Commit Graph

17368 Commits

Author SHA1 Message Date
Daniel Golle
5aedd5a110 procd: bump to git HEAD once again
Further complete OCI container support in ujail:
 f5f305e jail: move /tmp/resolv.conf.d to /dev/resolv.conf.d
 6f078ae jail: add support for defining devices
 686cf7a jail: actually apply filesystem-specific mount options
 f91009a jail: refactor default mounts into new structure
 66ae2d9 jail: re-implement /proc/sys/net read-write in netns hack

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-20 04:39:11 +01:00
Daniel Golle
211548c523 procd: update to git HEAD
9eddf0f jail: fix hooks
 1b1286b jail: parse and apply OCI sysctl values
 c049047 jail: implement OCI user additionalGIDs
 0e1920c jail: read and apply umask from OCI if defined
 1c46cc3 jail: parse and apply POSIX rlimits
 76adac5 jail: /proc/$pid/oom_score_adj to OCI defined oomScoreAdj

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-19 19:35:47 +01:00
Daniel Golle
bae4204e34 procd: bump to git HEAD
8d5208f jail: fix false return in case of nofail mount
 b41f76b procd: fix compile if procd-ujail is not selected
 86a5105 jail: fs: fix build on uClibc-ng
 bfce7d1 jail: fix some more mount options
 268126a jail: add support for maskedPaths and readonlyPaths

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-17 12:00:00 +01:00
Martin Schiller
6299c1760a ltq-*dsl-app: dsl_control: remove unneeded check for lantiq_dsl.sh
This file is always present because it is part of the ltq-dsl-base
package on which these packages depend.

This check would not have been necessary in the past, because the script
was part of the TARGET_LANTIQ on which these packages also depend.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2020-07-17 12:14:32 +02:00
Martin Schiller
4d8552c265 lantiq: move dsl related base-files into own package
It does not make sense to install this components on lantiq systems
where the dsl subsystem is not needed/used.

This also makes it possible to use the files also on other targets.
(hopefully ipq401x / FritzBox 7530 in the near future)

Signed-off-by: Martin Schiller <ms.3headeddevs@gmail.com>
2020-07-17 12:14:32 +02:00
Rosen Penev
cc66580293 lzo: fix pkgconfig paths
The last commit to this package that added the pkgconfig file did not
fix the paths to point to the prefix.

This allows packages to find lzo properly.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-07-17 11:00:33 +02:00
Alberto Bursi
f013cc4b26 uboot-mvebu: add uboot for helios 4
add u-boot for Helios 4 NAS

Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
2020-07-17 11:00:33 +02:00
Hans Dedecker
546e140382 nat46: update to latest git HEAD
ac712ad nat46-netdev: Add support for removing a rule

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-07-16 22:18:34 +02:00
Santiago Rodriguez-Papa
ed087cba8a ramips: add support for Linksys EA7300 v1
Specifications:

* SoC:      MediaTek MT7621A              (880 MHz 2c/4t)
* RAM:      Nanya NT5CC128M16IP-DIT       (256M DDR3-1600)
* Flash:    Macronix MX30LF1G18AC-TI      (128M NAND)
* Eth:      MediaTek MT7621A              (10/100/1000 Mbps x5)
* Radio:    MT7615N                       (2.4 GHz & 5 GHz)
            4 antennae: 1 internal and 3 non-deatachable
* USB:      3.0 (x1)
* LEDs:
    White   (x1 logo)
    Green   (x6 eth + wps)
    Orange  (x5, hardware-bound)
* Buttons:
    Reset   (x1)
    WPS     (x1)

Everything works! Been running it for a couple weeks now and haven't had
any problems. Please let me know if you run into any.

Installation:

Flash factory image through GUI.

This might fail due to the A/B nature of this device. When flashing, OEM
firmware writes over the non-booted partition. If booted from 'A',
flashing over 'B' won't work. To get around this, you should flash the
OEM image over itself. This will then boot the router from 'B' and
allow you to flash OpenWRT without problems.

Reverting to factory firmware:

Hard-reset the router three times to force it to boot from 'B.' This is
where the stock firmware resides. To remove any traces of OpenWRT from
your router simply flash the OEM image at this point.

Signed-off-by: Santiago Rodriguez-Papa <contact@rodsan.dev>
[use v1 only, minor DTS adjustments, use LINKSYS_HWNAME and add it to
DEVICE_VARS, wrap DEVICE_PACKAGES, adjust commit message/title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-16 13:39:44 +02:00
Adrian Schmutzler
e49fac097c base-files: replace backticks in lib/upgrade/nand.sh
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-15 18:33:56 +02:00
Adrian Schmutzler
9c170cb92f package: drop PKG_VERSION for purely local packages
In the package guidelines, PKG_VERSION is supposed to be used as
"The upstream version number that we're downloading", while
PKG_RELEASE is referred to as "The version of this package Makefile".
Thus, the variables in a strict interpretation provide a clear
distinction between "their" (upstream) version in PKG_VERSION and
"our" (local OpenWrt trunk) version in PKG_RELEASE.

For local (OpenWrt-only) packages, this implies that those will only
need PKG_RELEASE defined, while PKG_VERSION does not apply following
a strict interpretation. While the majority of "our" packages actually
follow that scheme, there are also some that mix both variables or
have one of them defined but keep them at "1".

This is misleading and confusing, which can be observed by the fact
that there typically either one of the variables is never bumped or
the choice of the variable to increase depends on the person doing the
change.

Consequently, this patch aims at clarifying the situation by
consistently using only PKG_RELEASE for "our" packages. To achieve
that, PKG_VERSION is removed there, bumping PKG_RELEASE where
necessary to ensure the resulting package version string is bigger
than before.

During adjustment, one has to make sure that the new resulting composite
package version will not be considered "older" than the previous one.

A useful tool for evaluating that is 'opkg compare-versions'. In
principle, there are the following cases:

1. Sole PKG_VERSION replaced by sole PKG_RELEASE:
   In this case, the resulting version string does not change, it's
   just the value of the variable put in the file. Consequently, we
   do not bump the number in these cases so nobody is tempted to
   install the same package again.

2. PKG_VERSION and PKG_RELEASE replaced by sole PKG_RELEASE:
   In this case, the resulting version string has been "version-release",
   e.g. 1-3 or 1.0-3. For this case, the new PKG_RELEASE will just
   need to be higher than the previous PKG_VERSION.
   For the cases where PKG_VERSION has always sticked to "1", and
   PKG_RELEASE has been incremented, we take the most recent value of
   PKG_RELEASE.

Apart from that, a few packages appear to have developed their own
complex versioning scheme, e.g. using x.y.z number for PKG_VERSION
_and_ a PKG_RELEASE (qos-scripts) or using dates for PKG_VERSION
(adb-enablemodem, wwan). I didn't touch these few in this patch.

Cc: Hans Dedecker <dedeckeh@gmail.com>
Cc: Felix Fietkau <nbd@nbd.name>
Cc: Andre Valentin <avalentin@marcant.net>
Cc: Matthias Schiffer <mschiffer@universe-factory.net>
Cc: Jo-Philipp Wich <jo@mein.io>
Cc: Steven Barth <steven@midlink.org>
Cc: Daniel Golle <dgolle@allnet.de>
Cc: John Crispin <john@phrozen.org>

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-15 18:33:56 +02:00
Adrian Schmutzler
b29d620ed2 vxlan: bump and change to PKG_RELEASE
Bumping package version has been overlooked in a previous commit.

While at it, use PKG_RELEASE instead of PKG_VERSION, as the latter
is meant for upstream version number only.
(The effective version string for the package would be "3" in both
cases, so there is no harm done for version comparison.)

Fixes: 0453c3866f ("vxlan: fix udp checksum control")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-15 18:33:56 +02:00
David Bauer
f886a26851 ravpower-mcu: bump PKG_RELEASE
Fixes commit b94d1a2d27 ("ravpower-mcu: remove target dependency")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-15 09:56:23 +02:00
Johannes Kimmel
0453c3866f vxlan: fix udp checksum control
So far, passing "rxcsum" and "txcsum" had no effect.

Fixes: 95ab18e012 ("vxlan: add options to enable and disable UDP
checksums")

Signed-off-by: Johannes Kimmel <fff@bareminimum.eu>
[add Fixes:]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-15 00:23:38 +02:00
David Bauer
b94d1a2d27 ravpower-mcu: remove target dependency
Remove the target dependency as the tool is also usable with other
battery-powered routers.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-15 00:03:18 +02:00
Tony Ambardar
e89a7d72a5 iproute2: tc: fix missing em_ipset module
Feature detection doesn't recognize ipset v7 use on kernel v5.x systems
and thus disables the tc ematch function em_ipset.

- backport patch:
  * 002-configure-support-ipset-v7.patch:
    650591a7a70c configure: support ipset version 7 with kernel version 5

Fixes: 4e0c54bc5b ("kernel: add support for kernel 5.4")

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-07-14 22:00:43 +02:00
Tony Ambardar
9852104c71 iproute2: tc: fix dynamic symbol table size optimization
Recent iproute2 5.x versions modified the symbols resolved for plugins,
causing "tc .. action xt .." to fail. Update the list of symbols to fix.

Fixes: b61495409b ("iproute2: tc: reduce size of dynamic symbol table")

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2020-07-14 22:00:43 +02:00
Daniel Bailey
5792f6a104 procd: allow optional watchdog instance parameter
Optional instance watchdog timeout and watchdog mode can be set by
adding: procd_set_param $mode $timeout

$mode is an integer [0-1] representing instance watchdog mode of
operation:
0 = disabled
1 = passive mode, client must periodically poke watchdog via ubus

$timeout is an integer representing how often, in seconds, the watchdog must be poked.

Signed-off-by: Daniel Bailey <danielb@meshplusplus.com>
2020-07-14 00:25:02 +01:00
Daniel Golle
732b70c5bd procd: update to git HEAD
639df57 uxc: fix build with uClibc-ng
 b2230e4 procd: add service instance watchdog

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-14 00:25:02 +01:00
Daniel Golle
79fd87ef9d procd: update to git HEAD
aed7fb3 procd: fix compilation with uClibc-ng
 9d0f831 jail: fix segfault with len(uidmap/gidmap) > 1
 42a6217 jail: consider PATH for argv in OCI container
 83f4b72 jail: actually chdir into OCI defined CWD
 fc9f614 jail: parse and run OCI hooks
 02eec92 jail: memory allocation fixes
 71e75f4 jail: refactor mount support to cover OCI spec
 b586e7d jail: don't make mount source read-only
 dacab12 uxc: fix 'stop' command

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-13 12:20:28 +01:00
Jason A. Donenfeld
ad81e2da08 wireguard: bump to 1.0.20200712
This release brings parity with the commits Linus released a few hours
ago into 5.8-rc5.

* receive: account for napi_gro_receive never returning GRO_DROP

The napi_gro_receive function no longer returns GRO_DROP ever, making
handling GRO_DROP dead code. This commit removes that dead code.
Further, it's not even clear that device drivers have any business in
taking action after passing off received packets; that's arguably out of
their hands.

* device: implement header_ops->parse_protocol for AF_PACKET

WireGuard uses skb->protocol to determine packet type, and bails out if
it's not set or set to something it's not expecting. For AF_PACKET
injection, we need to support its call chain of:

    packet_sendmsg -> packet_snd -> packet_parse_headers ->
      dev_parse_header_protocol -> parse_protocol

Without a valid parse_protocol, this returns zero, and wireguard then
rejects the skb. So, this wires up the ip_tunnel handler for layer 3
packets for that case.

* queueing: make use of ip_tunnel_parse_protocol

Now that wg_examine_packet_protocol has been added for general
consumption as ip_tunnel_parse_protocol, it's possible to remove
wg_examine_packet_protocol and simply use the new
ip_tunnel_parse_protocol function directly.

* compat: backport ip_tunnel_parse_protocol and ip_tunnel_header_ops

These are required for moving wg_examine_packet_protocol out of
wireguard and into upstream.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-07-13 08:02:02 +02:00
Tomasz Maciej Nowak
2dc5ce622a mvebu: add support for MACCHIATObin Single Shot
Add support for Marvell MACCHIATObin Single Shot, cortex-a72 based
Marvell ARMADA 8040 Community board. Single Shot was broken as the
device tree is different on the Double Shot Board.

Specifications:
- Quad core Cortex-A72 (up to 2GHz)
- DDR4 DIMM slot with optional ECC and single/dual chip select support
- Dual 10GbE (1/2.5/10GbE) SFP+
  2.5GbE (1/2.5GbE) via SFP
  1GbE via copper
- SPI Flash
- 3 X SATA 3.0 connectors
- MicroSD connector
- eMMC
- PCI x4 3.0 slot
- USB 2.0 Headers (Internal)
- USB 3.0 connector
- Console port (UART) over microUSB connector
- 20-pin Connector for CPU JTAG debugger
- 2 X UART Headers
- 12V input via DC Jack
- ATX type power connector
- Form Factor: Mini-ITX (170 mm x 170 mm)

More details at http://macchiatobin.net

Installation:

Write the Image to your Micro SD Card and insert it in the
MACCHIATObin Single Shot SD Card Slot.

In the U-Boot Environment:
   1. reset U-Boot environment:
      env default -a
      saveenv

   2. prepare U-Boot with boot script:
      setenv bootcmd "load mmc 1:1 0x4d00000 boot.scr; source 0x4d00000"
      saveenv

   or manually (hanging lines indicate wrapped one-line command):
      setenv fdt_name armada-8040-mcbin-singleshot.dtb
      setenv image_name Image
      setenv bootcmd 'mmc dev 1; ext4load mmc 1:1 $kernel_addr
         $image_name;ext4load mmc 1:1 $fdt_addr $fdt_name;setenv
         bootargs $console root=/dev/mmcblk1p2 rw rootwait; booti
         $kernel_addr - $fdt_addr'
      saveenv

   On newer Bootloaders (18.12) the Variables have been changed, use:
      setenv fdt_name armada-8040-mcbin-singleshot.dtb
      setenv image_name Image
      setenv bootcmd 'mmc dev 1; ext4load mmc 1:1 $kernel_addr_r
         $image_name;ext4load mmc 1:1 $fdt_addr_r $fdt_name;setenv
         bootargs $console root=/dev/mmcblk1p2 rw rootwait; booti
         $kernel_addr_r - $fdt_addr_r'

Reported-by: Alexandra Alth <alexandra@alth.de>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Tested-by: Alexandra Alth <alexandra@alth.de>
[add specs and installation as provided by Alexandra Alth]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-12 02:06:02 +02:00
Adrian Schmutzler
9faf9f8f23 mvebu: fix support for Marvell 8040 MACCHIATOBin
Between kernels 4.20 and 5.0, a new variant of this board has been
introduced ("Single Shot"), and the existing one has been renamed
with the appendix "Double Shot". [1]
This also adjusted the first compatible in the list:

marvell,armada8040-mcbin -> marvell,armada8040-mcbin-doubleshot

This patch updates the OpenWrt implementation of this device by
adjusting the relevant references to that compatible (i.e., our
board name).

To still provide support for 4.19 with our setup, this adds a
small patch to change the compatible there as well.

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b1f0bbe2700051886b954192b6c1751233fe0f52

Cc: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-07-11 18:38:42 +02:00
Sebastian Kemper
ff8b8fee89 ltq-vmmc: update permission handling
The firmware is currently just copied. It can end up with o= on the
device (this is the case for voice_ar9_firmware.bin for instance).
Instead of copying it the Makefile is changed to use the macro
"$(INSTALL_DATA)" in order for the file to be world-readable.

While at it refactor the device node creation in the init script with
loop.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
[removed 2nd part with custom group handling for device nodes]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-11 14:49:10 +02:00
Yangbo Lu
c4d0e57e16 layerscape: support sysupgrade for squashfs rootfs
Support sysupgrade for all Layerscape boards with squashfs
rootfs.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-07-11 14:44:22 +02:00
Yangbo Lu
5ca8903631 layerscape: convert to squashfs rootfs for QSPI NOR boot
There had been an issue in Layerscape QSPI driver for very long
time, which made squashfs,jffs2 rootfs not work on QSPI NOR.
And the ubifs had been used as a workaround.
Now the issue has been fixed. So convert to use squashfs,jffs2
rootfs on QSPI NOR for Layerscape boards (LS1012ARDB/LS1046ARDB/
LS1088ARDB), and update u-boot bootargs for booting.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-07-11 14:44:22 +02:00
Rui Salvaterra
eb24a57b7f busybox: store applet usage messages uncompressed
The rootfs squashfs is already highly (XZ) compressed. Storing the applet
messages in compressed form will increase the entropy and reduce the overall
image compression ratio.

Size diffs (compressed vs uncompressed):

busybox (the executable): 364596 vs 384804 bytes.

OpenWrt target images (the kernel image is unchanged, obviously):

 omnia-medkit-openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs.tar.gz:

  9163597 vs 9162531 bytes (1066 bytes difference).

openwrt-mvebu-cortexa9-cznic_turris-omnia-initramfs-kernel.bin:

  9161688 vs 9160600 bytes (1088 bytes difference).

openwrt-mvebu-cortexa9-cznic_turris-omnia-sysupgrade.img.gz:

 9729550 vs 9729230 bytes (320 bytes difference).

All in all, we save just a little bit over 1 kiB. As an added bonus, we
also don't have to decompress the messages twice, (first from squashfs,
then from the bzip2 message storage).

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[added additional size comparision diff detaisl]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-11 14:42:32 +02:00
Rosen Penev
8e6f2c029f base-files/functions.sh: use command -v instead of which
which must be executed. command -v is a shell builtin.

https://github.com/koalaman/shellcheck/wiki/SC2230

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-07-11 14:42:32 +02:00
Rui Salvaterra
99dae00fa8 kernel: kmod-zram: break the strict dependency from lz4
Zram is only strictly dependent on lzo, not lz4. Break this dependency and
make the lz4 module visible in the configuration, in order for the user to
have the choice of enabling/disabling it, if (s)he sees fit.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-07-11 13:33:28 +02:00
Rui Salvaterra
0b6155de0b zram-swap: correctly express the required dependencies
The block-mount swapon implementation doesn't support discard, so make zram-swap
depend only on the default BusyBox implementation or, when unavailable, on the
one present in the swap-utils package.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-07-11 13:33:28 +02:00
Rui Salvaterra
0bd7dfa3ed zram-swap: enable swap discard
Zram block devices have supported trim/discard for over six years, let's
enable it. This allows the zram device to actually free up allocated memory
when it's marked as unused in the filesystem metadata, as explained in more
detail in the original commit message [1].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/block/zram/zram_drv.c?h=linux-4.14.y&id=f4659d8e620d08bd1a84a8aec5d2f5294a242764

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-07-11 13:33:28 +02:00
Rui Salvaterra
c5c652e5ad busybox: use CLOCK_MONOTONIC instead of gettimeofday
The clock_gettime(CLOCK_MONOTONIC) syscall exists for so long that the first
kernel version to support it is not even specified in the man page [1]. Let's
enable it on BusyBox by default. Otherwise, gettimeofday will be used instead,
which will give wrong results if the date/time is reset (time moving backwards).

[1] https://linux.die.net/man/2/clock_gettime

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2020-07-11 13:33:28 +02:00
Rosen Penev
f61110e8f2 lzo: switch to building with CMake
CMake is less error prone that autotools and also compiles faster.

Fixed license information.

Added pkgconfig file to InstallDev so that packages that use it can
find lzo.

Before:

time make package/lzo/compile -j 12
________________________________________________________
Executed in   20.87 secs   fish           external
   usr time   26.95 secs    0.00 micros   26.95 secs
   sys time    5.49 secs  305.00 micros    5.49 secs

After:

time make package/lzo/compile -j 12
________________________________________________________
Executed in   13.22 secs   fish           external
   usr time   19.59 secs  328.00 micros   19.59 secs
   sys time    4.03 secs   10.00 micros    4.03 secs

Time output is with fish shell. make clean was ran before both attempts.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-07-11 13:33:28 +02:00
Petr Štetiar
0b76410231 libubox: update to version 2020-07-11
f4e9bf73ac5c examples/lua: attempt to highlight some traps
 53b9a2123fc6 lua/uloop: fd_add: use absolute indices for arguments
 c0941d3289fc lua/uloop: make get_sock_fd capable of absolute addresses
 161c25960ba2 lua/uloop: fd_add() better args checking

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-11 13:33:28 +02:00
Tomasz Maciej Nowak
4d92a558f2 linux-firmware: package EIP197 mini firmware
Quoting part of original message from eefb5f741015 commit in
linux-firmware repository:

This adds the "minifw" version of the EIP197 firmware, which the inside-
secure driver will use as a fallback if the original full-featured
firmware cannot be found. This allows for using the inside-secure driver
and hardware without access to "official" firmware only available under
NDA.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-07-11 13:33:28 +02:00
Pawel Dembicki
67ce9aedd6 kirkwood: add support for Check Point L-50
This patch adds support for the Check Point L-50 from 600/1100 series
routers.

Specification:
-CPU: Marvell Kirkwood 88F6281 1200MHz
-RAM: 512MB
-Flash: NAND 512MB
-WiFi: mPCIe card based on Atheros AR9287 b/g/n
-WAN: 1 Gigabit Port (Marvell 88E1116R PHY)
-LAN: 9 Gigabit Ports (2x Marvell 88E6171(5+4))
-USB: 2x USB2.0
-Express card slot
-SD card slot
-Serial console: RJ-45 115200 8n1
-Unsupported DSL

Known issues:
-DSL not supported
-Expresscard not tested

Installation:

Step one -> backup:
make backup u-boot and env for revert stock posibility
make backup dsl_mac_addr, dmz_mac_addr, eth1addr, ethaddr and all lanX_mac_addr

Step two -> Use kwboot tool to upload openwrt u-boot to RAM:

run kwboot: "kwboot -B 115200 /dev/ttyUSB0 -b u-boot.kwb -p -t"
end start u-boot

Step three -> Restore macs (e.g. below):
setenv eth1addr 00:1C:XX:XX:XX:6C
setenv ethaddr 00:1C:XX:XX:XX:6B
setenv lan1_mac_addr 00:1C:XX:XX:XX:6C
setenv lan2_mac_addr 00:1C:XX:XX:XX:6D
setenv lan3_mac_addr 00:1C:XX:XX:XX:6E
setenv lan4_mac_addr 00:1C:XX:XX:XX:6F
setenv lan5_mac_addr 00:1C:XX:XX:XX:70
setenv lan6_mac_addr 00:1C:XX:XX:XX:71
setenv lan7_mac_addr 00:1C:XX:XX:XX:72
setenv lan8_mac_addr 00:1C:XX:XX:XX:73
setenv dmz_mac_addr 00:1C:XX:XX:XX:74
setenv dsl_mac_addr 00:1C:XX:XX:XX:75

Step four -> flash u-boot:
mw 0x0800000 0xffff 0x100000
nand erase 0x0 100000
tftp 0x0800000 openwrt-kirkwood-l50-u-boot.kwb
nand write 0x0800000 0x0 0x100000
saveenv

Step five -> run initramfs image:

tftpboot 0x02000000 openwrt.bin; bootm 0x02000000;

Step six -> install sysupgrade OpenWrt image:

copy to /tmp/ sysupgrade image
run sysupgrade

Back to stock:
Restore original u-boot end env.
Install factory image via stock u-boot.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-07-11 13:33:28 +02:00
Pawel Dembicki
c881d7ab03 uboot-kirkwood: add uboot for CheckPoint L-50
This patch add u-boot for CheckPoint L-50 routers.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-07-11 13:33:28 +02:00
Pawel Dembicki
9c99187e61 kernel: add package for Seiko S-35390A I2C RTC
This patch adds kernel package for Seiko Instruments S-35390A.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-07-11 13:33:28 +02:00
Huangbin Zhan
7d97fe55f4 uboot-envtools: ath79: update ubootenv partion index for gl-ar300m
The block index of u-boot-env changed from mtd1 to mtd3 after upgrading kernel to 5.4.
This patch search the mtd block by label name, work as expect when perform a clean flash.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-07-11 13:33:28 +02:00
Adrian Schmutzler
9362ea1661 base-files: remove useless cat
Check file contents directly instead of using cat.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-11 12:52:01 +02:00
Adrian Schmutzler
b837216345 wireguard-tools: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-11 12:52:01 +02:00
Adrian Schmutzler
d7d6e055e9 base-files: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

This does not touch lib/upgrade/nand.sh, as there replacement is
not trivial.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-11 12:52:01 +02:00
Daniel Golle
5115cb0501 procd: fix yet another build issue, this time with capabilities
3034eaf jail: use linux/capability.h instead of sys/capability.h

Fixes: b6e440a0f5 ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-11 11:28:48 +01:00
Daniel Golle
560093222c procd: fix another seccomp-related build issue
3473671 ujail: add dependency on syscall-names-h

Fixes: b6e440a0f5 ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-11 10:54:43 +01:00
Daniel Golle
a6160de3f7 procd: jail: fix build on platforms without seccomp support
Fixes: b6e440a0f5 ("procd: update to git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-11 00:09:18 +01:00
Daniel Golle
b6e440a0f5 procd: update to git HEAD
ea7a790 jail: add support for running OCI bundle
 bb4a446 uxc: add container management CLI tool

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-10 18:57:05 +01:00
Daniel Golle
727685c317 mac80211: rt2x00: define RF5592 in init_eeprom routine
Make sure RF5592 is set for RT5592 chip which apparently sometimes
doesn't have RF defined (but always comes with RF5592).
This patch was originally submitted on linux-wireless by
Tom Psyborg <pozega.tomislav@gmail.com> but got rejected.
Turns out the patch is actually needed.

Reported-by: Sebastian Gottschall <s.gottschall@dd-wrt.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-07-10 18:53:52 +01:00
Lucian Cristian
1337093e87 kernel: iscsi-initator: fix kernel config symbols
Enable SCSI low-level drivers on targets that don't have it already in
order to fix following build failures on few platforms:

  .config:4739:warning: symbol value 'm' invalid for SCSI_LOWLEVEL
 * Restart config...
 * SCSI low-level drivers
 SCSI low-level drivers (SCSI_LOWLEVEL) [Y/n] (NEW) aborted!

Fixes: b88f8202c4 ("kernel: add iscsi-initator support")
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[commit subject and description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-09 10:28:40 +02:00
Sungbo Eo
358aec7775 ath79: add support for Arduino Yun
Arduino Yun is a microcontroller development board, based on Atmel
ATmega32u4 and Atheros AR9331.

Specifications:
- MCU: ATmega32U4
- SoC: AR9331
- RAM: DDR2 64MB
- Flash: SPI NOR 16MB
- WiFi:
  - 2.4GHz: SoC internal
- Ethernet: 1x 10/100Mbps
- USB: 1x 2.0
- MicroSD: 1x SDHC

Notes:
- Stock firmware is based on OpenWrt AA.
- The SoC UART can be accessed only through the MCU.
  YunSerialTerminal is recommended for access to serial console.
- Stock firmware uses non-standard 250000 baudrate by default.
- The MCU can be reprogrammed from the SoC with avrdude linuxgpio.

Installation:
1.  Update U-Boot environment variables to adapt to new partition scheme.
    > setenv bootcmd "run addboard; run addtty; run addparts; run addrootfs; bootm 0x9f050000 || bootm 0x9fea0000"
    > setenv mtdparts "spi0.0:256k(u-boot)ro,64k(u-boot-env),15936k(firmware),64k(nvram),64k(art)ro"
    > saveenv
2.  Boot into stock firmware normally and perform sysupgrade with
    sysupgrade image.
    # sysupgrade -n -F /tmp/sysupgrade.bin

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-07-08 23:22:30 +02:00
Sungbo Eo
dc61e3b7ff base-files: add functions to set or clear bit in MAC address
Some devices (e.g. Arduino Yun) need bitwise operations during MAC address
setup. This commit adds generalized versions of macaddr_setbit_la(), which
are helpful when manipulating a single bit in a MAC address.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-07-08 23:22:30 +02:00
David Woodhouse
7adc29f59e mediatek: add SD card image creation for Banana Pi R2
Based on work by Alexey Loukianov <lx2@lexa2.ru> and others.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
David Woodhouse
0c7bce7efd mediatek: use U-Boot FAT environment support for Banana Pi R2
Instead of building in a default environment which loads our environment
from the FAT partition....  just ask U-Boot to do it.

Submitted upstream at
https://patchwork.ozlabs.org/project/uboot/list/?series=184688

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
David Woodhouse
dc4699470b mediatek: fix U-Boot pinctrl setup for mt7623 eMMC
The U-Boot pinctrl driver for mt7623 was incomplete and didn't handle the
settings required for eMMC to work.

Submitted upstream at
https://patchwork.ozlabs.org/project/uboot/list/?series=184529

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
David Woodhouse
f0b51c1389 mediatek: add mt7623 u-boot build for Banana Pi R2
For building full SD/eMMC images for Banana Pi R2 we'll want a u-boot
image built for that platform.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
David Woodhouse
1e4c885395 mediatek: new mt7623n preloader package for Banana Pi
Download the boot preloader code from the Banana Pi github repo and make
it available for bootable SD card image creation.

Supports only Banana Pi R2 for now.

Based on work by Alexey Loukianov <lx2@lexa2.ru> and others.

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
David Woodhouse
7d9fb6aed9 fstools: update to the latest version
d34ea8e Use autoclear for overlay loopback device

Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2020-07-08 23:22:30 +02:00
Petr Štetiar
bbdd99619c kernel: iscsi-initator: fix missing dependency
Fixes following issue:

 Package kmod-iscsi-initiator is missing dependencies for the following libraries:
 crypto_hash.ko

Fixes: b88f8202c4 ("kernel: add iscsi-initator support")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-08 21:13:14 +02:00
Bjørn Mork
d512657195 mt7621-qtn-rgmii: enable RGMII connected Quantenna QV840
Write a magic value to a magic destination.  This might
be specific to the Mitrastar designed ZyXEL WAP6805.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
2020-07-08 16:07:05 +02:00
Pawel Dembicki
20c7abd4b7 ipq806x: add support for Linksys EA7500 V1
This patch adds support for the Linksys EA7500 V1 router.

Specification:
 - CPU: Qualcomm IPQ8064
 - RAM: 256MB
 - Flash: NAND 128MB
 - WiFi: QCA9982 an+ac + QCA9983 bgn
 - Ethernet: 5 GBE Ports (WAN+ 4xLAN) (QCA8337)
 - USB: 1x USB 3.0 1x USB2.0
 - Serial console: RJ-45 115200 8n1 (1V8 Voltage level)
 - 2 Buttons
 - 1 LED

Known issues:
 - Some devices won't flash via web gui

Installation:
- Newer stock images doesn't allow to install custom firmware.
- Please downgrade software to 1.1.2 version. Official firmware:
https://downloads.linksys.com/downloads/firmware/FW_EA7500_1.1.2.172843_prod.gpg.img
- Do it two times to downgrade all stored images.
- Apply factory image via web-gui.

Serial + TFTP method:
 - downgrade to 1.1.2 two times
 - connect ehternet and serial cable
 - set ip address of tftp server to 192.168.1.254
 - put openwrt factory image to tftp folder and rename it to macan.bin
 - stop device while booting in u-boot
 - run command: "run flashimg"
 - run command: "setenv boot_part 1"
 - run command "saveenv"
 - reset

Back to stock:
- Please use old non-gpg image like this 1.1.2:
https://downloads.linksys.com/downloads/firmware/FW_EA7500_1.1.2.172843_prod.img
- ssh to router and copy image to tmp
- use sysupgrade -n -F

Tested by github users: @jack338c and @grzesiczek1

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[removed i2c4_pins, mdio0_pins, nand_pins, rgmii2_pins from DTSI]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-07-08 16:07:05 +02:00
Yanase Yuki
4a77a060ab ipq40xx: add support for Buffalo WTR-M2133HP
Buffalo WTR-M2133HP is a Tri-Band router based on IPQ4019.

Specification
-------------
- SoC: Qualcomm IPQ4019
- RAM: 512MiB
- Flash Memory: NAND 128MiB (MXIC MX30LF1G18AC)
- Wi-Fi: Qualcomm IPQ4019 (2.4GHz, 1ch - 13ch)
- Wi-Fi: Qualcomm IPQ4019 (5GHz, 36ch - 64ch)
- Wi-Fi: Qualcomm QCA9984 (2T2R, 5GHz, 100ch - 140ch)
- Ethernet: 4x 10/100/1000 Mbps (1x WAN, 3x LAN)
- LED: 4x white LED, 4x orange LED, 1x blue LED
- USB: 1x USB 3.0 port
- Input: 2x tactile switch, 2x slide switch (2x SP3T)
- Serial console: 115200bps, pinheader JP5 on PCB
- Power: DC 12V 2A

Flash instruction
-----------------
1. Set up a TFTP server (IP address: 192.168.11.10)
2. Rename "initramfs-fit-uImage.itb" to "WTR-M2133HP-initramfs.uImage"
   and put it into the TFTP server directory.
3. Connect the TFTP server and WTR-M2133HP.
4. Hold down the AOSS button, then power on the router.
5. After booting OpenWrt initramfs image, connect to the router by SSH.
6. Transfer "squashfs-nand-factory.ubi" to the router.
7. Execute the following commands.
    # ubidetach -p /dev/mtd15
    # ubiformat /dev/mtd15 -f /tmp/openwrt-ipq40xx-generic-buffalo_wtr-m2133hp-squashfs-nand-factory.ubi
    # fw_setenv bootcmd bootipq
8. Perform reboot.

Recover to stock firmware
-------------------------
1. Execute the following command.
    # fw_setenv bootcmd bootbf
2. Reboot and wait several minutes.

Signed-off-by: Yanase Yuki <dev@zpc.sakura.ne.jp>
2020-07-08 16:07:05 +02:00
Pawel Dembicki
d2c3131b3f kirkwood: add support for Zyxel NSA310S
Zyxel NSA310S is a NAS based on Marvell kirkwood SoC.

Specification:
 - Processor Marvell 88F6702 1 GHz
 - 256MB RAM
 - 128MB NAND
 - 1x GBE LAN port (PHY: Marvell 88E1318)
 - 2x USB 2.0
 - 1x SATA
 - 3x button
 - 7x leds
 - serial on J1 connector (115200 8N1) (GND-NOPIN-RX-TX-VCC)

Known issues:
 - no kernel module for RTC. [*]
 - buzzer (connected to MPP43) need to be drived by 1kHz signal
 - no kernel module for internal MCU connected via I2C[**]

[*]
Karoly Pocsi made simple, unofficial driver for HT1382.
It can be found here:
https://www.madadmin.com/zyxel-nsa320s-es-debian-linux-4-resz/

[**]
Karoly Pocsi found how CPU talk with MCU:
It is possible to query the MCU-controlled fan speed and temperature:
i2cget -y 0x0 0x0a 0x07
i2cget -y 0x0 0x0a 0x08
The first value (0x07) is the temperature in ° C, the second (0x08) is
the time in milliseconds to complete one fan revolution (rpm = 60,000 / value).
Info translated from:
https://www.madadmin.com/zyxel-nsa320s-es-debian-linux-4-resz/

Installation:

TFTP:
1. Run serial console and go to u-boot.
2. Copy u-boot via tftp and write to NAND:
	=> mw 0x0800000 0xffff 0x100000
	=> nand erase 0x0 100000
	=> setenv ipaddr 192.168.1.2
	=> setenv serverip 192.168.1.4
	=> tftp 0x0800000 nsa310s-u-boot.kwb
	=> nand write 0x0800000 0x0 0x100000
	=> reset
3. Run new u-Boot, repair bootcmd and restore MAC address from sticker
	=> setenv ethaddr AA:BB:CC:DD:EE:FF
	=> saveenv
4. Copy and run initramfs image
	=> setenv ipaddr 192.168.1.2
	=> setenv serverip 192.168.1.4
	=> tftpboot zyxel_nsa310s-initramfs-uImage
	=> bootm 0x800000
5. Download sysupgrade image and perform sysupgrade

USB:

1. Prepare usb fat32 drive with u-boot.kwb and initramfs image.
   Stick it to USB 2.0 port.
2. Run serial console and go to u-boot.
3. Copy u-boot from usb and write to NAND:
	=> mw 0x0800000 0xffff 0x100000
	=> nand erase 0x0 100000
	=> usb start
	=> fatload usb 0 0x0800000 u-boot.kwb
	=> nand write 0x0800000 0x0 0x100000
	=> reset
4. Run new u-Boot, repair bootcmd and restore MAC address from sticker
	=> setenv ethaddr AA:BB:CC:DD:EE:FF
	=> saveenv
5. Copy and run initramfs image:
	=> usb start
	=> fatload usb 0 0x0800000 initramfs-uImage
	=> bootm 0x800000
6. Download sysupgrade image and perform sysupgrade.

Based on work ThBexx <thomas.beckler@hotmail.com>
DTS based on dropped support in 0ebdf0c.

Tested-by: Lech Perczak <lech.perczak@gmail.com>
Reviewed-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[NSA310s -> NSA310S in DEVICE_MODEL]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-08 16:07:05 +02:00
Pawel Dembicki
4c2e475842 uboot-kirkwood: add support for Zyxel NSA310S
This patch modifies the u-boot config for the Zyxel NSA310S to work with
OpenWrt.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-07-08 16:07:05 +02:00
Kirill Lukonin
667fbb8151 comgt: add new script to send ussd request and get the answer
New script for comgt. Should help to fetch balance or any additional information with USSD.
This script uses the standard AT command which should be supported by all modems.

Run-tested on: Mikrotik wAP LTE KIT

Signed-off-by: Kirill Lukonin <klukonin@gmail.com>
[fixed from/sob]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-08 16:07:05 +02:00
Dongming Han
f103321349 ipq40xx: add support for GL.iNet GL-S1300
Specifications:
SOC:        Qualcomm IPQ4029 (DAKOTA) ARM Quad-Core
RAM:        512 MiB
FLASH1:     16 MiB NOR - SPI0
FLASH2:     8 GiB eMMC
ETH:        Qualcomm QCA8075
WLAN1:      Qualcomm Atheros QCA4029 2.4GHz 802.11b/g/n 2x2
WLAN2:      Qualcomm Atheros QCA4029 5GHz 802.11n/ac W2 2x2
INPUT:      Reset, WPS
LED:        Power, Mesh, WLAN
UART1:      On board pin header near to LED (3.3V, TX, RX, GND), 3.3V without pin - 115200 8N1
UART2:      On board with BLE module
SPI1:       On board socket for Zigbee module

Install via tftp
- NB: need to flash transition image firstly

Firstly install transition image:
(IPQ40xx) # tftpboot 0x84000000 s1300-factory-to-openwrt.img
(IPQ40xx) # sf probe && imgaddr=0x84000000 && source :script

Secondly install openwrt sysupgrade bin:
(IPQ40xx) # run lf

Revert to factory image:
(IPQ40xx) # tftpboot 0x84000000 s1300-openwrt-to-factory.img
(IPQ40xx) # sf probe && imgaddr=0x84000000 && source :script

The kernel and rootfs of factory firmware are on eMMC, and openwrt
firmware is on NOR flash. The transition image includes U-boot
and partition table, which decides where to load kernel and rootfs.
After you firstly install openwrt image, you can switch between
factory and openwrt firmware by flashing transition image.

Signed-off-by: Dongming Han <handongming@gl-inet.com>
2020-07-08 16:07:05 +02:00
Lucian Cristian
b88f8202c4 kernel: add iscsi-initator support
Module is needed for using iscsi-initiator userspace applications

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[added missing newline between kernel modules]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-08 16:07:05 +02:00
Wren Turkal
9f02026933 uclibc++: make verbosity affect uClibc++ build
Before this change, setting the verbosity to anything with V=blah would
cause uclibc++ build to print errors to the screen. Now, it the
clibc++ build verbosity will be altered in the following manners:
* V=s will set V=1 in the uclibc++ build
* V=sc will set V=2 in the uclibc++ build

Signed-off-by: Wren Turkal <wt@penguintechs.org>
2020-07-08 16:07:05 +02:00
Emir Efe Kucuk
53a1fede1f ramips: Add support for Xiaomi Mi Router(Black,R2100)
The Xiaomi Mi Router AC2100 is a *black* cylindrical router that shares many
characteristics (apart from its looks and the GPIO ports) with the 6-antenna
*white* "Xiaomi Redmi Router AC2100"

See the visual comparison of the two routers here:
https://github.com/emirefek/openwrt-R2100/raw/imgcdn/rm2100-r2100.jpg

Specification of R2100:
- CPU: MediaTek MT7621A
- RAM: 128 MB DDR3
- FLASH: 128 MB ESMT NAND
- WIFI: 2x2 802.11bgn (MT7603)
- WIFI: 4x4 802.11ac (MT7615)
- ETH: 3xLAN+1xWAN 1000base-T
- LED: Power, WAN in Yellow and Blue
- UART: On board (Don't know where is should be confirmed by anybody else)
- Modified u-boot

Hacking of official firmware process is same at both RM2100 and R2100.
Thanks to @namidairo

Here is the detailed guide Hack: https://github.com/impulse/ac2100-openwrt-guide
Guide is written for MacOS but it will work at linux.
needed packages: python3(with scapy), netcat, http server, telnet client

1. Run PPPoE&exploit to get nc and wget busybox, get telnet and wget firmware
2. mtd write openwrt-ramips-mt7621-xiaomi_mi-router-ac2100-kernel1.bin kernel1
3. nvram set uart_en=1
4. nvram set bootdelay=5
5. nvram set flag_try_sys1_failed=1
6. nvram commit
7. mtd -r write openwrt-ramips-mt7621-xiaomi_mi-router-ac2100-rootfs0.bin rootfs0

other than these I specified in here. Everything is same with:
f3792690c4
Thanks for all community and especially for this device:
@Ilyas @scp07 @namidairo @Percy @thorsten97 @impulse (names@forum.openwrt.com)

MAC Locations:
WAN *:b5 = factory 0xe006
LAN *:b6 = factory 0xe000
WIFI 5ghz *:b8 = factory 0x8004
WIFI 2.4ghz *:b7 = factory 0x0004

Signed-off-by: Emir Efe Kucuk <emirefek@gmail.com>
[refactored common image bits into Device/xiaomi-ac2100, fixed From:]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-08 16:07:05 +02:00
Hans Dedecker
2b479512bc curl: bump to 7.71.1
For changes in 7.71.1; see https://curl.haxx.se/changes.html#7_71_1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-07-07 22:16:47 +02:00
Hans Dedecker
ebddd0b327 nat46: fix translation of ICMP protocol unreachable
Refresh patch

1182f30 nat46-core: Fix translation of ICMP protocol unreachable

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-07-07 21:42:49 +02:00
Petr Štetiar
4e57fd5ada dropbear: make rsa-sha2-256 pubkeys usable again
Upstream in commit 972d723484d8 ("split signkey_type and signature_type
for RSA sha1 vs sha256") has added strict checking of pubkey algorithms
which made keys with SHA-256 hashing algorithm unusable as they still
reuse the `ssh-rsa` public key format. So fix this by disabling the
check for `rsa-sha2-256` pubkeys.

Ref: https://tools.ietf.org/html/rfc8332#section-3
Fixes: d4c80f5b17 ("dropbear: bump to 2020.80")
Tested-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-07-07 19:47:24 +02:00
David Bauer
4c8eb4ad9e ravpower-mcu: add missing PKG_RELEASE
This fixes the imagebuilder for this device.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-06 17:59:18 +02:00
Jan Hoffmann
dfe0bc860f mac80211: allow ACS restriction with fixed channel
This can be useful when a DFS channel is configured, as the ACS channel
list is taken into account when switching channels after a radar event.
For example, this allows to prevent the SRD channels from being used in
that case.

Signed-off-by: Jan Hoffmann <jan@3e8.eu>
[reorder structure]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-07-06 17:56:54 +02:00
John Audia
556eb9872d linux-firmware: Update linux-firmware to 20200619
git log --pretty=oneline --abbrev-commit 20200122..20200619

e96c121 (tag: 20200619, origin/main) amdgpu: update renoir firmware from 20.20 release
db0402e amdgpu: update picasso firmware from 20.20 release
c4e6e8f amdgpu: update raven2 firmware from 20.20 release
1967282 amdgpu: update raven firmware from 20.20 release
f73f82c amdgpu: add vega20 TA firmware from 20.20 release
9ecaba8 amdgpu: update vega20 firmware from 20.20 release
3866af1 amdgpu: update vega12 firmware from 20.20 release
adba945 amdgpu: update vega10 firmware from 20.20 release
3c5eef0 amdgpu: update navi10 firmware from 20.20 release
152c929 amdgpu: update navi14 firmware from 20.20 release
3890db3 (HEAD -> master, origin/master, origin/HEAD) rtl_nic: add firmware for RTL8125B
887d2a1 linux-firmware: Update firmware file for Intel Bluetooth AX200
3914943 linux-firmware: Update firmware file for Intel Bluetooth AX201
4966923 linux-firmware: Update firmware file for Intel Bluetooth 9560
5ee82c0 linux-firmware: Update firmware file for Intel Bluetooth 9260
d9880b1 Mellanox: Add new mlxsw_spectrum firmware xx.2007.1168
c2e313b rtw88: RTL8822C: update firmware version to v9.9
4d91664 Merge branch 'mrvl-prestera' of https://github.com/PLVision/linux-firmware
a54dfbe Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
51a773d cxgb4: Update firmware to revision 1.24.17.0
5611000 mrvl: add firmware for Prestera ASIC devices
8ba6fa6 (tag: 20200519) Merge tag 'iwlwifi-fw-2020-05-19' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
5ee1c7d iwlwifi: update and add new FWs from core50-70 and core52-81 releases
401bd6d rtw88: RTL8821C: add firmware file v24.5
2ae9974 iwlwifi: update FWs to core47-142 release
50c1340 iwlwifi: update 8265 FW
f8d32e4 rtw88: update firmware information and README
412f95a linux-firmware: add firmware for MT7915E
619d339 QCA: Add Bluetooth firmware for QCA9377
1392591 linux-firmware: add rebb firmware for mt7663
b2cad6a linux-firmware: Update firmware file for Intel Bluetooth AX200
c5ac1ad linux-firmware: Update firmware file for Intel Bluetooth AX201
642d115 linux-firmware: Update firmware file for Intel Bluetooth 9560
dc3047c linux-firmware: Update firmware file for Intel Bluetooth 9260
78c0348 (tag: 20200421) Use Link function for brcmfmac43362-sdio.lemaker,bananapro.txt
f2df706 Add symlink for Dell XPS 15 9550 Broadcom Bluetooth patch-ram file
87dcb0e rtl_bt: Update RTL8822C BT FW to 0x0999_3AA1
3aa3ae4 Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
8aa36f5 cxgb4: Update T6 config file
6314fa0 amdgpu: update vega20 firmware for 20.10
1f308f1 amdgpu: update vega12 firmware for 20.10
1ffd569 amdgpu: update vega10 firmware for 20.10
9a0b0f4 amdgpu: update renoir firmware for 20.10
428a747 amdgpu: update raven2 firmware for 20.10
624ecdf amdgpu: update raven firmware for 20.10
7532f50 amdgpu: update picasso firmware for 20.10
75e352e amdgpu: update navi10 firmware for 20.10
3c175d1 amdgpu: update navi14 firmware for 20.10
8d7ac32 amdgpu: add navi14 TA firmware from 20.10
dd6b4db Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
3afe520 cxgb4: Update firmware to revision 1.24.14.0
64dba0f Merge branch 'a630-zap' of https://github.com/andersson/linux-firmware
236ec45 linux-firmware: add firmware for MT7663 Wifi/BT combo device
107b9a2 Merge https://github.com/bgodavar/qca_bt_fw
5b240e5 Merge https://github.com/rjliao-qca/qca-btfw
47533bc linux-firmware: Update firmware file for Intel Bluetooth AX200
677930a linux-firmware: Update firmware file for Intel Bluetooth AX201
e6ff1e7 qcom: Add SDM845 Adreno ZAP shader firmware
1a8b0dc qca: Enable transparent WBS for WCN3991
4921f73 QCA: Add Bluetooth firmware for QCA6390
edf390c Merge branch 'v12573.77' of https://github.com/erinlo/linux_fw_scp
3c213aa mediatek: Add mt8183 SCP firmware
8eb0b28 (tag: 20200316) linux-firmware: Update firmware file for Intel Bluetooth AX200
b9f720f linux-firmware: Update firmware file for Intel Bluetooth AX201
426db50 linux-firmware: Update firmware file for Intel Bluetooth 9560
9361709 linux-firmware: Update firmware file for Intel Bluetooth 9260
3b3dd5a amdgpu: update vega20 firmware from 19.50
4871e7a amdgpu: update vega12 firmware from 19.50
4e7f0f8 amdgpu: update vega10 firmware from 19.50
fce60a9 rtl_bt: Add firmware and configuration files for RTL8822C BT UART chip
d553c05 Merge branch 'tgl_huc_7.0.12_dmc_2.06' of git://anongit.freedesktop.org/drm/drm-firmware
fb83402 i915: Add DMC firmware v2.06 for TGL
45d36b5 i915: add HuC firmware v7.0.12 for TGL
0148cfe Merge https://github.com/rjliao-qca/qca-btfw
94cb0a6 check_whence: python3/utf-8 support
7fa32bc Makefile: improve `make check` usefulness
4bb6805 mediatek: Remove in-tree symlinks
6f50efe Merge branch 'v1.1.4' of https://github.com/ruiwang-mtk/linux_fw_vpu
2db3978 qca: Fix blueooth firmware name for QCA6174
a8a18d1 mediatek: move MT8173 VPU FW to subfolder
efcfa03 linux-firmware: Update firmware file for Intel Bluetooth AX201
83cb43e Merge https://github.com/bgodavar/qca_bt_wcn3991
54b017d qca: Add firmware files for BT chip wcn3991.
2277987 nvidia: add TU116/117 signed firmware
f63922d drm/amdgpu: update to latest 19.50 firmware for raven
1168a90 Merge branch 'v1.1.4' of https://github.com/ruiwang-mtk/linux_fw_vpu_v1.1.4
0bd965d mediatek: update MT8173 VPU firmware to v1.1.4
6f89735 rtl_nic: update firmware for RTL8153A
5351afe rtl_bt: Update RTL8822C BT FW to V0x0998_C2B4
83a7c50 linux-firmware: add firmware for MT7622
feb91a4 linux-firmware: add version 2 for MT7615E
b791e15 amdgpu: update to latest navi10 firmware from 19.50
0ff2f37 Revert "radeon: update oland rlc microcode from amdgpu"
c2df39a Merge branch 'amlogic-vdec' of https://github.com/Elyotna/linux-firmware
fb505a6 amlogic: update video decoder firmwares
6d9f399 amdgpu: add renoir firmware for 19.50
2c08b38 amdgpu: update raven2 firmware for 19.50
8846543 Merge commit '779514ec044a75ee6c9c20e52a2bf291f80d7d4e' of https://github.com/Netronome/linux-firmware
74d71b6 Merge branch 'bt-20200122' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/linux-firmware
779514e nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.12.A.13
3055060 qca: update bluetooth firmware for QCA6174

Signed-off-by: John Audia <graysky@archlinux.us>
2020-07-04 21:12:42 +02:00
DENG Qingfang
78b632134f libjson-c: update to 0.14
Update libjson-c to 0.14
Changelog: https://github.com/json-c/json-c/wiki/Notes-for-v0.14-release

Switch to CMake because the upstream build system was changed

ipk size increased by 2KB

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-07-04 21:00:11 +02:00
Hans Dedecker
9858a8c582 odhcpd: bump to latest git HEAD
5da5299 odhcpd: fix compilation with GCC10

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-07-02 22:28:06 +02:00
Hans Dedecker
cbb66f9edb curl: bump to 7.71.0
For changes in 7.71.0; see https://curl.haxx.se/changes.html#7_71_0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-07-01 22:19:50 +02:00
Álvaro Fernández Rojas
f786de2095 ath10k-ct: update to version 2020-06-30
Backports commit "a1769bb68a850508a492e3674ab1e5e479b11254", which reverts
upstream commit "76d164f582150fd0259ec0fcbc485470bcd8033e" (ath10k: fix DMA
related firmware crashes on multiple devices).

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-07-01 15:39:15 +02:00
Hans Dedecker
d4c80f5b17 dropbear: bump to 2020.80
- drop patches (applied upstream)
 * 001-backport_GNU_SOURCE-for-random.patch
 * 002-backport-move-GNU_SOURCE-earlier.patch
 * 010-backport-disable-toom-and-karatsuba.patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-30 22:13:46 +02:00
Rui Salvaterra
835c932ccb zram-swap: init: replace backticks with $()
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-30 19:03:15 +02:00
Rui Salvaterra
69ca308673 dropbear: init: replace backticks with $()
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-30 19:01:18 +02:00
David Bauer
1ba0466d43 package: add ravpower-mcu package
This package allows to read battery status information and control the
power state of the RAVPower RP-WD009 power management IC.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-06-29 12:24:04 +02:00
David Bauer
e959048c12 ramips: add support for RAVPower RP-WD009
The RAVPower RP-WD009 is a batter-powered pocket sized router with SD
card lot and USB port.

Hardware
--------
CPU:   MediaTek MT7628AN
RAM:   64M DDR2
FLASH: 16M GigaDevices SPI-NOR
WLAN:  MediaTek MT7628AN 2T2R b/g/n
       MediaTek MT7610E  1T1R n/ac
ETH:   1x FastEthernet
SD:    SD Card slot
USB:   USB 2.0

Custom PMIC on the I2C bus (address 0x0a).

Installation
------------

1. Press and hold down the reset button.

2. Power up the Device. Keep pressing the reset button for 10
   more seconds until the Globe LED lights up.

3. Attach your Computer to the Ethernet port. Assign yourself the
   address 10.10.10.1/24.

4. Access the recovery page at 10.10.10.128 and upload the OpenWrt
   factory image.

5. The flashing will take around 1 minute. The device will reboot
   automatically into OpenWrt.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-06-29 12:24:01 +02:00
Hauke Mehrtens
143c81716d uboot-kirkwood: Revert "uboot-kirkwood: enable sata in nsa310 uboot"
This reverts commit 930f3c0148.

The build fails with the following build error:
arm-openwrt-linux-muslgnueabi-ld.bfd: drivers/built-in.o: in function `ide_init':
build_dir/target-arm_xscale_musl_eabi/u-boot-nsa310/u-boot-2020.04/drivers/block/ide.c:750: undefined reference to `ide_preinit'
make[4]: *** [Makefile:1700: u-boot] Error 1

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-06-27 18:39:32 +02:00
Scott Roberts
dd13add3ce kernel: i2c-pxa: remove slave
Removing i2c pxa slave

The i2c-pxa is typically not use in slave mode. It does not make sense
to have slave mode enabled by default.
Having slave mode enabled prevents the i2c controller from being reset
if a real slave device such as an SFP is attached to the i2c-pxa bus and
locks it up.
Disable slave mode so that the i2c controller can be reset if the bus is
locked up.
If someone actually has a need for pxa slave mode this can be enabled in
kernel config.

Signed-off-by: Scott Roberts <ttocsr@gmail.com>
2020-06-27 00:19:13 +02:00
Sukru Senli
c856f7adfb netifd: replace timesvr with timesrv
/lib/netifd/dhcp.script:
         Keep support for 'timesvr' while also supporting 'timesrv'
         Add log message indicating deprecation of 'timesvr'

Signed-off-by: Sukru Senli <sukru.senli@iopsys.eu>
2020-06-27 00:19:13 +02:00
Alberto Bursi
930f3c0148 uboot-kirkwood: enable sata in nsa310 uboot
the uboot of nsa310 cannot use the network chip
as it is a realtek on the PCIe lanes and not a
Marvell ethernet from the SoC.

Therefore tftp is not possible on this device
and the only way to install is by loading files
from a USB drive.
If the USB subsystem is dead there is no way to
install OpenWrt.
Enable sata support and commands so it can be
used as a fallback in case of USB issues.

Signed-off-by: Alberto Bursi <bobafetthotmail@gmail.com>
2020-06-27 00:19:13 +02:00
Huangbin Zhan
fed9bfbfeb base-files: coreutil-sha256sum breaks status code
With package "coreutil-sha256sum" installed "sysupgrade" fails to perform 'sha256sum -s' and instead returns 'invalid option -- 's''.
This is caused due to:
	different syntax for a sha256sum status check ('sha256sum --status' with "coreutil-sha256sum")
	'/usr/bin/sha256sum' being symlinked to '/usr/bin/gnu-sha256sum' (after installation of "coreutil-sha256sum")
"coreutil-sha256sum" package from the packages feed replaces the Busybox sha256sum
This patch restores for 'sysupgrade' the busybox call to its sha256sum applet.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-06-27 00:19:13 +02:00
Huangbin Zhan
3d6ac4d20f ubox: add ALTERNATIVES
This avoids a conflict with the kmod util from the package feed.

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-06-26 23:48:51 +02:00
Huangbin Zhan
67575b6410 logger: enable alternatives support
Avoid conflict with busybox

Signed-off-by: Huangbin Zhan <zhanhb88@gmail.com>
2020-06-26 20:54:53 +02:00
Florian Eckert
97bc87d81a kernel: add gpio-amd-fch module description
Add a module description for the new gpio-amd-fch device driver.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-06-26 20:54:53 +02:00
Florian Eckert
2b550a6be1 kernel/leds-apu2: remove deprecated leds-apu2 driver
Remove leds-apu2 out of tree driver. There is a new upstream device gpio
and leds driver stack available for the APUv2 and APUv3 boards from pc
egnines. This new driver stack was add in kernel version 4.15.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-06-26 20:54:53 +02:00
David Bauer
870588b6eb mac80211: ath9k: enable MFP capability unconditionally
ath9k will already fallback on software-crypto for chipsets not
supporting IEEE802.11w (MFP). So advertising MFP is not dependent
on disabling HW crypto for all traffic entirely.

Tested on Sonicwall SonicPoint Ni (AR9132)

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-06-25 02:36:19 +02:00
Hans Dedecker
751e6ab8e6 dropbear: fix compilation for uClibc
Backport patches which fix compile issue for uClibc-ng :

dbrandom.c:174:8: warning: implicit declaration of function 'getrandom'; did you mean 'genrandom'? [-Wimplicit-function-declaration]
  ret = getrandom(buf, sizeof(buf), GRND_NONBLOCK);
        ^~~~~~~~~
        genrandom
dbrandom.c:174:36: error: 'GRND_NONBLOCK' undeclared (first use in this function); did you mean 'SOCK_NONBLOCK'?
  ret = getrandom(buf, sizeof(buf), GRND_NONBLOCK);
                                    ^~~~~~~~~~~~~
                                    SOCK_NONBLOCK

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-24 22:36:21 +02:00
Sungbo Eo
d4dea7efcd urandom-seed: update Makefile
- update SPDX license identifier
- use https in URL
- use default PKG_BUILD_DIR

Suggested-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-06-24 16:05:55 +02:00
Jason A. Donenfeld
ea5192e6c5 wireguard: bump to 1.0.20200623
* compat: drop centos 8.1 support as 8.2 is now out

Of note, as well, is that we now have both RHEL7 and RHEL8 in our CI at
<https://www.wireguard.com/build-status/>.

* Kbuild: remove -fvisibility=hidden from cflags

This fixes an issue when compiling wireguard as a module for ARM kernels in
THUMB2 mode without the JUMP11 workaround.

* noise: do not assign initiation time in if condition

Style fix.

* device: avoid circular netns references

Fixes a circular reference issue with network namespaces.

* netns: workaround bad 5.2.y backport

This works around a back backport in the 5.2.y series.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-06-24 08:01:37 +02:00
Leon M. George
8f95220bcb mac80211: fix use of local variable
mac80211_get_addr is called from mac80211_generate_mac, where the local variable
initialisation id="${macidx:-0}" suggests that macidx is not always defined.
Probably, idx was supposed to be used instead of $(($macidx + 1)).

Fixes: 4d99db168c ("mac80211: try to get interface addresses from wiphy sysfs 'addresses' if no mask is set")

Signed-off-by: Leon M. George <leon@georgemail.eu>
2020-06-24 01:21:24 +02:00
Sungbo Eo
46a6586c83 base-files: remove urandom-seed definition
urandom-seed has a separate Makefile, we can safely remove the definition here.

Fixes: 27bfde9c9f ("base-files: move urandom seed bits into separate package")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-06-23 22:23:21 +02:00
Sven Roederer
7e67d14486 igmpproxy: remove some bashism
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.
This follows up 3519bf4976

As a result, we also need to move the and/or out of the test brackets.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
[squash from two patches, adjust commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-23 20:00:16 +02:00
Catalin Patulea
492a6594b9 libnetfilter-queue: fix package title and description
The original text was copy/pasted from some other package.
Adjust the package title and description to match the description
on the publishers page.

Signed-off-by: Catalin Patulea <catalinp@google.com>
[slightly adjust content and commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-23 19:25:20 +02:00
Konstantin Demin
29e170dbaa dropbear: bump to 2020.79
- drop patches (applied upstream):
  * 010-backport-change-address-logging.patch
  * 020-backport-ed25519-support.patch
  * 021-backport-chacha20-poly1305-support.patch
- backport patches:
  * 010-backport-disable-toom-and-karatsuba.patch:
    reduce dropbear binary size (about ~8Kb).
- refresh patches.
- don't bother anymore with following config options
  because they are disabled in upstream too:
  * DROPBEAR_3DES
  * DROPBEAR_ENABLE_CBC_MODE
  * DROPBEAR_SHA1_96_HMAC
- explicitly disable DO_MOTD as it was before commit a1099ed:
  upstream has (accidentally) switched it to 0 in release 2019.77,
  but reverted back in release 2020.79.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2020-06-21 21:33:23 +02:00
Chen Minqiang
a57fb86d6a toolchain: glibc ldd env path fixup
This replace the shell script header of ldd
when it install to `/usr/bin/ldd` where
`#! /..../staging_dir/host/bin/bash`
should be
`#!/bin/sh`

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2020-06-18 20:08:18 +02:00
Kuan-Yi Li
c5bf9a8ced base-files: gpio switch: add named GPIO support
Previously, gpio_switch only accepts GPIO pin number as input. Once a
GPIO pin is exported and named by device tree, its pin state cannot be
configured and saved across reboots by UCI.

This patch adds support for named GPIO pins. Thus GPIO pin can be
exported by device tree with active high/low correctly configured,
having human-readable name in /sys/class/gpio/ is also now possible.

More importantly, GPIO pins which are referenced by name will be immune
from pin mapping breakage while unintentional pin number changes are
introduced by kernel or driver updates.

Signed-off-by: Kuan-Yi Li <kyli@abysm.org>
2020-06-18 20:08:18 +02:00
Alan Swanson
a4c0767fbc mac80211: ath9k: enable adding wireless noise to kernel entropy pool
This option allows adding the ath9k ADC register output as a source
of randomness into the Linux entropy pool at sufficient quality
random data (at least 10 bits and up to 22 bits of min-entropy for
a 32-bit value).

Fixes FS#1444
Signed-off-by: Alan Swanson <reiver@improbability.net>
2020-06-18 20:08:18 +02:00
Karel Kočí
a4248577a0 hostapd: fix compilation of wpa_supplicant
Ubus patch as it seems have been broken by some rebase in the past as
the location of line that adds ubus object file was in condition for
CONFIG_MACSEC. That condition was adding object files that are not
touched by ubus patch. This means ubus.o does not have to be included in
that case. When it has to be and when build fails is when CONFIG_AP is
set. All files included in wpa_supplicant that are touched by this patch
are in this condition. This means that this is for sure the original
place for it.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
2020-06-18 20:08:18 +02:00
Ian Cooper
b933f9cf0c toolchain: remove gcc libssp and use libc variant
Removes the standalone implementation of stack smashing protection
in gcc's libssp in favour of the native implementation available
in glibc and uclibc. Musl libc already uses its native ssp, so this
patch does not affect musl-based toolchains.

Stack smashing protection configuration options are now uniform
across all supported libc variants.

This also makes kernel-level stack smashing protection available
for x86_64 and i386 builds using non-musl libc.

Signed-off-by: Ian Cooper <iancooper@hotmail.com>
2020-06-17 23:57:07 +02:00
Rozhuk Ivan
ba7ddae9a9 comgt-ncm: do not attempt to connect if the control device is invalid
After a hardware reconnect, the control device might be unavailable and
attempting to interact with it will lead to hanging gcom calls, leaving
the protocol setup in an unrecoverable state.

Change the protocol handler to bail out early and notify netifd if the
control device is not defined or if the underlying device node does not
exist.

Also ensure that the "disconnect", "connect" and "setmode" commands are
actually defined before trying to invoke them.

Finally attempt to re-query the device manufacturer if it is unset in
the interface state in order to prevent UNUPPORTED_MODEM errors after
a modem hardware reconnect.

Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com>
[reword subject and commit message]
Ref: https://github.com/openwrt/openwrt/pull/2352
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-06-17 23:14:46 +02:00
Florian Eckert
8fe9940db6 openvpn: add generic hotplug mechanism
Pass a default --up and --down executable to each started OpenVPN instance
which triggers /etc/hotplug.d/openvpn/ scripts whenever an instance
goes up or down.

User-configured up and down scripts are invoked by the default shipped
01-user hotplug handler to ensure that existing setups continue to work
as before.

As a consequence of this change, the up, down and script_security OpenVPN
options are removed from the option file, since we're always passing them
via the command line, they do not need to get included into the generated
configuration.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[reword commit message, move hotplug executable to /usr/libexec]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-06-17 22:43:48 +02:00
Daniel Golle
8e98613f4d uclient: uclient-fetch: add option to read POST data from file
c660986 uclient-fetch: add option to read POST data from file

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-06-17 16:38:35 +01:00
Pawel Dembicki
c5356d10c0 kirkwood: move mmc/sd features to modules
All devices are using nand images. Built-in MMC/SD modules are not needed
anymore.

Run tested: pogo v4

Reviewed-by: Sungbo Eo <mans0n@gorani.run>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-06-14 21:16:20 +02:00
Hans Dedecker
a241f439dc iproute2: update to 5.7.0
Update iproute2 to latest stable 5.7.0; for the changes see https://lwn.net/Articles/822152/

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-13 21:36:27 +02:00
Johann Neuhauser
c0ddb85a1d hostapd: hostapd_set_psk_file: fix defaut value for mac
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Bringing up of station vlan fails if the optional mac entry isn't set.
The default mac "00:00:00:00:00:00", which should match all stations,
is mistakenly set to the non used variable "isolate". This results in
a wrong formatted .psk file which has to be "vlan_id mac key".

fixes: 5aa2ddd0: hostapd: add support for wifi-station and wifi-vlan sections

Signed-off-by: Johann Neuhauser <johann@it-neuhauser.de>
2020-06-13 18:31:43 +02:00
Yen-Ting-Shen
3f61e5e1b9 ipq40xx: add support for EnGenius EMR3500
SOC:     IPQ4018 / QCA Dakota
CPU:     Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:    256 MiB
NOR:     32 MiB
ETH:     Qualcomm Atheros QCA8072 (2 ports)
USB:     1 x 2.0 (Host controller in the SoC)
WLAN1:   Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:   Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:   RESET Button
LEDS:    White, Blue, Red, Orange

Flash instruction:

From EnGenius firmware to OpenWrt firmware:

In Firmware Upgrade page, upgrade your openwrt-ipq40xx-generic-engenius_emr3500-squashfs-factory.bin directly.

From OpenWrt firmware to EnGenius firmware:

1. Setup a TFTP server on your computer and configure static IP to 192.168.99.8
   Put the EnGenius firmware in the TFTP server directory on your computer.
2. Power up EMR3500. Press 4 and then press any key to enter u-boot.
3. Download EnGenius firmware
   (IPQ40xx) # tftpboot 0x84000000 openwrt-ipq40xx-emr3500-nor-fw-s.img
4. Flash the firmware
   (IPQ40xx) # imgaddr=0x84000000 && source 0x84000000:script
5. Reboot
   (IPQ40xx) # reset

Signed-off-by: Yen-Ting-Shen <frank.shen@senao.com>
[squashed update patch, updated to 5.4, dropped BOARD_NAME,
migrated to SOC]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-13 14:38:03 +02:00
Stijn Tintel
4f02496c50 mtd: enable wrgg support for ath79
This is required for the D-Link DAP-2695-A1.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-06-11 19:44:36 +03:00
Kevin Darbyshire-Bryant
46555ce5bc odhcpd: remove bogus IPKG_INSTROOT reference
IPKG_INSTROOT is only set under image builder and we won't be running
this script at build time either, so remove the reference before it gets
cargo-culted into other scripts.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-11 15:46:55 +01:00
Adrian Schmutzler
78e8360878 soloscli: fix uci-defaults file
The folder for the uci-defaults file of this package is wrong, so
the file most probably has not been executed at all for several
years at least.

Fix the folder and remove the useless shebang for the file.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-11 01:49:24 +02:00
Renaud Lepage
108df3eabb ath79: add support for the Netgear WNDRMAC v1
The Netgear WNDRMAC v1 is a hardware variant of the Netgear WNDR3700 v2

Specifications
==============
* SoC: Atheros AR7161
* RAM: 64mb
* Flash on board: 16mb
* WiFi: Atheros AR9220 (a/n), Atheros AR9223 (b/g/n)
* Ethernet: RealTek RTL8366SR (1xWAN, 4xLAN, Gigabit)
* Power: 12 VDC, 2.5 A
* Full specs on [openwrt.org](https://openwrt.org/toh/hwdata/netgear/netgear_wndrmac_v1)

Flash Instructions
==================
It is possible to use the OEM Upgrade page to install the `factory`
variant of the firmware.

After the initial upgrade, you will need to telnet into the router
(default IP 192.168.1.1) to install anything. You may install LuCI
this way. At this point, you will have a web interface to configure
OpenWRT on the WNDRMAC v1.

Please use the `sysupgrade` variant for subsequent flashes.

Recovery Instructions
=====================
A TFTP-based recovery flash is possible if the need arises. Please refer
to the WNDR3700 page on openwrt.org for details.

https://openwrt.org/toh/netgear/wndr3700#troubleshooting_and_recovery

Signed-off-by: Renaud Lepage <root@cybikbase.com>
[update DTSI include name]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-11 01:44:13 +02:00
Felix Fietkau
4baf90de8d netifd: disable receive packet steering for DSA slave devices
It is already handled on the master device. Doing it twice reduces
performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 16:17:12 +02:00
Felix Fietkau
bf3f06f1ba mt76: enable hostapd 802.11ax support if kmod-mt7915e is selected
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 12:56:35 +02:00
Felix Fietkau
41d7a14ead hostapd: add config symbol for allowing drivers to enable 802.11ax support
Also expose a build feature for it

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-10 12:56:35 +02:00
Christian Lamparter
f611b014a7 ca-certificates: update to version 20200601
This patch updates the ca-certificates and ca-bundle package.
This version changed the files directory again, to work/, so
PKG_BUILD_DIR was brought back.

A list of changes from Debian's change-log entry for 20200601 [0]:

  * mozilla/{certdata.txt,nssckbi.h}:
    Update Mozilla certificate authority bundle to version 2.40.
    Closes: #956411, #955038
  * mozilla/blacklist.txt
    Add distrusted Symantec CA list to blacklist for explicit removal.
    Closes: #911289
    Blacklist expired root certificate, "AddTrust External Root"
    Closes: #961907
    The following certificate authorities were added (+):
    + "Certigna Root CA"
    + "emSign ECC Root CA - C3"
    + "emSign ECC Root CA - G3"
    + "emSign Root CA - C1"
    + "emSign Root CA - G1"
    + "Entrust Root Certification Authority - G4"
    + "GTS Root R1"
    + "GTS Root R2"
    + "GTS Root R3"
    + "GTS Root R4"
    + "Hongkong Post Root CA 3"
    + "UCA Extended Validation Root"
    + "UCA Global G2 Root"
    The following certificate authorities were removed (-):
    - "AddTrust External Root"
    - "Certinomis - Root CA"
    - "Certplus Class 2 Primary CA"
    - "Deutsche Telekom Root CA 2"
    - "GeoTrust Global CA"
    - "GeoTrust Primary Certification Authority"
    - "GeoTrust Primary Certification Authority - G2"
    - "GeoTrust Primary Certification Authority - G3"
    - "GeoTrust Universal CA"
    - "thawte Primary Root CA"
    - "thawte Primary Root CA - G2"
    - "thawte Primary Root CA - G3"
    - "VeriSign Class 3 Public Primary Certification Authority - G4"
    - "VeriSign Class 3 Public Primary Certification Authority - G5"
    - "VeriSign Universal Root Certification Authority"

[0] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20200601_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-06-09 18:07:38 +02:00
Petr Štetiar
df6a33a8d4 hostapd: update to latest Git hostap_2_9-1331-g5a8b366233f5
Bump to latest Git and refresh all patches in order to get fix for "UPnP
SUBSCRIBE misbehavior in hostapd WPS AP" (CVE-2020-12695).

 General security vulnerability in the way the callback URLs in the UPnP
 SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
 Some of the described issues may be applicable to the use of UPnP in WPS
 AP mode functionality for supporting external registrars.

Ref: https://w1.fi/security/2020-1/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-09 16:59:33 +02:00
Kevin Darbyshire-Bryant
68b94f0fb4 umdnsd: update to latest git HEAD
d13290b Fix advertised IPv6 addresses

Don't just serve link-local addresses via mdns, offer all.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-06-08 20:16:17 +01:00
Stijn Tintel
8a858363b0 hostapd: silence rm
When bringing up wifi the first time after boot, these warnings appear:

netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.psk': No such file or directory
netifd: radio0 (1370): rm: can't remove '/var/run/hostapd-wlan0.vlan': No such file or directory

Silence them by adding the "-f" option to rm.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
2020-06-08 08:59:02 +03:00
Stijn Tintel
25787e002b bcm27xx-gpu-fw: bump to most recent good version
This updates to the last firmware version before the switch to building
from the common firmware branch, which introduces various issues.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 10:26:54 +03:00
Stijn Tintel
afdc413d9d Revert "bcm27xx-gpu-fw: update to latest version"
This reverts commit 9e467a764b.

The Raspberry Pi firmware recently switched to building from the common
firmware branch. This introduces changes in the core clock handling,
causing various issues.

E.g. enable_uart=1 no longer fixes the core clock frequency to 250MHz.
When the disable-bt DT overlay is not loaded, the core clock frequency
is increased to 400MHz. As a result, the UART baud rate is no longer
correct, and this causes garbled serial console, or communication
problems with HATs that use the UART.

As a workaround, the core clock could be fixed to 250MHz by adding
'core_freq=250' in /boot/config.txt, but as there appear to be other
issues than just the UART being broken, the safer bet is to revert the
firmware for now.

Upstream bug: https://github.com/raspberrypi/firmware/issues/1376

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-06-07 10:25:50 +03:00
Hans Dedecker
9e7fe7faf5 netifd: update to latest git HEAD
51e9fb8 system-linux: improve handling of device rename

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-06 20:55:53 +02:00
Toke Høiland-Jørgensen
56db8e4615 kernel: Add kmod-sch-cake-virtual intermediate package
As reported in https://github.com/openwrt/packages/issues/12072, the
imagebuilder fails due to a dependency resolution error when the userspace
packages are built using a target that has a different kernel version than
that which is being run. To resolve this, add a virtual kernel package with
the conditional dependency currently used in sqm-scripts. The idea is to
move the sqm-scripts dependency to this virtual package, which hopefully
should be consistent with the actual kernel module being built.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2020-06-06 19:15:43 +01:00
Hans Dedecker
4e65838871 nghttp2: bump to 1.41.0
8f7b008b Update bash_completion
83086ba9 Update manual pages
c3b46625 Merge pull request from GHSA-q5wr-xfw9-q7xr
3eecc2ca Bump version number to v1.41.0, LT revision to 34:0:20
881c060d Update AUTHORS
f8da73bd Earlier check for settings flood
336a98fe Implement max settings option
ef415836 Revert "Add missing connection error handling"
979e6c53 Merge pull request #1459 from nghttp2/proxyprotov2
b7d16101 Add missing connection error handling
cd53bd81 Merge pull request #1460 from gportay/patch-1
e5625b8c Fix doc
c663349f integration: Add PROXY protocol v2 tests
854e9fe3 nghttpx: Always call init_forwarded_for
c60ea227 Update doc
49cd8e6e nghttpx: Add PROXY-protocol v2 support
3b17a659 Merge pull request #1453 from Leo-Neat/master
600fcdf5 Merge pull request #1455 from xjtian/long_serials
4922bb41 static_cast size parameter in StringRef constructor to size_t
aad86975 Fix get_x509_serial for long serial numbers
dc7a7df6 Adding CIFuzz
b3f85e2d Merge pull request #1444 from nghttp2/fix-recv-window-flow-control-issue
ffb49c6c Merge pull request #1435 from geoffhill/master
2ec58551 Fix receiving stream data stall
459df42b Merge pull request #1442 from nghttp2/upgrade-llhttp
a4c1fed5 Bump llhttp to 2.0.4
866eadb5 Enable session_create_idle_stream test, fix errors
5e13274b Fix typo
e0d7f7de h2load: Allow port in --connect-to
df575f96 h2load: add --connect-to option
1fff7379 clang-format-9
b40c6c86 Merge pull request #1418 from vszakats/patch-1
9bc2c75e lib/CMakeLists.txt: Make hard-coded static lib suffix optional
2d5f7659 Bump up version number to 1.41.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-06-06 14:11:41 +02:00
Paul Spooren
df6f3090c4 mvebu: rename Linksys devices based on their common names
The Linksys devices in mvebu target feature a mixed naming,
where parts are based on the official product name (device
node, image; e.g. WRT3200ACM) and parts are based on the
internal code name (DTS file name, compatible, LED labels;
e.g. rango). This inconsistent naming has been perceived
as quite confusing.

A recent attempt by Paul Spooren to harmonize this naming
in kernel has been declined there. However, for us it still
makes sense to apply at least a part of these changes
locally.

Primarily, this patch changes the compatible in DTS and thus
the board name used in various scripts to have them in line
with the device, model and image names. Due to the recent
switch from swconfig to DSA, this allows us to drop
SUPPORTED_DEVICES and thus prevent seamless upgrade between
these incompatible setups.

However, this does not include the LED label rename from
Paul's initial patch: I don't think it's worth keeping the
enormous diff locally for this case, as we can implement
this much easier in 01_leds if we have to live with the
inconsistency anyway.

Signed-off-by: Paul Spooren <mail@aparcar.org>
[rebase, extend to all devices, drop DT LED changes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-06-05 21:54:43 +02:00
Felix Fietkau
2dd26fda16 kernel: fix portability issue with perf on linux 5.4
Remove dependencies on core kernel headers in host tools used to build perf,
which break on any non-linux system

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-06-04 21:52:57 +02:00
John Crispin
5aa2ddd0d6 hostapd: add support for wifi-station and wifi-vlan sections
This patch adds support for 2 new uci sections.

config wifi-vlan
	# iface is optional. if it is not defined the vlan will apply
	# to all interfaces
        option iface	default_radio0
        option name	guest
        option vid	100
        option network	guest

config wifi-station
	# iface is optional. if it is not defined the station will apply
	# to all interfaces
        option iface	default_radio0
        # mac is optional. if it is not defined it will be a catch all
	# for any sta using this key
	option mac	'00:11:22:33:44:55'
        # vid is optional. if it is not defined, the sta will be part of
	# the primary iface.
	option vid	100
        option key	testtest

With this patch applied it is possible to use multiple PSKs on a single BSS.

Signed-off-by: John Crispin <john@phrozen.org>
2020-06-04 13:36:37 +02:00
John Crispin
303b463394 netifd: update to latest HEAD
db275e1 interface-ip: fix build on non-linux systems
3392046 system-dummy: fix missing return
a56b457 netifd: wireless: add support for tracking wifi-station sections
4ce33ce netifd: wireless: add support for tracking wifi-vlan sections

Signed-off-by: John Crispin <john@phrozen.org>
2020-06-04 13:36:37 +02:00
Petr Štetiar
7f0fb3e5d4 iwinfo: update to version 2020-06-03
2faa20e5e9d1 iwinfo: add device id for Mikrotik R11e-5HacD miniPCIe card
d577a9d38a3b iwinfo: add device id for Marvell 88W8997 SDIO wifi card
f6b7d16d2ffa iwinfo: add device id for Atheros AR9287 PCIe wifi card

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Tim Harvey
25641709d8 kernel: iio: add drivers for st_lsm6dsx IMU MEMS sensors
Add kmod for the ST LSM6DSX IMU driver.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
[fixed missing regmap module dependencies]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Tim Harvey
41cab5029b kernel: iio: fix st_accel_{i2c, spi} driver
Add missing kernel module and rename driver

Fixes: 2d8f4c4fbd ("kernel: iio: add st-accel driver modules")
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2020-06-03 16:49:28 +02:00
Eneas U de Queiroz
750d52f6c9 wolfssl: use -fomit-frame-pointer to fix asm error
32-bit x86 fail to compile fast-math feature when compiled with frame
pointer, which uses a register used in a couple of inline asm functions.

Previous versions of wolfssl had this by default.  Keeping an extra
register available may increase performance, so it's being restored for
all architectures.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-06-03 16:49:28 +02:00
Rosen Penev
a9f712a79b exfat-utils: move into packages feed
This will be moved to packages:

https://github.com/openwrt/packages/pull/12378

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[commit subject facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Rosen Penev
e86b67e700 xfsprogs: move into packages feed
Does not seem to be needed here. This will be imported into packages.

Ref: https://github.com/openwrt/packages/pull/12256
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[subject facelift, PR ref]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Rosen Penev
173d2843c7 libconfig: move into packages feed
No package in base uses libconfig. Everything is in the packages feed.

Ref: https://github.com/openwrt/packages/pull/12255
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[subject facelift, PR ref]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Florian Eckert
0b3e1205df kernel: add gpio-it87
Since commit 910df3f06c we have build in
on all X86/64 platforms the gpio-it87 driver.

Since this change I am getting the following error message on boot.
 > kern.err kernel: [    1.009416] gpio_it87: no device

I do not have this device on my system. To prevent the nonsensical
message and the loading of the module I have added this as a package, so
that it can be installed later or during image building.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Reviewed-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-06-03 16:49:28 +02:00
Sergey Ryazanov
880c1f0336 base-files: prevent issues w/ overlay on powerloss after sysupgrade
Due to filesystem write caching the old configuration data could stay
out of flash for a long time during a first boot after the sysupgrade.
Power loss during this period could damage the overlay data and even
make device inaccessable via the network.

Fix this by syncing data to a flash as soon as the previous
configuration will be unpacked after the sysupgrade. Also sync the FS
state after the sysupgrade.tgz archive removing to prevent duplicative
extraction of a previous configuration.

Tested with AMD Geode based board.

Signed-off-by: Sergey Ryazanov <ryazanov.s.a@gmail.com>
2020-06-03 16:49:28 +02:00
Sven Roederer
2171493f7f dnsmasq: add /etc/dnsmasq.d/ to conffiles
This directory can hold configuration-snippets which should also included in the backup.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-06-03 16:49:28 +02:00
Michael Heimpold
d71fa37aa3 uboot-mxs: bump to v2020.04
Also update the U-Boot BSP patch for I2SE Duckbill devices.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2020-06-03 16:49:28 +02:00
Thomas Albers
e914de7c96 base-files: fix LED IDE trigger
This changes the ide-disk LED trigger to the generic disk-activity as
ide-disk trigger was removed in upstream commit eb25cb9956cc ("leds:
convert IDE trigger to common disk trigger").

Signed-off-by: Thomas Albers <thomas.gameiro@googlemail.com>
[split into separate commit, commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-06-03 16:49:28 +02:00
Daniel Golle
b1f26b7160 uhttpd: fix script timeout
939c281 proc: do not cancel script killing after writing headers

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-06-03 10:50:01 +01:00
Hans Dedecker
8d2c031f21 ppp: update to version 2.4.8.git-2020-05-25
ddd57c2 pppd: Add lcp-echo-adaptive option
c319558 pppd: Handle SIGINT and SIGTERM during interrupted syscalls (#148)
0bc11fb Added missing options to manual pages. (#149)
b1fcf16 Merge branch 'monotonic-time' of https://github.com/themiron/ppp
c78e312 pppd: linux: use monotonic time if possible

Remove patch 121-debian_adaptive_lcp_echo as patch is upstream accepted
Remove patch 206-compensate_time_change.patch as timewrap issues are
solved by a patch making use of monotonic time

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-31 21:13:50 +02:00
Felix Fietkau
479f1f2c92 mt76: update to the latest version (adds 7663e, 7663u, 7915 drivers)
7aabfd0c9282 mt7615: add CONFIG_MT76_LEDS to cflags
10a5b7630a37 mt76: mt7615: fix getting maximum tx power from eeprom
8688ed70c987 mt76: mt7615: use module parameter option for offload firmware preference
04798aab1257 net: mt7603: remove duplicate error message
9636177117d8 mt76: mt7615: fix ssid configuration in mt7615_mcu_hw_scan
d4ba139d8b8b mt76: mt7615: introduce mt7615_check_offload_capability routine
2cc0d54b65a1 mt76: mt7615: do not mark sched_scan disabled in mt7615_scan_work
5b73be962388 mt76: mt7615: add passive mode for hw scan
96e429e18174 mt76: mt7615: free pci_vector if mt7615_pci_probe fails
8fddbf6390ac mt76: mt7615: introduce support for hardware beacon filter
f2c760177bdd mt76: mt7615: introduce mt7615_mcu_set_hif_suspend mcu command
db454605106f mt76: mt7615: add WoW support
20b87321c39f mt76: mt7663u: introduce suspend/resume to mt7663u
20db7e73c586 mt76: mt7615: introduce PM support
523716bba561 mt76: mt7615: add gtk rekey offload support
50d377a825cc mt76: mt7615: introduce beacon_loss mcu event
4ef1957cea35 mt76: mt7663: read tx streams from eeprom
f25a43cc53e7 mt76: mt7615: check return value of mt7615_eeprom_get_power_index
0a9f71652927 mt76: mt7615: fix ibss mode for mt7663
83f2ba3101b4 mt76: mt7663: fix target power parsing
3e6968593b61 mt76: mt7615: fix delta tx power for mt7663
c1d3ad194ae4 mt76: mt7663: introduce WoW with net detect support
891136ab99da mt76: mt7663: add support to sched scan with randomise addr
82e4d3ebe967 mt76: mt7615: scan all channels if not specified
690b84821cd3 mt76: avoid rx reorder buffer overflow
f0117d3107b4 mt76: add support for HE RX rate reporting
cc68782bab1a mt76: add Rx stats support for radiotap
3ec47f2fba61 mt76: adjust wcid size to support new 802.11ax generation
0a9f4173dd07 mt76: add HE phy modes and hardware queue
c6b002bcdfa6 mt76: add mac80211 driver for MT7915 PCIe-based chipsets
b96af5039581 mt76: mt7915: enable Rx HE rate reporting
230054096155 mt76: mt7915: implement HE per-rate tx power support
c8f4b6cf1add mt76: mt7915: register per-phy HE capabilities for each interface
de1e8af96e19 mt76: mt7915: add HE bss_conf support for interfaces
135a5085932b mt76: mt7915: add HE capabilities support for peers
3b5d908dae2f mt76: mt7915: add Rx radiotap header support
158253e2c11e mt76: mt7915: add .sta_add_debugfs support
7f40e8c2b98d mt76: mt7915: add .sta_statistics support
a5368e5cad11 mt76: mt7915: set peer Tx fixed rate through debugfs
4f79c516be5c mt76: mt7915: add tsf related callbacks
509fceb43235 mt76: mt7915: enable firmware module debug support
56405976fc7b mt76: set runtime stream caps by mt76_phy
6bbf1a35c0da linux-firmware: add rebb firmware for mt7663
d7a10094c4e5 mt7663: add client offload firmware
9200732e8534 mt76: mt7663u: copy key pointer in mt7663u_mac_write_txwi
3aa810bde810 mt76: mt7663u: add missing register definitions
e236ea5be344 mt76: mt7615: usb: cancel ps work stopping the vif
1d0903de2131 mt76: mt7915: introduce mt7915_get_he_phy_cap
095c72c81c74 mt76: mt7915: add Tx beamformer support
5f9e7664cd26 mt76: mt7915: add Tx beamformee support
ac505404c385 mt76: mt7915: add TxBF capabilities
6656bebd39cd mt76: mt7915: add debugfs to track TxBF status
9590db025475 mt76: mt7915: allocate proper size for tlv tags
26eb1ed65987 mt76: mt7915: fix possible deadlock in mt7915_stop
f85c1f3fc189 firmware: add mt7915 firmware
9b07251b00b0 mt76: mt7615: fix typo defining ps work
060e375a9244 mt76: fix per-driver wcid range checks after wcid array size bump
7270b56389a9 mt76: mt7615: do not report scan_complete twice to mac80211
8c9e4847d01e mt76: mt7615: reduce hw scan timeout
8bd88a1b1880 mt76: enable p2p support
1ea444d0e8e5 mt76: mt7615: configure bss info adding the interface
fa81da5bb4e9 mt76: mt7615: introduce remain_on_channel support
44f2262c0289 mt76: mt76x02: remove check in mt76x02_mcu_msg_send
7005aa891440 mt76: mt7915: add spatial reuse support
1e3dc5b76649 mt76: mt7915: fix some sparse warnings
01b784174cd5 mt76: mt7915: fix sparse warnings: incorrect type initializer
40b7b5354a16 mt76: mt7615: fix NULL pointer deref in mt7615_register_ext_phy
6d731d188d31 mt76: mt7915: fix decoded radiotap HE flags
b74d5b1c14cf mt76: mt7915: fix some sparse warnings
6679d35be5cc mt76: mt7615: switch to per-vif power_save support
01e870b44769 mt76: mt7915: fix a handful of spelling mistakes
7b2d16655904 mt76: mt7663: fix the usage WoW with net detect support
ed3a244fb647 mt76: mt7915: Fix build error
5396a61cec99 mt76: mt7615: fix hw_scan with ssid_type for specified SSID only
466a5b4d041d mt76: mt7915: fix possible NULL pointer dereference in mt7915_register_ext_phy
984a172609c0 mt76: fix wcid allocation issues
6e02acddcb1a mt76: mt7615: add support for MT7611N
4e6f4e432d0d mt76: only iterate over initialized rx queues
9ad940fee593 mt76: mt7615: Use kmemdup in mt7615_queue_key_update()
85c516081338 mt76: mt7915: remove set but not used variable 'msta'

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-05-31 14:23:07 +02:00
Vladislav Grishenko
f166cf9ca0 dropbear: add ed25519 and chacha20-poly1305
- add Ed25519 support (backport):
  * DROPBEAR_ED25519 option for ssh-ed25519,
  * disabled by default
- add Chacha20-Poly1305 support (backport):
  * DROPBEAR_CHACHA20POLY1305 for chacha20-poly1305@openssh.com,
  * enabled by default
- update feature costs in binary size

Signed-off-by: Vladislav Grishenko <themiron@mail.ru>
2020-05-30 21:27:10 +02:00
John Crispin
02f08056bc mac80211: fix wifi teardown
reverts part of the recent wifi reconf patch.

Signed-off-by: John Crispin <john@phrozen.org>
2020-05-30 12:01:08 +02:00
Daniel Golle
a002a24536 mac80211: rt2x00: backport patch enabling MFP
From: Rui Salvaterra <rsalvaterra@gmail.com>
Date: Mon, 25 May 2020 14:49:07 +0100
Subject: [PATCH] rt2800: enable MFP support unconditionally

This gives us WPA3 support out of the box without having to manually disable
hardware crypto. The driver will fall back to software crypto if the connection
requires management frame protection.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-30 09:37:36 +01:00
Daniel Golle
f8b4aa5062 ugps: nmea: make sure date is valid
GPS time without date was previously used to set system date:
Tue Oct 10 11:48:21 2000 user.info kernel: [  108.786639] ugps: system time differs from GPS time by more than 5 seconds. Using 2000-10-10T10:48:21 UTC as the new time
Tue Oct 10 11:49:27 2000 user.info kernel: [  174.794699] ugps: system time differs from GPS time by more than 5 seconds. Using 2020-05-26T10:49:27 UTC as the new time

Fix this by ignoring incomplete dates and wait for complete time
information before adjusting system date/time.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-29 23:59:35 +01:00
Jo-Philipp Wich
559b338466 qos-scripts: fix interface resolving
Also ensure that the error message is actually printed to stderr and that
the rule generation is aborted if an interface cannot be resolved.

Ref: https://github.com/openwrt/luci/issues/3975
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-29 10:34:58 +02:00
Álvaro Fernández Rojas
5d3a0c6b26 bcm27xx-userland: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 19:12:42 +02:00
Daniel Golle
f47aeac9b9 procd: update to git HEAD
b84a329 jail: use sane termios settings for console pts
 b9b39e2 jail: handle containers seperately

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-28 14:29:08 +01:00
Enrique Rodríguez Valencia
6e8bb68996 hostapd: Add disable_vht when using NOHT/HT* modes
disable_vht parameter needs to be set when using wpa_supplicant NOHT/HT* modes.

Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
2020-05-28 14:06:55 +01:00
Enrique Rodríguez Valencia
84c96de606 mac80211: Fix setting radio htmode when using mesh mode
When configuring the radio in legacy mode from luci, the htmode is not set
correctly to NOHT, causing the radio in mesh mode to be set to HT40.

Signed-off-by: Enrique Rodríguez Valencia <enrique.rodriguez@galgus.net>
2020-05-28 14:06:54 +01:00
Jo-Philipp Wich
a03d6d2fab broadcom-wl: don't inherit lock descriptor in nas process
Add a local hack to prevent the Broadcom WPA authenticator process from
inheriting the lock descriptor 1000 used to prevent concurrent executions
of the init script.

Without this fix, repeated invocations of /etc/init.d/network, e.g. for
obtaining the enabled state, would hang forever.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-28 13:08:14 +02:00
Álvaro Fernández Rojas
8b8fb79cbf bcm27xx-userland: update to latest version with 64 bit support
Support for 64 bits has been remove on latest master of raspberry/firmware.
Update to latest commit with 64 bit support since we don't support
installing 32 bit packages on 64 bit targets.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 11:57:03 +02:00
Thibaut VARÈNE
e430376b48 packages/utils: fbtest fix Makefile
The clean target tries to remove what looks like a bogus 'rbcfg',
probably carried over copy-pasta. Remove the name of the generated
executable ('fbtest') instead.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
Fixes: 8099f4e0d3 ("fbtest utility ")
2020-05-28 11:22:22 +02:00
Thibaut VARÈNE
7557e7f267 package/base-files: caldata: work around dd's limitation
tl;dr: dd will silently truncate the output if reading from special
files (e.g. sysfs attributes) with a too large bs parameter.

This problem was exposed on some RouterBOARD ipq40xx devices which use a
caldata payload which is larger than PAGE_SIZE, contrary to all other
currently supported RouterBOARD devices: the caldata would fail to
properly load with the current scripts.

Background: dd doesn't seem to correctly handle read() results that
return less than requested data. sysfs attributes have a kernel exchange
buffer which is at most PAGE_SIZE big, so only 1 page can be read() at a
time. In this case, if bs is larger than PAGE_SIZE, dd will silently
truncate blocks to PAGE_SIZE. With the current scripts using bs=<size>
count=1, the data is truncated to PAGE_SIZE as soon as the requested
<size> exceeds this value.

This commit works around this problem by using `cat` in the caldata
routines that can read from a file (routines that read from mtd devices
are untouched). cat correctly handles partial read requests. The output
is then piped to dd with the same parameters as before, to ensure that
the resulting file remains exactly the same.

This is a simple workaround, the downside is that it uses a pipe and one
more executable, and therefore has a larger memory footprint and is
slower. This is deemed acceptable considering these routines are only
used at boot time.

Tested-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-28 11:22:22 +02:00
Thibaut VARÈNE
f10da7cb4d packages/boot: remove rbcfg
The new sysfs soft_config driver makes buggy rbcfg obsolete and
entirely replaces it.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-28 11:09:10 +02:00
Álvaro Fernández Rojas
aabfd4b1db cypress-firmware: add PROVIDES sections
Some firmwares are already provided by linux-firmware.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 10:36:27 +02:00
Álvaro Fernández Rojas
9e467a764b bcm27xx-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-28 10:36:27 +02:00
Jo-Philipp Wich
e8a2c21069 rpcd: update to latest Git HEAD
078bb57 uci: reset uci_ptr flags when merging options during section add
3df62bc session: deny access if password login is disabled

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-26 16:08:54 +02:00
Stijn Segers
63bef34db9 uboot-envtools: ath79: add Netgear WNDR4300SW
Add Netgear WNDR4300SW to the list of supported boards.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2020-05-26 15:29:51 +02:00
Felix Fietkau
b371182d24 libubox: update to the latest version
86818eaa976b blob: make blob_parse_untrusted more permissive
cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len
c2fc622b771f blobmsg: fix length in blobmsg_check_array
639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name
66195aee5042 blobmsg: fix missing length checks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-05-26 10:45:44 +02:00
Rafał Miłecki
a765b063ee libubox: update to the latest master
5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len()
eeddf22 tests: runqueue: try to fix race on GitLab CI
89fb613 libubox: runqueue: fix use-after-free bug
1db3e7d libubox: runqueue fix comment in header
7c4ef0d tests: list: add test case for list_empty iterator

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-05-24 17:06:09 +02:00
Matthias Schiffer
42de3c89c7
ucert: update to latest git HEAD
00b921d80ac0 Do not print line number in debug messages
96c42c5ed320 Fix length checks in cert_load()
fe06b4b836b3 usign-exec: improve usign -F output handling
19f9e1917e1b usign-exec: return code fixes
077feb5b5824 usign-exec: close writing end of pipe early in parent process
7ec4bb764e1e usign-exec: remove redundant return statements
5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17]
112488bbbccc usign-exec: do not close stdin and stderr before exec
38dcb1a6f121 usign-exec: fix exec error handling
a9be4fb17df2 usign-exec: simplify usign execv calls
854d93e2326a Introduce read_file() helper, improve error reporting
afc86f352bf7 Fix return code of write_file()
fdff10852326 stdout/stderr improvements
dddb2aa8124d ci: fix unit test failures by enabling full ucert build
5f206bcfe5c2 ci: enable unit testing

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-24 17:01:36 +02:00
Matthias Schiffer
e35e40ad82
usign: update to latest git HEAD
f1f65026a941 Always pad fingerprints to 16 characters

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-23 13:38:12 +02:00
David Bauer
a9f7510150 hostapd: add WEP as queryable build feature
Commit 472fd98c5b ("hostapd: disable support for Wired Equivalent
Privacy by default") made support for WEP optional.

Expose the WEP support to LuCi or other userspace tools using the
existing interface. This way they are able to remove WEP from the
available ciphers if hostapd is built without WEP support.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-05-22 21:54:30 +02:00
Hauke Mehrtens
04b1a11f5c mac80211: Fix build on mpc85xx target
This fixes the following compile error seen on the mpc85xx target:
  CC [M]  /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o
In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89:
/builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t'
 typedef _Addr ptrdiff_t;
               ^~~~~~~~~
In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4,
                 from ./include/linux/list.h:5,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3,
                 from ./include/linux/module.h:9,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79:
./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here
 typedef __kernel_ptrdiff_t ptrdiff_t;
                            ^~~~~~~~~
scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed

Fixes: 289c632425 ("mac80211: Update to version 5.7-rc3-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 21:53:14 +02:00
Philip Prindeville
de8b88ce17 firewall: add rule for traceroute support
Running your firewall's "wan" zone in REJECT zone (1) exposes the
presence of the router, (2) depending on the sophistication of
fingerprinting tools might identify the OS and release running on
the firewall which then identifies known vulnerabilities with it
and (3) perhaps most importantly of all, your firewall can be
used in a DDoS reflection attack with spoofed traffic generating
ICMP Unreachables or TCP RST's to overwhelm a victim or saturate
his link.

This rule, when enabled, allows traceroute to work even when the
default input policy of the firewall for the wan zone has been
set to DROP.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-05-21 20:23:10 +02:00
Hans Dedecker
bc55258464 netifd: ingress/egress vlan qos mapping support
74e0222 vlandev: support setting ingress/egress QoS mappings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-21 20:21:02 +02:00
Hauke Mehrtens
289c632425 mac80211: Update to version 5.7-rc3-1
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

The 131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch patch
was manually adapted to the changes in kernel 5.7.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
64f343a881 mac80211: Update to version 5.6.8-1
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
9ca21dc7d5 mac80211: Update to version 5.5.19
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
a4b50c4bce mac80211: Update to version 5.4.36-1
This updates the mac80211 backport to the latest minor version.

The removed patch was a backport from the upstream kernel which is now
integrated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Daniel Golle
017320ead3 hostapd: bring back mesh patches
Bring back 802.11s mesh features to the level previously available
before the recent hostapd version bump. This is mostly to support use
of 802.11s on DFS channels, but also making mesh forwarding
configurable which is crucial for use of 802.11s MAC with other routing
protocols, such as batman-adv, on top.
While at it, fix new compiler warning by adapting 700-wifi-reload.patch
to upstream changes, now building without any warnings again.

Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-21 10:21:59 +01:00
Jason A. Donenfeld
a860fe2304 wireguard: bump to 1.0.20200520
This version has the various slew of bug fixes and compat fixes and
such, but the most interesting thing from an OpenWRT perspective is that
WireGuard now plays nicely with cake and fq_codel. I'll be very
interested to hear from OpenWRT users whether this makes a measurable
difference. Usual set of full changes follows.

This release aligns with the changes I sent to DaveM for 5.7-rc7 and were
pushed to net.git about 45 minutes ago.

* qemu: use newer iproute2 for gcc-10
* qemu: add -fcommon for compiling ping with gcc-10

These enable the test suite to compile with gcc-10.

* noise: read preshared key while taking lock

Matt noticed a benign data race when porting the Linux code to OpenBSD.

* queueing: preserve flow hash across packet scrubbing
* noise: separate receive counter from send counter

WireGuard now works with fq_codel, cake, and other qdiscs that make use of
skb->hash. This should significantly improve latency spikes related to
buffer bloat. Here's a before and after graph from some data Toke measured:
https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png

* compat: support RHEL 8 as 8.2, drop 8.1 support
* compat: support CentOS 8 explicitly
* compat: RHEL7 backported the skb hash renamings

The usual RHEL churn.

* compat: backport renamed/missing skb hash members

The new support for fq_codel and friends meant more backporting work.

* compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4

The main motivation for releasing this now: three stable kernels were released
at the same time, with a patch that necessitated updating in our compat layer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-21 08:18:01 +02:00
Petr Štetiar
472fd98c5b hostapd: disable support for Wired Equivalent Privacy by default
Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional
build parameter") has made WEP functionality an optional build parameter
disabled as default, because WEP should not be used for anything
anymore. As a step towards removing it completely, they moved all WEP
related functionality behind CONFIG_WEP blocks and disabled it by
default.

This functionality is subject to be completely removed in a future
release.

So follow this good security advice, deprecation notice and disable WEP
by default, but still allow custom builds with WEP support via
CONFIG_WPA_ENABLE_WEP config option till upstream removes support for
WEP completely.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-21 08:18:01 +02:00
Petr Štetiar
0a3ec87a66 hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed
Bump package to latest upstream Git HEAD which is commit dd2daf0848ed
("HE: Process HE 6 GHz band capab from associating HE STA"). Since last
update there was 1238 commits done in the upstream tree with 618 files
changed, 53399 insertions, 24928 deletions.

I didn't bothered to rebase mesh patches as the changes seems not
trivial and I don't have enough knowledge of those parts to do/test that
properly, so someone else has to forward port them, ideally upstream
them so we don't need to bother anymore. I've just deleted them for now:

 004-mesh-use-setup-completion-callback-to-complete-mesh-.patch
 005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch
 006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch
 007-mesh-apply-channel-attributes-before-running-Mesh.patch
 011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
 013-mesh-do-not-allow-pri-sec-channel-switch.patch
 015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch
 016-mesh-fix-channel-switch-error-during-CAC.patch
 018-mesh-make-forwarding-configurable.patch

Refreshed all other patches, removed upstreamed patches:

 051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch
 067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
 070-driver_nl80211-fix-WMM-queue-mapping-for-regulatory-.patch
 071-driver_nl80211-fix-regulatory-limits-for-wmm-cwmin-c.patch
 090-wolfssl-fix-crypto_bignum_sum.patch
 091-0001-wolfssl-Fix-compiler-warnings-on-size_t-printf-forma.patch
 091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch
 091-0003-wolfssl-Do-not-hardcode-include-directory-in-wpa_sup.patch
 800-usleep.patch

Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq8065/NBG6817; ipq40xx/MAP-AC2200]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-21 08:18:01 +02:00
Rosen Penev
5ff4b0d024 fuse: move package to packages feed
This package was last updated in 2016. All of the dependent packages
are in the packages feeds, where this will be moved.

Ref: https://github.com/openwrt/packages/pull/12190
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[commit subject/description tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-20 18:59:46 +02:00
Eneas U de Queiroz
3481f6ffc7 wolfssl: update to 4.4.0-stable
This version adds many bugfixes, including a couple of security
vulnerabilities:
 - For fast math (enabled by wpa_supplicant option), use a constant time
   modular inverse when mapping to affine when operation involves a
   private key - keygen, calc shared secret, sign.
 - Change constant time and cache resistant ECC mulmod. Ensure points
   being operated on change to make constant time.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-05-20 17:03:45 +02:00
Jeffery To
982d787773 kernel: kmod-ptp-qoriq: Package kernel object file
This updates the package to contain the kernel object (.ko) file instead
of the plain object (.o) file.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-05-20 15:26:22 +02:00
Richard Huynh
f3792690c4 ramips: Add support for Xiaomi Redmi Router AC2100 (RM2100)
Specification:
- CPU: MediaTek MT7621A
- RAM: 128 MB DDR3
- FLASH: 128 MB ESMT NAND
- WIFI: 2x2 802.11bgn (MT7603)
- WIFI: 4x4 802.11ac (MT7615)
- ETH: 3xLAN+1xWAN 1000base-T
- LED: Power, WAN, in Amber and White
- UART: On board near ethernet, opposite side from power
- Modified u-boot

Installation:

1. Run linked exploit to get shell, startup telnet and wget the files over
2. mtd write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-kernel1.bin kernel1
3. nvram set uart_en=1
4. nvram set bootdelay=5
5. nvram set flag_try_sys1_failed=1
6. nvram commit
7. mtd -r write openwrt-ramips-mt7621-xiaomi_rm2100-squashfs-rootfs0.bin rootfs0

Restore to stock:

1. Setup PXE and TFTP server serving stock firmware image
(See dhcp-boot option of dnsmasq)
2. Hold reset button down before powering on and wait for flashing amber led
3. Release reset button
4. Wait until status led changes from flashing amber to white

Notes:
This device has dual kernel and rootfs slots like other Xiaomi devices currently
supported (mir3g, etc.) thus, we use the second slot and overwrite the first
rootfs onwards in order to get more space.

Exploit and detailed instructions:

https://openwrt.org/toh/xiaomi/xiaomi_redmi_router_ac2100

An implementation of CVE-2020-8597 against stock firmware version 1.0.14

This requires a computer with ethernet plugged into the wan port and an active
PPPoE session, and if successful will open a reverse shell to 192.168.31.177
on port 31337.

As this shell is somewhat unreliable and likely to be killed in a random amount
of time, it is recommended to wget a static compiled busybox binary onto the
device and start telnetd with it.

The stock telnetd and dropbear unfortunately appear inoperable.
(Disabled on release versions of stock firmware likely)
Ie. wget https://yourip/busybox-mipsel -O /tmp/busybox
chmod a+x /tmp/busybox
/tmp/busybox telnetd -l /bin/sh

Tested-by: David Martinez <bonkilla@gmail.com>
Signed-off-by: Richard Huynh <voxlympha@gmail.com>
2020-05-20 15:26:22 +02:00
Álvaro Fernández Rojas
e55af8a4b0 bcm63xx-cfe: fix build with CONFIG_AUTOREMOVE
When CONFIG_AUTOREMOVE is enabled, CFE binaries are removed before the
image creation.
Install CFE binaries to kernel directory and let autoremove clean the
files in PKG_BUILD_DIR.
Also drop unneeded tar cmd/options.

Fixes: dcee4eaa42 ("bcm63xx-cfe: add package with CFE RAM binaries")
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-20 08:46:13 +02:00
Jason A. Donenfeld
0727c83a76 wireguard-tools: bump to 1.0.20200513
* ipc: add support for openbsd kernel implementation
* ipc: cleanup openbsd support
* wg-quick: add support for openbsd kernel implementation
* wg-quick: cleanup openbsd support

Very exciting! wg(8) and wg-quick(8) now support the kernel implementation for
OpenBSD. OpenBSD is the second kernel, after Linux, to receive full fledged
and supported WireGuard kernel support. We'll probably send our patch set up
to the list during this next week. `ifconfig wg0 create` to make an interface,
and `wg ...` like usual to configure WireGuard aspects of it, like usual.

* wg-quick: support dns search domains

If DNS= has a non-IP in it, it is now treated as a search domain in
resolv.conf.  This new feature will be rolling out across our various GUI
clients in the next week or so.

* Makefile: simplify silent cleaning
* ipc: remove extra space
* git: add gitattributes so tarball doesn't have gitignore files
* terminal: specialize color_mode to stdout only

Small cleanups.

* highlighter: insist on 256-bit keys, not 257-bit or 258-bit

The highlighter's key checker is now stricter with base64 validation.

* wg-quick: android: support application whitelist

Android users can now have an application whitelist instead of application
blacklist.

* systemd: add wg-quick.target

This enables all wg-quick at .services to be restarted or managed as a unit via
wg-quick.target.

* Makefile: remember to install all systemd units

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-20 08:14:00 +02:00
Álvaro Fernández Rojas
86583384ff bcm63xx: smp: add NAND support
NAND controller is present on BCM6328, BCM6362, BCM6368 and BCM63268.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-18 18:24:06 +02:00
Álvaro Fernández Rojas
dcee4eaa42 bcm63xx-cfe: add package with CFE RAM binaries
CFE RAM is a second stage bootloader which is usually loaded by CFE ROM
(first stage bootloader) from a JFFS2 partition stored on the NAND.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-18 18:24:06 +02:00
Álvaro Fernández Rojas
8339f8d95e base-files: switch_to_ramfs: add nand-utils
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-18 18:24:06 +02:00
Davide Fioravanti
31b49f02ca ramips: add support for Linksys EA7500 v2
The Linksys EA7500 v2 is advertised as AC1900, but its internal
hardware is AC2600 capable.

Hardware
--------
SoC:   Mediatek MT7621AT (880 MHz, 2 cores 4 threads)
RAM:   256M (Nanya NT5CC128M16IP-DI)
FLASH: 128MB NAND (Macronix MX30LF1G18AC-TI)
ETH:   5x 10/100/1000 Mbps Ethernet (MT7530)
WIFI:
  - 2.4GHz: 1x MT7615N (4x4:4)
  - 5GHz:   1x MT7615N (4x4:4)
  - 4 antennas: 3 external detachable antennas and 1 internal
USB:
  - 1x USB 3.0
  - 1x USB 2.0
BTN:
  - 1x Reset button
  - 1x WPS button
LEDS:
  - 1x White led (Power)
  - 6x Green leds (link lan1-lan4, link wan, wps)
  - 5x Orange leds (act lan1-lan4, act wan) (working but unmodifiable)

Everything works correctly.

Installation
------------
The “factory” openwrt image can be flashed directly from OEM stock
firmware. After the flash the router will reboot automatically.

However, due to the dual boot system, the first installation could fail
(if you want to know why, read the footnotes).
If the flash succeed and you can reach OpenWrt through the web
interface or ssh, you are done.
Otherwise the router will try to boot 3 times and then will
automatically boot the OEM firmware (don’t turn off the router.
Simply wait and try to reach the router through the web interface
every now and then, it will take few minutes).

After this, you should be back in the OEM firmware.

Now you have to flash the OEM Firmware over itself using the OEM web
interface (I tested it using the FW_EA7500v2_2.0.8.194281_prod.img
downloaded from the Linksys website).

When the router reboots flash the “factory” OpenWrt image and this
time it should work.

After the OpenWrt installation you have to use the sysupgrade image
for future updates.

Restore OEM Firmware
--------------------
After the OpenWrt flash, the OEM firmware is still stored in the
second partition thanks to the dual boot system.
You can switch from OpenWrt to OEM firmware and vice-versa failing
the boot 3 times in a row:
 1) power on the router
 2) wait 15 seconds
 3) power off the router
 4) repeat steps 1-2-3 twice more.
 5) power on the router and you should be in the “other” firmware

If you want to completely remove OpenWrt from your router, switch to
the OEM firmware and then flash OEM firmware from the web interface
as a normal update.
This procedure will overwrite the OpenWrt partition.

Footnotes
---------
The Linksys EA7500-v2 has a dual boot system to avoid bricks.
This system works using 2 pair of partitions:
 1) "kernel" and "rootfs"
 2) "alt_kernel" and "alt_rootfs".
After 3 failed boot attempts, the bootloader tries to boot the other
pair of partitions and so on.

This system is managed by the bootloader, which writes a bootcount in
the s_env partition, and if successfully booted, the system add a
"zero-bootcount" after the previous value.

A system update performed from OEM firmware, writes the firmware on the
other pair of partitions and sets the bootloader to boot the new pair
of partitions editing the “boot_part” variable in the bootloader vars.
Effectively it's a quick and safe system to switch the selected boot
partition.

Another way to switch the boot partition is:
 1) power on the router
 2) wait 15 seconds
 3) power off the router
 4) repeat steps 1-2-3 twice more.
 5) power on the router and you should be in the “other” firmware

In this OpenWrt port, this dual boot system is partially working
because the bootloader sets the right rootfs partition in the cmdline
but unfortunately OpenWrt for ramips platform overwrites the cmdline
so is not possible to detect the right rootfs partition.

Because all of this, I preferred to simply use the first pair of
partitions and set read-only the other pair.

However this solution is not optimal because is not possible to know
without opening the case which is the current booted partition.
Let’s take for example a router booting the OEM firmware from the first
pair of partitions. If we flash the OpenWrt image, it will be written
on the second pair. In this situation the router will bootloop 3 times
and then will automatically come back to the first pair of partitions
containg the OEM firmware.
In this situation, to flash OpenWrt correctly is necessary to switch
the booting partition, flashing again the OEM firmware over itself.
At this point the OEM firmware is on both pair of partitions but the
current booted pair is the second one.
Now, flashing the OpenWrt factory image will write the firmware on
the first pair and then will boot correctly.

If this limitation in the ramips platform about the cmdline will be
fixed, the dual boot system can also be implemented in OpenWrt with
almost no effort.

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
Co-Developed-by: Jackson Lim <jackcolentern@gmail.com>
Signed-off-by: Jackson Lim <jackcolentern@gmail.com>
2020-05-17 18:44:28 +02:00
Davide Fioravanti
c33ad81373 mtd: add linksys_bootcount for ramips
Reset bc is needed for Linksys EA7500 v2's dual boot.

Size impact (tested with Linksys EA7500 v2 @ mt7621):

mtd_25_mipsel_24kc.ipk: 13174 -> 13628 (454 bytes)
initramfs: 3660350 -> 3660688 (338 bytes)

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
[add size impact information]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-17 18:43:19 +02:00
Adrian Schmutzler
b510ab513e kernel: drop outdated kernel version switches for local code
This drops kernel version switches for versions not supported by
OpenWrt master at the moment. This only adjusts local code, but
doesn't touch patches to existing external packages.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-17 18:35:51 +02:00
Daniel Golle
631c437a91 hostapd: backport wolfssl bignum fixes
crypto_bignum_rand() use needless time-consuming filtering
which resulted in SAE no longer connecting within time limits.
Import fixes from hostap upstream to fix that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-16 22:28:08 +01:00
Daniel Golle
8097fd4d5f procd: jail: fix segfault and add console feature
2e73848 jail: SIGSEGV must not be forwarded to the child process
 7e150f6 jail: unnamed jails can not have netns (fix segfault)
 1ab539b jail: add option to provide /dev/console to containers

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-15 19:19:32 +01:00
Adrian Schmutzler
f079db3844 procd: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
4cfa63edc0 wwan: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
04a8d3f453 comgt: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
ffa3a8e9b0 netifd: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
05afbcd14e mac80211: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
4202459541 ltq-vdsl-fw: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Adrian Schmutzler
d2d63cc6e0 ltq-vdsl-app: replace backticks by $(...)
This replaces deprecated backticks by more versatile $(...) syntax.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-13 19:01:23 +02:00
Robert Marko
bc0288b768 libjson-c: backport security fixes
This backports upstream fixes for the out of bounds write vulnerability in json-c.
It was reported and patches in this upstream PR: https://github.com/json-c/json-c/pull/592

Addresses CVE-2020-12762

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-13 11:16:43 +02:00
Daniel Golle
b181294b02 fstools: blockd: fix segfault triggered by non-autofs mounts
Program received signal SIGSEGV, Segmentation fault.
main_autofs (argv=<optimized out>, argc=<optimized out>)
    at fstools-2020-05-06-eec16e2f/block.c:1193
1193:    if (!m->autofs && (mp = find_mount_point(pr->dev))) {

Fixes: c3a43753b9 ("fstools: update to the latest version")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-12 10:51:24 +01:00
Kevin Darbyshire-Bryant
5e0a56b8ae umdns: re-enable address-of-packed-member warning
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-05-10 20:44:59 +01:00
Kevin Darbyshire-Bryant
ed91d72eac dnsmasq: hotplug script tidyup
Hotplug scripts are sourced so the #!/bin/sh is superfluous/deceptive.
Re-arrange script to only source 'procd' if we get to the stage of
needing to signal the process, reduce hotplug processing load a little.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-05-10 20:40:30 +01:00
Ali MJ Al-Nasrawy
a8a1ef8568 mac80211: distance config: allow "auto" as a value
The user can now enable the ACK timeout estimation algorithm (dynack)
for drivers that support it.
It is also expected that the distance config accepts the same values as:
$ iw phyX set distance XXX

Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
2020-05-09 15:08:39 +02:00
Jakov Petrina
b1cfbff0a7 mvebu: uDPU: switch default kernel and U-Boot PHY mode
Certain SFP modules (most notably Nokia GPON ones) first check
connectivity on 1000base-x, and switch to 2500base-x afterwards. This
is considered a quirk so the phylink switches the interface to
2500base-x as well.

However, after power-cycling the uDPU device, network interface/SFP module
will not work correctly until the module is re-seated. This patch
resolves this issue by forcing the interface to be brought up in
2500base-x mode by default.

Signed-off-by: Jakov Petrina <jakov.petrina@sartura.hr>
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Luka Perkov <luka.perkov@sartura.hr>
2020-05-09 14:34:23 +02:00
Javier Marcet
02656caa7b base-files: upgrade: fix indent
Use same indent as for the rest of the file.

Signed-off-by: Javier Marcet <javier@marcet.info>
[add commit description]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-08 20:15:43 +02:00
Thibaut VARÈNE
02a9d3d6a9 package/base-files: add caldata_sysfsload_from_file()
This routine enables loading caldata binary via the kernel sysfs loader

See https://www.kernel.org/doc/html/v4.19/driver-api/firmware/fallback-mechanisms.html

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-08 15:17:17 +02:00
Thibaut VARÈNE
8f4735297b package/base-files: caldata: allow setting target file
This will enable platforms to extract caldata to an arbitrary file,
or patch mac in an abitrary file.

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-08 15:17:17 +02:00
Thibaut VARÈNE
ab68939254 package/utils: remove rbextract
Rationale:
1/ This tool is no longer necessary following the implementation of a
   sysfs driver
2/ The upstream author, Robert Marko, stated[1] that this tool had been
   taken from his tree in an unfinished state not suitable for merging

[1] https://github.com/openwrt/openwrt/pull/2850#issuecomment-610277863

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2020-05-08 15:17:17 +02:00
Daniel A. Maierhofer
128250e8fc lldpd: add management IP setting
add option to set management IP pattern

also add missing 'unconfigure system hostname'

for example pattern '!192.168.1.1' makes it possible that
WAN IP is selected instead of LAN IP

Signed-off-by: Daniel A. Maierhofer <git@damadmai.at>
[grammar and spelling fixes in commit message]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-05-08 05:54:39 +03:00
Rosen Penev
73fa1aba94 samba36: Remove
Samba 3.6 is completely unsupported, in addition to having tons of patches

It also causes kernel panics on some platforms when sendfile is enabled.
Example:

https://github.com/gnubee-git/GnuBee_Docs/issues/45

I have reproduced on ramips as well as mvebu in the past.

Samba 4 is an alternative available in the packages repo.

cifsd is a lightweight alternative available in the packages repo. It is
also a faster alternative to both Samba versions (lower CPU usage). It
was renamed to ksmbd.

To summarize, here are the alternatives:
- ksmbd + luci-app-cifsd
- samba4 + luci-app-samba4

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[drop samba36-server from GEMINI_NAS_PACKAGES, ksmbd rename + summary]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-05-08 03:32:52 +03:00
Jo-Philipp Wich
79da9d78b9 opkg: update to latest Git HEAD
f2166a8 libopkg: implement lightweight package listing logic
cf4554d libopkg: support passing callbacks to feed parsing functions
2a0210f opkg-cl: don't read feeds on opkg update
b6f1967 libopkg: use xsystem() to spawn opkg-key
60b9af2 file_util.c: refactor and fix checksum_hex2bin()
206ebae file_util.c: fix possible bad memory access in file_read_line_alloc()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-07 22:49:58 +02:00
Yangbo Lu
2b31f143f9 layerscape: update restool to LSDK-20.04
Update restool to latest LSDK-20.04.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
1b370e7f62 layerscape: update ls-dpl to LSDK-20.04
Update ls-dpl to latest LSDK-20.04.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
70a6a98149 layerscape: define only one package for ls-dpl
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain ls-dpl with only one package
installing all 4 files as intermediate files.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
b7820d57db layerscape: update ls-mc to LSDK-20.04
Update ls-mc to latest LSDK-20.04.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
2e61c4ac1f layerscape: define only one package for ls-mc
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain ls-mc with only one package
installing all two images as intermediate files.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
99091f6796 layerscape: update ppfe-firmware to LSDK-20.04
Update ppfe-firmware to latest LSDK-20.04.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
e920530847 layerscape: update fman-ucode to LSDK-20.04
Just update PKG_VERSION/PKG_MIRROR_HASH since fman-ucode
of LSDK-20.04 had no changes.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
6c9d8990a4 layerscape: define only one package for fman-ucode
We do not have to define package for each board, and
consider variant's installing.
It is easier to maintain fman-ucode with only one package
installing all two binaries as intermediate files.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
12bc4084bd layerscape: update tfa to LSDK-20.04
Update tfa package to latest LSDK-20.04 dropping one patch
which had already been integrated.

Add fixes,
- Fix DEPENDS/PKG_BUILD_DEPENDS.
- Remove HIDDEN:=1.
- Move intermediate files installing into Build/InstallDev.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
f9155a9b67 layerscape: update u-boot to LSDK-20.04
Update u-boot package to latest LSDK-20.04 dropping patches
which are no longer needed.
Adapt u-boot bootargs to kernel 5.4 for booting.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
2e2643f74d layerscape: update ls-rcw to latest LSDK-20.04
Update ls-rcw to latest LSDK-20.04.
Update patch 0001 with a new one.
Drop patch 0002 since it had been integrated.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Yangbo Lu
084c82c5b0 layerscape: define only one package for ls-rcw
We do not have to define package for each board, and
consider variant's building/installing.
It is easier to maintain ls-rcw with only one package
installing all boards RCW binaries as intermediate
files, each of which is just about hundreds of bytes.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-07 12:53:06 +02:00
Jason A. Donenfeld
4f6343ffe7 wireguard: bump to 1.0.20200506
* compat: timeconst.h is a generated artifact

Before we were trying to check for timeconst.h by looking in the kernel
source directory. This isn't quite correct on configurations in which
the object directory is separate from the kernel source directory, for
example when using O="elsewhere" as a make option when building the
kernel. The correct fix is to use $(CURDIR), which should point to
where we want.

* compat: use bash instead of bc for HZ-->USEC calculation

This should make packaging somewhat easier, as bash is generally already
available (at least for dkms), whereas bc isn't provided by distros by
default in their build meta packages.

* socket: remove errant restriction on looping to self

It's already possible to create two different interfaces and loop
packets between them. This has always been possible with tunnels in the
kernel, and isn't specific to wireguard. Therefore, the networking stack
already needs to deal with that. At the very least, the packet winds up
exceeding the MTU and is discarded at that point. So, since this is
already something that happens, there's no need to forbid the not very
exceptional case of routing a packet back to the same interface; this
loop is no different than others, and we shouldn't special case it, but
rather rely on generic handling of loops in general. This also makes it
easier to do interesting things with wireguard such as onion routing.
At the same time, we add a selftest for this, ensuring that both onion
routing works and infinite routing loops do not crash the kernel. We
also add a test case for wireguard interfaces nesting packets and
sending traffic between each other, as well as the loop in this case
too. We make sure to send some throughput-heavy traffic for this use
case, to stress out any possible recursion issues with the locks around
workqueues.

* send: cond_resched() when processing tx ringbuffers

Users with pathological hardware reported CPU stalls on CONFIG_
PREEMPT_VOLUNTARY=y, because the ringbuffers would stay full, meaning
these workers would never terminate. That turned out not to be okay on
systems without forced preemption. This commit adds a cond_resched() to
the bottom of each loop iteration, so that these workers don't hog the
core. We don't do this on encryption/decryption because the compat
module here uses simd_relax, which already includes a call to schedule
in preempt_enable.

* selftests: initalize ipv6 members to NULL to squelch clang warning

This fixes a worthless warning from clang.

* send/receive: use explicit unlikely branch instead of implicit coalescing

Some code readibility cleanups.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-07 12:53:06 +02:00
Hauke Mehrtens
5019a06fc1 ppp: Fix mirror hash
Fixes: ae06a650d6 ("ppp: update to version 2.4.8.git-2020-03-21")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-06 21:29:08 +02:00
Rafał Miłecki
c3a43753b9 fstools: update to the latest version
eec16e2 blockd: add optional "device" parameter to "info" ubus method
9ab936d block(d): always call hotplug.d "mount" scripts from blockd
4963db4 blockd: use uloop_process for calling /sbin/hotplug-call mount
cddd902 Truncate FAT filesystem label until 1st occurance of a blank (0x20)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-05-06 17:50:31 +02:00
Rafał Miłecki
9295ce7006 fstools: update to the latest version
8b9e601 block: always use st_dev (device ID) of / when looking for root
37c9148 block: simplify check_extroot() a bit
d70774d block: add some basic extroot documentation
32db27d Revert "block: support hierarchical mount/umount"
0b93429 Revert "block: mount_action: handle mount/umount deps"

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-05-05 09:14:40 +02:00
Hans Dedecker
0836d0dea2 odhcpd: update to latest git HEAD (FS#3056)
5ce0770 router: fix Lan host reachibility due to identical RIO and PIO prefixes (FS#3056)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-04 21:29:24 +02:00
John Crispin
b9cf9ebdb7 mediatek: add uboot
Signed-off-by: John Crispin <john@phrozen.org>
2020-05-04 16:31:19 +02:00
John Crispin
b5516603dd mac80211: more wifi reconf related fixes
* uci state was not getting reset properly during teardown
* AP+STA co-exist state was not flushed properly upon channel switch
* remove a debug logger call
* properly teardown supplicant instances when they get disabled
* add md5 config support for supplicant
* don't call wpa_supplicant_prepare_interface twice

Signed-off-by: John Crispin <john@phrozen.org>
2020-05-04 16:22:03 +02:00
Josef Schlehofer
0e522d5f4a curl: update to version 7.70.0
- Release notes:
https://curl.haxx.se/changes.html#7_70_0

- Refreshed patch

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-05-04 07:59:46 +02:00
Stijn Tintel
3a79e3b185 argp-standalone: fix segfault in canon_doc_option
Backported from glibc.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-05-03 20:31:30 +03:00
Hans Dedecker
ad27c133eb base-files: generate config files with correct permissions
As touch creates files with permission 0644 use umask to create
config files with permission 0600 to be inline with INSTALL_CONF

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-30 21:51:12 +02:00
Hans Dedecker
2855be3151 uci: update to latest git HEAD
ec8d323 file: preserve original file mode after commit

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-30 21:51:02 +02:00
Jason A. Donenfeld
f57230c4e6 wireguard: bump to 1.0.20200429
* compat: support latest suse 15.1 and 15.2
* compat: support RHEL 7.8's faulty siphash backport
* compat: error out if bc is missing
* compat: backport hsiphash_1u32 for tests

We now have improved support for RHEL 7.8, SUSE 15.[12], and Ubuntu 16.04.

* compat: include sch_generic.h header for skb_reset_tc

A fix for a compiler error on kernels with weird configs.

* compat: import latest fixes for ptr_ring
* compat: don't assume READ_ONCE barriers on old kernels
* compat: kvmalloc_array is not required anyway

ptr_ring.h from upstream was imported, with compat modifications, to our
compat layer, to receive the latest fixes.

* compat: prefix icmp[v6]_ndo_send with __compat

Some distros that backported icmp[v6]_ndo_send still try to build the compat
module in some corner case circumstances, resulting in errors.  Work around
this with the usual __compat games.

* compat: ip6_dst_lookup_flow was backported to 3.16.83
* compat: ip6_dst_lookup_flow was backported to 4.19.119

Greg and Ben backported the ip6_dst_lookup_flow patches to stable kernels,
causing breaking in our compat module, which these changes fix.

* git: add gitattributes so tarball doesn't have gitignore files

Distros won't need to clean this up manually now.

* crypto: do not export symbols

These don't do anything and only increased file size.

* queueing: cleanup ptr_ring in error path of packet_queue_init

Sultan Alsawaf reported a memory leak on an error path.

* main: mark as in-tree

Now that we're upstream, there's no need to set the taint flag.

* receive: use tunnel helpers for decapsulating ECN markings

ECN markings are now decapsulated using RFC6040 instead of the old RFC3168.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-30 08:00:53 +02:00
Petr Štetiar
493eef5b27 wireless-regdb: bump to latest release 2020-04-29
Update to latest release.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-30 00:52:04 +02:00
Petr Štetiar
8036e7ebb5 ath10k-ct: update to version 2020-04-29
Pulls in workaround for TX rate code firmware bug which might as well
help track it down via different printk()s and thus possibly provide
more clue for proper fix.

Firmware currently sends wrong (0xff) TX rate code which causes
WARN_ONCE, so the workaround just changes this bogus value (0xff) into 0.

For 5.4 it also pulls in tx-queue-wake throttling patch "ath10k: Restart
xmit queues below low-water mark", which should improve performance with
high number of concurrent TCP streams.

Ref: https://github.com/greearb/ath10k-ct/pull/129
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-30 00:52:04 +02:00
Petr Štetiar
b17a5a9bdb dnsmasq: always inform about disabled dhcp service
Init script checks for an already active DHCP server on the interface
and if such DHCP server is found, then it logs "refusing to start DHCP"
message, starts dnsmasq without DHCP service unless `option force 1` is
set and caches the DHCP server check result.

Each consecutive service start then uses this cached DHCP server check
result, but doesn't provide log feedback about disabled DHCP service
anymore.

So this patch ensures, that the log message about disabled DHCP service
on particular interface is always provided.

Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-30 00:52:04 +02:00
Daniel Golle
447d335d00 ugps: nmea: fix time comparision
Fix bug causing system time to be set over and over again, and causing
massive log pollution.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-29 21:32:35 +01:00
David Bauer
3f660249e6 kernel: hwmon: add Analog Devices AD741x support
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-29 16:03:00 +02:00
Antonio Quartulli
4b3b8ec81c wpad-wolfssl: fix crypto_bignum_sub()
Backport patch from hostapd.git master that fixes copy/paste error in
crypto_bignum_sub() in crypto_wolfssl.c.

This missing fix was discovered while testing SAE over a mesh interface.

With this fix applied and wolfssl >3.14.4 mesh+SAE works fine with
wpad-mesh-wolfssl.

Cc: Sean Parkinson <sean@wolfssl.com>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-28 11:45:44 +01:00
Álvaro Fernández Rojas
a882bfce05 ath10k-ct-firmware: add htt-mgt variants
For wave-2, there is now a new variant: htt-mgt-community (vs the old
full-htt-mgt-community).

The non-full one (hence forth 'diet') compiles out a lot of firmware features
that ath10k does not use. This saves a lot of resources and lets one
configure more stations/vdevs/etc using fwcfg.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-28 09:33:09 +02:00
Álvaro Fernández Rojas
06f510df6e ath10k-ct-firmware: update firmware images
No release notes this time.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-28 09:33:09 +02:00
Álvaro Fernández Rojas
2e5e9b459e ath10k-ct-firmware: rename ct-htt packages
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-28 09:33:09 +02:00
Álvaro Fernández Rojas
658e68f85c ath10k-firmware: move CT firmwares to new package
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-28 09:33:09 +02:00
Álvaro Fernández Rojas
ce2bd2bd03 ath10k-ct: remove old patches
Only keep 5.4 patches.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-28 09:33:09 +02:00
Luiz Angelo Daros de Luca
a3079fb7ba elfutils: powerpc build fix
Fixes following build error on mpc85xx/generic:

 ppc_initreg.c: In function 'ppc_set_initial_registers_tid':
 ppc_initreg.c:79:22: error: field 'r' has incomplete type
        struct pt_regs r;

Ref: FS#2924
Fixes: d27623b542 ("elfutils: update to 0.179")
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-28 07:45:00 +02:00
Petr Štetiar
76a0ddf130 wireless-regdb: backport three upstream fixes
Another release is overdue for quite some time, so I'm backporting three
fixes from upstream which I plan to backport into 19.07 as well.

Ref: FS#2880
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-28 07:45:00 +02:00
Felix Fietkau
1c008b61bd mt76: update to the latest version
bef8f8a5966d mt76: mt7615: remove a stray if statement
89bd7199487f mt76: remove variable 'val' set but not used
ee8ac234b84e mt76: mt7615: introduce mt7615_mcu_fill_msg
4999db4668f0 mt76: mt7615: introduce mt7615_mcu_wait_response
8ce6e40eba03 mt76: mt7615: cleanup fw queue just for mmio devices
9d1d2ee9add3 mt76: mt7615: introduce mt7615_init_device routine
7fbd2a57cea4 mt76: always init to 0 mcu messages
3b277cf18d95 mt76: mt7615: introduce mt7615_mcu_send_message routine
2a4132a55a4f mt76: mt7615: add mt7615_mcu_ops data structure
9ba71749a122 mt76: mt7615: move mt7615_mcu_set_bmc to mt7615_mcu_ops
2e991f3e8cdd mt76: mt7615: move mt7615_mcu_set_sta in mt7615_mcu_ops
56852057cb90 mt76: mt7615: rely on skb API for mt7615_mcu_set_eeprom
642ecd978887 mt76: mt7615: rework mt7615_mcu_set_bss_info using skb APIs
2b0810af4a52 mt76: mt7615: move more mcu commands in mt7615_mcu_ops data structure
7a6285e63d88 mt76: mt7615: introduce MCU_FW_PREFIX for fw mcu commands
e536b42ebc7d mt76: mt7615: introduce mt7615_register_map
fccbdb628ffd mt76: mt7615: add mt7663e support to mt7615_reg_map
d42244e9255c mt76: mt7615: add mt7663e support to mt7615_{driver,firmware}_own
aebbe088127f mt76: mt7615: add mt7663e support to mt7615_mcu_set_eeprom
28e22d07f892 mt76: mt7615: introduce mt7615_eeprom_parse_hw_band_cap routine
167428592647 mt76: mt7615: introduce mt7615_init_mac_chain routine
23ca7acfc856 mt76: mt7615: introduce uni cmd command types
c4171728cf70 mt76: mt7615: introduce set_bmc and st_sta for uni commands
9e5c76d2310a mt76: mt7615: add more uni mcu commands
779b2cebc147 mt76: mt7615: introduce set_ba uni command
21ee7da00f0a mt76: mt7615: get rid of sta_rec_wtbl data structure
2097f74f664c mt76: mt7615: introduce mt7663e support
8e9cd01228d0 mt7615: sync Kconfig with upstream
3b4f93840950 mt76: add memory barrier to DMA queue kick
8d301ace8ed7 mt76: mt7615: fix mt7663e firmware struct endianness
9bc1850ce711 mt76: mt7615: fix endianness in unified command
a1b9b7d94aa0 mt76: mt7615: add missing declaration in mt7615.h
6e4b2a709fe7 mt76: sync Makefile with upstream
258dfb6afb30 mt76: mt76x02u: Add support for newer versions of the XBox One wifi adapter
9c3d84b62cc0 mt76: mt76x2u: introduce Mercury UD13 support
ea8ea71933ca mt76: mt76x0: pci: add mt7610 PCI ID
9d555f82d329 mt76: mt7615: modify mt7615_ampdu_stat_read for each phy
8bd26d6c3172 mt76: mt7615: enable aggr_stats for both phy
1315afa511e0 mt76: mt7615: cleanup mib related defines and structs
072b50c61e0e mt76: mt7615: add more useful Tx mib counters
b23ff3e9343a mt76: mt7663: fix mt7615_mac_cca_stats_reset routine
294abe47c9b2 mt76: mt7663: enable nf estimation
d2d7bf2243f6 mt76: mt7615: make scs configurable per phy
908a2cfab88f mt76: mt7663: disable RDD commands
eaef0a268b95 mt76: mt7615: add ethool support to mt7663 driver
96e07ef1113d mt76: mt7615: introduce mt7615_mcu_set_channel_domain mcu command
67182f36e3be mt76: mt7663: keep Rx filters as the default
e6a3f3ffe53a mt76: mt7615: introduce hw scan support
12ecd5ba2146 mt76: mt7615: introduce scheduled scan support
f6ab0bee3172 mt76: mt7615: introduce BSS absence event
f208a9430044 mt76: mt7615: introduce rlm tlv in bss_info mcu command
ea4f4d216dbe mt76: mt7615: remove unnecessary register operations
72c9380e70f9 mt76: add headroom and tailroom to mt76_mcu_ops data structure
63e14669e09d mt76: mt7615: introduce mt7663u support to mt7615_write_txwi
29d359ac7626 mt76: mt7615: introduce mt7615_mac_update_rate_desc routine
1f1dd2cb5b49 mt76: mt7615: introduce __mt7663_load_firmware routine
cb6dcfd3cf13 mt76: mt7615: move mt7615_mac_wtbl_addr in mac.h
d28e8e7ef912 mt76: mt76u: rely on mt7622 queue scheme for mt7663u
f78cf8957aba mt76: mt7615: rework wtbl key configuration
2829497aaaf5 mt76: mt7615: introduce mt7615_wtbl_desc data structure
02c9ec4a15e7 mt76: mt7615: add address parameter to mt7615_eeprom_init
e9c640c0a79e mt76: mt7663: correct the name of the rom patch
1e8b2fe5ab03 mt76: mt7615: do not always reset the dfs state setting the channel
ec0ea46dacf9 mt76: mt7615: Delete an error message in mt7622_wmac_probe()
d16a4698f1ac mt76: mt7615: disable merge of OTP ROM data by default
2b58998bb594 mt76: mt7615: add support for applying DC offset calibration from EEPROM
55198aafb756 mt76: mt7615: add support for applying tx DPD calibration from EEPROM
5a1eaa38d380 mt76: mt7603: disable merge of OTP ROM data by default
bf60f43b12fb mt76: mt76x2: disable merge of OTP ROM data by default
9406eb1d110f mt76: mt7615: fix endian issues in applying flash calibration data
66d00b8c9dac mt76: mt7615: fix possible division by 0 in mt7615_mac_update_mib_stats
25d812dddcf8 mt76: mt7663: fix aggr range entry in debugfs
08b8bd2bc915 mt76: mt7615: disable hw/sched scan ops for non-offload firmware
8fb1cd20a776 mt76: mt7615: set hw scan limits only for firmware with offload support
05b23d7478fe mt76: mt7615: rework IRQ handling to prepare for MSI support
b92c0d576769 mt76: mt7622: fix DMA unmap length
03daa60ca69c mt76: mt7663: fix DMA unmap length
5f2f676b1f01 mt76: mt7615: enable MSI by default
5822911f8026 mt76: remove unnecessary annotations
a7035bce8517 mt76: mt7615: fix possible deadlock in mt7615_stop
d4e6e225bc06 mt76: mt7615: move core shared code in mt7615-common module
94827d2033c7 mt76: mt7615: introduce mt7663u support
36591dd35f91 mt76: mt7615: enable scs for mt7663 driver
bd80144cb5be mt76: mt7615: disable aspm by default
9dcb60b78ede mt76: mt7615: provide aid info to the mcu
6e443e89cce2 mt76: remove PS_NULLFUNC_STACK capability
ea133325faa6 mt76: mt7663: introduce 802.11 PS support in sta mode
ff3869b38cf2 mt76: mt7615: make Kconfig entry obvious for MT7663E
01fd34f3a6c5 mt76: mt7615: fix sta ampdu factor for VHT
e5adbb2077e2 mt76: fix A-MPDU density handling
d73e3a23a54e mt76: mt7615: use larger rx buffers if VHT is supported
257319e9b07d mt76: mt7615: never use an 802.11b CF-End rate on 5GHz
29a92c5606d6 mt76: mt7603: never use an 802.11b CF-End rate on 5GHz
c0b19ac97c07 mt76: mt7615: adjust timing in mt7615_mac_set_timing to match fw/hw values
1656882f2723 mt76: mt7615: do not adjust MAC timings if the device is not running
4e7ce907faf3 mt76: mt7615: fix tx status rate index calculation
8304b3866100 mt76: mt7603: fix tx status rate index calculation
722d1f47d8ba mt76: add rx queues info to mt76 debugfs
da329ef776b0 mt76: mt7615: parse mcu return code for unified commands
facf74fd506f mt76: mt7615: fix mt7615_firmware_own for mt7663e
e910787a9888 mt76: mt7615: fix max wtbl size for 7663
c9821f7d6a8c mt76: mt7615: fix mt7615_driver_own routine
e35cc532c3d2 mt76: mt7615: fix aid configuration in mt7615_mcu_wtbl_generic_tlv
b6cb91a71fe1 mt76: mt7615: rework mt7615_mac_sta_poll for usb code
b193dd8100f8 mt76: mt7663u: enable AirTimeFairness
31cffa98920f mt76: mt7615: move mcu bss upload before creating the sta
cde3716aa47e mt76: enable TDLS support
1846da5dd417 mt76: mt7615: set spatial extension index
6aaf0299730f mt76: mt7615: fix endian issues in dcoc/txdpd calibration
5de75b745cf9 mt76: mt7663: fix up BMC entry indicated to unicmd firmware
a5f394c5ca48 mt76: mt7615: add sta pointer to mt7615_mcu_add_bss_info signature
1f2f3dda76b9 mt76: mt7615: fix event report in mt7615_mcu_bss_event
c2a3cced36de mt76: mt76x0: enable MCS 8 and MCS9
1afabe78cfc5 mt76: mt7663: add the possibility to load firmware v2
5f3ccc722627 mt76: mt7663: remove check in mt7663_load_n9

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-04-27 20:09:24 +02:00
Adrian Schmutzler
3fdb08681b mvebu: tidy up support for GL.iNet GL-MV1000
This fixes a bunch of cosmetic issues with GL.iNet GL-MV1000:

- apply alphabetic sorting in multiple files
- use armada-3720 prefix for DTS like for other devices
- fix vendor capitalization for model in DTSes
- remove trivial comment in DTS files
- use DEVICE_VENDOR/DEVICE_MODEL
- remove redundant SUPPORTED_DEVICES
- use SOC instead of DEVICE_DTS
- remove empty line at EOF

Fixes: 050c24f05c ("mvebu: add support for GL.iNet GL-MV1000")

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-27 00:25:12 +02:00
Li Zhang
050c24f05c mvebu: add support for GL.iNet GL-MV1000
This patch adds supports for GL-MV1000.

Specification:
	- SOC: Marvell Armada 88F3720 (1GHz)
	- Flash: 16MB (W25Q128FWSIG)
	- RAM: 1GB DDR4
	- Ethernet: 3x GE (1 WAN + 2 LAN)
	- EMMC: 8GB EMMC (KLM8G1GETF-B041)
	- MicroSD: 1x microSD slot
	- USB: 1x USB 2.0 port(TypeA),1x USB 3.0 port(TypeC)
	- Button: 1x reset button,1x slide switch
	- LED: 3x greed LED
	- UART: 1x UART on PCB (JP1: 3.3V, RX, TX, GND)

	Update firmware instructions
	============================
	In the compiled,please gzip -d xxx.img.gz,then update firmware on uboot web.

Signed-off-by: Li Zhang <li.zhang@gl-inet.com>
[Copied dts file to files-5.4]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-26 21:45:41 +02:00
Xiaobo Tian
5d81b28a82 kernel: support intel X7xx 10/40GbE adapters
Signed-off-by: Xiaobo Tian <peterwillcn@gmail.com>
[Add i40evf/i40evf.ko and setect CONFIG_IAVF]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-26 21:45:41 +02:00
weidong jia
75512fe0e7 uboot-envtools: fix domywifi_dw33d Bad CRC error
The current dw33d partition index has changed, this patch solves
this problem.

old partition layout
dev:    size   erasesize  name
mtd0: 00040000 00010000 "u-boot"
mtd1: 00010000 00010000 "u-boot-env"
mtd2: 00fa0000 00010000 "oem-firmware"
mtd3: 00010000 00010000 "art"
mtd4: 00500000 00020000 "kernel"
mtd5: 05b00000 00020000 "ubi"
mtd6: 02000000 00020000 "oem-backup"

new partition layout
dev:    size   erasesize  name
mtd0: 00500000 00020000 "kernel"
mtd1: 05b00000 00020000 "ubi"
mtd2: 02000000 00020000 "oem-backup"
mtd3: 00040000 00010000 "u-boot"
mtd4: 00010000 00010000 "u-boot-env"
mtd5: 00fa0000 00010000 "oem-firmware"
mtd6: 00010000 00010000 "art"

Signed-off-by: weidong jia <jwdsccd@gmail.com>
2020-04-26 21:45:30 +02:00
Lucian Cristian
b397df51aa uboot-envtools: update to 2020.04
also revert to directly download the archive from https

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2020-04-26 21:20:47 +02:00
Linus Lüssing
066ec97167 mac80211: ath10k: increase rx buffer size to 2048
Before, only frames with a maximum size of 1528 bytes could be
transmitted between two 802.11s nodes.

For batman-adv for instance, which adds its own header to each frame,
we typically need an MTU of at least 1532 bytes to be able to transmit
without fragmentation.

This patch now increases the maxmimum frame size from 1528 to 1656
bytes.

Tested with two ath10k devices in 802.11s mode, as well as with
batman-adv on top of 802.11s with forwarding disabled.

Fix originally found and developed by Ben Greear.

Link: https://github.com/greearb/ath10k-ct/issues/89
Link: 9e5ab25027
Cc: Ben Greear <greearb@candelatech.com>
Signed-off-by: Linus Lüssing <ll@simonwunderlich.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2020-04-26 21:20:47 +02:00
Yangbo Lu
80f128d2aa perf: build with NO_LIBCAP=1
Build with NO_LIBCAP=1. This is to resolve build issue.

Package perf is missing dependencies for the following libraries:
libcap.so.2

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-04-26 21:20:47 +02:00
Luiz Angelo Daros de Luca
b0416c9c12 gdb: disable gdbserver for arc
Although gdb is supported, gdbserver is still not.

 checking whether gdbserver is supported on this host... no

Build breaks as gdbserver executable is not found during packaging.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2020-04-26 21:20:47 +02:00
David Bauer
822c342d09 kernel: netdev: fix kmod-sfp symbols
Fixes: ec2f7a47d3 ("kernel: add module to support SFP cages")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-26 14:19:33 +02:00
Kevin Darbyshire-Bryant
9e7d11f3e2 relayd: bump to version 2020-04-25
f4d759b dhcp.c: further improve validation

Further improve input validation for CVE-2020-11752

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-26 13:00:36 +01:00
Kevin Darbyshire-Bryant
9f7c8ed078 umdns: update to version 2020-04-25
cdac046 dns.c: fix input validation fix

Due to a slight foobar typo, failing to de-reference a pointer, previous
fix not quite as complete as it should have been.

Improve CVE-2020-11750 fix

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-26 13:00:32 +01:00
David Bauer
b359a6b948 kernel: netdev: fix kmod-sfp description capitalization
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-26 12:07:58 +02:00
David Bauer
71d5a0d92b kernel: netdev: add phylink dependency for sfp
Fixes: ec2f7a47d3 ("kernel: add module to support SFP cages")

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-26 11:48:26 +02:00
David Bauer
b23f72b5b6 kernel: netdev: add kmod-phylink
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-26 11:48:14 +02:00
René van Dorst
ec2f7a47d3 kernel: add module to support SFP cages
Enables kernel SFP case support.

Signed-off-by: René van Dorst <opensource@vdorst.com>
2020-04-25 23:45:16 +02:00
Daniel Golle
471b8bf8c1 procd: extend requirejail attribute handling
e2ed964 jail: don't fail unless requirejail is set
 17e7ae7 jail: don't load libpreload-seccomp.so if it doesn't exist

Fixes openwrt/packages#11913
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-25 10:31:33 +01:00
Adrian Schmutzler
d8b3f53f5e ltq-adsl(-fw): Makefile clean-up and fixes
This fixes a few minor issues (partially cosmetic) in ltq-adsl and
ltq-adsl-fw Makefiles:
- fix PKG_SOURCE_URL and switch to https
- remove non-existant FW_NAME variable
- fix package name for config inclusion
- fix config symbol for debugging

Fixes: 1d0a9d0c04 ("move ltq-adsl")

Cc: John Crispin <john@phrozen.org>

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-24 17:59:22 +02:00
Adrian Schmutzler
7b2731a691 kernel: replace "+@" IPV6 dependency by "+"
The combination +@IPV6:kmod-ipsec6 is not valid, the +a:b
syntax implies the @. Fix it.

Fixes: 2e6b6f9fca ("kernel: add @IPv6 dependency to ipv6 modules")

Reported-by: Oldřich Jedlička (@oldium)
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-24 13:49:20 +02:00
Felix Fietkau
b7d6e80fee fstools: update to the latest version
84965b92f635 blockd: print symlink error code and string message
62c578c22f9d blockd: report "target" path as "mount" for autofs available mounts
d1f1f2b38fa1 block: remove mount target file if it's a link
830441d790d6 blockd: remove symlink linkpath file if it's a dir or link
c80f7002114f libfstools/mtd: attempt to read from OOB data if empty space is found

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-04-22 10:50:15 +02:00
Petr Štetiar
3773ae127a openssl: bump to 1.1.1g
Fixes NULL dereference in SSL_check_chain() for TLS 1.3, marked with
high severity, assigned CVE-2020-1967.

Ref: https://www.openssl.org/news/secadv/20200421.txt
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-21 22:59:56 +02:00
Alexander Couzens
b77fd0d30b base-files: ensure VERBOSE is set
If not set, it shows the following error
sh: out of range

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2020-04-21 00:01:49 +02:00
Hans Dedecker
4298f0878f ubus: update to latest git HEAD
171469e lua: avoid truncation of large numeric values

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-20 21:26:58 +02:00
Petr Štetiar
97673d8771 uboot-rockchip: fix ident string
Commit 7975060116 ("uboot-rockchip: add new package") has added
`OpenWRT` ident string, fix it to proper `OpenWrt`.

Fixes: 7975060116 ("uboot-rockchip: add new package")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-20 16:44:17 +02:00
Tobias Mädel
7975060116 uboot-rockchip: add new package
This package is needed for the rockchip target.

Signed-off-by: Tobias Mädel <t.maedel@alfeld.de>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
2020-04-20 16:37:56 +02:00
Tobias Mädel
79d7109225 arm-trusted-firmware-rockchip: add new package
This is needed to build the uboot-rockchip, needed for the rockchip target

Signed-off-by: Tobias Mädel <t.maedel@alfeld.de>
Tested-by: Tobias Schramm <t.schramm@manjaro.org>
[replaced `mkdir -p` with INSTALL_DIR variable]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-20 16:37:56 +02:00
Pawel Dembicki
6cafea5c5e uboot-kirkwood: update to 2020.04
Update U-Boot to current 2020.04 release for kirkwood platform.

Catch up with upstream and move some configuration options from
the header files to the corresponding defconfig files.

Compile tested: all devices
Run tested: nsa310, pogoplugv4

Tested-by: Cezary Jackiewicz <cezary@eko.one.pl> [nsa310]
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-04-20 16:37:56 +02:00
Kevin Darbyshire-Bryant
be172e663f relayd: bump to version 2020-04-20
796da66 dhcp.c: improve input validation & length checks

Addresses CVE-2020-11752

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-20 11:32:07 +01:00
Kevin Darbyshire-Bryant
533da61ac6 umdns: update to version 2020-04-20
e74a3f9 dns.c: improve input validation

Addresses CVE-2020-11750

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-20 11:32:07 +01:00
Daniel Golle
7e9b56fde2 procd: fix jail when running on glibc
d200b70 jail: include /etc/nsswitch.conf in jail for glibc.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-19 23:19:40 +01:00
Hauke Mehrtens
ce1798e915 dante: Fix compile with glibc
When compiled with glibc the config_scan.c wants to use the
cpupolicy2numeric() function which is only available when
HAVE_SCHED_SETSCHEDULER is set. It looks like the wrong define was used here.

This fixes a build problem with glibc in combination with the force
ac_cv_func_sched_setscheduler=no in the OpenWrt CONFIGURE_VARS.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
/bin/ld: config_scan.o: in function `socks_yylex':
dante-1.4.1/sockd/config_scan.l:461: undefined reference to `cpupolicy2numeric'
collect2: error: ld returned 1 exit status
make[5]: *** [Makefile:522: sockd] Error 1

Fixes: aaf46a8fe2 ("dante: disable sched_getscheduler() - not implemented in musl")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
14c59a147c rbcfg: Add missing mode to open call
When open() is called with O_CREAT a 3. parameter has to be given with
the file system permissions of the new file.

Not giving this is an error, which results in a compile error with glibc.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
In file included from /include/fcntl.h:329,
                 from main.c:18:
In function 'open',
    inlined from 'rbcfg_update' at main.c:501:7:
/include/bits/fcntl2.h:50:4: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
    __open_missing_mode ();
    ^~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
70a962ca6f upgs: Remove extra _DEFAULT_SOURCE definition
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
 #define _DEFAULT_SOURCE

<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
7637b84fde busybox: backport Remove stime() function calls
glibc 2.31 does not provide stime() any more, backport a fix from
current busybox master to avoid using this function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:36 +02:00
Magnus Kroken
d7e98bd7c5 openvpn: update to 2.4.9
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.

Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-04-18 20:34:08 +02:00
Hans Dedecker
5f126c541a binutils: add ALTERNATIVES for strings (FS#3001)
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-18 10:44:30 +02:00
Magnus Kroken
02fcbe2f3d mbedtls: update to 2.16.6
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters

Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-04-17 23:43:01 +02:00
Daniel Golle
0495324b9b mac80211: make sure existing iface belongs to correct (fullmac) phy
Some FullMAC cfg80211 wireless devices do not support virtual
interfaces, hence there is script logic to keep the existing network
device. Improve this to support renaming the interface if needed and
make sure the existing interface actually belongs to the right phy.
Change calls to 'iw' to avoid outputing warnings and errors to not
confuse users of such devices.

Also bump PKG_RELEASE which has been forgotten in the previous two
mac80211 changes.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-17 13:31:58 +01:00
Lucian Cristian
16ad4de2c0 elfutils: aarch64 fix build on musl
aarch64_initreg.c: In function 'aarch64_set_initial_registers_tid':
aarch64_initreg.c:85:37: error: invalid operands to binary & (have 'long double' and 'unsigned int')
     dwarf_fregs[r] = fregs.vregs[r] & 0xFFFFFFFF;
                      ~~~~~~~~~~~~~~ ^

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2020-04-17 13:43:34 +02:00
Petr Štetiar
8e99bbda19 uboot-sunxi: bump to 2020.04 relase
Refreshed patches, removed upstreamed patch:

 260-configs-a64-olinuxino-emmc-add-eMMC-boot-part-config.patch

Boot tested on a64-olinuxino-emmc.

Cc: Zoltan HERPAI <wigyori@uid0.hu>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 13:43:34 +02:00
Petr Štetiar
260a225ba4 uboot-imx6: bump to 2020.04 release
Refreshed all patches, run tested on apalis.

Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 13:43:34 +02:00
David Bauer
0f1b5ce2f5 mac80211: drop data frames without key on encrypted links
If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.

This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.

Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.

Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-17 13:27:40 +02:00
Daniel Golle
99d567a83d mac80211: fix detecting existing interface
Instead of using the actual interface name, a hard-coded 'wlan0' has
slipped into the script. Replace it.

Fixes: ccf2aa9d4b ("mac80211: detect existing interface before adding")
Reported-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-17 11:36:35 +01:00
Daniel Golle
7c2e0fa586 procd: jail fixes and improvements
32c717e jail: only mess with rootfs if CLONE_NEWNS was set
 b275a62 instance: harmonize instance API
 511fd97 jail: make /proc more secure
 4953b7c jail: mount /sys read-only
 a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
 a4cc165 jail: always mount /dev as additional tmpfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 16:16:06 +01:00
Daniel Golle
e23de62845 netifd: clean up netns functionality
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 13:53:11 +01:00
Kevin Darbyshire-Bryant
9fd36f54f5 Revert "kmod-sched: add act_police"
This reverts commit 1b973b54ea.

It turns out act_police is included in the kmod-sched package so this
package turns out to be superfluous and causes file provision conflicts.

Ooooops!  Best revert it then.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-14 08:48:33 +01:00
Daniel Golle
a5a90a94ce netifd: fix jail ifdown and jails without jail_ifname
The previous commit introduced a regression for netns jails without
jail_ifname set. Fix that.

Fixes: 4e4f7c6d2d ("netifd: network namespace jail improvements")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 00:55:02 +01:00
Daniel Golle
4e4f7c6d2d netifd: network namespace jail improvements
aaaca2e interface: allocate and free memory for jail name
 d93126d interface: allow renaming interface when moving to jail netns

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 00:22:21 +01:00
Daniel Golle
a66efbf916 mac80211: adapt for single-instance wpad
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 00:22:21 +01:00
Daniel Golle
f37d634236 hostapd: reduce to a single instance per service
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 00:22:21 +01:00
Rosen Penev
d27623b542 elfutils: update to 0.179
Removed sys/cdefs usage. The header is deprecated.

Removed canonicalize_file_name define. It's already fixed upstream.

Added --disable-debuginfod. Seems to be needed.

Modified patch 005 to build more stuff. It was failing before. It still
only builds libraries.

Modified patch 100 to use strerror under non-glibc. It is used under
glibc as strerror is not thread safe. It is under musl and uClibc-ng.
strerror_l is not available under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-04-13 22:40:19 +02:00
Rosen Penev
76d22fc24b hostapd: backport usleep patch
Optionally fixes compilation with uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-04-13 22:40:19 +02:00
Kirill Lukonin
dce97df740 wpa_supplicant: disable CONFIG_WRITE functionality
CONFIG_WRITE functionality is not used and could be removed.
Looks helpful for devices with small flash because wpad is also affected.

Little testing shows that about 6 KB could be saved.

Signed-off-by: Kirill Lukonin <klukonin@gmail.com>
2020-04-13 22:40:06 +02:00
Jose Olivera
93a8cdf5d8 mwlwifi: Update the 88W8964's firmware to 9.3.2.12 and fix backports version detection
Updates the 88W8964 firmware used in the Linksys WRT3200ACM and WRT32X
[v9.3.2.6 -> v9.3.2.12]

Removes 0c43219 ("mwlwifi: Fix loading with backports v5.3")
as it has been merged upstream.

Unfortunately, there is a bug wherein Kaloz's repo, the version
detection mechanism for fixing vendor commands doesn't work.

It pulls in the Linux kernel version, which as of this time is
"4.14.y" or "4.19.y"

However, the proper behaviour is that it should pull in the mac80211
backports version which as of now is "5.4.27"

The included patch works around this using a backports define found
only on versions >5.3, "VENDOR_CMD_RAW_DATA".

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
2020-04-13 22:11:26 +02:00
Lucian Cristian
8f342a39de kernel: hwmon: add dme1737 driver
SMSC DME1737, SCH3112, SCH3114, SCH3116, SCH5027 monitoring support

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2020-04-13 22:11:22 +02:00
Álvaro Fernández Rojas
97c5fb4709 cypress-firmware: update to v5.4.18-2020_0402
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-13 10:14:48 +02:00
Daniel Golle
0aa2ecf5b2 base-files: don't ship local build key when on buildbot
Including the local build key in /etc/opkg/keys isn't feasible when
building on the buildbot: The included key collides with its copy
already in openwrt-keyring which breaks the ImageBuilder.
Not including a locally generated key also makes the base-files package
more reproducible.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-12 20:35:00 +01:00
Chuanhong Guo
f017f617ae base-files: preinit: also config switch when no port roles defined
current preinit code in base-files doesn't config switch when there are
no port roles defined. But this kind of configuration exists on single
port devices where switch vlan is simply disabled.
configure reset and enable_vlan property when a switch node exist.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-12 22:29:02 +08:00
Kevin Darbyshire-Bryant
4f34e430ed dnsmasq: bump to v2.81
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-12 15:04:48 +01:00
Adrian Schmutzler
ae636effd2 base-files: source functions.sh in /lib/functions/system.sh
The file /lib/functions/system.sh depends on find_mtd_index() and
find_mtd_part() located in /lib/function.sh, so let's source that
file.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 14:16:57 +02:00
Adrian Schmutzler
282e817350 base-files: do not source system.sh in functions.sh
The default_postinst() function in /lib/functions.sh sources
/lib/functions/system.sh before cycling through uci-defaults files.

This creates a pseudo-cyclic dependency as system.sh also uses
functions that are located in functions.sh. Despite that, there
is actually only one uci-defaults file in the entire repo that needs
system.sh, and this one contains an explicit source for system.sh
anyway.

Consequently, this patch removes the sourcing of system.sh in
functions.sh. There are no relevant uses in packages, routing and
luci repositories.
This may require adjustments for downstream, though.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 14:16:54 +02:00
Adrian Schmutzler
23d3fafd87 broadcom-wl: fix compilation with kernel 5.4
This adds two fixes for compilation with kernel 5.4:

1. dev_open from include/linux/netdevice.h needs a second parameter
   since kernel 5.0:
   00f54e68924e ("net: core: dev: Add extack argument to dev_open()")
2. get_ds() macro definition has been dropped since kernel 5.1:
   736706bee329 ("get rid of legacy 'get_ds()' function")
   Since get_ds() has been just a macro before, replace it in
   the driver instead of creating a version switch.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 12:41:12 +02:00
Adrian Schmutzler
d761b9f211 broadcom-wl: fix compilation with kernel >= 4.15
Since kernel 4.15, init_timer is not available anymore, and has been
replaced by timer_setup. The fixes compilation of wl_linuc.c, which
returned the following errors beforehand (line-wrapped manually):

.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c: In function 'wl_init_timer':
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2576:2: error: implicit
	declaration of function 'init_timer'; did you mean 'init_timers'?
	[-Werror=implicit-function-declaration]
  init_timer(&t->timer);
  ^~~~~~~~~~
  init_timers
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2577:10: error:
	'struct timer_list' has no member named 'data'
  t->timer.data = (ulong) t;
          ^
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2578:20: error: assignment
	to 'void (*)(struct timer_list *)' from incompatible pointer type
	'void (*)(ulong)' {aka 'void (*)(long unsigned int)'}
	[-Werror=incompatible-pointer-types]
  t->timer.function = wl_timer;

This should fix build of several devices on bcm63xx with testing
kernel (4.19).

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 12:35:37 +02:00
Hans Dedecker
8d9e26457c iproute2: update to 5.6.0
Update iproute2 to latest stable 5.6.0; for the changes see https://lwn.net/Articles/816778/

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-11 21:02:26 +02:00
Pawel Dembicki
c30220d458 ipq40xx: add support for Cell C RTL30VW
Cell C RTL30VW is a LTE router with tho gigabit ethernets and integrated
QMI mPCIE modem.

This is stripped version of ASKEY RTL0030VW.

Hardware:

Specification:
-CPU: IPQ4019
-RAM: 256MB
-Flash: NAND 128MB + NOR 16MB
-WiFi: Integrated bgn/ac
-LTE: mPCIe card (Modem chipset MDM9230)
-LAN: 2 Gigabit Ports
-USB: 2x USB2.0
-Serial console: RJ-45 115200 8n1
-Unsupported VoIP

Known issues:

None so far.

Instruction install:

There are two methods: Factory web-gui and serial + tftp.

Web-gui:
1. Apply factory image via stock web-gui.

Serial + initramfs:
1. Rename OpenWrt initramfs image to "image"
2. Connect serial console (115200,8n1)
3. Set IP to different than 192.168.1.11, but 24 bit mask, eg. 192.168.1.4.

4. U-Boot commands:
sf probe && sf read 0x80000000 0x180000 0x10000
setenv serverip 192.168.1.4
set fdt_high 0x85000000
tftpboot 0x84000000 image
bootm 0x84000000

5. Install sysupgrade image via "sysupgrade -n"

Back to stock:

All is needed is swap 0x4c byte in mtd8 from 0 to 1 or 1 to 0,
do firstboot and factory reset with OFW:

1. read mtd8:
dd if=/dev/mtd8 of=/tmp/mtd8
2. go to tmp:
cd /tmp/
3. write first part of partition:
dd if=mtd8 of=mtd8.new bs=1 count=76
4. check which layout uses bootloader:
cat /proc/mtd
5a. If first are kernel_1 and rootfs_1 write 0:
echo -n -e '\x00' >> mtd8.new
5b. If first are kernel and rootfs write 1:
echo -n -e '\x01' >> mtd8.new
6. fill with rest of data:
dd if=mtd8 bs=1 skip=77 >> mtd8.new
7. CHECK IF mtd8.new HAVE CHANGED ONLY ONE BYTE! e.g with:
hexdump mtd8.new
8. write new mtd8 to flash:
mtd write mtd8.new /dev/mtd8
9. do firstboot
10.reboot
11. Do back to factory defaults in OFW GUI.

Based on work: Cezary Jackiewicz <cezary@eko.one.pl>

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-04-10 15:22:26 +02:00
DENG Qingfang
a30abb1b6b ipq40xx: add support for MobiPromo CM520-79F
MobiPromo CM520-79F is an AC1300 dual band router based on IPQ4019

Specification:

SoC/Wireless: QCA IPQ4019
RAM: 512MiB
Flash: 128MiB SLC NAND
Ethernet PHY: QCA8075
Ethernet ports: 1x WAN, 2x LAN
LEDs: 7 LEDs
      2 (USB, CAN) are GPIO
      other 5 (2.4G, 5G, LAN1, LAN2, WAN) are connected to a shift register
Button: Reset

Flash instruction:
Disassemble the router, connect UART pins like this:
 GND TX    RX
  [x x . . x .]
  [. . . . . .]

(QCA8075 and IPQ4019 below)
Baud-rate: 115200

Set up TFTP server: IP 192.168.1.188/24
Power on the router and interrupt the booting with UART console
env backup (in case you want to go back to stock and need it there):
	printenv
	(Copy the output to somewhere save)
Set bootenv:
	setenv set_ubi 'set mtdids nand0=nand0; set mtdparts mtdparts=nand0:0x7480000@0xb80000(fs); ubi part fs'
	setenv bootkernel 'ubi read 0x84000000 kernel; bootm 0x84000000#config@1'
	setenv cm520_boot 'run set_ubi; run bootkernel'
	setenv bootcmd 'run cm520_boot'
	setenv bootargs
	saveenv
Boot initramfs from TFTP:
	tftpboot openwrt-ipq40xx-generic-mobipromo_cm520-79f-initramfs-fit-zImage.itb
	bootm
After initramfs image is booted, backup rootfs partition in case of reverting to stock image
	cat /dev/mtd12 > /tmp/mtd12.bin
Then fetch it via SCP

Upload nand-factory.ubi to /tmp via SCP, then run
	mtd erase rootfs
	mtd write /tmp/*nand-factory.ubi rootfs
	reboot

To revert to stock image, restore default bootenv in uboot UART console
	setenv bootcmd 'bootipq'
	printenv
use the saved dump you did back when you installed OpenWrt to verify that
there are no other differences from back in the day.
	saveenv
upload the backed up mtd12.bin and run
	tftpboot mtd12.bin
	nand erase 0xb80000 0x7480000
	nand write 0x84000000 0xb80000 0x7480000
The BOOTCONFIG may have been configured to boot from alternate partition (rootfs_1) instead
In case of this, set it back to rootfs:
	cd /tmp
	cat /dev/mtd7 > mtd7.bin
	echo -ne '\x0b' | dd of=mtd7.bin conv=notrunc bs=1 count=1 seek=4
	for i in 28 48 68 108; do
		dd if=/dev/zero of=mtd7.bin conv=notrunc bs=1 count=1 seek=$i
	done
	mtd write mtd7.bin BOOTCONFIG
	mtd write mtd7.bin BOOTCONFIG1

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[renamed volume to ubi to support autoboot,
as per David Lam's test in PR#2432]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-04-10 15:22:26 +02:00
Kevin Darbyshire-Bryant
1b973b54ea kmod-sched: add act_police
"Whoop whoop, sound of da police"

Add an ingress capable traffic policer module configurable with tc.

From the man page:

The police action allows to limit bandwidth of traffic matched by the
filter it is attached to. Basically there are two different algorithms
available to measure the packet rate: The first one uses an internal
dual token bucket and is configured using the rate, burst, mtu,
peakrate, overhead and linklayer parameters. The second one uses an
in-kernel sampling mechanism. It can be fine-tuned using the estimator
filter parameter.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-10 12:26:31 +01:00
Daniel Engberg
cb511ceb45 e2fsprogs: Update to 1.45.6
Update e2fsprogs to 1.45.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2020-04-09 22:08:16 +02:00
Daniel Golle
de63466364 exfat-utils: add exFAT File System utilities package
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-09 15:11:44 +01:00
Daniel Golle
02a1914585 procd: bump to latest HEAD
2188d81 jail: add support for launching extroot containers
 6f3dbd2 jail: add support for userns and cgroupsns
 28a06e5 jail: add support for (ram-)overlayfs

Add handling for extroot, overlaydir and tmpoverlaysize as well as
jail flags for userns and cgroupsns to OpenWrt's shell script to
allow their use in init scripts.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-09 13:07:22 +01:00
Eneas U de Queiroz
1da014fcca busybox: quote 'source' filenames in Config.in
Newer versions of the kconfig program requires quoting the arguments of
the 'source' directive.  These are the last ones not using them.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-09 12:51:10 +02:00
Eneas U de Queiroz
2e6b6f9fca kernel: add @IPV6 dependency to ipv6 modules
IPv6 modules should all depend on @IPV6, to avoid circular dependencies
problems, especially if they select a module that depends on IPV6 as
well.  In theory, if a package A depends on IPV6, any package doing
'select A' (DEPENDS+= A) should also depend on IPV6; otherwise selecting
A will fail.  Sometimes the build system is forgiving this, but
eventually, and unexpectedly, it may blow up on some other commit.

Alternatively one can conditionally add IPv6 dependencies only if
CONFIG_IPV6 is selected: (DEPENDS+= +IPV6:package6).

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-09 12:51:10 +02:00
Norbert van Bolhuis
9aa3d5b345 linux-atm: Include linux/sockios.h for SIOCGSTAMP
Since linux kernel commit 0768e17073dc527ccd18ed5f96ce85f9985e9115
(2019-04-19) the asm-generic/sockios.h header no longer defines
SIOCGSTAMP. Instead it provides only SIOCGSTAMP_OLD.

The linux/sockios.h header now defines SIOCGSTAMP using either
SIOCGSTAMP_OLD or SIOCGSTAMP_NEW as appropriate. This linux only
header file is not included so we get a build failure.

Signed-off-by: Norbert van Bolhuis <nvbolhuis@aimvalley.nl>
2020-04-09 00:12:46 +02:00
Florian Eckert
91c61aae20 base-files: add enabled commands to service rc.common
Add missing enbaled command help output.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-04-08 22:07:18 +02:00
Pawel Dembicki
5a5a9b7a75 packages: mt76: add 14c3:7610 pci id to list
This commit add patch with 14c3:7610 pci id addition.

It was sent upstream.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[bumped PKG_RELEASE]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-08 14:05:29 +01:00
Rosen Penev
d8bde3687a iproute2: add kmod-netlink-diag for ss
Allows proper usage of the ss tool. Otherwise, several errors and bad
data gets thrown:

Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported

Originally reported here: https://github.com/openwrt/packages/issues/8232

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-04-07 20:40:03 +02:00
Rosen Penev
92792ead34 kmod: add netlink-diag package
This is used by the ss utility from iproute2.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-04-07 20:39:47 +02:00
Hans Dedecker
ae06a650d6 ppp: update to version 2.4.8.git-2020-03-21
Use upstream latest git HEAD as it allows to remove the patches
700-radius-Prevent-buffer-overflow-in-rc_mksid,
701-pppd-Fix-bounds-check-in-EAP-code and
702-pppd-Ignore-received-EAP-messages-when-not-doing-EAP and
take in other fixes.

41a7323 pppd: Fixed spelling 'unkown' => 'unknown' (#141)
6b014be pppd: Print version information to stdout instead of stderr (#133)
cba2736 pppd: Add RFC1990 (Multilink) to the See Also section of the man page
f2f9554 pppd: Add mppe.h to the list of headers to install if MPPE is defined
ae54fcf pppd: Obfuscate password argument string
8d45443 pppd: Ignore received EAP messages when not doing EAP
8d7970b pppd: Fix bounds check in EAP code
858976b radius: Prevent buffer overflow in rc_mksid()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-06 20:42:45 +02:00
Tan Zien
02f07c6401 kernel: netdev: add missing config for mlx5 driver
The mlk5 kmod lacks all necessary build symbols
for kernel 4.14 (again).

Add missing symbols to avoid build failure on these targets.

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
[rewrite commit message - reorder symbols]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-06 12:39:00 +02:00
Kevin Darbyshire-Bryant
4540c3c3bf dnsmasq: bump to 2.81rc5
Bump to 2.81rc5 and re-work ipset-remove-old-kernel-support.

More runtime kernel version checking is done in 2.81rc5 in various parts
of the code, so expand the ipset patch' scope to inlude those new areas
and rename to something a bit more generic.:wq

Upstream changes from rc4

532246f Tweak to DNSSEC logging.
8caf3d7 Fix rare problem allocating frec for DNSSEC.
d162bee Allow overriding of ubus service name.
b43585c Fix nameserver list in auth mode.
3f60ecd Fixed resource leak on ubus_init failure.
0506a5e Handle old kernels that don't do NETLINK_NO_ENOBUFS.
e7ee1aa Extend stop-dns-rebind to reject IPv6 LL and ULA addresses. We also reject the loopback address if rebind-localhost-ok is NOT set.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-06 09:30:45 +01:00
Peter Stadler
5c1d88a83f netifd: fix 14_migrate-dhcp-release script
prepend 'uci' to 'commit network'

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
2020-04-05 18:54:22 +02:00
Kevin Darbyshire-Bryant
82df192a01 dropbear: backport add ip address to exit without auth messages
201e359 Handle early exit when addrstring isn't set
fa4c464 Improve address logging on early exit messages (#83)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-05 10:56:52 +01:00
Kevin Darbyshire-Bryant
1c6143e4a0 hostapd: Move hostapd variants to WirelessAPD menu
It seemed very confusing when trying to select the different variants of
hostapd which are somewhat scattered about under the menu 'Network'.
Moving all hostapd variants under a common submenu helps avoid
confusion.

Inspired-by: Kevin Mahoney <kevin.mahoney@zenotec.net>
[Fixup badly formatted patch, change menu name]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-05 10:41:49 +01:00
Kevin Darbyshire-Bryant
22ae8bd50e umdns: update to the version 2020-04-05
ab7a39a umdns: fix unused error
45c4953 dns: explicitly endian-convert all fields in header and question

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-05 09:24:22 +01:00
Tan Zien
d24e43a7f6 kernel: Fix miss config and module for mlx driver
Missing config symbols could lead to build failures on kernel
4.14/4.19.

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
[rephrase commit message - reorder symbols]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-04 17:12:43 +02:00
Kevin Darbyshire-Bryant
02640f0147 umdns: suppress address-of-packed-member warning
gcc 8 & 9 appear to be more picky with regards access alignment to
packed structures, leading to this warning in dns.c:

dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer
(alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer
(alignment 2) may result in an unaligned pointer value
[-Werror=address-of-packed-member]

261 |  uint16_t *swap = (uint16_t *) q;

Work around what I think is a false positive by turning the warning off.
Not ideal, but not quite as not ideal as build failure.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-04 11:28:18 +01:00
Kevin Darbyshire-Bryant
c14c6902f5 treewide: convert sed -r to posix -E
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-04 11:28:15 +01:00
Tan Zien
3ec70052c5 kernel: add module for Mellanox mlx Network Driver
add module to support Mellanox Connect-X card
mlx4 supports ConnectX-3 series and previous cards
mlx5 supports Connect-IB/ConnectX-4 series and later cards

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-04-03 15:33:27 +02:00
Kevin Darbyshire-Bryant
fcd1401700 grub2: fix build when ASLR enabled
Disable ASLR and filter '-fno-plt' from CFLAGS: solves building when
ASLR enabled by basically disabling ASLR.

Solves errors similar to:
relocation R_X86_64_32S against `.rodata' can not be used when making a PIE object; recompile with -fPIE
or
module missing GLOBAL_OFFSET_TABLE

Suggested-by: 李国 <uxgood.org@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-02 13:42:26 +01:00
Kevin Darbyshire-Bryant
b74386acc6 kmod-sched-cake: switch to in-tree cake for 4.19+
Use in tree version of cake for kernels 4.19+ and backport features from
later kernel versions to 4.19.

Unfortunately PROVIDES dependency handling produces bogus circular
dependency warnings so whilst this package and kmod-sched-cake-oot
should be able to PROVIDE kmod-sched-cake this doesn't work.

Instead, remove the PROVIDES option and modify package sqm-scripts to
depend on the correct module independently.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-01 21:59:45 +01:00
Kevin Darbyshire-Bryant
475738c9af kmod-sched-cake: rename to kmod-sched-cake-oot
In preparation for dropping the out of tree cake module and using
in tree cake from upstream, rename the package to kmod-sched-cake-oot
(out of tree)

Initially add a PROVIDES kmod-sched-cake so that package dependencies
can be satisfied.

Ultimately this package will be removed when linux 4.14 is removed.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-01 21:59:45 +01:00
Jason A. Donenfeld
e32eaf5896 wireguard: bump to 1.0.20200401
Recent backports to 5.5 and 5.4 broke our compat layer. This release is
to keep things running with the latest upstream stable kernels.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-01 22:24:58 +02:00
Daniel Golle
a24a9bbc8c mac80211: rt2x00: prune more unnecessary exports
The calibration patches for MT7620 unnecessarily export symbols and
populate never accessed function pointers. Remove all that and make
functions static as the only place where each of those functions is
called is within rt2800lib.c.
Also make code more readable by fixing indentation, removing
unnecessary parantheses and simplifying some instructions using
shorthands here and there.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-01 19:47:59 +01:00
Kevin Darbyshire-Bryant
51edc4eb89 jansson: convert to cmake
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-01 16:36:04 +01:00
Eneas U de Queiroz
af5ccfbac7 openssl: bump to 1.1.1f
There were two changes between 1.1.1e and 1.1.1f:
- a change in BN prime generation to avoid possible fingerprinting of
  newly generated RSA modules
- the patch reversing EOF detection we had already applied.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-01 08:12:20 +02:00
李国
a6b7c3e672 x86: generate EFI platform bootable images
Add EFI platform bootable images for x86 platforms. These images can
also boot from legacy BIOS platform.

EFI System Partition need to be fat12/fat16/fat32 (not need to load
filesystem drivers), so the first partition of EFI images are not ext4
filesystem any more.

GPT partition table has an alternate partition table, we did not
generate it. This may cause problems when use these images as qemu disk
(kernel can not find rootfs), we pad enough sectors will be ok.

Signed-off-by: 李国 <uxgood.org@gmail.com>
[part_magic_* refactoring, removed genisoimage checks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-31 16:20:47 +02:00
李国
d9228514cc grub2: make some change to add efi platform support
1.generate boot image at Package/install section
2.move boot image to $(STAGING_DIR_IMAGE)/grub2/
3.add efi variant to support efi platform

Signed-off-by: 李国 <uxgood.org@gmail.com>
2020-03-31 16:20:47 +02:00
Álvaro Fernández Rojas
332ed4a835 bcm27xx-gpu-fw: update to latest version from RPi foundation
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-03-31 13:22:59 +02:00
Jason A. Donenfeld
84025110cc wireguard: bump to 1.0.20200330
* queueing: backport skb_reset_redirect change from 5.6
* version: bump

This release has only one slight change, to put it closer to the 5.6
codebase, but its main purpose is to bump us to a 1.0.y version number.
Now that WireGuard 1.0.0 has been released for Linux 5.6 [1], we can put
the same number on the backport compat codebase.

When OpenWRT bumps to Linux 5.6, we'll be able to drop this package
entirely, which I look forward to seeing.

[1] https://lists.zx2c4.com/pipermail/wireguard/2020-March/005206.html

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-31 08:01:34 +02:00
Jose Olivera
5c57d15aed ath10k-ct: Support AQL on ath10k CT_KVER-5.4
Commit ea50780 backported Airtime Queue Limits (AQL) from Linux 5.5
to OpenWrt's backports 5.4. However, this only enabled AQL for the
vanilla ath10k driver. This patch also enables it for ath10k-ct.

Tested on:
* 2xTP-Link Archer A7v5 (QCA9563/QCA988X)
* Backports version 5.4-rc8 & 5.4.27
* ath10k-ct and ath10k-ct-htt firmware version 014 to 017
* ath10k-ct driver versions dc025dc to 3d173a4 (CT_KVER-5.4)
* WPA2, 802.11krv

Tested since January 25, 2020.

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
2020-03-30 01:46:50 +02:00
Nick Hainke
c9c3fd1320 hostapd: add abridged flag in disassoc_imminent
If the abridged flag is set to 1 the APs that are listed in the BSS
Transition Candidate List are prioritized. If the bit is not set, the
APs have the same prioritization as the APs that are not in the list.

If you want to steer a client, you should set the flag!

The flag can be set by adding {...,'abridged': true,...} to the normal
ubus call.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2020-03-30 01:46:50 +02:00
Nick Hainke
c8ef465e10 hostapd: expose beacon reports through ubus
Subscribe to beacon reports through ubus.
Can be used for hearing map and client steering purposes.

First enable rrm:
    ubus call hostapd.wlan0 bss_mgmt_enable '{"beacon_report":True}'

Subscribe to the hostapd notifications via ubus.

Request beacon report:
    ubus call hostapd.wlan0 rrm_beacon_req
	'{"addr":"00:xx:xx:xx:xx:xx", "op_class":0, "channel":1,
	"duration":1,"mode":2,"bssid":"ff:ff:ff:ff:ff:ff", "ssid":""}'

Signed-off-by: Nick Hainke <vincent@systemli.org>
[rework identation]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-03-30 01:46:50 +02:00
Jesus Fernandez Manzano
86440659b5 hostapd: Add 802.11r support for WPA3-Enterprise
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
2020-03-30 01:46:50 +02:00
Hans Dedecker
089cddc252 odhcp6c: update to latest git HEAD
f575351 ra: fix sending router solicitations

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-03-29 22:24:30 +02:00
Kevin Darbyshire-Bryant
8d25c8e7f6 dnsmasq: bump to 2.81rc4
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-29 18:30:08 +01:00
Kevin Darbyshire-Bryant
94dae0f191 nftables: implement no/json variants
Replace the build time choice of json support with a package based
choice.  Users requiring a json aware version of 'nft' may now install
nftables-json.

The default choice to fulfill the 'nftables' package dependency is
'nftables-nojson'

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-29 17:27:54 +01:00
Kevin Darbyshire-Bryant
9e835377ad jansson: import jansson from packages
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-29 17:27:54 +01:00
Hauke Mehrtens
f0aff72c2b mac80211: Update to version 5.4.27
The removed patches are all integrated in the upstream version now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-03-29 18:22:10 +02:00
Hauke Mehrtens
94949801de mac80211: Fix rt2x00 exports
Do not export static functions, they are anyway not referenced by any
code in a different module.

This fixes the following compile warning:
WARNING: "rt2800_rf_aux_tx0_loopback" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_write_dc" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_rf_configstore" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_do_sqrt_accumulation" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_rf_configrecover" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_loft_search" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_iq_search" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_setbbptonegenerator" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_rf_aux_tx1_loopback" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL

Acked-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-03-29 18:22:01 +02:00
DENG Qingfang
972daf7fdc curl: rebuild when libopenssl config changes
When some libopenssl options change curl will have to be rebuild to
adapt to those changes, avoiding undefined reference errors or features
disabled in curl.

Add CONFIG_OPENSSL_ENGINE, CONFIG_OPENSSL_WITH_COMPRESSION and
CONFIG_OPENSSL_WITH_NPN to PKG_CONFIG_DEPENDS so it will trigger
rebuild every time the options are changed.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-03-29 14:31:04 +01:00
Petr Štetiar
19760563f7 mac80211: rtl8723bs: fix missing MMC dependency
Building of ath79-tiny has uncovered following:

 Package kmod-rtl8723bs is missing dependencies for the following libraries:
 mmc_core.ko

So add this missing dependency.

Fixes: 8c26d67a67 ("mac80211: realtek: add staging driver for RTL8723BS SDIO module")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 22:58:36 +01:00
Nick Bowler
2785d003d3 kernel: package gpio-f7188x driver
This driver enables support for the GPIO capabilities found in many
Fintek Super-IO chips.

Signed-off-by: Nick Bowler <nbowler@draconx.ca>
2020-03-28 13:03:02 +01:00
Nick Bowler
3ad0cf7d93 kernel: package f71808e-wdt driver
This driver enables support for the watchdog timers found in many
Fintek Super-IO chips.

Signed-off-by: Nick Bowler <nbowler@draconx.ca>
2020-03-28 13:03:02 +01:00
Nick Bowler
922dfe0fa0 kernel: package f71882fg hwmon driver
This driver enables hardware monitoring support using the sensors
found in many Fintek Super-IO chips.

Signed-off-by: Nick Bowler <nbowler@draconx.ca>
2020-03-28 13:03:02 +01:00
Eneas U de Queiroz
2e8a4db9b6 openssl: revert EOF detection change in 1.1.1
This adds patches to avoid possible application breakage caused by a
change in behavior introduced in 1.1.1e.  It affects at least nginx,
which logs error messages such as:
nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error:
4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while
keepalive, client: xxxx, server: [::]:443

Openssl commits db943f4 (Detect EOF while reading in libssl), and
22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the
behavior when encountering an EOF in SSL_read().  Previous behavior was
to return SSL_ERROR_SYSCALL, but errno would still be 0.  The commits
being reverted changed it to SSL_ERRO_SSL, and add an error to the
stack, which is correct.  Unfortunately this affects a number of
applications that counted on the old behavior, including nginx.

The reversion was discussed in openssl/openssl#11378, and implemented as
PR openssl/openssl#11400.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-03-28 13:03:02 +01:00
Petr Štetiar
5f2ff607e2 uboot-sunxi: a64: allow booting directly from eMMC
Current boot script uses hardcoded bootdevice, which allows booting from
SD card only, so this patch allows booting directly from eMMC as well.
While at it, replace fixed root device with more flexible UUID based
probing, so from now on probing order of MMC device doesn't matter.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Petr Štetiar
90897df61a uboot-sunxi: add support for Olimex A64-Olinuxino eMMC
Adding U-Boot image for Olimex A64-Olinuxino eMMC, including patch which
adds eMMC boot partition configuration commands.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Petr Štetiar
cda9af568b uboot-sunxi: add support for Olimex A64-Olinuxino
Adding U-Boot image for Olimex A64-Olinuxino.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Petr Štetiar
461a1d5a04 uboot-sunxi: rename Sinovoip BPI M2 Plus to Bananapi M2 Plus H3
Rename the board as done in upstream commit 268ae6548779 ("sunxi: Rename
Sinovoip BPI M2 Plus to Bananapi M2 Plus H3") which backs the rename
with the following reasoning:

 The brand Sinovoip is used for Sinovoip's original VOIP products, while
 the Bananapi brand is for the single board computers they produce.  This
 has been verified by Bananapi. Rename the board from "Sinovoip BPI M2
 Plus" to "Bananapi M2 Plus". For the defconfig file, all lowercase is
 used.

 To support the H5 variant of this board, the "H3" suffix is added to
 the defconfig name.

This has to be done in order to allow building U-Boot past v2019.04
release where this change was introduced.

Ref: https://github.com/openwrt/openwrt/pull/2849#discussion_r396401489
Suggested-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Aleksander Jan Bajkowski
a9bd89fe18 uboot-sunxi: Banana Pi M2 Ultra switch to mainline defconfig
U-boot also have defconfig for this board. In 2019.01 branch they are identical.

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
2020-03-28 13:03:02 +01:00
Petr Štetiar
48436953e9 uboot-sunxi: bump to 2020.01
Refreshed patches, removed following, probably obsolete patches:

 221-compatible-old-dtc.patch
 240-sun50i-h5-Orange-Pi-Zero-Plus-Fix-SdCard-detection.patch

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Petr Štetiar
5fbcb52648 linux-firmware: add firmware for RTL8723BS SDIO modules
Adds firmware package for Realtek RTL8723BS SDIO Wireless LAN NIC driver
available in the staging.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Petr Štetiar
8c26d67a67 mac80211: realtek: add staging driver for RTL8723BS SDIO module
Adds kernel module for Realtek RTL8723BS SDIO Wireless LAN NIC driver
available in the staging.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
John Crispin
22d896eb21 hostapd: fix no_reload logic
the code would unconditionally tear down all interfaces upon a reconf.
This should only be done when the reconf call fails.

Signed-off-by: John Crispin <john@phrozen.org>
2020-03-27 16:18:57 +01:00
Rafał Miłecki
038318f766 mac80211: fix brcmfmac monitor interface crash
This fixes bug in brcmfmac *exposed* by ipv6/addrconf fix.

Fixes: ec8e8e2ef0 ("kernel: backport out-of-memory fix for non-Ethernet devices")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-03-27 14:57:01 +01:00
Álvaro Fernández Rojas
84f4a783c6 ath10k-firmware: update ath10k-ct firmware images
Release notes for 017:

Wave-1:

 *  March 19, 2020:  Fix problem where power-save was not enabled when going off-channel to scan.
                     The problem was a boolean logic inversion in the chmgr code, a regression I introduced
                     a long time ago.

 *  March 19, 2020:  When scanning only on current working channel, do not bother with disable/enable
                     powersave.  This should make an on-channel scan less obtrusive than it was previously.

 *  March 23, 2020:  Fix channel-mgr use-after-free problem that caused crashes in some cases.  The crash
                     was exacerbated by recent power-save changes.

 *  March 23, 2020:  Fix station-mode power-save related crash:  backported the fix from 10.2 QCA firmware.

 *  March 23, 2020:  Attempt to better clean up power-save objects and state, especially in station mode.

Release notes for 016:

Wave-1 changes, some debugging code for a crash someone reported, plus:

*  February 28, 2020:  Fix custom-tx path when sending in 0x0 for rate-code.  Have tries == 0 mean
                        one try but NO-ACK (similar to how wave-2 does it).

wave-2:

 * Fixed some long-ago regressions related to powersave and/or multicast.  Maybe fix some
   additional multicast and/or tx-scheduling bugs.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-03-27 10:18:41 +01:00
Álvaro Fernández Rojas
3114a4ef6c ath10k-ct: update to version 2020-03-25
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-03-27 10:18:39 +01:00
Hans Dedecker
001211a5ba netifd: fix compilation with musl 1.2.0
1e8328 system-linux: fix compilation with musl 1.2.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-03-26 21:58:02 +01:00
Hans Dedecker
ea69b13d84 odhcp6c: fix compilation with musl 1.2.0
49305e6 odhcp6c: fix compilation with musl 1.2.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-03-26 21:58:02 +01:00
Henrique de Moraes Holschuh
556b8581a1 dnsmasq: fix dnssec+ntp chicken-and-egg workaround (FS#2574)
Fix the test for an enabled sysntp initscript in dnsmasq.init, and get
rid of "test -o" while at it.

Issue reproduced on openwrt-19.07 with the help of pool.ntp.br and an
RTC-less ath79 router.  dnssec-no-timecheck would be clearly missing
from /var/etc/dnsmasq.conf.* while the router was still a few days in
the past due to non-working DNSSEC + DNS-based NTP server config.

The fix was tested with the router in the "DNSSEC broken state": it
properly started dnsmasq in dnssec-no-timecheck mode, and eventually ntp
was able to resolve the server name to an IP address, and set the system
time.  DNSSEC was then enabled by SIGINT through the ntp hotplug hook,
as expected.

A missing system.ntp.enabled UCI node is required for the bug to show
up.  The reasons for why it would be missing in the first place were not
investigated.

Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-03-25 21:40:51 +01:00
Henrique de Moraes Holschuh
f81403c433 dnsmasq: init: get rid of test -a and test -o
Refer to shellcheck SC2166.  There are just too many caveats that are
shell-dependent on test -a and test -o to use them.

Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
2020-03-25 21:39:20 +01:00
Jo-Philipp Wich
dd166960f4 uclient: update mirror hash
Fixes: 98017228dd ("uclient: bump to latest Git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-25 19:34:34 +01:00
Jo-Philipp Wich
98017228dd uclient: bump to latest Git HEAD
af585db uclient-fetch: support specifying advertised TLS ciphers

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-25 19:32:18 +01:00
Jo-Philipp Wich
052aaa7c96 uhttpd: bump to latest Git HEAD
5e9c23c client: allow keep-alive for POST requests
5fc551d tls: support specifying accepted TLS ciphers

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-25 19:22:10 +01:00
Jo-Philipp Wich
cd23dc1d21 ustream-ssl: bump to latest Git HEAD
5e1bc34 ustream-openssl: clear error stack before SSL_read/SSL_write
f7f93ad add support for specifying usable ciphers

Also bump the ABI version since the layout of `struct ustream_ssl_ops`
changed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-25 19:16:19 +01:00
Kevin Darbyshire-Bryant
9b0290ffbd nftables: bump to 0.9.3
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-24 14:42:48 +00:00
Kevin Darbyshire-Bryant
a0027f8dbf libnftnl: drop unsupported configure option
--without-json-parsing is not a supported configure option.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-23 21:31:05 +00:00
Álvaro Fernández Rojas
31922c4560 bcm27xx-userland: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-03-23 09:06:49 +01:00
Álvaro Fernández Rojas
8c02e7fe9f bcm27xx-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-03-23 08:55:14 +01:00
Jordan Sokolic
27ffd5ee30 dnsmasq: add 'scriptarp' option
Add option 'scriptarp' to uci dnsmasq config to enable --script-arp functions.
The default setting is false, meaning any scripts in `/etc/hotplug.d/neigh` intended
to be triggered by `/usr/lib/dnsmasq/dhcp-script.sh` will fail to execute.

Also enable --script-arp if has_handlers returns true.

Signed-off-by: Jordan Sokolic <oofnik@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-03-22 22:17:37 +01:00
David Bauer
46d0ce19f1 iwinfo: update to latest Git HEAD
9f5a7c4 iwinfo: add missing HT modename for HT-None
06a03c9 Revert "iwinfo: add BSS load element to scan result"
9a4bae8 iwinfo: add device id for Qualcomm Atheros QCA9990
eba5a20 iwinfo: add device id for BCM43602
a6914dc iwinfo: add BSS load element to scan result
bb21698 iwinfo: add device id for Atheros AR9287
7483398 iwinfo: add device id for MediaTek MT7615E

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-03-22 02:08:02 +01:00
Rafał Miłecki
8c33debb52 samba36: log error if getting device info failed
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-03-21 22:35:45 +01:00
Rafał Miłecki
547f1ec25a busybox: enable truncate on bcm53xx target
It's needed for optimized sysupgrade. On host machine this change
increased busybox size by 4096 B.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-03-21 22:31:35 +01:00
Christian Lamparter
d107aaa910 kernel: backport and package drivetemp hwmon from v5.5
This patch backports the hwmon drivetemp sensor module from vanilla
linux 5.5 to be available on OpenWrt's 5.4 kernel.

Extract from The upstream commit by Guenter Roeck <linux@roeck-us.net>:
hwmon: Driver for disk and solid state drives with temperature sensors

"Reading the temperature of ATA drives has been supported for years
by userspace tools such as smarttools or hddtemp. The downside of
such tools is that they need to run with super-user privilege, that
the temperatures are not reported by standard tools such as 'sensors'
or 'libsensors', and that drive temperatures are not available for use
in the kernel's thermal subsystem.

This driver solves this problem by adding support for reading the
temperature of ATA drives from the kernel using the hwmon API and
by adding a temperature zone for each drive.

With this driver, the hard disk temperature can be read [...]
using sysfs:

$ grep . /sys/class/hwmon/hwmon9/{name,temp1_input}
/sys/class/hwmon/hwmon9/name:drivetemp
/sys/class/hwmon/hwmon9/temp1_input:23000

If the drive supports SCT transport and reports temperature limits,
those are reported as well.

drivetemp-scsi-0-0
Adapter: SCSI adapter
temp1:        +27.0<C2><B0>C (low  =  +0.0<C2><B0>C, high = +60.0<C2><B0>C)
                             (crit low = -41.0<C2><B0>C, crit = +85.0<C2><B0>C)
                             (lowest = +23.0<C2><B0>C, highest = +34.0<C2><B0>C)

The driver attempts to use SCT Command Transport to read the drive
temperature. If the SCT Command Transport feature set is not available,
or if it does not report the drive temperature, drive temperatures may
be readable through SMART attributes. Since SMART attributes are not well
defined, this method is only used as fallback mechanism."

This patch incorperates a patch made by Linus Walleij:
820-libata-Assign-OF-node-to-the-SCSI-device.patch
This patch is necessary in order to wire-up the drivetemp
sensor into the device tree's thermal-zones.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-03-21 17:48:34 +01:00
Eneas U de Queiroz
dcef8d6093 openssl: update to 1.1.1e
This version includes bug and security fixes, including medium-severity
CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-03-21 17:48:34 +01:00
Eneas U de Queiroz
d9d689589b openssl: add configuration example for afalg-sync
This adds commented configuration help for the alternate, afalg-sync
engine to /etc/ssl/openssl.cnf.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-03-21 17:48:34 +01:00
Paul Spooren
5a5df62d95 x86/grub2: move grub2 image creation to package
Let the grub2 package take care of creating installable grub2 images,
this will allow creating grub2 images without first calling x86 image
generation recipe. Also as side effect, since those images are now
shared, it'll reduce the number of calling grub-mkimage.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebase, adjusted commit title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-21 10:36:00 +00:00
Jason A. Donenfeld
2bd56595a6 wireguard: bump to 0.0.20200318
WireGuard had a brief professional security audit. The auditors didn't find
any vulnerabilities, but they did suggest one defense-in-depth suggestion to
protect against potential API misuse down the road, mentioned below. This
compat snapshot corresponds with the patches I just pushed to Dave for
5.6-rc7.

* curve25519-x86_64: avoid use of r12

This buys us 100 extra cycles, which isn't much, but it winds up being even
faster on PaX kernels, which use r12 as a RAP register.

* wireguard: queueing: account for skb->protocol==0

This is the defense-in-depth change. We deal with skb->protocol==0 just fine,
but the advice to deal explicitly with it seems like a good idea.

* receive: remove dead code from default packet type case

A default case of a particular switch statement should never be hit, so
instead of printing a pretty debug message there, we full-on WARN(), so that
we get bug reports.

* noise: error out precomputed DH during handshake rather than config

All peer keys will now be addable, even if they're low order. However, no
handshake messages will be produced successfully. This is a more consistent
behavior with other low order keys, where the handshake just won't complete if
they're being used anywhere.

* send: use normaler alignment formula from upstream

We're trying to keep a minimal delta with upstream for the compat backport.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-21 09:42:07 +01:00