Commit Graph

42002 Commits

Author SHA1 Message Date
Denton Gentry
1e0db693df hostapd: make cli treat UNKNOWN COMMAND as failing
Avoid infinite loop at 100% CPU when running hostapd_cli
if CONFIG_CTRL_IFACE_MIB is not defined.

  _newselect(4, [3], NULL, NULL, ...)
  recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
  sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24

Signed-off-by: Denton Gentry <denny@geekhold.com>
(backported from a84962ea35)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 09:43:58 +01:00
Daniel Golle
cc7fa7fcec ramips: fix reboot with W25Q256 with 4-address-mode enabled
Some board vendors actually changed the loader to expect the chip
to come up in 4-address-mode and flipped the ADP bit in the flash
chip's configuration register which makes it come up in 4-address-mode.
Hence it doesn't make sense to avoid switching to 4-address-mode on
those boards but the opposite as otherwise reboot hangs eg. on the
WrtNode2 boards. Fix this by checking the ADP register and only using
SPI_NOR_4B_READ_OP on chips which have ADP==0 (come up in 3-byte mode).

See also datasheet section 7.1.11 Power Up Address Mode (ADP)

Fixes: 22d982ea0 ("ramips: add support for switching between 3-byte and 4-byte addressing on w25q256 flash")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 8796680277)
2018-12-18 09:43:58 +01:00
Hans Dedecker
a6b561dd01 ebtables: update to latest git 2018-06-06
5699354 extensions: fix build failure on fc28
e6359ee build: update ebtables.h from kernel and drop local unused copy

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 1bbe813db0)
2018-12-18 09:43:58 +01:00
Ted Hess
2b51cac21a scripts: Replace obsolete POSIX tmpnam in slugimage.pl with File::Temp function
Signed-off-by: Ted Hess <thess@kitschensync.net>
(backported from 7590c3c58f)
2018-12-18 09:43:57 +01:00
Ivan Shapovalov
fc0907bc25 netifd: drop conflicting 'device' interface property
Do not set device runtime property on interfaces in the hotplug handler
and in fixup_interfaces(). This property conflicts with device option
in several proto handlers (mainly QMI and other WWAN/3G protos) and does
not seem to be used anywhere.

Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(backported from 91b5b2e20d)
2018-12-18 09:43:57 +01:00
Kevin Darbyshire-Bryant
b7beb89b58 nettle: bump to 3.4
3.4 is mainly a bug fix/maintenance release.

3KB increase in ipk lib size on mips.

Compile tested for: ar71xx, ramips
Run tested on: ar71xx Archer C7 v2, ramips mir3g

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 1ee5051f20)
2018-12-18 09:43:57 +01:00
Yousong Zhou
3e02d19655 ca-certificates: ca-bundle: add symlink for openssl default setting
OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem.  This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation

Fixes openwrt/packages#6152

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from 191078e83d)
2018-12-18 09:43:56 +01:00
Rosen Penev
60b29c9c17 curl: Add ca-bundle dependency
While building, curl complains that the path specified is missing.
Also, without ca-bundle, something like 'curl https://www.google.com'
does not work due to a certificate verify error.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 7a20c7a05d)
2018-12-18 09:11:40 +01:00
Rosen Penev
0d3bdf7b59 curl: Use ca-bundle for all TLS libraries.
It simplifies the Makefile a bit. In addition, using ca-bundle
saves some space as well.

It also fixes an issue with at least transmission, which has a dependency
on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it not
to work.

This has been tested on mt7621 with OpenSSL and GnuTLS just by running
'curl https://www.google.com' and seeing if there's a verify error.
The rest are already using ca-bundle and therefore work fine.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from f97946c496)
2018-12-18 09:11:40 +01:00
Rosen Penev
31f935edaf ath10k-firmware: Fix QCA6174 support
Currently when installing the firmware, a bunch of files and directories
that the ath10k driver does not look for are created.

The package now installs firmware for both hw 2.1 and 3.0 devices.
2.1 is abandonware but may be useful to keep.

3.0 firmware was tested on a Killer 1535 to be relatively stable with
802.11w disabled. 802.11w causes multiple firmware crashes but that's true
of other ath10k firmwares as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported and squashed from
 27eab4fa57,
 d0fbe1956b,
 e191c7ee79)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 09:11:03 +01:00
Daniel Golle
5826efd18c hostapd: properly build hostapd-only SSL variants
Make sure hostapd-openssl is actually build against OpenSSL, same
for wolfSSL.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 987900f2de)
2018-12-18 09:06:02 +01:00
Daniel Golle
000a3fef0a hostapd: update packaging and patches
Clean up conflicts/provides/depends hell and add PROVIDES for
eapol-test variants while at it.
Update mesh-DFS patchset from Peter Oh to v5 (with local fixes) which
allows to drop two revert-patches for upstream commits which previously
were necessary to un-break mesh-DFS support.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 78f1974bc5)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 09:05:58 +01:00
Daniel Golle
0d08c67058 hostapd: convert ssl provider build options to variants
Instead of selecting the SSL provider at compile time, build package
variants for each option so users can select the binary package without
having to build it themselves.
Most likely not all variants have actually ever been user by anyone.
We should reduce the selection to the reasonable and most used
combinations at some point in future. For now, build them all.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from c8fdd0e9c8)
2018-12-18 09:01:42 +01:00
Daniel Golle
a35f243090 hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl
Support for building wpa_supplicant/hostapd against wolfssl has been
added upstream recently, add build option to allow users using it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 69f544937f)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 08:13:22 +01:00
Daniel Golle
5435e8023e ustream-ssl: fix build against wolfSSL
commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke
build against wolfSSL because wolfSSL doesn't (yet) support
SSL_CTX_set_ecdh_auto() of the OpenSSL API.

Fix this in ustream-ssl:

 189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 4f442f5f38)
2018-12-18 08:13:22 +01:00
Daniel Golle
42121995c7 wolfssl: change defaults to cover wpa_supplicant needs
Implicetely selecting the required options via Kconfig snippet from
hostapd worked fine in local builds when using menuconfig but confused
the buildbots which (in phase1) may build wpad-mini and hence already
come with CONFIG_WPA_WOLFSSL being defined as unset which then won't
trigger changing the defaults of wolfssl.

Work around by explicitely reflecting wpa_supplicant's needs in
wolfssl's default settings to make buildbots happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from dad39249fb)
2018-12-18 08:13:22 +01:00
Daniel Golle
22739871fe wolfssl: add PKG_CONFIG_DEPENDS symbols
This change will trigger rebuild on buildbots in case of changed config
symbols, like in the case of hostapd selecting some wolfssl symbols
lately.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 5857088c5e)
2018-12-18 08:13:22 +01:00
Daniel Golle
49487b0ca4 wolfssl: update to version 3.14.4
Use download from github archive corresponding to v3.14.4 tag because
the project's website apparently only offers 3.14.0-stable release
downloads.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 4f67c1522d)
2018-12-18 08:04:30 +01:00
Rodolfo Giometti
fbd8407248 package sysfsutils: add support for sysfs settings at boot
This patch is based on sysfsutils package's behaviour on Debian OS.

Signed-off-by: Rodolfo Giometti <giometti@linux.it>
(backported from 2437e0f670)
2018-12-18 07:55:45 +01:00
Tomasz Maciej Nowak
903ef9aaec kernel: merge kmod-fbcon with kmod-fb
As of commit in kernel:
6104c37094 fbcon: Make fbcon a built-time depency for fbdev
framebuffer console is build in into framebuffer module and there's no
standalone fbcon module. Therefore drop the kmod-fbcon and enable
console in kmod-fb. The only targets which use these modules are imx6
and geode, both are on kernel 4.14 so no fallback for other kernels is
introduced.
Being at that this commit also fixes autoload of fbdev for x86.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(backported from 9c0ddafd46)
2018-12-18 07:55:42 +01:00
Hauke Mehrtens
db4341d907 ath10k-firmware: Fix mirror hash sum
This now matches what was generated locally on my PC and the file on the
mirror server.

Fixes: 349fe46103 ("ath10k-firmware: Update QCA988X firmware to the latest version")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 56a03e4343)
2018-12-18 07:55:04 +01:00
Timo Sigurdsson
2e7e60f2d6 ath10k-firmware: Update QCA988X firmware to the latest version
This patch updates the QCA988X firmware to the latest revision
  firmware-5.bin_10.2.4-1.0-00037
found in the ath10k-firmware and linux-firmware repositories.

Tested on TP-Link Archer C7 v2 (ar71xx).

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(backported from 349fe46103)
2018-12-18 07:55:04 +01:00
Rosy Song
25f58ed81a nftables: bump to 0.8.5 version
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 39e87e0ffc)
2018-12-18 07:54:54 +01:00
Rosy Song
1e432993c5 libnftnl: bump to 1.1.0
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from c7e9d72f05)
2018-12-18 07:52:51 +01:00
Hans Dedecker
2f2055de0e ebtables: update to latest git 2018-05-15
66a9701 ebtables: Fix build errors and warnings
9fff3d5 include: Fix musl libc compatibility
b1cdae8 extensions: Add string filter to ebtables

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from ac70ac3532)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 07:52:44 +01:00
Christoph Krapp
50789acf4e
ar71xx: add support for UniFi-AC-Mesh-Pro
This adds the build option for UniFi AC Mesh Pro as well as
model detection for it.
The device is a hardware clone of the AC Pro.

- SoC: QCA9563-AL3A (775Mhz)
- RAM: 128MiB
- Flash: 16MiB - dual firmware partitions!
- LAN: 2x 1000M - POE+
- Wireless:
        2.4G: QCA9563
          5G: UniFi Chip, QCA988X compatible

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
(cherry picked from commit 987b961537)
2018-12-15 18:26:49 +01:00
Koen Vandeputte
40e1450f59 kernel: bump 4.14 to 4.14.88
Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Fixes CVE:
- CVE-2018-14625

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-14 13:04:54 +01:00
Koen Vandeputte
85f42a74d3 kernel: bump 4.9 to 4.9.145
Refreshed all patches.

Fixes CVE:
- CVE-2018-14625

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-14 13:04:54 +01:00
Koen Vandeputte
6f74e269c8 kernel: bump 4.14 to 4.14.87
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-13 13:29:03 +01:00
Koen Vandeputte
b2f243394e kernel: bump 4.9 to 4.9.144
Refreshed all patches.

Compile-tested: ar71xx
Runtime-tested: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-13 13:28:58 +01:00
Koen Vandeputte
2213b20aee kernel: bump 4.14 to 4.14.86
Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-13 13:28:54 +01:00
Koen Vandeputte
bcd7644007 kernel: bump 4.9 to 4.9.143
Refreshed all patches.

Altered patches:
- 950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch
- 950-0149-Update-vfpmodule.c.patch
- 201-extra_optimization.patch

New symbol:
- CONFIG_HARDEN_BRANCH_PREDICTOR

Compile-tested on: ar71xx, ar7, arc770, at91, brcm2708, brcm63xx, ixp4xx, lantiq, layerscape, mpc85xx, orion, rb532, uml
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-12-13 13:28:41 +01:00
Martin Schiller
d5afaa4114 openvpn: re-add option comp_lzo
This option is deprecated but needs to be kept for backward compatibility. [0]

[0] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#a--comp-lzo

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]

(cherry picked from commit 3850b41f01)
2018-12-12 17:28:10 +01:00
Jo-Philipp Wich
629073e86d rpcd: update to latest Git head
3aa81d0 file: access exec timeout via daemon ops structure
7235f34 plugin: store pointer to exec timeout value in the ops structure
ccd7c0a treewide: rename exec_timeout to rpc_exec_timeout
c79ef22 main: fix logic bug when not specifying a timeout option
2cc4b99 file: use global exec timeout instead of own hardcoded limit
ecd1660 exec: increase maximum execution time to 120s

Also expose the socket and timeout options in /etc/config/rpcd for
easier use.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commits 4105555115,
 952b11766c and
 e533fb1706)
2018-12-12 16:35:55 +01:00
Martin Weinelt
1cd945ea22
ramips: fix leds on GL.iNet GL-MT300N-V2
The WAN LED now shows the link state. It's color is green,
not blue.

Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
(cherry picked from commit 0411813c6f)
2018-12-07 21:41:56 +01:00
Marek Lindner
fbadfecbb5 ipq40xx: fix openmesh sysupgrade with tar content out of order
The tar extraction depends on the order in which the files
are added to the tar file. Since the order is not guaranteed
and depends on the host system, the combined mtd write fails
with sysupgrade images built on some systems.
Fix by changing to tar file order independent mtd write.

Fixes: 86e18f6706 ("ipq806x: add support for OpenMesh A42")
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2018-12-05 09:09:38 +01:00
Jo-Philipp Wich
06a20afb34 rules.mk: fix syntax error
Fix broken assignment operator added in a previous commit.

Fixes db73ec9f51 ("rules.mk: add INSTALL_SUID macro")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 1416b63dcb)
2018-11-29 12:34:54 +01:00
Jo-Philipp Wich
d40e90986c rules.mk: add INSTALL_SUID macro
This is useful for packages that want to stage SUID executables.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b0261ee5e9)
2018-11-29 12:07:32 +01:00
Tony Ambardar
d40de11d1b base-files: fix prerm return value, align with postinst code
The return value of a package prerm script is discarded and not returned
correctly by default_prerm(). This allows other operations like service
shutdown to "leak" their return value, prompting workarounds like commit
48cfc826 which do not address the root cause.

Preserve a package prerm script return value for use by default_prerm(),
sharing the corresponding code from default_postinst() for consistency.
Also use consistent code for handling of /etc/init.d/ scripts.

Run Tested on: LEDE 17.01.4 running ar71xx.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 8806da86f5)
2018-11-29 11:54:20 +01:00
Karl Vogel
cc8e875039 sdk: find kernel modules when KDIR is a symlink
The find statement would not return any results if the KDIR_BASE pointed to a
symlink. Ran into this issue due to a custom Kernel/Prepare that was installing
a symlink to the kernel directory.

The extra slash at the end fixes this scenario and does no harm for targets that
have a proper KDIR.

Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
(cherry picked from commit ae980458ab)
2018-11-29 11:36:58 +01:00
Jo-Philipp Wich
a8b292afe6 uhttpd: update to latest Git head
cdfc902 cgi: escape url in 403 error output
0bba1ce uhttpd: fix building without TLS and Lua support
2ed3341 help: document -A option
fa5fd45 file: fix CPP syntax error
77b774b build: avoid redefining _DEFAULT_SOURCE

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 56378bc12d)
2018-11-28 12:58:00 +01:00
Jo-Philipp Wich
7a8b75375c uhttpd: support multiple Lua prefixes
Update to latest git HEAD in order to support configuring multiple
concurrent Lua prefixes in a single uhttpd instance:

  b741dec lua: support multiple Lua prefixes

Additionally rework the init script and update the default configuration
example to treat the lua_prefix option as key=value uci list, similar to
the interpreter extension mapping. Support for the old "option lua_prefix"
plus "option lua_handler" notation is still present.

Finally drop the sed postinstall hack in uhttpd-mod-lua to avoid mangling
files belonging to other packages. Since Lua prefixes have precedence
over CGI prefixes, simply register `/cgi-bin/luci` as Lua handler which
will only become active if both luci-base and uhttpd-mod-lua is installed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 214146c6f2)
2018-11-28 12:57:52 +01:00
Jo-Philipp Wich
fede6df09e uhttpd: update to latest Git head
952bf9d build: use _DEFAULT_SOURCE
30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 22681cdef2)
2018-11-28 12:57:42 +01:00
Freddy Leitner
9671a2d2c8 apm821xx: MBL: load kernel/dtb from SATA 0:1 first
This remedies an issue with the MBL Duo if both disks are inserted
and contain OpenWrt. kernel and dtb would be loaded from SATA 1:1
while rootfs (/dev/sda2) would be mounted on SATA 0:1.

Such a mix&match would obviously only work if both OpenWrt versions/
builds are identical, and especially fail after sysupgrade upgraded
the system disk on SATA 0:1.

The fallback to SATA 1:1 needs to be kept for MBL Single (only has
SATA 1:1) and MBL Duo with one disk inserted on SATA 1:1. To speed
up booting in those cases, the unneccesarily doubled "sata init"
will only be called once. (In theory it could be omitted completely
since the on-flash boot script already initializes SATA to load the
on-disk boot script.)

Tested on MBL Duo (all possible combination of disks) and MBL Single

Signed-off-by: Freddy Leitner <hello@square.wf>
Acked-by: Christian Lamparter <chunkeey@gmail.com>
2018-11-26 21:30:31 +01:00
Christian Lamparter
26ebcc88e3 apm821xx: wndr4700: restore sd-card media detection
This was not converted to the new, dt-based board name.

Fixes: e90dc8d272 ("apm821xx: convert to device-tree board detection")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-11-26 10:56:42 +01:00
Jo-Philipp Wich
5337319bdf uclient: update to latest Git head
3ba74eb uclient-http: properly handle HTTP redirects via proxy connections

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 0bd99db511)
2018-11-24 20:15:38 +01:00
David Bauer
a02d9a7d9f tools: tplink-safeloader: add C7v5 EU SupportList
Currently flash from WebIF is broken for Archer C7 v5 EU models as their
SupportList entries are missing.

The added entries originate from TP-Links latest Archer C7 v5 EU
firmware.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 53020ed4b9)
2018-11-23 21:30:26 +00:00
Linus Kardell
709d080da5 base-files: fix unkillable processes after restart
When restart is run on an init script, the script traps SIGTERM. This is
done as a workaround for scripts named the same name as the program they
start. In that case, the init script process will have the same name as
the program process, and so when the init script runs killall, it will
kill itself. So SIGTERM is trapped to make the init script unkillable.

However, the trap is retained when the init script runs start, and thus
processes started by restart will not respond to SIGTERM, and will thus
be unkillable unless you use SIGKILL. This fixes that by removing the
trap before running start.

Signed-off-by: Linus Kardell <linus@telliq.com>
(cherry picked from commit 2ac1a57677)
2018-11-22 13:55:58 +01:00
Koen Vandeputte
216c04ff20 kernel: bump 4.14 to 4.14.82
Refreshed all patches.

Compile-tested: cns3xxx, imx6, x86_64
Runtime-tested: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-22 10:51:27 +01:00
Koen Vandeputte
07ef8b70b8 kernel: bump 4.9 to 4.9.138
Refreshed all patches.

Compile-tested: ar71xx, layerscape
Runtime-tested: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-22 10:51:27 +01:00