Commit Graph

48125 Commits

Author SHA1 Message Date
Jo-Philipp Wich
e8a2c21069 rpcd: update to latest Git HEAD
078bb57 uci: reset uci_ptr flags when merging options during section add
3df62bc session: deny access if password login is disabled

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-05-26 16:08:54 +02:00
Stijn Segers
63bef34db9 uboot-envtools: ath79: add Netgear WNDR4300SW
Add Netgear WNDR4300SW to the list of supported boards.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2020-05-26 15:29:51 +02:00
Roger Pueyo Centelles
8383e63808 ath79/mikrotik: add missing kernel config symbol for 5.4
The UBIFS_FS_ZSTD is exposed when UBIFS is enabled.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
[adjust commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-26 11:46:46 +02:00
Felix Fietkau
b371182d24 libubox: update to the latest version
86818eaa976b blob: make blob_parse_untrusted more permissive
cf2e8eb485ab tests: add fuzzer seed file for crash in blob_len
c2fc622b771f blobmsg: fix length in blobmsg_check_array
639c29d19717 blobmsg: simplify and fix name length checks in blobmsg_check_name
66195aee5042 blobmsg: fix missing length checks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-05-26 10:45:44 +02:00
Adrian Schmutzler
4661b05390 kernel: properly insert local mtd partition parsers
Between 4.19 and 5.4, the kernel moved the partition parsers into
the parsers subdirectory. This led to some necessary rebasing of
our local patches for parsers, which partially has been performed
without caring about where the code was inserted.

This commit tries to adjust our local patches so that parsers are
inserted at the "proper" positions with respect to alphabetic sorting
(if possible). Thus, the commit is cosmetic.

While this might look useless now, it will make life easier when
adding other parsers in the future or for rebasing on kernel changes.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-25 21:11:47 +02:00
Adrian Schmutzler
b91b7d8963 kernel: remove a bunch of trailing whitespaces
These trailing whitespaces were reported during kernel patch refresh.

While at it, harmonize a few indents as well.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-25 21:11:47 +02:00
Adrian Schmutzler
807366af38 kernel: drop backported gpio emulated open drain output fix
This patch has been backported to stable kernel 5.4 already.

Remove our local patch explicitly now, as by applying the patch
(or refreshing) the relevant code is actually added a second time.

Refresh remaining patches as well.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-25 21:10:44 +02:00
Adrian Schmutzler
1b2144e81f octeon: set 5.4 as default kernel
octeon has provided 5.4 as testing kernel for some time now, let's
switch to 5.4 to have a bigger audience for testing.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-25 12:04:55 +02:00
Adrian Schmutzler
73936e77ea octeontx: remove support for kernel 4.14
Kernel 5.4 is stable for about two months now and there is only a few
patches anyway, so this is mostly upstream stuff. Therefore, it does
not look like we need to keep old 4.14 around any longer.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-25 12:03:17 +02:00
Adrian Schmutzler
0efa8cb0a8 archs38: remove support for kernel 4.14
Kernel 5.4 is stable for about two months now and there is only one
patch anyway, so this is mostly upstream stuff. Therefore, it does
not look like we need to keep old 4.14 around any longer.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-25 12:03:02 +02:00
Yangbo Lu
4bbc0e7357 layerscape: remove support for kernel 4.14
Remove support for kernel 4.14, and NXP Layerscape SDK
had not supported kernel 4.14 since LSDK-20.04 either.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2020-05-25 11:48:54 +02:00
Álvaro Fernández Rojas
b1604b744b bcm63xx: ar-5315u: expose LEDs through controller
Exposing LEDs through LED controller instead of gpio-leds takes
advantage of HW blinking.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-24 20:19:21 +02:00
Álvaro Fernández Rojas
d361aa2ebd bcm63xx: ar-5387un: expose LEDs through controller
Exposing LEDs through LED controller instead of gpio-leds takes
advantage of HW blinking.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-24 20:17:34 +02:00
Álvaro Fernández Rojas
09b7922aaa bcm63xx: ar-5381u: expose LEDs through controller
Exposing LEDs through LED controller instead of gpio-leds takes
advantage of HW blinking.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-24 20:16:30 +02:00
INAGAKI Hiroshi
7b01567976 ramips: add alternative name for Buffalo WSR-2533DHP
Buffalo WSR-2533DHP is identical to the WSR-2533DHPL, Buffalo sold it
with renaming.

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2020-05-24 18:14:59 +02:00
Ernst Spielmann
c3dc52e39a ramips: add support for Asus RT-N10P V3 / RT-N11P B1 / RT-N12 VP B1
Specifications:

- MT7628NN @ 580 MHz
- 32 MB RAM
- 8 MB Flash
- 5x 10/100 Mbps Ethernet (built-in switch)
- 2.4 GHz WLAN
- 2x external, non-detachable antennas (1x for RT-N10P V3)

Flash instructions:

1. Set PC network interface to 192.168.1.75/24.
2. Connect PC to the router via LAN.
3. Turn router off, press and hold reset button, then turn it on.
4. Keep the button pressed till power led starts to blink.
5. Upload the firmware file via TFTP. (Any filename is accepted.)
6. Wait until the router reboots.

Signed-off-by: Ernst Spielmann <endspiel@disroot.org>
[fix node/property name for state_default]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-24 18:14:59 +02:00
Rafał Miłecki
a765b063ee libubox: update to the latest master
5e75160 blobmsg: fix attrs iteration in the blobmsg_check_array_len()
eeddf22 tests: runqueue: try to fix race on GitLab CI
89fb613 libubox: runqueue: fix use-after-free bug
1db3e7d libubox: runqueue fix comment in header
7c4ef0d tests: list: add test case for list_empty iterator

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-05-24 17:06:09 +02:00
Matthias Schiffer
42de3c89c7
ucert: update to latest git HEAD
00b921d80ac0 Do not print line number in debug messages
96c42c5ed320 Fix length checks in cert_load()
fe06b4b836b3 usign-exec: improve usign -F output handling
19f9e1917e1b usign-exec: return code fixes
077feb5b5824 usign-exec: close writing end of pipe early in parent process
7ec4bb764e1e usign-exec: remove redundant return statements
5a738e549d31 usign-exec: change usign_f_* fingerprint argument to char[17]
112488bbbccc usign-exec: do not close stdin and stderr before exec
38dcb1a6f121 usign-exec: fix exec error handling
a9be4fb17df2 usign-exec: simplify usign execv calls
854d93e2326a Introduce read_file() helper, improve error reporting
afc86f352bf7 Fix return code of write_file()
fdff10852326 stdout/stderr improvements
dddb2aa8124d ci: fix unit test failures by enabling full ucert build
5f206bcfe5c2 ci: enable unit testing

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-24 17:01:36 +02:00
Rosen Penev
69f8983af4 scripts/flashing/flash.sh: remove trailing whitespaces
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[cut out of patch with different subject]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-24 14:44:00 +02:00
Rosen Penev
34a2780395 scripts/flashing/flash.sh: Add missing quotes
These are in if statements (where they should be), and echo output that is
not piped to anything. These should be safe.

Found with shellcheck.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-05-24 14:44:00 +02:00
Stijn Segers
9a1f4b2f83 ath79/nand: add support for Netgear WNDR4300SW
This patch adds support for the WNDR4300SW, marketed by California ISP
SureWest (hence the 'SW' suffix). Hardware wise, it's identical to the
WNDR4300 v1.

Specifications:
* SoC: Atheros AR9344
* RAM: 128 MB
* Flash: 128 MB NAND flash
* WiFi: Atheros AR9580 (5 GHz) and AR9344 (2,4 GHz)
* Ethernet: 5x 1000Base-T
* LED: Power, WAN, LAN, WiFi, USB, WPS
* UART: on board, to the right of the RF shield at the top of the board

Installation:

* Flashing through the OEM web interface:
  + Connect your computer to the router with an ethernet cable and browse
    to http://192.168.1.1/
  + Log in with the default credentials are admin:password
  + Browse to Advanced > Administration > Firmware Upgrade in the Netgear
    interface
  + Upload the Openwrt firmware: openwrt-ath79-nand-netgear_wndr4300sw-squashfs-factory.img
  + Proceed with the firmware installation and give the device a few
    minutes to finish and reboot.

* Flashing through TFTP:
  + Configure your wired client with a static IP in the 192.168.1.x range,
    e.g. 192.168.1.10 and netmask 255.255.255.0.
  + Power off the router.
  + Press and hold the RESET button (the factory reset button on the bottom
    of the device, with the red circle around it) and turn the router on
    while keeping the button pressed.
  + The power LED will start flashing orange. You can release the button
    once it switches to flashing green.
  + Transfer the image over TFTP:
    $ tftp 192.168.1.1 -m binary -c put openwrt-ath79-nand-netgear_wndr4300sw-squashfs-factory.img

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2020-05-24 14:44:00 +02:00
Hauke Mehrtens
1bbc1aa884 squashfs: Fix compile with GCC 10
Fixes the following build error with GCC 10:
	/usr/bin/ld: read_fs.o:(.bss+0x0): multiple definition of `swap'; mksquashfs.o:(.bss+0x1b2a88): first defined here
And a compile warning.

Fixes: FS#3104, FS#3119
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-24 14:38:40 +02:00
Matthias Schiffer
e35e40ad82
usign: update to latest git HEAD
f1f65026a941 Always pad fingerprints to 16 characters

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-05-23 13:38:12 +02:00
Russell Senior
fe9a2beecb ramips: fix 04_led_migration case syntax for mt7621
Commit f761f4052c had bogus case syntax, the uci-defaults script threw
errors as a result and exited non-zero, probably didn't do what was
intended, but tried over and over since the non-zero exit prevents the
script from being deleted.

Fixes: f761f4052c ("ramips: mt7621: harmonize naming scheme for Mikrotik")

Signed-off-by: Russell Senior <russell@personaltelco.net>
[extend commit title, add Fixes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-23 11:38:09 +02:00
David Bauer
ebddc5f984 ath79: add support for Enterasys WS-AP3705i
Hardware
--------
SoC:    Atheros AR9344
RAM:    128M DDR2
FLASH:  2x Macronix MX25L12845EM
        2x 16MiB SPI-NOR
WLAN2:  Atheros AR9344 2x2 2T2R
WLAN5:  Atheros AR9580 2x2 2T2R
SERIAL: Cisco-RJ45 on the back (115200 8n1)

Installation
------------

The U-Boot CLI is password protected (using the same credentials as the
OS). Default is admin/new2day.

1. Download the OpenWrt initramfs-image. Place it into a TFTP server
   root directory and rename it to 1401A8C0.img. Configure the TFTP
   server to listen at 192.168.1.66/24.

2. Connect the TFTP server to the access point.

3. Connect to the serial console of the access point. Attach power and
   interrupt the boot procedure when prompted (bootdelay is 1 second).

4. Configure the U-Boot environment for booting OpenWrt from Ram and
   flash:

   $ setenv boot_openwrt 'setenv bootargs; bootm 0xbf230000'
   $ setenv ramboot_openwrt 'setenv serverip 192.168.1.66;
     tftpboot 0x85000000; bootm'
   $ setenv bootcmd 'run boot_openwrt'
   $ saveenv

5. Load OpenWrt into memory:

   $ run ramboot_openwrt

   Wait for the image to boot.

6. Transfer the OpenWrt sysupgrade image to the device. Write the image
   to flash using sysupgrade:

   $ sysupgrade -n /path/to/openwrt-sysuograde.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-05-22 21:54:30 +02:00
David Bauer
a9f7510150 hostapd: add WEP as queryable build feature
Commit 472fd98c5b ("hostapd: disable support for Wired Equivalent
Privacy by default") made support for WEP optional.

Expose the WEP support to LuCi or other userspace tools using the
existing interface. This way they are able to remove WEP from the
available ciphers if hostapd is built without WEP support.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-05-22 21:54:30 +02:00
Daniele Castro
d6f66dd88e brcm63xx: add support for ADB P.DG A4001N A-000-1A1-AX
ADB P.DG A4001N A-000-1A1-AX a.k.a. Telecom Italia ADSL2+ Wi-Fi N (AGPWI)
has the same PCB as the OpenWrt's ADB P.DG A4001N1 with LEDs connected
to different GPIO PINs in active low configuration.

OpenWrt's ADB P.DG A4001N image is made for the ADB P.DG A4001N A-000-1A1-AE.
It has different LEDs configuration and flash size/layout
w.r.t the ADB P.DG A4001N A-000-1A1-AX.

Hardware:
* Board ID: 96328avng
* SoC: Broadcom BCM6328
* RAM DDR2-800: 32 Mbyte - winbond W9725G6KB-25
* Serial flash: 16 Mbyte - MXIC MX25L 12845EMI-10G
* Ethernet: 4x Ethernet 10/100 baseT
* Wifi 2.4GHz: Broadcom Corporation BCM43224/5 Wireless Network Adapter (rev 01)
* LEDs: 2x Power, 2x ADSL, 2x Internet, 2x Wi-Fi, 2x Service
* Buttons: 1x Reset, 1x WPS (named WiFi/LED)
* UART: 1x TTL 115200n8, TX  NC  RX, on J5 connector (short R192 and R193)
                         NC  GND NC

Installation via CFE:
* Stock CFE has to be overwriten with one for 96328avng boards that can upload
  .bin images with no signature check (cfe-A4001N-V0000_96328avng.bin)
* connect a serial port to the board
* Stop the boot process after power on by pressing enter
* set static IP 192.168.1.2 and subnet mask 255.255.255.0
* navigate to http://192.168.1.1/
* upload the OpenWrt image file

Signed-off-by: Daniele Castro <danielecastro@hotmail.it>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-22 21:23:21 +02:00
Adrian Schmutzler
e3e17b4ed4 bcm63xx: use model part of board name as variable in 01_leds
This extracts the model part of the board name and uses it for the
LED string identifiers in 01_leds. As this makes statements more
generic, it will allow to merge more cases in the future.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-22 18:28:01 +02:00
Adrian Schmutzler
5a7d11fb78 bcm63xx: replace further "ok" with "okay" in DTS files
While "ok" is recognized in DT parsing, only "okay" is actually
mentioned as valid value. Replace it accordingly.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-05-22 18:26:29 +02:00
Hauke Mehrtens
586661018e ath79: Do not build buffalo_whr-g301n by default
The squashfs partition is getting too big.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 22:16:17 +02:00
Hauke Mehrtens
04b1a11f5c mac80211: Fix build on mpc85xx target
This fixes the following compile error seen on the mpc85xx target:
  CC [M]  /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o
In file included from /builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/stddef.h:17,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/uapi/linux/wireless.h:77,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/include/linux/wireless.h:13,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:89:
/builder/shared-workdir/build/staging_dir/toolchain-powerpc_8540_gcc-8.4.0_musl/include/bits/alltypes.h:106:15: error: conflicting types for 'ptrdiff_t'
 typedef _Addr ptrdiff_t;
               ^~~~~~~~~
In file included from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/types.h:4,
                 from ./include/linux/list.h:5,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/list.h:3,
                 from ./include/linux/module.h:9,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/backport-include/linux/module.h:3,
                 from /linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.c:79:
./include/linux/types.h:65:28: note: previous declaration of 'ptrdiff_t' was here
 typedef __kernel_ptrdiff_t ptrdiff_t;
                            ^~~~~~~~~
scripts/Makefile.build:265: recipe for target '/linux-mpc85xx_p2020/backports-5.7-rc3-1/drivers/net/wireless/intersil/orinoco/main.o' failed

Fixes: 289c632425 ("mac80211: Update to version 5.7-rc3-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 21:53:14 +02:00
Philip Prindeville
de8b88ce17 firewall: add rule for traceroute support
Running your firewall's "wan" zone in REJECT zone (1) exposes the
presence of the router, (2) depending on the sophistication of
fingerprinting tools might identify the OS and release running on
the firewall which then identifies known vulnerabilities with it
and (3) perhaps most importantly of all, your firewall can be
used in a DDoS reflection attack with spoofed traffic generating
ICMP Unreachables or TCP RST's to overwhelm a victim or saturate
his link.

This rule, when enabled, allows traceroute to work even when the
default input policy of the firewall for the wan zone has been
set to DROP.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2020-05-21 20:23:10 +02:00
Hans Dedecker
bc55258464 netifd: ingress/egress vlan qos mapping support
74e0222 vlandev: support setting ingress/egress QoS mappings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-05-21 20:21:02 +02:00
Álvaro Fernández Rojas
78a0ae9023 bcm63xx: WIP: add Huawei HG253s v2 support
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-21 19:11:24 +02:00
Álvaro Fernández Rojas
5998c8f059 bcm63xx: nand: support CFE partition tags
Introduce support for generating JFFS2 CFE partition tags.
This is used in NAND devices in order to verify the integrity of the JFFS2
partition.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-21 19:11:24 +02:00
Álvaro Fernández Rojas
d90828411a scripts: add CFE Partition Tags support
Some BCM63xx NAND devices require a specific JFFS2 partition tag to verify
the JFFS2 partition validity:
	u32 part_id;
	u32 part_size;
	u16 flags;
	char part_name[33];
	char part_version[21];
	u32 part_crc32;

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-21 19:11:24 +02:00
Álvaro Fernández Rojas
6dc3dce658 bcm63xx: improve rgmii ctrl overrides
There are older devices which require overriding the RGMII ports, so this
shouldn't be limited and forced to BCM63268.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-21 19:11:24 +02:00
Álvaro Fernández Rojas
7a817752f6 bcm63xx: dgnd3700-v1: add NAND support
NAND is used as extra storage on this device.

Signed-off-by: Daniel Gonzalez Cabanelas <dgcbueu@gmail.com>
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-21 19:11:24 +02:00
Álvaro Fernández Rojas
67861b2a66 bcm63xx: nand: fix v2.1 controller support
Page size shift is different from v2.2+ controllers

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-05-21 19:11:23 +02:00
Hauke Mehrtens
289c632425 mac80211: Update to version 5.7-rc3-1
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

The 131-Revert-mac80211-aes-cmac-switch-to-shash-CMAC-driver.patch patch
was manually adapted to the changes in kernel 5.7.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
64f343a881 mac80211: Update to version 5.6.8-1
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
9ca21dc7d5 mac80211: Update to version 5.5.19
This updates the mac80211 backport.

The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Hauke Mehrtens
a4b50c4bce mac80211: Update to version 5.4.36-1
This updates the mac80211 backport to the latest minor version.

The removed patch was a backport from the upstream kernel which is now
integrated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-05-21 14:39:34 +02:00
Russell King
6593ea23e5 kernel: backport the I2C bus recovery for uDPU
Backport the I2C bus recovery DT configuration for the uDPU that has
been queued for 5.8.

Signed-off-by: Russell King <linux@armlinux.org.uk>
2020-05-21 12:55:31 +02:00
Russell King
714199ec34 kernel: backport v5.8 i2c-pxa updates
Add i2c-pxa updates queued for v5.8, which add bus recovery to this
driver; this is needed for the uDPU platform.

Signed-off-by: Russell King <linux@armlinux.org.uk>
2020-05-21 12:55:31 +02:00
Russell King
72a1d5c3ac kernel: backport gpio emulated open drain output fix
Backport the GPIO emulated open drain output fix from v5.5, which is
required for the i2c-pxa backport.

Signed-off-by: Russell King <linux@armlinux.org.uk>
2020-05-21 12:55:31 +02:00
Daniel Golle
017320ead3 hostapd: bring back mesh patches
Bring back 802.11s mesh features to the level previously available
before the recent hostapd version bump. This is mostly to support use
of 802.11s on DFS channels, but also making mesh forwarding
configurable which is crucial for use of 802.11s MAC with other routing
protocols, such as batman-adv, on top.
While at it, fix new compiler warning by adapting 700-wifi-reload.patch
to upstream changes, now building without any warnings again.

Fixes: 0a3ec87a66 ("hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-05-21 10:21:59 +01:00
Jason A. Donenfeld
a860fe2304 wireguard: bump to 1.0.20200520
This version has the various slew of bug fixes and compat fixes and
such, but the most interesting thing from an OpenWRT perspective is that
WireGuard now plays nicely with cake and fq_codel. I'll be very
interested to hear from OpenWRT users whether this makes a measurable
difference. Usual set of full changes follows.

This release aligns with the changes I sent to DaveM for 5.7-rc7 and were
pushed to net.git about 45 minutes ago.

* qemu: use newer iproute2 for gcc-10
* qemu: add -fcommon for compiling ping with gcc-10

These enable the test suite to compile with gcc-10.

* noise: read preshared key while taking lock

Matt noticed a benign data race when porting the Linux code to OpenBSD.

* queueing: preserve flow hash across packet scrubbing
* noise: separate receive counter from send counter

WireGuard now works with fq_codel, cake, and other qdiscs that make use of
skb->hash. This should significantly improve latency spikes related to
buffer bloat. Here's a before and after graph from some data Toke measured:
https://data.zx2c4.com/removal-of-buffer-bloat-in-wireguard.png

* compat: support RHEL 8 as 8.2, drop 8.1 support
* compat: support CentOS 8 explicitly
* compat: RHEL7 backported the skb hash renamings

The usual RHEL churn.

* compat: backport renamed/missing skb hash members

The new support for fq_codel and friends meant more backporting work.

* compat: ip6_dst_lookup_flow was backported to 4.14, 4.9, and 4.4

The main motivation for releasing this now: three stable kernels were released
at the same time, with a patch that necessitated updating in our compat layer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-05-21 08:18:01 +02:00
Petr Štetiar
472fd98c5b hostapd: disable support for Wired Equivalent Privacy by default
Upstream in commit 200c7693c9a1 ("Make WEP functionality an optional
build parameter") has made WEP functionality an optional build parameter
disabled as default, because WEP should not be used for anything
anymore. As a step towards removing it completely, they moved all WEP
related functionality behind CONFIG_WEP blocks and disabled it by
default.

This functionality is subject to be completely removed in a future
release.

So follow this good security advice, deprecation notice and disable WEP
by default, but still allow custom builds with WEP support via
CONFIG_WPA_ENABLE_WEP config option till upstream removes support for
WEP completely.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-21 08:18:01 +02:00
Petr Štetiar
0a3ec87a66 hostapd: update to latest Git hostap_2_9-1238-gdd2daf0848ed
Bump package to latest upstream Git HEAD which is commit dd2daf0848ed
("HE: Process HE 6 GHz band capab from associating HE STA"). Since last
update there was 1238 commits done in the upstream tree with 618 files
changed, 53399 insertions, 24928 deletions.

I didn't bothered to rebase mesh patches as the changes seems not
trivial and I don't have enough knowledge of those parts to do/test that
properly, so someone else has to forward port them, ideally upstream
them so we don't need to bother anymore. I've just deleted them for now:

 004-mesh-use-setup-completion-callback-to-complete-mesh-.patch
 005-mesh-update-ssid-frequency-as-pri-sec-channel-switch.patch
 006-mesh-inform-kernel-driver-DFS-handler-in-userspace.patch
 007-mesh-apply-channel-attributes-before-running-Mesh.patch
 011-mesh-Allow-DFS-channels-to-be-selected-if-dfs-is-ena.patch
 013-mesh-do-not-allow-pri-sec-channel-switch.patch
 015-mesh-do-not-use-offchan-mgmt-tx-on-DFS.patch
 016-mesh-fix-channel-switch-error-during-CAC.patch
 018-mesh-make-forwarding-configurable.patch

Refreshed all other patches, removed upstreamed patches:

 051-wpa_supplicant-fix-race-condition-in-mesh-mpm-new-pe.patch
 067-0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
 070-driver_nl80211-fix-WMM-queue-mapping-for-regulatory-.patch
 071-driver_nl80211-fix-regulatory-limits-for-wmm-cwmin-c.patch
 090-wolfssl-fix-crypto_bignum_sum.patch
 091-0001-wolfssl-Fix-compiler-warnings-on-size_t-printf-forma.patch
 091-0002-wolfssl-Fix-crypto_bignum_rand-implementation.patch
 091-0003-wolfssl-Do-not-hardcode-include-directory-in-wpa_sup.patch
 800-usleep.patch

Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de> [ipq8065/NBG6817; ipq40xx/MAP-AC2200]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-05-21 08:18:01 +02:00