Commit Graph

17429 Commits

Author SHA1 Message Date
Jo-Philipp Wich
955634b473 libubox: update to latest Git HEAD
7da6643 tests: blobmsg: add test case
75e300a blobmsg: fix wrong payload len passed from blobmsg_check_array

Fixes: FS#2833
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-27 22:03:18 +01:00
Xu Wang
2299808c68 base-files: add all buildinfo with INCLUDE_CONFIG
CONFIG_INCLUDE_CONFIG option is helpful for being able to rebuild the
exact same firmware as you see on a live OpenWRT instance, but it's
crucially missing feeds information, so we can't rebuild the exact same
package versions. This commit fixes this by adding the remaining feeds
(and version) buildinfo files to the image.

Signed-off-by: Xu Wang <xwang1498@gmx.com>
2020-02-27 12:14:09 +01:00
Petr Štetiar
35890514bb ppp: backport security fixes
8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP
8d7970b8f3db pppd: Fix bounds check in EAP code
858976b1fc31 radius: Prevent buffer overflow in rc_mksid()

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes: CVE-2020-8597
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-26 16:38:43 +01:00
Jo-Philipp Wich
817e775319 Revert "ppp: backport security fixes"
This reverts commit 215598fd03 since it
didn't contain a reference to the CVE it addresses. The next commit
will re-add the commit including a CVE reference in its commit message.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-26 16:37:27 +01:00
Roger Pueyo Centelles
c81b2e94c7 rbextract: support devices with plain RLE caldata
Old MikroTik devices have the RLE-encoded radio calibration data
directly stored in the art (hard_config) partition, without LZO
compression nor any preceding ERD magic bytes. This commit adds
a fallback for these devices.

Tested on the ath79 target with a MikroTik SXT 5nD r2 (SXT Lite5),
only locally --not yet merged upstream--.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2020-02-26 14:46:46 +01:00
John Crispin
a1dd773272 mac80211: enhance wifi reload
If the reconf call fails force a full restart of the radio.

Signed-off-by: John Crispin <john@phrozen.org>
2020-02-25 17:03:44 +01:00
John Crispin
d3b7838ebe hostapd: enhance wifi reload
Add a radio_config_id property. If the radio config changes return an error
upon receiving the reconf call.

Signed-off-by: John Crispin <john@phrozen.org>
2020-02-25 17:01:55 +01:00
Felix Fietkau
e8fae62f64 mt76: update to the latest version
0a53dcda5203 mt76: mt7603: add upper limit for dynamic sensitivity minimum receive power
46e63c05f7d1 mt76: mt7603: enable dynamic sensitivity adjustment by default
81476f11b68c mt76: mt7615: fix antenna mask initialization in DBDC mode

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-02-25 13:36:29 +01:00
Piotr Dymacz
a422b171ac base-files: diag: restore default trigger for 'boot' LED
For devices without a dedicated 'diag' LED, we use sometimes one of
other LEDs for indicating at least 'boot', 'failsafe' and 'upgrade'
stages. In some cases, at the same time these LEDs have defined default
triggers in DTS using 'linux,default-trigger' property. Current 'diag'
setup removes the trigger and turns off 'boot' LED after bootup.

One of the examples of such device is TP-Link TL-WR841N v14 (ramips)
which uses 'wlan' LED with defined 'linux,default-trigger' for 'diag':

aliases {
        led-boot = &led_wlan;
        led-failsafe = &led_wlan;
        led-upgrade = &led_wlan;
};

[...]

led_wlan: wlan {
        label = "tl-wr841n-v14:green:wlan";
        gpios = <&gpio1 9 GPIO_ACTIVE_LOW>;
        linux,default-trigger = "phy0tpt";
};

This patch extends 'diag.sh' and 'leds.sh' scripts to make sure default
trigger defined in DTS is restored for 'diag' LED which isn't used for
indicating 'running' stage.

Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-02-24 23:27:50 +01:00
Piotr Dymacz
2d113f89d2 hostapd: start hostapd/wpa_supplicant for all wiphy devices
c888e17e06 ("hostapd: manage instances via procd instead of pidfile")
added procd support for managing hostapd and wpa_supplicant daemons
but at the same time limited wiphy names to 'phy*'.

This brings back initial behaviour (introduced in 60fb4c92b6 ("hostapd:
add ubus reload") and makes procd manage daemons for any wiphy device
found in '/sys/class/ieee80211'.

CC: Felix Fietkau <nbd@nbd.name>
CC: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-02-24 23:27:50 +01:00
Piotr Dymacz
82679ca0b9 umbim: move package to 'WWAN' submenu
'uqmi' was moved to 'WWAN' submenu in 9abdeee0b7.
Let's be consistent and do the same with 'umbim'.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-02-24 23:27:50 +01:00
Josef Schlehofer
8fe9daf775 mbedtls: use correct SPDX License Identifier and add License file
License "GPL-2.0+" is deprecated License Identifier according to
SPDX License list [1]. The correct one is GPL-2.0-or-later.
While at it, also add the License file.

[1] https://spdx.org/licenses/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-02-24 23:25:28 +01:00
Josef Schlehofer
36af1967f5 mbedtls: update to version 2.16.5
Changelog:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released

Security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-02-24 23:25:28 +01:00
Josef Schlehofer
b55f68d553 strace: update to version 5.5
Changelog:
https://strace.io/files/5.5/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-02-24 23:25:28 +01:00
Hauke Mehrtens
806354ab53 linux-atm: Fix compile warning
The function trace_on_exit() is given to atexit() as a parameter, but
atexit() only takes a function pointer to a function with a void
parameter.

This problem was introduced when the on_exit() function was incompletely
replaced by atexit().

Fixes: ba6c8bd614 ("linux-atm: add portability fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-24 23:25:28 +01:00
Hauke Mehrtens
930fc09803 ath10k-ct: Use ath10k-ct version 5.4
This makes ath10k-ct use the version based on kernel 5.4 by default.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-24 23:25:28 +01:00
Hauke Mehrtens
d97b6204a2 ath10k-ct: Update to version 2020-02-18
This adds AP VLAN support.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-24 23:25:22 +01:00
Hauke Mehrtens
a9363914a3 mac80211: Allow IBSS mode and different beacon intervals
ath10k-ct supports the combination to select IBSS (ADHOC) mode and
different beacon intervals together. mac80211 does not like this
combination, but Ben says this is ok, so remove this check.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-24 23:23:46 +01:00
Hauke Mehrtens
f2fc7a62c0 rtl8812au-ct: Update to version 2020-01-12
This fixes compile problems with kernel 5.4

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-24 21:27:08 +01:00
Sungbo Eo
3124c9afe3 urngd: avoid PKG_NAME in define lines
> Avoid reuse of PKG_NAME in call, define and eval lines for consistency and
> readability. Write the full name instead.

Ref: https://openwrt.org/docs/guide-developer/packages

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-02-23 22:42:51 +01:00
Sungbo Eo
33ecc694d5 urandom-seed: avoid PKG_NAME in define lines
> Avoid reuse of PKG_NAME in call, define and eval lines for consistency and
> readability. Write the full name instead.

Ref: https://openwrt.org/docs/guide-developer/packages

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-02-23 22:42:36 +01:00
Sungbo Eo
e6c55d70f4 ltq-vdsl-mei: avoid underscore in package name
As 07e1d88d7b ("kernel: avoid underscore in *6lowpan package names") shows,
underscores might cause build failures. Replace underscore with dash.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-02-23 13:20:50 +01:00
Scott Roberts
34e7d31983 packages/boot: bump arm-trusted-firmware-mvebu version
The current version of ATF does not support power off for SGMII
COMPHY.  Update to latest ATF to resolve this issue.

Signed-off-by: Scott Roberts <ttocsr@gmail.com>
2020-02-22 18:21:37 +01:00
Fredrik Olofsson
9ad1ccbe15 mac80211: backport fix TID field in monitor mode transmit
Backport 753ffad3d6243303994227854d951ff5c70fa9e0 as merged in Linux v5.5-rc3.

Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
2020-02-22 16:38:41 +01:00
Daniel Engberg
f0864cb31b package/utils/f2fs-tools: Update to 1.13.0
Update f2fs-tools to 1.13.0
Remove upstreamed patches
Disable build of static library

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2020-02-22 16:38:41 +01:00
Davide Fioravanti
9003115d6f usbmode: Update modeswitch data to 20191128
Add support for new hardware

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
2020-02-22 16:38:41 +01:00
Tomasz Maciej Nowak
9c6b6abdcd kernel: replace SUBDIRS with M in package recipes
The SUBDIRS variable has been removed in kernel 5.4, and was deprecated
since the beginnig of kernel git history in favour of M or KBUILD_EXTMOD.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-02-22 16:38:41 +01:00
DENG Qingfang
e6cec17568 linux-firmware: update to 20200122
Update linux-firmware to 20200122

git log --pretty=oneline --abbrev-commit 20191215..20200122

1eb2408 linux-firmware: Update firmware file for Intel Bluetooth AX200
0dc1611 linux-firmware: Update firmware file for Intel Bluetooth AX201
d03f79c linux-firmware: Update firmware file for Intel Bluetooth 9560
aab62bc linux-firmware: Update firmware file for Intel Bluetooth 9260
ed0aa3a nvidia: add TU102/TU104/TU106 signed firmware
9c340bd amdgpu: update navi10 firmware for 19.50
3b4a503 amdgpu: Add navi10 TA ucode
16cc13a Merge branch 'v1.1.3' of https://github.com/ruiwang-mtk/linux_fw_vpu_v1.1.37f3177d mediatek: update MT8173 VPU firmware to v1.1.3
67d4ff5 Mellanox: Add new mlxsw_spectrum firmware xx.2000.2714
f1c9e7b radeon: update oland rlc microcode from amdgpu
b1dafb7 amdgpu: update vega20 microcode for 19.50
c38789e amdgpu: update vega12 microcode for 19.50
5a141c1 amdgpu: update vega10 microcode for 19.50
a03173a amdgpu: update picasso microcode for 19.50
86e9a5f amdgpu: update raven2 microcode for 19.50
febe09a amdgpu: update raven microcode for 19.50
af76fd0 amdgpu: update navi10 microcode for 19.50
b5b176a amdgpu: update navi14 microcode for 19.50
ad90178 amdgpu: add TA microcode for Raven asics
379551b qed: Add firmware 8.42.2.0
58b4003 Merge branch 'RB3-wlan-firmware-1387-v2' of https://github.com/andersson/linux-firmware
5967a45 Adjust WHENCE entry to check_whence doesn't complain
d1e743d Merge branch 'master' of https://github.com/NXP/mwifiex-firmware
d6219ab qcom: Switch SDM845 WLAN firmware
e65245c linux-firmware: add NXP firmware licence file
6871bff Merge branch 'ath10k-20191220' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/linux-firmware
b142c2e ath10k: WCN3990 hw1.0: add firmware WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1
8809b87 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00070
513d70c ath10k: QCA988X hw2.0: update firmware-5.bin to 10.2.4-1.0-00047
203435b ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00070
a66d2fc ath10k: QCA9887 hw1.0: update firmware-5.bin to 10.2.4-1.0-00047
6d19154 ath10k: QCA6174 hw3.0: update board-2.bin
c4586ff linux-firmware: Update AMD cpu microcode

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-02-22 16:38:41 +01:00
DENG Qingfang
b9d29b78c8 iw: update to 5.4
Update iw to 5.4
This increases the ipk size of iw-tiny/full by about 400 bytes

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-02-22 16:38:41 +01:00
Rosen Penev
499ebb791f libbsd: update to 0.10.0
Removed all upstream patches.

Added PKG_BUILD_PARALLEL for faster compilation.

Small Makefile rearrangements for consistency between packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-02-22 16:34:57 +01:00
Adrian Schmutzler
a5b2c6f5ed rssileds: add dependencies based on LDFLAGS
This adds the direct dependencies introduced by TARGET_LDFLAGS
to the package's DEPENDS variable.

This was found by accidentally building rssileds on octeon, which
resulted in:

"Package rssileds is missing dependencies for the following libraries:
libnl-tiny.so"

Though the dependencies are provided when building for the
relevant targets ar71xx, ath79 and ramips, it seems more tidy to
specify them explicitly.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-22 14:26:01 +01:00
Stijn Tintel
a9b5473c92 lldpd: bump to 1.0.5
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-02-22 10:31:28 +02:00
Felix Fietkau
3e11ddaf2e mt76: update to the latest version
f4415afce213 mt76: mt76u: loop over all possible rx queues in mt76u_rx_tasklet
5b9f949cb760 mt76: mt76u: fix a possible memory leak in mt76u_init
fd892bc033fb mt76: mt76u: rely only on data buffer for usb control messagges

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-02-20 15:06:35 +01:00
Petr Štetiar
215598fd03 ppp: backport security fixes
8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP
8d7970b8f3db pppd: Fix bounds check in EAP code
858976b1fc31 radius: Prevent buffer overflow in rc_mksid()

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-02-20 09:12:12 +01:00
Daniel Engberg
0e7d404a94 util-linux: Update to 2.35.1
Update util-linux to 2.35.1 and refresh patches.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[commit subject and description tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-02-20 09:12:12 +01:00
Felix Fietkau
69a9a08396 mt76: update to the latest version
bd0df1b017a8 mt76: avoid extra RCU synchronization on station removal
d5a5e97b67c7 mt76: mt76x2: avoid starting the MAC too early
a67e42990d8a mt76: mt7615: fix msdu_id endianness in mt7615_write_hw_txp
d3af8bd3c722 mt76: mt7615: set proper length in strncmp
9c43417db17c mt76: mt7615: fix max_nss in mt7615_eeprom_parse_hw_cap
764e1d208a06 mt76: mt7615: fix tx power reporting
1881241c7ee5 mt76: fix rounding issues on converting per-chain and combined txpower
fa14e7f33199 mt76: mt7615: rework rx phy index handling
a205ce3e3e2d mt76: mt7615: fix ext_phy flag for stations
457a93203690 mt76: mt7615: fix MT_TX_HW_QUEUE_EXT_PHY to deal with mac80211 changes
c75cf513c674 mt76: do not set HOST_BROADCAST_PS_BUFFERING for mt7615
cc56c400167c mt76: fix LED link time failure
4dbd56b86970 mt76: mt76x0u: add support to TP-Link T2UHP
e226309c4bc4 mt76: mt7615: rely on mt76_queues_read for mt7622
c6a025318075 mt76: mt76u: extend RX scatter gather number
dfc24bc504e3 mt76: mt76u: rename stat_wq in wq
2bbffd2cb37b mt76: mt7615: remove rx_mask in mt7615_eeprom_parse_hw_cap
f408a2b7566c mt76: Introduce mt76_mcu data structure
17ecf0762542 mt76: mt76x02: fix handling MCU timeouts during hw restart
284e9fd72912 mt76: mt7615: fix monitor injection of beacon frames
8f8e9161b355 mt76: fix array overflow on receiving too many fragments for a packet

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-02-19 22:12:46 +01:00
Eneas U de Queiroz
07e1d88d7b kernel: avoid underscore in *6lowpan package names
Packages kmod-bluetooth_6lowpan and kmod-ieee802154_6lowpan contain an
underscore in the package name.  This causes problems in package/install
because when building a list of package files to install offline using
opkg, it uses a wildcard of the form $(dir)/$(pkg)_*.ipk.

If you were to select kmod-bluetooth=y, but kmod-bluetooth_6lowpan=m,
the latter would be picked up by that wildcard, and make package/install
would fail:

Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies
 * for kmod-bluetooth_6lowpan:
 *      kmod-6lowpan
 * opkg_install_cmd: Cannot install package kmod-bluetooth_6lowpan.

Changing the wildcard pattern is not trivial, and there may be other
places in the build system making this assumption about the package name
format.

Using a dash in place of the underscore avoids the issue.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-02-19 22:07:40 +01:00
Russell Senior
731f7ea48a dnsmasq: fix uci-defaults script to exit 0 so it is cleaned up
A file, package/network/services/dnsmasq/files/50-dnsmasq-migrate-resolv-conf-auto.sh,
was added in commit 6a28552120, but it
does not exit in a way that tells the uci-defaults mechanism that it
succeeded, and so it is not cleaned up after running successfully. Add
an exit 0 to the end to correct that.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2020-02-19 22:02:59 +01:00
Jason A. Donenfeld
49caf9f98a wireguard: bump to 0.0.20200215
* send: cleanup skb padding calculation
* socket: remove useless synchronize_net

Sorry for the back-to-back releases. This fixes a regression spotted by Eric
Dumazet.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-15 08:57:49 +01:00
Adrian Schmutzler
7d7aa2fd92 brcm2708: rename target to bcm27xx
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.

Despite, since subtargets range from bcm2708 to bcm2711, it seems
appropriate to use bcm27xx instead of bcm2708 (again, as already done
for BOARDNAME).

This also renames the packages brcm2708-userland and brcm2708-gpu-fw.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-02-14 14:10:51 +01:00
Adrian Schmutzler
e7bfda2c24 brcm63xx: rename target to bcm63xx
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-14 14:10:51 +01:00
Adrian Schmutzler
8fe5ad5d33 brcm47xx: rename target to bcm47xx
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-14 14:10:51 +01:00
DENG Qingfang
5715b21f80 iproute2: update to 5.5.0, enable LTO
Update iproute2 to 5.5.0
Enable LTO to save several KB of size

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-02-13 21:35:13 +01:00
Tomislav Požega
cd5dbba905 mac80211: expose chanbw support to debugfs for ath9k_htc
This will ensure the htc suffixed driver also gets created
chanbw debugfs entry.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
2020-02-13 17:45:46 +01:00
Michael Yartys
1862263883 ath10k-firmware: update ath10k-ct firmware
This supports better per-chain noise floor reporting, which in turn allows for
better RSSI reporting in the driver.

Wave-2 fixes a long-standing rate-ctrl problem when connected to xbox (and probably other devices).

Wave-2 has fix for crash likely related to rekeying.

Wave-1 has some debugging code added where a user reported a crash.

Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>  [ipq806x+qca9984,ipq4019+qca9986]
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
2020-02-13 17:45:46 +01:00
Michael Yartys
67174adc94 ath10k-ct: update to 2020-01-29
Changes:

ath10k-ct: Support better RSSI measurements.

When used with recent firmware, these changes allow the driver to
query per-chain noise-floor from the radio to better calculate the
per-chain RSSI. The per-chain RSSI is then summed to provide the
'combined RSSI'. This gives better per-chain RSSI as well as combined
RSSI, especially when running with more than 20Mhz bandwidths.

Refresh patches.

Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>  [ipq806x+qca9984,ipq4019+qca9986]
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
2020-02-13 17:45:46 +01:00
Jo-Philipp Wich
04069fde19 uhttpd: update to latest Git HEAD
2ee323c file: poke ustream after starting deferred program

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-12 18:01:13 +01:00
Kevin Darbyshire-Bryant
dba431d8ab procd: seccomp: fix resource leak
Bump to latest commit:

c30b23e seccomp: fix resource leak

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-02-11 18:54:29 +00:00
Hans Dedecker
7df120b1b0 uci: fix PKG_SOURCE_VERSION value
Fixes PKG_SOURCE_VERSION value which was wrongly set in commit f6e07c8284

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-09 21:50:59 +01:00
Jason A. Donenfeld
cb17d7aed7 wireguard-tools: bump to 1.0.20200206
* wg-quick: android: split uids into multiple commands

Newer android's ndc implementations have limits on uid size, so we have to
break these into several lists.

* man: document dynamic debug trick for Linux

This comes up occasionally, so it may be useful to mention its
possibility in the man page. At least the Arch Linux and Ubuntu kernels
support dynamic debugging, so this advice will at least help somebody. So that
you don't have to go digging into the commit, this adds this helpful tidbit
to the man page for getting debug logs on Linux:

 # modprobe wireguard && echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control

* extract-{handshakes,keys}: rework for upstream kernel

These tools will now use the source code from the running kernel instead of
from the old monolithic repo. Essential for the functioning of Wireshark.

* netlink: remove libmnl requirement

We no longer require libmnl. It turns out that inlining the small subset of
libmnl that we actually use results in a smaller binary than the overhead of
linking to the external library. And we intend to gradually morph this code
into something domain specific as a libwg emerges. Performance has also
increased, thanks to the inliner. On all platforms, wg(8) only needs a normal
libc. Compile time on my system is still less than one second. So all in all
we have: smaller binary, zero dependencies, faster performance.

Packagers should no longer have their wireguard-tools package depend on
libmnl.

* embeddable-wg-library: use newer string_list
* netlink: don't pretend that sysconf isn't a function

Small cleanups.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-09 21:25:51 +01:00
Hans Dedecker
39a49c2d6a procd: update to latest git HEAD
Fixes c0c988e179

bcb8655 instance: add 'requirejail' attribute

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-09 19:26:00 +01:00
Sungbo Eo
757715c474 kernel: move b43 install function to broadcom.mk
Most of the broadcom packaging codes were moved to broadcom.mk in commit
7f984dab1c ("mac80211: move broadcom packaging code to broadcom.mk"),
but b43/install still remained. Move it now.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-02-08 17:58:38 +01:00
Sungbo Eo
9d03eede18 kernel: fix typos in KernelPackage description
Fixes: ed2839ac41 ("kernel/modules: add kmod-pmbus-zl6100 module")
Fixes: bbcb9de935 ("Add package for gpio rotary encoder")
Fixes: 7685458982 ("package/kernel: package kmod-input-matrixkmap")
Fixes: 8bfef35385 ("kernel: rename kmod-switch-rtl8366_smi to
       kmod-switch-rtl8366-smi to avoid underscores in package names")
Fixes: f03bf608b1 ("kernel: Add dummy sound driver")
Fixes: dda5d9b786 ("ramips: rename pwm kernel module")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-02-08 17:58:38 +01:00
Jo-Philipp Wich
766e778226 hostapd: remove erroneous $(space) redefinition
The $(space) definition in the hostapd Makefile ceased to work with
GNU Make 4.3 and later, leading to syntax errors in the generated
Kconfig files.

Drop the superfluous redefinition and reuse the working $(space)
declaration from rules.mk to fix this issue.

Fixes: GH#2713
Ref: https://github.com/openwrt/openwrt/pull/2713#issuecomment-583722469
Reported-by: Karel Kočí <cynerd@email.cz>
Suggested-by: Jonas Gorski <jonas.gorski@gmail.com>
Tested-by: Shaleen Jain <shaleen@jain.sh>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-08 11:45:33 +01:00
Rafał Miłecki
aca274091a mac80211: brcm: backport remaining 5.6 kernel patches
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-02-06 11:36:15 +01:00
Jason A. Donenfeld
71de48bd37 wireguard: bump to 0.0.20200205
* compat: support building for RHEL-8.2
* compat: remove RHEL-7.6 workaround

Bleeding edge RHEL users should be content now (which includes the actual
RedHat employees I've been talking to about getting this into the RHEL kernel
itself). Also, we remove old hacks for versions we no longer support anyway.

* allowedips: remove previously added list item when OOM fail
* noise: reject peers with low order public keys

With this now being upstream, we benefit from increased fuzzing coverage of
the code, uncovering these two bugs.

* netns: ensure non-addition of peers with failed precomputation
* netns: tie socket waiting to target pid

An added test to our test suite for the above and a small fix for high-load CI
scenarios.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-05 21:56:02 +01:00
Jo-Philipp Wich
5f5ec7660c Revert "iwinfo: update to latest Git HEAD"
This reverts commit 96424c143d.

The commit changed libiwinfo's internal ABI which breaks a number of
downstream projects, including LuCI and rpcd-mod-iwinfo.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-05 15:31:39 +01:00
Kevin Darbyshire-Bryant
c0c988e179 procd: support 'requirejail' attribute
Bump procd package to reduce log spam related to missing jail binaries
in a non-jail capable system.

bcb8655 instance: add 'requirejail' attribute

An additional jail attribute 'requirejail' can now be used to indicate
mandatory use of a jailed environment and hence prevent process startup
in the event that the jail subsystem is unavailable.

Procd will now only log errors if jail is unavailable and 1) is a mandatory
requirement or 2) a procd debug level of at least 2 is in use.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-02-04 21:51:11 +00:00
David Bauer
96424c143d iwinfo: update to latest Git HEAD
eba5a20 iwinfo: add device id for BCM43602
a6914dc iwinfo: add BSS load element to scan result
bb21698 iwinfo: add device id for Atheros AR9287
7483398 iwinfo: add device id for MediaTek MT7615E

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-02-04 20:14:47 +01:00
Álvaro Fernández Rojas
953973c299 brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-02-04 19:02:20 +01:00
Michal Cieslakiewicz
a09408fa57 uboot-envtools: ath79: add Netgear WNDR3700v2
Add Netgear WNDR3700v2 to the list of supported boards.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
[rebase, adjusted commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-04 12:23:48 +01:00
John Crispin
df773ead9a bcm4xxx: fix iwinfo behaviour
Signed-off-by: John Crispin <john@phrozen.org>
2020-02-04 07:48:09 +01:00
Felix Fietkau
8216766ad9 mt76: update to the latest version
8f33a1e936fd mt76: mt7615: report firmware log event messages
43db699b1ad8 mt76: mt7615: increment the MAC address of the secondary PHY (DBDC)
161d1c73c62a mt7615: use local MAC address for the second PHY
9453dbe921b9 mt76: set dma-done flag for flushed descriptors
65745c5ac503 mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw
14f37f8d86eb mt76: dma: do not write cpu_idx on rx queue reset until after refill
99ce68625473 mt76: mt7603: increase dma mcu rx ring size
62c447e2c75f mt76: enable Airtime Queue Limit support
1c258940d818 mt76: mt7615: report TSF information
2d22ef618712 mt76: mt7615: add per-phy mib statistics
8d690f3bfbc4 mt76: mt7615: add a get_stats() callback
b06177ce387c mt76: move dev_irq tracepoint in mt76 module
5ac9889c33f1 mt76: move mac_txdone tracepoint in mt76 module
7801ebd775e3 mt76: mt7615: add tracing support
fd877a17cc0a mt76: mt76x2: get rid of leftover target
039471502578 mt76: mt7615: initialize radar specs from host driver
b208305e6275 mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom
fd1fa6860666 mt76: move WIPHY_FLAG_HAS_CHANNEL_SWITCH in mt76_phy_init
c94afbe3d70a mt76: mt7615: remove leftover routine declaration
29fec3a9b0b4 mt76: rely on mac80211 utility routines to compute airtime
2bb518752b3f mt76: mt76x02u: avoid overwrite max_tx_fragments
a0f1ff0473b5 mt76: mt76u: check tx_status_data pointer in mt76u_tx_tasklet
a5dca118bf40 mt76: mt76u: add mt76u_process_rx_queue utility routine
06caaf0d33b4 mt76: mt76u: add mt76_queue to mt76u_get_next_rx_entry signature
cf8e2590e46b mt76: mt76u: add mt76_queue to mt76u_refill_rx signature
0077b30ce2c8 mt76: mt76u: use mt76_queue as mt76u_complete_rx context
06d466b86981 mt76: mt76u: add queue id parameter to mt76u_submit_rx_buffers
580ddd175eee mt76: mt76u: move mcu buffer allocation in mt76x02u drivers
acc227e14d95 mt76: mt76u: introduce mt76u_free_rx_queue utility routine
aa28404bf287 mt76: mt76u: stop/free all possible rx queues
885fe4a29bb9 mt76: mt76u: add mt76u_alloc_rx_queue utility routine
c85dec848303 mt76: mt76u: add queue parameter to mt76u_rx_urb_alloc
ca7991699109 mt76: mt76u: resume all rx queue in mt76u_resume_rx
e2a39697fb0a mt76: mt76u: introduce mt76u_alloc_mcu_queue utility routine
39fb59ce927b mt76: mt76u: add {read/write}_extended utility routines
8c6cf328eb1f mt76: mt76u: take into account different queue mapping for 7663
e742618fc5ce mt76: mt76u: introduce mt76u_skb_dma_info routine
23b3328e52fe mt76: mt76u: add endpoint to mt76u_bulk_msg signature
82bedb294534 mt76: mt76u: introduce MT_DRV_RX_DMA_HDR flag
2db2bab099d0 firmware: update mt7615 N9 firmware to 20200107155603
60e27689603d firmware: update MT7615 CR4 firmware to 20190121161307
d15a4bbb3f69 mt76: mt7615: add __aligned(4) to txp structs
1c4ff4f2dc7f mt76: mt7615: move mmio related code from pci.c to mmio.c
51b1eb7a4902 mt76: mt7615: split up firmware loading functions
f84b590b6454 mt76: mt7615: store N9 firmware version instead of CR4
92bafd4b1bfc mt76: mt7615: fix MT_INT_TX_DONE_ALL definition for MT7622
13a4269a1bfa mt76: mt7615: add dma and tx queue initialization for MT7622
ab94a85efb18 mt76: mt7615: add eeprom support for MT7622
f0b02d8115b0 mt76: mt7615: add calibration free support for MT7622
fd3ae9a342ae mt76: mt7615: disable 5 GHz on MT7622
80d3681b404d mt76: mt7615: implement probing and firmware loading on MT7622
79808e62324e mt76: mt7615: implement DMA support for MT7622
bddcbb25cd0e mt76: mt7615: decrease rx ring size for MT7622
6cd5c381eaee mt76: mt7615: disable DBDC on MT7622
f66b480434e9 mt76: mt7615: add Kconfig entry for MT7622
68f38eea39b5 firmware: add firmware for MT7622 built-in WiFi
7882bbd25c38 mt76: mt7615: fix and rework tx power handling
0f06914acfb4 mt76: mt7615: implement hardware reset support
db97358df47e mt76: mt7615: add support for testing hardware reset
b9d9f91b1522 mt76: mt7615: fix adding active monitor interfaces
fd216cb5b2f9 mt76: mt7615: fix monitor mode on second PHY
269de7c22957 firmware: fix version number for upcoming mt7615 mcu v2 support patches
9f8c6c4a20b4 mt76: mt7615: simplify mcu_set_bmc flow
ff32af25f83e mt76: mt7615: simplify mcu_set_sta flow
f16433cd7889 mt76: mt7615: add a helper to encapsulate sta_rec operation
77b9d8586307 mt76: mt7615: add starec operating flow for firmware v2
170b21f9ec78 mt76: mt7615: use new tag sta_rec_wtbl
648ce1aaa493 mt76: mt7615: switch mt7615_mcu_set_tx_ba to v2 format
721673759d82 mt76: mt7615: switch mt7615_mcu_set_rx_ba to v2 format

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-02-02 20:20:20 +01:00
Hans Dedecker
f6e07c8284 uci: update to version 2020-01-27
e8d8373 file: fix segfault in uci_parse_option
aa5e77a file: fix segfault in uci_parse_config

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-02 18:59:43 +01:00
Daniel Golle
2699ccd084 kernel: hwmon: package mcp3021 module
Package kernel module for Linear Technology MCP3021/3221 I2C connected
current and voltage monitor chips.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-02-02 17:49:20 +02:00
Álvaro Fernández Rojas
ffbb8ed5a2 cypress-firmware: update to v4.14.77-2020_0115
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-02-01 10:59:51 +01:00
Kevin Darbyshire-Bryant
e481df07fa iptables: set-dscpmark follow upstreamimg attempt
I'm having another attempt at trying to getting the 'store dscp into
conntrack connmark' functionality into upstream kernel, since the
restore function (act_ctinfo) has been accepted.

The syntax has changed from 'savedscp' to 'set-dscpmark' since that
conforms more closely with existing functionality.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-01-31 20:21:43 +00:00
Jo-Philipp Wich
c69c20c667 opkg: update to latest Git HEAD
80d161e opkg: Fix -Wformat-overflow warning
c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums

Fixes: CVE-2020-7982
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-29 17:00:53 +01:00
Felix Fietkau
b3e86cbb4f hostapd: add back support for passing CSA events from sta/mesh to AP interfaces
Fixes handling CSA when using AP+STA or AP+Mesh
This change was accidentally dropped in commit 167028b75
("hostapd: Update to version 2.9 (2019-08-08)")

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-29 12:25:10 +01:00
Felix Fietkau
ea5078014d mac80211: backport airtime queue limits support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-29 12:24:57 +01:00
Felix Fietkau
e0ab33ea49 mac80211: backport fix for an no-ack tx status issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-29 12:24:57 +01:00
Jason A. Donenfeld
c2859bf126 wireguard: bump to 0.0.20200128
This fixes a few small oversights for the 5.5 compat layer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-28 22:33:40 +01:00
Felix Fietkau
03e9e4ba9e hostapd: unconditionally enable ap/mesh for wpa-cli
Without this change, wpa-cli features depend on which wpad build variant was
used to build the wpa-cli package

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-28 14:38:43 +01:00
Adrian Schmutzler
9e0aab44b6 kernel: use older kernel for explicitly setting dependencies
It is generally more desirable to use older kernel versions for
dependencies, as this will require less changes when newer kernels
are added (they will by default select the newer packages).

Since we currently only have two kernels (4.14 and 4.19) in master,
this patch applies this logic by converting all LINUX_4_19 symbols
to their inverted LINUX_4_14 equivalents.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-26 22:07:48 +01:00
Sven Roederer
3519bf4976 hostapd: remove some bashisms
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
[remove shebang, slightly facelift commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-26 22:03:00 +01:00
Sven Roederer
bad59fd51b 6in4/6in4.sh: remove some bashism (usage of [[)
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-01-26 22:02:51 +01:00
Sven Roederer
bc357aaa2b netifd/config.sh: remove some bashism (usage of [[)
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-01-26 22:02:39 +01:00
Sven Roederer
0fecc997f8 base-files: remove some bashisms
"[[" is a bash extension for test. As the ash-implementation is
not fully compatible we drop its usage.
Also change to "=" for simple test, which is sufficient. (see d6ac8ca76c)

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
[split patch, removed shebang]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-26 21:51:24 +01:00
Martin Schiller
996f02e5ba lantiq: ltq-ptm: vr9: fix skb handling in ptm_hard_start_xmit()
Call skb_orphan(skb) to call the owner's destructor function and make
the skb unowned.

This is necessary to prevent sk_wmem_alloc of a socket from overflowing,
which leads to ENOBUFS errors on application level.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2020-01-26 18:38:17 +01:00
Magnus Kroken
6e96fd9047 mbedtls: update to 2.16.4
Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA.

Release announcement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released

Security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12

Fixes:
 * CVE-2019-18222: Side channel attack on ECDSA

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-01-26 15:07:59 +01:00
Christian Lamparter
a59f1ec30f ipq-wifi: drop deprecated .bin support
This patch converts the Qxwlan E2600AC image away from
the deprecated .bin file and to the new .qca4019 method.

As a result, we no longer need to carry around the
legacy support for handling .bin files.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-26 01:20:46 +01:00
Yen-Ting-Shen
51f3035978 ipq40xx: add support for EnGenius EMD1
SOC:     IPQ4018 / QCA Dakota
CPU:     Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:    256 MiB
NOR:     32 MiB
ETH:     Qualcomm Atheros QCA8072 (1 port)
WLAN1:   Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:   Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:   RESET Button
LEDS:    White, Blue, Red, Orange

Flash instruction:

From EnGenius firmware to OpenWrt firmware:

In Firmware Upgrade page, upgrade your openwrt-ipq40xx-generic-engenius_emd1-squashfs-factory.bin directly.

From OpenWrt firmware to EnGenius firmware:

1. Setup a TFTP server on your computer and configure static IP to 192.168.99.8
   Put the EnGenius firmware in the TFTP server directory on your computer.
2. Power up EMD1. Press 4 and then press any key to enter u-boot.
3. Download EnGenius firmware
   (IPQ40xx) # tftpboot 0x84000000 openwrt-ipq40xx-emd1-nor-fw-s.img
4. Flash the firmware
   (IPQ40xx) # imgaddr=0x84000000 && source 0x84000000:script
5. Reboot
   (IPQ40xx) # reset

Signed-off-by: Yen-Ting-Shen <frank.shen@senao.com>
[removed BOARD_NAME]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-26 01:20:45 +01:00
Fredrik Olofsson
52b8c7a892 ipq40xx: Add support for D-Link DAP-2610
Specifications
==============
- SOC: IPQ4018
- RAM: DDR3 256MB
- Flash: SPI NOR 16MB
- WiFi:
    - 2.4GHz: IPQ4018, 2x2, front end SKY85303-11
    - 5GHz: IPQ4018, 2x2, front end SKY85717-21
- Ethernet: 1x 10/100/1000Mbps, POE 802.3af
- PHY: QCA8072
- UART: GND, blocked, 3.3V, RX, TX / 115200 8N1
- LED: 1x red / green
- Button: 1x reset / factory default
- U-Boot bootloader with tftp and "emergency web server" accessible
  using serial port.

Installation
============
Flash factory image from D-Link web UI. Constraints in the D-Link web UI
makes the factory image unnecessarily large. Flash again using
sysupgrade from inside OpenWrt to reclaim some flash space.

Return to stock D-Link firmware
===============================
Partition layout is preserved, and it is possible to return to the stock
firmware simply by downloading it from D-Link and writing it to the
firmware partition.

    # mtd -r write dap2610-firmware.bin firmware

Quirks
======
To be flashable from the D-Link http server, the firmware must be larger
then 6MB, and the size in the firmware header must match the actual file
size. Also, the boot loader verifies the checksum of the firmware before
each boot, thus the jffs2 must be after the checksum covered part. This
is solved in the factory image by having the rootfs at the very end of
the image (without pad-rootfs).

The sysupgrade image which does not have to be flashable from the D-Link
web UI may be smaller, and the checksum in the firmware header only
covers the kernel part of the image.

Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
[added WRGG Variables to DEVICE_VARS, squashed spi pinconf/mux,
added emd1's gmac0 config,fix dtc warnings]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-26 01:20:45 +01:00
Jason A. Donenfeld
4576a753f2 wireguard-tools: bump to 1.0.20200121
* Makefile: remove pwd from compile output
* Makefile: add standard 'all' target
* Makefile: evaluate git version lazily

Quality of life improvements for packagers.

* ipc: simplify inflatable buffer and add fuzzer
* fuzz: add generic command argument fuzzer
* fuzz: add set and setconf fuzzers

More fuzzers and a slicker string list implementation. These fuzzers now find
themselves configuring wireguard interfaces from scratch after several million
mutations, which is fun to watch.

* netlink: make sure to clear return value when trying again

Prior, if a dump was interrupted by a concurrent set operation, we'd try
again, but forget to reset an error flag, so we'd keep trying again forever.
Now we do the right thing and succeed when we succeed.

* Makefile: sort inputs to linker so that build is reproducible

Earlier versions of make(1) passed GLOB_NOSORT to glob(3), resulting in the
linker receiving its inputs in a filesystem-dependent order. This screwed up
reproducible builds.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-24 08:21:04 +01:00
Jason A. Donenfeld
ec13b34118 wireguard: bump to 0.0.20200121
* Makefile: strip prefixed v from version.h

This fixes a mistake in dmesg output and when parsing the sysfs entry in the
filesystem.

* device: skb_list_walk_safe moved upstream

This is a 5.6 change, which we won't support here, but it does make the code
cleaner, so we make this change to keep things in sync.

* curve25519: x86_64: replace with formally verified implementation

This comes from INRIA's HACL*/Vale. It implements the same algorithm and
implementation strategy as the code it replaces, only this code has been
formally verified, sans the base point multiplication, which uses code
similar to prior, only it uses the formally verified field arithmetic
alongside reproducable ladder generation steps. This doesn't have a
pure-bmi2 version, which means haswell no longer benefits, but the
increased (doubled) code complexity is not worth it for a single
generation of chips that's already old.

Performance-wise, this is around 1% slower on older microarchitectures,
and slightly faster on newer microarchitectures, mainly 10nm ones or
backports of 10nm to 14nm. This implementation is "everest" below:

Xeon E5-2680 v4 (Broadwell)

armfazh: 133340 cycles per call
everest: 133436 cycles per call

Xeon Gold 5120 (Sky Lake Server)

armfazh: 112636 cycles per call
everest: 113906 cycles per call

Core i5-6300U (Sky Lake Client)

armfazh: 116810 cycles per call
everest: 117916 cycles per call

Core i7-7600U (Kaby Lake)

armfazh: 119523 cycles per call
everest: 119040 cycles per call

Core i7-8750H (Coffee Lake)

armfazh: 113914 cycles per call
everest: 113650 cycles per call

Core i9-9880H (Coffee Lake Refresh)

armfazh: 112616 cycles per call
everest: 114082 cycles per call

Core i3-8121U (Cannon Lake)

armfazh: 113202 cycles per call
everest: 111382 cycles per call

Core i7-8265U (Whiskey Lake)

armfazh: 127307 cycles per call
everest: 127697 cycles per call

Core i7-8550U (Kaby Lake Refresh)

armfazh: 127522 cycles per call
everest: 127083 cycles per call

Xeon Platinum 8275CL (Cascade Lake)

armfazh: 114380 cycles per call
everest: 114656 cycles per call

Achieving these kind of results with formally verified code is quite
remarkable, especialy considering that performance is favorable for
newer chips.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-24 08:21:04 +01:00
DENG Qingfang
2d758129ca ath10k-firmware: fix mirror hash
Fix PKG_MIRROR_HASH hash mismatch.

Fixes: 641a93f0f2 ("ath10k-firmware: update wave 1 firmware to 10.2.4-1.0-00047")
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-24 08:21:04 +01:00
Petr Štetiar
76bbe4b960 procd: update to version 2020-01-24
00aafc4f439e procd: show process's exit code
856b5f8be046 state: fix reboot causing shutdown inside LXC container
b44417c20c7f instance: provide error feedback if ujail binary is missing

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-24 08:21:04 +01:00
Roger Pueyo Centelles
7d39946ea0 rbextract: support devices directly showing ERD magic
Older ath79-based MikroTik devices have the ERD calibration data
compressed and stored different to newer IPQ40xx ones. This commit
adds support for these former ones.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-23 15:28:03 +01:00
Roger Pueyo Centelles
ba730d61af rbextract: add package
This utility extracts the radio calibration data, as well as other
board-related information (model, serial number, etc.), from MikroTik
Routerboard devices' flash.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-23 15:28:02 +01:00
Roger Pueyo Centelles
51526bcf1e rbcfg: make package available for ath79
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2020-01-23 15:28:02 +01:00
Felix Fietkau
c07f6e8659 hostapd: fix faulty WMM IE parameters with ETSI regulatory domains
hostapd sets minimum values for CWmin/CWmax/AIFS and maximum for TXOP.
The code for applying those values had a few bugs leading to bogus values,
which caused significant latency and packet loss.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-23 14:53:13 +01:00
Kimmo Vuorinen
a8723c48ad uboot-envtools: ath79: add support for glinet,gl-ar150
Add ubootenv uci config for GL.inet GL-AR150

Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-23 14:08:24 +01:00
Kimmo Vuorinen
dc6dfaac80 uboot-envtools: ar71xx: add support for gl-ar150/-domino/-mifi
Add ubootenv uci config for gl-ar150, gl-domino and gl-mifi

Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
[commit message/title facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-23 14:04:50 +01:00
Daniel Golle
3d6c571083 mac80211: add support for wds_bridge hostapd feature
hostapd allows putting WDS (4addr mode) clients into a separate bridge
other than the bridge regular (3addr mode) clients end up in. This is
useful for example giving WDS clients access to several VLANs
(trunking) while regular clients will end up inside a specific VLAN.

Add 'wds_bridge' config parameter for wifi-iface which contains the
name of the bridge. hostapd-mini already supports this feature, so all
needed is to add the UCI wrapping in mac80211.sh.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-22 14:22:17 +02:00
Russell King
a1358fc7ae kernel: add SFP support for Methode DM7052 NBASE-T module
Add support for Methode DM7052 NBASE-T module to OpenWRT. These
patches are taken from my "phy" branch, and will be sent for the
next kernel merge window.

Signed-off-by: Russell King <linux@armlinux.org.uk>
[jonas.gorski: move patches to pending, refresh patches]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2020-01-21 22:32:48 +01:00
Jan Pavlinec
2982997f1b curl: update to version 7.68.0 (security fix)
Fixes
CVE-2019-15601

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-01-21 22:17:53 +01:00
Petr Štetiar
0f81a0979c fstools: update to version 2020-01-21
deb745f82b93 Revert "fstools: Add support to read-only MTD partitions (eg. recovery images)"

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-21 17:25:56 +01:00
Petr Štetiar
3d8edd9bb4 urngd: update to version 2020-01-21
c7f7b6b65b82 Tag version 1.0.2
236b7a0aef21 Fix blocked entropy generation

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-21 17:16:01 +01:00
Daniel Golle
97a03a4760 procd: update to latest git HEAD
58c12f7 jail: add basic support for network namespaces
 ba69639 jail: create resolv.conf symlink for netns jails
 81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/

Add new 'netns' flag for procd_add_jail to make ujail setup a new
network namespace for the jailed service.
See previous netifd commit for example configuration for netns jailed
service.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-21 12:52:12 +02:00
Daniel Golle
e4ce8f59f5 netifd: add basic support for jail network namespaces
Prepare netifd for handling procd service jails having their own
network namespace.
Intefaces having the jail attribute will only be brought up inside the
jail's network namespace by procd calling the newly introduced ubus
method 'netns_updown'.
Currently proto 'static' is supported and configuration changes are
not yet being handled (ie. you'll have to restart the jailed service
for changes to take effect).

Example /etc/config/network snippet:
config device 'veth0'
    option type 'veth'
    option name 'vhost0'
    option peer_name 'virt0'

config interface 'virt'
    option type 'bridge'
    list ifname 'vhost0'
    option proto 'static'
    option ipaddr '10.0.0.1'
    option netmask '255.255.255.0'

config interface 'virt0'
    option ifname 'virt0'
    option proto 'static'
    option ipaddr '10.0.0.2'
    option netmask '255.255.255.0'
    option gateway '10.0.0.1'
    option dns '10.0.0.1'
    option jail 'transmission'

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-21 10:25:27 +02:00
Petr Štetiar
5c73bb12c8 libubox: update to version 2020-01-20
43a103ff17ee blobmsg: blobmsg_parse and blobmsg_parse_array oob read fixes
 5c0faaf4f5e2 tests: prefer dynamically allocated buffers
 1ffa41535369 blobmsg_json: prefer snprintf usage
 132ecb563da7 blobmsg: blobmsg_vprintf: prefer vsnprintf
 a2aab30fc918 jshn: prefer snprintf usage
 b0886a37f39a cmake: add a possibility to set library version
 a36ee96618a9 blobmsg: blobmsg_add_json_element() 64-bit values
 f0da3a4283b7 blobmsg_json: fix int16 serialization
 20a070f08139 tests: blobmsg/json: add more test cases
 379cd33d1992 tests: include json script shunit2 based testing

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-20 20:57:21 +01:00
Petr Štetiar
63000bfaf7 fstools: update to version 2020-01-18
f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images)
 189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-20 20:57:21 +01:00
Sungbo Eo
c26b687e31 kernel: remove further obsolete kernel version switches
Most of the kernel version switches below 4.14 were removed in commit
97940f8766 ("kernel: remove obsolete kernel version switches"),
but some of them still remained. Remove them now.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-01-18 19:39:05 +01:00
Rosen Penev
8df14c229c base-files/functions.sh: use grep -q instead of []
It's cleaner and faster as it does not need to do extra work.

Also removed $() to avoid executing the output. The shell can handle it.

https://github.com/koalaman/shellcheck/wiki/SC2143

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[correct || to && for one conversion]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-18 00:24:06 +01:00
Rosen Penev
d4009d7985 base-files/system.sh: remove $ in $(())
Not needed.

https://github.com/koalaman/shellcheck/wiki/Sc2004

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev
fb56573dc4 base-files/functions.sh: use && instead of -a
-a is not well defined.

https://github.com/koalaman/shellcheck/wiki/SC2166

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev
b8e17aefea base-files/functions.sh: remove useless cat
The cut command can take a file as an input.

https://github.com/koalaman/shellcheck/wiki/SC2002

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev
cba5fa0352 base-files/functions.sh: don't use $var in $(())
It's not needed. It can also lead to subtle bugs.

https://github.com/koalaman/shellcheck/wiki/Sc2004

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:35 +01:00
Stijn Tintel
1322190fd3 libcxx: fix build for x86/64
When building libcxx for x86/64, the library is installed in /usr/lib64.
As the install section tries to copy the library from /usr/lib, this
breaks build on x86/64. Override the lib dir suffix to fix this.

Fixes: 856ea2bad3 ("libcxx: Add package")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 00:42:49 +02:00
Hans Dedecker
f0c0f92ce4 odhcpd: update to version 2020-01-14
6db312a dhcpv6-ia: use dhcp leasetime to set preferred/valid statefull lifetimes
2520c48 dhcpv6-ia: introduce DHCPv6 pd and ia assignments flags
b413d8a dhcpv6-ia: cleanup prefix delegation routes
b0902af dhcpv6-ia: remove passing interface as parameter to apply_lease

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-01-16 21:53:17 +01:00
David Lam
a5f3648a1c hostapd: add support for system cert bundle validation
Currently, it is very cumbersome for a user to connect to a WPA-Enterprise
based network securely because the RADIUS server's CA certificate must first be
extracted from the EAPOL handshake using tcpdump or other methods before it can
be pinned using the ca_cert(2) fields. To make this process easier and more
secure (combined with changes in openwrt/openwrt#2654), this commit adds
support for validating against the built-in CA bundle when the ca-bundle
package is installed. Related LuCI changes in openwrt/luci#3513.

Signed-off-by: David Lam <david@thedavid.net>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16 12:08:18 +01:00
Daniel Golle
702c70264b hostapd: cleanup IBSS-RSN
set noscan also for IBSS and remove redundant/obsolete variable.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-16 10:26:21 +02:00
Andrea Dalla Costa
5adca1cf2a uboot-oxnas: fix memory leak in tool mkox820crc
In function `main` add calls to `free` for the variable `executable`.
This is needed because the variable `executable` is allocated but
never freed. This cause a memory leak.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-15 23:15:19 +01:00
John Crispin
a3dd95ef63 dropbear: fix compile error
Fixes: 0da193ee69 ("dropbear: move failsafe code out of base-files")
Signed-off-by: John Crispin <john@phrozen.org>
2020-01-15 21:31:12 +01:00
Florian Eckert
7151054abd wireguard: skip peer config if public key of the peer is not defined
If a config section of a peer does not have a public key defined, the
whole interface does not start. The following log is shown

daemon.notice netifd: test (21071): Line unrecognized: `PublicKey='
daemon.notice netifd: test (21071): Configuration parsing erro

The command 'wg show' does only show the interface name.

With this change we skip the peer for this interface and emit a log
message. So the other peers get configured.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-15 21:19:01 +01:00
John Crispin
d9cfa827ac busybox: fix build issues
Fixes: f704f97e4c ("busybox: Include hdparm by default on nas type device")
Signed-off-by: John Crispin <john@phrozen.org>
2020-01-15 21:17:47 +01:00
Michal Cieslakiewicz
a736f39432 ath79: add support for Netgear WNDR4500 v3
This patch introduces support for Netgear WNDR4500v3. Router
is very similar to WNDR4300v2 and is based on the same PCB.

Information gathered from various Internet sources (including
https://patchwork.ozlabs.org/patch/809227/) shows following
differences to WNDR4300v2:

 * two USB 2.0 ports with separate LEDs
 * USB LEDs soldered to secondary pads
 * WPS and RFKILL buttons soldered to secondary pads
 * described as N900 device with 3x3:3 MIMO for 2.4GHz radio
 * power supply requirement is DC 12V 2.5A
 * vendor HW ID suffix differs in one digit
 * bigger chassis

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-01-15 20:56:05 +01:00
Michal Cieslakiewicz
37a36a588a ath79: add support for Netgear WNDR4300 v2
This patch introduces support for Netgear WNDR4300v2.

Specification
=============
  * Description: Netgear WNDR4300 v2
  * Loader: U-boot
  * SOC: Qualcomm Atheros QCA9563 (775 MHz)
  * RAM: 128 MiB
  * Flash: 2 MiB SPI-NOR + 128 MiB SPI-NAND
	- NOR: U-boot binary: 256 KiB
	- NOR: U-boot environment: 64 KiB
	- NOR: ART Backup: 64 KiB
 	- NOR: Config: 64 KiB
	- NOR: Traffic Meter: 64 KiB
	- NOR: POT: 64 KiB
	- NOR: Reserved: 1408 KiB
	- NOR: ART: 64 KiB
	- NAND: Firmware: 25600 KiB (see notes for OpenWrt)
	- NAND: Language: 2048 KiB
	- NAND: mtdoops Crash Dump: 128 KiB
	- NAND: Reserved: 103296 KiB
  * Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8337)
  * Wireless:
	- 2.4 GHz b/g/n (internal)
	- 5 GHz a/n (AR9580)
  * USB: yes, 1 x USB 2.0
  * Buttons:
	- Reset
	- WiFi (rfkill)
	- WPS
  * LEDs:
	- Power (amber/green)
	- WAN (amber/green)
	- WLAN 2G (green)
	- WLAN 5G (blue)
	- 4 x LAN (amber/green)
	- USB (green)
	- WPS (green)
  * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
  * Power supply: DC 12V 1.5A
  * MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2

Important Notes
===============
0. NOR Flash (2 MiB) is not touched by OpenWrt installation.
1. NAND Flash (128 MiB) layout under OpenWrt is changed as follows:
   all space is split between 4 MiB kernel and 124 MiB UBI areas;
   vendor partitions (language and mtdoops) are removed; kernel space
   size can be further expanded if needed; maximum image size is set
   to 25600k for compatibility reasons and can also be increased.
2. CPU clock is 775 MHz, not 750 MHz.
3. 5 GHz wireless radio chip is Atheros AR9580-AR1A with bogus PCI
   device ID 0xabcd. For ath9k driver to load successfully, this is
   overriden in DTS with correct value for this chip, 0x0033.
4. RFKILL button is wired to AR9580 pin 9 which is normally disabled
   by chip definition in ath9k code (0x0000F4FF gpio mask). Therefore
   'qca,gpio-mask=<0xf6ff>' hack must be used for button to work
   properly.
5. USB port is always on, no GPIO for 5V power control has been
   identified.

Installation
============
  * TFTP recovery
  * TFTP via U-boot prompt
  * sysupgrade
  * Web interface

Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_nand=y
CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr4300-v2=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-01-15 20:55:56 +01:00
Michal Cieslakiewicz
4a0a1fc91c mac80211: ath9k: add GPIO mask dts property
This patch adds 'qca,gpio-mask=<u32>' device tree property to ath9k node.
This optional setting is a hack and should only be used in very special
(and rare) cases when a button or LED is wired to a GPIO pin normally
masked out (due to being one-way etc). Netgear WNDR4300 v2 is one such
example - it uses GPI9 for RFKILL.

See ath9k/reg.h *_GPIO_MASK constants.

Use with caution and expect to see stream of kernel warnings if wrong
mask value is provided.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-01-15 20:55:31 +01:00
Maxim Storchak
5f07b6f367 zram-swap: support swap priority
If zram-backed swap is added after an existing swap, it gets a lower
priority. Assiming that usually all other swaps are slower, there should
be a way to assign a higher priority to zram swap.

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2020-01-15 20:49:00 +01:00
Rosen Penev
475a504dbc perf: Add libunwind only if selected
The depends are totally wrong. libunwind does not work with powerpc and
i386 as it needs glibc.

Instead of duplicating the platforms, just change the dependency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-15 20:34:16 +01:00
Florian Eckert
ee2014e680 uhttpd: add enable instance option
With this change it is now possible to switch off single instances of
the uhttpd config. Until now it was only possible to switch all
instances of uhttpd on or off.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-15 20:16:42 +01:00
Kyle Copperfield
0fcb4a3981 hostapd: add wpa_strict_rekey support
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Rekey GTK on STA disassociate

Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2020-01-15 20:13:49 +01:00
Kyle Copperfield
30c64825c7 hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_required
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Allows dtim_period to be configurable, the default is from hostapd.
Adds additional regulatory tunables for power constraint and spectrum
managment.

Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2020-01-15 20:13:44 +01:00
Kyle Copperfield
0da193ee69 dropbear: move failsafe code out of base-files
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Failsafe code of dropbear should be in the dropbear package not the
base-files package.

Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2020-01-15 20:04:06 +01:00
Linus Walleij
f704f97e4c busybox: Include hdparm by default on nas type device
NAS devices certainly need to have hdparm to configure
things like spin-down time or their disks will be
constantly spinning. Just catenate CONFIG_HDPARM=y
on these configs.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2020-01-15 19:57:27 +01:00
Eneas U de Queiroz
9b25f833eb cryptodev-linux: remove DEFAULT redefinition
The 'DEFAULT:=m if ALL' line prevents the phase1 buildbots from building
the package, and users from downloading it, since they use 'ALL_KMODS=y'
but 'ALL' is not set.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-01-15 19:31:08 +01:00
Felix Fietkau
866790fd82 mac80211: fix MAC address allocations if the local bit is set on the base addr
If it's set, don't subtract 1 from the interface index encoded into the first
byte of the address

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-15 15:36:26 +01:00
Jo-Philipp Wich
b070101c50 valgrind: do not strip internal preload libraries and executables
Implement the suggestions laid out in README_PACKAGERS, mainly by preventing
the stripping of the internal vgpreload*.so libraries.

Also retain the symbol information of valgrind's private helper executables
and enable LTO as suggested in the packagers readme.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-14 17:52:34 +01:00
Xu Wang
44304c1d67 base-files: fix build for /sbin/pkg_check
Setting CONFIG_IPK_FILES_CHECKSUMS=y causes sha256 checksum files to be
included with the packages to check for corruption. This commit fixes two
issues:
- /sbin/pkg_check was being removed incorrectly if IPK_FILES_CHECKSUMS=y
- checksums were being saved in the wrong file

Signed-off-by: Xu Wang <xwang1498@gmx.com>
2020-01-14 17:52:34 +01:00
David Lam
22b07ff73e hostapd: add support for subject validation
The wpa_supplicant supports certificate subject validation via the
subject match(2) and altsubject_match(2) fields. domain_match(2) and
domain_suffix_match(2) fields are also supported for advanced matches.
This validation is especially important when connecting to access
points that use PAP as the Phase 2 authentication type. Without proper
validation, the user's password can be transmitted to a rogue access
point in plaintext without the user's knowledge. Most organizations
already require these attributes to be included to ensure that the
connection from the STA and the AP is secure. Includes LuCI changes via
openwrt/luci#3444.

From the documentation:

subject_match - Constraint for server certificate subject. This substring
is matched against the subject of the authentication server certificate.
If this string is set, the server sertificate is only accepted if it
contains this string in the subject. The subject string is in following
format: /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as
.example.com

subject_match2 - Constraint for server certificate subject. This field is
like subject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST
tunnel) authentication.

altsubject_match - Constraint for server certificate alt. subject.
Semicolon separated string of entries to be matched against the
alternative subject name of the authentication server certificate. If
this string is set, the server sertificate is only accepted if it
contains one of the entries in an alternative subject name extension.
altSubjectName string is in following format: TYPE:VALUE Example:
EMAIL:server@example.com Example:
DNS:server.example.com;DNS:server2.example.com Following types are
supported: EMAIL, DNS, URI

altsubject_match2 - Constraint for server certificate alt. subject. This
field is like altsubject_match, but used for phase 2 (inside
EAP-TTLS/PEAP/FAST tunnel) authentication.

domain_match - Constraint for server domain name. If set, this FQDN is
used as a full match requirement for the
server certificate in SubjectAltName dNSName element(s). If a
matching dNSName is found, this constraint is met. If no dNSName
values are present, this constraint is matched against SubjectName CN
using same full match comparison. This behavior is similar to
domain_suffix_match, but has the requirement of a full match, i.e.,
no subdomains or wildcard matches are allowed. Case-insensitive
comparison is used, so "Example.com" matches "example.com", but would
not match "test.Example.com". More than one match string can be
provided by using semicolons to
separate the strings (e.g., example.org;example.com). When multiple
strings are specified, a match with any one of the values is considered
a sufficient match for the certificate, i.e., the conditions are ORed
together.

domain_match2 - Constraint for server domain name. This field is like
domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel)
authentication.

domain_suffix_match - Constraint for server domain name. If set, this
FQDN is used as a suffix match requirement for the AAA server
certificate in SubjectAltName dNSName element(s). If a matching dNSName
is found, this constraint is met. If no dNSName values are present,
this constraint is matched against SubjectName CN using same suffix
match comparison. Suffix match here means that the host/domain name is
compared one label at a time starting from the top-level domain and all
the labels in domain_suffix_match shall be included in the certificate.
The certificate may include additional sub-level labels in addition to
the required labels. More than one match string can be provided by using
semicolons to separate the strings (e.g., example.org;example.com).
When multiple strings are specified, a match with any one of the values
is considered a sufficient match for the certificate, i.e., the
conditions are ORed together. For example,
domain_suffix_match=example.com would match test.example.com but would
not match test-example.com. This field is like domain_match, but used
for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication.

domain_suffix_match2 - Constraint for server domain name. This field is
like domain_suffix_match, but used for phase 2 (inside
EAP-TTLS/PEAP/FAST tunnel) authentication.

Signed-off-by: David Lam <david@thedavid.net>
2020-01-14 17:46:27 +01:00
Felix Fietkau
b1a1c222c9 mac80211: fix list_phy_interfaces for multiple wiphys on the same device
Network interfaces are looked up based on the device behind a phy, so the
phy needs to be checked separately

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:57:13 +01:00
Felix Fietkau
9501469e11 mac80211: fix a page refcounting issue leading to leaks/crashes in rx A-MSDU decap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:56:59 +01:00
Felix Fietkau
d5b3024139 mac80211: fix sta TID stats leak on a few nl80211 calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:56:54 +01:00
Felix Fietkau
fe1818cdbc mac80211: renumber subsys patches accepted upstream
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:56:46 +01:00
Florian Eckert
0f33c6b74a base-files: use jshn lib for ubus sysupgrade argument generation
With this change the well known jshn library will be used, to build the
json arguments for the ubus sysupgrade method. This is also used in all
other shell program that uses JSON. This commit unifies that.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-14 00:06:03 +01:00
Petr Štetiar
3d62463755 rpcd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:44 +01:00
Petr Štetiar
2b28358a37 odhcpd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 odhcpd-ipv6only Installed-Size: 36821 -> 38216

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:40 +01:00
Petr Štetiar
9c628cc76c procd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 procd Installed-Size: 44931 -> 47362

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:35 +01:00
Petr Štetiar
d38dd6e1ef ubus: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 ubus  Installed-Size:  5602 ->  5950
 ubusd Installed-Size: 11643 -> 12119

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:03 +01:00
Hauke Mehrtens
a2571f3c81 uhttpd: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 39% uncompressed and 21% compressed
on MIPS BE.

old:
33,189 /usr/sbin/uhttpd
23,016 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk

new:
46,212 /usr/sbin/uhttpd
27,979 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hauke Mehrtens
6b2379d048 hostapd: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 26% uncompressed and 16% compressed
on MIPS BE.

old:
460,933 /usr/sbin/wpad
283,891 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk

new:
584,508 /usr/sbin/wpad
330,281 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hauke Mehrtens
7ab6613026 dropbear: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 18% uncompressed and 17% compressed
on MIPS BE.

old:
164,261 /usr/sbin/dropbear
 85,648 dropbear_2019.78-2_mips_24kc.ipk

new:
194,492 /usr/sbin/dropbear
100,309 dropbear_2019.78-2_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hauke Mehrtens
dae0ac7770 dnsmasq: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 37% uncompressed and 18% compressed
on MIPS BE.

old:
146,933 /usr/sbin/dnsmasq
101,837 dnsmasq_2.80-14_mips_24kc.ipk

new:
202,020 /usr/sbin/dnsmasq
120,577 dnsmasq_2.80-14_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hans Dedecker
3446702cdb ethtool: bump to 5.4
7dc0af7 Release version 5.4.
914912e ethtool: add 0x16 and 0x1c extended compliance codes
600b779 ethtool: mark 10G Base-ER as SFF-8472 revision 10.4 onwards
696565d ethtool: correctly interpret bitrate of 255
2941970 fix unused parameter warning in e1000_get_mac_type()
5e814f2 fix unused parameter warning in fjes_dump_regs()
b1a5279 fix unused parameter warning in ixgb_dump_regs()
6608751 fix unused parameter warning in ibm_emac_dump_regs()
1c30119 fix unused parameter warning in et131x_dump_regs()
a56aba4 fix unused parameter warning in amd8111e_dump_regs()
f40d32d fix unused parameter warning in fec_dump_regs()
8b84f1a fix unused parameter warning in at76c50x_usb_dump_regs()
f725f5a fix unused parameter warning in smsc911x_dump_regs()
a12cd66 fix unused parameter warning in e1000_dump_regs()
e058656 fix unused parameter warning in igb_dump_regs()
debac02 fix unused parameter warning in de2104[01]_dump_regs()
d434eea fix unused parameter warning in e100_dump_regs()
8df12f3 fix unused parameter warning in vioc_dump_regs()
92d716b fix unused parameter warning in tg3_dump_{eeprom, regs}()
211c99e fix unused parameter warning in fec_8xx_dump_regs()
362fb8b fix unused parameter warning in ixgbevf_dump_regs()
87903c2 fix unused parameter warning in st_{mac100, gmac}_dump_regs()
c1eaddf fix unused parameter warning in vmxnet3_dump_regs()
313c9f8 fix unused parameter warning in dsa_dump_regs()
183e8a2 fix unused parameter warning in {skge, sky2}_dump_regs()
7f84c13 fix unused parameter warning in lan78xx_dump_regs()
02d0aaa fix unused parameter warning in realtek_dump_regs()
726d607 fix unused parameter warning in ixgbe_dump_regs()
967177c fix unused parameter warning in netsemi_dump_eeprom()
710a414 fix unused parameter warning in natsemi_dump_regs()
283398a fix unused parameter warning in print_simple_table()
0404267 fix unused parameter warning in sfc_dump_regs()
57c7298 fix unused parameter warning in altera_tse_dump_regs()
302e91a fix unused parameter warning in dump_eeprom()
2054a8c fix unused parameter warning in find_option()
d5432a9 fix unused parameter warnings in do_version() and show_usage()
c430e75 fix arithmetic on pointer to void is a GNU extension warning
e568431 ethtool: implement support for Energy Detect Power Down
e391f4c ethtool: sync ethtool-copy.h: adds support for EDPD

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-01-12 22:19:37 +01:00
Adrian Schmutzler
97940f8766 kernel: remove obsolete kernel version switches
After kernel 4.9 has been removed, this removes all (now obsolete)
kernel version switches that deal with versions before 4.14.

Package kmod-crypto-iv is empty now and thus removed entirely.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-12 16:34:20 +01:00
Tom Brouwer
2090b8af0a ipq40xx: add support for EZVIZ CS-W3-WD1200G EUP
Hardware:
SOC:    Qualcomm IPQ4018
RAM:	128 MB Nanya NT5CC64M16GP-DI
FLASH:  16 MB Macronix MX25L12805D
ETH:    Qualcomm QCA8075 (4 Gigabit ports, 3xLAN, 1xWAN)
WLAN:   Qualcomm IPQ4018 (2.4 & 5 Ghz)
BUTTON: Shared WPS/Reset button
LED:    RGB Status/Power LED
SERIAL: Header J8 (UART, Left side of board). Numbered from
        top to bottom:
        (1) GND, (2) TX, (3) RX, (4) VCC (White triangle
        next to it).
        3.3v, 115200, 8N1

Tested/Working:
* Ethernet
* WiFi (2.4 and 5GHz)
* Status LED
* Reset Button (See note below)

Implementation notes:
* The shared WPS/Reset button is implemented as a Reset button
* I could not find a original firmware image to reverse engineer, meaning
currently it's not possible to flash OpenWrt through the Web GUI.

Installation (Through Serial console & TFTP):
1. Set your PC to fixed IP 192.168.1.12, Netmask 255.255.255.0, and connect to
one of the LAN ports
2. Rename the initramfs image to 'C0A8010B.img' and enable a TFTP server on
your pc, to serve the image
2. Connect to the router through serial (See connection properties above)
3. Hit a key during startup, to pause startup
4. type `setenv serverip 192.168.1.12`, to set the tftp server address
5. type `tftpboot`, to load the image from the laptop through tftp
6. type `bootm` to run the loaded image from memory
6. (If you want to return to stock firmware later, create an full MTD backup,
e.g. using instructions here https://openwrt.org/docs/guide-user/installation/generic.backup#create_full_mtd_backup)
7. Transfer the 'sysupgrade' OpenWrt firmware image from PC to router, e.g.:
`scp xxx-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/upgrade.bin`
8. Run sysupgrade to permanently install OpenWrt to flash: `sysupgrade -n /tmp/upgrade.bin`

Revert to stock:
To revert to stock, you need the MTD backup from step 6 above:
1. Unpack the MTD backup archive
2. Transfer the 'firmware' partition image to the router (e.g. mtd8_firmware.backup)
3. On the router, do `mtd write mtd8_firmware.backup firmware`

Signed-off-by: Tom Brouwer <tombrouwer@outlook.com>
[removed BOARD_NAME, OpenWRT->OpenWrt, changed LED device name to board name]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-12 15:57:58 +01:00
Tobias Schramm
b16e5517b5 kernel: add kmod packages for Broadcom bcm53xxx switch support
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
2020-01-12 14:12:50 +01:00
Kevin Darbyshire-Bryant
35ba9304c6 kmod-sched-cake: bump to 20200110
Keep up with a small amount of churn in the upstream repository.
Upstream now represents the version of CAKE as found in the linux kernel
from 4.19 onwards but with some compatibility stubs to allow building on
<4.19.

After a diversion related to an experimental ECN implementation which
has now been reverted, the important and relevant changes for us are:

8a8946b sch_cake: avoid possible divide by zero in cake_enqueue()
183b320 RFC 8622 diffserv3, 4 & 8 LE PHB support
6ff4561 sch_cake: Make sure we can write the IP header before changing DSCP bits
9fba602 sch_cake: Use tc_skb_protocol for getting packet protocol

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-01-11 08:35:23 +00:00
Jason A. Donenfeld
7936cb94a9 wireguard-tools: bump to 1.0.20200102
* systemd: update documentation URL
* global: bump copyright

Usual house keeping.

* Makefile: DEBUG_TOOLS -> DEBUG and document
* Makefile: port static analysis check
* dns-hatchet: adjust path for new repo layout
* Makefile: rework automatic version.h mangling

These are some important-ish cleanups for downstream package maintainers that
should make packaging this a lot smoother.

* man: add documentation about removing explicit listen-port

Documentation improvement.

* wg-quick: linux: quote ifname for nft

This should fix issues with weirdly named ifnames and odd versions of nft(8).

* fuzz: find bugs in the config syntax parser
* fuzz: find bugs when parsing uapi input

These are two fuzzers that have been laying around without a repo for a while.
Perhaps somebody with enough compute power will find bugs with them.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-09 18:54:24 +01:00
Jason A. Donenfeld
62c2199bd8 wireguard: bump to 0.0.20200105
* socket: mark skbs as not on list when receiving via gro

Certain drivers will pass gro skbs to udp, at which point the udp driver
simply iterates through them and passes them off to encap_rcv, which is
where we pick up. At the moment, we're not attempting to coalesce these
into bundles, but we also don't want to wind up having cascaded lists of
skbs treated separately. The right behavior here, then, is to just mark
each incoming one as not on a list. This can be seen in practice, for
example, with Qualcomm's rmnet_perf driver. This lead to crashes on
OnePlus devices and possibly other Qualcomm 4.14 devices. But I fear
that it could lead to issues on other drivers on weird OpenWRT routers.

This commit is upstream in net-next as:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=736775d06bac60d7a353e405398b48b2bd8b1e54

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-09 18:54:24 +01:00
Daniel Golle
6a28552120 dnsmasq: add uci-defaults script for config migration
When running sysupgrade from an existing configuration, UCI option
dhcp.@dnsmasq[0].resolvfile needs to be modified in case it has not
been changed from it's original value.
Accomplish that using a uci-defaults script.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-09 15:37:53 +02:00
David Bauer
ab16adf80b hostapd: disable ft_psk_generate_local for non-PSK networks
Without this commit, ft_psk_generate_local is enabled for non-PSK
networks by default. This breaks 802.11r for EAP networks.

Disable ft_psk_generate_local by default for non-PSK networks resolves
this misbehavior.

Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net>
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Martin Weinelt <martin@darmstadt.freifunk.net>
2020-01-09 01:01:20 +01:00
Adrian Schmutzler
28fd4ac512 ixp4xx: remove unmaintained target
This target is still on kernel 4.9, and it looks like there is no
active maintainer for this target anymore.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-08 16:45:08 +01:00
Adrian Schmutzler
4bc92c1e75 ar7: remove unmaintained target
This target seems to have been unmaintained for quite a while, and not a
single tester for the (now outdated) kernel 4.14 patches has been found.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-08 16:45:08 +01:00
Hauke Mehrtens
90740f52e9 ar7: update kernel to version 4.14
This adds support for kernel 4.14 to the target and directly make it the
default kernel version to use.

This patch is build-tested only, but has never been device-tested. It is
only added to preserve the changes in Git history prior to removing this
target. Use it with care.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[rebased and extended commit message, refreshed patches for 4.14.162]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-08 16:45:08 +01:00
Matthias Schiffer
41c19dd542
ethtool: fix PKG_CONFIG_DEPENDS
Add missing CONFIG_ prefix.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-01-07 20:53:31 +01:00
Matthias Schiffer
9924db5b37
iperf: fix PKG_CONFIG_DEPENDS
Fix typo in PKG_CONFIG_DEPENDS and missing CONFIG_ prefix.

Fixes: e98e046f06 ("iperf: Allow enabling multicast support")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-01-07 20:52:23 +01:00
Daniel Golle
2e3cf4500b dnsmasq: bump PKG_RELEASE
Previous commit should have bumped PKG_RELEASE, but git add was
forgotten... Add it now.

Fixes: cd48d8d342 ("dnsmasq: switch to /tmp/resolv.conf.d/resolv.conf.auto")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-07 15:44:16 +02:00
Daniel Golle
cd48d8d342 dnsmasq: switch to /tmp/resolv.conf.d/resolv.conf.auto
Mount-bind directory instead of resolv.conf.auto file in jail to
avoid problems when the file is deleted/replaced.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-07 15:37:22 +02:00
Daniel Golle
5e1604477a netifd: move /tmp/resolv.conf.auto to /tmp/resolv.conf.d/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-07 15:36:59 +02:00
Daniel Golle
fedc5d30ae base-files: move /tmp/resolv.conf.auto to /tmp/resolv.conf.d/
Having it in a directory it more friendly for mount-bind.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-07 15:36:03 +02:00
Hauke Mehrtens
414d054138 dnsmasq: Fix potential dnsmasq crash with TCP
This is a backport from the dnsmasq master which should fix a bug which
could cause a crash in dnsmasq.

I saw the following crashes in my log:
[522413.117215] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from 2a001450
[522413.124464] epc = 004197f1 in dnsmasq[400000+23000]
[522413.129459] ra  = 004197ef in dnsmasq[400000+23000]
This is happening in blockdata_write() when block->next is
dereferenced, but I am not sure if this is related to this problem or if
this is a different problem. I am unable to reproduce this problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-06 17:44:22 +01:00
Hauke Mehrtens
2d80f7e836 rpcd: Update to version 2020-01-05
efe51f4 iwinfo: add current hw and ht mode to info call

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:21:48 +01:00
Hauke Mehrtens
8fb6be73b5 iwinfo: Update to version 2020-01-05
bf2c106 nl80211: add htmode to iwinfo_ops

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:19:37 +01:00
Hauke Mehrtens
05145ffbef uclient: Update to version 2020-01-05
fef6d3d uclient: Add string error function

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:04:37 +01:00
Hauke Mehrtens
ccd7e2dfb2 ustream-ssl: Update to version 2020-01-05
30cebb4 ustream-ssl: mbedtls: fix ssl client verification
77de09f ustream-ssl: mbedtls: fix net_sockets.h include warning

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:04:37 +01:00
Hauke Mehrtens
5877280463 ubus: Update to version 2020-01-05
d35df8a ubus: make libubus ready for linking into C++

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:04:37 +01:00
Andrea Dalla Costa
52f0b0913d ead: fix resource leak in tinysrp
Add call to fclose for file pointer fp in function t_openpw.
The resource leak could happen during an error handling.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-05 19:36:46 +01:00
DENG Qingfang
983605e61f pppd: update to 2.4.8
78cd384 Update README and patchlevel.h for 2.4.8 release
5d03403 pppd: Avoid use of strnlen (and strlen) in vslprintf
a1e950a pppd: Fix IPv6 default route code for Solaris
ca5e61b plugins/rp-pppoe: Make tag parsing loop condition more accurate
c10c3c7 pppd: Make sure word read from options file is null-terminated
b311e98 pppd: Limit memory accessed by string formats with max length specified
3ea9de9 pppd: Eliminate some more compiler warnings
57edb1a pppd: Include time.h header before using time_t
09f695f pppd: Don't free static string
03104ba pppd.h: Add missing headers
388597e pppd: Add defaultroute6 and related options
66ce4ba pppd: Avoid declarations within statements in main.c
5637180 pppd: Fix `ifname` option in case of multilink (#105)
d00f8a0 pppd: Fix variable reference syntax in Makefile.linux
b6b4d28 pppd: Check tdb pointer before closing

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-01-05 19:36:45 +01:00
Matt Merhar
3d7f76383f dropbear: add missing zlib dependency for dropbearconvert
If CONFIG_DROPBEAR_ZLIB is set, building fails at the packaging stage
due to an undeclared dependency on libz.so.1.

As is already done for the main dropbear package, conditionally add a
dependency on zlib.

Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
2020-01-05 19:36:45 +01:00
Rosen Penev
c2ef6c2148 nettle: Disable ARMEB assembly
It's broken for ARMv5, which is the only armeb target in OpenWrt.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-05 19:36:45 +01:00
Rosen Penev
d040851a6f trace-cmd: Fix compilation without fortify-headers
Upstream backport.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-05 19:36:45 +01:00
Rosen Penev
121ad10601 lldpd: Fix compilation without fortify-headers
Upstream backport.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-05 19:36:45 +01:00
Josef Schlehofer
43eb93441f e2fsprogs: update to version 1.45.4
Removed backported patch

Release notes: http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.4

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-01-05 19:36:45 +01:00
Rosen Penev
c84a3458aa libcxx: Remove -flto from LDFLAGS
It seems the buildbots can't handle it.

Added a cmake option to find the cxxabi files as they are part of the
toolchain and not in the normal path. It doesn't seem to make a
difference, just gets rid of cmake warnings.

Added another small GCC warning fix. It's fairly minor.

This has no change in compiled size, and most likely no change in
behavior. Bumped the PKG_RELEASE anyway.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-05 19:36:45 +01:00
Josef Schlehofer
9a3b10b449 strace: update to version 5.4
Changelog: https://strace.io/files/5.4/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-01-05 19:36:45 +01:00
Christian Lamparter
1e27befe63 mac80211: remove ath10k_pci memory hacks
These two hacks are no longer necessary as they've
been moved to a special variant of kmod-ath10k-ct.

So, if you have a device suffering from low-memory
situation and getting applications crashes due to
the OOM reaper or kernel panics with ath10k, please
use the "kmod-ath10k-ct-smallbuffers" package from
now on.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-05 19:02:55 +01:00
Jo-Philipp Wich
22a178e892 fstools: update to latest Git HEAD
823faa0 block: re-discover mtd devices on extroot mount retry

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-05 18:40:22 +01:00
Petr Štetiar
059505d614 procd: update to version 2020-01-04
a5af33ce9a16 instance: strdup string attributes
d2e8bf6ef7cf system: watchdog_set: fix misleading indentation
9814807bd71c system: sysupgrade: fix possibly misleading error
c7a2db3c1eb6 system: sysupgrade: rework firmware validation
ea45c4a0f07c system: fix failing image validation due to EINTR
4fde95506243 cmake: fix lookup of external libraries

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 14:13:01 +01:00
Petr Štetiar
cf3da66d2c base-files: sysupgrade: exit if the firmware download failed
Sysupgrade process shouldn't continue if the firmware image couldn't be
downloaded.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020940.html
Reported-by: Petr Novák <petrn@me.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 14:13:01 +01:00
Florian Fainelli
e98e046f06 iperf: Allow enabling multicast support
iperf2 is useful for testing UDP over multicast, add an option to permit
the enabling/disabling of multicast support.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2020-01-03 20:30:09 -08:00
David Bauer
1de8fc93ca mt76: update to the latest version
38f4c57 mt76: mt76x0: fix default mac address overwrite

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-01-03 17:44:23 +01:00
Rosen Penev
9f7d36d1a9 libcxx: Add size optimizations
Changed standard to 2a. 2a (as well as 17) contain more constexpr
functions, which are evaluated at compile time. This saves space.

Added --gc-sections. With the CXXABI change, this now makes the package
smaller.

With these, size went down to 210845 on mipsel_24kc.

Also fixed two small compiler warnings. No real change in behavior.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-01 16:59:32 +01:00
Rosen Penev
1f8ab1c640 libcxx: Build with the libsupc++ ABI
Allows proper exception handling. This includes removing unimplemented
warnings.

File size increased as a result:

Before:

182874

After:

211006

On mipsel_24kc.

Note that this requires libsupc++ anyway. It's specified in g++-libcxx.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-01 16:59:13 +01:00
Hans Dedecker
051b9a144f ubox: update to version 2019-12-31
0e34af1 kmodloader: added -a arg to modprobe

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-31 14:35:35 +01:00
Jo-Philipp Wich
0590d74db2 Revert "iptables: update to 1.8.4"
This reverts commit 10cbc896c0.

The updated iptables package does not build due to the following error
encountered on the buildbots:

    cp: cannot stat '.../iptables-1.8.4/ipkg-install/usr/lib/libiptc.so.*': No such file or directory

The changelog mentions "build: remove -Wl,--no-as-needed and libiptc.so" so
it appears as if further packaging changes are needed beyond a simple
version bump.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-30 23:07:29 +01:00
DENG Qingfang
10cbc896c0 iptables: update to 1.8.4
Update iptables to 1.8.4

ChangeLog:
  https://netfilter.org/projects/iptables/files/changes-iptables-1.8.4.txt

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-12-30 21:14:31 +01:00
Daniel Golle
37929ddb70 procd: fix running jailed non-root process
Setting user and group for a jailed process caused the jail not to
come up. Fix this by passing user and group to ujail and change
user only once the jail has been setup.
This allows jailing services which refuse to run as root user.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-12-30 20:32:10 +02:00
David Bauer
3026cfe172 iwinfo: update to 2019-12-27
a6f6c05 nl80211: properly handle netdev names starting with "radio"
31dcef3 iwinfo: add several QC/A device ids

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-12-30 15:09:30 +01:00
David Bauer
985ec835ae rt2x00: add throughput LED trigger
This adds a (currently missing) throughput LED trigger for the rt2x00
driver. Previously, LED triggers had to be assigned to the netdev, which
was limited to a single VAP.

Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Christoph Krapp <achterin@googlemail.com>
2019-12-30 13:09:14 +02:00
Petr Štetiar
e3e939d8e6 libubox: update to version 2019-12-28
Fixes startup issues of some services in procd and bumps ABI_VERSION to 20191228.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020840.html
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-28 21:28:09 +01:00
Hans Dedecker
3fe29ffa7b ubox: update to latest git HEAD
b30e0df kmodloader: print an error when no kernel module dir can be found
17689b6 logread: add option to filter for facilities
c9ffeac kmodloader: added -v arg to modeprobe

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-28 21:25:56 +01:00
Álvaro Fernández Rojas
f8424b1b26 brcm2708-userland: add new package with RPi utils
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-12-28 15:31:50 +01:00
Petr Štetiar
36bace78b7 ubus: update to version 2019-12-27
Fixes socket descriptor passing and bumps ABI_VERSION to 20191227.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020840.html
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-28 08:09:50 +01:00
Jason A. Donenfeld
ea980fb9c6 wireguard: bump to 20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-27 16:34:27 +01:00
Felix Fietkau
ba164533e2 mt76: update to the latest version
2a0a19168dce mt7603: remove vif sta from poll list on interface remove
dc14ac64e7f3 mt7615: remove vif sta from poll list on interface remove
d868638fdd96 mt76: remove obsolete .add_buf() from struct mt76_queue_ops
50b1e9bd25cd mt76: refactor cc_lock locking scheme
1987b741dac2 mt76: mt76x0: remove 350ms delay in mt76x0_phy_calibrate
c93a2d1c1304 mt76: mt76x02u: update ewma pkt len in mt76x02u_tx_prepare_skb
58e1e969f03e mt76: mt7615: remove unneeded semicolon
c14d6563c492 mt76: mt76x2e: disable pcie_aspm by default
f2be00b1011a mt76: dma: fix buffer unmap with non-linear skbs
20f05897873a mt76: mt76u: rely on usb_interface instead of usb_dev
3cbaf81a185e mt76: mt76u: rely on a dedicated stats workqueue
ea19cd7ac6c6 mt76: Remove set but not used variable 'idx'
a85c06cec844 mt76: use mt76_dev in mt76_is_{mmio,usb}
e0731a82a14f mt76: move SUPPORTS_REORDERING_BUFFER hw property in mt76_register_device
cfdb75124e7c mt76: mt7615: add ibss support
e2f90adcc3b1 mt76: move interface_modes definition in mt76_core module
5dfb0ec9c6d1 mt76: mt7615: disable radar pattern detector during scanning
7121e163c068 mt76: fix possible out-of-bound access in mt7615_fill_txs/mt7603_fill_txs
db78ee08d95e mt76: move mt76_get_antenna in mt76_core module
faf5e6fedd7e mt76: mt7615: read {tx,rx} mask from eeprom
44825e88a42d mt76: use rcu_read_lock_bh in mt76_dma_rx_poll
af83ee8de928 mt76: move initialization of some struct members to mt76_alloc_device
6493e234b40d mt76: introduce struct mt76_phy
ea46624355ec mt76: add support for an extra wiphy in the rx path
c5f1e83e30d4 mt76: add support for an extra wiphy in the main tx path
1d8011871458 mt76: add support for an extra wiphy in the tx status path
e5e755a7a6b0 mt76: add support for an extra wiphy in mt76_sta_state()
ee36c8e2170f mt76: move channel state to struct mt76_phy
d246beb23350 mt76: keep a set of software tx queues per phy
a3e88bcf17e8 mt76: move state from struct mt76_dev to mt76_phy
9cda51d195db mt76: move chainmask back to driver specific structs
df74d6993383 mt76: move txpower_conf back to driver specific structs
9e95fa6208a2 mt76: move txpower and antenna mask to struct mt76_phy
502d09a6e806 mt76: add multiple wiphy support to mt76_get_min_avg_rssi
842cae558b82 mt76: add priv pointer to struct mt76_phy
8ca04846857b mt76: add function for allocating an external wiphy
04cd17a64520 mt76: add ext_phy field to struct mt76_wcid
1c8d69e7d666 mt76: move ampdu_ref from mt76_dev to driver struct
e6659d12d01e mt76: mt7615: add dual-phy support for mac80211 ops
e5ea72ac7158 mt76: mt7615: add multiple wiphy support for smart carrier sense
bdcd45dd04e0 mt76: mt7615: add missing register init for dual-wiphy support
0954c37d015f mt76: mt7615: remove useless MT_HW_RDD0/1 enum
705a0fcdc3a5 mt76: mt7615: add multiple wiphy support to the dfs support code
849fefacc48a mt76: mt7615: rework chainmask handling
caa47af1d6f2 mt76: mt7615: add multiple wiphy support to the rx path
c5585a735864 mt76: mt7615: initialize dbdc settings on interface add
6265fd1954d7 mt76: mt7615: move radio/mac initialization to .start/stop callbacks
5725d1f919ff mt76: mt7615: select the correct tx queue for frames sent to the second phy
993683d62fb7 mt76: mt7615: add support for registering a second wiphy via debugfs
1456a53ddeb3 mt76: mt7615: update beacon contents on BSS_CHANGED_BEACON
ea41ad8bdb36 mt76: mt7615: defer mcu initialization via workqueue
59de6c9447a7 mt7615: replace sta_state callback with sta_add/sta_remove
88db676f8517 mt76: fix rx dma ring descriptor state on reset
fff2c07193bb Revert "mt76: use rcu_read_lock_bh in mt76_dma_rx_poll"
b3bf83d6da1c mt76: disable bh in mt76_dma_rx_poll
efcbee1d8bfc mt76: mt76x0u: do not reset radio on resume
5dc6f6fcc027 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
84554a1fbb9a kernel: fix typos and some coding style in comments
a116b0a6afe9 mt76: fix possible undetected invalid MAC address
becdec318fce mt76: Off by one in mt76_calc_rx_airtime()
683eb244fa55 mt76: mt7603: reset STA_CCA counter setting the channel
812692db171c mt76: eeprom: add support for big endian eeprom partition
8b362382b10c mt76: mt7615: Fix build with older compilers
fc24815a2cb4 mt76: mt7615: report firmware version using ethtool
5cec93d57e6d mt76: mt76x02: fix coverage_class type
9354f0f41d1c mt76: mt7603: set 0 as min coverage_class value
a589d095eeb6 mt76: mt7615: add set_coverage class support
257c19f5b56f mt76: clear skb pointers from rx aggregation reorder buffer during cleanup
05c87a33831f mt76: do not overwrite max_tx_fragments if it has been set
05fa07c667f3 mt76: use AC specific reorder timeout
3ef5f3444a94 mt76: mt7615: measure channel noise and report it via survey
726fd501651a mt76: mt7615: increase MCU command timeout
99d8cd03edfa mt76: mt7603: fix input validation issues for powersave-filtered frames
32129af2604d net/wireless: Delete unnecessary checks before the macro call “dev_kfree_skb”
85a8abf80385 mt76: mt76x02: omit beacon slot clearing
8b5d3615e1c8 mt76: mt76x02: split beaconing
dc364547d91a mt76: mt76x02: add check for invalid vif idx
462a16e185e4 mt76: mt76x02: remove a copy call for usb speedup
fa24aba4c280 mt76: speed up usb bulk copy
6a84ad21306e mt76: mt76x02: add channel switch support for usb interfaces
09fcbc214b10 mt76: usb: use max packet length for m76u_copy
584c0784e019 mt76: mt76x02u: do not set NULL beacons
ca17e5657e8a mt76: mt76x02: minor mt76x02_mac_set_beacon optimization
d5fdd2e7ced8 mt76: mt7615: fix MT7615_CFEND_RATE_DEFAULT value
ae25a4bf99a9 mt76: mt7615: introduce LED support
cd759b00cc06 mt76: mt76x02: simplify led reg definitions
cf00467c5de4 mt76: mt7603: simplify led reg definitions
1c8e76f4de3e mt76: fix compilation warning in mt76_eeprom_override()
960f5cc2390b mt76: mt76u: fix endpoint definition order
15e1c29ed8e3 mt76: mt7615: add missing settings for simultaneous dual-band support
e09b9f61eeb3 mt76: mt7615: rework set_channel function
4cb1195a1530 mt76: mt7615: add set_antenna callback

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-12-27 16:08:13 +01:00
Eneas U de Queiroz
d5ede68f8b wolfssl: bump to 4.3.0-stable
This update fixes many bugs, and six security vulnerabilities, including
CVE-2019-18840.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-12-26 23:30:57 +01:00
Eneas U de Queiroz
3018c4c02f curl: rename cyassl->wolfssl
The old name was dropped and no longer works.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-12-26 23:30:33 +01:00
Petr Štetiar
7cb018c591 ubus: update to version 2019-12-19
Contains following changes:

 a1523d76b016 fix blob parsing vulnerability by using blob_parse_untrusted
 c60583743ccf ubus_monitor: workaround possibly false positive uses of memory after it is freed
 dac6c7c575ac ubusd_monitor: fix possible null pointer dereference
 060dfbb26da3 ubus_common: remove duplicate ARRAY_SIZE and add missing include
 c5f2053dfcfd workaround possibly false positive uses of memory after it is freed
 72be8e93f07d lua: ubus_lua_do_subscribe: fix copy&paste error
 a995b1e68129 lua: workaround false positive dereference of null pointer
 08f17c87a000 add fuzzer and cram based unit tests
 c413be9b376c refactor ubusd.c into reusable ubusd_library
 afd47189e864 examples: remove dead increments
 b2e544238672 add initial GitLab CI support
 058f4e9526ed libubus: fix incompatible pointer types assigment
 d2e026a33df8 iron out all extra compiler warnings
 5d7ca8309d0a ubusd/libubus-io: fix variable sized struct position warning
 d61282db5640 ubusd: fix comparison of integers of different signs
 90fb16234c22 cmake: enable extra compiler checks

and bumps ABI_VERSION to 20191219.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-26 08:54:42 +01:00
Petr Štetiar
2544cb1ba3 ucert: update to version 2019-12-19
14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted
19a7225ac018 fix leaking memory in cert_dump_blob
9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker
4462ff9dedfa add cram based unit tests
5fe64b5606aa cmake: split usign bits into static library
5d7626a2b6d8 cmake: reindent the file
e284ed941972 cmake: enable hardening compiler flags and fix the reported issues
7e5390666347 add initial GitLab CI support
fa0bf4ef45b1 cmake: add proper include and library dependencies

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-26 08:47:18 +01:00
Petr Štetiar
b9f3af7c89 libubox: update to version 2019-12-26
Contains following changes:

 eb7eb6393d47 blobmsg: fix array out of bounds GCC 10 warning
 86f6a5b8d1f1 blobmsg: reuse blobmsg_namelen in blobmsg_data
 586ce031eaa0 tests: fuzz: fuzz _len variants of checking methods
 b0e21553ae8c blobmsg: add _len variants for all attribute checking methods
 cd3059796a57 Replace use of blobmsg_check_attr by blobmsg_check_attr_len
 143303149c8b Ensure blob_attr length check does not perform out of bounds reads
 f2b2ee441adb blobmsg: fix heap buffer overflow in blobmsg_parse
 4dfd24ed88c4 blobmsg: make blobmsg_len and blobmsg_data_len return unsigned value
 2df6d35e3299 tests: add test cases for blobmsg parsing
 8a34788b46c4 test: fuzz: add blobmsg_check_attr crashes
 478597b9f9ae blob: fix OOB access in blob_check_type
 325418a7a3c0 tests: use blob_parse_untrusted variant
 0b24e24b93e1 blob: introduce blob_parse_untrusted
 6d27336e4a8b blob: refactor attr parsing into separate function
 833d25797b16 test: fuzz: add blob_parse crashes
 09ee90f8d6ed tests: add test cases for blob parsing
 436d6363a10b tests: add libFuzzer based tests
 bf680707acfd tests: add unit tests covered with Clang sanitizers
 f804578847de cmake: add more hardening compiler flags
 46f8268b4b5b blobmsg/ulog: fix format string compiler warnings
 eb216a952407 cmake: use extra compiler warnings only on gcc6+

and bumps ABI_VERSION to 20191226.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-26 08:41:37 +01:00
Kevin Darbyshire-Bryant
9cf9f903a3 wireguard: bump to 20191219
edad0d6 version: bump snapshot
0e38a3c compat: ipv6_dst_lookup_flow was backported to 5.3 and 5.4
2e52c41 wg-quick: linux: use already configured addresses instead of in-memory
3721521 tools: adjust wg.8 syntax for consistency in COMMANDS section
21a1498 wg-quick: linux: try both iptables(8) and nft(8) on teardown

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-12-24 20:53:32 +00:00
Hauke Mehrtens
80f06cb601 ath10k-firmware: Add kmod-ath10k-ct-smallbuffers to depends
Only select ath10k-ct-regular when smallbuffers version was not
selected.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-12-24 00:57:56 +01:00
Paul Fertser
1ac627024d kernel: ath10k-ct: provide a build variant for small RAM devices
According to many bugreports [0][1][2] the default ath10k-ct kernel
module is unusable on devices with just 64 MiB RAM or with 128 MiB and
dual ath10k cards. The target boards boot but eventually oom-killer
starts to interfere with normal operation, so the current state is
effectively broken.

Since the two patches in question have a performance impact (and
possibly some other unexpected side-effects) a dedicated build variant
is added so that users of the low RAM devices can still benefit from all
the ath10k-ct advantages.

According to testing [3] results, the issue can be experienced even with
"a 256MB device with three radios". Measured performance impact of
implementing small buffers was lowering "the maximum 5 GHz throughput on
an IPQ40xx device without RPS/XPS optimizations from 494/432 Mbit/s for
TCP transfers (download/upload) to 438/343 Mbit/s"

The patches were apparently inspired by QSDK tweaks used by ODMs for the
affected devices.

[0] http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020573.html
[1] https://github.com/openwrt/openwrt/pull/1077
[2] https://bugs.openwrt.org/index.php?do=details&task_id=2664
[3] https://github.com/freifunk-gluon/gluon/pull/1440#issue-195607701

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
[Remove double CONFIG_ATH10K-CT_LEDS entry]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-12-24 00:56:51 +01:00
Florian Fainelli
c715f71bce treewide: Remove self from MAINTAINER entries
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2019-12-23 13:18:04 -08:00
Álvaro Fernández Rojas
46c5880b0f brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-12-23 17:50:32 +01:00
Rosen Penev
fb19fb868c libcxx: Depenency fixes
Don't build with uClibc-ng. It's totally unsupported as several functions
are missing.

Make the musl libc support conditional.

Fix hash with make check FIXUP=1. Apparently I based the Makefile off of
libedit and forgot to fix the hash.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fixes: 856ea2bad3 ("libcxx: Add package")
2019-12-23 12:08:23 +01:00
Sungbo Eo
a22b7a60d9 kernel: fix *-gpio-custom module unloading
Unloading and reloading the modules fails, as platform_device_put() does not
release resources fully.

root@OpenWrt:/# insmod i2c-gpio-custom bus0=0,18,0,5
[  196.860620] Custom GPIO-based I2C driver version 0.1.1
[  196.871162] ------------[ cut here ]------------
[  196.880517] WARNING: CPU: 0 PID: 1365 at fs/sysfs/dir.c:31 0x80112158
[  196.893431] sysfs: cannot create duplicate filename '/devices/platform/i2c-gpio.0'
...
[  197.513200] kobject_add_internal failed for i2c-gpio.0 with -EEXIST, don't try to register things with the same name in the same directory.

This patch fixes it by replacing platform_device_put() to
platform_device_unregister().

Fixes: da77408537 ("i2c-gpio-custom: minor bugfix")
Fixes: 3bc81edc70 ("package: fix w1-gpio-custom package (closes #6770)")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2019-12-23 00:22:07 +01:00
Florian Eckert
432ec292cc rpcd: add respawn param
The rpcd service is an important service, but if the service stops
working for any reason, no one will ever respawn that service. With this
commit, the procd service will monitor if the rpcd service
is running. If the rpcd service has crashed, then
procd respawns the rpcd service.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-12-23 00:22:07 +01:00
Bjørn Mork
d034a1f457 adb: fix for SuperSpeed devices
The USB descriptor parsing in adb fails to detect SuperSpeed devices
because of the SuperSpeed Endpoint Companion Descriptor.  This
cherry-picks the upstream fix for the problem.

Unfortunately there never were a release with this fix before the
conversion to C++, so upgrading to a newer version isn't an option.

This makes adb work with SuperSpeed devices like the Sierra Wireless
EM7565.  Tested and verified.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
2019-12-23 00:22:07 +01:00
Maxim Storchak
dd299805ad ca-certificates: provide ca-certs by both ca-certificates and ca-bundle
- both packages provide ca-certs
- make ca-bundle the default provider

This should allow easy transition between these two forms of CA certificates storage

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2019-12-23 00:22:07 +01:00
Rosen Penev
856ea2bad3 libcxx: Add package
Currently in OpenWrt, there are two libc++: libstdcpp and uClibc++. The
former is huge and the latter supports only C++98 with some basic support
for C++11. Those C++ versions seem to be specific to the compiler version

libcxx supports C++11 and above while being much smaller than libstdcpp.
On mt7621, these are the sizes of the ipks that I get:

libstdcpp: 460786
libcxx: 182881
uClibc++:67720

libcxx is faster than uClibc++ and is under active development as part of
the LLVM project while uClibc++ is effectively dead.

This PR modifies uclibc++.mk to expose the make menuconfig option. Further
cleanup is beyond the scope of this PR. What that means is, this is not
used by default.

A g++-libcxx wrapper based on the uClibc++ one was added. Works the same
way.

Compile tested with all packages that use uclibc++.mk in their Makefiles
under mipsel_24kc. kismet fails compilation but that package needs to be
cleaned up and updated.

Runtime tested with gddrescue, gdisk, dcwapd, bonnie++, and aircrack-ng
on a TP-Link Archer C7v2.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-12-23 00:22:07 +01:00
Rosen Penev
fd211e1677 iperf: Fix compilation with libcxx
Avoids redefining bool.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-12-23 00:22:07 +01:00
Stefan Lippers-Hollmann
6598264266 ath10k-firmware: update Candela Tech firmware images
The release notes since last time for wave-1:

 * No changes to wave-1, but I make a version .014 copy anyway to keep
   the makefile in sync.

The release notes since last time for wave-2:

 * December 16, 2019: Wave-2 has a fix to make setting txpower work
                      better. Before setting the power was ignored at
                      least some of the time (it also appeared to work
                      mostly, so I guess it was being correctly set in
                      other ways).

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2019-12-23 00:21:46 +01:00
DENG Qingfang
36baba65ec linux-firmware: update to 20191215
Update linux-firmware to 20191215

git log --pretty=oneline --abbrev-commit 20190815..20191215

eefb5f7 inside-secure: add new "mini" firmware for the EIP197 driver
dd1a12e Merge branch 'RB3-adsp-cdsp-mss-v4' of https://github.com/andersson/linux-firmware
c523dcd WHENCE: Add raspberry-pi4 SDIO file
99a15a4 Merge branch 'rpi4-fw' of https://git.kernel.org/pub/scm/linux/kernel/git/matthias.bgg/linux-firmware
2260cbd Merge branch 'master' of https://github.com/dikshitaagarwal/video_firmware_5.4
4c688be Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
e10ed21 qcom: update venus firmware files for v5.4
af4c4be cxgb4: Update firmware to revision 1.24.11.0
f93c7a1 brcm: Add BCM43455 NVRAM for Raspberry Pi 4 B
212e441 qcom: Add SDM845 Compute DSP firmware
ec84cf9 qcom: Add SDM845 Audio DSP firmware
62d0a1a qcom: Add SDM845 modem firmware
e8a0f4c rtl_nic: add firmware rtl8168fp-3
9581f15 Merge branch 'nxp_mc' of https://github.com/NXP/linux-firmware
978c04e linux-firmware: Update NXP Management Complex firmware to version 10.18.0
c62c3c2 linux-firmware: Update firmware file for Intel Bluetooth AX201
6272383 linux-firmware: Update firmware file for Intel Bluetooth AX200
84a7ca5 linux-firmware: Update firmware file for Intel Bluetooth 9560
96c3994 linux-firmware: Update firmware file for Intel Bluetooth 9260
7319341 amdgpu: update navi14 vcn firmware
b363d9d amdgpu: update navi10 vcn firmware
f1100dd Merge branch 'ehl_tgl_guc_huc' of git://anongit.freedesktop.org/drm/drm-firmware
4debf21 i915: Add HuC firmware v7.0.3 for TGL
1eb2ac4 i915: Add GuC firmware v35.2.0 for TGL
4b0a210 i915: Add HuC firmware v9.0.0 for EHL
610fe75 i915: Add GuC firmware v33.0.4 for EHL
11bdc57 rtw88: RTL8723D: add firmware file v48
9e194c7 qed: Add firmware 8.40.33.0
4065643 amdgpu: add new navi14 wks gfx firmware for 19.30
d4f88ea amdgpu: update navi14 firmware for 19.30
ea755b6 amdgpu: update raven firmware for 19.30
340e06e linux-firmware: Add firmware file for Intel Bluetooth AX201
ad7a8b2 Mellanox: Add new mlxsw_spectrum2 firmware 29.2000.2308
e756bf3 Mellanox: Add new mlxsw_spectrum firmware 13.2000.2308
b27d123 rtl_nic: add firmware files for RTL8153
180e2b4 rtl_bt: Update configuration file for BT part of RTL8822CU
0acd93e bnx2x: Add FW 7.13.15.0.
2b016af linux-firmware: Update AMD cpu microcode
4c3e853 linux-firmware: Update firmware file for Intel Bluetooth AX200
7a79d22 linux-firmware: Update firmware file for Intel Bluetooth AX201
fdab23a linux-firmware: Update firmware file for Intel Bluetooth 9560
b68efd7 linux-firmware: Update firmware file for Intel Bluetooth 9260
aa95e90 amdgpu: add initial navi14 firmware form 19.30
c1ce20e rtlwifi: rtl8821ae: Add firmware for the RTL8812AE variant.
7d187ac ice: Fix up WHENCE entry and symlink
4c55b97 Merge branch 'dev-queue' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/firmware
7c4db73 nvidia: Update Tegra210 XUSB firmware to v50.24
c054c53 nvidia: Add XUSB firmware for Tegra194
9cfefbd Remove duplicate symlinks
2de7abd copy-firmware: Create symlinks from WHENCE file
2116bcd Make symlinks consistent
c0590d8 amdgpu: update vega20 ucode for 19.30
43cc648 amdgpu: update vega12 ucode for 19.30
ffa0ed7 amdgpu: update vega10 ucode for 19.30
83e1b41 amdgpu: update picasso ucode for 19.30
7008617 amdgpu: update raven2 ucode for 19.30
9200baa amdgpu: update raven ucode for 19.30
f25a39c amdgpu: add new raven rlc firmware
9ae61e7 ice: Add package file for Intel E800 series driver
417a9c6 amdgpu: add initial navi10 firmware
702cc63 Merge branch 'cml_tgl-icl-dmc_huc_updates' of git://anongit.freedesktop.org/drm/drm-firmware
3182b4b Merge branch 'gpu-845' of https://github.com/ndechesne/linux-firmware
3ea84e5 drm/i915/firmware: Add v9.0.0 of HuC for Icelake
60ddd0e drm/i915/firmware: Add v4.0.0 of HuC for Cometlake
c47d8f8 drm/i915/firmware: Add v4.0.0 of HuC for Geminilake
2cdb78c drm/i915/firmware: Add v2.0.0 of HuC for Broxton
38965af drm/i915/firmware: Add v4.0.0 of HuC for Kabylake
8d127af drm/i915/firmware: Add v2.0.0 of HuC for Skylake
e7b6fa7 drm/i915/firmware: Add v33 of GuC for CML
e4ea25f drm/i915/firmware: Add v2.04 of DMC for TGL
51deca6 drm/i915/firmware: Add v1.09 of DMC for ICL
88ea23e qcom: add firmware files for Adreno a630
6c6918a linux-firmware: Update firmware file for Intel Bluetooth AX201
6ddb9d9 Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
d45c950 nvidia: Add XUSB firmware for Tegra186
65c6595 Add symlinks for Tegra VIC firmware binaries
0b22bfc rtl_bt: Update RTL8723D BT FW to 0x828A_96F1
f667c00 rtl_nic: add firmware rtl8125a-3
fe1ae0d linux-firmware: Add firmware file for Intel Bluetooth AX201
2f885ba Chelsio driver loads firmware configuration file to allow firmware to distribute resources before chip bring up. Chelsio NIC driver, cxgb4 searches for firmware config file at /lib/firmware/cxgb4/ directory.
7307a29 brcm: Add 43455 based AP6255 NVRAM for the Minix Neo Z83-4 Mini PC
65d02cd brcm: Add 43340 based AP6234 NVRAM for the PoV TAB-P1006W-232 tablet
f38fb4f Merge tag 'iwlwifi-fw-2019-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
40e4162 iwlwifi: update FWs to core45-152 release
c0fb3d9 check_whence: Add copy-firmware.sh to the list of ignored files
aa703aa rtl_bt: Update RTL8822C BT FW to V0x098A_94A4
665001a linux-firmware: Update firmware file for Intel Bluetooth AX200
c0ca980 linux-firmware: Update firmware file for Intel Bluetooth AX201
b6427bf linux-firmware: Update firmware file for Intel Bluetooth 9560
fe48882 linux-firmware: Update firmware file for Intel Bluetooth 9260
ebd40c6 Mellanox: Add new mlxsw_spectrum firmware 13.2000.1886

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[Added missing symbolic links to Makefile]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-12-23 00:20:55 +01:00
Jo-Philipp Wich
97af1fc979 uhttpd: reset PKG_RELEASE
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-22 23:03:59 +01:00
Jo-Philipp Wich
f34f9a414d uhttpd: update to latest Git HEAD
5f9ae57 client: fix invalid data access through invalid content-length values

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-22 22:50:00 +01:00
Jo-Philipp Wich
5f4244150f fstools: update to latest git HEAD
b4e25d5 libblkid-tiny: fix symbol collision with full libblkid

Fixes: FS#2691, FS#2692
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-22 21:30:02 +01:00
Magnus Kroken
bf43e5bbf9 openvpn: update to 2.4.8
Backport two upstream commits that allow building
openvpn-openssl without OpenSSLs deprecated APIs.

Full changelog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2019-12-22 10:45:09 +01:00
David Bauer
4113d8a255 ipq-wifi: add BDF for Aruba AP-303
The BDF originates from the vendor-firmware.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-12-20 17:48:52 +01:00
Rafał Miłecki
4ebc9dc9c4 fstools: update to latest git HEAD
111a43f libblkid-tiny: vfat: Change parsing label in special cases
f43a1aa libblkid-tiny: vfat: Fix reading labels which starts with byte 0x05
157924d libblkid-tiny: add blkid_probe_set_id_label() stub
0c5761f libblkid-tiny: use separated buffer for each block device read
b82c5c1 libblkid-tiny: add functions for allocating & freeing probe struct
12851d6 blockd: don't flush devices list on "hotplug" call
5ea47fe blockd: fix vlist memory corruption

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-12-20 08:20:16 +01:00
Petr Štetiar
b70052c6e6 uci: update to latest Git HEAD
165b44413145 uci: Fix extra semicolons warnings
66264ed9ec9e cmake: add more hardening compiler flags
cca6f105fae2 libuci: refactor uci_get_errorstr
750b046eb77f tests: cram: Lua: add test case for uci_get_errorstr
654d7c33da28 lua: add missing forward declaration
03dfbbe6fef7 cli: fix format string clang-10 warning

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 22:41:57 +01:00
Karl Palsson
34466afb28 uboot-envtools: ath79: fix missing etactica eg200 support
Was inadvertantly missed from the inital forward port from ar71xx to
ath79.

Fixes: 1588114cf2 ("ath79: add etactica-eg200 support")
Signed-off-by: Karl Palsson <karlp@etactica.com>
[commit description/subject facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 22:41:57 +01:00
Paul Fertser
174ff7d754 base-files: send informational UDP message each second waiting
The preinit network initialisation and failsafe informational message
are inherently racy as the interface takes some time to become
functional after "ip link set $pi_ifname up" command.

Consider this timing:

[   12.002713] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[   12.008819] IPv6: ADDRCONF(NETDEV_UP): eth1.1: link is not ready
[   12.118877] random: procd: uninitialized urandom read (4 bytes read)
[   13.068614] eth1: link up (1000Mbps/Full duplex)
[   13.073309] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[   13.080445] IPv6: ADDRCONF(NETDEV_CHANGE): eth1.1: link becomes ready

Since the UDP message was sent prior to link becoming ready, it was
never seen on the wire.

The default failsafe timeout is set to 2 seconds, so with this patch
there are two attempts to send the message, one spent in vain, and the
other visible in tcpdump on an attached host. Of course, in cases when
the interface is brought up faster it leads to two messages, however it
should be harmless. This patch (almost) doesn't affect normal boot time
while still allowing to enter failsafe reliably with a single button
press, matching the official "generic failsafe" documentation.

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
2019-12-19 22:41:57 +01:00
Petr Štetiar
98b3526bf2 iputils: move iputils tools to packages feed
iputils has moved from the master tree to the packages feed, and is
switching from the abandoned skbuff.net upstream to
github.com/iputils/iputils.

Ref: https://git.openwrt.org/556698cedf9e86a0ffe9f148d4e8e733676c26f6
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 22:41:57 +01:00
Ansuel Smith
1698b36bb4 kernel: make dwc3 usb driver depends on kernel 4.14
- usb-dwc3-of-simple is not used anymore as we have qcom dedicated driver
- usb-phy-qcom-dwc3 is not dependent of dwc3-of-simple

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2019-12-19 22:41:57 +01:00
Rafał Miłecki
17e2246eca mac80211: brcm: add support for BCM4359 SDIO chipset
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-12-19 09:17:22 +01:00
Rafał Miłecki
c3aa33bf70 mac80211: brcm: backport 5.5 and 5.6 kernel patches
This update doesn't include:
3b1e0a7bdfee brcmfmac: add support for SAE authentication offload
be898fed355e brcmfmac: send port authorized event for FT-802.1X
due to nl80211 dependencies.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-12-19 08:41:34 +01:00
Álvaro Fernández Rojas
859fac2b93 cypress-nvram: add new package
This package contains nvram files for brcmfmac, a mac80211 driver for FullMAC
Cypress devices.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-12-18 08:44:48 +01:00
Kevin Darbyshire-Bryant
ca7ed1712e wireguard: bump to 0.0.20191212
1ec6ece version: bump snapshot
e13de91 main: remove unused include <linux/version.h>
72eb17c wg-quick: linux: support older nft(8)
1d8e978 global: fix up spelling
e02713e wg-quick: linux: add support for nft and prefer it
b4e3a83 compat: support building for RHEL-8.1 instead of RHEL-8.0
f29e3ac socket: convert to ipv6_dst_lookup_flow for 5.5

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-12-17 19:46:41 +00:00
Álvaro Fernández Rojas
1115c9aad3 brcmfmac-board-rpi: remove uneeded package
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-12-17 19:20:02 +01:00
Álvaro Fernández Rojas
e332453857 cypress-firmware: add new package
This package contains firmwares provided by Cypress
See https://community.cypress.com/community/linux

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-12-17 19:20:02 +01:00
Imran Khan
27d69d2561 uboot-envtools: check for config prior to append
In the rare event a pre-populated fw_env.config exists in the rootfs prior
to firstboot, calling fw_setenv after the system has initialised will
annihilate the devices environment due to two identical lines in
fw_env.config.

Check for existence prior to blind appendage.

Signed-off-by: Imran Khan <gururug@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: fixed patch format, improved grep, cosmetics]
2019-12-17 19:35:16 +02:00
Jo-Philipp Wich
762aac50c0 rpcd: update to latest Git HEAD
aaa0836 file: extend exec acl checks to commands with arguments

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-17 08:33:33 +01:00
David Bauer
6ec288a178 mac80211: fix txpower when using DFS channels
With this patch, txpower for the PHY is applied when configuring the PHY
instead of the VIF. Otherwise, the configured txpower is not applied for
the first initialized VIF when using DFS channels, as it is currently
applied too early when the CAC hasn't finished.

Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Martin Weinelt <martin@darmstadt.freifunk.net>
2019-12-16 00:50:10 +01:00
Hans Dedecker
a15f658ed0 odhcpd: update to latest git HEAD
d60f0a6 treewide: optimize syslog priority values

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-15 20:54:25 +01:00
Roman Bazalevsky
69fff339e9 sunxi: add support for FriendlyARM Nano PI NEO Air dev board
Hardware:

  Allwinner H3 upto 1.2GHz
  512MB DDR3 RAM
  8GB on-board eMMC - mountable, can be used as boot with custom boot.scr
  microSD-card slot
  WiFi 802.11n (AP6212A) - working
  Bluetooth (AP6212A) - not working for now
  Micro-USB OTG + 2*USB headers
  UART 3.3V - working
  GPIO/I2C/SPI 2.54mm headers

Standard sunxi SD-card installation procedure - copy image to SD card,
insert in into slot and boot. First time you will need UART adapter to
enable on-board wireless (or just build custom image with enabled WiFi).

To boot from eMMC:

  - boot from SD
  - copy SD image to emmc (dd bs=... if=.... of=/dev/mmcblk2)
  - mount eMMC boot partition and replace boot script on it
  - unmount, reboot

To use i2c, spi and more uarts - replace dtb on boot partition with
fixed one (use dtc or fdt-tools).

Signed-off-by: Roman Bazalevsky <rvb@rvb.name>
[rebase onto device name consolidation patches]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-12-13 12:20:09 +01:00
Adrian Schmutzler
a4cdb537b1 sunxi: use vendor_device scheme for device definitions
This changes device definition to resemble the vendor_device scheme
already present for the majority of device compatible strings.

By doing this, we achieve several advantages at once:
- Image names and node names are more consistent with other targets.
- SUPPORTED_DEVICES can be set automatically for all but two cases.
- Image names and node names are in line with DEVICE_TITLEs.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-12-13 12:19:44 +01:00
Koen Vandeputte
487e0631d0 ath10k-firmware: update Candela Tech firmware images
The release notes since last time for wave-1:

  *  November 29, 2019:  Fix IBSS merge issue, related to TSF id leakage bug in firmware code.
                         Thanks for Ahmed Zaki @ Mage-Networks for helping to diagnose and test.

The release notes since last time for wave-2:

  *  December 6, 2019:  Fix 160Mhz problem caused by logic that did not take into account the fact that
                        160Mhz has only 1/2 of the NSS of lower bandwidths in the rate table.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-12-10 09:50:42 +01:00
Daniel Golle
3ee767086d mac80211: don't call md5sum on non-existing file
If no AP is configured, hostapd-${phy}.conf is not being created,
hence md5sum fails and causes log pollution:

netifd: radio1 (3183): md5sum: can't open '/var/run/hostapd-phy1.conf': No such file or directoy

Hence make sure the file exists when calling md5sum.

Fixes: a5bc9787d4 ("mac80211: add support for dynamically reconfiguring wifi")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-12-08 19:53:11 +01:00
Daniel Golle
24b97579d2 hostapd: re-introduce process tracking
Before commit 60fb4c92b6 ("hostapd: add ubus reload") netifd was
tracking hostapd/wpa_supplicant and restarting wifi in case of a
process crash. Restore this behaviour by tracking the PIDs of
hostapd and wpa_supplicant.
Also make sure hostapd and/or wpa_supplicant have been started before
emmitting ubus calls to them using ubus wait_for.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-12-08 19:52:39 +01:00
Daniel Golle
2568db3fff mac80211: track unmanaged interfaces
In addition to wpa_supplicant and hostapd managed interfaces, also
track unmanaged interfaces. This is used to make sure that running
'wifi' always returns into a clean state regardless of what the user
did before.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-12-08 19:52:39 +01:00
Felix Fietkau
c888e17e06 hostapd: manage instances via procd instead of pidfile
Allows graceful restart of crashing hostapd/wpa_supplicant instances

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: attempt to launch only present services]
2019-12-08 19:52:38 +01:00
Felix Fietkau
4225b83a76 hostapd: fix crash regression triggered by mesh mode
Fixes: 60fb4c92b6 ("hostapd: add ubus reload")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: polish commit message]
2019-12-08 19:51:53 +01:00
David Bauer
1ccf4bb93b hostapd: enable CTRL_IFACE_MIB for hostapd-full
This enables the CTRL_IFACE_MIB symbol for wpad-full and hostapd-full.
If it is not enabled, statistic outputs such as "hostapd_cli all_sta"
are empty.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-12-08 12:49:09 +01:00
Hans Dedecker
39d9010c20 iproute2: update to 5.4.0
Update iproute2 to latest stable version, see https://lwn.net/Articles/805654/
for the changes in 5.4.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-06 18:35:55 +01:00
Jason A. Donenfeld
82a8f91c89 wireguard: bump to 0.0.20191205
* wg-quick: linux: suppress error when finding unused table

This fixes a spurious warning messages seen with recent versions of iproute2
and kernels.

* wg-quick: linux: ensure postdown hooks execute
* wg-quick: linux: have remove_iptables return true
* wg-quick: linux: iptables-* -w is not widely supported

Adding in iptables had some hiccups. For the record, I'm very unhappy about
having to put any firewalling code into wg-quick(8). We'll of course need to
support nftables too at some point if this continues. I'm investigating with
upstream the possibility of adding a sysctl to patch the issue that iptables
is handling now, so hopefully at somepoint down the line we'll be able to shed
this dependency once again.

* send: use kfree_skb_list
* device: prepare skb_list_walk_safe for upstreaming
* send: avoid touching skb->{next,prev} directly

Suggestions from LKML.

* ipc: make sure userspace communication frees wgdevice

Free things properly on error paths.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05 12:11:40 +01:00
Alin Nastac
416d2cc71e gre: add ipv6 parameter to gre interfaces
IPv6 protocol is enabled on all gre interfaces, but gre(v6)tap
interfaces are usually added to a bridge interface, in which case
IPv6 should be enabled only on the bridge interface.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-12-02 21:52:33 +01:00
Hans Dedecker
806339a4cc curl: bump to 7.67.0
For changes in 7.67.0; see https://curl.haxx.se/changes.html#7_67_0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-02 20:50:57 +01:00
Christian Lamparter
82a741c774 mac80211: switch to upstream owl-loader driver
The Owl Loader (named after the codename that Atheros gave
these devices back in the day) has been accepted upstream.

This patch removes the "misc" driver OpenWrt had and adds
the remaining differences against the version that ships
with 5.4-rc1 into a separate "120-owl-loader-compat.patch"
file that can be cut down once AR71XX is being dealt with.

Note: I decided to keep the existing (kmod-)owl-loader
package name around for now. The kernel module file in
the kmod package will be called ath9k_pci_owl_loader.ko
though.

Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-11-30 13:21:20 +01:00
Satadru Pramanik
f1410902e6 busybox: add glibc dependency for vi regex option
Build with musl libc fails with BUSYBOX_DEFAULT_FEATURE_VI_REGEX_SEARCH
enabled. Enabling BusyBox's vi regex search option depends upon GNU
regex.  Musl libc does not support GNU regex[1].

So this patch adds explicit dependency on GNU libc and while at it
remove the FIXME comment.

1. https://wiki.musl-libc.org/functional-differences-from-glibc.html

Ref: https://dev.archive.openwrt.org/ticket/21741.html
Ref: https://forum.openwrt.org/t/busybox-not-compiling/
Ref: https://github.com/openwrt/packages/issues/4453
Signed-off-by: Satadru Pramanik <satadru@umich.edu>
[commit subject/description tweaks, From: fix, USE_GLIBC fix, removed comments]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-30 00:53:36 +01:00
DENG Qingfang
ca7f1ef575 Revert "mt76: probe load mt7615 driver asynchronously"
This reverts commit 8176431963 ("mt76: probe load mt7615 driver
asynchronously").  After said commit, users report that MT7615 no longer
works on boot and they have to manually enable WiFi (via command "wifi") to
make it working again.

Fixes: FS#2546
Ref: https://forum.openwrt.org/t/xiaomi-r3p-no-wifi-on-boot/45509
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-30 00:53:36 +01:00
Hans Dedecker
f573e5756a netifd: update to latest git HEAD
e45b140 interface: warn if ip6hint is truncated

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-11-29 21:56:42 +01:00
Santiago Piccinini
c7fb12beb1 mac80211: unify setup of iw htmode for mesh and adhoc
This also fixes mac80211_prepare_vif iw set channel in monitor or
mesh mode.

Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: fixed commit message]
2019-11-29 18:26:20 +01:00
Daniel Golle
9c272dd3e4 ucert: update to latest git HEAD
e4bd927 cast ucert_argv to proper type when passing to execv

Fixes warnings:

warning: passing argument 2 of 'execv' from incompatible pointer type
[-Wincompatible-pointer-types]
  254 |       execv(usign_argv[0], usign_argv)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-29 00:09:48 +01:00
Jason A. Donenfeld
2fedf023e4 wireguard: bump to 0.0.20191127
* messages: recalculate rekey max based on a one minute flood
* allowedips: safely dereference rcu roots
* socket: remove redundant check of new4
* allowedips: avoid double lock in selftest error case
* tools: add syncconf command

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-11-27 20:20:31 +01:00
Hans Dedecker
9057708b3d procd: update to latest git HEAD
3aa051b system: sysupgrade: close input side of pipe before reading

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-11-26 22:16:43 +01:00
Piotr Dymacz
5d2a900163 uboot-envtools: ath79: add support for YunCore XD4200 and A782
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-11-25 17:32:46 +01:00
Petr Štetiar
441c7944e6 libubox: update to latest Git HEAD
07413cce72e1 tests: jshn: add more test cases
26586dae43a8 jshn: fix missing usage for -p and -o arguments
8e832a771d3a jshn: fix off by one in jshn_parse_file
cb698e35409b jshn: jshn_parse: fix leaks of memory pointed to by 'obj'
c42f11cc7c0f jshn: main: fix leak of memory pointed to by 'vars'
93848ec96dc5 jshn: refactor main into smaller pieces
9b6ede0e5312 avl: guard against theoretical null pointer dereference
c008294a8323 blobmsg_json: fix possible uninitialized struct member
0003ea9c45cc base64: fix possible null pointer dereference
8baeeea1f52d add assert.h component
b0a5cd8a28bf add cram based unit tests
1fefb7c4d7f9 add initial GitLab CI support
c955464d7a9b enable extra compiler checks
6228df9de91d iron out all extra compiler warnings

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-24 14:19:43 +01:00
Hans Dedecker
68fb38548b nghttp2: bump to 1.40.0
41060943 Bump up version number to 1.40.0, LT revision to 33:0:19
5ae9bb89 Fail fast if huffman decoding context is in failure state
bb519154 Merge pull request #1413 from nghttp2/check-authority
77f5487a Add nghttp2_check_authority as public API
db9a8f6e Merge pull request #1409 from nghttp2/fix-wrong-stream-close-error-code
6f28a69b Merge pull request #1411 from richard78917/fix_warning
6ce4835e Fix the bug that stream is closed with wrong error code
29042f1c priority_spec::valid(): remove const qualifier from return value
d08c4395 Merge pull request #1405 from nghttp2/huffman
5d6964cf Faster huffman decoding
0d855bfc Faster huffman encoding
6f967c6e Fix errors reported by coverity scan
b8a43db8 Merge pull request #1394 from wrowe/fix-static-libname
70b62c1a Merge pull request #1393 from wrowe/fix-static-msvcrt
28b1f0b9 Avoid filename collision of static and dynamic lib
1dd966f1 Merge branch 'fix-nghttpx-mruby'
fe8946dd nghttpx: Fix bug that mruby is incorrectly shared between backends
72b71a6b Add new flag ENABLE_STATIC_CRT for Windows
f8933fe5 nghttpx: Reconnect h1 backend if it lost connection before sending headers
89c33d69 Update neverbleed
7079dc5e Update neverbleed to fix memory leak
5080db84 Revert "nghttpx: Reconnect h1 backend if it lost connection before sending headers"
053c7ac5 nghttpx: Returns 408 if backend timed out before sending headers
8a59ce6d nghttpx: Reconnect h1 backend if it lost connection before sending headers
f2fde180 Remove redundant null check before delete
95efb3e1 Don't read too greedily
0a6ce87c Add nghttp2_option_set_max_outbound_ack
2aa79fa9 Bump up LT revision to 32:0:18
3980678d Merge branch 'nghttpx-fix-request-stall'
319d5ab1 nghttpx: Fix request stall
448bbbc3 integration-tests: gofmt
e575a2aa Merge pull request #1377 from Aldrog/cmake_systemd
4f7aedc9 cmake: Support building nghttpx with systemd
7a590893 Fix clang-8 warning
ee443134 Fix FPE with default backend
abef9b90 Fix log-level is not set with cmd-line or configuration file
12a999f0 Bump up version number to 1.40.0-DEV
acfb3607 Update manual pages

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-11-23 21:32:04 +01:00
Sungbo Eo
298814e6be base-files: config_generate: split macaddr with multiple ifaces
netifd does not handle network.@device[x].name properly if it
contains multiple ifaces separated by spaces. Due to this, board.d
lan_mac setup does not work if multiple ifaces are set to LAN by
ucidef_set_interface_lan.

To fix this, create a device node for each member iface when
running config_generate instead. Those are named based on the
member ifname:

  ucidef_set_interface_lan "eth0 eth1.1"
  ucidef_set_interface_macaddr "lan" "yy:yy:yy:yy:yy:01"

will return

  config device 'lan_eth0_dev'
        option name 'eth0'
        option macaddr 'yy:yy:yy:yy:yy:01'

  config device 'lan_eth1_1_dev'
        option name 'eth1.1'
        option macaddr 'yy:yy:yy:yy:yy:01'

ref: https://github.com/openwrt/openwrt/pull/2542

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[always use new scheme, extend description, change commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-23 11:58:27 +01:00
Sebastian Kemper
28d84331f4 mac80211: add default value for noscan
Commit b3d8b3a introduced a new test:

[ -n "$noscan" -a "$noscan" -gt 0 ] && hostapd_noscan=1

But if length of "$noscan" is zero (noscan is not set) this doesn't stop
the shell to evaluate the rest of the test.

root@hank2:~# [ -n "$noscan" -a "$noscan" -gt 0 ]
ash: out of range
root@hank2:~#

So when radios are brought up this shows in the log:

Sat Nov 23 10:51:38 2019 daemon.info procd: - init complete -
Sat Nov 23 10:52:24 2019 daemon.notice netifd: radio1 (1243): sh: out of range
Sat Nov 23 10:52:25 2019 user.notice firewall: Reloading firewall due to ifup of wan (eth0.2)
Sat Nov 23 10:52:25 2019 daemon.notice netifd: radio0 (1242): sh: out of range
Sat Nov 23 10:52:26 2019 authpriv.info dropbear[1536]: Not backgrounding

This commit sets noscan to 0 if unset and removes the gratuitous length
check, preventing the warning.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2019-11-23 11:28:27 +01:00
Kevin Darbyshire-Bryant
f1ca277405 dnsmasq: correct sense & usage of dnsseccheckunsigned
dnsmasq v2.80 made 'dnssec-check-unsigned' the default, thus the uci
option was rendered ineffectual: we checked unsigned zones no matter the
setting.

Disabling the checking of unsigned zones is now achieve with the
"--dnssec-check-unsigned=no" dnsmasq option.

Update init script to pass required option in the disabled case.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-11-23 08:29:15 +00:00
Hauke Mehrtens
0062aad8ec e2fsprogs: Fix CVE-2019-5094 in libsupport
This adds the following patch from debian:
https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=debian/stable&id=09fe1fd2a1f9efc3091b4fc61f1876d0785956a8
libsupport: add checks to prevent buffer overrun bugs in quota code

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-22 22:48:01 +01:00
Hauke Mehrtens
a36c464efe mac80211: update to version 5.4-rc8
This updates mac80211 to backports based on kernel 5.4-rc8.

The deleted patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-22 20:35:54 +01:00
Jo-Philipp Wich
482114d3f7 firewall: update to latest Git HEAD
8174814 utils: persist effective extra_src and extra_dest options in state file
72a486f zones: fix emitting match rules for zones with only "extra" options

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-22 18:53:57 +01:00
Hauke Mehrtens
d3a8a62692 wireless-regdb: Make it build with python2
This backports a patch to build it work with python2 in addition to
python3.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2019-11-21 23:47:35 +01:00
Vladimir Vid
e7a96acf1b uboot-mvebu: add uDPU board
* add u-boot support for uDPU
* add line to copy u-boot binary to STAGING_DIR_IMAGE, this can later be used
as BL33 variable required for ATF build
* add patch to increase max gunzip size in mvebu_armada-37xx.h which is
required for booting the itb recovery images

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2019-11-21 07:32:41 +01:00
Vladimir Vid
52459ebf77 packages/boot: add arm-trusted-firmware-mvebu and initial uDPU support
ATF mvebu is required for building a functional bootloader for A7K/A8K and
A37xx platforms. uDPU device is added as the first target.

A3700 platform has a wide range of settings which can be used per device, so
options are defined under the Device sections.

Platform also required WTP (recovery) tools and mv-ddr package for the DDR
topology configuration. 32-bit cross compiler is used for building the WTMI
image.

After the build, flash-image.bin can be used with the bubt command from the
u-boot shell to flash the new version of u-boot.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2019-11-21 07:32:09 +01:00
Kevin Darbyshire-Bryant
3cee6f3f24 netifd: dhcp proto convert release to norelease
Change dhcp no/release on shutdown to 'norelease' uci option to match
existing proto dhcpv6 usage.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2019-11-20 10:52:57 +00:00
Andre Heider
1bf1490eeb
am33x-cm3: remove
This is currently unused and not working anyway, since the used upstream
kernel loads am335x-pm-firmware.elf and not am335x-pm-firmware.bin [0].

The last downstream patches using the latter were removed with e4eef7e6.

Remove it instead of fixing it since the rtc-only sleep state can even
damage the hardware [1].

[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ccbbb9faac946ce61c241ce9f08b3486fabf031d
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a6cb0abe1aa63334f3ded6d2b6c8eca80e72302

Signed-off-by: Andre Heider <a.heider@gmail.com>
2019-11-20 10:49:01 +01:00
Andre Heider
c5d121654e omap: support booting off different mmc devices
Tested with installing to/sysupgrading from sd and emmc on boneblack.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2019-11-20 10:46:19 +01:00
Andre Heider
1f37b2226e omap: switch from uEnv.txt to generic distro booting
Which makes supporting different boot devices easy.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2019-11-20 10:46:19 +01:00
Andre Heider
b69df1eee0 omap: update uboot to 2019.10
All patches have been dropped, they're either redundant (e.g. due to the
new and unset CONFIG_SPL_FAT_WRITE), break compilation (thumb hacks) or
have been applied upstream.

The defconfig for am335x_boneblack has been removed upstream [0], so use
am335x_evm for boneblack too.

Size changes (before, after, file):

ti_am335x-evm and ti_am335x-bone-black:
  79804 110832 MLO
 623836 756148 u-boot.img

ti_omap3-beagle:
  54148  57708 MLO
 496272 665728 u-boot.img

ti_omap4-panda:
  39356  40204 MLO
 284648 366672 u-boot.img

Tested on boneblack, which has the biggest spl size increase. The beagle and
panda spl sizes seem reasonable to not break booting.

[0] 8fa7f65dd0

Signed-off-by: Andre Heider <a.heider@gmail.com>
2019-11-20 10:46:19 +01:00
Koen Vandeputte
a74095c68c mac80211: refresh patches
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-19 14:59:03 +01:00
Koen Vandeputte
2d6a062b22 mac80211: backport upstream fixes
This potentially fixes some issues seen on IBSS
when interfaces go out of range and then re-appear.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-19 14:59:03 +01:00
Hauke Mehrtens
eaa047179a mac80211: Adapt to changes to skb_get_hash_perturb()
The skb_get_hash_perturb() function now takes a siphash_key_t instead of
an u32. This was changed in commit 55667441c84f ("net/flow_dissector:
switch to siphash"). Use the correct type in the fq header file
depending on the kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2019-11-18 20:12:12 +01:00
Rafał Miłecki
cde8c2f2fb mac80211: brcmfmac: fix PCIe reset crash and WARNING
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-11-18 14:48:41 +01:00
Daniel Golle
d89427662d base-files: include 'reconf' in help output of 'wifi' command
Reported-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-18 12:58:31 +01:00
Daniel Golle
ccf2aa9d4b mac80211: detect existing interface before adding
Keep existing wdev when creating new nl80211 interfaces if phy and
type match, delete it otherwise.
To make this work, also remove left-over debugging function which
prevented the return-value of the 'iw' command to be taken into
account in mac80211_iw_interface_add().
As 4addr-mode (WDS) was setup during interface creation for station
interfaces, also set it after interface creation to make sure an
existing sta interface ends up with the right mode.

Fixes: a5bc9787d4 ("mac80211: add support for dynamically
                    reconfiguring wifi")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-16 17:16:25 +01:00
Daniel Golle
50d6e92619 Revert "mac80211: restore mac80211_interface_cleanup()"
This reverts commit 000b7687bc.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-16 15:49:54 +01:00
Paul Blazejowski
7e623c3128 ath79: add support for Netgear WNDR3700v4
This patch adds ath79 support for Netgear WNDR3700v4.
Router was previously supported by ar71xx target only.
Note: device requires 'ar934x-nand' driver in kernel.

Specification
=============
  * Description: Netgear WNDR3700v4
  * Loader: U-boot
  * SOC: Atheros AR9344 (560 MHz)
  * RAM: 128 MiB
  * Flash: 128 MiB (NAND)
    - U-boot binary: 256 KiB
    - U-boot environment: 256 KiB
    - ART: 256 KiB
    - POT: 512 KiB
    - Language: 2 MiB
    - Config: 512 KiB
    - Traffic Meter: 3 MiB
    - Firmware: 25 MiB
    - ART Backup: 256 KiB
    - Reserved: 96 MiB
  * Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8327)
  * Wireless:
    - 2.4 GHz b/g/n (internal)
    - 5 GHz a/n (AR9580)
  * USB: yes, 1 x USB 2.0
  * Buttons:
    - Reset
    - WiFi (rfkill)
    - WPS
  * LEDs:
    - Power (amber/green)
    - WAN (amber/green)
    - WLAN 2G (green)
    - WLAN 5G (blue)
    - 4 x LAN (amber/green)
    - USB (green)
    - WPS (amber/green)
  * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
  * Power supply: DC 12V 2.5A
  * MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2

Installation
============
  * TFTP recovery
  * TFTP via U-boot prompt
  * sysupgrade
  * Web interface

Note about partitioning: firmware partition offset (0x6c0000) is
hardcoded into vendor's u-boot, so this partition cannot be moved
and resized to include Netgear-specific flash areas (pot, language,
config, traffic_meter) not used by OpenWrt.

Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_nand=y
CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr3700-v4=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y

Signed-off-by: Paul Blazejowski <paulb@blazebox.homeip.net>
2019-11-14 23:14:15 +01:00
Petr Štetiar
8f0a540648 fwtool: update to latest Git head
8f7fe925ca20 cmake: use extra compiler warnings only on gcc6+

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-14 22:53:31 +01:00
Petr Štetiar
240d590ca4 uci: update to latest Git head
8dd50da20de0 lua: fix error handling
 a2cab3b088a2 ucimap: fix possible use of memory after it is freed
 9cf978bc7964 delta: prevent possible null pointer use
 7736f497d2d9 cli: remove unused variable assigment
 39093f3b040d lua: fix memory leak in set method
 19ceff323f1e lua: fix memory leak in changes method
 18049a84fe40 tests: add cram based unit tests
 2b549cc050de lua: fix copy&paste in error string
 f5dd5217d627 cli: fix realloc issue spotted by cppcheck
 af59f86a0db9 iron out all extra compiler warnings
 1637d2918692 tests: shunit2: run all tests under Valgrind by default
 c1af73bfb023 cmake: enable extra compiler checks
 be69504e3666 cmake: build Lua module only if enabled
 38a2f12ec5ab tests: shunit2: fix issues reported by shellcheck
 266fc9e94c1e add initial GitLab CI support
 17d6144a49c6 tests: shunit2: make it working under CMake
 a6e8bbefd860 cmake: add unit testing option and shunit2 tests
 0ca93fec701a test: move shunit2 tests under standalone subdirectory

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-14 22:53:31 +01:00
Petr Štetiar
5d7fcd07a2 libnl-tiny: update to latest Git head
0219008cc876 remove never used err variable assignment disliked by scan-build
 7ce813fcd667 silence use after the free clang analyzer warning
 1f73b6a8e678 use offsetof macro to make scan-build happy

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-14 22:53:31 +01:00
Peter Stadler
953c27df31 base-files: rc.common: fix missing EXTRA_HELP texts
Commit ed5b9129d7 ("base-files: implement generic service_running")
has added EXTRA_HELP variable, thus overriding already available
EXTRA_HELP text available in other init scripts, resulting in the
missing help text from services like dropbear for example.

So fix this regression by appending EXTRA_HELP text provided by the
other init scripts into the one provided by the script itself.

Fixes: ed5b9129d7 ("base-files: implement generic service_running")
Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
[commit title/description facelift, fixes tag, fixed From:, pkg bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-14 22:53:31 +01:00
Sungbo Eo
6990510aca kernel: fix typo in fb-sys-fops autoload
AutoLoad parameter must match the exact kernel module name. Fix it.

Fixes: 125f1ce9ad ("kernel: video: add DRM core and IMX DRM support for HDMI/LVDS")
Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2019-11-14 22:53:31 +01:00
Daniel Golle
000b7687bc mac80211: restore mac80211_interface_cleanup()
Changes introduced for dynamic wifi reconfiguration left behind
unmanaged interface types. Restore parts of the old function to
also clean (unencrypted, non-DFS) mesh and ad-hoc interfaces.

Fixes: a5bc9787d4 ("mac80211: add support for dynamically
                    reconfiguring wifi")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-14 14:10:58 +01:00
Jeff Kletsky
b496a2294c ath79: GL-AR750S: provide NAND support; increase kernel to 4 MB
The GL.iNet GL-AR750S has been supported by the ar71xx and ath79
platforms with access to its 16 MB NOR flash, but not its 128 MB
SPI NAND flash.

This commit provides support for the NAND through the upstream
SPI-NAND framework.

At this time, the OEM U-Boot appears to only support loading the
kernel from NOR. This configuration is preserved as this time,
with the glinet,gl-ar750s-nand name reserved for a potential,
future, NAND-only boot.

The family of GL-AR750S devices on the ath79 platform now includes:

  * glinet,gl-ar750m-nor-nand   "nand" target
  * glinet,gl-ar750m-nor        "nand" target (NAND-aware)

NB: This commit increases the kernel size from 2 MB to 4 MB

"Force-less" sysupgrade is presently supported from the current
versions of following NOR-based firmwre images to the version of
glinet,gl-ar750s-nor firmware produced by this commit:

  * glinet,gl-ar750s     -- OpenWrt 19.07 ar71xx
  * glinet,gl-ar750s     -- OpenWrt 19.07 ath79

Users who have sucessfully upgraded to glinet,gl-ar750m-nor may then
flash glinet,gl-ar750m-nor-nand with sysupgrade to transtion to the
NAND-based variant.

Other upgrades to these images, including directly to the NAND-based
glinet,gl-ar750s-nor-nand firmware, can be accomplished through U-Boot.

NB: See "ath79: restrict GL-AR750S kernel build-size to 2 MB" which
enables flashing of NAND factory.img with the current GL-iNet U-Boot,
"U-Boot 1.1.4-gcf378d80-dirty (Aug 16 2018 - 07:51:15)"

The GL-AR750S OEM U-Boot allows upload and flashing of either NOR
firmware (sysupgrade.bin) or NAND firmware (factory.img) through its
HTTP-based GUI. Serial connectivity is not required.

The glinet,gl-ar750s-nor and glinet,gl-ar750s-nor-nand images
generated after this commit flash each other directly.

This commit changes the control of the USB VBUS to gpio-hog from
regulator-fixed introduced by commit 0f6b944c92. This reduces the
compressed kernel size by ~14 kB, with no apparent loss of
functionality. No other ath79-nand boards are using regulator-fixed
at this time.

Note: mtd_get_mac_binary art 0x5006 does not return the proper MAC
and the GL.iNet source indicates that only the 0x0 offset is valid

The ar71xx targets are unmodified.

Cc: Alexander Wördekemper <alexwoerde@web.de>

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2019-11-14 14:38:58 +08:00
Jeff Kletsky
b591cabd39 ath79: add GL.iNet GL-AR300M16 as NOR-only board
The GL.iNet GL-AR300M series of devices includes variants without NAND
and only the 16 MB NOR flash. These include the GL-AR300M16 and the
GL-AR300M-Lite (already with its own board name).

This board-name addition provides disambiguation from the NAND-bearing
GL-AR300M devices, both for OpenWrt code and for end users.

Kernel and firmware support for NAND and UBI will add ~320 kB to the
overall firmware size at this time. This NOR-only option continues to
provide more compact firmware for both the GL-AR300M16 as well as
those who wish to use it as an alternate or primary, NOR-resident
firmware on the GL-AR300M.

The ar71xx targets are unmodified.

Installation
------------

Install through OEM U-Boot (HTTP-based) or `sysupgrade --force` when
booted from NOR and running OEM or OpenWrt, NOR-based firmware.

As one of the intentions is disambiguation from NAND-bearing units,
users who have flashed this firmware onto a device with NAND would
need to use U-Boot or `sysupgrade --force` to flash firmware that
again supports NAND.

There are no additional SUPPORTED_DEVICES as it is not possible to
determine if a device does or does not have NAND based on
either the OEM's or OpenWrt's board names prior to this patch.

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2019-11-14 14:38:58 +08:00
Piotr Dymacz
10bcf1eb40 uboot-envtools: ramips: add support for ALFA Network Quad-E4G
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-11-14 01:38:01 +01:00
Piotr Dymacz
3cfea3a321 uboot-envtools: ramips: add support for ALFA Network R36M-E4G
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-11-13 21:45:31 +01:00
Russell Senior
b20b997c68 base-files: add /usr/share/libubox/jshn.sh to sysupgrade stage2
Discovered recent changes had broken sysupgrade for ar71xx mikrotik
rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh after
switching to tmpfs.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2019-11-13 18:55:00 +01:00
Adrian Schmutzler
4b81c1fd57 base-files: remove shebang from uci-defaults files
uci-defaults are sourced and non-executable, so they do not require
a shebang.

While at it, apply consistent naming scheme.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-13 12:50:57 +01:00
John Crispin
6becc37f33 base-files: add 'wifi reconf'
Now that netifd and hostapd allow dynamic reconfiguration, add a
command to trigger it.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-12 11:52:38 +01:00
John Crispin
a5bc9787d4 mac80211: add support for dynamically reconfiguring wifi
Change scripts to use ubus interface of hostapd/wpa_supplicant to
add/remove/modify wireless interfaces instead of (re-)starting the
services.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-12 11:52:33 +01:00
John Crispin
60fb4c92b6 hostapd: add ubus reload
Add ubus interface to hostapd and wpa_supplicant to allow dynamically
reloading wiface configuration without having to restart the hostapd
process.
As a consequence, both hostapd and wpa_supplicant are now started
persistently on boot for each wifi device in the system and then
receive ubus calls adding, modifying or removing interface
configuration.
At a later stage it would be desirable to reduce the services to one
single instance managing all radios.

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-12 11:52:26 +01:00
Daniel Golle
155ede4f1f netifd: add dynamic wireless reconfiguration
7a723d0 wireless: add ubus method for reloading configuration
 e15147c wireless: make reconf opt-in and allow serializing configuration

Set new option 'reconf' in 'wifi-device' section to enable dynamic
re-configuration on that radio.
If necessary, also set option 'serialize' which forced netifd to
configure interfaces of wireless devices one-by-one.
Both options are disabled by default.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-12 11:51:36 +01:00
Petr Štetiar
4ba8f7b1ef fwtool: update to latest Git head
Includes following changes:

 9d9d4c284786 fix possible garbage in unitialized char* struct members
 dbc1b1b71b24 fix possible copy of null buffer and validation of unitialized header
 76d53deef8bb crc32: add missing stdint.h dependency
 e5666ed3b47c add cram based unit tests
 abe0cf7de053 add initial GitLab CI support
 e43042507b4f iron out extra compiler warnings
 5df0cd6e1523 convert into CMake project
 a7dc0526f819 refactor into separate Git project

adds missing PKG_LICENSE field and converts the package build to utilize
CMake.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-11 16:37:13 +01:00
Zoltan HERPAI
32287b3913 firmware: intel-microcode: bump to 20190918
* New upstream microcode datafile 20190918

      *Might* contain mitigations for INTEL-SA-00247 (RAMBleed), given
      the set of processors being updated.
  * Updated Microcodes:
      sig 0x000306d4, pf_mask 0xc0, 2019-06-13, rev 0x002e, size 19456
      sig 0x000306f4, pf_mask 0x80, 2019-06-17, rev 0x0016, size 18432
      sig 0x00040671, pf_mask 0x22, 2019-06-13, rev 0x0021, size 14336
      sig 0x000406f1, pf_mask 0xef, 2019-06-18, rev 0xb000038, size 30720
      sig 0x00050654, pf_mask 0xb7, 2019-07-31, rev 0x2000064, size 33792
      sig 0x00050657, pf_mask 0xbf, 2019-08-12, rev 0x500002b, size 51200
      sig 0x00050662, pf_mask 0x10, 2019-06-17, rev 0x001c, size 32768
      sig 0x00050663, pf_mask 0x10, 2019-06-17, rev 0x7000019, size 24576
      sig 0x00050664, pf_mask 0x10, 2019-06-17, rev 0xf000017, size 24576
      sig 0x00050665, pf_mask 0x10, 2019-06-17, rev 0xe00000f, size 19456

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2019-11-10 23:39:29 +01:00
Jo-Philipp Wich
aa89bdcd04 rpcd: update to latest Git HEAD
77ad0de plugin: avoid truncating numeric values

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-10 21:35:00 +01:00
Zoltan HERPAI
db09335848 firmware: intel-microcode: bump to 20190618
* Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
  * Updated Microcodes:
    sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432
    sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2019-11-10 12:20:03 +01:00
Zoltan HERPAI
9a16bcfd79 firmware: intel-microcode: bump to 20190514
* New Microcodes:
    sig 0x00030678, pf_mask 0x02, 2019-04-22, rev 0x0838, size 52224
    sig 0x00030678, pf_mask 0x0c, 2019-04-22, rev 0x0838, size 52224
    sig 0x00030679, pf_mask 0x0f, 2019-04-23, rev 0x090c, size 52224
    sig 0x000406c3, pf_mask 0x01, 2019-04-23, rev 0x0368, size 69632
    sig 0x000406c4, pf_mask 0x01, 2019-04-23, rev 0x0411, size 68608
    sig 0x00050657, pf_mask 0xbf, 2019-02-27, rev 0x5000021, size 47104
    sig 0x000806e9, pf_mask 0x10, 2018-10-18, rev 0x009e, size 98304
    sig 0x000806eb, pf_mask 0xd0, 2018-10-25, rev 0x00a4, size 99328
    sig 0x000806ec, pf_mask 0x94, 2019-02-12, rev 0x00b2, size 98304
    sig 0x000906ec, pf_mask 0x22, 2018-09-29, rev 0x00a2, size 98304
    sig 0x000906ed, pf_mask 0x22, 2019-02-04, rev 0x00b0, size 97280

  * Updated Microcodes:
    sig 0x000206a7, pf_mask 0x12, 2019-02-17, rev 0x002f, size 12288
    sig 0x000306a9, pf_mask 0x12, 2019-02-13, rev 0x0021, size 14336
    sig 0x000306c3, pf_mask 0x32, 2019-02-26, rev 0x0027, size 23552
    sig 0x000306d4, pf_mask 0xc0, 2019-03-07, rev 0x002d, size 19456
    sig 0x000306e4, pf_mask 0xed, 2019-03-14, rev 0x042e, size 16384
    sig 0x000306e7, pf_mask 0xed, 2019-03-14, rev 0x0715, size 17408
    sig 0x000306f2, pf_mask 0x6f, 2019-03-01, rev 0x0043, size 34816
    sig 0x000306f4, pf_mask 0x80, 2019-03-01, rev 0x0014, size 18432
    sig 0x00040651, pf_mask 0x72, 2019-02-26, rev 0x0025, size 21504
    sig 0x00040661, pf_mask 0x32, 2019-02-26, rev 0x001b, size 25600
    sig 0x00040671, pf_mask 0x22, 2019-03-07, rev 0x0020, size 14336
    sig 0x000406e3, pf_mask 0xc0, 2019-04-01, rev 0x00cc, size 100352
    sig 0x000406f1, pf_mask 0xef, 2019-03-02, rev 0xb000036, size 30720
    sig 0x00050654, pf_mask 0xb7, 2019-04-02, rev 0x200005e, size 32768
    sig 0x00050662, pf_mask 0x10, 2019-03-23, rev 0x001a, size 32768
    sig 0x00050663, pf_mask 0x10, 2019-03-23, rev 0x7000017, size 24576
    sig 0x00050664, pf_mask 0x10, 2019-03-23, rev 0xf000015, size 23552
    sig 0x00050665, pf_mask 0x10, 2019-03-23, rev 0xe00000d, size 19456
    sig 0x000506c9, pf_mask 0x03, 2019-01-15, rev 0x0038, size 17408
    sig 0x000506ca, pf_mask 0x03, 2019-03-01, rev 0x0016, size 15360
    sig 0x000506e3, pf_mask 0x36, 2019-04-01, rev 0x00cc, size 100352
    sig 0x000506f1, pf_mask 0x01, 2019-03-21, rev 0x002e, size 11264
    sig 0x000706a1, pf_mask 0x01, 2019-01-02, rev 0x002e, size 73728
    sig 0x000806e9, pf_mask 0x10, 2019-04-01, rev 0x00b4, size 98304
    sig 0x000806e9, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000806ea, pf_mask 0xc0, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000806eb, pf_mask 0xd0, 2019-03-30, rev 0x00b8, size 98304
    sig 0x000806ec, pf_mask 0x94, 2019-03-30, rev 0x00b8, size 97280
    sig 0x000906e9, pf_mask 0x2a, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000906ea, pf_mask 0x22, 2019-04-01, rev 0x00b4, size 98304
    sig 0x000906eb, pf_mask 0x02, 2019-04-01, rev 0x00b4, size 99328
    sig 0x000906ec, pf_mask 0x22, 2019-02-14, rev 0x00ae, size 98304
    sig 0x000906ed, pf_mask 0x22, 2019-03-17, rev 0x00b8, size 97280
  * Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223
    CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2019-11-10 12:19:59 +01:00
Hauke Mehrtens
3ff3b044c0 mac80211: Fix dependencies of kmod-rsi91x-usb
Instead of depending on kmod-usb2 make it depend on the normal USB
dependencies. This should hopefully fix some problems seen in the build
bot builds for powerpc_8540.

In addition also activate DRIVER_11N_SUPPORT support.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-09 20:20:22 +01:00
Hauke Mehrtens
b01305c8d2 strace: Fix build on PowerPC
This patch breaks building on PowerPC, like the mpc85xx_generic
target for me.

Fixes: FS#2585
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-09 20:13:41 +01:00
Rosen Penev
cabaaf06fe nghttp2: Fix pkgconfig file
lib and includedir point to the host, not staging_dir.

Note that prefix and exec_prefix is overriden to point to staging_dir.

As CMAKE_INSTTALL is passed, switched InstallDev to use cmake.mk's rule.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-11-09 14:33:42 +01:00
Rosen Penev
7f4cef67c2 libevent2: Fix pkgconfig directories
includedir and libdir are set to /usr/include and /usr/lib . This breaks
compilation with packages such as tmux that use pkgconfig to find libevent

Also added PKG_LICENSE_FILES.

Simplified the InstallDev section by using cmake.mk's default rule.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-11-09 14:33:42 +01:00
DENG Qingfang
2ea8cd73fe ipset: update to 7.4
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-11-09 14:33:42 +01:00
Hauke Mehrtens
b7b2be0b26 uboot-envtools: Add TARGET_LDFLAGS to fix PIE and RELRO
Forward the OpenWrt TARGET_LDFLAGS to the linker of the fw_printenv tool.
In addition also use the more standard make invocation script.
With this change the fw_printenv tool is built with PIE and Full RELRO
support when activated globally in OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-11-09 14:33:42 +01:00
Rosen Penev
39035df71c xfsprogs: Fix compilation with newer musl
Backported upstream patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-11-09 14:33:42 +01:00
Hannu Nyman
5b3f0e70a1 busybox: update to 1.31.1
Update busybox to 1.31.1

Small bug fix release. Fixes for dc, ash (PS1 expansion fix),
hush, dpkg-deb, telnet and wget.

No need to refresh patches or config.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2019-11-09 13:24:09 +01:00
Michael Heimpold
2249780fb7 procd: start additional consoles during hotplugging
Now that 'start-console' procd command has reached the main repo,
we can add a rule to start consoles on serial devices which are
created when USB gadget driver reports creation with hotplugging.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-11-09 12:56:30 +01:00
Michael Heimpold
593d02a9be uboot-mxs: bump to v2019.10
Also update the U-Boot BSP patch for I2SE Duckbill devices.

Run tested on I2SE Duckbill and Olimex OLinuXino Maxi boards.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-11-09 12:56:25 +01:00
Hauke Mehrtens
6ffd8a8f92 usign: Activate LTO compile option
This decreases the size of the usign application by 16% on MIPS BE.

old:
24,597 /usr/bin/usign

new:
20,501 /usr/bin/usign

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-08 23:57:54 +01:00
Hauke Mehrtens
e926681387 swconfig: Activate LTO compile option
This decreases the size of the swconfig application by 25% on MIPS BE.

old:
16,916 /sbin/swconfig

new:
12,565 /sbin/swconfig

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-08 23:57:53 +01:00
Hauke Mehrtens
1eb34b7287 mtd: Activate LTO compile option
This decreases the size of the mtd application by 25% on MIPS BE.

old:
20,597 /sbin/mtd

new:
16,421 /sbin/mtd

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-08 23:57:52 +01:00
Hauke Mehrtens
6596c95eca dnsmasq: Activate LTO
This decreases the binary size when PIE ASLR is activated by 8% on MIPS BE.

old:
202,020 /usr/sbin/dnsmasq

new:
185,676 /usr/sbin/dnsmasq

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-08 23:57:51 +01:00
Hauke Mehrtens
a43a40c49e uci: update to latest to version 2019-11-08
fc417e8 build: Add -Wclobbered to detect problems with longjmp
2c8e4a3 util: Fix error path

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-08 23:56:43 +01:00
Michal Cieslakiewicz
1105290049 ar71xx: update uboot-envtools for Netgear WNR routers
Boards added: WNR1000v2, WNR2000v3, WNR2200, WNR612v2, WNDR4300.
Boards changed: WNDR3700 (u-boot env size is 2 sectors not 1).

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2019-11-08 14:48:52 +01:00
Michal Cieslakiewicz
d47b687006 ath79: update uboot-envtools for Netgear WNR routers
Boards added: WNR1000v2, WNR2000v3, WNR612v2, WNDR3700.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2019-11-08 14:48:48 +01:00
Henrique de Moraes Holschuh
8eab0a0036 busybox: disable default config option FEATURE_SUID=y
Commit ad7c6102f2 ("busybox: fix missing install with suid bit set if
FEATURE_SUID=y") actually fixes BUSYBOX_CONFIG_FEATURE_SUID option and
thus would install busybox setuid root by default which would result in
possibly unwanted change of current behaviour, so let's disable this
option by default in order to preserve the current status-quo.

For the record: disabling FEATURE_SUID to preserve the status-quo does
*not* imply the current status-quo is "safer", or for that matter, in
any way desireable.  That is a discussion to be had on the mailing
lists.

Switching the FEATURE_SUID default to "n" is simply a compromise to
facilitate the merge of the changes that unbreak FEATURE_SUID.

Ref: PR#2502
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
[commit title/description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-07 22:51:37 +01:00
Henrique de Moraes Holschuh
ad7c6102f2 busybox: fix missing install with suid bit set if FEATURE_SUID=y
With FEATURE_SUID=y one can install busybox binary belonging to root
with the suid bit set, enabling some applets to perform root-level
operations even when run by ordinary users. Busybox then drops
privileges for applets that don't need root access, before entering
their main() function.

Currently we don't install busybox binary with suid bit set, rendering
this feature unusable.

Note that we can't just "chmod u+s /bin/busybox" at runtime as a
"cheaper" solution: it would waste approximately 200KiB of FLASH (the
whole /bin/busybox binary gets copied into the overlay).

Ref: PR#2502
Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
[commit title/description facelift, use INSTALL_SUID variable]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-07 22:50:16 +01:00
Adrian Schmutzler
22b8a6263d Revert "base-files: rename hostname with EUI of mac address"
This reverts commit 6170c46b47.

There has been demand for further evaluation of the impact of a
changed hostname, so this is reverted for now. The default hostname
will be "OpenWrt" again after this commit.

The macaddr_geteui() function is not removed by this revert.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-07 18:19:55 +01:00
Rosy Song
6170c46b47 base-files: rename hostname with EUI of mac address
If a label MAC address is provided for device, system
will rename the hostname with OpenWrt_{eui mac address}.
This helps to distinguish between different devices.

Since it's no good idea to nest json_* functions, this code does
not use get_mac_label directly, but only get_mac_label_dt as
external resource.

Signed-off-by: Rosy Song <rosysong@rosinson.com>
[merged with commit introducing macaddr_geteui, rebased on updated
label MAC address storage, extended commit message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-07 17:13:18 +01:00
Adrian Schmutzler
a6fbdd3a78 base-files: don't store label MAC address in uci system config
If set, label MAC address is available from one of two sources,
device tree or board.json. So far, the function get_mac_label
was meant for retrieving the address, while an option in uci
system config was specified only for case 2 (board.json).

The uci config option has several drawbacks:
- it is only used for a fraction of devices (those not in DT)
- label MAC address is a device property, while config implies
  user interaction
- label_macaddr option will only be set if /etc/config/system
  does not exist (i.e. only for new installations)

Thus, this patch changes the behavior of get_mac_label:
Instead of writing the value in board.json to uci system config
and reading from this location afterwards, get_mac_label now
extracts data from board.json directly. The uci config option
won't be used anymore.
In addition, two utility functions for extraction only from DT
or from board.json are introduced.

Since this is only changing the access to the label MAC address, it
won't interfere with the addresses stored in the code base so far.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-07 17:13:18 +01:00
Eneas U de Queiroz
3540a37a97 kernel: add crypto_user mod to crypto-user pkg
This is needed to export crypto information to netfilter, allowing
the alt. afalg openssl engine to obtain information about the drivers
being used.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-11-06 23:27:20 +01:00
Eneas U de Queiroz
f4853f7cca wolfssl: update to v4.2.0-stable
Many bugs were fixed--2 patches removed here.

This release of wolfSSL includes fixes for 5 security vulnerabilities,
including two CVEs with high/critical base scores:

- potential invalid read with TLS 1.3 PSK, including session tickets
- potential hang with ocspstaping2 (always enabled in openwrt)
- CVE-2019-15651: 1-byte overread when decoding certificate extensions
- CVE-2019-16748: 1-byte overread when checking certificate signatures
- DSA attack to recover DSA private keys

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-11-06 23:23:53 +01:00
Petr Štetiar
80a799125b libnl-tiny: update to latest Git head
Includes following changes:

 0230d0698e59 add initial GitLab CI support
 5e13b797a988 iron out all extra compiler warnings
 802fbd4d6f39 cmake: enable extra compiler checks
 050bb5c4431b convert into CMake project
 5b350e42d1fd refactor into separate Git project

and converts the package build to utilize CMake.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-06 16:31:42 +01:00
David Bauer
4c6fe32468 mac80211 ath9k: force QCA953x clock to 25MHz
The QCA953x only supports 25 MHz refclk, however some OEMs set an
invalid bootstrap value for the REF_CLK option, which would break the
clock detection in ath9k.

Force the QCA953x refclk to 25MHz in ath9k, as this is (according to the
datasheet) the only valid frequency.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-11-05 22:55:54 +01:00
Koen Vandeputte
f96af28272 ath10k-firmware: update Candela Tech firmware images
The release notes since last time for wave-1:

  *  October 5,  2019:  Fix too-short msg caused by invalid use of PayloadLen in receive path.
                        This appears to resolve the issue of getting (and ignoring) too-short commands
                        when we detect loss of CE interrupts and go into polling mode.

  *  October 12, 2019:  Fix regression in IBSS mode that caused SWBA overrun issues.  Related to
                        regression added during the ct-station logic, specifically TSF allocation.
                        Thanks for Ahmed Zaki @ Mage-Networks for helping to diagnose and test.

  *  October 15, 2019:  Only send beacon tx completion events if we can detect CT driver is being
                        used (based on CT_STATS_OK flag being set).  This should help CT firmware work
                        better on stock driver.

The release notes since last time for wave-2:

  *  October 15, 2019:  Only send beacon tx completion events if we can detect CT driver is being
                        used (based on ATH10k_USE_TXCOMPL_TXRATE2 | ATH10k_USE_TXCOMPL_TXRATE1 flags being set).
                        This should help CT firmware work better on stock driver.

  *  October 31, 2019:  Compile out peer-ratecode-list-event.  ath10k driver ignores the event.

  *  November 1, 2019:  Fix rate-ctrl related crash when nss and other things were changed while
                        station stays associated.  See bug: https://github.com/greearb/ath10k-ct/issues/96

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-05 15:43:22 +01:00
Jo-Philipp Wich
6f9157e6bd ustream-ssl: update to latest Git HEAD
c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect

Fixes: CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-05 14:43:20 +01:00
Felix Fietkau
fa37dbbc43 mac80211: fix build without CONFIG_PCI
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-11-05 14:22:01 +01:00
Felix Fietkau
8b15e7f661 mac80211: add support for multiple wiphys behind a single device
The device path will be the same for the first phy. For all subsequent
phys, the path gets an extra +1, +2, ...
Move the code for converting path to phy and vice versa to a separate
library script shared by config detection code and the netifd wireless
handler script

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-11-05 12:09:36 +01:00
Felix Fietkau
d64daf7026 mac80211: add pcie apsm backport changes
Required for newer versions of mt76

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-11-05 12:09:26 +01:00
David Bauer
3034f8c3b8 hostapd: enable PMKSA and OK caching for WPA3-Personal
This enables PMKSA and opportunistic key caching by default for
WPA2/WPA3-Personal, WPA3-Personal and OWE auth types.
Otherwise, Apple devices won't connect to the WPA3 network.

This should not degrade security, as there's no external authentication
provider.

Tested with OCEDO Koala and iPhone 7 (iOS 13.1).

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-11-04 18:46:54 +01:00
Hauke Mehrtens
6f3a293532 procd: Update to version 2019-11-02
f47622e instance: Warn about unexpected number of parameters
564ecdf instance: ujail: Fix allocated size for no_new_privs parameter
7fb2e1d procd: simplify code in procd_inittab_run
4a127c3 procd: replace exit(-1) with exit(EXIT_FAILURE)
bc0a73e procd: add upgraded binary to .gitignore
ba4c4db procd: add start-console support
3e39fe5 procd: shift arguments for askfirst only once
5d62829 procd: skip respawn in case device disappeared
d27949f procd: guard fork_worker calls

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-03 20:25:07 +01:00
Daniel Golle
43ae50978a mac80211: rt2x00: remove errornous duplicate condition
https://patchwork.kernel.org/patch/11224189/
--
On 2019-10-28 06:07, wbob wrote:
> Hello Roman,
>
> while reading around drivers/net/wireless/ralink/rt2x00/rt2800lib.c
> I stumbled on what I think is an edit of yours made in error in march
> 2017:
>
> https://github.com/torvalds/linux/commit/41977e86#diff-dae5dc10da180f3b055809a48118e18aR5281
>
> RT6352 in line 5281 should not have been introduced as the "else if"
> below line 5291 can then not take effect for a RT6352 device. Another
> possibility is for line 5291 to be not for RT6352, but this seems
> very unlikely. Are you able to clarify still after this substantial time?
>
> 5277: static int rt2800_init_registers(struct rt2x00_dev *rt2x00dev)
> ...
> 5279:  } else if (rt2x00_rt(rt2x00dev, RT5390) ||
> 5280:         rt2x00_rt(rt2x00dev, RT5392) ||
> 5281:         rt2x00_rt(rt2x00dev, RT6352)) {
> ...
> 5291:  } else if (rt2x00_rt(rt2x00dev, RT6352)) {
> ...

Hence remove errornous line 5281 to make the driver actually
execute the correct initialization routine for MT7620 chips.

As it was requested by Stanislaw Gruszka remove setting values of
MIMO_PS_CFG and TX_PIN_CFG. MIMO_PS_CFG is responsible for MIMO
power-safe mode (which is disabled), hence we can drop setting it.
TX_PIN_CFG is set correctly in other functions, and as setting this
value breaks some devices, rather don't set it here during init, but
only modify it later on.

Fixes: 41977e86c984 ("rt2x00: add support for MT7620")
Reported-by: wbob <wbob@jify.de>
Reported-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Acked-by: Stanislaw Gruszka <sgruszka@redhat.com>
--

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-03 18:31:02 +01:00
Yousong Zhou
e4af39d563 fstools: bump to version 2019-11-03
2f2a09a block: mount_device: err log only when mp deviates from spec
da4edc1 block: mount_device: skip extroot earlier
32c3126 block: mount_action: handle mount/umount deps
fb0700f block: support hierarchical mount/umount
1212b5b block: umount: skip / unless -a is given
eda8b3f block: use fsck.fat instead of dosfsck
d05276d libblkid-tiny: ntfs: fix use-after-free

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-11-03 04:25:37 +00:00
Yousong Zhou
51e7624776 libubox: bump to version 2019-10-29
It contains a single change to vlist.h header file: "vlist: add more
macros for loop iteration".  This is needed for newer version of fstools

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-11-03 04:24:54 +00:00
Kyle Copperfield
87f9292300 hostapd: add IEEE 802.11k support
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enables radio resource management to be reported by hostapd to clients.

Ref: https://github.com/lede-project/source/pull/1430
Co-developed-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2019-11-02 20:51:52 +01:00
Michal Cieslakiewicz
9b6f89c37f ath79: add support for Netgear WNDR4300
This patch adds ath79 support for Netgear WNDR4300.
Router was previously supported by ar71xx target only.
Note: device requires 'ar934x-nand' driver in kernel.

Specification
=============
  * Description: Netgear WNDR4300
  * Loader: U-boot
  * SOC: Atheros AR9344 (560 MHz)
  * RAM: 128 MiB
  * Flash: 128 MiB (NAND)
	- U-boot binary: 256 KiB
	- U-boot environment: 256 KiB
	- ART: 256 KiB
	- POT: 512 KiB
	- Language: 2 MiB
	- Config: 512 KiB
	- Traffic Meter: 3 MiB
	- Firmware: 25 MiB
	- ART Backup: 256 KiB
	- Reserved: 96 MiB
  * Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8327)
  * Wireless:
	- 2.4 GHz b/g/n (internal)
	- 5 GHz a/n (AR9580)
  * USB: yes, 1 x USB 2.0
  * Buttons:
	- Reset
	- WiFi (rfkill)
	- WPS
  * LEDs:
	- Power (amber/green)
	- WAN (amber/green)
	- WLAN 2G (green)
	- WLAN 5G (blue)
	- 4 x LAN (amber/green)
	- USB (green)
	- WPS (amber/green)
  * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
  * Power supply: DC 12V 2.5A
  * MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2

Installation
============
  * TFTP recovery
  * TFTP via U-boot prompt
  * sysupgrade
  * Web interface

Note about partitioning: firmware partition offset (0x6c0000) is
hardcoded into vendor's u-boot, so this partition cannot be moved
and resized to include Netgear-specific flash areas (pot, language,
config, traffic_meter) not used by OpenWrt.

Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_nand=y
CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr4300=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2019-11-02 19:29:30 +01:00
DENG Qingfang
2d00cf7515 libnl: update to 3.5.0
Update libnl to 3.5.0

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-11-01 21:19:40 +01:00
Vladimir Vid
b2fdfe0727 uboot-mvebu: add support for Macronix mx25u12835f flash
Some of A3700 boards use mx25u12835f, specifically uDPU and ESPRESSObin v7.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2019-11-01 21:19:40 +01:00
Hauke Mehrtens
57ff06405e ustream-ssl: Update to latest git HEAD
465f8dc wolfssl: adjust to new API in v4.2.0
3b06c65 Update example certificate & key, fix typo
1c38fd8 wolfssl: enable CN validation
33308ee ustream-io-cyassl.c: fix client-mode connections
79d91aa Remove CyaSSL, WolfSSL < 3.10.4 support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-01 21:19:40 +01:00
Hauke Mehrtens
ddab758997 lantiq: Allow PKG_ASLR_PIE for DSL and voice drivers
When ASLR_PIE was activated globally these drivers failed to build
because the user space LDFLAGS leaked into the kernel build process.
This was fixed in upstream Linux kernel commit ce99d0bf312d ("kbuild:
clear LDFLAGS in the top Makefile") which went into Linux 4.17. The
lantiq target is now on Linux 4.19 only and these exceptions are not
needed any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-01 21:19:40 +01:00
Michal Cieslakiewicz
f85d56bb03 ath79: add support for Netgear WNR2200
This patch adds ath79 support for Netgear WNR2200.
Router was previously supported by ar71xx target only (8 MiB variant).
Netgear WNR2200 has two flash versions - 8MiB sold in EU, US etc. and
16 MiB for Russia and China markets. Apart from flash size both variants
share the same hardware specification.

Specification
=============
  * Description: Netgear WNR2200
  * Loader: U-boot
  * SOC: Atheros AR7241 (360 MHz)
  * RAM: 64 MiB
  * Flash: 8 MiB or 16 MiB (SPI NOR)
	- U-boot binary: 256 KiB
	- U-boot environment: 64 KiB
	- Firmware: 7808 KiB or 16000 KiB
	- ART: 64 KiB
  * Ethernet: 4 x 10/100 LAN + 1 x 10/100 WAN
  * Wireless: 2.4 GHz b/g/n (Atheros AR9287)
  * USB: yes, 1 x USB 2.0
  * Buttons:
	- Reset
	- WiFi (rfkill)
	- WPS
  * LEDs:
	- Power (amber/green)
	- WAN (amber/green)
	- WLAN (blue)
	- 4 x LAN (amber/green)
	- WPS (green)
  * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
  * Power supply: DC 12V 1.5A
  * MAC addresses: LAN on case label, WAN +1, WLAN +2

Installation
============
  * TFTP recovery
  * TFTP via U-boot prompt
  * sysupgrade
  * Web interface

Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_generic=y
CONFIG_TARGET_ath79_generic_DEVICE_netgear_wnr2200-8m=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y
CONFIG_KERNEL_DEBUG_INFO=y
CONFIG_KERNEL_DEBUG_KERNEL=y

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2019-11-01 21:14:55 +01:00
Jo-Philipp Wich
c2675bb0ce rpcd: update to latest Git HEAD
d442d62 plugin: fix double free in finish callback
ee26d83 main: exec_self: make clang analyzer happy
90e40bd file: exec: properly free memory on error
9ecfada uci: free configs list memory on return
32fba36 exec: always call finish_cb to allow plugin to free up memory
ca3e2d5 plugin: do not free method name separately
02c6e1d exec: properly free memory on rpc_exec() error
cc50263 plugin: exec: properly free memory on parse error
bd0ed25 uci: reset uci_ptr flags when merging set operations
37aa919 plugin: fix leaking invoked method name for exec plugins

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-01 13:26:59 +01:00
Yousong Zhou
289d532ddd dropbear: rebuild libs on config change
Required as dependency on dropbear config headers is not tracked in
dropbear build system

Fixes FS#2275

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-11-01 06:59:51 +00:00
Yousong Zhou
4bf9bec361 kernel: mark kmod-usb-serial-wwan as hidden
The kconfig symbol is an invisible one since its introduction.  It is
not supposed to be enabled on its own.

Resolves FS#1821

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-30 12:43:17 +00:00
Yousong Zhou
f526e85426 base-files: hotplug-call: exit success when dir is absent
"block mount" invokes "hotplug-call mount".  It emits the following
error when mount is not present

	hotplug-call call failed

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-29 13:28:49 +00:00
David Bauer
641a93f0f2 ath10k-firmware: update wave 1 firmware to 10.2.4-1.0-00047
This fixes frequent crashes observed on a UniFi AC Mesh using OpenWrt
master and 19.07. 18.06 seems not affected from our testing.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-27 17:56:23 +01:00
David Bauer
a3914783a3 ath10k-firmware: retrieve wave 1 firmware from kvalo
This commit changes the source of the Wave 1 ath10k-firmware
from linux-firmware to Kall Valos ath10k-firmware repository.

This is necessary as the firmware selected in linux-firmware produces
frequent crashes in some circumstances.

This patch can be removed as soon as linux-firmware carries
10.2.4-1.0-00047 firmware.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-27 14:51:24 +01:00
Rosen Penev
cf8f9af0e0 util-linux: Disable utils requiring libpam
When the build system finds libpam, it enables building of these tools,
causing linker failures. Explicitly disable them as they are unused.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-10-27 14:25:30 +01:00
Jeff Kletsky
29b4f08405 ath79: uboot-envtools: Add GL-AR300M-Lite
Add the GL.iNet GL-AR300M-Lite to the list of supported boards.

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2019-10-24 23:06:41 +02:00
Yousong Zhou
49db2026e5 kernel: netfilter: reuse kconfig and files info from include dir
Less chance of missing out kconfig symbols at least

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-24 12:11:02 +00:00
Yousong Zhou
69b9f0161e toolchain: gcc: enable sanitizers for glibc toolchain
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-24 11:40:00 +00:00
David Bauer
7f187229a8 ipq40xx: add support for AVM FRITZ!Repeater 1200
Hardware
--------
SoC:   Qualcomm IPQ4019
RAM:   256M DDR3
FLASH: 128M NAND
WiFi:  2T2R IPQ4019 bgn
       2T2R IPQ4019 a/n/ac
ETH:   Atheros AR8033 RGMII PHY
BTN:   1x Connect (WPS)
LED:   Power (green/red/yellow)

Installation
------------

1. Grab the uboot for the Device from the 'u-boot-fritz1200'
   subdirectory. Place it in the same directory as the 'eva_ramboot.py'
   script. It is located in the 'scripts/flashing' subdirectory of the
   OpenWRT tree.

2. Assign yourself the IP address 192.168.178.10/24. Connect your
   Computer to one of the boxes LAN ports.

3. Connect Power to the Box. As soon as the LAN port of your computer
   shows link, load the U-Boot to the box using following command.

   > ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz1200.bin

4. The U-Boot will now start. Now assign yourself the IP address
   192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
   server root directory and rename it to 'FRITZ1200.bin'.

5. The Box will now boot OpenWRT from RAM. This can take up to two
   minutes.

6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
   scp. SSH into the Box and first write the Bootloader to both previous
   kernel partitions.

   > mtd write /path/to/uboot-fritz1200.bin uboot0
   > mtd write /path/to/uboot-fritz1200.bin uboot1

7. Remove the AVM filesystem partitions to make room for our kernel +
   rootfs + overlayfs.

   > ubirmvol /dev/ubi0 --name=avm_filesys_0
   > ubirmvol /dev/ubi0 --name=avm_filesys_1

8. Flash OpenWRT peristently using sysupgrade.

   > sysupgrade -n /path/to/openwrt-sysupgrade.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-23 01:17:28 +02:00
David Bauer
c0f4078164 ipq-wifi: add AVM FRITZ!Repeater 1200 bdf
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-23 01:17:28 +02:00
David Bauer
36f43b61a7 uboot-fritz4040: update to latest HEAD
f92be9d add support for AVM FRITZ!Repeater 1200
d651302 enable support for Atheros AR8033 PHY
e4c857c add machtype override hack

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-23 01:17:28 +02:00
Hans Dedecker
bf4ffa3cbe procd: update to latest git HEAD
258aa04 procd: Add cached and available to memory table

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-10-22 21:47:34 +02:00
David Bauer
2dd1755fe4 mac80211: fix build of rtw88
This commit fixes failing builds because of an incorrect configuration
for the kmod-rtw88 package.

RTW88_8822BE as well as RTW88_8822CE have to bes selected as "y" even
when building the driver as a module.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-22 15:16:41 +02:00
Roman Yeryomin
940844e077 base-files: uci-defaults: do config flush in one shot
Moving a file between tmpfs and other fs is neither
faster nor safer, thus no point in doing it in two steps.
Use new jshn option to write output directly to file.

Originally discussed here:
http://lists.openwrt.org/pipermail/openwrt-devel/2017-December/010127.html

Signed-off-by: Roman Yeryomin <roman@advem.lv>
2019-10-22 11:39:28 +02:00
Roman Yeryomin
c0e7ec91a0 libubox: update to latest git HEAD
eb30a03 libubox, jshn: add option to write output to a file

Signed-off-by: Roman Yeryomin <roman@advem.lv>
2019-10-22 11:38:40 +02:00
David Bauer
7a577e9a59 firmware: add Realtek RTL8822BE/RTL8822CE firmware
This commit adds packages for the Realtek RTl8822BE/RTL8822CE firmware
to be used with the rtw88 driver.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-22 09:16:24 +02:00
David Bauer
bb84bbe8fc mac80211: add rtw88 driver
This commits adds packaging for the new RTW88 driver from Realtek.
It supports the Realtek 8822BE/8822CE PCIe wireless chips.

For operation, the complementary firmware has to be loaded.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-22 09:16:24 +02:00
Petr Štetiar
ed67b137c7 urngd: update to latest Git head
* 40f939d57c67 Tag version 1.0.1
 * 9e758e6e6aec jitterentropy-rngd: update to version v1.1.0 + clang compile fix
 * 193586a25adc Fix wrong types in format strings used in debug build
 * d474977bb611 Add initial GitLab CI support

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-21 22:04:20 +02:00
John Crispin
f4aaee01fa Revert "build: separate signing logic"
This reverts commit 4a45e69d19.

This broke the buildbots

Signed-off-by: John Crispin <john@phrozen.org>
2019-10-21 16:26:24 +02:00
Paul Spooren
4a45e69d19 build: separate signing logic
This separates the options for signature creation and verification

* SIGNED_PACKAGES create Packages.sig
* SIGNED_IMAGES add ucert signature to created images
* CHECK_SIGNATURE add verification capabilities to images
* INSTALL_LOCAL_KEY add local key-build to /etc/opkg/keys

Right now the buildbot.git contains some hacks to create images that
have signature verification capabilities while not storing private keys
on buildbot slaves. This commit allows to disable these steps for the
buildbots and only perform signing on the master.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-10-21 14:06:42 +02:00
Tim Harvey
f4f483f3ff uboot-envtools: remove erasesize from MMC config
Erasesize doesn't belong in the u-boot env config for block devices as it is
known to be 512 byte aligned.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2019-10-21 12:28:03 +02:00
Yousong Zhou
e8f79474c9 libpcap: build with cmake
The main motivation is to drop and stop maintaining
"100-debian_shared_lib.patch".  It lacks the logic to include custom
implementation of several functions like pcap_strlcpy() which can cause
build failures when glibc is used [2]

CAN and CAN-USB support related symbols are now handled by general linux
support, see [1]

"-ffunction-sections -fdata-sections" were removed as they should help
much for shared libraries

Size comparison before and after the change

  -rw-r--r-- 1 yunion yunion 238042 Oct 18 11:42 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1

  lrwxrwxrwx 1 yunion yunion     16 Oct 18 13:03 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1 -> libpcap.so.1.9.1
  -rwxr-xr-x 1 yunion yunion 229867 Oct 18 13:03 ipkg-x86_64/libpcap/usr/lib/libpcap.so.1.9.1

[1] On Linux, handle all CAN captures with pcap-linux.c, in cooked mode,
    93ca5ff703
[2] https://github.com/openwrt/packages/issues/10270

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-21 01:37:43 +00:00
Eneas U de Queiroz
cebf024c4d openssl: Add engine configuration to openssl.cnf
This adds engine configuration sections to openssl.cnf, with a commented
list of engines.  To enable an engine, all you have to do is uncomment
the engine line.

It also adds some useful comments to the devcrypto engine configuration
section.  Other engines currently don't have configuration commands.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-10-20 13:01:43 +02:00
Josef Schlehofer
9ba5cd86b8 strace: update to version 5.3
Makefile changes:
- moves PKG_MAINTAINER above PKG_LICENSE
- Change PKG_LICENSE to LGPL-2.1-or-later and correct PKG_LICENSE_FILES
- changes URL to a more appropriate one, which uses HTTPS
- adds 2 spaces as an indentation in description

Compile and run tested on Turris Omnia, mvebu

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2019-10-20 12:33:40 +02:00
leo chung
56ab58fb6c bzip2: add linker option LDFLAGS
if gcc not linker whith this LDFLAGS, "file libbz2.so.1.0.8" will
recognize as pie executable ELF file ( which should be shared object).

this because the file command version before 5.36 not recognize
correctly.

Signed-off-by: leo chung <gewalalb@gmail.com>
2019-10-19 12:49:11 +02:00
Mathew McBride
97bcbc690c kernel: add package for Epson RX-8025 and compatible I2C RTC
RX-8025 is an I2C RTC from Epson, some newer products such as the
RX-8035 are also compatible.

Signed-off-by: Mathew McBride <matt@traverse.com.au>
2019-10-19 12:49:11 +02:00
Hauke Mehrtens
e6cadb215c mac80211: Update to version 5.4-rc2
This updates mac80211 to backports based on kernel 5.4-rc2

ath10k-ct was updated to match the API changes and iw now uses the new
nl80211.h header file.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-10-19 12:35:55 +02:00
Hauke Mehrtens
67dc023f87 mac80211: Update to version 5.3.6
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-10-19 12:35:55 +02:00
Florian Eckert
c7c14aaad3 wwan: Double quote to prevent globbing and word splitting
Fix some shellcheck warnings.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-18 19:48:41 +02:00
Florian Eckert
a78a539afd wwan: add ec25 to database
Add ec25 to database.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-18 19:48:21 +02:00
Florian Eckert
68b1b0bb39 wwan: add mc7304 to database
Add mc7304 to database.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-18 19:47:58 +02:00
Florian Eckert
c45c7606cc wwan: check new uci bus option on proto setup event
If system has more then one and different wwan interface (modem). Then the
wwan protohandler will always take the modem which is discovered first.
The protohandler will always setup the same interface. To fix this add a
new usb "bus" option which is associated with wwan device and so will set
the specified interface up. With this change more then one interface
could be mananged by the wwan protohandler.

If the "bus" option is not set in the uci network config then the protohandler
behaves as before the change. The protohanldler will take the first
interface which he founds.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-10-18 19:46:21 +02:00
Alin Nastac
ddf6ec29b4 procd: allow usage of * as procd_running() instance parameter
service_running() implementation in /etc/rc.common use it.
It is preferable to use wildcard than assuming the instance
name is the default one.

jsonfilter returns all matches when wildcards are used, hence
the -l 1 argument used to limit output to only one value.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2019-10-18 19:28:11 +02:00
Lucian Cristian
91aabae895 util-linux: add more command
at least vtysh needs it for proper listing, busybox is not modular so add it here

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-10-18 19:28:11 +02:00
Sean Kenny
9105057cc0 6in4: add rfc1918 check function
This is a precursor to adding proper support for multiple
6in4 tunnels with the already programmed tunlink parameter.
This is an essential sanity check so as to not break existing
and working behind NAT setups.

Signed-off-by: Sean Kenny <skenny@wfap.ca>

6in4: add myip he.net api parameter logic

This is to add proper support for multiple 6in4 tunnels
with the already programmed tunlink parameter.
As it stands before this commit, if there is a multi wan setup that
consists of dynamic ips, there is no way to use the
dynamic update feature as the he.net api is implicitly using
the ip address of the caller. This will explicitly use the
ipaddr specified in the interface config OR the ip of the
tunlink interface specified in the dynamic update api call instead
ONLY if the final resolved ipaddr variable is not an rfc1918 address.

Signed-off-by: Sean Kenny <skenny@wfap.ca>
2019-10-18 19:23:07 +02:00
Alin Nastac
d3b0459c93 lua: install luac symlink on host
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2019-10-18 19:23:07 +02:00
Christian Franke
d544bc84a0 lantiq: Fix fw_cutter LzmaWrapper
The destination buffer size `d_len` is passed to `lzma_inflate` as a
pointer. Therefore, it needs to be dereferenced to compare its content.

Signed-off-by: Christian Franke <nobody@nowhere.ws>
2019-10-18 13:39:34 +02:00
Bjørn Mork
07b5c59232 kernel: fix MBIM description
Signed-off-by: Bjørn Mork <bjorn@mork.no>
2019-10-17 21:40:22 +02:00
Jo-Philipp Wich
889b841048 fwtool: do not omit final 16 byte when image does not contain signature
The fwutil command will interpret the final 16 byte of a given firmware
image files as "struct fwimage_trailer".

In case these bytes do look like a valid trailer, we must ensure that we
print them out along with the remainder of the image to not accidentally
truncate non-trailer-images by 16 bytes when they're piped through fwtool,
e.g. as part of an image verification command sequence.

Some command sequences pipe images through fwtool in order to strip any
possible metadata, certificate or signature trailers and do not expect
bare images without any of that metadata to get truncated as other non-
fwtool specific metadata is expected at the end of the file, e.g. an
information block with an md5sum in case of the combined image format.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-17 17:07:12 +02:00
Kevin Darbyshire-Bryant
9d5e266cb1 wireguard: bump to latest snapshot 20191012
8eb8443 version: bump snapshot
be09cf5 wg-quick: android: use Binder for setting DNS on Android 10
4716f85 noise: recompare stamps after taking write lock
54db197 netlink: allow preventing creation of new peers when updating
f1b87d1 netns: add test for failing 5.3 FIB changes
a3539c4 qemu: bump default version

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-10-16 16:13:39 +01:00
Jo-Philipp Wich
bc61458b73 iwinfo: update to latest Git HEAD
07315b6 nl80211: handle hidden SSIDs in wpa_supplicant scan results
3ac846e lua: fix string description of mixed WPA3 modes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-16 16:48:40 +02:00
Florian Eckert
a5ec41b0e5 mac80211: add new acs_exclude_dfs option
The channel can be selected automatically at run time by setting
channel=acs_survey or channel=0, both of which will enable the ACS survey
based algorithm in hostapd. If the option acs_exclude_dfs is set in the
hostpad config DFS channels from ACS are excluded on channel selection.

This commit will add the possibilty to exclude the dfs channel on ACS
survey.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-10-15 23:27:47 +02:00
Martin Schiller
71e04091a9 lantiq: fix dsl_control status handling.
Commit 7519a36774 ("base-files,procd: add generic service status")
introduced the generic 'status' command which broke the previous
dsl_control status output. To fix this, let's rename the "old" command
to "dslstat".

Fixes: 7519a36774 ("base-files,procd: add generic service status")
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2019-10-15 23:23:08 +02:00
Daniel Engberg
f351beedfd libevent2: Update to 2.1.11
Update libevent to 2.1.11
Use CMake instead GNU Autotools
Backport following commits:
f05ba67193
..and partially
7201062f3e
to fix compilation

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-10-15 22:35:14 +02:00
Rosen Penev
4533ba6810 lua: fix linking under glibc
Compilation of liblua itself works, but when other packages link against
it, the linker starts throwing undefined references to a bunch of math
functions in libm.

First discovered in a failed attempt to transition a package to uClibc++.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[fix commit title capitalization]
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-15 18:13:54 +02:00
Adrian Schmutzler
48b5d08a48 treewide: use a single ath10k MAC patching function with checksum
While all ath10k eeproms have a checksum field, so far two
functions for patching ath10k MAC address have been present (and
been used).

This merges code to provide a single function ath10k_patch_mac
in caldata.sh, having its name in accordance with ath9k functions.
By doing so, correct MAC patching for current and future ath10k
devices should be ensured.

This patch adds checksum adjustments for several targets on
ath79 and lantiq.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-10-15 18:13:54 +02:00
Koen Vandeputte
089b4f16aa gdb: bump to 8.3.1
GDB 8.3.1 brings the following fixes and enhancements over GDB 8.3:

PR c++/20020 (GDB segfault on printing objects)
PR gdb/24454 (nat/x86-linux-dregs.c failed assertion)
PR breakpoints/24541 (Incorrect evaluation of systemtap probes due to register being signed and probe expression assuming unsigned)
PR symtab/24545 (Symbol loading performance regression with cc1)
PR gdb/24592 (amd64->i386 linux syscall restart problem)
PR gdb/25009 (terminate called after throwing an instance of 'srchilite::ParserException')
PR gdb/25010 (Calls to error () can cause SIGTTOU to send gdb to the background)
PR breakpoints/25011 (Breakpoints on file reloads broken for PIE binaries)

This corrective release also brings the following testsuite fixes and
enhancements:

PR testsuite/25005 (gdb-caching-proc.exp takes a lot of time on skip_opencl_tests)
PR testsuite/25016 (Test-case failures for -pie)

GDB 8.3 includes the following changes and enhancements:

* Support for new native configurations (also available as a target configuration):
     - RISC-V GNU/Linux (riscv*-*-linux*)
     - RISC-V FreeBSD (riscv*-*-freebsd*)

* Support for new target configurations:
     - CSKY ELF (csky*-*-elf)
     - CSKY GNU/Linux (csky*-*-linux)
     - NXP S12Z ELF (s12z-*-elf)
     - OpenRISC GNU/Linux (or1k*-*-linux*)

* Native Windows debugging is only supported on Windows XP or later.

* The Python API in GDB now requires Python 2.6 or later.

* GDB now supports terminal styling for the CLI and TUI.
  Source highlighting is also supported by building GDB with GNU
  Highlight.

* Experimental support for compilation and injection of C++ source
  code into the inferior (requires GCC 7.1 or higher, built with
  libcp1.so).

* GDB and GDBserver now support IPv6 connections.

* Target description support on RISC-V targets.

* Various enhancements to several commands:
     - "frame", "select-frame" and "info frame" commands
     - "info functions", "info types", "info variables"
     - "info thread"
     - "info proc"
     - System call alias catchpoint support on FreeBSD
     - "target remote" support for Unix Domain sockets.

* Support for displaying all files opened by a process

* DWARF index cache: GDB can now automatically save indices of DWARF
  symbols on disk to speed up further loading of the same binaries.

* Various GDB/MI enhancements.

* GDBserver on PowerPC GNU/Linux now supports access to the PPR,
  DSCR, TAR, EBB/PMU, and HTM registers.

* Ada task switching support when debugging programs built with
  the Ravenscar profile added to aarch64-elf.

* GDB in batch mode now exits with status 1 if the last executed
  command failed.

* Support for building GDB with GCC's Undefined Behavior Sanitizer.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-10-15 16:11:28 +02:00
Jo-Philipp Wich
57b834281b iwinfo: update to latest Git HEAD
a29b7d4 nl80211: align path to phy mapping logic with mac80211.sh

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-15 15:52:01 +02:00
Hans Dedecker
34c4741da0 odhcpd: update to latest git HEAD
9a4531a ndp: fix endian issue

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-10-14 21:35:09 +02:00
Adrian Schmutzler
2c60de0e3f treewide: move MAC address patch functions to common library
This unifies MAC address patch functions and moves them to a
common script. While those were implemented differently for
different targets, they all seem to do the same. The number of
different variants is significantly reduced by this patch.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-10-14 12:36:02 +02:00
Adrian Schmutzler
5b6a809092 treewide: move calibration data extraction function to library
This moves the almost identical calibration data extraction
functions present multiple times in several targets to a single
library file /lib/functions/caldata.sh.

Functions are renamed with more generic names to merge different
variants that only differ in their names.

Most of the targets used find_mtd_chardev, while some used
find_mtd_part inside the extraction code. To merge them, the more
abundant version with find_mtd_chardev is used in the common code.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
[rebase on latest master; add mpc85xx]
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-13 21:48:58 +02:00
Adrian Schmutzler
c1388a2deb base-files: move xor() from caldata extraction to functions.sh
The xor() function is defined in each of the caldata extraction
scripts for several targets. Move it to functions.sh to reduce
duplicate code.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-10-13 19:03:57 +02:00
Stijn Tintel
4b9a07336a kernel: add kmod-iio-bme680
This driver supports the Bosch Sensortec BME680 gas, humidity, pressure
and temperature sensor.

Tested I2C and SPI modes on a Raspberry Pi Zero W.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-10-13 13:08:04 +03:00
Ali MJ Al-Nasrawy
10f5eb0398 trelay: log "started" and "stopped"
It is informative especially when using multiple device pairs.

Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
2019-10-12 23:51:29 +02:00
Ali MJ Al-Nasrawy
c2635b871d trelay: fix deadlock on remove
Upon writing to "remove" file, debugfs_remove_recursive() blocks while
holding rtnl_lock. This is because debugfs' file_ops callbacks are
executed in debugfs_use_file_*() context which prevents file removal.

Fix this by only flagging the device for removal and then do the cleanup
in file_ops.release callback which is executed out of that context.

Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
2019-10-12 23:51:29 +02:00
Ali MJ Al-Nasrawy
77cfc0739d trelay: handle netdevice events correctly
Since v3.11, netdevice notification data are of type
"struct netdev_notifier_info". Handle it as such!

This should fix a critical bug in which devices are unable get released
because trelay does not release resources in response to UNREGISTER
event spamming the log with something like:

unregister_netdevice: waiting for eth0.1 to become free. Usage count = 1

Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
2019-10-12 23:51:29 +02:00
Ruixi Zhou
b30e481b6c kernel: NFSD: add dependency kmod-crypto-arc4 for kmod-fs-nfs-common-rpcsec
crypto-arc4 move into a module with commit c3a78955f3,
fs-nfs-common-rpcsec compile error without arc4 support.

Ref: https://github.com/openwrt/packages/issues/9912

Fixes: c3a78955f3 ("kernel: move crypto-arc4 into a module")
Signed-off-by: Ruixi Zhou <zhouruixi@gmail.com>
2019-10-12 23:51:08 +02:00
Val Kulkov
b10a453367 base-files: coreutil-date breaks setting kernel timezone
"coreutil-date" package from the packages feed replaces the Busybox date
applet by symlinking /usr/bin/gnu-date to /bin/date. This prevents the system
init script from setting kernel timezone because the GNU date utility does not
provide such functionality:

   root@OpenWrt:~# date -k
   date: invalid option -- 'k'
   Try 'date --help' for more information.

A specific reference to the Busybox date applet prevents alternative date
utilities from breaking the system init script.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
2019-10-12 23:43:08 +02:00
Eneas U de Queiroz
ee5a3f6d60 hostapd: adjust to removal of WOLFSSL_HAS_AES_GCM
WolfSSL is always built with AES-GCM support now.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-10-12 23:43:08 +02:00
Rosen Penev
6ab386c9bc uClibc++: Fix three bugs
The first allows usage of several functions in the std namespace, which
broke compilation of gddrescue specifically with uClibc-ng and uClibc++.

The second allows usage of long long with normal C++11, which is part of
the standard. Before, std=gnu++11 needed to be passsed to work around it.

As a result of the second patch, the pedantic patch can safely be removed.

Both patches are upstream backports.

Added -std=c++11 to CFLAGS to guarentee proper inclusion of long long.

Added another patch that fixes a typo with the long long support. Sent to
upstream.

Fixed up license information according to SPDX.

Small cleanups for consistency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-10-12 23:43:08 +02:00
Sungbo Eo
9f73fad359 kernel: fix typos in video KernelPackage description
Fixes: 4b3d17b709 ("kernel: add kmod-fb-sys-ram")
Fixes: b774acb479 ("package/modules: add missing gspca video drivers for 2.6.32 (patch from #6595)")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2019-10-12 23:37:00 +02:00
Sungbo Eo
60acddc960 uboot-oxnas: remove unnecessary execute permission bit
.c files do not need to be executable. 644 is enough.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2019-10-12 23:37:00 +02:00
DENG Qingfang
394273c066 tcpdump: update to 4.9.3
Fixed CVEs:
	CVE-2017-16808
	CVE-2018-10103
	CVE-2018-10105
	CVE-2018-14461
	CVE-2018-14462
	CVE-2018-14463
	CVE-2018-14464
	CVE-2018-14465
	CVE-2018-14466
	CVE-2018-14467
	CVE-2018-14468
	CVE-2018-14469
	CVE-2018-14470
	CVE-2018-14879
	CVE-2018-14880
	CVE-2018-14881
	CVE-2018-14882
	CVE-2018-16227
	CVE-2018-16228
	CVE-2018-16229
	CVE-2018-16230
	CVE-2018-16300
	CVE-2018-16301
	CVE-2018-16451
	CVE-2018-16452
	CVE-2019-15166
	CVE-2019-15167

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-10-12 23:37:00 +02:00
DENG Qingfang
44f11353de libpcap: update to 1.9.1
Fixed CVEs:
	CVE-2018-16301
	CVE-2019-15161
	CVE-2019-15162
	CVE-2019-15163
	CVE-2019-15164
	CVE-2019-15165

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-10-12 23:37:00 +02:00
Hauke Mehrtens
9caa86fba5 kernel: kmod-rtc-pcf2127: Fix dependencies
Add missing dependencies to i2c-core and regmap-spi. These get activated
when these modules are build in this driver, which is the case when we
build all modules. This fixes the build on some targets. This was found
by the buildbot.

Fixes: 34e2526f9f ("kernel: add kmod-rtc-pcf2127")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-10-12 22:36:23 +02:00
Petr Štetiar
36c6f4a011 libnl-tiny: fix package mirror hash
Current hash doesn't match with the content of the source tarball.

Fixes: a92f74ba8d ("libnl-tiny: move source code into separate Git repository")
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-11 22:48:06 +02:00
Felix Fietkau
7a8bcf36c7 mt76: update to the latest version
71c2ef0420b5 mt76: fix aggregation stop issue
5b02a078d4a7 mt76: add missing locking around ampdu action
7d8764d320cf mt76: avoid enabling interrupt if NAPI poll is still pending
d94cc81d3980 mt76: drop rcu read lock in mt76_rx_aggr_stop
c11a4ad06d9d mt76: mt76x0: eeprom: add support for MAC address from OF
01642d8bed33 mt76: mt76x02: fix use-after-free in tx status code handling airtime
391e1488f885 mt76: add sanity check for a-mpdu rx wcid index
d3a589586d1b mt76: fix a-mpdu boundary detection issue for airtime reporting

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-10-10 23:10:01 +02:00
Hans Dedecker
f8b58757d0 ppp: update to version 2.4.7.git-2019-10-04
0d004db Revert "pppd: Include time.h before using time_t"
e400854 pppdump: Eliminate printf format warning by using %zd
7f2f0de pppd: Refactor setjmp/longjmp with pipe pair in event wait loop
4e71317 make: Avoid using host include for cross-compiling
3202f89 pppoe: Remove the use of cdefs
d8e8d7a pppd: Remove unused rcsid variables
486f854 pppd: Fix GLIBC version test for non-glibc toolchains
b6cd558 pppd: Include time.h before using time_t
ef8ec11 radius: Fix compiler warning
f6330ec magic: Remove K&R style of arguments
347904e Add Submitting-patches.md

Remove patches 130-no_cdefs_h.patch, 131-missing_prototype_macro.patch,
132-fix_linux_includes.patch as fixed upstream
Refresh patches

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-10-10 22:37:10 +02:00
Stefan Lippers-Hollmann
f690b6f472 mac80211: fix scan when operating on DFS channels in ETSI domains
In non-ETSI regulatory domains scan is blocked when operating channel
is a DFS channel. For ETSI, however, once DFS channel is marked as
available after the CAC, this channel will remain available (for some
time) even after leaving this channel.

Therefore a scan can be done without any impact on the availability
of the DFS channel as no new CAC is required after the scan.

Enable scan in mac80211 in these cases.

Signed-off-by: Aaron Komisar <aaron.komisar@tandemg.com>
Link: https://lore.kernel.org/r/1570024728-17284-1-git-send-email-aaron.komisar@tandemg.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2019-10-09 21:00:02 +02:00
Klaus Kudielka
3a4f587c46 base-files: upgrade: add case to export_bootdevice
The factory uboot of the Turris Omnia boots with "root=b301", and we
instruct new users to sysupgrade from there (e.g. method 1, step 7).
Currently, this will fail with "Unable to determine upgrade device".
Add a new case to export_bootdevice, which parses the hex argument.

Fixes commit 2e5a0b81 ("mvebu: sysupgrade: sdcard: keep user added ...")

Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
2019-10-09 21:00:02 +02:00
Paul Spooren
a9e4e595e1 openssl: add gcc-8 -ffile-prefix-map filter
gcc-8 switch -ffile-prefix-map helps a lot with reproducible build paths
in the resulting binaries.

Ref: https://reproducible-builds.org/docs/build-path/
Signed-off-by: Paul Spooren <mail@aparcar.org>
[refactored into separate commit]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-09 09:13:44 +02:00
Petr Štetiar
a92f74ba8d libnl-tiny: move source code into separate Git repository
In order to make the source code usable and testable separately out of
buildroot.

Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-10-09 09:13:44 +02:00
Felix Fietkau
9c033242b1 mac80211: add an improved moving average algorithm to minstrel
Improves rate control responsiveness and performance

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-10-08 19:34:45 +02:00
David Bauer
97c37f8dd0 mac80211: ath10k: fix latency issue for QCA988x
This backport fixes high latency (>100ms) on the WiFi link when using a
QCA988x Wave 1 radio. The ath10k-ct driver is not affected by this bug
from my testing, hence why it hasn't been discovered earlier.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-10-06 21:28:49 +02:00
Robert Marko
34e2526f9f kernel: add kmod-rtc-pcf2127
Add kernel module to support NXP PCF2127 and PCF2129 RTC clocks.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-10-06 21:26:11 +02:00
Hans Dedecker
27bf8abe69 firewall: update to latest git HEAD
daed0cf utils: fix resource leak

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-10-04 20:42:26 +02:00
Hans Dedecker
1ed5c1b146 odhcpd: update to latest git HEAD
e76ad06 netlink: fix potential infinite loops

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-10-04 20:42:17 +02:00
Hauke Mehrtens
9a4fb78e7c iw: Update to version 5.3
Wifi HE (ieee80211ax) parsing is currently only activated in the full
version because it increases the compressed size by 2.5KBytes.

This also activates link time optimization (LTO) again, the problem was
fixed upstream

This increases the uncompressed binary size of iw-tiny by about 1.7%

old:
34446 iw_5.0.1-1_mipsel_24kc.ipk
new:
35064 iw_5.3-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-10-03 17:59:19 +02:00
Felix Fietkau
9f07d1519c grub2: fix a build regression on non-linux systems
Merge an upstream commit to correct a missing rename in generic code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-10-02 13:16:21 +02:00
Daniel Golle
0714a11bee mac80211: rt2x00: backport 'rt2x00: initialize last_reset'
https://patchwork.kernel.org/patch/11161981/
--
From: Stanislaw Gruszka <sgruszka@redhat.com>
Subject: [PATCH] rt2x00: initialize last_reset

Initialize last_reset variable to INITIAL_JIFFIES, otherwise it is not
possible to test H/W reset for first 5 minutes of system run.

Fixes: e403fa31ed71 ("rt2x00: add restart hw")
Reported-and-tested-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
--

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-10-01 15:54:53 +02:00
Hans Dedecker
6077cde98a ethtool: bump to 5.3
76c4682 Release version 5.3.
3870efc ethtool: dump nested registers
7c06fa8 gitignore: ignore vim swapfiles and patches
49d1401 ethtool: igb: dump RR2DCDELAY register

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-30 21:53:35 +02:00
Jo-Philipp Wich
f2b9181bb1 iwinfo: update to latest Git HEAD
2a95086 nl80211: recognize SAE encrypted mesh

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-30 12:44:13 +02:00
Felix Fietkau
fca9b5e4fb mt76: update to the latest version
0167bfa7b277 mt76: make mt76_rx_convert static
1d2acd5639d7 mt76: mt76x0: remove redundant chandef copy
496c78e4f0d3 mt76: mt76x0: remove unneeded return value on set channel
67973788f47f mt76: mt7615: introduce mt7615_txwi_to_txp utility routine
c7f82146ef96 mt76: mt7615: add support to read temperature from mcu
e07407ac1279 mt7603: fix build with CONFIG_KERNEL_DYNAMIC_DEBUG=y
8739f87e9aeb mt76: mt7615: fix control frame rx in monitor mode
9c5df3cb6a6d mt76: remove aggr_work field from struct mt76_wcid
0efbc5d1c271 mt76: use cancel_delayed_work_sync in mt76_rx_aggr_shutdown
0308d75f28e4 mt76: remove empty flag in mt76_txq_schedule_list
a20c20bbe88d mt76: usb: add lockdep_assert_held in __mt76u_vendor_request
b140512e73bf mt76: mt76x0e: make array mt76x0_chan_map static const, makes object smaller
63e815254075 mt76: mt7615: enable SCS by default
f3792b550fdb mt76: mt76x02: move mac_reset_counter in mt76x02_lib module
0355b7ae2b05 mt76: mt76x2: move mt76x02_mac_reset_counters in mt76x02_mac_start
c39488772d6b mt76: mt76x0u: reset counter starting the device
0b01aceeeff8 mt76: mt76x02u: move mt76x02u_mac_start in mt76x02-usb module
fbc59e64396e mt76: move queue debugfs entry to driver specific code
1118b5ea76be mt76: mt7615: add queue entry in debugfs
23e8aed3ac99 mt76: move aggr_stats array in mt76_dev
696c0fc5516a mt76: mt7615: collect aggregation stats
081926aa7b27 mt76: mt7603: collect aggregation stats
ea3ab68c7589 mt76: mt7615: fix mt7615 firmware path definitions
1ddcadb72e96 mt76: mt7603: remove q_rx field from struct mt7603_dev
202776352b0a mt76: report rx a-mpdu subframe status
b0429879eab2 mt76: rename mt76_driver_ops txwi_flags to drv_flags and include tx aligned4
a1d6891501a1 mt76: store current channel survey_state in struct mt76_dev
f34b1ae42cd0 mt76: track rx airtime for airtime fairness and survey
ee310307ad42 mt76: mt7603: track tx airtime for airtime fairness and survey
fdf0163fd101 mt76: mt7603: switch to a different counter for survey busy time
de118bb403d1 mt76: unify channel survey update code
3429cc7d36da mt76: mt76x02: move MT_CH_TIME_CFG init to mt76x02_mac_cc_reset
0e5050ee799c mt76: mt76x02: track approximate tx airtime for airtime fairness and survey
028071d9594c mt76: mt7615: report tx_time, bss_rx and busy time to mac80211
d91f7c1bcdf7 mt76: mt7615: fix survey channel busy time
2579122ba209 mt76: mt7615: introduce mt7615_mac_wtbl_update routine
81f2be0c459f mt76: mt7615: track tx/rx airtime for airtime fairness
e7199f944793 mt76: enable airtime fairness
8f22de061129 mt76: do not use devm API for led classdev
6f7d0f503d10 mt76: fix use-after-free bug in airtime fairness code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-09-29 22:16:27 +02:00
Felix Fietkau
d25cc3207d iw: add patch to include local BSS rx time in survey information
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-09-29 22:16:27 +02:00
Felix Fietkau
6a3739dc42 mac80211: add patch to include local BSS rx time in survey information
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-09-29 22:16:27 +02:00
DENG Qingfang
eddbd68b6d iproute2: update to 5.3.0
Update iproute2 to 5.3.0

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-09-28 21:26:53 +02:00
Brandy Krueger
1fe1a200d9 wireguard: bump to 0.0.20190913
Changes since 0.0.20190702:

define conversion constants for ancient kernels
android: refactor and add incoming allow rules
enforce that unused bits of flags are zero
immediately rekey all peers after changing device private key
support running in OpenVZ environments
do not run bc on clean target
skip peers with invalid keys
account for upstream configuration maze changes
openbsd: fix alternate routing table syntax
account for android-4.9 backport of addr_gen_mode
don't fail down when using systemd-resolved
allow specifying kernel release
enforce named pipe ownership and use protected prefix
work around ubuntu breakage
support newer PaX
don't rewrite siphash when it's from compat
squelch warnings for stack limit on broken kernel configs
support rhel/centos 7.7

Signed-off-by: Brandy Krueger <krueger.brandy24@gmail.com>
2019-09-28 21:01:53 +02:00
David Bauer
af63436d2d uboot-fritz4040: update to 2019-09-07
572ff7f fritzcreator: actually add checksum spacer
6edce1a fritzcreator: replace obscure padding generation with something more portable
2ff189f add ASUS RT-AC58U "easy install" factory u-boot shim
b91f9c2 readd spi-nand support
486ae53 improve cmd_sysupgrade
b0933f1 replace sstrip with strip
882e48a do not include generated files into git
0c5aa5f fix bugs in ipq40xx_cdp.c

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-09-25 22:42:03 +02:00
Jo-Philipp Wich
ced4c0e635 iwinfo: update to latest Git HEAD
313e827 nl80211: keep awaiting wpa_supplicant scan results on busy response
a766751 nl80211: fix parsing of mixed wpa encryption in wpa_supp scan results
f096bfd utils: support parsing SAE and OWE key management suites from IEs

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-22 18:58:50 +02:00
Hauke Mehrtens
49cc712b44 hostapd: Add mesh support for wpad full
This increases the size of the binary slightly:

old:
427722 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431696 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

new:
442109 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
445997 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:51 +02:00
Hauke Mehrtens
998686364d hostapd: use getrandom syscall
hostapd will not use the getrandom() syscall and as a fallback use
/dev/random, the syscall is supported since Linux 3.17 and in the musl,
glibc and uclibc version used by OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:51 +02:00
Hauke Mehrtens
0d86bf518a hostapd: Remove unneeded patch
All the content of this function is proceeded by IEEE8021X_EAPOL no code
accesses the ssid variable outside of this ifdef.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:51 +02:00
Hauke Mehrtens
9b4a27455c hostapd: use config option CONFIG_NO_LINUX_PACKET_SOCKET_WAR
Instead of patching the workaround away, just use the config option.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:51 +02:00
Hauke Mehrtens
167028b750 hostapd: Update to version 2.9 (2019-08-08)
The size of the ipkgs increase a bit (between 0.7% and 1.1%):

old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-22 17:39:38 +02:00
Hauke Mehrtens
8af79550e6 hostapd: Update to version 2.8 (2019-04-21)
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.

The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*

The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.

The size of the ipkgs increase a bit (between 1.3% and 2.3%):

old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk

new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2019-09-22 17:39:26 +02:00
Daniel Golle
4fc0a61ed3 ltq-vdsl-fw: update firmware filename and download URL
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-09-21 15:12:45 +02:00
Jo-Philipp Wich
2a603cfcfc rpcd: update to latest Git HEAD
95f0973 file: increase minimum read buffer size to 4096 bytes

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-21 15:04:18 +02:00
Hauke Mehrtens
81e93fff7d usign: update to latest Git HEAD
f34a383 main: fix some resource leaks

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-21 01:12:35 +02:00
Hauke Mehrtens
541a321070 fstools: update to latest Git HEAD
4327ed4 mkdev: Avoid out of bounds read
9b3eb63 libblkid-tiny: use blkid_probe_set_utf8label for label set
c9d0462 libblkid-tiny: adds blkid_probe_set_utf8label support

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-21 01:12:35 +02:00
Hauke Mehrtens
a700b5353a procd: update to the latest git HEAD
8e9fb51 procd: Switch to nanosleep
c844ace system: Fix possible integer overflows

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-21 01:12:35 +02:00
Hauke Mehrtens
a6981604b3 hostapd: Fix AP mode PMF disconnection protection bypass
This fixes
* CVE-2019-16275 AP mode PMF disconnection protection bypass
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-21 01:12:35 +02:00
Hal Martin
3819c1638a sunxi: Add support for Banana Pi M2 Ultra
CPU: Allwinner R40 Quad-Core Cortex-A7 @ 1.2GHz
GPU: Mali 400 MP2
Memory: 2GB DDR3 onboard (shared with GPU)
Onboard: Storage microSD card slot
Onboard: Storage 8GB eMMC
Onboard: Network 10/100/1000M Ethernet RJ45
Onboard: Network WiFi 802.11b/g/n 1x1 (AMPAK AP6212; brcmfmac)
Onboard header: SPI, I2C, GPIO, UART
USB: Two USB 2.0 Host, One USB 2.0 OTG

Known issues:
- WiFi doesn't work
- eMMC not supported

Signed-off-by: Hal Martin <hal.martin@gmail.com>
2019-09-21 01:12:35 +02:00
Rosen Penev
f4da28c301 elfutils: Add host build
Needed for glib2 host build:

gresource-tool.c:32:20: fatal error: libelf.h: No such file or directory
 #include <libelf.h>

Changed PKG_LICENSE to the SPDX version.

Switched build dependency for argp-standalone to !USE_GLIBC. argp is a
glibc extension. Treat it as such.

Adjusted patch to use strerror_l, which works properly with both glibc
and musl. The patch errors under glibc with:

dwfl_error.c:158:7: error: ignoring return value of 'strerror_r', declared
with attribute warn_unused_result [-Werror=unused-result]
       strerror_r (error & 0xffff, s, sizeof(s));

void casting does not fix the error.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-09-21 01:09:30 +02:00
Eneas U de Queiroz
ab19627ecc wolfssl: allow building with hw-crytpo and AES-CCM
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure.  This applies a couple of upstream
patches fixing this.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-20 20:54:10 +02:00
Magnus Kroken
49d96ffc5c mbedtls: update to 2.16.3
Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch,
the issue has been fixed upstream.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2019-09-20 19:32:04 +02:00
Rosen Penev
977a8fc5fc uClibc++: Remove faulty patch
This patch was originally added to fix compilation with v4l2rtspserver.
Turns out it was v4l2rtspserver that was broken, not uClibc++. This now
causes issues with a different package where the arguments are being
split.

Note that with this patch, shellcheck throws an error:

SC2068: Double quote array expansions to avoid re-splitting elements.

More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-09-20 19:30:51 +02:00
Jo-Philipp Wich
d6bd3fd5c4 iwinfo: update to latest Git HEAD
02112f9 cli: fix reporting of mixed WPA2/WPA3 versions
7faeaea nl80211: properly detect WEP encryption in wpa_supp scan results
629b5ff nl80211: do not confuse open connections with WEP ones
3d47ddd nl80211: rework hostapd and wpa_supplicant wpa suite parsing

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-20 13:32:49 +02:00
Jo-Philipp Wich
abb4f4075e hostapd: mirror ieee80211w ap mode defaults in station mode
For AP mode, OpenWrt automatically sets ieee80211w to either 1 or 2, depending
on whether the encryption is set to sae-mixed, or sae/owe/eap suite-b.

Mirror the same defaults for client mode connections, in order to allow an
OpenWrt station to associate to an OpenWrt ap with SAE, OWE or Suite-B encryption
without the need to manually specify "option ieee80211w" on the station.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-20 13:27:28 +02:00
Jo-Philipp Wich
4209b28d23 hostapd: fix OWE settings in client mode
This changes fixes the generation of the wpa_supplicant client configuration
in WPA3 OWE client mode. Instead of incorrectly emitting key_mgmt=NONE, use
the proper key_mgmt=OWE setting instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-20 13:27:21 +02:00
Alberto Bursi
827f47749b kernel: add module for Emulex OneConnect 10Gbit
add module to support Emulex OneConnect
common in 10Gbit SFP+ cards by Dell/HP/IBM
supports OneConnect OCe10xxx OCe11xxx OCe14xxx, 
LightPulse LPe12xxx

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2019-09-19 23:43:27 +02:00
Leon M. George
f974f8213b hostapd: declare struct wpa_bss early
wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if
CONFIG_WPS is not defined.  With the later inclusion of
600-ubus_support, the issue manifests in warnings like these:

wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration
        struct wpa_bss *bss)
               ^~~~~~~

This patch forward declares 'struct wpa_bss' regardless.

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-19 23:43:27 +02:00
Leon M. George
a123df2758 hostapd: revert signature change in patch
The original wpa_hexdump uses a 'void *' for the payload.  With patch
410-limit_debug_messages, the signature changes and compiler warnings
occur at various places.  One such warning is:

 wpa_debug.h:106:20: note: expected 'const u8 * {aka const unsigned char *}' but argument is of type 'struct wpa_eapol_key *'

Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-19 23:43:27 +02:00
Adrian Schmutzler
469e347f19 base-files: provide option to specify label MAC address in board.d
For many devices, MAC addresses cannot be retrieved via the
device tree alias.

To still provide the label MAC address for those, this implements
a second mechanism that will put the address into uci config.
Note that this stores the actual MAC address, whereas in DTS
we reference the bearing device.

This is based on the work of Rosy Song <rosysong@rosinson.com>

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-19 23:43:27 +02:00
Adrian Schmutzler
0340718863 base-files: add function to retrieve label MAC address
To refer to the MAC address on a device's label, one can
specify the alias label-mac-device in the DTS which should
point to the bearer of the corresponding MAC address.

With the function get_mac_label, the user can retrieve then
retrieve this address and use it as a value that uniquely
identifies his device.

This is severely helpful for several downstream functionalities,
e.g. define MAC addresses of custom netifs or change the SSID to
be easily recognizable.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-19 23:43:27 +02:00
Hans Dedecker
71cf4a272c curl: bump to 7.66.0
Refresh patches, for changes in version 7.66.0 see https://curl.haxx.se/changes.html#7_66_0

Fixes CVEs:
    CVE-2019-5481
    CVE-2019-5482

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-19 22:23:01 +02:00
Eneas U de Queiroz
d868d0a5d7 openssl: bump to 1.1.1d
This version fixes 3 low-severity vulnerabilities:

- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
		 CMS_decrypt_set1_pkey

Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-19 21:28:53 +02:00
Álvaro Fernández Rojas
b400179ca6 brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-09-19 17:37:43 +02:00
Jo-Philipp Wich
c933b6d224 procd: fix invalid JSON filter expression in procd_running()
Since service and instance names may contain characters which are not allowed
in JSON path labels, such as dashes or spaces, change the filter expression
to array square bracket notation to properly match these cases as well.

Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-19 07:20:32 +02:00
Jo-Philipp Wich
5ef9e4f107 firewall: update to latest Git HEAD
383eb58 ubus: do not overwrite ipset name attribute

Ref: https://forum.openwrt.org/t/fw3-ipset-procd-objects/44044
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-18 10:51:24 +02:00
Rafał Miłecki
04e912d217 procd: update to the latest git HEAD
62dc8c0 system: sysupgrade: send reply on error
2710c65 system: refuse sysupgrade with backup if it's unsupported

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-18 07:33:41 +02:00
Rafał Miłecki
f39f4b2f6d mac80211: brcmfmac: backport the last 5.4 changes
This makes brcmfmac use the same wiphy after PCIe reset to help user
space handle corner cases (e.g. firmware crash).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-16 08:37:06 +02:00
Petr Štetiar
2cf209ce91 firewall: update to latest git HEAD
c26f8907d1d2 firewall3: fix typo that affects ICMPv6 rules with numeric icmp_type

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:56:09 +02:00
Robert Marko
3fe30b28ae ath10k-ct: update to version 2019-09-09
Update the ath10k-ct driver version to 5e8cd86f90dac966d12df6ece84ac41458d0e95f
to enable dynamic VLANs to work. Patches refreshed during the bump.

Signed-off-by: Robert Marko <robimarko@gmail.com>
[commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:56:09 +02:00
Robert Marko
7c930990af ath10k-firmware: update Candela Tech firmware images
This enables a feature flag in the wave-2 firmware wmi-services indicating it can send
software-encrypted raw frames.  This should in turn allow the AP-VLAN feature to work.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-09-15 22:56:09 +02:00
Petr Štetiar
296e1f253c netifd,lldpd,rpcd,log: use generic service_running
commit eb204d14f75c ("base-files: implement generic service_running")
introduced generic service_running so it's not needed to copy&paste same
3 lines over and over again.

I've removed service_running from netifd/network init script as well,
because it was not working properly, looked quite strange and I didn't
understand the intention:

 $ /etc/init.d/network stop
 $ service network running && echo "yes" || echo "nope"
     ( have to wait for 30s )
 Command failed: Request timed out
 yes

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:53:01 +02:00
Luiz Angelo Daros de Luca
7519a36774 base-files,procd: add generic service status
Adds a default status action for init.d scripts.

procd "service status" will return:

 0) for loaded services (even if disabled by conf or dead)
 3) for inactive services
 4) when filtering a non-existing instance

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[rebased, cleaned up]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 22:53:01 +02:00
Petr Štetiar
ed5b9129d7 base-files: implement generic service_running
DRY is good, otherwise we're going to suffer with a copy&paste disease
in the init scripts.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-09-15 20:58:30 +02:00
Hans Dedecker
a33d60c896 odhcpd: update to latest git HEAD
1d24009 netlink: rename netlink callback handlers
91a28e4 ndp: answer global-addressed NS manually
fd93e36 dhcpv6: retry failed PD assignments on addrlist change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-15 20:43:14 +02:00
Hans Dedecker
ce6311d301 odhcpd: fix update to git HEAD
Fixes commit 7ff5b12e90

e73bf11 config: ra_management compatibility support
d818380 odhcpd: router: Fix out of scope memory access
94a1c94 dhcpv6-ia: free assignment when validity timer expires
752fc2c router: speed up initial router advertisements
09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed
79eb160 router: fix previous commit
6034b5c router: close socket upon NETEV_IFINDEX_CHANGE
000182f router: fix lingering uloop socket descriptor
f6c2242 router: support ra_lifetime being 0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-12 22:37:54 +02:00
Ingo Feinerer
ca0ad9e0e9 umbim: update to latest git HEAD
184b707 umbim: add home provider query support

Signed-off-by: Ingo Feinerer <feinerer@logic.at>
2019-09-12 22:29:47 +02:00
Hans Dedecker
7ff5b12e90 odhcpd: update to latest git HEAD (FS#2019)
e73bf11 config: ra_management compatibility support
d818380 odhcpd: router: Fix out of scope memory access
94a1c94 dhcpv6-ia: free assignment when validity timer expires
752fc2c router: speed up initial router advertisements
09aa022 router: close socket upon NETEV_IFINDEX_CHANGE fixed
79eb160 router: fix previous commit
6034b5c router: close socket upon NETEV_IFINDEX_CHANGE
000182f router: fix lingering uloop socket descriptor
f6c2242 router: support ra_lifetime being 0
d111809 router: make RA flags configurable (FS#2019)

Update odhcpd defaults according to the new RA flags implementation

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-12 22:22:29 +02:00
Felix Fietkau
8176431963 mt76: probe load mt7615 driver asynchronously
It can take a long time to load the firmware

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-09-12 17:16:44 +02:00
David Bauer
7db2f1a71f iwinfo: update to latest Git HEAD
a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886
1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-09-12 15:38:08 +02:00
Rafał Miłecki
a858db3136 treewide: sysupgrade: use $UPGRADE_BACKUP to check for backup
Now that $UPGRADE_BACKUP is set conditionally there is no need to check
the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-11 09:05:35 +02:00
Rafał Miłecki
9785a9121d procd: update to the latest git HEAD
b8238df sysupgrade: support "backup" attribute

This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-11 09:03:36 +02:00
Rafał Miłecki
c5223b26a4 base-files: sysupgrade: pass "backup" ubus attribute
This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-11 08:57:24 +02:00
Hauke Mehrtens
7bed9bf10f hostapd: SAE/EAP-pwd side-channel attack update
Fixes this security problem:
* SAE/EAP-pwd side-channel attack update
https://w1.fi/security/2019-6/sae-eap-pwd-side-channel-attack-update.txt

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-10 21:51:41 +02:00
Hauke Mehrtens
9f34bf51d6 hostapd: Fix security problem
This fixes:
CVE-2019-11555 "EAP-pwd message reassembly issue with unexpected fragment"
https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt

This shouöld not affect OpenWrt in the default settings as we do not use
EAP-pwd.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-10 21:51:26 +02:00
Jo-Philipp Wich
d6a405280f rpcd: update to latest Git HEAD
e2a7bc4 iwinfo: add WPA3 support

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-10 15:25:12 +02:00
Rafał Miłecki
681acdcc54 mac80211: brcmfmac: backport more kernel 5.4 changes
Patch getting RAM info got upstreamed. A debugging fs entry for testing
reset feature was added.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-09 09:38:55 +02:00
Jo-Philipp Wich
2f9f8769e3 rpcd: update to latest Git HEAD
69eeb1b file: refactor message parsing and permission checking
f65527a iwinfo: expose all rate info fields in assoclist reply
7fec636 sys: fix symbol redeclaration
27c24c7 rpcd: sys: actually move timespec declaration
345363b file: add remove operation
604db20 rpcd: Switch to nanosleep

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-08 18:48:15 +02:00
Hauke Mehrtens
359bff6052 firewall: update to latest git HEAD
487bd0d utils: Fix string format message

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-08 18:39:13 +02:00
Rafał Miłecki
1c510fe298 base-files: validate firmware for compatibility with backup
This allows platform code to check if firmware image can be used with
preserving a backup. It may be used e.g. when installing vendor
firmwares that won't restore appended backup archive.

Suggested-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-08 09:10:30 +02:00
Hans Dedecker
7db6559914 firewal: update to latest git HEAD
4d0c703 firewall3: Fix some format string problems
8c404ef iptables.c: lock the xtables.lock
c1d3a4d utils: implement fw3_lock_path() & fw3_unlock_path()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-07 21:23:43 +02:00
Hans Dedecker
1855c23794 odhcp6c: update to latest git HEAD
e199804 dhcpv6: sanitize oro options

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-07 13:11:53 +02:00
Yousong Zhou
40e3f660c1 uboot-fritz4040: build with ipq40xx "generic" subtarget
Fixes: 853e4dd3 ("ipqx0xx: add Generic subtarget")
Ref: https://forum.openwrt.org/t/ipq40xx-snapshot-not-updated-since-22nd-august/44126
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-09-06 08:33:30 +00:00
Rafał Miłecki
641f6b6c26 treewide: use new procd sysupgrade $UPGRADE_BACKUP variable
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.

This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 23:33:19 +02:00
Rafał Miłecki
e8dcbbc865 procd: update to the latest git HEAD
0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code

This update includes a fix for uninitialized variable usage.

Fixes: 7290963d09 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 23:16:54 +02:00
Adrian Schmutzler
45600124fc base-files: use get_mac_binary() in mtd_get_mac_binary_ubi()
The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.

This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-09-05 20:42:08 +02:00
David Bauer
4c060228cb base-files: fix mtd_get_mac_text not accepting hex offsets
The mtd_get_mac_text helper method did not support hexadecimal offset
values, resulting them to break after 75bfc393ba ("treewide:
convert MAC address location offsets to hexadecimal")

This commit fixes this by evaluating the hexadecimal input,
converting them to decimal.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-09-05 20:31:56 +02:00
Rafał Miłecki
bf39047872 treewide: don't hardcode "sysupgrade.tgz" file name
1) Add BACKUP_FILE and use it when copying an archive to be restored
   after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-05 14:33:19 +02:00
Hauke Mehrtens
1184e1f2b6 uboot-envtools: Update to U-Boot version 2019.07
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-04 22:35:22 +02:00
Álvaro Fernández Rojas
da3f5b2196 brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-09-04 18:09:34 +02:00
Rafał Miłecki
7290963d09 procd: update to the latest git HEAD
34ac88c system: reject sysupgrade of invalid firmware images by default
f55c235 system: reject sysupgrade of broken firmware images
e990e21 system: add "validate_firmware_image" ubus method

This update changes "sysupgrade" ubus method API. It's now required to
pass "force" attribute whenever invalid firmware is meant to be
installed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-04 11:17:06 +02:00
Rafał Miłecki
b71962da16 base-files: pass "force" parameter to the "sysupgrade" call
This makes sysupgrade work with the most recent procd that validates
firmware before proceeding.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-09-04 11:07:41 +02:00
Hauke Mehrtens
6aa962a622 uci: update to latest Git HEAD
415f9e4 uci/file: replace mktemp() with mkstemp()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-01 19:53:30 +02:00
Hauke Mehrtens
6658447534 iwinfo: update to latest Git HEAD
f599a8d iwinfo: Fix rate buffer size
71ec9be iwinfo: Fix buffer size
f8ef450 iwinfo: Add support for WPA3

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-09-01 19:48:43 +02:00
Tomasz Maciej Nowak
3fa0f32a68 grub2: bump to 2.04
* GCC 8 and 9 support.
* Gnulib integration overhaul.
* RISC-V support.
* Xen PVH support.
* Native UEFI secure boot support.
* UEFI TPM driver.
* New IEEE 1275 obdisk driver.
* Btrfs RAID 5 and RIAD 6 support.
* bootin from F2FS support.
* PARTUUID support.
* VLAN support.
* Native DHCP support.
* Many ARM and ARM64 fixes.
* Many SPARC fixes.
* Many IEEE 1275 fixes.
* ...and tons of other fixes and cleanups...

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-09-01 18:38:05 +02:00
Luis Araneda
5ca243153b uboot-zynq: update to 2019.07
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-09-01 18:38:05 +02:00
Konstantin Demin
b74f1f335a nftables: bump to version 0.9.2
- exclude Python-related stuff from build
- drop patches:
  * 010-uclibc-ng.patch, applied upstream

ipkg size decrease by 2.8%:
old:
194.851 nftables_0.9.0-2_arm_cortex-a7_neon-vfpv4.ipk
new:
189.581 nftables_0.9.2-1_arm_cortex-a7_neon-vfpv4.ipk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-09-01 18:38:04 +02:00
Konstantin Demin
699955a684 libnftnl: bump to version 1.1.4
ABI version is same.

The ipkg size increase by about 2.2%:
old:
47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk
new:
48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-09-01 18:38:04 +02:00
Jo-Philipp Wich
02169bd3f8 rpcd: update to latest Git HEAD
821045f file: add path based read/write/exec ACL checks
fb337e5 file: add stat() information to directory listings

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-01 18:33:21 +02:00
Eneas U de Queiroz
7f2b230b3b uhttpd: add support to generate EC keys
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:35:11 +02:00
Eneas U de Queiroz
a552ababd4 px5g: support EC keys
This adds an 'eckey' command to generate an EC key, with an optional
curve name argument, with P-256 as default.

For the 'selfsigned' command, it adds an 'ec' algorithm argument to the
'-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option,
mirroring the way openssl specifies the curve name.

Notice that curve names are not necessarily the same in mbedtls and
openssl.  In particular, secp256r1 works for mbedtls, but openssl uses
prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256
and P-384 are specifically supported.

Package size increased by about 900 bytes (arm).

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:34:30 +02:00
Eneas U de Queiroz
f40262697f openssl: always build with EC support
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-09-01 00:16:08 +02:00
Rosen Penev
926157c2cc libnfnetlink: Avoid passing both -fPIC and -fpic
Instead, instruct the configure script to use $(FPIC) only.

Mixing -fPIC and -fpic can cause issues on some platforms like PPC.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-31 12:08:23 +02:00
Rosen Penev
e2ecf39e8e ncurses: Do not pass both -fPIC and -fpic
The configure scripts matches Linux with -fPIC, which is not exactly what
is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to
avoid passing -fPIC.

Removed PKG_BUILD_DIR as it is already the default value.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-31 12:08:23 +02:00
David Bauer
9b0ce1789b lua: create lua symlink for host installation
Since the binaries for both lua as well as lua5.3 contain the version
number, invocations of the "lua" binary are failing, as it's not created
anymore for the host package.

Fixes: fe59b46 ("lua: include version number in installed files")
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-08-31 10:31:00 +02:00
Rafał Miłecki
f522047958 base-files: use JSON for storing firmware validation info
So far firmware validation result was binary limited: it was either
successful or not. That meant various limitations, e.g.:
1) Lack of proper feedback on validation problems
2) No way of marking firmware as totally broken (impossible to install)

This change introduces JSON for storing detailed validation info. It
provides a list of performed validation tests and their results. It
allows marking firmware as non-forceable (broken image that can't be
even forced to install).
Example:
{
        "tests": {
                "fwtool_signature": true,
                "fwtool_device_match": true
        },
        "valid": true,
        "forceable": true
}

Implementation is based on *internal* check_image bash script that:
1) Uses existing validation functions
2) Provides helpers for setting extra validation info

This allows e.g. platform_check_image() to call notify_check_broken()
when needed & prevent user from bricking a device.

Right now the new JSON info is used by /sbin/sysupgrade only. It still
doesn't make use of "forceable" as that is planned for later
development.

Further plans for this feature are:
1) Expose firmware validation using some new ubus method
2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
   method so:
   a) It's possible to safely sysupgrade using ubus only
   b) /sbin/sysupgrade can be more like just a CLI

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-30 08:34:10 +02:00
John Crispin
63c722c0be linux-firmware: add mediatek BT firmware
Signed-off-by: John Crispin <john@phrozen.org>
2019-08-30 07:27:51 +02:00
Daniel Golle
a58bfb7377 mac80211: rt2x00: revert commit causing regression in 5GHz band
From: Stanislaw Gruszka <sgruszka@redhat.com>
This reverts commit 9ad3b55654455258a9463384edb40077439d879f.

As reported by Sergey:

"I got some problem after upgrade kernel to 5.2 version (debian testing
linux-image-5.2.0-2-amd64). 5Ghz client  stopped to see AP.
Some tests with 1metre distance between client-AP: 2.4Ghz  -22dBm, for
5Ghz - 53dBm !, for longer distance (8m + walls) 2.4 - 61dBm, 5Ghz not
visible."

It was identified that rx signal level degradation was caused by
9ad3b5565445 ("rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band").
So revert this commit.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-08-29 22:29:54 +02:00
Hans Dedecker
6e45ba4699 procd: fix compile issue with glibc (FS#2469)
0430252 sysupgrade: add missing _GNU_SOURCE define (FS#2469)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-28 15:30:40 +02:00
Koen Vandeputte
5cc942a80e ath9k: backport dynack improvements
Close cooperation with Lorenzo Bianconi resulted
in these patches which fix all remaining seen issues
when using dynack.

Fix link losses when:
- Late Ack's are not seen or not present
- switching from too low static coverage class to dynack on a live link

These are fixed by setting the Ack Timeout/Slottime to
the max possible value for the currently used channel width when
a new station has been discovered.

When traffic flows, dynack is able to adjust to optimal values
within a few packets received (typically < 1 second)

These changes have been thoroughly tested on ~60 offshore devices
all interconnected using mesh over IBSS and dynack enabled on all.

Distances between devices varied from <100m up to ~35km

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2019-08-28 13:08:21 +02:00
Jo-Philipp Wich
517cb0b70b fstools: update to latest Git HEAD
6a61b9a probe: fallback to libblkid.so.1 when libblkid.so does not exist

Also remove deprecation notices from init script while we're at it.

Fixes: FS#2274
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-28 12:46:18 +02:00
Jo-Philipp Wich
b13f3300d5 iwinfo: update to latest Git HEAD
a9f9557 nl80211: support reading hardware id from phy directly
c586cd3 iwinfo: add device id for MediaTek MT7612E
d4382dd iwinfo: add device id for Atheros AR9390

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-28 12:09:14 +02:00
Álvaro Fernández Rojas
cb3c4c713d brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-08-27 15:20:20 +02:00
DENG Qingfang
79f235abef mtd-utils: update to 2.1.1
Removed upstream patch
Compile and run tested on mvebu

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-08-27 10:32:44 +02:00
Koen Vandeputte
bd926fdde5 ath10k-firmware: update Candela Tech firmware images
This should fix a problem with 1560 MTU, 160Mhz on DFS channels,
some other small issues on < 5.2 kernels, and for 5.2 driver,
it pulls in some upstream stable fixes.

wave-1 firmware changes since last update:

  *  June 24, 2019: Try allocating low-priority WMI msgs if high-prio are not available.

  *  June 24, 2019: Init rate-ctrl to start at lowest rate instead of in the middle.  Hoping
                    this helps DHCP when station connects from a long distance.

wave-2:

  *  June 24, 2019  Start rate-ctrl at minimal values to help DHCP work better for far-away peers.

  *  July 24, 2019  Fix old regression that made /a (and probably /b/g) perform poorly, at least on
                    diet-compiled images.

  *  Aug 8, 2019  Improve a/b/g rate-ctrl by damping the PER swings caused by the all-or-nothing logic
                  of transmitting non-block-ack frames one at a time.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-27 10:32:44 +02:00
Felix Fietkau
c3a78955f3 kernel: move crypto-arc4 into a module
It is no longer required by wireless drivers, so we can save some space here

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-26 18:21:13 +02:00
Felix Fietkau
0e22e14b6c mt76: update to the latest version
fb0f432834c0 mt76: stop rx aggregation on station removal
76aada563b66 mt76: dma: reset q->rx_buf on rx reset
3245ca8b8aeb mt76: check of_get_mac_address for NULL as well to restore old kernel compat
8e495245ab3d mt76: mt7615: move mt7615_mac_get_key_info in mac.c
e4f48a8df6aa mt76: mt7615: add mt7615_mac_wtbl_addr routine
e8c95e5a41f0 mt76: mt7615: introduce mt7615_mac_wtbl_set_key routine
d998b90c4bed mt76: mt7615: remove wtbl_sec_key definition
60d279ec2762 mt76: mt7615: add set_key_cmd and mt76_wcid to mt7615_mac_wtbl_set_key signature
4947ad4eab6a mt76: introduce mt76_mmio_read_copy routine
4d9001b8ab1d mt76: mt7615: fix MT7615_WATCHDOG_TIME definition
3d6796b867b6 mt76: mt7603: fix watchdog rescheduling in mt7603_set_channel
8d7a48030005 mt76: mt7615: add 4 WMM sets support
ae0f11149248 mt76: mt7615: update cw_min/max related settings
8b7bbd017654 mt76: mt7603: fix some checkpatch warnings
e6045467848d mt76: mt7615: fix some checkpatch warnings
c415c676e255 mt76: mt76x02: fix some checkpatch warnings
f625afcedc9b mt76: switch to SPDX tag instead of verbose boilerplate text
4d57f1cee4aa mt76: mt7615: rework locking scheme for mt7615_set_channel
2becd13be766 mt76: mt7615: add Smart Carrier Sense support
20f0c196722a mt76: mt76x02: introduce mt76x02_pre_tbtt_enable and mt76x02_beacon_enable macros
ae83a05b1050 mt76: mt76x02: do not copy beacon skb in mt76x02_mac_set_beacon_enable
92fa62ace198 mt76: mt76x02u: enable multi-vif support
c6dabfe953af mt76: mt76x02u: enable survey support
1f44159b41ff mt76: mt7603: move survey_time in mt76_dev
9657e6304322 mt76: mt7615: enable survey support
af860c0decb1 mt76: move mt76_tx_tasklet in mt76 module
a9d2a28b39fc mt76: mt7603: remove unnecessary mcu queue initialization
281b10fc1fe6 mt76: mt7615: add BIP_CMAC_128 cipher support
37673a4181e4 mt76: fix some checkpatch warnings
a7fa32603981 mt76: add default implementation for mt76_sw_scan/mt76_sw_scan_complete
5c35bdf057af mt7615: apply calibration-free data from OTP
0e3baf0213c9 mt76: fix a leaked reference by adding a missing of_node_put
2d5928fef23d net: Remove dev_err() usage after platform_get_irq()
a0824197ab00 mt76: mt76x0e: disable 5GHz band for MT7630E
4d8a9f20610f mt76: do not send BAR frame on tx aggregation flush stop
2a0edbb4473b mt76: remove offchannel check in tx scheduling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-26 18:21:02 +02:00
Christian Lamparter
e1dcfe02b2 mac80211: refresh patches
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-24 23:23:31 +02:00
Christian Lamparter
5ef3fe614c openssl: refresh patches
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-24 23:23:31 +02:00
Christian Lamparter
8036345225 fstools: update to HEAD of 2019-07-01 - 1539b5
Update fstools to commit 1539b535ac327a3bc599d1ca871e14fd0dc3bba1

git log --pretty=oneline --abbrev-commit ff1ded63..1539b535

1539b53 libblkid-tiny: increment label size to 256
d563f3c libblkid-tiny: fix wrong btrfs label length
3957dd3 block: prevent mount point confusion
9b36dc2 libfstools: avoid false positives when matching devices and volumes

Created with the help of the make-package-update-commit.sh script.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-24 23:23:31 +02:00
Christian Lamparter
e9d875a537 ath10k-ct: update to HEAD of 2019-08-14 - 9e5ab2
Update ath10k-ct to commit 9e5ab25027e0971fa24ccf93373324c08c4e992d

git log --pretty=oneline --abbrev-commit f0aa8130..9e5ab250

9e5ab25 ath10k-ct:  Update to latest 5.2 upstream, support bigger mtu, 160Mhz

Created with the help of the make-package-update-commit.sh script
and refresh patches.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-24 23:22:10 +02:00
Vladimir Vid
7dff6a8c89 mvebu: uDPU: add sysupgrade support
This patch adds sysupgrade, uboot-env and networking support
for Methode uDPU device.

Device features 4 partitions:

-----------------------------------------
|  boot   | recovery  | rootfs |  misc  |
| (ext4)  |  (ext4)   | (fsf2) | (f2fs) |
_________________________________________

Idea was to use f2fs only but the u-boot currently lacks support
so first 2 partition are ext4 to be u-boot readable, and this was
a reason why custom build and sysupgrade sections were required.

On the sysupgrade, boot and rootfs partitions are updated, firmare
image and user configuration is saved on the misc partition and if
the upgrade was successfull, recovery partition will be updated on
after the reboot from preinit script. If the sysupgrade fails for any
reason, device will fallback to recovery initramfs image.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2019-08-24 23:11:15 +02:00
Vladimir Vid
52cbe6b9c0 kernel: add i2c-pxa driver
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2019-08-24 23:11:15 +02:00
DENG Qingfang
bd098231ba iproute2: update to 5.2.0
Remove upstream patches

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-08-24 21:58:13 +02:00
Felix Fietkau
f0992d7a30 mac80211: fix a regression in the minstrel_ht improvement patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-24 12:47:00 +02:00
Daniel Golle
4346de8d34 mac80211: rt2x00: import pending patches
https://patchwork.kernel.org/patch/11111605/
https://patchwork.kernel.org/patch/11110703/

Fixes: 91c84e87c2 ("mac80211: rt2x00: clear IV's on start to fix AP mode regression")
Fixes: 0b2c42ced2 ("mac80211: Update to version 5.2-rc7")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-08-23 18:10:47 +02:00
Rafał Miłecki
b6f4cd57e1 treewide: sysupgrade: pass "save_partitions" option to the "sysupgrade" method
This explicitly lets stage2 know if partitions should be preserved. No
more "touch /tmp/sysupgrade.always.overwrite.bootdisk.partmap" hack.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-22 13:47:51 +02:00
Rafał Miłecki
b534ba9611 base-files: pass "save_config" option to the "sysupgrade" method
This explicitly lets stage2 know if config should be preserved.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-22 13:47:47 +02:00
Rafał Miłecki
2b1a6d263c procd: update to latest git HEAD
9558031 system: support passing "options" to the "sysupgrade" ubus method

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-08-22 13:46:53 +02:00
Kevin Darbyshire-Bryant
bd01346bb4 firewall: update to latest git HEAD
bf29c1e firewall3: ipset: Handle reload_set properly

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-08-22 09:31:57 +01:00
Felix Fietkau
0441edfb7f mac80211: backport support for the IEEE80211_KEY_FLAG_GENERATE_MMIE flag
Required for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-21 14:59:21 +02:00
Felix Fietkau
a0637718d5 mac80211: add new minstrel_ht patches to improve probing on mt76x2
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-21 14:59:18 +02:00
Felix Fietkau
a886a0ecc8 mac80211: renumber subsys patches after update
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-21 14:59:10 +02:00
Felix Fietkau
032e08a011 mac80211: remove TX_NEEDS_ALIGNED4_SKBS patch
The intended performance benefit could not be reliably reproduced, and the
patch was not accepted upstream

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-21 14:59:05 +02:00
Luiz Angelo Daros de Luca
0851ce4ff9 elfutils: bump to 0.177
200-uclibc-ng-compat.patch is upstream now.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2019-08-19 22:10:35 +02:00
Daniel Golle
91c84e87c2 mac80211: rt2x00: clear IV's on start to fix AP mode regression
To do not brake HW restart we should keep initialization vectors data.
I assumed that on start the data is already initialized to zeros, but
that not true on some scenarios and we should clear it. So add
additional flag to check if we are under HW restart and clear IV's
data if we are not.

Patch fixes AP mode regression.

Patch pending on linux-wireless and imported from patchwork.

Fixes: 0b2c42ced2 ("mac80211: Update to version 5.2-rc7")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-08-19 13:46:00 +02:00
Hauke Mehrtens
9cdb4753be linux-firmware: intel: Use recent version of wifi firmware
iwlwifi from the new backports also supports more recent FW versions,
update to the most recent versions for already supported devices.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-18 22:17:35 +02:00
Hauke Mehrtens
2ceee0e023 mac80211: ath10k: Fix crashes of QCA9984 when station connects
This fixes a bug introduced in backports from kernel 5.1 which makes
ath10k crash on QCA9984 when a station connects. The FW sends a airtime
report, but this station is not yet fully registered and a NULL pointer
is used.

Fixes: 0b2c42ced2 ("mac80211: Update to version 5.2-rc7")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-18 21:18:36 +02:00
Christian Lamparter
8f757d427c ipq-wifi: drop upstreamed custom board-2.bin
The BDFs for the:
	ALFA Network AP120C-AC
	ASUS Lyra
	AVM FRITZ!Box 7530
	AVM FRITZ!Repeater 3000
	EnGenius EAP1300
	EnGenius ENS620EXT
	Netgear Orbi Pro SRK60

boards were upstreamed to the ath10k-firmware repository
and linux-firmware.git.

Furthermore the BDFs for the:
	OpenMesh A42 specific BDFs
	OpenMesh A62 specific BDFs
	Linksys EA6350v3
have been updated.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-18 20:56:41 +02:00
Christian Lamparter
4d34216ea5 linux-firmware: update to 20190815
Update linux-firmware to 20190815

git log --pretty=oneline --abbrev-commit 20190815..20190815

07b925b Install only listed firmware files
5621bfc rtw88: add a README file
7e431c5 rtw88: RTL8822C: add WoW firmware v7.3
2dc7023 rtw88: RTL8822C: update rtw8822c_fw.bin to v7.3
d3d000d Merge branch 'ath10k-20190808' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/linux-firmware
d3e17e9 Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
d3f7234 Merge commit '70af908f4ad7aa8bc65032253f99a0a4fbe1e6c3' of https://github.com/Netronome/linux-firmware
1f0a99f ath10k: QCA9984 hw1.0: update board-2.bin
49c1187 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00046
1031f01 ath10k: QCA988X hw2.0: update firmware-5.bin to 10.2.4-1.0-00045
cf714a2 ath10k: QCA9888 hw2.0: update board-2.bin
81e2e77 ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00040
8dc2dfb ath10k: QCA9887 hw1.0: update firmware-5.bin to 10.2.4-1.0-00045
1bd3ef2 ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00140-QCARMSWPZ-1
e043109 ath10k: QCA4019 hw1.0: update board-2.bin
b1e26aa cxgb4: update firmware to revision 1.24.3.0
70af908 nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.38
dff98c6 Merge branch 'master' of git://github.com/skeggsb/linux-firmware
580b076 Merge branch 'nxp_mc' of https://github.com/NXP/linux-firmware
f9b0071 Merge tag 'iwlwifi-fw-2019-07-20' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
2a3b75d nvidia: add missing entries in WHENCE
6fc1eb1 linux-firmware: Update NXP Management Complex firmware to version 10.16.2
cd6cb7b iwlwifi: update -48 FWs for Qu and cc
b5f09bb iwlwifi: update FWs for 3168, 7265D, 9000, 9260, 8000, 8265 and cc
bf13a71 Merge branch 'guc_v33' of git://anongit.freedesktop.org/drm/drm-firmware
d52556e linux-firmware: Update firmware file for Intel Bluetooth AX201
dbcc2fb linux-firmware: Update firmware file for Intel Bluetooth 22161
a5ee415 linux-firmware: Update firmware file for Intel Bluetooth 9560
7444ca4 linux-firmware: Update firmware file for Intel Bluetooth 9260
3d1e553 amdgpu: update vega10 VCE firmware
5d4e3cc amdgpu: update picasso vcn firmware
6a45d9e amdgpu: update raven vcn firmware
9c8161f amdgpu: update tonga to latest 19.20 firmware
7b6c49c amdgpu: update vega12 to latest 19.20 firmware
4f7b71b amdgpu: partially revert 2579167548be33afb1fe2a9a5c141561ee5a8bbe
fd3cc24 amdgpu: update vega10 to latest 19.20 firmware
c190efa amdgpu: update polaris12 to latest 19.20 firmware
f42b54e amdgpu: update raven2 to latest 19.20 firmware
fc89ce8 amdgpu: update raven to latest 19.20 firmware
3bebb5a amdgpu: update picasso to latest 19.20 firmware
05dbae6 drm/i915/firmware: Add v33 of GuC for ICL
786f17a drm/i915/firmware: Add v33 of GuC for KBL
aae0eb5 drm/i915/firmware: Add v33 of GuC for SKL
9cf240f drm/i915/firmware: Add v33 of GuC for GLK
8a0a6a6 drm/i915/firmware: Add v33 of GuC for BXT
70e4394 linux-firmware: rsi: add firmware image for redpine 9116 chipset
fd69a5d linux-firmware: Add firmware file for Intel Bluetooth AX201
7ae3a09 Merge tag 'iwlwifi-fw-2019-06-20' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
90e6845 iwlwifi: add new firmwares for integrated 22000 series
71ef30c iwlwifi: update FW for 22000 to Core45-96
e58cbf7 iwlwifi: update FWs for 9000 series to Core45-96
b443218 iwlwifi: update Core45 FWs for 22260, 9000 and 9260
5157165 iwlwifi: udpate -36 firmware for 8000 series

This commit was created with the help of the make-package-update-commit.sh script.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-18 20:56:41 +02:00
Christian Lamparter
cfd0748497 iftop: update to HEAD of 2018-10-03 - 77901c
Update iftop to commit 77901c8c53e01359d83b8090aacfe62214658183

git log --pretty=oneline --abbrev-commit 949ed0f7..77901c8c

77901c8 Support scales beyond 1Gbps

Created with the help of the make-package-update-commit.sh script.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-18 20:56:41 +02:00
Jo-Philipp Wich
d1f207ecc9 uhttpd: update to latest Git HEAD
6b03f96 ubus: increase maximum ubus request size to 64KB

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-18 20:00:06 +02:00
Hans Dedecker
58f929077f nghttp2: bump to 1.39.2
957abacf Bump up version number to 1.39.2, LT revision to 32:0:18
83d362c6 Don't read too greedily
a76d0723 Add nghttp2_option_set_max_outbound_ack
db2f612a nghttpx: Fix request stall

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-18 18:58:16 +02:00
Yousong Zhou
f0f5cb26cb ltq-ifxos: refer to https://bugs.openwrt.org
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-08-18 15:23:49 +00:00
Yousong Zhou
26615ededc ct-bugcheck: report to https://openwrt.org by default
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-08-18 15:23:25 +00:00
Alin Nastac
a6da3f9ef7 iproute2: add libcap support, enabled in ip-full
Preserve optionality of libcap by having configuration script follow the
HAVE_CAP environment variable, used similarly to the HAVE_ELF variable.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase/refresh patches]
2019-08-18 14:44:10 +02:00
James Taylor
eff6e10604 lua: add lua.hpp to InstallDev
This is necessary to build PowerDNS authoritative and recursor against
OpenWRT, and may avoid packages depending on lua/host unnecessarily.

Signed-off-by: James Taylor <james@jtaylor.id.au>
2019-08-18 14:06:24 +02:00
Hauke Mehrtens
397faa6e7c rtl8812au-ct: Add vendor command policy
Fixes: 928e893a11 ("mac80211: Update to version 5.3-rc4-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-18 14:06:24 +02:00
Boris Krasnovskiy
0c43219a35 mwlwifi: Fix loading with backports v5.3
This adds a vendor command policy which is enforced since mac80211 from
kernel 5.3

Fixes: 928e893a11 ("mac80211: Update to version 5.3-rc4-1")
Signed-off-by: Boris Krasnovskiy <boris.krasnovskiy@lairdtech.com>
2019-08-18 14:06:14 +02:00
Sandeep Sheriker M
0b7c66c93b at91bootstrap: add sama5d27_som1_eksd1_uboot as default defconfig
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:08:44 +02:00
Sandeep Sheriker M
8ff5d69734 at91bootstrap: add support for at91sam9x5ek
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:08:38 +02:00
Sandeep Sheriker M
f9c7ca84bc at91bootstrap: bump v3.8.10 to v3.8.12
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:08:31 +02:00
Sandeep Sheriker M
b39dc6e550 uboot-at91: fix -Wformat-security
add patch to fix -Wformat-security warnings.

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:08:10 +02:00
Sandeep Sheriker M
adc69febc0 uboot-at91: changed som1 ek default defconfigs
replaced som1 ek spi flash with qspi defconfig and mmc with mmc1
defconfig.

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:08:05 +02:00
Sandeep Sheriker M
4fe08476ce uboot-at91: add at91sam9x5ek soc
add support to build u-boot binaries for at91sam9x5ek socs.

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:08:00 +02:00
Sandeep Sheriker M
8309a3c8b1 uboot-at91: bump linux4sam_5.8 to linux4sam_6.0
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:07:53 +02:00
Hauke Mehrtens
ced2b7bb98 ustream-ssl: update to latest git HEAD
e8f9c22 Revise supported ciphersuites
7e9e269 wolfssl, openssl: use TLS 1.3, set ciphersuites

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 17:09:42 +02:00
Luiz Angelo Daros de Luca
0d0617ff14 musl: ldso/dlsym: fix mips returning undef dlsym
This happens only the second time a library is loaded by dlopen().
After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef
symbol from lib1 dependencies. After the second library is loaded,
dlsym(lib2,"undef1") was returning the address of "undef1" in lib2
instead of searching lib2 dependencies.

Using upstream fix which now uses the same logic for relocation time
and dlsym.

Fixes openwrt/packages#9297

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2019-08-17 16:57:32 +02:00
Eneas U de Queiroz
77e0e99d31 wolfssl: bump to 4.1.0-stable
Always build AES-GCM support.
Unnecessary patches were removed.

This includes two vulnerability fixes:

CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK
extension parsing.

CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-08-17 16:43:23 +02:00
Rosen Penev
1673041013 bzip2: Update to 1.0.8
It seems bzip2 was abandoned by the author and adopted by the sourceware
people. The last release of bzip2 was from 2010.

Several security bugs were fixed as well as others.

Fixed up PKG_LICENSE to be compatible with SPDX.

Changed URLs to point to the new home.

Added patch that gets rid of deprecated utime function and switches it to
utimensat.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-17 16:43:22 +02:00
Hauke Mehrtens
928e893a11 mac80211: Update to version 5.3-rc4-1
The removed patches were applied upstream.
The type of the RT2X00_LIB_EEPROM config option was changed to bool,
because boolean is an invalid value and the new kconfig system
complained about this.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 13:41:16 +02:00
Hauke Mehrtens
742505ef09 mac80211: Update to version 5.2.8-1
This contains multiple fixes from the upstream kernel.
The removed patch was merged upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 13:39:14 +02:00
Hauke Mehrtens
ebbec2fdc6 mdadm: Use upstream fix for musl 1.1.23 compile
Fixes: ba8aeb02ea ("mdadm: Fix compile with musl 1.1.23")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 00:30:52 +02:00
Hauke Mehrtens
1d4df52c21 hostapd: Allow CONFIG_IEEE80211W for all but mini variant
This commit will activate CONFIG_IEEE80211W for all, but the mini
variant when at least one driver supports it. This will add ieee80211w
support for the mesh variant for example.

Fixes: FS#2397
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 00:16:08 +02:00
Hauke Mehrtens
f34e825834 hostapd: Remove ROBO switch support
The driver was removed from OpenWrt a long time ago.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 00:16:08 +02:00
Colby Whitney
762fa36b6f lua5.3: include hpp header
The install was missing the hpp header.  Adding that in.

Signed-off-by: Colby Whitney <colby.whitney@luxul.com>
2019-08-16 22:53:06 +02:00
Kevin Darbyshire-Bryant
51ffce0694 firewall: improve ipset support
Bump to latest git HEAD

509e673 firewall3: Improve ipset support

The enabled option did not work properly for ipsets, as it was not
checked on create/destroy of a set. After this commit, sets are only
created/destroyed if enabled is set to true.

Add support for reloading, or recreating, ipsets on firewall reload.  By
setting "reload_set" to true, the set will be destroyed and then
re-created when the firewall is reloaded.

Add support for the counters and comment extensions. By setting
"counters" or "comment" to true, then counters or comments are added to
the set.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-08-16 11:27:24 +01:00
Paul Spooren
454021581f build: add buildinfo files for reproducibility
generate feeds.buildinfo and version.buildinfo in build dir after
containing the feed revisions (via ./scripts/feeds list -sf) as well as
the current revision of buildroot (via ./scripts/getver.sh).

With this information it should be possible to reproduce any build,
especially the release builds.

Usage would be to move feeds.buildinfo to feeds.conf and git checkout the
revision hash of version.buildinfo.

Content of feeds.buildinfo would look similar to this:

    src-git routing https://git.openwrt.org/feed/routing.git^bf475d6
    src-git telephony https://git.openwrt.org/feed/telephony.git^470eb8e
    ...

Content of version.buildinfo would look similar to this:

    r10203+1-c12bd3a21b

Without the exact feed revision it is not possible to determine
installed package versions.

Also rename config.seed to config.buildinfo to follow the recommended
style of https://reproducible-builds.org/docs/recording/

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-08-13 10:40:36 +02:00
Felix Fietkau
7ec092e641 Revert faulty tree push
Revert "mac80211: add new minstrel_ht patches to improve probing on mt76x2" (9861050b85)
Revert "kernel: use bulk free in kfree_skb_list to improve performance" (98b654de2e)
Revert "ramips: add preliminary support for WIO ONE" (085141dc5b)
Revert "ramips: add preliminary support for SGE AP-MTKH7-0006 developer board" (b1db6d0539)
Revert "build: use config.site generated by autoconf-lean, drop hardcoded sitefiles" (363ce4329d)
Revert "toolchain: add autoconf-lean" (fdb30eed03)
Revert "build: allow overriding the filename on the remote server when downloading" (6fa0e07758)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-12 12:27:06 +02:00
Felix Fietkau
9861050b85 mac80211: add new minstrel_ht patches to improve probing on mt76x2
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-12 11:43:39 +02:00
Hans Dedecker
63ced14048 dnsmasq: use nettle ecc_curve access functions
Fixes compile issues with nettle 3.5.1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-09 21:40:13 +02:00
Daniel Engberg
9e489b41b5 nettle: Update to 3.5.1
Update (lib)nettle to 3.5.1
Bump ABI_VERSION

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-08-09 21:40:13 +02:00
Vincent Wiemann
ccb4b96b8a comgt-ncm: add driver dependencies again
In the commit 623716dd43 ("comgt-ncm: Fix NCM protocol")
the dependencies to vendor NCM drivers were removed, because:

> comgt-ncm should not depend on the USB-serial-related kernel modules,
> as the cdc-wdm control device works without them. There is also no need
> to depend on kmod-huawei-cdc-ncm, since other manufacturers (like
> Ericsson and Samsung) which use other kernel modules should also be
> supported.

From a user-perspective this does not make sense, as installing comgt-ncm
(or luci-proto-ncm) should install all needed dependencies for using such
a device.

Furthermore depending on kmod-huawei-cdc-ncm does not mean that Ericsson
and Samsung devices can't be supported. By the way it seems that Ericsson
and Samsung devices never used NCM, but act as serial modems.

Thus this commit adds the dependencies again.

Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com>
[fixed title capitalization, formatted commit message,
renamed Sony-Ericsson to Ericsson]
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-08-08 21:33:34 +02:00
Chuanhong Guo
11182349e1 gpio-button-hotplug: add volume button handling
This is used by PISEN WMB001N.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-08-08 21:00:59 +08:00
Hans Dedecker
d9364c1cbc procd: update to latest git HEAD (FS#2425)
8323690 state: fix shutdown when running in a container (FS#2425)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-07 13:56:53 +02:00
Hans Dedecker
d70a35c365 netifd: update to latest git HEAD
5e02f94 system-linux: fix resource leak

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-07 13:55:52 +02:00
Jo-Philipp Wich
e1f588e446 packages: apply usign padding workarounds to package indexes if needed
Since usign miscalculates SHA-512 digests for input sizes of exactly
64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some
white space padding to avoid triggering the hashing edge case.

While usign itself has been fixed already, there is still many firmwares
in the wild which use broken usign versions to verify current package
indexes so we'll need to carry this workaround in the forseeable future.

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Ref: https://git.openwrt.org/5a52b379902471cef495687547c7b568142f66d2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-07 07:15:07 +02:00
Jo-Philipp Wich
f565f276e2 config: introduce separate CONFIG_SIGNATURE_CHECK option
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.

This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.

Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.

As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-06 21:22:27 +02:00
Jo-Philipp Wich
991dd5a893 usign: update to latest Git HEAD
This update fixes usign signature verification on files with certain
file sizes triggering a bug in the shipped SHA-512 implementation.

5a52b37 sha512: fix bad hardcoded constant in sha512_final()
3e6648b README: replace unicode character
716c3f2 README: add reference to OpenBSD signify
86d3668 README: provide reference for ed25519 algorithm
939ec35 usign: main.c: describe necessary arguments for -G

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-06 20:57:37 +02:00
Petr Štetiar
79596f782e adb: fix build breakage on recent musl
Fix build breakage as upstream has removed implicit include of
sys/sysmacros.h from sys/types.h:

 remove implicit include of sys/sysmacros.h from sys/types.h

 this reverts commit f552c792c7ce5a560f214e1104d93ee5b0833967, which
 exposed the sysmacros.h macros (device major/minor calculations) for
 BSD and GNU profiles to mimic an unintentional glibc behavior some
 code depended on. glibc has deprecated and since removed them as the
 resolution to bug #19239, so it makes no sense for us to keep this
 behavior. affected code should all have been fixed by now, and if it's
 not yet fixed it needs to be for use with modern glibc anyway.

Ref: https://git.musl-libc.org/cgit/musl/commit/include/sys/types.h?id=a31a30a0076c284133c0f4dfa32b8b37883ac930
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-08-06 00:09:48 +02:00
Rosen Penev
1b1c47577b linux-atm: Add missing headers
This fixes compilation with -Werror=implicit-function-declaration.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-05 23:22:26 +02:00
Tomasz Maciej Nowak
d6b585eb4e kernel: drop mvebu support in kmod-usb3
This is already enabled as kernel built-in feature in mvebu target and
none other target will use it.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-08-05 23:22:26 +02:00
Jeffery To
e545fac8d9 build: include BUILD_VARIANT in PKG_BUILD_DIR
This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into
account (if set), so that packages do not need to manually override
PKG_BUILD_DIR just to handle variants.

This also updates most base packages with variants to use the updated
default PKG_BUILD_DIR.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-08-05 23:22:26 +02:00
Hans Dedecker
018395392c ethtool: bump to 5.2
379c096 Release version 5.2.
2bce6d9 ethtool: Add 100BaseT1 and 1000BaseT1 link modes
67ffbf5 ethtool: sync ethtool-copy.h with linux-next from 30/05/2019
687152b ethtool.spec: Use standard file location macros

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-05 21:04:44 +02:00
Hans Dedecker
efb7b7a12a firewall: update to latest git HEAD
de94097 utils: coverity resource leak warning

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-05 14:18:27 +02:00
DENG Qingfang
edd9b39fab ipset: update to 7.3
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-08-05 09:42:09 +02:00
Petr Štetiar
b6bae4a2c9 wireless-regdb: fix build when python2 from package feeds exists
wireless-regdb fails to build if there is python2 installed from package
feeds, as staging_dir/hostpkg/bin/python is python2 and
staging_dir/hostpkg/bin takes precedence over staging_dir/host/bin
(proper place with python -> python3 symlink) which leads to the build
failure of wireless-regdb, so this patch makes it explicit which python
should be used.

Reported-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Russell Senior <russell@personaltelco.net>
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-08-04 22:09:20 +02:00
Kevin Darbyshire-Bryant
fc5d46dc62 Revert "dnsmasq: backport latest patches"
This reverts commit e9eec39aac.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-08-03 20:55:52 +01:00
Kevin Darbyshire-Bryant
a275466729 Revert "dnsmasq: improve insecure DS warning"
This reverts commit cd91f2327f.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-08-03 20:55:45 +01:00
Hauke Mehrtens
ba8aeb02ea mdadm: Fix compile with musl 1.1.23
This adds missing includes for sys/sysmacros.h which are needed with
musl libc 1.1.23.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-03 11:29:40 +02:00
Álvaro Fernández Rojas
a56d2e9d1b brcm27xx-armstub: remove package
Apparently, latest RPi firmware doesn't need this to boot RPi 4
64 bit kernels.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-08-03 09:03:30 +02:00
Álvaro Fernández Rojas
b0b5424378 linux-firmware: fix RPi 4 NVRAM
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-08-03 08:16:10 +02:00
Álvaro Fernández Rojas
bf6e79db8b brcm27xx-armstub: add new package
This package is needed for RPi 4B AARCH64 support

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-08-02 20:35:08 +02:00
Álvaro Fernández Rojas
6d79e097e9 brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-08-02 19:02:01 +02:00
Piotr Dymacz
bc1ad40991 uboot-envtools: ath79: add support for ALFA Network AP121F
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-07-31 08:38:06 +02:00
Piotr Dymacz
d99206b375 uboot-envtools: ath79: fix indent and alphabetical order
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-07-31 08:38:06 +02:00
Kevin Darbyshire-Bryant
12840674d0 wireless-regdb: fix patch fuzz
Refresh patches to tidy up some fuzz warnings

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-30 09:42:05 +01:00
John Crispin
8562e77953 wireless-regdb: fix Makefile indentation
Signed-off-by: John Crispin <john@phrozen.org>
2019-07-30 00:33:12 +02:00
Kevin Darbyshire-Bryant
4bc02a421f iptables: fix connmark savedscp build
Add <strings.h> for ffs() definition.

Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-29 20:23:13 +01:00
Kevin Darbyshire-Bryant
4dcef8263e Revert "kmod-sched-cake: drop out of tree package, use kernel version"
This reverts commit 5c094ff660.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-29 16:12:42 +01:00
Kevin Darbyshire-Bryant
5c661f5aaa Revert "netsupport: move out sch_cake from kmod-sched"
This reverts commit b31f9190c3.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-29 16:11:39 +01:00
Rafał Miłecki
6a7b201b6c mac80211: brcm: improve brcmfmac debugging of firmware crashes
This provides a complete console messages dump.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-28 14:10:37 +02:00
Rafał Miłecki
8e466fb7e3 mac80211: brcm: update brcmfmac 5.4 patches
Use commits from wireless-drivers-next.git.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-28 14:10:19 +02:00
Biwen Li
83d5ca2186 tfa-layerscape: fix create_pbl and byte_swap host build
- make create_pbl and byte_swap as host tools

- fix a bug that maybe use the cross compiler
to compile create_pbl and byte_swap:

	# -a option appends the image for Chassis 3 devices in case of non secure boot
	aarch64-openwrt-linux-musl-gcc -Wall -Werror -pedantic -std=c99 -O2
	 -DVERSION=v1.5(release):reboot-10604-ge9216b3336 -D_GNU_SOURCE -D_XOPEN_SOURCE=700
	 -c -o create_pbl.o create_pbl.c
	cc1: note: someone does not honour COPTS correctly, passed 0 times
	  LD      create_pbl
	/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
	/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
	/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
	create_pbl.o: error adding symbols: File in wrong format
	collect2: error: ld returned 1 exit status
	Makefile:43: recipe for target create_pbl failed
	make[4]: *** [create_pbl] Error 1
	plat/nxp/tools/pbl_ch2.mk:45: recipe for target pbl failed
	make[3]: *** [pbl] Error 2

- add tfa- prefix to all tools in order to avoid future clashes with
  other toolnames

Signed-off-by: Biwen Li <biwen.li@nxp.com>
[added missing HOST_CFLAGS, added tfa- prefix to the tools]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-26 15:21:58 +02:00
Petr Štetiar
57d1c05ec9 wireless-regdb: set PKGARCH:=all
As it's an architecture-independent binary file.

Ref: https://github.com/openwrt/openwrt/pull/1521#issuecomment-514687053
Suggested-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-26 08:09:16 +02:00
Petr Štetiar
d3853d17a3 wireless-regdb: prefer python provided by make variable
Usage of predefined make variables is preferred.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-26 08:09:16 +02:00
Zachary Riedlshah
ef3f868da0 wireless-regdb: update to 2019.06.03
Fixes build issues on a python3 host (issues with the print statement
formatting in the current build).

Includes 100-regdb-write-firmware-file-format-version-code-20.patch and
other fixes.

Closes bugs.openwrt.org/index.php?do=details&task_id=1605.

Uses the tarball as requested.

Signed-off-by: Zachary Riedlshah <git@zacharyrs.me>
2019-07-26 08:09:16 +02:00
Yangbo Lu
df0d555ea5 layerscape: convert to python3 for rcw
Python 2.7 will not be maintained past 2020. Let's convert
to python3 for rcw. Also drop byte swapping since TF-A had
been already used which handled byte swapping instead.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-07-26 08:09:16 +02:00
Jo-Philipp Wich
e9216b3336 openwrt-keyring: update to Git HEAD
8080ef3 usign: add 19.07 release build pubkey
e24fe0d usign: use distro agnostic comments
251ded7 usign: fix filename of Stijn's usign key
14f0efc gpg: update snapshots public signing key
14f845b gpg: replace my public GPG key
4f735b8 gpg: add OpenWrt 19.07 signing key
228f8da gpg: add OpenWrt 18.06 v2 signing key
36057d9 gpg: update LEDE 17.01 public signing key
f2989ab Add my public GPG and usign key

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-07-25 19:39:51 +02:00
Kevin Darbyshire-Bryant
cd91f2327f dnsmasq: improve insecure DS warning
Log the failing domain in the insecure DS warning.

Patch has been sent upstream.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-25 12:29:08 +01:00
Kevin Darbyshire-Bryant
e9eec39aac dnsmasq: backport latest patches
Backport upstream patches pre 2.81rc for testing purposes.

Let's see what falls out!

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-25 12:23:46 +01:00
Kevin Darbyshire-Bryant
1aad1d17ed iptables: add connmark savedscp support
iptables: connmark - add savedscp option

Naive user space front end to xt_connmark 'savedscp' option.

e.g.

iptables -A QOS_MARK_eth0 -t mangle -j CONNMARK --savedscp-mark 0xfc000000/0x01000000

Will save DSCP into the top 6 bits and OR 0x01 (ie set) the least
significant bit of most significant byte.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-25 10:18:23 +01:00
Petr Štetiar
b8249cef9f tfa-layerscape: fix fiptool host build
fiptool is a host tool, used in a firmware generation pipeline, but it's
not treated as such, leading to the build breakage on the hosts which
don't have {Open,Libre}SSL dev package installed:

 In file included from fiptool.h:16:0,
                 from fiptool.c:19:
		 fiptool_platform.h:18:27: fatal error: openssl/sha.h:
		 No such file or directory
		  #  include <openssl/sha.h>

So this patch promotes fiptool into the host tool with proper host
include and library paths under STAGING_DIR.

Ref: https://github.com/openwrt/openwrt/pull/2267
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-25 07:48:10 +02:00
Petr Štetiar
09c33df76f mt76: fix kernel Oops by updating to the latest version
75656a4590a3 net: wireless: support of_get_mac_address new ERR_PTR error

Ref: https://github.com/openwrt/mt76/issues/299
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-24 14:08:32 +02:00
Hans Dedecker
11617bcb3b netifd: update to latest git HEAD
899f168 system-linux: Coverity fixes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-07-22 21:48:34 +02:00
Rafał Miłecki
790692dde2 base-files: drop support for the platform_nand_pre_upgrade()
No target uses it anymore. All code from that callback was moved into
the platform_do_upgrade().

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-22 14:27:37 +02:00
Hans Dedecker
fc2df4f705 curl: update to 7.65.3
For changes in 7.65.3; see https://curl.haxx.se/changes.html#7_65_3

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-07-21 23:30:27 +02:00
Rafał Miłecki
db8e08a5a4 mac80211: brcm: backport first set of 5.4 brcmfmac changes
This doesn't include 9ff8614a3dbe ("brcmfmac: use separate Kconfig file
for brcmfmac") due to a few conflicts with backports changes.

An important change is:
[PATCH 2/7] brcmfmac: change the order of things in brcmf_detach()
which fixes a rmmod crash in the brcmf_txfinalize().

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-21 11:26:06 +02:00
Hauke Mehrtens
9c0c1c4401 ath10k-ct: Revert back to version 4.19
Version 5.2 shows a error when registering the devive for me.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-18 00:22:04 +02:00
Hauke Mehrtens
bc5b2bcd9c ath10k-ct: switch to version 5.2
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-18 00:22:04 +02:00
Hauke Mehrtens
10fe5ca362 ath10k-ct: remove patches for old versions
the ath10k-ct package ships multiple versions of the ath10k-ct driver,
OpenWrt currently only uses the version 4.19, but we still ship some
patches for older versions. Remove all patches only touching older
versions and also remove the patch for older versions from patches which
do the same changes to multiple versions of ath10k-ct.

This removes some unneeded patches, the end binary should stay the same.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-18 00:22:04 +02:00
Hauke Mehrtens
8f61b4cac4 ath10k-ct: update to version 2019-06-13
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-18 00:22:04 +02:00
Hauke Mehrtens
0b2c42ced2 mac80211: Update to version 5.2-rc7
This updates mac80211 to version 5.2-rc7, this contains all the changes
to the wireless subsystem up to Linux 5.2-rc7.

* The removed patches are applied upstream
* b43 now uses kmod-lib-cordic
* Update the nl80211.h file in iw to match backports version.
* Remove the two backports from kernel 4.9, they were needed for mt76,
  but that can use the version from backports now, otherwise they
  collide and cause compile errors.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-18 00:22:04 +02:00
Petr Štetiar
d6198d8625 mtd: cleanup unused code and variables in fis.c
While compile checking mtd changes in PR#1359 I've noticed following
compiler warnings and cleaned them up:

 fis.c: In function 'fis_remap':
 fis.c:143:25: warning: variable 'redboot' set but not used [-Wunused-but-set-variable]
   struct fis_image_desc *redboot = NULL;
                         ^~~~~~~
 fis.c:142:25: warning: variable 'fisdir' set but not used [-Wunused-but-set-variable]
   struct fis_image_desc *fisdir = NULL;
                         ^~~~~~

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-17 23:06:02 +02:00
Daniel Gimpelevich
fd104daa2f mtd: add CRC signature to RedBoot partition map
The code for calculating the CRC32 signatures for RedBoot FIS partitions
was already included, but for unknown reasons, it was never invoked. Some
bootloaders enforce checking these for loaded kernels, so they should be
written. This patch does so.

Tested-by: Brian Gonyer <bgonyer@gmail.com>
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2019-07-17 22:59:29 +02:00
Martin Schiller
261df949fa openvpn: add new list option tls_ciphersuites
To configure the list of allowable TLS 1.3 ciphersuites, the option
tls_ciphersuites is used instead of tls_ciphers.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2019-07-17 22:59:29 +02:00
Petr Štetiar
16ac5c4fbd perf: simplify the build process
Redirect the build output to PKG_BUILD_DIR instead of copying over
complete source code.

Build tested on following targets:

 x86/64 ar7/generic ipq40xx/generic imx6/generic ar71xx/generic
 ramips/mt7621 ramips/mt7620 sunxi/cortexa7

Run tested on imx6/apalis.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-17 12:16:29 +02:00
Felix Fietkau
4c46bbbd93 mt76: update to the latest version
3d7f738 mt76: mt7615: add missing register initialization

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-07-17 09:36:44 +02:00
Felix Fietkau
8650201f10 mac80211: add config tweak for tx bursting when using VHT
By default, set BE tx queue TXOP limit to 1.0 in the hostapd config
Many vendor drivers are doing similar things to boost throughput.
On MT7612 under ideal conditions, it improves tx throughput from 470 Mbit/s
to about 570 Mbit/s.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-07-17 09:36:44 +02:00
Rafał Miłecki
3f4c785a6b base-files: don't set ARGV and ARGC
Those are not used by any image check function anymore.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-17 08:10:40 +02:00
Chuanhong Guo
e2cd70d6b1 package: mtd: add fixseama command for ath79
This is needed by Qihoo C301.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-07-16 20:14:02 +08:00
Chuanhong Guo
a9360452f0 ath79: add support for Qihoo C301
Specifications:
- SoC: AR9344
- RAM: 128MB
- Flash: 2 * 16MB (MX25L12845)
- Ethernet: 2 * FE LAN & 1 * FE WAN
- WiFi: 2.4G: AR9344 5G: QCA9882

Flash instruction:
1. Hold reset and power up the router
2. Set your IP to 192.168.1.x
3. Open 192.168.1.1 and upload the generated *factory* firmware

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-07-16 09:51:03 +08:00
Rafał Miłecki
430d65c544 libroxml: bump to the 3.0.2 version
* Fix for memory leak regression
* Support for (un)escaping

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-15 21:35:56 +02:00
Eneas U de Queiroz
c47eff0df3 libs/toolchain: remove eglibc remnant file
This removes package/libs/toolchain/eglibc-files/etc/nsswitch.conf.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-07-15 19:29:07 +02:00
Rafał Miłecki
1b937cb141 ubox: implement service_running() in log init.d script
It allows checking if service is running.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-15 16:21:56 +02:00
Rafał Miłecki
285c83a004 rpcd: implement service_running() in init.d script
It allows checking if service is running.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-15 16:21:56 +02:00
Petr Štetiar
cbae306815 fstools: add direct dependencies on libblobmsg-json and libjson-c
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefore add all libraries linked by
block-mount and blockd as direct dependencies to the corresponding
binary package definition.

This ensures that block-mount and blockd is automatically rebuilt and
relinked if any of these libraries has its ABI_VERSION updated in the
future.

Fixes: FS#2373
[jow: similar fix for procd and 98.42% of commit message]
Signed-off-by: Jo-Philip Wich <jow@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-15 00:38:24 +02:00
David Bauer
27f3f493de gpio-button-hotplug: unify polled and interrupt code
This patch unifies the polled and interrupt-driven gpio_keys code
paths as well implements consistent handling of the debounce
interval set for the GPIO buttons and switches.

Hotplug events will only be fired if

1. The input changes its state and remains stable for the duration
   of the debounce interval (default is 5 ms).

2. In the initial stable (no state-change for duration of the
   debounce interval) state once the driver module gets loaded.

   Switch type inputs will always report their stable state.
   Unpressed buttons will not trigger an event for the initial
   stable state. Whereas pressed buttons will trigger an event.
   This is consistent with upstream's gpio-key driver that uses
   the input subsystem (and dont use autorepeat).

Prior to this patch, this was handled inconsistently for interrupt-based
an polled gpio-keys. Hence this patch unifies the shared logic into the
gpio_keys_handle_button() function and modify both implementations to
handle the initial state properly.

The changes described in 2. ) . can have an impact on the
failsafe trigger. Up until now, the script checked for button
state changes. On the down side, this allowed to trigger the
failsafe by releasing a held button at the right time. On the
plus side, the button's polarity setting didn't matter.

Now, the failsafe will only engage when a button was pressed
at the right moment (same as before), but now it can
theoretically also trigger when the button was pressed the
whole time the kernel booted and well into the fast-blinking
preinit phase. However, the chances that this can happen are
really small. This is because the gpio-button module is usually
up and ready even before the preinit state is entered. So, the
initial pressed button event gets lost and most devices behave
as before.

Bisectors: If this patch causes a device to permanently go into
failsafe or experience weird behavior due to inputs, please
check the following:
 - the GPIO polarity setting for the button
 - the software-debounce value

Run-tested for 'gpio-keys' and 'gpio-keys-polled' on

 - devolo WiFi pro 1200e
 - devolo WiFi pro 1750c
 - devolo WiFi pro 1750x
 - Netgear WNDR4700
 - Meraki MR24
 - RT-AC58U

Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [further
cleanups, simplification and unification]
2019-07-14 14:02:20 +02:00
Álvaro Fernández Rojas
9e8932c17f brcm2708: switch to linux-firmware SDIO NVRAM
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-07-14 12:44:14 +02:00
Álvaro Fernández Rojas
aa00ac44d9 linux-firmware: add RPi SDIO NVRAM packages
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-07-14 12:44:14 +02:00
Álvaro Fernández Rojas
6c3e7d5ea0 brcm2708-gpu-fw: add support for Raspberry Pi 4
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-07-14 12:44:14 +02:00
Felix Fietkau
f1875e902d mt76: revert an accidental leftover debug change
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-07-13 16:01:51 +02:00
Hans Dedecker
9a72e7f601 procd: update to latest git HEAD
31f0765 procd: check strchr() result before using it

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-07-13 13:28:18 +02:00
Felix Fietkau
ba5878f056 mt76: update to the latest version
8fc3e6e mt76: mt7615: fix using VHT STBC rates
b21b991 mt76: mt7615: fix PS buffering of action frames
3d43dd8 mt76: mt7615: fix invalid fallback rates
0ce4682 mt76: mt7603: fix invalid fallback rates
3b08966 Revert "mt76: usb: use full intermediate buffer in mt76u_copy"
48800e7 Revert "mt76: usb: remove unneeded {put,get}_unaligned"
439354d Revert "mt76: usb: fix endian in mt76u_copy"
8c1da93 mt76: usb: fix endian in mt76u_copy
307be50 mt76: usb: remove unneeded {put,get}_unaligned
5d29829 mt76: mt76x02: use params->ssn value directly
f74d117 mt76: mt7603: use params->ssn value directly
649f2e8 mt76: mt7615: use params->ssn value directly
b647180 mt76: mt7615: unlock dfs bands

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-07-12 16:12:01 +02:00
Hauke Mehrtens
e05310b9b8 mac80211: Do not build b43legacy on BRCM47xx mips74 subtarget
b43legacy needs ssb support and we do not compile the mips74 subtarget
of the brcm47xx target with SSB support. This causes a build failure in
the mac80211 package and only some of the kernel modules are being
created.

I am not aware of any device with a BRCM47xx mips74 CPU which uses a
b43legacy compatible device.

Fixes: FS#2334
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-12 01:15:50 +02:00
Colby Whitney
c52ca08d40 lua5.3: build shared library
Update the lua5.3 package to build a shared object just like the old lua
package. Ported / recreated the same patch number as the other lua
package. Built and tested library / interpreter on BCM5301X.

Signed-off-by: Colby Whitney <colby.whitney@luxul.com>
2019-07-11 18:38:51 +02:00
Rafał Miłecki
f7edd94a65 base-files: move stage2 upgrade to separated file
do_upgrade_stage2() isn't really any common code. It isn't used anywhere
except for /sbin/sysupgrade that passes it to the stage2.

Moving its code to separated file also simplifies COMMAND variable.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-11 17:05:20 +02:00
Adrian Schmutzler
b4588c8538 kernel/om-watchdog: Apply device renames from ramips
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-07-10 17:36:29 +02:00
Adrian Schmutzler
1096d1b697 uboot-envtools: Apply ramips device renames
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-07-10 17:36:29 +02:00
Adrian Schmutzler
6ed3349308 base-files: Fix path check in get_mac_binary
Logic was inverted when changing from string check to file check.
Fix it.

Fixes: 8592602d0a ("base-files: Really check path in get_mac_binary")
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-07-09 23:05:51 +02:00
Kevin Darbyshire-Bryant
b31f9190c3 netsupport: move out sch_cake from kmod-sched
Fix file installation clash between kmod-sched & kmod-sched-cake as both
try to install sch_cake.ko

Remove cake from kmod-sched package as cake is supposed to be the
optional qdisc.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-09 13:54:24 +01:00
Rosen Penev
653e05d27f usbreset: Add missing header
Fixes undefined reference to strtoul

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-07-08 17:01:54 +02:00
Konstantin Demin
5dc7d63d0a netsupport: move out mqprio from kmod-sched
Currently, there's unable to install "kmod-sched-mqprio" after
"kmod-sched" (or vice versa), because "sch_mqprio.ko" is
shipped in both packages.

Fixes: f83522fa63 ("linux: Add kmod-sched-mqprio")
Fixes: 6af639e0bf ("linux: Add kmod-sched-act-vlan")
Fixes: 72c7e2dc46 ("linux: Add kmod-sched-flower")
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[Add cls_flower and act_vlan]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-08 16:42:26 +02:00
Daniel Engberg
d51f53b5ba util-linux: Update to 2.34
Update util-linux to 2.34
Refresh patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-07-08 16:42:26 +02:00
DENG Qingfang
42b3a3a89b iperf3: update to 3.7
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-07-08 16:28:47 +02:00
Kevin Darbyshire-Bryant
5c094ff660 kmod-sched-cake: drop out of tree package, use kernel version
CAKE made it to kernel 4.19 and since OpenWrt now at kernel 4.19 we can
drop the out of tree cake package in base repository.

Add kmod-sched-cake to netsupport so package dependencies are still met.
Similarly CAKE is retained as an optional qdisc module to avoid base
scheduler package size implications.

Backport upstream patches from k5.1 to address some small bugs and
support fwmark usage.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-08 11:05:43 +01:00
Rafał Miłecki
ea4e1dac71 base-files: drop support for NAND upgrade in platform_pre_upgrade()
With bcm53xx switched to the new procedure there is no more need for
keeping that backward compatibility code.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-08 07:38:51 +02:00
Rafał Miłecki
f58ca6ee57 base-files: drop unused jffs2_copy_config()
Its last usage was dropped back in 2013 in the commit b95bdc8ab5
("kernel/base-files: clean up old code related to refreshing mtd
partitions, it is no longer used anywhere").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-08 07:38:06 +02:00
Hauke Mehrtens
7c640c2960 ath10k-firmware: Fix mirror hash
Fixes: 7f79882d44 ("ath10k-firmware: update board-2.bin for community firmwares")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-07 17:37:06 +02:00
Emil Muratov
a9deed62af zram-swap: Add extra commands for status/compaction
This patch adds two new commands:
  zram status - shows memory stats for all zram swaps
  zram compaction - trigger compaction for all zram swaps

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-07-07 13:02:06 +02:00
Emil Muratov
afa5ce2493 busybox: enable swapon/off by default to make it consistent with mkswap
No size increase on busybox binary.
  Since busybox mkswap is already enabled by default it seems reasonable
  to enable swapon/off too. For ex. this obsoletes installing block-mount
  dependency for zram-swap.

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
2019-07-07 13:02:06 +02:00
Emil Muratov
b062c90f47 zram-swap: Add zram compaction and statistics info output
Executing '/etc/init.d/zram start' during runtime (with a swap being already
mounted) triggers zram device compaction and prints out nice stats info about
zram memory usage

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [use IEC's MiB unit]
2019-07-07 13:02:06 +02:00
Emil Muratov
c0d93432f2 zram-swap: Fix busybox dependency check
- fix dependency on BUSYBOX_CONFIG_SWAPONOFF (removed in 84da2a6)
   - add busybox defaults checking (fix zram-swap always installs swap-utils
     and libblkid as dependency, even if busybox includes mkswap by default)

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
2019-07-07 13:02:06 +02:00
Konstantin Demin
ce8027ed29 libnftnl: bump to version 1.1.3
bump ABI version accordingly (thanks to Jo-Philipp Wich).

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-07-07 13:02:06 +02:00
Adrian Schmutzler
8592602d0a base-files: Really check path in get_mac_binary
Currently, path argument is only checked for being not empty.

This changes behavior to actually check whether path exists.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-07-07 13:02:05 +02:00
Eneas U de Queiroz
94d131332b hostapd: adjust removed wolfssl options
This edjusts the selection of recently removed wolfssl options which
have always been built into the library even in their abscence.
Also remove the selection of libwolfssl itself, allowing the library to
be built as a module.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-07-07 13:02:05 +02:00
Eneas U de Queiroz
ff69364ad8 wolfssl: update to 4.0.0-stable
Removed options that can't be turned off because we're building with
--enable-stunnel, some of which affect hostapd's Config.in.
Adjusted the title of OCSP option, as OCSP itself can't be turned off,
only the stapling part is selectable.
Mark options turned on when wpad support is selected.
Add building options for TLS 1.0, and TLS 1.3.
Add hardware crypto support, which due to a bug, only works when CCM
support is turned off.
Reorganized option conditionals in Makefile.
Add Eneas U de Queiroz as maintainer.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-07-07 13:02:05 +02:00
Eneas U de Queiroz
2792daab5a wolfssl: update to 3.15.7, fix Makefile
This includes a fix for a medium-level potential cache attack with a
variant of Bleichenbacher’s attack.  Patches were refreshed.
Increased FP_MAX_BITS to allow 4096-bit RSA keys.
Fixed poly1305 build option, and some Makefile updates.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-07-07 13:02:05 +02:00
Christian Lamparter
7f79882d44 ath10k-firmware: update board-2.bin for community firmwares
This patch updates the board-2.bin for the default
IPQ4019, QCA9984 and QCA9888 ath10k-firmware-xyz-ct
and -ct-htt firmwares.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-07-07 13:02:05 +02:00
Rosen Penev
243765e389 gdb-arc: Remove
Normal GDB has supported ARC since 8.0

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-07-07 13:02:05 +02:00
Rosen Penev
787922682a gdb: Remove !arc dependency
Supported since 8.0.

Added uClibc-ng patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-07-07 13:02:05 +02:00
Deng Qingfang
917eeaf26b iproute2: update to 5.1.0
Update iproute2 to 5.1.0
Remove upstream patch 010-cake-fwmark.patch
Backport a patch to fix struct sysinfo redefinition error

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-07-04 21:40:12 +02:00
Felix Fietkau
92f83abc5e mt76: update to the latest version
6cafaca mt7603: use READ_ONCE instead of ACCESS_ONCE
9e2e0b8 mt76: round up length on mt76_wr_copy
e378ef1 mt76: mt7615: fix sparse warnings: warning: restricted __le16 degrades to integer
7991dd7 mt76: mt7615: introduce mt7615_regd_notifier
901a4c7 mt76: mt7615: add hw dfs pattern detector support
57c600e mt76: mt7615: do not perform txcalibration before cac is complited
6afc952 mt76: mt7615: add csa support
8919516 mt76: mt7615: add radar pattern test knob to debugfs
3be723c mt76: mt7615: clean up FWDL TXQ during/after firmware upload
47fe37e mt76: mt7615: fall back to sw encryption for unsupported ciphers
bc5e041 mt76: mt7603: enable hardware rate up/down selection
ae760db mt76: mt7615: move mt7615_mcu_set_rates to mac.c
2ae01f7 mt76: mt7615: reset rate index/counters on rate table update
6f98378 mt76: mt7615: sync with mt7603 rate control changes
edbe88e mt76: usb: fix endian in mt76u_copy
f43b622 mt76: usb: remove unneeded {put,get}_unaligned
5e1e5b7 mt76: usb: use full intermediate buffer in mt76u_copy
017d0ff mt76: mt76u: fix typo in mt76u_fill_rx_sg
2c0ccf1 mt76: mt7615: always release sem in mt7615_load_patch
0c6f1a2 mt76: mt7615: introduce mt7615_mcu_send_ram_firmware routine
3dfc1ee mt76: mt7615: fix sparse warnings: incorrect type in assignment (different base types)
9475320 mt76: mt7603: fix sparse warnings: warning: incorrect type in assignment (different base types)
e07451d mt76: mt7615: fix sparse warnings: warning: cast from restricted __le16
b973bef mt7603: do not use tssi-off power value for mt7628

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-07-04 20:15:00 +02:00
Martin Blumenstingl
bf21b6e44d lantiq: ltq-tapi: fix compatibility with Linux 4.15+
Linux 4.15 removes the init_timer() API. It's replaced by two functions:
- timer_setup() is used instead of init_timer() and also replaces the
  timer "function" (callback) setup.
- from_timer() has to be used to obtain the use-case specific data from
  a struct timer_list, which is now passed to the timer callback.

Update the timer API to be compatible with Linux 4.15+ so it compiles
with the upcoming Linux 4.19 kernel update.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2019-07-04 08:29:13 +02:00
Matt Merhar
1d4c4cbd20 openvpn: fix handling of list options
This addresses an issue where the list option specified in
/etc/config/openvpn i.e. 'tls_cipher' would instead show up in the
generated openvpn-<name>.conf as 'ncp-ciphers'. For context,
'ncp_ciphers' appears after 'tls_cipher' in OPENVPN_LIST from
openvpn.options.

Also, the ordering of the options in the UCI config file is now
preserved when generating the OpenVPN config. The two currently
supported list options deal with cipher preferences.

Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
2019-07-03 07:45:00 +02:00
Florian Eckert
313444a79e comgt: add delay option for 3g proto
All protos for wwan (ncm,qmi,mbim) do have a delay option.
To standardize that add also the missing delay option to the 3g proto.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-07-03 07:45:00 +02:00
Karel Kočí
537b801c54 base-files: supress service restart of umount
Restart is in default implemented so it calls stop and start. This is
pretty unsafe to call on umount service. This service should not do
anything on restart the same way as on start. Only use of this service
is on stop.

Signed-off-by: Karel Kočí <cynerd@email.cz>
2019-07-03 07:45:00 +02:00
Florian Eckert
c06f2a2dcb uqmi: fix indentation style and boundary
Fix indentation style and boundary.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-07-03 07:45:00 +02:00
Florian Eckert
8eb63cb7df uqmi: add mtu config option possibility
There are mobile carrier who have different MTU size in their network.
With this change it is now possible to configure this with the qmi
proto handler.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-07-03 07:45:00 +02:00
Jo-Philipp Wich
47a984477b lua5.3: stage Lua headers in proper location
Fix wrong paths in InstallDev which cause Lua 5.3 headers to be staged
in /usr/include/, overwriting Lua 5.1 headers and leading to widespread
build failures in all Lua related packages.

Fixes: FS#2348
Fixes: 6b161bb8d5 ("lua5.3: package Lua 5.3 version")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-07-03 07:21:52 +02:00
Jason A. Donenfeld
7c23f741e9 wireguard: bump to 0.0.20190702
* curve25519: not all linkers support bmi2 and adx

This should allow WireGuard to build on older toolchains.

* global: switch to coarse ktime

Our prior use of fast ktime before meant that sometimes, depending on how
broken the motherboard was, we'd wind up calling into the HPET slow path. Here
we move to coarse ktime which is always super speedy. In the process we had to
fix the resolution of the clock, as well as introduce a new interface for it,
landing in 5.3. Older kernels fall back to a fast-enough mechanism based on
jiffies.

https://lore.kernel.org/lkml/tip-e3ff9c3678b4d80e22d2557b68726174578eaf52@git.kernel.org/
https://lore.kernel.org/lkml/20190621203249.3909-3-Jason@zx2c4.com/

* netlink: cast struct over cb->args for type safety

This follow recent upstream changes such as:

https://lore.kernel.org/lkml/20190628144022.31376-1-Jason@zx2c4.com/

* peer: use LIST_HEAD macro

Style nit.

* receive: queue dead packets to napi queue instead of empty rx_queue

This mitigates a WARN_ON being triggered by the workqueue code. It was quite
hard to trigger, except sporadically, or reliably with a PC Engines ALIX, an
extremely slow board with an AMD LX800 that Ryan Whelan of Axatrax was kind
enough to mail me.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-07-02 22:06:42 +02:00
Deng Qingfang
299f6cb2da iptables: update to 1.8.3
Update iptables to 1.8.3

ChangeLog:
  https://netfilter.org/projects/iptables/files/changes-iptables-1.8.3.txt

Removed upstream patches:
- 001-extensions_format-security_fixes_in_libip.patch
- 002-include_fix_build_with_kernel_headers_before_4_2.patch
- 003-ebtables-vlan-fix_userspace_kernel_headers_collision.patch

Altered patches:
- 200-configurable_builtin.patch
- 600-shared-libext.patch

No notable size changes

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [lipibtc ABI_VERSION fix]
2019-07-02 21:50:54 +02:00
Rafał Miłecki
17ae3eb9ff lua5.3: drop unwanted & unneeded PROVIDES
The plan for packaging Lua is to have "lua5.1" and "lua5.3" packages
with only the first one having "lua" alias (PROVIDES) for backward
compatibility with existing packages.

Putting PROVIDES in lua5.3 was a copy & paste mistake.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-30 10:16:08 +02:00
Florian Eckert
9e780ed5f7 base-files: add network_get_uptime() to /lib/functions/network.sh
Add missing ubus api call for uptime value.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-06-29 21:00:58 +02:00
Vladimir Vid
026714613d u-boot-mvebu: bump to 2019.04
Some devices and packages require newer version of u-boot to work
properly, update u-boot to keep up with 4.19 kernel.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
[re-added missing commit message]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-28 21:43:27 +02:00
Rafał Miłecki
1cd46d2e4f lua5.3: fix build with MacOS's make
It apparently requires passing V variable explicitly.

Fixes: 6b161bb8d5 ("lua5.3: package Lua 5.3 version")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-28 12:04:16 +02:00
Rafał Miłecki
24645c0ee1 lua: fix build with MacOS's make
It apparently requires passing V variable explicitly.

Fixes: fe59b46ca7 ("lua: include version number in installed files")
Reported-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-28 11:40:08 +02:00
Rafał Miłecki
6b161bb8d5 lua5.3: package Lua 5.3 version
This package provides an interpreter and compiler for Lua 5.3.5. It has
been decided to use separated package due to a backward incompatibility
of Lua 5.2 and 5.3.

This package/version:
1) Does not include lnum patch as its author didn't decide to port it to
   the new version.
2) Does not provide shared library as the old patch doesn't apply
   anymore. It can be added later if needed.
3) Does not come with examples package as tests were dropped by upstream
   developers.

That said there is definitely a room for improvement and any further
work is highly appreciated. It works however and can be safely pushed as
a basic/early package release.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-28 09:25:59 +02:00
Rafał Miłecki
fe59b46ca7 lua: include version number in installed files
This will allow installing Lua 5.1 and newer versions at the same time.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-28 09:25:59 +02:00
Rafał Miłecki
c0c5c63514 lua: clean up host patch fuzz
Refresh host patches to match target changes from the commit
4e800716ac ("lua: clean up patch fuzz").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-28 09:25:59 +02:00
Koen Vandeputte
1ffca55456 uqmi: bump to latest git HEAD
1965c7139374 uqmi: add explicit check for message type when expecting a response
01944dd7089b uqmi_add_command: fixed command argument assignment

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-27 14:16:32 +02:00
Petr Štetiar
f924fab3dc upgs: update to latest git HEAD
cd7eabcd8c9d ugps: Fix compilation under 64-bit
198c06051dd0 Fix build error caused by enabled extra compiler warnings
fc2ab8756b3b Enable extra compiler warnings

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-26 07:00:20 +02:00
Bjørn Mork
8a34a54b6a base-files: use OPENWRT prefix for os-release variables
Just stumbled across this LEDE legacy, without finding any real reason
to keep it.  There is a single LEDE_DEVICE_MANUFACTURER_URL dependency
in the luci feed repo which needs to be syncronized.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
[re-added missing commit message]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-26 07:00:04 +02:00
Felix Fietkau
a0e5ca4f35 mt76: update to the latest version, adds preliminary mt7615 support
b3a2965 mt76x02: fix crash on device reset
ffddb68 mt76x02u: check chip version on probe
7fc5f92 mt76x2u: remove duplicated entry in mt76x2u_device_table
61311d9 mt76: introduce mt76_free_device routine
a7dfcf2 mt76: move mac_work in mt76_dev
334b4ce mt76: add mac80211 driver for MT7615 PCIe-based chipsets
edb2a00 mt76: add unlikely() for dma_mapping_error() check
355c079 mt76: use macro for sn and seq_ctrl conversion
133bffb add firmware for MT7615E
49d9c1b mt76: usb: reduce locking in mt76u_tx_tasklet
3e371ca mt76: set txwi_size according to the driver value
5007326 mt76: add skb pointer to mt76_tx_info
c47a568 mt76: dma: introduce skb field in mt76_txwi_cache
9029560 mt76: dma: add skb check for dummy pointer
e9eea39 mt76: mt7615: use sizeof instead of sizeof_field
98c5359 Revert "mt76: fix potential deadlock on cancelling workqueues"
bc9baa7 mt76x02u: remove bogus stop on suspend
6c1cab9 mt76usb: fix tx/rx stop
0e674c5 mt76x02: remove bogus mutex usage
59f7bb6 Revert "mt76: mt76x02: send no-skb tx status without holding the status lock"
b0f2a30 mt76x02: avoid status_list.lock and sta->rate_ctrl_lock dependency
62054de mt76: mt7603: remove query from mt7603_mcu_msg_send signature
e79d96a mt76: mt7603: use standard signature for mt7603_mcu_msg_send
be8f039 mt76: mt7603: initialize mt76_mcu_ops data structure
9a9c656 mt76: introduce mt76_mcu_restart macro
980b91e mt76: mt7603: init mcu_restart function pointer
a97db3f mt76: mt7603: run __mt76_mcu_send_msg in mt7603_mcu_send_firmware
151115f mt76: mt76x02: mt76x02_poll_tx() can be static
7391f98 mt76: fix endianness sparse warnings
6c06f73 mt76: mt7603: report firmware version using ethtool
f06647e mt76: usb: use EP max packet aligned buffer sizes for rx
f43fccf mt76: move beacon_int in mt76_dev
74ab2cf mt76: move beacon_mask in mt76_dev
23c2f94 mt76: add TX/RX antenna pattern capabilities
6e790e1 mt76: move pre_tbtt_tasklet in mt76_dev
7606c08 mt76: mt7603: enable/disable pre_tbtt_tasklet in mt7603_set_channel
ff22eee mt76: do not enable/disable pre_tbtt_tasklet in scan_start/scan_complete
3157385 mt76: mt7603: dynamically alloc mcu req in mt7603_mcu_set_eeprom
cc674e2 mt76: mt76x02: remove useless return in mt76x02_resync_beacon_timer
6b18427 mt76: move tx_napi in mt76_dev
bce63c4 mt76: mt7603: use napi polling for tx cleanup
4afd89e mt76: mt7615: use napi polling for tx cleanup
2cb4683 mt76: move netif_napi_del in mt76_dma_cleanup
b4ceb9f mt76: Fix a signedness bug in mt7615_add_interface()
d00dc95 mt76: mt7615: Use after free in mt7615_mcu_set_bcn()
4e0ccc6 mt76: mt7615: Make mt7615_irq_handler static
0fd552a mt7615: mcu: simplify __mt7615_mcu_set_wtbl
50f7094 mt7615: mcu: simplify __mt7615_mcu_set_sta_rec
4434d04 mt7615: mcu: remove bss_info_convert_vif_type routine
083fbb9 mt7615: mcu: use proper msg size in mt7615_mcu_add_wtbl_bmc
f61ca80 mt7615: mcu: use proper msg size in mt7615_mcu_add_wtbl
35bd12d mt7615: mcu: unify mt7615_mcu_add_wtbl_bmc and mt7615_mcu_del_wtbl_bmc
f8f990b mt7615: mcu: remove unused parameter in mt7615_mcu_del_wtbl
965bca1 mt7615: remove query from mt7615_mcu_msg_send signature
9b9ca18 mt7615: remove dest from mt7615_mcu_msg_send signature
935b7e5 mt7615: mcu: remove skb_ret from mt7615_mcu_msg_send
2442db4 mt7615: mcu: unify __mt7615_mcu_set_dev_info and mt7615_mcu_set_dev_info
645bc45 mt7615: mcu: do not use function pointers whenever possible
40c4201 mt7615: mcu: remove unused structure in mcu.h
a8834a2 mt7615: mcu: use standard signature for mt7615_mcu_msg_send
824d25c mt7615: initialize mt76_mcu_ops data structure
d943427 mt7615: mcu: init mcu_restart function pointer
c2211e4 mt7615: mcu: run __mt76_mcu_send_msg in mt7615_mcu_send_firmware
cb63a06 mt76: mt7603: stop mac80211 queues before setting the channel
c6aaa3a mt76: mt7615: rearrange cleanup operations in mt7615_unregister_device
97609f3 mt76: mt7615: add static qualifier to mt7615_rx_poll_complete
f9dadd2 mt76: mt7603: add debugfs knob to enable/disable edcca
89cda5d mt7603: fix reading target tx power from eeprom
77d0e33 mt76: fix setting chan->max_power
f575da2 mt76: mt76x02: fix tx status reporting issues
a5d18dc mt76: mt76x02: fix tx reordering on rate control probing without a-mpdu
bd32a93 mt76: mt76x02: remove enable from mt76x02_edcca_init signature
18386ee mt76: mt76x2u: remove mt76x02_edcca_init in mt76x2u_set_channel
da3514f mt76: mt76x2: move mutex_lock inside mt76x2_set_channel
0d4719c mt76: mt76x02: run mt76x02_edcca_init atomically in mt76_edcca_set
fd5af73 mt76: mt76x02: fix edcca file permission
a0f51f2 mt76: mt7615: do not process rx packets if the device is not initialized
753cdee mt76: mt7615: stop mcu first in mt7615_unregister_device
899efe7 mt76: move mt76_insert_ccmp_hdr in mt76-module
6960b6e mt76: mt7615: add support for mtd eeprom parsing
4bcb057 mt76: mt7615: select wifi band according to eeprom
866f2c6 mt76: generalize mt76_get_txpower for 4x4:4 devices
514fb04 mt76: mt7615: add the capability to configure tx power
ced9d43 mt76: mt7615: init get_txpower mac80211 callback
8abd502 mt76: mt7615: rearrange locking in mt7615_config
5b9b62e mt76: move mt76_get_rate in mt76-module
661c7c8 mt76: Remove set but not used variables 'pid' and 'final_mpdu'
f072c7b mt76: mt7615: enable support for mesh
28d9496 mt76: mt7615: fix slow performance when enable encryption
827b9ad mt76: mt7615: remove unused variable in mt7615_mcu_set_bcn
34eea14 mt76: mt7615: remove key check in mt7615_mcu_set_wtbl_key
2bfae5a mt76: usb: fix rx A-MSDU support
b033532 mt76: usb: do not always copy the first part of received frames
3e7fc15 mt76x02: fix reporting of non-probing frames with tx status requested
0d5caea Revert "mt76: usb: do not always copy the first part of received frames"
335e8c6 Revert "mt76: usb: fix rx A-MSDU support"
47ddf4b mt76: revert support for TX_NEEDS_ALIGNED4_SKBS
0b6520b mt7603: rework and fix tx status reporting
539b679 mt7603: improve hardware rate switching configuration
d86d6ef mt76x0: fix RF frontend initialization for external PA
f476a14 mt76x02: fix endian issue in tx status reporting patch
f8d0517 mt76: mt7615: simplify mt7615_mcu_set_sta_rec routine
73ff45f mt76: mt7615: add support for per-chain signal strength reporting
9b67ae6 mt76: mt7615: init per-channel target power
160fdc0 mt76: mt7615: take into account extPA when configuring tx power
2211d93 mt76: mt76x02u: fix sparse warnings: should it be static?
3750533 mt76: mt7615: fix incorrect settings in mesh mode
c37c1ca mt76: mt7615: update peer's bssid when state transition occurs
9dd1089 mt76: mt76u: reduce rx memory footprint
0789f45 mt76: mt7615: remove cfg80211_chan_def from mt7615_set_channel signature
2dca431 mt76: move nl80211_dfs_regions in mt76_dev data structure
3386ccf mt76: mt76u: get rid of {out,in}_max_packet
d680ab0 mt76: usb: fix rx A-MSDU support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-06-25 13:24:49 +02:00
Felix Fietkau
e08296a851 mac80211: add rate control support for 4 spatial streams, improve precision
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-06-25 13:24:49 +02:00
Eneas U de Queiroz
82a8ddd603 ustream-ssl: update to 2019-06-24
This adds chacha20-poly1305 support to the mbedtls variant.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-06-24 22:01:17 +02:00
Joseph Tingiris
8a5a01a677 rssileds: change rssileds.init STOP index
This patch is in a series to allow additional STOP indexes after
umount, so that other block devices may stop cleanly.

rssileds.init is now STOP=89

Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com>
2019-06-24 20:22:24 +02:00
Joseph Tingiris
5883b5a1f8 kexec-tools: change kdump.init STOP index
This patch is in a series to allow additional STOP indexes after umount,
so that other block devices may stop cleanly.

kdumpinit is now STOP=90

Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com>
2019-06-24 20:22:24 +02:00
Joseph Tingiris
04811007e5 base-files: change boot & umount STOP indexes
This patch is in a series to allow additional STOP indexes after umount,
so that other block devices may stop cleanly.

boot is now STOP=90
umount is now STOP=90

After this patch series, the resulting STOP indexes in the 80s & 90s
will be:

STOP=85 odhcpd.init
STOP=89 conntrackd.init
STOP=89 log.init
STOP=89 rssileds.init
STOP=90 boot
STOP=90 kdump.init
STOP=90 network
STOP=90 sysfixtime
STOP=90 umount
STOP=98 mdadm.init (note: will be addressed in a separate patch)

Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[PKG_RELEASE is now 200]
2019-06-24 20:22:23 +02:00
Josef Schlehofer
a2f54f6d5d mbedtls: Update to version 2.16.2
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
2019-06-24 20:22:23 +02:00
Christian Lamparter
629e6538a1 linux-firmware: update to 20190618
Update linux-firmware to 20190618.

git log --pretty=oneline --abbrev-commit 20190416..20190618

acb56f2 cavium: Add firmware for CNN55XX crypto driver.
a03f1a0 linux-firmware: Update firmware file for Intel Bluetooth 22161
abb7cb6 linux-firmware: Update firmware file for Intel Bluetooth 9560
1e8253b linux-firmware: Update firmware file for Intel Bluetooth 9260
c436aaf linux-firmware: Update AMD SEV firmware
6ae3652 linux-firmware: update licence text for Marvell firmware
1884732 linux-firmware: update firmware for mhdp8546
87b35ca linux-firmware: rsi: update firmware images for Redpine 9113 chipset
55edf52 imx: sdma: update firmware to v3.5/v4.5
93d56c0 nvidia: update GP10[2467] SEC2 RTOS with the one already used on GP108
1f8ebdf linux-firmware: Update firmware file for Intel Bluetooth 8265
bccb385 linux-firmware: Update firmware file for Intel Bluetooth 9260
29a536a linux-firmware: Update firmware file for Intel Bluetooth 9560
cedd500 linux-firmware: Update firmware file for Intel Bluetooth 22161
e04cc56 amlogic: add video decoder firmwares
95a9353 iwlwifi: update -46 firmwares for 22260 and 9000 series
68040ce iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares
fdfb153 iwlwifi: add -46.ucode firmwares for 9000 series
92e17d0 amdgpu: update vega20 to the latest 19.10 firmware
7536c3b amdgpu: update vega12 to the latest 19.10 firmware
2579167 amdgpu: update vega10 to the latest 19.10 firmware
4ea5c73 amdgpu: update polaris11 to the latest 19.10 firmware
4475802 amdgpu: update polaris10 to the latest 19.10 firmware
f9551dc amdgpu: update raven2 to the latest 19.10 firmware
9eaa40d amdgpu: update raven to the latest 19.10 firmware
3c1ab75 amdgpu: update picasso to the latest 19.10 firmware
8e3e08c linux-firmware: update fw for qat devices
cdef971 Mellanox: Add new mlxsw_spectrum firmware 13.2000.1122
13d6bc8 drm/i915/firmware: Add ICL HuC v8.4.3238
1dbb095 drm/i915/firmware: Add ICL GuC v32.0.3
77b6b40 drm/i915/firmware: Add GLK HuC v03.01.2893
f8521cc drm/i915/firmware: Add GLK GuC v32.0.3
9fb9526 drm/i915/firmware: Add KBL GuC v32.0.3
3fbec60 drm/i915/firmware: Add SKL GuC v32.0.3
c7e32a1 drm/i915/firmware: Add BXT GuC v32.0.3

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-22 13:17:48 +02:00
Stefan Lippers-Hollmann
cba6832622 kernel: alx driver for AR816x/AR817x Ethernet
These ethernet cards can be found onboard various x86 and
x86_64 Gigabyte mainboards since the sandy-bridge/ ivy-bridge era.

This driver supports the following QCA/"Killer" ethernet cards:

	1969:1091 - AR8161 Gigabit Ethernet
	1969:1090 - AR8162 Fast Ethernet
	1969:10A1 - AR8171 Gigabit Ethernet
	1969:10A0 - AR8172 Fast Ethernet

	1969:E091 - Killer E2200 Gigabit Ethernet
	1969:E0A1 - Killer E2400 Gigabit Ethernet
	1969:E0B1 - Killer E2500 Gigabit Ethernet

Successfully runtime tested with the onboard ethernet card of a
Gigabyte GA-H77M-D3H ivy-bridge mainboard (x86_64/EFI image):

02:00.0 Ethernet controller [0200]: Qualcomm Atheros AR8161 [...]
	Subsystem: Gigabyte Technology Co., Ltd AR8161 [...]
	Kernel driver in use: alx
	Kernel modules: alx

alx 0000:02:00.0 eth0: Qualcomm Atheros AR816x/AR817x Ethernet [...]
alx 0000:02:00.0 eth0: NIC Up: 1 Gbps Full

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [fix typo,
shorten subject to <50 characters, shorten lines to <76 chars.]
2019-06-22 13:17:47 +02:00
Stefan Lippers-Hollmann
5691665361 mac80211: update WDS/4addr fix to the version accepted upstream
This updates "{nl,mac}80211: allow 4addr AP operation on crypto
controlled devices" to the version (v3), which was accepted into
upstream mac80211.git and which is tagged for -stable backporting
(v4.18+).

https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=33d915d9e8ce811d8958915ccd18d71a66c7c495

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[format-patch]
2019-06-22 13:17:47 +02:00
Christian Lamparter
c4fb221376 kernel: fix kmod-tpm 4.19 dependencies
This patch fixes the ath79-nand build error:
|Package kmod-tpm is missing dependencies for the following libraries:
|rng-core.ko

by making it depend on rng-core from 4.19 onwards.
This should work as 4.9 is gone so only 4.14 and 4.19
are there.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-22 13:17:47 +02:00
Deng Qingfang
6762e72524 package/network: add PKGARCH:=all to non-binary packages
Packages such as xfrm contain only script files, add PKGARCH:=all

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-06-22 12:55:30 +02:00
Eneas U de Queiroz
ee1a783314 nghttp2: deduplicate files in staging_dir
'38b22b1e: deduplicate files in libnghttp2' missed duplicates in
staging_dir by Build/InstallDev.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-06-22 10:23:56 +02:00
Jo-Philipp Wich
eaad2211db rpcd: add direct dependency on libjson-c
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by rpcd
as direct dependencies to the corresponding binary package definition.

This ensures that rpcd is automatically rebuilt and relinked if any
of these libraries has its ABI_VERSION updated in the future.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-21 17:43:17 +02:00
Karel Kočí
3ead9e7b74 fstools: block-mount: fix restart of fstab service
Restarting service causes file-systems to be unmounted without being
mounted back. When this service was obsoleted it should have been
implemented in a way that all actions are ignored. Up to this commit
default handler was called when restart was requested. This default
handler just simply calls stop and start. That means that stop called
unmount but start just printed that this service is obsoleted.

This instead implements restart that just prints same message like start
does. It just calls start in reality. This makes restart unavailable for
call.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
2019-06-21 14:13:58 +02:00
Yousong Zhou
3dc4f59eab base-files: apply new sysctl.conf at postinst
This is mainly for kmod-br-netfilter.  To turn off
bridge-netfilter-call-xxx immediately after installation

While at it

 - Define filelist="/usr/lib/opkg/info/${pkgname}.list"
 - Reuse "[ -z "$root" ]"
 - Grep with "-m1"

Fixes FS#2300

Reported-by: Marco Sartorius <tidbits@ormoorgmen.info>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-21 03:29:20 +00:00
Kevin Darbyshire-Bryant
a8f0c02f80 iproute2: update ctinfo support
Follow upstream changes - header file changes only
no functional or executable changes, hence no package bump
required

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-20 21:12:24 +01:00
Chris Koying Browet
0e961a1f9f kernel: dm: add dm-raid for LVM raid
This adds the dm-raid kmod, which is needed for
LVM builtin raid configurations, aka "MD-over-LVM"

Signed-off-by: Chris Koying Browet <cbro@semperpax.com>
2019-06-20 20:02:29 +02:00
Christian Lamparter
99bf9a1ac2 hostapd: remove stale WPA_SUPPLICANT_NO_TIMESTAMP_CHECK option
Support to disable the timestamp check for certificates in
wpa_supplicant (Useful for devices without RTC that cannot
reliably get the real date/time) has been accepted in the
upstream hostapd. It's implemented in wpa_supplicant as a
per-AP flag tls_disable_time_checks=[0|1].

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-20 20:02:29 +02:00
Petko Bordjukov
1e2e5c66ed kernel: package Broadcom BNX2X driver
bnx2x driver support for the x86 architecture. Includes module and
firmware for Broadcom QLogic 5771x/578xx 10/20-Gigabit ethernet
adapters.

Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[added +kmod-lib-zlib-inflate as well]
2019-06-20 20:02:29 +02:00
Robinson Wu
869ff80d31 base-files: fix uci led oneshot/timer trigger
This patch adds a missing type property. This fixes
the creation of oneshot and timer led triggers like:

| ucidef_set_led_timer "system" "system" "zhuotk:green:system" "1000" "1000"

from /etc/init.d/01_leds.

Fixes: b06a286a48 ("base-files: cleanup led functions in uci-defaults.sh")
Signed-off-by: Robinson Wu <wurobinson@qq.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-20 19:59:31 +02:00
Jo-Philipp Wich
a95ddaba02 uhttpd: add direct dependency on libjson-c
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by uhttpd
as direct dependencies to the corresponding binary package definition.

This ensures that uhttpd is automatically rebuilt and relinked if any
of these libraries has its ABI_VERSION updated in the future.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-20 18:09:48 +02:00
Jo-Philipp Wich
74739c4228 treewide: fix syntax errors exposed after kconfig update
After commit e82a4d9cfb ("config: regenerate *_shipped sources") the mconf
parser became more strict as a side effect and started to spew a series of
warnings when evaluating our generated kconfig sources:

  tmp/.config-package.in:705:warning: ignoring unsupported character '@'

The root cause of these warnings is a wrong use of the @SYMBOL dependency
syntax in various Makefile. Fix the corresponding Makefiles by turning
`@SYM||@SYM2` expressions into the proper `@(SYM||SYM2)` form.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-20 14:16:08 +02:00
Jo-Philipp Wich
66838cd851 procd: add direct dependencies on libblobmsg-json and libjson-c
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by procd
as direct dependencies to the corresponding binary package definition.

This ensures that procd is automatically rebuilt and relinked
if any of these libraries has its ABI_VERSION updated in the
future.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-20 14:13:01 +02:00
Yousong Zhou
f528d771c4 netsupport: add kmod-nsh
This is required by kmod-openvswitch since linux 4.15.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-20 08:24:20 +00:00
Deng Qingfang
080ba31eec
libjson-c: update to 0.13.1
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-06-19 22:44:28 +02:00
Vladimir Vid
bc47285cb3 mvebu: fix regression for non-generic ESPRESSObin versions
When targets for multiple ESPRESSObin devices were added, not all
files were updated which means any ESPRESSObin version beside generic
won't have proper networking, sysupgrade and uboot-env. This patch
fixes the issue.

* fixup network detection
* fixup uboot-env
* fixup platform.sh for sysupgrade

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2019-06-18 16:13:10 +02:00
Petr Štetiar
bec8fb1ee7 urngd: move project to git.openwrt.org
Let's move project to a proper place.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-17 15:29:58 +02:00
Petr Štetiar
dd6d82112a gpio-button-hotplug: fix 4.19 build breakage on malta/be64
While testing 4.19 build on malta/be64, I've encountered following
error:

 gpio-button-hotplug/gpio-button-hotplug.c:529:18: error: implicit
 declaration of function 'gpio_to_desc'

which is caused by the missing include fixed by this patch.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-17 09:42:36 +02:00
Tomasz Maciej Nowak
7046a249d8 kernel: package module for SafeXcel crypto engine
Supports EIP97 and EIP197 found on Armada 37xx, 7k and 8k SoCs.
Unfortunately firmware for EIP197 is not easily obtainable, therefore
to not cause lot of user requests directed at OpenWrt, package it as
module with explanation where to obtain the firmware.

Cc: Marek Behún <marek.behun@nic.cz>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-06-17 09:36:03 +02:00
Hauke Mehrtens
3c401f45c9 uhttpd: Fix format string build problems
91fcac34ac uhttpd: Fix multiple format string problems

Fixes: fc454ca153 libubox: update to latest git HEAD
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-16 22:57:39 +02:00
Hans Dedecker
865e25e049 nghttp2: bump to 1.39.1
7ffc239b Bump up version number to 1.39.1
bc886a0e Fix FPE with default backend
a3a14a9c Fix log-level is not set with cmd-line or configuration file
acfb3607 Update manual pages
bdfd14c2 Bump up version number to 1.39.0, LT revision to 31:4:17
cddc09fe Update AUTHORS
3c3b6ae8 Add missing colon
2f83aa9e Fix multi-line text travis issue
fc591d0c Run nghttpx integration test with cmake build
9a17c3ef travis: use multi-line text
b7220f07 cmake: Remove SPDY related files
a1556fd1 Merge pull request #1356 from nghttp2/fix-log-level-on-reload
77f1c872 nghttpx: Fix unchanged log level on configuration reload
49ce44e1 Merge pull request #1352 from nghttp2/travis-osx
f54b3ffc Fix libxml2 CFLAGS output
b0f5e5cc Implement daemon() using fork() for OSX
8d6ecd66 Enable osx build on travis
f82fb521 Update doc
2e1975dd clang-format-8
97ce392b Merge pull request #1347 from nghttp2/nghttpx-ignore-cl-te-on-upgrade
afefbda5 Ignore content-length in 200 response to CONNECT request
4fca2502 nghttpx: Ignore Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT
6975c336 Update llhttp to 1.1.3
0288093c Fix llhttp_get_error_pos usage
a3a03481 Merge pull request #1340 from nghttp2/nghttpx-llhttp
c64d2573 Replace http-parser with llhttp
f028cc43 clang-format
302e3746 Merge pull request #1337 from nghttp2/upgrade-mruby
3cdbc5f5 Merge pull request #1335 from adamgolebiowski/boost-1.70
a6925186 Fix mruby build error
45d63d20 Upgrade mruby to 2.0.1
cbba1ebf asio: support boost-1.70
e86d1378 Bump up version number to 1.39.0-DEV
4a9d2005 Update manual pages

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-16 21:34:56 +02:00
Hauke Mehrtens
1ae1276eab urngd: Fix more wrong type in format string
Also the other type is worng and causes compile problems on ARM64
platforms.

Fixes: 9b53201d9c ("urngd: Fix wrong type in format string")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-16 19:03:04 +02:00
Rafał Miłecki
8888cb725d mac80211: brcm: backport remaining brcmfmac 5.2 patches
This improves FullMAC firmware compatibility, adds logging in case of
firmware crash and *may* fix "Invalid packet id" errors.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-16 18:58:51 +02:00
André Valentin
8f5873f6c8 netsupport: improve xfrm module support
-switch to module autoprobe
-exclude 4.9 kernel

Signed-off-by: André Valentin <avalentin@marcant.net>
2019-06-16 17:32:27 +02:00
Hauke Mehrtens
fc454ca153 libubox: update to latest git HEAD
9dd2dcf libubox: add format string checking to ulog()
ecf5617 ustream: Add format string checks to ustream_(v)printf()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-16 16:40:08 +02:00
Hauke Mehrtens
9b53201d9c urngd: Fix wrong type in format string
GCC 9.1 complains about this wrong type used in the format string, fix
this to make the compiler happy.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-16 16:40:08 +02:00
Hauke Mehrtens
22d3d91c77 ubox: bump to git HEAD
4df34a4 kmodloader: Increase path array size to make it always fit

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-16 15:49:45 +02:00
Hans Dedecker
1fd900ddc2 netifd: xfrm fixes
9932ed0 netifd: fix xfrm interface deletion and standardize netlink call

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-15 21:27:01 +02:00
Christian Lamparter
82b78a9659 mac80211: refresh patches
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-15 19:55:32 +02:00
Sven Eckelmann
2f84bb1af2 mac80211: ath10k: adjust tx power reduction for US regulatory domain
FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4):

> (4) The conducted output power limit
> specified in paragraph (b) of this section
> is based on the use of antennas
> with directional gains that do not exceed
> 6 dBi. Except as shown in paragraph
> (c) of this section, if transmitting
> antennas of directional gain greater
> than 6 dBi are used, the conducted
> output power from the intentional radiator
> shall be reduced below the stated
> values in paragraphs (b)(1), (b)(2),
> and (b)(3) of this section, as appropriate,
> by the amount in dB that the
> directional gain of the antenna exceeds
> 6 dBi.

https://www.gpo.gov/fdsys/pkg/CFR-2013-title47-vol1/pdf/CFR-2013-title47-vol1-sec15-247.pdf

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-06-15 19:55:32 +02:00
Sven Eckelmann
f17529a122 mac80211: ath10k: fix max antenna gain unit
Most of the txpower for the ath10k firmware is stored as twicepower (0.5 dB
steps). This isn't the case for max_antenna_gain - which is still expected
by the firmware as dB.

The firmware is converting it from dB to the internal (twicepower)
representation when it calculates the limits of a channel. This can be seen
in tpc_stats when configuring "12" as max_antenna_gain. Instead of the
expected 12 (6 dB), the tpc_stats shows 24 (12 dB).

Tested on QCA9888 and IPQ4019 with firmware 10.4-3.5.3-00057.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-06-15 19:55:32 +02:00
Sven Eckelmann
01142665b7 mac80211: ath9k: Increase allowed antenna gain to 6 dBi
FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4):

> (4) The conducted output power limit
> specified in paragraph (b) of this section
> is based on the use of antennas
> with directional gains that do not exceed
> 6 dBi. Except as shown in paragraph
> (c) of this section, if transmitting
> antennas of directional gain greater
> than 6 dBi are used, the conducted
> output power from the intentional radiator
> shall be reduced below the stated
> values in paragraphs (b)(1), (b)(2),
> and (b)(3) of this section, as appropriate,
> by the amount in dB that the
> directional gain of the antenna exceeds
> 6 dBi.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-06-15 19:55:32 +02:00
Christian Lamparter
dec686fbc6 iwinfo: update PKG_MIRROR_HASH
This patch updates the PKG_MIRROR_HASH to match the one
of the current version.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-15 19:55:32 +02:00
Rosen Penev
481fbc3724 kernel: Add AEAD and RNG support to kmod-crypto-user
Now that kernel 3.18 is gone, we can safely add these features.

Tested on Turris Omnia.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-06-15 19:55:31 +02:00
Hannu Nyman
696c511fb4 busybox: update to 1.31.0
* Update busybox to version 1.31.0.
    New applets: ts, i2ctransfer
    New (restored) feature: error/info levels in syslog messages.
    Leave new features disabled by default.
* Refresh patches
* Remove patch that was backported from upstream

Config refreshed with commands below, after which the OpenWrt specific
config defaults (ipv6, login session child) were corrected:

  make package/busybox/compile   (to populate the build_dir)

  cd package/utils/busybox/config/
  ../convert_menuconfig.pl ../../../../build_dir/target-mips_24kc_musl/busybox-1.31.0

  cd package/utils/busybox
  ./convert_defaults.pl < ../../../build_dir/target-mips_24kc_musl/busybox-1.31.0/.config > Config-defaults.in

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2019-06-15 19:26:47 +02:00
André Valentin
f6dab98044 network/config/xfrm: add host-dependency for xfrm interface parent
Add proto_add_host_dependency to add a dependency to the tunlink interface

Signed-off-by: André Valentin <avalentin@marcant.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-06-15 13:41:39 +02:00
Yousong Zhou
62be427067 busybox: strip off ALTERNATIVES spec
Now that busybox is a known alternatives provider by opkg, we remove the
ALTERNATIVES spec and add a note to make the implicit situation clear

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-14 01:51:24 +00:00
Yousong Zhou
e51b513f75 opkg: bump to version 2019-06-14
Opkg starting from this version special-cases busybox as alternatives
provider.  There should be no need to add entries to ALTERNATIVES of
busybox package

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-14 01:51:24 +00:00
Hans Dedecker
55fcc77072 netifd: update to latest git HEAD
42a3878 interface-ip: fix possible null pointer dereference
c1964d8 system-linux: remove superfluous dev check

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-13 22:18:57 +02:00
Kevin Darbyshire-Bryant
ff2382e36c ath10k-firmware: update Candela Tech firmware images
wave-1:

2019-05-09: Tweak rate-ctrl:  Ramp PER up faster, down slower.  This
	    helps throughput in rate-vs-range test, especially with
	    nss1.

2019-05-20: Disable adaptive-CCA.  I am not sure it helps, and it may
	    make it slower to detect noise that should tell the system
	    to stop transmitting.  If someone has means to test this
	    properly, I'd be happy to work with them.

wave-2:

2019-05-15: Fix problem where rate-ctrl sometimes used rix of 0x0.

2019-05-15: Allow raw-tx of encrypted frame.  Requires a patch to the
	    driver to use raw mode when skb has WEP flag enabled AND
	    skb is flagged to not be encrypted.  Lightly tested.

2019-05-16: Fix tx-hang that happened when rate-ctrl chose an OFDM rate
	    for 20Mhz and sent that as AMPDU.  To fix, limit to (V)HT
	    rates if peer is (V)HT.  It seems that MCS0 (V)HT20 should
	    have as good of a chance of being detected as CCK or OFDM.

2019-06-06: Disable TX-BFEE, TX-BFER for IBSS connections.  I suspect
	    this is part of the tx-hang issue seen with IBSS between
	    two 9984 radios.

2019-06-12: Fix rx-rate reporting in 'fw_stats' logic.  This was at
	    least partly due to regressions I had added earlier when
	    working on some multi-vdev enhancements.

2019-6-12: Fix case where extd peer-stats were not always populated.
	   The stats gathering code did not handle error conditions
	   well.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-13 19:35:19 +01:00
Kevin Darbyshire-Bryant
49b3dcb2ab ath10k-ct: Update to 2019-06-13
Changes:

ath10k:  Improve PMF/MPF mgt frame check

And add a driver for 5.2 (beta, not even tested yet) kernel.

Refresh patches.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-13 19:35:19 +01:00
Paul Spooren
35a70d6262 f2fs-tools: fixup SPDX license
The f2fs-tools have a wrong PKG_LICENSE with is not SPDX compatible.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-06-12 23:55:53 +02:00
Konstantin Demin
38b22b1e70 nghttp2: deduplicate files in libnghttp2
libnghttp2 accidentally ships library twice:

$ tar -Oxzf libnghttp2-14_1.38.0-1_mips_24kc.ipk ./data.tar.gz | tar -tzvf -
drwxr-xr-x root/root         0 2019-06-07 23:14 ./
drwxr-xr-x root/root         0 2019-06-07 23:14 ./usr/
drwxr-xr-x root/root         0 2019-06-07 23:14 ./usr/lib/
-rw-r--r-- root/root    144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14
-rw-r--r-- root/root    144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14.17.3

after fix, there's library and symlink (as designed):

$ tar -Oxzf libnghttp2-14_1.38.0-2_mips_24kc.ipk ./data.tar.gz | tar -tzvf -
drwxr-xr-x root/root         0 2019-06-07 23:14 ./
drwxr-xr-x root/root         0 2019-06-07 23:14 ./usr/
drwxr-xr-x root/root         0 2019-06-07 23:14 ./usr/lib/
lrwxrwxrwx root/root         0 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14 -> libnghttp2.so.14.17.3
-rw-r--r-- root/root    144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14.17.3

Binary package size reduced accordingly: 134621 -> 66593.

Compile/run-tested: ar71xx/generic.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-06-12 23:00:58 +02:00
Koen Vandeputte
c12bd3a21b iwinfo: update to latest git HEAD
1372f47eff34 iwinfo: Add Mikrotik R11e-5HnDr2

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-12 15:04:09 +02:00
Yousong Zhou
04b45d3a31 dnsmasq: move feature detection inside a shell func
Resolves openwrt/packages#9219

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-11 08:32:54 +00:00
Petr Štetiar
27bfde9c9f base-files: move urandom seed bits into separate package
So it's possible to install or remove it as needed.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-11 08:06:28 +02:00
Petr Štetiar
9b4de712ca ubox: move getrandom into separate getrandom package
So it's possible to install or remove it as needed.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-11 08:06:28 +02:00
Petr Štetiar
714bd89fce urng: add micro non-physical true RNG based on timing jitter
μrngd is OpenWrt's micro non-physical true random number generator based
on timing jitter.

Using the Jitter RNG core, the rngd provides an entropy source that
feeds into the Linux /dev/random device if its entropy runs low. It
updates the /dev/random entropy estimator such that the newly provided
entropy unblocks /dev/random.

The seeding of /dev/random also ensures that /dev/urandom benefits from
entropy. Especially during boot time, when the entropy of Linux is low,
the Jitter RNGd provides a source of sufficient entropy.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-11 08:06:28 +02:00
Alexander Couzens
79948e9d61
replace links towards lede-project.org with openwrt.org
Modify VERSION_SUPPORT_URL VERSION_REPO
Replace BUGS variable in toolchain/gcc/common.mk

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-06-11 01:46:53 +02:00
André Valentin
452d88e8f7 config: add xfrm interface support scripts
This package adds scripts for xfrm interfaces support.
Example configuration via /etc/config/network:

config interface 'xfrm0'
        option proto 'xfrm'
        option mtu '1300'
        option zone 'VPN'
        option tunlink 'wan'
        option ifid 30

config interface 'xfrm0_static'
        option proto 'static'
        option ifname '@xfrm0'
        option ip6addr 'fe80::1/64'
        option ipaddr '10.0.0.1/30'

Now set in strongswan IPsec policy:
 	if_id_in = 30
	if_id_out = 30

Signed-off-by: André Valentin <avalentin@marcant.net>
2019-06-10 10:07:24 +02:00
Hans Dedecker
cc092a285a curl: update to 7.65.1
For changes in 7.65.1; see https://curl.haxx.se/changes.html#7_65_1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-10 10:06:05 +02:00
André Valentin
ae3e232b11 netsupport: add xfrmi interface support
Add support for xfrm interfaces in kernel. XFRM interfaces are used by
the IPsec stack for tunneling.
XFRM interfaces are available since linux 4.19.

Signed-off-by: André Valentin <avalentin@marcant.net>
2019-06-09 21:48:22 +02:00
Petr Štetiar
6c5bfaac84 gpio-button-hotplug: gpio-keys: fix always missing first event
Commit afc056d7dc ("gpio-button-hotplug: support interrupt
properties") changed the gpio-keys interrupt handling logic in a way,
that it always misses first event, which causes issues with rc.button
scripts, so this patch restores the previous behaviour.

Fixes: afc056d7dc ("gpio-button-hotplug: support interrupt properties")
Reported-by: Kristian Evensen <kristian.evensen@gmail.com>
Tested-by: Kuan-Yi Li <kyli.tw@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [drop state check]
2019-06-09 14:51:47 +02:00
Petr Štetiar
27d234a345 gpio-button-hotplug: fix wrong initial seen value
Currently the generated event contains wrong seen value, when the button
is pressed for the first time:

 rmmod gpio_button_hotplug; modprobe gpio_button_hotplug
 [ pressing the wps key immediately after modprobe ]
 gpio-keys: create event, name=wps, seen=1088, pressed=1

So this patch adds a check for this corner case and makes seen=0 if the
button is pressed for the first time.

Tested-by: Kuan-Yi Li <kyli.tw@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-09 14:51:47 +02:00
Petr Štetiar
33ccfe0e14 gpio-button-hotplug: use pr_debug and pr_err
pr_debug can be used with dynamic debugging.

Tested-by: Kuan-Yi Li <kyli.tw@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-09 14:51:47 +02:00
Yousong Zhou
0299a4b73e dnsmasq: skip options that are not compiled in
This is to make life easier for users with customized build of
dnsmasq-full variant.  Currently dnsmasq config generated by current
service script will be rejected by dnsmasq build lacking DHCP feature

 - Options like --dhcp-leasefile have default values.  Deleting them
   from uci config or setting them to empty value will make them take on
   default value in the end
 - Options like --dhcp-broadcast are output unconditionally

Tackle this by

 - Check availablility of features from output of "dnsmasq --version"
 - Make a list of options guarded by HAVE_xx macros in src/options.c of
   dnsmasq source code
 - Ignore these options in xappend()

Two things to note in this implementation

 - The option list is not exhaustive.  Supposedly only those options that
   may cause dnsmasq to reject with "unsupported option (check that
   dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)" are taken
   into account here
 - This provides a way out but users' cooperation is still needed.  E.g.
   option dnssec needs to be turned off, otherwise the service script
   will try to add --conf-file pointing to dnssec specific anchor file
   which dnsmasq lacking dnssec support will reject

Resolves FS#2281

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-09 08:17:52 +00:00
Hans Dedecker
6b762dd75f netifd: xfrm tunnel support
8c6358b netifd: add xfrm tunnel interface support

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-08 21:51:37 +02:00
Konstantin Demin
10011f91c5 busybox: add ALTERNATIVES for brctl
Busybox brctl applet conflicts with the version from bridge-utils.
Fix this by using ALTERNATIVE support for brctl in busybox.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-06-08 13:51:40 +02:00
Kevin Darbyshire-Bryant
021a9b4cb9 iproute2: add tc action ctinfo support
Add the userspace control portion of the backported kernelspace
act_ctinfo.

ctinfo is a tc action restoring data stored in conntrack marks to
various fields.  At present it has two independent modes of operation,
restoration of DSCP into IPv4/v6 diffserv and restoration of conntrack
marks into packet skb marks.

It understands a number of parameters specific to this action in
additional to the usual action syntax.  Each operating mode is
independent of the other so all options are optional, however not
specifying at least one mode is a bit pointless.

Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE]
		  [CONTROL] [index <INDEX>]

DSCP mode

dscp enables copying of a DSCP stored in the conntrack mark into the
ipv4/v6 diffserv field.  The mask is a 32bit field and specifies where
in the conntrack mark the DSCP value is located.  It must be 6
contiguous bits long. eg. 0xfc000000 would restore the DSCP from the
upper 6 bits of the conntrack mark.

The DSCP copying may be optionally controlled by a statemask.  The
statemask is a 32bit field, usually with a single bit set and must not
overlap the dscp mask.  The DSCP restore operation will only take place
if the corresponding bit/s in conntrack mark ANDed with the statemask
yield a non zero result.

eg. dscp 0xfc000000 0x01000000 would retrieve the DSCP from the top 6
bits, whilst using bit 25 as a flag to do so.  Bit 26 is unused in this
example.

CPMARK mode

cpmark enables copying of the conntrack mark to the packet skb mark.  In
this mode it is completely equivalent to the existing act_connmark
action.  Additional functionality is provided by the optional mask
parameter, whereby the stored conntrack mark is logically ANDed with the
cpmark mask before being stored into skb mark.  This allows shared usage
of the conntrack mark between applications.

eg. cpmark 0x00ffffff would restore only the lower 24 bits of the
conntrack mark, thus may be useful in the event that the upper 8 bits
are used by the DSCP function.

Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE]
		  [CONTROL] [index <INDEX>]
where :
	dscp MASK is the bitmask to restore DSCP
	     STATEMASK is the bitmask to determine conditional restoring
	cpmark MASK mask applied to restored packet mark
	ZONE is the conntrack zone
	CONTROL := reclassify | pipe | drop | continue | ok |
		   goto chain <CHAIN_INDEX>

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-07 12:05:32 +01:00
Kevin Darbyshire-Bryant
b8a72dfd28 kernel: backport act_ctinfo
ctinfo is a new tc filter action module.  It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths.  At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.

The DSCP restore mode:

This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.

The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links.  Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.

Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway.  Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.

Parameters related to DSCP restore mode:

dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.

statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask.  This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set.  This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP.  A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)

e.g. dscpmask 0xfc000000 statemask 0x01000000

|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP       | unused | flag  |unused   |
|-----------------------0x01---000000---|
      |                   |
      |                   |
      ---|             Conditional flag
         v             only restore if set
|-ip diffserv-|
| 6 bits      |
|-------------|

The skb mark restore mode (cpmark):

This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.

Parameters related to skb mark restore mode:

mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration.  This can be useful where the conntrack
mark is being used for different purposes by different applications.  If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)

e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.

|----0x00----conntrack mark----ffffff---|
| Bits 31-24 |                          |
| DSCP & flag|      some value here     |
|---------------------------------------|
			|
			|
			v
|------------skb mark-------------------|
|            |                          |
|  zeroed    |                          |
|---------------------------------------|

Overall parameters:

zone - conntrack zone

control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Make suitable adjustments for backporting to 4.14 & 4.19
and add to SCHED_MODULES_FILTER

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-06 15:41:07 +01:00
Biwen Li
639d127b83 layerscape: fix u-boot bootcmd
Current latest LSDK-19.03 u-boot had a bug that bootcmd
environment was always been reset when u-boot started up.
This was found on boards with spi NOR boot. Before the
proper fix-up is applied, we have to use a workaround
to hard code the bootcmd for OpenWrt booting for now.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:09 +02:00
Yangbo Lu
8468bf04d0 layerscape: drop ppa package
Drop ppa package since TF-A is used instead.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:09 +02:00
Biwen Li
c07d3302b3 layerscape: convert to use TF-A for firmware
This patch is to convert to use TF-A for firmware.
- Use un-swapped rcw since swapping will be done in TF-A.
- Use u-boot with TF-A defconfig.
- Rework memory map for TF-A introduction.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:09 +02:00
Biwen Li
17dcbe1b8e layerscape: add ARM Trusted Firmware package
Add TF-A packages for Layerscape to implement trusted firmware.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
f7f1f39c34 layerscape: add rcw packages for ls1043ardb/ls1046ardb SD boot
Add rcw packages for ls1043ardb/ls1046ardb SD boot.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Yangbo Lu
b4b53cd39b layerscape: drop armv8_32b support
NXP LSDK has decided to drop armv8_32b support considering
few users are using it.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Yangbo Lu
9ad7c53383 layerscape: update restool to LSDK 19.03
Update restool to LSDK 19.03.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
4b4b686b1d layerscape: update u-boot to LSDK 19.03
Update u-boot to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
fbb865099b layerscape: update ppfe-firmware to LSDK 19.03
Update ppfe-firmware to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
f4f4b053b9 layerscape: update ls-rcw to LSDK 19.03
Update ls-rcw to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
584611e076 layerscape: update ls-mc to LSDK 19.03
Update to ls-mc to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
1efc6f3515 layerscape: update ls-dpl to LSDK 19.03
Update ls-dpl to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
5dd307afef layerscape: update fman-ucode to LSDK 19.03
The source code was same from lsdk-1806 to lsdk-1903.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Sebastian Meiling
239b79f668 kernel: add package for atusb wpan module
This adds a new package for the kernel module of the ATUSB WPAN driver.

Signed-off-by: Sebastian Meiling <s@mlng.net>
[fixed SoB: and From: mismatch]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-06 15:40:08 +02:00
Kevin Darbyshire-Bryant
24e09bac48 Revert "kernel: backport act_ctinfo"
This reverts commit 7c50182e0c.

Produces build error:
Package kmod-sched is missing dependencies for the following libraries:
nf_conntrack.ko

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-06 10:45:15 +01:00
Jo-Philipp Wich
f664d560df rpcd: fix init script reload action
Drop the legacy start() and stop() procedures and define a proper
reload signal action instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-06 11:27:11 +02:00
Kevin Darbyshire-Bryant
7c50182e0c kernel: backport act_ctinfo
ctinfo is a new tc filter action module.  It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths.  At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.

The DSCP restore mode:

This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.

The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links.  Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.

Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway.  Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.

Parameters related to DSCP restore mode:

dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.

statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask.  This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set.  This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP.  A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)

e.g. dscpmask 0xfc000000 statemask 0x01000000

|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP       | unused | flag  |unused   |
|-----------------------0x01---000000---|
      |                   |
      |                   |
      ---|             Conditional flag
         v             only restore if set
|-ip diffserv-|
| 6 bits      |
|-------------|

The skb mark restore mode (cpmark):

This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.

Parameters related to skb mark restore mode:

mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration.  This can be useful where the conntrack
mark is being used for different purposes by different applications.  If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)

e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.

|----0x00----conntrack mark----ffffff---|
| Bits 31-24 |                          |
| DSCP & flag|      some value here     |
|---------------------------------------|
			|
			|
			v
|------------skb mark-------------------|
|            |                          |
|  zeroed    |                          |
|---------------------------------------|

Overall parameters:

zone - conntrack zone

control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Make suitable adjustments for backporting to 4.14 & 4.19

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-06 09:41:26 +01:00
Petr Štetiar
dc8ec266dd rpcd: update to the latest git head
89bfaa424606 Fix possible linker errors by using CMake find_library macro
 569284a119f9 session: handle NULL return values of crypt()

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-06 10:16:22 +02:00
Yousong Zhou
ef7aa03bdb libunwind: bump to version 1.3.1
Libunwind provides a sigreturn stub for x86 in version 1.2 [1].  However
the arch still depends on setcontext() which is unavailable in musl-libc
and which is supposed to be "deprecated everywhere" [2]

 [1] x86 sigreturn unimplemented for some libcs,
     https://github.com/libunwind/libunwind/issues/13
 [2] setcontext deprecated on x86,
     https://github.com/libunwind/libunwind/issues/69

Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497791552
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-05 01:13:07 +00:00
Jason A. Donenfeld
593b487538 wireguard: bump to 0.0.20190601
There was an issue with the backport compat layer in yesterday's snapshot,
causing issues on certain (mostly Atom) Intel chips on kernels older than
4.2, due to the use of xgetbv without checking cpu flags for xsave support.
This manifested itself simply at module load time. Indeed it's somewhat tricky
to support 33 different kernel versions (3.10+), plus weird distro
frankenkernels.

If OpenWRT doesn't support < 4.2, you probably don't need to apply this.
But it also can't hurt, and probably best to stay updated.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-01 14:00:51 +02:00
Jason A. Donenfeld
a1210f8888 wireguard: bump to 0.0.20190531
* tools: add wincompat layer to wg(8)

Consistent with a lot of the Windows work we've been doing this last cycle,
wg(8) now supports the WireGuard for Windows app by talking through a named
pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw.
Because programming things for Windows is pretty ugly, we've done this via a
separate standalone wincompat layer, so that we don't pollute our pretty *nix
utility.

* compat: udp_tunnel: force cast sk_data_ready

This is a hack to work around broken Android kernel wrapper scripts.

* wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel

FreeBSD had a number of kernel race conditions, some of which we can vaguely
work around. These are in the process of being fixed upstream, but probably
people won't update for a while.

* wg-quick: make darwin and freebsd path search strict like linux

Correctness.

* socket: set ignore_df=1 on xmit

This was intended from early on but didn't work on IPv6 without the ignore_df
flag. It allows sending fragments over IPv6.

* qemu: use newer iproute2 and kernel
* qemu: build iproute2 with libmnl support
* qemu: do not check for alignment with ubsan

The QEMU build system has been improved to compile newer versions. Linking
against libmnl gives us better error messages. As well, enabling the alignment
check on x86 UBSAN isn't realistic.

* wg-quick: look up existing routes properly
* wg-quick: specify protocol to ip(8), because of inconsistencies

The route inclusion check was wrong prior, and Linux 5.1 made it break
entirely. This makes a better invocation of `ip route show match`.

* netlink: use new strict length types in policy for 5.2
* kbuild: account for recent upstream changes
* zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2

The usual churn of changes required for the upcoming 5.2.

* timers: add jitter on ack failure reinitiation

Correctness tweak in the timer system.

* blake2s,chacha: latency tweak
* blake2s: shorten ssse3 loop

In every odd-numbered round, instead of operating over the state
    x00 x01 x02 x03
    x05 x06 x07 x04
    x10 x11 x08 x09
    x15 x12 x13 x14
we operate over the rotated state
    x03 x00 x01 x02
    x04 x05 x06 x07
    x09 x10 x11 x08
    x14 x15 x12 x13
The advantage here is that this requires no changes to the 'x04 x05 x06 x07'
row, which is in the critical path. This results in a noticeable latency
improvement of roughly R cycles, for R diagonal rounds in the primitive. As
well, the blake2s AVX implementation is now SSSE3 and considerably shorter.

* tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES

System integrators can now specify things like
WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init
scripts and services, or 0, or any other integer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31 21:01:33 +02:00
Eneas U de Queiroz
f22ef1f1de openssl: update to version 1.1.1c
Highlights of this version:
 - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
 - Fix OPENSSL_config bug (patch removed)
 - Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
 - Enable SHA3 pre-hashing for ECDSA and DSA

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
2019-05-31 11:21:22 +02:00
Christian Lamparter
afc056d7dc gpio-button-hotplug: support interrupt properties
Upstream Linux's input gpio-keys driver supports
specifying a external interrupt for a gpio via the
'interrupts' properties as well as having support
for software debounce.

This patch ports these features to OpenWrt's event
version. Only the "pure" interrupt-driven support is
left behind, since this goes a bit against the "gpio"
in the "gpio-keys" and I don't have a real device to
test this with.

This patch also silences the generated warnings showing
up since 4.14 due to the 'constification' of the
struct gpio_keys_button *buttons variable in the
upstream struct gpio_keys_platform_data declaration.

gpio-button-hotplug.c: In function 'gpio_keys_get_devtree_pdata':
gpio-button-hotplug.c:392:10: warning: assignment discards 'const'
	qualifier from pointer target type [-Wdiscarded-qualifiers]
   button = &pdata->buttons[i++];
          ^
gpio-button-hotplug.c: In function 'gpio_keys_button_probe':
gpio-button-hotplug.c:537:12: warning: assignment discards 'const'
	qualifier from pointer target type [-Wdiscarded-qualifiers]
   bdata->b = &pdata->buttons[i];
            ^
gpio-button-hotplug.c: In function 'gpio_keys_probe':
gpio-button-hotplug.c:563:37: warning: initialization discards 'const'
	qualifier from pointer target type [-Wdiscarded-qualifiers]
   struct gpio_keys_button *button = &pdata->buttons[i];
                                   ^
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-05-31 10:30:03 +02:00
Hans Dedecker
678ee30ee4 ppp: add config options to tune discovery timeout and attempts
Upstream PPP project has added in commit 8e77984 options to tune discovery
timeout and attempts in the rp-pppoe plugin.

Expose these options in the uci datamodel for pppoe:
	padi_attempts: Number of discovery attempts
	padi_timeout: Initial timeout for discovery packets in seconds

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-31 09:43:10 +02:00
Hans Dedecker
42977978e2 ppp: update to version 2.4.7.git-2019-05-25
8e77984 rp-pppoe plugin: Add options to tune discovery timeout and number of attempts

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-31 09:43:03 +02:00
Fabian Bläse
0f8b9addfc gre: introduce 'nohostroute' option
It is not always necessary to add a host route for the gre peer address.

This introduces a new config option 'nohostroute' (similar to the
option introduced for wireguard in d8e2e19) to allow to disable
the creation of those routes explicitely.

Signed-off-by: Fabian Bläse <fabian@blaese.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-05-31 09:42:32 +02:00
Yousong Zhou
cf463159df uclient: bump to version 2019-05-30
This version bump contains the following commit to fix FS#2222

	3b3e368 uclient-http: set data_eof when content-length is 0

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-05-30 12:13:31 +00:00
Yousong Zhou
1e5f4dcd66 libunwind: requires glibc if arch in powerpc
libunwind for powerpc depends on getcontext() from libc which musl-libc
does not provide because this API and its friends are supposed to be
"obsolescent" [1,2]

 [1] Subject: Re: setcontext/getcontext/makecontext missing?
     https://www.openwall.com/lists/musl/2016/02/04/5
 [2] http://pubs.opengroup.org/onlinepubs/009695399/functions/makecontext.html

Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497200058
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-05-30 10:30:45 +00:00
Sandeep Sheriker M
a765a2178c at91:renaming subtraget legacy to sam9x
renaming subtraget legacy to sam9x for adding new sam9 soc's

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-05-30 12:12:57 +02:00
Hauke Mehrtens
aff084adf3 at91: Merge SAMA5 subtargets
Instead of maintaining 3 very similar subtargets merge them into one.
This does not use the Arm NEON extension any more, because the SAMA5D3
does not support NEON.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
2019-05-30 12:12:37 +02:00
Alan Swanson
5422fed787 gpio-button-hotplug: add KEY_POWER2 handling
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.

As KEY_RESTART is already used for reset script (and there's no
KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new
reboot script with 5 second seen delay.

Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
2019-05-30 11:55:50 +02:00
Alan Swanson
a46259787d button-hotplug: add KEY_POWER2 handling
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.

As KEY_RESTART is already used for reset script (and there's no
KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new
reboot script with 5 second seen delay.

Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
2019-05-30 11:55:50 +02:00
Alan Swanson
70c7a0c33e base-files: add reboot only button handler
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.

Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
2019-05-30 11:55:49 +02:00
Petr Štetiar
6a92eb5b38 procd: update to latest git HEAD
ade00ca585a4 container: fix .dockerenv stat check
 385b904b2f0a hotplug: improve error message during group ownership change

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-30 08:03:02 +02:00
Paul Spooren
62940df3a9 procd: update to latest git HEAD
7f0f6b2 procd: add docker support

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-05-29 17:57:35 +02:00
Mikael Magnusson
8128a7e4fc busybox: fix: ip addr flush hangs when run by non-root user
Add upstream patch from:
https://git.busybox.net/busybox/commit/?id=028c5aa18b5273c029f0278232d922ee1a164de6

The patch fixes a problem with an infinite loop causing 100% CPU usage
when running the following command /lib/preinit/10_indicate_preinit
without the CAP_NET_ADMIN capability (such as in Docker):
  ip -4 address flush dev $pi_ifname

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patch]
2019-05-28 13:18:58 +02:00
Hans Dedecker
6636171bed netifd: fix missing ip rules after network reload (FS#2296)
beb810d iprule: fix missing ip rules after a reload (FS#2296)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-28 10:21:02 +02:00
Hans Dedecker
7d77879236 curl: bump to 7.65.0
For changes in 7.65.0; see https://curl.haxx.se/changes.html#7_65_0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-26 21:51:04 +02:00
Hans Dedecker
f54611b06d map: don't set default firewall zone to wan
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add procd inbound/outbound firewall rules if a zone is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-26 09:44:37 +02:00
Hans Dedecker
470f5b31e3 464xlat: don't set default firewall zone to wan
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add a procd inbound firewall rule if a zone is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-26 09:43:57 +02:00
Petr Štetiar
ace241014c ethtool: bump to 5.1
* Feature: Add support for 200Gbps (50Gbps per lane) link mode
 * Feature: simplify handling of PHY tunable downshift
 * Feature: add support for PHY tunable Fast Link Down
 * Feature: add PHY Fast Link Down tunable to man page
 * Feature: Add a 'start N' option when specifying the Rx flow hash indirection table.
 * Feature: Add bash-completion script
 * Feature: add 10000baseR_FEC link mode name
 * Fix: qsfp: fix special value comparison
 * Feature: move option parsing related code into function
 * Feature: move cmdline_coalesce out of do_scoalesce
 * Feature: introduce new ioctl for per-queue settings
 * Feature: support per-queue sub command --show-coalesce
 * Feature: support per-queue sub command --coalesce
 * Fix: fix up dump_coalesce output to match actual option names
 * Feature: fec: add pretty dump

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-25 13:44:43 +02:00
Hans Dedecker
0293aa72d1 uci: fix heap use after free (FS#2288)
f199b96 uci: fix options list of section after type change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-23 22:05:40 +02:00
Liangbin Lian
4bb9af48ca lua: lnum: fix strtoul based number parsing
Lua's LNUM patch currently doesn't parse properly certain numbers as
it's visible from the following simple tests.

On x86_64 host (stock Lua 5.1.5, expected output):

 $ /usr/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  2147483648
  8796093022208
  4294967296

On x86_64 host:

 $ staging_dir/hostpkg/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  0
  0

On x86_64 target:

 $ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  0
  0

On ath79 target:

 $ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  8796093022208
  4294967296

It's caused by two issues fixed in this patch, first issue is caused by
unhadled strtoul overflow and second one is caused by the cast of
unsigned to signed Lua integer when parsing from hex literal.

Run tested on:

 * Zidoo Z9S with RTD1296 CPU (aarch64_cortex-a53)
 * qemu/x86_64
 * qemu/armvirt_64
 * ath79

Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
[commit subject/message touches, fixed From to match SOB, fixed another
 unhandled case in luaO_str2i, host Lua, package bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-23 10:19:52 +02:00
Koen Vandeputte
4da5ba4a6b iwinfo: update to latest git HEAD
073a838891e5 iwinfo: Complete device IDs for Ubiquiti airOS XM/XW devices
04f5a7d3a431 iwinfo: Add Mikrotik R11e-5HnD
c2cfe9d96c9a iwinfo: Fix 802.11ad channel to frequency

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 14:24:18 +02:00
Petr Štetiar
049748e87e uboot-imx6: bump to 2019.04 and refresh patches
Build tested: apalis, mx6sabresd, nitrogen6dl, nitrogen6dl2g, nitrogen6q,
	      nitrogen6q2g, nitrogen6s, nitrogen6s1g, wandboard

Run tested: apalis

Cc: Felix Fietkau <nbd@nbd.name>
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-20 21:19:48 +02:00
Petr Štetiar
aac8b52184 base-files: add support for the new ar8xxx MIB counters settings
Commit "generic: ar8216: add mib_poll_interval switch attribute" has
added mib_poll_interval global config option and commit "generic:
ar8216: group MIB counters and use two basic ones only by default" has
added mib_type config option.

So this patch adds ucidef_set_ar8xxx_switch_mib helper function which
would allow configuration of the above mentioned new switch config
options.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-20 21:19:48 +02:00
Petr Štetiar
2c26dc7b41 netifd: add support for the new ar8xxx MIB counters settings
Commit "generic: ar8216: add mib_poll_interval switch attribute" has added
mib_poll_interval global config option and commit "generic: ar8216: group
MIB counters and use two basic ones only by default" has added mib_type
config option.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-20 21:19:48 +02:00
Hauke Mehrtens
df6e8c8771 uboot-fritz4040: Add host flags for host compiler
This adds the host staging directory to the include path to make it use
the zlib.h files from the staging include directory and also link
against the zlib version from the staging directory.

This fixes a compile problem when the zlib header were not installed on
the build host.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[picked from openwrt-18.06]
2019-05-19 12:29:24 +02:00
Hans Dedecker
a7967bada9 ppp: update to version 2.4.7.git-2019-05-18
c9d9dbf pppoe: Custom host-uniq tag
44012ae plugins/rp-pppoe: Fix compile errors

Refresh patches
Drop 520-uniq patch as upstream accepted
Drop 150-debug_compile_fix patch as fixed upstream

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-18 21:39:19 +02:00
Linus Walleij
76338fded0 gemini: Fix up firmware checksum on DIR-685
Using the same method as the D-Link DAP-2695 A1 we use
the "mtd" tool to augment the firmware checkum in flash
on first boot of a new firmware on the D-Link DIR-685.
We need to augment the Makefile for "mtd" to build in
the special WRGG fixup support for Gemini as well.

This works around the problem of the machine not booting
after factory install unless the sysupgrade is applied
immediately.

Based on commit e3875350f3
"ar71xx: add support for D-Link DAP-2695 rev. A1"

Cc: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2019-05-18 16:37:30 +02:00
Linus Walleij
30b4b7ee09 mtd: Make fixwrgg command work on DIR-685
The D-Link DIR-685 has the same problem as the
D-Link DAP-2695: when flashing the factory image, the
checksum includes the whole flashed image, even the
rootfs_data part with the end of filesystem mark.
Also the whole flashed image is stored in the flash,
so on the first boot, the whole rootfs image is loaded
into memory with the kernel.

This is fixed using the fixwrgg command to mtd, but
for this to work we need to make fixwrgg work with
the Little-Endian ARM DIR-685.

The code tries to be endian agnostic but this fails
because the WRGG image loader doesn't. On ARM, the
file size is stored in little endian format, and on
big-endian systems it is stored in big endian format,
so we can just drop all the friendly htonl() that
will make the shdr->size big endian: this will
actually break the little endian systems, and on
the big endian systems the native endianness will
still be correct.

The magic number is always stored in little endian
format however, so make sure this is always read
in LE32 format. I chose to create a straight-forward
le32_to_cpu() static inline that IMO is simple and
easy to read.

Cc: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2019-05-18 16:37:30 +02:00
sven friedmann
30dcbc741d ath79: add support for EnGenius ECB1750
Specification:

- Qualcomm Atheros SoC QCA9558
- 720/600/200 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 1x 10/100/1000 Mbps Ethernet
- 3T3R 2.4 GHz (QCA9558 WMAC)
- 3T3R 5.8 Ghz (QCA9880-BR4A, Senao PCE4553AH)

https://fccid.io/A8J-ECB1750

Tested and working:

- lan, wireless, leds, sysupgrade (tftp)

Flash instructions:

1.) tftp recovery

- use a 1GbE switch or direct attached 1GbE link
- setup client ip address 192.168.1.10 and start tftpd
- save "openwrt-ath79-generic-engenius_ecb1750-initramfs-kernel.bin" as "ap.bin" in tfpd root directory
- plugin powercord and hold reset button 10secs.. "ap.bin" will be downloaded and executed
- afterwards login via ssh and do a sysuprade

2.) oem webinterface factory install (not tested)

Use normal webinterface upgrade page und select "openwrt-ath79-generic-engenius_ecb1750-squashfs-factory.bin".

3.) oem webinterface command injection

OEM Firmware already running OpenWrt (Attitude Adjustment 12.09).
Use OEM webinterface and command injection. See wiki for details.

https://openwrt.org/toh/engenius/engenius_ecb1750_1

Signed-off-by: sven friedmann <sf.openwrt@okay.ms>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[use interrupt-driven "gpio-keys" binding]
2019-05-18 13:43:55 +02:00
Jeff Kletsky
819e7946b0 ipq40xx: Add support for Linksys EA8300 (Dallas)
The Linksys EA8300 is based on QCA4019 and QCA9888 and provides three,
independent radios. NAND provides two, alternate kernel/firmware
images with fail-over provided by the OEM U-Boot.

Installation:

  "Factory" images may be installed directly through the OEM GUI.

Hardware Highlights:

  * IPQ4019 at 717 MHz (4 CPUs)
  * 256 MB NAND (Winbond W29N02GV, 8-bit parallel)
  * 256 MB RAM
  * Three, fully-functional radios; `iw phy` reports (FCC/US, -CT):
      * 2.4 GHz radio at 30 dBm
      * 5 GHz radio on ch. 36-64 at 23 dBm
      * 5 GHz radio on ch. 100-144 at 23 dBm (DFS), 149-165 at 30 dBm
      #{ managed } <= 16, #{ AP, mesh point } <= 16, #{ IBSS } <= 1
      * All two-stream, MCS 0-9
  * 4x GigE LAN, 1x GigE Internet Ethernet jacks with port lights
  * USB3, single port on rear with LED
  * WPS and reset buttons
  * Four status lights on top
  * Serial pads internal (unpopulated)

  "Linksys Dallas WiFi AP router based on Qualcomm AP DK07.1-c1"

Implementation Notes:

  The OEM flash layout is preserved at this time with 3 MB kernel and
  ~69 MB UBIFS for each firmware version. The sysdiag (1 MB) and
  syscfg (56 MB) partitions are untouched, available as read-only.

Serial Connectivity:

  Serial connectivity is *not* required to flash.

  Serial may be accessed by opening the device and connecting
  a 3.3-V adapter using 115200, 8n1. U-Boot access is good,
  including the ability to load images over TFTP and
  either run or flash them.

  Looking at the top of the board, from the front of the unit,
  J3 can be found on the right edge of the board, near the rear

      |
   J3 |
  |-| |
  |O| | (3.3V seen, open-circuit)
  |O| | TXD
  |O| | RXD
  |O| |
  |O| | GND
  |-| |
      |

Unimplemented:

    * serial1 "ttyQHS0" (serial0 works as console)
    * Bluetooth; Qualcomm CSR8811 (potentially conected to serial1)

Other Notes:

    https://wikidevi.com/wiki/Linksys_EA8300 states

        FCC docs also cover the Linksys EA8250. According to the
	RF Test Report BT BR+EDR, "All models are identical except
	for the EA8300 supports 256QAM and the EA8250 disable 256QAM."

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2019-05-18 13:43:54 +02:00
Jeff Kletsky
b3770eaca3 mtd: base-files: Unify dual-firmware devices (Linksys)
Consistently handle boot-count reset and upgrade across
ipq40xx, ipq806x, kirkwood, mvebu

Dual-firmware devices often utilize a specific MTD partition
to record the number of times the boot loader has initiated boot.

Most of these devices are NAND, typically with a 2k erase size.
When this code was ported to the ipq40xx platform, the device in hand
used NOR for this partition, with a 16-byte "record" size. As the
implementation of `mtd resetbc` is by-platform, the hard-coded nature
of this change prevented proper operation of a NAND-based device.

* Unified the "NOR" variant with the rest of the Linksys variants

* Added logging to indicate success and failure

* Provided a meaningful return value for scripting

* "Protected" the use of `mtd resetbc` in start-up scripts so that
   failure does not end the boot sequence

* Moved Linksys-specific actions into common `/etc/init.d/bootcount`

For upgrade, these devices need to determine which partition to flash,
as well as set certain U-Boot envirnment variables to change the next
boot to the newly flashed version.

* Moved upgrade-related environment changes out of bootcount

* Combined multiple flashes of environment into single one

* Current-partition detection now handles absence of `boot_part`

Runtime-tested: Linksys EA8300

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[checkpatch.pl fixes, traded split strings for 80+ chars per line]
2019-05-18 13:43:51 +02:00
Jeff Kletsky
4bdc873a5f firmware/ipq-wifi: Extend for multi-chip boards
This package provides board-specific reference ("cal") data
on an interim basis until included in the upstream distros

While originally conceived for IPQ4019-based boards, similar needs
are appearing with three-radio devices. For some of these devices,
both a board-2.bin file needs to be supplied both for the IPQ4019
as well as for the other radio on the board.

This patch allows new or multiple overrides to be specified by:

  * Adding board name to ALLWIFIBOARDS
  * Placing file(s) in this directory named as
      board-<devicename>.<qca4019|qca9888|qca9984>
  * Adding
      $(eval $(call generate-ipq-wifi-package,<device>,<display name>))

(along with suitable package selection for the board)

At this time, QCA4019, QCA9888, and QCA9984 are supported.
Extension to other chips should be straightforward.

The existing files, board-*.bin, are "grandfathered" as QCA4019.

The package name has been retained for compatability reasons.
At this time it DEPENDS:=@TARGET_ipq40xx, limiting its visibility.

Build-tested-on: asus_map-ac2200, alfa-network_ap120c-ac,
    avm_fritzbox-7530, avm_fritzrepeater-3000, engenius_eap1300,
    engenius_ens620ext, linksys_ea6350v3, qxwlan-e2600ac-c1/-c2

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2019-05-18 13:43:22 +02:00
Hans Dedecker
7b58c58733 netifd: update to latest git HEAD
22e8e58 interface-ip: use ptp address as well to find local address target
f1aa0f9 treewide: pass bool as second argument of blobmsg_check_attr

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-18 09:35:25 +02:00
Rosen Penev
395bef4bba libbsd: Fix compilation under ARC
The 8 year old file does not have any ARC definitions.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[updated content of the patch with version sent to upstream]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-17 21:41:43 +02:00
Kristian Evensen
97780e363f system: uci: Use config dir on uci_add and support add_/del_list
This commit makes three changes to the uci shell library:

* A check for UCI_CONFIG_DIR has been added to the command line when
adding anonymous sections. Without this change, adding anonymous
sections to configs not stored in /etc/config is not possible.

* Support for adding/removing items from lists were missing, so I have
added the functions uci_add_list() and uci_remove_list() to simplify
working with uci lists from scripts.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[added missing package version bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-17 21:41:43 +02:00
Jeffery To
782eda9750 zlib: Use relative paths in pkg-config metadata file
The buildroot pkg-config (in staging_dir/host/bin) overrides the prefix
and exec_prefix variables in *.pc files, to supply the correct
(buildroot) paths for callers. If other variables are not defined
relative to prefix and exec_prefix, then the returned values will be
incorrect.

The default zlib.pc file generated by cmake contains absolute paths.
This patches the file to use relative paths (relative to ${prefix} and
${exec_prefix}).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-05-17 21:41:43 +02:00
Hans Dedecker
5546fe9fc3 odhcpd: update to latest git HEAD (FS#2242)
41a74cb config: remove 'ignore' config option
c0c8034 treewide: init assignment lists head
f98b7ee config: use list safe iterator in lease_delete
3c9810b dhcpv4: fix lease ordering by ip address
b60c384 config: use multi-stage parsing of uci sections
a2dd8d6 treewide: always init interface list heads during initialization
a17665e dhcpv4: do not allow pool end address to overlap with broadcast address
6b951c5 treewide: give file descriptors safe initial value
39e11ed dhcpv4: DHCP pool size is off-by-one
4a600ce dhcpv4: add support for Parameter Request List option 55
09e5eca dhcpv4: fix DHCP packet size
3cd4876 ndp: fix syslog flooding (FS#2242)
79fbba1 config: set default loglevel to LOG_WARNING

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-17 08:54:30 +02:00
Tomasz Maciej Nowak
e7756974aa tegra: add vendor string to device name
for better identification. Also create SUPPORTED_DEVICES string from it
which corresponds to dts compatible string.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-15 13:34:23 +02:00
Rosen Penev
2f97797471 nftables: Fix compilation with uClibc-ng
Missing header for va_list.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
2019-05-15 13:34:23 +02:00
Deng Qingfang
172b02c05f linux-firmware: update to 20190416
Update linux-firmware to 20190416, which includes updated firmwares e.g. for ath10k
Also switch to official tarball source.

The following firmware files we use are updated in this change:
ath10k/QCA6174/hw3.0/board-2.bin
ath10k/QCA9888/hw2.0/firmware-5.bin
ath10k/QCA988X/hw2.0/firmware-5.bin
ath10k/QCA9984/hw1.0/firmware-5.bin
mrvl/sd8887_uapsta.bin
mrvl/pcie8897_uapsta.bin
iwlwifi-8000C-36.ucode
iwlwifi-8265-36.ucode

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-05-14 21:59:38 +02:00
Hauke Mehrtens
5ee62b23f8 valgrind: Add support for ARM64 architecture
valgrind also works on the ARM64 architecture, build it also for such CPUs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:41 +02:00
Hauke Mehrtens
a489f72ab5 valgrind: Update to version 3.15.0
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:34 +02:00
Hauke Mehrtens
e669cf7f6a strace: Update to version 5.0
The removed patch was merged upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:26 +02:00
Hauke Mehrtens
02d4d36d4b iperf: Update to version 2.0.13
The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:18 +02:00
Hans Dedecker
06403981e1 ppp: update to version 2.4.7.git-2019-05-06
fcb076c Various fixes for errors found by coverity static analysis (#109)
d98ab38 Merge branch 'pppd_print_changes' of https://github.com/nlhintz/ppp into nlhintz-pppd_print_changes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-13 15:34:42 +02:00
Tomasz Maciej Nowak
ee96fa15b1 mvebu: use device-tree board detection
Convert whole target to Device Tree based board detection instead of
identifying devices by dts file name. With this we can drop mvebu.sh
translation script and rely on common method for model detection.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 23:11:04 +02:00
Tomasz Maciej Nowak
a39d2a8053 mvebu: align device names to vendor_device format
Add vendors in device names and also rename few device names, for easier
identyfying potential firmware to flash. The vendor and device string is
mainly derived from model/compatipble string in dts from particular
device, but since not all devices are well described, some of the renames
follow marketing names.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 23:11:04 +02:00
Rosen Penev
0b26382533 uClibc++: Update to 0.2.5
Switched to xz archives for smaller size.

Removed upstreamed patches.

Reorganized Makefile a little bit for clarity. Build/Prepare is not useful
anymore. Upstream converted the file to LF.

Refreshed config.

Removed -ansi option from the original CFLAGS as this was causing long
long support to be missing.

Removed fPIC. We have the macro $(FPIC) already used. No point in setting
fpic and fPIC together.

Removed pedantic -Wlong-long warnings as they are not useful.

Removed -std=gnu++98. Not only is it unnecessary (it compiles against all
standards), it actually results in a size increase. 75843 vs. 75222 (gcc
in OpenWrt defaults to g++14).

Added --gc-sections to linker flags to reduce size: 72653 vs 75222.

Removed warn linker options. They have been upstreamed.

Tested on Archer C7v2 and GnuBee PC1.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-05-11 23:10:10 +02:00
Rosen Penev
e49b6bb618 xfsprogs: Replace valloc with posix_memalign
Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-05-11 23:10:10 +02:00
Christian Lamparter
bdaaf66e28 utils/spidev_test: build package directly from Linux
Jeff Kletsky noted in his patch titled:
"utils/spidev_test: Update to current source from upstream Linux"
that the spidev_test utility OpenWrt ships is severly out of date.

Instead of updating the spidev_test.c from the current kernel,
this patch replaces the package building code to utilize the
very file that gets shipped with the kernel we compiling for
anyway much like the "perf" package already does.

Reported-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-05-11 16:37:11 +02:00
Lucian Cristian
4582fe7c14 lldpd: add option to edit hostname
also fixes the annoying repeating syslog
lldp[]: unable to get system name

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-05-11 16:37:11 +02:00
Lucian Cristian
cb30971a44 lldpd: update to 1.0.3
Support for CDP PD PoE

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-05-11 16:37:11 +02:00
Robert Marko
671d8752d1 ath10k-ct: Update to current version
This patch updates ath10k-ct to current version.
Changes are:
     ath10k-ct:  Fix printing PN in peer stats.

     Previous logic was incorrect.  Also add set-special API to enable
     returning PN.

Patches refreshed and tested on 8devices Jalapeno dev board(IPQ4019)

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-05-11 16:37:11 +02:00
Robert Marko
61f4ceb146 ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1:

2019-04-02: Support some get/set API for eeprom rate power tables.
	    Mostly backported from 10.2

2019-04-02: Support adaptive-CCA, backported from 10.2

2019-04-02: Support adding eeprom configAddr pairs via the
            set-special API. These configAddrs can be used to change
            the default register settings for up to 12 registers.

2019-05-03: Fix tx-power settings for 2x2, 3x3 rates.
	    Original logic I put in back in 2016 set 2x2 and 3x3 lower
	    than the needed to be when using most NICs (very high
	    powered NICs would not have been affected I think, not sure
	    any of those exist though.)

	    This improves throughput for 2x2 and 3x3 devices,
	    especially when the signal is weaker.

Release notes for wave-2:

2019-04-08: When setting keys, if high bit of high value of
	    key_rsc_counter is set to 0x1, then the lower 48 bits will
	    be used as the PN value.  By default, PN is set to 1 each
	    time the key is set.

2019-04-08: Pack PN into un-used 'excretries' aka
	    'num_pkt_loss_excess_retry' high 16 bits.
	    This lets us report peer PN, but *only* if driver has
	    previously set a PN when setting key (or set-special cmd is
	    used to enable PN reporting).

	    This is done so that we know the driver is recent
            enough to deal with the PN stat reporting.

2019-04-16: Support specifying tx rate on a per-beacon packet.
	    See ath10k_wmi_op_gen_beacon_dma and
	    ath10k_convert_hw_rate_to_rate_info for API details.

	     Driver needs additional work to actually enable this
	     feature currently.

2019-04-30: Compile out tx-prefetch caching logic.
	    It is full of tricky bugs that cause tx hangs.
	    I fixed at least one, but more remain and I have wasted too
	    much time on this already.

2019-05-08: Start rate-ctrl at mcs-3 instead of mcs-5.
	    This significantly helps DHCP happen quickly, probably
	    because the initial rate being too high would take a while
	    to ramp down, especially since there are few packets sent
	    by the time DHCP needs to start.

	    This bug was triggered by me decreasing retries of 0x1e
	    (upstream default) to 0x4.  But, I think it is better to
	    start with lower initial MCS instead of always having a
	    very high retry count.

Tested on 8devices Jalapeno dev board(IPQ4019)

Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [neatify]
2019-05-11 16:37:11 +02:00
Klaus Kudielka
ad62247800 base-files: improve lib/upgrade/common.sh
Recently, upgrade device autodetection has been added to the mvebu target.
This exposes some shortcomings of the generic export_bootdevice function,
e.g. on the Turris Omnia: export_bootdevice silently reports the root
partition to be the boot device. This makes the sysupgrade process fail at
several places.

Fix this by clearly distinguishing between /proc/cmdline arguments which
specify the boot disk, and those which specify the root partition. Only in
the latter case, strip off the partition, and do it consistently.
root=PARTUUID=<pseudo PARTUUID for MBR> (any partition) and root=/dev/*
(any partition) are accepted.

The root of the problem is that the *existing* export_bootdevice in
/lib/upgrade/common.sh behaves differently, if the kernel is booted with
root=/dev/..., or if it is booted with root=PARTUUID=...

In the former case, it reports back major/minor of the root partition,
in the latter case it reports back major/minor of the complete boot disk.

Targets, which boot with root=/dev/... *and* use export_bootdevice /
export_partdevice, have added workarounds to this behaviour, by specifying
*negative* increments to the export_partdevice function.

Consequently, those targets have to be adapted to use positive increments,
otherwise they are broken by the change to export_bootdevice.

Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 16:37:11 +02:00
Deng Qingfang
367813b9b1 ramips: mt7620: fix dependencies
MT7620 integrated WMAC does not need RT2x00 PCI driver or firmware
Also corrected kmod-eeprom-93cx6 and kmod-lib-crc-itu-t dependencies
according to original Kconfig and lsmod output

This will remove some unnecessary packages from MT7620 target to
save some space

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[75 characters per line in the commit message]
2019-05-11 01:05:11 +02:00
Hans Dedecker
290a7dc0c7 procd: fix compile issue
1361b97 container: include stdbool.h

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-09 18:33:39 +02:00
Hans Dedecker
165d598521 netifd: update to latest git HEAD
f6fb700 interface-ip: fine tune IPv6 mtu warning
975a5c4 interface: tidy ipv6 mtu warning

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-08 22:15:19 +02:00
Hans Dedecker
792c9fc8ca procd: update to latest git HEAD
9b35439 procd: detect lxc container and behave accordingly

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-08 20:52:45 +02:00
Rosen Penev
4760541027 elfutils: Fix compile with uClibc-ng
Probably glibc too. argp_help takes a char *. not const char *.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
2019-05-05 21:11:01 +02:00
Tomasz Maciej Nowak
b18d1d5d3f uboot-tegra: bump to 2019.04
This version has important change for tegra boards which is reserving
32MB memory for Linux kernel instead of current 16MB.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-05 21:11:01 +02:00
Arthur Skowronek
fc23bcdaa2 base-files: add service_stopped as a post stop hook
Purpose of these changes is to introduce a hook for post service
shutdown in a similar fashion to the existing hook service_started. I
found it to be useful to specify a hook that is called once the service
has been stopped and not before the service is stopped like the
stop_service hook does.

The concrete use case I have for this is that I'm running a binary that
takes over the hardware watchdog timer. Said binary unfortunately can
not use ubus directly to tell procd to hand over the watchdog timer so
this has to be done in the service file for the binary in question. In
order to support a clean handover of the watchdog timer back to procd,
the service init script has to dispatch the ubus invocation once the
binary in question has been stopped.

Signed-off-by: Arthur Skowronek <ags@digineo.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[added commit message, use the same form as other hooks]
2019-05-05 21:11:01 +02:00
Hauke Mehrtens
1325e74e0c kernel: Remove support for kernel 3.18
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.

The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 22:41:38 +02:00
Hauke Mehrtens
675832de79 xburst: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
cd3b298533 omap24xx: Remove unmaintained target
This target only supports kernel 4.1, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
e6f9a8e89b au1000: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
2d0a2ff1e0 adm5120: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Rafał Miłecki
2c3dd70741 procd: add procd_running() helper for checking running state
This should be helpful for implementing service_running() in procd init
scripts.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: John Crispin <john@phrozen.org>
2019-05-02 22:14:19 +02:00
Hans Dedecker
8696f0c3e3 procd: update to latest git HEAD
01f3dc8 instance: dump user and group as well

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-02 17:39:16 +02:00
Michael Heimpold
218b1bbecd procd: allow passing optional group instance parameter
Sometimes is desirable to run a process with a specific group id
instead of the default one which is derived from passwd entry.
This can be achived now by using procd_set_param group $mygroup.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
2019-05-02 17:39:16 +02:00
Michael Heimpold
a12ab07e21 procd: allow passing optional syslog facility as instance parameter
Optional syslog facility can be set by adding procd_set_param facility
$myfacility.
While at, also add stdout/stderr documentation.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
2019-05-02 17:38:51 +02:00
Robert Marko
a9190ee3a4 kernel: iio: Fix BMP280 Auto probing
Currently Auto probing for BMP/BME280 does not work because kernel
module name in the call is not correct.
Package name was used instead of kernel module name.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-05-02 09:35:35 +02:00
Rafał Miłecki
d6643aca34 libroxml: bump to the 3.0.1 version
Some of changes:
* Support for local-name()
* General refactoring
* Better parsing performance
* Fix possible buffer overflow & memleak
* Validation checks
* More commit functions (file, buffer, fd)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-05-01 07:25:55 +02:00
Hans Dedecker
430b66bbe8 procd: update to latest git HEAD
cfaed56 procd: add SIGPWR as signal
a30a8fd procd: copy the respawn property of new instance

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-29 21:48:09 +02:00
Daniel Golle
26dafeeba4 mac80211: rt2x00: replace patches with upstream version
Support for RT3883/RT3663 was merged upstream [1]. Use that patch
instead of our original series. The resulting source tree is
exactly identical, this commit is merely reorganizing the patches.

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git/commit/?id=d0e61a0f7cca51ce340a5a73595189972122ff25

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-29 18:39:04 +02:00
Eneas U de Queiroz
17cb490ac4 openssl: build kmods only if engines are selected
Add a conditional to the individual package's for the kmods in DEPENDS.
This avoids the need to compile the kernel modules when the crypto
engine packages are not selected.  The final binares are not affected by
this.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2019-04-26 15:31:34 +02:00
Jose Olivera
40de4c038a elfutils: bump to 0.176
*Fixes:
  -CVE-2019-7150
  -CVE-2019-7149
  -CVE-2019-7146
  -CVE-2019-7665
  -CVE-2019-7664
  -CVE-2019-7148

*Refresh 003-libintl-compatibility.patch

*Also reset PKG_RELEASE.

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
2019-04-26 10:04:47 +02:00
Felix Fietkau
6e7e2f4421 mac80211: fix regression in skb resizing optimization in monitor mode (FS#2254)
struct ieee80211_local needs to be passed in separately instead of
dereferencing the (potentially NULL) sdata

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-24 09:33:38 +02:00
Koen Vandeputte
6afe175e5e ath10k-ct: Update to 2019-04-08
9cd701a4f028 ath10k-ct:  Add PN get/set API for wave-2 firmware.
5c8a4668323b ath10k-ct:  Support over-riding the power ctl table in eeprom
75e2705f31bb ath10k-ct:  CCA, eeprom, other changes.
a696e602a0fc ath10k-ct:  Attempt to fix-out-of-tree compile for 4.16
a2aec62262df ath10k:  Improve beacon tx status for 4.20 kernel.
be5c21a82b15 ath10k-ct:  Fix out-of-tree compile for 4.20, pull in stable changes for 4.19

Fixes compile errors when using the 4.20 flavour.
Also the amount of beacon errors seems to have dropped.

Tested on a Mikrotik RB912UAGS-5HPacD

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-23 13:22:31 +02:00
Jo-Philipp Wich
f00a4ae6e0 Revert "uhttpd: disable concurrent requests by default"
This reverts commit c6aa9ff388.

Further testing has revealed that we will need to allow concurrent
requests after all, especially for situations where CGI processes
initiate further HTTP requests to the local host.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-23 08:15:46 +02:00
Eneas U de Queiroz
8abb505048 openssl: add Eneas U de Queiroz as maintainer
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-22 21:37:31 +02:00
Eneas U de Queiroz
ff9ac986ce openssl: fix OPENSSL_config bug affecting wget
This applies an upstream patch that fixes a OPENSSL_config() bug that
causes SSL initialization to fail when the openssl.cnf file is not
found.  The config file is not installed by default.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-22 20:30:02 +02:00
Hans Dedecker
47dc4f96cb nghttp2: bump to 1.38.0
4a9d2005 Update manual pages
acf6a922 Bump up version number to 1.38.0, LT revision to 31:3:17
4ff45821 Update AUTHORS
42dce01e Merge branch 'nghttpx-fix-backend-selection-on-retry'
a35059e3 nghttpx: Fix bug that altered authority and path affect backend selection
5a30fafd Merge branch 'nghttpx-fix-chunked-request-stall'
dce91ad3 Merge branch 'nghttpx-dont-log-authorization'
2cff8b43 nghttpx: Fix bug that chunked request stalls
be96654d nghttpx: Don't log authorization request header field value with -LINFO
ce962c3f Merge branch 'update-http-parser'
f931504e Update http-parser to v2.9.1
d978f351 Fix bug that on_header callback is still called after stream is closed
ec519f22 Merge pull request #1270 from baitisj/master
e8b213e3 Bump up version number to 1.38.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-22 13:42:24 +02:00
Hans Dedecker
399aa0b933 odhcpd: update to latest git HEAD (FS#2243, FS#2244)
6633efe router: fix dns search list option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-19 19:24:39 +02:00
Rosy Song
524810ce6d dropbear: allow build without dbclient
This can save ~16KBytes size for the ipk

Signed-off-by: Rosy Song <rosysong@rosinson.com>
2019-04-18 22:34:19 +02:00
Rafał Miłecki
083056c83f mac80211: brcm: backport brcmfmac 5.2 patches
This includes some USB fixes and early work on FullMAC firmware crash
recovery.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-04-18 10:16:10 +02:00
Hans Dedecker
e20c2909a5 odhcpd: update to latest git HEAD (FS#2206)
38bc630 router: use ra_lifetime as lifetime for RA options (FS#2206)
0523bdd router: improve code readibility
0a3b279 Revert "router:"
207f8e0 treewide: align syslog loglevels
f1d7da9 router:
0e048ac treewide: fix compiler warnings
83698f6 CMakeList.txt: enable extra compiler checks

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-17 14:43:38 +02:00
Eneas U de Queiroz
450d44a8ea openssl: change defaults: ENGINE:on, NPN:off, misc
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enable engine support by default.  Right now, some packages require
this, so it is always enabled by the bots.  Many packages will compile
differently when engine support is detected, needing engine symbols from
the libraries.

However, being off by default, a user compiling its own image will fail
to run some popular packages from the official repo.
Note that disabling engines did not work in 1.0.2, so this problem never
showed up before.

NPN support has been removed in major browsers & servers, and has become
a small bloat, so it does not make sense to leave it on by default.

Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-17 11:26:55 +02:00
Lucian Cristian
e762f5d44a kernel: Fix kmod-drm-amdgpu and kmod-drm-radeon dependencies
Currently the Geode builds fails on following kernel module missing
dependencies:

 Package kmod-drm-amdgpu is missing dependencies for the following libraries:
 backlight.ko
 drm_kms_helper.ko
 fb.ko
 ttm.ko

So this patch tries to fix the kmod-drm-amdgpu module dependecies.

Fixes: 2f239c0 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918e ("x86: video: add radeon DRM module support")
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-04-16 22:51:29 +02:00
Martin Schiller
e79b9601bf procd/hotplug: add dependency to dialout and audio group
Commit 6e060bd62c introduced a dependency to the dialout group.
Adding this group to the "group" file in the base-files package is not
enough to handle this dependency, because after a sysupgrade this entry
will be missing in the "group" file.

To address this problem the dependencies to the required groups needs to
be set in the Makefile of the procd package.
Then, the uci-default script "13_fix_group_user" will add the groups
on first boot-up after a sysupgrade.

Fixes: 6e060bd62c ("base-files/hotplug: fix dedicated group for tty devices")
Tested-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2019-04-16 22:51:29 +02:00
Hans Dedecker
3e803499c3 netifd: update to latest git HEAD
666c14f system-linux: remove debug tracing
08989e4 interface: add neighbor config support
bfd4de3 interface: fix "if-down" hotplug event handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-15 23:20:20 +02:00
Christian Lamparter
d599890efd layerscape: unbreak ehci-fsl interaction with mpc85xx
Both targets have their own idea of how to use ehci-fsl.
This patch reverts part of commit
68b8d3b079 ("kernel: usb: add FSL EHCI package") and moves
ehci-fsl back into kmod-usb2, while also making it hopefully
useable for the mpc85xx target.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-04-15 00:20:56 +02:00
Petr Štetiar
ecdd26fe2b umbim: update to latest git HEAD
24f9dc7 Iron out all extra compiler warnings
9d8dbc9 Enable extra compiler checks
ff8d356 mbim-proxy support
ccca03f umbim: add registration set support

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-15 00:01:57 +02:00
Petr Štetiar
8293e7532f mac80211: Fix rate_idx underflow in mwl8k (FS#2218)
Add a patch for mwl8k which fixes endless reboot loops on Linksys EA4500
with certain 5G configurations.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-14 23:42:03 +02:00
David Bauer
68b8d3b079 kernel: usb: add FSL EHCI package
Add kernel module package for the Freescale USB2 EHCI used on the
mpc85xx platform.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-04-13 15:09:09 +02:00
Daniel Golle
9385ff654e mac80211: rt2x00: replace patch with upstream version
Replace the patch introduced by commit d0b969eee8 ("mac80211: rt2x00:
do not increment sequence number while re-transmitting") was merged
into wireless-drivers.git. Replace our version with the merged version.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-12 22:14:47 +02:00
Daniel Golle
44ae5f37fb uboot-envtools: fix fw_env.config for ox820/stg-212
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-11 19:21:55 +02:00
Stefan Lippers-Hollmann
8f17c019a1 hostapd: fix CVE-2019-9497, CVE-2019-9498, CVE-2019-9499
EAP-pwd missing commit validation

Published: April 10, 2019
Identifiers:
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for
  scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for
  scalar/element)

Latest version available from: https://w1.fi/security/2019-4/

Vulnerability

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate the received scalar and element
values in EAP-pwd-Commit messages properly. This could result in attacks
that would be able to complete EAP-pwd authentication exchange without
the attacker having to know the used password.

A reflection attack is possible against the EAP-pwd server since the
hostapd EAP server did not verify that the EAP-pwd-Commit contains
scalar/element values that differ from the ones the server sent out
itself. This allows the attacker to complete EAP-pwd authentication
without knowing the password, but this does not result in the attacker
being able to derive the session key (MSK), i.e., the attacker would not
be able to complete the following key exchange (e.g., 4-way handshake in
RSN/WPA).

An attack using invalid scalar/element values is possible against both
the EAP-pwd server and peer since hostapd and wpa_supplicant did not
validate these values in the received EAP-pwd-Commit messages. If the
used crypto library does not implement additional checks for the element
(EC point), this could result in attacks where the attacker could use a
specially crafted commit message values to manipulate the exchange to
result in deriving a session key value from a very small set of possible
values. This could further be used to attack the EAP-pwd server in a
practical manner. An attack against the EAP-pwd peer is slightly more
complex, but still consider practical. These invalid scalar/element
attacks could result in the attacker being able to complete
authentication and learn the session key and MSK to allow the key
exchange to be completed as well, i.e., the attacker gaining access to
the network in case of the attack against the EAP server or the attacker
being able to operate a rogue AP in case of the attack against the EAP
peer.

While similar attacks might be applicable against SAE, it should be
noted that the SAE implementation in hostapd and wpa_supplicant does
have the validation steps that were missing from the EAP-pwd
implementation and as such, these attacks do not apply to the current
SAE implementation. Old versions of wpa_supplicant/hostapd did not
include the reflection attack check in the SAE implementation, though,
since that was added in June 2015 for v2.5 (commit 6a58444d27fd 'SAE:
Verify that own/peer commit-scalar and COMMIT-ELEMENT are different').

Vulnerable versions/configurations

All hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build
configuration and EAP-pwd being enabled in the runtime configuration)
are vulnerable against the reflection attack.

All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration) are vulnerable against the invalid
scalar/element attack when built against a crypto library that does not
have an explicit validation step on imported EC points. The following
list indicates which cases are vulnerable/not vulnerable:
- OpenSSL v1.0.2 or older: vulnerable
- OpenSSL v1.1.0 or newer: not vulnerable
- BoringSSL with commit 38feb990a183 ('Require that EC points are on the
  curve.') from September 2015: not vulnerable
- BoringSSL without commit 38feb990a183: vulnerable
- LibreSSL: vulnerable
- wolfssl: vulnerable

Acknowledgments

Thanks to Mathy Vanhoef (New York University Abu Dhabi) for discovering
and reporting the issues and for proposing changes to address them in
the implementation.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  CVE-2019-9497:
  EAP-pwd server: Detect reflection attacks

  CVE-2019-9498:
  EAP-pwd server: Verify received scalar and element
  EAP-pwd: Check element x,y coordinates explicitly

  CVE-2019-9499:
  EAP-pwd client: Verify received scalar and element
  EAP-pwd: Check element x,y coordinates explicitly

  These patches are available from https://w1.fi/security/2019-4/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
57ab9e3add hostapd: fix CVE-2019-9496
hostapd: fix SAE confirm missing state validation

Published: April 10, 2019
Identifiers:
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
Latest version available from: https://w1.fi/security/2019-3/

Vulnerability

When hostapd is used to operate an access point with SAE (Simultaneous
Authentication of Equals; also known as WPA3-Personal), an invalid
authentication sequence could result in the hostapd process terminating
due to a NULL pointer dereference when processing SAE confirm
message. This was caused by missing state validation steps when
processing the SAE confirm message in hostapd/AP mode.

Similar cases against the wpa_supplicant SAE station implementation had
already been tested by the hwsim test cases, but those sequences did not
trigger this specific code path in AP mode which is why the issue was
not discovered earlier.

An attacker in radio range of an access point using hostapd in SAE
configuration could use this issue to perform a denial of service attack
by forcing the hostapd process to terminate.

Vulnerable versions/configurations

All hostapd versions with SAE support (CONFIG_SAE=y in the build
configuration and SAE being enabled in the runtime configuration).

Possible mitigation steps

- Merge the following commit to hostapd and rebuild:

  SAE: Fix confirm message validation in error cases

  These patches are available from https://w1.fi/security/2019-3/

- Update to hostapd v2.8 or newer, once available

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
262229e924 hostapd: fix CVE-2019-9495
EAP-pwd side-channel attack

Published: April 10, 2019
Identifiers:
- CVE-2019-9495 (cache attack against EAP-pwd)
Latest version available from: https://w1.fi/security/2019-2/

Vulnerability

Number of potential side channel attacks were recently discovered in the
SAE implementations used by both hostapd and wpa_supplicant (see
security advisory 2019-1 and VU#871675). EAP-pwd uses a similar design
for deriving PWE from the password and while a specific attack against
EAP-pwd is not yet known to be tested, there is no reason to believe
that the EAP-pwd implementation would be immune against the type of
cache attack that was identified for the SAE implementation. Since the
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) does not support MODP groups, the timing attack described against
SAE is not applicable for the EAP-pwd implementation.

A novel cache-based attack against SAE handshake would likely be
applicable against the EAP-pwd implementation. Even though the
wpa_supplicant/hostapd PWE derivation iteration for EAP-pwd has
protections against timing attacks, this new cache-based attack might
enable an attacker to determine which code branch is taken in the
iteration if the attacker is able to run unprivileged code on the victim
machine (e.g., an app installed on a smart phone or potentially a
JavaScript code on a web site loaded by a web browser). This depends on
the used CPU not providing sufficient protection to prevent unprivileged
applications from observing memory access patterns through the shared
cache (which is the most likely case with today's designs).

The attacker could use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full recovery of the used password if that password is
not strong enough to protect against dictionary attacks.

This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on an authentication server
(EAP server), so the most likely target for this would be a client
device using EAP-pwd.

The commits listed in the end of this advisory change the EAP-pwd
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.

Vulnerable versions/configurations

All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration).

It should also be noted that older versions of wpa_supplicant/hostapd
prior to v2.7 did not include additional protection against certain
timing differences. The definition of the EAP-pwd (RFC 5931) does not
describe such protection, but the same issue that was addressed in SAE
earlier can be applicable against EAP-pwd as well and as such, that
implementation specific extra protection (commit 22ac3dfebf7b, "EAP-pwd:
Mask timing of PWE derivation") is needed to avoid showing externally
visible timing differences that could leak information about the
password. Any uses of older wpa_supplicant/hostapd versions with EAP-pwd
are recommended to update to v2.7 or newer in addition to the mitigation
steps listed below for the more recently discovered issue.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  OpenSSL: Use constant time operations for private bignums
  Add helper functions for constant time operations
  OpenSSL: Use constant time selection for crypto_bignum_legendre()
  EAP-pwd: Use constant time and memory access for finding the PWE

  These patches are available from https://w1.fi/security/2019-2/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

- Use strong passwords to prevent dictionary attacks

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
af606d077f hostapd: fix CVE-2019-9494
SAE side-channel attacks

Published: April 10, 2019
Identifiers:
- VU#871675
- CVE-2019-9494 (cache attack against SAE)
Latest version available from: https://w1.fi/security/2019-1/

Vulnerability

Number of potential side channel attacks were discovered in the SAE
implementations used by both hostapd (AP) and wpa_supplicant
(infrastructure BSS station/mesh station). SAE (Simultaneous
Authentication of Equals) is also known as WPA3-Personal. The discovered
side channel attacks may be able to leak information about the used
password based on observable timing differences and cache access
patterns. This might result in full password recovery when combined with
an offline dictionary attack and if the password is not strong enough to
protect against dictionary attacks.

Cache attack

A novel cache-based attack against SAE handshake was discovered. This
attack targets SAE with ECC groups. ECC group 19 being the mandatory
group to support and the most likely used group for SAE today, so this
attack applies to the most common SAE use case. Even though the PWE
derivation iteration in SAE has protections against timing attacks, this
new cache-based attack enables an attacker to determine which code
branch is taken in the iteration if the attacker is able to run
unprivileged code on the victim machine (e.g., an app installed on a
smart phone or potentially a JavaScript code on a web site loaded by a
web browser). This depends on the used CPU not providing sufficient
protection to prevent unprivileged applications from observing memory
access patterns through the shared cache (which is the most likely case
with today's designs).

The attacker can use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full discovery of the used password.

This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on access points, so the
most likely target for this would be a client device using SAE in an
infrastructure BSS or mesh BSS.

The commits listed in the end of this advisory change the SAE
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.

Timing attack

The timing attack applies to the MODP groups 22, 23, and 24 where the
PWE generation algorithm defined for SAE can have sufficient timing
differences for an attacker to be able to determine how many rounds were
needed to find the PWE based on the used password and MAC
addresses. When the attack is repeated with multiple times, the attacker
may be able to gather enough information about the password to be able
to recover it fully using an offline dictionary attack if the password
is not strong enough to protect against dictionary attacks. This attack
could be performed by an attacker in radio range of an access point or a
station enabling the specific MODP groups.

This timing attack requires the applicable MODP groups to be enabled
explicitly in hostapd/wpa_supplicant configuration (sae_groups
parameter). All versions of hostapd/wpa_supplicant have disabled these
groups by default.

While this security advisory lists couple of commits introducing
additional protection for MODP groups in SAE, it should be noted that
the groups 22, 23, and 24 are not considered strong enough to meet the
current expectation for a secure system. As such, their use is
discouraged even if the additional protection mechanisms in the
implementation are included.

Vulnerable versions/configurations

All wpa_supplicant and hostapd versions with SAE support (CONFIG_SAE=y
in the build configuration and SAE being enabled in the runtime
configuration).

Acknowledgments

Thanks to Mathy Vanhoef (New York University Abu Dhabi) and Eyal Ronen
(Tel Aviv University) for discovering the issues and for discussions on
how to address them.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  OpenSSL: Use constant time operations for private bignums
  Add helper functions for constant time operations
  OpenSSL: Use constant time selection for crypto_bignum_legendre()
  SAE: Minimize timing differences in PWE derivation
  SAE: Avoid branches in is_quadratic_residue_blind()
  SAE: Mask timing of MODP groups 22, 23, 24
  SAE: Use const_time selection for PWE in FFC
  SAE: Use constant time operations in sae_test_pwd_seed_ffc()

  These patches are available from https://w1.fi/security/2019-1/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

- In addition to either of the above alternatives, disable MODP groups
  1, 2, 5, 22, 23, and 24 by removing them from hostapd/wpa_supplicant
  sae_groups runtime configuration parameter, if they were explicitly
  enabled since those groups are not considered strong enough to meet
  current security expectations. The groups 22, 23, and 24 are related
  to the discovered side channel (timing) attack. The other groups in
  the list are consider too weak to provide sufficient security. Note
  that all these groups have been disabled by default in all
  hostapd/wpa_supplicant versions and these would be used only if
  explicitly enabled in the configuration.

- Use strong passwords to prevent dictionary attacks

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Hans Dedecker
d1739c6c9a procd: update to latest git HEAD
baaf38c procd: instance: Support deleting stopped instances

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-10 14:16:53 +02:00
Florian Eckert
2101002b3d wireguard: remove obvious comments
Remove obvious comments to save disk space.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-04-09 22:25:11 +02:00
Florian Eckert
78b6931a1a wireguard: converted whitespaces from space to tab
With this change, the file is reduced from 5186 bytes to 4649 bytes that
its approximately 10.5 percent less memory consumption. For small
devices, sometimes every byte counts.
Also, all other protocol handler use tabs instead of spaces.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-04-09 22:25:02 +02:00
Hans Dedecker
c8a8294f6e ethtool: bump to 5.0
170d821 Release version 5.0.
909f8c0 Revert "ethtool: change to new sane powerpc64 kernel headers"
a484274 ethtool: dsa: mv88e6xxx: add pretty dump for others
034a17b ethtool: dsa: mv88e6xxx: add pretty dump for 88E6390
7f1cc44 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6352
a13a053 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6161
4e98029 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6185
ff99e46 ethtool: dsa: mv88e6xxx: add pretty dump
cb8e980 ethtool: dsa: add pretty dump
4df55c8 ethtool: change to new sane powerpc64 kernel headers
0cb963e ethtool: zero initialize coalesce struct
8f05538 ethtool: don't report UFO on kernels v4.14 and above

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-09 14:27:59 +02:00
Daniel Gimpelevich
f61e754522 ath79: add support for Netgear EX6400 and EX7300
This is sold as a dual-band 802.11ac range extender. It has a sliding
switch for Extender mode or Access Point mode, a WPS button, a recessed
Reset button, a hard-power button, and a multitude of LED's, some
multiplexed via an NXP 74AHC164D chip. The internal serial header pinout is
Vcc, Tx, Rx, GND, with GND closest to the corner of the board. You may
connect at 115200 bps, 8 data bits, no parity, 1 stop bit.

Specification:
- System-On-Chip: QCA9558
- CPU/Speed: 720 MHz
- Flash-Chip: Winbond 25Q128FVSG
- Flash size: 16 MiB
- RAM: 128 MiB
- Wireless No1: QCA9558 on-chip 2.4GHz 802.11bgn, 3x3
- Wireless No2: QCA99x0 chip 5GHz 802.11an+ac, 4x4
- PHY: Atheros AR8035-A

Installation:
If you can get to the stock firmware's firmware upgrade option, just feed
it the factory.img and boot as usual. As an alternative, TFTP the
factory.img to the bootloader.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
[whitespace fix in DTS and reorder of make variables]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-09 11:09:26 +02:00
Petr Štetiar
adb0a420e5 uboot-envtools: imx6: Add support for Toradex Apalis board family
This patch is needed in order to be able to use fw_{set,print}env
commands.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-08 18:37:03 +02:00
Petr Štetiar
136001675e uboot-imx6: Add support for Toradex Apalis board family
This patch is needed in order to properly boot OpenWrt bootscript.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-08 18:37:03 +02:00
Hans Dedecker
80568e5854 dropbear: bump to 2019.78
Fix dbclient regression in 2019.77. After exiting the terminal would be left
in a bad state. Reported by Ryan Woodsmall

drop patch applied upstream:
	010-tty-modes-werent-reset-for-client.patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-07 20:32:55 +02:00
Stijn Tintel
310e2764a8 ubox: bump to git HEAD
5130fa4 kmodloader: fix and optimize loading of failed modules

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-04-07 19:37:18 +03:00
Michael Heimpold
32a6c252db wpan-tools: clean up Makefile
When we only call the default, we do not need to define it explicitly.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-04-06 19:14:06 +02:00
Michael Heimpold
007e947976 fconfig: cleanup Makefile
We do not need to define an empty Build/Configure since
the default checks for existing ./configure and does nothing
in case nothing is found.

Similar for Build/Compile: we can remove the definition
when we only call the default.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-04-06 19:14:06 +02:00
Rosen Penev
2a8175a7ac kernel: Add RIPEMD160 module
After getting rid of cryptsetup's heavy openssl dependency, there is now
the problem of missing RIPEMD160 support. RIPEMD160 is used for True/Vera
crypt volumes as well as old LUKS1 ones.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-04-06 19:14:06 +02:00
Tomasz Maciej Nowak
afef17e24d base-files: add leds migration
Currently leds migration scripts in ar71xx and lantiq share a lot of
logic and introducing leds migration to another target would mean
copying this code, again. Therefore add common logic to library in
base-files package.

Suggested-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 19:14:05 +02:00
Jason A. Donenfeld
549d44736a wireguard: bump to 0.0.20190406
* allowedips: initialize list head when removing intermediate nodes

Fix for an important regression in removing allowed IPs from the last
snapshot. We have new test cases to catch these in the future as well.

* tools: warn if an AllowedIP has a nonzero host part

If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8)
will now print a warning. Even though we mask this automatically down to
192.168.1.0/24, usually when people specify it like this, it's a mistake.

* wg-quick: add 'strip' subcommand

The new strip subcommand prints the config file to stdout after stripping
it of all wg-quick-specific options. This enables tricks such as:
`wg addconf $DEV <(wg-quick strip $DEV)`.

* tools: avoid unneccessary next_peer assignments in sort_peers()

Small C optimization the compiler was probably already doing.

* peerlookup: rename from hashtables
* allowedips: do not use __always_inline
* device: use skb accessor functions where possible

Suggested tweaks from Dave Miller.

* blake2s: simplify
* blake2s: remove outlen parameter from final

The blake2s implementation has been simplified, since we don't use any of the
fancy tree hashing parameters or the like. We also no longer separate the
output length at initialization time from the output length at finalization
time.

* global: the _bh variety of rcu helpers have been unified
* compat: nf_nat_core.h was removed upstream
* compat: backport skb_mark_not_on_list

The usual assortment of compat fixes for Linux 5.1.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-04-06 17:26:47 +02:00
Luis Araneda
177a634e18 kernel: can: add Xilinx CAN IP kernel module package
This driver is required to use the CAN IP on devices
from the zynq target

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-04-06 16:31:10 +02:00
Luis Araneda
82b0230bc1 kernel: sound: add missing symbol to sound-soc-core
This fixes compilation on zynq target when migrating
to sound kmod packages

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-04-06 16:31:10 +02:00
Hauke Mehrtens
3183430df4 mac80211: update to version 4.19.32-1
The removed patches are now integrated in the upstream kernel.
Refresh all patches on top of the new backports release.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 16:31:04 +02:00
Josef Schlehofer
4ebd66d7a9 mbedtls: update to version 2.16.1
Refreshed patches

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 16:30:43 +02:00
Tomasz Maciej Nowak
6541897796 kernel: package rtc-em3027 module
Support for Microelectronic EM3027 real time clock chip.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Tomasz Maciej Nowak
1b3dda179a uboot-tegra: add U-Boot for tegra boards
Add U-Boot for NVIDIA Tegra based boards, with the first being CompuLab
TrimSlice. This is part of initial support for this board.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Tomasz Maciej Nowak
42f96ed941 tegra: add new target
New target introduces initial support for NVIDIA Tegra SoC based devices.
It focuses on Tegra 2 CPUs, for successors supporting NEON instruction
set the target should be split in two subtargets.
This initial commit doesn't create any device image, it's groundwork
for further additions.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Daniel Engberg
de3eb0d8a0 curl: Update to 7.64.1
Update curl to 7.64.1
Remove deprecated patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 13:40:29 +02:00
Hans Dedecker
f483274422 odhcpd: update to latest git HEAD
65a9519 ndp: create ICMPv6 socket per interface
c6dae8e router: create ICMPv6 socket per interface
e7b1d4b treewide: initialize properly file descriptors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-05 12:04:01 +02:00
Michael Heimpold
6e060bd62c base-files/hotplug: fix dedicated group for tty devices
Commit 124ab1dc0a and 5523ee3459 introduced the assignment of the
group "tty" to /dev/tty* devices in order to support unprivileged
user access to serial devices.

However, due to an improperly rebased commit this feature broke.

This patch restores the lost hunk in hotplug.json file to
re-introduce this feature and also renames the existing "tty" group
to "dialout" as this is the more typical name for such a group
on desktop systems.

Fixes: 5209cfa534 ("procd: fix hotplug.json syntax")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2019-04-04 17:09:40 +02:00
Felix Fietkau
b3d8b3ab8e mac80211: set noscan=1 if sta/adhoc/mesh interfaces are present
Fixes channel selection issues and suppresses an unnecessary extra scan

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-03 10:40:09 +02:00
Felix Fietkau
1dd536f1fa mac80211: improve performance by deferring tx queue selection
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-03 10:40:09 +02:00
Magnus Kroken
701b8d0050 openvpn: openssl: explicitly depend on deprecated APIs
OpenVPN as of 2.4.7 uses some OpenSSL APIs that are deprecated in
OpenSSL >= 1.1.0.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [white space fix]
2019-04-03 10:00:39 +02:00
Hans Dedecker
848d85d13b netifd: update to latest git HEAD
361b3e4 proto-shell: return error in case setup fails
a97297d interface: set interface in TEARDOWN state when checking link state

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-01 23:12:29 +02:00
Magnus Kroken
4376c06e80 openvpn: update to 2.4.7
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2019-04-01 11:23:43 +02:00
Kabuli Chana
6ba3d70c95 mwlwifi: Fix pcie timeout issue
Increase MAX_WAIT_FW_COMPLETE_ITERATIONS to 10000 as before commit
e5e0700 to prevent timeout as reported here: #308 (Original OP issue is
probably not related though as his post preceeds commit e5e0700).

compile/test target mvebu/mamba, rango

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
[commit subject and message tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-01 10:05:49 +02:00
Christian Lamparter
fbe2e7d15e ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1 / 10.1:
2019-03-28: Fix sometimes using bad TID for management frames
	    in htt-mgt mode. (Backported from wave2, looks
	    like bug would be the same though.)

Release notes for wave-2 / 10.4:
2019-03-28: Fix off-channel scanning while associated in
	    proxy-station mode.

2019-03-29: Fix sometimes sending mgt frames on wrong tid when
	    using htt-mgt. This bug has been around since I first
	    enabled htt-mgt mode.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-30 10:36:31 +01:00
Hans Dedecker
6df5ab89cf odhcpd: update to latest git HEAD
7798d50 netlink: rework IPv4 address refresh logic
0b20876 netlink: rework IPv6 address refresh logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-29 15:55:08 +01:00
Daniel Golle
b0395cfc56 iwinfo: Fix 802.11ad channel to frequency
c2cfe9d iwinfo: Fix 802.11ad channel to frequency

Fixes 9725aa271a ("iwinfo: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-28 15:20:58 +01:00
Petr Štetiar
1e55171a12 fstools: update to the latest master branch
ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant
bc2c876 libfstools: Print error in case of loop blkdev failure

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-03-28 12:57:08 +01:00
Alexander Couzens
95f07502b7
package/uboot-omap: backport patches to fix build
* 106: fix build when libfdt-devel is installed on host
* 107: fix stdbool.h includes

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-03-28 02:10:12 +01:00
Daniel Golle
28920330f8 wireguard: introduce 'nohostroute' option
Instead of creating host-routes depending on fwmark as (accidentally)
pushed by commit
1e8bb50b93 ("wireguard: do not add host-dependencies if fwmark is set")
use a new config option 'nohostroute' to explicitely prevent creation
of the route to the endpoint.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:59:03 +01:00
Daniel Golle
1e8bb50b93 wireguard: do not add host-dependencies if fwmark is set
The 'fwmark' option is used to define routing traffic to
wireguard endpoints to go through specific routing tables.
In that case it doesn't make sense to setup routes for
host-dependencies in the 'main' table, so skip setting host
dependencies if 'fwmark' is set.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:53:14 +01:00
Hans Dedecker
b2152c8e6b odhcpd: update to latest git HEAD (FS#2204)
420945c netlink: fix IPv6 address updates (FS#2204)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-27 21:05:07 +01:00
Koen Vandeputte
555ee02f77 kernel: fix missing dependency in 4.14.108
The 4.14.108 bump introduced a missing dependency when building
specific netfilters.

Thsi was not seen as the error does not occur on all targets.

Thanks to Jo-Philipp Wich for providing the fix

Fixes: af6c86dbe5 ("kernel: bump 4.14 to 4.14.108")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-27 16:46:39 +01:00
Felix Fietkau
b65a270c85 mt76: update to the latest version
f2a18f5 mt76x02: introduce mt76x02_beacon.c
91ade88 mt76x02: add hrtimer for pre TBTT for USB
6370485 mt76x02: introduce beacon_ops
37af803 mt76x02u: implement beacon_ops
41d6190 mt76x02: generalize some mmio beaconing functions
dcccc04 mt76x02u: add sta_ps
5ac5289 mt76x02: disable HW encryption for group frames
e284cc2 mt76x02u: implement pre TBTT work for USB
77e56b8 mt76x02: make beacon slots bigger for USB
d4c740f mt76x02u: add mt76_release_buffered_frames
65e6344 mt76: unify set_tim
f720e49 mt76x02: enable AP mode for USB
cf1838d mt76usb: change mt76u_submit_buf
16b2ccf mt76: remove rx_page_lock
e1bfbeb mt76usb: change mt76u_fill_rx_sg arguments
e9c0171 mt76usb: use usb_dev private data
a4eb5db mt76usb: remove mt76u_buf redundant fileds
3f9b68d mt76usb: move mt76u_buf->done to queue entry
4a366bd mt76usb: remove mt76u_buf and use urb directly
0904bc4 mt76usb: remove MT_RXQ_MAIN queue from mt76u_urb_alloc
42f2899 mt76usb: resue mt76u_urb_alloc for tx
4d4d73a mt76usb: remove unneded sg_init_table
57309c7 mt76usb: allocate urb and sg as linear data
2e89721 mt76usb: remove queue variable from rx_tasklet
30a256a mt76x02: remove extra_tx_headroom (obsoleted by mac8211 skb aligning)
ae166b0 Revert "mt76: mt7603: store software PN/IV in wcid"
bf6e72d Revert "mt76: mt76x02: store software PN/IV in wcid"
a11b673 mt76: fix tx power issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-27 13:05:03 +01:00
Hauke Mehrtens
6af639e0bf linux: Add kmod-sched-act-vlan
This allows to configure rules to push or pop vlan headers.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
72c7e2dc46 linux: Add kmod-sched-flower
This allows to classify packets based on a configurable combination
of packet keys and masks.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
f83522fa63 linux: Add kmod-sched-mqprio
This adds Multi-queue priority scheduler (MQPRIO).

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
187ab0bceb linux: Add kmod-crxypto-xcbc
This can be used for IPsec.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Konstantin Demin
01964148c6 dropbear: split ECC support to basic and full
- limit ECC support to ec*-sha2-nistp256:
  * DROPBEAR_ECC now provides only basic support for ECC
- provide full ECC support as an option:
  * DROPBEAR_ECC_FULL brings back support for ec{dh,dsa}-sha2-nistp{384,521}
- update feature costs in binary size

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:35 +01:00
Konstantin Demin
5eb7864aad dropbear: rewrite init script startup logic to handle both host key files
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
6145e59881 dropbear: change type of config option "Port" to scalar type "port"
it was never used anywhere, even LuCI works with "Port" as scalar type.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
5d27b10c61 dropbear: introduce config option "keyfile" (replacement for "rsakeyfile")
* option "keyfile" is more generic than "rsakeyfile".
* option "rsakeyfile" is considered to be deprecated and should be removed
  in future releases.
* warn user (in syslog) if option "rsakeyfile" is used
* better check options ("rsakeyfile" and "keyfile"): don't append
  "-r keyfile" to command line if file is absent (doesn't exist or empty),
  warn user (in syslog) about such files

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
efc533cc2f dropbear: add initial support for ECC host key
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
c40a84cc15 dropbear: fix regression where TTY modes weren't reset for client
cherry-pick upstream commit 7bc6280613f5ab4ee86c14c779739070e5784dfe

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00