Commit Graph

17900 Commits

Author SHA1 Message Date
Alan Swanson
d1a056f620 dnsmasq: Update to version 2.85
Fixes issue with merged DNS requests in 2.83/2.84 not being
retried on the firsts failed request causing lookup failures.

Also fixes the following security problem in dnsmasq:
* CVE-2021-3448:
  If specifiying the source address or interface to be used
  when contacting upstream name servers such as:
  server=8.8.8.8@1.2.3.4, server=8.8.8.8@1.2.3.4#66 and
  server=8.8.8.8@eth0 then all would use the same socket
  bound to the explicitly configured port. Now only
  server=8.8.8.8@1.2.3.4#66 will use the explicitly
  configured port and the others random source ports.

Remove upstreamed patches and update remaining patch.

Signed-off-by: Alan Swanson <reiver@improbability.net>
[refreshed old runtime support patch]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 3980daffa4)
2021-05-05 09:22:36 +01:00
Hauke Mehrtens
08cfc7a0d3 ltq-dsl-base: Make package nonshared to fix image builder
This package depends on the lantiq target and is only build for that
target. A normal package would be build by the SDK builder probably
under a different target and then this package will not be selected.
Mark it as nonshared to build it when the lantiq target gets build.

Fixes: FS#3773, FS#3774
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 454d514f46)
2021-05-04 22:29:38 +02:00
Hauke Mehrtens
ce41fc38ba mac80211: Update to version 5.10.34-1
The removed patches were applied upstream and are not needed anymore.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 17ac9849d3)
2021-05-04 22:29:34 +02:00
Hauke Mehrtens
a641502849 busybox: backport fix for CVE-2021-28831
This backports a fix for the low priority CVE-2021-28831:
  decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit
  on the huft_build result pointer, with a resultant invalid free or
  segmentation fault, via malformed gzip data.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 13397b2b95)
2021-05-04 22:29:29 +02:00
Roger Pueyo Centelles
701d25b551 ipq40xx: add support for MikroTik SXTsq 5 ac
This commit adds support for the MikroTik SXTsq 5 ac (RBSXTsqG-5acD),
an outdoor 802.11ac wireless CPE with one 10/100/1000 Mbps Ethernet
port.

Specifications:
 - SoC: Qualcomm Atheros IPQ4018
 - RAM: 256 MB
 - Storage: 16 MB NOR
 - Wireless: IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 16 dBi antennae
 - Ethernet: IPQ4018 (SoC) 1x 10/100/1000 port, 10-28 Vdc PoE in
 - 1x Ethernet LED (green)
 - 7x user-controllable LEDs
  · 1x power (blue)
  · 1x user (green)
  · 5x rssi (green)

Note:
 Serial UART is probably available on the board, but it has not been
 tested.

Flashing:
 Boot via TFTP the initramfs image. Then, upload a sysupgrade image
 via SSH and flash it normally. More info at the "Common procedures
 for MikroTik products" page https://openwrt.org/toh/mikrotik/common.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
(cherry picked from commit d1f1e5269e)
[Compile and Run Tested]
Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-05-03 14:57:29 +02:00
Robert Marko
3ce7f1e477 ipq40xx: add MikroTik hAP ac2 support
This adds support for the MikroTik RouterBOARD RBD52G-5HacD2HnD-TC
(hAP ac²), a  indoor dual band, dual-radio 802.11ac
wireless AP with integrated omnidirectional antennae, USB port and  five
10/100/1000 Mbps Ethernet ports.

See https://mikrotik.com/product/hap_ac2 for more info.

Specifications:
 - SoC: Qualcomm Atheros IPQ4018
 - RAM: 128 MB
 - Storage: 16 MB NOR
 - Wireless:
   · Built-in IPQ4018 (SoC) 802.11b/g/n 2x2:2, 2.5 dBi antennae
   · Built-in IPQ4018 (SoC) 802.11a/n/ac 2x2:2, 2.5 dBi antennae
 - Ethernet: Built-in IPQ4018 (SoC, QCA8075) , 5x 1000/100/10 port,
             passive PoE in
- 1x USB Type A port

Installation:
Boot the initramfs image via TFTP and then flash the sysupgrade
image using "sysupgrade -n"

Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit faea7becaf)
[Compile Tested]
Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-05-03 14:57:29 +02:00
Felix Fietkau
f066ee2ad5 mac80211: minstrel_ht: fix issue in calculating success probability
Missing braces in a macro were leading to badly working rates sometimes
getting a success probabilty of 1.0

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 12cb52bd06)
2021-04-28 21:11:15 +02:00
Florian Eckert
15cd9a5d5c ltq-vdsl-app: extent dsl metrics with state_num and power_state_num
With the old ubus dsl API, the numbers for the individual line_states and
power_states were also returned. These were not ported to the new DSL
C-API. This commit adds the missing information.

For this the internal values are mapped to numbers.

* additional JSON output for state_num:
"state_num": <map_state_number>

Since not all values are meaningful only the following values are
implemented, this can be extended if the future.

* LSTATE_MAP_NOT_INITIALIZED
* LSTATE_MAP_EXCEPTION
* LSTATE_MAP_IDLE
* LSTATE_MAP_SILENT
* LSTATE_MAP_HANDSHAKE
* LSTATE_MAP_FULL_INIT
* LSTATE_MAP_SHOWTIME_NO_SYNC
* LSTATE_MAP_SHOWTIME_TC_SYNC
* LSTATE_MAP_RESYNC

* additinal JSON output for power_level:
"power_state_num": <map_power_satte_number>,

Since there are not so many here, all are mapped.

* PSTATE_MAP_NA,
* PSTATE_MAP_L0,
* PSTATE_MAP_L1,
* PSTATE_MAP_L2,
* PSTATE_MAP_L3,

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
v6:
Add state LSTATE_MAP_NOT_INITILIZED at the beginning of the list
Start the list LSTATE_MAP with -1
Reviewed-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 4407d45d96)
2021-04-19 23:25:02 +02:00
Jeroen Peelaerts
dd43fae67b lantiq: use ActualNetDataRate for speed reporting
Switch to Actual Net Data Rate (ACTNDR) for speed reporting on lantiq VDSL modems

Refer to ITU-T G.997.1 chapter 7.5.2.8

Independent whether retransmission is used or not in a given transmit direction:
-   In L0 state, this parameter reports the Net Data Rate (as specified in G.992.3, G.992.5 or G.993.2) at which the bearer channel is operating.
-   In  L2 state, the parameter contains the Net Data Rate (as specified in G.992.3, G.992.5 or G.993.2) in the previous L0 state.

Signed-off-by: Jeroen Peelaerts <jeroen.peelaerts@gmail.com>
Reviewed-by: Andre Heider <a.heider@gmail.com>
(cherry picked from commit 4f27ea7c33)
2021-04-19 23:24:57 +02:00
Jeroen Peelaerts
51a5053300 lantiq: enable G.INP retransmission counters
This commit adds monitoring for a couple of DSL line features that are
present in the lantiq firmware blobs.

* G.INP ON/OFF
* Trellis encoding ON/OFF
* Virtaul Noise ON/OFF
* Bitswap ON/OFF

Difference in size for ltq-vdsl-app = 1k
Difference in size for kmod-ltq-vdsl-vr9 < 1k

Reviewed-by: Andre Heider <a.heider@gmail.com>
Signed-off-by: Jeroen Peelaerts <jeroen.peelaerts@gmail.com>
(cherry picked from commit 48162e4c0c)
2021-04-19 23:24:36 +02:00
Hauke Mehrtens
1d5aa4bde7 OpenWrt v21.02.0-rc1: revert to branch defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-19 21:10:17 +02:00
Hauke Mehrtens
2ce89a3578 OpenWrt v21.02.0-rc1: adjust config defaults
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-19 21:10:14 +02:00
Hauke Mehrtens
0fc789b724 realtek: Add ZyXEL GS1900-8
The ZyXEL GS1900-8 is a 8 port switch without any PoE functionality or
SFP ports, but otherwise similar to the other GS1900 switches.

Specifications
--------------
* Device:    ZyXEL GS1900-8 v1.2
* SoC:       Realtek RTL8380M 500 MHz MIPS 4KEc
* Flash:     Macronix MX25L12835F 16 MiB
* RAM:       Nanya NT5TU128M8GE-AC 128 MiB DDR2 SDRAM
* Ethernet:  8x 10/100/1000 Mbit
* LEDs:      1 PWR LED (green, not configurable)
             1 SYS LED (green, configurable)
             8 ethernet port status LEDs (green, SoC controlled)
* Buttons:   1 on-off glide switch at the back (not configurable)
             1 reset button at the right side, behind the air-vent
               (not configurable)
             1 reset button on front panel (configurable)
* Power      12V 1A barrel connector
* UART:      1 serial header (JP2) with populated standard pin connector on
             the left side of the PCB, towards the back. Pins are labelled:
             + VCC (3.3V)
             + TX (really RX)
             + RX (really TX)
             + GND
             the labelling is done from the usb2serial connector's point of
             view, so RX/ TX are mixed up.

Serial connection parameters for both devices: 115200 8N1.

Installation
------------
Instructions are identical to those for the GS1900-10HP and GS1900-8HP.

* Configure your client with a static 192.168.1.x IP (e.g. 192.168.1.10).
* Set up a TFTP server on your client and make it serve the initramfs
  image.
* Connect serial, power up the switch, interrupt U-boot by hitting the
  space bar, and enable the network:
  > rtk network on
* Since the GS1900-10HP is a dual-partition device, you want to keep the
  OEM firmware on the backup partition for the time being. OpenWrt can
  only boot off the first partition anyway (hardcoded in the DTS). To
  make sure we are manipulating the first partition, issue the following
  commands:
  > setsys bootpartition 0
  > savesys
* Download the image onto the device and boot from it:
  > tftpboot 0x84f00000 192.168.1.10:openwrt-realtek-generic-zyxel_gs1900-8-initramfs-kernel.bin
  > bootm
* Once OpenWrt has booted, scp the sysupgrade image to /tmp and flash it:
  > sysupgrade /tmp/openwrt-realtek-generic-zyxel_gs1900-8-squashfs-sysupgrade.bin

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e6ba970b6e)
2021-04-18 12:06:18 +02:00
Stijn Segers
f1ba3a8d91 uboot-envtools: add support for ZyXEL GS-1900-8HP v1 and v2
This adds the necessary nuts and bolts for the uboot settings for both the ZyXEL GS1900-8HP v1 and v2.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
(cherry picked from commit b5bc53813d)
2021-04-18 12:06:05 +02:00
Alexander Egorenkov
eaf19220b6 base-files: fix status display command
If service() is called w/o parameter then the status display for services
with multiple instances is incorrect. E.g. samba4 or wpad have 2 instances.

root@OpenWrt:~# /etc/init.d/samba4 status
running
root@OpenWrt:~# /etc/init.d/wpad status
running

Before change:
/etc/init.d/samba4                 enabled         stopped
/etc/init.d/wpad                   enabled         stopped

After change:
/etc/init.d/samba4                 enabled         running
/etc/init.d/wpad                   enabled         running

Signed-off-by: Alexander Egorenkov <egorenar-dev@posteo.net>
(cherry picked from commit 9318f61556)
2021-04-18 12:05:54 +02:00
Rui Salvaterra
ab610f5af3 zram-swap: bail out early if the kernel doesn't support swap
Since KERNEL_SWAP is only enabled by default for !SMALL_FLASH targets, we need
to check if the current kernel supports swap before trying to configure
zram-swap, as opkg can't check for kernel dependencies.

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
(cherry picked from commit 565dfeb128)
2021-04-18 12:05:53 +02:00
Piotr Dymacz
8bbf5bc4b0 uboot-imx6: define 'BUILD_DEVICES' for Toradex Apalis
Without 'BUILD_DEVICES' defined, the U-Boot related package won't be
automatically selected when building for Toradex Apalis device.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
(cherry picked from commit 8c3383799a)
2021-04-18 12:05:51 +02:00
Daniel Golle
1a0afbd6f2 umdns: add missing syscalls to seccomp filter
Looks like 'openat', 'pipe2' and 'ppoll' are now needed, possibly due
to changes on libraries used by umdns now using slightly different
calls.

Found using
/etc/init.d/umdns trace
now use umdns, ie. cover all ubus call etc., then
/etc/init.d/umdns stop
find list of syscalls traced in /tmp/umdns.*.json

Fixes: FS#3355 ("UMDNS: does not start on master with seccomp")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 00a85a1634)
2021-04-18 12:05:12 +02:00
Daniel Golle
36ee555c5f umdns: add syscalls needed on Aarch64
Now that ujail supports seccomp also on Aarch64, add missing syscall
'fstat' to the list of allowed syscalls.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit d28880cdd8)
2021-04-18 12:05:08 +02:00
Daniel González Cabanelas
f2b7e66759 uboot-envtools: mvebu: add Buffalo LS421DE
The Buffalo Linkstation LS421DE NAS lacks an uboot env config file.

Create it via scripts.

Signed-off-by: Daniel González Cabanelas <dgcbueu@gmail.com>
(cherry picked from commit 4f8da19572)
2021-04-18 12:04:24 +02:00
Rafał Miłecki
50f2f25d58 kernel: limit crypto-hw-ccp to the x86
CRYPTO_DEV_CCP depends on X86 or ARM64
CRYPTO_DEV_CCP_DD depends on CPU_SUP_AMD or ARM64

Compiling this driver makes sense for x86 mainly. If one day support for
ARM64 board with AMD Secure Processor gets added this package may be
updated.

Trying to build this package on bcm4908 was causing:
ERROR: module 'build_dir/target-aarch64_cortex-a53_musl/linux-bcm4908_generic/linux-5.4.110/drivers/crypto/ccp/ccp-crypto.ko' is missing.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit cb3fb45ed1)
2021-04-14 08:42:38 +02:00
Rafał Miłecki
48262735d9 kernel: crypto: format "crypto-hw-ccp" dependencies
Use multiples lines for better readability and sort lines.

Suggested-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 107111adbb)
2021-04-14 08:42:38 +02:00
Philip Prindeville
46362c48c8 libnfnetlink: quote $(FPIC) on command line
When $(FPIC) gets expanded on the command line (for instance
when setting environment variables for libtool, configure, or
make) we can't count on it not needing quoting (i.e. it could
contain multiple flags separated with spaces).

Fixes: dc31191ec3 ("build: make sure asm gets built with -DPIC")
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
(cherry picked from commit 7fae64cc06)
2021-04-12 20:45:29 +02:00
Felix Fietkau
04b22754d7 mt76: update to the latest version
6a3cf95733e2 mt76: fix tx skb error handling in mt76_dma_tx_queue_skb
ab9045153343 mt76: mt7915: only modify tx buffer list after allocating tx token id
7e1eff676257 mt76: mt7915: fix unused 'mode' variable
8a2e22fcbf69 mt76: mt7921: fix suspend/resume sequence
27a54e8b687f mt76: mt7921: fix memory leak in mt7921_coredump_work
c267322f0bdb mt76: mt7921: switch to new api for hardware beacon filter [v2 update]
fd2c59d9ba46 mt76: mt7921: fixup rx bitrate statistics [v2 update]
bfa8d5a6a9a1 mt76: adjust to upstream API for enabling threaded NAPI
1706fb6c48e8 mt76: mt7663s: fix rx buffer refcounting
c5aca6692c41 mt76: mt7615: enable hw rx-amsdu de-aggregation
9002b0b30aed mt76: mt7615: add rx checksum offload support
8e3f5bfe74f6 mt76: mt7615: add support for rx decapsulation offload
8e3bba8bd3ef mt76: mt7615: fix memory leak in mt7615_coredump_work
760adce29100 mt76: mt7921: fix aggr length histogram
84229a51845a mt76: mt7915: fix aggr len debugfs node
10a95da23cb7 mt76: mt7921: remove unneeded semicolon
2856dc8fb57e mt76: mt7921: fix stats register definitions
1b245e57549d mt76: mt7615: fix TSF configuration
1a2e2965b62b mt76: mt7615: remove hdr->fw_ver check
f60ec1b9473d mt76: mt7615: fix mib stats counter reporting to mac80211
8a5b036af48f mt76: mt7915: fix mib stats counter reporting to mac80211
ee6dbcc64f6d mt76: connac: fix kernel warning adding monitor interface
e46dd240ce72 mt76: check return value of mt76_txq_send_burst in mt76_txq_schedule_list
ddf95ead3bb3 mt76: mt7921: get rid of mt7921_sta_rc_update routine
fd2a51ea9dc8 mt76: mt7921: fix the base of PCIe interrupt
28f53d074bb0 mt76: mt7921: fix the base of the dynamic remap
8d737632b57f mt76: mt7921: check mcu returned values in mt7921_start
5ff25c915e62 mt76: mt7915: add missing capabilities for DBDC
58dd3f26c099 mt76: mt7615: fix CSA notification for DBDC
76f4959107ac mt76: mt7615: stop ext_phy queue when mac reset happens
7de0a0654054 mt76: mt7915: fix CSA notification for DBDC
e9e418fc7eb0 mt76: mt7915: stop ext_phy queue when mac reset happens
477b78301879 mt76: mt7915: fix PHY mode for DBDC
37b4dc0f7595 mt76: mt76x0u: Add support for TP-Link T2UHP(UN) v1
29a04583aecb mt76: mt7915: fix rxrate reporting
a4307e6ba054 mt76: mt7915: fix txrate reporting
256f324f8fcd mt76: mt7915: check mcu returned values in mt7915_ops
638b112188a5 mt76: mt7615: check mcu returned values in mt7615_ops
975cccfa96da mt76: mt7663: fix when beacon filter is being applied
aafe972e95b2 mt76: mt7663s: make all of packets 4-bytes aligned in sdio tx aggregation
0d5b1a702715 mt76: mt7663s: fix the possible device hang in high traffic
00628061b546 mt76: mt7615: add missing capabilities for DBDC
2303e1844afd mt76: mt7915: fix possible deadlock while mt7915_register_ext_phy()
6e2b9d258306 mt76: mt7921: reduce mcu timeouts for suspend, offload and hif_ctrl msg
3cf5afc02955 mt76: introduce mcu_reset function pointer in mt76_mcu_ops structure
9af9622df549 mt76: mt7921: introduce mt7921_run_firmware utility routine.
e12c44a7e165 mt76: mt7921: introduce __mt7921_start utility routine
7b56d5bf6ea0 mt76: dma: introduce mt76_dma_queue_reset routine
a80e50098b51 mt76: dma: export mt76_dma_rx_cleanup routine
e0708e296e27 mt76: mt7921: add wifi reset support
87e09e8482cf mt76: mt7921: remove leftovers from dbdc configuration
cc933b3669f7 mt76: mt7921: remove redundant check on type
ca22cc221ae7 linux-firmware: add firmware for MT7921
0b6c9a043f78 mt76: move de-amsdu buffer per-phy
48a905e23791 mt76: mt7615: fix CSA event format
fbef8bba038f mt76: mt7921: remove duplicated macros in mcu.h
6886b57a1534 mt76: connac: introcuce mt76_sta_cmd_info data structure
e529e8afe22a mt76: mt7921: properly configure rcpi adding a sta to the fw
e4d522776804 mt76: mt7921: fix airtime reporting
be2f67e8d3cb mt76: mt7915: fix key set/delete issue
09a1befde4b7 mt76: fix potential DMA mapping leak
f66f8f41d47b mt76: mt7915: refresh repeater entry MAC address when setting BSSID
035e2f6f1ddf mt76: mt7921: get rid of mt7921_mac_wtbl_lmac_addr
ee29cd5f3a6a mt76: mt7615: only enable DFS test knobs for mt7615
9a98b1a6f9c2 mt76: mt7615: cleanup mcu tx queue in mt7615_dma_reset()
3bd285424e7b mt76: mt7622: trigger hif interrupt for system reset
bf6d9ee4acd1 mt76: mt7615: keep mcu_add_bss_info enabled till interface removal
115b74282314 mt76: mt7915: keep mcu_add_bss_info enabled till interface removal
57432e701d1a mt76: mt7915: cleanup mcu tx queue in mt7915_dma_reset()
a519c49a6a42 mt76: mt7615: 0-terminate firmware log messages
4a22f2ffae2e mt76: mt7915: 0-terminate firmware log messages
b8609066893a mt76: mt7615: fix chip reset on MT7622 and MT7663e
465dda65ee84 mt7615,mt7915: replace fw log 0-terminating code with wiphy info length limit
62b13f5352b8 mt76: mt7921: fix key set/delete issue
0ff3a336a8d8 mt7615,mt7915: fix a compiler warning
113ba8a81d54 mt76: mt7615: remove redundant dev_err call in mt7622_wmac_probe()
be1ab3b9ae7c mt76: mt7921: fix typo in mt7921_pci_resume
4e22f0dc934b mt76: mt7915: fix txpower init for TSSI off chips
e66a0b9b8d66 mt76: mt7615: always wake the device in mt7615_remove_interface
38f656768a90 mt76: mt7921: always wake the device in mt7921_remove_interface
6ee4770de083 mt76: mt7921: rework mt7921_mcu_debug_msg_event routine
e578b4b8d56a mt76: mt7615: fix .add_beacon_offload()
f8c6c7cbf10f mt76: mt7915: fix mt7915_mcu_add_beacon
7d35b7a15d1d mt76: mt7915: add wifi subsystem reset
04122c89749d mt76: fix rx amsdu subframe processing
5e764ec9bece mt76: mt7921: introduce MT_WFDMA_DUMMY_CR definition
cf0badbc0497 mt76: mt7921: fix inappropriate WoW setup with the missing ARP informaiton
f32a4e15f5b2 mt76: mt7921: fix the dwell time control
54f52771a04a mt76: mt7921: fix kernel crash when the firmware fails to download
97189d2a045b mt76: mt7921: fix the insmod hangs
dcdbd7c89cf5 mt76: mt7921: fix MT_PCIE_MAC_INT_ENABLE access
813db729c02f mt76: mt7921: reduce the data latency during hw scan
028b7152b1a9 mt76: mt7921: remove 80+80 MHz support capabilities
7714dc914df6 mt76: report Rx timestamp
ffd4cf15fa0e mt76: mt7915: add mmio.c
fe8717dd573a mt76: mt7615: add missing SPDX tag in mmio.c
6b293c411d22 mt76: mt7615: always add rx header translation tlv when adding stations
bf45b30d8919 add missing file

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8cc013981d)
2021-04-11 21:06:58 +02:00
Felix Fietkau
4ad1957eee mac80211: add client mode connection monitor fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit dfdb28c24a)
2021-04-11 19:45:26 +02:00
Felix Fietkau
de00033bbb mac80211: support rx timestamps for HE rates
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 7d8e14e44f)
2021-04-11 19:45:26 +02:00
Hauke Mehrtens
3da861ccca kernel: bump 5.4 to 5.4.111
Refreshed all patches.

The following patches were manually changed:
* 610-netfilter_match_bypass_default_checks.patch
* 611-netfilter_match_bypass_default_table.patch
* 802-can-0002-can-rx-offload-fix-long-lines.patch
* 802-can-0003-can-rx-offload-can_rx_offload_compare-fix-typo.patch
* 802-can-0004-can-rx-offload-can_rx_offload_irq_offload_timestamp-.patch
* 802-can-0005-can-rx-offload-can_rx_offload_reset-remove-no-op-fun.patch
* 802-can-0006-can-rx-offload-Prepare-for-CAN-FD-support.patch
* 802-can-0018-can-flexcan-use-struct-canfd_frame-for-CAN-classic-f.patch

The can-dev.ko model was moved in the upstream kernel.

Compile-tested on: x86/64, armvirt/64, ath79/generic
Runtime-tested on: x86/64, armvirt/64, ath79/generic

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-04-11 17:35:12 +02:00
Tony Ambardar
40143873d6 iproute2: fix libbpf detection with NLS enabled
Upstream iproute2 detects libbpf using a one-line $CC test-compile, which
normally ignores LDFLAGS. With NLS enabled however, LDFLAGS includes an
"rpath-link" linker option needed to resolve libintl.so. Its absence
causes both the compile and libbpf detection to fail:

  ld: warning: libintl.so.8, needed by libbpf.so, not found (try using
      -rpath or -rpath-link)
  ld: libelf.so.1: undefined reference to `libintl_dgettext'
  collect2: error: ld returned 1 exit status

Fix this by directly including $LDFLAGS in the test-compile command.

Reported-by: Ian Cooper <iancooper@hotmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit aab3a04ce8)
2021-04-10 14:22:28 +02:00
Tony Ambardar
879cbd9e97 binutils: fix libbfd missing DSO dependency if NLS enabled
The libbfd package definition uses $(ICONV_DEPENDS) and $(INTL_DEPENDS)
but links against neither, leading to libbfd detection failures in other
packages (e.g. bpftools) and on-target relocation problems with libintl.so:

  root@OpenWrt:/# ldd /usr/lib/libbfd.so
        ldd (0x77db6000)
        libc.so => ldd (0x77db6000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x77c6d000)
  Error relocating /usr/lib/libbfd.so: libintl_dgettext: symbol not found

Add NLS-conditional linking of "libintl" to fix this. Also remove libbfd
package dependency $(ICONV_DEPENDS) which is not used during building or
linking.

Tested with QEMU on malta/be32, after building all packages from binutils,
bpftools and iproute2, using different libc options musl and glibc.

Fixes: 08e8175696 ("binutils: use nls.mk to fix libbfd link errors in
other packages")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 9a59f62f61)
2021-04-10 14:22:28 +02:00
Tony Ambardar
f88459de25 bpftools: drop unneeded libintl linking for NLS
There is no direct linking of libintl from bpftools, only secondary linking
through libelf, so remove "-lintl" from TARGET_LDFLAGS.

Fixes: 5582fbd613 ("bpftools: support NLS, fix ppc build and update to 5.8.9")
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit c8c638a19b)
2021-04-10 14:22:28 +02:00
Tony Ambardar
3e9d639e8f iproute2: separate tc into tiny and full variants
This change was investigated previously [1] but not deemed necessary. With
the recent addition [2] of modern BPF loader support, however, tc gained
dependencies on libelf and libbpf, with a larger installation footprint.

Similar to ip-tiny/ip-full, split tc into tc-full and tc-tiny variants,
where the latter excludes the eBPF loader, uses a smaller executable, and
avoids libelf and libbpf package dependencies. Both variants provide the
'tc' virtual package, with tc-tiny as the default.

The previous tc package included a loadable module for iptables actions.
Separate this out into a common package, tc-mod-iptables, which both
variants depend on. Some package sizes on mips_24kc:

Before:
  148343  tc_5.11.0-1_mips_24kc.ipk

After:
  144833  tc-full_5.11.0-2_mips_24kc.ipk
  138430  tc-tiny_5.11.0-2_mips_24kc.ipk  (and no libelf or libbpf)
    4115  tc-mod-iptables_5.11.0-2_mips_24kc.ipk

Also fix up some Makefile indentation.

[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447619962
[2] b048a305a3 ("iproute2: update to 5.11.0")

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 72885e9608)
2021-04-10 14:22:28 +02:00
Tony Ambardar
0d5e308664 kernel/modules: relocate teql hotplug from iproute2 to kmod-sched
The link equalizer sch_teql.ko of package kmod-sched relies on a hotplug
script historically included in iproute2's tc package. In previous
discussion [1], consensus was the hotplug script is best located together
with the module in kmod-sched, but this change was deferred at the time.

Relocate the hotplug script now. This change also simplifies adding a tc
variant for minimal size with reduced functionality.

[1] https://github.com/openwrt/openwrt/pull/1627#issuecomment-447923636

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 863ce4f15f)
2021-04-10 14:22:28 +02:00
Tony Ambardar
e07105303f iproute2: add missing limits.h includes
This patch has been submitted upstream to fix an error reported by a few
users. One instance seen using gcc 10.2.0, binutils 2.35.1 and musl 1.1.24:

bpf_glue.c: In function 'get_libbpf_version':
bpf_glue.c:46:11: error: 'PATH_MAX' undeclared (first use in this function);
did you mean 'AF_MAX'?
   46 |  char buf[PATH_MAX], *s;
      |           ^~~~~~~~
      |           AF_MAX

Reported-by: Rui Salvaterra <rsalvaterra@gmail.com>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 10ffefe602)
2021-04-10 14:22:28 +02:00
Tony Ambardar
0ffc498ddd iproute2: update to 5.11.0
The latest iproute2 version brings various improvements and fixes:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/log/?qt=range&q=v5.10.0..v5.11.0

In particular, ip and tc now use libbpf as the standard way to load BPF
programs, rather than the old, limited custom loader. This allows more
consistent and featureful BPF program handling e.g. support for global
initialized variables.

Also fix a longstanding problem with iproute2 builds where unneeded DSO
dependencies are added to most utilities, bloating their installation
footprint. From research and testing, explicitly using a "--as-needed"
linker flag avoids the issue. Update accordingly and drop extra package
dependencies from Makefile.

Additional build and packaging updates include:

  - install missing development header to iproute2/bpf_elf.h
  - propagate OpenWrt verbose flag during build
  - update and refresh patches

Compile and run tested: QEMU/malta-mips32be on kernels 5.4 & 5.10.

All iproute2 packages were built and installed to the test image. Some
regression testing using ip-full and tc was successfully performed to
exercise several kmods, tc modules, and simple BPF programs.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit b048a305a3)
2021-04-10 14:22:28 +02:00
Ilya Lipnitskiy
272a9e1975 wireguard-tools: depend on kmod-wireguard
To the vast majority of the users, wireguard-tools are not useful
without the underlying kernel module. The cornercase of only generating
keys and not using the secure tunnel is something that won't be done on
an embedded OpenWrt system often. On the other hand, maintaining a
separate meta-package only for this use case introduces extra
complexity. WireGuard changes for Linux 5.10 remove the meta-package.
So let's make wireguard-tools depend on kmod-wireguard
to make WireGuard easier to use without having to install multiple
packages.

Fixes: ea980fb9 ("wireguard: bump to 20191226")
Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit cbcddc9f31)
2021-04-10 14:21:32 +02:00
Ilya Lipnitskiy
7114416fbe kernel: fix kmod-wireguard package fields
Use NETWORK_SUPPORT_MENU like all other modules in netsupport.mk. Drop
SECTION and CATEGORY fields as they are set by default and to match
other packages in netsupport.mk. Use better TITLE for kmod-wireguard
(taken from upstream drivers/net/Kconfig).

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 0b53d6f7fa)
2021-04-10 14:21:32 +02:00
Jason A. Donenfeld
ff6d629d32 wireguard-tools: bump to 1.0.20210223
Simple version bump with accumulated fixes.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit e0f7f5bbce)
2021-04-10 14:21:32 +02:00
Ilya Lipnitskiy
a701d4b841 kernel: migrate wireguard into the kernel tree
On Linux 5.4, build WireGuard from backports. Linux 5.10 contains
wireguard in-tree.

Add in-kernel crypto libraries required by WireGuard along with
arch-specific optimizations.

Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
(cherry picked from commit 06351f1bd0)
(cherry picked from commit 464451d9ab)
2021-04-10 14:21:32 +02:00
Rafał Miłecki
91e0865ff5 firmware-utils: bcm4908img: convert into a package
bcm4908img is a tool managing BCM4908 platform images. It's used for
creating them as well as checking, modifying and extracting data from.

It's required by both: host (for building firmware images) and target
(for sysupgrade purposes). Make it a host/target package.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9b4fc4cae9)
2021-04-08 13:16:13 +02:00
Felix Fietkau
64ddac2c1c mac80211: merge a few pending tx related fixes
Improve performance and fix potential mgmt tx hangs/warnings

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 571aedbc6c)
2021-04-04 11:39:51 +02:00
Felix Fietkau
69794908b6 mac80211: backport upstream patches for driver disconnect
Needed for an mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 5dc5015072)
2021-04-04 11:39:51 +02:00
Felix Fietkau
95b838f75b build: use -nostdinc and -isystem in NOSTDINC_FLAGS for out-of-tree kernel modules
This resolves issues uncovered by musl updates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 9ac47ee469)
2021-04-04 11:39:51 +02:00
Donald Hoskins
b2c9a8741f libunwind: Add MIPS64 dep check
libunwind dependency check does not allow for MIPS64 arch.  Add MIPS64 awareness.

libunwind seems to support MIPS64 without issues, it was limited by the dep arch
check in the Makefile.

Used to compile Suricata6/Rust locally without issue.

Signed-off-by: Donald Hoskins <grommish@gmail.com>
(cherry picked from commit ea6d4bdde2)
2021-03-29 22:26:27 +02:00
Tony Ambardar
6b2bcd2597 bpftools: fix libbpf pkgconfig file
The pkgconfig file hardcodes a host library directory which cannot be
overridden by OpenWrt during builds. Use SED to fix this and potential
include directory problems, as is done with several other packages.

This fixes a strange issue intermittently seen building iproute2 on the
oxnas target:

iptables modules directory: /usr/lib/iptables
libc has setns: yes
SELinux support: no
libbpf support: no
	libbpf version 0.3.0 is too low, please update it to at least 0.1.0
	LIBBPF_FORCE=on set, but couldn't find a usable libbpf

Fixes: 2f0d672088 ("bpftools: add utility and library packages
supporting eBPF usage")
Reported-by: Russell Senior <russell@personaltelco.net>
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 9e64e4ce26)
2021-03-29 22:26:27 +02:00
Eike Ritter
b89accdfbc ppp: compile fix: unset FILTER variable in Makefile
If the environment variable FILTER is set before compilation,
compilation of the ppp-package will fail with the error message

Package ppp is missing dependencies for the following libraries:
libpcap.so.1

The reason is that the OpenWrt-patch for the Makefile only comments
out the line FILTER=y. Hence the pcap-library will be dynamically
linked if the environment variable FILTER is set elsewhere, which
causes compilation to fail. The fix consists on explicitly unsetting
the variable FILTER instead.

Signed-off-by: Eike Ritter <git@rittere.co.uk>
(cherry picked from commit 46cd0765d0)
2021-03-29 22:26:27 +02:00
Russell Senior
290b28664d busybox: udhcpc, allow zero length dhcp options
This patch skips zero length DHCP options instead of failing.

Signed-off-by: Russell Senior <russell@personaltelco.net>
(cherry picked from commit 1c04365071)
2021-03-29 22:16:54 +02:00
Tony Ambardar
7939d4a1b1 firewall3: update to latest git HEAD
This includes several improvements and fixes:

  61db17e rules: fix device and chain usage for DSCP/MARK targets
  7b844f4 zone: avoid duplicates in devices list
  c2c72c6 firewall3: remove last remaining sprintf()
  12f6f14 iptables: fix serializing multiple weekdays
  00f27ab firewall3: fix duplicate defaults section detection
  e8f2d8f ipsets: allow blank/commented lines with loadfile
  8c2f9fa fw3: zones: limit zone names to 11 bytes
  78d52a2 options: fix parsing of boolean attributes

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 0d75aa27d4)
2021-03-29 20:26:33 +02:00
Mauri Sandberg
b526fbb1ce packages: kernel: add gpio-nxp-74hc153
NXP 74HC153 is a GPIO expander. Its original source cide sits in ar71xx
architecture tree. It has been slightly modified to get GPIO pin
configuration from the device tree rather than a MACH file.

 Changes to the source file:
  - Remove struct nxp_74hc153_config
  - in nxp_74hc153_probe(), fetch GPIO configuration from device tree
  - allow GPIO framework decide the base number by passing -1 to it
  - remove support for kernel versions below 4.5.0
  - add OF device compatibility string

 Create a package for inclusion in image.

References: https://lore.kernel.org/linux-gpio/545111184.50061.1615922388276@ichabod.co-bxl/
Signed-off-by: Mauri Sandberg <sandberg@mailfence.com>
[added link to driver usptreaming work in progress]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 6a6f9e73dd)
2021-03-27 07:46:14 +01:00
Eneas U de Queiroz
e7a9ee0580 openssl: bump to 1.1.1k
This version fixes 2 security vulnerabilities, among other changes:

 - CVE-2021-3450: problem with verifying a certificate chain when using
   the X509_V_FLAG_X509_STRICT flag.

 - CVE-2021-3449: OpenSSL TLS server may crash if sent a maliciously
   crafted renegotiation ClientHello message from a client.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 0bd0de7d43)
2021-03-27 07:34:35 +01:00
Daniel Golle
aacf378608
mwlwifi: add PKG_FLAGS:=nonshared
This should fix the problem of mwlwifi-firmware-* not being found
when using the ImageBuilder.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 9b3aaf1cdb)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-03-24 20:52:59 +00:00