Currently a buffer with a fixed size of 8192 bytes is used. However the
result can potentially be larger, which leads to a truncated JSON
output on stdout. UDP packets, without compression and with IP
fragmentation, can be up to 64KiB large.

Instead of using a fixed size buffer on the stack ask the kernel first
about the size of the UDP data and allocate a buffer of appropriate size
on the heap before receiving the UDP data.

The issue was observed with a custom respondd provider.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

d8b4457 naywatch: fix procd handling
c30b5d5 opennds: Release v9.4.0 (for 21.02)

7fcb8024d openpyxl: bump to version 3.0.9
c0b23efab [openwrt-21.02] delve: Update to 1.7.2
365b62f4f zerotier: update to 1.6.6
172ebab28 xray-core: Update to 1.4.5
5d3faa6a4 yq: Update to 4.13.2
713051525 attendedsysupgrade-common: use sysupgrade.openwrt.org
ecf1e6575 libmbim: bump to 1.24.8
54a095164 modemmanager: bump to 1.16.6
dab28002f libqmi: bump to 1.28.8
602dbc60f libqmi: bump to 1.28.6
d8f33f73e lxc: remove legacy cgroups from common.conf
67e9ed1d5 syncthing: update to 1.18.2

1c95d78f08 ipq-wifi: Work around Plasma Cloud PA1200 5GHz crash
22db28683c ipq-wifi: Update Plasma Cloud PA1200 BDFs to firmware 3.5.12

3a051a234a hostapd: fix segfault when deinit mesh ifaces
5c904bcb37 rockchip: fix broken squashfs sysupgrade
bf30ad1408 apm821xx: MBL: band-aid MBL DUO
65835e0d5f mac80211: Update to backports-5.10.68
7f7bf36ec5 ramips: add support for minew g1-c

Closes #2318 #2319

Signed-off-by: David Bauer <mail@david-bauer.net>

x86: don't build ext4 images

Since we're discarding the ext4 images anyways, we now stop building 
them as well and save a few seconds of build time.

2cd1fa16b python-astral: update to version 2.2
e1c24c07f fail2ban: patch CVE-2021-32749
6979ce4a6 php7: fix config file upgrade issue (fixes #14623)
2929694f8 php7: update to 7.4.23
54d1c110b yq: Update to 4.13.0
fd21207cf travelmate: update to 2.0.7-2
2bb2a48d1 openpyxl: bump to version 3.0.8
50351667a adguardhome: bump to 0.106.3
a98adbc47 adguardhome: bump to 0.106.2
8236e0441 adguardhome: bump to 0.106.1
b5ad600a7 adguardhome: bump to 0.106.0
be38dc31e adguardhome: bump to 0.105.2
b1b8128e4 adguardhome: bump to 0.105.1
8a06dc026 autoconf: fix shebang
8638a565c parted: add new package
3fdaf7d8d golang: Update to 1.17.1
929b57d85 banip: update 0.7.10-3
af46ac4bf travelmate: update to 2.0.7
40b7ea606 ntfs-3g: patch CVE-2019-9755
e72cc2b0a python3: bump version to 3.9.7
cd82a36ba fail2ban: fix hotplug when disabled
a5109ac20 django: bump to version 3.2.7
98708c83e fail2ban: fix package for fail2ban v0.11.2
f056f252c fail2ban: initial package of fail2ban version 0.11.2 python3-pyinotify: initial package version 0.9.6 of pyinotify for python3
89bdb70f1 nextdns: Update to version 1.37.2
58b23e9bc unbound: backport fix for permission denied error
60a7fc782 unbound: update to 1.3.2
b81785de9 unbound: fix build on non-linux systems
8ca8872b3 cgi-io: update to latest Git HEAD
4ba1aac1f haproxy: Update HAProxy to v2.2.17
178b9484d wsdd2: update to git (2021-08-09), switch to Netgear repo
593931084 samba: update to 4.14.7
ca591b551 tor: update to version 0.4.5.8
a5206895e nextdns: Update to version 1.37.1
642d2b0a5 xray-core: Update to 1.4.3
6071edf17 banip: update 0.7.10-2
9cf487461 nextdns: Update to version 1.37.0
dd093d410 pillow: bump to version 8.2.0
7022e9913 acme: Fix uhttpd restart to load new certificates
6256cf49d python-certifi: update to version 2021.5.30
59dab31e0 squashfs-tools: bump to version 4.5
73364d0c4 hplip: add a patch to respect CFLAGS
6b1133720 collectd: sensors plugin - depend on lm-sensors
090623ac1 mwan3: Use shebang in /etc/mwan3.user
119a05ffd perlbase-data: Add dependency on perlbase-scalar
502ca434c lttng-tools: fix linking with full language support enabled
73bd199ab stoken: fix compilation with BUILD_NLS
7674639c5 augeas: fix compilation with BUILD_NLS
9d4046157 treewide: Remove GO_PKG_LDFLAGS for stripping binaries
0b8baefec openvpn: add OpenVPN option push-peer-info
82dc4c08b python-cryptography: Update to 3.4.8
65057dcbb tailscale: update to version 1.12.3
f818f4a0d tailscale: update to version 1.12.1
13faefa9b tailscale: update to version 1.8.7
a1b8c64c2 tailscale: update to version 1.8.1
d721fea58 libssh: update to 0.9.6

a44fd27070 ipq40xx: Fix board-2.bin package name for Plasma Cloud PA2200
f6cce83358 ipq40xx: Fix board-2.bin package name for Plasma Cloud PA1200
5eb6d7a358 ipq40xx: Select correct board-2.bin for EnGenius EMR3500
15780763c4 ipq40xx: Select correct board-2.bin for EnGenius EMD1
c37a9e506c kernel: backport switchdev fix for bridge in bridge configurations
a300e3c890 kernel: Add missing kernel config options
f11cdd3006 build: Replace KERNEL_LOCKUP_DETECTOR with KERNEL_SOFTLOCKUP_DETECTOR
0e29e05dee kirkwood: increase kernel partition of Linksyses
601864c09e mvebu: limit mvneta tx queue workaround to 32 bit SoC
6f8143fa4a OpenWrt v21.02.0: revert to branch defaults
b2ae423314 OpenWrt v21.02.0: adjust config defaults

The address of the vpn interface is calculated in the style of
modified EUI-64, based on a virtual mac address. This virtual mac
address consists of 0x00 as first byte and the other five bytes
are taken from the first bytes of md5sum(base64 encoded public key).

The algorithm was taken by the ffmuc, with a slight difference. ffmuc
calculated the result of md5sum(base64 encoded public key + '\n')
which was interpreted as accidential fault and therefore dropped.

Example:
- Public-Key: "gP3VJnTTvnQut+z4O+m0N9RgMyXbgyUbUkF3E3TKX2w="
- Address: "fe80::02ca:b8ff:fedc:2eb3"

The following interfaces are used for wireguard:
- wg_mesh  -> wireguard interface
- mesh-vpn -> vxlan iface on top of wg_mesh

If you use this new feature, make sure the NTP servers in your site
config are publicly reachable. This is necessary, since wireguard
requires correct time before the vpn connection is established.
Therefore gluon performs ntp time synchronisation via WAN before it
establishes the vpn connection. Therefore the NTP servers have to
be publicly reachable (and not only via mesh).

Hardware
--------
MediaTek MT7621AT
256M DDR3
32M SPI-NOR
MediaTek MT7603 2T2R 802.11n 2.4GHz
MediaTek MT7915 2T2R 802.11ax 5GHz

Not Working
-----------
 - Bluetooth (connected to UART3)

UART
----

UART is located in the lower left corner of the board. Pinout is

0 - 3V3 (don't connect)
1 - RX
2 - TX
3 - GND

Console is 115200 8N1.

Boot
----

1. Connect to the serial console and connect power.

2. Double-press ESC when prompted

3. Set the fdt address

   $ fdt addr $(fdtcontroladdr)

4. Remove the signature node from the control FDT

   $ fdt rm /signature

5. Transfer and boot the OpenWrt initramfs image to the device.
   Make sure to name the file C0A80114.img and have it reachable at
   192.168.1.1/24

   $ tftpboot; bootm

Installation
------------

1. Connect to the booted device at 192.168.1.20 using username/password
   "ubnt".

2. Update the bootloader environment.

   $ fw_setenv devmode TRUE
   $ fw_setenv boot_openwrt "fdt addr \$(fdtcontroladdr);
     fdt rm /signature; bootubnt"
   $ fw_setenv bootcmd "run boot_openwrt"

3. Transfer the OpenWrt sysupgrade image to the device using SCP.

4. Check the mtd partition number for bs / kernel0 / kernel1

   $ cat /proc/mtd

5. Set the bootselect flag to boot from kernel0

   $ dd if=/dev/zero bs=1 count=1 of=/dev/mtdblock4

6. Write the OpenWrt sysupgrade image to both kernel0 as well as kernel1

   $ dd if=openwrt.bin of=/dev/mtdblock6
   $ dd if=openwrt.bin of=/dev/mtdblock7

7. Reboot the device. It should boot into OpenWrt.

Before this commit, some *.po files contained the same translation
twice within the same file. While this did not led to errors in
gluon yet, it is still invalid. This commit fixes that and removes
the duplicates.

contrib/ci/minimal-site: build with owe and wpa3 support

treewide: clean up site checks for prefix[46] and extra_prefixes6

- Move site check for prefix4 and extra_prefixes6 to gluon-core, so the
  rules don't need to be duplicated in several packages. This also fixes
  gluon-respondd not checking extra_prefixes6 at all when
  gluon-ebtables-source-filter is not installed as well.
- A redundant check for prefix6 is removed from gluon-l3roamd (this was
  already checked by gluon-core)
- A separate check for prefix4 remains in gluon-client-bridge, as the
  setting in mandatory there

Status page improvements

* ath79-generic: add support for Onion Omega

support was previously dropped in
commit 45c84a11 ("ar71xx: drop target")

* fixup! ath79-generic: add support for Onion Omega

* fixup! ath79-generic: add support for Onion Omega

- [x] must be flashable from vendor firmware
  - [ ] webinterface
  - [ ] tftp
  - [x] other: Console port available. Manufacturer specific cable required.
        Tutorial in OpenWRT commit message https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=c6e972c8772a628a1a2f2e5590d7c6f4acef9ab0
- [x] must support upgrade mechanism
  - [x] must have working sysupgrade
    - [x] must keep/forget configuration (if applicable)
      *think `sysupgrade [-n]` or `firstboot`*
  - [x] must have working autoupdate
        root@Aruba-AP-303H:~# lua -e 'print(require("platform_info").get_image_name())'
        aruba-ap-303h
- [x] reset/wps/phone button must return device into config mode
- [x] primary mac should match address on device label (or packaging) (https://gluon.readthedocs.io/en/latest/dev/hardware.html#notes)
- wired network
  - [x] should support all network ports on the device
  - [x] must have correct port assignment (WAN/LAN)
- wifi (if applicable)
  - [x] association with AP must be possible on all radios
  - [x] association with 802.11s mesh must be working on all radios
  - [x] ap/mesh mode must work in parallel on all radios
- led mapping
  - power/sys led (_critical, because led definitions are setup on firstboot only_)
    - [x] lit while the device is on
    - [x] should display config mode blink sequence
(https://gluon.readthedocs.io/en/latest/features/configmode.html)
  - radio leds
    - [x] should map to their respective radio
    - [x] should show activity
  - switchport leds
    - [x] should map to their respective port (or switch, if only one led present)
    - [x] should show link state and activity
- outdoor devices only
  - [ ] added board name to `is_outdoor_device` function in `package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua`
- ToDo (upstream):
  - enable PoE pass through on interface E3
        system.poe_passthrough=gpio_switch
        system.poe_passthrough.name='PoE Passthrough'
        system.poe_passthrough.gpio_pin='446'
        system.poe_passthrough.value='0' (0 is active)

ath79-generic: add support for TP-Link EAP225-Outdoor v1

modules: update

e294a22 batman-adv: Refresh patches with quilt
519ef4a batman-adv: Merge bugfixes from 2021.2
8d93475 olsrd: add filtergw plugin
76a7bc7 olsrd: update to 2021-06-21
3912935 olsrd: use SPDX
69e2fe6 bird2: Fix bus error on OSPF on IPQ806X

fa1791dbc htop: Add HTOP_LMSENSORS config option
19998f14f banip: update 0.7.10
36ffcd66f xray-core: fix build under go 1.17
2b17d1ca9 golang: Update to 1.17
0e3c2d959 gpsd: bump to 3.23
3b73213bf yq: Update to 4.12.1
954eba88a auc: update to version 0.2.4
af4098118 yq: Update to 4.12.0
cec17047d apr: patch CVE-2021-35940
1c982c63a nextdns: Update to version 1.36.0
4adf9a1c1 mosquitto: allow auth options with per listener settings
c4f61bf57 mosquitto: init: support more UCI options
6c9d59571 airos-dfs-reset: add airos-dfs-reset
baceb237a [openwrt-21.02] delve: Update to 1.7.1
0bd7e25f2 phantap: update to latest commit
06011c690 travelmate: update to 2.0.6
3733d0a7d travelmate: update to 2.0.5-3
d89bb6bec https-dns-proxy: patch CMakeList.txt to use OpenWrt CFLAGS
8b5002a6e dnscrypt-proxy2: Upgrade to 2.1.0
ffb8b452a c-ares: update to version 1.17.2
ce0c9af93 mc: add a missing Syntax file
f5669e3a6 mblaze: new package
af616fc58 hwdata: update to version 0.350
0240320e8 tvheadend: update to v4.2.8, remove static ffmpeg
4ddc4a613 tvheadend: fix compilation with GCC 9 and 10
fdee10fde python3-setuptools: add _distutils_hack
affb4038c zabbix: Call killall with the -s
d0444c0f5 git: update to 2.33.0
e583b7e3e mc: update to 2.8.27
542aa086e curl: update to 7.78.0
dd49c191a auc: update to version 0.2.0
395f55203 unixodbc: use 'install' when copying host binaries
b3c416b2d perl: perlmod.mk: use 'install' for host binaries
5665c3bdf stubby: Add multi WAN support for procd trigger
1ca9b3c98 stubby: remove maintainer
39b401638 stubby: remove libidn2 and libunwind dependencies
57eab26bb stubby: bump to 0.4.0
cb7030229 sqm-scripts: bump to v1.5.1
eed183c5f travelmate: update to 2.0.5-2
3eab47600 travelmate: update to 2.0.5
20ff270f2 django: bump to version 3.2.6
b3cfba1de dockerd: Updated to 20.10.8
832671029 docker: Updated to 20.10.8
6fb2beb6a containerd: Updated to 1.4.9 for docker 20.10.8
f815bdd72 runc: Updated to 1.0.1 for docker 20.10.8
10b295626 whois: update to 5.5.9
6f82209e4 whois: update to 5.5.8
eda1e1045 gitlab-runner: update to 14.0.1
aa4171673 clamav: update to 0.103.3
2fc25208a irssi: add test.sh
8de166f42 irssi: update to 1.2.3
e264d6689 atlas-sw-probe: fix copypaste error and clean tmp dir on exit
9cb317541 Flash: update to version 2.0.1
eb5e13d37 Jinja2: update to version 3.0.1
573338fe4 Werkzeug: update to version 2.0.1
d1007d29f MarkupSafe: update to version 2.0.1
9fa4ce04a click: update to version 8.0.1
735f9ed87 itsdangerous: update to version 2.0.1
979464c6a net/snort3: Include default configs and snort2lua

5cc0535800 ath79: add support for onion omega
085c67762d kernel: bump 5.4 to 5.4.143
ff31cfb856 openssl: bump to 1.1.1l
5bfb9c30a1 prereq-build: require python3-distutils
f78017006b uboot-layerscape: fix dtc compilation on host gcc 10
8f039acee4 uboot-at91: fix dtc compilation on host gcc 10
378769b555 kernel: bump 5.4 to 5.4.142
662401d903 ipq40xx: fix Edgecore ECW5211 boot
61c65acbda ath79: kernel: Add missing quote to drivers/mfd/Kconfig
25d9fe8468 bcm27xx-userland: update to latest version
35eb06066e bcm27xx-userland: factor out a -dev package
750b966866 x86: kernel: set NR_CPUS to 512

Iterates over all configured modules and checks them for updates.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit d7f9e17f)

Co-authored-by: Michael Wyraz <michael.wyraz@evermind.de>

This has become possible with OpenWrt 21.02 and while the Dockerfile
already received that updated, we forgot to update the CI and the
documentation.

modules: update

ath79-generic: add TP-Link TL-WDR3600/4300