Commit Graph

15810 Commits

Author SHA1 Message Date
Hauke Mehrtens
4590af2065 mac80211: Activate DRIVER_11W_SUPPORT for more capable drivers
ieee80211w support is only activated in hostapd when at least one
capable driver is build into the image. Many drivers which are capable
of ieee80211 (MFP) and have the MFP_CAPABLE set in the driver are still
missing the DRIVER_11W_SUPPORT dependency. Add this to more driver
capable of ieee80211w.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-03 16:44:47 +01:00
Daniel Golle
bc97257ffe ltq-vdsl-fw: update download URL
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-02 19:24:52 +01:00
Daniel Golle
e882d5bf31 iwinfo: update to latest git
b514490 iwinfo: add device id for MediaTek MT7603E
e9e1400 iwinfo: more Ralink and MediaTek WiSoC and PCIe chips
cb108c5 iwinfo: fix capitalization of vendor name

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-01 23:25:59 +01:00
Felix Fietkau
c6caa7a27a mac80211: add a fix to prevent unsafe queue wake calls during restart
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-01 14:56:04 +01:00
Felix Fietkau
82d306b595 mac80211: backport tx queue start/stop fix
Among other things, it fixes a race condition on calling ieee80211_restart_hw

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-01 13:14:29 +01:00
Yousong Zhou
0e8ddc953f libubox: bump to version 2019-02-27
Contains the following change

	eeef7b5 blobmsg_json: blobmsg_format_string: do not escape '/'

Resolves FS#2147

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-03-01 08:09:41 +00:00
Yousong Zhou
eb6f5a58b9 busybox: sync Config.in files
The change was made with the following commands

	cd package/utils/busybox/config
	../convert_menuconfig.pl ~/git-repo/openwrt/openwrt/build_dir/target-mips_24kc_musl/busybox-1.30.1

convert_defaults.pl has no changes other than overwriting defaults for
BUSYBOX_DEFAULT_FEATURE_IPV6

Resolves FS#2146

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-03-01 08:09:41 +00:00
Yousong Zhou
157072ea2b busybox: unindent busybox Config.in
This is to align with upstream change 72089cf ("config: deindent all
help texts") and to make the follow-up change syncing Config.in files
with current busybox version more reviewable

It was made with the following commands

	cd package/utils/busybox/config
	find . -name 'Config.in' | xargs sed -ir -e 's/^\t  \([^ ]\)/\t\1/'

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-03-01 08:09:41 +00:00
Daniel Golle
98f86e61ea mac80211: rt2x00: cleanup ePA, RXIQ and TX-LOFT code
consolidate patch 651-rt2x00-remove-unneccesary-code.patch.
fixup the most obvious whitespace problems in RXIQ and TX-LOFT code.
always backup registers bbpr1, bbpr4, bbpr241 and bbpr242 to avoid
compiler warning about them being potentially uninitialized.
no functional changes (intended)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-01 07:14:01 +01:00
Daniel Golle
7cf6e11721 mac80211: rt2x00: patch tracking cosmetics
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-01 04:09:00 +01:00
Daniel Golle
9a9c6f37d5 uboot-envtools: oxnas: sync with current oxnas/ox820 DTS
Use tested values on shuttle,kd20 and assumed values for
mitrastar,stg-212 and cloudengines,pogoplug*.
akitio users have yet to report back stock flash layout to support
vendor bootloader environment there as well.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-01 03:36:53 +01:00
Alexander Couzens
b2bf3745ff
package/ncurses: change AR options to fix reproducible builds
ar has a deterministic (-D) and non-deterministic (-U) mode.
OpenWrt is already using the deterministic mode by default,
but ncurses' configure script force this to be non-deterministic.
Since autoreconf fails to generate a new configure, the configure script
is directly modified.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-02-28 19:09:35 +01:00
David Bauer
95b0c07a61 ipq40xx: add support for FritzBox 7530
Hardware
--------
CPU:   Qualcomm IPQ4019
RAM:   256M
FLASH: 128M NAND
ETH:   QCA8075
VDSL:  Intel/Lantiq VRX518 PCIe attached
       currently not supported
DECT:  Dialog SC14448
       currently not supported
WiFi2: IPQ4019 2T2R 2SS b/g/n
WiFi5: IPQ4019 2T2R 2SS n/ac
LED:    - Power/DSL green
        - WLAN green
        - FON/DECT green
        - Connect/WPS green
        - Info green
        - Info red
BTN:    - WLAN
        - FON
        - WPS/Connect
UART:  115200n8 3.3V (located under the Dialog chip)
       VCC - RX - TX - GND (Square is VCC)

Installation
------------
1. Grab the uboot for the Device from the 'u-boot-fritz7530'
   subdirectory. Place it in the same directory as the 'eva_ramboot.py'
   script. It is located in the 'scripts/flashing' subdirectory of the
   OpenWRT tree.

2. Assign yourself the IP address 192.168.178.10/24. Connect your
   Computer to one of the boxes LAN ports.

3. Connect Power to the Box. As soon as the LAN port of your computer
   shows link, load the U-Boot to the box using following command.

   > ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz7530.bin

4. The U-Boot will now start. Now assign yourself the IP address
   192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
   server root directory and rename it to 'FRITZ7530.bin'.

5. The Box will now boot OpenWRT from RAM. This can take up to two
   minutes.

6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
   scp. SSH into the Box and first write the Bootloader to both previous
   kernel partitions.

   > mtd write /path/to/uboot-fritz7530.bin uboot0
   > mtd write /path/to/uboot-fritz7530.bin uboot1

7. Remove the AVM filesystem partitions to make room for our kernel +
   rootfs + overlayfs.

   > ubirmvol /dev/ubi0 --name=avm_filesys_0
   > ubirmvol /dev/ubi0 --name=avm_filesys_1

8. Flash OpenWRT peristently using sysupgrade.

   > sysupgrade -n /path/to/openwrt-sysupgrade.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
[removed pcie-dts range node, refreshed on top of AP120-AC/E2600AC]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-02-28 11:32:55 +01:00
David Bauer
93b02ad95e uboot-fritz4040: bump version to 2019-02-08
Adds support for the AVM FRITZ!Box 7530.

Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [PKG_RELEASE]
2019-02-28 11:32:55 +01:00
张鹏
bbab33724d ipq40xx: add support for Qxwlan E2600AC C1 and C2
Qxwlan E2600AC C1 based on IPQ4019

Specifications:
SOC:	Qualcomm IPQ4019
DRAM:	256 MiB
FLASH:	32 MiB Winbond W25Q256
ETH:	Qualcomm QCA8075
WLAN:	5G + 5G/2.4G
	* 2T2R 2.4/5 GHz
	 - QCA4019 hw1.0 (SoC)
	* 2T2R 5 GHz
	 - QCA4019 hw1.0 (SoC)
INPUT:  Reset buutton
LED:	1x Power ,6 driven by gpio
SERIAL: UART (J5)
UUSB:	USB3.0
POWER:	1x DC jack for main power input (9-24 V)
SLOT:	Pcie (J25), sim card (J11), SD card (J51)

Flash instruction (using U-Boot CLI and tftp server):

 - Configure PC with static IP 192.168.1.10 and tftp server.
 - Rename "sysupgrade" filename to "firmware.bin" and place it in tftp
   server directory.
 - Connect PC with one of RJ45 ports, power up the board and press
   "enter" key to access U-Boot CLI.
 - Use the following command to update the device to OpenWrt: "run lfw".

Flash instruction (using U-Boot web-based recovery):

 - Configure PC with static IP 192.168.1.xxx(2-254)/24.
 - Connect PC with one of RJ45 ports, press the reset button, power up
   the board and keep button pressed for around 6-7 seconds, until LEDs
   start flashing.
 - Open your browser and enter 192.168.1.1, select "sysupgrade" image
   and click the upgrade button.

Qxwlan E2600AC C2 based on IPQ4019

Specifications:
SOC:	Qualcomm IPQ4019
DRAM:	256 MiB
NOR:	16 MiB Winbond W25Q128
NAND:	128MiB Micron MT29F1G08ABAEAWP
ETH:	Qualcomm QCA8075
WLAN:	5G + 5G/2.4G
	* 2T2R 2.4/5 GHz
	 - QCA4019 hw1.0 (SoC)
	* 2T2R 5 GHz
	 - QCA4019 hw1.0 (SoC)
INPUT:  Reset buutton
LED:	1x Power, 6 driven by gpio
SERIAL: UART (J5)
USB:	USB3.0
POWER:	1x DC jack for main power input (9-24 V)
SLOT:	Pcie (J25), sim card (J11), SD card (J51)

Flash instruction (using U-Boot CLI and tftp server):

 - Configure PC with static IP 192.168.1.10 and tftp server.
 - Rename "ubi" filename to "ubi-firmware.bin" and place it in tftp
   server directory.
 - Connect PC with one of RJ45 ports, power up the board and press
   "enter" key to access U-Boot CLI.
 - Use the following command to update the device to OpenWrt: "run lfw".

Flash instruction (using U-Boot web-based recovery):

 - Configure PC with static IP 192.168.1.xxx(2-254)/24.
 - Connect PC with one of RJ45 ports, press the reset button, power up
   the board and keep button pressed for around 6-7 seconds, until LEDs
   start flashing.
 - Open your browser and enter 192.168.1.1, select "ubi" image
   and click the upgrade button.

Signed-off-by: 张鹏 <sd20@qxwlan.com>
[ added rng node. whitespace fixes, ported 02_network,
ipq-wifi Makefile, misc dts fixes, trivial message changes ]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-02-28 11:26:11 +01:00
Jason A. Donenfeld
2e9b92da1f wireguard: bump to 0.0.20190227
* wg-quick: freebsd: allow loopback to work

FreeBSD adds a route for point-to-point destination addresses. We don't
really want to specify any destination address, but unfortunately we
have to. Before we tried to cheat by giving our own address as the
destination, but this had the unfortunate effect of preventing
loopback from working on our local ip address. We work around this with
yet another kludge: we set the destination address to 127.0.0.1. Since
127.0.0.1 is already assigned to an interface, this has the same effect
of not specifying a destination address, and therefore we accomplish the
intended behavior. Note that the bad behavior is still present in Darwin,
where such workaround does not exist.

* tools: remove unused check phony declaration
* highlighter: when subtracting char, cast to unsigned
* chacha20: name enums
* tools: fight compiler slightly harder
* tools: c_acc doesn't need to be initialized
* queueing: more reasonable allocator function convention

Usual nits.

* systemd: wg-quick should depend on nss-lookup.target

Since wg-quick(8) calls wg(8) which does hostname lookups, we should
probably only run this after we're allowed to look up hostnames.

* compat: backport ALIGN_DOWN
* noise: whiten the nanoseconds portion of the timestamp

This mitigates unrelated sidechannel attacks that think they can turn
WireGuard into a useful time oracle.

* hashtables: decouple hashtable allocations from the main device allocation

The hashtable allocations are quite large, and cause the device allocation in
the net framework to stall sometimes while it tries to find a contiguous
region that can fit the device struct. To fix the allocation stalls, decouple
the hashtable allocations from the device allocation and allocate the
hashtables with kvmalloc's implicit __GFP_NORETRY so that the allocations fall
back to vmalloc with little resistance.

* chacha20poly1305: permit unaligned strides on certain platforms

The map allocations required to fix this are mostly slower than unaligned
paths.

* noise: store clamped key instead of raw key

This causes `wg show` to now show the right thing. Useful for doing
comparisons.

* compat: ipv6_stub is sometimes null

On ancient kernels, ipv6_stub is sometimes null in cases where IPv6 has
been disabled with a command line flag or other failures.

* Makefile: don't duplicate code in install and modules-install
* Makefile: make the depmod path configurable

* queueing: net-next has changed signature of skb_probe_transport_header

A 5.1 change. This could change again, but for now it allows us to keep this
snapshot aligned with our upstream submissions.

* netlink: don't remove allowed ips for new peers
* peer: only synchronize_rcu_bh and traverse trie once when removing all peers
* allowedips: maintain per-peer list of allowedips

This is a rather big and important change that makes it much much faster to do
operations involving thousands of peers. Batch peer/allowedip addition and
clearing is several orders of magnitude faster now.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-28 08:50:19 +01:00
Eneas U de Queiroz
9e8cbecb7f openssl: bump to release 1.1.1b
This is bugfix release that incorporated all of the devcrypto engine
patches currently in the tree.

The cleaning procedure in Package/Configure was not removing the
dependency files, causing linking errors during a rebuild with
different options.  It was replaced by a simple make clean.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-27 22:43:30 +01:00
Hans Dedecker
c8153722a2 odhcpd: update to latest git HEAD
16c5b6c ubus: always trigger an update if interface is not found

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-27 12:12:48 +01:00
David Santamaría Rogado
e9b2a1e382 omcproxy: define configuration file
omcproxy's configuration is lost on every update or installation.
Avoid it by defining the configuration file.

Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com>
2019-02-27 10:26:14 +01:00
Mantas Pucka
abf445f189 Revert "iw: compile with LTO enabled"
After update to 5.0.1 iw-full package failed to display command list on
ipq40xx arch. Root cause was found to be LTO reordering causing
incorrect detection of command struct size in:

iw.c:552
	cmd_size = labs((long)&__section_set - (long)&__section_get);

This reverts commit ef16a394d2.

Signed-off-by: Mantas Pucka <mantas@8devices.com>
2019-02-26 23:20:04 +01:00
Hauke Mehrtens
b55fbb6b2d strace: update to version 2.26
The new patch is a backport from current strace master.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-26 23:20:04 +01:00
Daniel Engberg
38867b7eba popt: Use modern toolchain logic
Replace define Build/Configure with CONFIGURE_ARGS

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-02-26 23:20:04 +01:00
Matt Merhar
0d1d5880c0 elfutils: fix install .so glob
Only libelf was being packaged correctly - libdw and libasm included
just the symlinks.

Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
2019-02-26 23:20:04 +01:00
Aleksander Jan Bajkowski
00d89b4a89 sunxi: add support for Orange Pi One
CPU: H3 Quad-core Cortex-A7 H.265/HEVC 4K @ 1.2 Ghz
GPU: Mali400MP2 GPU @ 600MHz (supports OpenGL ES 2.0)
Memory: 512MB DDR3 (shared with GPU)
Onboard: Storage TF card (Max. 64GB) / MMC card slot
Onboard header: SPI, I2C, GPIO, UART
USB 2.0: One USB 2.0 HOST, One USB 2.0 OTG

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
2019-02-26 23:20:04 +01:00
Sven Eckelmann
ba249bc955 ath10k-ct: fix incorrect multicast/broadcast rate setting
If no mcast_rate is set for the wifi-iface then there is no rate_idx (0)
set for the bss. This can break for example 5GHz meshpoint interfaces
because 0 maps to a CCK rate (11Mbit/s).

It must also be avoided that the ath10k-ct internal state for the rates is
not synced with the mac80211 rates state. Otherwise, the user specified
rate (e.g. a wifi-iface mcast_rate for a meshpoint interface) will only be
set on startup. And a short while after that, ath10k-ct specific code in
ath10k_check_apply_special_rates is missing a valid rate in its own
structures and is then recalculating a new default rate. This default rate
is in most situations not the requested rate.

Fixes: 4df3c71cd4 ("ath10k-ct: Update to 2018-12-11 and use version based on 4.19")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-02-26 23:20:04 +01:00
Sven Eckelmann
4beed12d85 mac80211: ath10k: fix incorrect multicast/broadcast rate setting
If no mcast_rate is set for the wifi-iface then there is no rate_idx (0)
set for the bss. This breaks for example 5GHz meshpoint interfaces because
0 maps to a CCK rate (11Mbit/s).

Fixes: db90c243a0 ("mac80211: update to version based on 4.19-rc4")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-02-26 23:20:04 +01:00
Hauke Mehrtens
b1c614784d mac80211: Add WDS / 4addr fix for ath10k supported devices
This should fix the WDS / 4addr mode with ath10k and probably other
devices.
This patch was found here: https://patchwork.kernel.org/patch/10692383/

Fixes: d9eefa7a70 ("mac80211: rebase ontop of v4.18.5")
Reported-by: Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-26 23:20:04 +01:00
Stanislaw Gruszka
426ffc563a mac80211: rt2x00: fix crash on release_firmware
Fix crash due to passing invalid r2x00dev->eeprom_file pointer to
release_firmware(). Since we copy eeprom data with EEPROM_SIZE
in rt2800_read_eeprom() we can use eeprom_file->size as marker
if the file was crated by request_firmware().

Acked-by: Kristian Evensen <kristian.evensen@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
2019-02-26 22:57:32 +01:00
Felix Fietkau
0f89c17b57 mt76: update to the latest version
28d81ff mt76x0: eeprom: fix VHT mcs{8,9} rate power offset
6e33ce6 mt76: move mt76_mcu_msg_alloc in mt76-core
4637f95 mt76: move mt76_mcu_get_response in mt76-core
1763cb0 mt76: move mt76_mcu_rx_event in mt76-core
4db9d75 mt76x0: mcu: remove useless commented configuration
91d0455 mt76: move mt76_dma_tx_queue_skb_raw in mt76-core module
0e8e53f mt76: remove add_buf pointer in mt76_queue_ops
db47920 mt7603: rely on mt76_mcu_msg_alloc routine
471c447 mt7603: rely on mt76_mcu_get_response routine
cacc986 mt7603: rely on mt76_mcu_rx_event routine
11ab620 mt7603: rely on mt76_tx_queue_skb_raw common routine
82fa312 mt7603: move alloc_dev common code in mt76_alloc_device
47d5922 mt76: move alloc_device common code in mt76_alloc_device
c50c993 mt76x2u: remove mt76x2u_alloc_device routine
6ed5b7a mt76x0: remove mt76x0u_alloc_device routine
e32e249 mt76x2: remove mt76x2_alloc_device routine
6aacd1e mt76: change the return type of mt76_dma_attach()
a10e9e5 mt76x02u: use usb_bulk_msg to upload firmware
a774ff6 mt76: usb: fix possible NULL pointer dereference in mt76u_mcu_deinit
c2877bc mt76: usb: fix possible memory leak in mt76u_buf_free
a5cfe96 mt76: usb: do not run mt76u_queues_deinit twice
1e4db14 mt76: usb: move mt76u_check_sg in usb.c
302406b mt76: usb: do not use sg buffers for mcu messages
8ab5267 mt76: usb: use a linear buffer for tx/rx datapath if sg is not supported
a0a3505 mt76: usb: introduce disable_usb_sg parameter
0cee180 mt76: usb: use dev_err_ratelimited instead of dev_err in mt76u_complete_rx
1bb97c4 mt76x02u: remove bogus check and comment padding
2cbc2d4 mt76: Use the correct hweight8() function
f18e03a mt76x0u: fix suspend/resume
6231336 mt76: mt76x02: fix TSF sync mode
783da04 mt76: mt76x02: fix beacon timer drift adjustment
43d2507 mt76: mt76x02: fix beacon timer issue
59a6587 mt76: mt76x02: only reset beacon drift counter when enabling beacons
8c8eb98 mt76: mt76x02: issue watchdog reset on MCU request timeout
52161d2 mt76: mt76x02: fix ED/CCA enabling/disabling
5e7ecce mt76: mt76x2: unify mt76x2[u]_mac_resume
18af219 mt76: mt76x02: set MT_TXOP_HLDR_TX40M_BLK_EN for mt76x2
e5747b2 mt76usb: allow mt76u_bulk_msg be used for reads
2437a9a mt76usb: use synchronous msg for mcu command responses
e4250c9 mt76usb: remove usb_mcu.c
8b1110e mt76: usb: fix warning in mt76u_buf_free
89215f6 mt76: usb: introduce mt76u_fill_bulk_urb routine
523e374 mt76: usb: simplify rx buffer allocation
ffe1292 mt76: usb: simplify mt76u_tx_build_sg routine
e2a9d40 mt7603: fix ba window size selection
b040ef7 mt76: remove no longer used routine declarations
645ef43 mt76: usb: check urb->num_sgs limit in mt76u_process_rx_entry
fd315bd mt7603: disable dynamic sensitivity adjustment by default

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-26 18:01:09 +01:00
Piotr Dymacz
9bf63d0339 uboot-envtools: add support for ALFA Network AP120C-AC
While at it, fix alphabetical order.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-02-26 00:16:22 +01:00
Piotr Dymacz
d3f82d3b84 ipq-wifi: add board-2.bin for ALFA Network AP120C-AC
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-02-26 00:16:22 +01:00
Hans Dedecker
0b4b1027c6 odhcpd: update to latest git HEAD (FS#2142)
9e9389c dhcpv4: fix adding assignment in list (FS#2142)
e69265b dhcpv4: fix static lease lookup
afbd7dd dhcp: rework assignment free logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-25 12:07:52 +01:00
Stijn Tintel
02cd7f8b7a kernel: fix kmod-input-touchscreen-ads7846 deps
On targets that don't have input support enabled in the kernel config,
building kmod-input-touchscreen-ads7846 fails due to a missing
dependency on kmod-input-core. Add the dependency to fix this.

Fixes: 77a54bbf13 ("kernel: add kmod-input-touchscreen-ads7846")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-02-25 01:07:20 +02:00
Alexander Couzens
b7f2adbdd3
package/dnsmasq: add max_ttl/min_cache_ttl/max_cache_ttl
max_ttl - limit the ttl in the dns answer if greater as $max_ttl
min_cache_ttl - force caching of dns answers even the ttl in the answer
		is lower than the $min_cache_ttl
max_cache_ttl - cache only dns answer for $max_cache_ttl.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-02-24 01:48:25 +01:00
Stijn Tintel
77a54bbf13 kernel: add kmod-input-touchscreen-ads7846
This module adds support for ADS7846 based touchscreens used in devices
like the WaveShare 3.5" and 4" LCD displays designed for Raspberry Pi.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-02-24 01:17:01 +02:00
Stijn Tintel
c22cde2ea1 kernel: add kmod-fb-tft-ili9486
This module adds support for the ILI9486 LCD controller used in devices
like the Waveshare 3.5" and 4" LCD displays designed for Raspberry Pi.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-02-24 01:15:22 +02:00
Stijn Tintel
9f4a7de48a kernel: add kmod-fb-tft
This module adds support for small TFT LCD display modules. While this
module also exists in the 4.9 kernel, we are not going to support this
kernel in the next major release, so don't make it available for 4.9.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-02-24 01:15:22 +02:00
Stijn Tintel
4b3d17b709 kernel: add kmod-fb-sys-ram
The kernel modules that provide support for framebuffers in system RAM
are currently included in the kmod-drm-imx package. Move them to a
separate package, so that other modules can depend on them.

Increase the autoload order of the drm-imx* packages to load the modules
after loading the fb modules they depend on.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-02-24 01:15:05 +02:00
Stijn Tintel
e03deb8cae kernel: add kmod-iio-ccs811
This module supports the AMS CCS811 VOC sensor.
Tested on Raspberry Pi Zero W and ODROID C2.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-02-23 17:22:53 +02:00
Yousong Zhou
c17a68cc61 dnsmasq: prefer localuse over resolvfile guesswork
This makes it clear that localuse when explicitly specified in the
config will have its final say on whether or not the initscript should
touch /etc/resolv.conf, no matter whatever the result of previous
guesswork would be

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-02-23 01:58:20 +00:00
Rafał Miłecki
2d139450a3 mac80211: backport more brcmfmac changes queued for the 5.1
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-02-20 23:06:16 +01:00
Oever González
81adb132da ipq-wifi: update ipq-wifi for Linksys EA6350v3
This commit updates the file "board-linksys_ea6359v3".

Without this commit, the Linksys EA6350v3 will experience poor wireless
performance in both bands. With this patch, wireless performace will be
comparable to the performance of the stock firmware.

Signed-off-by: Oever González <notengobattery@gmail.com>
2019-02-20 18:51:31 +01:00
Christian Lamparter
d38789b559 firmware: ipq-wifi: mark packages as nonshared
The board-files are specific to the target and device. Hence
they need to be set as nonshared. Otherwise they do not show
up on the package repository. This causes problems for
imagebuilder, if it needs to build a image for a specific
device that hasn't had the time to have get its boardfile
upstream.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-02-20 18:51:31 +01:00
Daniel Golle
0b373bf4d6 uqmi: fix PIN_STATUS_FAILED error with MC7455 WCDMA/LTE modem
Apparently this modem replies differently to attempted --get-pin-status
which makes the script fail if a pincode is set. Fix this.

Manufacturer: Sierra Wireless, Incorporated
Model: MC7455
Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-02-20 15:16:24 +01:00
Arnout Vandecappelle (Essensium/Mind)
2e0f41e73a hostapd: add Multi-AP patches and config options
Cherry-pick Multi-AP commits from uptream:
 9c06f0f6a hostapd: Add Multi-AP protocol support
 5abc7823b wpa_supplicant: Add Multi-AP backhaul STA support
 a1debd338 tests: Refactor test_multi_ap
 bfcdac1c8 Multi-AP: Don't reject backhaul STA on fronthaul BSS
 cb3c156e7 tests: Update multi_ap_fronthaul_on_ap to match implementation
 56a2d788f WPS: Add multi_ap_subelem to wps_build_wfa_ext()
 83ebf5586 wpa_supplicant: Support Multi-AP backhaul STA onboarding with WPS
 66819b07b hostapd: Support Multi-AP backhaul STA onboarding with WPS
 8682f384c hostapd: Add README-MULTI-AP
 b1daf498a tests: Multi-AP WPS provisioning

Add support for Multi-AP to the UCI configuration. Every wifi-iface gets
an option 'multi_ap'. For APs, its value can be 0 (multi-AP support
disabled), 1 (backhaul AP), 2 (fronthaul AP), or 3 (fronthaul + backhaul
AP). For STAs, it can be 0 (not a backhaul STA) or 1 (backhaul STA, can
only associate with backhaul AP).

Also add new optional parameter to wps_start ubus call of
wpa_supplicant to indicate that a Multi-AP backhaul link is required.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-20 13:17:11 +01:00
Daniel Golle
8554982e1f mac80211: rt2x00: replace pending by merged patches
Those have by now been merged into wireless-drivers-next:
 17ae2acd1a6f rt2x00: remove unneeded check
 5991a2ecd070 rt2x00: remove confusing AGC register
 9ad3b5565445 rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band
 7aca14885ede rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620
 c7ff1bfeaf1c rt2800: comment and simplify AGC init for RT6352

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-02-20 13:17:11 +01:00
Hauke Mehrtens
7878215a56 x86: Make kmod-drm-radeon and kmod-drm-amdgpu depend on x86
Currently these kernel packages only work on x86, restrict them to that
target.

Fixes: 2f239c02a0 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918ee9b ("x86: video: add radeon DRM module support")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-20 00:02:50 +01:00
Hans Dedecker
1bdd3b5f7d Revert "iproute2: use tc package variant to limit other package sizes"
This reverts commit e6d84fa886 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-19 15:22:28 +01:00
Hans Dedecker
de14f4301e Revert "iproute2: simplify linking libelf for eBFP/XDP object file support"
This reverts commit 26681fa6a6 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-19 15:22:28 +01:00
Hans Dedecker
566bfa417e Revert "iproute2: tc: enable and fix support for using .so plugins"
This reverts commit fc80ef3613 as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and
rdma for the ip-full variant

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-19 15:22:28 +01:00
Hans Dedecker
96060b3018 Revert "iproute2: tc: reduce size of dynamic symbol table"
This reverts commit 248797834b as it breaks the
installation of the iproute2 utilities ip-bridge, ss, nstat, devlink and rdma
for the ip-full variant

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-19 15:22:28 +01:00
Yousong Zhou
ec2a2a2aea dnsmasq: allow using dnsmasq as the sole resolver
Currently it seems impossible to configure /etc/config/dhcp to achieve
the following use case

 - run dnsmasq with no-resolv
 - re-generate /etc/resolv.conf with "nameserver 127.0.0.1"

Before this change, we have to set resolvfile to /tmp/resolv.conf.auto
to achive the 2nd effect above, but setting resolvfile requires noresolv
being false.

A new boolean option "localuse" is added to indicate that we intend to
use dnsmasq as the local dns resolver.  It's false by default and to
align with old behaviour it will be true automatically if resolvfile is
set to /tmp/resolv.conf.auto

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-19 13:06:06 +00:00
Daniel Golle
d4c999bb89 mac80211: rt2x00: backport accepted and pending patches from upstream
backport from wireless-drivers-next, replacing some existing patches in
our tree (marked with '=' are those which were already present):
 f483039cf51a rt2x00: use simple_read_from_buffer()
=5c656c71b1bf rt2800: move usb specific txdone/txstatus routines to rt2800lib
=0b0d556e0ebb rt2800mmio: use txdone/txstatus routines from lib
=5022efb50f62 rt2x00: do not check for txstatus timeout every time on tasklet
=adf26a356f13 rt2x00: use different txstatus timeouts when flushing
=0240564430c0 rt2800: flush and txstatus rework for rt2800mmio
 6eba8fd22352 rt2x00: rt2400pci: mark expected switch fall-through
 10bb92217747 rt2x00: rt2500pci: mark expected switch fall-through
 916e6bbcfcff rt2x00: rt2800lib: mark expected switch fall-throughs
 641dd8068ecb rt2x00: rt61pci: mark expected switch fall-through
 750afb08ca71 cross-tree: phase out dma_zalloc_coherent()
=c2e28ef7711f rt2x00: reduce tx power to nominal level on RT6352
 a4296994eb80 rt2x00: Work around a firmware bug with shared keys
 2587791d5758 rt2x00: no need to check return value of debugfs_create functions

pending on linux-wireless:
 rt2x00: remove unneeded check
 rt2x00: remove confusing AGC register
 rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band
 rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620
 rt2800: comment and simplify AGC init for RT6352
 rt2x00: do not print error when queue is full
 rt2800: partially restore old mmio txstatus behaviour
 rt2800: new flush implementation for SoC devices
 rt2800: move txstatus pending routine
 rt2800mmio: fetch tx status changes
 rt2800mmio: use timer and work for handling tx statuses timeouts
 rt2x00: remove last_nostatus_check
 rt2x00: remove not used entry field
 rt2x00mmio: remove legacy comment

While at it also rename some existing patches now that there are
separate folders with patches for each driver to make things a bit
nicer to handle.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-02-19 09:05:34 +01:00
Hans Dedecker
331963717b odhcpd: update to latest git HEAD
1f01299 config: fix build failure in case DHCPv4 support is disabled
67b3a14 dhcpv4: fix assignment of requested IP address
ca8ba91 dhcp: rework static lease logic
36833ea dhcpv6: rapid commit support
1ae316e dhcpv6: fix parsing of DHCPv6 relay messages
80157e1 dhcpv4: fix compile issue
671ccaa dhcpv6-ia: move function definitions to odhcpd.h
0db69b0 dhcpv6: improve code readibility
7847b27 treewide: unify dhcpv6 and dhcpv4 assignments
a54cee0 netlink: rework handling of netlink messages
9f25dd8 treewide: use avl tree to store interfaces
f21a0a7 treewide: align syslog tracing
edc5fb0 dhcpv6-ia: add full CONFIRM support
9d6eadf dhcpv6-ia: rework append_reply()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-18 16:11:32 +01:00
Rosy Song
93b984b78a samba36: allow build with no ipv6 support
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2019-02-17 19:22:39 +01:00
Paul Wassi
dc08514e6d uboot-kirkwood: update to 2019.01
Update U-Boot to current 2019.01 release for kirkwood platform

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2019-02-17 19:22:39 +01:00
Oldřich Jedlička
66e875a070 kernel: Added required dependencies for socket match.
This applies to kernel 4.10 and newer.

See 8db4c5be88

The above commit added to kernel 4.10 added new dependency
for building the NETFILTER_XT_MATCH_SOCKET (xt_socket.ko)
module. The NF_SOCKET_IPVx options (both of them) need to
be enabled in order to build the NETFILTER_XT_MATCH_SOCKET
module. Without the change the module is not built.

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
2019-02-17 19:22:39 +01:00
Lucian Cristian
2f239c02a0 x86: video: add amdgpu DRM kernel package
build amdgpu kernel as modules so it will find the firmware files

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-02-17 19:22:39 +01:00
Lucian Cristian
2f6918ee9b x86: video: add radeon DRM module support
add radeon module support so firmware can be loaded from userland

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-02-17 19:22:39 +01:00
Lucian Cristian
b06418016d linux-firmware: DRM: add amdgpu firmware
add firmware needed for amdgpu DRM display

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-02-17 19:22:39 +01:00
Lucian Cristian
22fdaa06b7 linux-firmware: DRM: add radeon firmware
add firmware needed for radeon DRM display

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-02-17 19:22:39 +01:00
Hauke Mehrtens
ce8226a971 strace: Only allow libdw or libunwind
These two dependencies are mutual exclusive and it is only possible to
select one of them, change the select to a chose so it is only possible
to select one of them in OpenWrt menu config.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-17 19:22:39 +01:00
Peter Wagner
b494734367 strace: fix configuration options
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2019-02-17 19:22:39 +01:00
Peter Wagner
0297610554 elfutils: fix DEPENDS for libelf
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2019-02-17 19:22:39 +01:00
Pawel Dembicki
d5f615bf2a sunxi: add support for Sinovoip Banana Pi M2 Plus
CPU: H3 Quad-core Cortex-A7 H.265/HEVC 4K @ 1.2 Ghz
GPU: Mali400MP2 GPU @ 600MHz (supports OpenGL ES 2.0)
Memory: 1GB DDR3 (shared with GPU)
Onboard: Storage TF card (Max. 64GB) / MMC card slot
Onboard: Network 10/100M Ethernet RJ45 (Realtek RTL8211E)
Onboard: Network BT4.0/WiFi 802.11 b/g/n (Ampak AP6212)
Onboard header: SPI, I2C, GPIO, UART
USB 2.0: Two USB 2.0 HOST, One USB 2.0 OTG

Untested:
Audio, Video

Not working:
Bluetooth

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2019-02-17 19:22:39 +01:00
Pawel Dembicki
1559682757 linux-firmware: broadcom: package 43430a0 FullMAC firmware
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2019-02-17 19:22:39 +01:00
Eneas U de Queiroz
ddee1825de openssl: patch to fix devcrypto sessions leak
Applies a patch from https://github.com/openssl/openssl/pull/8213
that fixes an error where open /dev/crypto sessions were not closed.
Thanks to Ansuel Smith for reporting it.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-17 19:22:35 +01:00
Tomasz Maciej Nowak
bb0e4f9fb0 build: remove leftovers from previous x86 commits
VBoxManage is not used and the image is created with proper permisions:
0f5d0f6  image: use internal qemu-img for vmdk and vdi images drop host
         dependencies on qemu-utils and VirtualBox

Unreachable config symbols:
9e0759e  x86: merge all geode based subtargets into one

No need to define those symbols since x86_64 is subtarget of x86:
196fb76  x86: make x86_64 a subtarget instead of a standalone target

Unreachable config symbols, so remove GRUB_ROOT:
371b382  x86: remove the xen_domu subtarget

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-02-17 18:22:40 +01:00
Rosen Penev
cd519abdbc mdadm: Update to 4.1
Tested on GnuBee PC1.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-02-17 17:33:18 +01:00
Deng Qingfang
f5db5742e4 iw: update to 5.0.1
Refresh patches

MIPS IPK size increases:
iw-tiny: +3k
iw-full: +10k

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
[Remove sha256, nan, bloom, measurements and ftm from tiny version]
[sync nl80211 between backports and iw]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-17 17:33:18 +01:00
Hauke Mehrtens
d48a8ed40d mac80211: update to version 4.19.23-1
This updates mac80211 to backports version 4.19.23-1 which includes all
the stable fixes from kernel 4.19.23.
The removed patches are included in this version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-17 17:33:18 +01:00
Jonas Gorski
c8a30172f8 dnsmasq: ensure test and rc order as older than final releases
Opkg treats text after a version number as higher than without:

 ~# opkg compare-versions "2.80rc1" "<<" "2.80"; echo $?
 1
 ~# opkg compare-versions "2.80rc1" ">>" "2.80"; echo $?
 0

This causes opkg not offering final release as upgradable version, and
even refusing to update, since it thinks the installed version is
higher.

This can be mitigated by adding ~ between the version and the text, as ~
will order as less than everything except itself. Since 'r' < 't', to
make sure that test will be treated as lower than rc we add a second ~
before the test tag. That way, the ordering becomes

  2.80~~test < 2.80~rc < 2.80

which then makes opkg properly treat prerelease versions as lower.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2019-02-17 16:55:24 +01:00
Felix Fietkau
5b6997dcb3 hostapd: update the fix for a race condition in mesh new peer handling
Prevent the mesh authentication state machine from getting reset on bogus
new peer discovery

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-17 16:06:44 +01:00
Felix Fietkau
f948aa4d4f hostapd: enable CONFIG_DEBUG_SYSLOG for wpa_supplicant
It was already enabled for wpad builds and since commit 6a15077e2d
the script relies on it. Size impact is minimal (2 kb on MIPS .ipk).

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-17 13:05:14 +01:00
Alin Nastac
5241f9005c ipset: add support for hash(ip,mac)
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-17 12:00:02 +01:00
Hannu Nyman
94993a79f8 busybox: update to 1.30.1
Minor bugfix release. Fixes for
 * bc/dc
 * sed (backslash parsing for 'w' command)
 * ip (vlan fixes)
 * grep (fixes for -x -v)
 * ls (-i compat)

No need to refresh patches or config defaults

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2019-02-14 21:43:07 +01:00
Marius Genheimer
9ad3967f14 ipq40xx: add support for ASUS Lyra
SoC:   Qualcomm IPQ4019 (Dakota) 717 MHz, 4 cores
RAM:   256 MiB (Nanya NT5CC128M16IP-DI)
FLASH: 128 MiB (Macronix NAND)
WiFi0: Qualcomm IPQ4019 b/g/n 2x2
WiFi1: Qualcomm IPQ4019 a/n/ac 2x2
WiFi2: Qualcomm Atheros QCA9886 a/n/ac
BT:    Atheros AR3012
IN:    WPS Button, Reset Button
OUT:   RGB-LED via TI LP5523 9-channel Controller
UART:  Front of Device - 115200 N-8
       Pinout 3.3v - RX - TX - GND (Square is VCC)

Installation:
1. Transfer OpenWRT-initramfs image to the device via SSH to /tmp.
Login credentials are identical to the Web UI.

2. Login to the device via SSH.

3. Flash the initramfs image using

> mtd-write -d linux -i openwrt-image-file

4. Power-cycle the device and wait for OpenWRT to boot.

5. From there flash the OpenWRT-sysupgrade image.

Ethernet-Ports: Although labeled identically, the port next to
the power socket is the LAN port and the other one is WAN. This
is the same behavior as in the stock firmware.

Signed-off-by: Marius Genheimer <mail@f0wl.cc>
[Dropped setup_mac 02_network in favour of 05_set_iface_mac_ipq40xx.sh,
reorderd 02_network entries, added board.bin WA for the QCA9886 from ath79,
minor dts touchup, added rng to 4.19 dts]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-02-14 16:56:15 +01:00
Hans Dedecker
880f8e6d32 dnsmasq: add rapid commit config option
Add config option rapidcommit to enable support for DHCPv4 rapid
commit (RFC4039)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-13 10:37:36 +01:00
Eneas U de Queiroz
29b69e840a openssl: add package for openssl.cnf, misc changes
- Add the /etc/ssl/openssl.cnf as a separate package, to avoid breaking
  the transitional mechanism, allowing libopenssl_1.0* and
  libopenssl_1.1* to coexist.

- Remove the (selecting) dependency on @KERNEL_AIO

- Use global SOURCE_DATE_EPOCH

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 22:24:09 +01:00
Eneas U de Queiroz
2eeb2853ed openssl: optimizations based on ARCH/small flash
Add a patch to enable the option to change the default ciphersuite list
ordering to prefer ChaCha20 over AES-GCM.  This is used by default for
all platforms, except for x86_64 and aarch64. The assumption is that
only the latter have AES-specific CPU instructions and asm code that
uses them in openssl.  Chacha20Poly1305 is 3x faster than AES-256 in
systems without AES instructions, with an equivalent strength.

Disable error messages by default except for devices with small flash or
RAM, to aid debugging.

Disable ASM by default on arm platform with small flash.  Size
difference on mips and powerpc, the other platforms with small flash
devices, are not really relevant (using 100K as a threshold).  All of
the affected platforms are source-only anyway.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 22:24:09 +01:00
Eneas U de Queiroz
d872d00b2f openssl: update to version 1.1.1a
This version adds the following functionality:
  * TLS 1.3
  * AFALG engine support for hardware accelleration
  * x25519 ECC curve support
  * CRIME protection: disable use of compression by default
  * Support for ChaCha20 and Poly1305

Patches fixing bugs in the /dev/crypto engine were applied, from
https://github.com/openssl/openssl/pull/7585

This increses the size of the ipk binray on MIPS32 by about 32%:
old:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

new:
912.493 bin/packages/mips_24kc/base/libopenssl1.1_1.1.1a-2_mips_24kc.ipk
239.316 bin/packages/mips_24kc/base/openssl-util_1.1.1a-2_mips_24kc.ipk

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 22:23:26 +01:00
Eneas U de Queiroz
be3892284c openssl: add configuration options, disable ssl3
Adds the following configuration options:
* using optimized assembler code (was always on before)
* use of x86 SSE2 instructions
* dyanic engine support
* include error messages
* Camellia, Gost, Idea, MDC2, Seed & Whirlpool algorithms
* RFC3779, CMS protocols
* VIA padlock hardware acceleration engine

Installs openssl.cnf with the library as it is used by engines
independent of the openssl util.

Fixes DTLS option that was innefective before.

Disables insecure SSL3 protocol and SHA0.

Adds openwrt-specific targets to Configure script, including asm support
for i386, ppc and mips64.

Strips building dirs from CFLAGS shown in binary.

Skips the fuzz directory during build.

Removed include/crypto/devcrypto.h that was included here, to use the
cryptodev-linux package, now that it was been moved from the packages
feed to the main openwrt repository.

This decreses the size of the ipk binray on MIPS32 by about 3.3%:
old:
706.957 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
199.294 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

new:
693.941 bin/packages/mips_24kc/base/libopenssl1.0.0_1.0.2q-2_mips_24kc.ipk
193.827 bin/packages/mips_24kc/base/openssl-util_1.0.2q-2_mips_24kc.ipk

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-12 21:14:46 +01:00
Felix Fietkau
b044b52ab9 base-files: fix ucert verification
ucert needs to check the firmware part with metadata, but without the signature.
Use the new fwtool mode to extract that without altering the firmware image inside
the check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-12 16:42:03 +01:00
Felix Fietkau
8f4e31ea6e fwtool: add support for extracting the truncated data part to stdout
This allows extracing the firmware + metadata from a signed firmware without
altering the original image file

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-12 16:41:38 +01:00
Felix Fietkau
d5681e45f0 fwtool: do not strip metadata if extracting signature
This allows the signature to cover the metadata area

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-12 16:41:38 +01:00
Felix Fietkau
db93949aa3 hostapd: fix race condition in mesh new peer handling
Avoid trying to add the same station to the driver multiple times

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-12 15:12:35 +01:00
Felix Fietkau
6a15077e2d hostapd: send wpa_supplicant logging output to syslog
Helpful for debugging network connectivity issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-12 15:12:35 +01:00
Rafał Miłecki
9485ea721e mac80211: brcmfmac: backport early changes queued for the Linux 5.1
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-02-12 14:18:18 +01:00
Rafał Miłecki
0994e65c6a mac80211: brcmfmac: backport remaining patches from the Linux 5.0
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-02-12 13:50:40 +01:00
Tony Ambardar
248797834b iproute2: tc: reduce size of dynamic symbol table
In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all*
symbols into the dynamic symbol table. Instead, use --dynamic-list to
export a smaller set of symbols similar to that defined in static-syms.h
in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase.

Also increment PKG_RELEASE.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-02-11 20:18:48 +00:00
Tony Ambardar
fc80ef3613 iproute2: tc: enable and fix support for using .so plugins
This enables using the tc module m_xt.so, which uses the act_ipt kernel
module to allow tc actions based on iptables targets. e.g.

   tc filter add dev eth0 parent 1: prio 10 protocol ip \
   u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE

Make the SHARED_LIBS parameter configurable and based on tc package
selection.

Fix a problem using the tc m_xt.so plugin as also described in
https://bugs.debian.org/868059:

  Sync include/xtables.h from iptables to make sure the right offset is
  used when accessing structure members defined in libxtables. One could
  get “Extension does not know id …” otherwise. (See also: #868059)

Patch to sync the included xtables.h with system iptables 1.6.x. This
continues to work with iptables 1.8.2.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-02-11 20:18:48 +00:00
Tony Ambardar
26681fa6a6 iproute2: simplify linking libelf for eBFP/XDP object file support
Simplify build and runtime dependencies on libelf, which allows tc and ip
to load BPF and XDP object files respectively.

Preserve optionality of libelf by having configuration script follow the
HAVE_ELF environment variable, used similarly to the HAVE_MNL variable.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-02-11 20:18:48 +00:00
Tony Ambardar
e6d84fa886 iproute2: use tc package variant to limit other package sizes
Replace the old 'tc' with a singleton package variant which will be used
to enable additional functionality and limit it only to tc. Non-variant
packages will only be installed during 'tiny' variant builds, hence will
be configured without extra features, thus preserving previously limited
functionality and reduced package sizes.

Also set ip-tiny as the default variant, and install 'tiny' versions of
development libraries.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-02-11 20:18:48 +00:00
Tony Ambardar
bc86da377c iproute2: simplify Makefile, patches and fix feature detection
Compile-based feature detection (e.g. xtables, ipset support) was broken
due to silent compilation errors in the configure script, caused by a
Makefile variable KERNEL_INCLUDE referring to kernel build headers. Use
userspace headers by setting the same "user_headers" kernel include path
as used for the iptables build.

Remove redundant or unused Build/Configure definitions from package
Makefile, including KERNEL_INCLUDE, LIBC_INCLUDE and DBM includes.

Don't pass LDFLAGS within MAKE_FLAGS as this interferes with LDFLAGS in
tc/Makefile and masks a link parameter ("-Wl,-export-dynamic"). Instead,
use standard TARGET_LDFLAGS.

Replace EXTRA_CCOPTS in MAKE_FLAGS with cleaner TARGET_CPPFLAGS, and also
drop now unneeded patch 150-extra-ccopts.patch.

Enable defining XT_LIB_DIR from Makefile, needed to set the iptables
modules directory to something other than /lib/xtables, and also add
libxtables dependency. Both are needed with working xtables detection.
Note that libxtables is also pulled in by iptables, firewall or luci, so
this change has no size impact in most cases.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-02-11 20:18:48 +00:00
Tony Ambardar
43e14a2f9e iproute2: fix broken configuration patch
Since v4.13, iproute2 switched to a config.mk file with greater use of
pkg-config for library/feature detection. Replace the old Config patch
with one modifying the configure script but enabling the same changes:
 - explicitly disable TC_CONFIG_ATM
 - rely on feature detection for IP_CONFIG_SETNS and TC_CONFIG_XT

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-02-11 20:18:48 +00:00
Tony Ambardar
d741b31eb8 base-files: enable BPF JIT sysctl by default
Set net.core.bpf_jit_enable=1 in /etc/sysctl.d/10-default.conf.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-02-11 20:18:48 +00:00
Tony Ambardar
ebcd5226cc kernel/modules: add kmod-bpf-test package
Add the test_bpf module that runs various test vectors against the BPF
interpreter or BPF JIT compiler. The module must be manually loaded, as
with the kmod-crypto-test module which serves a similar purpose.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-02-11 20:18:48 +00:00
Tony Ambardar
6be23e91b6 kernel/modules: add kmod-sched-bpf package
Add cls_bpf and act_bpf modules for additional tc classifier and action
support of cBPF and eBPF.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-02-11 20:18:48 +00:00
Tony Ambardar
cd465e3414 kernel/modules: add kmod-sched-ipset package
Add em_ipset module to support tc filter classification by IP set. Build
as a standalone package to help avoid pulling in rest of kmod-sched and
isolate new dependency on kmod-ipt-ipset.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-02-11 20:18:48 +00:00
Tony Ambardar
59b58ad4c8 kernel/modules: kmod-sched: add some common, useful actions
Add act_pedit, act_csum, act_gact and act_simple modules for additional
tc action support. Module act_simple helps with debug and logging, similar
to iptables LOG target, while act_gact provides common generic actions.
Modules act_pedit and act_csum support general packet mangling, and have
been the subject of feature requests and forum discussions (e.g. DSCP),
as well as being added to the Turris OS fork of OpenWrt ~2 years ago.

Also select dependency kmod-lib-crc32c to support act_csum.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-02-11 20:18:48 +00:00
Tony Ambardar
f54e9f183e kernel/modules: kmod-sched-core: add missing dependency, useful module
All tc ematch modules, including those in kmod-sched-core and kmod-sched,
use cls_basic as a core dependency. Relocate cls_basic from kmod-sched to
kmod-sched-core to avoid requiring kmod-sched unnecessarily.

This change is also backwards compatible since any past tc ematch users
will have had to install both kmod-sched-core and kmod-sched anyway.

Add the matchall kernel module cls_matchall introduced in kernel 4.8. The
matchall classifier matches every packet and allows the user to apply
actions on it. It is a simpler, more efficient replacement for the common
but cryptic tc classifier idiom "u32 match u32 0 0".

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-02-11 20:18:48 +00:00
Sven Eckelmann
2b51d8591f mac80211: ath10k: support for management rate control
Issues a wmi command to firmware when multicast rate change is received with the
new BSS_CHANGED_MCAST_RATE flag.  Also fixes the incorrect fixed_rate setting
for CCK rates which got introduced with addition of ath10k_rates_rev2 enum.

By default the firmware uses 1Mbps and 6Mbps rate for management packets
in 2G and 5G bands respectively. But when the user selects different
basic rates from the userspace, we need to send the management
packets at the lowest basic rate selected by the user.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-02-11 19:02:42 +01:00
Sven Eckelmann
835fc08ae3 ath10k-ct: support for management rate control
By default the firmware uses 1Mbps and 6Mbps rate for management packets
in 2G and 5G bands respectively. But when the user selects different
basic rates from the userspace, we need to send the management
packets at the lowest basic rate selected by the user.

This change makes use of WMI_VDEV_PARAM_MGMT_RATE param for configuring the
management packets rate to the firmware.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-02-11 19:02:41 +01:00
Christian Lamparter
465044d0fd ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

2019-02-08:
  Fix rate-ctrl assert related to bad logic that tried to guess
  that lower bandwidth probes were automatically successful if
  higher was. The NSS mismatch that can happen here caused the
  assert. Just comment out the offending code
  (per comment from original QCA code). This is bug 69.

2019-02-10:
  Fix bssid mis-alignment that broke 4-addr vlan mode (bug 67).
  Original buggy commit was
  commit 2bf89e70ecd1 ("dev-ds: Better packing of wal_vdev struct.")

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-02-11 19:02:41 +01:00
Rafał Miłecki
83bcacb521 mac80211: brcmfmac: fix a possible NULL pointer dereference
This fixes a possible crash in the brcmf_fw_request_nvram_done():
[   31.687293] Backtrace:
[   31.689760] [<c004fb4c>] (__wake_up_common) from [<c004fc38>] (__wake_up_locked+0x1c/0x24)
[   31.698043]  r10:c6794000 r9:00000009 r8:00000001 r7:bf54dda0 r6:a0000013 r5:c78e7d38
[   31.705928]  r4:c78e7d3c r3:00000000
[   31.709528] [<c004fc1c>] (__wake_up_locked) from [<c00502a8>] (complete+0x3c/0x4c)
[   31.717148] [<c005026c>] (complete) from [<bf54590c>] (brcmf_fw_request_nvram_done+0x5c8/0x6a4 [brcmfmac])
[   31.726818]  r7:bf54dda0 r6:c6794000 r5:00001990 r4:c6782380
[   31.732544] [<bf545344>] (brcmf_fw_request_nvram_done [brcmfmac]) from [<c0204e40>] (request_firmware_work_func+0x38/0x60)
[   31.743607]  r10:00000008 r9:c6bdd700 r8:00000000 r7:c72c3cd8 r6:c67f4300 r5:c6bda300
[   31.751493]  r4:c67f4300
[   31.754046] [<c0204e08>] (request_firmware_work_func) from [<c0034458>] (process_one_work+0x1e0/0x318)
[   31.763365]  r4:c72c3cc0
[   31.765913] [<c0034278>] (process_one_work) from [<c0035234>] (worker_thread+0x2f4/0x448)
[   31.774107]  r10:00000008 r9:00000000 r8:c6bda314 r7:c72c3cd8 r6:c6bda300 r5:c6bda300
[   31.781993]  r4:c72c3cc0
[   31.784545] [<c0034f40>] (worker_thread) from [<c003984c>] (kthread+0x100/0x114)
[   31.791949]  r10:00000000 r9:00000000 r8:00000000 r7:c0034f40 r6:c72c3cc0 r5:00000000
[   31.799836]  r4:c735dc00 r3:c79ed540
[   31.803438] [<c003974c>] (kthread) from [<c00097d0>] (ret_from_fork+0x14/0x24)
[   31.810672]  r7:00000000 r6:00000000 r5:c003974c r4:c735dc00
[   31.816378] Code: e5b53004 e1a07001 e1a06002 e243000c (e5934000)
[   31.822487] ---[ end trace a0ffbb07a810d503 ]---

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-02-11 11:28:03 +01:00
Hans Dedecker
630a363936 vti: remove setting default firewall zone to wan
Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set
default firewall zone to wan as the firewall zone for the vti interface
can be configured in the firewall config or it makes it impossible not to
specify a firewall zone for the vti interface.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-09 21:04:36 +01:00
Hans Dedecker
7f33f3d712 ipip: remove setting default firewall zone to wan
Same reasoning as in bdedb798150a58ad7ce3c4741f2f31df97e84c3f; don't set
default firewall zone to wan as the firewall zone for the ipip interface
can be configured in the firewall config or it makes it impossible not to
specify a firewall zone for the ipip interface.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-09 21:04:08 +01:00
Felix Fietkau
61e01f248e base-files: do not strip fwtool signature data during check
Same reason as in commit 9808bd2799 -
sysupgrade --test must not alter the image in any way

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-09 14:34:24 +01:00
Daniel Golle
f9850e9d2c mac80211: rt2x00: remove patch causing low tx power
Remove 980-rt2x00-reduce-power-consumption-on-mt7620.patch which in
combination with the most recently added patch reportedly causes TX
power to be too weak.

"without patches rssi on receiver is ~ -23dBm with 980 about -35dBm,
with both patches drops below -40dBm. with 987 only ~-28dBm"

We may need to reconsider this once we have implemented TSSI.

Fixes: cdb58b2bfe ("mac80211: rt2x00: reduce tx power to nominal level on RT6352")
Reported-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-02-08 13:13:39 +01:00
Deng Qingfang
39273b849f curl: bump to 7.64.0
Fixed CVEs:

CVE-2018-16890
CVE-2019-3822
CVE-2019-3823

For other changes in version 7.64.0 see https://curl.haxx.se/changes.html#7_64_0

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-02-08 08:37:24 +01:00
Daniel Golle
cdb58b2bfe mac80211: rt2x00: reduce tx power to nominal level on RT6352
Current implementation of RT6352 support provides too high tx power
at least on iPA/eLNA devices. Reduce amplification of variable gain
amplifier by 6dB to match board target power of 17dBm.
Transmited signal strength with this patch is similar to that of
stock firmware or pandorabox firmware. Throughput measured with iperf
improves. Device tested: Xiaomi Miwifi Mini.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-02-08 00:08:58 +01:00
Florian Eckert
bdedb79815 gre: remove setting default firewall zone to wan
There are two problems with this behaviour that the zone is set to wan
if no zone config option is defined in the interface section.

* The zone for the interface is "normally" specified in the firewall
config file. So if we have defined "no" zone for this interface zone
option is set now to "wan" additonaly if we add the interface in the firewall
config section to the "lan" zone, the interface is added to lan and wan at once.

iptables-save | grep <iface>

This is not what I expect.

* If I do not want to set a zone to this interface it is not possible.

Remove the default assigment to wan if no zone option is defined.
If some one need the option it stil possible to define this option.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-02-07 21:58:07 +01:00
Hauke Mehrtens
f34eeeeb9a nat46: Fix mirror hash
The package hash does not match the one of the package found on the
mirrors and which is generated when I do the git clone.

Fixes: 4856fa30a6 ("nat46: import for routing, add myself as maintainer")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-07 11:15:11 +01:00
Koen Vandeputte
5a8d03ceeb ath10k-firmware: update Candela Tech firmware images
*  Jan 2, 2019
Rebase patches to make 9980 bisectable.

*  Jan 2, 2019
Fix scheduling related assert when wal-peer is deleted with pending
tx buffers (bug 54, and others)

*  Jan 7, 2019:
Fix specifying retransmits for AMPDU frames.  It was previously ignored
since it is a 'software' retransmit instead of a hardware retransmit.

*  Jan 9, 2019
Fix potential way to get zero rates selected (and then assert)

*  Jan 18, 2019
pfsched has specific work-around to just return if we find invalid flags AND
if we are in an out-of-order situation.  Maybe this is last of the pfsched
related issues (bug 54 and similar).

*  Jan 24, 2019
The rcSibUpdate method can be called concurrently with IRQ tx-completion callback,
and that could potentially allow the tx-completion callback to see invalid state
and assert or otherwise mess up the rate-ctrl logic.  So, disable IRQs in
rcSibUpdate to prevent this.  Related to bug 58.

*  Jan 28, 2019
Ensure that cached config is applied to ratectrl objects when fetched from
the cache.  This should fix part of bug 58.

*  Jan 28, 2019
Ensure that ratectrl objects from cachemgr are always initialized.  This fixes
another part of bug 58.

*  Jan 30, 2019
Better use of temporary rate-ctrl object.  Make sure it is initialized, simplify
code path.  This finishes up porting forward similar changes I made for wave-1
firmware long ago, and fixes another potential way to hit bug-58 issues.

*  Jan 30, 2019
Cachemgr did not have a callback for when memory was logically freed.  This means
that peers could keep stale references to rate-ctrl objects that were in process
of being DMA'd into to load a different peer's rate-ctrl state.  This was causing
the bugcheck logic to fail early and often, and I suspect it might be a root cause
of bug 58 as well.  The fix is to add a callback and set any 'deleted' memory references
to NULL so that we cannot access it accidentally.  Thanks to excellent logs and patience
from the bug-58 reporter!

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-02-04 12:09:35 +01:00
Felix Fietkau
646d28f996 mt76: update to the latest version
a9d4c0e mt76: mt76x2: avoid running DPD calibration if tx is blocked
4d7e13f mt76: explicitly disable energy detect cca during scan
e3c1aad mt76: run MAC work every 100ms
4e8766a mt76: clear CCA timer stats in mt76x02_edcca_init
e301f23 mt76: measure the time between mt76x02_edcca_check runs
74075ef mt76: increase ED/CCA tx block threshold

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-03 20:45:56 +01:00
Petr Štetiar
3b40121530 kernel: Fix drm dependency on drm_panel_orientation_quirks.ko for 4.19
Package kmod-drm is missing dependencies for the following libraries:

 drm_panel_orientation_quirks.ko

It seems, that since Linux 4.15-rc2 drm depends on drm_panel_orientation_quirks.ko

 commit 8d70f395e6cbece665b12b4bf6dbc48d12623014
 Author: Hans de Goede <j.w.r.degoede@gmail.com>
 Date:   Sat Nov 25 20:35:49 2017 +0100

    drm: Add support for a panel-orientation connector property, v6

    On some devices the LCD panel is mounted in the casing in such a way that
    the up/top side of the panel does not match with the top side of the
    device (e.g. it is mounted upside-down).

    This commit adds the necessary infra for lcd-panel drm_connector-s to
    have a "panel orientation" property to communicate how the panel is
    orientated vs the casing.

    Userspace can use this property to check for non-normal orientation and
    then adjust the displayed image accordingly by rotating it to compensate.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-02-01 17:35:34 +01:00
Felix Fietkau
efa6b8b6b6 mt76: update to the latest version
a4ec45c mt7603: fix LED support (copy CFLAGS from main Makefile)
edda5c5 mt76x02: use mask for vifs
dd52191 mt76x02: use commmon add interface for mt76x2u
a80acaf mt76x02: initialize mutli bss mode when set up address
38e832d mt76x02: minor beaconing init changes
171adaf mt76x02: init beacon config for mt76x2u
dcab682 mt76: beaconing fixes for USB
ff81de1 mt76x02: enable support for IBSS and MESH
8027b5d mt7603: remove copyright headers
e747e80 mt76: fix software encryption issues
2afa0d7 mt7603: remove WCID override for software encrypted frames

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-31 23:22:16 +01:00
Hans Dedecker
8399ee4543 netifd: handle hotplug event socket errors
5cd7215 system-linux: handle hotplug event socket ENOBUFS errors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-31 22:14:55 +01:00
Sven Roederer
6e575fa9d6 openssl: update list of mirrors
Host "gd.tuwien.ac.at" does not exists anymore, so we replace it by "ftp.pca.dfn.de" from the official list of mirrors.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2019-01-31 21:21:49 +01:00
Andre Heider
4b403821c6
uboot-omap: add 'rootwait' to the kernel cmdline
Some SD cards take a while to get detected, fix booting of those.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2019-01-31 14:07:00 +01:00
Kevin Darbyshire-Bryant
352db3e62a dnsmasq: latest pre-2.81 patches
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-01-31 10:13:05 +00:00
Jo-Philipp Wich
40bb2ae211 opkg: update to latest Git head
d4ba162 libopkg: only perform size check when information is available

Fixes: e079591b84 ("opkg: update to latest Git head")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-31 10:23:20 +01:00
Jo-Philipp Wich
e079591b84 opkg: update to latest Git head
cb66403 libopkg: check for file size mismatches

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-31 08:52:51 +01:00
Felix Fietkau
f665fb058f mt76: update to the latest version
c3da1aa mt7603: trigger beacon stuck detection faster
7a53138 mt7603: trigger watchdog reset if flushing CAB queue fails
6eef33b mt7603: remove mt7603_txq_init
ae30c30 mt76: add driver callback for when a sta is associated
0db925f mt7603: update HT/VHT capabilities after assoc
b5ac8e4 mt7603: initialize LED callbacks only if CONFIG_MT76_LEDS is set
c989bac mt76x0: eeprom: fix chan_vs_power map in mt76x0_get_power_info
24bd2c0 mt76x0: phy: report target_power in debugfs
bc7ce2a mt76x0: init: introduce mt76x0_init_txpower routine

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-30 15:17:23 +01:00
Günther Kelleter
c3389ab135 base-files: config_get: prevent filename globbing
When config_get is called as "config_get section option" the option
is unexpectedly globbed by the shell which differs from the way options
are read to a variable with "config_get variable section option".
Add another layer of double quotes to fix it.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
2019-01-30 13:20:14 +01:00
Val Kulkov
ed514e7f9e busybox: keep syslog.conf during sysupgrade
If a user finds that logd is too barebone for their needs and wishes
to have more control over syslog, the user presently has an option
to enable CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG and configure syslog
with settings in /etc/syslog.conf.

Presently /etc/syslog.conf silently disappears on sysupgrade. This
patch prevents such unwanted behaviour if busybox syslog is enabled
via CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
2019-01-30 12:30:03 +01:00
Sven Roederer
989060478a openssl: bump to 1.0.2q
This fixes the following security problems:
 * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication
 * CVE-2018-0734: Timing vulnerability in DSA signature generation
 * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
2019-01-30 11:59:46 +01:00
Jo-Philipp Wich
c6aa9ff388 uhttpd: disable concurrent requests by default
In order to avoid straining CPU and memory resources on lower end devices,
avoid running multiple CGI requests in parallel.

Ref: https://forum.openwrt.org/t/high-load-fix-on-openwrt-luci/29006
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-30 10:12:00 +01:00
Hans Dedecker
a3ccac6b1d iproute2: drop libbsd dependency
As the usage of libbsd is no longer limited to glibc, prevent libbsd
being picked up by removing the dependency on libbsd.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-29 14:00:13 +01:00
Felix Fietkau
4443804b54 wpa_supplicant: fix calling channel switch via wpa_cli on mesh interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-29 11:27:13 +01:00
Felix Fietkau
ae6b5815cd hostapd: add support for passing CSA events from sta/mesh to AP interfaces
Fixes handling CSA when using AP+STA or AP+Mesh

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-29 11:27:06 +01:00
Felix Fietkau
e1496d631e mac80211: fix an issue with allocated tailroom for encrypted mgmt packets
Fixes kernel warnings and connectivity issues in encrypted mesh networks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-29 11:12:11 +01:00
Hans Dedecker
617e414643 map: depend on nat46, provide map-t
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-27 18:39:55 +01:00
Hans Dedecker
633cac0cb4 464xlat: import from routing, add myself as maintainer
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-27 18:39:18 +01:00
Hans Dedecker
4856fa30a6 nat46: import for routing, add myself as maintainer
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-27 18:29:52 +01:00
Michael Heimpold
268b5bec80 mbedtls: Kconfig option to enable/disable debug functions
This introduces a new Kconfig option to switch on/off mbedtls' support
for debug functions.

The idea behind is to inspect TLS traffic with Wireshark for debug
purposes. At the moment, there is no native or 'nice' support for
this, but at
68aea15833
an example implementation can be found which uses the debug functions
of the library. However, this requires to have this debug stuff enabled
in the library, but at the moment it is staticly patched out.

So this patch removes the static part from the configuration patch
and introduces a dynamic config file editing during build.

When enabled, this heavily increases the library size, so I added
a warning in the Kconfig help section.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-01-27 01:04:53 +01:00
Deng Qingfang
e8f2302516 mbedtls: update to 2.16.0
Refresh patch

https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.0-2.7.9-and-2.1.18-released

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-01-27 01:04:53 +01:00
Karl Pálsson
04b418ac84 kernel: add kmod-usb-gadget-cdc-composite
This builds the "g_cdc" gadget module, providing ethernet+serial.

Signed-off-by: Karl Pálsson <karlp@etactica.com>
2019-01-27 01:04:37 +01:00
Hauke Mehrtens
fd5c168701 kernel: Build: Split kmod-regmap
This reduces the needed modifications to the mainline Linux kernel and
also makes the regmap package work with an out of tree kernel which
does not have these modifications.

The regmap-core is only added when it is really build as a module.
The regmap-core is normally bool so it cannot be built as a module in an
unmodified kernel. When it is selected by on other kernel module it will
always be selected as build in and it also does not show up in
$(LINUX_DIR)/modules.builtin as it is not supposed to be a kernel module.
When it is not in $(LINUX_DIR)/modules.builtin the build system expects
it to be built as a .ko file.
Just check if the module is really there and only add it in that case.

This splits the regmap package into multiple packages, one for each bus type.
This way only the bus maps which are really needed have to be added.
This also splits the I2C, SPI and MMIO regmap into separate packages to not
require all these subsystems to build them, on an unmodified upstream kernel
this also causes problems in some situations.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-01-27 00:16:13 +01:00
Rosen Penev
8fd5091696 e2fsprogs: Update to 1.44.5
Added e4crypt tool for encrypting files and directories. To work properly
requires kernel and work on keyutils. That will be done in a future commit

Some top-level reorganization for consistency between packages.

Tested on GnuBee PC1 (mt7621).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-01-26 23:11:49 +01:00
Petr Štetiar
c2bdd018a3 uboot-imx6: Bump to 2019.01
Build tested: apalis, mx6sabresd, nitrogen6dl, nitrogen6dl2g, nitrogen6q,
              nitrogen6q2g, nitrogen6s, nitrogen6s1g, wandboard

Run tested: apalis (pending PR #1595)

Cc: Felix Fietkau <nbd@nbd.name>
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-01-26 21:46:32 +01:00
Michael Heimpold
52d7a1d3b2 uboot-mxs: bump to v2019.01
Also update the U-Boot BSP patch for I2SE Duckbill devices.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-01-26 21:46:32 +01:00
David Bauer
28cd2caa35 base-files: sysupgrade: support additional mtd options
Add support for passing additional parameters to mtd called during
sysupgrade. It will be required to toggle the "recovery moe" flag
supported by recent tp-link boards.

Signed-off-by: David Bauer <mail@david-bauer.net>
[split code from board support patch; add commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2019-01-26 21:46:32 +01:00
David Bauer
1e06482f7d mtd: add logic for TP-Link ramips recovery magic
This adds an option to set the recovery flag of newer TP-Link MediaTek
boards and remove it after a successful write.

To make use of this feature, add the '-t' option to mtd-write.

The '-t' option takes the mtd partition containing the recovery flag
(usually 'romfile') as an argument. Make sure this partition is not
flagged as read-only!

Example:
 > mtd -t romfile write owrt.bin firmware

This command writes the recovery-flag before it begins writing the image
to the firmware partition. After the image-write has been successful,
the recovery flag is removed.

This way, the TP-Link web-recovery is automatically enabled on an
unsucessful flash (e.g. power loss).

This option is only available if the mtd package is compiled for the
ramips target.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-01-26 21:46:32 +01:00
Oever González
c43acdf342 mtd: add linksys_bootcount to the ipq40xx target
This commit adds the object 'linksys_bootcount_fix.o' to the ipq40xx
target.

This is needed for the Linksys EA6350v3 device. Without this patch, the
device will switch-back between the current and the last flashed firmware
every 3 (three) reboots. With this patch, the device works as expected.

Signed-off-by: Ryan Pannell <ryan@osukl.com>
Signed-off-by: Oever González <notengobattery@gmail.com>
2019-01-26 21:43:06 +01:00
Oever González
ad3e667539 uboot-envtools: add support for Linksys EA6350v3
This commit adds support for the Linksys EA6350v3 device in the ipq40xx
target.

This is needed for uboot-envtools to access the environment. Without this
patch, the Linksys EA6350v3 will not be able to access the uboot
environment. As a side effect, the feature auto_recovery will make the
device unstable by switching between the latest and the current firmware.

Signed-off-by: Ryan Pannell <ryan@osukl.com>
Signed-off-by: Oever González <notengobattery@gmail.com>
2019-01-26 21:43:04 +01:00
Oever González
fb7b8d5ad3 ipq-wifi: add support for Linksys EA6350v3
This commit adds support for the Linksys EA6350v3 device in the ipq-wifi
target.

Without this patch, the Linksys EA6350v3 won't be hable to have fully
functional wireless interfaces. This is not permanent: the board data has
already been sent to ath10k _at_ lists _dot_ infradead _dot_ org

Signed-off-by: Ryan Pannell <ryan@osukl.com>
Signed-off-by: Oever González <notengobattery@gmail.com>
2019-01-26 21:42:57 +01:00
Oever González
69aa1c5ac0 mac80211: ath: add extra 'regulatory domains'
This patch adds several country codes to the regd.h and regd_common.h
files in order to support devices whose country codes are not present in
the original list.

Without this patch, all devices whose manufacturer programmed any of these
code in their EEPROM will run without wireless interfaces.

Signed-off-by: Oever González <notengobattery@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [matched signed-off]
2019-01-26 21:41:04 +01:00
Christian Lamparter
47c3ada44a uboot-fritz4040: update package to 2019-01-25
David Bauer reported a u-boot crash (data abort) at a odd
place (byteswap) when he ran ping/tftp on his 7530.

|(FRITZ7530) # ping 192.168.1.70
|eth0 PHY0 up Speed :1000 Full duplex
|eth0 PHY1 Down Speed :10 Half duplex
|eth0 PHY2 Down Speed :10 Half duplex
|eth0 PHY3 Down Speed :10 Half duplex
|eth0 PHY4 Down Speed :10 Half duplex
|Using eth0 device
|data abort
|pc : [<84234774>]      lr : [<842351a4>]
|sp : 8412fdb0  ip : 0000009b     fp : 00000000
|r10: 00000000  r9 : 00000001     r8 : 8412ff68
|r7 : 00000000  r6 : 0000002a     r5 : 84244e90  r4 : 8425e28e
|r3 : 84244e90  r2 : 14000045     r1 : 8412fdb0  r0 : 8425e28e
|Flags: nZCv  IRQs off  FIQs off  Mode SVC_32
|Resetting CPU ...
|
|resetting ...

This issue is caused by switch from gcc 5.5 to 7.1+ as explained
in the upstream patch:

|From a768e513b07b5999a8e7d7740ac8d9da04ee7e51 Mon Sep 17 00:00:00 2001
|From: Denis Pynkin <denis.pynkin@collabora.com>
|Date: Fri, 21 Jul 2017 19:28:42 +0300
|Subject: [PATCH] net: Use packed structures for networking
|
|PXE boot is broken with GCC 7.1 due option '-fstore-merging' enabled
|by default for '-O2':
|
|BOOTP broadcast 1
|data abort
|pc : [<8ff8bb30>]          lr : [<00004f1f>]
|reloc pc : [<17832b30>]    lr : [<878abf1f>]
|sp : 8f558bc0  ip : 00000000     fp : 8ffef5a4
|r10: 8ffed248  r9 : 8f558ee0     r8 : 8ffef594
|r7 : 0000000e  r6 : 8ffed700     r5 : 00000000  r4 : 8ffed74e
|r3 : 00060101  r2 : 8ffed230     r1 : 8ffed706  r0 : 00000ddd
|Flags: nzcv  IRQs off  FIQs off  Mode S
|
|Core reason is usage of structures for network headers without packed
|attribute.

Reported-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-01-26 21:09:12 +01:00
David Bauer
b368373fab mpc85xx: add support for OCEDO Panda
CPU:   FSL P1020 (2x 800MHz E500 PPC)
RAM:   1GB DDR3
FLASH: 256MiB NAND
WiFi:  2x Atheros AR9382 2x2:2 abgn
ETH:   2x BCM54616S - 1x BCM53128 8-port switch
LED:   5x LEDs (Power, WiFi1, WiFi2, N/D, SYS)
BTN:   1x RESET

Installation
------------

1. Download initrams kernel image, dtb binary and sysupgrade image.

2. Place initramfs kernel into tftp root directory. Rename to
"panda-uimage-factory".

3. Place dtb binary into tftp root directory. Rename to "panda.fdt".

4. Start tftp server on 192.168.100.8/24.

5. Power up the device with the reset button pressed. It will download
the initrams and dtb via tftp and boot into OpenWRT in RAM.

6. SSH into the device and remove the factory partitions.

 > ubirmvol /dev/ubi0 --name=kernel1
 > ubirmvol /dev/ubi0 --name=rootfs1
 > ubirmvol /dev/ubi0 --name=devicetree1

You will have around 60 MiB of free space with that.

You can also delete "kernel2", "devicetree2", "rootfs2" and "storage"
respectively in case you do not want to go back to the vendor firmware.

7. Modify the U-Boot bootcmd to allow for booting OpenWRT

 > fw_setenv bootcmd_owrt "ubi part ubi && ubi read 0x1000000 kernel
   && bootm 0x1000000"

 > fw_setenv bootargs_owrt "setenv bootargs console=ttyS0,115200
   ubi.mtd=3,2048"

 > fw_setenv bootcmd "run bootargs_owrt; run bootcmd_owrt"

8. Transfer the sysupgrade image via scp into the /tmp directory.

9. Upgrade the device

 > sysupgrade -n /tmp/<imagename>

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-01-26 17:10:19 +01:00
Felix Fietkau
0465e41e05 mt76: update to the latest version
3e9a7d5 Revert "mt7603: fix txd q_idx field value"
815fd03 mt7603: fix CCA timing values
b35cc8e mt7603: set timing on channel change before starting MAC
79b337c mt7603: move CF-End rate update to mt7603_mac_set_timing
3df341d mt7603: avoid redundant MAC timing updates
1c751f3 mt76: avoid scheduling tx queues for powersave stations
2efa389 mt7603: limit station power save queue length to 64
63a79ff mt76: do not report out-of-range rx nss
fe30bd3 mt7603: issue PSE reset on tx hang
ce8cc5d mt7603: issue PSE client reset on init
e342cc5 mt7603: fix buffered multicast count register
aa470d8 mt7603: fix buffered multicast queue flush
b4ee01f mt76: fix tx status timeout processing
7d00d58 mt76x02: fix per-chain signal strength reporting
64abb35 mt76: fix corrupted software generated tx CCMP PN
0b939dc mt76: fix resetting software IV flag on key delete

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-25 23:50:17 +01:00
Jo-Philipp Wich
f4d6e8f98f libelf: fix library packaging
The library has an usual shared object file name, which caused the
install glob pattern to miss the actual so.

Fixes: #2082
Fixes; 0e70f69a35 ("treewide: revise library packaging")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-25 18:59:46 +01:00
Martin Schiller
eaaee181d1 ppp: update to version 2.4.7.git-2018-06-23
This bumps ppp to latest git version.

There is one upstream commit, which changes DES encryption calls from
libcrypt / glibc to openssl.

As long as we don't use glibc-2.28, revert this commit.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2019-01-25 14:55:46 +01:00
Hans Dedecker
e906a75e67 procd: update to latest git HEAD
e2b055e hotplug.c: Make sure hotplug buffer is NULL terminated

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-24 22:54:13 +01:00
Christian Lamparter
13251aa92b mac80211: ath10k: remove "ath10k: fix otp failure result" patch
Initially this patch was introduced as a quick fix following
the removal of 936-ath10k_skip_otp_check.patch which caused
multiple ath10k pcie devices in various ipq806x and ar71xx/ath79
targets to malfunction.

Thankfully, the affected devices have been updated to utilize
the pre-caldata method. And finally with the switch to ath10k-ct,
which never had the patch or any reports of similar issues, I
think it's time to remove this patch since it is no longer needed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-01-24 15:53:02 +01:00
Jo-Philipp Wich
b1781d5841 iproute2: replace libelf1 dependency with libelf
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 12:56:31 +01:00
Jo-Philipp Wich
8d13529536 perf: replace libelf1 dependency with libelf
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 12:56:11 +01:00
Jo-Philipp Wich
d7bf0898a8 elfutils: rename libelf1 to libelf
The ABI_VERSION:=1 tag will take care of transforming the binary
library package basename.

Add a virtual PROVIDES:=libelf1 for packages still having libelf1
in their DEPENDS:=... lists.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 12:52:23 +01:00
Jo-Philipp Wich
0e70f69a35 treewide: revise library packaging
- Annotate versionless libraries (such as libubox, libuci etc.) with a fixed
  ABI_VERSION resembling the source date of the last incompatible change
- Annotate packages shipping versioned library objects with ABI_VERSION
- Stop shipping unversioned library symlinks for packages with ABI_VERSION

Ref: https://openwrt.org/docs/guide-developer/package-policies#shared_libraries
Ref: https://github.com/KanjiMonster/maintainer-tools/blob/master/check-abi-versions.pl
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 10:39:30 +01:00
Jo-Philipp Wich
68b29a7a95 uclient: set fixed ABI_VERSION on libuclient
Last incompatible change appeared to be 4924411
("http: add proper error handling to uclient_http_redirect()") which
changed the return value of uclient_http_redirect() from bool to int.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 10:39:29 +01:00
Jason A. Donenfeld
bbcd0634f8 wireguard: bump to 0.0.20190123
* tools: curve25519: handle unaligned loads/stores safely

This should fix sporadic crashes with `wg pubkey` on certain architectures.

* netlink: auth socket changes against namespace of socket

In WireGuard, the underlying UDP socket lives in the namespace where the
interface was created and doesn't move if the interface is moved. This
allows one to create the interface in some privileged place that has
Internet access, and then move it into a container namespace that only
has the WireGuard interface for egress. Consider the following
situation:

1. Interface created in namespace A. Socket therefore lives in namespace A.
2. Interface moved to namespace B. Socket remains in namespace A.
3. Namespace B now has access to the interface and changes the listen
port and/or fwmark of socket. Change is reflected in namespace A.

This behavior is arguably _fine_ and perhaps even expected or
acceptable. But there's also an argument to be made that B should have
A's cred to do so. So, this patch adds a simple ns_capable check.

* ratelimiter: build tests with !IPV6

Should reenable building in debug mode for systems without IPv6.

* noise: replace getnstimeofday64 with ktime_get_real_ts64
* ratelimiter: totalram_pages is now a function
* qemu: enable FP on MIPS

Linux 5.0 support.

* keygen-html: bring back pure javascript implementation

Benoît Viguier has proofs that values will stay well within 2^53. We
also have an improved carry function that's much simpler. Probably more
constant time than emscripten's 64-bit integers.

* contrib: introduce simple highlighter library

This is the highlighter library being used in:
- https://twitter.com/EdgeSecurity/status/1085294681003454465
- https://twitter.com/EdgeSecurity/status/1081953278248796165

It's included here as a contrib example, so that others can paste it into
their own GUI clients for having the same strictly validating highlighting.

* netlink: use __kernel_timespec for handshake time

This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23 18:06:49 +01:00
Deng Qingfang
752bd72668 iproute2: update to 4.20.0
Update to the latest version of iproute2; see https://lwn.net/Articles/776174/
for a full overview of the changes in 4.20.
Remove upstream patch 001-fix-print_0xhex-on-32-bit.patch and 002-tc-fix-xtables-incorrect-usage-of-LDFLAGS.patch
Introduce a patch to include <linux/limits.h> for XATTR_SIZE_MAX in tc

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-01-23 17:55:21 +01:00
Andy Walsh
45a2771953 uboot-ar71xx: fix musl host build
On musl based distributions, u-boot 2010.03 fails to build with:

    u-boot-2010.03/include/u-boot/crc.h:29:50: error: unknown type name 'uint'
      uint32_t crc32 (uint32_t, const unsigned char *, uint);

The issue was fixed in the newer u-boot-2018.03 version, this commit
backports the change to the older version used by ar71xx/ath79.

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[add commit message from PR description]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 13:29:46 +01:00
Andy Walsh
94f6030170 librpc: remove package
* replaced with packages/libtirpc
* remove busybox options rarely used/deprecated
BUSYBOX_CONFIG_FEATURE_MOUNT_NFS
BUSYBOX_CONFIG_FEATURE_INETD_RPC

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2019-01-22 13:29:46 +01:00
Jo-Philipp Wich
1211832977 busybox: handle crypt() errors in loginutils
The crypt(3) function is allowed to fail with either EINVAL or ENOSYS when
the given salt is either invalid or when the requested algorithm is not
implemented.

In such a case, libbb's pw_encrypt() function will silently convert the
crypt() NULL return value into an empty string which is then processed
without further errors by utilities such as chpasswd or passwd, causing
them to set an empty password when an unsupported cipher is requested.

Patch the relevant users of pw_encrypt() to abort in case an empty hash
is returned by pw_encrypt() in order to mitigate the problem.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 12:08:00 +01:00
Jo-Philipp Wich
5d1399788a ncurses: build host libraries with -fPIC
Since readline/host links ncurses/host now, we need to ensure that the
libncursesw.so host library is built with -fPIC.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 11:29:05 +01:00
Michal Hrusecky
74450124f6 build: Optionally provide file checksums in package metadata
This may be useful if you don't entirely trust your flash and want to be able
to check for corruptions.

Signed-off-by: Michal Hrusecky <Michal@Hrusecky.net>
2019-01-22 09:22:25 +01:00
Jeffery To
d13e86d4c2 procd: Add wrapper for uci_validate_section()
This adds a wrapper (uci_load_validate) for uci_validate_section() that
allows callers (through a callback function) to access the values set by
uci_validate_section(), without having to manually declare a
(potentially long) list of local variables.

The callback function receives two arguments when called, the config
section name and the return value of uci_validate_section().

If no callback function is given, then the wrapper exits with the value
returned by uci_validate_section().

This also updates several init scripts to use the new wrapper function.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-01-22 09:05:59 +01:00
Carsten Wolff
2bf22b1fb7 iputils: install ping, ping6, traceroute6 with setuid root
these utilities need to run with uid 0 to be useful. Thus,
install them setuid root like other distros do, too.

Signed-off-by: Carsten Wolff <carsten@wolffcarsten.de>
[use INSTALL_SUID macro]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 09:05:59 +01:00
Matthias Badaire
cf8483cb4f fstools: media change detection (eg:sdcard) using kernel polling
Linux kernel has a polling mechanism that can be activated by changing
the parameter /sys/module/block/parameters/events_dfl_poll_msecs which
is deactivated by default or the /sys/block/[device]/events_poll_msecs
for one device.

This patch set the events_poll_msecs when a disk is inserted.
Once the media disk change event is sent by the kernel then we force a
re-read of the devices using /sbin/block info.

With this patch, insertion and ejection of sd card will automatically
generate partition devices in /dev.

Signed-off-by: Matthias Badaire <mbadaire@gmail.com>
[rewrap commit message, fix bashisms, fix non-matching condition,
 bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 08:49:36 +01:00
Jo-Philipp Wich
5a89eea8e4 ncurses: package only versioned shared objects
Also fix the libxxxw.so* -> libxxx.so* linking to actually work, the
prevsious code failed to properly symlink the versioned .so files.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 08:49:36 +01:00
Daniel Engberg
166b335e6e readline: Update to 8.0 and various fixes
Update (lib)readline to 8.0
Remove autoreconf
Remove blankspace at the end of the lines in description
Remove --enable-shared and --enable-static as they're enabled by default
Remove TARGET_CPPFLAGS
Simplify install sections
Install readline.pc (pkgconfig)
Add patch for linking (lib)ncurses

Source:
https://git.buildroot.net/buildroot/plain/package/readline/0000-curses-link.patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-01-22 08:49:36 +01:00
Peter Wagner
4da73af112 libnetfilter-conntrack: update to 1.0.7
Signed-off-by: Peter Wagner <tripolar@gmx.at>
[split from https://github.com/openwrt/openwrt/pull/1274]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 08:15:41 +01:00
Jo-Philipp Wich
62fbdcaf06 conntrack-tools: relocated to packages feed
In order to prepare the switch from librpc to libtirpc, we need to relocate
conntrack-tools to the packages feed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 08:14:00 +01:00
Felix Fietkau
3ccc0fdd9c mt76: update to the latest version
d273ddd mt7603: fix number of frames limit in .release_buffered_frames
63bf183 mt76: add channel switch announcement support
e45db12 mt7603: fix tx status info
9d11596 mt7603: discard bogus tx status data
4bcb2f9 mt7603: fix txd q_idx field value
4206db7 mt76: set IEEE80211_HW_NEEDS_UNIQUE_STA_ADDR flag
c4e4982 mt7603: set IEEE80211_HW_TX_STATUS_NO_AMPDU_LEN
702f557 mt7603: use maximum tx count for buffered multicast packets
158529d mt7603: fix PSE reset retry sequence
fc31457 mt7603: implement support for SMPS

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-20 19:01:12 +01:00
Felix Fietkau
c8280e6e14 mac80211: add support for indicating missing tx A-MPDU length
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-20 19:01:12 +01:00
Hans Dedecker
351e5516eb nghttp2: bump to 1.36.0
e7e8ee5f Update bash_completion
b3b4e335 Update manual pages
bd93d90a Don't treat text as option if it matches -[0-9]
ea69c84b Bump up version number to 1.36.0
783b649b Update AUTHORS
eb21e6f8 Merge branch 'update-http-parser'
ab2aa567 Fix test failure
ff87a542 Use http-parser 0d0a24e19eb5ba232d2ea8859aba2a7cc6c42bc4
439dbce6 Merge branch 'nghttpx-h1-connection-pool-per-addr'
e9c9838c nghttpx: Pool h1 backend connection per address
803d4ba9 Merge branch 'nghttpx-randomize-roundrobin-order'
732245e5 make clang-format
9e8d5433 Use clang-format-7
fdcdb21c nghttpx: Randomize backend address round robin order per thread
11d0533c nghttpx: Ensure that cert serial does not exceed 20 bytes
dbb5f00d Merge pull request #1287 from rckclmbr/fix_serial_size
9cc412e2 Merge pull request #1285 from staticinvocation/master
5b2efc0a Fix getting long serial numbers for openssl < 1.1
7e4c48a4 Disable shared library if ENABLE_SHARED_LIB is OFF
082e162f Merge pull request #1282 from alagoutte/travis
7cc7c06c .travis(.yml): no longer need llvm-toolchain-trusty-7
12ebeb30 .travis(.yml): Update to Xenial
c78abbe1 Update mruby to 2.0.0
124c7848 nghttpx: Add missing return
ce9667c4 Merge branch 'nghttpx-fix-trailing-slash-handling'
f3f40840 nghttpx: Fix broken trailing slash handling
302abf1b h2load: Fix compile error with gcc
089a03be h2load: Write log file with write(2)
de4fe728 Merge branch 'pyos-master'
d1b3a83f h2load: add an option to write per-request logs
eb679253 Merge branch 'puscas-port_in_use'
6800d317 added access to the number of the current server port
c98362ea Bump up version number to 1.36.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-20 18:16:29 +01:00
Jo-Philipp Wich
e6bcf1e4ac build: add ABI_VERSION to binary package names
Add the ABI_VERSION source makefile variable to the binary package basename
and resolve source dependencies on packages with ABI_VERSION set to such
expanded names.

If for example a package specifies DEPENDS:=libopenssl while the OpenSSL
Makefile specifies ABI_VERSION:=1.0.0, the resulting ipk control data
dependency will be "Depends: libopenssl1.0.0" and the libopenssl ipk file
will be called "libopenssl1.0.0_<version>_<arch>.ipk".

The next time a library such as OpenSSL is updated to an incompatible
version, the ABI_VERSION shall be changed accordingly to prevent opkg from
simply upgrading to an incompatible library without considering the
dependencies of already installed packages.

Also introduce another "SourceName" control field which is required by
the newly introduced "scritps/ipkg-remove" to determine the proper related
.ipk files to delete upon buildroot package clean operations.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-19 14:32:12 +01:00
Jo-Philipp Wich
797e5c1c48 packages: set more explicit ABI_VERSION values
In the case of upstream libraries, set the ABI_VERSION variable to the
soname value of the first version version after the last backwards
incompatible change.

For custom OpenWrt libraries, set the ABI_VERSION to the date of the
last Git commit doing backwards incompatible changes to the source,
such as changing function singatures or dropping exported symbols.

The soname values have been determined by either checking
https://abi-laboratory.pro/index.php?view=tracker or - in the case
of OpenWrt libraries - by carefully reviewing the changes made to
header files thorough the corresponding Git history.

In the future, the ABI_VERSION values must be bumped whenever the
library is updated to an incpompatible version but not with every
package update, in order to reduce the dependency churn in the
binary package repository.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-19 14:31:51 +01:00
Jo-Philipp Wich
1bd18f2b5c opkg: update to latest Git head
This update fixes some cosmetical issues and a number of segmentation
faults when parsing lists having Conflicts or Replaces tags.

d217daf libopkg: fix replacelist parsing and writing
9dd9a07 libopkg: fix segmentation fault when traversing conflicts
34571ba libopkg: consider provided packages in pkg_vec_mark_if_matches()
18740e6 opkg_download: print error when fork() fails
e3d7330 libopkg: don't print unresolved dependencies twice

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-19 14:31:46 +01:00
Rosy Song
27be78ef46 dnsmasq: allow building without tftp server support
It saves 2871 bytes on package size while 4 bytes on memory size.

Signed-off-by: Rosy Song <rosysong@rosinson.com>
2019-01-17 22:07:06 +01:00
Hans Dedecker
76cc766521 odhcpd: fix onlink IA check (FS#2060)
0a36768 dhcpv6-ia: fix compiler warning
1893905 dhcpv6-ia: fix onlink IA check (FS#2060)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-16 23:01:05 +01:00
Kevin Darbyshire-Bryant
7541d30c9c dnsmasq: backport latest pre2.81 patches
f52bb5b fix previous commit
18eac67 Fix entries in /etc/hosts disabling static leases.
f8c77ed Fix removal of DHCP_CLIENT_MAC options from DHCPv6 relay replies.
4bf62f6 Tidy cache_blockdata_free()
9c0d445 Fix e7bfd556c079c8b5e7425aed44abc35925b24043 to actually work.
2896e24 Check for not(DS or DNSKEY) in is_outdated_cname_pointer()
a90f09d Fix crash freeing negative SRV cache entries.
5b99eae Cache SRV records.
2daca52 Fix typo in ra-param man page section.
2c59473 File logic bug in cache-marshalling code. Introduced a couple of commits back.
cc921df Remove nested struct/union in cache records and all_addr.
ab194ed Futher address union tidying.
65a01b7 Tidy address-union handling: move class into explicit argument.
bde4647 Tidy all_addr union, merge log and rcode fields.
e7bfd55 Alter DHCP address selection after DECLINE in consec-addr mode. Avoid offering the same address after a recieving a DECLINE message to stop an infinite protocol loop. This has long been done in default address allocation mode: this adds similar behaviour when allocaing addresses consecutively.

The most relevant fix for openwrt is 18eac67 (& my own local f52bb5b
which fixes a missing bracket silly) To quote the patch:

It is possible for a config entry to have one address family specified by a
dhcp-host directive and the other added from /etc/hosts. This is especially
common on OpenWrt because it uses odhcpd for DHCPv6 and IPv6 leases are
imported into dnsmasq via a hosts file.

To handle this case there need to be separate *_HOSTS flags for IPv4 and IPv6.
Otherwise when the hosts file is reloaded it will clear the CONFIG_ADDR(6) flag
which was set by the dhcp-host directive.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-01-16 15:39:54 +00:00
Hans Dedecker
4029788ff3 odhcpd: update to latest git HEAD (FS#2020)
7abbed4 dhcpv6: add setting to choose IA_NA, IA_PD or both
dd1aefd router: add syslog tracing for skipped routes
0314d58 router: filter route information option
5e99738 router: make announcing DNS info configurable (FS#2020)
1fe77f3 router: check return code of odhcpd_get_interface_dns_addr()
8f49804 config: check for invalid DNS addresses

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-15 14:02:21 +01:00
Kevin Darbyshire-Bryant
6e104c63d6 kmod-sched-cake: bump to latest cake
331ac70 Correctly update parent qlen when splitting GSO packets
581967c Makefile: Hook into Kbuild/Kconfig infrastructure

The parent qlen change is relevant if using cake as a leaf qdisc,
the makefile is a no-op.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-01-14 13:33:49 +00:00
Kevin Darbyshire-Bryant
ba4fe412c4 elfutils: bump to 0.175
4ea9a2db164c Update upload-release.sh script and po files.
a01938d584b9 libelf: Mark both fsize and msize with const attribute.
c338a0541663 libebl: Don't update w, t and len unnecessarily in ebl_object_note_type_name.
422b549007f6 Prepare for 0.175
22ec8efc1dd8 elflint: Allow PT_GNU_EH_FRAME segment to match SHT_X86_64_UNWIND section.
cf10453f8252 libelf: Correctly setup alignment of SHF_COMPRESSED section data.
d3e6266754b9 strip: Also handle gnu compressed debug sections with --reloc-debug-sections
72e30c2e0cb4 Handle GNU Build Attribute ELF Notes.
7a3f6fe60b85 Recognize NT_VERSION notes.
cff53f1784c9 libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and BPF_JSLE
ecbe3120cddb libdwelf: New function dwelf_elf_begin.
4b0342b85b5b backends: Add x86_64 section_type_name for SHT_X86_64_UNWIND.
825e48c4e942 Also find CFI in sections of type SHT_X86_64_UNWIND
4789e0fb92b0 libelf: Explicitly update section data after (de)compression.
1628254ba215 strip: Add --reloc-debug-sections-only option.
f2d59180b90b strip: Extract code to update shdrstrndx into new common function.
f6ae0ab9350e strip: Split out debug section relocation into separate helper functions.
b15ee95bcee4 strip: Always copy over any phdrs if there are any.
e574889d92b1 unstrip: Add ELF_CHECK to make sure gelf_getehdr () doesn't return NULL.
5199e15870e0 Recognize and parse GNU Property notes.
b75ff1bbd060 addr2line: Use elf_getshdrstrndx not Ehdr field to print section name.
35197ea4c43e readelf: Use shstrndx to lookup section names.
9a74c190a2b3 backends: ppc use define instead of const for size of dwarf_regs array.
72d023b35f36 readelf: Make sure readp is smaller than cieend in print_debug_frame_section.
dce0b3b63ba0 readelf: Make sure readp is smaller than cieend in print_debug_frame_section.
1e7c230b277b Check sh_entsize is not zero.
22d2d082d57a size: Handle recursive ELF ar files.
2b16a9be6993 arlib: Check that sh_entsize isn't zero.
4cdb0fd0d3b4 ar: Assume epoch if ar_date is bogus.
577511f66842 findtextrel: Check that sh_entsize isn't zero.
20f9de9b5f70 libdwfl: Sanity check partial core file data reads.
2f4a040fab52 readelf: Handle multiple .debug_macro sections and decode header flag.
eee4269e5315 unstrip: Renumber the group section indexes.
c06ab0bbb476 strip, unstrip: Handle SHT_GROUP correctly.
2876b3b648f6 Handle ADD/SUB relocations
69d6e67eee30 tests: backtrace-dwarf.c improve error handling in test framework.

Originally-produced--by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-01-14 13:32:38 +00:00
Hans Dedecker
7a4075bd10 busybox: fix ALTERNATIVES alphabetical ordering
Commit 3f0eb71dae added ALTERNATIVES for wget but not in correct
alphabetical order; increase PKG_RELEASE as well.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-13 21:45:14 +01:00
Hans Dedecker
055cdab2bb uclient: add ALTERNATIVES for wget
Don't symlink uclient-fetch anymore to /bin/wget but rather use
the ALTERNATIVES support for wget to install it as /usr/bin/wget.
Let uclient-fetch provide wget

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-13 18:27:28 +01:00
Hans Dedecker
3f0eb71dae busybox: add ALTERNATIVES for wget
Busybox wget applet conflicts with the version from uclient.
Fix this by using ALTERNATIVE support for wget in busybox.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-13 18:27:28 +01:00
Hauke Mehrtens
d560deb7f2 uboot-sunxi: Orange Pi Zero Plus: Fix SdCard detection
The Detection pin is at PF6 and not at PH13 like defined before. I
checked the schematics and now I am am not seeing this error message any
more:
Loading Environment from FAT... Card did not respond to voltage select!

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-01-13 17:35:14 +01:00
Zoltan HERPAI
7a53fb40ca uboot-sunxi: disable AXP209 on Olimex A13 Olinuxino
Disable the PMIC on Olimex A13 Olinuxino, as the SPL cannot set the
core voltage correctly, which causes the board to freeze later at
kernel if CPU throttling is enabled (see below). This will almost
certainly kill the VGA output (which requires LDO3 to be set), but
this is still a better option than to disable CPU throttling for
all Cortex-A8 based devices.

[    2.485632] cpufreq: cpufreq_online: CPU0: Running at unlisted freq: 384000 KHz
[    2.525698] cpufreq: cpufreq_online: CPU0: Unlisted initial frequency changed to: 432000 KHz

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2019-01-13 17:35:14 +01:00
Zoltan HERPAI
d605831068 uboot-sunxi: update Theobroma A31 Pangolin support
Drop removed pinctrl definitions from the i2c3 pin layout.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2019-01-13 17:35:14 +01:00
Hauke Mehrtens
95d4c7c24b arm-trusted-firmware-sunxi: Replace with official ARM version
Instead of using a fork of the ARM trusted firmware specifically for the
Allwinner SoCs, use the official version from ARM now, this version
supports the Allwinner SoCs now and the older ATF repository is
deprecated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-01-13 17:35:14 +01:00
Hauke Mehrtens
4ed05b805b uboot-sunxi: Update to version 2018.11
This updates the uboot for the sunxi target to version 2018.11
The removed patches are applied upstream and not needed any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-01-13 17:35:14 +01:00
Hauke Mehrtens
c7102a7699 kernel/modules: Fix build of kmod-pmbus
This fixes two build problems introduced with the recently added new
kernel module package.

Fixes: ed2839ac41 ("kernel/modules: add kmod-pmbus-zl6100 module")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-01-13 13:16:02 +01:00
Pawel Dembicki
ed2839ac41 kernel/modules: add kmod-pmbus-zl6100 module
This patch adds the kmod packaging for the Intersil / Zilker Labs
ZL6100 and compatible digital DC-DC controllers as well as the
core kernel module for the Power Management Bus.

Add:
kmod-pmbus-core
kmod-pmbus-zl6100

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2019-01-13 11:07:37 +01:00
Hauke Mehrtens
bc89690f6e gdb: The signal definitions of musl and gdb collide
This fixes compilation of gdb on arm64.

The kernel defines "struct sigcontext" in asm/sigcontext.h and musl libc
defines it in signal.h, which collides.
Kernel 4.14 misses the definitions of struct user_sve_header so we still
have to use the aarch64-sve-linux-sigcontext.h header file which also
provides that and make sure aarch64-sve-linux-sigcontext.h does not
provide the same headers as the kernel or musl.

Fixes: FS#2040
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-01-12 22:38:50 +01:00
Hauke Mehrtens
6be064c788 bzip2: fix hardening build
Set the LDFLAGS otherwise it will not get the target hardening flags or
any other generic flags provided in the LDFLAGS

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-01-12 22:38:38 +01:00
Daniel Engberg
e4088cb84b cryptodev-linux: Update to 1.10
Update cryptodev-linux to 1.10
Switch from git to codeload generated tarball

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-01-12 19:09:43 +01:00
Felix Fietkau
0e8d5ff0fc mt76: fix typo in version number
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-11 17:23:29 +01:00
Felix Fietkau
c5373a3f0c mt76: update to the latest version
58988a3 mt76: fix signedness of rx status signal field
bce700d mt7603: fix signal strength reporting on single-stream devices
148219d mt7603: fix checkpatch issues
2a092e2 mt7603: fix per-rate retry accounting
962152b mt7603: fix WMM TXOP limit configuration
24ec040 mt7603: fix BSSID configuration in AP mode
48fb011 mt7603: fix CF-End transmit rate when 11b stations are connected
9daa5ff mt76: make const array 'data' static, shrinks object size
7d4a95c mt76: dma: avoid indirect call in mt76_dma_tx_queue_skb
f84b008 mt76: fix tx status reporting for non-probing frames
8167074 Revert "mt7603: update firmware to 20161027164355"
2ad54b2 mt76: move wcid rssi ewma init to mt76 core
d77c861 mt76: fix rssi ewma tracking
eca96cd mt76: use proper name for __MT76x02_H macro
d1bc504 mt76: fix building without CONFIG_LEDS_CLASS
a946b78 mt76: add led support to mt76x0e driver

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-11 17:04:28 +01:00
Hans Dedecker
70ffcb947c odhcp6c: update to latest git HEAD
d2e247d odhcp6c: align further with RFC8415
ce83a23 dhcpv6: avoid parsing unncessary IAs
b079733 dhcpv6: set cnt to correct IOV enum
41494da dhcpv6: get rid of request_prefix
f7437e4 dhcpv6: sanitize option request list

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-11 15:26:06 +01:00
Rafał Miłecki
ef1efa756e samba36: add package with hotplug.d script for auto sharing
The new samba36-hotplug package provides a hotplug.d script for the
"mount" subsystem. It automatically shares every mounted block device.

It works by updating /var/run/config/samba file which:
1) Is read by procd init script
2) Gets wiped on reboot providing a consistent state
3) Can be safely updated without flash wearing or conflicting with user
   changes being made in /etc/config/samba

Cc: Rosy Song <rosysong@rosinson.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-01-10 10:33:40 +01:00
Rafał Miłecki
5a59e2c059 samba36: append config from /var/run/config/ for runtime shares
This will allow automation/hotplug.d scripts to store runtime shares in
the /var/run/config/samba. It's useful e.g. for USB drives that user
wants to be automatically shared.

Using /var/run/config/ provides:
1) Automated cleaning on reboots
   It's important for consistency (to avoid sharing non-existing drives)
2) Safety for user non-commited changes
   Automated scripts should never call "uci [foo] commit" as that could
   flush incomplete config.

Another minor gain is avoiding flash wearing for runtime setup.

Cc: Rosy Song <rosysong@rosinson.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-01-10 10:33:40 +01:00
Rafał Miłecki
adc8b374e3 mac80211: brcmfmac: backport fixes from the 5.0-rc1
This fixes:
1) Getting STA info with newer firmwares
2) Getting DMI / UEFI / OF data
3) Possible memory corruption in firmware loading code

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-01-08 09:17:11 +01:00
Rafał Miłecki
df57d71a1a mac80211: brcmfmac: trivial patches rename to use v5.0
This matches Linus releasing 5.0-rc1 in place of 4.21-rc1.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-01-08 09:17:11 +01:00
Rafał Miłecki
529c95cc15 mac80211: brcmfmac: fix use-after-free & possible NULL pointer dereference
1) Using fwctx variable after brcmf_fw_request_done() was executed meant
   accessing freed memory.
2) Using fwctx->completion for the wait_for_completion_timeout() call
   could reuslt in NULL pointer dereference on fw loading error or if
   brcmf_fw_request_done() was executed quickly enough.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-01-07 17:13:59 +01:00
Koen Vandeputte
2d4f09404d gdb: bump to 8.2.1
PR build/23516 (gdb build error under msys+mingw: strip can't handle gdb-add-index.exe)
PR build/23623 (install-strip fails)
PR rust/23626 (gdb crashes in upstream rust nil-enum test)
PR rust/23650 (rust field name access error mentions "foo")
PR gdb/23663 (gdb 8.1.1: undefined rpl_stat function with musl toolchains)
PR python/23669 (gdb.execute("show commands") doesn't work)
PR python/23714 (Command repetition stops working after gdb.execute)
PR gdb/23838 (8.2 regression for invalid -data-directory)
PR gdb/23974 ("info os" crash when specifying invalid object)
PR gdb/23999 (SYMBOL_LANGUAGE assertion failure on AIX)
PR gdb/24003 (Error when binary searching CUs for a specific DIE when using DWZ)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-01-07 17:09:06 +01:00
Felix Fietkau
488af51f81 mac80211: add ABI_VERSION to fix rebuild of dependent packages after upgrades
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-06 21:48:11 +01:00
David Bauer
634c733065 ipq40xx: copy Fritz4040 UBoot to STAGING_DIR_IMAGE
Copy U-Boot to STAGING_DIR_IMAGE (and append it to the EVA-image from
there) to fix image generation using the image-builder.

Also remove the bootloader from DEVICE_PACKAGES and instead use the
BUILD_DEVICES directive from within the U-Boot makefile.

This fixes eva-image generation using the OpenWRT image-builder.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-01-06 12:26:12 +01:00
Pawel Dembicki
0fbd3d23aa kernel: 4.19: kmod-ptp-gianfar follow upstream changes
This patch deprecates the kmod-ptp-gianfar package and
introduces kmod-ptp-qoriq for 4.19+ in its place. This
has become necessary due to the linux kernel commit
ceefc71d4c05 ("ptp: rework gianfar_ptp as QorIQ common PTP driver")

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [reworded commit]
2019-01-05 22:09:07 +01:00
Daniel F. Dickinson
a54129d8aa busybox: Add ALTERNATIVES for findutils
Currently busybox find and xargs conflict with the versions from
findutils package.  Fix this by using ALTERNATIVES in busybox
and the related findutils (from packages feed) commit.

The conflict is due to the binaries being in the the same place
in rootfs and opkg not being happy about that.

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-01-03 22:24:10 +01:00
Petr Štetiar
08ef53d2fb kernel: Fix kmod-w1 dependency on hwmon-core for 4.19
kmod-w1 depends on kmod-hwmon-core since Linux 4.14

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-01-03 18:05:47 +01:00
Petr Štetiar
9d11726d6c kernel: Fix rtc-ds1307 dependency on hwmon-core for 4.19
It seems, that since Linux 4.18-rc1 rtc-ds1307 depends on hwmon-core.

 commit 6b583a64fd1e019fd01626b46892ebf2361951c5
 Author: Heiner Kallweit <hkallweit1@gmail.com>
 Date:   Wed Sep 27 22:41:26 2017 +0200

    rtc: ds1307: simplify hwmon config

    We don't have to define an extra config symbol, IS_REACHABLE does
    what we need. And having this config symbol just to save the few
    bytes of hwmon support on non-DS3231 chips isn't worth it IMO
    (especially as the symbol is set per default).

While at it, use the same dependency check for `kmod-regmap` as well, so
it's future proof as well.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-01-03 18:05:47 +01:00
Hans Dedecker
fd5f0606fd firewall: update to latest git HEAD
70f8785 zones: add zone identifying local traffic in raw OUTPUT chain
6920de7 utils: Free args in __fw3_command_pipe()
6ba9105 options: redirects: Fix possible buffer overflows

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-03 17:09:51 +01:00
shanpo
15f6351ea3 uboot-envtools: Add domywifi dw33d support
Signed-off-by: shanpo <jwdsccd@gmail.com>
2019-01-02 22:24:52 +01:00
Ibrahim Tachijian
eb054714b0 uboot-envtools: ipq40xx: Configuration for GL.iNet GL-B1300
This commit adds the nescessary settings to allow reading the uboot environment variables on the GL.iNet GL-B1300 board.

Signed-off-by: Ibrahim Tachijian <barhom@netsat.se>
2019-01-02 22:24:49 +01:00
Hauke Mehrtens
99956528df hostapd: update to version 2018-12-02 (2.7)
This updates hostapd to version the git version from 2018-12-02 which
matches the 2.7 release.

The removed patches were are already available in the upstream code, one
additional backport is needed to fix a compile problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-01-02 15:47:13 +01:00
Rafał Miłecki
5c4277ec37 fstools: update to the latest master branch
This is a big block(d) cleanup with new feature of generating "mount"
hotplug.d events.

It's an important update for those who were using mountd in the
pre-18.06 releases. Due to the mountd being replaced with blockd a
support for "mountd" hotplug.d events has been lost. It broke all kind
of shell scripts that were e.g. managing services depending on an
external USB drive availability.

This basically (re-)adds support for calling /etc/hotplug.d/mount/
scripts with ACTION ("add" or "remove") and DEVICE set.

af93f4b block(d): improve hotplug.d "mount" events for the autofs
3bb3352 blockd: unmount device explicitly when it disappears
28753b3 block: remove target directory after unmounting
c8c7ca5 block: cleanup handling "start" action of the "autofs" command
f1bb762 block: make blockd_notify() return an int instead of void
71c2bde block: generate hotplug.d mount events
30f5096 block: validate amount of arguments for the "autofs" command
dc6a462 blockd: don't reparse blob msg in the vlist callbacks
f6a9686 blockd: don't unmount device when removing it from the list
1913fea block: don't duplicate unmounting code in the mount_action()
6b445fa block: make umount_device() function more generic
a778468 block: don't duplicate mounting code in the mount_device()
5dc631d block: simplify code picking mount target directory
2971779 block: move blockd_notify() call out of the conditional blocks
b86bd6e block: fix formatting & indent in the mount_device()
e12c0d6 fstools: use EXIT_FAILURE when indicating error on exit
091aa3d fstools: guard usage of WEXITSTATUS

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-01-02 07:21:39 +01:00
INAGAKI Hiroshi
7e9b93fb1b base-files: allow non-standard rootfs volume name in UBI in sysupgrade
This commit allows to use non-standard UBI volume name as the rootfs
volume in sysupgrade.

ex.:
  The U-Boot on Buffalo WXR-2533DHP checks existence and checksum of
  "ubi_rootfs" volume when booting, so this name is required.

OpenWrt currently provides several patches:

490-ubi-auto-attach-mtd-device-named-ubi-or-data-on-boot.patch
491-ubi-auto-create-ubiblock-device-for-rootfs.patch
492-try-auto-mounting-ubi0-rootfs-in-init-do_mounts.c.patch

to facilitate ubi rootfs automount. However the upstream kernel
also supports the means of booting from a fully custom ubi
partition name and ubi volume name via bootargs/kernel's cmdline
parameters:

ubi.mtd=mtd_partition_name
ubi.block=rootfs_volume_name
root=/dev/ubiblock$X_$Y

For more information and examples visit the wiki over at linux-mtd:
<http://www.linux-mtd.infradead.org/faq/ubifs.html>
<http://www.linux-mtd.infradead.org/doc/ubi.html>

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [reworded commit]
2019-01-01 16:38:20 +01:00
Hannu Nyman
9b9274342c busybox: update to 1.30.0
Update busybox to 1.30.0.
Refresh patches.
Leave new features disabled by default.

Config refreshed via:

  cd package/utils/busybox/config/
  ../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-1.30.0

  make package/busybox/compile

  cd package/utils/busybox
  ./convert_defaults.pl < ../../../build_dir/target-arm_cortex-a15+neon-vfpv4_musl_eabi/busybox-1.30.0/.config > Config-defaults.in

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2019-01-01 14:10:47 +01:00
Paul Wassi
6e78d546d1 ath79: fix boardname of GL.iNet GL-AR300M
This device is called GL-AR300M, therefore rename the board(s)
to 'gl-ar300m-nor' and 'gl-ar300m-nand'

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
[change boardname in uboot envtools as well, don't use wildcards for
boardname]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-12-31 14:24:21 +01:00
Mathias Kresin
213c0e78fa iwinfo: fix PKG_MIRROR_HASH
The PKG_MIRROR_HASH was for some reason wrong.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-12-30 20:33:49 +01:00
Jonas Gorski
d3bf5ff9bc opkg: drop argument from check_signature in opkg.conf
check_signature is a bool option and doesn't take any arguments. The
presence of the 1 falsely suggests setting it to 0 disables the check,
while the option actually needs to be removed or commented out to be
disabled. So remove the argument to make it more clear.

Fixes: beca028bd6 ("build: add integration for managing opkg package feed keys")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2018-12-30 13:25:58 +01:00
Hans Dedecker
d405edb481 omcproxy: optimize interface triggers
Before installing an interface triggger check if an interface
trigger for the interface is already in place.
This avoids installing identical interface triggers for a given
interface

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-29 16:08:31 +01:00
David Santamaría Rogado
df8f8bad08 omcproxy: fix installation of interface triggers (FS#1972)
omcproxy will not start up if either the downlink or uplink interface is
not up at boottime as the interface triggers are not correctly
installed.

Further rework omcproxy init to make use of network functions defined
in network.sh; set proper family and proto options in procd firewall
rules.

Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-29 16:07:51 +01:00
Mathias Kresin
a5030f8b10 iwinfo: update to latest git
dd508af iwinfo: fix QCA9984 vendor id
0eaabf1 iwinfo: add device id for Atheros AR9287
6e998ec iwinfo: add device id for MediaTek MT7612E
5aa8c54 libiwinfo: nl80211: add mesh stats on assoclist.
77a9e98 iwinfo: Add Mikrotik R11e-2HPnD and R11e-5HacT to hardware list

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-12-29 12:35:47 +01:00
Rafał Miłecki
ae622c93b3 Revert "samba36: add hotplug support"
This reverts commit fd569e5e9d.

After an extra review & discussion few concerns were raised regarding
that feature:
1) It reacts to hotplug.d "block" events instead of more accurate (but
   currently unavailable) "mount" events.
2) It requires *something* to mount block device before samba hotplug.d
   gets fired. Otherwise samba_add_section() will just return.
3) It doesn't reload Samba which some users may expect
4) It operates on /etc/ which is not a right place for autogenerated
   ephemeral config.
5) It doesn't include any cleanup for non-existing shares.

Cc: Rosy Song <rosysong@rosinson.com>
Cc: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-12-28 23:09:38 +01:00
Felix Fietkau
3c899aaf11 mt76: update to the latest version
417ab77 mt7603: improve recovery from PSE reset failure
fea7ad8 mt76: move mt76x02_phy_get_min_avg_rssi to mt76 core
9d009be mt7603: add dynamic sensitivity tuning based on false CCA events
2c8e9ac mt7603: initialize channel maximum power from eeprom data
b2cc29b mt76: move mt76x02_get_txpower to mt76 core
6203d46 mt7603: add support for setting transmit power
294e095 mt7603: reset DMA scheduler on MT7628
8178f0d mt7603: apply efuse data only when it exists
e67e551 mt76: dma: remove napi from mt76_dma_rx_fill signature
0490bd2 mt76: usb: do not build the skb if reported len does not fit in buf_size
eb076ae mt76: Add missing include of linux/module.h
1d2819e mt76: fix typo in mt76x02_check_mac_err routine
9c9fae3 mt76: mac: run mt76x02_mac_work routine atomically
6be90b6 mt76: usb: avoid queue/status spinlocks while passing tx status to mac80211
40dad32 mt76x0: pci: fix ACS support
d94e9c4 mt76x02: do not set protection on set_rts_threshold callback
0d83d73 mt76x02: fixup MT_PROT_RATE_* defines
628f8d7 mt76x02: set protection according to ht operation element
f7d8c17 mt76x0: configure MT_VHT_HT_FBK_CFG1
10f57cf mt76x2: add static qualifier to mt76x2_init_hardware
37b2ad3 mt76: dfs: run mt76x02_dfs_set_domain atomically
51b6daf mt76x2: init: set default value for MT_TX_LINK_CFG
9661da4 mt76: add energy detect CCA support to mt76x{0,2}e drivers
876d0e9 mt76: mac: minor optimizations in mt76x02_mac_tx_rate_val
c78e317 mt76: dma: do not build skb if reported len does not fit in buf_size
3598046 mt76: mmio: introduce mt76x02_check_tx_hang watchdog

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-12-28 16:20:56 +01:00
Stijn Tintel
c5b89abe2a lldpd: consolidate CONFIGURE_VARS
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-28 12:19:32 +02:00
Robert Marko
c9f6116fd0 kernel: modules: usb: Add DWC3 Qualcomm kmod
Since kernel 4.18 support for Qualcomm glue layer was
moved from DWC3 OF Simple to a separate DWC3 QCOM module.
So lets add it and make it depend on 4.19 kernel and make
sure that DWC3 OF Simple is not included if 4.19 is used.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2018-12-27 14:06:38 +01:00
Robert Marko
d0bf8f4fd6 ath10k-ct: Update to 2018-12-20
This version removes a lot of unusefull warnings that would quickly overflow the dmesg.
Warnings like this:
ath10k_ahb a800000.wifi: Invalid legacy rate 26 peer stats
ath10k_ahb a000000.wifi: Invalid VHT mcs 15 peer stats
On this version I only had 2 warnings at all.
Tested on 8devices Jalapeno.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2018-12-24 19:18:07 +01:00
Daniel Engberg
9a37c95431 wireguard: Update to snapshot 0.0.20181218
Update WireGuard to 0.0.20181218

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-12-24 12:58:22 +01:00
Deng Qingfang
0babdf2d2b curl: bump to 7.63.0
Refresh patches, for changes in version 7.63.0 see https://curl.haxx.se/changes.html#7_63_0

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2018-12-24 09:46:06 +01:00
Daniel F. Dickinson
8d2a9e8027 ath9k: Avoid OF no-eeprom quirks when no qca,no-eeprom
Based on the process of discovery in
https://github.com/openwrt/openwrt/pull/1613, it has become clear
that (at least) the PowerCloud System CR5000 was unable to get
working 5GHz wireless (PCIe) because AH_USE_EEPROM was unconditionally
masked out, not only when qca,noeeprom was in the DTS.

This patch moves mask AH_USE_EEPROM into the if ... qca,noeeprom
OF test.

Thanks to Christian Lampartar (@chunkeey) for the heavy lifting and help.

Patch has been prepared for upstream and will be submitted after review
by @chunkeey and @xdarklight.

Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
2018-12-22 15:08:24 +01:00
Hans Dedecker
f36bc3f9b1 odhcpd: use PKG_VERSION default value
Instrad of defining PKG_VERSION in the Makefile use the PKG_VERSION
default value

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-21 18:30:01 +01:00
Christian Lamparter
a8bae35914 elfutils: fix gcc 8.0+ multistatement macros warning/error
GCC 8.0+ <https://gcc.gnu.org/gcc-8/changes.html> introduces a new
warning about unsafe macros expanding to multiple statements used
as a body of a statement such as if, else, while, switch, or for.

In combination with -Werror this can cause the compilation to fail:

|In file included from xmalloc.c:37:
|xmalloc.c: In function 'xmalloc':
|system.h:39:2: error: macro expands to multiple statements [-Werror=multistatement-macros]
|  fflush(stdout); \
|  ^~~~~~
|xmalloc.c:52:5: note: in expansion of macro 'error'
|     error (EXIT_FAILURE, 0, _("memory exhausted"));
|     ^~~~~
|xmalloc.c:51:3: note: some parts of macro expansion are not guarded by this 'if' clause
|   if (p == NULL)
|   ^~

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-12-20 19:21:42 +01:00
Hans Dedecker
9b8ea3623b odhcpd: add PKG_VERSION again
Fixes commit 63d0752ca8

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-20 16:50:08 +01:00
Hans Dedecker
63d0752ca8 odhcpd: update to latest git HEAD
2d2a3b8 odhcpd: switch to libubox container_of implementation
2a71c1e treewide: switch to libubox ARRAY_SIZE immplementation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-20 15:43:31 +01:00
Koen Vandeputte
4b60ea236e mac80211: backport upstream fixes
d350a0f43118 nl80211: fix memory leak if validate_pae_over_nl80211() fails
a50e5fb8db83 mac80211: fix a kernel panic when TXing after TXQ teardown

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-20 14:03:39 +01:00
Jo-Philipp Wich
62e4395ac7 mwlwifi: update to version 10.3.8.0-20181210
67ce93e Fix compile error on kernel 4.15+
c1345bb Change driver version to 10.3.8.0-20181210.
9cb815b Upgrade 88W8997 firmware to 8.4.4.6.
433fc6d Fix non-backport use of nla_parse before 4.12.0
3b36e21 Use wiphy_to_ieee80211_hw() instead of wiphy_priv()
97ebcfa Change driver version to 10.3.8.0-20181120.
f000953 Upgrade 88W8997 firmware to 8.4.4.4.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-20 11:33:49 +01:00
Jo-Philipp Wich
c0248183a4 ath10k-firmware: update Candela Tech firmware images
- Removed an assert from wave-1 firmware images
 - Fix three recently reported firmware crashes in wave-2 images

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-20 09:23:45 +01:00
Jo-Philipp Wich
de7ae9a0ef iproute2: require nls infrastructure due to libelf linking
Depending on the global nls support configuration in the buildroot, the
linked libelf.so library might depend on libintl.so.

Import the nls.mk helper to set library prefixes and flags accordingly
in this case.

Ref: https://github.com/openwrt/packages/issues/7728#issuecomment-448760140
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-20 08:13:24 +01:00
Jo-Philipp Wich
f2c6e2c385 elfutils: produce correct libelf.pc file when building with full nls
When building with full lagnuage support, libelf.so will depend on and
link with libintl.so so we need to change the pkg-config template to
reflect this library dependency.

Also change the Makefile to only pass --disable-nls to configure when
the full nls support is actually disabled in the buildroot config.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-20 08:13:24 +01:00
Jo-Philipp Wich
386803a006 iproute2: only link libelf where needed
The iproute2 build system links libelf support to every utility while only
the tc program actually requires libelf specific functionality.

Unfortunately the BPF ELF functionality is not confined into an own
compilation unit but added to the existing bpf.c sources of the shared
static libutil.a, causing every iproute2 applet to pick up an implicit
libelf.so dependency.

In order to avoid this requirement, patch the iproute2 build system to
create both a libutil.a and a libutil-elf.a, with the former being built
without libelf functionality and to only link the tc applet with the libelf
enabled libutil.

Finally, make the tc package depend on libelf to solve compilation errors.

Ref: https://github.com/openwrt/packages/issues/7728
Fixes: FS#2011
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-19 10:50:02 +01:00
Tony Ambardar
4b4e6a04ac elfutils: install library files for pkg-config
Support other packages using pkg-config to query existence and details of
libelf and libdw libraries at build time.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-12-19 10:49:57 +01:00
Tony Ambardar
10a2ccb7fc base-files: install missing /etc/iproute2/ematch_map
This file is needed to properly use the tc ematch modules present in
kmod-sched-core and kmod-sched. It is a read-only index file of ematch
methods used only by tc.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-12-19 07:33:35 +01:00
Stijn Tintel
b209e2b3b0 ubox: bump to git HEAD
876c7f5 kmodloader: load_modprobe: abort after 2 attempts

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-18 23:17:39 +02:00
Biwen Li
328530c6e7 layerscape: add LS1021AIOT board support
The LS1021A-IoT gateway reference design based on the
QorIQ LS1021A processor is a purpose-built, small
footprint hardware platform with a wide array of
high-speed connectivity and low-speed serial interfaces
to support secure delivery of IoT services for home,
business or other commercial location.

- Combines standards-based, open source software with a
  feature-rich IoT gateway design to establish a common,
  open framework for secured IoT service delivery and
  management.

- Provides a wide assortment of high-speed and serial-based
  connectivity in a compact, highly secure design.

- High efficiency through the use of the Arm-based QorIQ
  LS1021A embedded processor.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Signed-off-by: Biwen Li <biwen.li@nxp.com>
2018-12-18 20:17:23 +01:00
Petr Štetiar
11945174cf kernel: Fix usb-chipidea dependency on ulpi.ko for 4.19
It seems, that since Linux 4.18-rc2 ci_hdrc depends on ulpi.

 commit a930d8bd94d8db7715d1af74299f710b1fb22fc8
 Author: Fabio Estevam <fabio.estevam@nxp.com>
 Date:   Wed Jul 4 10:09:58 2018 -0300

    usb: chipidea: Always build ULPI code

    Commit 03e6275ae381 ("usb: chipidea: Fix ULPI on imx51") causes a kernel
    hang on imx51 systems that use the ULPI interface and do not select the
    CONFIG_USB_CHIPIDEA_ULPI option.

    In order to avoid such potential misuse, let's always build the
    chipidea ULPI code into the final ci_hdrc object.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2018-12-18 20:17:22 +01:00
Michael Heimpold
c1c14c9e56 uboot-envtools: fix configuration for I2SE Duckbills
After changing board names to DT compat string, we also need to
adjust the script which generates uboot-env configuration files.

Fixes: e880a30549 ("mxs: use generic sysinfo board detection")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2018-12-18 20:17:22 +01:00
Stefan Lippers-Hollmann
02b5efe1fa uboot-envtools: ath79: add support for the Buffalo BHR-4GRV2
According to https://github.com/openwrt/openwrt/pull/1527, support
for the Buffalo BHR-4GRV2 in ath79 requires repartitioning from
an initramfs image, make this easier by supporting uboot-envtools
support out of the box.

Build tested, but not runtime tested.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2018-12-18 20:17:16 +01:00
Stefan Lippers-Hollmann
4200dae367 uboot-envtools: ath79: add support for the Buffalo WZR-HP-AG300H
Port support for the Buffalo WZR-HP-AG300H from the ar71xx target to
ath79 as well.

Build- and runtime tested on the Buffalo WZR-HP-AG300H.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2018-12-18 20:17:09 +01:00
Hans Dedecker
83109450ce dropbear: fix dropbear startup issue
Interface triggers are installed by the dropbear init script in case an
interface is configured for a given dropbear uci section.
As dropbear is started after network the interface trigger event can be
missed during a small window; this is especially the case if lan is
specified as interface.
Fix this by starting dropbear before network so no interface trigger
is missed. As dropbear is started earlier than netifd add a boot function
to avoid the usage of network.sh functions as call to such functions will
fail at boottime.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 19:43:22 +01:00
Syrone Wong
6263a9baa3 ipset: update to 7.1
Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
2018-12-17 21:57:22 +01:00
Kevin Darbyshire-Bryant
3f7de917be netifd: fix ipv6 multicast check in previous commit
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-12-17 19:05:07 +00:00
Rafał Miłecki
fa211623d0 linux-firmware: broadcom: package 4366C0 FullMAC firmware
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-12-17 12:51:00 +01:00
Rafał Miłecki
8b4f6a1d2a linux-firmware: update to the commit from 2018-12-16
It includes e.g. new Broadcom FullMAC firmwares for 4366B1 and 4366C0.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-12-17 11:42:45 +01:00
Kevin Darbyshire-Bryant
d112d095a9 netifd: support configuring class e 240.0.0.0/4 addresses
cd089c5 proto: Support class-e addressing in netifd

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-12-17 09:27:53 +00:00
Hauke Mehrtens
201058b35c base-files: Fix netdev led trigger
In the upstream netdev led trigger the one mode file was replaced by 3
files named rx, tx and link. Fix the netdev trigger configuration code
to use the modified API.

Fixes: aa3b6a08c5 ("kernel: Replace ledtrig-netdev with upstream backport")
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-16 20:11:44 +01:00
Hans Dedecker
3262fce1cd omcproxy: use PROJECT_GIT in PKG_SOURCE_URL
Switch PKG_SOURCE_URL to git.openwrt.org

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-16 19:23:36 +01:00
Kevin Darbyshire-Bryant
d6c6d1c7a7 Revert "elfutils: install library files for pkg-config"
This reverts commit 216397b812.

Due to:

Package ip-tiny is missing dependencies for the following libraries:
libelf.so.1
Makefile:187: recipe for target '/var/lib/buildbot/slaves/slave-lede-builds4/mips_24kc/build/sdk/bin/packages/mips_24kc/base/ip-tiny_4.19.0-6_mips_24kc.ipk' failed

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-12-16 17:20:16 +00:00
Hans Dedecker
0074a5e67e omcproxy: switch to OpenWrt github repo
Switch to OpenWrt github repo in PKG_SOURCE_URL so we can
remove the out of tree patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-16 18:09:23 +01:00
Hauke Mehrtens
835947ce64 hostapd: Make eapol-test depend on libubus
The eapol-test application also uses the code with the newly activated
ubus support, add the missing dependency.

Fixes: f5753aae23 ("hostapd: add support for WPS pushbutton station")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-16 14:25:41 +01:00
Hauke Mehrtens
9e7c4702a1 mbedtls: fix compilation on ARM < 6
mbedtls uses some instructions introduced in ARMv6 which are not
available in older architectures.

Fixes: 3f7dd06fd8 ("mbedtls: Update to 2.14.1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-16 14:03:06 +01:00
Roman Bazalevsky
f332ae3c43 kernel/modules: HMC5843 3D-compass kernel module support enabled.
Signed-off-by: Roman Bazalevsky <rvb@rvb.name>
2018-12-16 00:57:20 +01:00
Daniel Engberg
3f7dd06fd8 mbedtls: Update to 2.14.1
Update mbedtls to 2.14.1

This fixes:
* CVE-2018-19608: Local timing attack on RSA decryption

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[Update to 2.14.1]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-16 00:57:20 +01:00
Brett Mastbergen
2b6eab507a netfilter: Add fib support for nftables
Signed-off-by: Brett Mastbergen <bmastbergen@untangle.com>
2018-12-16 00:57:20 +01:00
Deng Qingfang
b88ce25e81 mt76: fix dependencies
Only MT76x0U needs kmod-mt76x02-usb

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2018-12-16 00:57:20 +01:00
Rosen Penev
1e98d985bb swconfig: Add missing include
Fixes these warnings:

swlib.c:455:18: warning: implicit declaration of function 'isspace'
swlib.c:461:9: warning: implicit declaration of function 'isdigit'

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-12-16 00:57:19 +01:00
Rosen Penev
d2b16a59d5 f2fs-tools: Update to 1.12.0
Added two upstream mailing list patches that fix behavior under big endian
systems. Issue was present since version 1.11.0.

Tested on Turris Omnia.

Original discussion: https://github.com/openwrt/openwrt/pull/1575

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-12-16 00:57:19 +01:00
Ben Greear
d8f861f408 rtl8812au: Add out-of-tree driver.
Use a forked version of the rtl8812au driver that works better
with OpenWRT (fix compile bugs, fix phy MAC address, etc)

Signed-off-by: Ben Greear <greearb@candelatech.com>
[update to 2018-11-16, replace rtw_byteorder.h, rename folder]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-16 00:57:19 +01:00
Eneas U de Queiroz
cb4d00d184 omcproxy: fix compilation on little-endian CPUs
Don't use cpu_to_be32 outside of a function.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-12-16 00:57:19 +01:00
Michael Yartys
cc5c63f217 ath10k-firmware: update all CT firmware variants
Wave-1 firmware (988x, 9887): bug fixes
Wave-2 firmware (4019, 9888, 99x0, 9984): fix protected management frames, rate-ctrl fixes, and performance improvements

Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
2018-12-15 15:25:24 +01:00
Hauke Mehrtens
4df3c71cd4 ath10k-ct: Update to 2018-12-11 and use version based on 4.19
This updates the ath10k-ct driver to the version from 2018-12-11 and
selects the ath10k-ct version based on kernel 4.19 by default.

CONFIG_ATH10K_CE was introduced between kernel 4.16 and 4.19 and is a
mandatory option.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 15:25:23 +01:00
Hauke Mehrtens
fbaf48387e kernel: netfilter: chain filters merged into nf_tables.ko
In mainline kernel commit 02c7b25e5f5 ("netfilter: nf_tables: build-in
filter chain type") all chain filters were merged into one file and into
one kernel module to save some memory. The code protected by these
configuration options CONFIG_NF_TABLES_BRIDGE, CONFIG_NF_TABLES_IPV4,
CONFIG_NF_TABLES_ARP, CONFIG_NF_TABLES_IPV6, CONFIG_NF_TABLES_NETDEV and
CONFIG_NF_TABLES_INET was merged into the nft_chain_filter.c file which
is now always compiled into the nf_tables.ko file.

This only happened in kernel 4.19 and OpenWrt has to select these as
modules in older kennel versions. Mark them as build-in in the kernel
4.19 specific kernel configuration file which will then not be
overwritten by the package specific settings which try to make them
modular again.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
4c9df2aa08 kernel: tg3: Do not depend on kmod-hwmon-core on kernel 4.19
Like on kernel 4.14 this dependency is deactivated in OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
31abe08331 kernel: Add missing dependency to kmod-regmap
Like on kernel 4.14 some kernel modules depend now on regmap.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:50 +01:00
Hauke Mehrtens
7eabe0e433 kernel: Make video-gspca-core depend on vidobuf2
This new dependency is needed for kernel 4.19.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:49 +01:00
Hauke Mehrtens
edc4da5da1 kernel: Always activate CONFIG_HW_RANDOM_TPM
CONFIG_HW_RANDOM_TPM does not activate a separate kernel module any
more, but it only activates the random code in the tpm.ko.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:49 +01:00
Hauke Mehrtens
c8f85a866b kernel: Make kmod-mpls depend on iptunnel in kernel 4.19
This new dependency is needed with kernel 4.19.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:49 +01:00
Hauke Mehrtens
59065da634 kernel: Adapt to move of autofs4 in kernel 4.19
autofs4 is now in the fs/autofs/ folder in kernel 4.19

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:49 +01:00
Hauke Mehrtens
b688ec6433 kernel: Adapt to new location of video-videobuf2 in kernel 4.19
The video-videobuf2 kernel modules were moved to a new folder in kernel
4.19. videobuf2-v4l2.ko is only available since kernel 4.4, blacklist
this kmod completely on kernel 3.18.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:49 +01:00
Hauke Mehrtens
f125706596 kernel: Add dependencies for kernel 4.19
These dependencies are needed on kernel 4.14 and kernel 4.19.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:49 +01:00
Hauke Mehrtens
6505b084cb kernel: Use crypto_simd.ko instead of lrw.ko for x86
The x86 optimized cryptographic algorithm kernel modules now mostly use
crypto_simd.ko instead of lrw.ko in kernel 4.19. Add the new module to
the kmod-crypto-misc package.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:49 +01:00
Hauke Mehrtens
5f67559b42 kernel: Remove crypto/ablk_helper.ko on kernel 4.19
This module was removed in kernel 4.17, all users are refactored to not
need this any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:49 +01:00
Hauke Mehrtens
35e0f600d8 kernel: extract asn1_decoder.ko
The asn1_decoder.ko module is needed by the kmod-nf-nathelper-extra
package in kernel 4.19, extract it and add the missing dependencies.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:49 +01:00
Hauke Mehrtens
36bf45ff4a kernel: add missing dependency to kmod-crypto-acompress
Like kernel on 4.14 some modules need the dependency to
kmod-crypto-acompress on kernel 4.19.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:49 +01:00
Hauke Mehrtens
583d65ebfe kernel: Adapt to moved kvaser_usb.ko in kernel 4.19
In kernel 4.19 the kvaser_usb.ko file moved into its own directory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:48 +01:00
Hauke Mehrtens
4ff4411031 kernel: Use kmod-dax on kernel 4.19
Like on kernel 4.14 kmod-dax is needed by kmod-dm also in kernel 4.19.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:48 +01:00
Hauke Mehrtens
6ca336479d i2c-gpio-custom: Adapt to moved include file
The i2c-gpio.h file was moved in kernel 4.18.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:48 +01:00
Hauke Mehrtens
a116b8e0b6 kernel: Deactivate *-gpio-custom drivers for 4.19
Kernel interface changed with kernel 4.19, it does not accept raw GPIO
numbers any more. Deactivate these drivers on kernel 4.19 for now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:48 +01:00
Hauke Mehrtens
7ffa42246b kernel: Add kmod-phy-realtek
The r8169 driver uses the phy lib with the realtek phy driver in kernel
4.19 instead of integrating the phy driver into the mac driver.
Add the new phy driver and add this missing dependency.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 14:28:48 +01:00
Hauke Mehrtens
aa3b6a08c5 kernel: Replace ledtrig-netdev with upstream backport
The ledtrig-netdev was added to upstream Linux kernel 4.16, replace our
own version with the patch based on the upstream version.
This will remove the ledtrig-netdev support from kernel 3.18, because I
not want to spend time on backporting it to 3.18. This will make it
easier to use the upstream version with kernel 4.19, by just not
applying this patch.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-15 12:50:06 +01:00
Hans Dedecker
a6f9e3b608 nghttp2: bump to 1.35.1
63843750 Update manual pages
27801e98 Bump up version number to 1.35.1
60e020a8 nghttpx: Fix broken trailing slash handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-15 12:30:02 +01:00
Kevin Darbyshire-Bryant
9048b22e67 dnsmasq: Fix dhcp-boot, dhcp-reply-delay and pxe-prompt regressions
The above options were incorrectly changed to required tags.  Make them
optional again.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-12-14 17:51:42 +00:00
Hans Dedecker
6ff27cf0f5 iproute2: backport patch fixing incorrect usage of LDFLAGS
Backport upstream patch fixing incorrect passing of -lxtables to
LDFLAGS instead of LDLIBS in the tc/Makefile

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-14 09:57:15 +01:00
Hans Dedecker
81bb9189e4 netifd: update to latest git HEAD
1ac1c78 system-linux: get rid of SIOCSDEVPRIVATE

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-13 22:05:40 +01:00
Hauke Mehrtens
ac5a6acbb1 mac80211: Update to version 4.19.7-1
This updates the backports package used in mac80211 to version 4.19.7-1
which is based on kernel 4.19.7. This integrates all the stable fixes
introduces in this kernel version.

The deleted patches are not needed any more because they are either
included in the upstream Linux kernel 4.19.7 or in backports 4.19.7-1.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-12-13 21:33:31 +01:00
Stijn Tintel
bcb8592353 kmod-dma-buf: fix build with external kernel
In hack/904-debloat_dma_buf.patch, DMA_SHARED_BUFFER is changed from
bool to tristate. As this patch is not applied to external kernel
sources, build fails if kmod-dma-buf is enabled. Fix this by only
including the module file if CONFIG_EXTERNAL_KERNEL_TREE and
CONFIG_KERNEL_GIT_CLONE_URI are not enabled.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-12 22:15:11 +02:00
Martin Schiller
3850b41f01 openvpn: re-add option comp_lzo
This option is deprecated but needs to be kept for backward compatibility. [0]

[0] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#a--comp-lzo

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2018-12-12 17:15:01 +01:00
Jo-Philipp Wich
e533fb1706 rpcd: update to latest Git head
3aa81d0 file: access exec timeout via daemon ops structure
7235f34 plugin: store pointer to exec timeout value in the ops structure
ccd7c0a treewide: rename exec_timeout to rpc_exec_timeout

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-12 16:33:54 +01:00
Kevin Darbyshire-Bryant
ad8a5aa06a dnsmasq: fix ipv6 ipset bug
During upstream removal of conditional ipv6 support an order swap error
was made in a ternary operator usage.

This patch sent upstream.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-12-12 11:54:49 +00:00
Hans Dedecker
1ff98ddff7 iproute2: backport upstream patch to fix print_0xhex on 32 bit
The argument to print_0xhex is converted to unsigned long long
so the format string give for normal printout has to be some
variant of %llx. Backport the patch as otherwise, bogus values
will be printed on 32 bit platforms.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-12 12:38:54 +01:00
Mathias Kresin
d35f2a5565 ath9k: register GPIO chip for OF targets
This partitialy reverts commit ccab68f2d3.

Registering the GPIO chip without a parent device completely breaks the
ath9k GPIOs for device tree targets.

As long as boards using the devicetree don't have the gpio-controller
property set for the ath9k node, the unloading of the driver works as
expected.

Register the GPIO chip with the ath9k device as parent only for OF
targets to find a trade-off between the needs of driver developers and
the broken LEDs and buttons seen by users.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-12-12 12:28:26 +01:00
Mathias Kresin
8e40fbff0b ramips: drop support for ALLNET ALL0239-3G and Sitecom WL-341 v3
Beside one exception, no one took care of these two remaining boards
still using the legacy image build code during the last two years.

Since OpenWrt 14.07 the ALLNET ALL0239-3G image building is broken.

The Sitecom WL-341 v3 image build code looks pretty hackish and broken.
It's questionable if the legacy image works as all.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-12-12 11:01:59 +01:00
Tony Ambardar
216397b812 elfutils: install library files for pkg-config
Support other packages using pkg-config to query existence and details of
libelf and libdw libraries at build time.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-12-12 09:44:32 +00:00
Daniel Golle
f5753aae23 hostapd: add support for WPS pushbutton station
similar to hostapd, also add a ubus interface for wpa_supplicant
which will allow handling WPS push-button just as it works for hostapd.
In order to have wpa_supplicant running without any network
configuration (so you can use it to retrieve credentials via WPS),
configure wifi-iface in /etc/config/wireless:

  config wifi-iface 'default_radio0'
      option device 'radio0'
      option network 'wwan'
      option mode 'sta'
      option encryption 'wps'

This section will automatically be edited if credentials have
successfully been acquired via WPS.

Size difference (mips_24kc): roughly +4kb for the 'full' variants of
wpa_supplicant and wpad which do support WPS.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-12-12 09:37:23 +01:00
Christian Lamparter
5beedcddc3 uboot-fritz4040: update package to 2018-12-09
This patch updates the uboot-fritz4040 package to the latest version.
The portability and private-libgcc patches, as well as the
upload-to-f4040.sh script have been added to the upstream repository.
Furthermore, the upload-to-f4040 has been updated to take the first
parameter as the file it is supposed to flash, otherwise it defaults
to the previous "uboot-fritz4040.bin". Furthermore the error messages
have been improved and ftp will now dump some "progress information"
to the user's console.

Also included is support for gcc 8+ and a fix for the obnoxous error
that currently breaks the builders:
| fritz/src/lzma2eva.c:23:30: fatal error: zlib.h: No such file or directory

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-12-11 23:00:32 +01:00
Kevin Darbyshire-Bryant
8c0f6a010a dnsmasq: follow upstream dnsmasq pre-v2.81 v2
Backport upstream commits.  Most interesting 122392e which changes how
SERVFAIL is handled especially in event of genuine server down/failure
scenarios with multiple servers.  a799ca0 also interesting in that
answered received via TCP are now cached, DNSSEC typically using TCP
meant until now answers weren't cached, hence reducing performance.

59e4703 Free config file values on parsing errors.
48d12f1 Remove the NO_FORK compile-time option, and support for uclinux.
122392e Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e
3a5a84c Fix Makefile lines generating UBUS linker config.
24b8760 Do not rely on dead code elimination, use array instead. Make options bits derived from size and count. Use size of option bits and last supported bit in computation. No new change would be required when new options are added. Just change OPT_LAST constant.
6f7812d Fix spurious AD flags in some DNS replies from local config.
cbb5b17 Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab
cf59843 Don't forward *.bind/*.server queries upstream
ee87504 Remove ability to compile without IPv6 support.
a220545 Ensure that AD bit is reset on answers from --address=/<domain>/<address>.
a799ca0 Impove cache behaviour for TCP connections.

Along with an additional patch to fix compilation without DHCPv6, sent
upstream.

I've been running this for aaaages without obvious issue hence brave
step of opening to wider openwrt community.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-12-10 10:38:49 +00:00
Kevin Darbyshire-Bryant
18e02fa20c Revert "dnsmasq: follow upstream dnsmasq pre-v2.81"
This reverts commit a6a8fe0be5.

buildbot found an error
option.c: In function 'dhcp_context_free':
option.c:1042:15: error: 'struct dhcp_context' has no member named 'template_interface'
       free(ctx->template_interface);

revert for the moment

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-12-10 09:57:19 +00:00
Kevin Darbyshire-Bryant
a6a8fe0be5 dnsmasq: follow upstream dnsmasq pre-v2.81
Backport upstream commits.  Most interesting 122392e which changes how
SERVFAIL is handled especially in event of genuine server down/failure
scenarios with multiple servers.  a799ca0 also interesting in that
answered received via TCP are now cached, DNSSEC typically using TCP
meant until now answers weren't cached, hence reducing performance.

59e4703 Free config file values on parsing errors.
48d12f1 Remove the NO_FORK compile-time option, and support for uclinux.
122392e Revert 68f6312d4bae30b78daafcd6f51dc441b8685b1e
3a5a84c Fix Makefile lines generating UBUS linker config.
24b8760 Do not rely on dead code elimination, use array instead. Make options bits derived from size and count. Use size of option bits and last supported bit in computation. No new change would be required when new options are added. Just change OPT_LAST constant.
6f7812d Fix spurious AD flags in some DNS replies from local config.
cbb5b17 Fix logging in cf5984367bc6a949e3803a576512c5a7bc48ebab
cf59843 Don't forward *.bind/*.server queries upstream
ee87504 Remove ability to compile without IPv6 support.
a220545 Ensure that AD bit is reset on answers from --address=/<domain>/<address>.
a799ca0 Impove cache behaviour for TCP connections.

I've been running this for aaaages without obvious issue hence brave
step of opening to wider openwrt community.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-12-10 09:14:07 +00:00
Kevin Darbyshire-Bryant
7b083bbb82 dnsmasq: drop dnssec timestamp file patch
Openwrt no longer uses and has not used since 5acfe55d71 Jun 2016 the
timestamp file (/etc/dnsmasq.time) method of resolving the dnssec/ntp
dnslookup chicken/egg problem, having used signals from ntp since that
change.

Drop the 'dnssec-improve-timestamp-heuristic' patch since it is neither
used nor sent upstream.  One less thing to refresh & maintain.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-12-10 09:14:06 +00:00
Nikos Mavrogiannopoulos
99dbbe7eb7 nettle: bump to 3.4.1
This is a security fix adding safer APIs for RSA use.

Compile tested for: ar71xx

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2018-12-09 20:39:35 +01:00
Luiz Angelo Daros de Luca
5cb1dce542 base-files: add sysupgrade -k to save list of pkgs
When '-k' is used, sysupgrade inserts into backup a new file
/etc/backup/installed_packages.txt which contains pkgname and origin (rom,
overlay, unknown) without touching rootfs.

It's mainly used to reinstall all extra packages:

 # opkg update
 # grep "\toverlay" /etc/backup/installed_packages.txt | cut -f1 | xargs -r opkg install
 # rm /etc/backup/installed_packages.txt

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-12-09 18:04:11 +00:00
Luiz Angelo Daros de Luca
96392e5da4 base-files: add sysupgrade -o to save all overlay files
Add sysupgrade '-o' option in order to include all overlay files in
backup, except for those that are from packages but including files
listed in conffiles, sysupgrade.conf or /lib/upgrade/keep.d.

With '-u' option, it will skip files equals to /rom and conffiles that
were not changed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-12-09 18:04:11 +00:00
Luiz Angelo Daros de Luca
20b23270b7 base-files: add sysupgrade -u to skip unchanged files
With '-u', for a file /aaa/bbb/ccc enlisted for backup,
it will only get into backup if /rom/aaa/bbb/ccc does not
exist or /aaa/bbb/ccc is different from /rom/aaa/bbb/ccc.

It also works with '-c', but only effective for files touched
but not modified.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-12-09 18:04:11 +00:00
Luiz Angelo Daros de Luca
e8711daede base-files: minor cleanups on sysupgrade
Renamed add_uci_conffiles to add_conffiles as it includes
any conffiles listed, not only UCI ones.

Make do_save_conffiles arg mandatory

Allow other options after -l (like -c)

Do not use stdout for error messages (fixes backup to stdout)

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-12-09 18:04:11 +00:00
Hans Dedecker
929c448a6d firewall: update to latest git HEAD
14589c8 redirects: properly handle src_dport in SNAT rules

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-12-09 17:36:12 +01:00
Christian Lamparter
87af41d554 ath10k-firmware: Fix mirror hash sum (FS#1983)
This now matches what was generated locally on my PC and the file on the
mirror server.

Fixes: 575d0240f9 ("ath10k-firmware: update board-2.bin for community firmwares")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-12-09 15:07:02 +01:00
Ansuel Smith
f939598b7a iptables: fix ebtables vlan compile issue (FS#1990)
Backport an upstream patch which fixes an userspace/kernel headers
collison

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-12-08 21:50:14 +01:00
Ansuel Smith
1286c55302 iptables: bump to 1.8.2
Drop 030-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch as pushed upstream
Added patches :
001-extensions_format-security_fixes_in_libip.patch
002-include_fix_build_with_kernel_headers_before_4_2.patch
101-remove-register-check.patch

The first and the second patch are upsteam fixes for compilation errors.
The third patch remove check if one target lib is already registred; this is caused by
shared libs that are loaded before the iptables execution.

Iptables changelog:

bba6bc6 (tag: v1.8.2) configure: bump versions for 1.8.2 release
61d6c38 xtables: add 'printf' attribute to xlate_add
5edb249 libxtables: xlate: init buffer to zero
9afd2a6 tests: shell: fix expected arptables-save output
6387941 arptables: fix --version info
d703c1f arptables: ignore --table argument.
d5754e3 arptables: make uni/multicast mac masks static
1b63e66 arptables: add test cases
5aecb2d arptables: pre-init hlen and ethertype
9677ed1 arptables: fix src/dst mac handling
ab0b6d5 arptables: fix target ip offset
c0c75ce arptables: fix -s/-d handling for negation and mask
3ac65af arptables: add basic test infra for arptables-nft
e31564f arptables: fix rule deletion/compare
2345ff6 arptables: remove code that is also commented-out in original arptables
50c2397 arptables-save: add -c option, like xtables-save
d9a518e arptables: use ->save for arptables-save, like xtables
5a52e6a extensions: test protocol and interface negation
85d7df9 xtables: Fix error return code in nft_chain_user_rename()
3ccb443 xtables: Clarify error message when deleting by index
95db364 xtables: Fix typo in do_command() error message
5f508b7 ebtables: use extrapositioned negation consistently
583b27e ebtables-save: add -c option, using xtables-style counters
e6723ab nft: add NFT_TABLE_* enumeration
21ec111 nft: replace nft_chain_dump() by nft_chain_list_get()
05947c8 iptables-nft: fix -f fragment option
7bd9feb libxtables: add and use mac print helpers
a10eb88 extensions: libebt_ip: fix tos negation
9b127b7 extensions: libebt_ip6: fix ip6-dport negation
c59ba1b xtables-nft: make -Z option work
1bf4a13 nft: add missing error string
a9f9377 iptables-tests: add % to run iptables commands
b81c8da iptables-tests: do not append xtables-multi to external commands
edf2b7c ebtables-nft: add arpreply target
2d1372e ebtables: add redirect test case
c3e8dbd ebtables: add test cases
cd90cef ebtables: relax -t table restriction, add snat/dnat test cases
fd95f1f ebtables: fix -j CONTINUE handling for add/delete
fb747f8 tests: add basic ebtables test support
d4bc5a3 iptables-nft: fix bogus handling of zero saddr/daddr
9ff9915 iptables-test: fix netns test
8c918db xtables: Fix for matching rules with wildcard interfaces
b2fc2a3 extensions: limit: unbreak build without libnftnl
682f39a xtables: Fix for spurious errors from iptables-translate
90f7dc3 (tag: v1.8.1) configure: bump versions for 1.8.1 release
0123183 iptables-test: add -N option to exercise netns removal path
abae556 libxtables: expose new etherdb lookup function through libxtables API
c2d9ed9 libxtables: prefix exported new functions for etherdb lookups
5a44360 Revert "extensions: libxt_quota: Allow setting the remaining quota"
2673faf xtables: Remove target_maxnamelen field
8ca3436 extensions: cgroup: fix option parsing for v2
0a8f2bc extensions: libxt_quota: Allow setting the remaining quota
b373a91 nft-shared: Use xtables_calloc()
5a40961 arptables: Use the shared nft_ipv46_parse_target()
9f07503 Combine parse_target() and command_jump() implementations
7373297 Combine command_match() implementations
a76ba54 libiptc: NULL-terminate errorname
a3716cc libxtables: Check extension real_name length
0195b64 iptables: Gitignore xtables-{legacy, nft}-multi scripts
671e40a xtables: Drop pointless check
7c9a152 arptables: Fix incorrect strcmp() in nft_arp_rule_find()
11e91a4 xtables: Don't read garbage in nft_ipv4_parse_payload()
d95c1e8 libxtables: Use posix_spawn() instead of vfork()
7e50eba Fix a few cases of pointless assignments
f40ce2d extensions: libebt_ip{, 6}: Drop pointless error checking
47fb86c nft-arp: Drop ineffective conditional
80aae9b iptables: Use print_ifaces() from xtables
8da04ff Share print_ipv{4,6}_addr() from xtables
b686594 iptables-apply: Replace signal numbers by names
f175dee iptables-apply: Quote strings passed to echo
52aa150 nfnl_osf: Replace deprecated nfnl_talk() by nfnl_query()
61ebf3f libxtables: Don't read garbage in xtables_strtoui()
ab639f2 libxtables: Avoid calling memcpy() with NULL source
22ef371 libiptc: Simplify alloc_handle() function signature
6b7145f libxt_time: Drop initialization of variable 'year'
749d3c2 libxt_ipvs: Avoid potential buffer overrun
8e798e0 libxt_conntrack: Avoid potential buffer overrun
74eb239 libxt_conntrack: Version 0 does not support XT_CONNTRACK_DIRECTION
d0c1f1b libxt_LED: Avoid string overrun while parsing led-trigger-id
23ef6f0 xtables: Remove unused variable in nft_is_table_compatible()
4e499d5 ip{, 6}tables-restore: Fix for uninitialized array 'curtable'
1788f54 Mark fall through cases in switch() statements
31f1434 libxtables: Integrate getethertype.c from xtables core
7ae4fb1 xtables: Fix for wrong assert() in __nft_table_flush()
8c786a3 nfnl_osf: Drop pointless check in xt_osf_strchr()
6fc7762 libxt_string: Fix array out of bounds check
2a68be1 xtables-save: Ignore uninteresting tables
f9efc8c extensions: add cgroup revision 2
9b8cb16 extensions: REJECT: Merge reject tables
56d7ab4 libxt_string: Avoid potential array out of bounds access
bfd41c8 ebtables: Fix for potential array boundary overstep
e6f9867 libiptc: Avoid side-effect in memset() calls
4144571 libxtables: Fix potential array overrun in xtables_option_parse()
9242b5d xtables: Accept --wait in iptables-nft-restore
c9f4f04 xtables: Don't check all rules for being compatible
15606f2 doc: Improve layout of u32 instructions
7345037 xtables-restore: Fix flushing referenced custom chains
7df11d1 xtables: Drop use of IP6T_F_PROTO
b6a06c1 xtables: Align return codes with legacy iptables
3bb497c xtables: Fix for deleting rules with comment
0800d9b ip6tables-translate: Fix libip6t_mh.txlate test
4cf650c ebtables-translate: Fix for libebt_limit.txlate
783e9c2 xtables: Add missing deinitialization
9771d06 ebtables: Review match/target lookup once more
85ed1ab extensions: libebt_mark: Drop mark_supplied check
6a46ca0 xtables: Add a few missing exit calls
acde6be ebtables-translate: Fix segfault while parsing extension options
2c4e4d2 ebtables: trivial: Leverage C99-style initializers a bit more
9f5b28a xlate-test: Fix for calling wrong command name
1a878a7 extensions: AUDIT: Provide translation
5ee03e6 xtables: Use meta l4proto for -p match
37b68b2 xtables: Fix for segfault when registering hashlimit extension
92f7b04 xtables: Fix for segfault in iptables-nft
294f9ef ebtables: Fix entries count in chain listing
6f29aa8 xtables: Make 'iptables -S nonexisting' return non-zero
7bccf30 ebtables: Fix for listing of non-existent chains
3d9a13d xtables: Fix for no output in iptables-nft -S
a33c6fd arptables: Drop extensions/libxt_mangle.c
02b8097 ebtables: Merge libebt_limit.c into libxt_limit.c
5de8dcf xtables: Use native nftables limit expression
514de48 ebtables: Remove flags misinterpretations
528cbf9 xtables: Fix for wrong counter format in -S output
9ca32c4 xtables: Don't pass full invflags to add_compat()
e055aeb xtables: Improve xtables-monitor first impression
b925733 tests: Fix skipping for recent nft-only tests
277f374 xtables: Spelling fixes in xtables-monitor
a9d9f64 xtables: Fix potential segfault in nft_rule_append()
fbf0bf7 tests: Add ebtables-{save,restore} testcases
f1d8508 tests: Add arptables-{save,restore} testcases
63c3dae xtables: Implement arptables-{save,restore}
aa7fb04 ebtables: Review match/target lookup
3f123dc ebtables-restore: Use xtables_restore_parse()
295d5a8 xtables-restore: Make COMMIT support configurable
1679b2c xtables-restore: Improve user-defined chain detection
2ce9f65 xtables: Match verbose ip{,6}tables output with legacy
cd79556 xtables: Reserve space for 'opt' column in ip6tables output
0357254 xtables: Print error when listing non-existent chains
206033e xtables: Fix for no output on first iptables-nft invocation
a0698de xtables: Do not count rules as chain references
d11b6b8 arptables: Fix jumps into user-defined chains
3f27955 arptables: Fix opcode printing in numeric output
f988fe4 xtables: Fix symlinks/names for ebtables-{save, restore}
3319c61 ebtables: Support --init-table command
3ec8aac arptables: Print policy only for base chains
83bc189 arptables: Fix for trailing spaces in output
aaed1b6 arptables: Fix memleaks in do_commandarp()
d67d85d ebtables: Print non-standard target parameters
2e478e9 ebtables: Fix match_list insertion
a192f03 ebtables: Fix for wrong program name in error messages
a2ed880 xshared: Consolidate argv construction routines
1cc0918 xshared: Consolidate parse_counters()
78b9d43 Consolidate DEBUGP macros
14ad525 xtables: Fix program name in xtables_error()
f7bbdb0 xtables: Use correct built-in chain count
ae574b2 xtables: Fix compilation with NLDEBUG defined
82d278c xtables: Free chains in NFT_COMPAT_CHAIN_ADD jobs
c2895ea xtables: Free chains in NFT_COMPAT_CHAIN_USER_DEL jobs
89d3443 xtables: Fix for nft_rule_flush() returning garbage
c259447 xtables: Allocate rule cache just once
ed30b93 nft: don't print rule counters unless verbose
31e4b59 iptables-restore: free the table lock when skipping a table
f8e29a1 xtables: avoid bogus 'is incompatible' warning
6ea7579 nft: decode meta l4proto
922508e xtables: implement ebtables-{save,restore}
25ef908 xtables: introduce nft_init_eb()
de8574a xtables: parameter to add_argv() may be const
6f60f22 xtables: pass format to nft_rule_save()
f3b772c xtables: introduce save_chain callback
fa1681f xtables: rename {print,save}_rule functions
444d581 xtables: get rid of nft_ipv{4,6}_save_counters()
34e1e23 xtables: eliminate nft_ipv{4,6}_rule_find()
de782e8 xtables: merge nft_ipv{4,6}_parse_target()
ae8eece xtables: get rid of nft_ipv{4,6}_print_header()
2687794 xtables: arp: make rule_to_cs callback private
1bf73c4 xtables: Use new callbacks in nft_rule_print_save()
1866625 xtables: introduce rule_to_cs/clear_cs callbacks
0589457 xtables: simplify struct nft_xt_ctx
d9c6a5d xtables: merge {ip,arp}tables_command_state structs
87b5b9e iptables: replace memset by c99-style initializers
907da5c xtables: fix crash if nft_rule_list_get() fails
565a223 xtables: Support nft suffix for arptables and ebtables
c468f01 tests: check iptables retval, not echo
47d1484 iptables: tests: add test for iptables-save and iptables-restore
e4e0704 extensions: don't bother to build libebt/libarp extensions if nft backend was disabled
17c66a5 iptables: tests: shell: Add README
6c2118c (tag: v1.8.0) configure: bump version and libnftnl dependency
7b66fc2 man: clarify translate tools do not modify any state
f7fec51 xtables-monitor: add --version option
b470b8e xtables-legacy: fix argv0 name for ip6tables-legacy
2028e54 xtables: display legacy/nf_tables flavor in error messages, too
fd8d7d7 ebtables-nft: add stp match
f15639b tests: add script that mimics firewalld startup
27f7db2 tests: fix variable name to multi-binary
2a89ec5 tests: add a few simple tests for list/new/delete
37d9d5b ebtables-nft: make -L, -X CHAINNAME work
816bd1f ebtables-nft: remove exec_style
b81708f ebtables-nft: don't crash on ebtables -X
de02a75 doc: fix some spellos and the dash escape
dcf4529 tests: add firewalld default ruleset from fedora 27
f23abd5 tests: add another ipv4 only ruleset
ed9cfe1 tests: add initial save/restore test cases
9933dc5 tests: adapt test suite to run with legacy+nftables based binaries
be70918 xtables: rename xt-multi binaries to -nft, -legacy
d49ba50 xtables-restore: init table before processing policies
344c6eb doc: Fix spelling error in hashlimit section
e063873 tests: make duplicate test work
d26c538 xtables: add xtables-monitor
db84371 xtables: translate nft meta trace set 1 to -j TRACE
20eac2a xtables: warn in case old-style (set/getsockopt) tables exist
c9f5e18 xtables: add nf_tables vs. legacy postfix to version strings
e5fed16 iptables8.in: Update coreteam names
672accf include: update kernel netfilter header files
856a875 xtables: silence two compiler warnings
ae6e159 xtables: remove dead code inherited from ebtables
107b7eb configure: add -Wlogical-op warning to cflags
bc7f49d ebtables-translate: remove --change-counters code
38b4166 iptables: tests: shell: add shell test-suite
1e6427a xtables-compat: skip invalid tables
cb368b6 xtables: more error printing fixes
b1b828f xtables: homogenize error message
4caa559 xtables: initialize basechains for rule flush command too
9b89622 xtables: rework rule cache logic
01e25e2 xtables: add chain cache
8d190e9 xtables: initialize basechains only once on ruleset restore
0a86351 xtables-compat: ignore '+' interface name
125d1ce xtables-compat: append all errors into single line
437746c xtables: extended error reporting
d1c79cd xtables: allocate struct xt_comment_info for comments
4e20209 xtables: use libnftnl batch API
49709e2 xtables-compat: remove nft_is_ruleset_compatible
03e1377 xtables: allow dumping of chains in specific table
94fd83d xtables: inconsistent error reporting for -X and no empty chain
c4f1622 ebtables-compat: add arp match extension
24ce746 ebtables-compat: add redirect match extension
84c04e3 ebtables-compat: add nat match extensions
14ec998 xtables-compat: ebtables: prefer snprintf to strncpy
5e2b473 xtables-compat: extend generic tests for masks and wildcards
1a696c9 libxtables: store all requested match types
bb436ce xtables-compat: ip6table-save: fix save of ip6 address masks
6454d7d ebtables-translate: suppress redundant protocols
07f4ca9 xtables-compat: ebtables: allow checking for zero-mac
0ca2d2a xtables-compat: ebtables: add helpers to print interface and mac addresses
3d9f300 xtables-compat: ebtables: remove interface masks from ebt_entry struct
20e2758 xtables-compat: ebtables: fix logical interface negation
2682bb0 xtables-compat: ebtables: add and use helper to parse all interface names
564862d xtables-compat: ebtables: split match/target print from nft_bridge_print_firewall
0ae81d0 xtables-compat: ebtables: kill ebtables_command_state
651cfee xtables-compat: pass correct table skeleton
652b98e xtables-compat: fix wildcard detection
49f4993 extensions: libip6t_srh.t: Add test cases for psid, nsid, and lsid
429143b extensions: libxt_CONNMARK: incorrect translation after v2
db7b4e0 extensions: libxt_CONNMARK: Support bit-shifting for --restore,set and save-mark
155e1c0 extensions: libip6t_srh: support matching previous, next and last SID
f4ffda1 extensions: libipt_DNAT: tests added for shifted portmap range
6a9ffb1 xtables-compat-restore: flush table and its content with no -n
07ae37c xtables-compat: fix bogus error with -X and no user-defined chains
df3d92b xtables-compat-restore: flush user-defined chains with -n
ca16584 xtables-compat-restore: flush rules and delete user-defined chains
ac1e85a extensions: libipt_DNAT: use size of nf_nat_range2 for rev2
e25d99a xtables-compat: pass larger socket buffer
838746e xtables-compat: xtables-save: don't return 1
2211679 xtables-compat: ebtables: support concurrent option
a77a7d8 iptables-test: fix bug with rateest
de87405 xtables-compat: fix ipv4 frag (-f)
c7b2fd6 xtables-compat: also check tg2->userspacesize
5685938 xtables-compat: avoid unneeded bitwise ops
b9d7b49 xtables-compat: restore: sync options with iptables-restore
c0ef861 extensions: add xlate test for ipables -f
d79a7f1 xtables-compat: output -s,d first during save, just like iptables
d1eb4d5 iptables-compat: chains are purge out already from table flush
09f0d47 iptables-compat: do not fail on restore if user chain exists
8798eb8 iptables-compat: remove non-batching routines
b633ef9 xtables.conf: fix hook skeletons
7af2178 xtables-compat: fall back to comment match in case name is too long
e9aeecf xlate-test: use locally installed xlate tools
0ab58e3 xtables-compat: ebtables: handle mac masks properly
734ad40 xtables-compat: nft-arp: fix warning wrt. sprintf-out-of-bounds
fb7ae9f xtables-compat: truncate comments to 254 bytes
36976c4 extensions: libipt_DNAT: support shifted portmap ranges
d7ac61b iptables-test: add nft switch and test binaries from git
992e17d xtables-compat: only fetch revisions for ip/ip6
12a52ff xtables: Fix rules print/save after iptables update
1197c5e xtables: Register all match/target revisions supported by us and kernel
e3bb24c xtables: Check match/target size vs XT_ALIGN(size) at register time
3b2530c xtables: Do not register matches/targets with incompatible revision
d3f1437 xtables: Introduce and use common function to print val[/mask] arguments
29b1d97 xtables: Introduce and use common function to parse val[/mask] arguments
56aadc0 extensions: Initialize linear mapping of symbols in _init() of extension
79c2da9 extensions: ULOG: remove test
a0956ce ebtables-translate: turn off useless compat queries
9840869 nft: arptables: remove obsolete forward hook definition
7a37d14 iptables-compat: statify nft_restart()
a3aac1d iptables-compat: handle netlink dump EINTR errors
a567dc3 ebtables-compat: add 'vlan' match extension
7564bba ebtables-compat: add 'pkttype' match extension
4d40904 ebtables-translate: update table name on -t
5c8ce9c ebtables-compat: add 'ip6' match extension
8a85a14 libebt_ip: fix translations for tos and icmp
b6f0bec libebt_ip: add icmp support
f38ed1e xt-translate: quote interface names in translated output
71a6e37 icmp: split icmp type printing to header file
e67c088 ebtables-translate: add initial test cases
207dd5e xt-compat: add ebtables-translate
d988274 xlate-translate: split common parts into helper
1650806 xtables-eb: export 3 functions
6b2041c nft-bridge: add eb-translate backend functions
3063c37 nft-bridge: fix mac address printing
394a400 nft: fix crash when getprotobynumber() returns 0
6a1dbdf ebtables-compat: support intra-positioned negations
3e94f0a nft-bridge: add forward declaration for struct nftnl_rule
5024efe libebt_limit: print 'minute' and 'seconds', not 'min' and 'secs'
ce3c780 nft: make nft_init self-contained
cb151d5 xtables-translate: rm duplicate includes
69c089b xt-compat: constify a few struct members
03ecffe ebtables-compat: add initial translations
57af67d iptables: constify option struct
88231c4 ebtables-compat: load mark target
6b4e167 ebtables-compat: don't make failing extension load fatal
24110b5 libxt_comment: silence truncation warning
98fc8ce xtables-compat: only validate the xtables builtin tables
9d9b724 xtables-compat: skip unsupported tables
59d15cf xtables-compat: also validate priorities and hook points match expected values
eb35854 xtables-compat: fix snprintf truncation warnings
fc04c8a extensions: CLUSTERIP: do not allow --local-node 0
eb2c052 extensions: CLUSTERIP: add tests
ca3c397 iptables: add xtables-translate.8 manpage
5beb158 extensions: libxt_bpf: Fix build with old kernel versions
147a891 extenstions: ecn: add tcp ecn/cwr translation
ed928a8 extensions: add tests for comp match options
632ace7 xtables-compat-multi.c: Allow symlink of ebtables
d7ccc68 iptables: add xtables-compat.8 manpage
043da5b extensions: connmark: remove non-working translation
a93b502 extensions: prefer plain 'set' over 'set mark and'
577b7e2 xtables-compat-restore: use correct hook priorities

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-12-08 10:54:09 +01:00
Petr Štetiar
60dd181a76 base-files: diag.sh: Make it more generic towards DTS so it could be reused
I wanted to add status LEDs support to my imx6 based board and have
found out, that I could use diag.sh script found in ramips platform,
which seems to be also shared in a few other platforms:

 4801276bc2078c5bcf03003c831e3b0a target/linux/ramips/base-files/etc/diag.sh
 4801276bc2078c5bcf03003c831e3b0a target/linux/ipq40xx/base-files/etc/diag.sh
 4801276bc2078c5bcf03003c831e3b0a target/linux/ath79/base-files/etc/diag.sh

So I've extended the base diag.sh in a way, that if it detects any of
the DTS LED aliases, then it would use the generic DTS set_led_state
code.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2018-12-06 08:42:40 +01:00
Rosen Penev
26dcaf58ee comgt: Fix 3g.sh permissions
3g.sh needs to be executable. 600 is not correct for that.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-12-06 08:42:39 +01:00
Michael Heimpold
d6ac8ca76c base-files: fix several bashisms
For equality test a simple = is sufficient, the == is
usually disregarded as bashism.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2018-12-05 22:16:52 +01:00
Steven Lin
2b4ac79a79 ipq40xx: add support for EnGenius EAP1300
SOC:    IPQ4018 / QCA Dakota
CPU:    Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:   256 MiB
NOR:    32 MiB
ETH:    Qualcomm Atheros QCA8072
WLAN1:  Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:  Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:  RESET Button
LEDS:   Power, LAN, MESH, WLAN 2.4GHz, WLAN 5GHz

1. Load Ramdisk via U-Boot

To set up the flash memory environment, do the following:
a. As a preliminary step, ensure that the board console port is connected to the PC using these RS232 parameters:
   * 115200bps
   * 8N1
b. Confirm that the PC is connected to the board using one of the Ethernet ports. Set a static ip 192.168.99.8 for Ethernet that connects to board. The PC must have a TFTP server launched and listening on the interface to which the board is connected. At this stage power up the board and, after a few seconds, press 4 and then any key during the countdown.

U-BOOT> set serverip 192.168.99.8 && set ipaddr 192.168.99.9 && tftpboot 0x84000000 openwrt.itb && bootm

2. Load image via GUI

a. Upgrade EAP1300 to FW v3.5.3.2
In the GUI, System Manager > Firmware > Firmware Upgrade, to do upgrade.
b. Transfer to OpenWrt from EnGenius.
In Firmware Upgrade page, to upgrade yours openwrt-ipq40xx-engenius_eap1300-squashfs-sysupgrade.bin.

3. Revert to EnGenius EAP1300
To flash openwrt-ipq40xx-engenius_eap1300-squashfs-factory.bin by using sysupgrade command and "DO NOT" keep configuration.
$ sysupgrade –n openwrt-ipq40xx-engenius_eap1300-squashfs-factory.bin

Signed-off-by: Steven Lin <steven.lin@senao.com>
2018-12-05 09:40:32 +01:00
Stijn Tintel
e261c8b764 brcm2708-gpu-fw: add fw required for camera module
To be able to use the camera module, start_x=1 has to be set in
config.txt. This will cause the bootloader to load the GPU firmware that
contain the extra video codecs. Install these firmware files.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-05 00:39:53 +02:00
Stijn Tintel
42ca32ad2f brcm2708-gpu-fw: update to git HEAD
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-05 00:09:14 +02:00
Stijn Tintel
f208f77811 mac80211: fix brcmfmac on brcm2708
An upstream change broke brcmfmac when loaded with modparam roamoff=1.
As we are carrying a patch that enables roamoff by default on the
brcm2708 target to improve stability, wireless is currently broken
there. Add a patch to fix brcmfmac with roamoff=1.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-12-04 22:45:08 +02:00
Felix Fietkau
4fd7882822 mt76: update to the latest version
5a5b396 mt76: throttle transmission of buffered multicast packets
8084323 mt7603: implement code for adjusting energy detect CCA thresholds
8929a6e mt7603: increase MCU timeout
f2ba65f mt7603: update firmware to 20161027164355
0ad998b mt7603: increase aggregation limits (based on vendor driver changes)
da00af0 mt7603: clear bit 18 in MT_SEC_SCR to fix ICV error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-12-04 12:28:56 +01:00
Florian Eckert
675eb747aa openvpn: add list element parsing
For the parameters tls-cipher and ncp-ciphers more than one option can
be used in the OpenVPN configuration, separated by a colon, which should
be implemented as a list in order to configure it more clearly. By
adding the new OPENVPN_LIST option to the openvpn.options file with the
tls-cipher and ncp-cipher parameters, uci can now add this option as a
"list" and the init script will generate the appropriate OpenVPN
configuration from it.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-12-03 09:54:03 +01:00
Eneas U de Queiroz
3fb45576ac cryptodev-linux: move from packages feed
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This is actually a build dependency for /dev/crypto support in openssl.
Since it is a kernel module, it belongs here anyway.

- Removed Nikos Mavrogiannopoulos as maintainer.
- Streamlined make flags

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-12-03 07:50:24 +01:00
Jo-Philipp Wich
9808bd2799 Revert "base-files: fwtool: Fix wrong checksum on combined-image with metadata"
This reverts commit 41770add03.

The fwtool_check_image() procedure is used by `sysupgrade --test` which must
not alter the image under test in any way.

Currently, when the LuCI ui or any other sysupgrade wrapper first invokes
sysupgrade --test to verify the compatibility of the image and then calculates
the sha256sum over it, the resulting checksum will differ from the original
image since the test invocation will implicitely strip the metadata trailer.

To properly fix the underlying issue, the combined image checksumming code
must be modified to skip the metadata trailer.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-02 16:05:44 +01:00
Hans Dedecker
493c1d1766 odhcpd: update to latest git HEAD
d404c7e netlink: fix triggering of NETEV_ADDR6LIST_CHANGE event
ae6cf80 config: correctly break string for prefix filter

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-11-29 21:46:12 +01:00
Tony Ambardar
8806da86f5 base-files: fix prerm return value, align with postinst code
The return value of a package prerm script is discarded and not returned
correctly by default_prerm(). This allows other operations like service
shutdown to "leak" their return value, prompting workarounds like commit
48cfc826 which do not address the root cause.

Preserve a package prerm script return value for use by default_prerm(),
sharing the corresponding code from default_postinst() for consistency.
Also use consistent code for handling of /etc/init.d/ scripts.

Run Tested on: LEDE 17.01.4 running ar71xx.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-11-29 11:52:56 +01:00
Felix Fietkau
5ffacceb7b mac80211: fix reordering of buffered broadcast packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-11-28 23:23:38 +01:00
Felix Fietkau
87b874d4d6 mt76: update to the latest version
5fb60a7 mt7603: fix aggregation size handling
31cd20e mt7603: issue PSE reset on stuck beacon
4063ae1 mt7603: check for PSE hang / stuck beacon first
00e03b9 mt7603: fix MT_WF_PHY_CR_RXTD_BASE definition
c3efb5d mt7603: add support for detecting MT7688 and single stream devices
2a136cb mt7603: fix TKIP key setup
cd456ca mt7603: disable broken support for WEP hardware encryption
3ecb7f8 mt7603: fix hardware queue assignment
6ac9653 mt7603: fix CAB queue limits
d22feb0 mt7603: move cab queue enabling to pre-tbtt tasklet
44bb372 mt7603: fix CAB queue flush mask

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-11-28 23:23:38 +01:00
Jo-Philipp Wich
3082370551 openvpn: update to 2.4.6
Update the OpenVPN package to version 2.4.6, refresh patches and drop
menuconfig options which are not supported upstream anymore.

Also fix the x509-alt-username configure flag - it is not supported
by mbedtls and was syntactically wrong in the Makefile - and the
port-share option which has been present in menuconfig but not been
used in the Makefile.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-28 22:10:19 +01:00
Jo-Philipp Wich
56378bc12d uhttpd: update to latest Git head
cdfc902 cgi: escape url in 403 error output
0bba1ce uhttpd: fix building without TLS and Lua support
2ed3341 help: document -A option
fa5fd45 file: fix CPP syntax error
77b774b build: avoid redefining _DEFAULT_SOURCE

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-28 12:55:50 +01:00
John Crispin
231d9d5327 Revert "intel-microcode: create early load microcode image"
This reverts commit 022ffb56b2.

Signed-off-by: John Crispin <john@phrozen.org>
2018-11-27 18:58:37 +01:00
John Crispin
30f30d3e11 Revert "amd64-microcode: create early load microcode image"
This reverts commit 975019b3a7.

Signed-off-by: John Crispin <john@phrozen.org>
2018-11-27 18:58:33 +01:00
Hans Dedecker
533f7673ae netifd: update to latest git HEAD
dfa4ede interface: fix return code of __interface_add()
a82a8f6 netifd: fix resource leak on error in netifd_add_dynamic()
fa2403d config: fix resource leaks on error in config_parse_interface()
85de9de interface: fix memory leak on error in __interface_add()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-11-26 15:33:45 +01:00
Steven Honson
a73283dc10 kernel: nf-nathelper-extra depends on ipt-raw
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
As automatic helper assignment is disabled in recent Linux kernels,
explicit rules must be added to the raw table for each helper.

While commit f50a524 in the firewall3 project added a set of default
rules and other additional related functionality, both this and the
alternative manual methods of defining these rules require kmod-ipt-raw.

Signed-off-by: Steven Honson <steven@honson.id.au>
2018-11-26 12:05:47 +01:00
Christian Lamparter
d82d84694e apm821xx: add support for the Netgear WNDAP620 and WNDAP660
This patch adds support for the Netgear WNDAP620 and WNDAP660,
they are similar devices, but due to the LAN LED configuration,
the switch setup and WIFI configuration each gets a different
device target.

Hardware Highlights WNDAP620:
CPU: AMCC PowerPC APM82181 at 1000 MHz
DRAM:  128 MB, 2 x 64 MiB DDR2 Hynix H5PS5162GF
CPU: AMCC PowerPC APM82181 at 1000 MHz
FLASH: 32 MiB, NAND SLC, Hynix HY27US08561A
Ethernet: RealTek RTL8363SB 2x2-Port Switch PHY - Only 1 GBit Port (POE)
Wifi: Atheros AR9380 minipcie - Dual-Band - 3x3:3
Serial: console port with RJ45 Interface (9600-N-8-1)
LEDS: Power, LAN-Activity, dual color LAN-Linkspeed, 2.4GHz, 5GHz LEDs
Button: Soft Reset Button
Antennae: 3 internal dual-band antennae + 3 x RSMA for external antennaes

Hardware Highlights WNDAP660:
CPU: AMCC PowerPC APM82181 at 1000 MHz + 2 Heatsinks
DRAM:  256 MB, 2 x 128 MiB DDR2
FLASH: 32 MiB, NAND SLC, Hynix HY27US08561A
Ethernet: RealTek RTL8363SB 2x2-Port Switch PHY (POE)
Wifi1: Atheros AR9380 minipcie - Dual-Band - 3x3:3
Wifi2: Atheros AR9380 minipcie - Dual-Band - 3x3:3
Serial: console port with RJ45 Interface (9600-N-8-1)
LEDS: Power, LAN-Activity, 2x dual color LAN-Linkspeed, 2.4GHz, 5GHz LEDs
Button: Soft Reset Button
Antennae: 6 internal dual-band antennae + 3 x RSMA for external antennaes

Flashing requirements:

 - needs a tftp server at 192.168.1.10/serverip.
 - special 8P8C(aka RJ45)<->D-SUB9 Console Cable
   ("Cisco Console Cable"). Note: Both WNDAP6x0 have
   a MAX3232 transceivers, hence no need for any separate
   CMOS/TTL level shifters.

External Antenna:
The antennae mux is controlled by GPIO 11 and GPIO14. Valid Configurations:
 = Config# = | = GPIO 11 = | = GPIO 14 = |  ===== Description =====
      1.     |   1 / High  |  0 / Low    | Use the internal antennae (default)
      2.     |   0 / Low   |  1 / High   | Use the external antennae

The external antennaes are only meant for the 2.4 GHz band.

One-way Flashing instructions via u-boot:

 0. connect the serial cable to the RJ45 Console Port
    Note: This requires a poper RS232 and not a TTL/USB adaptor.

 1. power up the AP and interrupt the u-boot process at

    'Hit any key to stop autoboot'

 2. setup serverip and ipaddr env settings
    Enter the following commands into the u-boot shell
    # setenv ipaddr 192.168.1.1
    # setenv serverip 192.168.1.10

 3. download the factory.img image to the AP
    Enter the following commands into the u-boot shell

    # tftp ${kernel_addr_r} openwrt-apm821xx-nand-netgear_wndap660-squashfs-factory.img

 4. verfiy image integrity
    Enter the following commands into the u-boot shell

    # crc32 $fileaddr $filesize

    If the calculated crc32 checksum does not match, go back to step 3.

 5. flash the image
    Enter the following commands into the u-boot shell

    # nand erase 0x110000 0x1bd0000
    # nand write ${kernel_addr_r} 0x110000 ${filesize}

 6. setup uboot environment
    Enter the following commands into the u-boot shell

    # setenv bootargs
    # setenv fileaddr
    # setenv filesize
    # setenv addroot 'setenv bootargs ${bootargs} root=/dev/ubiblock0_0'
    # setenv owrt_boot 'nboot ${kernel_addr_r} nand0 0x110000; run addroot; run addtty; bootm ${kernel_addr_r}'
    # setenv bootcmd 'run owrt_boot'
    # saveenv

 7. boot
    # run bootcmd

Booting initramfs instructions via u-boot:

 Follow steps 0 - 2 from above.

 3. boot initramfs
    Enter the following commands into the u-boot shell

    # tftp ${kernel_addr_r} openwrt-apm821xx-nand-netgear_wndap660-initramfs-kernel.bin
    # run addtty
    # bootm ${kernel_addr_r}

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-11-26 12:05:46 +01:00
Christian Lamparter
e21a9db47d apm821xx: MX60(W): enable u-boot environment
This patch adds u-boot environment access to the MX60(W) target.
"The environment size is one NAND block (128KiB on Buckminster).
We allocate four NAND blocks to deal with bad blocks which may
exist in the saved  environment"

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-11-26 12:05:46 +01:00
Christian Lamparter
f6968952df apm821xx: MR24: add to uboot-envtools
This patch adds the complicated u-boot
environment access settings for to the
MR24 target.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-11-26 12:05:46 +01:00
Christian Lamparter
6f4f77aa1d apm821xx: add uboot-envtools support
All apm821xx devices use u-boot and most of them have
an accessible u-boot environment. This patch adds the
necessary template file, but does not add the
uboot-envtools package to any of the targets.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-11-26 12:05:46 +01:00
Petr Štetiar
41770add03 base-files: fwtool: Fix wrong checksum on combined-image with metadata
If I create following image:

define Device/engenius-m36
  IMAGE/sysupgrade.bin := combined-image | append-metadata
endef

Sysupgrade then errors out:

  Invalid image. Contents do not match checksum (image:cd285595eaf297370404ae0e2815ec1a calculated:2cf9a2286fb6b01af3ea189128017d44)
  Image check 'platform_check_image' failed.

By removing the metadata from the image I get combined-image checksum
working again and sysupgrade works.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2018-11-26 12:05:45 +01:00
Tomasz Maciej Nowak
975019b3a7 amd64-microcode: create early load microcode image
Create initrd image with packed microcode. This'll allow to load it at
early boot stage.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-11-26 12:05:45 +01:00
Tomasz Maciej Nowak
022ffb56b2 intel-microcode: create early load microcode image
Create initrd image with packed microcode. This'll allow to load it at
early boot stage.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-11-26 12:05:44 +01:00