Commit Graph

15012 Commits

Author SHA1 Message Date
Eneas U de Queiroz
952bafa03c openssl: bump to 1.0.2t, add maintainer
This version fixes 3 low-severity vulnerabilities:

- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
                 CMS_decrypt_set1_pkey

Patches were refreshed, and Eneas U de Queiroz added as maintainer.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-20 20:50:07 +02:00
Rafał Miłecki
5880dd48d5 mac80211: brcmfmac: backport the last 5.4 changes
This makes brcmfmac use the same wiphy after PCIe reset to help user
space handle corner cases (e.g. firmware crash).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f39f4b2f6d)
2019-09-16 09:25:29 +02:00
Rafał Miłecki
7393ce8d87 mac80211: brcmfmac: backport more kernel 5.4 changes
Patch getting RAM info got upstreamed. A debugging fs entry for testing
reset feature was added.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 681acdcc54)
2019-09-09 12:57:56 +02:00
Josef Schlehofer
f6de1fa6c6 bzip2: Fix CVE-2019-12900
More details about this CVE:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-09-03 12:55:00 +02:00
Koen Vandeputte
4b5c77ca2f ath9k: backport dynack improvements
Close cooperation with Lorenzo Bianconi resulted
in these patches which fix all remaining seen issues
when using dynack.

Fix link losses when:
- Late Ack's are not seen or not present
- switching from too low static coverage class to dynack on a live link

These are fixed by setting the Ack Timeout/Slottime to
the max possible value for the currently used channel width when
a new station has been discovered.

When traffic flows, dynack is able to adjust to optimal values
within a few packets received (typically < 1 second)

These changes have been thoroughly tested on ~60 offshore devices
all interconnected using mesh over IBSS and dynack enabled on all.

Distances between devices varied from <100m up to ~35km

[move patches to correct folder + renumber]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
(cherry picked from commit f6e8ba0238fe349b7529357793e2fb18635819ed)
2019-08-28 13:10:08 +02:00
Jan Pavlinec
564d81e944 iptables: patch CVE-2019-11360 (security fix)
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2019-08-17 17:23:17 +02:00
Luiz Angelo Daros de Luca
5e3b21c916 musl: ldso/dlsym: fix mips returning undef dlsym
This happens only the second time a library is loaded by dlopen().
After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef
symbol from lib1 dependencies. After the second library is loaded,
dlsym(lib2,"undef1") was returning the address of "undef1" in lib2
instead of searching lib2 dependencies.

Backporting upstream fix which now uses the same logic for relocation
time and dlsym.

Fixes openwrt/packages#9297

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2019-08-17 17:23:17 +02:00
Eneas U de Queiroz
2df2b75208 wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628
CVE-2018-16870: medium-severity, new variant of the Bleichenbacher
attack to perform downgrade attacks against TLS, which may lead to
leakage of sensible data. Backported from 3.15.7.

CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack. Backported from 4.1.0.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-08-17 17:23:17 +02:00
Rosen Penev
28dc34f249 xfsprogs: Replace valloc with posix_memalign
Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit e49b6bb618)
2019-08-14 09:12:52 +02:00
Rosen Penev
24967a6c42 libbsd: Fix compilation under ARC
The 8 year old file does not have any ARC definitions.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[updated content of the patch with version sent to upstream]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 395bef4bba)
2019-08-14 09:12:23 +02:00
Rosen Penev
30815d65d2 nftables: Fix compilation with uClibc-ng
Missing header for va_list.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
(cherry picked from commit 2f97797471)
2019-08-14 09:12:23 +02:00
Jo-Philipp Wich
0a4a82a431 config: introduce separate CONFIG_SIGNATURE_CHECK option
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.

This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.

Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.

As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f565f276e2)
2019-08-07 07:54:27 +02:00
Jo-Philipp Wich
8a83892662 packages: apply usign padding workarounds to package indexes if needed
Since usign miscalculates SHA-512 digests for input sizes of exactly
64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some
white space padding to avoid triggering the hashing edge case.

While usign itself has been fixed already, there is still many firmwares
in the wild which use broken usign versions to verify current package
indexes so we'll need to carry this workaround in the forseeable future.

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Ref: https://git.openwrt.org/5a52b379902471cef495687547c7b568142f66d2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from commit e1f588e446)
2019-08-07 07:23:51 +02:00
Jo-Philipp Wich
0bce1d0db9 usign: update to latest Git HEAD
This update fixes usign signature verification on files with certain
file sizes triggering a bug in the shipped SHA-512 implementation.

5a52b37 sha512: fix bad hardcoded constant in sha512_final()
3e6648b README: replace unicode character
716c3f2 README: add reference to OpenBSD signify
86d3668 README: provide reference for ed25519 algorithm
939ec35 usign: main.c: describe necessary arguments for -G

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 991dd5a893)
2019-08-06 20:59:09 +02:00
Rafał Miłecki
f51e2d031e mac80211: brcm: improve brcmfmac debugging of firmware crashes
This provides a complete console messages dump.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-28 16:21:04 +02:00
Rafał Miłecki
95745e26b3 mac80211: brcm: update brcmfmac 5.4 patches
Use commits from wireless-drivers-next.git.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-28 16:13:53 +02:00
Eneas U de Queiroz
65a405382b omcproxy: fix compilation on little-endian CPUs
Don't use cpu_to_be32 outside of a function.

In file included from /omcproxy-2017-02-14-1fe6f48f/src/omcproxy.h:51:0,
                 from omcproxy-2017-02-14-1fe6f48f/src/mrib.c:39:
omcproxy-2017-02-14-1fe6f48f/src/mrib.c:57:34: error: braced-group within expression allowed only inside a function
 static uint32_t ipv4_rtr_alert = cpu_to_be32(0x94040000);
                                  ^
cc1: warning: unrecognized command line option '-Wno-gnu'

Ref: https://downloads.openwrt.org/releases/faillogs-18.06/arm_cortex-a9_vfpv3/base/omcproxy/compile.txt
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
[more verbose commit message]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cb4d00d184)
2019-07-23 19:29:54 +02:00
Rafał Miłecki
8231f67218 mac80211: brcmfmac: backport fixes from kernel 5.4
This fixes:
1) Crash during USB disconnect
2) Crash in brcmf_txfinalize() on rmmod with packets queued
3) Some errors in exit path

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-22 07:11:56 +02:00
Yousong Zhou
627bb0b8dc busybox: strip off ALTERNATIVES spec
Now that busybox is a known alternatives provider by opkg, we remove the
ALTERNATIVES spec and add a note to make the implicit situation clear

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from 62be427067)
2019-07-12 07:52:38 +00:00
Yousong Zhou
e6af9c017b opkg: bump to version 2019-06-14
Changelog

  dcbc142 alternatives: remove duplicate 'const' specifier
  21b7bd7 alternatives: special-case busybox as alternatives provider
  d4ba162 libopkg: only perform size check when information is available
  cb66403 libopkg: check for file size mismatches

Opkg starting from this version special-cases busybox as alternatives
provider.  There should be no need to add entries to ALTERNATIVES of
busybox package

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-07-12 07:52:38 +00:00
Adrian Schmutzler
33e7beeb31 base-files: Fix path check in get_mac_binary
Logic was inverted when changing from string check to file check.
Fix it.

Fixes: 8592602d0a ("base-files: Really check path in get_mac_binary")
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6ed3349308)
2019-07-09 23:08:57 +02:00
Adrian Schmutzler
6ee6c97ded base-files: Really check path in get_mac_binary
Currently, path argument is only checked for being not empty.

This changes behavior to actually check whether path exists.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-07-05 22:30:46 +02:00
Jason A. Donenfeld
aced9de9a4 wireguard: bump to 0.0.20190601
There was an issue with the backport compat layer in yesterday's snapshot,
causing issues on certain (mostly Atom) Intel chips on kernels older than
4.2, due to the use of xgetbv without checking cpu flags for xsave support.
This manifested itself simply at module load time. Indeed it's somewhat tricky
to support 33 different kernel versions (3.10+), plus weird distro
frankenkernels.

If OpenWRT doesn't support < 4.2, you probably don't need to apply this.
But it also can't hurt, and probably best to stay updated.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 593b487538)
2019-07-01 22:13:23 +02:00
Jo-Philipp Wich
b84f761d91 OpenWrt v18.06.4: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-30 12:16:44 +02:00
Jo-Philipp Wich
f6429577c5 OpenWrt v18.06.4: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-30 12:16:40 +02:00
Koen Vandeputte
ef686b7292 uqmi: bump to latest git HEAD
1965c7139374 uqmi: add explicit check for message type when expecting a response
01944dd7089b uqmi_add_command: fixed command argument assignment

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 47986dc6ea1d643cd348501da09cd2e3ee2f9ee1)
2019-06-27 14:18:52 +02:00
Jo-Philipp Wich
3dc740257b uqmi: inherit firewall zone membership to virtual sub interfaces
Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.

Fixes: FS#2122
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 64bb88841f)
2019-06-27 14:18:52 +02:00
Daniel Golle
a2c22b8776 uqmi: fix PIN_STATUS_FAILED error with MC7455 WCDMA/LTE modem
Apparently this modem replies differently to attempted --get-pin-status
which makes the script fail if a pincode is set. Fix this.

Manufacturer: Sierra Wireless, Incorporated
Model: MC7455
Revision: SWI9X30C_02.24.05.06 r7040 CARMD-EV-FRMWR2 2017/05/19 06:23:09

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 0b373bf4d6)
2019-06-27 14:18:52 +02:00
Jo-Philipp Wich
467adaf6c5 OpenWrt v18.06.3: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-21 14:26:23 +02:00
Jo-Philipp Wich
4382d4ce19 OpenWrt v18.06.3: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-21 14:26:22 +02:00
Karel Kočí
97ae9e0ccb fstools: block-mount: fix restart of fstab service
Restarting service causes file-systems to be unmounted without being
mounted back. When this service was obsoleted it should have been
implemented in a way that all actions are ignored. Up to this commit
default handler was called when restart was requested. This default
handler just simply calls stop and start. That means that stop called
unmount but start just printed that this service is obsoleted.

This instead implements restart that just prints same message like start
does. It just calls start in reality. This makes restart unavailable for
call.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 3ead9e7b74)
2019-06-21 14:17:25 +02:00
Petr Štetiar
25fc20db8b fstools: update to the latest master branch
ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant
bc2c876 libfstools: Print error in case of loop blkdev failure

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 1e55171a12)
2019-06-21 14:17:23 +02:00
Matthias Badaire
fc39d5fc45 fstools: media change detection (eg:sdcard) using kernel polling
Linux kernel has a polling mechanism that can be activated by changing
the parameter /sys/module/block/parameters/events_dfl_poll_msecs which
is deactivated by default or the /sys/block/[device]/events_poll_msecs
for one device.

This patch set the events_poll_msecs when a disk is inserted.
Once the media disk change event is sent by the kernel then we force a
re-read of the devices using /sbin/block info.

With this patch, insertion and ejection of sd card will automatically
generate partition devices in /dev.

Signed-off-by: Matthias Badaire <mbadaire@gmail.com>
[rewrap commit message, fix bashisms, fix non-matching condition,
 bump pkg release]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

(cherry picked from commit cf8483cb4f)
2019-06-21 14:17:22 +02:00
Hauke Mehrtens
b463a13881 hostapd: fix multiple security problems
This fixes the following security problems:
* CVE-2019-9494:  cache attack against SAE
* CVE-2019-9495:  cache attack against EAP-pwd
* CVE-2019-9496:  SAE confirm missing state validation in hostapd/AP
* CVE-2019-9497:  EAP-pwd server not checking for reflection attack)
* CVE-2019-9498:  EAP-pwd server missing commit validation for scalar/element
* CVE-2019-9499:  EAP-pwd peer missing commit validation for scalar/element
* CVE-2019-11555: EAP-pwd message reassembly issue with unexpected fragment

Most of these problems are not relevant for normal users, SAE is only
used in ieee80211s mesh mode and EAP-pwd is normally not activated.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-21 10:29:23 +02:00
Robinson Wu
9656f49ea0 base-files: fix uci led oneshot/timer trigger
This patch adds a missing type property which prevented
the creation of oneshot and timer led triggers when they
are specified in the /etc/board.d/01_leds files.

i.e.:

ucidef_set_led_timer "system" "system" "zhuotk:green:system" "1000" "1000"

Fixes: b06a286a48 ("base-files: cleanup led functions in uci-defaults.sh")
Signed-off-by: Robinson Wu <wurobinson@qq.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[also fix oneshot as well]
2019-06-20 17:41:42 +02:00
Rafał Miłecki
2cd234d96b mac80211: brcmfmac: backport important fixes from kernel 5.2
1) Crash/Oops fixes
2) One-line patch for BCM43456 support
3) Fix communication with some specific FullMAC firmwares
4) Potential fix for "Invalid packet id" errors
5) Important helper for reporting FullMAC firmware crashes

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-16 21:51:50 +02:00
Christian Lamparter
a0543d8e70 uboot-fritz4040: update PKG_MIRROR_HASH
the file on http://sources.openwrt.org/ has a different
PKG_MIRROR_HASH value.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-15 19:05:30 +02:00
Jo-Philipp Wich
5d27e87de7 rpcd: fix init script reload action
Drop the legacy start() and stop() procedures and define a proper
reload signal action instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f664d560df)
2019-06-06 11:29:15 +02:00
Eneas U de Queiroz
6761961919 openssl: update to 1.0.2s
Highlights of this version:
- Change default RSA, DSA and DH size to 2048 bit
- Reject invalid EC point coordinates
  This avoids CVE-2019-9498 and CVE-2019-9499 in hostapd

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-06-01 15:50:20 +02:00
Hauke Mehrtens
dc1b578a4c curl: Fix multiple security problems
This fixes the following security problems:
* CVE-2018-14618: NTLM password overflow via integer overflow
* CVE-2018-16839: SASL password overflow via integer overflow
* CVE-2018-16840: use-after-free in handle close
* CVE-2018-16842: warning message out-of-buffer read
* CVE-2019-3823:  SMTP end-of-response out-of-bounds read
* CVE-2019-3822:  NTLMv2 type-3 header stack buffer overflow
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-30 12:15:20 +02:00
Hauke Mehrtens
40ed8389ef mbedtls: update to version 2.16.1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-30 12:15:20 +02:00
Hans Dedecker
e9a7344550 uci: fix heap use after free (FS#2288)
f199b96 uci: fix options list of section after type change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-23 22:09:09 +02:00
Hauke Mehrtens
3239f56136 uboot-fritz4040: Add host flags for host compiler
This adds the host staging directory to the include path to make it use
the zlib.h files from the staging include directory and also link
against the zlib version from the staging directory.

This fixes a compile problem when the zlib header were not installed on
the build host.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-17 22:03:25 +02:00
Jo-Philipp Wich
e0505cc018 Revert "uhttpd: disable concurrent requests by default"
This reverts commit c6aa9ff388.

Further testing has revealed that we will need to allow concurrent
requests after all, especially for situations where CGI processes
initiate further HTTP requests to the local host.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f00a4ae6e0)
2019-04-24 10:38:53 +02:00
Josef Schlehofer
ecfe0f1cc4 ca-certificates: update to version 20190110
- Tested on Turris MOX, OpenWrt master
- Removed PKG_BUILD_DIR
In build_dir there were two folders
ca-certificates and ca-certificates-20190110 and it failed as files
were in ca-certificates-20190110

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
(cherry picked from commit f22c33b40c)
2019-04-20 13:03:40 +02:00
Rafał Miłecki
2d2e615dee mac80211: brcmfmac: really add early fw crash recovery
Previous commit backported USB fixes instead of firmware crash recovery
patches.

Fixes: 02aed76968 ("mac80211: brcmfmac: early work on FullMAC firmware crash recovery")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-04-18 12:37:10 +02:00
Rafał Miłecki
02aed76968 mac80211: brcmfmac: early work on FullMAC firmware crash recovery
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-04-18 11:48:21 +02:00
Stijn Segers
4b4de23dfb openssl: update to 1.0.2r
This bump contains bug and security fixes.

Compile-tested on ar71xx, ramips/mt7621 and x86/64.
Run-tested on ramips/mt7621.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_HASH fixup]
2019-04-07 19:39:26 +02:00
Felix Fietkau
13eb73b278 mt76: update to latest openwrt-18.06 branch
9e3ef1f mt7603: fix sequence number assignment
a5f5605 mt7603: send BAR after powersave wakeup

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-23 18:46:11 +01:00
David Bauer
dcfca830a8 ipq40xx: copy Fritz4040 UBoot to STAGING_DIR_IMAGE
Copy U-Boot to STAGING_DIR_IMAGE (and append it to the EVA-image from
there) to fix image generation using the image-builder.

Also remove the bootloader from DEVICE_PACKAGES and instead use the
BUILD_DEVICES directive from within the U-Boot makefile.

This fixes eva-image generation using the OpenWRT image-builder.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 634c733065)
2019-03-18 20:41:02 +01:00
Felix Fietkau
f87a1874ef mt76: update to latest openwrt-18.06 branch
00ac79d mt7603: fix initialization of max rx length
320af65 mt76: mt7603: use the correct hweight8() function
bdee924 mt76: fix schedule while atomic in mt76x02_reset_state
abcb544 mt76x02: do not enable RTS/CTS by default

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 21:21:15 +01:00
Hans Dedecker
9f2cbcad6d busybox: add missing install dir
Add missing /usr/sbin install dir fixing :

install: cannot create regular file 'build_dir/target-x86_64_musl/busybox-1.30.1/.pkgdir/busybox/usr/sbin/ntpd-hotplug': No such file or directory

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 2cd28c9a08)
2019-03-11 17:07:29 +01:00
Felix Fietkau
8de93ce745 mt76: update to the latest version
28d81ff mt76x0: eeprom: fix VHT mcs{8,9} rate power offset
6e33ce6 mt76: move mt76_mcu_msg_alloc in mt76-core
4637f95 mt76: move mt76_mcu_get_response in mt76-core
1763cb0 mt76: move mt76_mcu_rx_event in mt76-core
4db9d75 mt76x0: mcu: remove useless commented configuration
91d0455 mt76: move mt76_dma_tx_queue_skb_raw in mt76-core module
0e8e53f mt76: remove add_buf pointer in mt76_queue_ops
db47920 mt7603: rely on mt76_mcu_msg_alloc routine
471c447 mt7603: rely on mt76_mcu_get_response routine
cacc986 mt7603: rely on mt76_mcu_rx_event routine
11ab620 mt7603: rely on mt76_tx_queue_skb_raw common routine
82fa312 mt7603: move alloc_dev common code in mt76_alloc_device
47d5922 mt76: move alloc_device common code in mt76_alloc_device
c50c993 mt76x2u: remove mt76x2u_alloc_device routine
6ed5b7a mt76x0: remove mt76x0u_alloc_device routine
e32e249 mt76x2: remove mt76x2_alloc_device routine
6aacd1e mt76: change the return type of mt76_dma_attach()
a10e9e5 mt76x02u: use usb_bulk_msg to upload firmware
a774ff6 mt76: usb: fix possible NULL pointer dereference in mt76u_mcu_deinit
c2877bc mt76: usb: fix possible memory leak in mt76u_buf_free
a5cfe96 mt76: usb: do not run mt76u_queues_deinit twice
1e4db14 mt76: usb: move mt76u_check_sg in usb.c
302406b mt76: usb: do not use sg buffers for mcu messages
8ab5267 mt76: usb: use a linear buffer for tx/rx datapath if sg is not supported
a0a3505 mt76: usb: introduce disable_usb_sg parameter
0cee180 mt76: usb: use dev_err_ratelimited instead of dev_err in mt76u_complete_rx
1bb97c4 mt76x02u: remove bogus check and comment padding
2cbc2d4 mt76: Use the correct hweight8() function
f18e03a mt76x0u: fix suspend/resume
6231336 mt76: mt76x02: fix TSF sync mode
783da04 mt76: mt76x02: fix beacon timer drift adjustment
43d2507 mt76: mt76x02: fix beacon timer issue
59a6587 mt76: mt76x02: only reset beacon drift counter when enabling beacons
8c8eb98 mt76: mt76x02: issue watchdog reset on MCU request timeout
52161d2 mt76: mt76x02: fix ED/CCA enabling/disabling
5e7ecce mt76: mt76x2: unify mt76x2[u]_mac_resume
18af219 mt76: mt76x02: set MT_TXOP_HLDR_TX40M_BLK_EN for mt76x2
e5747b2 mt76usb: allow mt76u_bulk_msg be used for reads
2437a9a mt76usb: use synchronous msg for mcu command responses
e4250c9 mt76usb: remove usb_mcu.c
8b1110e mt76: usb: fix warning in mt76u_buf_free
89215f6 mt76: usb: introduce mt76u_fill_bulk_urb routine
523e374 mt76: usb: simplify rx buffer allocation
ffe1292 mt76: usb: simplify mt76u_tx_build_sg routine
e2a9d40 mt7603: fix ba window size selection
b040ef7 mt76: remove no longer used routine declarations
645ef43 mt76: usb: check urb->num_sgs limit in mt76u_process_rx_entry
fd315bd mt7603: disable dynamic sensitivity adjustment by default
3c6df9b mt76: rewrite dma descriptor base and ring size on queue reset
30e757e mt76: mt76x02: when setting a key, use PN from mac80211
fa83406 mt76: mt76x2: implement full device restart on watchdog reset
ead881b mt76: mt76x02: do not sync PN for keys with sw_iv set
ba1d989 mt76: mmio: move mt76x02_set_irq_mask in mt76 module
283ebbe mt76: dma: move mt76x02_init_{tx,rx}_queue in mt76 module
b216d3c mt76: introduce q->stopped parameter
8b437d2 mt76x02: clear sta and vif driver data structures on add
2c62d03 mt76x02: clear running flag when resetting state on restart
6b10cfc mt76: mt76x02: only update the base mac address if necessary
669bc49 mt76: mt76x02: reduce false positives in ED/CCA tx blocking
2ed9382 mt76: mt7603: fix tx status HT rate validation
d2c6823 mt76: mt76x2: fix external LNA gain settings
8ee2259 mt76: mt76x2: fix 2.4 GHz channel gain settings
8bfe6d4 mt76: mt7603: clear ps filtering mode before releasing buffered frames
d13b065 mt76: mt7603: fix up hardware queue index for PS filtered packets
eb1ecc4 mt76: mt7603: notify mac80211 about buffered frames in ps queue
3687eec mt76: mt7603: clear the service period on releasing PS filtered packets
42ab27e mt76: when releasing PS frames, end the service period if no frame was found
461f3b0 mt76: mt76x02: disable ED/CCA by default
1d7760d mt76: mt7603: set moredata flag when queueing ps-filtered packets
0b927b2 mt76: fix return value check in mt76_wmac_probe()
e72376d mt76x02: fix hdr pointer in write txwi for USB

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 20:36:52 +01:00
Felix Fietkau
85cb473f93 mac80211: add a fix to prevent unsafe queue wake calls during restart
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 18:08:09 +01:00
Felix Fietkau
08db9397c9 mac80211: backport tx queue start/stop fix
Among other things, it fixes a race condition on calling ieee80211_restart_hw

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 18:04:50 +01:00
Rafał Miłecki
d32bbd7477 mac80211: brcmfmac: backport 5.0 & 5.1 important changes/fixes
This backports the most important brcmfmac commits that:
1) Fix some bugs
2) Help debugging bugs

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-02-25 10:21:32 +01:00
Yousong Zhou
ce3a53c4f6 dnsmasq: prefer localuse over resolvfile guesswork
This makes it clear that localuse when explicitly specified in the
config will have its final say on whether or not the initscript should
touch /etc/resolv.conf, no matter whatever the result of previous
guesswork would be

(cherry picked from c17a68cc61)
Tested-by: Paul Oranje <por@oranjevos.nl>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Paul Oranje <por@oranjevos.nl>
2019-02-24 01:57:31 +00:00
Yousong Zhou
87fb8aea87 dnsmasq: allow using dnsmasq as the sole resolver
Currently it seems impossible to configure /etc/config/dhcp to achieve
the following use case

 - run dnsmasq with no-resolv
 - re-generate /etc/resolv.conf with "nameserver 127.0.0.1"

Before this change, we have to set resolvfile to /tmp/resolv.conf.auto
to achive the 2nd effect above, but setting resolvfile requires noresolv
being false.

A new boolean option "localuse" is added to indicate that we intend to
use dnsmasq as the local dns resolver.  It's false by default and to
align with old behaviour it will be true automatically if resolvfile is
set to /tmp/resolv.conf.auto

(cherry picked from 2aea1ada65f050d74a064e74466bbe4e8d)
Tested-by: Paul Oranje <por@oranjevos.nl>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Paul Oranje <por@oranjevos.nl>
2019-02-24 01:55:47 +00:00
Felix Fietkau
e5ace80759 mt76: update to the latest version
a9d4c0e mt76: mt76x2: avoid running DPD calibration if tx is blocked
4d7e13f mt76: explicitly disable energy detect cca during scan
e3c1aad mt76: run MAC work every 100ms
4e8766a mt76: clear CCA timer stats in mt76x02_edcca_init
e301f23 mt76: measure the time between mt76x02_edcca_check runs
74075ef mt76: increase ED/CCA tx block threshold

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-13 15:52:21 +01:00
Rafał Miłecki
19a6c4b2b3 mac80211: brcmfmac: fix a possible NULL pointer dereference
This fixes a possible crash in the brcmf_fw_request_nvram_done():
[   31.687293] Backtrace:
[   31.689760] [<c004fb4c>] (__wake_up_common) from [<c004fc38>] (__wake_up_locked+0x1c/0x24)
[   31.698043]  r10:c6794000 r9:00000009 r8:00000001 r7:bf54dda0 r6:a0000013 r5:c78e7d38
[   31.705928]  r4:c78e7d3c r3:00000000
[   31.709528] [<c004fc1c>] (__wake_up_locked) from [<c00502a8>] (complete+0x3c/0x4c)
[   31.717148] [<c005026c>] (complete) from [<bf54590c>] (brcmf_fw_request_nvram_done+0x5c8/0x6a4 [brcmfmac])
[   31.726818]  r7:bf54dda0 r6:c6794000 r5:00001990 r4:c6782380
[   31.732544] [<bf545344>] (brcmf_fw_request_nvram_done [brcmfmac]) from [<c0204e40>] (request_firmware_work_func+0x38/0x60)
[   31.743607]  r10:00000008 r9:c6bdd700 r8:00000000 r7:c72c3cd8 r6:c67f4300 r5:c6bda300
[   31.751493]  r4:c67f4300
[   31.754046] [<c0204e08>] (request_firmware_work_func) from [<c0034458>] (process_one_work+0x1e0/0x318)
[   31.763365]  r4:c72c3cc0
[   31.765913] [<c0034278>] (process_one_work) from [<c0035234>] (worker_thread+0x2f4/0x448)
[   31.774107]  r10:00000008 r9:00000000 r8:c6bda314 r7:c72c3cd8 r6:c6bda300 r5:c6bda300
[   31.781993]  r4:c72c3cc0
[   31.784545] [<c0034f40>] (worker_thread) from [<c003984c>] (kthread+0x100/0x114)
[   31.791949]  r10:00000000 r9:00000000 r8:00000000 r7:c0034f40 r6:c72c3cc0 r5:00000000
[   31.799836]  r4:c735dc00 r3:c79ed540
[   31.803438] [<c003974c>] (kthread) from [<c00097d0>] (ret_from_fork+0x14/0x24)
[   31.810672]  r7:00000000 r6:00000000 r5:c003974c r4:c735dc00
[   31.816378] Code: e5b53004 e1a07001 e1a06002 e243000c (e5934000)
[   31.822487] ---[ end trace a0ffbb07a810d503 ]---

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 83bcacb521)
2019-02-11 11:46:03 +01:00
Mathias Kresin
d997712c71 ath9k: register GPIO chip for OF targets
This partitialy reverts commit f506de2cda.

Registering the GPIO chip without a parent device completely breaks the
ath9k GPIOs for device tree targets.

As long as boards using the devicetree don't have the gpio-controller
property set for the ath9k node, the unloading of the driver works as
expected.

Register the GPIO chip with the ath9k device as parent only for OF
targets to find a trade-off between the needs of driver developers and
the broken LEDs and buttons seen by users.

Fixes: FS#2098

Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit d35f2a5565)
2019-02-10 17:59:18 +01:00
Hans Dedecker
9b14c7d3d1 netifd: handle hotplug event socket errors
a2aba5c system-linux: handle hotplug event socket ENOBUFS errors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-02 20:48:32 +01:00
Felix Fietkau
ab41836321 mt76: update to the latest version
a4ec45c mt7603: fix LED support (copy CFLAGS from main Makefile)
edda5c5 mt76x02: use mask for vifs
dd52191 mt76x02: use commmon add interface for mt76x2u
a80acaf mt76x02: initialize mutli bss mode when set up address
38e832d mt76x02: minor beaconing init changes
171adaf mt76x02: init beacon config for mt76x2u
dcab682 mt76: beaconing fixes for USB
ff81de1 mt76x02: enable support for IBSS and MESH
8027b5d mt7603: remove copyright headers
e747e80 mt76: fix software encryption issues
2afa0d7 mt7603: remove WCID override for software encrypted frames

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-31 23:23:16 +01:00
Felix Fietkau
13eeee7b2b mt76: update to the latest version
c3da1aa mt7603: trigger beacon stuck detection faster
7a53138 mt7603: trigger watchdog reset if flushing CAB queue fails
6eef33b mt7603: remove mt7603_txq_init
ae30c30 mt76: add driver callback for when a sta is associated
0db925f mt7603: update HT/VHT capabilities after assoc
b5ac8e4 mt7603: initialize LED callbacks only if CONFIG_MT76_LEDS is set
c989bac mt76x0: eeprom: fix chan_vs_power map in mt76x0_get_power_info
24bd2c0 mt76x0: phy: report target_power in debugfs
bc7ce2a mt76x0: init: introduce mt76x0_init_txpower routine

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-30 15:18:55 +01:00
Jo-Philipp Wich
ac1ce25671 OpenWrt v18.06.2: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-30 13:34:55 +01:00
Jo-Philipp Wich
a02809f61b OpenWrt v18.06.2: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-30 13:34:49 +01:00
Günther Kelleter
cddd7b4c77 base-files: config_get: prevent filename globbing
When config_get is called as "config_get section option" the option
is unexpectedly globbed by the shell which differs from the way options
are read to a variable with "config_get variable section option".
Add another layer of double quotes to fix it.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
(backported from commit c3389ab135)
2019-01-30 13:21:02 +01:00
Jo-Philipp Wich
e6162b2127 dnsmasq: backport missing braces fix
Fold upstream fix d2d4990
("Fix missing braces in 8eac67c0a15b673c8d27002c248651b308093e4") into
the already existing static lease fix patch.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-30 13:01:24 +01:00
Sven Roederer
39c3b5139f openssl: bump to 1.0.2q
This fixes the following security problems:
 * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication
 * CVE-2018-0734: Timing vulnerability in DSA signature generation
 * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
(cherry picked from commit 989060478a)
2019-01-30 12:00:46 +01:00
Jo-Philipp Wich
80ed6ebc56 dnsmasq: backport upstream static lease fix
Backport and rebase upstream fix 18eac67
("Fix entries in /etc/hosts disabling static leases.")

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-30 11:42:27 +01:00
Jason A. Donenfeld
4f2199f528 wireguard: bump to 0.0.20190123
* tools: curve25519: handle unaligned loads/stores safely

This should fix sporadic crashes with `wg pubkey` on certain architectures.

* netlink: auth socket changes against namespace of socket

In WireGuard, the underlying UDP socket lives in the namespace where the
interface was created and doesn't move if the interface is moved. This
allows one to create the interface in some privileged place that has
Internet access, and then move it into a container namespace that only
has the WireGuard interface for egress. Consider the following
situation:

1. Interface created in namespace A. Socket therefore lives in namespace A.
2. Interface moved to namespace B. Socket remains in namespace A.
3. Namespace B now has access to the interface and changes the listen
port and/or fwmark of socket. Change is reflected in namespace A.

This behavior is arguably _fine_ and perhaps even expected or
acceptable. But there's also an argument to be made that B should have
A's cred to do so. So, this patch adds a simple ns_capable check.

* ratelimiter: build tests with !IPV6

Should reenable building in debug mode for systems without IPv6.

* noise: replace getnstimeofday64 with ktime_get_real_ts64
* ratelimiter: totalram_pages is now a function
* qemu: enable FP on MIPS

Linux 5.0 support.

* keygen-html: bring back pure javascript implementation

Benoît Viguier has proofs that values will stay well within 2^53. We
also have an improved carry function that's much simpler. Probably more
constant time than emscripten's 64-bit integers.

* contrib: introduce simple highlighter library

This is the highlighter library being used in:
- https://twitter.com/EdgeSecurity/status/1085294681003454465
- https://twitter.com/EdgeSecurity/status/1081953278248796165

It's included here as a contrib example, so that others can paste it into
their own GUI clients for having the same strictly validating highlighting.

* netlink: use __kernel_timespec for handshake time

This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit bbcd0634f8)
2019-01-30 10:55:22 +01:00
Daniel Engberg
8c105c62e4 wireguard: Update to snapshot 0.0.20181218
Update WireGuard to 0.0.20181218

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit 9a37c95431)
2019-01-30 10:55:18 +01:00
Stijn Segers
1447924c95 mbedtls: update to 2.14.1 for 18.06
Updates mbedtls to 2.14.1. This builds on the previous master commit 7849f74117.

Fixes in 2.13.0:
* Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing.
* Several bugfixes.
* Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss.

Fixes in 2.14.1:
* CVE-2018-19608: Local timing attack on RSA decryption

Includes master commit 9e7c4702a1 'mbedtls: fix compilation on ARM < 6'.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>

[Update to 2.14.1]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

[Adapted and squashed for 18.06.1+]
Signed-off-by: Stijn Segers <foss@volatilesystems.org>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-01-30 10:16:19 +01:00
Jo-Philipp Wich
e5a0b6cde0 uhttpd: disable concurrent requests by default
In order to avoid straining CPU and memory resources on lower end devices,
avoid running multiple CGI requests in parallel.

Ref: https://forum.openwrt.org/t/high-load-fix-on-openwrt-luci/29006
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c6aa9ff388)
2019-01-30 10:13:30 +01:00
Christian Lamparter
91d3b87353 uboot-fritz4040: fix crash caused by interaction with gcc 7.1+
David Bauer reported a u-boot crash (data abort) at a odd
place (byteswap) when he ran ping/tftp on his 7530.

|(FRITZ7530) # ping 192.168.1.70
|eth0 PHY0 up Speed :1000 Full duplex
|eth0 PHY1 Down Speed :10 Half duplex
|eth0 PHY2 Down Speed :10 Half duplex
|eth0 PHY3 Down Speed :10 Half duplex
|eth0 PHY4 Down Speed :10 Half duplex
|Using eth0 device
|data abort
|pc : [<84234774>]      lr : [<842351a4>]
|sp : 8412fdb0  ip : 0000009b     fp : 00000000
|r10: 00000000  r9 : 00000001     r8 : 8412ff68
|r7 : 00000000  r6 : 0000002a     r5 : 84244e90  r4 : 8425e28e
|r3 : 84244e90  r2 : 14000045     r1 : 8412fdb0  r0 : 8425e28e
|Flags: nZCv  IRQs off  FIQs off  Mode SVC_32
|Resetting CPU ...
|
|resetting ...

This issue is caused by switch from gcc 5.5 to 7.1+ as explained
in the upstream patch:

|From a768e513b07b5999a8e7d7740ac8d9da04ee7e51 Mon Sep 17 00:00:00 2001
|From: Denis Pynkin <denis.pynkin@collabora.com>
|Date: Fri, 21 Jul 2017 19:28:42 +0300
|Subject: [PATCH] net: Use packed structures for networking
|
|PXE boot is broken with GCC 7.1 due option '-fstore-merging' enabled
|by default for '-O2':
|
|BOOTP broadcast 1
|data abort
|pc : [<8ff8bb30>]          lr : [<00004f1f>]
|reloc pc : [<17832b30>]    lr : [<878abf1f>]
|sp : 8f558bc0  ip : 00000000     fp : 8ffef5a4
|r10: 8ffed248  r9 : 8f558ee0     r8 : 8ffef594
|r7 : 0000000e  r6 : 8ffed700     r5 : 00000000  r4 : 8ffed74e
|r3 : 00060101  r2 : 8ffed230     r1 : 8ffed706  r0 : 00000ddd
|Flags: nzcv  IRQs off  FIQs off  Mode S
|
|Core reason is usage of structures for network headers without packed
|attribute.

This patch just backports the upstream change to the
uboot-fritz4040 package.

Reported-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-01-26 19:40:23 +01:00
Felix Fietkau
6e16dd1234 mt76: update to the latest version
d273ddd mt7603: fix number of frames limit in .release_buffered_frames
63bf183 mt76: add channel switch announcement support
e45db12 mt7603: fix tx status info
9d11596 mt7603: discard bogus tx status data
4bcb2f9 mt7603: fix txd q_idx field value
4206db7 mt76: set IEEE80211_HW_NEEDS_UNIQUE_STA_ADDR flag
c4e4982 mt7603: set IEEE80211_HW_TX_STATUS_NO_AMPDU_LEN
702f557 mt7603: use maximum tx count for buffered multicast packets
158529d mt7603: fix PSE reset retry sequence
fc31457 mt7603: implement support for SMPS
3e9a7d5 Revert "mt7603: fix txd q_idx field value"
815fd03 mt7603: fix CCA timing values
b35cc8e mt7603: set timing on channel change before starting MAC
79b337c mt7603: move CF-End rate update to mt7603_mac_set_timing
3df341d mt7603: avoid redundant MAC timing updates
1c751f3 mt76: avoid scheduling tx queues for powersave stations
2efa389 mt7603: limit station power save queue length to 64
63a79ff mt76: do not report out-of-range rx nss
fe30bd3 mt7603: issue PSE reset on tx hang
ce8cc5d mt7603: issue PSE client reset on init
e342cc5 mt7603: fix buffered multicast count register
aa470d8 mt7603: fix buffered multicast queue flush
b4ee01f mt76: fix tx status timeout processing
7d00d58 mt76x02: fix per-chain signal strength reporting
64abb35 mt76: fix corrupted software generated tx CCMP PN
0b939dc mt76: fix resetting software IV flag on key delete

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-25 23:50:49 +01:00
Jo-Philipp Wich
fafd7691e6 opkg: update to latest Git head
This update fixes some cosmetical issues and a number of segmentation
faults when parsing lists having Conflicts or Replaces tags.

d217daf libopkg: fix replacelist parsing and writing
9dd9a07 libopkg: fix segmentation fault when traversing conflicts
34571ba libopkg: consider provided packages in pkg_vec_mark_if_matches()
18740e6 opkg_download: print error when fork() fails
e3d7330 libopkg: don't print unresolved dependencies twice

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 1bd18f2b5c)
2019-01-22 13:14:33 +01:00
Jonas Gorski
e789bd2243 opkg: drop argument from check_signature in opkg.conf
check_signature is a bool option and doesn't take any arguments. The
presence of the 1 falsely suggests setting it to 0 disables the check,
while the option actually needs to be removed or commented out to be
disabled. So remove the argument to make it more clear.

Fixes: beca028bd6 ("build: add integration for managing opkg package feed keys")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
(cherry picked from commit d3bf5ff9bc)
2019-01-22 13:14:14 +01:00
Hans Dedecker
7f98cd8d50 odhcpd: fix onlink IA check (FS#2060)
ae16950 dhcpv6-ia: fix compiler warning
c70d5cf dhcpv6-ia: fix onlink IA check (FS#2060)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-16 22:52:46 +01:00
Kevin Darbyshire-Bryant
abd0f7995e kmod-sched-cake: bump to latest cake
331ac70 Correctly update parent qlen when splitting GSO packets
581967c Makefile: Hook into Kbuild/Kconfig infrastructure

The parent qlen change is potentially relevant for us, the makefile is a
no-op.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 55e0a7131a4b6e98d7cd623727f8ac5c4702b60d)
2019-01-16 15:30:06 +00:00
Felix Fietkau
f34ad1a8f0 mt76: update to the latest version
6745830 mt76: fix race condition in station removal
7e5c819 mt76: add mt76_sta_remove helper
75aa36e mt7603: use wcid/wcid_mask from struct mt76_dev
fd85ff9 mt7603: use mt76_sta_remove helper
0848d2d mt7603: simplify mt7603_mcu_msg_send, remove skb_ret handling
83a80ca mt76: request tx status for powersave released EOSP packet
df5c797 mt76: fix uninitialized mutex access setting rts threshold
0bfa98e mt76: introduce mt76x02_config_mac_addr_list routine
4248446 mt76x0: pci: enable VHT rates in IBSS mode
f75efd8 mt76x2u: phy: add TX_SHAPING calibration
c1d67b4 mt76x2u: phy: run phy_channel_calibrate after channel switch
9fe0fe8 mt76x2u: main: use mt76x02_bss_info_changed utility routine
3fc95d7 mt76x2u: init: remove mt76x2u_init_beacon_offsets routine
88f6883 mt76: remove wait argument from mt76x02_mcu_calibrate
009ab91 mt76: clean up more unused EXPORT_SYMBOLs
963768d mt76x02: fix regression in tx station race condition fix
d7788cc mt76: mt76x02: make group_wcid the first member in struct mt76x02_vif
e65ad4c mt7603: make group_wcid the first member in struct mt7603_vif
7b1373e mt76: mt76x02: remove mt76x02_txq_init
a97127b mt76: replace sta_add/remove ops with common sta_state function
13f1e82 mt7603: clear wtbl entry for removed stations
90e2c1b mt7603: add mt7603_wtbl_set_skip_tx, change mt7603_wtbl_set_ps users
41931e4 mt7603: toggle skip_tx on station add/remove
d0fdf01 mt7603: avoid unnecessary wtbl writes for ps-filter
96b3b3d mt76x2u: main: fix typo setting sta_state mac80211 callback
471d397 mt7603: fix priority for buffered multicast packets
3873e82 mt7603: fix MT_BMAP_0/MT_GROUP_THD_0 register initializion for mt7628
749d5c3 mt7603: fix reserved page handling for mt7628
d22799b mt7603: reduce reserved pages for beacons
42c5281 mt7603: fix maximum frame size in scheduler init
fa7335b mt76: fix potential NULL pointer dereference in mt76_stop_tx_queues
84aa12a mt76: fix potential null pointer deref in mt76_sta_add
7c4c33c mt7603: skip efuse tx power data for mt7628
ca2c875 mt7603: add support for accessing remapped registers via ops
b44d793 mt7603: clear PSE redirections before MCU init
82363ab mt7603: move tx status to rx queue 0
c09e8a4 mt7603: fix buffering of tx packets for powersave clients
4734108 mt7603: use mt7603_wtbl_clear on station removal
9428e34 mt7603: fix watchdog reset sequence
b3f82a3 mt7603: report PSE reset failures via debugfs
a301dec mt7603: add back PSE client reset code
94cebfc mt7603: fix handling lost interrupt events during watchdog reset
b38fe7d mt7603: only issue PSE reset on PSE stuck
da666a7 mt7603: issue PSE reset if firmware debug register indicates stuck queues
5fb60a7 mt7603: fix aggregation size handling
31cd20e mt7603: issue PSE reset on stuck beacon
4063ae1 mt7603: check for PSE hang / stuck beacon first
00e03b9 mt7603: fix MT_WF_PHY_CR_RXTD_BASE definition
c3efb5d mt7603: add support for detecting MT7688 and single stream devices
2a136cb mt7603: fix TKIP key setup
cd456ca mt7603: disable broken support for WEP hardware encryption
3ecb7f8 mt7603: fix hardware queue assignment
6ac9653 mt7603: fix CAB queue limits
d22feb0 mt7603: move cab queue enabling to pre-tbtt tasklet
44bb372 mt7603: fix CAB queue flush mask
5a5b396 mt76: throttle transmission of buffered multicast packets
8084323 mt7603: implement code for adjusting energy detect CCA thresholds
8929a6e mt7603: increase MCU timeout
f2ba65f mt7603: update firmware to 20161027164355
0ad998b mt7603: increase aggregation limits (based on vendor driver changes)
da00af0 mt7603: clear bit 18 in MT_SEC_SCR to fix ICV error
417ab77 mt7603: improve recovery from PSE reset failure
fea7ad8 mt76: move mt76x02_phy_get_min_avg_rssi to mt76 core
9d009be mt7603: add dynamic sensitivity tuning based on false CCA events
2c8e9ac mt7603: initialize channel maximum power from eeprom data
b2cc29b mt76: move mt76x02_get_txpower to mt76 core
6203d46 mt7603: add support for setting transmit power
294e095 mt7603: reset DMA scheduler on MT7628
8178f0d mt7603: apply efuse data only when it exists
e67e551 mt76: dma: remove napi from mt76_dma_rx_fill signature
0490bd2 mt76: usb: do not build the skb if reported len does not fit in buf_size
eb076ae mt76: Add missing include of linux/module.h
1d2819e mt76: fix typo in mt76x02_check_mac_err routine
9c9fae3 mt76: mac: run mt76x02_mac_work routine atomically
6be90b6 mt76: usb: avoid queue/status spinlocks while passing tx status to mac80211
40dad32 mt76x0: pci: fix ACS support
d94e9c4 mt76x02: do not set protection on set_rts_threshold callback
0d83d73 mt76x02: fixup MT_PROT_RATE_* defines
628f8d7 mt76x02: set protection according to ht operation element
f7d8c17 mt76x0: configure MT_VHT_HT_FBK_CFG1
10f57cf mt76x2: add static qualifier to mt76x2_init_hardware
37b2ad3 mt76: dfs: run mt76x02_dfs_set_domain atomically
51b6daf mt76x2: init: set default value for MT_TX_LINK_CFG
9661da4 mt76: add energy detect CCA support to mt76x{0,2}e drivers
876d0e9 mt76: mac: minor optimizations in mt76x02_mac_tx_rate_val
c78e317 mt76: dma: do not build skb if reported len does not fit in buf_size
3598046 mt76: mmio: introduce mt76x02_check_tx_hang watchdog
58988a3 mt76: fix signedness of rx status signal field
bce700d mt7603: fix signal strength reporting on single-stream devices
148219d mt7603: fix checkpatch issues
2a092e2 mt7603: fix per-rate retry accounting
962152b mt7603: fix WMM TXOP limit configuration
24ec040 mt7603: fix BSSID configuration in AP mode
48fb011 mt7603: fix CF-End transmit rate when 11b stations are connected
9daa5ff mt76: make const array 'data' static, shrinks object size
7d4a95c mt76: dma: avoid indirect call in mt76_dma_tx_queue_skb
f84b008 mt76: fix tx status reporting for non-probing frames
8167074 Revert "mt7603: update firmware to 20161027164355"
2ad54b2 mt76: move wcid rssi ewma init to mt76 core
d77c861 mt76: fix rssi ewma tracking
eca96cd mt76: use proper name for __MT76x02_H macro
d1bc504 mt76: fix building without CONFIG_LEDS_CLASS
a946b78 mt76: add led support to mt76x0e driver

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-14 15:16:24 +01:00
Rafał Miłecki
069fda746e fstools: update to the latest master branch
This is a big block(d) cleanup with new feature of generating "mount"
hotplug.d events.

It's an important update for those who were using mountd in the
pre-18.06 releases. Due to the mountd being replaced with blockd a
support for "mountd" hotplug.d events has been lost. It broke all kind
of shell scripts that were e.g. managing services depending on an
external USB drive availability.

This basically (re-)adds support for calling /etc/hotplug.d/mount/
scripts with ACTION ("add" or "remove") and DEVICE set.

af93f4b block(d): improve hotplug.d "mount" events for the autofs
3bb3352 blockd: unmount device explicitly when it disappears
28753b3 block: remove target directory after unmounting
c8c7ca5 block: cleanup handling "start" action of the "autofs" command
f1bb762 block: make blockd_notify() return an int instead of void
71c2bde block: generate hotplug.d mount events
30f5096 block: validate amount of arguments for the "autofs" command
dc6a462 blockd: don't reparse blob msg in the vlist callbacks
f6a9686 blockd: don't unmount device when removing it from the list
1913fea block: don't duplicate unmounting code in the mount_action()
6b445fa block: make umount_device() function more generic
a778468 block: don't duplicate mounting code in the mount_device()
5dc631d block: simplify code picking mount target directory
2971779 block: move blockd_notify() call out of the conditional blocks
b86bd6e block: fix formatting & indent in the mount_device()
e12c0d6 fstools: use EXIT_FAILURE when indicating error on exit
091aa3d fstools: guard usage of WEXITSTATUS

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 5c4277ec37)
2019-01-10 07:16:42 +01:00
Hans Dedecker
3b4e779e93 fstools: update to git HEAD
29e53af fstools: add ntfs support

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 59db98d0f2)
2019-01-10 07:16:42 +01:00
Rosy Song
d7275c0312 fstools: filter unknown action in mount.hotplug script
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(cherry picked from commit 0fa1dd71cc)
2019-01-10 07:16:42 +01:00
Rosen Penev
e0daa62af6 fstools: Install mount.hotplug and 10-fstab.defaults as 600
Both of these are used by programs that run as root and nothing else.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rmilecki: dropped PKG_SOURCE_URL regression from the original patch]
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 4ad87744fa)
2019-01-10 07:15:09 +01:00
Tony Ambardar
4c0e15fc16 base-files: install missing /etc/iproute2/ematch_map
This file is needed to properly use the tc ematch modules present in
kmod-sched-core and kmod-sched. It is a read-only index file of ematch
methods used only by tc.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
[cherry picked from commit 10a2ccb7fc]
2019-01-08 22:34:07 +01:00
Rafał Miłecki
a8cc06c537 mac80211: brcmfmac: backport firmware loading changes & fix memory bugs
This pick most of brcmfmac changes backported into the master in commits
5932eb690f ("mac80211: brcmfmac: backport firmware loading cleanup")
3eab6b8275 ("mac80211: brcmfmac: backport NVRAM loading improvements")
529c95cc15 ("mac80211: brcmfmac: fix use-after-free & possible NULL pointer dereference")

It's more than would be normally backported into a stable branch but it
seems required. Firmware loading cleanups are needed to allow fix memory
bugs in a reliable way. Memory fixes are really important to avoid
corrupting memory and risking a NULL pointer dereference.

Hopefully this stuff has received enough testing in the master.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-01-08 10:12:07 +01:00
Hans Dedecker
c5c20f510a odhcpd: noop to fix PKG_SOURCE_DATE
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-05 11:24:52 +01:00
Hans Dedecker
62ddfaff32 odhcpd: filter routes based on prefix_filter
96694ab router: filter route information option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-04 19:05:07 +01:00
Hans Dedecker
016a71a18a odhcpd: backport prefix filter/NETEV_ADDR6LIST_CHANGE event fixes
d404c7e netlink: fix triggering of NETEV_ADDR6LIST_CHANGE event
ae6cf80 config: correctly break string for prefix filter

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 493c1d1766)
2018-12-31 12:34:27 +01:00
Massimo Tum
806b570a35 ath10k: update QCA4019 firmware
Update firmware for QCA4019 also for 18.06 branch.
https://github.com/openwrt/openwrt/pull/1138

Signed-off-by: Massimo Tum <masnia@tiscali.it>
2018-12-27 16:38:13 +01:00
Stijn Tintel
baa00b2182 brcm2708-gpu-fw: update to git HEAD
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(cherry picked from commit 42ca32ad2f)
2018-12-27 15:48:00 +01:00
Hans Dedecker
61323d22c0 dropbear: fix dropbear startup issue
Interface triggers are installed by the dropbear init script in case an
interface is configured for a given dropbear uci section.
As dropbear is started after network the interface trigger event can be
missed during a small window; this is especially the case if lan is
specified as interface.
Fix this by starting dropbear before network so no interface trigger
is missed. As dropbear is started earlier than netifd add a boot function
to avoid the usage of network.sh functions as call to such functions will
fail at boottime.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2018-12-21 10:08:12 +01:00
Jason A. Donenfeld
753531da24 wireguard: bump to 0.0.20181119
* chacha20,poly1305: fix up for win64
* poly1305: only export neon symbols when in use
* poly1305: cleanup leftover debugging changes
* crypto: resolve target prefix on buggy kernels
* chacha20,poly1305: don't do compiler testing in generator and remove xor helper
* crypto: better path resolution and more specific generated .S
* poly1305: make frame pointers for auxiliary calls
* chacha20,poly1305: do not use xlate

This should fix up the various build errors, warnings, and insertion errors
introduced by the previous snapshot, where we added some significant
refactoring. In short, we're trying to port to using Andy Polyakov's original
perlasm files, and this means quite a lot of work to re-do that had stableized
in our old .S.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from 48d8d46d33)
2018-12-18 17:22:09 +01:00
Jason A. Donenfeld
6de9491132 wireguard: bump to 0.0.20181115
* Zinc no longer ships generated assembly code. Rather, we now
  bundle in the original perlasm generator for it. The primary purpose
  of this snapshot is to get testing of this.
* Clarify the peer removal logic and make lifetimes more precise.
* Use READ_ONCE for is_valid and is_dead.
* No need to use atomic when the recounter is mutex protected.
* Fix up macros and annotations in allowedips.
* Increment drop counter when staged packets are dropped.
* Use static constants instead of enums for 64-bit values in selftest.
* Mark large constants as ULL in poly1305-donna64.
* Fix sparse warnings in allowedips debugging code.
* Do not use wg_peer_get_maybe_zero in timer callbacks, since we now can
  carefully control the lifetime of these functions and ensure they never
  execute after dropping the last reference.
* Cleanup hashing in ratelimiter.
* Do not guard timer removals, since del_timer is always okay.
* We now check for PM_AUTOSLEEP, which makes the clear*on-suspend decision a
  bit more general.
* Set csum_level to ~0, since the poly1305 authenticator certainly means
  that no data was modified in transit.
* Use CHECKSUM_PARTIAL check for skb_checksum_help instead of
  skb_checksum_setup check.
* wg.8: specify that wg(8) shows runtime info too
* wg.8: AllowedIPs isn't actually required
* keygen-html: add missing glue macro
* wg-quick: android: do not choke on empty allowed-ips

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from bf52c968e8)
2018-12-18 17:22:09 +01:00
Jason A. Donenfeld
6319242a2a wireguard: bump to 0.0.20181018
ba2ab5d version: bump snapshot
5f59c76 tools: wg-quick: wait for interface to disappear on freebsd
ac7e7a3 tools: don't fail if a netlink interface dump is inconsistent
8432585 main: get rid of unloaded debug message
139e57c tools: compile on gnu99
d65817c tools: use libc's endianness macro if no compiler macro
f985de2 global: give if statements brackets and other cleanups
b3a5d8a main: change module description
296d505 device: use textual error labels always
8bde328 allowedips: swap endianness early on
a650d49 timers: avoid using control statements in macro
db4dd93 allowedips: remove control statement from macro by rewriting
780a597 global: more nits
06b1236 global: rename struct wireguard_ to struct wg_
205dd46 netlink: do not stuff index into nla type
2c6b57b qemu: kill after 20 minutes
6f2953d compat: look in Kbuild and Makefile since they differ based on arch
a93d7e4 create-patch: blacklist instead of whitelist
8d53657 global: prefix functions used in callbacks with wg_
123f85c compat: don't output for grep errors

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from 4653818dab)
2018-12-18 17:22:09 +01:00
Kevin Darbyshire-Bryant
a6a3abeb96 wireguard: bump to 0.0.20181007
64750c1 version: bump snapshot
f11a2b8 global: style nits
4b34b6a crypto: clean up remaining .h->.c
06d9fc8 allowedips: document additional nobs
c32b5f9 makefile: do more generic wildcard so as to avoid rename issues
20f48d8 crypto: use BIT(i) & bitmap instead of (bitmap >> i) & 1
b6e09f6 crypto: disable broken implementations in selftests
fd50f77 compat: clang cannot handle __builtin_constant_p
bddaca7 compat: make asm/simd.h conditional on its existence
b4ba33e compat: account for ancient ARM assembler

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 3925298f3c)
2018-12-18 17:22:09 +01:00
Jason A. Donenfeld
a74369a64d wireguard: bump to 0.0.20181006
* Account for big-endian 2^26 conversion in Poly1305.
  * Account for big-endian NEON in Curve25519.
  * Fix macros in big-endian AArch64 code so that this will actually run there
    at all.
  * Prefer if (IS_ENABLED(...)) over ifdef mazes when possible.
  * Call simd_relax() within any preempt-disabling glue code every once in a
    while so as not to increase latency if folks pass in super long buffers.
  * Prefer compiler-defined architecture macros in assembly code, which puts us
    in closer alignment with upstream CRYPTOGAMS code, and is cleaner.
  * Non-static symbols are prefixed with wg_ to avoid polluting the global
    namespace.
  * Return a bool from simd_relax() indicating whether or not we were
    rescheduled.
  * Reflect the proper simd conditions on arm.
  * Do not reorder lines in Kbuild files for the simd asm-generic addition,
    since we don't want to cause merge conflicts.
  * WARN() if the selftests fail in Zinc, since if this is an initcall, it won't
    block module loading, so we want to be loud.
  * Document some interdependencies beside include statements.
  * Add missing static statement to fpu init functions.
  * Use union in chacha to access state words as a flat matrix, instead of
    casting a struct to a u8 and hoping all goes well. Then, by passing around
    that array as a struct for as long as possible, we can update counter[0]
    instead of state[12] in the generic blocks, which makes it clearer what's
    happening.
  * Remove __aligned(32) for chacha20_ctx since we no longer use vmovdqa on x86,
    and the other implementations do not require that kind of alignment either.
  * Submit patch to ARM tree for adjusting RiscPC's cflags to be -march=armv3 so
    that we can build code that uses umull.
  * Allow CONFIG_ARM[64] to imply [!]CONFIG_64BIT, and use zinc arch config
    variables consistently throughout.
  * Document rationale for the 2^26->2^64/32 conversion in code comments.
  * Convert all of remaining BUG_ON to WARN_ON.
  * Replace `bxeq lr` with `reteq lr` in ARM assembler to be compatible with old
    ISAs via the macro in <asm/assembler.h>.
  * Do not allow WireGuard to be a built-in if IPv6 is a module.
  * Writeback the base register and reorder multiplications in the NEON x25519
    implementation.
  * Try all combinations of different implementations in selftests, so that
    potential bugs are more immediately unearthed.
  * Self tests and SIMD glue code work with #include, which lets the compiler
    optimize these. Previously these files were .h, because they were included,
    but a simple grep of the kernel tree shows 259 other files that carry out
    this same pattern. Only they prefer to instead name the files with a .c
    instead of a .h, so we now follow the convention.
  * Support many more platforms in QEMU, especially big endian ones.
  * Kernels < 3.17 don't have read_cpuid_part, so fix building there.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from b665856450)
2018-12-18 17:22:09 +01:00
Hans Dedecker
1f7504b884 ethtool: update to 4.19
8a1ad80 Release version 4.19.
ecdf295 ethtool: Fix uninitialized variable use at qsfp dump
98c148e ethtool: better syntax for combinations of FEC modes
d4b9f3f ethtool: support combinations of FEC modes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 5617e138bd)
2018-12-18 17:22:09 +01:00
Robert Marko
83cbf4c0ba ethtool: Update to 4.18
Tested on 8devices Jalapeno(ipq40xx)
Introduces following changes:
Feature: Add support for WAKE_FILTER (WoL using filters)
Feature: Add support for action value -2 (wake-up filter)
Fix: document WoL filters option also in help message
Feature: ixgbe dump strings for security registers

Signed-off-by: Robert Marko <robimarko@gmail.com>
(backported from a9d7353192)
2018-12-18 17:22:08 +01:00