Commit Graph

15935 Commits

Author SHA1 Message Date
Yousong Zhou
ef7aa03bdb libunwind: bump to version 1.3.1
Libunwind provides a sigreturn stub for x86 in version 1.2 [1].  However
the arch still depends on setcontext() which is unavailable in musl-libc
and which is supposed to be "deprecated everywhere" [2]

 [1] x86 sigreturn unimplemented for some libcs,
     https://github.com/libunwind/libunwind/issues/13
 [2] setcontext deprecated on x86,
     https://github.com/libunwind/libunwind/issues/69

Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497791552
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-05 01:13:07 +00:00
Jason A. Donenfeld
593b487538 wireguard: bump to 0.0.20190601
There was an issue with the backport compat layer in yesterday's snapshot,
causing issues on certain (mostly Atom) Intel chips on kernels older than
4.2, due to the use of xgetbv without checking cpu flags for xsave support.
This manifested itself simply at module load time. Indeed it's somewhat tricky
to support 33 different kernel versions (3.10+), plus weird distro
frankenkernels.

If OpenWRT doesn't support < 4.2, you probably don't need to apply this.
But it also can't hurt, and probably best to stay updated.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-01 14:00:51 +02:00
Jason A. Donenfeld
a1210f8888 wireguard: bump to 0.0.20190531
* tools: add wincompat layer to wg(8)

Consistent with a lot of the Windows work we've been doing this last cycle,
wg(8) now supports the WireGuard for Windows app by talking through a named
pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw.
Because programming things for Windows is pretty ugly, we've done this via a
separate standalone wincompat layer, so that we don't pollute our pretty *nix
utility.

* compat: udp_tunnel: force cast sk_data_ready

This is a hack to work around broken Android kernel wrapper scripts.

* wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel

FreeBSD had a number of kernel race conditions, some of which we can vaguely
work around. These are in the process of being fixed upstream, but probably
people won't update for a while.

* wg-quick: make darwin and freebsd path search strict like linux

Correctness.

* socket: set ignore_df=1 on xmit

This was intended from early on but didn't work on IPv6 without the ignore_df
flag. It allows sending fragments over IPv6.

* qemu: use newer iproute2 and kernel
* qemu: build iproute2 with libmnl support
* qemu: do not check for alignment with ubsan

The QEMU build system has been improved to compile newer versions. Linking
against libmnl gives us better error messages. As well, enabling the alignment
check on x86 UBSAN isn't realistic.

* wg-quick: look up existing routes properly
* wg-quick: specify protocol to ip(8), because of inconsistencies

The route inclusion check was wrong prior, and Linux 5.1 made it break
entirely. This makes a better invocation of `ip route show match`.

* netlink: use new strict length types in policy for 5.2
* kbuild: account for recent upstream changes
* zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2

The usual churn of changes required for the upcoming 5.2.

* timers: add jitter on ack failure reinitiation

Correctness tweak in the timer system.

* blake2s,chacha: latency tweak
* blake2s: shorten ssse3 loop

In every odd-numbered round, instead of operating over the state
    x00 x01 x02 x03
    x05 x06 x07 x04
    x10 x11 x08 x09
    x15 x12 x13 x14
we operate over the rotated state
    x03 x00 x01 x02
    x04 x05 x06 x07
    x09 x10 x11 x08
    x14 x15 x12 x13
The advantage here is that this requires no changes to the 'x04 x05 x06 x07'
row, which is in the critical path. This results in a noticeable latency
improvement of roughly R cycles, for R diagonal rounds in the primitive. As
well, the blake2s AVX implementation is now SSSE3 and considerably shorter.

* tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES

System integrators can now specify things like
WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init
scripts and services, or 0, or any other integer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31 21:01:33 +02:00
Eneas U de Queiroz
f22ef1f1de openssl: update to version 1.1.1c
Highlights of this version:
 - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
 - Fix OPENSSL_config bug (patch removed)
 - Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
 - Enable SHA3 pre-hashing for ECDSA and DSA

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
2019-05-31 11:21:22 +02:00
Christian Lamparter
afc056d7dc gpio-button-hotplug: support interrupt properties
Upstream Linux's input gpio-keys driver supports
specifying a external interrupt for a gpio via the
'interrupts' properties as well as having support
for software debounce.

This patch ports these features to OpenWrt's event
version. Only the "pure" interrupt-driven support is
left behind, since this goes a bit against the "gpio"
in the "gpio-keys" and I don't have a real device to
test this with.

This patch also silences the generated warnings showing
up since 4.14 due to the 'constification' of the
struct gpio_keys_button *buttons variable in the
upstream struct gpio_keys_platform_data declaration.

gpio-button-hotplug.c: In function 'gpio_keys_get_devtree_pdata':
gpio-button-hotplug.c:392:10: warning: assignment discards 'const'
	qualifier from pointer target type [-Wdiscarded-qualifiers]
   button = &pdata->buttons[i++];
          ^
gpio-button-hotplug.c: In function 'gpio_keys_button_probe':
gpio-button-hotplug.c:537:12: warning: assignment discards 'const'
	qualifier from pointer target type [-Wdiscarded-qualifiers]
   bdata->b = &pdata->buttons[i];
            ^
gpio-button-hotplug.c: In function 'gpio_keys_probe':
gpio-button-hotplug.c:563:37: warning: initialization discards 'const'
	qualifier from pointer target type [-Wdiscarded-qualifiers]
   struct gpio_keys_button *button = &pdata->buttons[i];
                                   ^
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-05-31 10:30:03 +02:00
Hans Dedecker
678ee30ee4 ppp: add config options to tune discovery timeout and attempts
Upstream PPP project has added in commit 8e77984 options to tune discovery
timeout and attempts in the rp-pppoe plugin.

Expose these options in the uci datamodel for pppoe:
	padi_attempts: Number of discovery attempts
	padi_timeout: Initial timeout for discovery packets in seconds

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-31 09:43:10 +02:00
Hans Dedecker
42977978e2 ppp: update to version 2.4.7.git-2019-05-25
8e77984 rp-pppoe plugin: Add options to tune discovery timeout and number of attempts

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-31 09:43:03 +02:00
Fabian Bläse
0f8b9addfc gre: introduce 'nohostroute' option
It is not always necessary to add a host route for the gre peer address.

This introduces a new config option 'nohostroute' (similar to the
option introduced for wireguard in d8e2e19) to allow to disable
the creation of those routes explicitely.

Signed-off-by: Fabian Bläse <fabian@blaese.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-05-31 09:42:32 +02:00
Yousong Zhou
cf463159df uclient: bump to version 2019-05-30
This version bump contains the following commit to fix FS#2222

	3b3e368 uclient-http: set data_eof when content-length is 0

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-05-30 12:13:31 +00:00
Yousong Zhou
1e5f4dcd66 libunwind: requires glibc if arch in powerpc
libunwind for powerpc depends on getcontext() from libc which musl-libc
does not provide because this API and its friends are supposed to be
"obsolescent" [1,2]

 [1] Subject: Re: setcontext/getcontext/makecontext missing?
     https://www.openwall.com/lists/musl/2016/02/04/5
 [2] http://pubs.opengroup.org/onlinepubs/009695399/functions/makecontext.html

Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497200058
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-05-30 10:30:45 +00:00
Sandeep Sheriker M
a765a2178c at91:renaming subtraget legacy to sam9x
renaming subtraget legacy to sam9x for adding new sam9 soc's

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-05-30 12:12:57 +02:00
Hauke Mehrtens
aff084adf3 at91: Merge SAMA5 subtargets
Instead of maintaining 3 very similar subtargets merge them into one.
This does not use the Arm NEON extension any more, because the SAMA5D3
does not support NEON.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
2019-05-30 12:12:37 +02:00
Alan Swanson
5422fed787 gpio-button-hotplug: add KEY_POWER2 handling
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.

As KEY_RESTART is already used for reset script (and there's no
KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new
reboot script with 5 second seen delay.

Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
2019-05-30 11:55:50 +02:00
Alan Swanson
a46259787d button-hotplug: add KEY_POWER2 handling
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.

As KEY_RESTART is already used for reset script (and there's no
KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new
reboot script with 5 second seen delay.

Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
2019-05-30 11:55:50 +02:00
Alan Swanson
70c7a0c33e base-files: add reboot only button handler
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.

Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
2019-05-30 11:55:49 +02:00
Petr Štetiar
6a92eb5b38 procd: update to latest git HEAD
ade00ca585a4 container: fix .dockerenv stat check
 385b904b2f0a hotplug: improve error message during group ownership change

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-30 08:03:02 +02:00
Paul Spooren
62940df3a9 procd: update to latest git HEAD
7f0f6b2 procd: add docker support

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-05-29 17:57:35 +02:00
Mikael Magnusson
8128a7e4fc busybox: fix: ip addr flush hangs when run by non-root user
Add upstream patch from:
https://git.busybox.net/busybox/commit/?id=028c5aa18b5273c029f0278232d922ee1a164de6

The patch fixes a problem with an infinite loop causing 100% CPU usage
when running the following command /lib/preinit/10_indicate_preinit
without the CAP_NET_ADMIN capability (such as in Docker):
  ip -4 address flush dev $pi_ifname

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patch]
2019-05-28 13:18:58 +02:00
Hans Dedecker
6636171bed netifd: fix missing ip rules after network reload (FS#2296)
beb810d iprule: fix missing ip rules after a reload (FS#2296)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-28 10:21:02 +02:00
Hans Dedecker
7d77879236 curl: bump to 7.65.0
For changes in 7.65.0; see https://curl.haxx.se/changes.html#7_65_0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-26 21:51:04 +02:00
Hans Dedecker
f54611b06d map: don't set default firewall zone to wan
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add procd inbound/outbound firewall rules if a zone is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-26 09:44:37 +02:00
Hans Dedecker
470f5b31e3 464xlat: don't set default firewall zone to wan
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add a procd inbound firewall rule if a zone is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-26 09:43:57 +02:00
Petr Štetiar
ace241014c ethtool: bump to 5.1
* Feature: Add support for 200Gbps (50Gbps per lane) link mode
 * Feature: simplify handling of PHY tunable downshift
 * Feature: add support for PHY tunable Fast Link Down
 * Feature: add PHY Fast Link Down tunable to man page
 * Feature: Add a 'start N' option when specifying the Rx flow hash indirection table.
 * Feature: Add bash-completion script
 * Feature: add 10000baseR_FEC link mode name
 * Fix: qsfp: fix special value comparison
 * Feature: move option parsing related code into function
 * Feature: move cmdline_coalesce out of do_scoalesce
 * Feature: introduce new ioctl for per-queue settings
 * Feature: support per-queue sub command --show-coalesce
 * Feature: support per-queue sub command --coalesce
 * Fix: fix up dump_coalesce output to match actual option names
 * Feature: fec: add pretty dump

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-25 13:44:43 +02:00
Hans Dedecker
0293aa72d1 uci: fix heap use after free (FS#2288)
f199b96 uci: fix options list of section after type change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-23 22:05:40 +02:00
Liangbin Lian
4bb9af48ca lua: lnum: fix strtoul based number parsing
Lua's LNUM patch currently doesn't parse properly certain numbers as
it's visible from the following simple tests.

On x86_64 host (stock Lua 5.1.5, expected output):

 $ /usr/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  2147483648
  8796093022208
  4294967296

On x86_64 host:

 $ staging_dir/hostpkg/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  0
  0

On x86_64 target:

 $ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  0
  0

On ath79 target:

 $ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  8796093022208
  4294967296

It's caused by two issues fixed in this patch, first issue is caused by
unhadled strtoul overflow and second one is caused by the cast of
unsigned to signed Lua integer when parsing from hex literal.

Run tested on:

 * Zidoo Z9S with RTD1296 CPU (aarch64_cortex-a53)
 * qemu/x86_64
 * qemu/armvirt_64
 * ath79

Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
[commit subject/message touches, fixed From to match SOB, fixed another
 unhandled case in luaO_str2i, host Lua, package bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-23 10:19:52 +02:00
Koen Vandeputte
4da5ba4a6b iwinfo: update to latest git HEAD
073a838891e5 iwinfo: Complete device IDs for Ubiquiti airOS XM/XW devices
04f5a7d3a431 iwinfo: Add Mikrotik R11e-5HnD
c2cfe9d96c9a iwinfo: Fix 802.11ad channel to frequency

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 14:24:18 +02:00
Petr Štetiar
049748e87e uboot-imx6: bump to 2019.04 and refresh patches
Build tested: apalis, mx6sabresd, nitrogen6dl, nitrogen6dl2g, nitrogen6q,
	      nitrogen6q2g, nitrogen6s, nitrogen6s1g, wandboard

Run tested: apalis

Cc: Felix Fietkau <nbd@nbd.name>
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-20 21:19:48 +02:00
Petr Štetiar
aac8b52184 base-files: add support for the new ar8xxx MIB counters settings
Commit "generic: ar8216: add mib_poll_interval switch attribute" has
added mib_poll_interval global config option and commit "generic:
ar8216: group MIB counters and use two basic ones only by default" has
added mib_type config option.

So this patch adds ucidef_set_ar8xxx_switch_mib helper function which
would allow configuration of the above mentioned new switch config
options.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-20 21:19:48 +02:00
Petr Štetiar
2c26dc7b41 netifd: add support for the new ar8xxx MIB counters settings
Commit "generic: ar8216: add mib_poll_interval switch attribute" has added
mib_poll_interval global config option and commit "generic: ar8216: group
MIB counters and use two basic ones only by default" has added mib_type
config option.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-20 21:19:48 +02:00
Hauke Mehrtens
df6e8c8771 uboot-fritz4040: Add host flags for host compiler
This adds the host staging directory to the include path to make it use
the zlib.h files from the staging include directory and also link
against the zlib version from the staging directory.

This fixes a compile problem when the zlib header were not installed on
the build host.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[picked from openwrt-18.06]
2019-05-19 12:29:24 +02:00
Hans Dedecker
a7967bada9 ppp: update to version 2.4.7.git-2019-05-18
c9d9dbf pppoe: Custom host-uniq tag
44012ae plugins/rp-pppoe: Fix compile errors

Refresh patches
Drop 520-uniq patch as upstream accepted
Drop 150-debug_compile_fix patch as fixed upstream

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-18 21:39:19 +02:00
Linus Walleij
76338fded0 gemini: Fix up firmware checksum on DIR-685
Using the same method as the D-Link DAP-2695 A1 we use
the "mtd" tool to augment the firmware checkum in flash
on first boot of a new firmware on the D-Link DIR-685.
We need to augment the Makefile for "mtd" to build in
the special WRGG fixup support for Gemini as well.

This works around the problem of the machine not booting
after factory install unless the sysupgrade is applied
immediately.

Based on commit e3875350f3
"ar71xx: add support for D-Link DAP-2695 rev. A1"

Cc: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2019-05-18 16:37:30 +02:00
Linus Walleij
30b4b7ee09 mtd: Make fixwrgg command work on DIR-685
The D-Link DIR-685 has the same problem as the
D-Link DAP-2695: when flashing the factory image, the
checksum includes the whole flashed image, even the
rootfs_data part with the end of filesystem mark.
Also the whole flashed image is stored in the flash,
so on the first boot, the whole rootfs image is loaded
into memory with the kernel.

This is fixed using the fixwrgg command to mtd, but
for this to work we need to make fixwrgg work with
the Little-Endian ARM DIR-685.

The code tries to be endian agnostic but this fails
because the WRGG image loader doesn't. On ARM, the
file size is stored in little endian format, and on
big-endian systems it is stored in big endian format,
so we can just drop all the friendly htonl() that
will make the shdr->size big endian: this will
actually break the little endian systems, and on
the big endian systems the native endianness will
still be correct.

The magic number is always stored in little endian
format however, so make sure this is always read
in LE32 format. I chose to create a straight-forward
le32_to_cpu() static inline that IMO is simple and
easy to read.

Cc: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2019-05-18 16:37:30 +02:00
sven friedmann
30dcbc741d ath79: add support for EnGenius ECB1750
Specification:

- Qualcomm Atheros SoC QCA9558
- 720/600/200 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 1x 10/100/1000 Mbps Ethernet
- 3T3R 2.4 GHz (QCA9558 WMAC)
- 3T3R 5.8 Ghz (QCA9880-BR4A, Senao PCE4553AH)

https://fccid.io/A8J-ECB1750

Tested and working:

- lan, wireless, leds, sysupgrade (tftp)

Flash instructions:

1.) tftp recovery

- use a 1GbE switch or direct attached 1GbE link
- setup client ip address 192.168.1.10 and start tftpd
- save "openwrt-ath79-generic-engenius_ecb1750-initramfs-kernel.bin" as "ap.bin" in tfpd root directory
- plugin powercord and hold reset button 10secs.. "ap.bin" will be downloaded and executed
- afterwards login via ssh and do a sysuprade

2.) oem webinterface factory install (not tested)

Use normal webinterface upgrade page und select "openwrt-ath79-generic-engenius_ecb1750-squashfs-factory.bin".

3.) oem webinterface command injection

OEM Firmware already running OpenWrt (Attitude Adjustment 12.09).
Use OEM webinterface and command injection. See wiki for details.

https://openwrt.org/toh/engenius/engenius_ecb1750_1

Signed-off-by: sven friedmann <sf.openwrt@okay.ms>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[use interrupt-driven "gpio-keys" binding]
2019-05-18 13:43:55 +02:00
Jeff Kletsky
819e7946b0 ipq40xx: Add support for Linksys EA8300 (Dallas)
The Linksys EA8300 is based on QCA4019 and QCA9888 and provides three,
independent radios. NAND provides two, alternate kernel/firmware
images with fail-over provided by the OEM U-Boot.

Installation:

  "Factory" images may be installed directly through the OEM GUI.

Hardware Highlights:

  * IPQ4019 at 717 MHz (4 CPUs)
  * 256 MB NAND (Winbond W29N02GV, 8-bit parallel)
  * 256 MB RAM
  * Three, fully-functional radios; `iw phy` reports (FCC/US, -CT):
      * 2.4 GHz radio at 30 dBm
      * 5 GHz radio on ch. 36-64 at 23 dBm
      * 5 GHz radio on ch. 100-144 at 23 dBm (DFS), 149-165 at 30 dBm
      #{ managed } <= 16, #{ AP, mesh point } <= 16, #{ IBSS } <= 1
      * All two-stream, MCS 0-9
  * 4x GigE LAN, 1x GigE Internet Ethernet jacks with port lights
  * USB3, single port on rear with LED
  * WPS and reset buttons
  * Four status lights on top
  * Serial pads internal (unpopulated)

  "Linksys Dallas WiFi AP router based on Qualcomm AP DK07.1-c1"

Implementation Notes:

  The OEM flash layout is preserved at this time with 3 MB kernel and
  ~69 MB UBIFS for each firmware version. The sysdiag (1 MB) and
  syscfg (56 MB) partitions are untouched, available as read-only.

Serial Connectivity:

  Serial connectivity is *not* required to flash.

  Serial may be accessed by opening the device and connecting
  a 3.3-V adapter using 115200, 8n1. U-Boot access is good,
  including the ability to load images over TFTP and
  either run or flash them.

  Looking at the top of the board, from the front of the unit,
  J3 can be found on the right edge of the board, near the rear

      |
   J3 |
  |-| |
  |O| | (3.3V seen, open-circuit)
  |O| | TXD
  |O| | RXD
  |O| |
  |O| | GND
  |-| |
      |

Unimplemented:

    * serial1 "ttyQHS0" (serial0 works as console)
    * Bluetooth; Qualcomm CSR8811 (potentially conected to serial1)

Other Notes:

    https://wikidevi.com/wiki/Linksys_EA8300 states

        FCC docs also cover the Linksys EA8250. According to the
	RF Test Report BT BR+EDR, "All models are identical except
	for the EA8300 supports 256QAM and the EA8250 disable 256QAM."

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2019-05-18 13:43:54 +02:00
Jeff Kletsky
b3770eaca3 mtd: base-files: Unify dual-firmware devices (Linksys)
Consistently handle boot-count reset and upgrade across
ipq40xx, ipq806x, kirkwood, mvebu

Dual-firmware devices often utilize a specific MTD partition
to record the number of times the boot loader has initiated boot.

Most of these devices are NAND, typically with a 2k erase size.
When this code was ported to the ipq40xx platform, the device in hand
used NOR for this partition, with a 16-byte "record" size. As the
implementation of `mtd resetbc` is by-platform, the hard-coded nature
of this change prevented proper operation of a NAND-based device.

* Unified the "NOR" variant with the rest of the Linksys variants

* Added logging to indicate success and failure

* Provided a meaningful return value for scripting

* "Protected" the use of `mtd resetbc` in start-up scripts so that
   failure does not end the boot sequence

* Moved Linksys-specific actions into common `/etc/init.d/bootcount`

For upgrade, these devices need to determine which partition to flash,
as well as set certain U-Boot envirnment variables to change the next
boot to the newly flashed version.

* Moved upgrade-related environment changes out of bootcount

* Combined multiple flashes of environment into single one

* Current-partition detection now handles absence of `boot_part`

Runtime-tested: Linksys EA8300

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[checkpatch.pl fixes, traded split strings for 80+ chars per line]
2019-05-18 13:43:51 +02:00
Jeff Kletsky
4bdc873a5f firmware/ipq-wifi: Extend for multi-chip boards
This package provides board-specific reference ("cal") data
on an interim basis until included in the upstream distros

While originally conceived for IPQ4019-based boards, similar needs
are appearing with three-radio devices. For some of these devices,
both a board-2.bin file needs to be supplied both for the IPQ4019
as well as for the other radio on the board.

This patch allows new or multiple overrides to be specified by:

  * Adding board name to ALLWIFIBOARDS
  * Placing file(s) in this directory named as
      board-<devicename>.<qca4019|qca9888|qca9984>
  * Adding
      $(eval $(call generate-ipq-wifi-package,<device>,<display name>))

(along with suitable package selection for the board)

At this time, QCA4019, QCA9888, and QCA9984 are supported.
Extension to other chips should be straightforward.

The existing files, board-*.bin, are "grandfathered" as QCA4019.

The package name has been retained for compatability reasons.
At this time it DEPENDS:=@TARGET_ipq40xx, limiting its visibility.

Build-tested-on: asus_map-ac2200, alfa-network_ap120c-ac,
    avm_fritzbox-7530, avm_fritzrepeater-3000, engenius_eap1300,
    engenius_ens620ext, linksys_ea6350v3, qxwlan-e2600ac-c1/-c2

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2019-05-18 13:43:22 +02:00
Hans Dedecker
7b58c58733 netifd: update to latest git HEAD
22e8e58 interface-ip: use ptp address as well to find local address target
f1aa0f9 treewide: pass bool as second argument of blobmsg_check_attr

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-18 09:35:25 +02:00
Rosen Penev
395bef4bba libbsd: Fix compilation under ARC
The 8 year old file does not have any ARC definitions.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[updated content of the patch with version sent to upstream]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-17 21:41:43 +02:00
Kristian Evensen
97780e363f system: uci: Use config dir on uci_add and support add_/del_list
This commit makes three changes to the uci shell library:

* A check for UCI_CONFIG_DIR has been added to the command line when
adding anonymous sections. Without this change, adding anonymous
sections to configs not stored in /etc/config is not possible.

* Support for adding/removing items from lists were missing, so I have
added the functions uci_add_list() and uci_remove_list() to simplify
working with uci lists from scripts.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[added missing package version bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-17 21:41:43 +02:00
Jeffery To
782eda9750 zlib: Use relative paths in pkg-config metadata file
The buildroot pkg-config (in staging_dir/host/bin) overrides the prefix
and exec_prefix variables in *.pc files, to supply the correct
(buildroot) paths for callers. If other variables are not defined
relative to prefix and exec_prefix, then the returned values will be
incorrect.

The default zlib.pc file generated by cmake contains absolute paths.
This patches the file to use relative paths (relative to ${prefix} and
${exec_prefix}).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-05-17 21:41:43 +02:00
Hans Dedecker
5546fe9fc3 odhcpd: update to latest git HEAD (FS#2242)
41a74cb config: remove 'ignore' config option
c0c8034 treewide: init assignment lists head
f98b7ee config: use list safe iterator in lease_delete
3c9810b dhcpv4: fix lease ordering by ip address
b60c384 config: use multi-stage parsing of uci sections
a2dd8d6 treewide: always init interface list heads during initialization
a17665e dhcpv4: do not allow pool end address to overlap with broadcast address
6b951c5 treewide: give file descriptors safe initial value
39e11ed dhcpv4: DHCP pool size is off-by-one
4a600ce dhcpv4: add support for Parameter Request List option 55
09e5eca dhcpv4: fix DHCP packet size
3cd4876 ndp: fix syslog flooding (FS#2242)
79fbba1 config: set default loglevel to LOG_WARNING

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-17 08:54:30 +02:00
Tomasz Maciej Nowak
e7756974aa tegra: add vendor string to device name
for better identification. Also create SUPPORTED_DEVICES string from it
which corresponds to dts compatible string.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-15 13:34:23 +02:00
Rosen Penev
2f97797471 nftables: Fix compilation with uClibc-ng
Missing header for va_list.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
2019-05-15 13:34:23 +02:00
Deng Qingfang
172b02c05f linux-firmware: update to 20190416
Update linux-firmware to 20190416, which includes updated firmwares e.g. for ath10k
Also switch to official tarball source.

The following firmware files we use are updated in this change:
ath10k/QCA6174/hw3.0/board-2.bin
ath10k/QCA9888/hw2.0/firmware-5.bin
ath10k/QCA988X/hw2.0/firmware-5.bin
ath10k/QCA9984/hw1.0/firmware-5.bin
mrvl/sd8887_uapsta.bin
mrvl/pcie8897_uapsta.bin
iwlwifi-8000C-36.ucode
iwlwifi-8265-36.ucode

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-05-14 21:59:38 +02:00
Hauke Mehrtens
5ee62b23f8 valgrind: Add support for ARM64 architecture
valgrind also works on the ARM64 architecture, build it also for such CPUs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:41 +02:00
Hauke Mehrtens
a489f72ab5 valgrind: Update to version 3.15.0
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:34 +02:00
Hauke Mehrtens
e669cf7f6a strace: Update to version 5.0
The removed patch was merged upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:26 +02:00
Hauke Mehrtens
02d4d36d4b iperf: Update to version 2.0.13
The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:18 +02:00
Hans Dedecker
06403981e1 ppp: update to version 2.4.7.git-2019-05-06
fcb076c Various fixes for errors found by coverity static analysis (#109)
d98ab38 Merge branch 'pppd_print_changes' of https://github.com/nlhintz/ppp into nlhintz-pppd_print_changes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-13 15:34:42 +02:00
Tomasz Maciej Nowak
ee96fa15b1 mvebu: use device-tree board detection
Convert whole target to Device Tree based board detection instead of
identifying devices by dts file name. With this we can drop mvebu.sh
translation script and rely on common method for model detection.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 23:11:04 +02:00
Tomasz Maciej Nowak
a39d2a8053 mvebu: align device names to vendor_device format
Add vendors in device names and also rename few device names, for easier
identyfying potential firmware to flash. The vendor and device string is
mainly derived from model/compatipble string in dts from particular
device, but since not all devices are well described, some of the renames
follow marketing names.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 23:11:04 +02:00
Rosen Penev
0b26382533 uClibc++: Update to 0.2.5
Switched to xz archives for smaller size.

Removed upstreamed patches.

Reorganized Makefile a little bit for clarity. Build/Prepare is not useful
anymore. Upstream converted the file to LF.

Refreshed config.

Removed -ansi option from the original CFLAGS as this was causing long
long support to be missing.

Removed fPIC. We have the macro $(FPIC) already used. No point in setting
fpic and fPIC together.

Removed pedantic -Wlong-long warnings as they are not useful.

Removed -std=gnu++98. Not only is it unnecessary (it compiles against all
standards), it actually results in a size increase. 75843 vs. 75222 (gcc
in OpenWrt defaults to g++14).

Added --gc-sections to linker flags to reduce size: 72653 vs 75222.

Removed warn linker options. They have been upstreamed.

Tested on Archer C7v2 and GnuBee PC1.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-05-11 23:10:10 +02:00
Rosen Penev
e49b6bb618 xfsprogs: Replace valloc with posix_memalign
Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-05-11 23:10:10 +02:00
Christian Lamparter
bdaaf66e28 utils/spidev_test: build package directly from Linux
Jeff Kletsky noted in his patch titled:
"utils/spidev_test: Update to current source from upstream Linux"
that the spidev_test utility OpenWrt ships is severly out of date.

Instead of updating the spidev_test.c from the current kernel,
this patch replaces the package building code to utilize the
very file that gets shipped with the kernel we compiling for
anyway much like the "perf" package already does.

Reported-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-05-11 16:37:11 +02:00
Lucian Cristian
4582fe7c14 lldpd: add option to edit hostname
also fixes the annoying repeating syslog
lldp[]: unable to get system name

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-05-11 16:37:11 +02:00
Lucian Cristian
cb30971a44 lldpd: update to 1.0.3
Support for CDP PD PoE

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-05-11 16:37:11 +02:00
Robert Marko
671d8752d1 ath10k-ct: Update to current version
This patch updates ath10k-ct to current version.
Changes are:
     ath10k-ct:  Fix printing PN in peer stats.

     Previous logic was incorrect.  Also add set-special API to enable
     returning PN.

Patches refreshed and tested on 8devices Jalapeno dev board(IPQ4019)

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-05-11 16:37:11 +02:00
Robert Marko
61f4ceb146 ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1:

2019-04-02: Support some get/set API for eeprom rate power tables.
	    Mostly backported from 10.2

2019-04-02: Support adaptive-CCA, backported from 10.2

2019-04-02: Support adding eeprom configAddr pairs via the
            set-special API. These configAddrs can be used to change
            the default register settings for up to 12 registers.

2019-05-03: Fix tx-power settings for 2x2, 3x3 rates.
	    Original logic I put in back in 2016 set 2x2 and 3x3 lower
	    than the needed to be when using most NICs (very high
	    powered NICs would not have been affected I think, not sure
	    any of those exist though.)

	    This improves throughput for 2x2 and 3x3 devices,
	    especially when the signal is weaker.

Release notes for wave-2:

2019-04-08: When setting keys, if high bit of high value of
	    key_rsc_counter is set to 0x1, then the lower 48 bits will
	    be used as the PN value.  By default, PN is set to 1 each
	    time the key is set.

2019-04-08: Pack PN into un-used 'excretries' aka
	    'num_pkt_loss_excess_retry' high 16 bits.
	    This lets us report peer PN, but *only* if driver has
	    previously set a PN when setting key (or set-special cmd is
	    used to enable PN reporting).

	    This is done so that we know the driver is recent
            enough to deal with the PN stat reporting.

2019-04-16: Support specifying tx rate on a per-beacon packet.
	    See ath10k_wmi_op_gen_beacon_dma and
	    ath10k_convert_hw_rate_to_rate_info for API details.

	     Driver needs additional work to actually enable this
	     feature currently.

2019-04-30: Compile out tx-prefetch caching logic.
	    It is full of tricky bugs that cause tx hangs.
	    I fixed at least one, but more remain and I have wasted too
	    much time on this already.

2019-05-08: Start rate-ctrl at mcs-3 instead of mcs-5.
	    This significantly helps DHCP happen quickly, probably
	    because the initial rate being too high would take a while
	    to ramp down, especially since there are few packets sent
	    by the time DHCP needs to start.

	    This bug was triggered by me decreasing retries of 0x1e
	    (upstream default) to 0x4.  But, I think it is better to
	    start with lower initial MCS instead of always having a
	    very high retry count.

Tested on 8devices Jalapeno dev board(IPQ4019)

Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [neatify]
2019-05-11 16:37:11 +02:00
Klaus Kudielka
ad62247800 base-files: improve lib/upgrade/common.sh
Recently, upgrade device autodetection has been added to the mvebu target.
This exposes some shortcomings of the generic export_bootdevice function,
e.g. on the Turris Omnia: export_bootdevice silently reports the root
partition to be the boot device. This makes the sysupgrade process fail at
several places.

Fix this by clearly distinguishing between /proc/cmdline arguments which
specify the boot disk, and those which specify the root partition. Only in
the latter case, strip off the partition, and do it consistently.
root=PARTUUID=<pseudo PARTUUID for MBR> (any partition) and root=/dev/*
(any partition) are accepted.

The root of the problem is that the *existing* export_bootdevice in
/lib/upgrade/common.sh behaves differently, if the kernel is booted with
root=/dev/..., or if it is booted with root=PARTUUID=...

In the former case, it reports back major/minor of the root partition,
in the latter case it reports back major/minor of the complete boot disk.

Targets, which boot with root=/dev/... *and* use export_bootdevice /
export_partdevice, have added workarounds to this behaviour, by specifying
*negative* increments to the export_partdevice function.

Consequently, those targets have to be adapted to use positive increments,
otherwise they are broken by the change to export_bootdevice.

Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 16:37:11 +02:00
Deng Qingfang
367813b9b1 ramips: mt7620: fix dependencies
MT7620 integrated WMAC does not need RT2x00 PCI driver or firmware
Also corrected kmod-eeprom-93cx6 and kmod-lib-crc-itu-t dependencies
according to original Kconfig and lsmod output

This will remove some unnecessary packages from MT7620 target to
save some space

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[75 characters per line in the commit message]
2019-05-11 01:05:11 +02:00
Hans Dedecker
290a7dc0c7 procd: fix compile issue
1361b97 container: include stdbool.h

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-09 18:33:39 +02:00
Hans Dedecker
165d598521 netifd: update to latest git HEAD
f6fb700 interface-ip: fine tune IPv6 mtu warning
975a5c4 interface: tidy ipv6 mtu warning

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-08 22:15:19 +02:00
Hans Dedecker
792c9fc8ca procd: update to latest git HEAD
9b35439 procd: detect lxc container and behave accordingly

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-08 20:52:45 +02:00
Rosen Penev
4760541027 elfutils: Fix compile with uClibc-ng
Probably glibc too. argp_help takes a char *. not const char *.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
2019-05-05 21:11:01 +02:00
Tomasz Maciej Nowak
b18d1d5d3f uboot-tegra: bump to 2019.04
This version has important change for tegra boards which is reserving
32MB memory for Linux kernel instead of current 16MB.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-05 21:11:01 +02:00
Arthur Skowronek
fc23bcdaa2 base-files: add service_stopped as a post stop hook
Purpose of these changes is to introduce a hook for post service
shutdown in a similar fashion to the existing hook service_started. I
found it to be useful to specify a hook that is called once the service
has been stopped and not before the service is stopped like the
stop_service hook does.

The concrete use case I have for this is that I'm running a binary that
takes over the hardware watchdog timer. Said binary unfortunately can
not use ubus directly to tell procd to hand over the watchdog timer so
this has to be done in the service file for the binary in question. In
order to support a clean handover of the watchdog timer back to procd,
the service init script has to dispatch the ubus invocation once the
binary in question has been stopped.

Signed-off-by: Arthur Skowronek <ags@digineo.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[added commit message, use the same form as other hooks]
2019-05-05 21:11:01 +02:00
Hauke Mehrtens
1325e74e0c kernel: Remove support for kernel 3.18
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.

The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 22:41:38 +02:00
Hauke Mehrtens
675832de79 xburst: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
cd3b298533 omap24xx: Remove unmaintained target
This target only supports kernel 4.1, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
e6f9a8e89b au1000: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
2d0a2ff1e0 adm5120: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Rafał Miłecki
2c3dd70741 procd: add procd_running() helper for checking running state
This should be helpful for implementing service_running() in procd init
scripts.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: John Crispin <john@phrozen.org>
2019-05-02 22:14:19 +02:00
Hans Dedecker
8696f0c3e3 procd: update to latest git HEAD
01f3dc8 instance: dump user and group as well

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-02 17:39:16 +02:00
Michael Heimpold
218b1bbecd procd: allow passing optional group instance parameter
Sometimes is desirable to run a process with a specific group id
instead of the default one which is derived from passwd entry.
This can be achived now by using procd_set_param group $mygroup.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
2019-05-02 17:39:16 +02:00
Michael Heimpold
a12ab07e21 procd: allow passing optional syslog facility as instance parameter
Optional syslog facility can be set by adding procd_set_param facility
$myfacility.
While at, also add stdout/stderr documentation.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
2019-05-02 17:38:51 +02:00
Robert Marko
a9190ee3a4 kernel: iio: Fix BMP280 Auto probing
Currently Auto probing for BMP/BME280 does not work because kernel
module name in the call is not correct.
Package name was used instead of kernel module name.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-05-02 09:35:35 +02:00
Rafał Miłecki
d6643aca34 libroxml: bump to the 3.0.1 version
Some of changes:
* Support for local-name()
* General refactoring
* Better parsing performance
* Fix possible buffer overflow & memleak
* Validation checks
* More commit functions (file, buffer, fd)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-05-01 07:25:55 +02:00
Hans Dedecker
430b66bbe8 procd: update to latest git HEAD
cfaed56 procd: add SIGPWR as signal
a30a8fd procd: copy the respawn property of new instance

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-29 21:48:09 +02:00
Daniel Golle
26dafeeba4 mac80211: rt2x00: replace patches with upstream version
Support for RT3883/RT3663 was merged upstream [1]. Use that patch
instead of our original series. The resulting source tree is
exactly identical, this commit is merely reorganizing the patches.

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git/commit/?id=d0e61a0f7cca51ce340a5a73595189972122ff25

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-29 18:39:04 +02:00
Eneas U de Queiroz
17cb490ac4 openssl: build kmods only if engines are selected
Add a conditional to the individual package's for the kmods in DEPENDS.
This avoids the need to compile the kernel modules when the crypto
engine packages are not selected.  The final binares are not affected by
this.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2019-04-26 15:31:34 +02:00
Jose Olivera
40de4c038a elfutils: bump to 0.176
*Fixes:
  -CVE-2019-7150
  -CVE-2019-7149
  -CVE-2019-7146
  -CVE-2019-7665
  -CVE-2019-7664
  -CVE-2019-7148

*Refresh 003-libintl-compatibility.patch

*Also reset PKG_RELEASE.

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
2019-04-26 10:04:47 +02:00
Felix Fietkau
6e7e2f4421 mac80211: fix regression in skb resizing optimization in monitor mode (FS#2254)
struct ieee80211_local needs to be passed in separately instead of
dereferencing the (potentially NULL) sdata

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-24 09:33:38 +02:00
Koen Vandeputte
6afe175e5e ath10k-ct: Update to 2019-04-08
9cd701a4f028 ath10k-ct:  Add PN get/set API for wave-2 firmware.
5c8a4668323b ath10k-ct:  Support over-riding the power ctl table in eeprom
75e2705f31bb ath10k-ct:  CCA, eeprom, other changes.
a696e602a0fc ath10k-ct:  Attempt to fix-out-of-tree compile for 4.16
a2aec62262df ath10k:  Improve beacon tx status for 4.20 kernel.
be5c21a82b15 ath10k-ct:  Fix out-of-tree compile for 4.20, pull in stable changes for 4.19

Fixes compile errors when using the 4.20 flavour.
Also the amount of beacon errors seems to have dropped.

Tested on a Mikrotik RB912UAGS-5HPacD

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-23 13:22:31 +02:00
Jo-Philipp Wich
f00a4ae6e0 Revert "uhttpd: disable concurrent requests by default"
This reverts commit c6aa9ff388.

Further testing has revealed that we will need to allow concurrent
requests after all, especially for situations where CGI processes
initiate further HTTP requests to the local host.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-23 08:15:46 +02:00
Eneas U de Queiroz
8abb505048 openssl: add Eneas U de Queiroz as maintainer
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-22 21:37:31 +02:00
Eneas U de Queiroz
ff9ac986ce openssl: fix OPENSSL_config bug affecting wget
This applies an upstream patch that fixes a OPENSSL_config() bug that
causes SSL initialization to fail when the openssl.cnf file is not
found.  The config file is not installed by default.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-22 20:30:02 +02:00
Hans Dedecker
47dc4f96cb nghttp2: bump to 1.38.0
4a9d2005 Update manual pages
acf6a922 Bump up version number to 1.38.0, LT revision to 31:3:17
4ff45821 Update AUTHORS
42dce01e Merge branch 'nghttpx-fix-backend-selection-on-retry'
a35059e3 nghttpx: Fix bug that altered authority and path affect backend selection
5a30fafd Merge branch 'nghttpx-fix-chunked-request-stall'
dce91ad3 Merge branch 'nghttpx-dont-log-authorization'
2cff8b43 nghttpx: Fix bug that chunked request stalls
be96654d nghttpx: Don't log authorization request header field value with -LINFO
ce962c3f Merge branch 'update-http-parser'
f931504e Update http-parser to v2.9.1
d978f351 Fix bug that on_header callback is still called after stream is closed
ec519f22 Merge pull request #1270 from baitisj/master
e8b213e3 Bump up version number to 1.38.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-22 13:42:24 +02:00
Hans Dedecker
399aa0b933 odhcpd: update to latest git HEAD (FS#2243, FS#2244)
6633efe router: fix dns search list option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-19 19:24:39 +02:00
Rosy Song
524810ce6d dropbear: allow build without dbclient
This can save ~16KBytes size for the ipk

Signed-off-by: Rosy Song <rosysong@rosinson.com>
2019-04-18 22:34:19 +02:00
Rafał Miłecki
083056c83f mac80211: brcm: backport brcmfmac 5.2 patches
This includes some USB fixes and early work on FullMAC firmware crash
recovery.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-04-18 10:16:10 +02:00
Hans Dedecker
e20c2909a5 odhcpd: update to latest git HEAD (FS#2206)
38bc630 router: use ra_lifetime as lifetime for RA options (FS#2206)
0523bdd router: improve code readibility
0a3b279 Revert "router:"
207f8e0 treewide: align syslog loglevels
f1d7da9 router:
0e048ac treewide: fix compiler warnings
83698f6 CMakeList.txt: enable extra compiler checks

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-17 14:43:38 +02:00
Eneas U de Queiroz
450d44a8ea openssl: change defaults: ENGINE:on, NPN:off, misc
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enable engine support by default.  Right now, some packages require
this, so it is always enabled by the bots.  Many packages will compile
differently when engine support is detected, needing engine symbols from
the libraries.

However, being off by default, a user compiling its own image will fail
to run some popular packages from the official repo.
Note that disabling engines did not work in 1.0.2, so this problem never
showed up before.

NPN support has been removed in major browsers & servers, and has become
a small bloat, so it does not make sense to leave it on by default.

Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-17 11:26:55 +02:00
Lucian Cristian
e762f5d44a kernel: Fix kmod-drm-amdgpu and kmod-drm-radeon dependencies
Currently the Geode builds fails on following kernel module missing
dependencies:

 Package kmod-drm-amdgpu is missing dependencies for the following libraries:
 backlight.ko
 drm_kms_helper.ko
 fb.ko
 ttm.ko

So this patch tries to fix the kmod-drm-amdgpu module dependecies.

Fixes: 2f239c0 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918e ("x86: video: add radeon DRM module support")
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-04-16 22:51:29 +02:00
Martin Schiller
e79b9601bf procd/hotplug: add dependency to dialout and audio group
Commit 6e060bd62c introduced a dependency to the dialout group.
Adding this group to the "group" file in the base-files package is not
enough to handle this dependency, because after a sysupgrade this entry
will be missing in the "group" file.

To address this problem the dependencies to the required groups needs to
be set in the Makefile of the procd package.
Then, the uci-default script "13_fix_group_user" will add the groups
on first boot-up after a sysupgrade.

Fixes: 6e060bd62c ("base-files/hotplug: fix dedicated group for tty devices")
Tested-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2019-04-16 22:51:29 +02:00
Hans Dedecker
3e803499c3 netifd: update to latest git HEAD
666c14f system-linux: remove debug tracing
08989e4 interface: add neighbor config support
bfd4de3 interface: fix "if-down" hotplug event handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-15 23:20:20 +02:00
Christian Lamparter
d599890efd layerscape: unbreak ehci-fsl interaction with mpc85xx
Both targets have their own idea of how to use ehci-fsl.
This patch reverts part of commit
68b8d3b079 ("kernel: usb: add FSL EHCI package") and moves
ehci-fsl back into kmod-usb2, while also making it hopefully
useable for the mpc85xx target.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-04-15 00:20:56 +02:00
Petr Štetiar
ecdd26fe2b umbim: update to latest git HEAD
24f9dc7 Iron out all extra compiler warnings
9d8dbc9 Enable extra compiler checks
ff8d356 mbim-proxy support
ccca03f umbim: add registration set support

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-15 00:01:57 +02:00
Petr Štetiar
8293e7532f mac80211: Fix rate_idx underflow in mwl8k (FS#2218)
Add a patch for mwl8k which fixes endless reboot loops on Linksys EA4500
with certain 5G configurations.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-14 23:42:03 +02:00
David Bauer
68b8d3b079 kernel: usb: add FSL EHCI package
Add kernel module package for the Freescale USB2 EHCI used on the
mpc85xx platform.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-04-13 15:09:09 +02:00
Daniel Golle
9385ff654e mac80211: rt2x00: replace patch with upstream version
Replace the patch introduced by commit d0b969eee8 ("mac80211: rt2x00:
do not increment sequence number while re-transmitting") was merged
into wireless-drivers.git. Replace our version with the merged version.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-12 22:14:47 +02:00
Daniel Golle
44ae5f37fb uboot-envtools: fix fw_env.config for ox820/stg-212
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-11 19:21:55 +02:00
Stefan Lippers-Hollmann
8f17c019a1 hostapd: fix CVE-2019-9497, CVE-2019-9498, CVE-2019-9499
EAP-pwd missing commit validation

Published: April 10, 2019
Identifiers:
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for
  scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for
  scalar/element)

Latest version available from: https://w1.fi/security/2019-4/

Vulnerability

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate the received scalar and element
values in EAP-pwd-Commit messages properly. This could result in attacks
that would be able to complete EAP-pwd authentication exchange without
the attacker having to know the used password.

A reflection attack is possible against the EAP-pwd server since the
hostapd EAP server did not verify that the EAP-pwd-Commit contains
scalar/element values that differ from the ones the server sent out
itself. This allows the attacker to complete EAP-pwd authentication
without knowing the password, but this does not result in the attacker
being able to derive the session key (MSK), i.e., the attacker would not
be able to complete the following key exchange (e.g., 4-way handshake in
RSN/WPA).

An attack using invalid scalar/element values is possible against both
the EAP-pwd server and peer since hostapd and wpa_supplicant did not
validate these values in the received EAP-pwd-Commit messages. If the
used crypto library does not implement additional checks for the element
(EC point), this could result in attacks where the attacker could use a
specially crafted commit message values to manipulate the exchange to
result in deriving a session key value from a very small set of possible
values. This could further be used to attack the EAP-pwd server in a
practical manner. An attack against the EAP-pwd peer is slightly more
complex, but still consider practical. These invalid scalar/element
attacks could result in the attacker being able to complete
authentication and learn the session key and MSK to allow the key
exchange to be completed as well, i.e., the attacker gaining access to
the network in case of the attack against the EAP server or the attacker
being able to operate a rogue AP in case of the attack against the EAP
peer.

While similar attacks might be applicable against SAE, it should be
noted that the SAE implementation in hostapd and wpa_supplicant does
have the validation steps that were missing from the EAP-pwd
implementation and as such, these attacks do not apply to the current
SAE implementation. Old versions of wpa_supplicant/hostapd did not
include the reflection attack check in the SAE implementation, though,
since that was added in June 2015 for v2.5 (commit 6a58444d27fd 'SAE:
Verify that own/peer commit-scalar and COMMIT-ELEMENT are different').

Vulnerable versions/configurations

All hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build
configuration and EAP-pwd being enabled in the runtime configuration)
are vulnerable against the reflection attack.

All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration) are vulnerable against the invalid
scalar/element attack when built against a crypto library that does not
have an explicit validation step on imported EC points. The following
list indicates which cases are vulnerable/not vulnerable:
- OpenSSL v1.0.2 or older: vulnerable
- OpenSSL v1.1.0 or newer: not vulnerable
- BoringSSL with commit 38feb990a183 ('Require that EC points are on the
  curve.') from September 2015: not vulnerable
- BoringSSL without commit 38feb990a183: vulnerable
- LibreSSL: vulnerable
- wolfssl: vulnerable

Acknowledgments

Thanks to Mathy Vanhoef (New York University Abu Dhabi) for discovering
and reporting the issues and for proposing changes to address them in
the implementation.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  CVE-2019-9497:
  EAP-pwd server: Detect reflection attacks

  CVE-2019-9498:
  EAP-pwd server: Verify received scalar and element
  EAP-pwd: Check element x,y coordinates explicitly

  CVE-2019-9499:
  EAP-pwd client: Verify received scalar and element
  EAP-pwd: Check element x,y coordinates explicitly

  These patches are available from https://w1.fi/security/2019-4/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
57ab9e3add hostapd: fix CVE-2019-9496
hostapd: fix SAE confirm missing state validation

Published: April 10, 2019
Identifiers:
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
Latest version available from: https://w1.fi/security/2019-3/

Vulnerability

When hostapd is used to operate an access point with SAE (Simultaneous
Authentication of Equals; also known as WPA3-Personal), an invalid
authentication sequence could result in the hostapd process terminating
due to a NULL pointer dereference when processing SAE confirm
message. This was caused by missing state validation steps when
processing the SAE confirm message in hostapd/AP mode.

Similar cases against the wpa_supplicant SAE station implementation had
already been tested by the hwsim test cases, but those sequences did not
trigger this specific code path in AP mode which is why the issue was
not discovered earlier.

An attacker in radio range of an access point using hostapd in SAE
configuration could use this issue to perform a denial of service attack
by forcing the hostapd process to terminate.

Vulnerable versions/configurations

All hostapd versions with SAE support (CONFIG_SAE=y in the build
configuration and SAE being enabled in the runtime configuration).

Possible mitigation steps

- Merge the following commit to hostapd and rebuild:

  SAE: Fix confirm message validation in error cases

  These patches are available from https://w1.fi/security/2019-3/

- Update to hostapd v2.8 or newer, once available

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
262229e924 hostapd: fix CVE-2019-9495
EAP-pwd side-channel attack

Published: April 10, 2019
Identifiers:
- CVE-2019-9495 (cache attack against EAP-pwd)
Latest version available from: https://w1.fi/security/2019-2/

Vulnerability

Number of potential side channel attacks were recently discovered in the
SAE implementations used by both hostapd and wpa_supplicant (see
security advisory 2019-1 and VU#871675). EAP-pwd uses a similar design
for deriving PWE from the password and while a specific attack against
EAP-pwd is not yet known to be tested, there is no reason to believe
that the EAP-pwd implementation would be immune against the type of
cache attack that was identified for the SAE implementation. Since the
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) does not support MODP groups, the timing attack described against
SAE is not applicable for the EAP-pwd implementation.

A novel cache-based attack against SAE handshake would likely be
applicable against the EAP-pwd implementation. Even though the
wpa_supplicant/hostapd PWE derivation iteration for EAP-pwd has
protections against timing attacks, this new cache-based attack might
enable an attacker to determine which code branch is taken in the
iteration if the attacker is able to run unprivileged code on the victim
machine (e.g., an app installed on a smart phone or potentially a
JavaScript code on a web site loaded by a web browser). This depends on
the used CPU not providing sufficient protection to prevent unprivileged
applications from observing memory access patterns through the shared
cache (which is the most likely case with today's designs).

The attacker could use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full recovery of the used password if that password is
not strong enough to protect against dictionary attacks.

This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on an authentication server
(EAP server), so the most likely target for this would be a client
device using EAP-pwd.

The commits listed in the end of this advisory change the EAP-pwd
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.

Vulnerable versions/configurations

All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration).

It should also be noted that older versions of wpa_supplicant/hostapd
prior to v2.7 did not include additional protection against certain
timing differences. The definition of the EAP-pwd (RFC 5931) does not
describe such protection, but the same issue that was addressed in SAE
earlier can be applicable against EAP-pwd as well and as such, that
implementation specific extra protection (commit 22ac3dfebf7b, "EAP-pwd:
Mask timing of PWE derivation") is needed to avoid showing externally
visible timing differences that could leak information about the
password. Any uses of older wpa_supplicant/hostapd versions with EAP-pwd
are recommended to update to v2.7 or newer in addition to the mitigation
steps listed below for the more recently discovered issue.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  OpenSSL: Use constant time operations for private bignums
  Add helper functions for constant time operations
  OpenSSL: Use constant time selection for crypto_bignum_legendre()
  EAP-pwd: Use constant time and memory access for finding the PWE

  These patches are available from https://w1.fi/security/2019-2/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

- Use strong passwords to prevent dictionary attacks

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
af606d077f hostapd: fix CVE-2019-9494
SAE side-channel attacks

Published: April 10, 2019
Identifiers:
- VU#871675
- CVE-2019-9494 (cache attack against SAE)
Latest version available from: https://w1.fi/security/2019-1/

Vulnerability

Number of potential side channel attacks were discovered in the SAE
implementations used by both hostapd (AP) and wpa_supplicant
(infrastructure BSS station/mesh station). SAE (Simultaneous
Authentication of Equals) is also known as WPA3-Personal. The discovered
side channel attacks may be able to leak information about the used
password based on observable timing differences and cache access
patterns. This might result in full password recovery when combined with
an offline dictionary attack and if the password is not strong enough to
protect against dictionary attacks.

Cache attack

A novel cache-based attack against SAE handshake was discovered. This
attack targets SAE with ECC groups. ECC group 19 being the mandatory
group to support and the most likely used group for SAE today, so this
attack applies to the most common SAE use case. Even though the PWE
derivation iteration in SAE has protections against timing attacks, this
new cache-based attack enables an attacker to determine which code
branch is taken in the iteration if the attacker is able to run
unprivileged code on the victim machine (e.g., an app installed on a
smart phone or potentially a JavaScript code on a web site loaded by a
web browser). This depends on the used CPU not providing sufficient
protection to prevent unprivileged applications from observing memory
access patterns through the shared cache (which is the most likely case
with today's designs).

The attacker can use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full discovery of the used password.

This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on access points, so the
most likely target for this would be a client device using SAE in an
infrastructure BSS or mesh BSS.

The commits listed in the end of this advisory change the SAE
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.

Timing attack

The timing attack applies to the MODP groups 22, 23, and 24 where the
PWE generation algorithm defined for SAE can have sufficient timing
differences for an attacker to be able to determine how many rounds were
needed to find the PWE based on the used password and MAC
addresses. When the attack is repeated with multiple times, the attacker
may be able to gather enough information about the password to be able
to recover it fully using an offline dictionary attack if the password
is not strong enough to protect against dictionary attacks. This attack
could be performed by an attacker in radio range of an access point or a
station enabling the specific MODP groups.

This timing attack requires the applicable MODP groups to be enabled
explicitly in hostapd/wpa_supplicant configuration (sae_groups
parameter). All versions of hostapd/wpa_supplicant have disabled these
groups by default.

While this security advisory lists couple of commits introducing
additional protection for MODP groups in SAE, it should be noted that
the groups 22, 23, and 24 are not considered strong enough to meet the
current expectation for a secure system. As such, their use is
discouraged even if the additional protection mechanisms in the
implementation are included.

Vulnerable versions/configurations

All wpa_supplicant and hostapd versions with SAE support (CONFIG_SAE=y
in the build configuration and SAE being enabled in the runtime
configuration).

Acknowledgments

Thanks to Mathy Vanhoef (New York University Abu Dhabi) and Eyal Ronen
(Tel Aviv University) for discovering the issues and for discussions on
how to address them.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  OpenSSL: Use constant time operations for private bignums
  Add helper functions for constant time operations
  OpenSSL: Use constant time selection for crypto_bignum_legendre()
  SAE: Minimize timing differences in PWE derivation
  SAE: Avoid branches in is_quadratic_residue_blind()
  SAE: Mask timing of MODP groups 22, 23, 24
  SAE: Use const_time selection for PWE in FFC
  SAE: Use constant time operations in sae_test_pwd_seed_ffc()

  These patches are available from https://w1.fi/security/2019-1/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

- In addition to either of the above alternatives, disable MODP groups
  1, 2, 5, 22, 23, and 24 by removing them from hostapd/wpa_supplicant
  sae_groups runtime configuration parameter, if they were explicitly
  enabled since those groups are not considered strong enough to meet
  current security expectations. The groups 22, 23, and 24 are related
  to the discovered side channel (timing) attack. The other groups in
  the list are consider too weak to provide sufficient security. Note
  that all these groups have been disabled by default in all
  hostapd/wpa_supplicant versions and these would be used only if
  explicitly enabled in the configuration.

- Use strong passwords to prevent dictionary attacks

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Hans Dedecker
d1739c6c9a procd: update to latest git HEAD
baaf38c procd: instance: Support deleting stopped instances

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-10 14:16:53 +02:00
Florian Eckert
2101002b3d wireguard: remove obvious comments
Remove obvious comments to save disk space.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-04-09 22:25:11 +02:00
Florian Eckert
78b6931a1a wireguard: converted whitespaces from space to tab
With this change, the file is reduced from 5186 bytes to 4649 bytes that
its approximately 10.5 percent less memory consumption. For small
devices, sometimes every byte counts.
Also, all other protocol handler use tabs instead of spaces.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-04-09 22:25:02 +02:00
Hans Dedecker
c8a8294f6e ethtool: bump to 5.0
170d821 Release version 5.0.
909f8c0 Revert "ethtool: change to new sane powerpc64 kernel headers"
a484274 ethtool: dsa: mv88e6xxx: add pretty dump for others
034a17b ethtool: dsa: mv88e6xxx: add pretty dump for 88E6390
7f1cc44 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6352
a13a053 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6161
4e98029 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6185
ff99e46 ethtool: dsa: mv88e6xxx: add pretty dump
cb8e980 ethtool: dsa: add pretty dump
4df55c8 ethtool: change to new sane powerpc64 kernel headers
0cb963e ethtool: zero initialize coalesce struct
8f05538 ethtool: don't report UFO on kernels v4.14 and above

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-09 14:27:59 +02:00
Daniel Gimpelevich
f61e754522 ath79: add support for Netgear EX6400 and EX7300
This is sold as a dual-band 802.11ac range extender. It has a sliding
switch for Extender mode or Access Point mode, a WPS button, a recessed
Reset button, a hard-power button, and a multitude of LED's, some
multiplexed via an NXP 74AHC164D chip. The internal serial header pinout is
Vcc, Tx, Rx, GND, with GND closest to the corner of the board. You may
connect at 115200 bps, 8 data bits, no parity, 1 stop bit.

Specification:
- System-On-Chip: QCA9558
- CPU/Speed: 720 MHz
- Flash-Chip: Winbond 25Q128FVSG
- Flash size: 16 MiB
- RAM: 128 MiB
- Wireless No1: QCA9558 on-chip 2.4GHz 802.11bgn, 3x3
- Wireless No2: QCA99x0 chip 5GHz 802.11an+ac, 4x4
- PHY: Atheros AR8035-A

Installation:
If you can get to the stock firmware's firmware upgrade option, just feed
it the factory.img and boot as usual. As an alternative, TFTP the
factory.img to the bootloader.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
[whitespace fix in DTS and reorder of make variables]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-09 11:09:26 +02:00
Petr Štetiar
adb0a420e5 uboot-envtools: imx6: Add support for Toradex Apalis board family
This patch is needed in order to be able to use fw_{set,print}env
commands.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-08 18:37:03 +02:00
Petr Štetiar
136001675e uboot-imx6: Add support for Toradex Apalis board family
This patch is needed in order to properly boot OpenWrt bootscript.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-08 18:37:03 +02:00
Hans Dedecker
80568e5854 dropbear: bump to 2019.78
Fix dbclient regression in 2019.77. After exiting the terminal would be left
in a bad state. Reported by Ryan Woodsmall

drop patch applied upstream:
	010-tty-modes-werent-reset-for-client.patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-07 20:32:55 +02:00
Stijn Tintel
310e2764a8 ubox: bump to git HEAD
5130fa4 kmodloader: fix and optimize loading of failed modules

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-04-07 19:37:18 +03:00
Michael Heimpold
32a6c252db wpan-tools: clean up Makefile
When we only call the default, we do not need to define it explicitly.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-04-06 19:14:06 +02:00
Michael Heimpold
007e947976 fconfig: cleanup Makefile
We do not need to define an empty Build/Configure since
the default checks for existing ./configure and does nothing
in case nothing is found.

Similar for Build/Compile: we can remove the definition
when we only call the default.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-04-06 19:14:06 +02:00
Rosen Penev
2a8175a7ac kernel: Add RIPEMD160 module
After getting rid of cryptsetup's heavy openssl dependency, there is now
the problem of missing RIPEMD160 support. RIPEMD160 is used for True/Vera
crypt volumes as well as old LUKS1 ones.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-04-06 19:14:06 +02:00
Tomasz Maciej Nowak
afef17e24d base-files: add leds migration
Currently leds migration scripts in ar71xx and lantiq share a lot of
logic and introducing leds migration to another target would mean
copying this code, again. Therefore add common logic to library in
base-files package.

Suggested-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 19:14:05 +02:00
Jason A. Donenfeld
549d44736a wireguard: bump to 0.0.20190406
* allowedips: initialize list head when removing intermediate nodes

Fix for an important regression in removing allowed IPs from the last
snapshot. We have new test cases to catch these in the future as well.

* tools: warn if an AllowedIP has a nonzero host part

If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8)
will now print a warning. Even though we mask this automatically down to
192.168.1.0/24, usually when people specify it like this, it's a mistake.

* wg-quick: add 'strip' subcommand

The new strip subcommand prints the config file to stdout after stripping
it of all wg-quick-specific options. This enables tricks such as:
`wg addconf $DEV <(wg-quick strip $DEV)`.

* tools: avoid unneccessary next_peer assignments in sort_peers()

Small C optimization the compiler was probably already doing.

* peerlookup: rename from hashtables
* allowedips: do not use __always_inline
* device: use skb accessor functions where possible

Suggested tweaks from Dave Miller.

* blake2s: simplify
* blake2s: remove outlen parameter from final

The blake2s implementation has been simplified, since we don't use any of the
fancy tree hashing parameters or the like. We also no longer separate the
output length at initialization time from the output length at finalization
time.

* global: the _bh variety of rcu helpers have been unified
* compat: nf_nat_core.h was removed upstream
* compat: backport skb_mark_not_on_list

The usual assortment of compat fixes for Linux 5.1.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-04-06 17:26:47 +02:00
Luis Araneda
177a634e18 kernel: can: add Xilinx CAN IP kernel module package
This driver is required to use the CAN IP on devices
from the zynq target

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-04-06 16:31:10 +02:00
Luis Araneda
82b0230bc1 kernel: sound: add missing symbol to sound-soc-core
This fixes compilation on zynq target when migrating
to sound kmod packages

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-04-06 16:31:10 +02:00
Hauke Mehrtens
3183430df4 mac80211: update to version 4.19.32-1
The removed patches are now integrated in the upstream kernel.
Refresh all patches on top of the new backports release.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 16:31:04 +02:00
Josef Schlehofer
4ebd66d7a9 mbedtls: update to version 2.16.1
Refreshed patches

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 16:30:43 +02:00
Tomasz Maciej Nowak
6541897796 kernel: package rtc-em3027 module
Support for Microelectronic EM3027 real time clock chip.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Tomasz Maciej Nowak
1b3dda179a uboot-tegra: add U-Boot for tegra boards
Add U-Boot for NVIDIA Tegra based boards, with the first being CompuLab
TrimSlice. This is part of initial support for this board.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Tomasz Maciej Nowak
42f96ed941 tegra: add new target
New target introduces initial support for NVIDIA Tegra SoC based devices.
It focuses on Tegra 2 CPUs, for successors supporting NEON instruction
set the target should be split in two subtargets.
This initial commit doesn't create any device image, it's groundwork
for further additions.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Daniel Engberg
de3eb0d8a0 curl: Update to 7.64.1
Update curl to 7.64.1
Remove deprecated patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 13:40:29 +02:00
Hans Dedecker
f483274422 odhcpd: update to latest git HEAD
65a9519 ndp: create ICMPv6 socket per interface
c6dae8e router: create ICMPv6 socket per interface
e7b1d4b treewide: initialize properly file descriptors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-05 12:04:01 +02:00
Michael Heimpold
6e060bd62c base-files/hotplug: fix dedicated group for tty devices
Commit 124ab1dc0a and 5523ee3459 introduced the assignment of the
group "tty" to /dev/tty* devices in order to support unprivileged
user access to serial devices.

However, due to an improperly rebased commit this feature broke.

This patch restores the lost hunk in hotplug.json file to
re-introduce this feature and also renames the existing "tty" group
to "dialout" as this is the more typical name for such a group
on desktop systems.

Fixes: 5209cfa534 ("procd: fix hotplug.json syntax")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2019-04-04 17:09:40 +02:00
Felix Fietkau
b3d8b3ab8e mac80211: set noscan=1 if sta/adhoc/mesh interfaces are present
Fixes channel selection issues and suppresses an unnecessary extra scan

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-03 10:40:09 +02:00
Felix Fietkau
1dd536f1fa mac80211: improve performance by deferring tx queue selection
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-03 10:40:09 +02:00
Magnus Kroken
701b8d0050 openvpn: openssl: explicitly depend on deprecated APIs
OpenVPN as of 2.4.7 uses some OpenSSL APIs that are deprecated in
OpenSSL >= 1.1.0.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [white space fix]
2019-04-03 10:00:39 +02:00
Hans Dedecker
848d85d13b netifd: update to latest git HEAD
361b3e4 proto-shell: return error in case setup fails
a97297d interface: set interface in TEARDOWN state when checking link state

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-01 23:12:29 +02:00
Magnus Kroken
4376c06e80 openvpn: update to 2.4.7
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2019-04-01 11:23:43 +02:00
Kabuli Chana
6ba3d70c95 mwlwifi: Fix pcie timeout issue
Increase MAX_WAIT_FW_COMPLETE_ITERATIONS to 10000 as before commit
e5e0700 to prevent timeout as reported here: #308 (Original OP issue is
probably not related though as his post preceeds commit e5e0700).

compile/test target mvebu/mamba, rango

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
[commit subject and message tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-01 10:05:49 +02:00
Christian Lamparter
fbe2e7d15e ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1 / 10.1:
2019-03-28: Fix sometimes using bad TID for management frames
	    in htt-mgt mode. (Backported from wave2, looks
	    like bug would be the same though.)

Release notes for wave-2 / 10.4:
2019-03-28: Fix off-channel scanning while associated in
	    proxy-station mode.

2019-03-29: Fix sometimes sending mgt frames on wrong tid when
	    using htt-mgt. This bug has been around since I first
	    enabled htt-mgt mode.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-30 10:36:31 +01:00
Hans Dedecker
6df5ab89cf odhcpd: update to latest git HEAD
7798d50 netlink: rework IPv4 address refresh logic
0b20876 netlink: rework IPv6 address refresh logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-29 15:55:08 +01:00
Daniel Golle
b0395cfc56 iwinfo: Fix 802.11ad channel to frequency
c2cfe9d iwinfo: Fix 802.11ad channel to frequency

Fixes 9725aa271a ("iwinfo: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-28 15:20:58 +01:00
Petr Štetiar
1e55171a12 fstools: update to the latest master branch
ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant
bc2c876 libfstools: Print error in case of loop blkdev failure

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-03-28 12:57:08 +01:00
Alexander Couzens
95f07502b7
package/uboot-omap: backport patches to fix build
* 106: fix build when libfdt-devel is installed on host
* 107: fix stdbool.h includes

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-03-28 02:10:12 +01:00
Daniel Golle
28920330f8 wireguard: introduce 'nohostroute' option
Instead of creating host-routes depending on fwmark as (accidentally)
pushed by commit
1e8bb50b93 ("wireguard: do not add host-dependencies if fwmark is set")
use a new config option 'nohostroute' to explicitely prevent creation
of the route to the endpoint.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:59:03 +01:00
Daniel Golle
1e8bb50b93 wireguard: do not add host-dependencies if fwmark is set
The 'fwmark' option is used to define routing traffic to
wireguard endpoints to go through specific routing tables.
In that case it doesn't make sense to setup routes for
host-dependencies in the 'main' table, so skip setting host
dependencies if 'fwmark' is set.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:53:14 +01:00
Hans Dedecker
b2152c8e6b odhcpd: update to latest git HEAD (FS#2204)
420945c netlink: fix IPv6 address updates (FS#2204)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-27 21:05:07 +01:00
Koen Vandeputte
555ee02f77 kernel: fix missing dependency in 4.14.108
The 4.14.108 bump introduced a missing dependency when building
specific netfilters.

Thsi was not seen as the error does not occur on all targets.

Thanks to Jo-Philipp Wich for providing the fix

Fixes: af6c86dbe5 ("kernel: bump 4.14 to 4.14.108")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-27 16:46:39 +01:00
Felix Fietkau
b65a270c85 mt76: update to the latest version
f2a18f5 mt76x02: introduce mt76x02_beacon.c
91ade88 mt76x02: add hrtimer for pre TBTT for USB
6370485 mt76x02: introduce beacon_ops
37af803 mt76x02u: implement beacon_ops
41d6190 mt76x02: generalize some mmio beaconing functions
dcccc04 mt76x02u: add sta_ps
5ac5289 mt76x02: disable HW encryption for group frames
e284cc2 mt76x02u: implement pre TBTT work for USB
77e56b8 mt76x02: make beacon slots bigger for USB
d4c740f mt76x02u: add mt76_release_buffered_frames
65e6344 mt76: unify set_tim
f720e49 mt76x02: enable AP mode for USB
cf1838d mt76usb: change mt76u_submit_buf
16b2ccf mt76: remove rx_page_lock
e1bfbeb mt76usb: change mt76u_fill_rx_sg arguments
e9c0171 mt76usb: use usb_dev private data
a4eb5db mt76usb: remove mt76u_buf redundant fileds
3f9b68d mt76usb: move mt76u_buf->done to queue entry
4a366bd mt76usb: remove mt76u_buf and use urb directly
0904bc4 mt76usb: remove MT_RXQ_MAIN queue from mt76u_urb_alloc
42f2899 mt76usb: resue mt76u_urb_alloc for tx
4d4d73a mt76usb: remove unneded sg_init_table
57309c7 mt76usb: allocate urb and sg as linear data
2e89721 mt76usb: remove queue variable from rx_tasklet
30a256a mt76x02: remove extra_tx_headroom (obsoleted by mac8211 skb aligning)
ae166b0 Revert "mt76: mt7603: store software PN/IV in wcid"
bf6e72d Revert "mt76: mt76x02: store software PN/IV in wcid"
a11b673 mt76: fix tx power issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-27 13:05:03 +01:00
Hauke Mehrtens
6af639e0bf linux: Add kmod-sched-act-vlan
This allows to configure rules to push or pop vlan headers.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
72c7e2dc46 linux: Add kmod-sched-flower
This allows to classify packets based on a configurable combination
of packet keys and masks.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
f83522fa63 linux: Add kmod-sched-mqprio
This adds Multi-queue priority scheduler (MQPRIO).

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
187ab0bceb linux: Add kmod-crxypto-xcbc
This can be used for IPsec.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Konstantin Demin
01964148c6 dropbear: split ECC support to basic and full
- limit ECC support to ec*-sha2-nistp256:
  * DROPBEAR_ECC now provides only basic support for ECC
- provide full ECC support as an option:
  * DROPBEAR_ECC_FULL brings back support for ec{dh,dsa}-sha2-nistp{384,521}
- update feature costs in binary size

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:35 +01:00
Konstantin Demin
5eb7864aad dropbear: rewrite init script startup logic to handle both host key files
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
6145e59881 dropbear: change type of config option "Port" to scalar type "port"
it was never used anywhere, even LuCI works with "Port" as scalar type.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
5d27b10c61 dropbear: introduce config option "keyfile" (replacement for "rsakeyfile")
* option "keyfile" is more generic than "rsakeyfile".
* option "rsakeyfile" is considered to be deprecated and should be removed
  in future releases.
* warn user (in syslog) if option "rsakeyfile" is used
* better check options ("rsakeyfile" and "keyfile"): don't append
  "-r keyfile" to command line if file is absent (doesn't exist or empty),
  warn user (in syslog) about such files

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
efc533cc2f dropbear: add initial support for ECC host key
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
c40a84cc15 dropbear: fix regression where TTY modes weren't reset for client
cherry-pick upstream commit 7bc6280613f5ab4ee86c14c779739070e5784dfe

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
ddf1a06326 dropbear: honour CFLAGS while building bundled libtomcrypt/libtommath
Felix Fietkau pointed out that bundled libtomcrypt/libtommath do funny stuff with CFLAGS.
fix this with checking environment variable OPENWRT_BUILD in both libs.
change in dropbear binary size is drastical: 221621 -> 164277.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
9c3bfd0906 dropbear: fix hardening flags during configure
compiler complains about messed up CFLAGS in build log:
  <command-line>: warning: "_FORTIFY_SOURCE" redefined
  <command-line>: note: this is the location of the previous definition

and then linker fails:
  mips-openwrt-linux-musl-gcc [...] -o dropbearmulti [...]
  collect2: fatal error: ld terminated with signal 11 [Segmentation fault]
  compilation terminated.
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans0.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans1.ltrans.o: relocation R_MIPS_HI16 against `ses' can not be used when making a shared object; recompile with -fPIC
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans2.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
  [...]
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
  make[3]: *** [Makefile:198: dropbearmulti] Error 1
  make[3]: *** Deleting file 'dropbearmulti'
  make[3]: Leaving directory '/build_dir/target-mips_24kc_musl/dropbear-2018.76'
  make[2]: *** [Makefile:158: /build_dir/target-mips_24kc_musl/dropbear-2018.76/.built] Error 2
  make[2]: Leaving directory '/package/network/services/dropbear'

This FTBFS issue was caused by hardening flags set up by dropbear's configure script.

By default, Dropbear offers hardening via CFLAGS and LDFLAGS,
but this may break or confuse OpenWrt settings.

Remove most Dropbear's hardening settings in favour of precise build,
but preserve Spectre v2 mitigations:
* -mfunction-return=thunk
* -mindirect-branch=thunk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
a1099edf32 dropbear: bump to 2019.77
- drop patches applied upstream:
  * 010-runtime-maxauthtries.patch
  * 020-Wait-to-fail-invalid-usernames.patch
  * 150-dbconvert_standalone.patch
  * 610-skip-default-keys-in-custom-runs.patch
- refresh patches
- move OpenWrt configuration from patch to Build/Configure recipe,
  thus drop patch 120-openwrt_options.patch

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:32 +01:00
Christian Lamparter
616ec4365c ath10k-ct: Update to 2019-03-25
2e917efb607f ath10k: Add slow-pci bus work-around, sw-crypt blockack support.
cc73ceb0dbc7 ath10k: Fix out-of-tree compile for 4.16 driver.
4b3cf7c20972 ath10k: Improve tx-status reporting.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-25 21:19:40 +01:00
Christian Lamparter
f803ee3ba9 ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1:

- 2019-03-12: Add btcoex feature flag for 2.4Ghz only adapters,
	      backported from upstream 10.2 firmware.

- 2019-03-12: Support offloading decrypt of PMF blockack frames
	      to the host. This lets us do blockack with PMF and
	      rx-sw-crypt. Normal hwcrypt scenarios would not need this.

Release notes for wave-2:

- 2019-03-12: Fix crash when tearing down VI TID when pending frames
	      exist. Could reproduce this while doing rmmod when VI
	      traffic was flowing and PMF was enabled but broken.
	      Bad luck could rarely cause it to happen in more normal
	      config too.

- 2019-03-12: Support offloading decrypt of PMF blockack frames to
	      the host.  This lets us do blockack with PMF and
	      rx-sw-crypt. Normal hwcrypt scenarios would not need this.

- 2019-03-12: Re-work problematic patch that attempted to fix transmit
	      on non-QOS tids. It appears buggy in several ways,
	      hopefully improved now.  This was introduced last fall.
	      See github bug 78.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-25 21:19:39 +01:00
Felix Fietkau
503edc913b mt76: update to the latest version
4d8c7e8 mt76: mt76x02: send no-skb tx status without holding the status lock
7e9e9ad mt76: mt7603: add missing initialization for dev->ps_lock
3a7e6bb mt76: fix potential deadlock on cancelling workqueues
deacb8f mt76: fix using mac80211 tx skb header padding
c9402eb mt76: use napi polling for tx cleanup
60e508e mt76: use readl/writel instead of ioread32/iowrite32
5912e8a mt7603: fix sequence number assignment
95a83cc mt7603: send BAR after powersave wakeup

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-23 18:03:38 +01:00
Hauke Mehrtens
94ffb7be4d netifd: update to latest git HEAD
a8cf037 netifd: wireless: Add support for GCMP cipher
34a70b6 netifd: wireless: Add support for 802.11ad

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-21 17:07:52 +01:00
Hauke Mehrtens
0168af502b ubox: update to latest git HEAD
a782779 kmodloader: increase module name length

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-21 17:07:47 +01:00
Hauke Mehrtens
9725aa271a iwinfo: update to latest git HEAD
ce1814b iwinfo: Add device ID for Wilocity Wil6210
a8e8275 iwinfo: Add support for 802.11ad

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-21 17:07:43 +01:00
Hauke Mehrtens
b36d250b55 Revert "valgrind: enable LTO and refresh patches"
This reverts commit 0331770299.

With LTO enabled valgridn does not build on MIPS32 any more, deactivate
it for now. The patch refresh was not reverted.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-21 17:07:00 +01:00
Rosy Song
488e7ccfbc libnftnl: bump to latest version
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2019-03-21 17:05:44 +01:00
Eneas U de Queiroz
fc1386ccf8 openssl: revert disallowing parallel build
Openssl 1.1.0 made wholesale changes to its building system.
Apparently, parallel builds are working now.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-03-21 17:05:34 +01:00
Hans Dedecker
1ca69003fd odhcpd: update to latest git HEAD (FS#2160)
6d23385 dhcpv6: extra syslog tracing
b076916 dhcpv6/router: add support for mutiple master interfaces
e4a24dc ndp: fix adding proxy neighbor entries
4ca7f7e router: add extra syslog tracing
8318e93 netlink: fix neighbor event handling (FS#2160)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-21 16:06:10 +01:00
Christian Lamparter
41bceb0d4e uboot-fritz4040: fix PKG_MIRROR_HASH
The PKG_MIRROR_HASH was for some reason wrong.

Fixes: d75db67870 ("uboot-fritz4040: bump version to 2019-03-03")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-21 00:57:54 +01:00
Christian Lamparter
133bad46a6 adb: fix missing PKG_MIRROR_HASH
This package was missing a PKG_MIRROR_HASH value.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-21 00:57:54 +01:00
Ozgur Can Leonard
201d3d1a82 ramips: Xiaomi MIR3G: detect board name from DTS
- Former "mir3g" board name becomes "xiaomi,mir3g".
- Reorder some entries to maintain alphabetical order.
- Change DTS so status LEDs (yellow/red/blue) mimic
  Xiaomi stock firmware: (Section Indicator)
<http://files.xiaomi-mi.co.uk/files/router_pro/router%20PRO%20EN.pdf>
<http://files.xiaomi-mi.co.uk/files/Mi_WiFi_router_3/MiWiFi_router3_EN.pdf>
|Yellow: Update (LED flickering), the launch of the system (steady light);
|Blue: during normal operation (steady light);
|Red: Safe mode (display flicker), system failure (steady light);

Signed-off-by: Ozgur Can Leonard <ozgurcan@gmail.com>
[Added link to similar Router 3 model]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-21 00:57:54 +01:00
Josef Schlehofer
f22c33b40c ca-certificates: update to version 20190110
- Tested on Turris MOX, OpenWrt master
- Removed PKG_BUILD_DIR
In build_dir there were two folders
ca-certificates and ca-certificates-20190110 and it failed as files
were in ca-certificates-20190110

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
2019-03-21 00:57:54 +01:00
Steve Glennon
dc4f6b896f ipq40xx: add support for EnGenius ENS620EXT
Hardware
--------
CPU:   Qualcomm IPQ4018
RAM:   256M
FLASH: 32M SPI NOR W25Q256
ETH:   QCA8075
WiFi2: IPQ4018 2T2R 2SS b/g/n
WiFi5: IPQ4018 2T2R 2SS n/ac
LED:    - Power amber
        - LAN1(PoE) green
        - LAN2 green
        - Wi-Fi 2.4GHz green
        - Wi-Fi 5GHz green
BTN:    - WPS
UART:  115200n8 3.3V J1
       VCC(1) - GND(2) - TX(3) - RX(4)

Added basic support to get the device up and running for a sysupgrade
image only.
There is currently no way back to factory firmware, so this is a one-way
street to OpenWRT.
Install from factory condition is convoluted, and may brick your device:
1) Enable SSH and disable the CLI on the factory device from the web user
   interface (Management->Advanced)
2) Reboot the device
3) Override the default, limited SSH shell:
   a) Get into the ssh shell:
      ssh admin@192.168.1.1 /bin/sh --login
   b) Change the dropbear script to disable the limited shell. At the
      empty command prompt type:
        sed -i '/login_ssh/s/^/#/g’ dropbear
        /etc/init.d/dropbear restart
        exit
4) ssh in to a (now-) normal OpenWRT SSH session
5) Flash your built image
   a) scp openwrt-ipq40xx-engenius_ens620ext-squashfs-sysupgrade.bin
      admin@192.168.1.1:/tmp/
   b) ssh admin@192.168.1.1
   c) sysupgrade -n
      /tmp/openwrt-ipq40xx-engenius_ens620ext-squashfs-sysupgrade.bin
6) After flash completes (it may say "Upgrade failed" followed by
   "Upgrade completed") and device reboots, log in to newly flashed
   system. Note you will now need to ssh as root rather than admin.

Signed-off-by: Steve Glennon <s.glennon@cablelabs.com>
[whitespace fixes, reordered partitions, removed rng node from 4.14,
fixed 901-arm-boot-add-dts-files.patch]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-21 00:57:54 +01:00
Deng Qingfang
31078dbc76 iproute2: update to 5.0.0
Update iproute2 to 5.0.0
Remove upstream patch 001-tc-fix-undefined-XATTR_SIZE_MAX
Alter patch 170-ip_tiny as support for IPX and DECnet is dropped
Update patch 010-cake-fwmark to match upstream commit

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-03-20 21:48:04 +01:00
Felix Fietkau
38860fe2e4 mac80211: fix an issue with the TXQ scheduling API and powersave clients
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-20 10:41:30 +01:00
Felix Fietkau
ca9ad880f2 mac80211: improve the txq scheduling API to deal with driver buffered packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-20 10:41:30 +01:00
Felix Fietkau
60659b2d9e mac80211: optimize skb resizing to avoid reallocation when using 802.11s + batman-adv
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-20 10:41:30 +01:00
Ryan Mounce
ffb2a3aa2a iproute2: add cake fwmark support
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2019-03-20 07:07:15 +10:30
Ryan Mounce
6d5762f6d8 kmod-sched-cake: bump to latest cake
Update the out of tree build of cake. Applicable patches are also in
net-next.

057c738 Fix fwmark_shft assignment (again)
ca6c162 Add support for storing mark back into conntrack
7ed9b6c Fix off-by-one error when setting fwmark_shft.
a4a243a sch_cake: Interpret fwmark parameter as a bitmask
29d707e Simplify logic in cake_select_tin()
8acaaee Permit use of connmarks as tin classifiers
348f186 Make the dual modes fairer
99a7297 compat: Don't lock root qdisc when dumping stats on old kernels

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2019-03-19 22:40:13 +10:30
Daniel Engberg
9b16a69941 usbutils: Update usb.ids to 0.321
Update usb.ids to 0.321

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-03-18 20:43:09 +01:00
Deng Qingfang
89c8232f78 ipset: size optimizations
ipset utility was linked statically to libipset. Disable static library for dynamic linking to save space.
Add -Wl,--gc-sections,--as-needed for further reduction

MIPS ipk size:
ipset: 29KiB -> 2KiB
libipset: 39KiB -> 38KiB

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-03-17 22:17:48 +01:00
Alexander Couzens
dd3214f95d
mac80211: netifd: Use a mask when using iw set antenna
The keyword "all" is only supported by `iw set antenna` if
it's used as the only argument.
Convert "all" into a mask before calling `iw set antenna`.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-03-16 21:16:28 +01:00
Felix Fietkau
8852a09d85 mt76: update to the latest version
00ac79d mt7603: fix initialization of max rx length
320af65 mt76: mt7603: use the correct hweight8() function
bdee924 mt76: fix schedule while atomic in mt76x02_reset_state
abcb544 mt76x02: do not enable RTS/CTS by default
e97a209 mt76: remove mt76_queue dependency from tx_queue_skb function pointer
ddd98f8 mt76: remove mt76_queue dependency from tx_prepare_skb function pointer
9bc2d56 mt76: remove mt76_queue dependency from tx_complete_skb function pointer
06c917f mt76: introduce mt76_sw_queue data structure
2dc63b0 mt76: introduce mt76_txq_id field in mt76_queue_entry
312f6fc mt76: remove irqsave/restore in locking for tx status fifo
0fe6386 mt76: move mt76x02_insert_hdr_pad in mt76-core module
efe9a47 mt76: mmio: move mt76_insert_hdr_pad in mt76_dma_tx_queue_skb
0b03f87 mt76: move skb dma mapping before running tx_prepare_skb
f977a92 mt76: introduce mt76_tx_info data structure
72fe286 mt76: use mac80211 txq scheduling
b77b932 mt76: reduce locking in mt76_dma_tx_cleanup
c0ab515 mt76: store wcid tx rate info in one u32 reduce locking
f37ad72 mt76: mt76x02: store software PN/IV in wcid
5323005 mt76: move tx tasklet to struct mt76_dev
688d708 mt76: only schedule txqs from the tx tasklet
42ce040 mt76: use TX_NEEDS_ALIGNED4_SKBS
2660aa9 mt76: mt7603: store software PN/IV in wcid
3ce8a93 mt76: dma: add static qualifier to mt76_dma_tx_queue_skb
81a32aa mt7603: remove mt7603_mcu_init routine
48dc7e9 mt7603: core: do not use magic numbers in mt7603_reg_map
2236490 mt76: usb: reduce code indentation in mt76u_alloc_tx

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 21:14:43 +01:00
Felix Fietkau
4cf1394f51 mac80211: add a few performance improvement patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
6869ae2ab5 mac80211: improve locking around the txq scheduling / airtime fairness API
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
04e4b779cc mac80211: backport the txq scheduling / airtime fairness API
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
fb0a80f4cf mac80211: fix an unaligned access in the mesh hash table function
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
fd8ca8deb3 netifd: add support for suppressing the DHCP request hostname by setting it to *
dnsmasq (and probably other DHCP servers as well) does not like to hand out
leases with duplicate host names.
Adding support for skipping the hostname makes it easier to deploy setups
where it is not guaranteed to be unique

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
5cda4a3e30 mac80211: update and fix the patch to allow 4-byte aligned tx skbs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
51e1092fae mac80211: allocate tailroom for forwarded mesh packets
Fixes a warning + packet loss on encrypted mesh networks with forwarding

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Tony Ambardar
b61495409b iproute2: tc: reduce size of dynamic symbol table
In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all*
symbols into the dynamic symbol table. Instead, use --dynamic-list to
export a smaller set of symbols similar to that defined in static-syms.h
in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase.
The symbol set is based on that required by the only plugin, m_xt.so.

Also increment PKG_RELEASE.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE fixup]
2019-03-14 22:55:06 +01:00
Tony Ambardar
0b57a2165a iproute2: tc: enable and fix support for using .so plugins
This enables using the tc module m_xt.so, which uses the act_ipt kernel
module to allow tc actions based on iptables targets. e.g.

   tc filter add dev eth0 parent 1: prio 10 protocol ip \
   u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE

Make the SHARED_LIBS parameter configurable and based on tc package
selection.

Fix a problem using the tc m_xt.so plugin as also described in
https://bugs.debian.org/868059:

  Sync include/xtables.h from iptables to make sure the right offset is
  used when accessing structure members defined in libxtables. One could
  get “Extension does not know id …” otherwise. (See also: #868059)

Patch to sync the included xtables.h with system iptables 1.6.x. This
continues to work with iptables 1.8.2.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-03-14 22:54:59 +01:00
Tony Ambardar
f61359e16e iproute2: support eBFP/XDP object file loading, simplify linking libelf
Add build and runtime dependencies on libelf, allowing tc and ip-full
to load BPF and XDP object files respectively.

Define package 'tc' as a singleton package variant, which can be used to
enable additional functionality limited only to tc. Also set ip-tiny
as the default 'ip' variant.

Preserve optionality of libelf by having configuration script follow the
HAVE_ELF environment variable, used similarly to the HAVE_MNL variable.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-03-14 22:54:50 +01:00
Hans Dedecker
127d38f219 netifd: update to latest git HEAD (FS#2087)
81ac3bc interface-ip: fix delegate config update on reload (FS#2087)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-14 13:50:51 +01:00
Zoltan HERPAI
5e247f3ac1 uboot-sunxi: add fix for A20-OLinuXino-Lime2-eMMC rev. K boards
The OLinuXino Lime2 rev. K boards use new PHYs (Micrel KSZ9031),
so enable that.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2019-03-13 22:43:13 +01:00
Zoltan HERPAI
e991fb44e0 uboot-sunxi: bump to 2019.01
Tested on:
Bananapro (A20)
Banana Pi M3 (A83t)
Linksprite pcDuino3 (A20)
Olinuxino Lime (A10)
Orange Pi 2 (H3)
Pine64 (A64)

Patches refreshed.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2019-03-13 22:42:38 +01:00
David Bauer
148d29d47b ipq40xx: add support for AVM FRITZ!Repeater 3000
Hardware
--------
CPU:   Qualcomm IPQ4019
RAM:   256M (NANYA NT5CC128M16JR-EK)
FLASH: 128M NAND (Macronix MX30LF1G18AC-XKI)
ETH:   Qualcomm QCA8072
WiFi2: IPQ4019 2T2R 2SS b/g/n
WiFi5: IPQ4019 2T2R 2SS n/ac
WiFi5: QCA9984 4T4R 4SS n/ac
LED:    - Connect green/blue/red
        - Power green
BTN:   WPS/Connect
UART:  115200n8 3.3V
       VCC - RX - TX - GND (Square is VCC)

Installation
------------
1. Grab the uboot for the Device from the 'u-boot-fritz3000'
   subdirectory. Place it in the same directory as the 'eva_ramboot.py'
   script. It is located in the 'scripts/flashing' subdirectory of the
   OpenWRT tree.

2. Assign yourself the IP address 192.168.178.10/24. Connect your
   Computer to one of the boxes LAN ports.

3. Connect Power to the Box. As soon as the LAN port of your computer
   shows link, load the U-Boot to the box using following command.

   > ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz3000.bin

4. The U-Boot will now start. Now assign yourself the IP address
   192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
   server root directory and rename it to 'FRITZ3000.bin'.

5. The Box will now boot OpenWRT from RAM. This can take up to two
   minutes.

6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
   scp. SSH into the Box and first write the Bootloader to both previous
   kernel partitions.

   > mtd write /path/to/uboot-fritz3000.bin uboot0
   > mtd write /path/to/uboot-fritz3000.bin uboot1

7. Remove the AVM filesystem partitions to make room for our kernel +
   rootfs + overlayfs.

   > ubirmvol /dev/ubi0 --name=avm_filesys_0
   > ubirmvol /dev/ubi0 --name=avm_filesys_1

8. Flash OpenWRT peristently using sysupgrade.

   > sysupgrade -n /path/to/openwrt-sysupgrade.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-03-13 16:25:35 +01:00
David Bauer
5389db72e3 fritz-tools: add support for IPQ40xx platform
AVM devices based on Qualcomm IPQ40xx do not store sector health
information in the OOB area. Make this check optional to support this
platform.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-03-13 16:25:34 +01:00
David Bauer
d75db67870 uboot-fritz4040: bump version to 2019-03-03
Adds support for the AVM FRITZ!Repeater 3000

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-03-13 16:25:34 +01:00
Ozgur Can Leonard
d009033911 ramips: add support for Xiaomi Mi Router 3 Pro
Hardware:

CPU:   MediaTek MT7621AT (2x880MHz)
RAM:   512MB DDR3
FLASH: 256MB NAND
WiFi:  2.4GHz 4x4 MT7615 b/g/n (Needs driver, See Issues!)
WiFI:  5GHz 4x4 MT7615 a/n/ac  (Needs driver, See Issues!)
USB:   1x 3.0
ETH:   1x WAN 10/100/1000 3x LAN 10/100/1000
LED:   Power/Status
BTN:   RESET
UART:  115200 8n1

Partition layout and boot:

Stock Xiaomi firmware has the MTD split into (among others)

- kernel0 (@0x200000)
- kernel1 (@0x600000)
- rootfs0
- rootfs1
- overlay (ubi)

Xiaomi uboot expects to find kernels at 0x200000 & 0x600000
referred to as system 1 & system 2 respectively.
a kernel is considered suitable for handing control over
if its linux magic number exists & uImage CRC are correct.
If either of those conditions fail, a matching sys'n'_fail flag
is set in uboot env & a restart performed in the hope that the
alternate kernel is okay.
If neither kernel checksums ok and both are marked failed, system 2
is booted anyway.

Note uboot's tftp flash install writes the transferred
image to both kernel partitions.

Installation:

Similar to the Xiaomi MIR3G, we keep stock Xiaomi firmware in
kernel0 for ease of recovery, and install OpenWRT into kernel1 and
after.

The installation file for OpenWRT is a *squashfs-factory.bin file that
contains the kernel and a ubi partition. This is flashed as follows:

nvram set flag_try_sys1_failed=1
nvram set flag_try_sys2_failed=0
nvram commit
dd if=factory.bin bs=1M count=4 | mtd write - kernel1
dd if=factory.bin bs=1M skip=4 | mtd write - rootfs0
reboot

Reverting to stock:

The part of stock firmware we've kept in kernel0 allows us to run stock
recovery, which will re-flash stock firmware from a *.bin file on a USB.

For this we do the following:

fw_setenv flag_try_sys1_failed 0
fw_setenv flag_try_sys2_failed 1
reboot

After reboot the LED status light will blink red, at which point pressing
the 'reset' button will cause stock firmware to be installed from USB.

Issues:

OpenWRT currently does not have support for the MT7615 wifi chips. There is
ongoing work to add mt7615 support to the open source mt76 driver. Until that
support is in place, there are closed-source kernel modules that can be used.

See: https://forum.openwrt.org/t/support-for-xiaomi-wifi-r3p-pro/20290/170

Signed-off-by: Ozgur Can Leonard <ozgurcan@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[02_network remaps, Added link to notes]
2019-03-13 16:25:34 +01:00
Santiago Piccinini
24463d0d94 ath79: add support for LibreRouter v1
Hardware
--------
SOC:   QCA9558
RAM:   128M DDR2
Flash: 16MiB SPI-NOR
ETH:   QCA8337N: 2x 10/100/1000 PoE and PoE pass-through
WiFi2: QCA9558 (bgn) 2T2R
WiFi5: 2x mPCIE with AR9582 (an) 2T2R
BTN:   1x Reset
GPIO:  multiple GPIO on header, PoE passthrough enable
UART:  3.3V 115200 8N1 header on the board
WDG:   ATTiny13 watchdog
JTAG:  header on the board
USB:   1x connector and 1x header on the board
PoE:   10-32V input in ETH port 1, passthrough in port 2
mPCIE: 2x populated with radios (but replaceable)

OpenWrt is preinstalled from factory. To install use <your-image>-sysupgade.bin
using the web interface or with sysupgrade -n.

Flash from bootloader (in case failsafe does not work)
1. Connect the LibreRouter with a serial adapter (TTL voltage) to the UART
   header in the board.
2. Connect an ETH cable and configure static ip addres 192.168.1.10/24
3. Turn on the device and stop the bootloader sending any key through the serial
   interface.
4. Use a TFTP server to serve <your image>-sysupgrade.bin file.
5. Execute the following commands at the bootloader prompt:
    ath> tftp 82000000 <your image>-sysupgrade.bin
    ath> erase 0x9f050000 +$filesize
    ath> cp.b 0x82000000 0x9f050000 $filesize
    ath> bootm 0x9f050000

More docs
* Bootloader https://github.com/librerouterorg/u-boot
* Board details (schematics, gerbers): https://github.com/librerouterorg/board

Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
2019-03-13 16:25:34 +01:00
Eneas U de Queiroz
2407b1edcc openssl: disable digests by default, misc fixes
Openssh uses digest contexts across forks, which is not supported by the
/dev/crypto engine.  The speed of digests is usually not worth enabling
them anyway.  This changes the default of the DIGESTS option to NONE, so
the user still has the option to enable them.

Added another patch related to the use of encryption contexts across
forks, that ignores a failure to close a previous open session when
reinitializing a context, instead of failing the reinitialization.

Added a link to the Cryptographic Hardware Accelerators document to the
engine pacakges description, to provide more detailed instructions to
configure the engines.

Revert the removal of the OPENSSL_ENGINE_CRYPTO symbol, currently used
by openssh.  There is an open PR to update openssh; when merged, this
symbol can be safely removed.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patches]
2019-03-12 18:26:59 +01:00
Daniel Golle
36530ba72a mac80211: rt2x00: import and update pending patches
Imported from patchwork, patches marked with '=' have already been in
our tree:
 [v3,1/4] cfg80211: add ratelimited variants of err and warn
 [v3,2/4] rt2x00: use ratelimited variants dev_warn/dev_err
 [v3,3/4] rt2x00: check number of EPROTO errors
=[v3,4/4] rt2x00: do not print error when queue is full

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-12 11:44:27 +01:00
Wojciech Dubowik
5107176861 procd: Enable seccomp for powerpc
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
2019-03-11 23:14:28 +01:00
Piotr Dymacz
82dbcd8bf2 uboot-envtools: ramips: add support for ALFA Network Tube-E4G
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-03-11 22:00:26 +01:00
Hans Dedecker
2cd28c9a08 busybox: add missing install dir
Add missing /usr/sbin install dir fixing :

install: cannot create regular file 'build_dir/target-x86_64_musl/busybox-1.30.1/.pkgdir/busybox/usr/sbin/ntpd-hotplug': No such file or directory

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-11 17:03:17 +01:00
Hans Dedecker
b04c9a1ffc nghttp2: bump to 1.37.0
cfb47d30 Take into account larger frame size for prioritization
dbbe4e01 Remove unused field
371bc3a8 clang-format
5e7889c5 Update manual pages
b1b2ad50 Bump up version number to 1.37.0, LT revision to 31:2:17
e043ca83 Update AUTHORS
c2434dfb Simplify stream_less
816ad210 Reuse name when indexing header by referencing dynamic table
f5feb16e Merge pull request #1295 from bratkartoffel/fix-compile-boringssl
adf09f21 Merge pull request #1303 from donny-dont/fix-shared-install
2591960e Explicitly set install location when building shared libs
d93842db nghttpx: Fix backend stall if header and request body are sent in 2 packets
8dc2b263 nghttpx: Use std::priority_queue
8d842701 Update manual pages
de85b0fd Update README
5d6beed5 Merge branch 'nghttpx-backend-weight'
1ff9de4c nghttpx: Backend address selection with weight
34482ed4 Fix compilation with boringssl
9b6ced66 Bump up version number to 1.37.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-10 19:34:33 +01:00
Hauke Mehrtens
26af8e48d3 linux-atm: Fix compile problem with kernel 4.20
This fixes the following compile problem with kernel 4.20:

In file included from arp.c:20:0:
include/linux/if_arp.h:121:16: error: 'IFNAMSIZ' undeclared here (not in a function)
  char  arp_dev[IFNAMSIZ];
                ^~~~~~~~
make[7]: *** [Makefile:459: arp.o] Error 1

This is caused by commit 6a12709da354 ("net: if_arp: use define instead
of hard-coded value") in the upstream Linux kernel which is integrated
in Linux 4.20.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-10 19:04:30 +01:00
Moritz Warning
3d3e04d8c8 wolfssl: fix build in busybox environments
The configure script broke when used in alpine-3.9 based docker containers. Fixed in wolfSSL >3.15.7.

Signed-off-by: Moritz Warning <moritzwarning@web.de>
2019-03-10 17:48:23 +01:00
Martin Schiller
ff3cfe0848 ltq-atm/ltq-ptm: re-enable/fix reset_ppe() functionality for VR9
This patch re-enables the reset_ppe() functionality for VR9 targets by using
the new lantiq rcu subsystem. The reset sequence in the reset_ppe() function
was taken from the ppa datapath driver of lantiq UGW 7.4.1.

Additionally it adds the required reset definitions to the vr9 dtsi file.

It also prepares the reset_ppe() function calls for the other lantiq targets.

This feature is needed to be able to switch between ltq-atm/ltq-ptm driver
in ATM/PTM Auto-Mode at runtime.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2019-03-10 16:49:31 +01:00
Andy Binder
50717510e7 fritz-tools: add fritz_tffs_nand_read tool
A tool for reading the TFFS partitions (a name-value storage usually
found in AVM Fritz!Box based devices) on nand flash.

Copyright (c) 2018 Valentin Spreckels <Valentin.Spreckels@Informatik.Uni-Oldenburg.DE>

Based on the fritz_tffs_read tool:
    Copyright (c) 2015-2016 Martin Blumenstingl <martin.blumenstingl@googlemail.com>
and on the TFFS 2.0 kernel driver from AVM:
    Copyright (c) 2004-2007 AVM GmbH <fritzbox_info@avm.de>
and the TFFS 3.0 kernel driver from AVM:
    Copyright (C) 2004-2014 AVM GmbH <fritzbox_info@avm.de>
and the OpenWrt TFFS kernel driver:
    Copyright (c) 2013 John Crispin <blogic@openwrt.org>

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Signed-off-by: Valentin Spreckels <Valentin.Spreckels@Informatik.Uni-Oldenburg.de>
Signed-off-by: Andy Binder <AndyBinder@gmx.de>
2019-03-10 16:49:23 +01:00
Aleksander Jan Bajkowski
445ca981d1 sunxi: add support for Orange Pi PC Plus
CPU: H3 Quad-core Cortex-A7 H.265/HEVC 4K @ 1.2 Ghz
GPU: Mali400MP2 GPU @ 600MHz (supports OpenGL ES 2.0)
Memory: 1GB DDR3 (shared with GPU)
Onboard: Storage TF card (Max. 64GB) / MMC card slot
Onboard: Storage 8 GB eMMC
Onboard: Network 10/100M Ethernet RJ45
Onboard: Network WiFi 802.11 b/g/n (Realtek RTL8189FTV)
Onboard header: SPI, I2C, GPIO, UART
USB 2.0: Three USB 2.0 HOST, One USB 2.0 OTG

Known issues:
-Wifi diesn't work

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
2019-03-09 18:55:15 +01:00
Eneas U de Queiroz
d971ae51a5 openssl: backport devcrypto changes from master
The patches to the /dev/crypto engine were commited to openssl master,
and will be in the next major version (3.0).

Changes:
- Optimization in computing a digest in one operation, saving an ioctl
- Runtime configuration options for the choice of algorithms to use
- Command to dump useful information about the algorithms supported by
  the engine and the system.
- Build the devcrypto engine as a dynamic module, like other engines.

The devcrypto engine is built as a separate package by default, but
options were added to allow building the engines into the main library.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
[refresh patches]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-09 18:55:07 +01:00
Vieno Hakkerinen
c3425be082 6to4: update OpenWrt documentation URL
Signed-off-by: Vieno Hakkerinen <txt.file@txtfile.eu>
2019-03-09 18:19:18 +01:00
Piotr Dymacz
c5394ec7e0 uboot-envtools: ath79: add support for YunCore A770
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-03-09 16:31:22 +01:00
Piotr Dymacz
6ee73942f9 ipq-wifi: update ALFA Network AP120C-AC board-2.bin
Add specific 'variant' for 'bus=ahb,bmi-chip-id=0,bmi-board-id=25' BDF.
Use the same value ('ALFA-Network-AP120C-AC') as sent upstream.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-03-08 19:28:31 +01:00
Daniel Golle
69d3c7e6da ucert: add PROVIDES also for minimal 'ucert' package
Otherwise ucert-full gets selected instead of ucert when depending on
ucert.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-08 01:18:12 +01:00
Felix Fietkau
9f818cb002 mt76: update to the latest version
1d7760d mt76: mt7603: set moredata flag when queueing ps-filtered packets
0b927b2 mt76: fix return value check in mt76_wmac_probe()
e72376d mt76x02: fix hdr pointer in write txwi for USB

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-07 20:36:13 +01:00
David Bauer
4484ef587a ath10k-ct: limit available channels via DT
This backports upstream commit

34d5629 ath10k: limit available channels via DT ieee80211-freq-limit

to the 4.19 ath10k-ct version. Without this patch, disabled channels
are still listed as a supported configuration for the radio.

The identical patch was also backported by OpenWRT to the non-ct driver.
It can be dropped as soon as we switch to an ath10k-ct version based on
4.20 or higher.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-03-06 21:58:59 +01:00
Michael Yartys
fc2fd1c9d6 ath10k-firmware: update Candela Tech firmware images
Release notes since last update:

wave-1 firmware:

*  Feb 14, 2019:  Remove logic that causes assert when swba logic is not
                  initialized. This was seen when trying to bring up 6 VAP
                  vdevs. A similar fix went into wave-2 firmware some time
                  ago.

*  Feb 27, 2019:  Support up to 32 vAP vdevs, fix stack corruption when
                  driver requests too many vAP.

*  Feb 28, 2019:  Support beacon-tx-wmi callback message. This lets driver
                  properly clean up beacon buffers so we don't crash
                  (somethings the entire OS/system) due to DMA errors.

wave-2 firmware:

*  Feb 27. 2019:  Support up to 32 AP vdevs. Previous to this, stack would
                  be corrupted if you went past 16 AP vdevs.

*  Feb 28, 2019:  Support beacon-tx-wmi callback message. This lets driver
                  properly clean up beacon buffers. In wave-1, this could
                  crash the entire OS, but I didn't see the same crashes
                  in wave-2, so maybe it is fixed in some other way. Add
                  the feature regardless as it seems proper.

Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
2019-03-06 21:58:59 +01:00
Michael Yartys
5c83f27ac5 ath10k-ct: Update to 2019-02-28
9360f389234a ath10k: Support up to 24 vAP per radio, fix DMA bug in wave-1.
9cbf8d430974 ath10k-ct: Add 4.20 driver, SGI support for fixed-rate tx.

Runtime tested on: ipq806x

Signed-off-by: Michael Yartys <michael.yartys@gmail.com>
2019-03-06 21:58:59 +01:00
Jo-Philipp Wich
64bb88841f uqmi: inherit firewall zone membership to virtual sub interfaces
Fix an issue where subinterfaces were not added to the same
firewall zone as their parent.

Fixes: FS#2122
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-05 13:19:43 +01:00
Vijayakumar Durai
d0b969eee8 mac80211: rt2x00: do not increment sequence number while re-transmitting
Currently STA+AP re-transmitting the management frames with
incremented sequence number if hardware is assigning the sequence.

Fix is to assign the sequence number for Beacon by hardware
and for other Management frames software will assign the
sequence number

Signed-off-by: Vijayakumar Durai <vijayakumar.durai1@vivint.com>
2019-03-05 03:54:39 +01:00
Felix Fietkau
33201a3ad1 mt76: update to the latest version
3c6df9b mt76: rewrite dma descriptor base and ring size on queue reset
30e757e mt76: mt76x02: when setting a key, use PN from mac80211
fa83406 mt76: mt76x2: implement full device restart on watchdog reset
ead881b mt76: mt76x02: do not sync PN for keys with sw_iv set
ba1d989 mt76: mmio: move mt76x02_set_irq_mask in mt76 module
283ebbe mt76: dma: move mt76x02_init_{tx,rx}_queue in mt76 module
b216d3c mt76: introduce q->stopped parameter
8b437d2 mt76x02: clear sta and vif driver data structures on add
2c62d03 mt76x02: clear running flag when resetting state on restart
6b10cfc mt76: mt76x02: only update the base mac address if necessary
669bc49 mt76: mt76x02: reduce false positives in ED/CCA tx blocking
2ed9382 mt76: mt7603: fix tx status HT rate validation
d2c6823 mt76: mt76x2: fix external LNA gain settings
8ee2259 mt76: mt76x2: fix 2.4 GHz channel gain settings
8bfe6d4 mt76: mt7603: clear ps filtering mode before releasing buffered frames
d13b065 mt76: mt7603: fix up hardware queue index for PS filtered packets
eb1ecc4 mt76: mt7603: notify mac80211 about buffered frames in ps queue
3687eec mt76: mt7603: clear the service period on releasing PS filtered packets
42ab27e mt76: when releasing PS frames, end the service period if no frame was found
461f3b0 mt76: mt76x02: disable ED/CCA by default

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-03 19:43:25 +01:00
Hauke Mehrtens
4590af2065 mac80211: Activate DRIVER_11W_SUPPORT for more capable drivers
ieee80211w support is only activated in hostapd when at least one
capable driver is build into the image. Many drivers which are capable
of ieee80211 (MFP) and have the MFP_CAPABLE set in the driver are still
missing the DRIVER_11W_SUPPORT dependency. Add this to more driver
capable of ieee80211w.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-03 16:44:47 +01:00
Daniel Golle
bc97257ffe ltq-vdsl-fw: update download URL
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-02 19:24:52 +01:00
Daniel Golle
e882d5bf31 iwinfo: update to latest git
b514490 iwinfo: add device id for MediaTek MT7603E
e9e1400 iwinfo: more Ralink and MediaTek WiSoC and PCIe chips
cb108c5 iwinfo: fix capitalization of vendor name

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-01 23:25:59 +01:00
Felix Fietkau
c6caa7a27a mac80211: add a fix to prevent unsafe queue wake calls during restart
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-01 14:56:04 +01:00
Felix Fietkau
82d306b595 mac80211: backport tx queue start/stop fix
Among other things, it fixes a race condition on calling ieee80211_restart_hw

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-01 13:14:29 +01:00
Yousong Zhou
0e8ddc953f libubox: bump to version 2019-02-27
Contains the following change

	eeef7b5 blobmsg_json: blobmsg_format_string: do not escape '/'

Resolves FS#2147

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-03-01 08:09:41 +00:00
Yousong Zhou
eb6f5a58b9 busybox: sync Config.in files
The change was made with the following commands

	cd package/utils/busybox/config
	../convert_menuconfig.pl ~/git-repo/openwrt/openwrt/build_dir/target-mips_24kc_musl/busybox-1.30.1

convert_defaults.pl has no changes other than overwriting defaults for
BUSYBOX_DEFAULT_FEATURE_IPV6

Resolves FS#2146

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-03-01 08:09:41 +00:00
Yousong Zhou
157072ea2b busybox: unindent busybox Config.in
This is to align with upstream change 72089cf ("config: deindent all
help texts") and to make the follow-up change syncing Config.in files
with current busybox version more reviewable

It was made with the following commands

	cd package/utils/busybox/config
	find . -name 'Config.in' | xargs sed -ir -e 's/^\t  \([^ ]\)/\t\1/'

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-03-01 08:09:41 +00:00
Daniel Golle
98f86e61ea mac80211: rt2x00: cleanup ePA, RXIQ and TX-LOFT code
consolidate patch 651-rt2x00-remove-unneccesary-code.patch.
fixup the most obvious whitespace problems in RXIQ and TX-LOFT code.
always backup registers bbpr1, bbpr4, bbpr241 and bbpr242 to avoid
compiler warning about them being potentially uninitialized.
no functional changes (intended)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-01 07:14:01 +01:00
Daniel Golle
7cf6e11721 mac80211: rt2x00: patch tracking cosmetics
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-01 04:09:00 +01:00
Daniel Golle
9a9c6f37d5 uboot-envtools: oxnas: sync with current oxnas/ox820 DTS
Use tested values on shuttle,kd20 and assumed values for
mitrastar,stg-212 and cloudengines,pogoplug*.
akitio users have yet to report back stock flash layout to support
vendor bootloader environment there as well.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-01 03:36:53 +01:00
Alexander Couzens
b2bf3745ff
package/ncurses: change AR options to fix reproducible builds
ar has a deterministic (-D) and non-deterministic (-U) mode.
OpenWrt is already using the deterministic mode by default,
but ncurses' configure script force this to be non-deterministic.
Since autoreconf fails to generate a new configure, the configure script
is directly modified.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-02-28 19:09:35 +01:00
David Bauer
95b0c07a61 ipq40xx: add support for FritzBox 7530
Hardware
--------
CPU:   Qualcomm IPQ4019
RAM:   256M
FLASH: 128M NAND
ETH:   QCA8075
VDSL:  Intel/Lantiq VRX518 PCIe attached
       currently not supported
DECT:  Dialog SC14448
       currently not supported
WiFi2: IPQ4019 2T2R 2SS b/g/n
WiFi5: IPQ4019 2T2R 2SS n/ac
LED:    - Power/DSL green
        - WLAN green
        - FON/DECT green
        - Connect/WPS green
        - Info green
        - Info red
BTN:    - WLAN
        - FON
        - WPS/Connect
UART:  115200n8 3.3V (located under the Dialog chip)
       VCC - RX - TX - GND (Square is VCC)

Installation
------------
1. Grab the uboot for the Device from the 'u-boot-fritz7530'
   subdirectory. Place it in the same directory as the 'eva_ramboot.py'
   script. It is located in the 'scripts/flashing' subdirectory of the
   OpenWRT tree.

2. Assign yourself the IP address 192.168.178.10/24. Connect your
   Computer to one of the boxes LAN ports.

3. Connect Power to the Box. As soon as the LAN port of your computer
   shows link, load the U-Boot to the box using following command.

   > ./eva_ramboot.py --offset 0x85000000 192.168.178.1 uboot-fritz7530.bin

4. The U-Boot will now start. Now assign yourself the IP address
   192.168.1.70/24. Copy the OpenWRT initramfs (!) image to a TFTP
   server root directory and rename it to 'FRITZ7530.bin'.

5. The Box will now boot OpenWRT from RAM. This can take up to two
   minutes.

6. Copy the U-Boot and the OpenWRT sysupgrade (!) image to the Box using
   scp. SSH into the Box and first write the Bootloader to both previous
   kernel partitions.

   > mtd write /path/to/uboot-fritz7530.bin uboot0
   > mtd write /path/to/uboot-fritz7530.bin uboot1

7. Remove the AVM filesystem partitions to make room for our kernel +
   rootfs + overlayfs.

   > ubirmvol /dev/ubi0 --name=avm_filesys_0
   > ubirmvol /dev/ubi0 --name=avm_filesys_1

8. Flash OpenWRT peristently using sysupgrade.

   > sysupgrade -n /path/to/openwrt-sysupgrade.bin

Signed-off-by: David Bauer <mail@david-bauer.net>
[removed pcie-dts range node, refreshed on top of AP120-AC/E2600AC]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-02-28 11:32:55 +01:00
David Bauer
93b02ad95e uboot-fritz4040: bump version to 2019-02-08
Adds support for the AVM FRITZ!Box 7530.

Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [PKG_RELEASE]
2019-02-28 11:32:55 +01:00
张鹏
bbab33724d ipq40xx: add support for Qxwlan E2600AC C1 and C2
Qxwlan E2600AC C1 based on IPQ4019

Specifications:
SOC:	Qualcomm IPQ4019
DRAM:	256 MiB
FLASH:	32 MiB Winbond W25Q256
ETH:	Qualcomm QCA8075
WLAN:	5G + 5G/2.4G
	* 2T2R 2.4/5 GHz
	 - QCA4019 hw1.0 (SoC)
	* 2T2R 5 GHz
	 - QCA4019 hw1.0 (SoC)
INPUT:  Reset buutton
LED:	1x Power ,6 driven by gpio
SERIAL: UART (J5)
UUSB:	USB3.0
POWER:	1x DC jack for main power input (9-24 V)
SLOT:	Pcie (J25), sim card (J11), SD card (J51)

Flash instruction (using U-Boot CLI and tftp server):

 - Configure PC with static IP 192.168.1.10 and tftp server.
 - Rename "sysupgrade" filename to "firmware.bin" and place it in tftp
   server directory.
 - Connect PC with one of RJ45 ports, power up the board and press
   "enter" key to access U-Boot CLI.
 - Use the following command to update the device to OpenWrt: "run lfw".

Flash instruction (using U-Boot web-based recovery):

 - Configure PC with static IP 192.168.1.xxx(2-254)/24.
 - Connect PC with one of RJ45 ports, press the reset button, power up
   the board and keep button pressed for around 6-7 seconds, until LEDs
   start flashing.
 - Open your browser and enter 192.168.1.1, select "sysupgrade" image
   and click the upgrade button.

Qxwlan E2600AC C2 based on IPQ4019

Specifications:
SOC:	Qualcomm IPQ4019
DRAM:	256 MiB
NOR:	16 MiB Winbond W25Q128
NAND:	128MiB Micron MT29F1G08ABAEAWP
ETH:	Qualcomm QCA8075
WLAN:	5G + 5G/2.4G
	* 2T2R 2.4/5 GHz
	 - QCA4019 hw1.0 (SoC)
	* 2T2R 5 GHz
	 - QCA4019 hw1.0 (SoC)
INPUT:  Reset buutton
LED:	1x Power, 6 driven by gpio
SERIAL: UART (J5)
USB:	USB3.0
POWER:	1x DC jack for main power input (9-24 V)
SLOT:	Pcie (J25), sim card (J11), SD card (J51)

Flash instruction (using U-Boot CLI and tftp server):

 - Configure PC with static IP 192.168.1.10 and tftp server.
 - Rename "ubi" filename to "ubi-firmware.bin" and place it in tftp
   server directory.
 - Connect PC with one of RJ45 ports, power up the board and press
   "enter" key to access U-Boot CLI.
 - Use the following command to update the device to OpenWrt: "run lfw".

Flash instruction (using U-Boot web-based recovery):

 - Configure PC with static IP 192.168.1.xxx(2-254)/24.
 - Connect PC with one of RJ45 ports, press the reset button, power up
   the board and keep button pressed for around 6-7 seconds, until LEDs
   start flashing.
 - Open your browser and enter 192.168.1.1, select "ubi" image
   and click the upgrade button.

Signed-off-by: 张鹏 <sd20@qxwlan.com>
[ added rng node. whitespace fixes, ported 02_network,
ipq-wifi Makefile, misc dts fixes, trivial message changes ]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-02-28 11:26:11 +01:00
Jason A. Donenfeld
2e9b92da1f wireguard: bump to 0.0.20190227
* wg-quick: freebsd: allow loopback to work

FreeBSD adds a route for point-to-point destination addresses. We don't
really want to specify any destination address, but unfortunately we
have to. Before we tried to cheat by giving our own address as the
destination, but this had the unfortunate effect of preventing
loopback from working on our local ip address. We work around this with
yet another kludge: we set the destination address to 127.0.0.1. Since
127.0.0.1 is already assigned to an interface, this has the same effect
of not specifying a destination address, and therefore we accomplish the
intended behavior. Note that the bad behavior is still present in Darwin,
where such workaround does not exist.

* tools: remove unused check phony declaration
* highlighter: when subtracting char, cast to unsigned
* chacha20: name enums
* tools: fight compiler slightly harder
* tools: c_acc doesn't need to be initialized
* queueing: more reasonable allocator function convention

Usual nits.

* systemd: wg-quick should depend on nss-lookup.target

Since wg-quick(8) calls wg(8) which does hostname lookups, we should
probably only run this after we're allowed to look up hostnames.

* compat: backport ALIGN_DOWN
* noise: whiten the nanoseconds portion of the timestamp

This mitigates unrelated sidechannel attacks that think they can turn
WireGuard into a useful time oracle.

* hashtables: decouple hashtable allocations from the main device allocation

The hashtable allocations are quite large, and cause the device allocation in
the net framework to stall sometimes while it tries to find a contiguous
region that can fit the device struct. To fix the allocation stalls, decouple
the hashtable allocations from the device allocation and allocate the
hashtables with kvmalloc's implicit __GFP_NORETRY so that the allocations fall
back to vmalloc with little resistance.

* chacha20poly1305: permit unaligned strides on certain platforms

The map allocations required to fix this are mostly slower than unaligned
paths.

* noise: store clamped key instead of raw key

This causes `wg show` to now show the right thing. Useful for doing
comparisons.

* compat: ipv6_stub is sometimes null

On ancient kernels, ipv6_stub is sometimes null in cases where IPv6 has
been disabled with a command line flag or other failures.

* Makefile: don't duplicate code in install and modules-install
* Makefile: make the depmod path configurable

* queueing: net-next has changed signature of skb_probe_transport_header

A 5.1 change. This could change again, but for now it allows us to keep this
snapshot aligned with our upstream submissions.

* netlink: don't remove allowed ips for new peers
* peer: only synchronize_rcu_bh and traverse trie once when removing all peers
* allowedips: maintain per-peer list of allowedips

This is a rather big and important change that makes it much much faster to do
operations involving thousands of peers. Batch peer/allowedip addition and
clearing is several orders of magnitude faster now.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-02-28 08:50:19 +01:00
Eneas U de Queiroz
9e8cbecb7f openssl: bump to release 1.1.1b
This is bugfix release that incorporated all of the devcrypto engine
patches currently in the tree.

The cleaning procedure in Package/Configure was not removing the
dependency files, causing linking errors during a rebuild with
different options.  It was replaced by a simple make clean.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-02-27 22:43:30 +01:00
Hans Dedecker
c8153722a2 odhcpd: update to latest git HEAD
16c5b6c ubus: always trigger an update if interface is not found

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-02-27 12:12:48 +01:00
David Santamaría Rogado
e9b2a1e382 omcproxy: define configuration file
omcproxy's configuration is lost on every update or installation.
Avoid it by defining the configuration file.

Signed-off-by: David Santamaría Rogado <howl.nsp@gmail.com>
2019-02-27 10:26:14 +01:00
Mantas Pucka
abf445f189 Revert "iw: compile with LTO enabled"
After update to 5.0.1 iw-full package failed to display command list on
ipq40xx arch. Root cause was found to be LTO reordering causing
incorrect detection of command struct size in:

iw.c:552
	cmd_size = labs((long)&__section_set - (long)&__section_get);

This reverts commit ef16a394d2.

Signed-off-by: Mantas Pucka <mantas@8devices.com>
2019-02-26 23:20:04 +01:00
Hauke Mehrtens
b55fbb6b2d strace: update to version 2.26
The new patch is a backport from current strace master.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-02-26 23:20:04 +01:00
Daniel Engberg
38867b7eba popt: Use modern toolchain logic
Replace define Build/Configure with CONFIGURE_ARGS

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-02-26 23:20:04 +01:00
Matt Merhar
0d1d5880c0 elfutils: fix install .so glob
Only libelf was being packaged correctly - libdw and libasm included
just the symlinks.

Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
2019-02-26 23:20:04 +01:00
Aleksander Jan Bajkowski
00d89b4a89 sunxi: add support for Orange Pi One
CPU: H3 Quad-core Cortex-A7 H.265/HEVC 4K @ 1.2 Ghz
GPU: Mali400MP2 GPU @ 600MHz (supports OpenGL ES 2.0)
Memory: 512MB DDR3 (shared with GPU)
Onboard: Storage TF card (Max. 64GB) / MMC card slot
Onboard header: SPI, I2C, GPIO, UART
USB 2.0: One USB 2.0 HOST, One USB 2.0 OTG

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
2019-02-26 23:20:04 +01:00
Sven Eckelmann
ba249bc955 ath10k-ct: fix incorrect multicast/broadcast rate setting
If no mcast_rate is set for the wifi-iface then there is no rate_idx (0)
set for the bss. This can break for example 5GHz meshpoint interfaces
because 0 maps to a CCK rate (11Mbit/s).

It must also be avoided that the ath10k-ct internal state for the rates is
not synced with the mac80211 rates state. Otherwise, the user specified
rate (e.g. a wifi-iface mcast_rate for a meshpoint interface) will only be
set on startup. And a short while after that, ath10k-ct specific code in
ath10k_check_apply_special_rates is missing a valid rate in its own
structures and is then recalculating a new default rate. This default rate
is in most situations not the requested rate.

Fixes: 4df3c71cd4 ("ath10k-ct: Update to 2018-12-11 and use version based on 4.19")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-02-26 23:20:04 +01:00