Commit Graph

16094 Commits

Author SHA1 Message Date
Hans Dedecker
49d35646ea odhcpd: various fixes
8f1347b odhcpd: router: Fix out of scope memory access
d37736e dhcpv6-ia: free assignment when validity timer expires

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-09-03 21:53:43 +02:00
Alin Nastac
22378beb58 iproute2: add libcap support, enabled in ip-full
Preserve optionality of libcap by having configuration script follow the
HAVE_CAP environment variable, used similarly to the HAVE_ELF variable.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase/refresh patches]
(backported from commit a6da3f9ef7)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-30 12:39:27 +02:00
Felix Fietkau
73d45c7378 mac80211: add config tweak for tx bursting when using VHT
By default, set BE tx queue TXOP limit to 2.0 in the hostapd config
Many vendor drivers are doing similar things to boost throughput.
On MT7612 under ideal conditions, it improves tx throughput from 470 Mbit/s
to about 570 Mbit/s.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8650201f10)
2019-08-28 21:05:52 +02:00
Koen Vandeputte
dd4b8a24a1 ath9k: backport dynack improvements
Close cooperation with Lorenzo Bianconi resulted
in these patches which fix all remaining seen issues
when using dynack.

Fix link losses when:
- Late Ack's are not seen or not present
- switching from too low static coverage class to dynack on a live link

These are fixed by setting the Ack Timeout/Slottime to
the max possible value for the currently used channel width when
a new station has been discovered.

When traffic flows, dynack is able to adjust to optimal values
within a few packets received (typically < 1 second)

These changes have been thoroughly tested on ~60 offshore devices
all interconnected using mesh over IBSS and dynack enabled on all.

Distances between devices varied from <100m up to ~35km

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
(cherry picked from commit f6e8ba0238fe349b7529357793e2fb18635819ed)
2019-08-28 13:09:41 +02:00
Jo-Philipp Wich
ee164007b0 fstools: update to latest Git HEAD
6a61b9a probe: fallback to libblkid.so.1 when libblkid.so does not exist

Also remove deprecation notices from init script while we're at it.

Fixes: FS#2274
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 517cb0b70b)
2019-08-28 12:48:45 +02:00
Christian Lamparter
f2c6fa3dbb fstools: update to HEAD of 2019-07-01 - 1539b5
Update fstools to commit 1539b535ac327a3bc599d1ca871e14fd0dc3bba1

git log --pretty=oneline --abbrev-commit ff1ded63..1539b535

1539b53 libblkid-tiny: increment label size to 256
d563f3c libblkid-tiny: fix wrong btrfs label length
3957dd3 block: prevent mount point confusion
9b36dc2 libfstools: avoid false positives when matching devices and volumes

Created with the help of the make-package-update-commit.sh script.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 8036345225)
2019-08-28 12:48:38 +02:00
Jo-Philipp Wich
6710bb25b6 iwinfo: update to latest Git HEAD
a9f9557 nl80211: support reading hardware id from phy directly
c586cd3 iwinfo: add device id for MediaTek MT7612E
d4382dd iwinfo: add device id for Atheros AR9390

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b13f3300d5)
2019-08-28 12:47:08 +02:00
DENG Qingfang
c03765e87a mtd-utils: update to 2.1.1
Removed upstream patch
Compile and run tested on mvebu

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit fb57c617ba5269a6c2050e42b9d68813e262bf0d)
2019-08-27 10:31:06 +02:00
Koen Vandeputte
9952c8cf40 ath10k-ct: update to version 2019-08-14
Changes:

9e5ab25027e0 ath10k-ct:  Update to latest 5.2 upstream, support bigger mtu, 160Mhz

Removed upstreamed patches:
- 204-ath10k-fix-max-antenna-gain-unit.patch
- 205-ath10k-adjust-tx-power-reduction-for-US-regulatory-d.patch

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-08-27 10:31:06 +02:00
Koen Vandeputte
c46219021f ath10k-firmware: update Candela Tech firmware images
This should fix a problem with 1560 MTU, 160Mhz on DFS channels,
some other small issues on < 5.2 kernels, and for 5.2 driver,
it pulls in some upstream stable fixes.

wave-1 firmware changes since last update:

  *  June 24, 2019: Try allocating low-priority WMI msgs if high-prio are not available.

  *  June 24, 2019: Init rate-ctrl to start at lowest rate instead of in the middle.  Hoping
                    this helps DHCP when station connects from a long distance.

wave-2:

  *  June 24, 2019  Start rate-ctrl at minimal values to help DHCP work better for far-away peers.

  *  July 24, 2019  Fix old regression that made /a (and probably /b/g) perform poorly, at least on
                    diet-compiled images.

  *  Aug 8, 2019  Improve a/b/g rate-ctrl by damping the PER swings caused by the all-or-nothing logic
                  of transmitting non-block-ack frames one at a time.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit de5f0764883ad6a0767da58d7359f3e01aa91139)
2019-08-27 10:31:06 +02:00
Hauke Mehrtens
5c47bfb735 ath10k-ct: remove patches for old versions
the ath10k-ct package ships multiple versions of the ath10k-ct driver,
OpenWrt currently only uses the version 4.19, but we still ship some
patches for older versions. Remove all patches only touching older
versions and also remove the patch for older versions from patches which
do the same changes to multiple versions of ath10k-ct.

This removes some unneeded patches, the end binary should stay the same.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 10fe5ca362)
2019-08-27 10:31:06 +02:00
Hauke Mehrtens
218cc22a43 ath10k-ct: update to version 2019-06-13
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 8f61b4cac4)
2019-08-27 10:31:06 +02:00
Hauke Mehrtens
3a2bdf91bf ath10k-firmware: Fix mirror hash
Fixes: 7f79882d44 ("ath10k-firmware: update board-2.bin for community firmwares")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 7c640c2960)
2019-08-27 10:31:06 +02:00
Christian Lamparter
e57a756487 ath10k-firmware: update board-2.bin for community firmwares
This patch updates the board-2.bin for the default
IPQ4019, QCA9984 and QCA9888 ath10k-firmware-xyz-ct
and -ct-htt firmwares.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7f79882d44)
2019-08-27 10:31:06 +02:00
Kevin Darbyshire-Bryant
3898d98061 ath10k-firmware: update Candela Tech firmware images
wave-1:

2019-05-09: Tweak rate-ctrl:  Ramp PER up faster, down slower.  This
	    helps throughput in rate-vs-range test, especially with
	    nss1.

2019-05-20: Disable adaptive-CCA.  I am not sure it helps, and it may
	    make it slower to detect noise that should tell the system
	    to stop transmitting.  If someone has means to test this
	    properly, I'd be happy to work with them.

wave-2:

2019-05-15: Fix problem where rate-ctrl sometimes used rix of 0x0.

2019-05-15: Allow raw-tx of encrypted frame.  Requires a patch to the
	    driver to use raw mode when skb has WEP flag enabled AND
	    skb is flagged to not be encrypted.  Lightly tested.

2019-05-16: Fix tx-hang that happened when rate-ctrl chose an OFDM rate
	    for 20Mhz and sent that as AMPDU.  To fix, limit to (V)HT
	    rates if peer is (V)HT.  It seems that MCS0 (V)HT20 should
	    have as good of a chance of being detected as CCK or OFDM.

2019-06-06: Disable TX-BFEE, TX-BFER for IBSS connections.  I suspect
	    this is part of the tx-hang issue seen with IBSS between
	    two 9984 radios.

2019-06-12: Fix rx-rate reporting in 'fw_stats' logic.  This was at
	    least partly due to regressions I had added earlier when
	    working on some multi-vdev enhancements.

2019-6-12: Fix case where extd peer-stats were not always populated.
	   The stats gathering code did not handle error conditions
	   well.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit ff2382e36c)
2019-08-27 10:31:06 +02:00
Kevin Darbyshire-Bryant
f830903c37 ath10k-ct: Update to 2019-06-13
Changes:

ath10k:  Improve PMF/MPF mgt frame check

And add a driver for 5.2 (beta, not even tested yet) kernel.

Refresh patches.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 49b3dcb2ab)
2019-08-27 10:31:06 +02:00
Felix Fietkau
c3327f48dc mt76: update to the latest version
b3a29655ae0b mt76x02: fix crash on device reset
ffddb685a679 mt76x02u: check chip version on probe
7fc5f925ec35 mt76x2u: remove duplicated entry in mt76x2u_device_table
61311d9b307a mt76: introduce mt76_free_device routine
a7dfcf2e2498 mt76: move mac_work in mt76_dev
334b4cedf2b0 mt76: add mac80211 driver for MT7615 PCIe-based chipsets
edb2a001b695 mt76: add unlikely() for dma_mapping_error() check
355c07904da7 mt76: use macro for sn and seq_ctrl conversion
133bffba8bb2 add firmware for MT7615E
49d9c1b29f1d mt76: usb: reduce locking in mt76u_tx_tasklet
3e371ca35c7f mt76: set txwi_size according to the driver value
50073265559a mt76: add skb pointer to mt76_tx_info
c47a5685d00b mt76: dma: introduce skb field in mt76_txwi_cache
9029560fad1f mt76: dma: add skb check for dummy pointer
e9eea3923774 mt76: mt7615: use sizeof instead of sizeof_field
98c5359e9649 Revert "mt76: fix potential deadlock on cancelling workqueues"
bc9baa7b12b9 mt76x02u: remove bogus stop on suspend
6c1cab9abafc mt76usb: fix tx/rx stop
0e674c50a5a3 mt76x02: remove bogus mutex usage
59f7bb6fbfc5 Revert "mt76: mt76x02: send no-skb tx status without holding the status lock"
b0f2a30452f0 mt76x02: avoid status_list.lock and sta->rate_ctrl_lock dependency
62054defd78a mt76: mt7603: remove query from mt7603_mcu_msg_send signature
e79d96acf597 mt76: mt7603: use standard signature for mt7603_mcu_msg_send
be8f0394e335 mt76: mt7603: initialize mt76_mcu_ops data structure
9a9c6569e987 mt76: introduce mt76_mcu_restart macro
980b91e04006 mt76: mt7603: init mcu_restart function pointer
a97db3f3ceee mt76: mt7603: run __mt76_mcu_send_msg in mt7603_mcu_send_firmware
151115f8160b mt76: mt76x02: mt76x02_poll_tx() can be static
7391f98f8b4b mt76: fix endianness sparse warnings
6c06f7381129 mt76: mt7603: report firmware version using ethtool
f06647efbd1c mt76: usb: use EP max packet aligned buffer sizes for rx
f43fccf0990e mt76: move beacon_int in mt76_dev
74ab2cf6171e mt76: move beacon_mask in mt76_dev
23c2f94deeeb mt76: add TX/RX antenna pattern capabilities
6e790e106a84 mt76: move pre_tbtt_tasklet in mt76_dev
7606c08414e5 mt76: mt7603: enable/disable pre_tbtt_tasklet in mt7603_set_channel
ff22eee58520 mt76: do not enable/disable pre_tbtt_tasklet in scan_start/scan_complete
3157385e2277 mt76: mt7603: dynamically alloc mcu req in mt7603_mcu_set_eeprom
cc674e2d1f10 mt76: mt76x02: remove useless return in mt76x02_resync_beacon_timer
6b184272ba15 mt76: move tx_napi in mt76_dev
bce63c453c85 mt76: mt7603: use napi polling for tx cleanup
4afd89e8ab20 mt76: mt7615: use napi polling for tx cleanup
2cb46830faf7 mt76: move netif_napi_del in mt76_dma_cleanup
b4ceb9f7c791 mt76: Fix a signedness bug in mt7615_add_interface()
d00dc9524068 mt76: mt7615: Use after free in mt7615_mcu_set_bcn()
4e0ccc6a2da6 mt76: mt7615: Make mt7615_irq_handler static
0fd552a55847 mt7615: mcu: simplify __mt7615_mcu_set_wtbl
50f70948ffcc mt7615: mcu: simplify __mt7615_mcu_set_sta_rec
4434d04d3c50 mt7615: mcu: remove bss_info_convert_vif_type routine
083fbb97223c mt7615: mcu: use proper msg size in mt7615_mcu_add_wtbl_bmc
f61ca8019129 mt7615: mcu: use proper msg size in mt7615_mcu_add_wtbl
35bd12d609ac mt7615: mcu: unify mt7615_mcu_add_wtbl_bmc and mt7615_mcu_del_wtbl_bmc
f8f990b9092e mt7615: mcu: remove unused parameter in mt7615_mcu_del_wtbl
965bca14795e mt7615: remove query from mt7615_mcu_msg_send signature
9b9ca18d9602 mt7615: remove dest from mt7615_mcu_msg_send signature
935b7e5edaba mt7615: mcu: remove skb_ret from mt7615_mcu_msg_send
2442db44c2ab mt7615: mcu: unify __mt7615_mcu_set_dev_info and mt7615_mcu_set_dev_info
645bc458e1ab mt7615: mcu: do not use function pointers whenever possible
40c4201c28bf mt7615: mcu: remove unused structure in mcu.h
a8834a233fa7 mt7615: mcu: use standard signature for mt7615_mcu_msg_send
824d25c44124 mt7615: initialize mt76_mcu_ops data structure
d9434275a872 mt7615: mcu: init mcu_restart function pointer
c2211e478c6e mt7615: mcu: run __mt76_mcu_send_msg in mt7615_mcu_send_firmware
cb63a06c403a mt76: mt7603: stop mac80211 queues before setting the channel
c6aaa3a2a9ea mt76: mt7615: rearrange cleanup operations in mt7615_unregister_device
97609f3708c7 mt76: mt7615: add static qualifier to mt7615_rx_poll_complete
f9dadd2d9377 mt76: mt7603: add debugfs knob to enable/disable edcca
89cda5d85498 mt7603: fix reading target tx power from eeprom
77d0e3378bd1 mt76: fix setting chan->max_power
f575da2f01a4 mt76: mt76x02: fix tx status reporting issues
a5d18dca9d3e mt76: mt76x02: fix tx reordering on rate control probing without a-mpdu
bd32a93e4996 mt76: mt76x02: remove enable from mt76x02_edcca_init signature
18386eef1d22 mt76: mt76x2u: remove mt76x02_edcca_init in mt76x2u_set_channel
da3514f6de4f mt76: mt76x2: move mutex_lock inside mt76x2_set_channel
0d4719c327ca mt76: mt76x02: run mt76x02_edcca_init atomically in mt76_edcca_set
fd5af7397257 mt76: mt76x02: fix edcca file permission
a0f51f276104 mt76: mt7615: do not process rx packets if the device is not initialized
753cdee4f6f6 mt76: mt7615: stop mcu first in mt7615_unregister_device
899efe755bae mt76: move mt76_insert_ccmp_hdr in mt76-module
6960b6e2d163 mt76: mt7615: add support for mtd eeprom parsing
4bcb0577daa5 mt76: mt7615: select wifi band according to eeprom
866f2c6cd0a2 mt76: generalize mt76_get_txpower for 4x4:4 devices
514fb04492a6 mt76: mt7615: add the capability to configure tx power
ced9d43a8a85 mt76: mt7615: init get_txpower mac80211 callback
8abd502a5f86 mt76: mt7615: rearrange locking in mt7615_config
5b9b62e0b00c mt76: move mt76_get_rate in mt76-module
661c7c8e1acc mt76: Remove set but not used variables 'pid' and 'final_mpdu'
f072c7ba2150 mt76: mt7615: enable support for mesh
28d9496205a6 mt76: mt7615: fix slow performance when enable encryption
827b9ade1672 mt76: mt7615: remove unused variable in mt7615_mcu_set_bcn
34eea1414b8b mt76: mt7615: remove key check in mt7615_mcu_set_wtbl_key
2bfae5a25251 mt76: usb: fix rx A-MSDU support
b0335320fc2c mt76: usb: do not always copy the first part of received frames
3e7fc1573c6f mt76x02: fix reporting of non-probing frames with tx status requested
0d5caead9765 Revert "mt76: usb: do not always copy the first part of received frames"
335e8c6baf77 Revert "mt76: usb: fix rx A-MSDU support"
47ddf4b722a1 mt76: revert support for TX_NEEDS_ALIGNED4_SKBS
0b6520bd1c98 mt7603: rework and fix tx status reporting
539b6796605c mt7603: improve hardware rate switching configuration
d86d6efa7214 mt76x0: fix RF frontend initialization for external PA
f476a14761ec mt76x02: fix endian issue in tx status reporting patch
f8d051785221 mt76: mt7615: simplify mt7615_mcu_set_sta_rec routine
73ff45f618fd mt76: mt7615: add support for per-chain signal strength reporting
9b67ae62d9ea mt76: mt7615: init per-channel target power
160fdc05e260 mt76: mt7615: take into account extPA when configuring tx power
2211d9370976 mt76: mt76x02u: fix sparse warnings: should it be static?
3750533a37a4 mt76: mt7615: fix incorrect settings in mesh mode
c37c1ca3fa01 mt76: mt7615: update peer's bssid when state transition occurs
9dd1089a29af mt76: mt76u: reduce rx memory footprint
0789f45e52c5 mt76: mt7615: remove cfg80211_chan_def from mt7615_set_channel signature
2dca431cd7fc mt76: move nl80211_dfs_regions in mt76_dev data structure
3386ccf7842b mt76: mt76u: get rid of {out,in}_max_packet
d680ab01cddd mt76: usb: fix rx A-MSDU support
6cafaca7225d mt7603: use READ_ONCE instead of ACCESS_ONCE
9e2e0b857710 mt76: round up length on mt76_wr_copy
e378ef1bc1e5 mt76: mt7615: fix sparse warnings: warning: restricted __le16 degrades to integer
7991dd7e25c8 mt76: mt7615: introduce mt7615_regd_notifier
901a4c7b7f8c mt76: mt7615: add hw dfs pattern detector support
57c600e5b945 mt76: mt7615: do not perform txcalibration before cac is complited
6afc9521962f mt76: mt7615: add csa support
8919516006e4 mt76: mt7615: add radar pattern test knob to debugfs
3be723cad7a9 mt76: mt7615: clean up FWDL TXQ during/after firmware upload
47fe37e22fdf mt76: mt7615: fall back to sw encryption for unsupported ciphers
bc5e0417939f mt76: mt7603: enable hardware rate up/down selection
ae760db52abc mt76: mt7615: move mt7615_mcu_set_rates to mac.c
2ae01f7e7715 mt76: mt7615: reset rate index/counters on rate table update
6f9837833baf mt76: mt7615: sync with mt7603 rate control changes
edbe88ec7c1f mt76: usb: fix endian in mt76u_copy
f43b6228facf mt76: usb: remove unneeded {put,get}_unaligned
5e1e5b75d6e8 mt76: usb: use full intermediate buffer in mt76u_copy
017d0ff097f7 mt76: mt76u: fix typo in mt76u_fill_rx_sg
2c0ccf1561c1 mt76: mt7615: always release sem in mt7615_load_patch
0c6f1a2b3c33 mt76: mt7615: introduce mt7615_mcu_send_ram_firmware routine
3dfc1eeffedf mt76: mt7615: fix sparse warnings: incorrect type in assignment (different base types)
947532099c3e mt76: mt7603: fix sparse warnings: warning: incorrect type in assignment (different base types)
e07451d27941 mt76: mt7615: fix sparse warnings: warning: cast from restricted __le16
b973bef0f87f mt7603: do not use tssi-off power value for mt7628
8fc3e6e02e96 mt76: mt7615: fix using VHT STBC rates
b21b99187a54 mt76: mt7615: fix PS buffering of action frames
3d43dd886951 mt76: mt7615: fix invalid fallback rates
0ce46825b8df mt76: mt7603: fix invalid fallback rates
3b08966d99ae Revert "mt76: usb: use full intermediate buffer in mt76u_copy"
48800e7b6088 Revert "mt76: usb: remove unneeded {put,get}_unaligned"
439354d54085 Revert "mt76: usb: fix endian in mt76u_copy"
8c1da9367beb mt76: usb: fix endian in mt76u_copy
307be50cc5f4 mt76: usb: remove unneeded {put,get}_unaligned
5d298297c00c mt76: mt76x02: use params->ssn value directly
f74d117ed41c mt76: mt7603: use params->ssn value directly
649f2e83742e mt76: mt7615: use params->ssn value directly
b647180c86be mt76: mt7615: unlock dfs bands
410923fa24de Revert accidental debugging change
3d7f7384bef0 mt76: mt7615: add missing register initialization
75656a4590a3 net: wireless: support of_get_mac_address new ERR_PTR error
fb0f432834c0 mt76: stop rx aggregation on station removal
76aada563b66 mt76: dma: reset q->rx_buf on rx reset
3245ca8b8aeb mt76: check of_get_mac_address for NULL as well to restore old kernel compat
8e495245ab3d mt76: mt7615: move mt7615_mac_get_key_info in mac.c
e4f48a8df6aa mt76: mt7615: add mt7615_mac_wtbl_addr routine
e8c95e5a41f0 mt76: mt7615: introduce mt7615_mac_wtbl_set_key routine
d998b90c4bed mt76: mt7615: remove wtbl_sec_key definition
60d279ec2762 mt76: mt7615: add set_key_cmd and mt76_wcid to mt7615_mac_wtbl_set_key signature
4947ad4eab6a mt76: introduce mt76_mmio_read_copy routine
4d9001b8ab1d mt76: mt7615: fix MT7615_WATCHDOG_TIME definition
3d6796b867b6 mt76: mt7603: fix watchdog rescheduling in mt7603_set_channel
8d7a48030005 mt76: mt7615: add 4 WMM sets support
ae0f11149248 mt76: mt7615: update cw_min/max related settings
8b7bbd017654 mt76: mt7603: fix some checkpatch warnings
e6045467848d mt76: mt7615: fix some checkpatch warnings
c415c676e255 mt76: mt76x02: fix some checkpatch warnings
f625afcedc9b mt76: switch to SPDX tag instead of verbose boilerplate text
4d57f1cee4aa mt76: mt7615: rework locking scheme for mt7615_set_channel
2becd13be766 mt76: mt7615: add Smart Carrier Sense support
20f0c196722a mt76: mt76x02: introduce mt76x02_pre_tbtt_enable and mt76x02_beacon_enable macros
ae83a05b1050 mt76: mt76x02: do not copy beacon skb in mt76x02_mac_set_beacon_enable
92fa62ace198 mt76: mt76x02u: enable multi-vif support
c6dabfe953af mt76: mt76x02u: enable survey support
1f44159b41ff mt76: mt7603: move survey_time in mt76_dev
9657e6304322 mt76: mt7615: enable survey support
af860c0decb1 mt76: move mt76_tx_tasklet in mt76 module
a9d2a28b39fc mt76: mt7603: remove unnecessary mcu queue initialization
281b10fc1fe6 mt76: mt7615: add BIP_CMAC_128 cipher support
37673a4181e4 mt76: fix some checkpatch warnings
a7fa32603981 mt76: add default implementation for mt76_sw_scan/mt76_sw_scan_complete
5c35bdf057af mt7615: apply calibration-free data from OTP
0e3baf0213c9 mt76: fix a leaked reference by adding a missing of_node_put
2d5928fef23d net: Remove dev_err() usage after platform_get_irq()
a0824197ab00 mt76: mt76x0e: disable 5GHz band for MT7630E
4d8a9f20610f mt76: do not send BAR frame on tx aggregation flush stop
2a0edbb4473b mt76: remove offchannel check in tx scheduling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-26 19:10:10 +02:00
Felix Fietkau
7c32f8eff0 mac80211: backport support for the IEEE80211_KEY_FLAG_GENERATE_MMIE flag
Required for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 0441edfb7f)
2019-08-26 18:43:24 +02:00
Felix Fietkau
1a1a504a54 mac80211: add new minstrel_ht patches to improve probing on mt76x2
Also include follow-up regression fix from master

Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commits 9861050b85 and f0992d7a30)
2019-08-26 16:27:30 +02:00
Hauke Mehrtens
7d300326ee mdadm: Use upstream fix for musl 1.1.23 compile
Fixes: d720f83f87 ("mdadm: Fix compile with musl 1.1.23")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ebbec2fdc6)
2019-08-21 10:28:27 +02:00
Hauke Mehrtens
d720f83f87 mdadm: Fix compile with musl 1.1.23
This adds missing includes for sys/sysmacros.h which are needed with
musl libc 1.1.23.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ba8aeb02ea)
2019-08-21 10:27:09 +02:00
Hans Dedecker
c85f9a245a odhcpd: remove socket from uloop upon NETEV_IFINDEX_CHANGE
949476e router: close socket upon NETEV_IFINDEX_CHANGE fixed

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-19 21:31:15 +02:00
Jo-Philipp Wich
5d906a656e uhttpd: update to latest Git HEAD
6b03f96 ubus: increase maximum ubus request size to 64KB

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d1f207ecc9)
2019-08-18 20:01:59 +02:00
Jo-Philipp Wich
190c5626ff uhttpd: add direct dependency on libjson-c
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by uhttpd
as direct dependencies to the corresponding binary package definition.

This ensures that uhttpd is automatically rebuilt and relinked if any
of these libraries has its ABI_VERSION updated in the future.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit a95ddaba02)
2019-08-18 20:01:58 +02:00
Hauke Mehrtens
a2a311fc2b uhttpd: Fix format string build problems
91fcac34ac uhttpd: Fix multiple format string problems

Fixes: fc454ca153 libubox: update to latest git HEAD
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3c401f45c9)
2019-08-18 20:01:58 +02:00
Luiz Angelo Daros de Luca
3b34fcaf94 musl: ldso/dlsym: fix mips returning undef dlsym
This happens only the second time a library is loaded by dlopen().
After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef
symbol from lib1 dependencies. After the second library is loaded,
dlsym(lib2,"undef1") was returning the address of "undef1" in lib2
instead of searching lib2 dependencies.

Using upstream fix which now uses the same logic for relocation time
and dlsym.

Fixes openwrt/packages#9297

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 0d0617ff14)
2019-08-17 17:13:51 +02:00
Rosen Penev
6868188101 bzip2: Update to 1.0.8
It seems bzip2 was abandoned by the author and adopted by the sourceware
people. The last release of bzip2 was from 2010.

Several security bugs were fixed as well as others.

Fixed up PKG_LICENSE to be compatible with SPDX.

Changed URLs to point to the new home.

Added patch that gets rid of deprecated utime function and switches it to
utimensat.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-17 17:00:11 +02:00
Eneas U de Queiroz
b35e1360cd wolfssl: bump to 4.1.0-stable
Always build AES-GCM support.
Unnecessary patches were removed.

This includes two vulnerability fixes:

CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK
extension parsing.

CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.

This brings the package up-to-date with master, so it incorporates
changes from 4.0.0 in master:
* Removed options that can't be turned off because we're building with
  --enable-stunnel, some of which affect hostapd's Config.in.
* Adjusted the title of OCSP option, as OCSP itself can't be turned off,
  only the stapling part is selectable.
* Mark options turned on when wpad support is selected.
* Add building options for TLS 1.0, and TLS 1.3.
* Add hardware crypto support, which due to a bug, only works when CCM
  support is turned off.
* Reorganized option conditionals in Makefile.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-08-17 17:00:10 +02:00
Hauke Mehrtens
3809b6662d mac80211: Update to version 4.19.66-1
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 13:36:06 +02:00
Hauke Mehrtens
ac7ccf739a mac80211: Update to version 4.19.57
This updates to backports-4.19.57-1 which contains the wireless
subsystem and driver from kernel 4.19.57.
The removed patches are applied upstream.

Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 13:36:06 +02:00
Hans Dedecker
0f0ed2451e odhcpd: fix closing of router socket
c2d6032 router: fix previous commit

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-17 09:45:10 +02:00
Hans Dedecker
45a26cb211 odhcpd: fix sending RA when link state brings bridge down
13928b3 router: close socket upon NETEV_IFINDEX_CHANGE

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-16 09:54:43 +02:00
Hans Dedecker
30798132bf odhcpd: fix lingering uloop socket descriptor
e9e8240 router: fix lingering uloop socket descriptor

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-10 10:18:00 +02:00
Jo-Philipp Wich
872cbcc628 config: introduce separate CONFIG_SIGNATURE_CHECK option
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.

This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.

Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.

As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f565f276e2)
2019-08-07 07:53:48 +02:00
Petr Štetiar
ff550dae32 adb: fix build breakage on recent musl
Fix build breakage as upstream has removed implicit include of
sys/sysmacros.h from sys/types.h:

 remove implicit include of sys/sysmacros.h from sys/types.h

 this reverts commit f552c792c7ce5a560f214e1104d93ee5b0833967, which
 exposed the sysmacros.h macros (device major/minor calculations) for
 BSD and GNU profiles to mimic an unintentional glibc behavior some
 code depended on. glibc has deprecated and since removed them as the
 resolution to bug #19239, so it makes no sense for us to keep this
 behavior. affected code should all have been fixed by now, and if it's
 not yet fixed it needs to be for use with modern glibc anyway.

Ref: https://git.musl-libc.org/cgit/musl/commit/include/sys/types.h?id=a31a30a0076c284133c0f4dfa32b8b37883ac930
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 79596f782e)
2019-08-07 07:43:30 +02:00
Jo-Philipp Wich
4fd7a30c70 packages: apply usign padding workarounds to package indexes if needed
Since usign miscalculates SHA-512 digests for input sizes of exactly
64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some
white space padding to avoid triggering the hashing edge case.

While usign itself has been fixed already, there is still many firmwares
in the wild which use broken usign versions to verify current package
indexes so we'll need to carry this workaround in the forseeable future.

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Ref: https://git.openwrt.org/5a52b379902471cef495687547c7b568142f66d2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e1f588e446)
2019-08-07 07:22:37 +02:00
Jo-Philipp Wich
7a10c7b882 usign: update to latest Git HEAD
This update fixes usign signature verification on files with certain
file sizes triggering a bug in the shipped SHA-512 implementation.

5a52b37 sha512: fix bad hardcoded constant in sha512_final()
3e6648b README: replace unicode character
716c3f2 README: add reference to OpenBSD signify
86d3668 README: provide reference for ed25519 algorithm
939ec35 usign: main.c: describe necessary arguments for -G

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 991dd5a893)
2019-08-06 20:58:35 +02:00
Rafał Miłecki
8efccf76f8 mac80211: brcm: improve brcmfmac debugging of firmware crashes
This provides a complete console messages dump.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 6a7b201b6c)
2019-07-28 14:21:50 +02:00
Rafał Miłecki
d8c59fa699 mac80211: brcm: update brcmfmac 5.4 patches
Use commits from wireless-drivers-next.git.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8e466fb7e3)
2019-07-28 14:17:48 +02:00
Biwen Li
e0f468864b tfa-layerscape: fix create_pbl and byte_swap host build
- make create_pbl and byte_swap as host tools

- fix a bug that maybe use the cross compiler
to compile create_pbl and byte_swap:

	# -a option appends the image for Chassis 3 devices in case of non secure boot
	aarch64-openwrt-linux-musl-gcc -Wall -Werror -pedantic -std=c99 -O2
	 -DVERSION=v1.5(release):reboot-10604-ge9216b3336 -D_GNU_SOURCE -D_XOPEN_SOURCE=700
	 -c -o create_pbl.o create_pbl.c
	cc1: note: someone does not honour COPTS correctly, passed 0 times
	  LD      create_pbl
	/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
	/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
	/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
	create_pbl.o: error adding symbols: File in wrong format
	collect2: error: ld returned 1 exit status
	Makefile:43: recipe for target create_pbl failed
	make[4]: *** [create_pbl] Error 1
	plat/nxp/tools/pbl_ch2.mk:45: recipe for target pbl failed
	make[3]: *** [pbl] Error 2

- add tfa- prefix to all tools in order to avoid future clashes with
  other toolnames

Signed-off-by: Biwen Li <biwen.li@nxp.com>
[added missing HOST_CFLAGS, added tfa- prefix to the tools]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 83d5ca2186)
2019-07-27 07:14:09 +02:00
Petr Štetiar
94e9084e1e tfa-layerscape: fix fiptool host build
fiptool is a host tool, used in a firmware generation pipeline, but it's
not treated as such, leading to the build breakage on the hosts which
don't have {Open,Libre}SSL dev package installed:

 In file included from fiptool.h:16:0,
                 from fiptool.c:19:
		 fiptool_platform.h:18:27: fatal error: openssl/sha.h:
		 No such file or directory
		  #  include <openssl/sha.h>

So this patch promotes fiptool into the host tool with proper host
include and library paths under STAGING_DIR.

Ref: https://github.com/openwrt/openwrt/pull/2267
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b8249cef9f)
2019-07-27 07:13:59 +02:00
Jo-Philipp Wich
0a64b70e4e openwrt-keyring: update to Git HEAD
8080ef3 usign: add 19.07 release build pubkey
e24fe0d usign: use distro agnostic comments
251ded7 usign: fix filename of Stijn's usign key
14f0efc gpg: update snapshots public signing key
14f845b gpg: replace my public GPG key
4f735b8 gpg: add OpenWrt 19.07 signing key
228f8da gpg: add OpenWrt 18.06 v2 signing key
36057d9 gpg: update LEDE 17.01 public signing key
f2989ab Add my public GPG and usign key

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e9216b3336)
2019-07-25 19:40:57 +02:00
Petr Štetiar
5100629e32 urngd: move project to git.openwrt.org
Let's move project to a proper place.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit bec8fb1ee7)
2019-07-22 09:53:01 +02:00
Petr Štetiar
f573d3de11 base-files: move urandom seed bits into separate package
So it's possible to install or remove it as needed.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 27bfde9c9f)
2019-07-22 09:53:01 +02:00
Petr Štetiar
81c5a5c4b3 ubox: move getrandom into separate getrandom package
So it's possible to install or remove it as needed.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 9b4de712ca)
2019-07-22 09:53:01 +02:00
Petr Štetiar
5082c1b204 urngd: add micro non-physical true RNG based on timing jitter
μrngd is OpenWrt's micro non-physical true random number generator based
on timing jitter.

Using the Jitter RNG core, the rngd provides an entropy source that
feeds into the Linux /dev/random device if its entropy runs low. It
updates the /dev/random entropy estimator such that the newly provided
entropy unblocks /dev/random.

The seeding of /dev/random also ensures that /dev/urandom benefits from
entropy. Especially during boot time, when the entropy of Linux is low,
the Jitter RNGd provides a source of sufficient entropy.

Acked-by: Jo-Philip Wich <jow@mein.io>
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 714bd89fce)
2019-07-22 09:53:01 +02:00
Rafał Miłecki
bc0c0a5564 mac80211: brcm: backport first set of 5.4 brcmfmac changes
This doesn't include 9ff8614a3dbe ("brcmfmac: use separate Kconfig file
for brcmfmac") due to a few conflicts with backports changes.

An important change is:
[PATCH 2/7] brcmfmac: change the order of things in brcmf_detach()
which fixes a rmmod crash in the brcmf_txfinalize().

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit db8e08a5a4)
2019-07-21 16:24:41 +02:00
David Bauer
6d59f4eeb4 gpio-button-hotplug: unify polled and interrupt code
This patch unifies the polled and interrupt-driven gpio_keys code
paths as well implements consistent handling of the debounce
interval set for the GPIO buttons and switches.

Hotplug events will only be fired if

1. The input changes its state and remains stable for the duration
   of the debounce interval (default is 5 ms).

2. In the initial stable (no state-change for duration of the
   debounce interval) state once the driver module gets loaded.

   Switch type inputs will always report their stable state.
   Unpressed buttons will not trigger an event for the initial
   stable state. Whereas pressed buttons will trigger an event.
   This is consistent with upstream's gpio-key driver that uses
   the input subsystem (and dont use autorepeat).

Prior to this patch, this was handled inconsistently for interrupt-based
an polled gpio-keys. Hence this patch unifies the shared logic into the
gpio_keys_handle_button() function and modify both implementations to
handle the initial state properly.

The changes described in 2. ) . can have an impact on the
failsafe trigger. Up until now, the script checked for button
state changes. On the down side, this allowed to trigger the
failsafe by releasing a held button at the right time. On the
plus side, the button's polarity setting didn't matter.

Now, the failsafe will only engage when a button was pressed
at the right moment (same as before), but now it can
theoretically also trigger when the button was pressed the
whole time the kernel booted and well into the fast-blinking
preinit phase. However, the chances that this can happen are
really small. This is because the gpio-button module is usually
up and ready even before the preinit state is entered. So, the
initial pressed button event gets lost and most devices behave
as before.

Bisectors: If this patch causes a device to permanently go into
failsafe or experience weird behavior due to inputs, please
check the following:
 - the GPIO polarity setting for the button
 - the software-debounce value

Run-tested for 'gpio-keys' and 'gpio-keys-polled' on

 - devolo WiFi pro 1200e
 - devolo WiFi pro 1750c
 - devolo WiFi pro 1750x
 - Netgear WNDR4700
 - Meraki MR24
 - RT-AC58U

Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [further
cleanups, simplification and unification]
(cherry picked from commit 27f3f493de)
2019-07-19 17:04:30 +02:00
Petr Štetiar
074c8e296c gpio-button-hotplug: fix 4.19 build breakage on malta/be64
While testing 4.19 build on malta/be64, I've encountered following
error:

 gpio-button-hotplug/gpio-button-hotplug.c:529:18: error: implicit
 declaration of function 'gpio_to_desc'

which is caused by the missing include fixed by this patch.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit dd6d82112a)
2019-07-19 17:00:30 +02:00
Matt Merhar
c0a715f75e openvpn: fix handling of list options
This addresses an issue where the list option specified in
/etc/config/openvpn i.e. 'tls_cipher' would instead show up in the
generated openvpn-<name>.conf as 'ncp-ciphers'. For context,
'ncp_ciphers' appears after 'tls_cipher' in OPENVPN_LIST from
openvpn.options.

Also, the ordering of the options in the UCI config file is now
preserved when generating the OpenVPN config. The two currently
supported list options deal with cipher preferences.

Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry picked from commit 1d4c4cbd20)
2019-07-17 20:11:41 +02:00
Deng Qingfang
7a4acfce6d iptables: update to 1.8.3
Update iptables to 1.8.3

ChangeLog:
  https://netfilter.org/projects/iptables/files/changes-iptables-1.8.3.txt

Removed upstream patches:
- 001-extensions_format-security_fixes_in_libip.patch
- 002-include_fix_build_with_kernel_headers_before_4_2.patch
- 003-ebtables-vlan-fix_userspace_kernel_headers_collision.patch

Altered patches:
- 200-configurable_builtin.patch
- 600-shared-libext.patch

No notable size changes

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [lipibtc ABI_VERSION fix]
(cherry picked from commit 299f6cb2da)
2019-07-17 13:13:11 +02:00
Rafał Miłecki
74b0b42fc6 libroxml: bump to the 3.0.2 version
* Fix for memory leak regression
* Support for (un)escaping

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 430d65c544)
2019-07-16 14:13:07 +02:00
Petr Štetiar
48662712b2 fstools: add direct dependencies on libblobmsg-json and libjson-c
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefore add all libraries linked by
block-mount and blockd as direct dependencies to the corresponding
binary package definition.

This ensures that block-mount and blockd is automatically rebuilt and
relinked if any of these libraries has its ABI_VERSION updated in the
future.

Fixes: FS#2373
[jow: similar fix for procd and 98.42% of commit message]
Signed-off-by: Jo-Philip Wich <jow@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cbae306815)
2019-07-15 00:48:13 +02:00
Yousong Zhou
1c3587cad9 busybox: strip off ALTERNATIVES spec
Now that busybox is a known alternatives provider by opkg, we remove the
ALTERNATIVES spec and add a note to make the implicit situation clear

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from commit 62be427067)
2019-07-12 09:17:34 +00:00
Yousong Zhou
8936bdb269 opkg: bump to version 2019-06-14
Opkg starting from this version special-cases busybox as alternatives
provider.  There should be no need to add entries to ALTERNATIVES of
busybox package

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from commit e51b513f75)
2019-07-12 09:17:16 +00:00
Hauke Mehrtens
87457ad81b mac80211: Do not build b43legacy on BRCM47xx mips74 subtarget
b43legacy needs ssb support and we do not compile the mips74 subtarget
of the brcm47xx target with SSB support. This causes a build failure in
the mac80211 package and only some of the kernel modules are being
created.

I am not aware of any device with a BRCM47xx mips74 CPU which uses a
b43legacy compatible device.

Fixes: FS#2334
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e05310b9b8)
2019-07-12 01:27:16 +02:00
Adrian Schmutzler
65034359ee base-files: Fix path check in get_mac_binary
Logic was inverted when changing from string check to file check.
Fix it.

Fixes: 8592602d0a ("base-files: Really check path in get_mac_binary")
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6ed3349308)
2019-07-09 23:08:10 +02:00
Hauke Mehrtens
411e42cdc6 wolfssl: Fix package hash
Fixes: 3167a57f72 ("wolfssl: update to 3.15.7, fix Makefile")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-08 16:56:38 +02:00
Konstantin Demin
5ef6c20183 netsupport: move out mqprio from kmod-sched
Currently, there's unable to install "kmod-sched-mqprio" after
"kmod-sched" (or vice versa), because "sch_mqprio.ko" is
shipped in both packages.

Fixes: f83522fa63 ("linux: Add kmod-sched-mqprio")
Fixes: 6af639e0bf ("linux: Add kmod-sched-act-vlan")
Fixes: 72c7e2dc46 ("linux: Add kmod-sched-flower")
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[Add cls_flower and act_vlan]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-08 16:28:27 +02:00
Eneas U de Queiroz
3167a57f72 wolfssl: update to 3.15.7, fix Makefile
This includes a fix for a medium-level potential cache attack with a
variant of Bleichenbacher’s attack.  Patches were refreshed.
Increased FP_MAX_BITS to allow 4096-bit RSA keys.
Fixed poly1305 build option, and some Makefile updates.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 2792daab5a)
2019-07-08 12:41:20 +01:00
Adrian Schmutzler
cd4fcd46f1 base-files: Really check path in get_mac_binary
Currently, path argument is only checked for being not empty.

This changes behavior to actually check whether path exists.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-07-05 22:30:22 +02:00
Karel Kočí
4a7a8d93fa fstools: block-mount: fix restart of fstab service
Restarting service causes file-systems to be unmounted without being
mounted back. When this service was obsoleted it should have been
implemented in a way that all actions are ignored. Up to this commit
default handler was called when restart was requested. This default
handler just simply calls stop and start. That means that stop called
unmount but start just printed that this service is obsoleted.

This instead implements restart that just prints same message like start
does. It just calls start in reality. This makes restart unavailable for
call.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 3ead9e7b74)
2019-06-28 22:03:44 +02:00
Vladimir Vid
6c9a744588 mvebu: fix regression for non-generic ESPRESSObin versions
When targets for multiple ESPRESSObin devices were added, not all
files were updated which means any ESPRESSObin version beside generic
won't have proper networking, sysupgrade and uboot-env. This patch
fixes the issue.

* fixup network detection
* fixup uboot-env
* fixup platform.sh for sysupgrade

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
(cherry picked from commit bc47285cb3)
2019-06-28 21:52:57 +02:00
Bjørn Mork
9deef062a4 base-files: use OPENWRT prefix for os-release variables
Just stumbled across this LEDE legacy, without finding any real reason
to keep it.  There is a single LEDE_DEVICE_MANUFACTURER_URL dependency
in the luci feed repo which needs to be syncronized.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
[re-added missing commit message]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8a34a54b6a)
2019-06-27 17:17:24 +02:00
Koen Vandeputte
096a67796a uqmi: bump to latest git HEAD
1965c7139374 uqmi: add explicit check for message type when expecting a response
01944dd7089b uqmi_add_command: fixed command argument assignment

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit 47986dc6ea1d643cd348501da09cd2e3ee2f9ee1)
2019-06-27 14:17:48 +02:00
Stefan Lippers-Hollmann
69b988c994 mac80211: update WDS/4addr fix to the version accepted upstream
This updates "{nl,mac}80211: allow 4addr AP operation on crypto
controlled devices" to the version (v3), which was accepted into
upstream mac80211.git and which is tagged for -stable backporting
(v4.18+).

https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=33d915d9e8ce811d8958915ccd18d71a66c7c495

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[format-patch]
2019-06-22 13:19:38 +02:00
Kevin Darbyshire-Bryant
2cb8ae2079 iproute2: update ctinfo support
Follow upstream changes - header file changes only
no functional or executable changes, hence no package bump
required

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit a8f0c02f80)
2019-06-20 21:18:46 +01:00
Robinson Wu
4e925d0b82 base-files: fix uci led oneshot/timer trigger
This patch adds a missing type property which prevented
the creation of oneshot and timer led triggers when they
are specified in the /etc/board.d/01_leds files.

i.e.:

ucidef_set_led_timer "system" "system" "zhuotk:green:system" "1000" "1000"

Fixes: b06a286a48 ("base-files: cleanup led functions in uci-defaults.sh")
Signed-off-by: Robinson Wu <wurobinson@qq.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-20 20:09:21 +02:00
Rafał Miłecki
c52054e568 mac80211: brcm: backport remaining brcmfmac 5.2 patches
This improves FullMAC firmware compatibility, adds logging in case of
firmware crash and *may* fix "Invalid packet id" errors.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8888cb725d)
2019-06-16 22:05:54 +02:00
Christian Lamparter
158a716215 mac80211: refresh patches
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-15 19:52:03 +02:00
Christian Lamparter
78049d448c iwinfo: update PKG_MIRROR_HASH
This patch updates the PKG_MIRROR_HASH to match the one
of the current version.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-15 19:10:28 +02:00
Sven Eckelmann
5913543190 ath10k-ct: adjust tx power reduction for US regulatory domain
FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4):

> (4) The conducted output power limit
> specified in paragraph (b) of this section
> is based on the use of antennas
> with directional gains that do not exceed
> 6 dBi. Except as shown in paragraph
> (c) of this section, if transmitting
> antennas of directional gain greater
> than 6 dBi are used, the conducted
> output power from the intentional radiator
> shall be reduced below the stated
> values in paragraphs (b)(1), (b)(2),
> and (b)(3) of this section, as appropriate,
> by the amount in dB that the
> directional gain of the antenna exceeds
> 6 dBi.

https://www.gpo.gov/fdsys/pkg/CFR-2013-title47-vol1/pdf/CFR-2013-title47-vol1-sec15-247.pdf

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-06-15 00:40:25 +02:00
Sven Eckelmann
f1d4da3029 ath10k-ct: fix max antenna gain unit
Most of the txpower for the ath10k firmware is stored as twicepower (0.5 dB
steps). This isn't the case for max_antenna_gain - which is still expected
by the firmware as dB.

The firmware is converting it from dB to the internal (twicepower)
representation when it calculates the limits of a channel. This can be seen
in tpc_stats when configuring "12" as max_antenna_gain. Instead of the
expected 12 (6 dB), the tpc_stats shows 24 (12 dB).

Tested on QCA9888 and IPQ4019 with firmware 10.4-3.5.3-00057.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-06-15 00:40:25 +02:00
Sven Eckelmann
06222ce73e mac80211: ath10k: adjust tx power reduction for US regulatory domain
FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4):

> (4) The conducted output power limit
> specified in paragraph (b) of this section
> is based on the use of antennas
> with directional gains that do not exceed
> 6 dBi. Except as shown in paragraph
> (c) of this section, if transmitting
> antennas of directional gain greater
> than 6 dBi are used, the conducted
> output power from the intentional radiator
> shall be reduced below the stated
> values in paragraphs (b)(1), (b)(2),
> and (b)(3) of this section, as appropriate,
> by the amount in dB that the
> directional gain of the antenna exceeds
> 6 dBi.

https://www.gpo.gov/fdsys/pkg/CFR-2013-title47-vol1/pdf/CFR-2013-title47-vol1-sec15-247.pdf

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-06-15 00:40:25 +02:00
Sven Eckelmann
af76c19d53 mac80211: ath10k: fix max antenna gain unit
Most of the txpower for the ath10k firmware is stored as twicepower (0.5 dB
steps). This isn't the case for max_antenna_gain - which is still expected
by the firmware as dB.

The firmware is converting it from dB to the internal (twicepower)
representation when it calculates the limits of a channel. This can be seen
in tpc_stats when configuring "12" as max_antenna_gain. Instead of the
expected 12 (6 dB), the tpc_stats shows 24 (12 dB).

Tested on QCA9888 and IPQ4019 with firmware 10.4-3.5.3-00057.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-06-15 00:40:25 +02:00
Sven Eckelmann
918f4c8887 mac80211: ath9k: Increase allowed antenna gain to 6 dBi
FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4):

> (4) The conducted output power limit
> specified in paragraph (b) of this section
> is based on the use of antennas
> with directional gains that do not exceed
> 6 dBi. Except as shown in paragraph
> (c) of this section, if transmitting
> antennas of directional gain greater
> than 6 dBi are used, the conducted
> output power from the intentional radiator
> shall be reduced below the stated
> values in paragraphs (b)(1), (b)(2),
> and (b)(3) of this section, as appropriate,
> by the amount in dB that the
> directional gain of the antenna exceeds
> 6 dBi.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-06-15 00:40:25 +02:00
Koen Vandeputte
f96fbf0328 iwinfo: update to latest git HEAD
1372f47eff34 iwinfo: Add Mikrotik R11e-5HnDr2

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-12 16:05:42 +02:00
Yousong Zhou
c4e727f01c dnsmasq: move feature detection inside a shell func
Resolves openwrt/packages#9219

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 04b45d3a31)
2019-06-11 15:07:26 +02:00
Alexander Couzens
b344ca9ca6 OpenWrt v19.07: set branch defaults
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-06-11 01:53:08 +02:00
Alexander Couzens
79948e9d61
replace links towards lede-project.org with openwrt.org
Modify VERSION_SUPPORT_URL VERSION_REPO
Replace BUGS variable in toolchain/gcc/common.mk

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-06-11 01:46:53 +02:00
André Valentin
452d88e8f7 config: add xfrm interface support scripts
This package adds scripts for xfrm interfaces support.
Example configuration via /etc/config/network:

config interface 'xfrm0'
        option proto 'xfrm'
        option mtu '1300'
        option zone 'VPN'
        option tunlink 'wan'
        option ifid 30

config interface 'xfrm0_static'
        option proto 'static'
        option ifname '@xfrm0'
        option ip6addr 'fe80::1/64'
        option ipaddr '10.0.0.1/30'

Now set in strongswan IPsec policy:
 	if_id_in = 30
	if_id_out = 30

Signed-off-by: André Valentin <avalentin@marcant.net>
2019-06-10 10:07:24 +02:00
Hans Dedecker
cc092a285a curl: update to 7.65.1
For changes in 7.65.1; see https://curl.haxx.se/changes.html#7_65_1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-10 10:06:05 +02:00
André Valentin
ae3e232b11 netsupport: add xfrmi interface support
Add support for xfrm interfaces in kernel. XFRM interfaces are used by
the IPsec stack for tunneling.
XFRM interfaces are available since linux 4.19.

Signed-off-by: André Valentin <avalentin@marcant.net>
2019-06-09 21:48:22 +02:00
Petr Štetiar
6c5bfaac84 gpio-button-hotplug: gpio-keys: fix always missing first event
Commit afc056d7dc ("gpio-button-hotplug: support interrupt
properties") changed the gpio-keys interrupt handling logic in a way,
that it always misses first event, which causes issues with rc.button
scripts, so this patch restores the previous behaviour.

Fixes: afc056d7dc ("gpio-button-hotplug: support interrupt properties")
Reported-by: Kristian Evensen <kristian.evensen@gmail.com>
Tested-by: Kuan-Yi Li <kyli.tw@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [drop state check]
2019-06-09 14:51:47 +02:00
Petr Štetiar
27d234a345 gpio-button-hotplug: fix wrong initial seen value
Currently the generated event contains wrong seen value, when the button
is pressed for the first time:

 rmmod gpio_button_hotplug; modprobe gpio_button_hotplug
 [ pressing the wps key immediately after modprobe ]
 gpio-keys: create event, name=wps, seen=1088, pressed=1

So this patch adds a check for this corner case and makes seen=0 if the
button is pressed for the first time.

Tested-by: Kuan-Yi Li <kyli.tw@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-09 14:51:47 +02:00
Petr Štetiar
33ccfe0e14 gpio-button-hotplug: use pr_debug and pr_err
pr_debug can be used with dynamic debugging.

Tested-by: Kuan-Yi Li <kyli.tw@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-09 14:51:47 +02:00
Yousong Zhou
0299a4b73e dnsmasq: skip options that are not compiled in
This is to make life easier for users with customized build of
dnsmasq-full variant.  Currently dnsmasq config generated by current
service script will be rejected by dnsmasq build lacking DHCP feature

 - Options like --dhcp-leasefile have default values.  Deleting them
   from uci config or setting them to empty value will make them take on
   default value in the end
 - Options like --dhcp-broadcast are output unconditionally

Tackle this by

 - Check availablility of features from output of "dnsmasq --version"
 - Make a list of options guarded by HAVE_xx macros in src/options.c of
   dnsmasq source code
 - Ignore these options in xappend()

Two things to note in this implementation

 - The option list is not exhaustive.  Supposedly only those options that
   may cause dnsmasq to reject with "unsupported option (check that
   dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)" are taken
   into account here
 - This provides a way out but users' cooperation is still needed.  E.g.
   option dnssec needs to be turned off, otherwise the service script
   will try to add --conf-file pointing to dnssec specific anchor file
   which dnsmasq lacking dnssec support will reject

Resolves FS#2281

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-09 08:17:52 +00:00
Hans Dedecker
6b762dd75f netifd: xfrm tunnel support
8c6358b netifd: add xfrm tunnel interface support

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-08 21:51:37 +02:00
Konstantin Demin
10011f91c5 busybox: add ALTERNATIVES for brctl
Busybox brctl applet conflicts with the version from bridge-utils.
Fix this by using ALTERNATIVE support for brctl in busybox.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-06-08 13:51:40 +02:00
Kevin Darbyshire-Bryant
021a9b4cb9 iproute2: add tc action ctinfo support
Add the userspace control portion of the backported kernelspace
act_ctinfo.

ctinfo is a tc action restoring data stored in conntrack marks to
various fields.  At present it has two independent modes of operation,
restoration of DSCP into IPv4/v6 diffserv and restoration of conntrack
marks into packet skb marks.

It understands a number of parameters specific to this action in
additional to the usual action syntax.  Each operating mode is
independent of the other so all options are optional, however not
specifying at least one mode is a bit pointless.

Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE]
		  [CONTROL] [index <INDEX>]

DSCP mode

dscp enables copying of a DSCP stored in the conntrack mark into the
ipv4/v6 diffserv field.  The mask is a 32bit field and specifies where
in the conntrack mark the DSCP value is located.  It must be 6
contiguous bits long. eg. 0xfc000000 would restore the DSCP from the
upper 6 bits of the conntrack mark.

The DSCP copying may be optionally controlled by a statemask.  The
statemask is a 32bit field, usually with a single bit set and must not
overlap the dscp mask.  The DSCP restore operation will only take place
if the corresponding bit/s in conntrack mark ANDed with the statemask
yield a non zero result.

eg. dscp 0xfc000000 0x01000000 would retrieve the DSCP from the top 6
bits, whilst using bit 25 as a flag to do so.  Bit 26 is unused in this
example.

CPMARK mode

cpmark enables copying of the conntrack mark to the packet skb mark.  In
this mode it is completely equivalent to the existing act_connmark
action.  Additional functionality is provided by the optional mask
parameter, whereby the stored conntrack mark is logically ANDed with the
cpmark mask before being stored into skb mark.  This allows shared usage
of the conntrack mark between applications.

eg. cpmark 0x00ffffff would restore only the lower 24 bits of the
conntrack mark, thus may be useful in the event that the upper 8 bits
are used by the DSCP function.

Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE]
		  [CONTROL] [index <INDEX>]
where :
	dscp MASK is the bitmask to restore DSCP
	     STATEMASK is the bitmask to determine conditional restoring
	cpmark MASK mask applied to restored packet mark
	ZONE is the conntrack zone
	CONTROL := reclassify | pipe | drop | continue | ok |
		   goto chain <CHAIN_INDEX>

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-07 12:05:32 +01:00
Kevin Darbyshire-Bryant
b8a72dfd28 kernel: backport act_ctinfo
ctinfo is a new tc filter action module.  It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths.  At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.

The DSCP restore mode:

This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.

The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links.  Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.

Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway.  Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.

Parameters related to DSCP restore mode:

dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.

statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask.  This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set.  This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP.  A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)

e.g. dscpmask 0xfc000000 statemask 0x01000000

|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP       | unused | flag  |unused   |
|-----------------------0x01---000000---|
      |                   |
      |                   |
      ---|             Conditional flag
         v             only restore if set
|-ip diffserv-|
| 6 bits      |
|-------------|

The skb mark restore mode (cpmark):

This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.

Parameters related to skb mark restore mode:

mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration.  This can be useful where the conntrack
mark is being used for different purposes by different applications.  If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)

e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.

|----0x00----conntrack mark----ffffff---|
| Bits 31-24 |                          |
| DSCP & flag|      some value here     |
|---------------------------------------|
			|
			|
			v
|------------skb mark-------------------|
|            |                          |
|  zeroed    |                          |
|---------------------------------------|

Overall parameters:

zone - conntrack zone

control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Make suitable adjustments for backporting to 4.14 & 4.19
and add to SCHED_MODULES_FILTER

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-06 15:41:07 +01:00
Biwen Li
639d127b83 layerscape: fix u-boot bootcmd
Current latest LSDK-19.03 u-boot had a bug that bootcmd
environment was always been reset when u-boot started up.
This was found on boards with spi NOR boot. Before the
proper fix-up is applied, we have to use a workaround
to hard code the bootcmd for OpenWrt booting for now.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:09 +02:00
Yangbo Lu
8468bf04d0 layerscape: drop ppa package
Drop ppa package since TF-A is used instead.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:09 +02:00
Biwen Li
c07d3302b3 layerscape: convert to use TF-A for firmware
This patch is to convert to use TF-A for firmware.
- Use un-swapped rcw since swapping will be done in TF-A.
- Use u-boot with TF-A defconfig.
- Rework memory map for TF-A introduction.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:09 +02:00
Biwen Li
17dcbe1b8e layerscape: add ARM Trusted Firmware package
Add TF-A packages for Layerscape to implement trusted firmware.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
f7f1f39c34 layerscape: add rcw packages for ls1043ardb/ls1046ardb SD boot
Add rcw packages for ls1043ardb/ls1046ardb SD boot.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Yangbo Lu
b4b53cd39b layerscape: drop armv8_32b support
NXP LSDK has decided to drop armv8_32b support considering
few users are using it.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Yangbo Lu
9ad7c53383 layerscape: update restool to LSDK 19.03
Update restool to LSDK 19.03.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
4b4b686b1d layerscape: update u-boot to LSDK 19.03
Update u-boot to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
fbb865099b layerscape: update ppfe-firmware to LSDK 19.03
Update ppfe-firmware to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
f4f4b053b9 layerscape: update ls-rcw to LSDK 19.03
Update ls-rcw to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
584611e076 layerscape: update ls-mc to LSDK 19.03
Update to ls-mc to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
1efc6f3515 layerscape: update ls-dpl to LSDK 19.03
Update ls-dpl to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
5dd307afef layerscape: update fman-ucode to LSDK 19.03
The source code was same from lsdk-1806 to lsdk-1903.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Sebastian Meiling
239b79f668 kernel: add package for atusb wpan module
This adds a new package for the kernel module of the ATUSB WPAN driver.

Signed-off-by: Sebastian Meiling <s@mlng.net>
[fixed SoB: and From: mismatch]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-06 15:40:08 +02:00
Kevin Darbyshire-Bryant
24e09bac48 Revert "kernel: backport act_ctinfo"
This reverts commit 7c50182e0c.

Produces build error:
Package kmod-sched is missing dependencies for the following libraries:
nf_conntrack.ko

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-06 10:45:15 +01:00
Jo-Philipp Wich
f664d560df rpcd: fix init script reload action
Drop the legacy start() and stop() procedures and define a proper
reload signal action instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-06 11:27:11 +02:00
Kevin Darbyshire-Bryant
7c50182e0c kernel: backport act_ctinfo
ctinfo is a new tc filter action module.  It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths.  At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.

The DSCP restore mode:

This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.

The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links.  Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.

Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway.  Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.

Parameters related to DSCP restore mode:

dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.

statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask.  This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set.  This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP.  A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)

e.g. dscpmask 0xfc000000 statemask 0x01000000

|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP       | unused | flag  |unused   |
|-----------------------0x01---000000---|
      |                   |
      |                   |
      ---|             Conditional flag
         v             only restore if set
|-ip diffserv-|
| 6 bits      |
|-------------|

The skb mark restore mode (cpmark):

This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.

Parameters related to skb mark restore mode:

mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration.  This can be useful where the conntrack
mark is being used for different purposes by different applications.  If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)

e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.

|----0x00----conntrack mark----ffffff---|
| Bits 31-24 |                          |
| DSCP & flag|      some value here     |
|---------------------------------------|
			|
			|
			v
|------------skb mark-------------------|
|            |                          |
|  zeroed    |                          |
|---------------------------------------|

Overall parameters:

zone - conntrack zone

control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Make suitable adjustments for backporting to 4.14 & 4.19

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-06 09:41:26 +01:00
Petr Štetiar
dc8ec266dd rpcd: update to the latest git head
89bfaa424606 Fix possible linker errors by using CMake find_library macro
 569284a119f9 session: handle NULL return values of crypt()

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-06 10:16:22 +02:00
Yousong Zhou
ef7aa03bdb libunwind: bump to version 1.3.1
Libunwind provides a sigreturn stub for x86 in version 1.2 [1].  However
the arch still depends on setcontext() which is unavailable in musl-libc
and which is supposed to be "deprecated everywhere" [2]

 [1] x86 sigreturn unimplemented for some libcs,
     https://github.com/libunwind/libunwind/issues/13
 [2] setcontext deprecated on x86,
     https://github.com/libunwind/libunwind/issues/69

Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497791552
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-05 01:13:07 +00:00
Jason A. Donenfeld
593b487538 wireguard: bump to 0.0.20190601
There was an issue with the backport compat layer in yesterday's snapshot,
causing issues on certain (mostly Atom) Intel chips on kernels older than
4.2, due to the use of xgetbv without checking cpu flags for xsave support.
This manifested itself simply at module load time. Indeed it's somewhat tricky
to support 33 different kernel versions (3.10+), plus weird distro
frankenkernels.

If OpenWRT doesn't support < 4.2, you probably don't need to apply this.
But it also can't hurt, and probably best to stay updated.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-01 14:00:51 +02:00
Jason A. Donenfeld
a1210f8888 wireguard: bump to 0.0.20190531
* tools: add wincompat layer to wg(8)

Consistent with a lot of the Windows work we've been doing this last cycle,
wg(8) now supports the WireGuard for Windows app by talking through a named
pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw.
Because programming things for Windows is pretty ugly, we've done this via a
separate standalone wincompat layer, so that we don't pollute our pretty *nix
utility.

* compat: udp_tunnel: force cast sk_data_ready

This is a hack to work around broken Android kernel wrapper scripts.

* wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel

FreeBSD had a number of kernel race conditions, some of which we can vaguely
work around. These are in the process of being fixed upstream, but probably
people won't update for a while.

* wg-quick: make darwin and freebsd path search strict like linux

Correctness.

* socket: set ignore_df=1 on xmit

This was intended from early on but didn't work on IPv6 without the ignore_df
flag. It allows sending fragments over IPv6.

* qemu: use newer iproute2 and kernel
* qemu: build iproute2 with libmnl support
* qemu: do not check for alignment with ubsan

The QEMU build system has been improved to compile newer versions. Linking
against libmnl gives us better error messages. As well, enabling the alignment
check on x86 UBSAN isn't realistic.

* wg-quick: look up existing routes properly
* wg-quick: specify protocol to ip(8), because of inconsistencies

The route inclusion check was wrong prior, and Linux 5.1 made it break
entirely. This makes a better invocation of `ip route show match`.

* netlink: use new strict length types in policy for 5.2
* kbuild: account for recent upstream changes
* zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2

The usual churn of changes required for the upcoming 5.2.

* timers: add jitter on ack failure reinitiation

Correctness tweak in the timer system.

* blake2s,chacha: latency tweak
* blake2s: shorten ssse3 loop

In every odd-numbered round, instead of operating over the state
    x00 x01 x02 x03
    x05 x06 x07 x04
    x10 x11 x08 x09
    x15 x12 x13 x14
we operate over the rotated state
    x03 x00 x01 x02
    x04 x05 x06 x07
    x09 x10 x11 x08
    x14 x15 x12 x13
The advantage here is that this requires no changes to the 'x04 x05 x06 x07'
row, which is in the critical path. This results in a noticeable latency
improvement of roughly R cycles, for R diagonal rounds in the primitive. As
well, the blake2s AVX implementation is now SSSE3 and considerably shorter.

* tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES

System integrators can now specify things like
WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init
scripts and services, or 0, or any other integer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31 21:01:33 +02:00
Eneas U de Queiroz
f22ef1f1de openssl: update to version 1.1.1c
Highlights of this version:
 - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
 - Fix OPENSSL_config bug (patch removed)
 - Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
 - Enable SHA3 pre-hashing for ECDSA and DSA

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
2019-05-31 11:21:22 +02:00
Christian Lamparter
afc056d7dc gpio-button-hotplug: support interrupt properties
Upstream Linux's input gpio-keys driver supports
specifying a external interrupt for a gpio via the
'interrupts' properties as well as having support
for software debounce.

This patch ports these features to OpenWrt's event
version. Only the "pure" interrupt-driven support is
left behind, since this goes a bit against the "gpio"
in the "gpio-keys" and I don't have a real device to
test this with.

This patch also silences the generated warnings showing
up since 4.14 due to the 'constification' of the
struct gpio_keys_button *buttons variable in the
upstream struct gpio_keys_platform_data declaration.

gpio-button-hotplug.c: In function 'gpio_keys_get_devtree_pdata':
gpio-button-hotplug.c:392:10: warning: assignment discards 'const'
	qualifier from pointer target type [-Wdiscarded-qualifiers]
   button = &pdata->buttons[i++];
          ^
gpio-button-hotplug.c: In function 'gpio_keys_button_probe':
gpio-button-hotplug.c:537:12: warning: assignment discards 'const'
	qualifier from pointer target type [-Wdiscarded-qualifiers]
   bdata->b = &pdata->buttons[i];
            ^
gpio-button-hotplug.c: In function 'gpio_keys_probe':
gpio-button-hotplug.c:563:37: warning: initialization discards 'const'
	qualifier from pointer target type [-Wdiscarded-qualifiers]
   struct gpio_keys_button *button = &pdata->buttons[i];
                                   ^
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-05-31 10:30:03 +02:00
Hans Dedecker
678ee30ee4 ppp: add config options to tune discovery timeout and attempts
Upstream PPP project has added in commit 8e77984 options to tune discovery
timeout and attempts in the rp-pppoe plugin.

Expose these options in the uci datamodel for pppoe:
	padi_attempts: Number of discovery attempts
	padi_timeout: Initial timeout for discovery packets in seconds

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-31 09:43:10 +02:00
Hans Dedecker
42977978e2 ppp: update to version 2.4.7.git-2019-05-25
8e77984 rp-pppoe plugin: Add options to tune discovery timeout and number of attempts

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-31 09:43:03 +02:00
Fabian Bläse
0f8b9addfc gre: introduce 'nohostroute' option
It is not always necessary to add a host route for the gre peer address.

This introduces a new config option 'nohostroute' (similar to the
option introduced for wireguard in d8e2e19) to allow to disable
the creation of those routes explicitely.

Signed-off-by: Fabian Bläse <fabian@blaese.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-05-31 09:42:32 +02:00
Yousong Zhou
cf463159df uclient: bump to version 2019-05-30
This version bump contains the following commit to fix FS#2222

	3b3e368 uclient-http: set data_eof when content-length is 0

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-05-30 12:13:31 +00:00
Yousong Zhou
1e5f4dcd66 libunwind: requires glibc if arch in powerpc
libunwind for powerpc depends on getcontext() from libc which musl-libc
does not provide because this API and its friends are supposed to be
"obsolescent" [1,2]

 [1] Subject: Re: setcontext/getcontext/makecontext missing?
     https://www.openwall.com/lists/musl/2016/02/04/5
 [2] http://pubs.opengroup.org/onlinepubs/009695399/functions/makecontext.html

Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497200058
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-05-30 10:30:45 +00:00
Sandeep Sheriker M
a765a2178c at91:renaming subtraget legacy to sam9x
renaming subtraget legacy to sam9x for adding new sam9 soc's

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-05-30 12:12:57 +02:00
Hauke Mehrtens
aff084adf3 at91: Merge SAMA5 subtargets
Instead of maintaining 3 very similar subtargets merge them into one.
This does not use the Arm NEON extension any more, because the SAMA5D3
does not support NEON.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
2019-05-30 12:12:37 +02:00
Alan Swanson
5422fed787 gpio-button-hotplug: add KEY_POWER2 handling
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.

As KEY_RESTART is already used for reset script (and there's no
KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new
reboot script with 5 second seen delay.

Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
2019-05-30 11:55:50 +02:00
Alan Swanson
a46259787d button-hotplug: add KEY_POWER2 handling
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.

As KEY_RESTART is already used for reset script (and there's no
KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new
reboot script with 5 second seen delay.

Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
2019-05-30 11:55:50 +02:00
Alan Swanson
70c7a0c33e base-files: add reboot only button handler
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.

Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
2019-05-30 11:55:49 +02:00
Petr Štetiar
6a92eb5b38 procd: update to latest git HEAD
ade00ca585a4 container: fix .dockerenv stat check
 385b904b2f0a hotplug: improve error message during group ownership change

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-30 08:03:02 +02:00
Paul Spooren
62940df3a9 procd: update to latest git HEAD
7f0f6b2 procd: add docker support

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-05-29 17:57:35 +02:00
Mikael Magnusson
8128a7e4fc busybox: fix: ip addr flush hangs when run by non-root user
Add upstream patch from:
https://git.busybox.net/busybox/commit/?id=028c5aa18b5273c029f0278232d922ee1a164de6

The patch fixes a problem with an infinite loop causing 100% CPU usage
when running the following command /lib/preinit/10_indicate_preinit
without the CAP_NET_ADMIN capability (such as in Docker):
  ip -4 address flush dev $pi_ifname

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patch]
2019-05-28 13:18:58 +02:00
Hans Dedecker
6636171bed netifd: fix missing ip rules after network reload (FS#2296)
beb810d iprule: fix missing ip rules after a reload (FS#2296)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-28 10:21:02 +02:00
Hans Dedecker
7d77879236 curl: bump to 7.65.0
For changes in 7.65.0; see https://curl.haxx.se/changes.html#7_65_0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-26 21:51:04 +02:00
Hans Dedecker
f54611b06d map: don't set default firewall zone to wan
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add procd inbound/outbound firewall rules if a zone is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-26 09:44:37 +02:00
Hans Dedecker
470f5b31e3 464xlat: don't set default firewall zone to wan
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add a procd inbound firewall rule if a zone is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-26 09:43:57 +02:00
Petr Štetiar
ace241014c ethtool: bump to 5.1
* Feature: Add support for 200Gbps (50Gbps per lane) link mode
 * Feature: simplify handling of PHY tunable downshift
 * Feature: add support for PHY tunable Fast Link Down
 * Feature: add PHY Fast Link Down tunable to man page
 * Feature: Add a 'start N' option when specifying the Rx flow hash indirection table.
 * Feature: Add bash-completion script
 * Feature: add 10000baseR_FEC link mode name
 * Fix: qsfp: fix special value comparison
 * Feature: move option parsing related code into function
 * Feature: move cmdline_coalesce out of do_scoalesce
 * Feature: introduce new ioctl for per-queue settings
 * Feature: support per-queue sub command --show-coalesce
 * Feature: support per-queue sub command --coalesce
 * Fix: fix up dump_coalesce output to match actual option names
 * Feature: fec: add pretty dump

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-25 13:44:43 +02:00
Hans Dedecker
0293aa72d1 uci: fix heap use after free (FS#2288)
f199b96 uci: fix options list of section after type change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-23 22:05:40 +02:00
Liangbin Lian
4bb9af48ca lua: lnum: fix strtoul based number parsing
Lua's LNUM patch currently doesn't parse properly certain numbers as
it's visible from the following simple tests.

On x86_64 host (stock Lua 5.1.5, expected output):

 $ /usr/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  2147483648
  8796093022208
  4294967296

On x86_64 host:

 $ staging_dir/hostpkg/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  0
  0

On x86_64 target:

 $ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  0
  0

On ath79 target:

 $ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  8796093022208
  4294967296

It's caused by two issues fixed in this patch, first issue is caused by
unhadled strtoul overflow and second one is caused by the cast of
unsigned to signed Lua integer when parsing from hex literal.

Run tested on:

 * Zidoo Z9S with RTD1296 CPU (aarch64_cortex-a53)
 * qemu/x86_64
 * qemu/armvirt_64
 * ath79

Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
[commit subject/message touches, fixed From to match SOB, fixed another
 unhandled case in luaO_str2i, host Lua, package bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-23 10:19:52 +02:00
Koen Vandeputte
4da5ba4a6b iwinfo: update to latest git HEAD
073a838891e5 iwinfo: Complete device IDs for Ubiquiti airOS XM/XW devices
04f5a7d3a431 iwinfo: Add Mikrotik R11e-5HnD
c2cfe9d96c9a iwinfo: Fix 802.11ad channel to frequency

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 14:24:18 +02:00
Petr Štetiar
049748e87e uboot-imx6: bump to 2019.04 and refresh patches
Build tested: apalis, mx6sabresd, nitrogen6dl, nitrogen6dl2g, nitrogen6q,
	      nitrogen6q2g, nitrogen6s, nitrogen6s1g, wandboard

Run tested: apalis

Cc: Felix Fietkau <nbd@nbd.name>
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-20 21:19:48 +02:00
Petr Štetiar
aac8b52184 base-files: add support for the new ar8xxx MIB counters settings
Commit "generic: ar8216: add mib_poll_interval switch attribute" has
added mib_poll_interval global config option and commit "generic:
ar8216: group MIB counters and use two basic ones only by default" has
added mib_type config option.

So this patch adds ucidef_set_ar8xxx_switch_mib helper function which
would allow configuration of the above mentioned new switch config
options.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-20 21:19:48 +02:00
Petr Štetiar
2c26dc7b41 netifd: add support for the new ar8xxx MIB counters settings
Commit "generic: ar8216: add mib_poll_interval switch attribute" has added
mib_poll_interval global config option and commit "generic: ar8216: group
MIB counters and use two basic ones only by default" has added mib_type
config option.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-20 21:19:48 +02:00
Hauke Mehrtens
df6e8c8771 uboot-fritz4040: Add host flags for host compiler
This adds the host staging directory to the include path to make it use
the zlib.h files from the staging include directory and also link
against the zlib version from the staging directory.

This fixes a compile problem when the zlib header were not installed on
the build host.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[picked from openwrt-18.06]
2019-05-19 12:29:24 +02:00
Hans Dedecker
a7967bada9 ppp: update to version 2.4.7.git-2019-05-18
c9d9dbf pppoe: Custom host-uniq tag
44012ae plugins/rp-pppoe: Fix compile errors

Refresh patches
Drop 520-uniq patch as upstream accepted
Drop 150-debug_compile_fix patch as fixed upstream

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-18 21:39:19 +02:00
Linus Walleij
76338fded0 gemini: Fix up firmware checksum on DIR-685
Using the same method as the D-Link DAP-2695 A1 we use
the "mtd" tool to augment the firmware checkum in flash
on first boot of a new firmware on the D-Link DIR-685.
We need to augment the Makefile for "mtd" to build in
the special WRGG fixup support for Gemini as well.

This works around the problem of the machine not booting
after factory install unless the sysupgrade is applied
immediately.

Based on commit e3875350f3
"ar71xx: add support for D-Link DAP-2695 rev. A1"

Cc: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2019-05-18 16:37:30 +02:00
Linus Walleij
30b4b7ee09 mtd: Make fixwrgg command work on DIR-685
The D-Link DIR-685 has the same problem as the
D-Link DAP-2695: when flashing the factory image, the
checksum includes the whole flashed image, even the
rootfs_data part with the end of filesystem mark.
Also the whole flashed image is stored in the flash,
so on the first boot, the whole rootfs image is loaded
into memory with the kernel.

This is fixed using the fixwrgg command to mtd, but
for this to work we need to make fixwrgg work with
the Little-Endian ARM DIR-685.

The code tries to be endian agnostic but this fails
because the WRGG image loader doesn't. On ARM, the
file size is stored in little endian format, and on
big-endian systems it is stored in big endian format,
so we can just drop all the friendly htonl() that
will make the shdr->size big endian: this will
actually break the little endian systems, and on
the big endian systems the native endianness will
still be correct.

The magic number is always stored in little endian
format however, so make sure this is always read
in LE32 format. I chose to create a straight-forward
le32_to_cpu() static inline that IMO is simple and
easy to read.

Cc: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2019-05-18 16:37:30 +02:00
sven friedmann
30dcbc741d ath79: add support for EnGenius ECB1750
Specification:

- Qualcomm Atheros SoC QCA9558
- 720/600/200 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 1x 10/100/1000 Mbps Ethernet
- 3T3R 2.4 GHz (QCA9558 WMAC)
- 3T3R 5.8 Ghz (QCA9880-BR4A, Senao PCE4553AH)

https://fccid.io/A8J-ECB1750

Tested and working:

- lan, wireless, leds, sysupgrade (tftp)

Flash instructions:

1.) tftp recovery

- use a 1GbE switch or direct attached 1GbE link
- setup client ip address 192.168.1.10 and start tftpd
- save "openwrt-ath79-generic-engenius_ecb1750-initramfs-kernel.bin" as "ap.bin" in tfpd root directory
- plugin powercord and hold reset button 10secs.. "ap.bin" will be downloaded and executed
- afterwards login via ssh and do a sysuprade

2.) oem webinterface factory install (not tested)

Use normal webinterface upgrade page und select "openwrt-ath79-generic-engenius_ecb1750-squashfs-factory.bin".

3.) oem webinterface command injection

OEM Firmware already running OpenWrt (Attitude Adjustment 12.09).
Use OEM webinterface and command injection. See wiki for details.

https://openwrt.org/toh/engenius/engenius_ecb1750_1

Signed-off-by: sven friedmann <sf.openwrt@okay.ms>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[use interrupt-driven "gpio-keys" binding]
2019-05-18 13:43:55 +02:00
Jeff Kletsky
819e7946b0 ipq40xx: Add support for Linksys EA8300 (Dallas)
The Linksys EA8300 is based on QCA4019 and QCA9888 and provides three,
independent radios. NAND provides two, alternate kernel/firmware
images with fail-over provided by the OEM U-Boot.

Installation:

  "Factory" images may be installed directly through the OEM GUI.

Hardware Highlights:

  * IPQ4019 at 717 MHz (4 CPUs)
  * 256 MB NAND (Winbond W29N02GV, 8-bit parallel)
  * 256 MB RAM
  * Three, fully-functional radios; `iw phy` reports (FCC/US, -CT):
      * 2.4 GHz radio at 30 dBm
      * 5 GHz radio on ch. 36-64 at 23 dBm
      * 5 GHz radio on ch. 100-144 at 23 dBm (DFS), 149-165 at 30 dBm
      #{ managed } <= 16, #{ AP, mesh point } <= 16, #{ IBSS } <= 1
      * All two-stream, MCS 0-9
  * 4x GigE LAN, 1x GigE Internet Ethernet jacks with port lights
  * USB3, single port on rear with LED
  * WPS and reset buttons
  * Four status lights on top
  * Serial pads internal (unpopulated)

  "Linksys Dallas WiFi AP router based on Qualcomm AP DK07.1-c1"

Implementation Notes:

  The OEM flash layout is preserved at this time with 3 MB kernel and
  ~69 MB UBIFS for each firmware version. The sysdiag (1 MB) and
  syscfg (56 MB) partitions are untouched, available as read-only.

Serial Connectivity:

  Serial connectivity is *not* required to flash.

  Serial may be accessed by opening the device and connecting
  a 3.3-V adapter using 115200, 8n1. U-Boot access is good,
  including the ability to load images over TFTP and
  either run or flash them.

  Looking at the top of the board, from the front of the unit,
  J3 can be found on the right edge of the board, near the rear

      |
   J3 |
  |-| |
  |O| | (3.3V seen, open-circuit)
  |O| | TXD
  |O| | RXD
  |O| |
  |O| | GND
  |-| |
      |

Unimplemented:

    * serial1 "ttyQHS0" (serial0 works as console)
    * Bluetooth; Qualcomm CSR8811 (potentially conected to serial1)

Other Notes:

    https://wikidevi.com/wiki/Linksys_EA8300 states

        FCC docs also cover the Linksys EA8250. According to the
	RF Test Report BT BR+EDR, "All models are identical except
	for the EA8300 supports 256QAM and the EA8250 disable 256QAM."

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2019-05-18 13:43:54 +02:00
Jeff Kletsky
b3770eaca3 mtd: base-files: Unify dual-firmware devices (Linksys)
Consistently handle boot-count reset and upgrade across
ipq40xx, ipq806x, kirkwood, mvebu

Dual-firmware devices often utilize a specific MTD partition
to record the number of times the boot loader has initiated boot.

Most of these devices are NAND, typically with a 2k erase size.
When this code was ported to the ipq40xx platform, the device in hand
used NOR for this partition, with a 16-byte "record" size. As the
implementation of `mtd resetbc` is by-platform, the hard-coded nature
of this change prevented proper operation of a NAND-based device.

* Unified the "NOR" variant with the rest of the Linksys variants

* Added logging to indicate success and failure

* Provided a meaningful return value for scripting

* "Protected" the use of `mtd resetbc` in start-up scripts so that
   failure does not end the boot sequence

* Moved Linksys-specific actions into common `/etc/init.d/bootcount`

For upgrade, these devices need to determine which partition to flash,
as well as set certain U-Boot envirnment variables to change the next
boot to the newly flashed version.

* Moved upgrade-related environment changes out of bootcount

* Combined multiple flashes of environment into single one

* Current-partition detection now handles absence of `boot_part`

Runtime-tested: Linksys EA8300

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[checkpatch.pl fixes, traded split strings for 80+ chars per line]
2019-05-18 13:43:51 +02:00
Jeff Kletsky
4bdc873a5f firmware/ipq-wifi: Extend for multi-chip boards
This package provides board-specific reference ("cal") data
on an interim basis until included in the upstream distros

While originally conceived for IPQ4019-based boards, similar needs
are appearing with three-radio devices. For some of these devices,
both a board-2.bin file needs to be supplied both for the IPQ4019
as well as for the other radio on the board.

This patch allows new or multiple overrides to be specified by:

  * Adding board name to ALLWIFIBOARDS
  * Placing file(s) in this directory named as
      board-<devicename>.<qca4019|qca9888|qca9984>
  * Adding
      $(eval $(call generate-ipq-wifi-package,<device>,<display name>))

(along with suitable package selection for the board)

At this time, QCA4019, QCA9888, and QCA9984 are supported.
Extension to other chips should be straightforward.

The existing files, board-*.bin, are "grandfathered" as QCA4019.

The package name has been retained for compatability reasons.
At this time it DEPENDS:=@TARGET_ipq40xx, limiting its visibility.

Build-tested-on: asus_map-ac2200, alfa-network_ap120c-ac,
    avm_fritzbox-7530, avm_fritzrepeater-3000, engenius_eap1300,
    engenius_ens620ext, linksys_ea6350v3, qxwlan-e2600ac-c1/-c2

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2019-05-18 13:43:22 +02:00
Hans Dedecker
7b58c58733 netifd: update to latest git HEAD
22e8e58 interface-ip: use ptp address as well to find local address target
f1aa0f9 treewide: pass bool as second argument of blobmsg_check_attr

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-18 09:35:25 +02:00
Rosen Penev
395bef4bba libbsd: Fix compilation under ARC
The 8 year old file does not have any ARC definitions.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[updated content of the patch with version sent to upstream]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-17 21:41:43 +02:00
Kristian Evensen
97780e363f system: uci: Use config dir on uci_add and support add_/del_list
This commit makes three changes to the uci shell library:

* A check for UCI_CONFIG_DIR has been added to the command line when
adding anonymous sections. Without this change, adding anonymous
sections to configs not stored in /etc/config is not possible.

* Support for adding/removing items from lists were missing, so I have
added the functions uci_add_list() and uci_remove_list() to simplify
working with uci lists from scripts.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[added missing package version bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-17 21:41:43 +02:00
Jeffery To
782eda9750 zlib: Use relative paths in pkg-config metadata file
The buildroot pkg-config (in staging_dir/host/bin) overrides the prefix
and exec_prefix variables in *.pc files, to supply the correct
(buildroot) paths for callers. If other variables are not defined
relative to prefix and exec_prefix, then the returned values will be
incorrect.

The default zlib.pc file generated by cmake contains absolute paths.
This patches the file to use relative paths (relative to ${prefix} and
${exec_prefix}).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-05-17 21:41:43 +02:00
Hans Dedecker
5546fe9fc3 odhcpd: update to latest git HEAD (FS#2242)
41a74cb config: remove 'ignore' config option
c0c8034 treewide: init assignment lists head
f98b7ee config: use list safe iterator in lease_delete
3c9810b dhcpv4: fix lease ordering by ip address
b60c384 config: use multi-stage parsing of uci sections
a2dd8d6 treewide: always init interface list heads during initialization
a17665e dhcpv4: do not allow pool end address to overlap with broadcast address
6b951c5 treewide: give file descriptors safe initial value
39e11ed dhcpv4: DHCP pool size is off-by-one
4a600ce dhcpv4: add support for Parameter Request List option 55
09e5eca dhcpv4: fix DHCP packet size
3cd4876 ndp: fix syslog flooding (FS#2242)
79fbba1 config: set default loglevel to LOG_WARNING

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-17 08:54:30 +02:00
Tomasz Maciej Nowak
e7756974aa tegra: add vendor string to device name
for better identification. Also create SUPPORTED_DEVICES string from it
which corresponds to dts compatible string.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-15 13:34:23 +02:00
Rosen Penev
2f97797471 nftables: Fix compilation with uClibc-ng
Missing header for va_list.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
2019-05-15 13:34:23 +02:00
Deng Qingfang
172b02c05f linux-firmware: update to 20190416
Update linux-firmware to 20190416, which includes updated firmwares e.g. for ath10k
Also switch to official tarball source.

The following firmware files we use are updated in this change:
ath10k/QCA6174/hw3.0/board-2.bin
ath10k/QCA9888/hw2.0/firmware-5.bin
ath10k/QCA988X/hw2.0/firmware-5.bin
ath10k/QCA9984/hw1.0/firmware-5.bin
mrvl/sd8887_uapsta.bin
mrvl/pcie8897_uapsta.bin
iwlwifi-8000C-36.ucode
iwlwifi-8265-36.ucode

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-05-14 21:59:38 +02:00
Hauke Mehrtens
5ee62b23f8 valgrind: Add support for ARM64 architecture
valgrind also works on the ARM64 architecture, build it also for such CPUs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:41 +02:00
Hauke Mehrtens
a489f72ab5 valgrind: Update to version 3.15.0
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:34 +02:00
Hauke Mehrtens
e669cf7f6a strace: Update to version 5.0
The removed patch was merged upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:26 +02:00
Hauke Mehrtens
02d4d36d4b iperf: Update to version 2.0.13
The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:18 +02:00
Hans Dedecker
06403981e1 ppp: update to version 2.4.7.git-2019-05-06
fcb076c Various fixes for errors found by coverity static analysis (#109)
d98ab38 Merge branch 'pppd_print_changes' of https://github.com/nlhintz/ppp into nlhintz-pppd_print_changes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-13 15:34:42 +02:00
Tomasz Maciej Nowak
ee96fa15b1 mvebu: use device-tree board detection
Convert whole target to Device Tree based board detection instead of
identifying devices by dts file name. With this we can drop mvebu.sh
translation script and rely on common method for model detection.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 23:11:04 +02:00
Tomasz Maciej Nowak
a39d2a8053 mvebu: align device names to vendor_device format
Add vendors in device names and also rename few device names, for easier
identyfying potential firmware to flash. The vendor and device string is
mainly derived from model/compatipble string in dts from particular
device, but since not all devices are well described, some of the renames
follow marketing names.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 23:11:04 +02:00
Rosen Penev
0b26382533 uClibc++: Update to 0.2.5
Switched to xz archives for smaller size.

Removed upstreamed patches.

Reorganized Makefile a little bit for clarity. Build/Prepare is not useful
anymore. Upstream converted the file to LF.

Refreshed config.

Removed -ansi option from the original CFLAGS as this was causing long
long support to be missing.

Removed fPIC. We have the macro $(FPIC) already used. No point in setting
fpic and fPIC together.

Removed pedantic -Wlong-long warnings as they are not useful.

Removed -std=gnu++98. Not only is it unnecessary (it compiles against all
standards), it actually results in a size increase. 75843 vs. 75222 (gcc
in OpenWrt defaults to g++14).

Added --gc-sections to linker flags to reduce size: 72653 vs 75222.

Removed warn linker options. They have been upstreamed.

Tested on Archer C7v2 and GnuBee PC1.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-05-11 23:10:10 +02:00
Rosen Penev
e49b6bb618 xfsprogs: Replace valloc with posix_memalign
Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-05-11 23:10:10 +02:00
Christian Lamparter
bdaaf66e28 utils/spidev_test: build package directly from Linux
Jeff Kletsky noted in his patch titled:
"utils/spidev_test: Update to current source from upstream Linux"
that the spidev_test utility OpenWrt ships is severly out of date.

Instead of updating the spidev_test.c from the current kernel,
this patch replaces the package building code to utilize the
very file that gets shipped with the kernel we compiling for
anyway much like the "perf" package already does.

Reported-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-05-11 16:37:11 +02:00
Lucian Cristian
4582fe7c14 lldpd: add option to edit hostname
also fixes the annoying repeating syslog
lldp[]: unable to get system name

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-05-11 16:37:11 +02:00
Lucian Cristian
cb30971a44 lldpd: update to 1.0.3
Support for CDP PD PoE

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-05-11 16:37:11 +02:00
Robert Marko
671d8752d1 ath10k-ct: Update to current version
This patch updates ath10k-ct to current version.
Changes are:
     ath10k-ct:  Fix printing PN in peer stats.

     Previous logic was incorrect.  Also add set-special API to enable
     returning PN.

Patches refreshed and tested on 8devices Jalapeno dev board(IPQ4019)

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-05-11 16:37:11 +02:00
Robert Marko
61f4ceb146 ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1:

2019-04-02: Support some get/set API for eeprom rate power tables.
	    Mostly backported from 10.2

2019-04-02: Support adaptive-CCA, backported from 10.2

2019-04-02: Support adding eeprom configAddr pairs via the
            set-special API. These configAddrs can be used to change
            the default register settings for up to 12 registers.

2019-05-03: Fix tx-power settings for 2x2, 3x3 rates.
	    Original logic I put in back in 2016 set 2x2 and 3x3 lower
	    than the needed to be when using most NICs (very high
	    powered NICs would not have been affected I think, not sure
	    any of those exist though.)

	    This improves throughput for 2x2 and 3x3 devices,
	    especially when the signal is weaker.

Release notes for wave-2:

2019-04-08: When setting keys, if high bit of high value of
	    key_rsc_counter is set to 0x1, then the lower 48 bits will
	    be used as the PN value.  By default, PN is set to 1 each
	    time the key is set.

2019-04-08: Pack PN into un-used 'excretries' aka
	    'num_pkt_loss_excess_retry' high 16 bits.
	    This lets us report peer PN, but *only* if driver has
	    previously set a PN when setting key (or set-special cmd is
	    used to enable PN reporting).

	    This is done so that we know the driver is recent
            enough to deal with the PN stat reporting.

2019-04-16: Support specifying tx rate on a per-beacon packet.
	    See ath10k_wmi_op_gen_beacon_dma and
	    ath10k_convert_hw_rate_to_rate_info for API details.

	     Driver needs additional work to actually enable this
	     feature currently.

2019-04-30: Compile out tx-prefetch caching logic.
	    It is full of tricky bugs that cause tx hangs.
	    I fixed at least one, but more remain and I have wasted too
	    much time on this already.

2019-05-08: Start rate-ctrl at mcs-3 instead of mcs-5.
	    This significantly helps DHCP happen quickly, probably
	    because the initial rate being too high would take a while
	    to ramp down, especially since there are few packets sent
	    by the time DHCP needs to start.

	    This bug was triggered by me decreasing retries of 0x1e
	    (upstream default) to 0x4.  But, I think it is better to
	    start with lower initial MCS instead of always having a
	    very high retry count.

Tested on 8devices Jalapeno dev board(IPQ4019)

Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [neatify]
2019-05-11 16:37:11 +02:00
Klaus Kudielka
ad62247800 base-files: improve lib/upgrade/common.sh
Recently, upgrade device autodetection has been added to the mvebu target.
This exposes some shortcomings of the generic export_bootdevice function,
e.g. on the Turris Omnia: export_bootdevice silently reports the root
partition to be the boot device. This makes the sysupgrade process fail at
several places.

Fix this by clearly distinguishing between /proc/cmdline arguments which
specify the boot disk, and those which specify the root partition. Only in
the latter case, strip off the partition, and do it consistently.
root=PARTUUID=<pseudo PARTUUID for MBR> (any partition) and root=/dev/*
(any partition) are accepted.

The root of the problem is that the *existing* export_bootdevice in
/lib/upgrade/common.sh behaves differently, if the kernel is booted with
root=/dev/..., or if it is booted with root=PARTUUID=...

In the former case, it reports back major/minor of the root partition,
in the latter case it reports back major/minor of the complete boot disk.

Targets, which boot with root=/dev/... *and* use export_bootdevice /
export_partdevice, have added workarounds to this behaviour, by specifying
*negative* increments to the export_partdevice function.

Consequently, those targets have to be adapted to use positive increments,
otherwise they are broken by the change to export_bootdevice.

Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 16:37:11 +02:00
Deng Qingfang
367813b9b1 ramips: mt7620: fix dependencies
MT7620 integrated WMAC does not need RT2x00 PCI driver or firmware
Also corrected kmod-eeprom-93cx6 and kmod-lib-crc-itu-t dependencies
according to original Kconfig and lsmod output

This will remove some unnecessary packages from MT7620 target to
save some space

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[75 characters per line in the commit message]
2019-05-11 01:05:11 +02:00
Hans Dedecker
290a7dc0c7 procd: fix compile issue
1361b97 container: include stdbool.h

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-09 18:33:39 +02:00
Hans Dedecker
165d598521 netifd: update to latest git HEAD
f6fb700 interface-ip: fine tune IPv6 mtu warning
975a5c4 interface: tidy ipv6 mtu warning

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-08 22:15:19 +02:00
Hans Dedecker
792c9fc8ca procd: update to latest git HEAD
9b35439 procd: detect lxc container and behave accordingly

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-08 20:52:45 +02:00
Rosen Penev
4760541027 elfutils: Fix compile with uClibc-ng
Probably glibc too. argp_help takes a char *. not const char *.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
2019-05-05 21:11:01 +02:00
Tomasz Maciej Nowak
b18d1d5d3f uboot-tegra: bump to 2019.04
This version has important change for tegra boards which is reserving
32MB memory for Linux kernel instead of current 16MB.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-05 21:11:01 +02:00
Arthur Skowronek
fc23bcdaa2 base-files: add service_stopped as a post stop hook
Purpose of these changes is to introduce a hook for post service
shutdown in a similar fashion to the existing hook service_started. I
found it to be useful to specify a hook that is called once the service
has been stopped and not before the service is stopped like the
stop_service hook does.

The concrete use case I have for this is that I'm running a binary that
takes over the hardware watchdog timer. Said binary unfortunately can
not use ubus directly to tell procd to hand over the watchdog timer so
this has to be done in the service file for the binary in question. In
order to support a clean handover of the watchdog timer back to procd,
the service init script has to dispatch the ubus invocation once the
binary in question has been stopped.

Signed-off-by: Arthur Skowronek <ags@digineo.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[added commit message, use the same form as other hooks]
2019-05-05 21:11:01 +02:00
Hauke Mehrtens
1325e74e0c kernel: Remove support for kernel 3.18
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.

The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 22:41:38 +02:00
Hauke Mehrtens
675832de79 xburst: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
cd3b298533 omap24xx: Remove unmaintained target
This target only supports kernel 4.1, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
e6f9a8e89b au1000: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
2d0a2ff1e0 adm5120: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Rafał Miłecki
2c3dd70741 procd: add procd_running() helper for checking running state
This should be helpful for implementing service_running() in procd init
scripts.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: John Crispin <john@phrozen.org>
2019-05-02 22:14:19 +02:00
Hans Dedecker
8696f0c3e3 procd: update to latest git HEAD
01f3dc8 instance: dump user and group as well

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-02 17:39:16 +02:00
Michael Heimpold
218b1bbecd procd: allow passing optional group instance parameter
Sometimes is desirable to run a process with a specific group id
instead of the default one which is derived from passwd entry.
This can be achived now by using procd_set_param group $mygroup.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
2019-05-02 17:39:16 +02:00
Michael Heimpold
a12ab07e21 procd: allow passing optional syslog facility as instance parameter
Optional syslog facility can be set by adding procd_set_param facility
$myfacility.
While at, also add stdout/stderr documentation.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
2019-05-02 17:38:51 +02:00
Robert Marko
a9190ee3a4 kernel: iio: Fix BMP280 Auto probing
Currently Auto probing for BMP/BME280 does not work because kernel
module name in the call is not correct.
Package name was used instead of kernel module name.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-05-02 09:35:35 +02:00
Rafał Miłecki
d6643aca34 libroxml: bump to the 3.0.1 version
Some of changes:
* Support for local-name()
* General refactoring
* Better parsing performance
* Fix possible buffer overflow & memleak
* Validation checks
* More commit functions (file, buffer, fd)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-05-01 07:25:55 +02:00
Hans Dedecker
430b66bbe8 procd: update to latest git HEAD
cfaed56 procd: add SIGPWR as signal
a30a8fd procd: copy the respawn property of new instance

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-29 21:48:09 +02:00
Daniel Golle
26dafeeba4 mac80211: rt2x00: replace patches with upstream version
Support for RT3883/RT3663 was merged upstream [1]. Use that patch
instead of our original series. The resulting source tree is
exactly identical, this commit is merely reorganizing the patches.

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git/commit/?id=d0e61a0f7cca51ce340a5a73595189972122ff25

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-29 18:39:04 +02:00
Eneas U de Queiroz
17cb490ac4 openssl: build kmods only if engines are selected
Add a conditional to the individual package's for the kmods in DEPENDS.
This avoids the need to compile the kernel modules when the crypto
engine packages are not selected.  The final binares are not affected by
this.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2019-04-26 15:31:34 +02:00
Jose Olivera
40de4c038a elfutils: bump to 0.176
*Fixes:
  -CVE-2019-7150
  -CVE-2019-7149
  -CVE-2019-7146
  -CVE-2019-7665
  -CVE-2019-7664
  -CVE-2019-7148

*Refresh 003-libintl-compatibility.patch

*Also reset PKG_RELEASE.

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
2019-04-26 10:04:47 +02:00
Felix Fietkau
6e7e2f4421 mac80211: fix regression in skb resizing optimization in monitor mode (FS#2254)
struct ieee80211_local needs to be passed in separately instead of
dereferencing the (potentially NULL) sdata

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-24 09:33:38 +02:00
Koen Vandeputte
6afe175e5e ath10k-ct: Update to 2019-04-08
9cd701a4f028 ath10k-ct:  Add PN get/set API for wave-2 firmware.
5c8a4668323b ath10k-ct:  Support over-riding the power ctl table in eeprom
75e2705f31bb ath10k-ct:  CCA, eeprom, other changes.
a696e602a0fc ath10k-ct:  Attempt to fix-out-of-tree compile for 4.16
a2aec62262df ath10k:  Improve beacon tx status for 4.20 kernel.
be5c21a82b15 ath10k-ct:  Fix out-of-tree compile for 4.20, pull in stable changes for 4.19

Fixes compile errors when using the 4.20 flavour.
Also the amount of beacon errors seems to have dropped.

Tested on a Mikrotik RB912UAGS-5HPacD

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-23 13:22:31 +02:00
Jo-Philipp Wich
f00a4ae6e0 Revert "uhttpd: disable concurrent requests by default"
This reverts commit c6aa9ff388.

Further testing has revealed that we will need to allow concurrent
requests after all, especially for situations where CGI processes
initiate further HTTP requests to the local host.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-23 08:15:46 +02:00
Eneas U de Queiroz
8abb505048 openssl: add Eneas U de Queiroz as maintainer
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-22 21:37:31 +02:00
Eneas U de Queiroz
ff9ac986ce openssl: fix OPENSSL_config bug affecting wget
This applies an upstream patch that fixes a OPENSSL_config() bug that
causes SSL initialization to fail when the openssl.cnf file is not
found.  The config file is not installed by default.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-22 20:30:02 +02:00
Hans Dedecker
47dc4f96cb nghttp2: bump to 1.38.0
4a9d2005 Update manual pages
acf6a922 Bump up version number to 1.38.0, LT revision to 31:3:17
4ff45821 Update AUTHORS
42dce01e Merge branch 'nghttpx-fix-backend-selection-on-retry'
a35059e3 nghttpx: Fix bug that altered authority and path affect backend selection
5a30fafd Merge branch 'nghttpx-fix-chunked-request-stall'
dce91ad3 Merge branch 'nghttpx-dont-log-authorization'
2cff8b43 nghttpx: Fix bug that chunked request stalls
be96654d nghttpx: Don't log authorization request header field value with -LINFO
ce962c3f Merge branch 'update-http-parser'
f931504e Update http-parser to v2.9.1
d978f351 Fix bug that on_header callback is still called after stream is closed
ec519f22 Merge pull request #1270 from baitisj/master
e8b213e3 Bump up version number to 1.38.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-22 13:42:24 +02:00
Hans Dedecker
399aa0b933 odhcpd: update to latest git HEAD (FS#2243, FS#2244)
6633efe router: fix dns search list option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-19 19:24:39 +02:00
Rosy Song
524810ce6d dropbear: allow build without dbclient
This can save ~16KBytes size for the ipk

Signed-off-by: Rosy Song <rosysong@rosinson.com>
2019-04-18 22:34:19 +02:00
Rafał Miłecki
083056c83f mac80211: brcm: backport brcmfmac 5.2 patches
This includes some USB fixes and early work on FullMAC firmware crash
recovery.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-04-18 10:16:10 +02:00
Hans Dedecker
e20c2909a5 odhcpd: update to latest git HEAD (FS#2206)
38bc630 router: use ra_lifetime as lifetime for RA options (FS#2206)
0523bdd router: improve code readibility
0a3b279 Revert "router:"
207f8e0 treewide: align syslog loglevels
f1d7da9 router:
0e048ac treewide: fix compiler warnings
83698f6 CMakeList.txt: enable extra compiler checks

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-17 14:43:38 +02:00
Eneas U de Queiroz
450d44a8ea openssl: change defaults: ENGINE:on, NPN:off, misc
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enable engine support by default.  Right now, some packages require
this, so it is always enabled by the bots.  Many packages will compile
differently when engine support is detected, needing engine symbols from
the libraries.

However, being off by default, a user compiling its own image will fail
to run some popular packages from the official repo.
Note that disabling engines did not work in 1.0.2, so this problem never
showed up before.

NPN support has been removed in major browsers & servers, and has become
a small bloat, so it does not make sense to leave it on by default.

Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-17 11:26:55 +02:00
Lucian Cristian
e762f5d44a kernel: Fix kmod-drm-amdgpu and kmod-drm-radeon dependencies
Currently the Geode builds fails on following kernel module missing
dependencies:

 Package kmod-drm-amdgpu is missing dependencies for the following libraries:
 backlight.ko
 drm_kms_helper.ko
 fb.ko
 ttm.ko

So this patch tries to fix the kmod-drm-amdgpu module dependecies.

Fixes: 2f239c0 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918e ("x86: video: add radeon DRM module support")
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-04-16 22:51:29 +02:00
Martin Schiller
e79b9601bf procd/hotplug: add dependency to dialout and audio group
Commit 6e060bd62c introduced a dependency to the dialout group.
Adding this group to the "group" file in the base-files package is not
enough to handle this dependency, because after a sysupgrade this entry
will be missing in the "group" file.

To address this problem the dependencies to the required groups needs to
be set in the Makefile of the procd package.
Then, the uci-default script "13_fix_group_user" will add the groups
on first boot-up after a sysupgrade.

Fixes: 6e060bd62c ("base-files/hotplug: fix dedicated group for tty devices")
Tested-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2019-04-16 22:51:29 +02:00
Hans Dedecker
3e803499c3 netifd: update to latest git HEAD
666c14f system-linux: remove debug tracing
08989e4 interface: add neighbor config support
bfd4de3 interface: fix "if-down" hotplug event handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-15 23:20:20 +02:00
Christian Lamparter
d599890efd layerscape: unbreak ehci-fsl interaction with mpc85xx
Both targets have their own idea of how to use ehci-fsl.
This patch reverts part of commit
68b8d3b079 ("kernel: usb: add FSL EHCI package") and moves
ehci-fsl back into kmod-usb2, while also making it hopefully
useable for the mpc85xx target.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-04-15 00:20:56 +02:00
Petr Štetiar
ecdd26fe2b umbim: update to latest git HEAD
24f9dc7 Iron out all extra compiler warnings
9d8dbc9 Enable extra compiler checks
ff8d356 mbim-proxy support
ccca03f umbim: add registration set support

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-15 00:01:57 +02:00
Petr Štetiar
8293e7532f mac80211: Fix rate_idx underflow in mwl8k (FS#2218)
Add a patch for mwl8k which fixes endless reboot loops on Linksys EA4500
with certain 5G configurations.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-14 23:42:03 +02:00
David Bauer
68b8d3b079 kernel: usb: add FSL EHCI package
Add kernel module package for the Freescale USB2 EHCI used on the
mpc85xx platform.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-04-13 15:09:09 +02:00
Daniel Golle
9385ff654e mac80211: rt2x00: replace patch with upstream version
Replace the patch introduced by commit d0b969eee8 ("mac80211: rt2x00:
do not increment sequence number while re-transmitting") was merged
into wireless-drivers.git. Replace our version with the merged version.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-12 22:14:47 +02:00
Daniel Golle
44ae5f37fb uboot-envtools: fix fw_env.config for ox820/stg-212
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-11 19:21:55 +02:00
Stefan Lippers-Hollmann
8f17c019a1 hostapd: fix CVE-2019-9497, CVE-2019-9498, CVE-2019-9499
EAP-pwd missing commit validation

Published: April 10, 2019
Identifiers:
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for
  scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for
  scalar/element)

Latest version available from: https://w1.fi/security/2019-4/

Vulnerability

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate the received scalar and element
values in EAP-pwd-Commit messages properly. This could result in attacks
that would be able to complete EAP-pwd authentication exchange without
the attacker having to know the used password.

A reflection attack is possible against the EAP-pwd server since the
hostapd EAP server did not verify that the EAP-pwd-Commit contains
scalar/element values that differ from the ones the server sent out
itself. This allows the attacker to complete EAP-pwd authentication
without knowing the password, but this does not result in the attacker
being able to derive the session key (MSK), i.e., the attacker would not
be able to complete the following key exchange (e.g., 4-way handshake in
RSN/WPA).

An attack using invalid scalar/element values is possible against both
the EAP-pwd server and peer since hostapd and wpa_supplicant did not
validate these values in the received EAP-pwd-Commit messages. If the
used crypto library does not implement additional checks for the element
(EC point), this could result in attacks where the attacker could use a
specially crafted commit message values to manipulate the exchange to
result in deriving a session key value from a very small set of possible
values. This could further be used to attack the EAP-pwd server in a
practical manner. An attack against the EAP-pwd peer is slightly more
complex, but still consider practical. These invalid scalar/element
attacks could result in the attacker being able to complete
authentication and learn the session key and MSK to allow the key
exchange to be completed as well, i.e., the attacker gaining access to
the network in case of the attack against the EAP server or the attacker
being able to operate a rogue AP in case of the attack against the EAP
peer.

While similar attacks might be applicable against SAE, it should be
noted that the SAE implementation in hostapd and wpa_supplicant does
have the validation steps that were missing from the EAP-pwd
implementation and as such, these attacks do not apply to the current
SAE implementation. Old versions of wpa_supplicant/hostapd did not
include the reflection attack check in the SAE implementation, though,
since that was added in June 2015 for v2.5 (commit 6a58444d27fd 'SAE:
Verify that own/peer commit-scalar and COMMIT-ELEMENT are different').

Vulnerable versions/configurations

All hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build
configuration and EAP-pwd being enabled in the runtime configuration)
are vulnerable against the reflection attack.

All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration) are vulnerable against the invalid
scalar/element attack when built against a crypto library that does not
have an explicit validation step on imported EC points. The following
list indicates which cases are vulnerable/not vulnerable:
- OpenSSL v1.0.2 or older: vulnerable
- OpenSSL v1.1.0 or newer: not vulnerable
- BoringSSL with commit 38feb990a183 ('Require that EC points are on the
  curve.') from September 2015: not vulnerable
- BoringSSL without commit 38feb990a183: vulnerable
- LibreSSL: vulnerable
- wolfssl: vulnerable

Acknowledgments

Thanks to Mathy Vanhoef (New York University Abu Dhabi) for discovering
and reporting the issues and for proposing changes to address them in
the implementation.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  CVE-2019-9497:
  EAP-pwd server: Detect reflection attacks

  CVE-2019-9498:
  EAP-pwd server: Verify received scalar and element
  EAP-pwd: Check element x,y coordinates explicitly

  CVE-2019-9499:
  EAP-pwd client: Verify received scalar and element
  EAP-pwd: Check element x,y coordinates explicitly

  These patches are available from https://w1.fi/security/2019-4/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
57ab9e3add hostapd: fix CVE-2019-9496
hostapd: fix SAE confirm missing state validation

Published: April 10, 2019
Identifiers:
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
Latest version available from: https://w1.fi/security/2019-3/

Vulnerability

When hostapd is used to operate an access point with SAE (Simultaneous
Authentication of Equals; also known as WPA3-Personal), an invalid
authentication sequence could result in the hostapd process terminating
due to a NULL pointer dereference when processing SAE confirm
message. This was caused by missing state validation steps when
processing the SAE confirm message in hostapd/AP mode.

Similar cases against the wpa_supplicant SAE station implementation had
already been tested by the hwsim test cases, but those sequences did not
trigger this specific code path in AP mode which is why the issue was
not discovered earlier.

An attacker in radio range of an access point using hostapd in SAE
configuration could use this issue to perform a denial of service attack
by forcing the hostapd process to terminate.

Vulnerable versions/configurations

All hostapd versions with SAE support (CONFIG_SAE=y in the build
configuration and SAE being enabled in the runtime configuration).

Possible mitigation steps

- Merge the following commit to hostapd and rebuild:

  SAE: Fix confirm message validation in error cases

  These patches are available from https://w1.fi/security/2019-3/

- Update to hostapd v2.8 or newer, once available

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
262229e924 hostapd: fix CVE-2019-9495
EAP-pwd side-channel attack

Published: April 10, 2019
Identifiers:
- CVE-2019-9495 (cache attack against EAP-pwd)
Latest version available from: https://w1.fi/security/2019-2/

Vulnerability

Number of potential side channel attacks were recently discovered in the
SAE implementations used by both hostapd and wpa_supplicant (see
security advisory 2019-1 and VU#871675). EAP-pwd uses a similar design
for deriving PWE from the password and while a specific attack against
EAP-pwd is not yet known to be tested, there is no reason to believe
that the EAP-pwd implementation would be immune against the type of
cache attack that was identified for the SAE implementation. Since the
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) does not support MODP groups, the timing attack described against
SAE is not applicable for the EAP-pwd implementation.

A novel cache-based attack against SAE handshake would likely be
applicable against the EAP-pwd implementation. Even though the
wpa_supplicant/hostapd PWE derivation iteration for EAP-pwd has
protections against timing attacks, this new cache-based attack might
enable an attacker to determine which code branch is taken in the
iteration if the attacker is able to run unprivileged code on the victim
machine (e.g., an app installed on a smart phone or potentially a
JavaScript code on a web site loaded by a web browser). This depends on
the used CPU not providing sufficient protection to prevent unprivileged
applications from observing memory access patterns through the shared
cache (which is the most likely case with today's designs).

The attacker could use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full recovery of the used password if that password is
not strong enough to protect against dictionary attacks.

This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on an authentication server
(EAP server), so the most likely target for this would be a client
device using EAP-pwd.

The commits listed in the end of this advisory change the EAP-pwd
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.

Vulnerable versions/configurations

All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration).

It should also be noted that older versions of wpa_supplicant/hostapd
prior to v2.7 did not include additional protection against certain
timing differences. The definition of the EAP-pwd (RFC 5931) does not
describe such protection, but the same issue that was addressed in SAE
earlier can be applicable against EAP-pwd as well and as such, that
implementation specific extra protection (commit 22ac3dfebf7b, "EAP-pwd:
Mask timing of PWE derivation") is needed to avoid showing externally
visible timing differences that could leak information about the
password. Any uses of older wpa_supplicant/hostapd versions with EAP-pwd
are recommended to update to v2.7 or newer in addition to the mitigation
steps listed below for the more recently discovered issue.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  OpenSSL: Use constant time operations for private bignums
  Add helper functions for constant time operations
  OpenSSL: Use constant time selection for crypto_bignum_legendre()
  EAP-pwd: Use constant time and memory access for finding the PWE

  These patches are available from https://w1.fi/security/2019-2/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

- Use strong passwords to prevent dictionary attacks

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
af606d077f hostapd: fix CVE-2019-9494
SAE side-channel attacks

Published: April 10, 2019
Identifiers:
- VU#871675
- CVE-2019-9494 (cache attack against SAE)
Latest version available from: https://w1.fi/security/2019-1/

Vulnerability

Number of potential side channel attacks were discovered in the SAE
implementations used by both hostapd (AP) and wpa_supplicant
(infrastructure BSS station/mesh station). SAE (Simultaneous
Authentication of Equals) is also known as WPA3-Personal. The discovered
side channel attacks may be able to leak information about the used
password based on observable timing differences and cache access
patterns. This might result in full password recovery when combined with
an offline dictionary attack and if the password is not strong enough to
protect against dictionary attacks.

Cache attack

A novel cache-based attack against SAE handshake was discovered. This
attack targets SAE with ECC groups. ECC group 19 being the mandatory
group to support and the most likely used group for SAE today, so this
attack applies to the most common SAE use case. Even though the PWE
derivation iteration in SAE has protections against timing attacks, this
new cache-based attack enables an attacker to determine which code
branch is taken in the iteration if the attacker is able to run
unprivileged code on the victim machine (e.g., an app installed on a
smart phone or potentially a JavaScript code on a web site loaded by a
web browser). This depends on the used CPU not providing sufficient
protection to prevent unprivileged applications from observing memory
access patterns through the shared cache (which is the most likely case
with today's designs).

The attacker can use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full discovery of the used password.

This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on access points, so the
most likely target for this would be a client device using SAE in an
infrastructure BSS or mesh BSS.

The commits listed in the end of this advisory change the SAE
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.

Timing attack

The timing attack applies to the MODP groups 22, 23, and 24 where the
PWE generation algorithm defined for SAE can have sufficient timing
differences for an attacker to be able to determine how many rounds were
needed to find the PWE based on the used password and MAC
addresses. When the attack is repeated with multiple times, the attacker
may be able to gather enough information about the password to be able
to recover it fully using an offline dictionary attack if the password
is not strong enough to protect against dictionary attacks. This attack
could be performed by an attacker in radio range of an access point or a
station enabling the specific MODP groups.

This timing attack requires the applicable MODP groups to be enabled
explicitly in hostapd/wpa_supplicant configuration (sae_groups
parameter). All versions of hostapd/wpa_supplicant have disabled these
groups by default.

While this security advisory lists couple of commits introducing
additional protection for MODP groups in SAE, it should be noted that
the groups 22, 23, and 24 are not considered strong enough to meet the
current expectation for a secure system. As such, their use is
discouraged even if the additional protection mechanisms in the
implementation are included.

Vulnerable versions/configurations

All wpa_supplicant and hostapd versions with SAE support (CONFIG_SAE=y
in the build configuration and SAE being enabled in the runtime
configuration).

Acknowledgments

Thanks to Mathy Vanhoef (New York University Abu Dhabi) and Eyal Ronen
(Tel Aviv University) for discovering the issues and for discussions on
how to address them.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  OpenSSL: Use constant time operations for private bignums
  Add helper functions for constant time operations
  OpenSSL: Use constant time selection for crypto_bignum_legendre()
  SAE: Minimize timing differences in PWE derivation
  SAE: Avoid branches in is_quadratic_residue_blind()
  SAE: Mask timing of MODP groups 22, 23, 24
  SAE: Use const_time selection for PWE in FFC
  SAE: Use constant time operations in sae_test_pwd_seed_ffc()

  These patches are available from https://w1.fi/security/2019-1/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

- In addition to either of the above alternatives, disable MODP groups
  1, 2, 5, 22, 23, and 24 by removing them from hostapd/wpa_supplicant
  sae_groups runtime configuration parameter, if they were explicitly
  enabled since those groups are not considered strong enough to meet
  current security expectations. The groups 22, 23, and 24 are related
  to the discovered side channel (timing) attack. The other groups in
  the list are consider too weak to provide sufficient security. Note
  that all these groups have been disabled by default in all
  hostapd/wpa_supplicant versions and these would be used only if
  explicitly enabled in the configuration.

- Use strong passwords to prevent dictionary attacks

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Hans Dedecker
d1739c6c9a procd: update to latest git HEAD
baaf38c procd: instance: Support deleting stopped instances

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-10 14:16:53 +02:00
Florian Eckert
2101002b3d wireguard: remove obvious comments
Remove obvious comments to save disk space.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-04-09 22:25:11 +02:00
Florian Eckert
78b6931a1a wireguard: converted whitespaces from space to tab
With this change, the file is reduced from 5186 bytes to 4649 bytes that
its approximately 10.5 percent less memory consumption. For small
devices, sometimes every byte counts.
Also, all other protocol handler use tabs instead of spaces.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-04-09 22:25:02 +02:00
Hans Dedecker
c8a8294f6e ethtool: bump to 5.0
170d821 Release version 5.0.
909f8c0 Revert "ethtool: change to new sane powerpc64 kernel headers"
a484274 ethtool: dsa: mv88e6xxx: add pretty dump for others
034a17b ethtool: dsa: mv88e6xxx: add pretty dump for 88E6390
7f1cc44 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6352
a13a053 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6161
4e98029 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6185
ff99e46 ethtool: dsa: mv88e6xxx: add pretty dump
cb8e980 ethtool: dsa: add pretty dump
4df55c8 ethtool: change to new sane powerpc64 kernel headers
0cb963e ethtool: zero initialize coalesce struct
8f05538 ethtool: don't report UFO on kernels v4.14 and above

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-09 14:27:59 +02:00
Daniel Gimpelevich
f61e754522 ath79: add support for Netgear EX6400 and EX7300
This is sold as a dual-band 802.11ac range extender. It has a sliding
switch for Extender mode or Access Point mode, a WPS button, a recessed
Reset button, a hard-power button, and a multitude of LED's, some
multiplexed via an NXP 74AHC164D chip. The internal serial header pinout is
Vcc, Tx, Rx, GND, with GND closest to the corner of the board. You may
connect at 115200 bps, 8 data bits, no parity, 1 stop bit.

Specification:
- System-On-Chip: QCA9558
- CPU/Speed: 720 MHz
- Flash-Chip: Winbond 25Q128FVSG
- Flash size: 16 MiB
- RAM: 128 MiB
- Wireless No1: QCA9558 on-chip 2.4GHz 802.11bgn, 3x3
- Wireless No2: QCA99x0 chip 5GHz 802.11an+ac, 4x4
- PHY: Atheros AR8035-A

Installation:
If you can get to the stock firmware's firmware upgrade option, just feed
it the factory.img and boot as usual. As an alternative, TFTP the
factory.img to the bootloader.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
[whitespace fix in DTS and reorder of make variables]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-09 11:09:26 +02:00
Petr Štetiar
adb0a420e5 uboot-envtools: imx6: Add support for Toradex Apalis board family
This patch is needed in order to be able to use fw_{set,print}env
commands.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-08 18:37:03 +02:00
Petr Štetiar
136001675e uboot-imx6: Add support for Toradex Apalis board family
This patch is needed in order to properly boot OpenWrt bootscript.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-08 18:37:03 +02:00
Hans Dedecker
80568e5854 dropbear: bump to 2019.78
Fix dbclient regression in 2019.77. After exiting the terminal would be left
in a bad state. Reported by Ryan Woodsmall

drop patch applied upstream:
	010-tty-modes-werent-reset-for-client.patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-07 20:32:55 +02:00
Stijn Tintel
310e2764a8 ubox: bump to git HEAD
5130fa4 kmodloader: fix and optimize loading of failed modules

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-04-07 19:37:18 +03:00
Michael Heimpold
32a6c252db wpan-tools: clean up Makefile
When we only call the default, we do not need to define it explicitly.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-04-06 19:14:06 +02:00
Michael Heimpold
007e947976 fconfig: cleanup Makefile
We do not need to define an empty Build/Configure since
the default checks for existing ./configure and does nothing
in case nothing is found.

Similar for Build/Compile: we can remove the definition
when we only call the default.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-04-06 19:14:06 +02:00
Rosen Penev
2a8175a7ac kernel: Add RIPEMD160 module
After getting rid of cryptsetup's heavy openssl dependency, there is now
the problem of missing RIPEMD160 support. RIPEMD160 is used for True/Vera
crypt volumes as well as old LUKS1 ones.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-04-06 19:14:06 +02:00
Tomasz Maciej Nowak
afef17e24d base-files: add leds migration
Currently leds migration scripts in ar71xx and lantiq share a lot of
logic and introducing leds migration to another target would mean
copying this code, again. Therefore add common logic to library in
base-files package.

Suggested-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 19:14:05 +02:00
Jason A. Donenfeld
549d44736a wireguard: bump to 0.0.20190406
* allowedips: initialize list head when removing intermediate nodes

Fix for an important regression in removing allowed IPs from the last
snapshot. We have new test cases to catch these in the future as well.

* tools: warn if an AllowedIP has a nonzero host part

If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8)
will now print a warning. Even though we mask this automatically down to
192.168.1.0/24, usually when people specify it like this, it's a mistake.

* wg-quick: add 'strip' subcommand

The new strip subcommand prints the config file to stdout after stripping
it of all wg-quick-specific options. This enables tricks such as:
`wg addconf $DEV <(wg-quick strip $DEV)`.

* tools: avoid unneccessary next_peer assignments in sort_peers()

Small C optimization the compiler was probably already doing.

* peerlookup: rename from hashtables
* allowedips: do not use __always_inline
* device: use skb accessor functions where possible

Suggested tweaks from Dave Miller.

* blake2s: simplify
* blake2s: remove outlen parameter from final

The blake2s implementation has been simplified, since we don't use any of the
fancy tree hashing parameters or the like. We also no longer separate the
output length at initialization time from the output length at finalization
time.

* global: the _bh variety of rcu helpers have been unified
* compat: nf_nat_core.h was removed upstream
* compat: backport skb_mark_not_on_list

The usual assortment of compat fixes for Linux 5.1.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-04-06 17:26:47 +02:00
Luis Araneda
177a634e18 kernel: can: add Xilinx CAN IP kernel module package
This driver is required to use the CAN IP on devices
from the zynq target

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-04-06 16:31:10 +02:00
Luis Araneda
82b0230bc1 kernel: sound: add missing symbol to sound-soc-core
This fixes compilation on zynq target when migrating
to sound kmod packages

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-04-06 16:31:10 +02:00
Hauke Mehrtens
3183430df4 mac80211: update to version 4.19.32-1
The removed patches are now integrated in the upstream kernel.
Refresh all patches on top of the new backports release.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 16:31:04 +02:00
Josef Schlehofer
4ebd66d7a9 mbedtls: update to version 2.16.1
Refreshed patches

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 16:30:43 +02:00
Tomasz Maciej Nowak
6541897796 kernel: package rtc-em3027 module
Support for Microelectronic EM3027 real time clock chip.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Tomasz Maciej Nowak
1b3dda179a uboot-tegra: add U-Boot for tegra boards
Add U-Boot for NVIDIA Tegra based boards, with the first being CompuLab
TrimSlice. This is part of initial support for this board.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Tomasz Maciej Nowak
42f96ed941 tegra: add new target
New target introduces initial support for NVIDIA Tegra SoC based devices.
It focuses on Tegra 2 CPUs, for successors supporting NEON instruction
set the target should be split in two subtargets.
This initial commit doesn't create any device image, it's groundwork
for further additions.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Daniel Engberg
de3eb0d8a0 curl: Update to 7.64.1
Update curl to 7.64.1
Remove deprecated patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 13:40:29 +02:00
Hans Dedecker
f483274422 odhcpd: update to latest git HEAD
65a9519 ndp: create ICMPv6 socket per interface
c6dae8e router: create ICMPv6 socket per interface
e7b1d4b treewide: initialize properly file descriptors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-05 12:04:01 +02:00
Michael Heimpold
6e060bd62c base-files/hotplug: fix dedicated group for tty devices
Commit 124ab1dc0a and 5523ee3459 introduced the assignment of the
group "tty" to /dev/tty* devices in order to support unprivileged
user access to serial devices.

However, due to an improperly rebased commit this feature broke.

This patch restores the lost hunk in hotplug.json file to
re-introduce this feature and also renames the existing "tty" group
to "dialout" as this is the more typical name for such a group
on desktop systems.

Fixes: 5209cfa534 ("procd: fix hotplug.json syntax")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2019-04-04 17:09:40 +02:00
Felix Fietkau
b3d8b3ab8e mac80211: set noscan=1 if sta/adhoc/mesh interfaces are present
Fixes channel selection issues and suppresses an unnecessary extra scan

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-03 10:40:09 +02:00
Felix Fietkau
1dd536f1fa mac80211: improve performance by deferring tx queue selection
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-03 10:40:09 +02:00
Magnus Kroken
701b8d0050 openvpn: openssl: explicitly depend on deprecated APIs
OpenVPN as of 2.4.7 uses some OpenSSL APIs that are deprecated in
OpenSSL >= 1.1.0.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [white space fix]
2019-04-03 10:00:39 +02:00
Hans Dedecker
848d85d13b netifd: update to latest git HEAD
361b3e4 proto-shell: return error in case setup fails
a97297d interface: set interface in TEARDOWN state when checking link state

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-01 23:12:29 +02:00
Magnus Kroken
4376c06e80 openvpn: update to 2.4.7
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2019-04-01 11:23:43 +02:00
Kabuli Chana
6ba3d70c95 mwlwifi: Fix pcie timeout issue
Increase MAX_WAIT_FW_COMPLETE_ITERATIONS to 10000 as before commit
e5e0700 to prevent timeout as reported here: #308 (Original OP issue is
probably not related though as his post preceeds commit e5e0700).

compile/test target mvebu/mamba, rango

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
[commit subject and message tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-01 10:05:49 +02:00
Christian Lamparter
fbe2e7d15e ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1 / 10.1:
2019-03-28: Fix sometimes using bad TID for management frames
	    in htt-mgt mode. (Backported from wave2, looks
	    like bug would be the same though.)

Release notes for wave-2 / 10.4:
2019-03-28: Fix off-channel scanning while associated in
	    proxy-station mode.

2019-03-29: Fix sometimes sending mgt frames on wrong tid when
	    using htt-mgt. This bug has been around since I first
	    enabled htt-mgt mode.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-30 10:36:31 +01:00
Hans Dedecker
6df5ab89cf odhcpd: update to latest git HEAD
7798d50 netlink: rework IPv4 address refresh logic
0b20876 netlink: rework IPv6 address refresh logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-29 15:55:08 +01:00
Daniel Golle
b0395cfc56 iwinfo: Fix 802.11ad channel to frequency
c2cfe9d iwinfo: Fix 802.11ad channel to frequency

Fixes 9725aa271a ("iwinfo: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-28 15:20:58 +01:00
Petr Štetiar
1e55171a12 fstools: update to the latest master branch
ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant
bc2c876 libfstools: Print error in case of loop blkdev failure

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-03-28 12:57:08 +01:00
Alexander Couzens
95f07502b7
package/uboot-omap: backport patches to fix build
* 106: fix build when libfdt-devel is installed on host
* 107: fix stdbool.h includes

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-03-28 02:10:12 +01:00
Daniel Golle
28920330f8 wireguard: introduce 'nohostroute' option
Instead of creating host-routes depending on fwmark as (accidentally)
pushed by commit
1e8bb50b93 ("wireguard: do not add host-dependencies if fwmark is set")
use a new config option 'nohostroute' to explicitely prevent creation
of the route to the endpoint.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:59:03 +01:00
Daniel Golle
1e8bb50b93 wireguard: do not add host-dependencies if fwmark is set
The 'fwmark' option is used to define routing traffic to
wireguard endpoints to go through specific routing tables.
In that case it doesn't make sense to setup routes for
host-dependencies in the 'main' table, so skip setting host
dependencies if 'fwmark' is set.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:53:14 +01:00
Hans Dedecker
b2152c8e6b odhcpd: update to latest git HEAD (FS#2204)
420945c netlink: fix IPv6 address updates (FS#2204)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-27 21:05:07 +01:00
Koen Vandeputte
555ee02f77 kernel: fix missing dependency in 4.14.108
The 4.14.108 bump introduced a missing dependency when building
specific netfilters.

Thsi was not seen as the error does not occur on all targets.

Thanks to Jo-Philipp Wich for providing the fix

Fixes: af6c86dbe5 ("kernel: bump 4.14 to 4.14.108")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-27 16:46:39 +01:00
Felix Fietkau
b65a270c85 mt76: update to the latest version
f2a18f5 mt76x02: introduce mt76x02_beacon.c
91ade88 mt76x02: add hrtimer for pre TBTT for USB
6370485 mt76x02: introduce beacon_ops
37af803 mt76x02u: implement beacon_ops
41d6190 mt76x02: generalize some mmio beaconing functions
dcccc04 mt76x02u: add sta_ps
5ac5289 mt76x02: disable HW encryption for group frames
e284cc2 mt76x02u: implement pre TBTT work for USB
77e56b8 mt76x02: make beacon slots bigger for USB
d4c740f mt76x02u: add mt76_release_buffered_frames
65e6344 mt76: unify set_tim
f720e49 mt76x02: enable AP mode for USB
cf1838d mt76usb: change mt76u_submit_buf
16b2ccf mt76: remove rx_page_lock
e1bfbeb mt76usb: change mt76u_fill_rx_sg arguments
e9c0171 mt76usb: use usb_dev private data
a4eb5db mt76usb: remove mt76u_buf redundant fileds
3f9b68d mt76usb: move mt76u_buf->done to queue entry
4a366bd mt76usb: remove mt76u_buf and use urb directly
0904bc4 mt76usb: remove MT_RXQ_MAIN queue from mt76u_urb_alloc
42f2899 mt76usb: resue mt76u_urb_alloc for tx
4d4d73a mt76usb: remove unneded sg_init_table
57309c7 mt76usb: allocate urb and sg as linear data
2e89721 mt76usb: remove queue variable from rx_tasklet
30a256a mt76x02: remove extra_tx_headroom (obsoleted by mac8211 skb aligning)
ae166b0 Revert "mt76: mt7603: store software PN/IV in wcid"
bf6e72d Revert "mt76: mt76x02: store software PN/IV in wcid"
a11b673 mt76: fix tx power issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-27 13:05:03 +01:00
Hauke Mehrtens
6af639e0bf linux: Add kmod-sched-act-vlan
This allows to configure rules to push or pop vlan headers.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
72c7e2dc46 linux: Add kmod-sched-flower
This allows to classify packets based on a configurable combination
of packet keys and masks.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
f83522fa63 linux: Add kmod-sched-mqprio
This adds Multi-queue priority scheduler (MQPRIO).

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
187ab0bceb linux: Add kmod-crxypto-xcbc
This can be used for IPsec.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Konstantin Demin
01964148c6 dropbear: split ECC support to basic and full
- limit ECC support to ec*-sha2-nistp256:
  * DROPBEAR_ECC now provides only basic support for ECC
- provide full ECC support as an option:
  * DROPBEAR_ECC_FULL brings back support for ec{dh,dsa}-sha2-nistp{384,521}
- update feature costs in binary size

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:35 +01:00
Konstantin Demin
5eb7864aad dropbear: rewrite init script startup logic to handle both host key files
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
6145e59881 dropbear: change type of config option "Port" to scalar type "port"
it was never used anywhere, even LuCI works with "Port" as scalar type.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
5d27b10c61 dropbear: introduce config option "keyfile" (replacement for "rsakeyfile")
* option "keyfile" is more generic than "rsakeyfile".
* option "rsakeyfile" is considered to be deprecated and should be removed
  in future releases.
* warn user (in syslog) if option "rsakeyfile" is used
* better check options ("rsakeyfile" and "keyfile"): don't append
  "-r keyfile" to command line if file is absent (doesn't exist or empty),
  warn user (in syslog) about such files

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
efc533cc2f dropbear: add initial support for ECC host key
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
c40a84cc15 dropbear: fix regression where TTY modes weren't reset for client
cherry-pick upstream commit 7bc6280613f5ab4ee86c14c779739070e5784dfe

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
ddf1a06326 dropbear: honour CFLAGS while building bundled libtomcrypt/libtommath
Felix Fietkau pointed out that bundled libtomcrypt/libtommath do funny stuff with CFLAGS.
fix this with checking environment variable OPENWRT_BUILD in both libs.
change in dropbear binary size is drastical: 221621 -> 164277.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
9c3bfd0906 dropbear: fix hardening flags during configure
compiler complains about messed up CFLAGS in build log:
  <command-line>: warning: "_FORTIFY_SOURCE" redefined
  <command-line>: note: this is the location of the previous definition

and then linker fails:
  mips-openwrt-linux-musl-gcc [...] -o dropbearmulti [...]
  collect2: fatal error: ld terminated with signal 11 [Segmentation fault]
  compilation terminated.
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans0.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans1.ltrans.o: relocation R_MIPS_HI16 against `ses' can not be used when making a shared object; recompile with -fPIC
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans2.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
  [...]
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
  make[3]: *** [Makefile:198: dropbearmulti] Error 1
  make[3]: *** Deleting file 'dropbearmulti'
  make[3]: Leaving directory '/build_dir/target-mips_24kc_musl/dropbear-2018.76'
  make[2]: *** [Makefile:158: /build_dir/target-mips_24kc_musl/dropbear-2018.76/.built] Error 2
  make[2]: Leaving directory '/package/network/services/dropbear'

This FTBFS issue was caused by hardening flags set up by dropbear's configure script.

By default, Dropbear offers hardening via CFLAGS and LDFLAGS,
but this may break or confuse OpenWrt settings.

Remove most Dropbear's hardening settings in favour of precise build,
but preserve Spectre v2 mitigations:
* -mfunction-return=thunk
* -mindirect-branch=thunk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
a1099edf32 dropbear: bump to 2019.77
- drop patches applied upstream:
  * 010-runtime-maxauthtries.patch
  * 020-Wait-to-fail-invalid-usernames.patch
  * 150-dbconvert_standalone.patch
  * 610-skip-default-keys-in-custom-runs.patch
- refresh patches
- move OpenWrt configuration from patch to Build/Configure recipe,
  thus drop patch 120-openwrt_options.patch

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:32 +01:00
Christian Lamparter
616ec4365c ath10k-ct: Update to 2019-03-25
2e917efb607f ath10k: Add slow-pci bus work-around, sw-crypt blockack support.
cc73ceb0dbc7 ath10k: Fix out-of-tree compile for 4.16 driver.
4b3cf7c20972 ath10k: Improve tx-status reporting.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-25 21:19:40 +01:00
Christian Lamparter
f803ee3ba9 ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1:

- 2019-03-12: Add btcoex feature flag for 2.4Ghz only adapters,
	      backported from upstream 10.2 firmware.

- 2019-03-12: Support offloading decrypt of PMF blockack frames
	      to the host. This lets us do blockack with PMF and
	      rx-sw-crypt. Normal hwcrypt scenarios would not need this.

Release notes for wave-2:

- 2019-03-12: Fix crash when tearing down VI TID when pending frames
	      exist. Could reproduce this while doing rmmod when VI
	      traffic was flowing and PMF was enabled but broken.
	      Bad luck could rarely cause it to happen in more normal
	      config too.

- 2019-03-12: Support offloading decrypt of PMF blockack frames to
	      the host.  This lets us do blockack with PMF and
	      rx-sw-crypt. Normal hwcrypt scenarios would not need this.

- 2019-03-12: Re-work problematic patch that attempted to fix transmit
	      on non-QOS tids. It appears buggy in several ways,
	      hopefully improved now.  This was introduced last fall.
	      See github bug 78.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-25 21:19:39 +01:00
Felix Fietkau
503edc913b mt76: update to the latest version
4d8c7e8 mt76: mt76x02: send no-skb tx status without holding the status lock
7e9e9ad mt76: mt7603: add missing initialization for dev->ps_lock
3a7e6bb mt76: fix potential deadlock on cancelling workqueues
deacb8f mt76: fix using mac80211 tx skb header padding
c9402eb mt76: use napi polling for tx cleanup
60e508e mt76: use readl/writel instead of ioread32/iowrite32
5912e8a mt7603: fix sequence number assignment
95a83cc mt7603: send BAR after powersave wakeup

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-23 18:03:38 +01:00
Hauke Mehrtens
94ffb7be4d netifd: update to latest git HEAD
a8cf037 netifd: wireless: Add support for GCMP cipher
34a70b6 netifd: wireless: Add support for 802.11ad

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-21 17:07:52 +01:00
Hauke Mehrtens
0168af502b ubox: update to latest git HEAD
a782779 kmodloader: increase module name length

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-21 17:07:47 +01:00
Hauke Mehrtens
9725aa271a iwinfo: update to latest git HEAD
ce1814b iwinfo: Add device ID for Wilocity Wil6210
a8e8275 iwinfo: Add support for 802.11ad

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-21 17:07:43 +01:00
Hauke Mehrtens
b36d250b55 Revert "valgrind: enable LTO and refresh patches"
This reverts commit 0331770299.

With LTO enabled valgridn does not build on MIPS32 any more, deactivate
it for now. The patch refresh was not reverted.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-21 17:07:00 +01:00
Rosy Song
488e7ccfbc libnftnl: bump to latest version
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2019-03-21 17:05:44 +01:00
Eneas U de Queiroz
fc1386ccf8 openssl: revert disallowing parallel build
Openssl 1.1.0 made wholesale changes to its building system.
Apparently, parallel builds are working now.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-03-21 17:05:34 +01:00
Hans Dedecker
1ca69003fd odhcpd: update to latest git HEAD (FS#2160)
6d23385 dhcpv6: extra syslog tracing
b076916 dhcpv6/router: add support for mutiple master interfaces
e4a24dc ndp: fix adding proxy neighbor entries
4ca7f7e router: add extra syslog tracing
8318e93 netlink: fix neighbor event handling (FS#2160)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-21 16:06:10 +01:00
Christian Lamparter
41bceb0d4e uboot-fritz4040: fix PKG_MIRROR_HASH
The PKG_MIRROR_HASH was for some reason wrong.

Fixes: d75db67870 ("uboot-fritz4040: bump version to 2019-03-03")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-21 00:57:54 +01:00
Christian Lamparter
133bad46a6 adb: fix missing PKG_MIRROR_HASH
This package was missing a PKG_MIRROR_HASH value.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-21 00:57:54 +01:00
Ozgur Can Leonard
201d3d1a82 ramips: Xiaomi MIR3G: detect board name from DTS
- Former "mir3g" board name becomes "xiaomi,mir3g".
- Reorder some entries to maintain alphabetical order.
- Change DTS so status LEDs (yellow/red/blue) mimic
  Xiaomi stock firmware: (Section Indicator)
<http://files.xiaomi-mi.co.uk/files/router_pro/router%20PRO%20EN.pdf>
<http://files.xiaomi-mi.co.uk/files/Mi_WiFi_router_3/MiWiFi_router3_EN.pdf>
|Yellow: Update (LED flickering), the launch of the system (steady light);
|Blue: during normal operation (steady light);
|Red: Safe mode (display flicker), system failure (steady light);

Signed-off-by: Ozgur Can Leonard <ozgurcan@gmail.com>
[Added link to similar Router 3 model]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-21 00:57:54 +01:00
Josef Schlehofer
f22c33b40c ca-certificates: update to version 20190110
- Tested on Turris MOX, OpenWrt master
- Removed PKG_BUILD_DIR
In build_dir there were two folders
ca-certificates and ca-certificates-20190110 and it failed as files
were in ca-certificates-20190110

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
2019-03-21 00:57:54 +01:00
Steve Glennon
dc4f6b896f ipq40xx: add support for EnGenius ENS620EXT
Hardware
--------
CPU:   Qualcomm IPQ4018
RAM:   256M
FLASH: 32M SPI NOR W25Q256
ETH:   QCA8075
WiFi2: IPQ4018 2T2R 2SS b/g/n
WiFi5: IPQ4018 2T2R 2SS n/ac
LED:    - Power amber
        - LAN1(PoE) green
        - LAN2 green
        - Wi-Fi 2.4GHz green
        - Wi-Fi 5GHz green
BTN:    - WPS
UART:  115200n8 3.3V J1
       VCC(1) - GND(2) - TX(3) - RX(4)

Added basic support to get the device up and running for a sysupgrade
image only.
There is currently no way back to factory firmware, so this is a one-way
street to OpenWRT.
Install from factory condition is convoluted, and may brick your device:
1) Enable SSH and disable the CLI on the factory device from the web user
   interface (Management->Advanced)
2) Reboot the device
3) Override the default, limited SSH shell:
   a) Get into the ssh shell:
      ssh admin@192.168.1.1 /bin/sh --login
   b) Change the dropbear script to disable the limited shell. At the
      empty command prompt type:
        sed -i '/login_ssh/s/^/#/g’ dropbear
        /etc/init.d/dropbear restart
        exit
4) ssh in to a (now-) normal OpenWRT SSH session
5) Flash your built image
   a) scp openwrt-ipq40xx-engenius_ens620ext-squashfs-sysupgrade.bin
      admin@192.168.1.1:/tmp/
   b) ssh admin@192.168.1.1
   c) sysupgrade -n
      /tmp/openwrt-ipq40xx-engenius_ens620ext-squashfs-sysupgrade.bin
6) After flash completes (it may say "Upgrade failed" followed by
   "Upgrade completed") and device reboots, log in to newly flashed
   system. Note you will now need to ssh as root rather than admin.

Signed-off-by: Steve Glennon <s.glennon@cablelabs.com>
[whitespace fixes, reordered partitions, removed rng node from 4.14,
fixed 901-arm-boot-add-dts-files.patch]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-21 00:57:54 +01:00
Deng Qingfang
31078dbc76 iproute2: update to 5.0.0
Update iproute2 to 5.0.0
Remove upstream patch 001-tc-fix-undefined-XATTR_SIZE_MAX
Alter patch 170-ip_tiny as support for IPX and DECnet is dropped
Update patch 010-cake-fwmark to match upstream commit

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-03-20 21:48:04 +01:00
Felix Fietkau
38860fe2e4 mac80211: fix an issue with the TXQ scheduling API and powersave clients
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-20 10:41:30 +01:00
Felix Fietkau
ca9ad880f2 mac80211: improve the txq scheduling API to deal with driver buffered packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-20 10:41:30 +01:00
Felix Fietkau
60659b2d9e mac80211: optimize skb resizing to avoid reallocation when using 802.11s + batman-adv
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-20 10:41:30 +01:00
Ryan Mounce
ffb2a3aa2a iproute2: add cake fwmark support
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2019-03-20 07:07:15 +10:30
Ryan Mounce
6d5762f6d8 kmod-sched-cake: bump to latest cake
Update the out of tree build of cake. Applicable patches are also in
net-next.

057c738 Fix fwmark_shft assignment (again)
ca6c162 Add support for storing mark back into conntrack
7ed9b6c Fix off-by-one error when setting fwmark_shft.
a4a243a sch_cake: Interpret fwmark parameter as a bitmask
29d707e Simplify logic in cake_select_tin()
8acaaee Permit use of connmarks as tin classifiers
348f186 Make the dual modes fairer
99a7297 compat: Don't lock root qdisc when dumping stats on old kernels

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2019-03-19 22:40:13 +10:30
Daniel Engberg
9b16a69941 usbutils: Update usb.ids to 0.321
Update usb.ids to 0.321

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-03-18 20:43:09 +01:00
Deng Qingfang
89c8232f78 ipset: size optimizations
ipset utility was linked statically to libipset. Disable static library for dynamic linking to save space.
Add -Wl,--gc-sections,--as-needed for further reduction

MIPS ipk size:
ipset: 29KiB -> 2KiB
libipset: 39KiB -> 38KiB

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-03-17 22:17:48 +01:00
Alexander Couzens
dd3214f95d
mac80211: netifd: Use a mask when using iw set antenna
The keyword "all" is only supported by `iw set antenna` if
it's used as the only argument.
Convert "all" into a mask before calling `iw set antenna`.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-03-16 21:16:28 +01:00
Felix Fietkau
8852a09d85 mt76: update to the latest version
00ac79d mt7603: fix initialization of max rx length
320af65 mt76: mt7603: use the correct hweight8() function
bdee924 mt76: fix schedule while atomic in mt76x02_reset_state
abcb544 mt76x02: do not enable RTS/CTS by default
e97a209 mt76: remove mt76_queue dependency from tx_queue_skb function pointer
ddd98f8 mt76: remove mt76_queue dependency from tx_prepare_skb function pointer
9bc2d56 mt76: remove mt76_queue dependency from tx_complete_skb function pointer
06c917f mt76: introduce mt76_sw_queue data structure
2dc63b0 mt76: introduce mt76_txq_id field in mt76_queue_entry
312f6fc mt76: remove irqsave/restore in locking for tx status fifo
0fe6386 mt76: move mt76x02_insert_hdr_pad in mt76-core module
efe9a47 mt76: mmio: move mt76_insert_hdr_pad in mt76_dma_tx_queue_skb
0b03f87 mt76: move skb dma mapping before running tx_prepare_skb
f977a92 mt76: introduce mt76_tx_info data structure
72fe286 mt76: use mac80211 txq scheduling
b77b932 mt76: reduce locking in mt76_dma_tx_cleanup
c0ab515 mt76: store wcid tx rate info in one u32 reduce locking
f37ad72 mt76: mt76x02: store software PN/IV in wcid
5323005 mt76: move tx tasklet to struct mt76_dev
688d708 mt76: only schedule txqs from the tx tasklet
42ce040 mt76: use TX_NEEDS_ALIGNED4_SKBS
2660aa9 mt76: mt7603: store software PN/IV in wcid
3ce8a93 mt76: dma: add static qualifier to mt76_dma_tx_queue_skb
81a32aa mt7603: remove mt7603_mcu_init routine
48dc7e9 mt7603: core: do not use magic numbers in mt7603_reg_map
2236490 mt76: usb: reduce code indentation in mt76u_alloc_tx

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 21:14:43 +01:00
Felix Fietkau
4cf1394f51 mac80211: add a few performance improvement patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
6869ae2ab5 mac80211: improve locking around the txq scheduling / airtime fairness API
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
04e4b779cc mac80211: backport the txq scheduling / airtime fairness API
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
fb0a80f4cf mac80211: fix an unaligned access in the mesh hash table function
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
fd8ca8deb3 netifd: add support for suppressing the DHCP request hostname by setting it to *
dnsmasq (and probably other DHCP servers as well) does not like to hand out
leases with duplicate host names.
Adding support for skipping the hostname makes it easier to deploy setups
where it is not guaranteed to be unique

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
5cda4a3e30 mac80211: update and fix the patch to allow 4-byte aligned tx skbs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
51e1092fae mac80211: allocate tailroom for forwarded mesh packets
Fixes a warning + packet loss on encrypted mesh networks with forwarding

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00