Commit Graph

17930 Commits

Author SHA1 Message Date
Rafał Miłecki
50f2f25d58 kernel: limit crypto-hw-ccp to the x86
CRYPTO_DEV_CCP depends on X86 or ARM64
CRYPTO_DEV_CCP_DD depends on CPU_SUP_AMD or ARM64

Compiling this driver makes sense for x86 mainly. If one day support for
ARM64 board with AMD Secure Processor gets added this package may be
updated.

Trying to build this package on bcm4908 was causing:
ERROR: module 'build_dir/target-aarch64_cortex-a53_musl/linux-bcm4908_generic/linux-5.4.110/drivers/crypto/ccp/ccp-crypto.ko' is missing.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cb3fb45ed1)
2021-04-14 08:42:38 +02:00
Rafał Miłecki
48262735d9 kernel: crypto: format "crypto-hw-ccp" dependencies
Use multiples lines for better readability and sort lines.

Suggested-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 107111adbb)
2021-04-14 08:42:38 +02:00
Philip Prindeville
46362c48c8 libnfnetlink: quote $(FPIC) on command line
When $(FPIC) gets expanded on the command line (for instance
when setting environment variables for libtool, configure, or
make) we can't count on it not needing quoting (i.e. it could
contain multiple flags separated with spaces).

Fixes: dc31191ec3 ("build: make sure asm gets built with -DPIC")
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 7fae64cc06)
2021-04-12 20:45:29 +02:00
Felix Fietkau
04b22754d7 mt76: update to the latest version
6a3cf95733e2 mt76: fix tx skb error handling in mt76_dma_tx_queue_skb
ab9045153343 mt76: mt7915: only modify tx buffer list after allocating tx token id
7e1eff676257 mt76: mt7915: fix unused 'mode' variable
8a2e22fcbf69 mt76: mt7921: fix suspend/resume sequence
27a54e8b687f mt76: mt7921: fix memory leak in mt7921_coredump_work
c267322f0bdb mt76: mt7921: switch to new api for hardware beacon filter [v2 update]
fd2c59d9ba46 mt76: mt7921: fixup rx bitrate statistics [v2 update]
bfa8d5a6a9a1 mt76: adjust to upstream API for enabling threaded NAPI
1706fb6c48e8 mt76: mt7663s: fix rx buffer refcounting
c5aca6692c41 mt76: mt7615: enable hw rx-amsdu de-aggregation
9002b0b30aed mt76: mt7615: add rx checksum offload support
8e3f5bfe74f6 mt76: mt7615: add support for rx decapsulation offload
8e3bba8bd3ef mt76: mt7615: fix memory leak in mt7615_coredump_work
760adce29100 mt76: mt7921: fix aggr length histogram
84229a51845a mt76: mt7915: fix aggr len debugfs node
10a95da23cb7 mt76: mt7921: remove unneeded semicolon
2856dc8fb57e mt76: mt7921: fix stats register definitions
1b245e57549d mt76: mt7615: fix TSF configuration
1a2e2965b62b mt76: mt7615: remove hdr->fw_ver check
f60ec1b9473d mt76: mt7615: fix mib stats counter reporting to mac80211
8a5b036af48f mt76: mt7915: fix mib stats counter reporting to mac80211
ee6dbcc64f6d mt76: connac: fix kernel warning adding monitor interface
e46dd240ce72 mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list
ddf95ead3bb3 mt76: mt7921: get rid of mt7921_sta_rc_update routine
fd2a51ea9dc8 mt76: mt7921: fix the base of PCIe interrupt
28f53d074bb0 mt76: mt7921: fix the base of the dynamic remap
8d737632b57f mt76: mt7921: check mcu returned values in mt7921_start
5ff25c915e62 mt76: mt7915: add missing capabilities for DBDC
58dd3f26c099 mt76: mt7615: fix CSA notification for DBDC
76f4959107ac mt76: mt7615: stop ext_phy queue when mac reset happens
7de0a0654054 mt76: mt7915: fix CSA notification for DBDC
e9e418fc7eb0 mt76: mt7915: stop ext_phy queue when mac reset happens
477b78301879 mt76: mt7915: fix PHY mode for DBDC
37b4dc0f7595 mt76: mt76x0u: Add support for TP-Link T2UHP(UN) v1
29a04583aecb mt76: mt7915: fix rxrate reporting
a4307e6ba054 mt76: mt7915: fix txrate reporting
256f324f8fcd mt76: mt7915: check mcu returned values in mt7915_ops
638b112188a5 mt76: mt7615: check mcu returned values in mt7615_ops
975cccfa96da mt76: mt7663: fix when beacon filter is being applied
aafe972e95b2 mt76: mt7663s: make all of packets 4-bytes aligned in sdio tx aggregation
0d5b1a702715 mt76: mt7663s: fix the possible device hang in high traffic
00628061b546 mt76: mt7615: add missing capabilities for DBDC
2303e1844afd mt76: mt7915: fix possible deadlock while mt7915_register_ext_phy()
6e2b9d258306 mt76: mt7921: reduce mcu timeouts for suspend, offload and hif_ctrl msg
3cf5afc02955 mt76: introduce mcu_reset function pointer in mt76_mcu_ops structure
9af9622df549 mt76: mt7921: introduce mt7921_run_firmware utility routine.
e12c44a7e165 mt76: mt7921: introduce __mt7921_start utility routine
7b56d5bf6ea0 mt76: dma: introduce mt76_dma_queue_reset routine
a80e50098b51 mt76: dma: export mt76_dma_rx_cleanup routine
e0708e296e27 mt76: mt7921: add wifi reset support
87e09e8482cf mt76: mt7921: remove leftovers from dbdc configuration
cc933b3669f7 mt76: mt7921: remove redundant check on type
ca22cc221ae7 linux-firmware: add firmware for MT7921
0b6c9a043f78 mt76: move de-amsdu buffer per-phy
48a905e23791 mt76: mt7615: fix CSA event format
fbef8bba038f mt76: mt7921: remove duplicated macros in mcu.h
6886b57a1534 mt76: connac: introcuce mt76_sta_cmd_info data structure
e529e8afe22a mt76: mt7921: properly configure rcpi adding a sta to the fw
e4d522776804 mt76: mt7921: fix airtime reporting
be2f67e8d3cb mt76: mt7915: fix key set/delete issue
09a1befde4b7 mt76: fix potential DMA mapping leak
f66f8f41d47b mt76: mt7915: refresh repeater entry MAC address when setting BSSID
035e2f6f1ddf mt76: mt7921: get rid of mt7921_mac_wtbl_lmac_addr
ee29cd5f3a6a mt76: mt7615: only enable DFS test knobs for mt7615
9a98b1a6f9c2 mt76: mt7615: cleanup mcu tx queue in mt7615_dma_reset()
3bd285424e7b mt76: mt7622: trigger hif interrupt for system reset
bf6d9ee4acd1 mt76: mt7615: keep mcu_add_bss_info enabled till interface removal
115b74282314 mt76: mt7915: keep mcu_add_bss_info enabled till interface removal
57432e701d1a mt76: mt7915: cleanup mcu tx queue in mt7915_dma_reset()
a519c49a6a42 mt76: mt7615: 0-terminate firmware log messages
4a22f2ffae2e mt76: mt7915: 0-terminate firmware log messages
b8609066893a mt76: mt7615: fix chip reset on MT7622 and MT7663e
465dda65ee84 mt7615,mt7915: replace fw log 0-terminating code with wiphy info length limit
62b13f5352b8 mt76: mt7921: fix key set/delete issue
0ff3a336a8d8 mt7615,mt7915: fix a compiler warning
113ba8a81d54 mt76: mt7615: remove redundant dev_err call in mt7622_wmac_probe()
be1ab3b9ae7c mt76: mt7921: fix typo in mt7921_pci_resume
4e22f0dc934b mt76: mt7915: fix txpower init for TSSI off chips
e66a0b9b8d66 mt76: mt7615: always wake the device in mt7615_remove_interface
38f656768a90 mt76: mt7921: always wake the device in mt7921_remove_interface
6ee4770de083 mt76: mt7921: rework mt7921_mcu_debug_msg_event routine
e578b4b8d56a mt76: mt7615: fix .add_beacon_offload()
f8c6c7cbf10f mt76: mt7915: fix mt7915_mcu_add_beacon
7d35b7a15d1d mt76: mt7915: add wifi subsystem reset
04122c89749d mt76: fix rx amsdu subframe processing
5e764ec9bece mt76: mt7921: introduce MT_WFDMA_DUMMY_CR definition
cf0badbc0497 mt76: mt7921: fix inappropriate WoW setup with the missing ARP informaiton
f32a4e15f5b2 mt76: mt7921: fix the dwell time control
54f52771a04a mt76: mt7921: fix kernel crash when the firmware fails to download
97189d2a045b mt76: mt7921: fix the insmod hangs
dcdbd7c89cf5 mt76: mt7921: fix MT_PCIE_MAC_INT_ENABLE access
813db729c02f mt76: mt7921: reduce the data latency during hw scan
028b7152b1a9 mt76: mt7921: remove 80+80 MHz support capabilities
7714dc914df6 mt76: report Rx timestamp
ffd4cf15fa0e mt76: mt7915: add mmio.c
fe8717dd573a mt76: mt7615: add missing SPDX tag in mmio.c
6b293c411d22 mt76: mt7615: always add rx header translation tlv when adding stations
bf45b30d8919 add missing file

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8cc013981d)
2021-04-11 21:06:58 +02:00
Felix Fietkau
4ad1957eee mac80211: add client mode connection monitor fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit dfdb28c24a)
2021-04-11 19:45:26 +02:00
Felix Fietkau
de00033bbb mac80211: support rx timestamps for HE rates
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 7d8e14e44f)
2021-04-11 19:45:26 +02:00
Hauke Mehrtens
3da861ccca kernel: bump 5.4 to 5.4.111
Refreshed all patches.

The following patches were manually changed:
* 610-netfilter_match_bypass_default_checks.patch
* 611-netfilter_match_bypass_default_table.patch
* 802-can-0002-can-rx-offload-fix-long-lines.patch
* 802-can-0003-can-rx-offload-can_rx_offload_compare-fix-typo.patch
* 802-can-0004-can-rx-offload-can_rx_offload_irq_offload_timestamp-.patch
* 802-can-0005-can-rx-offload-can_rx_offload_reset-remove-no-op-fun.patch
* 802-can-0006-can-rx-offload-Prepare-for-CAN-FD-support.patch
* 802-can-0018-can-flexcan-use-struct-canfd_frame-for-CAN-classic-f.patch

The can-dev.ko model was moved in the upstream kernel.

Compile-tested on: x86/64, armvirt/64, ath79/generic
Runtime-tested on: x86/64, armvirt/64, ath79/generic

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-11 17:35:12 +02:00
Tony Ambardar
40143873d6 iproute2: fix libbpf detection with NLS enabled
Upstream iproute2 detects libbpf using a one-line $CC test-compile, which
normally ignores LDFLAGS. With NLS enabled however, LDFLAGS includes an
"rpath-link" linker option needed to resolve libintl.so. Its absence
causes both the compile and libbpf detection to fail:

  ld: warning: libintl.so.8, needed by libbpf.so, not found (try using
      -rpath or -rpath-link)
  ld: libelf.so.1: undefined reference to `libintl_dgettext'
  collect2: error: ld returned 1 exit status

Fix this by directly including $LDFLAGS in the test-compile command.

Reported-by: Ian Cooper <iancooper@hotmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit aab3a04ce8)
2021-04-10 14:22:28 +02:00
Tony Ambardar
879cbd9e97 binutils: fix libbfd missing DSO dependency if NLS enabled
The libbfd package definition uses $(ICONV_DEPENDS) and $(INTL_DEPENDS)
but links against neither, leading to libbfd detection failures in other
packages (e.g. bpftools) and on-target relocation problems with libintl.so:

  root@OpenWrt:/# ldd /usr/lib/libbfd.so
        ldd (0x77db6000)
        libc.so => ldd (0x77db6000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77c6d000)
  Error relocating /usr/lib/libbfd.so: libintl_dgettext: symbol not found

Add NLS-conditional linking of "libintl" to fix this. Also remove libbfd
package dependency $(ICONV_DEPENDS) which is not used during building or
linking.

Tested with QEMU on malta/be32, after building all packages from binutils,
bpftools and iproute2, using different libc options musl and glibc.

Fixes: 08e8175696 ("binutils: use nls.mk to fix libbfd link errors in
other packages")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 9a59f62f61)
2021-04-10 14:22:28 +02:00
Tony Ambardar
f88459de25 bpftools: drop unneeded libintl linking for NLS
There is no direct linking of libintl from bpftools, only secondary linking
through libelf, so remove "-lintl" from TARGET_LDFLAGS.

Fixes: 5582fbd613 ("bpftools: support NLS, fix ppc build and update to 5.8.9")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit c8c638a19b)
2021-04-10 14:22:28 +02:00
Tony Ambardar
3e9d639e8f iproute2: separate tc into tiny and full variants
This change was investigated previously [1] but not deemed necessary. With
the recent addition [2] of modern BPF loader support, however, tc gained
dependencies on libelf and libbpf, with a larger installation footprint.

Similar to ip-tiny/ip-full, split tc into tc-full and tc-tiny variants,
where the latter excludes the eBPF loader, uses a smaller executable, and
avoids libelf and libbpf package dependencies. Both variants provide the
'tc' virtual package, with tc-tiny as the default.

The previous tc package included a loadable module for iptables actions.
Separate this out into a common package, tc-mod-iptables, which both
variants depend on. Some package sizes on mips_24kc:

Before:
  148343  tc_5.11.0-1_mips_24kc.ipk

After:
  144833  tc-full_5.11.0-2_mips_24kc.ipk
  138430  tc-tiny_5.11.0-2_mips_24kc.ipk  (and no libelf or libbpf)
    4115  tc-mod-iptables_5.11.0-2_mips_24kc.ipk

Also fix up some Makefile indentation.

[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447619962
[2] b048a305a3 ("iproute2: update to 5.11.0")

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 72885e9608)
2021-04-10 14:22:28 +02:00
Tony Ambardar
0d5e308664 kernel/modules: relocate teql hotplug from iproute2 to kmod-sched
The link equalizer sch_teql.ko of package kmod-sched relies on a hotplug
script historically included in iproute2's tc package. In previous
discussion [1], consensus was the hotplug script is best located together
with the module in kmod-sched, but this change was deferred at the time.

Relocate the hotplug script now. This change also simplifies adding a tc
variant for minimal size with reduced functionality.

[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447923636

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 863ce4f15f)
2021-04-10 14:22:28 +02:00
Tony Ambardar
e07105303f iproute2: add missing limits.h includes
This patch has been submitted upstream to fix an error reported by a few
users. One instance seen using gcc 10.2.0, binutils 2.35.1 and musl 1.1.24:

bpf_glue.c: In function 'get_libbpf_version':
bpf_glue.c:46:11: error: 'PATH_MAX' undeclared (first use in this function);
did you mean 'AF_MAX'?
   46 |  char buf[PATH_MAX], *s;
      |           ^~~~~~~~
      |           AF_MAX

Reported-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 10ffefe602)
2021-04-10 14:22:28 +02:00
Tony Ambardar
0ffc498ddd iproute2: update to 5.11.0
The latest iproute2 version brings various improvements and fixes:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0

In particular, ip and tc now use libbpf as the standard way to load BPF
programs, rather than the old, limited custom loader. This allows more
consistent and featureful BPF program handling e.g. support for global
initialized variables.

Also fix a longstanding problem with iproute2 builds where unneeded DSO
dependencies are added to most utilities, bloating their installation
footprint. From research and testing, explicitly using a "--as-needed"
linker flag avoids the issue. Update accordingly and drop extra package
dependencies from Makefile.

Additional build and packaging updates include:

  - install missing development header to iproute2/bpf_elf.h
  - propagate OpenWrt verbose flag during build
  - update and refresh patches

Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10.

All iproute2 packages were built and installed to the test image. Some
regression testing using ip-full and tc was successfully performed to
exercise several kmods, tc modules, and simple BPF programs.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit b048a305a3)
2021-04-10 14:22:28 +02:00
Ilya Lipnitskiy
272a9e1975 wireguard-tools: depend on kmod-wireguard
To the vast majority of the users, wireguard-tools are not useful
without the underlying kernel module. The cornercase of only generating
keys and not using the secure tunnel is something that won't be done on
an embedded OpenWrt system often. On the other hand, maintaining a
separate meta-package only for this use case introduces extra
complexity. WireGuard changes for Linux 5.10 remove the meta-package.
So let's make wireguard-tools depend on kmod-wireguard
to make WireGuard easier to use without having to install multiple
packages.

Fixes: ea980fb9 ("wireguard: bump to 20191226")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit cbcddc9f31)
2021-04-10 14:21:32 +02:00
Ilya Lipnitskiy
7114416fbe kernel: fix kmod-wireguard package fields
Use NETWORK_SUPPORT_MENU like all other modules in netsupport.mk. Drop
SECTION and CATEGORY fields as they are set by default and to match
other packages in netsupport.mk. Use better TITLE for kmod-wireguard
(taken from upstream drivers/net/Kconfig).

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 0b53d6f7fa)
2021-04-10 14:21:32 +02:00
Jason A. Donenfeld
ff6d629d32 wireguard-tools: bump to 1.0.20210223
Simple version bump with accumulated fixes.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit e0f7f5bbce)
2021-04-10 14:21:32 +02:00
Ilya Lipnitskiy
a701d4b841 kernel: migrate wireguard into the kernel tree
On Linux 5.4, build WireGuard from backports. Linux 5.10 contains
wireguard in-tree.

Add in-kernel crypto libraries required by WireGuard along with
arch-specific optimizations.

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 06351f1bd0)
(cherry picked from commit 464451d9ab)
2021-04-10 14:21:32 +02:00
Rafał Miłecki
91e0865ff5 firmware-utils: bcm4908img: convert into a package
bcm4908img is a tool managing BCM4908 platform images. It's used for
creating them as well as checking, modifying and extracting data from.

It's required by both: host (for building firmware images) and target
(for sysupgrade purposes). Make it a host/target package.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9b4fc4cae9)
2021-04-08 13:16:13 +02:00
Felix Fietkau
64ddac2c1c mac80211: merge a few pending tx related fixes
Improve performance and fix potential mgmt tx hangs/warnings

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 571aedbc6c)
2021-04-04 11:39:51 +02:00
Felix Fietkau
69794908b6 mac80211: backport upstream patches for driver disconnect
Needed for an mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 5dc5015072)
2021-04-04 11:39:51 +02:00
Felix Fietkau
95b838f75b build: use -nostdinc and -isystem in NOSTDINC_FLAGS for out-of-tree kernel modules
This resolves issues uncovered by musl updates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 9ac47ee469)
2021-04-04 11:39:51 +02:00
Donald Hoskins
b2c9a8741f libunwind: Add MIPS64 dep check
libunwind dependency check does not allow for MIPS64 arch.  Add MIPS64 awareness.

libunwind seems to support MIPS64 without issues, it was limited by the dep arch
check in the Makefile.

Used to compile Suricata6/Rust locally without issue.

Signed-off-by: Donald Hoskins <grommish@gmail.com>
(cherry picked from commit ea6d4bdde2)
2021-03-29 22:26:27 +02:00
Tony Ambardar
6b2bcd2597 bpftools: fix libbpf pkgconfig file
The pkgconfig file hardcodes a host library directory which cannot be
overridden by OpenWrt during builds. Use SED to fix this and potential
include directory problems, as is done with several other packages.

This fixes a strange issue intermittently seen building iproute2 on the
oxnas target:

iptables modules directory: /usr/lib/iptables
libc has setns: yes
SELinux support: no
libbpf support: no
	libbpf version 0.3.0 is too low, please update it to at least 0.1.0
	LIBBPF_FORCE=on set, but couldn't find a usable libbpf

Fixes: 2f0d672088 ("bpftools: add utility and library packages
supporting eBPF usage")
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 9e64e4ce26)
2021-03-29 22:26:27 +02:00
Eike Ritter
b89accdfbc ppp: compile fix: unset FILTER variable in Makefile
If the environment variable FILTER is set before compilation,
compilation of the ppp-package will fail with the error message

Package ppp is missing dependencies for the following libraries:
libpcap.so.1

The reason is that the OpenWrt-patch for the Makefile only comments
out the line FILTER=y. Hence the pcap-library will be dynamically
linked if the environment variable FILTER is set elsewhere, which
causes compilation to fail. The fix consists on explicitly unsetting
the variable FILTER instead.

Signed-off-by: Eike Ritter <git@rittere.co.uk>
(cherry picked from commit 46cd0765d0)
2021-03-29 22:26:27 +02:00
Russell Senior
290b28664d busybox: udhcpc, allow zero length dhcp options
This patch skips zero length DHCP options instead of failing.

Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit 1c04365071)
2021-03-29 22:16:54 +02:00
Tony Ambardar
7939d4a1b1 firewall3: update to latest git HEAD
This includes several improvements and fixes:

  61db17e rules: fix device and chain usage for DSCP/MARK targets
  7b844f4 zone: avoid duplicates in devices list
  c2c72c6 firewall3: remove last remaining sprintf()
  12f6f14 iptables: fix serializing multiple weekdays
  00f27ab firewall3: fix duplicate defaults section detection
  e8f2d8f ipsets: allow blank/commented lines with loadfile
  8c2f9fa fw3: zones: limit zone names to 11 bytes
  78d52a2 options: fix parsing of boolean attributes

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 0d75aa27d4)
2021-03-29 20:26:33 +02:00
Mauri Sandberg
b526fbb1ce packages: kernel: add gpio-nxp-74hc153
NXP 74HC153 is a GPIO expander. Its original source cide sits in ar71xx
architecture tree. It has been slightly modified to get GPIO pin
configuration from the device tree rather than a MACH file.

 Changes to the source file:
  - Remove struct nxp_74hc153_config
  - in nxp_74hc153_probe(), fetch GPIO configuration from device tree
  - allow GPIO framework decide the base number by passing -1 to it
  - remove support for kernel versions below 4.5.0
  - add OF device compatibility string

 Create a package for inclusion in image.

References: https://lore.kernel.org/linux-gpio/545111184.50061.1615922388276@ichabod.co-bxl/
Signed-off-by: Mauri Sandberg <sandberg@mailfence.com>
[added link to driver usptreaming work in progress]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 6a6f9e73dd)
2021-03-27 07:46:14 +01:00
Eneas U de Queiroz
e7a9ee0580 openssl: bump to 1.1.1k
This version fixes 2 security vulnerabilities, among other changes:

 - CVE-2021-3450: problem with verifying a certificate chain when using
   the X509_V_FLAG_X509_STRICT flag.

 - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously
   crafted renegotiation ClientHello message from a client.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0bd0de7d43)
2021-03-27 07:34:35 +01:00
Daniel Golle
aacf378608
mwlwifi: add PKG_FLAGS:=nonshared
This should fix the problem of mwlwifi-firmware-* not being found
when using the ImageBuilder.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9b3aaf1cdb)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-24 20:52:59 +00:00
Florian Eckert
5a11ca3cf3 base-files: add logging for configuration import
Make sysupgrade backup import more verbose.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit fdbdbe8eaa)
2021-03-22 21:08:00 +01:00
Hauke Mehrtens
bdfd7f68d0 uhttpd: update to git HEAD
15346de client: Always close connection with request body in case of error

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1170655f8b)
2021-03-21 22:39:38 +01:00
Hauke Mehrtens
741260d281 uhttpd: Execute uci commit and reload_config once
Instead of doing uci commit and reload_config for each setting do it
only once when one of these options was changed. This should make it a
little faster when both conditions are taken.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 501221af54)
2021-03-21 22:39:32 +01:00
Hauke Mehrtens
97a4d27fb5 uhttpd: Reload config after uhttpd-mod-ubus was added
Without this change the config is only committed, but the uhttpd daemon
is not reloaded. This reload is needed to apply the config. Without the
reload of uhttpd, the ubus server is not available over http and returns
a Error 404.

This caused problems when installing luci on the snapshots and
accessing it without reloading uhttpd.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit d25d281fd6)
2021-03-21 22:39:27 +01:00
Magnus Kroken
69b4a11aed mbedtls: update to 2.16.10
This release of Mbed TLS provides bug fixes and minor enhancements. This
release includes fixes for security issues.

Security fixes:
* Fix a buffer overflow in mbedtls_mpi_sub_abs()
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem()
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout()
* Guard against strong local side channel attack against base64 tables
by making access aceess to them use constant flow code

Full release announcement:
https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.10

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit dbde2bcf60)
2021-03-21 14:02:46 +01:00
Rafał Miłecki
058e4c57aa bcm63xx-cfe: update to the latest master
d035016 tp-link: rename to tplink to match DT vendor prefix

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4d961436c4)
2021-03-17 21:23:45 +01:00
Rafał Miłecki
217687c7ec bcm63xx-cfe: update to the latest master
3fb6f1c tp-link: c2300-v1: add cferam file
79f9578 sercomm: vox-2.5: add cferam file

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ac39c4bd60)
2021-03-17 21:23:45 +01:00
Daniel Golle
60275454fb rpcd: update to git HEAD
d3f2041 uci: manually clear uci_ptr flags after uci_delete() operations
 ccb7517 sys: packagelist: drop ABI version from package name

(cherry picked from commit da339a6d3f)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Daniel Golle
55a43e1ab0 opkg: update to git HEAD
d71856a pkg: pass-through ABIVersion to status file
 d3a63b3 libopkg: add option to strip ABI versions from listed names
 5936c4f libopkg: pkg_hash: prefer original packages to satisfy dependencies

(cherry squashed from commit 6a7a1f1c64,
commit 988ed00802 and
commit b5f6d20560)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Daniel Golle
9a5f385732 selinux-policy: update to version v0.8
a857b45 resolv/locale: eventually this should be more efficient
 11ed281 some more optimization
 764a475 add redundant calls to file.search_conffile_dirs()
 7d4558e fs: treat devtmpfs that same as tmpfs
 81b677e adds irqbalance skeleton
 5506244 irqbalance rules
 cc96cd8 adds usbutil and gtpfdisk skels
 01e2a55 some fsck, gptfdisk, mkfs and usbutil rules
 d6d1e7d usbutil: output to terminal
 da576fa fsck, gptfdisk and usbutil rules
 09b39e9 unbound
 241a029 hotplugcall: allow dac_read_search (is a subset of dac_override)
 af0fe90 adds label for tcsh
 160f79e adds tcpdump
 6d02b96 adds coreutil execfile for busybox alternatives
 ac54884 coreutilexecfile: these are known to require privileges, so exclude
 8cb3b66 adds chrootexecfile
 6d329d3 this saves 9KiB and its a bit more robust
 88e2425 move addpart/delpart/partx to gptfdisk.cil
 261012d ntphotplug: reads ubox data files
 0473ace various
 740e820 work through to genfs_seclabel_symlinks loose ends (Linux 5.10)
 bef21f5 TODO adds a note about how I dont need to upgrade to polver 33 from 31
 cb2e5a3 ubus uses ntpdhotplug fd, and some genfs_seclabel_symlink changes
 07df9b9 luci, rpcd and wpad (mainly genfs_selabel related but not all)
 8d86cab genfs_seclabel loose ends for blockmount, hotplugcall, irqbalance, zram-swap
 b8156cd adds a note about how i forgot to target blockd
 6e82ab8 adds blockd and related
 254ff43 Makefile: exclude blockd from mintesttgt
 4dc6bc2 pppd update related and unbound-odhcp rules
 3d7da7a igmpproxy tidy some loose ends
 c84ba0f rcigmpproxy: add entries to /etc when creating /etc/igmpproxy.conf
 5a18967 adds igmpproxy skeleton
 7e6a218 logread: support resolving dns names
 e39ca8b netifd: add support for /etc/udhcpc.user
 7952bd0 odhcp6c: support /etc/odhcp6c.user
 ba0eb4e swconfig, fwenv, agent
 4556b8a pppd cosmetic
 9324d9d pppd: sends AT commands to model using /dev/ttyUSBN
 417b14a ttydev: add some more ttyUSB
 ed739dc example: dont depend on policycoreutils
 97613f9 dropbear: using dropbear as scp: dns name resolving
 12c193b dropbear tcp connect ssh ports for scp
 c050077 rcdnsmasq: remove redundant rule and make rcsysntpd optional
 8c5de35 this is a bug
 8d5c463 uhttpd rcboot rcdnsmasq
 094266e hostapd and wpa_supplicant
 aef0bd7 mountroot: maintains /tmp/sysupgrade.tar
 24f0406 dropbear: allow it to read tmp.fs files
 2901433 firstboot mkfsf2fs rcboot
 2c4afb7 blockmount mmc
 465ca98 adds industrial i/o (iio) nodedev
 82f686e mtd stordev: back that ubiblock0_4p1 up with a filecon
 7df78bd ubus: "support" older ubusd versions that run as root
 4458bce swconfig: allow using terminal (to print output)
 e8d606d sslcert: openssl linked: this shaves off 200 bytes
 93afffb jshn ntpdhotplug
 0b847f0 wpad: reads /etc/ssl/openssl.cnf
 f14ee34 indent fix
 a0c7cad mtd, uhttpd, ubus and ntpdhotplug
 d74f98f adds a not about checkreqprot requirement in some scenarios
 affacce example: add policycoreutils-setfiles for make check
 4f944dc kmodloader and fwenv:
 efe36a3 netifd: adds a comment/reminder
 581b087 more fw_printenv loose ends
 30177a4 fw_setenv: needs mtd write access to set and delete env
 da28f4c fw_printenv: some minor clean ups
 a062053 fw_printenv missing rules
 244ba5f blockmount: extroot and /rwm
 0745a6a squid: allow squid to run sslcrtd with domain transition
 b851df6 squid fix
 8c55acd squid: adds certfile and allow connect http but...
 b7c1f6d Makefile: exclude tinyproxy from mintesttgt (using squid)
 5ff39bd squid: forgot about luci
 5366c97 squid/rcsquid some basic fill in
 8743da6 squid skeleton
 687a43b adds squid 3128 port to httpproxy port

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry squashed from commit 3ffc30f05a
and commit 41a8f093fb)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
8a317fbb9a checkpolicy: update to version 3.2
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
42ae834a libsepol,checkpolicy: optimize storage of filename transitions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 49edc4d17f)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
22cc999731 secilc: update to version 3.2
49ff851c secilc: fixes cil_role_statements.md example
03881703 secilc/docs: add custom color theme
4c8d6094 secilc/docs: add syntax highlighting for secil
057d72af secilc/docs: use fenced code blocks for cil examples
e8bcdb84 cil_network_labeling_statements: fixes nodecon examples
eefa5511 cil_access_vector_rules: allowx, auditallowx and dontauditx fixes
9e9b8103 secilc/docs: document expandtypeattribute
fbe1e526 Update the cil docs to match the current behaviour.

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 0b58ebcfe2)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
0526d5bb17 policycoreutils: update to version 3.2
d464187c policycoreutils: sestatus belongs to bin not sbin
d59932a7 policycoreutils: Resolve path in restorecon_xattr
5682c0d5 policycoreutils/fixfiles.8: add missing file systems and merge check and verify
57dd1f65 policycoreutils/setfiles: Drop unused nerr variable
be7f54cb setfiles: drop ABORT_ON_ERRORS and related code
9207823c setfiles: Do not abort on labeling error
c064d214 selinux_config(5): add a note that runtime disable is deprecated
8bc865e1 newrole: support cross-compilation with PAM and audit
ba2d6c10 fixfiles: correctly restore context of mountpoints

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 68934a5704)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
c47b8c0568 libsemanage: update to version 3.2
c35919a7 libsemanage: sync filesystem with sandbox
5b05e829 Revert "libsemanage/genhomedircon: check usepasswd"
edae9275 libsemanage: Free contents of modkey in semanage_direct_remove
ce46daab libsemanage/genhomedircon: check usepasswd
6ebb35d2 libsemanage: Bump libsemanage.so version
c08b73d7 libsemanage: Drop deprecated functions
b46406de libsemanage: Remove legacy and duplicate symbols

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 4670492ad7)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
5cc1af92b2 libselinux: update to version 3.2
142826a3 libselinux: fix segfault in add_xattr_entry()
398d2cee libselinux: rename gettid() to something which never conflicts with the libc
8f0f0a28 selinux(8,5): Describe fcontext regular expressions
9cc6b5cf libselinux/getconlist: report failures
156dd0de libselinux: update getseuser
e2dca5df libselinux: accept const fromcon in get_context API
da4829d0 libselinux: Always close status page fd
45b15c22 selinux(8): explain that runtime disable is deprecated
3c16aaef selinux(8): mark up SELINUX values
c2a58cc5 libselinux: LABEL_BACKEND_ANDROID add option to enable
db0f2f38 libselinux: Add build option to disable X11 backend
4a142ac4 libsepol: Bump libsepol.so version
d23342a9 libselinux: convert matchpathcon to selabel_lookup()
7ef5b185 libselinux: Change userspace AVC setenforce and policy load messages to audit format.
f5d644c7 libselinux: Add additional log callback details in man page for auditing.
075f9cfe libselinux: Fix selabel_lookup() for the root dir.
a4149e0e libselinux: Add new log callback levels for enforcing and policy load notices.
a63f93d8 libselinux: initialize last_policyload in selinux_status_open()
ef902db9 libselinux: safely access shared memory in selinux_status_updated()
9e4480b9 libselinux: Remove trailing slash on selabel_file lookups.
21fb5f20 libselinux: use full argument specifiers for security_check_context in man page
e7abd802 libselinux: fix build order
05bdc031 libselinux: use kernel status page by default

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit b1fc2b5b0b)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:16 +00:00
Dominick Grift
51159bcfd1 libsepol: update to version 3.2
a9e0004f libsepol: invalidate the pointer to the policydb if policydb_init fails
6238e025 libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr
b69d77bc libsepol/cil: handle SID without assigned context when writing policy.conf
0861c659 libsepol: Validate policydb values when reading binary policy
8f5409cf libsepol: Create function ebitmap_highest_set_bit()
0451adeb libsepol/cil: Destroy disabled optional blocks after pass is complete
32f8ed3d libsepol/cil: introduce intermediate cast to silence -Wvoid-pointer-to-enum-cast
4662bdc1 libsepol/cil: be more robust when encountering <src_info>
6b561058 libsepol/cil: fix NULL pointer dereference with empty macro argument
0d0e47c7 libsepol/cil: Fix integer overflow in the handling of hll line marks
1b36ace2 libsepol: include header files in source files when matching declarations
1f1fa9d4 libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check
72a88d75 libsepol: remove unused files
eba0ffee libsepol/cil: Fix heap-use-after-free when using optional blockinherit
1048f8d3 libsepol/cil: unlink blockinherit->block link when destroying a block
b3202918 libsepol/cil: fix memory leak when a constraint expression is too deep
f0d98f83 libsepol/cil: Fix heap-use-after-free in __class_reset_perm_values()
5d021d66 libsepol/cil: Update symtab nprim field when adding or removing datums
34bd9a9d libsepol: destroy filename_trans list properly
bdf4e332 libsepol/cil: fix NULL pointer dereference when parsing an improper integer
b7ea65f5 libsepol/cil: destroy perm_datums when __cil_resolve_perms fails
228c06d9 libsepol/cil: fix out-of-bound read in cil_print_recursive_blockinherit
a25d9104 libsepol/cil: constify some strings
e2d01842 libsepol/cil: propagate failure of cil_fill_list()
6c8fca10 libsepol/cil: do not add a stack variable to a list
38a09b74 libsepol/cil: fix NULL pointer dereference when using an unused alias
3c357285 libsepol/cil: remove useless print statement
90809674 libsepol/cil: always destroy the lexer state
d16a1e46 libsepol/cil: Use the macro FLAVOR() whenever possible
2aac859a libsepol/cil: Use the macro NODE() whenever possible
d317b470 libsepol/cil: Remove unnecessary assignment in cil_resolve_name_keep_aliases()
9b9761cf libsepol/cil: Remove unused field from struct cil_args_resolve
e257d4c7 libsepol/cil: Get rid of unnecessary check in cil_gen_node()
ebba2b00 libsepol/cil: cil_tree_walk() helpers should use CIL_TREE_SKIP_*
89dab467 libsepol: free memory when realloc() fails
2d353bd5 libsepol/cil: Give error for more than one true or false block
4a142ac4 libsepol: Bump libsepol.so version
506c7b95 libsepol: Drop deprecated functions
ae58e84b libsepol: Get rid of the old and duplicated symbols
c97d63c6 libsepol: silence potential NULL pointer dereference warning
64387cb3 libsepol: drop confusing BUG_ON macro
521e6a2f libsepol/cil: fix signed overflow caused by using (1 << 31) - 1
a152653b libsepol/cil: Fix neverallow checking involving classmaps
734e4beb libsepol/cil: Validate conditional expressions before adding to binary policy
685f577a libsepol/cil: Validate constraint expressions before adding to binary policy
8206b8cb libsepol: implement POLICYDB_VERSION_COMP_FTRANS
42ae834a libsepol,checkpolicy: optimize storage of filename transitions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit 2a1bdde0d0)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-15 21:53:15 +00:00
Hannu Nyman
e17e212b51 busybox: backport fixes for 1.33.0
Backport two fixes for 1.33.0
* history file storing
* traceroute command option parsing

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit c1f3c52564)
2021-03-13 21:20:17 +01:00
Ronny Kotzschmar
e4d061cd1a uboot-envtools: adjust compile patch to version v2021.01
with u-boot v2020.07 some variables have been renamed so this patch needs to be adjusted
otherwise at least with macOS as build system there are build errors

Signed-off-by: Ronny Kotzschmar <ro.ok@me.com>
(cherry picked from commit 547a932ee9)
2021-03-01 21:50:08 +01:00
Georgi Valkov
e9e2310c6a uboot-sunxi: add missing type __u64
Non Linux systems e.g. macOS lack the __u64 type and produce build errors:
In file included from tools/aisimage.c:9:
In file included from include/image.h:19:
In file included from ./arch/arm/include/asm/byteorder.h:29:
In file included from include/linux/byteorder/little_endian.h:13:
include/linux/types.h:146:9: error: unknown type name '__u64'; did you mean '__s64'?
typedef __u64 __bitwise __le64;

Resolved by declaring __u64 in include/linux/types.h
Build tested on macOS and Ubuntu.

Signed-off-by: Georgi Valkov <gvalkov@abv.bg>
(cherry picked from commit 3cc57ba462)
2021-03-01 21:49:55 +01:00
Stefan Lippers-Hollmann
7b6ee74ee9 hostapd: P2P: Fix a corner case in peer addition based on PD Request
p2p_add_device() may remove the oldest entry if there is no room in the
peer table for a new peer. This would result in any pointer to that
removed entry becoming stale. A corner case with an invalid PD Request
frame could result in such a case ending up using (read+write) freed
memory. This could only by triggered when the peer table has reached its
maximum size and the PD Request frame is received from the P2P Device
Address of the oldest remaining entry and the frame has incorrect P2P
Device Address in the payload.

Fix this by fetching the dev pointer again after having called
p2p_add_device() so that the stale pointer cannot be used.

This fixes the following security vulnerabilities/bugs:

- CVE-2021-27803 - A vulnerability was discovered in how p2p/p2p_pd.c
  in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision
  discovery requests. It could result in denial of service or other
  impact (potentially execution of arbitrary code), for an attacker
  within radio range.

Fixes: 17bef1e97a50 ("P2P: Add peer entry based on Provision Discovery Request")
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 1ca5de13a1)
2021-03-01 21:49:55 +01:00
Adrian Schmutzler
f6b175a9bf zlib: properly split patches
This package had two patches (with two headers etc.) in one file,
which would have quilt merging them during a refresh.

Separate these patches into two files, as the original intent seems
to be having them separate.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 221eefaf6b)
2021-02-25 14:41:40 +01:00
David Bauer
a75520c678 openssl: update package sources
OpenSSL downloads itself are distributed using Akamai CDN, so use these
sources as the highest priority.

Remove a stale mirror which seems to be offline for a longer time
already.

Add fallbacks to the old release path also for the mirrors.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 10e84bde36)
2021-02-24 20:24:18 +01:00
Christian Lamparter
86801bd3d8 wolfssl: fix Ed25519 typo in config prompt
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 09e66112f1)
2021-02-24 20:24:13 +01:00
Eneas U de Queiroz
0e8d67023b wolfssl: bump to v4.7.0-stable
Biggest fix for this version is CVE-2021-3336, which has already been
applied here.  There are a couple of low severity security bug fixes as
well.

Three patches are no longer needed, and were removed; the one remaining
was refreshed.

This tool shows no ABI changes:
https://abi-laboratory.pro/index.php?view=objects_report&l=wolfssl&v1=4.6.0&v2=4.7.0

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d1dfb577f1)
2021-02-24 20:24:04 +01:00
Daniel Golle
75abdc4b46 arm-trusted-firmware-mediatek: bring back package
* use binary provided by MediaTek to work-around 'bromimage' issue
 * use @OPENWRT mirror for blobs
 * refactor Makefile
 * add mt7622 1c variants (using binaries provided by MTK)

(cherry picked from commit 068c82039f and
commit 9cd089dbbf)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-24 11:02:04 +00:00
Adrian Schmutzler
1b46554895 tfa-layerscape: build fiptool again
The ls-ddr-phy package needs fiptool options that are not
available via the version from arm-trusted-firmware-tools.
This breaks build for layerscape with the recently added LX2160a:

  create: unrecognized option '--ddr-immem-udimm-1d'

Use the tfa-layerscape variant again for now, but rename it to
fiptool-layerscape to indicate that it's a specific variant.

This reverts 84bc7d31e0 ("tfa-layerscape: don't build fiptool").

Fixes: f59d7aab2a ("layerscape: add ddr-phy package")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 910b5d669f)
2021-02-21 13:55:30 +01:00
Petr Štetiar
5808c8c6ba openwrt-keyring: add OpenWrt 21.02 GPG/usign keys
49283916005d usign: add 21.02 release build pubkey
bc4d80f064f2 gpg: add OpenWrt 21.02 signing key

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 1bf6d70e60)
2021-02-20 16:01:17 +01:00
Raphaël Mélotte
60823c67cb hostapd: backport ignoring 4addr mode enabling error
This is a backport of the upstream commit 58bbbb598144 ("nl80211: Ignore
4addr mode enabling error if it was already enabled") which fixes same
issue as in the current fix contained in '130-wpa_supplicant-multi_ap_roam.patch',
but in a different way:

 nl80211_set_4addr_mode() could fail when trying to enable 4addr mode on
 an interface that is in a bridge and has 4addr mode already enabled.
 This operation would not have been necessary in the first place and this
 failure results in disconnecting, e.g., when roaming from one backhaul
 BSS to another BSS with Multi AP.

 Avoid this issue by ignoring the nl80211 command failure in the case
 where 4addr mode is being enabled while it has already been enabled.

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
[bump PKG_RELEASE, more verbose commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit fb860b4e41)
2021-02-20 10:39:42 +01:00
Yangbo Lu
2e1ad2473e layerscape: add LX2160ARDB (Rev2.0 silicon) board support
The QorIQ LX2160A reference design board provides a comprehensive platform
that enables design and evaluation of the LX2160A processor.

- Enables network intelligence with the next generation Datapath (DPPA2)
  which provides differentiated offload and a rich set of IO, including
  10GE, 25GE, 40GE, and PCIe Gen4

- Delivers unprecedented efficiency and new virtualized networks

- Supports designs in 5G packet processing, network function
  virtualization, storage controller, white box switching, network
  interface cards, and mobile edge computing

- Supports all three LX2 family members (16-core LX2160A; 12-core LX2120A;
  and 8-core LX2080A)

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 80dcd14abe)
2021-02-19 20:09:29 +01:00
Yangbo Lu
7272793330 layerscape: add ddr-phy package
Add ddr-phy package for layerscape. Currently only LX2160ARDB
requires the package.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[use AUTORELEASE]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit f59d7aab2a)
2021-02-19 20:09:29 +01:00
Yangbo Lu
7f933db108 layerscape: add FRWY-LS1046A board support
The LS1046A Freeway board (FRWY) is a high-performance computing,
evaluation, and development platform that supports the QorIQ
LS1046A architecture processor capable of support more than 32,000
CoreMark performance. The FRWY-LS1046A board supports the QorIQ
LS1046A processor, onboard DDR4 memory, multiple Gigabit Ethernet,
USB3.0 and M2_Type_E interfaces for Wi-Fi.

The FRWY-LS1046A-TP includes the Coral Tensor Flow Processing Unit
that offloads AI/ML inferencing from the CPU to provide significant
boost for AI/ML applications. The FRWY-LS1046A-TP includes one M.2
TPU module and more modules can easily be added including USB
versions of the module to scale the AI/ML performance.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
[rebase, use AUTORELEASE, fix sorting, add dtb to firmware part]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 2c2d77bd3b)
2021-02-19 20:09:28 +01:00
Álvaro Fernández Rojas
6a4dcb4719 cypress-firmware: fix PKG_SOURCE_URL
Download link has been moved.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry-picked from commit 7febba3e50)
2021-02-19 11:09:28 +01:00
Álvaro Fernández Rojas
2e3983e387 bcm27xx-userland: update to latest version
Adds some fixes and removes upstreamed patch.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry-picked from commit 1d3a9b1c00)
2021-02-19 07:18:56 +01:00
Álvaro Fernández Rojas
be423be931 bcm27xx-gpu-fw: update to latest version
This is needed to add support for CM4 and RPI 400.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry-picked from commit f41e653da9)
2021-02-19 07:18:23 +01:00
Eneas U de Queiroz
c6319239d8 openssl: bump to 1.1.1j
This fixes 4 security vulnerabilities/bugs:

- CVE-2021-2839 - SSLv2 vulnerability. Openssl 1.1.1 does not support
  SSLv2, but the affected functions still exist. Considered just a bug.

- CVE-2021-2840 - calls EVP_CipherUpdate, EVP_EncryptUpdate and
  EVP_DecryptUpdate may overflow the output length argument in some
  cases where the input length is close to the maximum permissable
  length for an integer on the platform. In such cases the return value
  from the function call will be 1 (indicating success), but the output
  length value will be negative.

- CVE-2021-2841 - The X509_issuer_and_serial_hash() function attempts to
  create a unique hash value based on the issuer and serial number data
  contained within an X509 certificate. However it was failing to
  correctly handle any errors that may occur while parsing the issuer
  field (which might occur if the issuer field is maliciously
  constructed). This may subsequently result in a NULL pointer deref and
  a crash leading to a potential denial of service attack.

- Fixed SRP_Calc_client_key so that it runs in constant time. This could
  be exploited in a side channel attack to recover the password.

The 3 CVEs above are currently awaiting analysis.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 482c9ff289)
2021-02-17 09:26:10 +01:00
Felix Fietkau
268381cc5a build: reorder more BuildPackages lines to deal with ABI_VERSION
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 75455b75a7ee)
2021-02-16 12:27:56 +01:00
Álvaro Fernández Rojas
3e807f0305 ath10k-ct: switch to 5.10
Let's switch to 5.10 now that mac80211 has been updated.
Runtime-tested on ipq806x (Netgear R7800).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
(cherry-picked from commit a5c4c40476)
2021-02-16 08:52:25 +01:00
Alexander Couzens
1cd121dd11
OpenWrt v21.02: set branch defaults
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2021-02-16 02:21:33 +01:00
Felix Fietkau
46b6ee7ffc util-linux: move libuuid BuildPackage line further up to fix ABI versioning
After the ABI version rework, packages need to be declared in the order of
their dependencies, so that dependent packages will use the right ABI version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-16 00:00:14 +01:00
Hauke Mehrtens
1132340a22 mac80211: Update to version 5.10.16-1
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 22:29:42 +01:00
Hauke Mehrtens
0cde9a0a65 mac80211: Refresh patches again
A wrong quilt configuration was used last time.

Fixes: ed1e234d87 ("mac80211: refresh patches")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 22:29:42 +01:00
Felix Fietkau
8edb1797d5 libubox: update to the latest version, set ABI_VERSION dynamically
2537be018587 cmake: add a possibility to set library version

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 19:41:13 +01:00
Felix Fietkau
26a899e3e8 wolfssl: use libtool patch for PKG_ABI_VERSION
Makes it unnecessary to patch .so files after build

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 18:47:19 +01:00
Felix Fietkau
0a497c4640 libubox: use build system variable to specify ABI version
This removes the need to patch it afterwards

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 18:47:19 +01:00
Felix Fietkau
f378d81da6 wolfssl: use dynamic ABI_VERSION depending on the configuration and package version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 07:40:47 +01:00
Felix Fietkau
a933c26852 libubox: use PKG_ABI_VERSION
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-15 07:40:45 +01:00
Daniel Golle
d79eeba688
odhcpd: setup dhcpv4 server automagically
Automatically setup dhcpv4 server just like it's done for dhcpv6.
To select whether odhcpd or dnsmasq are serving DHCPv4 requests there
still is the 'maindhcp' option. To make things less confusing, make
sure things really work out-of-the-box in case dnsmasq is not even
installed at the time the uci-defaults script is being run.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-02-15 00:34:43 +00:00
Hauke Mehrtens
304df2836a Revert "wolfssl: use dynamic ABI_VERSION depending on the configuration and package version"
This fixes the build on MIPS BE like ath25 and ath79 target.
We get this error message when linking libwolfssl:
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libwolfssl.so when searching for -lwolfssl
mips-openwrt-linux-musl/bin/ld: cannot find -lwolfssl
collect2: error: ld returned 1 exit status

This reverts commit 2591c83b34.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 01:15:49 +01:00
Hauke Mehrtens
505a808302 Revert "libubox: use PKG_ABI_VERSION"
This fixes the build on MIPS BE like ath25 and ath79 target.
We get this error message when linking libubox:
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so: unknown type [0x7000002a] section `.MIPS.abiflags'
mips-openwrt-linux-musl/bin/ld: skipping incompatible /home/hauke/openwrt/openwrt/staging_dir/target-mips_mips32_musl/usr/lib/libubox.so when searching for -lubox

This reverts commit f421fefa8a.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-15 01:15:49 +01:00
Petr Štetiar
be0192edb8 Revert "uboot-imx6: bump to 2021.01 release"
This reverts commit 50a5a8993d as the bump
to 2021.01 unveiled issue with missing swig host tool needed for
mx6cuboxi's SPL.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2021-02-14 23:28:07 +01:00
Felix Fietkau
f118be0712 ath9k: fix transmitting to stations in dynamic SMPS mode
When transmitting to a receiver in dynamic SMPS mode, all transmissions that
use multiple spatial streams need to be sent using CTS-to-self or RTS/CTS to
give the receiver's extra chains some time to wake up.
This fixes the tx rate getting stuck at <= MCS7 for some clients, especially
Intel ones, which make aggressive use of SMPS.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:55:45 +01:00
Felix Fietkau
bc3963764d mt76: update to the latest version
261d184cebdc mt76: introduce mt76_vif data structure
50349a8664ef mt76: mt76_connac: create mcu library
c88859180c51 mt76: mt76_connac: move hw_scan and sched_scan routine in mt76_connac_mcu module
9856236ab4f9 mt76: mt76_connac: move WoW and suspend code in mt76_connac_mcu module
2da59aacdd50 mt76: mt76_connac: move pm data struct in mt76_connac.h
16be142e40fe mt76: mt76_connac: move pm utility routines in mt76_connac_lib module
c4ccfc66347d mt76: mt7921: add MAC support
8ecf3a50e7ad mt76: mt7921: add MCU support
92c1717f9a55 mt76: mt7921: add DMA support
1cecf9c3da8b mt76: mt7921: add EEPROM support
a9e68410b9ba mt76: mt7921: add ieee80211_ops
39d6f4851b06 mt76: mt7921: introduce mt7921e support
9f37baecf5d6 mt76: mt7921: add debugfs support
b16cf6e26998 mt76: mt7921: introduce schedule scan support
5aa798ee56c7 mt76: mt7921: introduce 802.11 PS support in sta mode
e67d5216f16d mt76: mt7921: introduce support for hardware beacon filter
cb99bf4655f9 mt76: mt7921: introduce beacon_loss mcu event
71f9f09ee987 mt76: mt7921: introduce PM support
2beb9c9530d4 mt76: mt7921: rely on mt76_connac_mcu common library
59e682497d12 mt76: mt7921: rely on mt76_connac_mcu module for sched_scan and hw_scan
1ccf6a9c60cd mt76: mt7921: rely on mt76_connac_mcu module for suspend and WoW support
f8d1ec5e6e11 mt76: mt7921: introduce Runtime PM support
633a1cbd8f4e mt76: mt7921: introduce regdomain notifier support
0d95c6ad1745 mt76: mt7921: enable MSI interrupts
5f4f6792fb37 mt76: mt7921: add coredump support
47eb00e13450 mt76: mt7663: introduce coredump support
26658849a465 mt76: mt7615: fix key set/delete issues
b0ba039bc2ef mt76: mt7615: fix tx skb dma unmap
892f74d37e88 mt76: mt7915: fix tx skb dma unmap
2659f6c6ea23 mt76: mt7615: support loading EEPROM for MT7613BE
b09cc8644529 mt76: dma: do not report truncated frames to mac80211
ae6473f1d2af mt76: mt7921: enable random mac addr during scanning
b59e3677476d mt76: mt7921: remove unnecessary variable
781911f167aa mt76: mt7921: removed unused definitions in mcu.h
994893d38d51 mt76: always use WTBL_MAX_SIZE for tlv allocation
e6c0948ada07 mt76: mt76x0: disable GTK offloading
a75302bcbfe1 mt76: connac: always check return value from mt76_connac_mcu_alloc_wtbl_req
8da10d6f9251 mt76: mt7915: always check return value from mt7915_mcu_alloc_wtbl_req
80a87412e9e9 mt76: mt7915: fix uninitialized variable in mt7915_tm_set_tx_cont()
c7d98fc35865 mt76: use PCI_VENDOR_ID_MEDIATEK to avoid open coded
b5228e75e422 mt76: mt7921: switch to new api for hardware beacon filter
73fce2cbfa41 mt76: connac: fix up the setting for ht40 mode in mt76_connac_mcu_uni_add_bss
2e2cb71901e8 mt76: mt7921: fixup rx bitrate statistics
2d7b1d72b43b mt76: mt7921: add flush operation
96b4c9874e16 mt76: mt7921: fix uninitialized pointer access in mt7921_get_wtbl_info
4492d801cbb5 mt76: connac: update sched_scan cmd usage
200c1b1c234b mac80211: rename csa counters to countdown counters
0d7564d0d899 mt76: add support for 802.3 rx frames
4c0811c647b9 mt76: mt7915: enable hw rx-amsdu de-aggregation
4b7a68634ff6 mt76: mt7915: add rx checksum offload support
289cd7804587 mt76: mt7915: add support for rx decapsulation offload

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:55:45 +01:00
Felix Fietkau
2591c83b34 wolfssl: use dynamic ABI_VERSION depending on the configuration and package version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:52 +01:00
Felix Fietkau
f421fefa8a libubox: use PKG_ABI_VERSION
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:52 +01:00
Felix Fietkau
9cb63f5360 mac80211: fix a regression in processing rx stats
A logic error caused rx rate update to be missed for any driver not using
fast-rx

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
ed1e234d87 mac80211: refresh patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
072bfe2113 mac80211: add minstrel performance improvements
Reduce fluctuations in rate selection / statistics

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
b6066846ad mac80211: add decapsulation offload support
On hardware that supports this, this will improve performance by passing
802.3 frames from the hardware to the stack

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
8fc2cfea87 mac80211: fix a corner case in encapsulation offload support
Fix encryption key selection with WEP

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Felix Fietkau
268210cec8 mac80211: add fq performace improvements
Improves performance under load

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-02-14 19:41:07 +01:00
Rosen Penev
6d103beb15 libnftnl: update to 1.1.8
Fix license information.

Fix wrong ABI version. The library is versioned as libnftnl.so.11.4.0

Add PKG_BUILD_PARALLEL for faster compilation.

Remove autoreconf as nothing is being patched.

Minor cleanups for consistency between packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 19:38:15 +01:00
Rosen Penev
1c264de177 libevent2: update to 2.1.12
Remove upstream backports.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 19:38:15 +01:00
Rosen Penev
8cb7d13aa7 readline: update to 8.1
Fix license.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 19:38:15 +01:00
Rosen Penev
26e152e1dd gmp: update to 6.2.1
Fix license information.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 19:38:15 +01:00
Rosen Penev
91aa8e5546 f2fs-tools: update to 1.14.0
Fix license information.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 19:38:15 +01:00
Rosen Penev
ce4cb8e51d busybox: remove useless busybox patches
The first two are useless as /bin/sh can execute those scripts just
fine. Shellcheck reports no problems.

Telnetd patch is useless as telnet is no longer used in OpenWrt.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 15:36:09 +01:00
Rosen Penev
0275ee5dde busybox: update to 1.33
Remove stime backport.

Remove static libgcc patch as upstream fixed it with
BUSYBOX_DEFAULT_STATIC_LIBGCC which defauls to off.

Remove date -k patch as it no longer applies. It's also pointless as
busybox' hwclock utility can do the same thing.

Remove ntpd patch as that seems to have been applied upstream.

Add smalll patch fixing compilation with SELinux. Upstream commit
2496616b0a8d1c80cd1416b73a4847b59b9f969a renamed the variable without
renaming it in the SELinux path.

Refresh config and patches.

Config refresh:

Refresh commands, run after busybox is first built once:

  cd package/utils/busybox/config/
  ../convert_menuconfig.pl ../../../../build_dir/target-mips_24kc_musl/busybox-default/busybox-1.33.0
  cd ..
  ./convert_defaults.pl < ../../../build_dir/target-mips_24kc_musl/busybox-default/busybox-1.33.0/.config > Config-defaults.in

Manual edits needed afterward:

* Config-defaults.in:  OpenWrt config symbol IPV6 logic applied to
  BUSYBOX_DEFAULT_FEATURE_IPV6
* Config-defaults.in:  OpenWrt configTARGET_bcm53xx logic applied to
  BUSYBOX_DEFAULT_TRUNCATE (commit 547f1ec)
* editors/Config.in: Add USE_GLIBC dependency to
  BUSYBOX_CONFIG_FEATURE_VI_REGEX_SEARCH (commit f141090)
* shell/Config.in : change at "Options common to all shells"  the symbol
  SHELL_ASH  -->  BUSYBOX_CONFIG_SHELL_ASH
   (discussion in http://lists.openwrt.org/pipermail/openwrt-devel/2021-January/033140.html
     Apparently our script does not see the hidden option while
     prepending config options with "BUSYBOX_CONFIG_" which leads to a
     missed dependency when the options are later evaluated.)
* Edit Config.in files by adding quotes to sourced items in
  config/Config.in, networking/Config.in and util-linux/Config.in (commit 1da014f)

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[Added comments from Hannu Nyman to commit message]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 15:15:32 +01:00
Rosen Penev
157cd0bd97 base-files: use hwclock --systz
The date -k patch is non standard and will be removed in the next
commit.

Tested behavior to be identical with a simple C program:

 #define _GNU_SOURCE
 #include <unistd.h>
 #include <stdio.h>
 #include <sys/time.h>
 #include <sys/syscall.h>

int main()
{
        struct timezone tt;
	struct timezone tz;

        int a = syscall(SYS_gettimeofday, NULL, &tt);
        int b = gettimeofday(NULL, &tz);
        printf("%d - %d, %d\n", a, tt.tz_minuteswest, tt.tz_dsttime);
        printf("%d - %d, %d\n", b, tz.tz_minuteswest, tz.tz_dsttime);
}

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-02-14 15:15:32 +01:00
Hauke Mehrtens
da283a8f2c iw: Update to version 5.9
The nl80211.h file is mostly matching kernel 5.10, so remove most of our
changes from the patch.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-14 15:15:32 +01:00
Hauke Mehrtens
12424edff5 mac80211: Update to version 5.10-rc6-1
The removed patches were applied upstream.

This adapts ath10k-ct and mt76 to changed APIs.
nl80211.h in iw is updated to match the version from backports.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-02-14 15:15:29 +01:00