Commit Graph

14920 Commits

Author SHA1 Message Date
Hans Dedecker
61323d22c0 dropbear: fix dropbear startup issue
Interface triggers are installed by the dropbear init script in case an
interface is configured for a given dropbear uci section.
As dropbear is started after network the interface trigger event can be
missed during a small window; this is especially the case if lan is
specified as interface.
Fix this by starting dropbear before network so no interface trigger
is missed. As dropbear is started earlier than netifd add a boot function
to avoid the usage of network.sh functions as call to such functions will
fail at boottime.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2018-12-21 10:08:12 +01:00
Jason A. Donenfeld
753531da24 wireguard: bump to 0.0.20181119
* chacha20,poly1305: fix up for win64
* poly1305: only export neon symbols when in use
* poly1305: cleanup leftover debugging changes
* crypto: resolve target prefix on buggy kernels
* chacha20,poly1305: don't do compiler testing in generator and remove xor helper
* crypto: better path resolution and more specific generated .S
* poly1305: make frame pointers for auxiliary calls
* chacha20,poly1305: do not use xlate

This should fix up the various build errors, warnings, and insertion errors
introduced by the previous snapshot, where we added some significant
refactoring. In short, we're trying to port to using Andy Polyakov's original
perlasm files, and this means quite a lot of work to re-do that had stableized
in our old .S.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from 48d8d46d33)
2018-12-18 17:22:09 +01:00
Jason A. Donenfeld
6de9491132 wireguard: bump to 0.0.20181115
* Zinc no longer ships generated assembly code. Rather, we now
  bundle in the original perlasm generator for it. The primary purpose
  of this snapshot is to get testing of this.
* Clarify the peer removal logic and make lifetimes more precise.
* Use READ_ONCE for is_valid and is_dead.
* No need to use atomic when the recounter is mutex protected.
* Fix up macros and annotations in allowedips.
* Increment drop counter when staged packets are dropped.
* Use static constants instead of enums for 64-bit values in selftest.
* Mark large constants as ULL in poly1305-donna64.
* Fix sparse warnings in allowedips debugging code.
* Do not use wg_peer_get_maybe_zero in timer callbacks, since we now can
  carefully control the lifetime of these functions and ensure they never
  execute after dropping the last reference.
* Cleanup hashing in ratelimiter.
* Do not guard timer removals, since del_timer is always okay.
* We now check for PM_AUTOSLEEP, which makes the clear*on-suspend decision a
  bit more general.
* Set csum_level to ~0, since the poly1305 authenticator certainly means
  that no data was modified in transit.
* Use CHECKSUM_PARTIAL check for skb_checksum_help instead of
  skb_checksum_setup check.
* wg.8: specify that wg(8) shows runtime info too
* wg.8: AllowedIPs isn't actually required
* keygen-html: add missing glue macro
* wg-quick: android: do not choke on empty allowed-ips

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from bf52c968e8)
2018-12-18 17:22:09 +01:00
Jason A. Donenfeld
6319242a2a wireguard: bump to 0.0.20181018
ba2ab5d version: bump snapshot
5f59c76 tools: wg-quick: wait for interface to disappear on freebsd
ac7e7a3 tools: don't fail if a netlink interface dump is inconsistent
8432585 main: get rid of unloaded debug message
139e57c tools: compile on gnu99
d65817c tools: use libc's endianness macro if no compiler macro
f985de2 global: give if statements brackets and other cleanups
b3a5d8a main: change module description
296d505 device: use textual error labels always
8bde328 allowedips: swap endianness early on
a650d49 timers: avoid using control statements in macro
db4dd93 allowedips: remove control statement from macro by rewriting
780a597 global: more nits
06b1236 global: rename struct wireguard_ to struct wg_
205dd46 netlink: do not stuff index into nla type
2c6b57b qemu: kill after 20 minutes
6f2953d compat: look in Kbuild and Makefile since they differ based on arch
a93d7e4 create-patch: blacklist instead of whitelist
8d53657 global: prefix functions used in callbacks with wg_
123f85c compat: don't output for grep errors

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from 4653818dab)
2018-12-18 17:22:09 +01:00
Kevin Darbyshire-Bryant
a6a3abeb96 wireguard: bump to 0.0.20181007
64750c1 version: bump snapshot
f11a2b8 global: style nits
4b34b6a crypto: clean up remaining .h->.c
06d9fc8 allowedips: document additional nobs
c32b5f9 makefile: do more generic wildcard so as to avoid rename issues
20f48d8 crypto: use BIT(i) & bitmap instead of (bitmap >> i) & 1
b6e09f6 crypto: disable broken implementations in selftests
fd50f77 compat: clang cannot handle __builtin_constant_p
bddaca7 compat: make asm/simd.h conditional on its existence
b4ba33e compat: account for ancient ARM assembler

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 3925298f3c)
2018-12-18 17:22:09 +01:00
Jason A. Donenfeld
a74369a64d wireguard: bump to 0.0.20181006
* Account for big-endian 2^26 conversion in Poly1305.
  * Account for big-endian NEON in Curve25519.
  * Fix macros in big-endian AArch64 code so that this will actually run there
    at all.
  * Prefer if (IS_ENABLED(...)) over ifdef mazes when possible.
  * Call simd_relax() within any preempt-disabling glue code every once in a
    while so as not to increase latency if folks pass in super long buffers.
  * Prefer compiler-defined architecture macros in assembly code, which puts us
    in closer alignment with upstream CRYPTOGAMS code, and is cleaner.
  * Non-static symbols are prefixed with wg_ to avoid polluting the global
    namespace.
  * Return a bool from simd_relax() indicating whether or not we were
    rescheduled.
  * Reflect the proper simd conditions on arm.
  * Do not reorder lines in Kbuild files for the simd asm-generic addition,
    since we don't want to cause merge conflicts.
  * WARN() if the selftests fail in Zinc, since if this is an initcall, it won't
    block module loading, so we want to be loud.
  * Document some interdependencies beside include statements.
  * Add missing static statement to fpu init functions.
  * Use union in chacha to access state words as a flat matrix, instead of
    casting a struct to a u8 and hoping all goes well. Then, by passing around
    that array as a struct for as long as possible, we can update counter[0]
    instead of state[12] in the generic blocks, which makes it clearer what's
    happening.
  * Remove __aligned(32) for chacha20_ctx since we no longer use vmovdqa on x86,
    and the other implementations do not require that kind of alignment either.
  * Submit patch to ARM tree for adjusting RiscPC's cflags to be -march=armv3 so
    that we can build code that uses umull.
  * Allow CONFIG_ARM[64] to imply [!]CONFIG_64BIT, and use zinc arch config
    variables consistently throughout.
  * Document rationale for the 2^26->2^64/32 conversion in code comments.
  * Convert all of remaining BUG_ON to WARN_ON.
  * Replace `bxeq lr` with `reteq lr` in ARM assembler to be compatible with old
    ISAs via the macro in <asm/assembler.h>.
  * Do not allow WireGuard to be a built-in if IPv6 is a module.
  * Writeback the base register and reorder multiplications in the NEON x25519
    implementation.
  * Try all combinations of different implementations in selftests, so that
    potential bugs are more immediately unearthed.
  * Self tests and SIMD glue code work with #include, which lets the compiler
    optimize these. Previously these files were .h, because they were included,
    but a simple grep of the kernel tree shows 259 other files that carry out
    this same pattern. Only they prefer to instead name the files with a .c
    instead of a .h, so we now follow the convention.
  * Support many more platforms in QEMU, especially big endian ones.
  * Kernels < 3.17 don't have read_cpuid_part, so fix building there.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from b665856450)
2018-12-18 17:22:09 +01:00
Hans Dedecker
1f7504b884 ethtool: update to 4.19
8a1ad80 Release version 4.19.
ecdf295 ethtool: Fix uninitialized variable use at qsfp dump
98c148e ethtool: better syntax for combinations of FEC modes
d4b9f3f ethtool: support combinations of FEC modes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 5617e138bd)
2018-12-18 17:22:09 +01:00
Robert Marko
83cbf4c0ba ethtool: Update to 4.18
Tested on 8devices Jalapeno(ipq40xx)
Introduces following changes:
Feature: Add support for WAKE_FILTER (WoL using filters)
Feature: Add support for action value -2 (wake-up filter)
Fix: document WoL filters option also in help message
Feature: ixgbe dump strings for security registers

Signed-off-by: Robert Marko <robimarko@gmail.com>
(backported from a9d7353192)
2018-12-18 17:22:08 +01:00
Robert Marko
44979a31e1 ethtool: Update to 4.17
Tested on 8devices Jalapeno(ipq40xx)
Introduces following changes
* Fix: In ethtool.8, remove superfluous and incorrect \
* Fix: fix uninitialized return value
* Fix: fix RING_VF assignment
* Fix: remove unused global variable
* Fix: several fixes in do_gregs()
* Fix: correctly free hkey when get_stringset() fails
* Fix: remove unreachable code
* Fix: fix stack clash in do_get_phy_tunable and do_set_phy_tunable
* Feature: Add register dump support for MICROCHIP LAN78xx

Signed-off-by: Robert Marko <robimarko@gmail.com>
(backported from 4bb2532ec1)
2018-12-18 17:22:08 +01:00
Rosen Penev
2f97b405fe ethtool: Update to 4.16
Tested on Turris Omnia (mvebu).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 2737cea0bb)
2018-12-18 17:22:08 +01:00
Daniel Engberg
ec9e3e6a9e mbedtls: Cosmetic cleanups
This is more of a cosmetic change and a reminder that the CMake script hardcodes -O2.
Source:
https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.7/CMakeLists.txt#L73
https://github.com/ARMmbed/mbedtls/blob/master/CMakeLists.txt#L97

Remove the release type option as it's already provided by the toolchain.
Source:
https://github.com/openwrt/openwrt/blob/master/include/cmake.mk#L50

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from 5297a759ae)
2018-12-18 17:22:08 +01:00
Rosen Penev
e78aa6f77b strace: Update to 4.22
SourceForge is deprecated according to upstream, so switch to main site
for downloads.

Tested on Turris Omnia (mvebu).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from d12d81f8d4)
2018-12-18 17:22:08 +01:00
Pierre Lebleu
3af64ddbff fstools: Add the new options available in the menuconfig
Mounting using the zlib compression and mounting with
full access accounting are now available in the
menuconfig.

Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
(backported from e6b8ce4c08)
2018-12-18 17:22:08 +01:00
Hans Dedecker
dfa9d4a70e fstools: update to latest git HEAD
dd02dad fstools: allow the mounting with full access time accounting
242248c fstools: allow to compress the filesystem

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 5df2597c59)
2018-12-18 17:22:08 +01:00
Kabuli Chana
0f5b8a92b4 mwlwifi: update to version 10.3.8.0-20181114
compile / test target mvebu / mamba

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
(backported from 392eea392c)
2018-12-18 17:22:07 +01:00
Petr Štetiar
f7a97a21f7 base-files: sysupgrade: Allow downloading of firmware images using HTTPS
Currently it's only possible to download images over HTTP.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(backported from 7c104a8358)
2018-12-18 17:22:07 +01:00
Petr Štetiar
e2637a471a Revert "iptables: fix dependency for libip6tc on IPV6"
This patch reverts commit 2dc1f54b12 as it
breaks the build for me on x86-64 if I've IPV6 support disabled. Same config
builds fine on `openwrt-18.06` branch at 55d078b2.

  $ grep IPV6 .config

  # CONFIG_KERNEL_IPV6 is not set
  # CONFIG_IPV6 is not set

Build errors out on:

  Package libiptc is missing dependencies for the following libraries:
  libip6tc.so.0

Looking at iptables-1.6.2/libiptc/Makefile.am:

  libiptc_la_LIBADD   = libip4tc.la libip6tc.la

and to iptables-1.6.2/libiptc/libiptc.pc.in:

  Requires:	libip4tc libip6tc

It seems that libiptc needs v4/v6 libs, so v6 isn't optional.

Cc: Rosy Song <rosysong@rosinson.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(backported from 1b4b942bce)
2018-12-18 17:22:07 +01:00
Kabuli Chana
66ff4e478a mwlwifi: update to version 10.3.8.0-20181029
compile / test target mvebu / mamba

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
(backported from 390158bd2b)
2018-12-18 17:22:07 +01:00
Jonathan Lancett
ebe02f7a35 mwlwifi: driver version to 10.3.8.0-20181022
Upgrade 88W8997 firmware to 8.4.0.52.
Removed unnecessary firmware settings.
Added vendor events.
Fixed crash problem when module is removed.
Modified the code to protect tx queues.

Signed-off-by: Jonathan Lancett <j.lancett@ntlworld.com>
[tidy commit message]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 9ac7350240)
2018-12-18 17:22:07 +01:00
Yufei Miao
2046cd2590 mwlwifi: driver version to 10.3.8.0-20181008
Signed-off-by: Yufei Miao <myf@myf.cloud>
(backported from 260be8a579)
2018-12-18 17:22:07 +01:00
Daniel Golle
3d4eb56078 wolfssl: update to version 3.15.3-stable
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from ed0d5a1e60)
2018-12-18 17:22:07 +01:00
Alexander Couzens
ab64f9da81 ugps: update to latest git HEAD
07528d43f9bc nmea.c: set _BSD_SOURCE to have timegm() & stime() on musl
b88037b6bf6a check timegm return code
ccabdf6c235f nmea.c: Add null byte to nmea fields
cdc1478a8133 remove deprication warning

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from 81d7f82441)
2018-12-18 17:22:06 +01:00
Florian Eckert
b64622b0c8 uqmi: update PKG_RELEASE version
update PKG_RELEASE

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from 4cabda8b7d)
2018-12-18 17:22:06 +01:00
Florian Eckert
bcf824a479 uqmi: stop proto handler if verify pin count is not 3
Check pin count value from pin status and stop verification the pin if
the value is less then 3. This should prevent the proto-handler to
lock the SIM. If SIM is locked then the PUK is needed.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from 0c9d06b5b2)
2018-12-18 17:22:06 +01:00
Florian Eckert
4f02bee9bb uqmi: evaluate pin-status output in qmi_setup function
Load the json output from uqmi --get-pin-status command and evaluate the
"pin1_status" value.

The following uqmi "pin1_status" values are evaluated:

- disabled
  Do not verify PIN because SIM verification is disabled on this SIM

- blocked
  Stop qmi_setup because SIM is locked and a PUK is required

- not_verified
  SIM is not yet verified. Do a uqmi --verify-pin1 command if a SIM is
  specified

- verified:
  Do not verify the PIN because this was already done before

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from 4b80bd878d)
2018-12-18 17:22:06 +01:00
Florian Eckert
5a3810b386 uqmi: do not block proto handler if SIM is uninitialized
QMI proto setup-handler will wait forever if SIM does not get initialized.
To fix this stop polling pin status and notify netifd. Netifd will generate
then a "ifup-failed" ACTION.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from f171a86d06)
2018-12-18 17:22:06 +01:00
Florian Eckert
1e012fd697 uqmi: do not block proto handler if modem is unable to registrate
QMI proto setup-handler will wait forever if it is unable to registrate to
the mobile network. To fix this stop polling network registration status
and notify netifd. Netifd will generate then a "ifup-failed" ACTION.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from dec1bfa0f4)
2018-12-18 17:22:06 +01:00
Florian Eckert
5c10aaa65b uqmi: fix variable initilization for timeout handling
Also add logging output for SIM initilization.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from 71865200c9)
2018-12-18 17:22:06 +01:00
Florian Eckert
251f4fd20e uqmi: add timeout option value
This value will be used for now during following situations:
* Ask the sim with the uqmi --get-pin-status command.
* Wait for network registration with the uqmi --get-serving-system command.

This two commands wait forever in a while loop. Add a timeout to stop
waiting and so inform netifd.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from dee93def39)
2018-12-18 17:22:06 +01:00
Florian Eckert
860e2dac40 uqmi: redirect uqmi commands output to /dev/null
Move uqmi std and error output on commands without using them to /dev/null.
This will remove useless outputs in the syslog.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from 2d57aa9c4c)
2018-12-18 17:22:05 +01:00
Florian Eckert
5d8040455e uqmi: fix indenting
fix indenting

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(backported from 692c6d9a5d)
2018-12-18 17:22:05 +01:00
Hans Dedecker
1c56c3d253 gre: make encaplimit support configurable
Make inclusion of the destination option header containing the tunnel
encapsulation limit configurable for IPv6 GRE packets.
Setting the uci parameter encaplimit to ignore; allows to disable the
insertion of the destination option header in the IPv6 GRE packets.
Otherwise the tunnel encapsulation limit value can be set to a value
from 0 till 255 by setting the encaplimit uci parameter accordingly.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 3d015e971f)
2018-12-18 17:22:05 +01:00
Hans Dedecker
d5dd3b1134 odhcpd: update to latest git HEAD (FS#1853)
57f639e (HEAD -> master, origin/master, origin/HEAD) odhcpd: make DHCPv6/RA/NDP support optional
402c274 dhcpv6: check return code of dhcpv6_ia_init()
ee7472a router: don't leak RA message in relay mode (FS#1853)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from af78e90d4c)
2018-12-18 17:22:05 +01:00
Felix Fietkau
dc78c70d5c iw: strip a few more non-essential features from iw-tiny
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 518fb345e1)
2018-12-18 17:22:05 +01:00
Felix Fietkau
ab1b468701 iw: fix filtering linked object files for iw-tiny
It was broken by the recent commit that added iw-full

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 7999282f7f)
2018-12-18 17:22:05 +01:00
Felix Fietkau
0609ea0bf0 iw: add iw-full package without size reduction hacks
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 8c647e873f)
2018-12-18 17:22:05 +01:00
Hans Dedecker
0d8ef97874 ubus: update to latest git HEAD
221ce7e ubusd_acl: event send access list support
da503db ubusd_acl: event listen access list support
c035bab ubusd_acl: rework wildcard support
73bd847 ubusd_event: move strmatch_len to ubus_common.h
0327a91 ubus/lua: add support for BLOBMSG_TYPE_DOUBLE

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from f771a1b962)
2018-12-18 17:22:05 +01:00
Syrone Wong
ea08a29d2a ipset: update to 6.38
dropped already upstream patch

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
(backported from 68f109609b)
2018-12-18 17:22:05 +01:00
Emil Muratov
52e9f03b49 zram-swap: bump pkg version
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from bbf46c9f8f)
2018-12-18 17:22:05 +01:00
Emil Muratov
2432658128 zram-swap: Add "max compression streams" configuration option
Config option to limit maximum compression streams per zram dev for
multicore CPU's. This could be defined via 'zram_comp_streams' option in
the 'system' section of '/etc/config/system' file or via cli (for e.x.
with 'uci set system.@System[0].zram_comp_streams=2 && uci commit
system'). Default is number of logical CPU cores.

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from 70d3ffb47f)
2018-12-18 17:22:05 +01:00
Emil Muratov
2d4b52707d zram-swap: fix number of created zram devices for multicore CPU's
Use only one zram swap device of the specified $size instead of
[N x $size] devices for multicore CPUs Now zram module uses multiple
compression streams for each dev by default, so we do not need to create
several zram devs to utilize multicore CPUs.

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from 814cae7362)
2018-12-18 17:22:05 +01:00
Emil Muratov
9a5509736a zram-swap: fix zram dev reset for multicore cpu devices
* "zram stop" could reset up to $(num_of_cores) zram devices even if
   some of those were not mounted as swap dev's. This fix tries to
   enumerate mounted swap zram dev's before making a reset

 * remove hot-added zram devs on stop (except zram0)

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from 9edc1fe8ab)
2018-12-18 17:22:05 +01:00
Emil Muratov
5ff4ea6bc4 zram-swap: compression algorithm configuration option
Compression algorithms for zram are provided by kernel crypto API, could
be any of [lzo|zl4|deflate|<some_more>] depending on kernel modules.
Compress algo for zram-swap could be defined via 'zram_comp_algo' option
in 'system' section of '/etc/config/system' file, or via cli (for e.x.
with 'uci set system.@System[0].zram_comp_algo=lz4 && uci commit
system'). check available algo's via 'cat /sys/block/zram0
/comp_algorithm'

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(backported from b9e89adfb7)
2018-12-18 17:22:04 +01:00
Samuel Casa
afd6460418 zram-swap: Shell cosmetic
Signed-off-by: Samuel Casa <samuel.casa@neratec.com>
(backported from 65e9561b3d)
2018-12-18 17:22:04 +01:00
Samuel Casa
ac7c30708f zram-swap: remove trailing whitespaces in init script
Signed-off-by: Samuel Casa <samuel.casa@neratec.com>
[slightly reword subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from b291517fdf)
2018-12-18 17:22:04 +01:00
Rosy Song
d275b30414 odhcpd-ipv6only: fix dependency for IPV6
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 456df06071)
2018-12-18 17:22:04 +01:00
Hans Dedecker
b1cc8c8ef2 netifd: update to latest git HEAD
4b83102 treewide: switch to C-code style comments
70506bf treewide: make some functions static
d9872db interface: fix removal of dynamic interfaces
2f7ef7d interface: rework code to get rid of interface_set_dynamic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 8e409f476b)
2018-12-18 17:22:04 +01:00
Hans Dedecker
0ca423d595 netifd: update to latest git HEAD
841b5d1 system-linux: enable by default ignore encaplimit for grev6 tunnels
125cbee system-linux: fix a typo in gre tunnel data parsing logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from db6f9d5598)
2018-12-18 17:22:04 +01:00
Felix Fietkau
46fa2453fd hostapd: expose device taxonomy signature via ubus
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 7d8681ccb9)
2018-12-18 17:22:04 +01:00
Felix Fietkau
c1a856b18b hostapd: add support for client taxonomy in the full config
This can be used to fingerprint clients to try to identify the exact
model

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from 23c1827e34)
2018-12-18 17:22:04 +01:00
Jo-Philipp Wich
8bf1a35eda hostapd: fix MAC filter related log spam
Backport two upstream fixes to address overly verbose logging of MAC ACL
rejection messages.

Fixes: FS#1468
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 3e633bb370)
2018-12-18 17:22:04 +01:00
Hauke Mehrtens
a29fe94e8c kernel: Add missing config option for NFSDv4
This configuration option is not set when building the
layerscape/armv8_64b target.

Fixes: 92aa21497b ("kernel: build support for NFSv4 in nfsd")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 99e1a12fd0)
2018-12-18 17:22:04 +01:00
W. Michael Petullo
c1e53d2c82 kernel: build support for NFSv4 in nfsd
Signed-off-by: W. Michael Petullo <mike@flyn.org>
(backported from 92aa21497b)
2018-12-18 17:22:04 +01:00
Hauke Mehrtens
1a3c129967 kernel: add missing dependency to regmap to kmod-gpio-mcp23s08
This fixes a build problem recently introduced.

Fixes: a904003b9b ("kernel: fix kmod-gpio-mcp23s08 for linux 4.14")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from e882e63f1e)
2018-12-18 17:22:03 +01:00
Kevin Darbyshire-Bryant
fbce302088 wireguard: bump to 0.0.20180925
33523a5 version: bump snapshot
0759480 curve25519-hacl64: reduce stack usage under KASAN
b9ab0fc chacha20: add bounds checking to selftests
2e99d19 chacha20-mips32r2: reduce stack and branches in loop, refactor jumptable handling
d6ac367 qemu: bump musl
28d8b7e crypto: make constant naming scheme consistent
56c4ea9 hchacha20: keep in native endian in words
0c3c0bc chacha20-arm: remove unused preambles
3dcd246 chacha20-arm: updated scalar code from Andy
6b9d5ca poly1305-mips64: remove useless preprocessor error
3ff3990 crypto-arm: rework KERNEL_MODE_NEON handling again
dd2f91e crypto: flatten out makefile
67a3cfb curve25519-fiat32: work around m68k compiler stack frame bug
9aa2943 allowedips: work around kasan stack frame bug in selftest
317b318 chacha20-arm: use new scalar implementation
b715e3b crypto-arm: rework KERNEL_MODE_NEON handling
77b07d9 global: reduce stack frame size
ddc2bd6 chacha20: add chunked selftest and test sliding alignments and hchacha20
2eead02 chacha20-mips32r2: reduce jumptable entry size and stack usage
a0ac620 chacha20-mips32r2: use simpler calling convention
09247c0 chacha20-arm: go with Ard's version to optimize for Cortex-A7
a329e0a chacha20-mips32r2: remove reorder directives
3b22533 chacha20-mips32r2: fix typo to allow reorder again
d4ac6bb poly1305-mips32r2: remove all reorder directives
197a30c global: put SPDX identifier on its own line
305806d ratelimiter: disable selftest with KASAN
4e06236 crypto: do not waste space on selftest items
5e0fd08 netlink: reverse my christmas trees
a61ea8b crypto: explicitly dual license
b161aff poly1305: account for simd being toggled off midway
470a0c5 allowedips: change from BUG_ON to WARN_ON
aa9e090 chacha20: prefer crypto_xor_cpy to avoid memmove
1b0adf5 poly1305: no need to trick gcc 8.1
a849803 blake2s: simplify final function
073f3d1 poly1305: better module description

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 37961f12ba)
2018-12-18 11:28:15 +01:00
Jason A. Donenfeld
113dadc6dd wireguard: bump to 0.0.20180918
* blake2s-x86_64: fix whitespace errors
* crypto: do not use compound literals in selftests
* crypto: make sure UML is properly disabled
* kconfig: make NEON depend on CPU_V7
* poly1305: rename finish to final
* chacha20: add constant for words in block
* curve25519-x86_64: remove useless define
* poly1305: precompute 5*r in init instead of blocks
* chacha20-arm: swap scalar and neon functions
* simd: add __must_check annotation
* poly1305: do not require simd context for arch
* chacha20-x86_64: cascade down implementations
* crypto: pass simd by reference
* chacha20-x86_64: don't activate simd for small blocks
* poly1305-x86_64: don't activate simd for small blocks
* crypto: do not use -include trick
* crypto: turn Zinc into individual modules
* chacha20poly1305: relax simd between sg chunks
* chacha20-x86_64: more limited cascade
* crypto: allow for disabling simd in zinc modules
* poly1305-x86_64: show full struct for state
* chacha20-x86_64: use correct cut off for avx512-vl
* curve25519-arm: only compile if symbols will be used
* chacha20poly1305: add __init to selftest helper functions
* chacha20: add independent self test

Tons of improvements all around the board to our cryptography library,
including some performance boosts with how we handle SIMD for small packets.

* send/receive: reduce number of sg entries

This quells a powerpc stack usage warning.

* global: remove non-essential inline annotations

We now allow the compiler to determine whether or not to inline certain
functions, while still manually choosing so for a few performance-critical
sections.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from f07a94da50)
2018-12-18 11:28:15 +01:00
Jason A. Donenfeld
9f9f8db138 wireguard: bump to 0.0.20180910
* curve25519: arm: do not modify sp directly
* compat: support neon.h on old kernels
* compat: arch-namespace certain includes
* compat: move simd.h from crypto to compat since it's going upstream

This fixes a decent amount of compat breakage and thumb2-mode breakage
introduced by our move to Zinc.

* crypto: use CRYPTOGAMS license

Rather than using code from OpenSSL, use code directly from AndyP.

* poly1305: rewrite self tests from scratch
* poly1305: switch to donna

This makes our C Poly1305 implementation a bit more intensely tested and also
faster, especially on 64-bit systems. It also sets the stage for moving to a
HACL* implementation when that's ready.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from a54f492d0c)
2018-12-18 11:28:14 +01:00
Jason A. Donenfeld
686f707293 wireguard: bump to 0.0.20180904
* Kconfig: use new-style help marker
* global: run through clang-format
* uapi: reformat
* global: satisfy check_patch.pl errors
* global: prefer sizeof(*pointer) when possible
* global: always find OOM unlikely

Tons of style cleanups.

* crypto: use unaligned helpers

We now avoid unaligned accesses for generic users of the crypto API.

* crypto: import zinc

More style cleanups and a rearrangement of the crypto routines to fit how this
is going to work upstream. This required some fairly big changes to our build
system, so there may be some build errors we'll have to address in subsequent
snapshots.

* compat: rng_is_initialized made it into 4.19

We therefore don't need it in the compat layer anymore.

* curve25519-hacl64: use formally verified C for comparisons

The previous code had been proved in Z3, but this new code from upstream
KreMLin is directly generated from the F*, which is preferable. The
assembly generated is identical.

* curve25519-x86_64: let the compiler decide when/how to load constants

Small performance boost.

* curve25519-arm: reformat
* curve25519-arm: cleanups from lkml
* curve25519-arm: add spaces after commas
* curve25519-arm: use ordinary prolog and epilogue
* curve25519-arm: do not waste 32 bytes of stack
* curve25519-arm: prefix immediates with #

This incorporates ASM nits from upstream review.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from 4ccbe7de6c)
2018-12-18 11:28:14 +01:00
Jason A. Donenfeld
b920285883 wireguard: bump to 0.0.20180809
* send: switch handshake stamp to an atomic

Rather than abusing the handshake lock, we're much better off just using
a boring atomic64 for this. It's simpler and performs better. Also, while
we're at it, we set the handshake stamp both before and after the
calculations, in case the calculations block for a really long time waiting
for the RNG to initialize.

* compat: better atomic acquire/release backport

This should fix compilation and correctness on several platforms.

* crypto: move simd context to specific type

This was a suggestion from Andy Lutomirski on LKML.

* chacha20poly1305: selftest: use arrays for test vectors

We no longer have lines so long that they're rejected by SMTP servers.

* qemu: add easy git harness

This makes it a bit easier to use our qemu harness for testing our mainline
integration tree.

* curve25519-x86_64: avoid use of r12

This causes problems with RAP and KERNEXEC for PaX, as r12 is a
reserved register.

* chacha20: use memmove in case buffers overlap

A small correctness fix that we never actually hit in WireGuard but is
important especially for moving this into a general purpose library.

* curve25519-hacl64: simplify u64_eq_mask
* curve25519-hacl64: correct u64_gte_mask

Two bitmath fixes from Samuel, which come complete with a z3 script proving
their correctness.

* timers: include header in right file

This fixes compilation in some environments.

* netlink: don't start over iteration on multipart non-first allowedips

Matt Layher found a bug where a netlink dump of peers would never terminate in
some circumstances, causing wg(8) to keep trying forever. We now have a fix as
well as a unit test to mitigate this, and we'll be looking to create a fuzzer
out of Matt's nice library.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(backported from 42dc0e2594)
2018-12-18 11:28:14 +01:00
Jason A. Donenfeld
4e165fbc29 wireguard: bump to 0.0.20180802
Changelog taken from the version announcement

> == Changes ==
>
>   * chacha20poly1305: selftest: split up test vector constants
>
>   The test vectors are encoded as long strings -- really long strings -- and
>   apparently RFC821 doesn't like lines longer than 998.
>   https://cr.yp.to/smtp/message.html
>
>   * queueing: keep reference to peer after setting atomic state bit
>
>   This fixes a regression introduced when preparing the LKML submission.
>
>   * allowedips: prevent double read in kref
>   * allowedips: avoid window of disappeared peer
>   * hashtables: document immediate zeroing semantics
>   * peer: ensure resources are freed when creation fails
>   * queueing: document double-adding and reference conditions
>   * queueing: ensure strictly ordered loads and stores
>   * cookie: returned keypair might disappear if rcu lock not held
>   * noise: free peer references on failure
>   * peer: ensure destruction doesn't race
>
>   Various fixes, as well as lots of code comment documentation, for a
>   small variety of the less obvious aspects of object lifecycles,
>   focused on correctness.
>
>   * allowedips: free root inside of RCU callback
>   * allowedips: use different macro names so as to avoid confusion
>
>   These incorporate two suggestions from LKML.
>
> This snapshot contains commits from: Jason A. Donenfeld and Jann Horn.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from 68e2ebe64a)
2018-12-18 11:28:14 +01:00
Rosy Song
b3cc304e45 iptables: fix dependency for libip6tc on IPV6
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 2dc1f54b12)
2018-12-18 11:28:14 +01:00
Rosy Song
468a4b5b62 netifd: do not validate relevant section when ipv6 is not supported
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from a6add47869)
2018-12-18 11:28:14 +01:00
Florian Eckert
0ccf009b62 base-files: add network_get_metric() to /lib/functions/network.sh
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(backported from 61a5994900)
2018-12-18 11:28:14 +01:00
Andy Walsh
d5b045b52b ncurses: use default host install
* just use default host/install, so libs/headers get properly generated/installed

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from e0196152eb)
2018-12-18 11:28:14 +01:00
Andy Walsh
38e99cb379 gettext-full: host compile with -fpic
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from 2bbc9376c6)
2018-12-18 11:28:14 +01:00
David Yang
9a01ff5c03 dante: disable sched_getscheduler() - not implemented in musl
musl doesn't come with an valid implementation of `sched_getscheduler()`;
it simply returns -ENOSYS for it. Without this option (and compile dante
with `sched_getscheduler()` enabled), you will get

    error: serverinit(): sched_getscheduler(2): failed to retrieve current
    cpuscheduling policy: Function not implemented

and dante won't start at all.

Ref: http://lists.alpinelinux.org/alpine-devel/3932.html
Ref: http://lists.alpinelinux.org/alpine-devel/3936.html
Signed-off-by: David Yang <mmyangfl@gmail.com>
[slightly reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from aaf46a8fe2)
2018-12-18 11:28:14 +01:00
Tony Ambardar
85c77301d4 base-files: fix postinstall uci-defaults removal
Commit 7f694582 introduced a bug where default_postinst() often fails to
remove a uci-defaults script after application, leaving it to run again
after a reboot.
(Note: commit 7f694582 also introduced FS#1021, now fixed by 73c745f6)

The subtle problem arises from the shell logical chain:
[ -f "$i" ] && . "$i" && rm -f "$i"

Most uci-defaults scripts contain a terminal 'exit 0' statement which,
when sourced, results in the logic chain exiting before executing 'rm -f'.
This was observed while testing upgrades of 'luci-app-sqm'.

The solution is to wrap the shell sourcing in a subshell relative to the
command 'rm -f':
( [ -f "$i" ] && . "$i" ) && rm -f "$i"

Revert to using 'grep' to prefilter the list of entries from the control
file, which yields the full path of uci-defaults scripts. This allows
keeping the existence check, directory change and script sourcing inside
the subshell, with the script removal correctly outside.

This approach avoids adding a second subshell only around the "." (source)
command. The change also preserves the fix FS#1021, since the full path is
used to source the script, which is POSIX-portable irrespective of PATH
variable or reference to the CWD.

Run Tested on: LEDE 17.01.4 running ar71xx, while tracing installation of
package luci-app-sqm with its associated /etc/uci-defaults/luci-sqm file.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(backported from 4097ab6a97)
2018-12-18 11:28:14 +01:00
Jo-Philipp Wich
a3446cb0d2 lldpd: inhibit linking of libbsd on !GLIBC
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 4f277eb640)
2018-12-18 11:28:13 +01:00
Jonathan Lancett
bbc0c4d9cb mwlwifi: driver version to 10.3.8.0-20180920
Signed-off-by: Jonathan Lancett <j.lancett@ntlworld.com>
[minor tweak to commit title]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 95b3f8ec8d)
2018-12-18 11:28:13 +01:00
Hans Dedecker
6f50d5ccf3 map: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken map connectivity.
Therefore drop the default encaplimit value for map tunnels so
no destination option header is included by default.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from d9691b66e2)
2018-12-18 11:28:13 +01:00
Hans Dedecker
f6eab3c3de ds-lite: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken ds-lite connectivity.
Therefore drop the default encaplimit value for ds-lite tunnels so
no destination option header is included by default.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 1241707b40)
2018-12-18 11:28:13 +01:00
Rosy Song
d9f845f761 odhcpd: enable ipv6 server mode only when it is supported
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 918ec4d549)
2018-12-18 11:28:13 +01:00
Andy Walsh
4b5e062bd3 base-files: /etc/services: add missing 'rpcbind' alias
* add missing 'rpcbind' alias to /etc/services

Allows rpcbind to open its 111 port and be reachable via lan, this is the default behaviour.

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from 4549ab46a8)
2018-12-18 11:28:13 +01:00
Rosen Penev
376e9294c7 usbutils: Update usb.ids to 0.315
Referencing the version instead of revision should fix uscan.

Tested on Turria Omnia.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from a9aa25c8b6)
2018-12-18 11:28:13 +01:00
Rosen Penev
3dbdd404a8 hostapd: Fix compile with OpenSSL 1.1.0 + no deprecated APIs
Patch was accepted upsteam:

https://w1.fi/cgit/hostap/commit/?id=373c796948599a509bad71695b5b72eef003f661

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from f78e07ad2a)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 11:28:13 +01:00
Stijn Tintel
0dbafc3a3a strace: fix build on aarch64
As of version 4.21, strace enforces mpers by default. The current
implementation of aarch64 compat in strace assumes it's identical to
ARMv7 EABI and therefore tries to enable m32 personality support. As
there is no -m32 support on aarch64, this causes the build to fail.

Restore previous strace behavior to fix build on aarch64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Karl Palsson <karlp@tweak.net.au>
(backported from 067e2f5f1d)
2018-12-18 11:28:12 +01:00
Hans Dedecker
8cac88af4b odhcpd: bump to git HEAD (detect broken hostnames)
881f66b odhcpd: detect broken hostnames
3e17fd9 config: fix odhcpd_attrs array size

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from ecc3165cbc)
2018-12-18 11:28:12 +01:00
Alexander Couzens
69f28f3a20 hostapd: fix build of wpa-supplicant-p2p
VARIANT:= got removed by accident.

Fixes: 3838b16943 ("hostapd: fix conflicts hell")
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from 967d6460c0)
2018-12-18 11:28:12 +01:00
Jo-Philipp Wich
62e7ad1d21 ppp: remove hardcoded lcp-echo-failure, lcp-echo-interval values
OpenWrt used to ship hardcoded defaults for lcp-echo-failure and
lcp-echo-interval in the non-uci /etc/ppp/options file.

These values break uci support for *disabling* LCP echos through
the use of "option keepalive 0" as either omitting the keepalive
option or setting it to 0 will result in no lcp-echo-* flags
getting passed to the pppd cmdline, causing the pppd process to
revert to the defaults in /etc/ppp/options.

Address this issue by letting the uci "keepalive" option default
to the former hardcoded values "5, 1" and by removing the fixed
lcp-echo-failure and lcp-echo-interval settings from the
/etc/ppp/options files.

Ref: https://github.com/openwrt/luci/issues/2112
Ref: https://dev.archive.openwrt.org/ticket/2373.html
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=854
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1259
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 555c592304)
2018-12-18 11:28:12 +01:00
Paul Wassi
87a6aadfd5 base-files: provide more tolerant xterm detection
Set the window title not only in "xterm", but also in
e.g. "xterm-256color", "xterm-color", etc.
The case statement is taken from Debian / Ubuntu.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
(backported from 1bd6b91e0f)
2018-12-18 11:28:12 +01:00
Keith Wong
9afbe27bd0 kernel: add kmod-tcp-bbr
This adds support for BBR (Bottleneck Bandwidth and RTT) TCP
congestion control. Applications (e.g. webservers, VPN client/server)
which initiate connections from router side can benefit from this.

This provide an easier way for users to use BBR by selecting /
installing kmod-tcp-bbr instead of altering kernel config and
compiling firmware by themselves.

Signed-off-by: Keith Wong <keithwky@gmail.com>
(backported from 79c233daa4)
2018-12-18 11:28:12 +01:00
Daniel Engberg
39420c3ead libbsd: Update to 0.8.7
Update libbsd to 0.8.7
Remove glibc dependency
Clean up InstallDev and install entries
Use /usr path for consistency
Cherry pick patches from upstream to fix musl compilation

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from e341f45913)
2018-12-18 11:28:12 +01:00
Martin Schiller
8ec7ad033e kernel: fix kmod-gpio-mcp23s08 for linux 4.14
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(backported from a904003b9b)
2018-12-18 11:28:12 +01:00
Hans Dedecker
97fddb2fdd dropbear: backport upstream fix for CVE-2018-15599
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 2211ee0037)
2018-12-18 11:28:11 +01:00
Rosen Penev
e005beec2d samba36: Enable umdnsd support
Allows discovery without having to use NetBIOS. Useful for mobile devices.

Could eventually throw nbmd away. But that requires Windows 10...

Tested on Fedora 28 with avahi-discover.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 499773f8ef)
2018-12-18 11:28:11 +01:00
Luiz Angelo Daros de Luca
57f3a57abd base-files: create /etc/ethers by default
/etc/ethers is missing on /rom but always created when dnsmasq
runs. It is better to have it in place and avoid an extra change
in flash after firstboot.

It will generate an extra /etc/ethers-opkg when it has changed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from d810d44e5a)
2018-12-18 11:28:11 +01:00
Daniel Engberg
a009d4cdf3 mwlwifi: Update to 10.3.8.0-20180810
Update mwlwifi to 10.3.8.0-20180810

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from e1a1add517)
2018-12-18 11:28:02 +01:00
Stijn Tintel
1e06b02bf7 firewall: bump to git HEAD
12a7cf9 Add support for DSCP matches and target
06fa692 defaults: use a generic check_kmod() function
1c4d5bc defaults: fix check_kmod() function

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(backported from 03e5dcbf10)
2018-12-18 11:01:57 +01:00
Mathias Kresin
d93bd72a98 base-files: add function to get mac as text from flash
Add a function to get a mac stored as text from flash. The octets of
the mac address need to be separated by any separator supported by
macaddr_canonicalize().

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from dfee452713)
2018-12-18 11:01:56 +01:00
Mathias Kresin
54278dfa69 base-files: use consistent coding style
Add the opening bracket right after the function name, to do it the
same way for all functions in this file.

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from ec28d2797c)
2018-12-18 11:01:56 +01:00
Thibaut VARÈNE
a2b2a9c55f base-files: make wifi report unknown command
Avoid having /sbin/wifi silently ignore unknown keywords and execute
"up"; instead display the help message and exit with an error.

Spell out the "up" keyword (which has users), add it to usage output,
and preserve the implicit assumption that runing /sbin/wifi without
argument performs "up".

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(backported from 78b5764fd8)
2018-12-18 11:01:56 +01:00
Hans Dedecker
7a52e0a7ab odhcp6c: apply IPv6/ND configuration earlier
Apply IPv6/ND configuration before proto_send_update so that all config info
is available when netifd is handling the notify_proto ubus call.
In particular this fixes an issue when netifd is updating the downstream IPv6 mtu
as netifd was still using the not yet updated upstream IPv6 mtu to set the
downstream IPv6 mtu

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 2e02fdb363)
2018-12-18 11:01:56 +01:00
Eneas U de Queiroz
cc6da6fa1a ustream-ssl: update to latest git HEAD
23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(backported from 33fd1d0d91)
2018-12-18 11:01:55 +01:00
Jo-Philipp Wich
43c96e8dd8 iwinfo: update to latest Git HEAD
a514139 build: compile with -ffunction-sections, -fdata-sections and LTO
3c30b17 wl: only invoke nvram executable if it exists
65b8333 Revert "build: compile with -ffunction-sections, -fdata-sections and LTO"

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from fdd6c556ab)
2018-12-18 10:34:07 +01:00
Jo-Philipp Wich
34e3a4a034 wolfssl: disable broken shipped Job server macro
The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on
plain POSIX shells due to the use of `let`.

Shells lacking `let` will fail to run the generated m4sh code and end up
invoking "make" with "-jyes" as argument, fialing the build.

Since there is no reason in the first place for some random package to
muck with the make job server settings and since we do not want it to
randomly override "-j" either, simply remove references to this defunct
macro to let the build succeed on platforms which not happen to use bash
as default shell.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from a27de701b0)
2018-12-18 10:34:07 +01:00
Alexandru Ardelean
30d7924c3c wolfssl: remove myself as maintainer
I no longer have the time, nor the desire to maintain this package.
Remove myself as maintainer.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(backported from 20346a63f6)
2018-12-18 10:27:37 +01:00
Luiz Angelo Daros de Luca
eb9ac25903 openvpn-easy-rsa: update to 3.0.4
Upstream renamed openssl-1.0.cnf to openssl-easyrsa.cnf.
However, pkg kept using openssl-1.0.cnf.

Upstream easyrsa searchs for vars, openssl-*, x509-types in the
same directory as easyrsa script. This was patched to revert
back to static /etc/easy-rsa/ directory (as does OpenSUSE).
EASYRSA_PKI still depends on $PWD.

Move easyrsa from /usr/sbin to /usr/bin as root is not needed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(backported from f1bef0596f)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 10:27:37 +01:00
Daniel Gimpelevich
38d4ba4e19 kernel: package x86-optimized crypto-misc modules
Some of the modules in the crypto-misc package have alternate
implementations optimized for different x86 instruction set extensions,
but only one of these was built for this package until now: twofish-i586.ko

Tested with insmod, on both x86 and x86_64. The modules now have an
autoload, which they previous didn't, loading the dependencies in the
correct order.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(backported from c762817c92)
2018-12-18 10:27:36 +01:00
Rosy Song
63a87b4c7a base-files: do not add relevant sections & options except when ipv6 is support in kernel
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 2b637e5ab8)
2018-12-18 10:27:36 +01:00
Andreas Ziegler
c58c31bf99 base-files: sysupgrade: abort if config backup fails
Sysupgrade shouldn't proceed, if the backup of the configuration
fails because tar (or gzip) exit with a non-zero code.

Signed-off-by: Andreas Ziegler <dev@andreas-ziegler.de>
(backported from 72489ebeb6)
2018-12-18 10:27:36 +01:00