Commit Graph

15002 Commits

Author SHA1 Message Date
Jonathan Lancett
bbc0c4d9cb mwlwifi: driver version to 10.3.8.0-20180920
Signed-off-by: Jonathan Lancett <j.lancett@ntlworld.com>
[minor tweak to commit title]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 95b3f8ec8d)
2018-12-18 11:28:13 +01:00
Hans Dedecker
6f50d5ccf3 map: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken map connectivity.
Therefore drop the default encaplimit value for map tunnels so
no destination option header is included by default.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from d9691b66e2)
2018-12-18 11:28:13 +01:00
Hans Dedecker
f6eab3c3de ds-lite: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken ds-lite connectivity.
Therefore drop the default encaplimit value for ds-lite tunnels so
no destination option header is included by default.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 1241707b40)
2018-12-18 11:28:13 +01:00
Rosy Song
d9f845f761 odhcpd: enable ipv6 server mode only when it is supported
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 918ec4d549)
2018-12-18 11:28:13 +01:00
Andy Walsh
4b5e062bd3 base-files: /etc/services: add missing 'rpcbind' alias
* add missing 'rpcbind' alias to /etc/services

Allows rpcbind to open its 111 port and be reachable via lan, this is the default behaviour.

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from 4549ab46a8)
2018-12-18 11:28:13 +01:00
Rosen Penev
376e9294c7 usbutils: Update usb.ids to 0.315
Referencing the version instead of revision should fix uscan.

Tested on Turria Omnia.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from a9aa25c8b6)
2018-12-18 11:28:13 +01:00
Rosen Penev
3dbdd404a8 hostapd: Fix compile with OpenSSL 1.1.0 + no deprecated APIs
Patch was accepted upsteam:

https://w1.fi/cgit/hostap/commit/?id=373c796948599a509bad71695b5b72eef003f661

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from f78e07ad2a)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 11:28:13 +01:00
Stijn Tintel
0dbafc3a3a strace: fix build on aarch64
As of version 4.21, strace enforces mpers by default. The current
implementation of aarch64 compat in strace assumes it's identical to
ARMv7 EABI and therefore tries to enable m32 personality support. As
there is no -m32 support on aarch64, this causes the build to fail.

Restore previous strace behavior to fix build on aarch64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Karl Palsson <karlp@tweak.net.au>
(backported from 067e2f5f1d)
2018-12-18 11:28:12 +01:00
Hans Dedecker
8cac88af4b odhcpd: bump to git HEAD (detect broken hostnames)
881f66b odhcpd: detect broken hostnames
3e17fd9 config: fix odhcpd_attrs array size

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from ecc3165cbc)
2018-12-18 11:28:12 +01:00
Alexander Couzens
69f28f3a20 hostapd: fix build of wpa-supplicant-p2p
VARIANT:= got removed by accident.

Fixes: 3838b16943 ("hostapd: fix conflicts hell")
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from 967d6460c0)
2018-12-18 11:28:12 +01:00
Jo-Philipp Wich
62e7ad1d21 ppp: remove hardcoded lcp-echo-failure, lcp-echo-interval values
OpenWrt used to ship hardcoded defaults for lcp-echo-failure and
lcp-echo-interval in the non-uci /etc/ppp/options file.

These values break uci support for *disabling* LCP echos through
the use of "option keepalive 0" as either omitting the keepalive
option or setting it to 0 will result in no lcp-echo-* flags
getting passed to the pppd cmdline, causing the pppd process to
revert to the defaults in /etc/ppp/options.

Address this issue by letting the uci "keepalive" option default
to the former hardcoded values "5, 1" and by removing the fixed
lcp-echo-failure and lcp-echo-interval settings from the
/etc/ppp/options files.

Ref: https://github.com/openwrt/luci/issues/2112
Ref: https://dev.archive.openwrt.org/ticket/2373.html
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=854
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1259
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 555c592304)
2018-12-18 11:28:12 +01:00
Paul Wassi
87a6aadfd5 base-files: provide more tolerant xterm detection
Set the window title not only in "xterm", but also in
e.g. "xterm-256color", "xterm-color", etc.
The case statement is taken from Debian / Ubuntu.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
(backported from 1bd6b91e0f)
2018-12-18 11:28:12 +01:00
Keith Wong
9afbe27bd0 kernel: add kmod-tcp-bbr
This adds support for BBR (Bottleneck Bandwidth and RTT) TCP
congestion control. Applications (e.g. webservers, VPN client/server)
which initiate connections from router side can benefit from this.

This provide an easier way for users to use BBR by selecting /
installing kmod-tcp-bbr instead of altering kernel config and
compiling firmware by themselves.

Signed-off-by: Keith Wong <keithwky@gmail.com>
(backported from 79c233daa4)
2018-12-18 11:28:12 +01:00
Daniel Engberg
39420c3ead libbsd: Update to 0.8.7
Update libbsd to 0.8.7
Remove glibc dependency
Clean up InstallDev and install entries
Use /usr path for consistency
Cherry pick patches from upstream to fix musl compilation

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from e341f45913)
2018-12-18 11:28:12 +01:00
Martin Schiller
8ec7ad033e kernel: fix kmod-gpio-mcp23s08 for linux 4.14
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(backported from a904003b9b)
2018-12-18 11:28:12 +01:00
Hans Dedecker
97fddb2fdd dropbear: backport upstream fix for CVE-2018-15599
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 2211ee0037)
2018-12-18 11:28:11 +01:00
Rosen Penev
e005beec2d samba36: Enable umdnsd support
Allows discovery without having to use NetBIOS. Useful for mobile devices.

Could eventually throw nbmd away. But that requires Windows 10...

Tested on Fedora 28 with avahi-discover.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 499773f8ef)
2018-12-18 11:28:11 +01:00
Luiz Angelo Daros de Luca
57f3a57abd base-files: create /etc/ethers by default
/etc/ethers is missing on /rom but always created when dnsmasq
runs. It is better to have it in place and avoid an extra change
in flash after firstboot.

It will generate an extra /etc/ethers-opkg when it has changed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from d810d44e5a)
2018-12-18 11:28:11 +01:00
Daniel Engberg
a009d4cdf3 mwlwifi: Update to 10.3.8.0-20180810
Update mwlwifi to 10.3.8.0-20180810

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(backported from e1a1add517)
2018-12-18 11:28:02 +01:00
Stijn Tintel
1e06b02bf7 firewall: bump to git HEAD
12a7cf9 Add support for DSCP matches and target
06fa692 defaults: use a generic check_kmod() function
1c4d5bc defaults: fix check_kmod() function

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
(backported from 03e5dcbf10)
2018-12-18 11:01:57 +01:00
Mathias Kresin
d93bd72a98 base-files: add function to get mac as text from flash
Add a function to get a mac stored as text from flash. The octets of
the mac address need to be separated by any separator supported by
macaddr_canonicalize().

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from dfee452713)
2018-12-18 11:01:56 +01:00
Mathias Kresin
54278dfa69 base-files: use consistent coding style
Add the opening bracket right after the function name, to do it the
same way for all functions in this file.

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from ec28d2797c)
2018-12-18 11:01:56 +01:00
Thibaut VARÈNE
a2b2a9c55f base-files: make wifi report unknown command
Avoid having /sbin/wifi silently ignore unknown keywords and execute
"up"; instead display the help message and exit with an error.

Spell out the "up" keyword (which has users), add it to usage output,
and preserve the implicit assumption that runing /sbin/wifi without
argument performs "up".

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
(backported from 78b5764fd8)
2018-12-18 11:01:56 +01:00
Hans Dedecker
7a52e0a7ab odhcp6c: apply IPv6/ND configuration earlier
Apply IPv6/ND configuration before proto_send_update so that all config info
is available when netifd is handling the notify_proto ubus call.
In particular this fixes an issue when netifd is updating the downstream IPv6 mtu
as netifd was still using the not yet updated upstream IPv6 mtu to set the
downstream IPv6 mtu

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 2e02fdb363)
2018-12-18 11:01:56 +01:00
Eneas U de Queiroz
cc6da6fa1a ustream-ssl: update to latest git HEAD
23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(backported from 33fd1d0d91)
2018-12-18 11:01:55 +01:00
Jo-Philipp Wich
43c96e8dd8 iwinfo: update to latest Git HEAD
a514139 build: compile with -ffunction-sections, -fdata-sections and LTO
3c30b17 wl: only invoke nvram executable if it exists
65b8333 Revert "build: compile with -ffunction-sections, -fdata-sections and LTO"

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from fdd6c556ab)
2018-12-18 10:34:07 +01:00
Jo-Philipp Wich
34e3a4a034 wolfssl: disable broken shipped Job server macro
The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on
plain POSIX shells due to the use of `let`.

Shells lacking `let` will fail to run the generated m4sh code and end up
invoking "make" with "-jyes" as argument, fialing the build.

Since there is no reason in the first place for some random package to
muck with the make job server settings and since we do not want it to
randomly override "-j" either, simply remove references to this defunct
macro to let the build succeed on platforms which not happen to use bash
as default shell.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from a27de701b0)
2018-12-18 10:34:07 +01:00
Alexandru Ardelean
30d7924c3c wolfssl: remove myself as maintainer
I no longer have the time, nor the desire to maintain this package.
Remove myself as maintainer.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
(backported from 20346a63f6)
2018-12-18 10:27:37 +01:00
Luiz Angelo Daros de Luca
eb9ac25903 openvpn-easy-rsa: update to 3.0.4
Upstream renamed openssl-1.0.cnf to openssl-easyrsa.cnf.
However, pkg kept using openssl-1.0.cnf.

Upstream easyrsa searchs for vars, openssl-*, x509-types in the
same directory as easyrsa script. This was patched to revert
back to static /etc/easy-rsa/ directory (as does OpenSUSE).
EASYRSA_PKI still depends on $PWD.

Move easyrsa from /usr/sbin to /usr/bin as root is not needed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(backported from f1bef0596f)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 10:27:37 +01:00
Daniel Gimpelevich
38d4ba4e19 kernel: package x86-optimized crypto-misc modules
Some of the modules in the crypto-misc package have alternate
implementations optimized for different x86 instruction set extensions,
but only one of these was built for this package until now: twofish-i586.ko

Tested with insmod, on both x86 and x86_64. The modules now have an
autoload, which they previous didn't, loading the dependencies in the
correct order.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
(backported from c762817c92)
2018-12-18 10:27:36 +01:00
Rosy Song
63a87b4c7a base-files: do not add relevant sections & options except when ipv6 is support in kernel
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 2b637e5ab8)
2018-12-18 10:27:36 +01:00
Andreas Ziegler
c58c31bf99 base-files: sysupgrade: abort if config backup fails
Sysupgrade shouldn't proceed, if the backup of the configuration
fails because tar (or gzip) exit with a non-zero code.

Signed-off-by: Andreas Ziegler <dev@andreas-ziegler.de>
(backported from 72489ebeb6)
2018-12-18 10:27:36 +01:00
Rosy Song
7939cd49c1 include: add netdev family support for nftables
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from b4d4e4ceb5)
2018-12-18 10:17:23 +01:00
Andy Walsh
08e73c9526 ncurses: install lib on host build
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
(backported from 1639ebcb06)
2018-12-18 10:17:05 +01:00
Dmitry Tunin
eb7ab27336 igmpproxy: drop SSDP packets
It is insecure to let this type of packets inside
They can e.g. open ports on some other routers with UPnP, etc

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
(backported from c128371124)
2018-12-18 10:16:16 +01:00
Dmitry Tunin
de3e415a2e igmpproxy: add a silent logging option
[0-3](none, minimal[default], more, maximum)

It is not 100% backward compatible, because now 0 disables logging

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
(backported from 7a6b2badfa)
2018-12-18 10:13:37 +01:00
Christo Nedev
8dd91b56be brcm2708: Update brcm2708-gpu-fw package
Problem - rapsberry pi 3 b/b+ does not boot with bcm2710 images!

How Raspberry Pi boots Actualy?

When Raspberry is switched on GPU is activated.
1. GPU execute First stage bootloader from ROM.
First stage bootloader mount the FAT boot partition on the SD card
and execute second stage bootloader (bootcode.bin).
2. Second stage bootloader (bootcode.bin) activate SDRAM.
Load the GPU firmware (start.elf).
3. GPU firmware (start.elf)
  a) display Rainbow splash.
  b) read firmware configuration file config.txt and
     split the RAM using fixup.dat.
  c) loads a cmdline.txt
  d) enables the CPU.
  e) loads the kernel image configurable via config.txt

In your target/linux/brcm2708/image/config.txt
 493 ## kernel (string)
 494 ##     Alternative name to use when loading kernel.
 495 ##
 496 #kernel=""
it is not configured!

But in your target/linux/brcm2708/image/Makefile
  75   KERNEL_IMG := kernel8.img
  76   DEVICE_TITLE := Raspberry Pi 3B/3B+
you have kernel8.img

GPU Firmware search order by default for a PI 3 is:
kernel8.img if found boot in 64 bit mode
kernel8-32.img if found boot in 32 bit mode
kernel7.img if found boot in 32 bit mode
kernel.img if found boot in 32 bit mode

But a PI 2 will start the search from kernel7.img and
a PI 1 only looks for kernel.img.

Оbviously the kernel has been found.
But something goes wrong and the device is restarted.

In your package/kernel/brcm2708-gpu-fw/Makefile
  11 PKG_NAME:=brcm2708-gpu-fw
  12 PKG_VERSION:=2017-08-08
  13 PKG_RELEASE:=e7ba7ab135f5a68b2c00a919ea9ac8d5528a5d5b
boot loader is 10 monts old.

In conclusion, the best way to solve the problem is
to update the boot loader!

Fixup_cd.dat and start_cd.elf files are not necessary.
These are used when GPU memory is set to 16 MB, which disables
some GPU features.
I did not remove them just in case!

cheers

Signed-off-by: Christo Nedev <christo.nedev@gmail.com>
(backported from c335649629)
2018-12-18 10:08:24 +01:00
Felix Fietkau
e5c46a112b hostapd: remove unused struct hostapd_ubus_iface
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(backported from f0ac9afe69)
2018-12-18 09:49:40 +01:00
Luiz Angelo Daros de Luca
aa3e4d56c6 base-files: fix wrong sysctl parameter order
Restarting service sysctl echos multiple errors like:

  sysctl: -e: No such file or directory

After the first filename, all remaining arguments are treated
as files.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(backported from 4c42887286)
2018-12-18 09:49:06 +01:00
Mathias Kresin
4e4d124b27 hostapd: fix conflicts hell
Add each variant to the matching PROVIDERS variables after evaluating
the respective hostapd*, wpad* and wpa* variant.

Each package providing the same feature will automatically conflict with
all prior packages providing the same feature.

This way we can handle the conflicts automatically without introducing
recursive dependencies.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 3838b16943)
2018-12-18 09:48:11 +01:00
Mathias Kresin
775473cf8d hostapd: cleanup package definition
Move common variables and/or values to the package (variant) default.
Add additional values in variant packages if necessary. Remove further
duplicates by introducing new templates.

Remove the ANY_[HOSTAPD|SUPPLICANT_PROVIDERS]_PROVIDERS. The are the
same as the variables without the any prefix. No need to maintain both
variables.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 8af8ceb1c8)
2018-12-18 09:48:11 +01:00
Jo-Philipp Wich
0282d04a85 openvpn: increase procd termination timeout to 15s
Increase the termination timeout to 15s to let OpenVPN properly tear down
its connections, especially when weak links or complex down scripts are
involved.

Fixes FS#859.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(backported from 28d3a1b54b)
2018-12-18 09:47:39 +01:00
Peter Wagner
fa112bc46a librpc: add host build to install h files needed for nfs-kernel-server to get compiled
Signed-off-by: Peter Wagner <tripolar@gmx.at>
(backported from d8d2133c35)
2018-12-18 09:47:29 +01:00
Hans Dedecker
3341376e0b ebtables: update to latest git 2018-06-27
48cff25 build: drop install -o/-g root
53d7e7a extensions: ebt_string: take action if snprintf discards data

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from afac2a2dd6)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 09:44:03 +01:00
Rosen Penev
3e3b286fa1 usbutils: Switch to Fedora usbutils
The Gentoo GitHub mirror went down. One benefit of Fedora's usb.ids file
is that it's versioned.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from f23271f3b4)
2018-12-18 09:44:03 +01:00
Rosen Penev
66353bdf5a samba36: Disable external libtdb and libtevent
This was causing issues recently as samba36 is not API compatible with the
libtdb in the packages repo. It shouldn't be using it anyway. Nor tevent.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 1f2612a4dd)
2018-12-18 09:44:02 +01:00
Alexander Couzens
e89126d5d2 swconfig: swlib_map_settings(): change return type to void
The return value of the function isn't used anywhere.
Fixes missing return value, CID 1329717.

Found-by: Coverity
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from b06c447c5f)
2018-12-18 09:44:02 +01:00
Alexander Couzens
c388a92d61 swconfig: fix un-initialized return value
Fix CID 1330844

Found-by: Coverity
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
(backported from e37ad4e5ca)
2018-12-18 09:44:02 +01:00
Mathias Kresin
ef7a6a4d72 base-files: add menuconfig option for HOME_URL
Add a menuconfig option to set the HOME_URL exposed in
/usr/lib/os-release independent from the
LEDE_DEVICE_MANUFACTURER_URL.

Fixes: FS#1123

Signed-off-by: Mathias Kresin <dev@kresin.me>
(backported from 52a9edb1bf)
2018-12-18 09:44:01 +01:00
Alin Nastac
7408cdaa31 netfilter: add bpf match support
Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.

Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
(backported from ab07ae2f27)
2018-12-18 09:44:01 +01:00
Yousong Zhou
9f8f5d4d14 dropbear: let opkg manage symlinks of ssh, scp
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from c4aadbdaf6)
2018-12-18 09:44:00 +01:00
Hans Dedecker
32b18f6e21 busybox: udhcpc: replace udhcpc_no_msg_dontroute patch by upstream fix
Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix
which removes the code which requires the server ID to be on local
network

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from c6e50075f2)
2018-12-18 09:44:00 +01:00
Magnus Kroken
fe19336987 busybox: update to 1.28.4
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(backported from ccc728a0e2)
2018-12-18 09:44:00 +01:00
Rosy Song
6d59535b6a nftables: bump to version 0.9.0
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 1ee98fdef3)
2018-12-18 09:44:00 +01:00
Rosy Song
cd116c6d5c libnftnl: bump to version 1.1.1
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 9d6a0352e7)
2018-12-18 09:43:59 +01:00
Rafał Miłecki
21bcc90b10 base-files: exit if mtd write command fails during sysupgrade
It avoids confusing situations like:
> Could not get image magic
> Image check failed.
> Upgrade completed
> Rebooting system...

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(backported from 5b2e20807d)
2018-12-18 09:43:59 +01:00
Denton Gentry
1e0db693df hostapd: make cli treat UNKNOWN COMMAND as failing
Avoid infinite loop at 100% CPU when running hostapd_cli
if CONFIG_CTRL_IFACE_MIB is not defined.

  _newselect(4, [3], NULL, NULL, ...)
  recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
  sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24

Signed-off-by: Denton Gentry <denny@geekhold.com>
(backported from a84962ea35)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 09:43:58 +01:00
Hans Dedecker
a6b561dd01 ebtables: update to latest git 2018-06-06
5699354 extensions: fix build failure on fc28
e6359ee build: update ebtables.h from kernel and drop local unused copy

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from 1bbe813db0)
2018-12-18 09:43:58 +01:00
Ivan Shapovalov
fc0907bc25 netifd: drop conflicting 'device' interface property
Do not set device runtime property on interfaces in the hotplug handler
and in fixup_interfaces(). This property conflicts with device option
in several proto handlers (mainly QMI and other WWAN/3G protos) and does
not seem to be used anywhere.

Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(backported from 91b5b2e20d)
2018-12-18 09:43:57 +01:00
Kevin Darbyshire-Bryant
b7beb89b58 nettle: bump to 3.4
3.4 is mainly a bug fix/maintenance release.

3KB increase in ipk lib size on mips.

Compile tested for: ar71xx, ramips
Run tested on: ar71xx Archer C7 v2, ramips mir3g

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from 1ee5051f20)
2018-12-18 09:43:57 +01:00
Yousong Zhou
3e02d19655 ca-certificates: ca-bundle: add symlink for openssl default setting
OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem.  This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation

Fixes openwrt/packages#6152

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(backported from 191078e83d)
2018-12-18 09:43:56 +01:00
Rosen Penev
60b29c9c17 curl: Add ca-bundle dependency
While building, curl complains that the path specified is missing.
Also, without ca-bundle, something like 'curl https://www.google.com'
does not work due to a certificate verify error.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported from 7a20c7a05d)
2018-12-18 09:11:40 +01:00
Rosen Penev
0d3bdf7b59 curl: Use ca-bundle for all TLS libraries.
It simplifies the Makefile a bit. In addition, using ca-bundle
saves some space as well.

It also fixes an issue with at least transmission, which has a dependency
on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it not
to work.

This has been tested on mt7621 with OpenSSL and GnuTLS just by running
'curl https://www.google.com' and seeing if there's a verify error.
The rest are already using ca-bundle and therefore work fine.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from f97946c496)
2018-12-18 09:11:40 +01:00
Rosen Penev
31f935edaf ath10k-firmware: Fix QCA6174 support
Currently when installing the firmware, a bunch of files and directories
that the ath10k driver does not look for are created.

The package now installs firmware for both hw 2.1 and 3.0 devices.
2.1 is abandonware but may be useful to keep.

3.0 firmware was tested on a Killer 1535 to be relatively stable with
802.11w disabled. 802.11w causes multiple firmware crashes but that's true
of other ath10k firmwares as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported and squashed from
 27eab4fa57,
 d0fbe1956b,
 e191c7ee79)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 09:11:03 +01:00
Daniel Golle
5826efd18c hostapd: properly build hostapd-only SSL variants
Make sure hostapd-openssl is actually build against OpenSSL, same
for wolfSSL.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 987900f2de)
2018-12-18 09:06:02 +01:00
Daniel Golle
000a3fef0a hostapd: update packaging and patches
Clean up conflicts/provides/depends hell and add PROVIDES for
eapol-test variants while at it.
Update mesh-DFS patchset from Peter Oh to v5 (with local fixes) which
allows to drop two revert-patches for upstream commits which previously
were necessary to un-break mesh-DFS support.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 78f1974bc5)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 09:05:58 +01:00
Daniel Golle
0d08c67058 hostapd: convert ssl provider build options to variants
Instead of selecting the SSL provider at compile time, build package
variants for each option so users can select the binary package without
having to build it themselves.
Most likely not all variants have actually ever been user by anyone.
We should reduce the selection to the reasonable and most used
combinations at some point in future. For now, build them all.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from c8fdd0e9c8)
2018-12-18 09:01:42 +01:00
Daniel Golle
a35f243090 hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl
Support for building wpa_supplicant/hostapd against wolfssl has been
added upstream recently, add build option to allow users using it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 69f544937f)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 08:13:22 +01:00
Daniel Golle
5435e8023e ustream-ssl: fix build against wolfSSL
commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke
build against wolfSSL because wolfSSL doesn't (yet) support
SSL_CTX_set_ecdh_auto() of the OpenSSL API.

Fix this in ustream-ssl:

 189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 4f442f5f38)
2018-12-18 08:13:22 +01:00
Daniel Golle
42121995c7 wolfssl: change defaults to cover wpa_supplicant needs
Implicetely selecting the required options via Kconfig snippet from
hostapd worked fine in local builds when using menuconfig but confused
the buildbots which (in phase1) may build wpad-mini and hence already
come with CONFIG_WPA_WOLFSSL being defined as unset which then won't
trigger changing the defaults of wolfssl.

Work around by explicitely reflecting wpa_supplicant's needs in
wolfssl's default settings to make buildbots happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from dad39249fb)
2018-12-18 08:13:22 +01:00
Daniel Golle
22739871fe wolfssl: add PKG_CONFIG_DEPENDS symbols
This change will trigger rebuild on buildbots in case of changed config
symbols, like in the case of hostapd selecting some wolfssl symbols
lately.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 5857088c5e)
2018-12-18 08:13:22 +01:00
Daniel Golle
49487b0ca4 wolfssl: update to version 3.14.4
Use download from github archive corresponding to v3.14.4 tag because
the project's website apparently only offers 3.14.0-stable release
downloads.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 4f67c1522d)
2018-12-18 08:04:30 +01:00
Rodolfo Giometti
fbd8407248 package sysfsutils: add support for sysfs settings at boot
This patch is based on sysfsutils package's behaviour on Debian OS.

Signed-off-by: Rodolfo Giometti <giometti@linux.it>
(backported from 2437e0f670)
2018-12-18 07:55:45 +01:00
Tomasz Maciej Nowak
903ef9aaec kernel: merge kmod-fbcon with kmod-fb
As of commit in kernel:
6104c37094 fbcon: Make fbcon a built-time depency for fbdev
framebuffer console is build in into framebuffer module and there's no
standalone fbcon module. Therefore drop the kmod-fbcon and enable
console in kmod-fb. The only targets which use these modules are imx6
and geode, both are on kernel 4.14 so no fallback for other kernels is
introduced.
Being at that this commit also fixes autoload of fbdev for x86.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(backported from 9c0ddafd46)
2018-12-18 07:55:42 +01:00
Hauke Mehrtens
db4341d907 ath10k-firmware: Fix mirror hash sum
This now matches what was generated locally on my PC and the file on the
mirror server.

Fixes: 349fe46103 ("ath10k-firmware: Update QCA988X firmware to the latest version")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 56a03e4343)
2018-12-18 07:55:04 +01:00
Timo Sigurdsson
2e7e60f2d6 ath10k-firmware: Update QCA988X firmware to the latest version
This patch updates the QCA988X firmware to the latest revision
  firmware-5.bin_10.2.4-1.0-00037
found in the ath10k-firmware and linux-firmware repositories.

Tested on TP-Link Archer C7 v2 (ar71xx).

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(backported from 349fe46103)
2018-12-18 07:55:04 +01:00
Rosy Song
25f58ed81a nftables: bump to 0.8.5 version
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 39e87e0ffc)
2018-12-18 07:54:54 +01:00
Rosy Song
1e432993c5 libnftnl: bump to 1.1.0
Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from c7e9d72f05)
2018-12-18 07:52:51 +01:00
Hans Dedecker
2f2055de0e ebtables: update to latest git 2018-05-15
66a9701 ebtables: Fix build errors and warnings
9fff3d5 include: Fix musl libc compatibility
b1cdae8 extensions: Add string filter to ebtables

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from ac70ac3532)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-18 07:52:44 +01:00
Martin Schiller
d5afaa4114 openvpn: re-add option comp_lzo
This option is deprecated but needs to be kept for backward compatibility. [0]

[0] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#a--comp-lzo

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]

(cherry picked from commit 3850b41f01)
2018-12-12 17:28:10 +01:00
Jo-Philipp Wich
629073e86d rpcd: update to latest Git head
3aa81d0 file: access exec timeout via daemon ops structure
7235f34 plugin: store pointer to exec timeout value in the ops structure
ccd7c0a treewide: rename exec_timeout to rpc_exec_timeout
c79ef22 main: fix logic bug when not specifying a timeout option
2cc4b99 file: use global exec timeout instead of own hardcoded limit
ecd1660 exec: increase maximum execution time to 120s

Also expose the socket and timeout options in /etc/config/rpcd for
easier use.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commits 4105555115,
 952b11766c and
 e533fb1706)
2018-12-12 16:35:55 +01:00
Tony Ambardar
d40de11d1b base-files: fix prerm return value, align with postinst code
The return value of a package prerm script is discarded and not returned
correctly by default_prerm(). This allows other operations like service
shutdown to "leak" their return value, prompting workarounds like commit
48cfc826 which do not address the root cause.

Preserve a package prerm script return value for use by default_prerm(),
sharing the corresponding code from default_postinst() for consistency.
Also use consistent code for handling of /etc/init.d/ scripts.

Run Tested on: LEDE 17.01.4 running ar71xx.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 8806da86f5)
2018-11-29 11:54:20 +01:00
Jo-Philipp Wich
a8b292afe6 uhttpd: update to latest Git head
cdfc902 cgi: escape url in 403 error output
0bba1ce uhttpd: fix building without TLS and Lua support
2ed3341 help: document -A option
fa5fd45 file: fix CPP syntax error
77b774b build: avoid redefining _DEFAULT_SOURCE

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 56378bc12d)
2018-11-28 12:58:00 +01:00
Jo-Philipp Wich
7a8b75375c uhttpd: support multiple Lua prefixes
Update to latest git HEAD in order to support configuring multiple
concurrent Lua prefixes in a single uhttpd instance:

  b741dec lua: support multiple Lua prefixes

Additionally rework the init script and update the default configuration
example to treat the lua_prefix option as key=value uci list, similar to
the interpreter extension mapping. Support for the old "option lua_prefix"
plus "option lua_handler" notation is still present.

Finally drop the sed postinstall hack in uhttpd-mod-lua to avoid mangling
files belonging to other packages. Since Lua prefixes have precedence
over CGI prefixes, simply register `/cgi-bin/luci` as Lua handler which
will only become active if both luci-base and uhttpd-mod-lua is installed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 214146c6f2)
2018-11-28 12:57:52 +01:00
Jo-Philipp Wich
fede6df09e uhttpd: update to latest Git head
952bf9d build: use _DEFAULT_SOURCE
30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 22681cdef2)
2018-11-28 12:57:42 +01:00
Jo-Philipp Wich
5337319bdf uclient: update to latest Git head
3ba74eb uclient-http: properly handle HTTP redirects via proxy connections

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 0bd99db511)
2018-11-24 20:15:38 +01:00
Linus Kardell
709d080da5 base-files: fix unkillable processes after restart
When restart is run on an init script, the script traps SIGTERM. This is
done as a workaround for scripts named the same name as the program they
start. In that case, the init script process will have the same name as
the program process, and so when the init script runs killall, it will
kill itself. So SIGTERM is trapped to make the init script unkillable.

However, the trap is retained when the init script runs start, and thus
processes started by restart will not respond to SIGTERM, and will thus
be unkillable unless you use SIGKILL. This fixes that by removing the
trap before running start.

Signed-off-by: Linus Kardell <linus@telliq.com>
(cherry picked from commit 2ac1a57677)
2018-11-22 13:55:58 +01:00
Felix Fietkau
9d07678d35 mac80211: fix spurious disconnections with powersave clients
Affects all drivers using ieee80211_tx_status_noskb, e.g. ath9k and mt76

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-11-13 21:18:29 +01:00
Stijn Tintel
76574f19e2 tcpdump: explicitly disable libcap-ng support
If libcap-ng is detected during tcpdump build, support for it is
enabled and the binary is linked against it. Explicitly disable
libcap-ng support to avoid build failing due to a missing depndency.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-11-13 11:45:13 +02:00
Felix Fietkau
514ad059ef mt76: update to the latest version, sync with master
- adds new drivers for mt76x2u, mt76x0u and mt76x0e
- adds back fixed version of the tx status fixes
- improves mt7603e stability

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-11-13 01:00:28 +01:00
Rafał Miłecki
f2a6d39b95 mac80211: brcmfmac: add 2 more recent changes
First one is a fix for reporting channels to the user space. Important
for users as they could try setting invalid channel and fail to start an
interface.

Later is a support for newer FullMAC chipset firmwares.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-11-09 23:03:53 +01:00
Felix Fietkau
e4b0704a51 mac80211: backport firmware_request_nowarn and firmware_request_cache
Required for an mt76 update to the latest version from master

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-11-09 16:26:49 +01:00
Felix Fietkau
3589915a43 kernel: backport and include linux/overflow.h
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-11-09 15:06:08 +01:00
Felix Fietkau
057893024e mac80211: backport sg_init_marker()
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-11-09 15:05:54 +01:00
Rafał Miłecki
2e54de4e54 mac80211: brcmutil: backport chanspec debugging patch
It helps debugging possible WARN-ings.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-11-07 12:28:32 +01:00
Rafał Miłecki
941256c004 mac80211: brcmfmac: backport the latest 4.20 changes
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b50f162b3c)
2018-11-07 12:09:57 +01:00
Rafał Miłecki
5195136002 mac80211: brcmfmac: rename 4.20 backport patches
Include kernel version to help tracking changes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f7a3459ab9)
2018-11-07 12:09:54 +01:00
Rafał Miłecki
156f6e63c4 mac80211: add iw command wrapper with error logging
Currently it's close to impossible to tell what part of mac80211 setup
went wrong. Errors logged into system log look like this:
radio0 (6155): command failed: No error information (-524)
radio0 (6155): command failed: Not supported (-95)
radio0 (6155): command failed: I/O error (-5)
radio0 (6155): command failed: Too many open files in system (-23)

With this commit change it's getting clear:
command failed: No error information (-524)
Failed command: iw dev wlan0 del
command failed: Not supported (-95)
Failed command: iw phy phy0 set antenna_gain 0
command failed: I/O error (-5)
Failed command: iw phy phy0 set distance 0
command failed: Too many open files in system (-23)
Failed command: iw phy phy0 interface add wlan0 type __ap

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ffa80bf5a7)
2018-11-07 12:00:45 +01:00
Koen Vandeputte
779b89c757 ath9k: fix dynack in IBSS mode
Currently, dynack was only tested upstream using AP/STA mode.
Testing it on IBSS, showed that late-ack detection was broken.

This is caused due to dynack using Association Request/Response
frames for late-ack detection, which IBSS does not use.
Also allowing Authentication frames here solves this.

A second issue also got fixed, which was also seen AP/STA mode:

When a station was added, the estimated value would be exponentially averaged
using 0 as a starting point.

This means that on larger distances, the ack timeout was still not high
enough before synchronizing would run out of late-ack's for estimation.

Fix this by using the initial estimated value as a baseline
and only start averaging in the following estimation rounds.

Test setup:
- 2x identical devices:  RB912UAG-5HPnD + 19dB sector
- IBSS
- 2x2 802.11an (ar9340), HT20, long GI
- RSSI's  -70 / -71
- Real distance: 23910 meter

Results (60s iperf runs):

Fixed coverage class 54 (up to 24300m):
* 21.5 Mbits/sec

Dynack:
* 28.9 Mbits/sec

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-11-06 11:49:55 +01:00
Felix Fietkau
91a8bc1dd0 Revert "mt76: update to the latest version"
This reverts the following commits:

24ca1cda38
7998963428

The update was reported to cause stability issues.
Revert until those are resolved

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-11-01 19:57:50 +01:00
Felix Fietkau
24ca1cda38 mt76: update to the latest version
71b7a4a mt76: fix regression in tx status handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-10-27 17:56:30 +02:00
Felix Fietkau
7998963428 mt76: update to the latest version
199d6bf mt76x2: skip station tx status for non-sta wcid entries
d83ac6e mt76: only override control->sta on sw-encrypted tx
23abe5d mt76: add support for reporting tx status with skb
f8ce59e mt7603: use common tx status handling code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-10-26 17:13:39 +02:00
Kevin Darbyshire-Bryant
3a9aed24d1 dnsmasq: bump to v2.80
Cherry-picked & squashed from relevant commits from master:

dnsmasq v2.80 release

Change from rc1:

91421cb Fix compiler warning.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 6c4d3d705a)

dnsmasq: remove creation of /etc/ethers

Remove creation of file /etc/ethers in dnsmasq init script as the
file is now created by default in the base-files package by
commit fa3301a28e

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 6c227e45cb)

dnsmasq: bump to dnsmasq v2.80test5

Refresh patches
Remove 240-ubus patch as upstream accepted.
Add uci option ubus which allows to enable/disable ubus support (enabled
by default)

Upstream commits since last bump:

da8b651 Implement --address=/example.com/#
c5db8f9 Tidy 7f876b64c22b2b18412e2e3d8506ee33e42db7c
974a6d0 Add --caa-record
b758b67 Improve logging of RRs from --dns-rr.
9bafdc6 Tidy up file parsing code.
97f876b Properly deal with unaligned addresses in DHCPv6 packets.
cbfbd17 Fix broken DNSSEC records in previous.
b6f926f Don't return NXDOMAIN to empty non-terminals.
c822620 Add --dhcp-name-match
397c050 Handle case of --auth-zone but no --auth-server.
1682d15 Add missing EDNS0 section. EDNS0 section missing in replies to EDNS0-containing queries where answer generated from --local=/<domain>/
dd33e98 Fix crash parsing a --synth-domain with no prefix. Problem introduced in 2.79/6b2b564ac34cb3c862f168e6b1457f9f0b9ca69c
c16d966 Add copyright to src/metrics.h
1dfed16 Remove C99 only code.
6f835ed Format fixes - ubus.c
9d6fd17 dnsmasq.c fix OPT_UBUS option usage
8c1b6a5 New metrics and ubus files.
8dcdb33 Add --enable-ubus option.
aba8bbb Add collection of metrics
caf4d57 Add OpenWRT ubus patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 3d377f4375)

dnsmasq: bump to dnsmasq 2.80test6

Refresh patches

Changes since latest bump:

af3bd07 Man page typo.
d682099 Picky changes to 47b45b2967c931fed3c89a2e6a8df9f9183a5789
47b45b2 Fix lengths of interface names
2b38e38 Minor improvements in lease-tools
282eab7 Mark die function as never returning
c346f61 Handle ANY queries in context of da8b6517decdac593e7ce24bde2824dd841725c8
03212e5 Manpage typo.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 43d4b8e89e)

dnsmasq: Handle memory allocation failure in make_non_terminals()

Backport upstream commit:

ea6cc33 Handle memory allocation failure in make_non_terminals()

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 687168ccd9)

dnsmasq: Change behavior when RD bit unset in queries.

Backport upstream commit

Change anti cache-snooping behaviour with queries with the
recursion-desired bit unset. Instead to returning SERVFAIL, we
now always forward, and never answer from the cache. This
allows "dig +trace" command to work.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 6c4cbe94bd)

dnsmasq: bump to v2.80test7

Bump to latest test release:

3a610a0 Finesse allocation of memory for "struct crec" cache entries.
48b090c Fix b6f926fbefcd2471699599e44f32b8d25b87b471 to not SEGV on startup (rarely).
4139298 Change behavior when RD bit unset in queries.
51cc10f Add warning about 0.0.0.0 and :: addresses to man page.
ea6cc33 Handle memory allocation failure in make_non_terminals()
ad03967 Add debian/tmpfiles.conf
f4fd07d Debian bugfix.
e3c08a3 Debian packaging fix. (restorecon)
118011f Debian packaging fix. (tmpfiles.d)

Delete our own backports of ea6cc33 & 4139298, so the only real changes
here, since we don't care about the Debian stuff are 48b090c & 3a610a0

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit d9a37d8d1e)

dnsmasq: bump to v2.80test8

e1791f3 Fix logging of DNSSEC queries in TCP mode. Destination server address was misleading.
0fdf3c1 Fix dhcp-match-name to match hostname, not complete FQDN.
ee1df06 Tweak strategy for confirming SLAAC addresses.
1e87eba Clarify manpage for --auth-sec-servers
0893347 Make interface spec optional in --auth-server.
7cbf497 Example config file fix for CERT Vulnerability VU#598349.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 30cc5b0bf4)

dnsmasq: add dhcp-ignore-names support - CERT VU#598349

dnsmasq v2.80test8 adds the ability to ignore dhcp client's requests for
specific hostnames.  Clients claiming certain hostnames and thus
claiming DNS namespace represent a potential security risk. e.g. a
malicious host could claim 'wpad' for itself and redirect other web
client requests to it for nefarious purpose. See CERT VU#598349 for more
details.

Some Samsung TVs are claiming the hostname 'localhost', it is believed
not (yet) for nefarious purposes.

/usr/share/dnsmasq/dhcpbogushostname.conf contains a list of hostnames
in correct syntax to be excluded. e.g.

dhcp-name-match=set:dhcp_bogus_hostname,localhost

Inclusion of this file is controlled by uci option dhcpbogushostname
which is enabled by default.

To be absolutely clear, DHCP leases to these requesting hosts are still
permitted, but they do NOT get to claim ownership of the hostname
itself and hence put into DNS for other hosts to be confused/manipulate by.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit a45f4f50e1)

dnsmasq: fix compile issue

Fix compile issue in case HAVE_BROKEN_RTC is enabled

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 39e5e17045)

dnsmasq: bump to v2.80rc1

53792c9 fix typo
df07182 Update German translation.

Remove local patch 001-fix-typo which is a backport of the above 53792c9

There is no practical difference between our test8 release and this rc
release, but this does at least say 'release candidate'

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit b8bc672f24)

dnsmasq: fix dnsmasq failure to start when ujail'd

This patch fixes jailed dnsmasq running into the following issue:

|dnsmasq[1]: cannot read /usr/share/dnsmasq/dhcpbogushostname.conf: No such file or directory
|dnsmasq[1]: FAILED to start up
|procd: Instance dnsmasq::cfg01411c s in a crash loop 6 crashes, 0 seconds since last crash

Fixes: a45f4f50e1 ("dnsmasq: add dhcp-ignore-names support - CERT VU#598349")

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[bump package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 583466bb5b)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-10-22 20:25:27 +01:00
Felix Fietkau
4fa4b5edaf mac80211: fix A-MSDU packet handling with TCP retransmission
Improves local TCP throughput and fixes use-after-free bugs that could lead
to crashes.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-10-11 18:48:35 +02:00
Koen Vandeputte
70cb2d20c9 netfilter: add missing dependency for kernel 4.14
Since kernel 4.14.75 commit ("netfilter: xt_cluster: add dependency on conntrack module")
a dependency is required on kmod-nf-conntrack.

It seems this was already present for kmod-ipt-clusterip
but not yet for kmod-ipt-cluster

Add it fixing a build error when including kmod-ipt-cluster:

Package kmod-ipt-cluster is missing dependencies for the following libraries:
nf_conntrack.ko
modules/netfilter.mk:665: recipe for target '/mnt/ramdisk/koen/firmware/builds/openwrt/bin/targets/cns3xxx/generic/packages/kmod-ipt-cluster_4.14.75-1_arm_mpcore_vfp.ipk' failed
make[3]: *** [/mnt/ramdisk/koen/firmware/builds/openwrt/bin/targets/cns3xxx/generic/packages/kmod-ipt-cluster_4.14.75-1_arm_mpcore_vfp.ipk] Error 1
make[3]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt/package/kernel/linux'
Command exited with non-zero status 2
time: package/kernel/linux/compile#1.80#0.05#2.07
package/Makefile:107: recipe for target 'package/kernel/linux/compile' failed
make[2]: *** [package/kernel/linux/compile] Error 2
make[2]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt'
package/Makefile:103: recipe for target '/mnt/ramdisk/koen/firmware/builds/openwrt/staging_dir/target-arm_mpcore+vfp_musl_eabi/stamp/.package_compile' failed
make[1]: *** [/mnt/ramdisk/koen/firmware/builds/openwrt/staging_dir/target-arm_mpcore+vfp_musl_eabi/stamp/.package_compile] Error 2
make[1]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt'
/mnt/ramdisk/koen/firmware/builds/openwrt/include/toplevel.mk:216: recipe for target 'world' failed
make: *** [world] Error 2

Fixes: bba743458e ("kernel: bump 4.14 to 4.14.75")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>

[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.75&id=b969656b46626a674232c0eadf92a394b89df07c
2018-10-10 17:31:40 +02:00
Hans Dedecker
46a700e118 e2fsprogs: fix glibc compile issue (FS#1749,FS#1796)
Fixes the following build error:

.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_post’
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_wait'
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_init’
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_destroy’

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-10-08 21:25:09 +02:00
Rafał Miłecki
0dbe3d28f7 iperf: fix --daemon option
Support for -D got broken in the 2.0.11 release by the upstream commit
218d8c667944 ("first pass L2 mode w/UDP checks, v4 only"). After that
commit clients were still able to connect but no traffic was passed.
It was reported and is fixed now in the upstream git repository.

Backport two patches to fix this. The first one is just a requirement
for the later to apply. The second one is the real fix and it needed
only a small adjustment to apply without backporing the commit
10887b59c7e7 ("fix --txstart-time report messages").

Fixes: 7d15f96eaf ("iperf: bump to 2.0.12")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 87cd118794)
2018-10-07 17:15:45 +02:00
Sven Eckelmann
234b893a18 base-files: Reintroduce sysupgrade_pre_upgrade hook
The sysupgrade_pre_upgrade hook was removed with 6a27c2f4b1 ("base-files:
drop fwtool_pre_upgrade") while there were still scripts using it:

* target/linux/ar71xx/base-files/lib/upgrade/allnet.sh
* target/linux/ar71xx/base-files/lib/upgrade/openmesh.sh
* target/linux/ipq40xx/base-files/lib/upgrade/openmesh.sh

Not running the hooks can either prevent a successful upgrade or brick the
device because the fw_setenv program cannot be started correctly.

Fixes: 6a27c2f4b1 ("base-files: drop fwtool_pre_upgrade")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-10-07 16:42:05 +02:00
Hans Dedecker
f3753a9ae0 netifd: fix segfault (FS#1875)
d0fa124 iprule: fix segfault (FS#1875)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-10-07 15:34:34 +02:00
Kevin Darbyshire-Bryant
fca87a9871 kmod-sched-cake: bump to 20181002
Revert "Add workaround for wrong skb->mac_len values after splitting GSO"

Remove our local patch which did the same thing.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 885052fbfb)
2018-10-02 20:00:42 +01:00
Kevin Darbyshire-Bryant
cd12c91dde kmod-sched-cake: don't gso fixup on fixed kernels
Kernels 4.14.73 & 4.9.140 include the gso fixup fix, so cake
doesn't need to do it.  Let's not waste cpu cycles by doing it in
cake which could be really important on cpu constrained devices.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit b47614f9f1)
2018-10-02 13:19:02 +01:00
Felix Fietkau
2163b4936e mt76: update to the latest version, fixes mt76x2 beacon issue
53e1110 mt76: mt76x2: fix multi-interface beacon configuration

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-10-01 13:39:48 +02:00
Felix Fietkau
b115fcaa86 mac80211: fix management frame protection issue with mt76 (and possibly other drivers)
Software crypto wasn't working for management frames because the flag
indicating management frame crypto was missing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-29 16:09:17 +02:00
Felix Fietkau
9f3cce2bfb mt76: update to the latest version from the 18.06 branch
497c304 mt7603: fix wcid for frames sent via drv_tx
27af7a5 mt76: fix handling ps-poll frames
c3dba28 mt76: check aggregation sequence number for frames sent via drv_tx

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-29 13:32:28 +02:00
Martin Schiller
0b99f08a64 uboot-lantiq: fix compatibility with gcc7
Backport u-boot commit 704f3acfcf55343043bbed01c5fb0a0094a68e8a to fix
compatibility with gcc7.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2018-09-26 20:36:32 +02:00
Felix Fietkau
609707cbe7 mac80211: fix tx queue allocation for active monitor interfaces
Fixes a crash with drivers like ath9k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-22 18:43:29 +02:00
Felix Fietkau
ca1d6c7d30 mt76: fix tx power issue for mt76x2
6e1898d mt76x2: fix tx power configuration for VHT mcs 9

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-22 13:04:07 +02:00
Koen Vandeputte
8a006c2480 mac80211: backport upstream fixes
Backport most significant upstream fixes (excl. hwsim fixes)
Refreshed all patches.

Contains important fixes for CSA (Channel Switch Announcement)
and A-MSDU frames.

[slightly altered to apply cleanly]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-21 13:48:53 +02:00
Felix Fietkau
f506de2cda ath9k: fix unloading the module
Registering a GPIO chip with the ath9k device as parent prevents unload,
because the gpiochip core increases the module use count.
Unfortunately, the only way to avoid this at the moment seems to be to
register the GPIO chip without a parent device

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-20 10:09:10 +02:00
Daniel Golle
7347ea7453 uqmi: pass-through ipXtable to child interfaces
Allow setting specific routing tables via the ip4table and ip6table
options also when ${ifname}_4 and ${ifname}_6 child interfaces are
being created.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit e51aa699f7)
2018-09-17 18:32:28 +02:00
Kevin Darbyshire-Bryant
4f6ad3c13a iproute2: q_cake: Also print nonat, nowash and no-ack-filter keywords
Pull in latest upstream tweaks:
Similar to the previous patch for no-split-gso, the negative keywords for
'nat', 'wash' and 'ack-filter' were not printed either. Add those as well.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 033f02b9b5)
2018-09-15 08:49:36 +01:00
Kevin Darbyshire-Bryant
a57062a908 iproute2: q_cake: Add printing of no-split-gso option
When the GSO splitting was turned into dual split-gso/no-split-gso options,
the printing of the latter was left out. Add that, so output is consistent
with the options passed

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 8cac857289)
2018-09-12 10:33:53 +01:00
Kevin Darbyshire-Bryant
1fdf3b4a44 iproute2: update cake man page
CAKE supports overriding of its internal classification of
packets through the tc filter mechanism.

Update the man page in our package, even though we don't
build them.  Someone may find the documentation useful.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 30598a05385b0ac2380dd4f30037a9f9d0318cf2)
(cherry picked from commit dc9388ac55)
2018-09-12 10:32:13 +01:00
Kevin Darbyshire-Bryant
ae12852864 kmod-sched-cake: fix 6in4/gso performance issue
Bump to latest upstream cake:

Add workaround for wrong skb->mac_len values after splitting GSO

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 66fd41ba79)
2018-09-12 10:29:06 +01:00
Kevin Darbyshire-Bryant
f6bd1b306b kmod-sched-cake: bump to 20180827
Expand filter flow mapping to include hosts as well

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit d14ffdc307d36bd9abe908b46ff7baece54c9551)
(cherry picked from commit 721dfd4eb8)
2018-09-12 10:29:06 +01:00
Kevin Darbyshire-Bryant
b2a042b5fe iproute2: cake: make gso/gro splitting configurable
This patch makes sch_cake's gso/gro splitting configurable
from userspace.

To disable breaking apart superpackets in sch_cake:

tc qdisc replace dev whatever root cake no-split-gso

to enable:

tc qdisc replace dev whatever root cake split-gso

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Dave Taht <dave.taht@gmail.com>
[pulled from netdev list - no API/ABI change]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 3e8a9389961cd866b867740a2f71c2a0af97ab56)
2018-09-12 10:25:12 +01:00
Kevin Darbyshire-Bryant
f14c321a0d kmod-sched-cake: bump to 20180728 optional gso split
Follow upstream kernel patch that restores always splitting gso packets
by default whilst making the option configurable from (tc) userspace.

No ABI/API change

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit fe077d20e3b484e55ad49d5711673d05d7a301de)
2018-09-12 10:25:12 +01:00
Rafał Miłecki
6f0ede5438 mac80211: brcmfmac: backport CYW89342 support & fixes from 4.20
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b3d441c5f7)
2018-09-12 08:42:28 +02:00
Rafał Miłecki
d3e9c8862f mac80211: brcmfmac: backport patch for per-firmware features
This allows driver to support features that can't be dynamically
discovered.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit fecbd91c7c)
2018-09-12 08:42:27 +02:00
Rafał Miłecki
1a7471a303 mac80211: brcmfmac: backport 4.19 patches preparing monitor mode support
Monitor mode isn't supported yet with brcmfmac, it's just an early work.
This also prepares brcmfmac to work stable with new firmwares which use
updated struct for passing STA info.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c0608c6a27)
2018-09-12 08:42:27 +02:00
pacien
9e319b7ae2 odhcp6c: add client fqdn and reconfigure options
Allowing DHCPV6_CLIENT_FQDN and DHCPV6_ACCEPT_RECONFIGURE to be turned off.
Defaulting to false, former behavior remains unchanged.

Signed-off-by: pacien <pacien.trangirard@pacien.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit ef01c1d308)
2018-09-08 21:46:07 +02:00
Henrique de Moraes Holschuh
5c8d61d7e3 dnsmasq: allow dnsmasq variants to be included in image
The dnsmasq variants should provide dnsmasq, otherwise it is impossible
to include them in the image.

This change allows one to have CONFIG_PACKAGE_dnsmasq=m and
CONFIG_PACKAGE_dnsmasq-full=y, e.g. because you want DNSSEC support, or
IPSETs suport on your 3000-devices fleet ;-)

Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
2018-09-06 21:34:34 +02:00
Jo-Philipp Wich
13dccfc8e4
libubox: set RPATH for host build
This is required for programs that indirectly link libjson-c through the
libubox blobmsg_json library.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 5762efd8b2)
2018-09-04 00:09:03 +02:00
Daniel Golle
456f88376a
libubox: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 73100024d3)
2018-09-04 00:09:03 +02:00
Daniel Golle
0a337dae9c
libubox: make sure blobmsg-json is included in host-build
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 56e3a19ad6)
[While nothing in 18.06 needs the blobmsg-json host build, this prevents
builds failing due to incompatible json-c versions installed on the host
system]
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-09-04 00:07:03 +02:00
Daniel Golle
549eb9b383
libjson-c: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit a5368dc30c)
2018-09-04 00:00:39 +02:00
Rosen Penev
c571627a25
libjson-c: Update package URL
Found through UScan.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 31f87ebcb2)
2018-09-04 00:00:38 +02:00
Daniel Golle
0320fea968
libjson-c: fix host-build
Add -Wno-implicit-fallthrough to HOST_CFLAGS.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 5e9470a93b)
2018-09-04 00:00:38 +02:00
Daniel Golle
da9fe5af19
libjson-c: add host build (for libblobmsg-json)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry picked from commit 6fc8e06078)
2018-09-04 00:00:38 +02:00
Jo-Philipp Wich
a662d6f6bc grub2: rebase patches
Patch 300-CVE-2015-8370.patch was added without proper rebasing on the
version used by OpenWrt, make it apply and refresh the patch to fix
compilation.

Fixes: 7e73e9128f ("grub2: Fix CVE-2015-8370")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 9ffbe84ea4)
2018-08-30 14:11:36 +02:00
Rosen Penev
a0569f5e81 grub2: Fix CVE-2015-8370
This CVE is a culmination of multiple integer overflow issues that cause
multiple issues like Denial of Service and authentication bypass.

More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 7e73e9128f)
2018-08-30 13:16:20 +02:00
Rosen Penev
30758ee10e bzip2: Fix CVE-2016-3189
Issue causes a crash with specially crafted bzip2 files.

More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit f9469efbfa)
2018-08-30 13:16:16 +02:00
Thomas Equeter
cd49f57ff7 uqmi: wait for the control device too
The control device /dev/cdc-wdm0 is not available immediately on the
D-Link DWR-921 Rev.C3, therefore the wwan interface fails to start at
boot with a "The specified control device does not exist" error.

This patch alters /lib/netifd/proto/qmi.sh to wait for
network.wwan.delay earlier, before checking for the control device,
instead of just before interacting with the modem.

One still has to use network.wwan.proto='qmi', as the "wwan" proto
performs that sort of check before any delay is possible, failing with a
"No valid device was found" error.

Signed-off-by: Thomas Equeter <tequeter@users.noreply.github.com>
2018-08-30 09:30:37 +02:00
Giuseppe Lippolis
159a52e1c2 comgt: increase timeout on runcommands
Some combination of modem/wireless operator requires more time to
execute the commands.
Tested on DWR-512 embedded wwan modem and italian operator iliad (new
virtual operator).

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
(cherry picked from commit 774d7fc9f2)
2018-08-29 08:35:24 +02:00
Bruno Randolf
27e6d719e9 ugps: Update to fix position calculation
This is necessary to get my position right.
Without this my longitude is incorrecty -15.85xxxx instead of -16.52yyyy

Signed-off-by: Bruno Randolf <br1@einfach.org>
(cherry picked from commit fe960cead7)
2018-08-29 08:32:38 +02:00
Bruno Randolf
011e7cb5fe ugps: Add option disabled
Like many other packages, an option to disable can be practical.

Signed-off-by: Bruno Randolf <br1@einfach.org>
(cherry picked from commit 6b14a73f4f)
2018-08-29 08:32:33 +02:00
Antonio Silverio
5a07b4e7f5 mac80211: mwl8k: Expand non-DFS 5G channels
Add non-DFS 5G upper channels (149-165) besides existed 4 lower channels
(36, 40, 44, 48).

Signed-off-by: Antonio Silverio <menion@gmail.com>
2018-08-27 13:28:52 +02:00
Felix Fietkau
14580aaf81 mt76: update to the latest version
7daf962 mt7603: add survey support
980c606 mt7603: add fix for CCA signal configuration
30b8371 mt7603: fix BAR rate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-08-25 11:10:44 +02:00
Hans Dedecker
8bb9d053eb dropbear: backport upstream fix for CVE-2018-15599
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-24 19:17:50 +02:00
Jo-Philipp Wich
4b4a6308e7 OpenWrt v18.06.1: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-16 18:36:52 +02:00
Jo-Philipp Wich
70255e3d62 OpenWrt v18.06.1: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-16 18:36:48 +02:00
Jo-Philipp Wich
5eb055306f rpcd: update to latest git HEAD
41333ab uci: tighten uci reorder operation error handling
f91751b uci: tighten uci delete operation error handling
c2c612b uci: tighten uci set operation error handling
948bb51 uci: tighten uci add operation error handling
51980c6 uci: reject invalid section and option names

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 8c91807214)
2018-08-16 09:51:15 +02:00
Hauke Mehrtens
e11df1eac6 openssl: update to version 1.0.2p
This fixes the following security problems:
 * CVE-2018-0732: Client DoS due to large DH parameter
 * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:42:39 +02:00
Yousong Zhou
508adbd871 uci: bump to source date 2018-08-11
Fixes segfault when parsing malformed delta lines

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 3493c1cf41)
2018-08-11 12:05:58 +00:00
Kabuli Chana
ec1c66f53f mwlwifi: update to version 10.3.8.0-20180615
fix mcs rate for HT
support 88W8997
protect rxringdone

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2018-08-11 09:51:16 +02:00
John Crispin
433c94f296 wpa_supplicant: fix CVE-2018-14526
Unauthenticated EAPOL-Key decryption in wpa_supplicant

Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/

Vulnerability

A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.

When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.

Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.

Vulnerable versions/configurations

All wpa_supplicant versions.

Acknowledgments

Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.

Possible mitigation steps

- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.

- Merge the following commits to wpa_supplicant and rebuild:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

This patch is available from https://w1.fi/security/2018-1/

- Update to wpa_supplicant v2.7 or newer, once available

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 1961948585)
2018-08-10 15:51:24 +02:00
Jo-Philipp Wich
2a8d8adfb0 Revert "libevent2: Don't build tests and samples"
This reverts commit fe90d14880.

The cherry pick does not apply cleanly to 18.06.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-09 15:27:52 +02:00
Zoltan HERPAI
aeec1dd7ba firmware: intel-microcode: bump to 20180703
* New upstream microcode data file 20180703
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
      sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
      sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
      sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
      sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
      sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
      sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
      sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
    + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
    + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
      Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
      Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
      server dies.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-08-09 00:45:39 +02:00
Hauke Mehrtens
8d903be35a curl: Fix CVE-2018-0500
This backports a fix for:
* CVE-2018-0500 SMTP send heap buffer overflow
See here for details: https://curl.haxx.se/docs/adv_2018-70a2.html

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:51:41 +02:00
Hauke Mehrtens
1e4b5c8b1f ustream-ssl: update to version 2018-05-22
5322f9d mbedtls: Fix setting allowed cipher suites
e8a1469 mbedtls: Add support for a session cache

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:51:41 +02:00
Hauke Mehrtens
ea22e3df3e mbedtls: Update to 2.12.0
Multiple security fixes
* CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel
* CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel

Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0
Patch the so version back to the original one, the API changes are
looking no so invasive.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.967 Bytes
ipkg for mips_24kc after:
164.753 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:49:59 +02:00
Hauke Mehrtens
0d5a041095 mbedtls: Activate the session cache
This make sit possible to store informations about a session and reuse
it later. When used by a server it increases the time to create a new
TLS session from about 1 second to less than 0.1 seconds.

The size of the ipkg file increased by about 800 Bytes.
ipkg for mips_24kc before:
163.140 Bytes
ipkg for mips_24kc after:
163.967 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:49:17 +02:00
Daniel Engberg
69c75f076a mbedtls: cleanup config patch
Clean up patch, use "//" consistently.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 21:34:20 +02:00
Hauke Mehrtens
6603a0c232 mbedtls: Deactivate platform abstraction
This makes mbedtls use the POSIX API directly and not use the own
abstraction layer.
The size of the ipkg decreased by about 100 bytes.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 21:32:26 +02:00
John Crispin
6a27c2f4b1 base-files: drop fwtool_pre_upgrade
this feature has never worked, the fw image name was not passed and the -t
parameter was missing in the tool invocation. drop the feature.

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 5e1b4c57de)
2018-08-08 15:42:06 +02:00
Eneas U de Queiroz
fe90d14880 libevent2: Don't build tests and samples
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This reduces build time significantly.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit 26dbf79f49)
2018-08-08 15:41:44 +02:00
Masashi Honma
25cb85abe7 wwan: Fix teardown for sierra_net driver
The sierra_net driver is using proto_directip_setup for setup. So use
proto_directip_teardown for teardown.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
(cherry picked from commit d05967baec)
2018-08-08 15:39:57 +02:00
Lukas Mrtvy
7e03be7e2e kernel: leds-apu2 remove boardname check
'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'

Signed-off-by: Lukas Mrtvy <lukas.mrtvy@gmail.com>
(cherry picked from commit f21bcb4db8)
2018-08-08 15:37:10 +02:00
Christian Schoenebeck
8139438fc0 dropbear: close all active clients on shutdown
Override the default shutdown action (stop) and close all processes
of dropbear

Since commit 498fe85, the stop action only closes the process
that's listening for new connections, maintaining the ones with
existing clients.
This poses a problem when restarting or shutting-down a device,
because the connections with existing SSH clients, like OpenSSH,
are not properly closed, causing them to hang.

This situation can be avoided by closing all dropbear processes when
shutting-down the system, which closes properly the connections with
current clients.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
[Luis: Rework commit message]
Signed-off-by: Luis Araneda <luaraneda@gmail.com>

(cherry picked from commit 1e177844bc)
2018-08-08 15:36:46 +02:00
Lukáš Mrtvý
c3df07ab3b kernel: gpio-nct5104d remove boardname check
'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'

Signed-off-by: Lukáš Mrtvý <lukas.mrtvy@gmail.com>
(cherry picked from commit d3b8e6b2a7)
2018-08-08 15:35:46 +02:00
Kevin Darbyshire-Bryant
da9a7a9a51 basefiles: Reword sysupgrade message
sysupgrade 'upgrade' message more verbose than needs be.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit edf338f248)
2018-08-08 15:32:44 +02:00
Florian Eckert
d101899395 linux: update license tag to use correct SPDX tag
Use SPDX tag.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit c79ef6fbe3)
2018-08-08 15:30:34 +02:00
Zoltan HERPAI
c61f543532 firmware: amd64-microcode: update to 20180524
* New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00800f12, patch id 0x08001227, 2018-02-09
    + Updated Microcodes:
      sig 0x00600f12, patch id 0x0600063e, 2018-02-07
      sig 0x00600f20, patch id 0x06000852, 2018-02-06
  * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
    plus other unspecified fixes/updates.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit 10e393262c)
2018-08-08 15:29:36 +02:00
Jo-Philipp Wich
5742a2ba35 libubox: fix mirror hash
Correct the mirror hash to reflect whats on the download server.

A locally produced libubox SCM tarball was also verified to yield an identical
checksum compared to the one currently on the download server.

Fixes FS#1707.
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 432eaa940f)
2018-08-07 16:33:02 +02:00
John Crispin
23d4f663e3 netifd: update to latest git HEAD
a0a1e52 fix compile error
75ee790 interface-ip: fix eui64 ifaceid generation (FS#1668)
ca97097 netifd: make sure the vlan ifname fits into the buffer
b8c1bca iprule: remove bogus assert calls
a2f952d iprule: fix broken in_dev/out_dev checks
263631a vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name()
291ccbb ubus: display correct prefix size for IPv6 prefix address
908a9f4 CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags
b06b011 proto-shell.c: add a explicit "fall through" comment to make the compiler happy
60293a7 replace fall throughs in switch/cases where possible with simple code changes
5cf7975 iprule: rework interface based rules to handle dynamic interfaces
57f87ad Introduce new interface event "create" (IFEV_CREATE)
03785fb system-linux: fix build error on older kernels
d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming
e9eff34 system-linux: extend link mode speed definitions
c1f6a82 system-linux: add autoneg and link-partner output

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 3c4eeb5d21)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-06 21:45:22 +02:00
Jo-Philipp Wich
8be3af93b4 uclient: update to latest git HEAD
f2573da uclient-fetch: use package name pattern in message for missing SSL library
9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename
f41ff60 uclient-http: basic auth: Handle memory allocation failure
a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures
66fb58d uclient-http: Handle memory allocation failure
2ac991b uclient: Handle memory allocation failure for url
63beea4 uclient-http: Implement error handling for header-sending
eb850df uclient-utils: Handle memory allocation failure for url file name
ae1c656 uclient-http: Close ustream file handle only if allocated

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e44162ffca)
2018-08-03 23:55:36 +02:00
Koen Vandeputte
7d15f96eaf iperf: bump to 2.0.12
2.0.12 change set (as of June 25th 2018)

o Change the unicast TTL default value from 1 to the system default (to be compatable with previous versions.) Mulitcast still defaults to 1.
o adpative formatting bug fix: crash occurs when values exceed 1 Tera. Add support for Tera and Peta and eliminate the potential crash condition
o configure default compile to include isochronous support (use configure --disable-isochronous to remove support)
o replace 2.0.11's --vary-load option with a more general -b option to include <mean>,<stdev>, e.g. -b 100m,40m, which will pull from a log normal distribution every 0.1 seconds
o fixes for windows cross compile (using mingw32)
o compile flags of -fPIE for android
o configure --enable-checkprograms to compile ancillary binaries used to test things such as delay, isoch, pdf generation
o compile tests when trying to use 64b seq numbers on a 32b platform
o Fix GCC ver 8 warnings

2.0.11 change set (as of May 24th, 2018)

o support for -b on server (read rate limiting)
o honor -T (ttl) for unicast. (Note: the default value is 1 so this will impact unicast tests that require routing)
o support for --isochronous traffic with optional frames per second, mean and variance uses a log normal distribution (requires configure w/-enable-isochronous and compile)
o support for --udp triggers (requires configure w/ --enable-udptriggers, early code with very limited support)
o support for --udp-histogram with optional bin width and number of bins (default is 1 millisecond bin width and 1000 bins)
o support for frame (burst) latency histograms when --isochronous is set
o support for --tx-sync with -P for synchonrized writes. Initial use is for WiFi OFDMA latency testing.
o support for --incr-dstip with -P for simultaneous flows to multiple destinations (use case is for OFDMA)
o support for --vary-load with optional weight, uses log normal distribution (requires -b to set the mean)
o support for --l2checks to detect L2 length errors not detected by v4 or v6 payload length errors (requires linux, berkeley packet filters BPFs and AF_PACKET socket support)
o support for server joining mulitcast source specific multicast (S,G) and (*,G) for both v4 and v6 on platforms that support it
o improved write counters (requires -e)
o accounting bug fix on client when write fails, this bug was introduced in 2.0.10
o slight restructure client/server traffic thread code for maintainability
o python: flow example script updates
o python: ssh node object using asyncio
o python: histograms in flows with plotting (assumed gnuplot available)
o python: hierarchical clustering of latency histograms (early code)
o man pages updates
o Note: latency histograms require client and server system clock synchronization. A GPS disciplined oscillator using Precision Time Protocol works well for this.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-02 15:00:17 +02:00
Christian Schoenebeck
93782d5e8e ca-certificates[18.06]]: remove myself as PKG_MAINTAINER
remove myself as PKG_MAINTAINER

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2018-07-31 00:01:56 +02:00
Jo-Philipp Wich
ce234299bc OpenWrt v18.06.0: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-30 18:30:59 +02:00
Jo-Philipp Wich
03b693064b OpenWrt v18.06.0: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-30 18:30:59 +02:00
Jo-Philipp Wich
f24e012997 base-files: network.sh: gracefully handle missing network.interface ubus ns
When attempting to use any of the functions in network.sh while netifd is
not started yet, the ubus interface dump query will fail with "Not found",
yielding an empty response.

Subsequently, jsonfilter is invoked with an empty string instead of a valid
JSON document, causing it to emit a second "unexpected end of data" error.

This caused the dnsmasq init script to log the following errors during
early boot on some systems:

    procd: /etc/rc.d/S19dnsmasq: Command failed: Not found.
    procd: /etc/rc.d/S19dnsmasq: Failed to parse json data: unexpected end of data.

Fix the issue by allowing the ubus query to fail with "Not found" but still
logging other failures, and by passing an empty JSON object to jsonfilter
if the interface status cache is empty.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-30 13:19:19 +02:00
Nick Hainke
d4a4f06589 iwinfo: update to version 2018-07-24
Update to new iwinfo version.
Adds support for channel survey.
Adds ubus support.
Etc.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 296ae7ab89)
2018-07-30 11:21:25 +02:00
John Crispin
4a39d8cfd0 iwinfo: bump to latest git HEAD
e59f925 hardware: add device ids for QCA9984, 88W8887 and 88W8964 radios
2a82f87 nl80211: back out early when receiving FAIL-BUSY reply
77c32f0 nl80211: fix code calculating average signal and rate

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 20b76c0a5b)
2018-07-30 11:21:24 +02:00
Kevin Darbyshire-Bryant
cf5a892430 dnsmasq: bump to dnsmasq v2.80test3
Refresh patches

Upstream commits since last bump:

3b6eb19 Log DNSSEC trust anchors at startup.
f3e5787 Trivial comment change.
c851c69 Log failure to confirm an address in DHCPv6.
a3bd7e7 Fix missing fatal errors when parsing some command-line/config options.
ab5ceaf Document the --help option in the french manual
1f2f69d Fix recurrent minor spelling mistake in french manual
f361b39 Fix some mistakes in french translation of the manual
eb1fe15 When replacing cache entries, preserve CNAMES which target them.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 1e93ef8498)
2018-07-28 11:23:58 +01:00
Hans Dedecker
bf1b0fad2b dnsmasq: don't use network functions at boottime (FS#1542)
As dnsmasq is started earlier than netifd usage of network.sh functions
at boottime will fail; therefore don't call at boottime the functions
which construct the dhcp pool/relay info.
As interface triggers are installed the dhcp pool/relay info will be
constructed when the interface gets reported as up by netifd.
At the same time also register interface triggers based on DHCP relay
config.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 2336b942b3)
2018-07-28 11:23:57 +01:00
Kevin Darbyshire-Bryant
cb9d5f0a7c dnsmasq: bump to latest patches on 2.80rc2
Refresh patches and backport upstream to current HEAD:

a997ca0 Fix sometimes missing DNSSEC RRs when DNSSEC validation not enabled.
51e4eee Fix address-dependent domains for IPv6.
05ff659 Fix stupid infinite loop introduced by preceding commit.
db0f488 Handle some corner cases in RA contructed interfaces with addresses changing interface.
7dcca6c Warn about the impact of cache-size on performance.
090856c Allow zone transfer in authoritative mode whenever auth-peer is specified.
cc5cc8f Sane error message when pcap file header is wrong.
c488b68 Handle standard and contructed dhcp-ranges on the same interface.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit fbf475403b)
2018-07-28 11:23:57 +01:00
Rafał Miłecki
29aab93ea2 mac80211: backport brcmfmac fixes & debugging helpers from 4.18
The most important is probably regression fix in handling platform
NVRAM. That bug stopped hardware from being properly calibrated breaking
e.g. 5 GHz for Netgear R8000.

Other than that it triggers memory dumps when experiencing firmware
problems which is important for debugging purposes.

Fixes: 2811c97803 ("mac80211: backport brcmfmac firmware & clm_blob loading rework")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b26214adb5)
2018-07-27 08:14:13 +02:00
Jo-Philipp Wich
4e7f4777b0 odhcpd: update to latest git HEAD
Changes:

  81a281e dhcpv6-ia: fix border assignment size setting
  a2ffc59 dhcpv6-ia: fix status code for not on link IAs
  5b087a6 dhcpv6-ia: improve error checking in assign_pd()
  c9114a1 config: fix wrong assignment
  bb8470f dhcpv4: delay forced renew transaction start
  62a1b09 dhcpv4: fix DHCP address space logic
  d5726ff dhcpv4: improve logging when sending DHCP messages
  9484351 odhcpd: call handle_error when socket error can be retrieved
  c45e2eb dhcpv6: fix out of bounds write in handle_nested_message()
  c2ff5af dhcpv6-ia: log renew messages as well
  676eb38 router: fix possible segfault in send_router_advert()
  392701f odhcpd: fix passing possible negative parameter
  029123b treewide: switch to C-code style comments
  6b79748 router: improve error checking
  12e21bc netlink: fix incorrect sizeof argument
  d7aa414 dhcpv6: improve error checking in dhcpv6_setup_interface()
  373495a ubus: fix invalid ipv6-prefix json
  79d5e6f ndp: improve error checking
  d834ae3 dhcpv4: fix error checking in dhcpv4_setup_interface()
  f2aa383 dhcpv4: fix out of bound access in dhcpv4_put
  4591b36 dhcpv4: improve error checking in dhcpv4_setup_interface()
  4983ee5 odhcpd: fix strncpy bounds
  c0f6390 odhcpd: Check if open the ioctl socket failed
  345bba0 dhcpv4: improve error checking in handle_dhcpv4()
  44cce31 ubus: avoid dumping interface state with NULL message

Cherry picked and squashed from commits:

  b7ef10cbf0 odhcpd: update to latest git HEAD
  98a6bee09a odhcpd: update to latest git HEAD
  88c88823d5 odhcpd: update to latest git HEAD

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-26 18:55:32 +02:00
Jo-Philipp Wich
da0dd6adc2 ubus: update to latest git HEAD
40e0931 libubus: pass an empty UBUS_ATTR_DATA block if msg is NULL on invoke

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 7316515891)
2018-07-26 18:37:18 +02:00
Hans Dedecker
3f0d44b8de firewall: update to latest git HEAD and build with LTO
Reduces .ipk size on MIPS from 41.6k to 41.1k

Changes:

  30463d0 zones: add interface/subnet bound LOG rules
  0e77bf2 options: treat time strings as UTC times
  d2bbeb7 firewall3: make reject types selectable by user
  aa8846b ubus: avoid dumping interface state with NULL message

Cherry picked and squashed from commits:

  a3f2451fba firewall: update to latest git HEAD
  433d71e73e fw3: update to latest git HEAD
  ef96d1e34a firewall: compile with LTO enabled
  1e83f775a3 firewall3: update to latest git HEAD
  3ee2c76ae0 firewall: update to latest git HEAD

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-26 08:49:52 +02:00
John Crispin
69021e9b89 ubus: update to latest git HEAD
884be45 libubus: check for non-NULL data before running callbacks

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit a5c3bbaf56)
2018-07-25 13:03:58 +02:00
John Crispin
6302f0161b libubox: update to latest git HEAD
c83a84a fix segfault when passed blobmsg attr is NULL

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 5dc32620c4)
2018-07-25 13:03:55 +02:00
Aleksandr V. Piskunov
f91a0f3b1a wireguard-tools: add wireguard_watchdog script
This watchdog script tries to re-resolve hostnames for inactive WireGuard peers.
Use it for peers with a frequently changing dynamic IP.
persistent_keepalive must be set, recommended value is 25 seconds.
Run this script from cron every minute:
echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root

Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
[bump the package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 20c4819c7b)
2018-07-25 11:23:35 +01:00
Jason A. Donenfeld
f1dbfa1937 wireguard: bump to 0.0.20180718
80b41cd version: bump snapshot
fe5f0f6 recieve: disable NAPI busy polling
e863f40 device: destroy workqueue before freeing queue
81a2e7e wg-quick: allow link local default gateway
95951af receive: use gro call instead of plain call
d9501f1 receive: account for zero or negative budget
e80799b tools: only error on wg show if all interfaces failk

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[Added commit log to commit description]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 57b808ec88)
2018-07-25 11:23:35 +01:00
Jason A. Donenfeld
ff91b32d26 wireguard: bump to 0.0.20180708
* device: print daddr not saddr in missing peer error
* receive: style

Debug messages now make sense again.

* wg-quick: android: support excluding applications

Android now supports excluding certain apps (uids) from the tunnel.

* selftest: ratelimiter: improve chance of success via retry
* qemu: bump default kernel version
* qemu: decide debug kernel based on KERNEL_VERSION

Some improvements to our testing infrastructure.

* receive: use NAPI on the receive path

This is a big change that should both improve preemption latency (by not
disabling it unconditionally) and vastly improve rx performance on most
systems by using NAPI. The main purpose of this snapshot is to test out this
technique.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 4630159294)
2018-07-25 11:23:34 +01:00
Kevin Darbyshire-Bryant
a80276235a iproute2: tc: backport canonical cake support
iproute2's tc was updated to support the recently upstreamed cake qdisc.
Backport this canonical support from upstream into iproute2 v4.16

There is no kernel kmod/userspace tc ABI change in this release from the
previous package bump, so everyone can breath a sigh of relief.

This is largely a code style change, the exception to prove the rule:
option 'autorate_ingress' has been changed to 'autorate-ingress' to fit
in with upstream option naming expectations.

No openwrt package (e.g. sqm-scripts) has knowledge of
'autorate_ingress' thus only users who made their own scripts or used
it within the 'dangerous configuration' options of sqm-scripts will be
affected.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-21 09:08:45 +01:00
Luiz Angelo Daros de Luca
a297324a13 base-files: fix wrong sysctl parameter order
Restarting service sysctl echos multiple errors like:

  sysctl: -e: No such file or directory

After the first filename, all remaining arguments are treated
as files.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-07-18 19:20:07 +02:00
Kevin Darbyshire-Bryant
1e48546a6a igmpproxy: run in foreground for procd
procd needs processes to stay in foreground to remain under its gaze and
control.  Failure to do so means service stop commands fail to actually
stop the process (procd doesn't think it's running 'cos the process has
exited already as part of its forking routing)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 9d5a246930)
2018-07-18 18:06:15 +01:00
Rafał Miłecki
1086408b17 mtd: improve check for TRX header being already fixed
First of all lengths should be compared after checking all blocks for
being good/bad. It's because requested length may differ from a final
one if there were some bad blocks.

Secondly it makes sense to also compare crc32 since we already have a
new one calculated.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 82498a7f7a)
2018-07-16 23:18:45 +02:00
Rafał Miłecki
5dca299fab mtd: support bad blocks within the mtd_fixtrx()
Reading MTD data with (p)read doesn't return any error when accessing
bad block. As the result, with current code, CRC32 covers "data" stored
in bad blocks.

That behavior doesn't match CFE's one (bootloader simply skips bad
blocks) and may result in:
1) Invalid CRC32
2) CFE refusing to boot firmware with a following error:
Boot program checksum is invalid

Fix that problem by checking every block before reading its content.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0f54489f75)
2018-07-16 23:18:45 +02:00
Kevin Darbyshire-Bryant
5889cf70e9 kmod-sched-cake: bump to 20180716
Bump to the latest cake recipe.

This backports tc class support to kernel 4.9 and other than conditional
kernel compilation pre-processor macros represents the cake that has
gone upstream into kernel 4.19.  Loud cheer!

Fun may be had by changing cake tin classification for packets on
ingress. e.g.

tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \
ip dport 6981 0xffff action skbedit priority 800b:1

Where 800b: represents the filter handle for the ifb obtained by 'tc
qdisc' and the 1 from 800b:1 represents the cake tin number.  So the
above example puts all incoming packets destined for port 6981 into the
BULK (lowest priority) tin.

f39ab9a Obey tin_order for tc filter classifiers
1e2473f Clean up after latest backport.
82531d0 Reorder includes to fix out of tree compilation
52cbc00 Code style cleanup
6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR()
cab17b6 Remove duplicate call to qdisc_watchdog_init()
71c7991 Merge branch 'backport-classful'
32aa7fb Fix compilation on Linux 4.9
9f8fe7a Fix compilation on Linux 4.14
ceab7a3 Rework filter classification
aad5436 Fixed version of class stats
be1c549 Add cake-specific class stats
483399d Use tin_order for class dumps
80dc129 Add class dumping
0c8e6c1 Fix dropping when using filters
c220493 Add the minimum class ops
5ed54d2 Start implementing tc filter/class support

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit c729c43b39)
2018-07-16 13:57:31 +01:00
Tony Ambardar
393ee8d0b2 qos-scripts: fix uci callback handling
The previous callback code was fragile, dependent on some UCI callback
bugs and side-effects now fixed in master commit 73d8a6ab.

Update scripts to use callbacks where appropriate and necessary, while
using normal UCI config parsing for all else. This results in smaller,
simpler, more robust code. Use callbacks in generate.sh to only process
'interface' defaults and the varying entries for 'reclassify', 'default'
and 'classify' sections. Also switch qos-stat to use non-callback UCI
handling.

The current changes work independently of 73d8a6ab (i.e. both before and
after), and are consistent with UCI config parsing documentation.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-07-16 09:32:27 +02:00
Tony Ambardar
c9c0fc28a9 base-files: fix UCI config parsing and callback handling
There are several long-standing issues present in the UCI shell API as
documented in https://wiki.openwrt.org/doc/devel/config-scripting. They
relate both to high-level, user-defined callback functions used to
process UCI config files, and also to low-level functions used within
scripts generally.

The related problems have been encountered now and in the past, e.g.
https://forum.openwrt.org/viewtopic.php?id=54295, and include:

a) UCI parsing option() function and user-defined option_cb() callbacks
being erroneously called during processing of "list" config file entries;

b) normal usage of the low-level config_set() unexpectedy calling any
defined option_cb() if present; and

c) handling of the list_cb() not respecting the NO_CALLBACK variable.

Root causes include a function stack "inversion", where the low-level
config_set() function incorrectly calls the high-level option() function,
intended only for processing the "option" keyword of UCI config files.

This change addresses the inversion and other issues, making the option
handling code more consistent and smaller, and simplifying developers'
usage of UCI callbacks.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-07-16 09:32:06 +02:00
Hans Dedecker
3539430b3d odhcp6c: add noserverunicast config option for broken DHCPv6 servers
Fix broken DHCPv6 servers which provide the server unicast option but
do not reply on DHCPv6 renew messages directed to the IPv6 address
contained in the server unicast option which results in broken IPv6
connectivity.

67ae6a7 odhcp6c: add option to ignore Server Unicast option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-15 22:23:09 +02:00
Hans Dedecker
6363377c47 odhcp6c: update to latest git HEAD
b99c1f6 odhcp6c: remove len check in option parsing handle

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-15 22:22:26 +02:00
Hans Dedecker
ce8cab388a odhcp6c: user string option support
ca8822b odhcp6c: add support for user string options

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-15 22:22:17 +02:00
Jo-Philipp Wich
7fc7128b08 OpenWrt v18.06.0-rc2: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-15 17:54:39 +02:00
Jo-Philipp Wich
4de335bdbe OpenWrt v18.06.0-rc2: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-15 17:54:33 +02:00
Jo-Philipp Wich
e4d0ee5af5 uhttpd: update to latest Git head
db86175 lua: honour size argument in recv() function
d3b9560 utils: add uh_htmlescape() helper
8109b95 file: escape strings in HTML output
393b59e proc: expose HTTP Origin header in process environment
796d42b client: flush buffered SSL output when tearing down client ustream

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b54bef2058)
2018-07-15 14:30:50 +02:00
Felix Fietkau
68f40d7ecc mt76: update to the latest version
08719b1 mt76: use a per rx queue page fragment cache
4d2c565 mt76x2: reset HW before probe
f622975 mt76x2: fix CCK protection control frame rate
6780375 mt76x2: add frame protection support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 16:39:55 +02:00
Matthias Schiffer
514a4b3e1b
include/feeds.mk: rework generation of opkg distfeeds.conf
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 16035a7dd3)
2018-07-12 21:26:42 +02:00
Matthias Schiffer
3e89f58a5e
base-files: fix feed list in PKG_CONFIG_DEPENDS
FEEDS_ENABLED and FEEDS_DISABLED are derived from FEEDS_AVAILABLE, not
FEEDS_INSTALLED.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 6dac434c00)
2018-07-12 21:26:41 +02:00
Koen Vandeputte
27014da237 mac80211: Expose support for ath9k Dynack
Enables support for Dynack feature.

When a remote station is far away, we need to compensate for the distance
by allowing more time for an ACK to arrive back before issueing a retransmission.
Currently, it needs to be set fixed to indicate the maximum distance the remote
station will ever be.

While this mostly works for static antennae, it introduces 2 issues:
- If the actual distance is less, speed is reduced due to a lot of wates wait-time
- If the distance becomes greater, retries start to occur and comms can get lost.

Allowing to set it dynamically using dynack ensures the best possible tradeoff
between speed vs distance.

This feature is currently only supported in ath9k.
it is also disabled by default.

Enabling it can be done in 2 ways:
- issue cmd:  iw phy0 set distance auto
- sending the NL80211_ATTR_WIPHY_DYN_ACK flag to mac80211 driver using netlink

Disabling it can be done by providing a valid fixed value.

To give an idea of a practical example:

In my usecase, we have mesh wifi device installed on ships/platforms.
Currently, the coverage class is set at 12000m fixed.

When a vessel moved closer (ex. 1500m), the measured link capacity was a lot
lower compared to setting the coverage class fixed to 1500m

Dynack completely solved this, nearly providing double the bandwidth at closer range
compared to the fixed setting of 12000m being used.

Also when a vessel sailed to a distance greater than the fixed setting,
communication was lost as the ACK's never arrived within the max allowed timeframe.

Actual distance: 6010m
iperf 60s run avg

Fixed 12150m:  31 Mbit/s
Dynack:        58 Mbit/s

Fixed 6300m:   51 Mbit/s
Dynack:        59 Mbit/s

Fixed 3000m:   13 Mbit/s  (lots of retries)
Dynack:        58 Mbit/s

Actual distance: 1504m
iperf 60s run avg

Fixed 12150m:  31 Mbit/s
Dynack:        86 Mbit/s

Fixed 6300m:   55 Mbit/s
Dynack:        87 Mbit/s

Fixed 3000m:   67 Mbit/s
Dynack:        87 Mbit/s

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-12 11:46:17 +02:00
Sven Eckelmann
b84a07b380
mac80211: initialize sinfo in cfg80211_get_station
Most of the implementations behind cfg80211_get_station will not initialize
sinfo to zero before manipulating it. For example, the member "filled",
which indicates the filled in parts of this struct, is often only modified
by enabling certain bits in the bitfield while keeping the remaining bits
in their original state. A caller without a preinitialized sinfo.filled can
then no longer decide which parts of sinfo were filled in by
cfg80211_get_station (or actually the underlying implementations).

cfg80211_get_station must therefore take care that sinfo is initialized to
zero. Otherwise, the caller may tries to read information which was not
filled in and which must therefore also be considered uninitialized. In
batadv_v_elp_get_throughput's case, an invalid "random" expected throughput
may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may
switch to non-optimal neighbors for certain destinations.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
(cherry picked from commit 87493dac11)
2018-07-08 23:22:17 +02:00
Sven Eckelmann
6258c965a0
ath10k-ct: search DT for BDF variant info
Board Data File (BDF) is loaded upon driver boot-up procedure. The right
board data file is identified on QCA4019 using bus, bmi-chip-id and
bmi-board-id.

The problem, however, can occur when the (default) board data file cannot
fulfill the vendor requirements and it is necessary to use a different
board data file.

This problem was solved for SMBIOS by adding a special SMBIOS type 0xF8.
Something similar has to be provided for systems without SMBIOS but with
device trees. No solution was specified by QCA and therefore a new one has
to be found for ath10k.

The device tree requires addition strings to define the variant name

    wifi@a000000 {
    	status = "okay";
    	qcom,ath10k-calibration-variant = "RT-AC58U";
    };

    wifi@a800000 {
    	status = "okay";
    	qcom,ath10k-calibration-variant = "RT-AC58U";
    };

This would create the boarddata identifiers for the board-2.bin search

 *  bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=RT-AC58U
 *  bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=RT-AC58U

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
(cherry picked from commit 1c01e02575)
2018-07-08 23:22:17 +02:00
Kevin Darbyshire-Bryant
585208a356 wireguard: bump to 0.0.20180625
dfd9827 version: bump snapshot
88729f0 wg-quick: android: prevent outgoing handshake packets from being dropped
1bb9daf compat: more robust ktime backport
68441fb global: use fast boottime instead of normal boottime
d0bd6dc global: use ktime boottime instead of jiffies
18822b8 tools: fix misspelling of strchrnul in comment
0f8718b manpages: eliminate whitespace at the end of the line
590c410 global: fix a few typos
bb76804 simd: add missing header
7e88174 poly1305: give linker the correct constant data section size
fd8dfd3 main: test poly1305 before chacha20poly1305
c754c59 receive: don't toggle bh

Compile-tested-for: ath79 Archer C7 v2
Run-tested-on: ath79 Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 3ce11588f6)
2018-07-07 11:27:21 +01:00
Kevin Darbyshire-Bryant
c9a51c471d kmod-sched-cake: bump to latest 20180706
Fixes a potential infinite loop bug when in unlimited (ie not using
built in shaper) mode.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 4bd4ece9ea)
2018-07-07 11:13:02 +01:00
Kevin Darbyshire-Bryant
9ada61881c kmod-sched-cake: bump to latest cake
This bumps to the latest & possibly greatest cake, sadly it's still
inedible but from an SQM point of view quite tasty :-)

Main tweaks since previous bump, improved ack_filter, some extra stats,
support for 64bit netlink parameters (higher rates/byte counters)

0520a6c Fix NAT option handling
8da93e1 Make sure we always call qdisc_watchdog_init() in cake_init()
f65daf6 Fix mismatched parenthesis
51d4ab3 Change flag handling to be safe even when mixing with non-eligible ACKs
f2ea091 ack_filter: protect DCTCP with stricter filtering of ECE marks
28b4560 ACK filter: Handle wrapping sequence numbers and DSACKs
73f62d9 Use the right PAD attribute for options
5969c14 Use 32 for tin backlog
e289f31 Move all the u64 netlink attributes together
36180a0 Check ACK seqno before parsing SACKs
91bbc01 Merge branch 'mine' into cobalt
58c55ec Rework SACK check to compare the ranges of two SACKs
9a5d593 ack_filter: Add proper handling of SACKs
eca95d4 ack_filter: short-circuit TCP flag check
d50a246 compat: backport some ktime functions
7b7ad11 compat: define tcpopt_fastopen for pre-4.1 kernels
ca54cdb Fix ktime compare
9d7dcc0 ack filter: Parse TCP options and only drop safe ones
b119882 Return EOPNOTSUPP on NAT option if conntrack is not available
842d7f0 Don't try to pad stats with tin_stats padding
bd46dc2 Use 64-bit divide helper
8e41bf0 Make sure we never drop SACKs when filtering ACKs
66e5d60 Avoid comparing ktime_t to scalar values
7fab017 Actually commit the ktime_t changes
fca6d13 Switch to ktime_t and get rid of cobalt.h
6f7e5af Can't use do_div with 64-bit divisors

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit abeae38dbb)
2018-07-07 11:13:02 +01:00
Kevin Darbyshire-Bryant
b05619fe09 iproute2: tc: update support for cake
Bump iproute2/tc support of cake.

Add support for cake's change to u64 attribute passing for certain
attributes (rate & byte counts)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit a2165f936e)
2018-07-07 11:13:01 +01:00
Alberto Bursi
ce73f89469 uboot-kirkwood: fix malformed boot configuration
With current uboot default configuration the bootloader will
fail to start the OpenWrt firmware with the following error:
-----
unexpected character 'b' at the end of partition
Error initializing mtdparts!
incorrect device type in ubi
Partition ubi not found!
Error, no UBI device/partition selected!
Wrong Image Format for bootm command
Error occured, error code = 112
-----

If the uboot configuration is examined with printenv
I can see that mdtparts line (on a nsa310) is wrong:
-----
mtdparts=mtdparts=orion_nand:0x0c0000(uboot),
0x80000(uboot_env),0x7ec0000(ubi)bootargs_root=
----

The "bootargs_root=" that was appended to it should not be there.

Fix the issue by adding a \0 line terminator at the end of affected lines,
mimicking what is also done by uboot upstream.

This issue was detected and confirmed on a nsa310, nsa325 and
a pogoplug v4, but it's not hardware-specific, so apply the same fix
to other devices as well.

Note that the issue is with the uboot's integrated boot configuration,
which is not used unless the uboot configuration in flash is unavailable
(erased or corrupted), which happens only on first time installation,
or if the user deletes the uboot configuration when upgrading uboot.
People just upgrading from an older uboot without erasing their previous
uboot configuration stored in flash would not have noticed this issue.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2018-06-26 23:35:18 +02:00
John Crispin
ecee5bf1a1 mac80211: make rtl8xxxu build again
we only wanted to drop rtl8xxxue support

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit d8981133b2)
2018-06-26 16:01:50 +02:00
John Crispin
cff16587bd mac80211: rtl8xxxu: drop support patches
After a very enlightening but unfortunately far too short exchange with Jes
we mutually agreed to drop the patches. They are unfortunately not ready
yet.

Acked-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 66c5696cdf)
2018-06-26 15:46:26 +02:00
Sven Roederer
3f3a2c966a base-files: fix links in banner.failsafe
Update the link to the current section in the documentaion wiki.
This fixes https://github.com/openwrt/packages/issues/6282

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
2018-06-24 22:30:32 +02:00
Rafał Miłecki
c437adb024 mac80211: backport brcmfmac changes from kernel 4.18
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c446e38c86)
2018-06-23 14:29:39 +02:00
Rafał Miłecki
2811c97803 mac80211: backport brcmfmac firmware & clm_blob loading rework
It backports remaining brcmfmac changes from 4.17.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7e8eb7f309)
2018-06-23 14:29:39 +02:00
Rafał Miłecki
72f6025d69 mac80211: backport brcmfmac data structure rework
It backports brcmfmac commits from kernel 4.17.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 3c8bb92655)
2018-06-23 14:29:39 +02:00
Rafał Miłecki
8cfd43d1d6 mac80211: backport "brcmfmac: cleanup and some rework" from 4.17
It was described by Arend as:

> This series is intended for 4.17 and includes following:
>
>  * rework bus layer attach code.
>  * remove duplicate variable declaration.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0da9303e5b)
2018-06-23 14:29:29 +02:00
Jo-Philipp Wich
c51d292c47 OpenWrt v18.06.0-rc1: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 12:30:02 +02:00
Jo-Philipp Wich
13f64a1e59 OpenWrt v18.06.0-rc1: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 12:30:02 +02:00
Jo-Philipp Wich
d2aa3a1b62 Revert "LEDE v18.06.0-rc1: adjust config defaults"
This reverts commit 97b1765a45.
The tree is in an inconsistent state and we need to complete some rebranding.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 12:22:57 +02:00
Jo-Philipp Wich
78abc65347 Revert "LEDE v18.06.0-rc1: revert to branch defaults"
This reverts commit 55df39e684.
The tree is in an inconsistent state and we need to complete some rebranding.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 12:22:50 +02:00
Jo-Philipp Wich
55df39e684 LEDE v18.06.0-rc1: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 12:12:13 +02:00
Jo-Philipp Wich
97b1765a45 LEDE v18.06.0-rc1: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 12:12:09 +02:00
John Crispin
f27e0b6bc4 iptables: set nonshared flag
this makes sure that offloading support is properly included for v4.14 targets.

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit ebe1216c7c)
2018-06-22 11:47:17 +02:00
John Crispin
04353c3af8 mac80211: fix up ath10k led patch
Signed-off-by: John Crispin <john@phrozen.org>
2018-06-22 10:51:22 +02:00
John Crispin
6e4fb77f9e mac80211: drop 355-ath9k-limit-retries-for-powersave-response-frames.patch
several people reported this bug to be causing drop out issues

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit cac1a4be66)
2018-06-22 09:45:43 +02:00
Ansuel Smith
642acc0fb0 mac80211: ath10k fix vht160 firmware crash
When the 160mhz width is selected the ath10k firmware crash. This fix this problem.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit 134e832814)
2018-06-22 09:45:08 +02:00
Ansuel Smith
843e421a05 mac80211: ath10k add leds support
This adds support for leds handled by the wireless chipset.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit 61d57a2f88)
2018-06-22 09:45:08 +02:00
David Thornley
c4a0c0718a wwan: Add support for Gemalto Cinterion cellular modules
Includes specific support for PH8(1e2d-0053) / ELS61(1e2d-005b) modules.

Note for ELS61, the serial driver changes from serial option(ttyUSB) to usb-cdc (ttyACM).

Two additional fixes in this commit resolve issues with ttyACM devices: -

* wwan.sh - sys-fs has a subdirectory indirection (*/tty/ttyACMx) which was not handled properly
* wwan.usb - dependent scripts were not included, so this never actually called proto_set_available for example (and relied on inadvertent call for ttyUSB case)

Signed-off-by: David Thornley <david.thornley@touchstargroup.com>
(cherry picked from commit cb262b0939)
2018-06-22 09:45:08 +02:00
Hans Dedecker
2ac5800fd9 busybox: udhcpc: replace udhcpc_no_msg_dontroute patch by upstream fix
Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix
which removes the code which requires the server ID to be on local
network

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-21 22:40:54 +02:00
Hans Dedecker
c2da3505e2 Revert "base-files: fix UCI config parsing and callback handling"
This reverts commit 0239448532 as users
report Qos scripts are broken (FS#1602)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-21 21:43:03 +02:00
Felix Fietkau
b72bced2d7 mt76: update to the latest version
072fdac mt76x2: mac: consider multicast/broadcast frames in ewma rssi estimation
f450659 mt76x2: improve gain adjustment in noisy environments
1d4ca10 mt76x2: track rssi for gain adjustment per station

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-21 11:22:05 +02:00
Magnus Frühling
36234df96c ipq40xx: add support for ZyXEL WRE6606
Specifications:
SOC:	Qualcomm IPQ4018 (DAKOTA) ARM Quad-Core
RAM:	128 MB Nanya NT5CC64M16GP-DI
FLASH:	16 MiB Macronix MX25L12845EMI-12G
ETH:	Qualcomm QCA8072
WLAN1:  Qualcomm Atheros QCA4018 2.4GHz 802.11b/g/n 2x2
WLAN2:  Qualcomm Atheros QCA4018 5GHz 802.11n/ac W2 2x2
INPUT:  WPS, Mode-toggle-switch
LED:	Power, WLAN 2.4GHz, WLAN 5GHz, LAN, WPS
        (LAN not controllable by software)
        (WLAN each green / red)
SERIAL:	Header next to eth-phy.
        VCC, TX, GND, RX (Square hole is VCC)
        The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet (Correct MAC-address)
 - 2.4 GHz WiFi (Correct MAC-address)
 - 5 GHz WiFi (Correct MAC-address)
 - Factory installation from tftp
 - OpenWRT sysupgrade
 - LEDs
 - WPS Button

Not Working:
 - Mode-toggle-switch

Install via TFTP:

Connect to the devices serial. Hit Enter-Key in bootloader to stop
autobooting. Command `tftpboot` will pull an initramfs image named
`C0A86302.img` from a tftp server at `192.168.99.08/24`.
After successfull transfer, boot the image with `bootm`.

To persistently write the firmware, flash an openwrt sysupgrade image
from inside the initramfs, for example transfer
via `scp <sysupgrade> root@192.168.1.1:/tmp` and flash on the device
with `sysupgrade -n /tmp/<sysupgrade>`.

append-cmdline patch taken from chunkeeys work on the NBG6617.

Signed-off-by: Magnus Frühling <skorpy@frankfurt.ccc.de>
Co-authored-by: David Bauer <mail@david-bauer.net>
Co-authored-by: Christian Lamparter <chunkeey@googlemail.com>
(cherry picked from commit 4b280ad91a)
2018-06-21 07:02:37 +02:00
David Bauer
0c4f658d58 ar71xx: add support for OCEDO Koala
This commit adds support for the OCEDO Koala

SOC:	Qualcomm QCA9558 (Scorpion)
RAM:    128MB
FLASH:  16MiB
WLAN1:  QCA9558 2.4 GHz 802.11bgn 3x3
WLAN2:  QCA9880 5 GHz 802.11nac 3x3
INPUT:  RESET button
LED:    Power, LAN, WiFi 2.4, WiFi 5, SYS
Serial: Header Next to Black metal shield
        Pinout is 3.3V - GND - TX - RX (Arrow Pad is 3.3V)
        The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet
 - 2.4 GHz WiFi
 - 5 GHz WiFi
 - TFTP boot from ramdisk image
 - Installation via ramdisk image
 - OpenWRT sysupgrade
 - Buttons
 - LEDs

Installation seems to be possible only through booting an OpenWRT
ramdisk image.

Hold down the reset button while powering on the device. It will load a
ramdisk image named 'koala-uImage-initramfs-lzma.bin' from 192.168.100.8.

Note: depending on the present software, the device might also try to
pull a file called 'koala-uimage-factory'. Only the name differs, it
is still used as a ramdisk image.

Wait for the ramdisk image to boot. OpenWRT can be written to the flash
via sysupgrade or mtd.

Due to the flip-flop bootloader which we not (yet) support, you need to
set the partition the bootloader is selecting. It is possible from the
initramfs image with

 > fw_setenv bootcmd run bootcmd_1

Afterwards you can reboot the device.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit e36f8b3f39)
2018-06-21 07:02:30 +02:00
Kevin Darbyshire-Bryant
0daff7fe23 wireguard: bump to 0.0.20180620
0bc4230 version: bump snapshot
ed04799 poly1305: add missing string.h header
cbd4e34 compat: use stabler lkml links
caa718c ratelimiter: do not allow concurrent init and uninit
894ddae ratelimiter: mitigate reference underflow
0a8a62c receive: drop handshake packets if rng is not initialized
cad9e52 noise: wait for crng before taking locks
83c0690 netlink: maintain static_identity lock over entire private key update
0913f1c noise: take locks for ss precomputation
073f31a qemu: bump default kernel
bec4c48 wg-quick: android: don't forget to free compiled regexes
7ce2ef3 wg-quick: android: disable roaming to v6 networks when v4 is specified
9132be4 dns-hatchet: apply resolv.conf's selinux context to new resolv.conf
41a5747 simd: no need to restore fpu state when no preemption
6d7f0b0 simd: encapsulate fpu amortization into nice functions
f8b57d5 queueing: re-enable preemption periodically to lower latency
b7b193f queueing: remove useless spinlocks on sc
5bb62fe tools: getentropy requires 10.12
4e9f120 chacha20poly1305: use slow crypto on -rt kernels on arm too

Compiled-for: ar71xx, lantiq
Run-tested-on: ar71xx Archer C7 v2 & lantiq HH5a

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-20 22:22:37 +02:00
Hans Dedecker
eb568e0aba dnsmasq: fix dnsmasq startup issue
Commit ecd954d530 installs specific interface triggers which rewrites the dnsmasq config
file and restarts dnsmasq if the network interface becomes active for which a trigger
has been installed.
In case no dhcp sections are specified or ignore is set to 1 dnsmasq will not be started
at startup which breaks DNS resolving.
Fix this by ditching the BOOT check in start_service and always start dnsmasq at startup.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-20 14:08:01 +02:00
Hans Dedecker
2af5cfe9b7 ds-lite: make tunnel encapsulation limit support configurable (FS#1501)
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501.
Setting the uci parameter encaplimit to ignore; allows to disable the insertion
of the destination option header in the ds-lite packets.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit uci parameter accordingly.
If no encaplimit value is specified the default value is 4 as before.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-19 13:25:19 +02:00
Hans Dedecker
3c4cf92f13 odhcp6c: make ds-lite/map tunnel encapsulation limit support configurable (FS#1501)
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501 for dynamic created ds-lite/map
interfaces.
Setting the uci parameter encaplimit_dslite/map to ignore; allows to disable the insertion
of the destination option header for the dynamic created ds-lite/map interface.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit_dslite/map uci parameter accordingly.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-19 13:25:19 +02:00
Hans Dedecker
192866d2b8 netifd: update to latest git HEAD (FS#1501)
a580028 system-linux: make encaplimit configurable for ip6 tunnels (FS#1501)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-19 13:25:19 +02:00
Hans Dedecker
2369c89b75 map: make tunnel encapsulation limit support configurable (FS#1501)
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501.
Setting the uci parameter encaplimit to ignore; allows to disable the insertion
of the destination option header in the map-e packets.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit uci parameter accordingly.
If no encaplimit value is specified the default value is 4 as before.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-19 13:25:18 +02:00