Merge pull request #1002 from Telecominfraproject/main

4.2.1 merge

feeds/hostapd/hostapd/patches/t00-013-Allow-Session-Timeout-with-PSK-RADIUS-during-4-way-h.patch

@@ -1,38 +0,0 @@
-From e6ec62aa2d68e9436daeb4470260a101a06c9213 Mon Sep 17 00:00:00 2001
-From: Lee Harding <somerandomstring@gmail.com>
-Date: Tue, 9 Apr 2024 15:06:38 -0700
-Subject: [PATCH] Allow Session-Timeout with PSK RADIUS during 4-way handshake
-
-When the RADIUS response included a Session-Timeout attribute, but is
-otherwise valid (an Access-Accept with a valid Tunnel-Password), the
-association still failed due to the strict comparison of the accepted
-value with HOSTAPD_ACL_ACCEPT. Apparently this combination wasn't
-previously tested.
-
-Extend this to allow a packet containing a valid Session-Timeout
-attribute to be accepted by extending the "success" comparison to
-include HOSTAPD_ACL_ACCEPT_TIMEOUT.
-
-Fixes: 1c3438fec4ba ("RADIUS ACL/PSK check during 4-way handshake")
-Signed-off-by: Lee Harding <somerandomstring@gmail.com>
----
- src/ap/ieee802_11_auth.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
-index e723ae74b..98a877dec 100644
---- a/src/ap/ieee802_11_auth.c
-+++ b/src/ap/ieee802_11_auth.c
-@@ -596,7 +596,8 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
- 
- 	if (query->radius_psk) {
- 		struct sta_info *sta;
--		bool success = cache->accepted == HOSTAPD_ACL_ACCEPT;
-+		bool success = cache->accepted == HOSTAPD_ACL_ACCEPT ||
-+			cache->accepted == HOSTAPD_ACL_ACCEPT_TIMEOUT;
- 
- 		sta = ap_get_sta(hapd, query->addr);
- 		if (!sta || !sta->wpa_sm) {
--- 
-2.52.0
-

feeds/ipq807x_v5.4/hostapd/patches/t00-014-Allow-Session-Timeout-with-PSK-RADIUS-during-4-way-h.patch

@@ -1,38 +0,0 @@
-From e6ec62aa2d68e9436daeb4470260a101a06c9213 Mon Sep 17 00:00:00 2001
-From: Lee Harding <somerandomstring@gmail.com>
-Date: Tue, 9 Apr 2024 15:06:38 -0700
-Subject: [PATCH] Allow Session-Timeout with PSK RADIUS during 4-way handshake
-
-When the RADIUS response included a Session-Timeout attribute, but is
-otherwise valid (an Access-Accept with a valid Tunnel-Password), the
-association still failed due to the strict comparison of the accepted
-value with HOSTAPD_ACL_ACCEPT. Apparently this combination wasn't
-previously tested.
-
-Extend this to allow a packet containing a valid Session-Timeout
-attribute to be accepted by extending the "success" comparison to
-include HOSTAPD_ACL_ACCEPT_TIMEOUT.
-
-Fixes: 1c3438fec4ba ("RADIUS ACL/PSK check during 4-way handshake")
-Signed-off-by: Lee Harding <somerandomstring@gmail.com>
----
- src/ap/ieee802_11_auth.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
-index e723ae74b..98a877dec 100644
---- a/src/ap/ieee802_11_auth.c
-+++ b/src/ap/ieee802_11_auth.c
-@@ -596,7 +596,8 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
- 
- 	if (query->radius_psk) {
- 		struct sta_info *sta;
--		bool success = cache->accepted == HOSTAPD_ACL_ACCEPT;
-+		bool success = cache->accepted == HOSTAPD_ACL_ACCEPT ||
-+			cache->accepted == HOSTAPD_ACL_ACCEPT_TIMEOUT;
- 
- 		sta = ap_get_sta(hapd, query->addr);
- 		if (!sta || !sta->wpa_sm) {
--- 
-2.52.0
-

feeds/qca-wifi-7/hostapd/patches/zzz-t03-Allow-Session-Timeout-with-PSK-RADIUS-during-4-way-h.patch

@@ -1,38 +0,0 @@
-From e6ec62aa2d68e9436daeb4470260a101a06c9213 Mon Sep 17 00:00:00 2001
-From: Lee Harding <somerandomstring@gmail.com>
-Date: Tue, 9 Apr 2024 15:06:38 -0700
-Subject: [PATCH] Allow Session-Timeout with PSK RADIUS during 4-way handshake
-
-When the RADIUS response included a Session-Timeout attribute, but is
-otherwise valid (an Access-Accept with a valid Tunnel-Password), the
-association still failed due to the strict comparison of the accepted
-value with HOSTAPD_ACL_ACCEPT. Apparently this combination wasn't
-previously tested.
-
-Extend this to allow a packet containing a valid Session-Timeout
-attribute to be accepted by extending the "success" comparison to
-include HOSTAPD_ACL_ACCEPT_TIMEOUT.
-
-Fixes: 1c3438fec4ba ("RADIUS ACL/PSK check during 4-way handshake")
-Signed-off-by: Lee Harding <somerandomstring@gmail.com>
----
- src/ap/ieee802_11_auth.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
-index e723ae74b..98a877dec 100644
---- a/src/ap/ieee802_11_auth.c
-+++ b/src/ap/ieee802_11_auth.c
-@@ -596,7 +596,8 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
- 
- 	if (query->radius_psk) {
- 		struct sta_info *sta;
--		bool success = cache->accepted == HOSTAPD_ACL_ACCEPT;
-+		bool success = cache->accepted == HOSTAPD_ACL_ACCEPT ||
-+			cache->accepted == HOSTAPD_ACL_ACCEPT_TIMEOUT;
- 
- 		sta = ap_get_sta(hapd, query->addr);
- 		if (!sta || !sta->wpa_sm) {
--- 
-2.52.0
-

feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery

@@ -400,7 +400,7 @@ function expiry_handler() {
 	if (!stat)
 		return;
 
-	let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /certificates/operational.pem`);
+	let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /etc/ucentral/operational.pem`);
 	if (!ret) {
 		ulog(LOG_INFO, 'checked certificate expiry - all ok\n');
 		return;

feeds/ucentral/ratelimit/Makefile

@@ -29,6 +29,9 @@ Build/Compile = $(Build/Compile/Default)
 
 define Package/ratelimit/install
 	$(CP) ./files/* $(1)
+ifeq ($(CONFIG_TARGET_mediatek),y)
+	$(SED) 's|qdisc replace dev $$$${iface} parent 1:$$$${id} handle $$$${id}: fq_codel flows 128 limit 800 quantum 300 noecn|qdisc add dev $$$${iface} parent 1:$$$${id} sfq perturb 10 limit 2000 quantum 1514|' $(1)/usr/bin/ratelimit
+endif
 endef
 
 $(eval $(call BuildPackage,ratelimit))

profiles/edgecore_eap111.yml

@@ -1,12 +1,12 @@
 ---
 profile: edgecore_eap111
 target: mediatek
-subtarget: mt7981
+subtarget: filogic
 description: Build image for the EdgeCore EAP111
-image: bin/targets/mediatek/mt7981/openwrt-mediatek-mt7981-edgecore_eap111-squashfs-sysupgrade.bin
+image: bin/targets/mediatek/filogic/openwrt-mediatek-filogic-edgecore_eap111-squashfs-sysupgrade.bin
 feeds:
   - name: mediatek
-    path: ../../feeds/mediatek-sdk
+    path: ../../feeds/mediatek
 packages:
   - mediatek
 include: