Commit Graph

15396 Commits

Author SHA1 Message Date
Felix Fietkau
646d28f996 mt76: update to the latest version
a9d4c0e mt76: mt76x2: avoid running DPD calibration if tx is blocked
4d7e13f mt76: explicitly disable energy detect cca during scan
e3c1aad mt76: run MAC work every 100ms
4e8766a mt76: clear CCA timer stats in mt76x02_edcca_init
e301f23 mt76: measure the time between mt76x02_edcca_check runs
74075ef mt76: increase ED/CCA tx block threshold

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-02-03 20:45:56 +01:00
Petr Štetiar
3b40121530 kernel: Fix drm dependency on drm_panel_orientation_quirks.ko for 4.19
Package kmod-drm is missing dependencies for the following libraries:

 drm_panel_orientation_quirks.ko

It seems, that since Linux 4.15-rc2 drm depends on drm_panel_orientation_quirks.ko

 commit 8d70f395e6cbece665b12b4bf6dbc48d12623014
 Author: Hans de Goede <j.w.r.degoede@gmail.com>
 Date:   Sat Nov 25 20:35:49 2017 +0100

    drm: Add support for a panel-orientation connector property, v6

    On some devices the LCD panel is mounted in the casing in such a way that
    the up/top side of the panel does not match with the top side of the
    device (e.g. it is mounted upside-down).

    This commit adds the necessary infra for lcd-panel drm_connector-s to
    have a "panel orientation" property to communicate how the panel is
    orientated vs the casing.

    Userspace can use this property to check for non-normal orientation and
    then adjust the displayed image accordingly by rotating it to compensate.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-02-01 17:35:34 +01:00
Felix Fietkau
efa6b8b6b6 mt76: update to the latest version
a4ec45c mt7603: fix LED support (copy CFLAGS from main Makefile)
edda5c5 mt76x02: use mask for vifs
dd52191 mt76x02: use commmon add interface for mt76x2u
a80acaf mt76x02: initialize mutli bss mode when set up address
38e832d mt76x02: minor beaconing init changes
171adaf mt76x02: init beacon config for mt76x2u
dcab682 mt76: beaconing fixes for USB
ff81de1 mt76x02: enable support for IBSS and MESH
8027b5d mt7603: remove copyright headers
e747e80 mt76: fix software encryption issues
2afa0d7 mt7603: remove WCID override for software encrypted frames

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-31 23:22:16 +01:00
Hans Dedecker
8399ee4543 netifd: handle hotplug event socket errors
5cd7215 system-linux: handle hotplug event socket ENOBUFS errors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-31 22:14:55 +01:00
Sven Roederer
6e575fa9d6 openssl: update list of mirrors
Host "gd.tuwien.ac.at" does not exists anymore, so we replace it by "ftp.pca.dfn.de" from the official list of mirrors.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2019-01-31 21:21:49 +01:00
Andre Heider
4b403821c6
uboot-omap: add 'rootwait' to the kernel cmdline
Some SD cards take a while to get detected, fix booting of those.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2019-01-31 14:07:00 +01:00
Kevin Darbyshire-Bryant
352db3e62a dnsmasq: latest pre-2.81 patches
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-01-31 10:13:05 +00:00
Jo-Philipp Wich
40bb2ae211 opkg: update to latest Git head
d4ba162 libopkg: only perform size check when information is available

Fixes: e079591b84 ("opkg: update to latest Git head")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-31 10:23:20 +01:00
Jo-Philipp Wich
e079591b84 opkg: update to latest Git head
cb66403 libopkg: check for file size mismatches

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-31 08:52:51 +01:00
Felix Fietkau
f665fb058f mt76: update to the latest version
c3da1aa mt7603: trigger beacon stuck detection faster
7a53138 mt7603: trigger watchdog reset if flushing CAB queue fails
6eef33b mt7603: remove mt7603_txq_init
ae30c30 mt76: add driver callback for when a sta is associated
0db925f mt7603: update HT/VHT capabilities after assoc
b5ac8e4 mt7603: initialize LED callbacks only if CONFIG_MT76_LEDS is set
c989bac mt76x0: eeprom: fix chan_vs_power map in mt76x0_get_power_info
24bd2c0 mt76x0: phy: report target_power in debugfs
bc7ce2a mt76x0: init: introduce mt76x0_init_txpower routine

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-30 15:17:23 +01:00
Günther Kelleter
c3389ab135 base-files: config_get: prevent filename globbing
When config_get is called as "config_get section option" the option
is unexpectedly globbed by the shell which differs from the way options
are read to a variable with "config_get variable section option".
Add another layer of double quotes to fix it.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
2019-01-30 13:20:14 +01:00
Val Kulkov
ed514e7f9e busybox: keep syslog.conf during sysupgrade
If a user finds that logd is too barebone for their needs and wishes
to have more control over syslog, the user presently has an option
to enable CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG and configure syslog
with settings in /etc/syslog.conf.

Presently /etc/syslog.conf silently disappears on sysupgrade. This
patch prevents such unwanted behaviour if busybox syslog is enabled
via CONFIG_BUSYBOX_CONFIG_FEATURE_SYSLOG.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>
2019-01-30 12:30:03 +01:00
Sven Roederer
989060478a openssl: bump to 1.0.2q
This fixes the following security problems:
 * CVE-2018-5407: Microarchitecture timing vulnerability in ECC scalar multiplication
 * CVE-2018-0734: Timing vulnerability in DSA signature generation
 * Resolve a compatibility issue in EC_GROUP handling with the FIPS Object Module

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
2019-01-30 11:59:46 +01:00
Jo-Philipp Wich
c6aa9ff388 uhttpd: disable concurrent requests by default
In order to avoid straining CPU and memory resources on lower end devices,
avoid running multiple CGI requests in parallel.

Ref: https://forum.openwrt.org/t/high-load-fix-on-openwrt-luci/29006
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-30 10:12:00 +01:00
Hans Dedecker
a3ccac6b1d iproute2: drop libbsd dependency
As the usage of libbsd is no longer limited to glibc, prevent libbsd
being picked up by removing the dependency on libbsd.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-29 14:00:13 +01:00
Felix Fietkau
4443804b54 wpa_supplicant: fix calling channel switch via wpa_cli on mesh interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-29 11:27:13 +01:00
Felix Fietkau
ae6b5815cd hostapd: add support for passing CSA events from sta/mesh to AP interfaces
Fixes handling CSA when using AP+STA or AP+Mesh

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-29 11:27:06 +01:00
Felix Fietkau
e1496d631e mac80211: fix an issue with allocated tailroom for encrypted mgmt packets
Fixes kernel warnings and connectivity issues in encrypted mesh networks

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-29 11:12:11 +01:00
Hans Dedecker
617e414643 map: depend on nat46, provide map-t
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-27 18:39:55 +01:00
Hans Dedecker
633cac0cb4 464xlat: import from routing, add myself as maintainer
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-27 18:39:18 +01:00
Hans Dedecker
4856fa30a6 nat46: import for routing, add myself as maintainer
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-27 18:29:52 +01:00
Michael Heimpold
268b5bec80 mbedtls: Kconfig option to enable/disable debug functions
This introduces a new Kconfig option to switch on/off mbedtls' support
for debug functions.

The idea behind is to inspect TLS traffic with Wireshark for debug
purposes. At the moment, there is no native or 'nice' support for
this, but at
68aea15833
an example implementation can be found which uses the debug functions
of the library. However, this requires to have this debug stuff enabled
in the library, but at the moment it is staticly patched out.

So this patch removes the static part from the configuration patch
and introduces a dynamic config file editing during build.

When enabled, this heavily increases the library size, so I added
a warning in the Kconfig help section.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-01-27 01:04:53 +01:00
Deng Qingfang
e8f2302516 mbedtls: update to 2.16.0
Refresh patch

https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.0-2.7.9-and-2.1.18-released

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-01-27 01:04:53 +01:00
Karl Pálsson
04b418ac84 kernel: add kmod-usb-gadget-cdc-composite
This builds the "g_cdc" gadget module, providing ethernet+serial.

Signed-off-by: Karl Pálsson <karlp@etactica.com>
2019-01-27 01:04:37 +01:00
Hauke Mehrtens
fd5c168701 kernel: Build: Split kmod-regmap
This reduces the needed modifications to the mainline Linux kernel and
also makes the regmap package work with an out of tree kernel which
does not have these modifications.

The regmap-core is only added when it is really build as a module.
The regmap-core is normally bool so it cannot be built as a module in an
unmodified kernel. When it is selected by on other kernel module it will
always be selected as build in and it also does not show up in
$(LINUX_DIR)/modules.builtin as it is not supposed to be a kernel module.
When it is not in $(LINUX_DIR)/modules.builtin the build system expects
it to be built as a .ko file.
Just check if the module is really there and only add it in that case.

This splits the regmap package into multiple packages, one for each bus type.
This way only the bus maps which are really needed have to be added.
This also splits the I2C, SPI and MMIO regmap into separate packages to not
require all these subsystems to build them, on an unmodified upstream kernel
this also causes problems in some situations.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-01-27 00:16:13 +01:00
Rosen Penev
8fd5091696 e2fsprogs: Update to 1.44.5
Added e4crypt tool for encrypting files and directories. To work properly
requires kernel and work on keyutils. That will be done in a future commit

Some top-level reorganization for consistency between packages.

Tested on GnuBee PC1 (mt7621).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-01-26 23:11:49 +01:00
Petr Štetiar
c2bdd018a3 uboot-imx6: Bump to 2019.01
Build tested: apalis, mx6sabresd, nitrogen6dl, nitrogen6dl2g, nitrogen6q,
              nitrogen6q2g, nitrogen6s, nitrogen6s1g, wandboard

Run tested: apalis (pending PR #1595)

Cc: Felix Fietkau <nbd@nbd.name>
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-01-26 21:46:32 +01:00
Michael Heimpold
52d7a1d3b2 uboot-mxs: bump to v2019.01
Also update the U-Boot BSP patch for I2SE Duckbill devices.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-01-26 21:46:32 +01:00
David Bauer
28cd2caa35 base-files: sysupgrade: support additional mtd options
Add support for passing additional parameters to mtd called during
sysupgrade. It will be required to toggle the "recovery moe" flag
supported by recent tp-link boards.

Signed-off-by: David Bauer <mail@david-bauer.net>
[split code from board support patch; add commit message]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2019-01-26 21:46:32 +01:00
David Bauer
1e06482f7d mtd: add logic for TP-Link ramips recovery magic
This adds an option to set the recovery flag of newer TP-Link MediaTek
boards and remove it after a successful write.

To make use of this feature, add the '-t' option to mtd-write.

The '-t' option takes the mtd partition containing the recovery flag
(usually 'romfile') as an argument. Make sure this partition is not
flagged as read-only!

Example:
 > mtd -t romfile write owrt.bin firmware

This command writes the recovery-flag before it begins writing the image
to the firmware partition. After the image-write has been successful,
the recovery flag is removed.

This way, the TP-Link web-recovery is automatically enabled on an
unsucessful flash (e.g. power loss).

This option is only available if the mtd package is compiled for the
ramips target.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-01-26 21:46:32 +01:00
Oever González
c43acdf342 mtd: add linksys_bootcount to the ipq40xx target
This commit adds the object 'linksys_bootcount_fix.o' to the ipq40xx
target.

This is needed for the Linksys EA6350v3 device. Without this patch, the
device will switch-back between the current and the last flashed firmware
every 3 (three) reboots. With this patch, the device works as expected.

Signed-off-by: Ryan Pannell <ryan@osukl.com>
Signed-off-by: Oever González <notengobattery@gmail.com>
2019-01-26 21:43:06 +01:00
Oever González
ad3e667539 uboot-envtools: add support for Linksys EA6350v3
This commit adds support for the Linksys EA6350v3 device in the ipq40xx
target.

This is needed for uboot-envtools to access the environment. Without this
patch, the Linksys EA6350v3 will not be able to access the uboot
environment. As a side effect, the feature auto_recovery will make the
device unstable by switching between the latest and the current firmware.

Signed-off-by: Ryan Pannell <ryan@osukl.com>
Signed-off-by: Oever González <notengobattery@gmail.com>
2019-01-26 21:43:04 +01:00
Oever González
fb7b8d5ad3 ipq-wifi: add support for Linksys EA6350v3
This commit adds support for the Linksys EA6350v3 device in the ipq-wifi
target.

Without this patch, the Linksys EA6350v3 won't be hable to have fully
functional wireless interfaces. This is not permanent: the board data has
already been sent to ath10k _at_ lists _dot_ infradead _dot_ org

Signed-off-by: Ryan Pannell <ryan@osukl.com>
Signed-off-by: Oever González <notengobattery@gmail.com>
2019-01-26 21:42:57 +01:00
Oever González
69aa1c5ac0 mac80211: ath: add extra 'regulatory domains'
This patch adds several country codes to the regd.h and regd_common.h
files in order to support devices whose country codes are not present in
the original list.

Without this patch, all devices whose manufacturer programmed any of these
code in their EEPROM will run without wireless interfaces.

Signed-off-by: Oever González <notengobattery@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [matched signed-off]
2019-01-26 21:41:04 +01:00
Christian Lamparter
47c3ada44a uboot-fritz4040: update package to 2019-01-25
David Bauer reported a u-boot crash (data abort) at a odd
place (byteswap) when he ran ping/tftp on his 7530.

|(FRITZ7530) # ping 192.168.1.70
|eth0 PHY0 up Speed :1000 Full duplex
|eth0 PHY1 Down Speed :10 Half duplex
|eth0 PHY2 Down Speed :10 Half duplex
|eth0 PHY3 Down Speed :10 Half duplex
|eth0 PHY4 Down Speed :10 Half duplex
|Using eth0 device
|data abort
|pc : [<84234774>]      lr : [<842351a4>]
|sp : 8412fdb0  ip : 0000009b     fp : 00000000
|r10: 00000000  r9 : 00000001     r8 : 8412ff68
|r7 : 00000000  r6 : 0000002a     r5 : 84244e90  r4 : 8425e28e
|r3 : 84244e90  r2 : 14000045     r1 : 8412fdb0  r0 : 8425e28e
|Flags: nZCv  IRQs off  FIQs off  Mode SVC_32
|Resetting CPU ...
|
|resetting ...

This issue is caused by switch from gcc 5.5 to 7.1+ as explained
in the upstream patch:

|From a768e513b07b5999a8e7d7740ac8d9da04ee7e51 Mon Sep 17 00:00:00 2001
|From: Denis Pynkin <denis.pynkin@collabora.com>
|Date: Fri, 21 Jul 2017 19:28:42 +0300
|Subject: [PATCH] net: Use packed structures for networking
|
|PXE boot is broken with GCC 7.1 due option '-fstore-merging' enabled
|by default for '-O2':
|
|BOOTP broadcast 1
|data abort
|pc : [<8ff8bb30>]          lr : [<00004f1f>]
|reloc pc : [<17832b30>]    lr : [<878abf1f>]
|sp : 8f558bc0  ip : 00000000     fp : 8ffef5a4
|r10: 8ffed248  r9 : 8f558ee0     r8 : 8ffef594
|r7 : 0000000e  r6 : 8ffed700     r5 : 00000000  r4 : 8ffed74e
|r3 : 00060101  r2 : 8ffed230     r1 : 8ffed706  r0 : 00000ddd
|Flags: nzcv  IRQs off  FIQs off  Mode S
|
|Core reason is usage of structures for network headers without packed
|attribute.

Reported-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-01-26 21:09:12 +01:00
David Bauer
b368373fab mpc85xx: add support for OCEDO Panda
CPU:   FSL P1020 (2x 800MHz E500 PPC)
RAM:   1GB DDR3
FLASH: 256MiB NAND
WiFi:  2x Atheros AR9382 2x2:2 abgn
ETH:   2x BCM54616S - 1x BCM53128 8-port switch
LED:   5x LEDs (Power, WiFi1, WiFi2, N/D, SYS)
BTN:   1x RESET

Installation
------------

1. Download initrams kernel image, dtb binary and sysupgrade image.

2. Place initramfs kernel into tftp root directory. Rename to
"panda-uimage-factory".

3. Place dtb binary into tftp root directory. Rename to "panda.fdt".

4. Start tftp server on 192.168.100.8/24.

5. Power up the device with the reset button pressed. It will download
the initrams and dtb via tftp and boot into OpenWRT in RAM.

6. SSH into the device and remove the factory partitions.

 > ubirmvol /dev/ubi0 --name=kernel1
 > ubirmvol /dev/ubi0 --name=rootfs1
 > ubirmvol /dev/ubi0 --name=devicetree1

You will have around 60 MiB of free space with that.

You can also delete "kernel2", "devicetree2", "rootfs2" and "storage"
respectively in case you do not want to go back to the vendor firmware.

7. Modify the U-Boot bootcmd to allow for booting OpenWRT

 > fw_setenv bootcmd_owrt "ubi part ubi && ubi read 0x1000000 kernel
   && bootm 0x1000000"

 > fw_setenv bootargs_owrt "setenv bootargs console=ttyS0,115200
   ubi.mtd=3,2048"

 > fw_setenv bootcmd "run bootargs_owrt; run bootcmd_owrt"

8. Transfer the sysupgrade image via scp into the /tmp directory.

9. Upgrade the device

 > sysupgrade -n /tmp/<imagename>

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-01-26 17:10:19 +01:00
Felix Fietkau
0465e41e05 mt76: update to the latest version
3e9a7d5 Revert "mt7603: fix txd q_idx field value"
815fd03 mt7603: fix CCA timing values
b35cc8e mt7603: set timing on channel change before starting MAC
79b337c mt7603: move CF-End rate update to mt7603_mac_set_timing
3df341d mt7603: avoid redundant MAC timing updates
1c751f3 mt76: avoid scheduling tx queues for powersave stations
2efa389 mt7603: limit station power save queue length to 64
63a79ff mt76: do not report out-of-range rx nss
fe30bd3 mt7603: issue PSE reset on tx hang
ce8cc5d mt7603: issue PSE client reset on init
e342cc5 mt7603: fix buffered multicast count register
aa470d8 mt7603: fix buffered multicast queue flush
b4ee01f mt76: fix tx status timeout processing
7d00d58 mt76x02: fix per-chain signal strength reporting
64abb35 mt76: fix corrupted software generated tx CCMP PN
0b939dc mt76: fix resetting software IV flag on key delete

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-01-25 23:50:17 +01:00
Jo-Philipp Wich
f4d6e8f98f libelf: fix library packaging
The library has an usual shared object file name, which caused the
install glob pattern to miss the actual so.

Fixes: #2082
Fixes; 0e70f69a35 ("treewide: revise library packaging")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-25 18:59:46 +01:00
Martin Schiller
eaaee181d1 ppp: update to version 2.4.7.git-2018-06-23
This bumps ppp to latest git version.

There is one upstream commit, which changes DES encryption calls from
libcrypt / glibc to openssl.

As long as we don't use glibc-2.28, revert this commit.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2019-01-25 14:55:46 +01:00
Hans Dedecker
e906a75e67 procd: update to latest git HEAD
e2b055e hotplug.c: Make sure hotplug buffer is NULL terminated

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-01-24 22:54:13 +01:00
Christian Lamparter
13251aa92b mac80211: ath10k: remove "ath10k: fix otp failure result" patch
Initially this patch was introduced as a quick fix following
the removal of 936-ath10k_skip_otp_check.patch which caused
multiple ath10k pcie devices in various ipq806x and ar71xx/ath79
targets to malfunction.

Thankfully, the affected devices have been updated to utilize
the pre-caldata method. And finally with the switch to ath10k-ct,
which never had the patch or any reports of similar issues, I
think it's time to remove this patch since it is no longer needed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-01-24 15:53:02 +01:00
Jo-Philipp Wich
b1781d5841 iproute2: replace libelf1 dependency with libelf
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 12:56:31 +01:00
Jo-Philipp Wich
8d13529536 perf: replace libelf1 dependency with libelf
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 12:56:11 +01:00
Jo-Philipp Wich
d7bf0898a8 elfutils: rename libelf1 to libelf
The ABI_VERSION:=1 tag will take care of transforming the binary
library package basename.

Add a virtual PROVIDES:=libelf1 for packages still having libelf1
in their DEPENDS:=... lists.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 12:52:23 +01:00
Jo-Philipp Wich
0e70f69a35 treewide: revise library packaging
- Annotate versionless libraries (such as libubox, libuci etc.) with a fixed
  ABI_VERSION resembling the source date of the last incompatible change
- Annotate packages shipping versioned library objects with ABI_VERSION
- Stop shipping unversioned library symlinks for packages with ABI_VERSION

Ref: https://openwrt.org/docs/guide-developer/package-policies#shared_libraries
Ref: https://github.com/KanjiMonster/maintainer-tools/blob/master/check-abi-versions.pl
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 10:39:30 +01:00
Jo-Philipp Wich
68b29a7a95 uclient: set fixed ABI_VERSION on libuclient
Last incompatible change appeared to be 4924411
("http: add proper error handling to uclient_http_redirect()") which
changed the return value of uclient_http_redirect() from bool to int.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-24 10:39:29 +01:00
Jason A. Donenfeld
bbcd0634f8 wireguard: bump to 0.0.20190123
* tools: curve25519: handle unaligned loads/stores safely

This should fix sporadic crashes with `wg pubkey` on certain architectures.

* netlink: auth socket changes against namespace of socket

In WireGuard, the underlying UDP socket lives in the namespace where the
interface was created and doesn't move if the interface is moved. This
allows one to create the interface in some privileged place that has
Internet access, and then move it into a container namespace that only
has the WireGuard interface for egress. Consider the following
situation:

1. Interface created in namespace A. Socket therefore lives in namespace A.
2. Interface moved to namespace B. Socket remains in namespace A.
3. Namespace B now has access to the interface and changes the listen
port and/or fwmark of socket. Change is reflected in namespace A.

This behavior is arguably _fine_ and perhaps even expected or
acceptable. But there's also an argument to be made that B should have
A's cred to do so. So, this patch adds a simple ns_capable check.

* ratelimiter: build tests with !IPV6

Should reenable building in debug mode for systems without IPv6.

* noise: replace getnstimeofday64 with ktime_get_real_ts64
* ratelimiter: totalram_pages is now a function
* qemu: enable FP on MIPS

Linux 5.0 support.

* keygen-html: bring back pure javascript implementation

Benoît Viguier has proofs that values will stay well within 2^53. We
also have an improved carry function that's much simpler. Probably more
constant time than emscripten's 64-bit integers.

* contrib: introduce simple highlighter library

This is the highlighter library being used in:
- https://twitter.com/EdgeSecurity/status/1085294681003454465
- https://twitter.com/EdgeSecurity/status/1081953278248796165

It's included here as a contrib example, so that others can paste it into
their own GUI clients for having the same strictly validating highlighting.

* netlink: use __kernel_timespec for handshake time

This readies us for Y2038. See https://lwn.net/Articles/776435/ for more info.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-01-23 18:06:49 +01:00
Deng Qingfang
752bd72668 iproute2: update to 4.20.0
Update to the latest version of iproute2; see https://lwn.net/Articles/776174/
for a full overview of the changes in 4.20.
Remove upstream patch 001-fix-print_0xhex-on-32-bit.patch and 002-tc-fix-xtables-incorrect-usage-of-LDFLAGS.patch
Introduce a patch to include <linux/limits.h> for XATTR_SIZE_MAX in tc

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-01-23 17:55:21 +01:00
Andy Walsh
45a2771953 uboot-ar71xx: fix musl host build
On musl based distributions, u-boot 2010.03 fails to build with:

    u-boot-2010.03/include/u-boot/crc.h:29:50: error: unknown type name 'uint'
      uint32_t crc32 (uint32_t, const unsigned char *, uint);

The issue was fixed in the newer u-boot-2018.03 version, this commit
backports the change to the older version used by ar71xx/ath79.

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[add commit message from PR description]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-01-22 13:29:46 +01:00
Andy Walsh
94f6030170 librpc: remove package
* replaced with packages/libtirpc
* remove busybox options rarely used/deprecated
BUSYBOX_CONFIG_FEATURE_MOUNT_NFS
BUSYBOX_CONFIG_FEATURE_INETD_RPC

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2019-01-22 13:29:46 +01:00