Commit Graph

16127 Commits

Author SHA1 Message Date
Eneas U de Queiroz
ab19627ecc wolfssl: allow building with hw-crytpo and AES-CCM
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure.  This applies a couple of upstream
patches fixing this.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-20 20:54:10 +02:00
Magnus Kroken
49d96ffc5c mbedtls: update to 2.16.3
Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch,
the issue has been fixed upstream.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2019-09-20 19:32:04 +02:00
Rosen Penev
977a8fc5fc uClibc++: Remove faulty patch
This patch was originally added to fix compilation with v4l2rtspserver.
Turns out it was v4l2rtspserver that was broken, not uClibc++. This now
causes issues with a different package where the arguments are being
split.

Note that with this patch, shellcheck throws an error:

SC2068: Double quote array expansions to avoid re-splitting elements.

More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-09-20 19:30:51 +02:00
Jo-Philipp Wich
d6bd3fd5c4 iwinfo: update to latest Git HEAD
02112f9 cli: fix reporting of mixed WPA2/WPA3 versions
7faeaea nl80211: properly detect WEP encryption in wpa_supp scan results
629b5ff nl80211: do not confuse open connections with WEP ones
3d47ddd nl80211: rework hostapd and wpa_supplicant wpa suite parsing

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-20 13:32:49 +02:00
Jo-Philipp Wich
abb4f4075e hostapd: mirror ieee80211w ap mode defaults in station mode
For AP mode, OpenWrt automatically sets ieee80211w to either 1 or 2, depending
on whether the encryption is set to sae-mixed, or sae/owe/eap suite-b.

Mirror the same defaults for client mode connections, in order to allow an
OpenWrt station to associate to an OpenWrt ap with SAE, OWE or Suite-B encryption
without the need to manually specify "option ieee80211w" on the station.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-20 13:27:28 +02:00
Jo-Philipp Wich
4209b28d23 hostapd: fix OWE settings in client mode
This changes fixes the generation of the wpa_supplicant client configuration
in WPA3 OWE client mode. Instead of incorrectly emitting key_mgmt=NONE, use
the proper key_mgmt=OWE setting instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-20 13:27:21 +02:00
Alberto Bursi
827f47749b kernel: add module for Emulex OneConnect 10Gbit
add module to support Emulex OneConnect
common in 10Gbit SFP+ cards by Dell/HP/IBM
supports OneConnect OCe10xxx OCe11xxx OCe14xxx, 
LightPulse LPe12xxx

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2019-09-19 23:43:27 +02:00
Leon M. George
f974f8213b hostapd: declare struct wpa_bss early
wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if
CONFIG_WPS is not defined.  With the later inclusion of
600-ubus_support, the issue manifests in warnings like these:

wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration
        struct wpa_bss *bss)
               ^~~~~~~

This patch forward declares 'struct wpa_bss' regardless.

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-19 23:43:27 +02:00
Leon M. George
a123df2758 hostapd: revert signature change in patch
The original wpa_hexdump uses a 'void *' for the payload.  With patch
410-limit_debug_messages, the signature changes and compiler warnings
occur at various places.  One such warning is:

 wpa_debug.h:106:20: note: expected 'const u8 * {aka const unsigned char *}' but argument is of type 'struct wpa_eapol_key *'

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-19 23:43:27 +02:00
Adrian Schmutzler
469e347f19 base-files: provide option to specify label MAC address in board.d
For many devices, MAC addresses cannot be retrieved via the
device tree alias.

To still provide the label MAC address for those, this implements
a second mechanism that will put the address into uci config.
Note that this stores the actual MAC address, whereas in DTS
we reference the bearing device.

This is based on the work of Rosy Song <rosysong@rosinson.com>

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-19 23:43:27 +02:00
Adrian Schmutzler
0340718863 base-files: add function to retrieve label MAC address
To refer to the MAC address on a device's label, one can
specify the alias label-mac-device in the DTS which should
point to the bearer of the corresponding MAC address.

With the function get_mac_label, the user can retrieve then
retrieve this address and use it as a value that uniquely
identifies his device.

This is severely helpful for several downstream functionalities,
e.g. define MAC addresses of custom netifs or change the SSID to
be easily recognizable.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-19 23:43:27 +02:00
Hans Dedecker
71cf4a272c curl: bump to 7.66.0
Refresh patches, for changes in version 7.66.0 see https://curl.haxx.se/changes.html#7_66_0

Fixes CVEs:
    CVE-2019-5481
    CVE-2019-5482

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-19 22:23:01 +02:00
Eneas U de Queiroz
d868d0a5d7 openssl: bump to 1.1.1d
This version fixes 3 low-severity vulnerabilities:

- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
		 CMS_decrypt_set1_pkey

Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-19 21:28:53 +02:00
Álvaro Fernández Rojas
b400179ca6 brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-09-19 17:37:43 +02:00
Jo-Philipp Wich
c933b6d224 procd: fix invalid JSON filter expression in procd_running()
Since service and instance names may contain characters which are not allowed
in JSON path labels, such as dashes or spaces, change the filter expression
to array square bracket notation to properly match these cases as well.

Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-19 07:20:32 +02:00
Jo-Philipp Wich
5ef9e4f107 firewall: update to latest Git HEAD
383eb58 ubus: do not overwrite ipset name attribute

Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-18 10:51:24 +02:00
Rafał Miłecki
04e912d217 procd: update to the latest git HEAD
62dc8c0 system: sysupgrade: send reply on error
2710c65 system: refuse sysupgrade with backup if it's unsupported

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-18 07:33:41 +02:00
Rafał Miłecki
f39f4b2f6d mac80211: brcmfmac: backport the last 5.4 changes
This makes brcmfmac use the same wiphy after PCIe reset to help user
space handle corner cases (e.g. firmware crash).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-16 08:37:06 +02:00
Petr Štetiar
2cf209ce91 firewall: update to latest git HEAD
c26f8907d1d2 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:56:09 +02:00
Robert Marko
3fe30b28ae ath10k-ct: update to version 2019-09-09
Update the ath10k-ct driver version to 5e8cd86f90dac966d12df6ece84ac41458d0e95f
to enable dynamic VLANs to work. Patches refreshed during the bump.

Signed-off-by: Robert Marko <robimarko@gmail.com>
[commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:56:09 +02:00
Robert Marko
7c930990af ath10k-firmware: update Candela Tech firmware images
This enables a feature flag in the wave-2 firmware wmi-services indicating it can send
software-encrypted raw frames.  This should in turn allow the AP-VLAN feature to work.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-09-15 22:56:09 +02:00
Petr Štetiar
296e1f253c netifd,lldpd,rpcd,log: use generic service_running
commit eb204d14f75c ("base-files: implement generic service_running")
introduced generic service_running so it's not needed to copy&paste same
3 lines over and over again.

I've removed service_running from netifd/network init script as well,
because it was not working properly, looked quite strange and I didn't
understand the intention:

 $ /etc/init.d/network stop
 $ service network running && echo "yes" || echo "nope"
     ( have to wait for 30s )
 Command failed: Request timed out
 yes

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:53:01 +02:00
Luiz Angelo Daros de Luca
7519a36774 base-files,procd: add generic service status
Adds a default status action for init.d scripts.

procd "service status" will return:

 0) for loaded services (even if disabled by conf or dead)
 3) for inactive services
 4) when filtering a non-existing instance

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[rebased, cleaned up]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:53:01 +02:00
Petr Štetiar
ed5b9129d7 base-files: implement generic service_running
DRY is good, otherwise we're going to suffer with a copy&paste disease
in the init scripts.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 20:58:30 +02:00
Hans Dedecker
a33d60c896 odhcpd: update to latest git HEAD
1d24009 netlink: rename netlink callback handlers
91a28e4 ndp: answer global-addressed NS manually
fd93e36 dhcpv6: retry failed PD assignments on addrlist change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-15 20:43:14 +02:00
Hans Dedecker
ce6311d301 odhcpd: fix update to git HEAD
Fixes commit 7ff5b12e90

e73bf11 config: ra_management compatibility support
d818380 odhcpd: router: Fix out of scope memory access
94a1c94 dhcpv6-ia: free assignment when validity timer expires
752fc2c router: speed up initial router advertisements
09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed
79eb160 router: fix previous commit
6034b5c router: close socket upon NETEV_IFINDEX_CHANGE
000182f router: fix lingering uloop socket descriptor
f6c2242 router: support ra_lifetime being 0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-12 22:37:54 +02:00
Ingo Feinerer
ca0ad9e0e9 umbim: update to latest git HEAD
184b707 umbim: add home provider query support

Signed-off-by: Ingo Feinerer <feinerer@logic.at>
2019-09-12 22:29:47 +02:00
Hans Dedecker
7ff5b12e90 odhcpd: update to latest git HEAD (FS#2019)
e73bf11 config: ra_management compatibility support
d818380 odhcpd: router: Fix out of scope memory access
94a1c94 dhcpv6-ia: free assignment when validity timer expires
752fc2c router: speed up initial router advertisements
09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed
79eb160 router: fix previous commit
6034b5c router: close socket upon NETEV_IFINDEX_CHANGE
000182f router: fix lingering uloop socket descriptor
f6c2242 router: support ra_lifetime being 0
d111809 router: make RA flags configurable (FS#2019)

Update odhcpd defaults according to the new RA flags implementation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-12 22:22:29 +02:00
Felix Fietkau
8176431963 mt76: probe load mt7615 driver asynchronously
It can take a long time to load the firmware

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-09-12 17:16:44 +02:00
David Bauer
7db2f1a71f iwinfo: update to latest Git HEAD
a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886
1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-09-12 15:38:08 +02:00
Rafał Miłecki
a858db3136 treewide: sysupgrade: use $UPGRADE_BACKUP to check for backup
Now that $UPGRADE_BACKUP is set conditionally there is no need to check
the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-11 09:05:35 +02:00
Rafał Miłecki
9785a9121d procd: update to the latest git HEAD
b8238df sysupgrade: support "backup" attribute

This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-11 09:03:36 +02:00
Rafał Miłecki
c5223b26a4 base-files: sysupgrade: pass "backup" ubus attribute
This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-11 08:57:24 +02:00
Hauke Mehrtens
7bed9bf10f hostapd: SAE/EAP-pwd side-channel attack update
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-10 21:51:41 +02:00
Hauke Mehrtens
9f34bf51d6 hostapd: Fix security problem
This fixes:
CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment"
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

This shouöld not affect OpenWrt in the default settings as we do not use
EAP-pwd.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-10 21:51:26 +02:00
Jo-Philipp Wich
d6a405280f rpcd: update to latest Git HEAD
e2a7bc4 iwinfo: add WPA3 support

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-10 15:25:12 +02:00
Rafał Miłecki
681acdcc54 mac80211: brcmfmac: backport more kernel 5.4 changes
Patch getting RAM info got upstreamed. A debugging fs entry for testing
reset feature was added.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-09 09:38:55 +02:00
Jo-Philipp Wich
2f9f8769e3 rpcd: update to latest Git HEAD
69eeb1b file: refactor message parsing and permission checking
f65527a iwinfo: expose all rate info fields in assoclist reply
7fec636 sys: fix symbol redeclaration
27c24c7 rpcd: sys: actually move timespec declaration
345363b file: add remove operation
604db20 rpcd: Switch to nanosleep

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-08 18:48:15 +02:00
Hauke Mehrtens
359bff6052 firewall: update to latest git HEAD
487bd0d utils: Fix string format message

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-08 18:39:13 +02:00
Rafał Miłecki
1c510fe298 base-files: validate firmware for compatibility with backup
This allows platform code to check if firmware image can be used with
preserving a backup. It may be used e.g. when installing vendor
firmwares that won't restore appended backup archive.

Suggested-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-08 09:10:30 +02:00
Hans Dedecker
7db6559914 firewal: update to latest git HEAD
4d0c703 firewall3: Fix some format string problems
8c404ef iptables.c: lock the xtables.lock
c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-07 21:23:43 +02:00
Hans Dedecker
1855c23794 odhcp6c: update to latest git HEAD
e199804 dhcpv6: sanitize oro options

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-07 13:11:53 +02:00
Yousong Zhou
40e3f660c1 uboot-fritz4040: build with ipq40xx "generic" subtarget
Fixes: 853e4dd3 ("ipqx0xx: add Generic subtarget")
Ref: https://forum.openwrt.org/t/ipq40xx-snapshot-not-updated-since-22nd-august/44126
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-09-06 08:33:30 +00:00
Rafał Miłecki
641f6b6c26 treewide: use new procd sysupgrade $UPGRADE_BACKUP variable
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.

This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 23:33:19 +02:00
Rafał Miłecki
e8dcbbc865 procd: update to the latest git HEAD
0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code

This update includes a fix for uninitialized variable usage.

Fixes: 7290963d09 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 23:16:54 +02:00
Adrian Schmutzler
45600124fc base-files: use get_mac_binary() in mtd_get_mac_binary_ubi()
The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.

This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-05 20:42:08 +02:00
David Bauer
4c060228cb base-files: fix mtd_get_mac_text not accepting hex offsets
The mtd_get_mac_text helper method did not support hexadecimal offset
values, resulting them to break after 75bfc393ba ("treewide:
convert MAC address location offsets to hexadecimal")

This commit fixes this by evaluating the hexadecimal input,
converting them to decimal.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-09-05 20:31:56 +02:00
Rafał Miłecki
bf39047872 treewide: don't hardcode "sysupgrade.tgz" file name
1) Add BACKUP_FILE and use it when copying an archive to be restored
   after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 14:33:19 +02:00
Hauke Mehrtens
1184e1f2b6 uboot-envtools: Update to U-Boot version 2019.07
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-04 22:35:22 +02:00
Álvaro Fernández Rojas
da3f5b2196 brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-09-04 18:09:34 +02:00
Rafał Miłecki
7290963d09 procd: update to the latest git HEAD
34ac88c system: reject sysupgrade of invalid firmware images by default
f55c235 system: reject sysupgrade of broken firmware images
e990e21 system: add "validate_firmware_image" ubus method

This update changes "sysupgrade" ubus method API. It's now required to
pass "force" attribute whenever invalid firmware is meant to be
installed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-04 11:17:06 +02:00
Rafał Miłecki
b71962da16 base-files: pass "force" parameter to the "sysupgrade" call
This makes sysupgrade work with the most recent procd that validates
firmware before proceeding.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-04 11:07:41 +02:00
Hauke Mehrtens
6aa962a622 uci: update to latest Git HEAD
415f9e4 uci/file: replace mktemp() with mkstemp()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-01 19:53:30 +02:00
Hauke Mehrtens
6658447534 iwinfo: update to latest Git HEAD
f599a8d iwinfo: Fix rate buffer size
71ec9be iwinfo: Fix buffer size
f8ef450 iwinfo: Add support for WPA3

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-01 19:48:43 +02:00
Tomasz Maciej Nowak
3fa0f32a68 grub2: bump to 2.04
* GCC 8 and 9 support.
* Gnulib integration overhaul.
* RISC-V support.
* Xen PVH support.
* Native UEFI secure boot support.
* UEFI TPM driver.
* New IEEE 1275 obdisk driver.
* Btrfs RAID 5 and RIAD 6 support.
* bootin from F2FS support.
* PARTUUID support.
* VLAN support.
* Native DHCP support.
* Many ARM and ARM64 fixes.
* Many SPARC fixes.
* Many IEEE 1275 fixes.
* ...and tons of other fixes and cleanups...

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-09-01 18:38:05 +02:00
Luis Araneda
5ca243153b uboot-zynq: update to 2019.07
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-09-01 18:38:05 +02:00
Konstantin Demin
b74f1f335a nftables: bump to version 0.9.2
- exclude Python-related stuff from build
- drop patches:
  * 010-uclibc-ng.patch, applied upstream

ipkg size decrease by 2.8%:
old:
194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk
new:
189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-09-01 18:38:04 +02:00
Konstantin Demin
699955a684 libnftnl: bump to version 1.1.4
ABI version is same.

The ipkg size increase by about 2.2%:
old:
47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk
new:
48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-09-01 18:38:04 +02:00
Jo-Philipp Wich
02169bd3f8 rpcd: update to latest Git HEAD
821045f file: add path based read/write/exec ACL checks
fb337e5 file: add stat() information to directory listings

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-01 18:33:21 +02:00
Eneas U de Queiroz
7f2b230b3b uhttpd: add support to generate EC keys
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:35:11 +02:00
Eneas U de Queiroz
a552ababd4 px5g: support EC keys
This adds an 'eckey' command to generate an EC key, with an optional
curve name argument, with P-256 as default.

For the 'selfsigned' command, it adds an 'ec' algorithm argument to the
'-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option,
mirroring the way openssl specifies the curve name.

Notice that curve names are not necessarily the same in mbedtls and
openssl.  In particular, secp256r1 works for mbedtls, but openssl uses
prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256
and P-384 are specifically supported.

Package size increased by about 900 bytes (arm).

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:34:30 +02:00
Eneas U de Queiroz
f40262697f openssl: always build with EC support
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:16:08 +02:00
Rosen Penev
926157c2cc libnfnetlink: Avoid passing both -fPIC and -fpic
Instead, instruct the configure script to use $(FPIC) only.

Mixing -fPIC and -fpic can cause issues on some platforms like PPC.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-31 12:08:23 +02:00
Rosen Penev
e2ecf39e8e ncurses: Do not pass both -fPIC and -fpic
The configure scripts matches Linux with -fPIC, which is not exactly what
is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to
avoid passing -fPIC.

Removed PKG_BUILD_DIR as it is already the default value.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-31 12:08:23 +02:00
David Bauer
9b0ce1789b lua: create lua symlink for host installation
Since the binaries for both lua as well as lua5.3 contain the version
number, invocations of the "lua" binary are failing, as it's not created
anymore for the host package.

Fixes: fe59b46 ("lua: include version number in installed files")
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-08-31 10:31:00 +02:00
Rafał Miłecki
f522047958 base-files: use JSON for storing firmware validation info
So far firmware validation result was binary limited: it was either
successful or not. That meant various limitations, e.g.:
1) Lack of proper feedback on validation problems
2) No way of marking firmware as totally broken (impossible to install)

This change introduces JSON for storing detailed validation info. It
provides a list of performed validation tests and their results. It
allows marking firmware as non-forceable (broken image that can't be
even forced to install).
Example:
{
        "tests": {
                "fwtool_signature": true,
                "fwtool_device_match": true
        },
        "valid": true,
        "forceable": true
}

Implementation is based on *internal* check_image bash script that:
1) Uses existing validation functions
2) Provides helpers for setting extra validation info

This allows e.g. platform_check_image() to call notify_check_broken()
when needed & prevent user from bricking a device.

Right now the new JSON info is used by /sbin/sysupgrade only. It still
doesn't make use of "forceable" as that is planned for later
development.

Further plans for this feature are:
1) Expose firmware validation using some new ubus method
2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
   method so:
   a) It's possible to safely sysupgrade using ubus only
   b) /sbin/sysupgrade can be more like just a CLI

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-30 08:34:10 +02:00
John Crispin
63c722c0be linux-firmware: add mediatek BT firmware
Signed-off-by: John Crispin <john@phrozen.org>
2019-08-30 07:27:51 +02:00
Daniel Golle
a58bfb7377 mac80211: rt2x00: revert commit causing regression in 5GHz band
From: Stanislaw Gruszka <sgruszka@redhat.com>
This reverts commit 9ad3b55654455258a9463384edb40077439d879f.

As reported by Sergey:

"I got some problem after upgrade kernel to 5.2 version (debian testing
linux-image-5.2.0-2-amd64). 5Ghz client  stopped to see AP.
Some tests with 1metre distance between client-AP: 2.4Ghz  -22dBm, for
5Ghz - 53dBm !, for longer distance (8m + walls) 2.4 - 61dBm, 5Ghz not
visible."

It was identified that rx signal level degradation was caused by
9ad3b5565445 ("rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band").
So revert this commit.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-08-29 22:29:54 +02:00
Hans Dedecker
6e45ba4699 procd: fix compile issue with glibc (FS#2469)
0430252 sysupgrade: add missing _GNU_SOURCE define (FS#2469)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-28 15:30:40 +02:00
Koen Vandeputte
5cc942a80e ath9k: backport dynack improvements
Close cooperation with Lorenzo Bianconi resulted
in these patches which fix all remaining seen issues
when using dynack.

Fix link losses when:
- Late Ack's are not seen or not present
- switching from too low static coverage class to dynack on a live link

These are fixed by setting the Ack Timeout/Slottime to
the max possible value for the currently used channel width when
a new station has been discovered.

When traffic flows, dynack is able to adjust to optimal values
within a few packets received (typically < 1 second)

These changes have been thoroughly tested on ~60 offshore devices
all interconnected using mesh over IBSS and dynack enabled on all.

Distances between devices varied from <100m up to ~35km

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2019-08-28 13:08:21 +02:00
Jo-Philipp Wich
517cb0b70b fstools: update to latest Git HEAD
6a61b9a probe: fallback to libblkid.so.1 when libblkid.so does not exist

Also remove deprecation notices from init script while we're at it.

Fixes: FS#2274
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-28 12:46:18 +02:00
Jo-Philipp Wich
b13f3300d5 iwinfo: update to latest Git HEAD
a9f9557 nl80211: support reading hardware id from phy directly
c586cd3 iwinfo: add device id for MediaTek MT7612E
d4382dd iwinfo: add device id for Atheros AR9390

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-28 12:09:14 +02:00
Álvaro Fernández Rojas
cb3c4c713d brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-08-27 15:20:20 +02:00
DENG Qingfang
79f235abef mtd-utils: update to 2.1.1
Removed upstream patch
Compile and run tested on mvebu

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-08-27 10:32:44 +02:00
Koen Vandeputte
bd926fdde5 ath10k-firmware: update Candela Tech firmware images
This should fix a problem with 1560 MTU, 160Mhz on DFS channels,
some other small issues on < 5.2 kernels, and for 5.2 driver,
it pulls in some upstream stable fixes.

wave-1 firmware changes since last update:

  *  June 24, 2019: Try allocating low-priority WMI msgs if high-prio are not available.

  *  June 24, 2019: Init rate-ctrl to start at lowest rate instead of in the middle.  Hoping
                    this helps DHCP when station connects from a long distance.

wave-2:

  *  June 24, 2019  Start rate-ctrl at minimal values to help DHCP work better for far-away peers.

  *  July 24, 2019  Fix old regression that made /a (and probably /b/g) perform poorly, at least on
                    diet-compiled images.

  *  Aug 8, 2019  Improve a/b/g rate-ctrl by damping the PER swings caused by the all-or-nothing logic
                  of transmitting non-block-ack frames one at a time.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-27 10:32:44 +02:00
Felix Fietkau
c3a78955f3 kernel: move crypto-arc4 into a module
It is no longer required by wireless drivers, so we can save some space here

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-26 18:21:13 +02:00
Felix Fietkau
0e22e14b6c mt76: update to the latest version
fb0f432834c0 mt76: stop rx aggregation on station removal
76aada563b66 mt76: dma: reset q->rx_buf on rx reset
3245ca8b8aeb mt76: check of_get_mac_address for NULL as well to restore old kernel compat
8e495245ab3d mt76: mt7615: move mt7615_mac_get_key_info in mac.c
e4f48a8df6aa mt76: mt7615: add mt7615_mac_wtbl_addr routine
e8c95e5a41f0 mt76: mt7615: introduce mt7615_mac_wtbl_set_key routine
d998b90c4bed mt76: mt7615: remove wtbl_sec_key definition
60d279ec2762 mt76: mt7615: add set_key_cmd and mt76_wcid to mt7615_mac_wtbl_set_key signature
4947ad4eab6a mt76: introduce mt76_mmio_read_copy routine
4d9001b8ab1d mt76: mt7615: fix MT7615_WATCHDOG_TIME definition
3d6796b867b6 mt76: mt7603: fix watchdog rescheduling in mt7603_set_channel
8d7a48030005 mt76: mt7615: add 4 WMM sets support
ae0f11149248 mt76: mt7615: update cw_min/max related settings
8b7bbd017654 mt76: mt7603: fix some checkpatch warnings
e6045467848d mt76: mt7615: fix some checkpatch warnings
c415c676e255 mt76: mt76x02: fix some checkpatch warnings
f625afcedc9b mt76: switch to SPDX tag instead of verbose boilerplate text
4d57f1cee4aa mt76: mt7615: rework locking scheme for mt7615_set_channel
2becd13be766 mt76: mt7615: add Smart Carrier Sense support
20f0c196722a mt76: mt76x02: introduce mt76x02_pre_tbtt_enable and mt76x02_beacon_enable macros
ae83a05b1050 mt76: mt76x02: do not copy beacon skb in mt76x02_mac_set_beacon_enable
92fa62ace198 mt76: mt76x02u: enable multi-vif support
c6dabfe953af mt76: mt76x02u: enable survey support
1f44159b41ff mt76: mt7603: move survey_time in mt76_dev
9657e6304322 mt76: mt7615: enable survey support
af860c0decb1 mt76: move mt76_tx_tasklet in mt76 module
a9d2a28b39fc mt76: mt7603: remove unnecessary mcu queue initialization
281b10fc1fe6 mt76: mt7615: add BIP_CMAC_128 cipher support
37673a4181e4 mt76: fix some checkpatch warnings
a7fa32603981 mt76: add default implementation for mt76_sw_scan/mt76_sw_scan_complete
5c35bdf057af mt7615: apply calibration-free data from OTP
0e3baf0213c9 mt76: fix a leaked reference by adding a missing of_node_put
2d5928fef23d net: Remove dev_err() usage after platform_get_irq()
a0824197ab00 mt76: mt76x0e: disable 5GHz band for MT7630E
4d8a9f20610f mt76: do not send BAR frame on tx aggregation flush stop
2a0edbb4473b mt76: remove offchannel check in tx scheduling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-26 18:21:02 +02:00
Christian Lamparter
e1dcfe02b2 mac80211: refresh patches
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-24 23:23:31 +02:00
Christian Lamparter
5ef3fe614c openssl: refresh patches
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-24 23:23:31 +02:00
Christian Lamparter
8036345225 fstools: update to HEAD of 2019-07-01 - 1539b5
Update fstools to commit 1539b535ac327a3bc599d1ca871e14fd0dc3bba1

git log --pretty=oneline --abbrev-commit ff1ded63..1539b535

1539b53 libblkid-tiny: increment label size to 256
d563f3c libblkid-tiny: fix wrong btrfs label length
3957dd3 block: prevent mount point confusion
9b36dc2 libfstools: avoid false positives when matching devices and volumes

Created with the help of the make-package-update-commit.sh script.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-24 23:23:31 +02:00
Christian Lamparter
e9d875a537 ath10k-ct: update to HEAD of 2019-08-14 - 9e5ab2
Update ath10k-ct to commit 9e5ab25027e0971fa24ccf93373324c08c4e992d

git log --pretty=oneline --abbrev-commit f0aa8130..9e5ab250

9e5ab25 ath10k-ct:  Update to latest 5.2 upstream, support bigger mtu, 160Mhz

Created with the help of the make-package-update-commit.sh script
and refresh patches.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-24 23:22:10 +02:00
Vladimir Vid
7dff6a8c89 mvebu: uDPU: add sysupgrade support
This patch adds sysupgrade, uboot-env and networking support
for Methode uDPU device.

Device features 4 partitions:

-----------------------------------------
|  boot   | recovery  | rootfs |  misc  |
| (ext4)  |  (ext4)   | (fsf2) | (f2fs) |
_________________________________________

Idea was to use f2fs only but the u-boot currently lacks support
so first 2 partition are ext4 to be u-boot readable, and this was
a reason why custom build and sysupgrade sections were required.

On the sysupgrade, boot and rootfs partitions are updated, firmare
image and user configuration is saved on the misc partition and if
the upgrade was successfull, recovery partition will be updated on
after the reboot from preinit script. If the sysupgrade fails for any
reason, device will fallback to recovery initramfs image.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2019-08-24 23:11:15 +02:00
Vladimir Vid
52cbe6b9c0 kernel: add i2c-pxa driver
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2019-08-24 23:11:15 +02:00
DENG Qingfang
bd098231ba iproute2: update to 5.2.0
Remove upstream patches

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-08-24 21:58:13 +02:00
Felix Fietkau
f0992d7a30 mac80211: fix a regression in the minstrel_ht improvement patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-24 12:47:00 +02:00
Daniel Golle
4346de8d34 mac80211: rt2x00: import pending patches
https://patchwork.kernel.org/patch/11111605/
https://patchwork.kernel.org/patch/11110703/

Fixes: 91c84e87c2 ("mac80211: rt2x00: clear IV's on start to fix AP mode regression")
Fixes: 0b2c42ced2 ("mac80211: Update to version 5.2-rc7")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-08-23 18:10:47 +02:00
Rafał Miłecki
b6f4cd57e1 treewide: sysupgrade: pass "save_partitions" option to the "sysupgrade" method
This explicitly lets stage2 know if partitions should be preserved. No
more "touch /tmp/sysupgrade.always.overwrite.bootdisk.partmap" hack.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-22 13:47:51 +02:00
Rafał Miłecki
b534ba9611 base-files: pass "save_config" option to the "sysupgrade" method
This explicitly lets stage2 know if config should be preserved.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-22 13:47:47 +02:00
Rafał Miłecki
2b1a6d263c procd: update to latest git HEAD
9558031 system: support passing "options" to the "sysupgrade" ubus method

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-22 13:46:53 +02:00
Kevin Darbyshire-Bryant
bd01346bb4 firewall: update to latest git HEAD
bf29c1e firewall3: ipset: Handle reload_set properly

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-08-22 09:31:57 +01:00
Felix Fietkau
0441edfb7f mac80211: backport support for the IEEE80211_KEY_FLAG_GENERATE_MMIE flag
Required for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-21 14:59:21 +02:00
Felix Fietkau
a0637718d5 mac80211: add new minstrel_ht patches to improve probing on mt76x2
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-21 14:59:18 +02:00
Felix Fietkau
a886a0ecc8 mac80211: renumber subsys patches after update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-21 14:59:10 +02:00
Felix Fietkau
032e08a011 mac80211: remove TX_NEEDS_ALIGNED4_SKBS patch
The intended performance benefit could not be reliably reproduced, and the
patch was not accepted upstream

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-21 14:59:05 +02:00
Luiz Angelo Daros de Luca
0851ce4ff9 elfutils: bump to 0.177
200-uclibc-ng-compat.patch is upstream now.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2019-08-19 22:10:35 +02:00
Daniel Golle
91c84e87c2 mac80211: rt2x00: clear IV's on start to fix AP mode regression
To do not brake HW restart we should keep initialization vectors data.
I assumed that on start the data is already initialized to zeros, but
that not true on some scenarios and we should clear it. So add
additional flag to check if we are under HW restart and clear IV's
data if we are not.

Patch fixes AP mode regression.

Patch pending on linux-wireless and imported from patchwork.

Fixes: 0b2c42ced2 ("mac80211: Update to version 5.2-rc7")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-08-19 13:46:00 +02:00
Hauke Mehrtens
9cdb4753be linux-firmware: intel: Use recent version of wifi firmware
iwlwifi from the new backports also supports more recent FW versions,
update to the most recent versions for already supported devices.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-18 22:17:35 +02:00
Hauke Mehrtens
2ceee0e023 mac80211: ath10k: Fix crashes of QCA9984 when station connects
This fixes a bug introduced in backports from kernel 5.1 which makes
ath10k crash on QCA9984 when a station connects. The FW sends a airtime
report, but this station is not yet fully registered and a NULL pointer
is used.

Fixes: 0b2c42ced2 ("mac80211: Update to version 5.2-rc7")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-18 21:18:36 +02:00
Christian Lamparter
8f757d427c ipq-wifi: drop upstreamed custom board-2.bin
The BDFs for the:
	ALFA Network AP120C-AC
	ASUS Lyra
	AVM FRITZ!Box 7530
	AVM FRITZ!Repeater 3000
	EnGenius EAP1300
	EnGenius ENS620EXT
	Netgear Orbi Pro SRK60

boards were upstreamed to the ath10k-firmware repository
and linux-firmware.git.

Furthermore the BDFs for the:
	OpenMesh A42 specific BDFs
	OpenMesh A62 specific BDFs
	Linksys EA6350v3
have been updated.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-18 20:56:41 +02:00
Christian Lamparter
4d34216ea5 linux-firmware: update to 20190815
Update linux-firmware to 20190815

git log --pretty=oneline --abbrev-commit 20190815..20190815

07b925b Install only listed firmware files
5621bfc rtw88: add a README file
7e431c5 rtw88: RTL8822C: add WoW firmware v7.3
2dc7023 rtw88: RTL8822C: update rtw8822c_fw.bin to v7.3
d3d000d Merge branch 'ath10k-20190808' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/linux-firmware
d3e17e9 Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
d3f7234 Merge commit '70af908f4ad7aa8bc65032253f99a0a4fbe1e6c3' of https://github.com/Netronome/linux-firmware
1f0a99f ath10k: QCA9984 hw1.0: update board-2.bin
49c1187 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00046
1031f01 ath10k: QCA988X hw2.0: update firmware-5.bin to 10.2.4-1.0-00045
cf714a2 ath10k: QCA9888 hw2.0: update board-2.bin
81e2e77 ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00040
8dc2dfb ath10k: QCA9887 hw1.0: update firmware-5.bin to 10.2.4-1.0-00045
1bd3ef2 ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00140-QCARMSWPZ-1
e043109 ath10k: QCA4019 hw1.0: update board-2.bin
b1e26aa cxgb4: update firmware to revision 1.24.3.0
70af908 nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.38
dff98c6 Merge branch 'master' of git://github.com/skeggsb/linux-firmware
580b076 Merge branch 'nxp_mc' of https://github.com/NXP/linux-firmware
f9b0071 Merge tag 'iwlwifi-fw-2019-07-20' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
2a3b75d nvidia: add missing entries in WHENCE
6fc1eb1 linux-firmware: Update NXP Management Complex firmware to version 10.16.2
cd6cb7b iwlwifi: update -48 FWs for Qu and cc
b5f09bb iwlwifi: update FWs for 3168, 7265D, 9000, 9260, 8000, 8265 and cc
bf13a71 Merge branch 'guc_v33' of git://anongit.freedesktop.org/drm/drm-firmware
d52556e linux-firmware: Update firmware file for Intel Bluetooth AX201
dbcc2fb linux-firmware: Update firmware file for Intel Bluetooth 22161
a5ee415 linux-firmware: Update firmware file for Intel Bluetooth 9560
7444ca4 linux-firmware: Update firmware file for Intel Bluetooth 9260
3d1e553 amdgpu: update vega10 VCE firmware
5d4e3cc amdgpu: update picasso vcn firmware
6a45d9e amdgpu: update raven vcn firmware
9c8161f amdgpu: update tonga to latest 19.20 firmware
7b6c49c amdgpu: update vega12 to latest 19.20 firmware
4f7b71b amdgpu: partially revert 2579167548be33afb1fe2a9a5c141561ee5a8bbe
fd3cc24 amdgpu: update vega10 to latest 19.20 firmware
c190efa amdgpu: update polaris12 to latest 19.20 firmware
f42b54e amdgpu: update raven2 to latest 19.20 firmware
fc89ce8 amdgpu: update raven to latest 19.20 firmware
3bebb5a amdgpu: update picasso to latest 19.20 firmware
05dbae6 drm/i915/firmware: Add v33 of GuC for ICL
786f17a drm/i915/firmware: Add v33 of GuC for KBL
aae0eb5 drm/i915/firmware: Add v33 of GuC for SKL
9cf240f drm/i915/firmware: Add v33 of GuC for GLK
8a0a6a6 drm/i915/firmware: Add v33 of GuC for BXT
70e4394 linux-firmware: rsi: add firmware image for redpine 9116 chipset
fd69a5d linux-firmware: Add firmware file for Intel Bluetooth AX201
7ae3a09 Merge tag 'iwlwifi-fw-2019-06-20' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
90e6845 iwlwifi: add new firmwares for integrated 22000 series
71ef30c iwlwifi: update FW for 22000 to Core45-96
e58cbf7 iwlwifi: update FWs for 9000 series to Core45-96
b443218 iwlwifi: update Core45 FWs for 22260, 9000 and 9260
5157165 iwlwifi: udpate -36 firmware for 8000 series

This commit was created with the help of the make-package-update-commit.sh script.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-18 20:56:41 +02:00