This reverts commit 702211ac.

And refreshes the according patches to OpenWrt 24.10 / batman-adv
v2024.3.

Patch needs a rebase. Remove in the meantime.

Signed-off-by: David Bauer <mail@david-bauer.net>

df580180d irqbalance: update to 1.9.3
023d6831a irqbalance: add banned_cpulist option
61ae8719f adblock-fast: bugfix: call to missing function
4f99ac645 ddns-scripts: Fix Route53 provider
f7d0beb26 ddns-scripts: add new DDNS provider ipnodns.ru
bf76672ac banip: update 0.9.2-4
e010d9d9f banip: update 0.9.2-3
01fca9e8b https-dns-proxy: fix unintentional call of service_stopped in boot()
183f008a4 sing-box: update to 1.6.6
a241e53ac rust: Update to 1.74.0
709456d06 adblock-fast: bufgix: fix boot()
22a1e22b2 https-dns-proxy: bugfix: prevent erros from boot()
c4315fc5e haproxy: update to v2.8.4
4e152bc41 dhtd: update to 0.2.4
f8918644c acme-acmesh: Update to 3.0.7
0bcd6bbc8 dnsproxy: Update to 0.59.0
f8cd88d0d tailscale: Update to 1.54.0
01bfe4f6b tailscale: Update to 1.52.1
906e4703f tailscale: Update to 1.50.1
625efd967 gummiboot: release bump
f9fa735ed netbird: update to version 0.24.2
481902f4e netbird: update to 0.23.9
91238177f netbird: update to 0.23.6
8d5ab4ca0 dhtd: update to 0.2.1
5ec47c5f1 dhtd: new package
cad16d24f crowdsec: new upstream release version 1.5.5
f9b6c2c5d pymysql: add meta-package for sha256 support
5453ca57c freeradius3: Fix build when pcre is present
413260559 golang: Update to 1.21.4
b2e8a5bdd adblock-fast: bugfix: ensure downloaded block-lists end with newline
11252ef64 banip: update 0.9.2-2
4c197c1a2 banip: release 0.9.2-1
8cf81bccd tang: set the right permissions to keys
660c30cc2 v2raya: Update to 2.2.4.1
98c281532 v2ray-core: Update to 5.11.0
4df5572bb adblock-fast: update to 1.0.1-1
6439078a9 php8: update to 8.2.12
b2cdb8f45 php8: fix linking on riscv64 platform (again)
7519f1ff1 crowdsec-firewall-bouncer: add ujail
d42ced507 perl: add support for riscv64

Co-authored-by: David Bauer <mail@david-bauer.net>
Co-authored-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Tom Herbers <mail@tomherbers.de>

948ea0e9c046 ecdsautils: update to v0.4.1
97333939dbcc hwdata: update to version 0.359
22c8efd9377c tor: bump to 0.4.7.7 stable
241e70f5fd84 etherwake-nfqueue: swap iptables for nftables dependency
61e0ee2e8e30 rclone: Update to 1.58.1
a8374c48e14f apfree-wifidog: fix compile error
2af08fe724f3 gst1-libav: fix compilation with ffmpeg5
419054a05f56 libtorrent-rasterbar: Update to 2.0.6

With the update to ecdsautils 0.4.1, we can remove the downstream patch
again.

A vulnerability was found in ecdsautils which allows forgery of ECDSA
signatures. An adversary exploiting this vulnerability can create an update
manifest accepted by the autoupdater, which can be used to distribute
malicious firmware updates by spoofing a Gluon node's connection to the
update server.

Prevents spurious build failures.

This also drops the GMAC-based methods from gluon-mesh-vpn-fastd's
check_site.lua, as they are not supported anymore.

This mark prevents a multicast packet being flooded through the whole
mesh. The advantage of marking certain multicast packets via e.g.
ebtables instead of dropping is then the following:

This allows an administrator to let specific multicast packets pass as
long as they are forwarded to a limited number of nodes only and are
therefore creating no burdon to unrelated nodes.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

Gluon v2020.2.x uses fastd v19, so we keep that in a separate patch. The
fastd memory leak fix from v18 is not removed in this patch anymore, as
the fix is needed for v19 as well.

The v20 and v21 patches are squashed into one, as they aren't backports
anymore after the rebase onto current openwrt-19.07.

a2673dc53 fastd: fix buffer leak when receiving invalid packets
51bf00834 logrotate: update to version 3.17.0
8715cef64 logrotate: update to 3.16.0
acb77d5be python3: Update to 3.7.9, refresh/remove backported patches
4af889f20 travelmate: bugfix single radio mode
cb3bab180 netdata: update to version 1.26.0
70bb0b4c8 bind: update to version 9.16.7
d05698fae freeradius3: move "release_" from PKG_VERSION
93360e625 freeradius3: add meta-package for default modules
2f7338b62 python-urllib3: update to version 1.25.10 (security fix)
50a67ed74 nextdns: Update to version 1.8.6
b48575ef4 chrony: update to 3.5.1
35e6986a0 nextdns: mark /etc/config/nextdns as configuration file
418e3b294 simple-adblock: config update file fix
9ac587ca8 libuv: update to 1.40.0
613d21085 nano: update to 5.3
992746571 btrfs-progs: update to version 5.7
cedba1ca2 btrfs-progs: update to version 5.6
25b2751f8 python-pytz: update to 2019.03
f3b424139 adblock: refresh blocklist sources
ec628b10d syslog-ng: bump version in config file
d0a74afad syslog-ng: tweak shell code of network_localhost little bit
f705a5a93 python-sentry-sdk: Update to version 0.12.3
2976a5a0e haproxy: Update HAProxy to v2.0.18
eec7bd646 tor: update to version 0.4.4.5
91af4cf72 mariadb: Update to the latest version from 10.2 branch
9461ae47a Werkzeug: Update to version 0.16.0
f9d9ae8c8 Flask: update to version 1.1.2
4a833e3a8 Flask: Update to version 1.1.1
a4534f160 gstreamer1: enable build options necessary for most applications
8a71cdd6a python-ifaddr: update to version 0.1.7
05ea7dfc6 nextdns: Update to version 1.8.5
9069ad925 ipmitool: fix CVE-2020-5208
826fc8921 nextdns: Update to version 1.8.4
ac7f78285 openconnect: updated to 8.10 to address CVE-2020-12823
3f0e26637 python-zeroconf: update to version 0.28.0
fe7ceaa65 python-zeroconf: update to version 0.24.4
49459505e mwan3: fix typo in mwan3_set_sticky_iptables
cae961784 ocserv: include ocserv-worker
2af61c9a4 vpnbypass: README update, code cleanup
b00feac4b ocserv: updated to 1.1.1
c614914da miniupnpd: add miniupnpd ipv6_disable option, #11971 close
70e57317b simple-adblock: add config auto-update feature
94866d76a collectd: update to 5.12.0
b60fa2de9 collectd: update PKG_RELEASE
aeefbbe34 collectd: remove quotation on interval this is an number
b0ad32a3e collectd: move include line
fbe7abcd5 collectd: update PKG_RELEASE
f53b79ced collectd: fix ubi data source type
67a403bfe collectd: add ubi uci and plugin info
37335cf65 collectd: enable ubi plugin

Implement a configurable MLD Querier wake-up calls "feature" which
works around a widely spread Android bug in connection with IGMP/MLD
snooping.

Currently there are mobile devices (e.g. Android) which are not able
to receive and respond to MLD Queries reliably because the Wifi driver
filters a lot of ICMPv6 when the device is asleep - including
MLD. This in turn breaks IPv6 communication when MLD Snooping is
enabled. However there is one ICMPv6 type which is allowed to pass and
which can be used to wake up the mobile device: ICMPv6 Echo Requests.

If this bridge is the selected MLD Querier then setting
"multicast_wakeupcall" to a number n greater than 0 will send n
ICMPv6 Echo Requests to each host behind this port to wake
them up with each MLD Query. Upon receiving a matching ICMPv6 Echo
Reply an MLD Query with a unicast ethernet destination will be sent
to the specific host(s).

Link: https://issuetracker.google.com/issues/149630944
Link: https://github.com/freifunk-gluon/gluon/issues/1832



Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

Instead of unconditionally loading this module on boot the gluon_bat0
netifd protocol script will later take care of loading either the
batman-adv or batman-adv-legacy module, depending on the configured routing
algorithm in UCI.

This reverts commit 8dd13cbb.

Fixes #1756

This reverts commit 3d3617ed.

This updates the batman-adv OpenWrt package to the current version
provided in the master branch of the openwrt-routing packages
repository:

* e26096a batman-adv: Fix duplicated OGMs on NETDEV_UP
* 1ff00ee batman-adv: upgrade package to latest release 2019.2

Small difference to the original:

* Compat code for batadv_genl_dump_check_consistent()
* Compat code for cfg80211_sinfo_release_content()
* 0001-batman-adv-add-compat-hacks.patch kept
* batctl dependency kept removed
* config related files unchanged

The new config format was not backported yet to keep this patch small
and less invasive.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

This always pulls in the batman-adv compat 15 kernel module. However,
batctl works just as well with batman-adv-legacy (compat 14).

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

2dfb22876414 batman-adv: add patches from 2018.1-maint 2018-06-03

A reference to the best gateway is taken when the list of gateways in the
mesh is sent via netlink. This is necessary to check whether the currently
dumped entry is the currently selected gateway or not. This information is
then transferred as flag BATADV_ATTR_FLAG_BEST.

After the comparison of the current entry is done,
batadv_*_gw_dump_entry() has to decrease the reference counter again.
Otherwise the reference will be held and thus prevents a proper shutdown of
the batman-adv interfaces (and some of the interfaces enslaved in it).

Fixes: 899235a4a637 ("Merge pull request #241 from ecsv/batman-adv-2016.4-maint-2016-10-29")
Reported-by: Andreas Ziegler <dev@andreas-ziegler.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>

0bf3b72c33d9 nat46: fixup PKG_MIRROR_HASH
23aa2e7b4afa nodogsplash2: Add NDS Restart Hook for Firewall (#369)
7ae81c8311ec cjdns: 20.1 -> 20.2
ff7b5da265e1 prince: version bump to v0.4
2f90fe406c58 miniupnpd: De-maintainering myself.
fdaa4cde3b2c bmx7: bump version
455a54207c84 batman-adv: upgrade package to latest release 2018.1
2e4937ea68f8 batctl: upgrade package to latest release 2018.1
a0eca40b0003 alfred: upgrade package to latest release 2018.1
015e5e99f2b6 bmx7: use configReaload on service reload
0ced8ec5a763 bmx7: keep bmx7 secret keys on sysupgrade
4bff0b3c65c5 cjdns: build fixes
7fc2fbdfc1b7 babeld: release 1.8.1
135bc605b4cf alfred: Support interface IDs with more than two digits
91e600e1cd9a bmx7: convert init script to use procd
86be0095b475 nodogsplash2: Add compatibility with mwan3 v2
17fccad969ea smcroute: Change download to HTTP
63cae8f571a6 bmx7: bump version

Fixes checksum failures on TT version updates.

Fixes #1321

The first one adds a fix that might potentially result in multicast packet
loss once we would enable multicast_mode again.

The second one avoids some small but unnecessary overhead. More
importantly though, it is supposed to ease further multicast improvements
later (e.g. no need for a multicast sending node to determine overlap
between WANT_ALL_IPV4/6 flags and TT entries while on fast-path).

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>

3aaa772ef520 bmx7: bump version
ccd4210f0ba7 bmx7: add PKG_MIRROR_HASH
d6dcd0c75630 bmx6: add PKG_MIRROR_HASH
536782119f0a alfred: upgrade package to latest release 2018.0
6a6f5da5efd5 batctl: upgrade package to latest release 2018.0
3bb75b003563 batman-adv: upgrade package to latest release 2018.0
2f74073c209d bmx7: bump version to 58b3823262512a48f5174e6778b2368c55bd05d9
733e935f04fc cjdns: v20 -> v20.1
f0ee73aa2285 bmx7: bump version
21a6454d7226 bmx6: bump to latest upstream version

Improves performance slightly.

Fixes "hw csum failure" log spam in batman-adv.

Updates batman-adv and alfred to 2017.1. This also allows us to drop our
last batman-adv patch.

Also remove our own no_rebroadcast patch, as batman-adv v2016.5 now has a
more sophisticated rebroadcast suppression that should work automatically
in the most relevant cases.

Fixes a build issue when switching targets.