Commit Graph

16994 Commits

Author SHA1 Message Date
Hans Dedecker
9858a8c582 odhcpd: bump to latest git HEAD
5da5299 odhcpd: fix compilation with GCC10

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-07-02 22:28:06 +02:00
Hans Dedecker
cbb66f9edb curl: bump to 7.71.0
For changes in 7.71.0; see https://curl.haxx.se/changes.html#7_71_0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-07-01 22:19:50 +02:00
Álvaro Fernández Rojas
f786de2095 ath10k-ct: update to version 2020-06-30
Backports commit "a1769bb68a850508a492e3674ab1e5e479b11254", which reverts
upstream commit "76d164f582150fd0259ec0fcbc485470bcd8033e" (ath10k: fix DMA
related firmware crashes on multiple devices).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-07-01 15:39:15 +02:00
Hans Dedecker
d4c80f5b17 dropbear: bump to 2020.80
- drop patches (applied upstream)
 * 001-backport_GNU_SOURCE-for-random.patch
 * 002-backport-move-GNU_SOURCE-earlier.patch
 * 010-backport-disable-toom-and-karatsuba.patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-30 22:13:46 +02:00
Rui Salvaterra
835c932ccb zram-swap: init: replace backticks with $()
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-30 19:03:15 +02:00
Rui Salvaterra
69ca308673 dropbear: init: replace backticks with $()
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-30 19:01:18 +02:00
David Bauer
1ba0466d43 package: add ravpower-mcu package
This package allows to read battery status information and control the
power state of the RAVPower RP-WD009 power management IC.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-06-29 12:24:04 +02:00
David Bauer
e959048c12 ramips: add support for RAVPower RP-WD009
The RAVPower RP-WD009 is a batter-powered pocket sized router with SD
card lot and USB port.

Hardware
--------
CPU:   MediaTek MT7628AN
RAM:   64M DDR2
FLASH: 16M GigaDevices SPI-NOR
WLAN:  MediaTek MT7628AN 2T2R b/g/n
       MediaTek MT7610E  1T1R n/ac
ETH:   1x FastEthernet
SD:    SD Card slot
USB:   USB 2.0

Custom PMIC on the I2C bus (address 0x0a).

Installation
------------

1. Press and hold down the reset button.

2. Power up the Device. Keep pressing the reset button for 10
   more seconds until the Globe LED lights up.

3. Attach your Computer to the Ethernet port. Assign yourself the
   address 10.10.10.1/24.

4. Access the recovery page at 10.10.10.128 and upload the OpenWrt
   factory image.

5. The flashing will take around 1 minute. The device will reboot
   automatically into OpenWrt.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-06-29 12:24:01 +02:00
Hauke Mehrtens
143c81716d uboot-kirkwood: Revert "uboot-kirkwood: enable sata in nsa310 uboot"
This reverts commit 930f3c0148.

The build fails with the following build error:
arm-openwrt-linux-muslgnueabi-ld.bfd: drivers/built-in.o: in function `ide_init':
build_dir/target-arm_xscale_musl_eabi/u-boot-nsa310/u-boot-2020.04/drivers/block/ide.c:750: undefined reference to `ide_preinit'
make[4]: *** [Makefile:1700: u-boot] Error 1

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-06-27 18:39:32 +02:00
Scott Roberts
dd13add3ce kernel: i2c-pxa: remove slave
Removing i2c pxa slave

The i2c-pxa is typically not use in slave mode. It does not make sense
to have slave mode enabled by default.
Having slave mode enabled prevents the i2c controller from being reset
if a real slave device such as an SFP is attached to the i2c-pxa bus and
locks it up.
Disable slave mode so that the i2c controller can be reset if the bus is
locked up.
If someone actually has a need for pxa slave mode this can be enabled in
kernel config.

Signed-off-by: Scott Roberts <ttocsr@gmail.com>
2020-06-27 00:19:13 +02:00
Sukru Senli
c856f7adfb netifd: replace timesvr with timesrv
/lib/netifd/dhcp.script:
         Keep support for 'timesvr' while also supporting 'timesrv'
         Add log message indicating deprecation of 'timesvr'

Signed-off-by: Sukru Senli <sukru.senli@iopsys.eu>
2020-06-27 00:19:13 +02:00
Alberto Bursi
930f3c0148 uboot-kirkwood: enable sata in nsa310 uboot
the uboot of nsa310 cannot use the network chip
as it is a realtek on the PCIe lanes and not a
Marvell ethernet from the SoC.

Therefore tftp is not possible on this device
and the only way to install is by loading files
from a USB drive.
If the USB subsystem is dead there is no way to
install OpenWrt.
Enable sata support and commands so it can be
used as a fallback in case of USB issues.

Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
2020-06-27 00:19:13 +02:00
Huangbin Zhan
fed9bfbfeb base-files: coreutil-sha256sum breaks status code
With package "coreutil-sha256sum" installed "sysupgrade" fails to perform 'sha256sum -s' and instead returns 'invalid option -- 's''.
This is caused due to:
	different syntax for a sha256sum status check ('sha256sum --status' with "coreutil-sha256sum")
	'/usr/bin/sha256sum' being symlinked to '/usr/bin/gnu-sha256sum' (after installation of "coreutil-sha256sum")
"coreutil-sha256sum" package from the packages feed replaces the Busybox sha256sum
This patch restores for 'sysupgrade' the busybox call to its sha256sum applet.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-06-27 00:19:13 +02:00
Huangbin Zhan
3d6ac4d20f ubox: add ALTERNATIVES
This avoids a conflict with the kmod util from the package feed.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-06-26 23:48:51 +02:00
Huangbin Zhan
67575b6410 logger: enable alternatives support
Avoid conflict with busybox

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-06-26 20:54:53 +02:00
Florian Eckert
97bc87d81a kernel: add gpio-amd-fch module description
Add a module description for the new gpio-amd-fch device driver.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-06-26 20:54:53 +02:00
Florian Eckert
2b550a6be1 kernel/leds-apu2: remove deprecated leds-apu2 driver
Remove leds-apu2 out of tree driver. There is a new upstream device gpio
and leds driver stack available for the APUv2 and APUv3 boards from pc
egnines. This new driver stack was add in kernel version 4.15.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-06-26 20:54:53 +02:00
David Bauer
870588b6eb mac80211: ath9k: enable MFP capability unconditionally
ath9k will already fallback on software-crypto for chipsets not
supporting IEEE802.11w (MFP). So advertising MFP is not dependent
on disabling HW crypto for all traffic entirely.

Tested on Sonicwall SonicPoint Ni (AR9132)

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-06-25 02:36:19 +02:00
Hans Dedecker
751e6ab8e6 dropbear: fix compilation for uClibc
Backport patches which fix compile issue for uClibc-ng :

dbrandom.c:174:8: warning: implicit declaration of function 'getrandom'; did you mean 'genrandom'? [-Wimplicit-function-declaration]
  ret = getrandom(buf, sizeof(buf), GRND_NONBLOCK);
        ^~~~~~~~~
        genrandom
dbrandom.c:174:36: error: 'GRND_NONBLOCK' undeclared (first use in this function); did you mean 'SOCK_NONBLOCK'?
  ret = getrandom(buf, sizeof(buf), GRND_NONBLOCK);
                                    ^~~~~~~~~~~~~
                                    SOCK_NONBLOCK

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-24 22:36:21 +02:00
Sungbo Eo
d4dea7efcd urandom-seed: update Makefile
- update SPDX license identifier
- use https in URL
- use default PKG_BUILD_DIR

Suggested-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-06-24 16:05:55 +02:00
Jason A. Donenfeld
ea5192e6c5 wireguard: bump to 1.0.20200623
* compat: drop centos 8.1 support as 8.2 is now out

Of note, as well, is that we now have both RHEL7 and RHEL8 in our CI at
<https://www.wireguard.com/build-status/>.

* Kbuild: remove -fvisibility=hidden from cflags

This fixes an issue when compiling wireguard as a module for ARM kernels in
THUMB2 mode without the JUMP11 workaround.

* noise: do not assign initiation time in if condition

Style fix.

* device: avoid circular netns references

Fixes a circular reference issue with network namespaces.

* netns: workaround bad 5.2.y backport

This works around a back backport in the 5.2.y series.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-24 08:01:37 +02:00
Leon M. George
8f95220bcb mac80211: fix use of local variable
mac80211_get_addr is called from mac80211_generate_mac, where the local variable
initialisation id="${macidx:-0}" suggests that macidx is not always defined.
Probably, idx was supposed to be used instead of $(($macidx + 1)).

Fixes: 4d99db168c ("mac80211: try to get interface addresses from wiphy sysfs 'addresses' if no mask is set")

Signed-off-by: Leon M. George <leon@georgemail.eu>
2020-06-24 01:21:24 +02:00
Sungbo Eo
46a6586c83 base-files: remove urandom-seed definition
urandom-seed has a separate Makefile, we can safely remove the definition here.

Fixes: 27bfde9c9f ("base-files: move urandom seed bits into separate package")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-06-23 22:23:21 +02:00
Sven Roederer
7e67d14486 igmpproxy: remove some bashism
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.
This follows up 3519bf4976

As a result, we also need to move the and/or out of the test brackets.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
[squash from two patches, adjust commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-23 20:00:16 +02:00
Catalin Patulea
492a6594b9 libnetfilter-queue: fix package title and description
The original text was copy/pasted from some other package.
Adjust the package title and description to match the description
on the publishers page.

Signed-off-by: Catalin Patulea <catalinp@google.com>
[slightly adjust content and commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-23 19:25:20 +02:00
Konstantin Demin
29e170dbaa dropbear: bump to 2020.79
- drop patches (applied upstream):
  * 010-backport-change-address-logging.patch
  * 020-backport-ed25519-support.patch
  * 021-backport-chacha20-poly1305-support.patch
- backport patches:
  * 010-backport-disable-toom-and-karatsuba.patch:
    reduce dropbear binary size (about ~8Kb).
- refresh patches.
- don't bother anymore with following config options
  because they are disabled in upstream too:
  * DROPBEAR_3DES
  * DROPBEAR_ENABLE_CBC_MODE
  * DROPBEAR_SHA1_96_HMAC
- explicitly disable DO_MOTD as it was before commit a1099ed:
  upstream has (accidentally) switched it to 0 in release 2019.77,
  but reverted back in release 2020.79.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-06-21 21:33:23 +02:00
Chen Minqiang
a57fb86d6a toolchain: glibc ldd env path fixup
This replace the shell script header of ldd
when it install to `/usr/bin/ldd` where
`#! /..../staging_dir/host/bin/bash`
should be
`#!/bin/sh`

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2020-06-18 20:08:18 +02:00
Kuan-Yi Li
c5bf9a8ced base-files: gpio switch: add named GPIO support
Previously, gpio_switch only accepts GPIO pin number as input. Once a
GPIO pin is exported and named by device tree, its pin state cannot be
configured and saved across reboots by UCI.

This patch adds support for named GPIO pins. Thus GPIO pin can be
exported by device tree with active high/low correctly configured,
having human-readable name in /sys/class/gpio/ is also now possible.

More importantly, GPIO pins which are referenced by name will be immune
from pin mapping breakage while unintentional pin number changes are
introduced by kernel or driver updates.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
2020-06-18 20:08:18 +02:00
Alan Swanson
a4c0767fbc mac80211: ath9k: enable adding wireless noise to kernel entropy pool
This option allows adding the ath9k ADC register output as a source
of randomness into the Linux entropy pool at sufficient quality
random data (at least 10 bits and up to 22 bits of min-entropy for
a 32-bit value).

Fixes FS#1444
Signed-off-by: Alan Swanson <reiver@improbability.net>
2020-06-18 20:08:18 +02:00
Karel Kočí
a4248577a0 hostapd: fix compilation of wpa_supplicant
Ubus patch as it seems have been broken by some rebase in the past as
the location of line that adds ubus object file was in condition for
CONFIG_MACSEC. That condition was adding object files that are not
touched by ubus patch. This means ubus.o does not have to be included in
that case. When it has to be and when build fails is when CONFIG_AP is
set. All files included in wpa_supplicant that are touched by this patch
are in this condition. This means that this is for sure the original
place for it.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
2020-06-18 20:08:18 +02:00
Ian Cooper
b933f9cf0c toolchain: remove gcc libssp and use libc variant
Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.

Stack smashing protection configuration options are now uniform
across all supported libc variants.

This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.

Signed-off-by: Ian Cooper <iancooper@hotmail.com>
2020-06-17 23:57:07 +02:00
Rozhuk Ivan
ba7ddae9a9 comgt-ncm: do not attempt to connect if the control device is invalid
After a hardware reconnect, the control device might be unavailable and
attempting to interact with it will lead to hanging gcom calls, leaving
the protocol setup in an unrecoverable state.

Change the protocol handler to bail out early and notify netifd if the
control device is not defined or if the underlying device node does not
exist.

Also ensure that the "disconnect", "connect" and "setmode" commands are
actually defined before trying to invoke them.

Finally attempt to re-query the device manufacturer if it is unset in
the interface state in order to prevent UNUPPORTED_MODEM errors after
a modem hardware reconnect.

Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com>
[reword subject and commit message]
Ref: https://github.com/openwrt/openwrt/pull/2352
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-06-17 23:14:46 +02:00
Florian Eckert
8fe9940db6 openvpn: add generic hotplug mechanism
Pass a default --up and --down executable to each started OpenVPN instance
which triggers /etc/hotplug.d/openvpn/ scripts whenever an instance
goes up or down.

User-configured up and down scripts are invoked by the default shipped
01-user hotplug handler to ensure that existing setups continue to work
as before.

As a consequence of this change, the up, down and script_security OpenVPN
options are removed from the option file, since we're always passing them
via the command line, they do not need to get included into the generated
configuration.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[reword commit message, move hotplug executable to /usr/libexec]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-06-17 22:43:48 +02:00
Daniel Golle
8e98613f4d uclient: uclient-fetch: add option to read POST data from file
c660986 uclient-fetch: add option to read POST data from file

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-06-17 16:38:35 +01:00
Pawel Dembicki
c5356d10c0 kirkwood: move mmc/sd features to modules
All devices are using nand images. Built-in MMC/SD modules are not needed
anymore.

Run tested: pogo v4

Reviewed-by: Sungbo Eo <mans0n@gorani.run>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-06-14 21:16:20 +02:00
Hans Dedecker
a241f439dc iproute2: update to 5.7.0
Update iproute2 to latest stable 5.7.0; for the changes see https://lwn.net/Articles/822152/

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-13 21:36:27 +02:00
Johann Neuhauser
c0ddb85a1d hostapd: hostapd_set_psk_file: fix defaut value for mac
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Bringing up of station vlan fails if the optional mac entry isn't set.
The default mac "00:00:00:00:00:00", which should match all stations,
is mistakenly set to the non used variable "isolate". This results in
a wrong formatted .psk file which has to be "vlan_id mac key".

fixes: 5aa2ddd0: hostapd: add support for wifi-station and wifi-vlan sections

Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
2020-06-13 18:31:43 +02:00
Yen-Ting-Shen
3f61e5e1b9 ipq40xx: add support for EnGenius EMR3500
SOC:     IPQ4018 / QCA Dakota
CPU:     Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:    256 MiB
NOR:     32 MiB
ETH:     Qualcomm Atheros QCA8072 (2 ports)
USB:     1 x 2.0 (Host controller in the SoC)
WLAN1:   Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:   Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:   RESET Button
LEDS:    White, Blue, Red, Orange

Flash instruction:

From EnGenius firmware to OpenWrt firmware:

In Firmware Upgrade page, upgrade your openwrt-ipq40xx-generic-engenius_emr3500-squashfs-factory.bin directly.

From OpenWrt firmware to EnGenius firmware:

1. Setup a TFTP server on your computer and configure static IP to 192.168.99.8
   Put the EnGenius firmware in the TFTP server directory on your computer.
2. Power up EMR3500. Press 4 and then press any key to enter u-boot.
3. Download EnGenius firmware
   (IPQ40xx) # tftpboot 0x84000000 openwrt-ipq40xx-emr3500-nor-fw-s.img
4. Flash the firmware
   (IPQ40xx) # imgaddr=0x84000000 && source 0x84000000:script
5. Reboot
   (IPQ40xx) # reset

Signed-off-by: Yen-Ting-Shen <frank.shen@senao.com>
[squashed update patch, updated to 5.4, dropped BOARD_NAME,
migrated to SOC]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-13 14:38:03 +02:00
Stijn Tintel
4f02496c50 mtd: enable wrgg support for ath79
This is required for the D-Link DAP-2695-A1.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-06-11 19:44:36 +03:00
Kevin Darbyshire-Bryant
46555ce5bc odhcpd: remove bogus IPKG_INSTROOT reference
IPKG_INSTROOT is only set under image builder and we won't be running
this script at build time either, so remove the reference before it gets
cargo-culted into other scripts.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-11 15:46:55 +01:00
Adrian Schmutzler
78e8360878 soloscli: fix uci-defaults file
The folder for the uci-defaults file of this package is wrong, so
the file most probably has not been executed at all for several
years at least.

Fix the folder and remove the useless shebang for the file.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-11 01:49:24 +02:00
Renaud Lepage
108df3eabb ath79: add support for the Netgear WNDRMAC v1
The Netgear WNDRMAC v1 is a hardware variant of the Netgear WNDR3700 v2

Specifications
==============
* SoC: Atheros AR7161
* RAM: 64mb
* Flash on board: 16mb
* WiFi: Atheros AR9220 (a/n), Atheros AR9223 (b/g/n)
* Ethernet: RealTek RTL8366SR (1xWAN, 4xLAN, Gigabit)
* Power: 12 VDC, 2.5 A
* Full specs on [openwrt.org](https://openwrt.org/toh/hwdata/netgear/netgear_wndrmac_v1)

Flash Instructions
==================
It is possible to use the OEM Upgrade page to install the `factory`
variant of the firmware.

After the initial upgrade, you will need to telnet into the router
(default IP 192.168.1.1) to install anything. You may install LuCI
this way. At this point, you will have a web interface to configure
OpenWRT on the WNDRMAC v1.

Please use the `sysupgrade` variant for subsequent flashes.

Recovery Instructions
=====================
A TFTP-based recovery flash is possible if the need arises. Please refer
to the WNDR3700 page on openwrt.org for details.

https://openwrt.org/toh/netgear/wndr3700#troubleshooting_and_recovery

Signed-off-by: Renaud Lepage <root@cybikbase.com>
[update DTSI include name]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-11 01:44:13 +02:00
Felix Fietkau
4baf90de8d netifd: disable receive packet steering for DSA slave devices
It is already handled on the master device. Doing it twice reduces
performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 16:17:12 +02:00
Felix Fietkau
bf3f06f1ba mt76: enable hostapd 802.11ax support if kmod-mt7915e is selected
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 12:56:35 +02:00
Felix Fietkau
41d7a14ead hostapd: add config symbol for allowing drivers to enable 802.11ax support
Also expose a build feature for it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 12:56:35 +02:00
Christian Lamparter
f611b014a7 ca-certificates: update to version 20200601
This patch updates the ca-certificates and ca-bundle package.
This version changed the files directory again, to work/, so
PKG_BUILD_DIR was brought back.

A list of changes from Debian's change-log entry for 20200601 [0]:

  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.40.
    Closes: #956411, #955038
  * mozilla/blacklist.txt
    Add distrusted Symantec CA list to blacklist for explicit removal.
    Closes: #911289
    Blacklist expired root certificate, "AddTrust External Root"
    Closes: #961907
    The following certificate authorities were added (+):
    + "Certigna Root CA"
    + "emSign ECC Root CA - C3"
    + "emSign ECC Root CA - G3"
    + "emSign Root CA - C1"
    + "emSign Root CA - G1"
    + "Entrust Root Certification Authority - G4"
    + "GTS Root R1"
    + "GTS Root R2"
    + "GTS Root R3"
    + "GTS Root R4"
    + "Hongkong Post Root CA 3"
    + "UCA Extended Validation Root"
    + "UCA Global G2 Root"
    The following certificate authorities were removed (-):
    - "AddTrust External Root"
    - "Certinomis - Root CA"
    - "Certplus Class 2 Primary CA"
    - "Deutsche Telekom Root CA 2"
    - "GeoTrust Global CA"
    - "GeoTrust Primary Certification Authority"
    - "GeoTrust Primary Certification Authority - G2"
    - "GeoTrust Primary Certification Authority - G3"
    - "GeoTrust Universal CA"
    - "thawte Primary Root CA"
    - "thawte Primary Root CA - G2"
    - "thawte Primary Root CA - G3"
    - "VeriSign Class 3 Public Primary Certification Authority - G4"
    - "VeriSign Class 3 Public Primary Certification Authority - G5"
    - "VeriSign Universal Root Certification Authority"

[0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-09 18:07:38 +02:00
Petr Štetiar
df6a33a8d4 hostapd: update to latest Git hostap_2_9-1331-g5a8b366233f5
Bump to latest Git and refresh all patches in order to get fix for "UPnP
SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695).

 General security vulnerability in the way the callback URLs in the UPnP
 SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
 Some of the described issues may be applicable to the use of UPnP in WPS
 AP mode functionality for supporting external registrars.

Ref: https://w1.fi/security/2020-1/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-09 16:59:33 +02:00
Kevin Darbyshire-Bryant
68b94f0fb4 umdnsd: update to latest git HEAD
d13290b Fix advertised IPv6 addresses

Don't just serve link-local addresses via mdns, offer all.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-06-08 20:16:17 +01:00
Stijn Tintel
8a858363b0 hostapd: silence rm
When bringing up wifi the first time after boot, these warnings appear:

netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.psk': No such file or directory
netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.vlan': No such file or directory

Silence them by adding the "-f" option to rm.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
2020-06-08 08:59:02 +03:00
Stijn Tintel
25787e002b bcm27xx-gpu-fw: bump to most recent good version
This updates to the last firmware version before the switch to building
from the common firmware branch, which introduces various issues.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 10:26:54 +03:00
Stijn Tintel
afdc413d9d Revert "bcm27xx-gpu-fw: update to latest version"
This reverts commit 9e467a764b.

The Raspberry Pi firmware recently switched to building from the common
firmware branch. This introduces changes in the core clock handling,
causing various issues.

E.g. enable_uart=1 no longer fixes the core clock frequency to 250MHz.
When the disable-bt DT overlay is not loaded, the core clock frequency
is increased to 400MHz. As a result, the UART baud rate is no longer
correct, and this causes garbled serial console, or communication
problems with HATs that use the UART.

As a workaround, the core clock could be fixed to 250MHz by adding
'core_freq=250' in /boot/config.txt, but as there appear to be other
issues than just the UART being broken, the safer bet is to revert the
firmware for now.

Upstream bug: https://github.com/raspberrypi/firmware/issues/1376

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 10:25:50 +03:00
Hans Dedecker
9e7fe7faf5 netifd: update to latest git HEAD
51e9fb8 system-linux: improve handling of device rename

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-06 20:55:53 +02:00
Toke Høiland-Jørgensen
56db8e4615 kernel: Add kmod-sch-cake-virtual intermediate package
As reported in https://github.com/openwrt/packages/issues/12072, the
imagebuilder fails due to a dependency resolution error when the userspace
packages are built using a target that has a different kernel version than
that which is being run. To resolve this, add a virtual kernel package with
the conditional dependency currently used in sqm-scripts. The idea is to
move the sqm-scripts dependency to this virtual package, which hopefully
should be consistent with the actual kernel module being built.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2020-06-06 19:15:43 +01:00
Hans Dedecker
4e65838871 nghttp2: bump to 1.41.0
8f7b008b Update bash_completion
83086ba9 Update manual pages
c3b46625 Merge pull request from GHSA-q5wr-xfw9-q7xr
3eecc2ca Bump version number to v1.41.0, LT revision to 34:0:20
881c060d Update AUTHORS
f8da73bd Earlier check for settings flood
336a98fe Implement max settings option
ef415836 Revert "Add missing connection error handling"
979e6c53 Merge pull request #1459 from nghttp2/proxyprotov2
b7d16101 Add missing connection error handling
cd53bd81 Merge pull request #1460 from gportay/patch-1
e5625b8c Fix doc
c663349f integration: Add PROXY protocol v2 tests
854e9fe3 nghttpx: Always call init_forwarded_for
c60ea227 Update doc
49cd8e6e nghttpx: Add PROXY-protocol v2 support
3b17a659 Merge pull request #1453 from Leo-Neat/master
600fcdf5 Merge pull request #1455 from xjtian/long_serials
4922bb41 static_cast size parameter in StringRef constructor to size_t
aad86975 Fix get_x509_serial for long serial numbers
dc7a7df6 Adding CIFuzz
b3f85e2d Merge pull request #1444 from nghttp2/fix-recv-window-flow-control-issue
ffb49c6c Merge pull request #1435 from geoffhill/master
2ec58551 Fix receiving stream data stall
459df42b Merge pull request #1442 from nghttp2/upgrade-llhttp
a4c1fed5 Bump llhttp to 2.0.4
866eadb5 Enable session_create_idle_stream test, fix errors
5e13274b Fix typo
e0d7f7de h2load: Allow port in --connect-to
df575f96 h2load: add --connect-to option
1fff7379 clang-format-9
b40c6c86 Merge pull request #1418 from vszakats/patch-1
9bc2c75e lib/CMakeLists.txt: Make hard-coded static lib suffix optional
2d5f7659 Bump up version number to 1.41.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-06 14:11:41 +02:00
Paul Spooren
df6f3090c4 mvebu: rename Linksys devices based on their common names
The Linksys devices in mvebu target feature a mixed naming,
where parts are based on the official product name (device
node, image; e.g. WRT3200ACM) and parts are based on the
internal code name (DTS file name, compatible, LED labels;
e.g. rango). This inconsistent naming has been perceived
as quite confusing.

A recent attempt by Paul Spooren to harmonize this naming
in kernel has been declined there. However, for us it still
makes sense to apply at least a part of these changes
locally.

Primarily, this patch changes the compatible in DTS and thus
the board name used in various scripts to have them in line
with the device, model and image names. Due to the recent
switch from swconfig to DSA, this allows us to drop
SUPPORTED_DEVICES and thus prevent seamless upgrade between
these incompatible setups.

However, this does not include the LED label rename from
Paul's initial patch: I don't think it's worth keeping the
enormous diff locally for this case, as we can implement
this much easier in 01_leds if we have to live with the
inconsistency anyway.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, extend to all devices, drop DT LED changes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-05 21:54:43 +02:00
Felix Fietkau
2dd26fda16 kernel: fix portability issue with perf on linux 5.4
Remove dependencies on core kernel headers in host tools used to build perf,
which break on any non-linux system

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-04 21:52:57 +02:00
John Crispin
5aa2ddd0d6 hostapd: add support for wifi-station and wifi-vlan sections
This patch adds support for 2 new uci sections.

config wifi-vlan
	# iface is optional. if it is not defined the vlan will apply
	# to all interfaces
        option iface	default_radio0
        option name	guest
        option vid	100
        option network	guest

config wifi-station
	# iface is optional. if it is not defined the station will apply
	# to all interfaces
        option iface	default_radio0
        # mac is optional. if it is not defined it will be a catch all
	# for any sta using this key
	option mac	'00:11:22:33:44:55'
        # vid is optional. if it is not defined, the sta will be part of
	# the primary iface.
	option vid	100
        option key	testtest

With this patch applied it is possible to use multiple PSKs on a single BSS.

Signed-off-by: John Crispin <john@phrozen.org>
2020-06-04 13:36:37 +02:00
John Crispin
303b463394 netifd: update to latest HEAD
db275e1 interface-ip: fix build on non-linux systems
3392046 system-dummy: fix missing return
a56b457 netifd: wireless: add support for tracking wifi-station sections
4ce33ce netifd: wireless: add support for tracking wifi-vlan sections

Signed-off-by: John Crispin <john@phrozen.org>
2020-06-04 13:36:37 +02:00
Petr Štetiar
7f0fb3e5d4 iwinfo: update to version 2020-06-03
2faa20e5e9d1 iwinfo: add device id for Mikrotik R11e-5HacD miniPCIe card
d577a9d38a3b iwinfo: add device id for Marvell 88W8997 SDIO wifi card
f6b7d16d2ffa iwinfo: add device id for Atheros AR9287 PCIe wifi card

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Tim Harvey
25641709d8 kernel: iio: add drivers for st_lsm6dsx IMU MEMS sensors
Add kmod for the ST LSM6DSX IMU driver.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
[fixed missing regmap module dependencies]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Tim Harvey
41cab5029b kernel: iio: fix st_accel_{i2c, spi} driver
Add missing kernel module and rename driver

Fixes: 2d8f4c4fbd ("kernel: iio: add st-accel driver modules")
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2020-06-03 16:49:28 +02:00
Eneas U de Queiroz
750d52f6c9 wolfssl: use -fomit-frame-pointer to fix asm error
32-bit x86 fail to compile fast-math feature when compiled with frame
pointer, which uses a register used in a couple of inline asm functions.

Previous versions of wolfssl had this by default.  Keeping an extra
register available may increase performance, so it's being restored for
all architectures.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-06-03 16:49:28 +02:00
Rosen Penev
a9f712a79b exfat-utils: move into packages feed
This will be moved to packages:

https://github.com/openwrt/packages/pull/12378

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[commit subject facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Rosen Penev
e86b67e700 xfsprogs: move into packages feed
Does not seem to be needed here. This will be imported into packages.

Ref: https://github.com/openwrt/packages/pull/12256
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[subject facelift, PR ref]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Rosen Penev
173d2843c7 libconfig: move into packages feed
No package in base uses libconfig. Everything is in the packages feed.

Ref: https://github.com/openwrt/packages/pull/12255
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[subject facelift, PR ref]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Florian Eckert
0b3e1205df kernel: add gpio-it87
Since commit 910df3f06c we have build in
on all X86/64 platforms the gpio-it87 driver.

Since this change I am getting the following error message on boot.
 > kern.err kernel: [    1.009416] gpio_it87: no device

I do not have this device on my system. To prevent the nonsensical
message and the loading of the module I have added this as a package, so
that it can be installed later or during image building.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-06-03 16:49:28 +02:00
Sergey Ryazanov
880c1f0336 base-files: prevent issues w/ overlay on powerloss after sysupgrade
Due to filesystem write caching the old configuration data could stay
out of flash for a long time during a first boot after the sysupgrade.
Power loss during this period could damage the overlay data and even
make device inaccessable via the network.

Fix this by syncing data to a flash as soon as the previous
configuration will be unpacked after the sysupgrade. Also sync the FS
state after the sysupgrade.tgz archive removing to prevent duplicative
extraction of a previous configuration.

Tested with AMD Geode based board.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2020-06-03 16:49:28 +02:00
Sven Roederer
2171493f7f dnsmasq: add /etc/dnsmasq.d/ to conffiles
This directory can hold configuration-snippets which should also included in the backup.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-06-03 16:49:28 +02:00
Michael Heimpold
d71fa37aa3 uboot-mxs: bump to v2020.04
Also update the U-Boot BSP patch for I2SE Duckbill devices.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2020-06-03 16:49:28 +02:00
Thomas Albers
e914de7c96 base-files: fix LED IDE trigger
This changes the ide-disk LED trigger to the generic disk-activity as
ide-disk trigger was removed in upstream commit eb25cb9956cc ("leds:
convert IDE trigger to common disk trigger").

Signed-off-by: Thomas Albers <thomas.gameiro@googlemail.com>
[split into separate commit, commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Daniel Golle
b1f26b7160 uhttpd: fix script timeout
939c281 proc: do not cancel script killing after writing headers

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-06-03 10:50:01 +01:00
Hans Dedecker
8d2c031f21 ppp: update to version 2.4.8.git-2020-05-25
ddd57c2 pppd: Add lcp-echo-adaptive option
c319558 pppd: Handle SIGINT and SIGTERM during interrupted syscalls (#148)
0bc11fb Added missing options to manual pages. (#149)
b1fcf16 Merge branch 'monotonic-time' of https://github.com/themiron/ppp
c78e312 pppd: linux: use monotonic time if possible

Remove patch 121-debian_adaptive_lcp_echo as patch is upstream accepted
Remove patch 206-compensate_time_change.patch as timewrap issues are
solved by a patch making use of monotonic time

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-31 21:13:50 +02:00
Felix Fietkau
479f1f2c92 mt76: update to the latest version (adds 7663e, 7663u, 7915 drivers)
7aabfd0c9282 mt7615: add CONFIG_MT76_LEDS to cflags
10a5b7630a37 mt76: mt7615: fix getting maximum tx power from eeprom
8688ed70c987 mt76: mt7615: use module parameter option for offload firmware preference
04798aab1257 net: mt7603: remove duplicate error message
9636177117d8 mt76: mt7615: fix ssid configuration in mt7615_mcu_hw_scan
d4ba139d8b8b mt76: mt7615: introduce mt7615_check_offload_capability routine
2cc0d54b65a1 mt76: mt7615: do not mark sched_scan disabled in mt7615_scan_work
5b73be962388 mt76: mt7615: add passive mode for hw scan
96e429e18174 mt76: mt7615: free pci_vector if mt7615_pci_probe fails
8fddbf6390ac mt76: mt7615: introduce support for hardware beacon filter
f2c760177bdd mt76: mt7615: introduce mt7615_mcu_set_hif_suspend mcu command
db454605106f mt76: mt7615: add WoW support
20b87321c39f mt76: mt7663u: introduce suspend/resume to mt7663u
20db7e73c586 mt76: mt7615: introduce PM support
523716bba561 mt76: mt7615: add gtk rekey offload support
50d377a825cc mt76: mt7615: introduce beacon_loss mcu event
4ef1957cea35 mt76: mt7663: read tx streams from eeprom
f25a43cc53e7 mt76: mt7615: check return value of mt7615_eeprom_get_power_index
0a9f71652927 mt76: mt7615: fix ibss mode for mt7663
83f2ba3101b4 mt76: mt7663: fix target power parsing
3e6968593b61 mt76: mt7615: fix delta tx power for mt7663
c1d3ad194ae4 mt76: mt7663: introduce WoW with net detect support
891136ab99da mt76: mt7663: add support to sched scan with randomise addr
82e4d3ebe967 mt76: mt7615: scan all channels if not specified
690b84821cd3 mt76: avoid rx reorder buffer overflow
f0117d3107b4 mt76: add support for HE RX rate reporting
cc68782bab1a mt76: add Rx stats support for radiotap
3ec47f2fba61 mt76: adjust wcid size to support new 802.11ax generation
0a9f4173dd07 mt76: add HE phy modes and hardware queue
c6b002bcdfa6 mt76: add mac80211 driver for MT7915 PCIe-based chipsets
b96af5039581 mt76: mt7915: enable Rx HE rate reporting
230054096155 mt76: mt7915: implement HE per-rate tx power support
c8f4b6cf1add mt76: mt7915: register per-phy HE capabilities for each interface
de1e8af96e19 mt76: mt7915: add HE bss_conf support for interfaces
135a5085932b mt76: mt7915: add HE capabilities support for peers
3b5d908dae2f mt76: mt7915: add Rx radiotap header support
158253e2c11e mt76: mt7915: add .sta_add_debugfs support
7f40e8c2b98d mt76: mt7915: add .sta_statistics support
a5368e5cad11 mt76: mt7915: set peer Tx fixed rate through debugfs
4f79c516be5c mt76: mt7915: add tsf related callbacks
509fceb43235 mt76: mt7915: enable firmware module debug support
56405976fc7b mt76: set runtime stream caps by mt76_phy
6bbf1a35c0da linux-firmware: add rebb firmware for mt7663
d7a10094c4e5 mt7663: add client offload firmware
9200732e8534 mt76: mt7663u: copy key pointer in mt7663u_mac_write_txwi
3aa810bde810 mt76: mt7663u: add missing register definitions
e236ea5be344 mt76: mt7615: usb: cancel ps work stopping the vif
1d0903de2131 mt76: mt7915: introduce mt7915_get_he_phy_cap
095c72c81c74 mt76: mt7915: add Tx beamformer support
5f9e7664cd26 mt76: mt7915: add Tx beamformee support
ac505404c385 mt76: mt7915: add TxBF capabilities
6656bebd39cd mt76: mt7915: add debugfs to track TxBF status
9590db025475 mt76: mt7915: allocate proper size for tlv tags
26eb1ed65987 mt76: mt7915: fix possible deadlock in mt7915_stop
f85c1f3fc189 firmware: add mt7915 firmware
9b07251b00b0 mt76: mt7615: fix typo defining ps work
060e375a9244 mt76: fix per-driver wcid range checks after wcid array size bump
7270b56389a9 mt76: mt7615: do not report scan_complete twice to mac80211
8c9e4847d01e mt76: mt7615: reduce hw scan timeout
8bd88a1b1880 mt76: enable p2p support
1ea444d0e8e5 mt76: mt7615: configure bss info adding the interface
fa81da5bb4e9 mt76: mt7615: introduce remain_on_channel support
44f2262c0289 mt76: mt76x02: remove check in mt76x02_mcu_msg_send
7005aa891440 mt76: mt7915: add spatial reuse support
1e3dc5b76649 mt76: mt7915: fix some sparse warnings
01b784174cd5 mt76: mt7915: fix sparse warnings: incorrect type initializer
40b7b5354a16 mt76: mt7615: fix NULL pointer deref in mt7615_register_ext_phy
6d731d188d31 mt76: mt7915: fix decoded radiotap HE flags
b74d5b1c14cf mt76: mt7915: fix some sparse warnings
6679d35be5cc mt76: mt7615: switch to per-vif power_save support
01e870b44769 mt76: mt7915: fix a handful of spelling mistakes
7b2d16655904 mt76: mt7663: fix the usage WoW with net detect support
ed3a244fb647 mt76: mt7915: Fix build error
5396a61cec99 mt76: mt7615: fix hw_scan with ssid_type for specified SSID only
466a5b4d041d mt76: mt7915: fix possible NULL pointer dereference in mt7915_register_ext_phy
984a172609c0 mt76: fix wcid allocation issues
6e02acddcb1a mt76: mt7615: add support for MT7611N
4e6f4e432d0d mt76: only iterate over initialized rx queues
9ad940fee593 mt76: mt7615: Use kmemdup in mt7615_queue_key_update()
85c516081338 mt76: mt7915: remove set but not used variable 'msta'

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-05-31 14:23:07 +02:00
Vladislav Grishenko
f166cf9ca0 dropbear: add ed25519 and chacha20-poly1305
- add Ed25519 support (backport):
  * DROPBEAR_ED25519 option for ssh-ed25519,
  * disabled by default
- add Chacha20-Poly1305 support (backport):
  * DROPBEAR_CHACHA20POLY1305 for chacha20-poly1305@openssh.com,
  * enabled by default
- update feature costs in binary size

Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
2020-05-30 21:27:10 +02:00
John Crispin
02f08056bc mac80211: fix wifi teardown
reverts part of the recent wifi reconf patch.

Signed-off-by: John Crispin <john@phrozen.org>
2020-05-30 12:01:08 +02:00
Daniel Golle
a002a24536 mac80211: rt2x00: backport patch enabling MFP
From: Rui Salvaterra <rsalvaterra@gmail.com>
Date: Mon, 25 May 2020 14:49:07 +0100
Subject: [PATCH] rt2800: enable MFP support unconditionally

This gives us WPA3 support out of the box without having to manually disable
hardware crypto. The driver will fall back to software crypto if the connection
requires management frame protection.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-30 09:37:36 +01:00
Daniel Golle
f8b4aa5062 ugps: nmea: make sure date is valid
GPS time without date was previously used to set system date:
Tue Oct 10 11:48:21 2000 user.info kernel: [  108.786639] ugps: system time differs from GPS time by more than 5 seconds. Using 2000-10-10T10:48:21 UTC as the new time
Tue Oct 10 11:49:27 2000 user.info kernel: [  174.794699] ugps: system time differs from GPS time by more than 5 seconds. Using 2020-05-26T10:49:27 UTC as the new time

Fix this by ignoring incomplete dates and wait for complete time
information before adjusting system date/time.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-29 23:59:35 +01:00
Jo-Philipp Wich
559b338466 qos-scripts: fix interface resolving
Also ensure that the error message is actually printed to stderr and that
the rule generation is aborted if an interface cannot be resolved.

Ref: https://github.com/openwrt/luci/issues/3975
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-29 10:34:58 +02:00
Álvaro Fernández Rojas
5d3a0c6b26 bcm27xx-userland: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 19:12:42 +02:00
Daniel Golle
f47aeac9b9 procd: update to git HEAD
b84a329 jail: use sane termios settings for console pts
 b9b39e2 jail: handle containers seperately

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-28 14:29:08 +01:00
Enrique Rodríguez Valencia
6e8bb68996 hostapd: Add disable_vht when using NOHT/HT* modes
disable_vht parameter needs to be set when using wpa_supplicant NOHT/HT* modes.

Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
2020-05-28 14:06:55 +01:00
Enrique Rodríguez Valencia
84c96de606 mac80211: Fix setting radio htmode when using mesh mode
When configuring the radio in legacy mode from luci, the htmode is not set
correctly to NOHT, causing the radio in mesh mode to be set to HT40.

Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
2020-05-28 14:06:54 +01:00
Jo-Philipp Wich
a03d6d2fab broadcom-wl: don't inherit lock descriptor in nas process
Add a local hack to prevent the Broadcom WPA authenticator process from
inheriting the lock descriptor 1000 used to prevent concurrent executions
of the init script.

Without this fix, repeated invocations of /etc/init.d/network, e.g. for
obtaining the enabled state, would hang forever.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-28 13:08:14 +02:00
Álvaro Fernández Rojas
8b8fb79cbf bcm27xx-userland: update to latest version with 64 bit support
Support for 64 bits has been remove on latest master of raspberry/firmware.
Update to latest commit with 64 bit support since we don't support
installing 32 bit packages on 64 bit targets.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 11:57:03 +02:00
Thibaut VARÈNE
e430376b48 packages/utils: fbtest fix Makefile
The clean target tries to remove what looks like a bogus 'rbcfg',
probably carried over copy-pasta. Remove the name of the generated
executable ('fbtest') instead.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Fixes: 8099f4e0d3 ("fbtest utility ")
2020-05-28 11:22:22 +02:00
Thibaut VARÈNE
7557e7f267 package/base-files: caldata: work around dd's limitation
tl;dr: dd will silently truncate the output if reading from special
files (e.g. sysfs attributes) with a too large bs parameter.

This problem was exposed on some RouterBOARD ipq40xx devices which use a
caldata payload which is larger than PAGE_SIZE, contrary to all other
currently supported RouterBOARD devices: the caldata would fail to
properly load with the current scripts.

Background: dd doesn't seem to correctly handle read() results that
return less than requested data. sysfs attributes have a kernel exchange
buffer which is at most PAGE_SIZE big, so only 1 page can be read() at a
time. In this case, if bs is larger than PAGE_SIZE, dd will silently
truncate blocks to PAGE_SIZE. With the current scripts using bs=<size>
count=1, the data is truncated to PAGE_SIZE as soon as the requested
<size> exceeds this value.

This commit works around this problem by using `cat` in the caldata
routines that can read from a file (routines that read from mtd devices
are untouched). cat correctly handles partial read requests. The output
is then piped to dd with the same parameters as before, to ensure that
the resulting file remains exactly the same.

This is a simple workaround, the downside is that it uses a pipe and one
more executable, and therefore has a larger memory footprint and is
slower. This is deemed acceptable considering these routines are only
used at boot time.

Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-28 11:22:22 +02:00
Thibaut VARÈNE
f10da7cb4d packages/boot: remove rbcfg
The new sysfs soft_config driver makes buggy rbcfg obsolete and
entirely replaces it.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-28 11:09:10 +02:00
Álvaro Fernández Rojas
aabfd4b1db cypress-firmware: add PROVIDES sections
Some firmwares are already provided by linux-firmware.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 10:36:27 +02:00
Álvaro Fernández Rojas
9e467a764b bcm27xx-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 10:36:27 +02:00
Jo-Philipp Wich
e8a2c21069 rpcd: update to latest Git HEAD
078bb57 uci: reset uci_ptr flags when merging options during section add
3df62bc session: deny access if password login is disabled

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-26 16:08:54 +02:00
Stijn Segers
63bef34db9 uboot-envtools: ath79: add Netgear WNDR4300SW
Add Netgear WNDR4300SW to the list of supported boards.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2020-05-26 15:29:51 +02:00
Felix Fietkau
b371182d24 libubox: update to the latest version
86818eaa976b blob: make blob_parse_untrusted more permissive
cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len
c2fc622b771f blobmsg: fix length in blobmsg_check_array
639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name
66195aee5042 blobmsg: fix missing length checks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-05-26 10:45:44 +02:00
Rafał Miłecki
a765b063ee libubox: update to the latest master
5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len()
eeddf22 tests: runqueue: try to fix race on GitLab CI
89fb613 libubox: runqueue: fix use-after-free bug
1db3e7d libubox: runqueue fix comment in header
7c4ef0d tests: list: add test case for list_empty iterator

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-05-24 17:06:09 +02:00
Matthias Schiffer
42de3c89c7
ucert: update to latest git HEAD
00b921d80ac0 Do not print line number in debug messages
96c42c5ed320 Fix length checks in cert_load()
fe06b4b836b3 usign-exec: improve usign -F output handling
19f9e1917e1b usign-exec: return code fixes
077feb5b5824 usign-exec: close writing end of pipe early in parent process
7ec4bb764e1e usign-exec: remove redundant return statements
5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17]
112488bbbccc usign-exec: do not close stdin and stderr before exec
38dcb1a6f121 usign-exec: fix exec error handling
a9be4fb17df2 usign-exec: simplify usign execv calls
854d93e2326a Introduce read_file() helper, improve error reporting
afc86f352bf7 Fix return code of write_file()
fdff10852326 stdout/stderr improvements
dddb2aa8124d ci: fix unit test failures by enabling full ucert build
5f206bcfe5c2 ci: enable unit testing

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-24 17:01:36 +02:00
Matthias Schiffer
e35e40ad82
usign: update to latest git HEAD
f1f65026a941 Always pad fingerprints to 16 characters

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-23 13:38:12 +02:00
David Bauer
a9f7510150 hostapd: add WEP as queryable build feature
Commit 472fd98c5b ("hostapd: disable support for Wired Equivalent
Privacy by default") made support for WEP optional.

Expose the WEP support to LuCi or other userspace tools using the
existing interface. This way they are able to remove WEP from the
available ciphers if hostapd is built without WEP support.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-05-22 21:54:30 +02:00
Hauke Mehrtens
04b1a11f5c mac80211: Fix build on mpc85xx target
This fixes the following compile error seen on the mpc85xx target:
  CC [M]  /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o
In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89:
/builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t'
 typedef _Addr ptrdiff_t;
               ^~~~~~~~~
In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4,
                 from ./include/linux/list.h:5,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3,
                 from ./include/linux/module.h:9,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79:
./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here
 typedef __kernel_ptrdiff_t ptrdiff_t;
                            ^~~~~~~~~
scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed

Fixes: 289c632425 ("mac80211: Update to version 5.7-rc3-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 21:53:14 +02:00
Philip Prindeville
de8b88ce17 firewall: add rule for traceroute support
Running your firewall's "wan" zone in REJECT zone (1) exposes the
presence of the router, (2) depending on the sophistication of
fingerprinting tools might identify the OS and release running on
the firewall which then identifies known vulnerabilities with it
and (3) perhaps most importantly of all, your firewall can be
used in a DDoS reflection attack with spoofed traffic generating
ICMP Unreachables or TCP RST's to overwhelm a victim or saturate
his link.

This rule, when enabled, allows traceroute to work even when the
default input policy of the firewall for the wan zone has been
set to DROP.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-05-21 20:23:10 +02:00
Hans Dedecker
bc55258464 netifd: ingress/egress vlan qos mapping support
74e0222 vlandev: support setting ingress/egress QoS mappings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-21 20:21:02 +02:00
Hauke Mehrtens
289c632425 mac80211: Update to version 5.7-rc3-1
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

The 131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch patch
was manually adapted to the changes in kernel 5.7.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00