:

  RTNL: assertion failed at net/core/dev.c (1953)

Fixes: e7ee4c55

 ("batman-adv: update to version 2023.2")
Signed-off-by: Sven Eckelmann <sven@narfation.org>

batman-adv: update packages to version 2023.2

* receive data with valid source on unix sock without active interface

Signed-off-by: Sven Eckelmann <sven@narfation.org>

* (no changes)

Signed-off-by: Sven Eckelmann <sven@narfation.org>

* support latest kernels (4.14 - 6.5)
* bugs squashed:
  - avoid potential invalid memory access when processing ELP/OGM2 packets
  - drop pending DAT worker when interface shuts down
  - inform network stack about automatically adjusted MTUs
  - keep user defined MTU limit when MTU is recalculated
  - fix packet memory leak when sending OGM2 via inactive interfaces
  - fix TT memory leak for roamed back clients

Signed-off-by: Sven Eckelmann <sven@narfation.org>

Maintainer: Rob White rob@blue-wave.net
Compile tested: All
Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64, on 21.02, 22.03 and snapshot.

Description:
mesh11sd (2.0.0)

This release contains new functionality.

Autonomous portal mode is introduced. This simplifies the rollout of meshnodes allowing a common configuration to be used on all nodes.
Remote administration is introduced, allowing files to be copied and terminal sessions to be opened on established meshnodes, identifying remote nodes by mac address.

 * Add - Update config file [bluewavenet]
 * Add - implementation of remote copy [bluewavenet]
 * Add - implementation of remote connect [bluewavenet]
 * Add - Autonomous portal mode [bluewavenet]

-- Rob White dot@blue-wave.net Mon, 31 Jul 2023 16:59:52 +0000


Signed-off-by: Rob White <rob@blue-wave.net>

Reinstate CONFLICTS:=nodogsplash

Signed-off-by: Rob White <rob@blue-wave.net>

Maintainer: Rob White rob@blue-wave.net

Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64

Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03

Description:
opennds (10.1.2)

Security Advisory. This version contains fixes for multiple potential security vulnerabilities
Credit - Stanislav Dashevskyi - standash.github.io [standash]
It also contains some minor bug fixes
  * Fix - Generate unique sha256 faskey if not set in config - CVE-2023-38324 [bluewavenet]
  * Fix - NULL pointer dereference if user_agent is NULL - CVE-2023-38320, CVE-2023-38322 [bluewavenet]
  * Fix - NULL pointer dereference if authdir is called with an incomplete or missing query string - CVE-2023-38313, CVE-2023-38314, CVE-2023-38315 [bluewavenet]
  * Fix - remove deprecated and non-functioning unescape callback - CVE-2023-38316 [bluewavenet]
  * Fix - prevent potential recursive dependency and detect if conflicting package is installed [bluewavenet]


Signed-off-by: Rob White <rob@blue-wave.net>

OpenNDS lists nodogsplash a conflict as well.
This causes a circular reference that is not allowed.

Signed-off-by: Moritz Warning <moritzwarning@web.de>

Announcement:
https://alioth-lists.debian.net/pipermail/babel-users/2023-July/004125.html



Remove upstreamed patch:
- 100-local-make-local_kind-function-accessible.patch

Refresh patch:
- 600-add-ubus.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>

Signed-off-by: Moritz Warning <moritzwarning@web.de>

Closes https://github.com/openwrt/routing/issues/994



Signed-off-by: Marek Küthe <m.k@mk16.de>

bird1: Remove, as EOL has been reached

Closes https://github.com/openwrt/routing/issues/993

Deprecation:
https://marc.info/?l=bird-users&m=168682998827356&w=2
https://trubka.network.cz/pipermail/bird-users/attachments/20230615/8517953d/attachment.pdf



Signed-off-by: Marek Küthe <m.k@mk16.de>

Announcement:
https://alioth-lists.debian.net/pipermail/babel-users/2023-July/004100.html

Babeld removed diversity routing [0], so we need to adjust ubus
bindings. Further. we need to add a patch that makes local_kind
accessible again: "100-local-make-local_kind-function-accessible.patch"

Refresh patches:
- 600-add-ubus.patch

[0] - https://github.com/jech/babeld/commit/a0816083356e5d33fb71e0e30d92aa3bf335d7ea



Signed-off-by: Nick Hainke <vincent@systemli.org>

Maintainer: Rob White rob@blue-wave.net

Compile tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64

Run tested: arm_cortex-a7_neon-vfpv4, mipsel_24kc, x86-64; on snapshot, 23.05, 22.03

opennds (10.1.1)
  * This version contains some minor bug fixes and documentation updates
  * Fix - send only contents of buffer, not entire buffer when serving page511 [bluewavenet]
  * Fix - Set fas_remotefqdn to gw_fqdn when overriding FAS settings [bluewavenet]
  * Fix - use absolute path for css and images in ThemeSpec [bluewavenet]
  * Fix - revert to old option names without underscores [bluewavenet]
  * Fix - FAS URL when fas_remotefqdn is not set [bluewavenet]

Signed-off-by: Rob White <rob@blue-wave.net>

Signed-off-by: Bradford Zhang <zyc@zyc.name>