LICENSE

 The code of Project Gluon may be distributed under the following terms, unless
 noted otherwise in individual files or subtrees.
 
-Copyright (c) 2013-2021, Project Gluon
+Copyright (c) 2013-2022, Project Gluon
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

README.md

@@ -21,7 +21,7 @@ the future development of Gluon.
 
 Please refrain from using the `master` branch for anything else but development purposes!
 Use the most recent release instead. You can list all releases by running `git tag`
-and switch to one by running `git checkout v2021.1.1 && make update`.
+and switch to one by running `git checkout v2021.1.2 && make update`.
 
 If you're using the autoupdater, do not autoupdate nodes with anything but releases.
 If you upgrade using random master commits the nodes *will break* eventually.

docs/conf.py

@@ -20,11 +20,11 @@
 # -- Project information -----------------------------------------------------
 
 project = 'Gluon'
-copyright = '2015-2021, Project Gluon'
+copyright = '2015-2022, Project Gluon'
 author = 'Project Gluon'
 
 # The short X.Y version
-version = '2021.1.1'
+version = '2021.1.2'
 # The full version, including alpha/beta/rc tags
 release = version
 

docs/index.rst

@@ -78,61 +78,7 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
    :caption: Releases
    :maxdepth: 1
 
-   releases/v2021.1.1
-   releases/v2021.1
-   releases/v2020.2.3
-   releases/v2020.2.2
-   releases/v2020.2.1
-   releases/v2020.2
-   releases/v2020.1.4
-   releases/v2020.1.3
-   releases/v2020.1.2
-   releases/v2020.1.1
-   releases/v2020.1
-   releases/v2019.1.3
-   releases/v2019.1.2
-   releases/v2019.1.1
-   releases/v2019.1
-   releases/v2018.2.4
-   releases/v2018.2.3
-   releases/v2018.2.2
-   releases/v2018.2.1
-   releases/v2018.2
-   releases/v2018.1.4
-   releases/v2018.1.3
-   releases/v2018.1.2
-   releases/v2018.1.1
-   releases/v2018.1
-   releases/v2017.1.8
-   releases/v2017.1.7
-   releases/v2017.1.6
-   releases/v2017.1.5
-   releases/v2017.1.4
-   releases/v2017.1.3
-   releases/v2017.1.2
-   releases/v2017.1.1
-   releases/v2017.1
-   releases/v2016.2.7
-   releases/v2016.2.6
-   releases/v2016.2.5
-   releases/v2016.2.4
-   releases/v2016.2.3
-   releases/v2016.2.2
-   releases/v2016.2.1
-   releases/v2016.2
-   releases/v2016.1.6
-   releases/v2016.1.5
-   releases/v2016.1.4
-   releases/v2016.1.3
-   releases/v2016.1.2
-   releases/v2016.1.1
-   releases/v2016.1
-   releases/v2015.1.2
-   releases/v2015.1.1
-   releases/v2015.1
-   releases/v2014.4
-   releases/v2014.3.1
-   releases/v2014.3
+   releases/index
 
 License
 -------

docs/releases/index.rst

+Release Notes
+=============
+
+.. toctree::
+   :caption: Gluon 2021.1
+   :maxdepth: 2
+
+   v2021.1.2
+   v2021.1.1
+   v2021.1
+
+.. toctree::
+   :caption: Gluon 2020.2
+   :maxdepth: 2
+
+   v2020.2.3
+   v2020.2.2
+   v2020.2.1
+   v2020.2
+
+.. toctree::
+   :caption: Gluon 2020.1
+   :maxdepth: 2
+
+   v2020.1.4
+   v2020.1.3
+   v2020.1.2
+   v2020.1.1
+   v2020.1
+
+.. toctree::
+   :caption: Gluon 2019.1
+   :maxdepth: 2
+
+   v2019.1.3
+   v2019.1.2
+   v2019.1.1
+   v2019.1
+
+.. toctree::
+   :caption: Gluon 2018.2
+   :maxdepth: 2
+
+   v2018.2.4
+   v2018.2.3
+   v2018.2.2
+   v2018.2.1
+   v2018.2
+
+.. toctree::
+   :caption: Gluon 2018.1
+   :maxdepth: 2
+
+   v2018.1.4
+   v2018.1.3
+   v2018.1.2
+   v2018.1.1
+   v2018.1
+
+.. toctree::
+   :caption: Gluon 2017.1
+   :maxdepth: 2
+
+   v2017.1.8
+   v2017.1.7
+   v2017.1.6
+   v2017.1.5
+   v2017.1.4
+   v2017.1.3
+   v2017.1.2
+   v2017.1.1
+   v2017.1
+
+.. toctree::
+   :caption: Gluon 2016.2
+   :maxdepth: 2
+
+   v2016.2.7
+   v2016.2.6
+   v2016.2.5
+   v2016.2.4
+   v2016.2.3
+   v2016.2.2
+   v2016.2.1
+   v2016.2
+
+.. toctree::
+   :caption: Gluon 2016.1
+   :maxdepth: 2
+
+   v2016.1.6
+   v2016.1.5
+   v2016.1.4
+   v2016.1.3
+   v2016.1.2
+   v2016.1.1
+   v2016.1
+
+.. toctree::
+   :caption: Gluon 2015.1
+   :maxdepth: 2
+
+   v2015.1.2
+   v2015.1.1
+   v2015.1
+
+.. toctree::
+   :caption: Gluon 2014.4
+   :maxdepth: 2
+
+   v2014.4
+
+.. toctree::
+   :caption: Gluon 2014.3
+   :maxdepth: 2
+
+   v2014.3.1
+   v2014.3
+

docs/releases/v2021.1.2.rst

+Gluon 2021.1.2
+==============
+
+Important notes
+---------------
+
+This release fixes a **critical security vulnerability** in Gluon's
+autoupdater.
+
+Upgrades to v2021.1 and later releases are only supported from releases v2018.2
+and later. Migration code for upgrades from older versions has been removed to
+simplify maintenance.
+
+
+Updates
+-------
+
+- The Linux kernel was updated to version 4.14.275
+- The mac80211 wireless driver stack was updated to a version based on kernel
+  4.19.237
+
+Various minor package updates are not listed here and can be found in the commit
+log.
+
+
+Bugfixes
+--------
+
+* **[SECURITY]** Autoupdater: Fix signature verification
+
+  A recently discovered issue (CVE-2022-24884) in the *ecdsautils* package
+  allows forgery of cryptographic signatures. This vulnerability can be
+  exploited to create a manifest accepted by the autoupdater without knowledge
+  of the signers' private keys. By intercepting nodes' connections to the update
+  server, such a manifest allows to distribute malicious firmware updates.
+
+  This is a **critical** vulnerability. All nodes with autoupdater must be
+  updated. Requiring multiple signatures for an update does *not* mitigate the
+  issue.
+
+  As a temporary workaround, the issue can be mitigated on individual nodes by
+  disabling the autoupdater via config mode or using the following commands::
+
+    uci set autoupdater.settings.enabled=0
+    uci commit autoupdater
+
+  A fixed firmware should be installed manually before enabling the autoupdater
+  again.
+
+  See security advisory `GHSA-qhcg-9ffp-78pw
+  <https://github.com/freifunk-gluon/ecdsautils/security/advisories/GHSA-qhcg-9ffp-78pw>`_
+  for further information on this vulnerability.
+
+* **[SECURITY]** Config Mode: Prevent Cross-Site Request Forgery (CSRF)
+
+  The Config Mode was not validating the *Origin* header of POST requests.
+  This allowed arbitrary websites to modify   configuration (including SSH keys)
+  on a Gluon node in Config Mode reachable from a user's browser by sending POST
+  requests with form data to 192.168.1.1.
+
+  The impact of this issue is considered low, as nodes are only vulnerable while
+  in Config Mode.
+
+* Config Mode: Fix occasionally hanging page load after submitting the
+  configuration wizard causing the reboot message and VPN key not to be
+  displayed
+
+* Config Mode (OSM): Update default OpenLayers source URL
+
+  The OSM feature of the Config Mode was broken when the default source URL was
+  used for OpenLayers, as the old URL has become unavailable. The default was
+  updated to a URL that should not become unavailable again.
+
+* Config Mode (OSM): Fix error when using ``"`` character in attribution text
+
+* respondd-module-airtime: Fix respondd crash on devices with disabled WLAN
+  interfaces
+
+  Several improvements were made to the error handling of the
+  *respondd-module-airtime* package. The "PHY ID" field (introduced in Gluon
+  2021.1) was removed again.
+
+* ipq40xx: Fix bad WLAN performance on Plasma Cloud PA1200 and PA2200 devices
+
+* Fix occasional build failure in "perl" package with high number of threads
+  (``-j32`` or higher)
+
+
+Other improvements
+------------------
+
+* Several improvements were made to the status page:
+
+  - WLAN channel display does not require the *respondd-module-airtime* package
+    anymore
+  - The "gateway nexthop" label now links to the status page of the nexthop node
+  - The timeout to retrieve information from neighbour nodes was increased,
+    making the display of the name
+    of overloaded, slow or otherwise badly reachable nodes more likely to
+    succeed
+
+
+Known issues
+------------
+
+* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a
+  soft-bricked state due to bad blocks on the NAND flash which the NAND driver
+  before this release does not handle well.
+  (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
+
+* The integration of the BATMAN_V routing algorithm is incomplete.
+
+  - Mesh neighbors don't appear on the status page.
+    (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
+    Many tools have the BATMAN_IV metric hardcoded, these need to be updated to
+    account for the new throughput metric.
+  - Throughput values are not correctly acquired for different interface types.
+    (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
+    This affects virtual interface types like bridges and VXLAN.
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are
+  unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* In configurations without VXLAN, the MAC address of the WAN interface is
+  modified even when Mesh-on-WAN is disabled
+  (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected
+  (like VMware when promiscuous mode is disallowed).

docs/site-example/site.conf

--- This is an example site configuration for Gluon v2021.1.1
+-- This is an example site configuration for Gluon v2021.1.2
 --
 -- Take a look at the documentation located at
 -- https://gluon.readthedocs.io/ for details.

docs/user/getting_started.rst

@@ -8,7 +8,7 @@ Gluon's releases are managed using `Git tags`_. If you are just getting
 started with Gluon we recommend to use the latest stable release of Gluon.
 
 Take a look at the `list of gluon releases`_ and notice the latest release,
-e.g. *v2021.1.1*. Always get Gluon using git and don't try to download it
+e.g. *v2021.1.2*. Always get Gluon using git and don't try to download it
 as a Zip archive as the archive will be missing version information.
 
 Please keep in mind that there is no "default Gluon" build; a site configuration
@@ -50,7 +50,7 @@ Building the images
 -------------------
 
 To build Gluon, first check out the repository. Replace *RELEASE* with the
-version you'd like to checkout, e.g. *v2021.1.1*.
+version you'd like to checkout, e.g. *v2021.1.2*.
 
 ::
 

modules

@@ -2,16 +2,16 @@ GLUON_FEEDS='packages routing gluon'
 
 OPENWRT_REPO=https://github.com/openwrt/openwrt.git
 OPENWRT_BRANCH=openwrt-19.07
-OPENWRT_COMMIT=81d0b4a9f431b2b2ca71edca91febedde98994a3
+OPENWRT_COMMIT=ecbbb373edf7be017e546be2443e6c422cb9c220
 
 PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git
 PACKAGES_PACKAGES_BRANCH=openwrt-19.07
-PACKAGES_PACKAGES_COMMIT=476b8b82bb7447a1ed847c96d85de567e09cdb62
+PACKAGES_PACKAGES_COMMIT=1c5e4c80f49bfddaee1998636fd8efe915fee7fc
 
 PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git
 PACKAGES_ROUTING_BRANCH=openwrt-19.07
-PACKAGES_ROUTING_COMMIT=101632e153b41238bc19dfd96ba2d23339dbcb76
+PACKAGES_ROUTING_COMMIT=8f23999365de1bf2617e03d3f536e4542258d985
 
 PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git
 PACKAGES_GLUON_BRANCH=v2021.1.x
-PACKAGES_GLUON_COMMIT=015408e702a5843310e40c2ca664e1903b601204
+PACKAGES_GLUON_COMMIT=f9ef3fc7d9d7b270de893e80cf6fba916c06bf45

patches/openwrt/0015-kernel-bridge-Implement-MLD-Querier-wake-up-calls-Android-bug-workaround.patch

@@ -1954,10 +1954,10 @@ index 0000000000000000000000000000000000000000..92bb9275df9d54778ce8f00b1cb6e999
 +2.27.0
 +
 diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14
-index cbe2c09af91dcbb036bb71d42b6b1075d7f31012..e7faafd719656769fe2e43ff9145abc28b806827 100644
+index a0569e4eb0e1249880864563ee980fadcbcc4ac6..c672ee6ff8e7540920c48be9f0a45ed73e428c1b 100644
 --- a/target/linux/generic/config-4.14
 +++ b/target/linux/generic/config-4.14
-@@ -629,6 +629,7 @@ CONFIG_BRIDGE=y
+@@ -630,6 +630,7 @@ CONFIG_BRIDGE=y
  # CONFIG_BRIDGE_EBT_T_NAT is not set
  # CONFIG_BRIDGE_EBT_VLAN is not set
  CONFIG_BRIDGE_IGMP_SNOOPING=y

patches/packages/gluon/0001-uradvd-adjust-preferred-lifetime-to-0.patch

+From: Nico <github@nicoboehr.de>
+Date: Thu, 3 Jun 2021 20:31:55 +0000
+Subject: uradvd: adjust preferred lifetime to 0
+
+When we announce a prefix from nodes which has a preferred lifetime
+of nonzero, clients can use this prefix as a source IP address.
+
+As we announce the same prefix for every segment, this won't work. Hence,
+set the preferred lifetime to 0 so nobody ever uses it as a source IP.
+
+diff --git a/net/uradvd/src/uradvd.c b/net/uradvd/src/uradvd.c
+index f6549f249518714e3d9210708b54cc23d85b26df..0edcfdcc02c3c1d513413d8cb580880e4ef9eab6 100644
+--- a/net/uradvd/src/uradvd.c
++++ b/net/uradvd/src/uradvd.c
+@@ -62,7 +62,7 @@
+ 
+ /* These are in seconds */
+ #define AdvValidLifetime 86400u
+-#define AdvPreferredLifetime 14400u
++#define AdvPreferredLifetime 0u
+ #define AdvDefaultLifetime 0u
+ #define AdvCurHopLimit 64u
+ #define AdvRDNSSLifetime 1200u

patches/packages/packages/0002-fastd-remove-random-delay-on-inital-handshake.patch

+From: Nico <github@nicoboehr.de>
+Date: Mon, 26 Apr 2021 14:12:43 +0000
+Subject: fastd: remove random delay on inital handshake
+
+When a peer limit is defined, fastd will by default randomly delay
+the inital handshake. As our gateways delay their handshake to
+better distribute their load, this is undesireable.
+
+diff --git a/net/fastd/patches/0100-remove-random-delay-on-inital-handshake.patch b/net/fastd/patches/0100-remove-random-delay-on-inital-handshake.patch
+new file mode 100644
+index 0000000000000000000000000000000000000000..40ca26812bda65d8b08a1034e23d1b2335c77259
+--- /dev/null
++++ b/net/fastd/patches/0100-remove-random-delay-on-inital-handshake.patch
+@@ -0,0 +1,23 @@
++--- a/src/peer.c
+++++ b/src/peer.c
++@@ -322,19 +322,11 @@ static void reset_peer(fastd_peer_t *pee
++ 
++ /**
++    Starts the first handshake with a newly setup peer
++-
++-   If a peer group has a peer limit the handshakes will be delayed between 0 and 3 seconds
++-   make the choice of peers random (it will be biased by the latency, which might or might not be
++-   what a user wants)
++ */
++ static void init_handshake(fastd_peer_t *peer) {
++-	unsigned delay = 0;
++-	if (has_group_config_constraints(peer->group))
++-		delay = fastd_rand(0, 3000);
++-
++ 	peer->state = STATE_HANDSHAKE;
++ 
++-	fastd_peer_schedule_handshake(peer, delay);
+++	fastd_peer_schedule_handshake(peer, 0);
++ }
++ 
++ /** Handles an asynchronous DNS resolve response */

patches/packages/packages/0004-ecdsautils-verify-fix-signature-verification-CVE-2022-24884.patch

+From: Matthias Schiffer <mschiffer@universe-factory.net>
+Date: Wed, 27 Apr 2022 19:01:39 +0200
+Subject: ecdsautils: verify: fix signature verification (CVE-2022-24884)
+
+Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
+
+diff --git a/utils/ecdsautils/Makefile b/utils/ecdsautils/Makefile
+index 7f1c76f0301f56b0a88c1f6a1a0147397fde25c7..5ba893be69d40279cd6f5c9e544e941d0011f451 100644
+--- a/utils/ecdsautils/Makefile
++++ b/utils/ecdsautils/Makefile
+@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=ecdsautils
+ PKG_VERSION:=0.3.2.20160630
+-PKG_RELEASE:=1
++PKG_RELEASE:=2
+ PKG_REV:=07538893fb6c2a9539678c45f9dbbf1e4f222b46
+ PKG_MAINTAINER:=Matthias Schiffer <mschiffer@universe-factory.net>
+ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+diff --git a/utils/ecdsautils/patches/0001-verify-fix-signature-verification-CVE-2022-24884.patch b/utils/ecdsautils/patches/0001-verify-fix-signature-verification-CVE-2022-24884.patch
+new file mode 100644
+index 0000000000000000000000000000000000000000..34d80cc201c0e87ca654c3def4fbbbddf622b0ba
+--- /dev/null
++++ b/utils/ecdsautils/patches/0001-verify-fix-signature-verification-CVE-2022-24884.patch
+@@ -0,0 +1,48 @@
++From 1d4b091abdf15ad7b2312535b5b95ad70f6dbd08 Mon Sep 17 00:00:00 2001
++Message-Id: <1d4b091abdf15ad7b2312535b5b95ad70f6dbd08.1651078760.git.mschiffer@universe-factory.net>
++From: Matthias Schiffer <mschiffer@universe-factory.net>
++Date: Wed, 20 Apr 2022 22:04:07 +0200
++Subject: [PATCH] verify: fix signature verification (CVE-2022-24884)
++
++Verify that r and s are non-zero. Without these checks, an all-zero
++signature is always considered valid.
++
++While it would be nicer to error out in ecdsa_verify_prepare_legacy()
++already, that would require users of libecdsautil to check a return value
++of the prepare step. To be safe, implement the fix in an API/ABI-compatible
++way that doesn't need changes to the users.
++---
++ src/lib/ecdsa.c | 10 ++++++++++
++ 1 file changed, 10 insertions(+)
++
++diff --git a/src/lib/ecdsa.c b/src/lib/ecdsa.c
++index 8cd7722be8cd..a661b56bd7c8 100644
++--- a/src/lib/ecdsa.c
+++++ b/src/lib/ecdsa.c
++@@ -135,6 +135,12 @@ regenerate:
++ void ecdsa_verify_prepare_legacy(ecdsa_verify_context_t *ctx, const ecc_int256_t *hash, const ecdsa_signature_t *signature) {
++   ecc_int256_t w, u1, tmp;
++ 
+++  if (ecc_25519_gf_is_zero(&signature->s) || ecc_25519_gf_is_zero(&signature->r)) {
+++    // Signature is invalid, mark by setting ctx->r to an invalid value
+++    memset(&ctx->r, 0, sizeof(ctx->r));
+++    return;
+++  }
+++
++   ctx->r = signature->r;
++ 
++   ecc_25519_gf_recip(&w, &signature->s);
++@@ -149,6 +155,10 @@ bool ecdsa_verify_legacy(const ecdsa_verify_context_t *ctx, const ecc_25519_work
++   ecc_25519_work_t s2, work;
++   ecc_int256_t w, tmp;
++ 
+++  // Signature was detected as invalid in prepare step
+++  if (ecc_25519_gf_is_zero(&ctx->r))
+++    return false;
+++
++   ecc_25519_scalarmult(&s2, &ctx->u2, pubkey);
++   ecc_25519_add(&work, &ctx->s1, &s2);
++   ecc_25519_store_xy_legacy(&w, NULL, &work);
++-- 
++2.36.0
++

targets/ar71xx-generic

@@ -103,6 +103,10 @@ device('d-link-dir-825-rev-b1', 'dir-825-b1', {
 	class = 'tiny', -- Only 6M of usable Firmware space
 })
 
+device('d-link-dir-825-rev-c1', 'dir-825-c1', {
+	profile = 'DIR825C1'
+})
+
 
 -- GL.iNet
 

targets/ath79-generic

@@ -95,6 +95,10 @@ device('tp-link-archer-c2-v3', 'tplink_archer-c2-v3', {
 
 })
 
+device('tp-link-archer-a7-v5', 'tplink_archer-a7-v5', {
+       packages = ATH10K_PACKAGES_QCA9888,
+})
+
 device('tp-link-archer-c6-v2', 'tplink_archer-c6-v2', {
 	packages = ATH10K_PACKAGES_QCA9888,
 })