Commit Graph

15788 Commits

Author SHA1 Message Date
Hauke Mehrtens
e669cf7f6a strace: Update to version 5.0
The removed patch was merged upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:26 +02:00
Hauke Mehrtens
02d4d36d4b iperf: Update to version 2.0.13
The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:18 +02:00
Hans Dedecker
06403981e1 ppp: update to version 2.4.7.git-2019-05-06
fcb076c Various fixes for errors found by coverity static analysis (#109)
d98ab38 Merge branch 'pppd_print_changes' of https://github.com/nlhintz/ppp into nlhintz-pppd_print_changes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-13 15:34:42 +02:00
Tomasz Maciej Nowak
ee96fa15b1 mvebu: use device-tree board detection
Convert whole target to Device Tree based board detection instead of
identifying devices by dts file name. With this we can drop mvebu.sh
translation script and rely on common method for model detection.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 23:11:04 +02:00
Tomasz Maciej Nowak
a39d2a8053 mvebu: align device names to vendor_device format
Add vendors in device names and also rename few device names, for easier
identyfying potential firmware to flash. The vendor and device string is
mainly derived from model/compatipble string in dts from particular
device, but since not all devices are well described, some of the renames
follow marketing names.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 23:11:04 +02:00
Rosen Penev
0b26382533 uClibc++: Update to 0.2.5
Switched to xz archives for smaller size.

Removed upstreamed patches.

Reorganized Makefile a little bit for clarity. Build/Prepare is not useful
anymore. Upstream converted the file to LF.

Refreshed config.

Removed -ansi option from the original CFLAGS as this was causing long
long support to be missing.

Removed fPIC. We have the macro $(FPIC) already used. No point in setting
fpic and fPIC together.

Removed pedantic -Wlong-long warnings as they are not useful.

Removed -std=gnu++98. Not only is it unnecessary (it compiles against all
standards), it actually results in a size increase. 75843 vs. 75222 (gcc
in OpenWrt defaults to g++14).

Added --gc-sections to linker flags to reduce size: 72653 vs 75222.

Removed warn linker options. They have been upstreamed.

Tested on Archer C7v2 and GnuBee PC1.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-05-11 23:10:10 +02:00
Rosen Penev
e49b6bb618 xfsprogs: Replace valloc with posix_memalign
Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-05-11 23:10:10 +02:00
Christian Lamparter
bdaaf66e28 utils/spidev_test: build package directly from Linux
Jeff Kletsky noted in his patch titled:
"utils/spidev_test: Update to current source from upstream Linux"
that the spidev_test utility OpenWrt ships is severly out of date.

Instead of updating the spidev_test.c from the current kernel,
this patch replaces the package building code to utilize the
very file that gets shipped with the kernel we compiling for
anyway much like the "perf" package already does.

Reported-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-05-11 16:37:11 +02:00
Lucian Cristian
4582fe7c14 lldpd: add option to edit hostname
also fixes the annoying repeating syslog
lldp[]: unable to get system name

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-05-11 16:37:11 +02:00
Lucian Cristian
cb30971a44 lldpd: update to 1.0.3
Support for CDP PD PoE

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-05-11 16:37:11 +02:00
Robert Marko
671d8752d1 ath10k-ct: Update to current version
This patch updates ath10k-ct to current version.
Changes are:
     ath10k-ct:  Fix printing PN in peer stats.

     Previous logic was incorrect.  Also add set-special API to enable
     returning PN.

Patches refreshed and tested on 8devices Jalapeno dev board(IPQ4019)

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-05-11 16:37:11 +02:00
Robert Marko
61f4ceb146 ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1:

2019-04-02: Support some get/set API for eeprom rate power tables.
	    Mostly backported from 10.2

2019-04-02: Support adaptive-CCA, backported from 10.2

2019-04-02: Support adding eeprom configAddr pairs via the
            set-special API. These configAddrs can be used to change
            the default register settings for up to 12 registers.

2019-05-03: Fix tx-power settings for 2x2, 3x3 rates.
	    Original logic I put in back in 2016 set 2x2 and 3x3 lower
	    than the needed to be when using most NICs (very high
	    powered NICs would not have been affected I think, not sure
	    any of those exist though.)

	    This improves throughput for 2x2 and 3x3 devices,
	    especially when the signal is weaker.

Release notes for wave-2:

2019-04-08: When setting keys, if high bit of high value of
	    key_rsc_counter is set to 0x1, then the lower 48 bits will
	    be used as the PN value.  By default, PN is set to 1 each
	    time the key is set.

2019-04-08: Pack PN into un-used 'excretries' aka
	    'num_pkt_loss_excess_retry' high 16 bits.
	    This lets us report peer PN, but *only* if driver has
	    previously set a PN when setting key (or set-special cmd is
	    used to enable PN reporting).

	    This is done so that we know the driver is recent
            enough to deal with the PN stat reporting.

2019-04-16: Support specifying tx rate on a per-beacon packet.
	    See ath10k_wmi_op_gen_beacon_dma and
	    ath10k_convert_hw_rate_to_rate_info for API details.

	     Driver needs additional work to actually enable this
	     feature currently.

2019-04-30: Compile out tx-prefetch caching logic.
	    It is full of tricky bugs that cause tx hangs.
	    I fixed at least one, but more remain and I have wasted too
	    much time on this already.

2019-05-08: Start rate-ctrl at mcs-3 instead of mcs-5.
	    This significantly helps DHCP happen quickly, probably
	    because the initial rate being too high would take a while
	    to ramp down, especially since there are few packets sent
	    by the time DHCP needs to start.

	    This bug was triggered by me decreasing retries of 0x1e
	    (upstream default) to 0x4.  But, I think it is better to
	    start with lower initial MCS instead of always having a
	    very high retry count.

Tested on 8devices Jalapeno dev board(IPQ4019)

Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [neatify]
2019-05-11 16:37:11 +02:00
Klaus Kudielka
ad62247800 base-files: improve lib/upgrade/common.sh
Recently, upgrade device autodetection has been added to the mvebu target.
This exposes some shortcomings of the generic export_bootdevice function,
e.g. on the Turris Omnia: export_bootdevice silently reports the root
partition to be the boot device. This makes the sysupgrade process fail at
several places.

Fix this by clearly distinguishing between /proc/cmdline arguments which
specify the boot disk, and those which specify the root partition. Only in
the latter case, strip off the partition, and do it consistently.
root=PARTUUID=<pseudo PARTUUID for MBR> (any partition) and root=/dev/*
(any partition) are accepted.

The root of the problem is that the *existing* export_bootdevice in
/lib/upgrade/common.sh behaves differently, if the kernel is booted with
root=/dev/..., or if it is booted with root=PARTUUID=...

In the former case, it reports back major/minor of the root partition,
in the latter case it reports back major/minor of the complete boot disk.

Targets, which boot with root=/dev/... *and* use export_bootdevice /
export_partdevice, have added workarounds to this behaviour, by specifying
*negative* increments to the export_partdevice function.

Consequently, those targets have to be adapted to use positive increments,
otherwise they are broken by the change to export_bootdevice.

Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 16:37:11 +02:00
Deng Qingfang
367813b9b1 ramips: mt7620: fix dependencies
MT7620 integrated WMAC does not need RT2x00 PCI driver or firmware
Also corrected kmod-eeprom-93cx6 and kmod-lib-crc-itu-t dependencies
according to original Kconfig and lsmod output

This will remove some unnecessary packages from MT7620 target to
save some space

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[75 characters per line in the commit message]
2019-05-11 01:05:11 +02:00
Hans Dedecker
290a7dc0c7 procd: fix compile issue
1361b97 container: include stdbool.h

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-09 18:33:39 +02:00
Hans Dedecker
165d598521 netifd: update to latest git HEAD
f6fb700 interface-ip: fine tune IPv6 mtu warning
975a5c4 interface: tidy ipv6 mtu warning

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-08 22:15:19 +02:00
Hans Dedecker
792c9fc8ca procd: update to latest git HEAD
9b35439 procd: detect lxc container and behave accordingly

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-08 20:52:45 +02:00
Rosen Penev
4760541027 elfutils: Fix compile with uClibc-ng
Probably glibc too. argp_help takes a char *. not const char *.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
2019-05-05 21:11:01 +02:00
Tomasz Maciej Nowak
b18d1d5d3f uboot-tegra: bump to 2019.04
This version has important change for tegra boards which is reserving
32MB memory for Linux kernel instead of current 16MB.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-05 21:11:01 +02:00
Arthur Skowronek
fc23bcdaa2 base-files: add service_stopped as a post stop hook
Purpose of these changes is to introduce a hook for post service
shutdown in a similar fashion to the existing hook service_started. I
found it to be useful to specify a hook that is called once the service
has been stopped and not before the service is stopped like the
stop_service hook does.

The concrete use case I have for this is that I'm running a binary that
takes over the hardware watchdog timer. Said binary unfortunately can
not use ubus directly to tell procd to hand over the watchdog timer so
this has to be done in the service file for the binary in question. In
order to support a clean handover of the watchdog timer back to procd,
the service init script has to dispatch the ubus invocation once the
binary in question has been stopped.

Signed-off-by: Arthur Skowronek <ags@digineo.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[added commit message, use the same form as other hooks]
2019-05-05 21:11:01 +02:00
Hauke Mehrtens
1325e74e0c kernel: Remove support for kernel 3.18
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.

The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 22:41:38 +02:00
Hauke Mehrtens
675832de79 xburst: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
cd3b298533 omap24xx: Remove unmaintained target
This target only supports kernel 4.1, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
e6f9a8e89b au1000: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
2d0a2ff1e0 adm5120: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Rafał Miłecki
2c3dd70741 procd: add procd_running() helper for checking running state
This should be helpful for implementing service_running() in procd init
scripts.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: John Crispin <john@phrozen.org>
2019-05-02 22:14:19 +02:00
Hans Dedecker
8696f0c3e3 procd: update to latest git HEAD
01f3dc8 instance: dump user and group as well

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-02 17:39:16 +02:00
Michael Heimpold
218b1bbecd procd: allow passing optional group instance parameter
Sometimes is desirable to run a process with a specific group id
instead of the default one which is derived from passwd entry.
This can be achived now by using procd_set_param group $mygroup.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
2019-05-02 17:39:16 +02:00
Michael Heimpold
a12ab07e21 procd: allow passing optional syslog facility as instance parameter
Optional syslog facility can be set by adding procd_set_param facility
$myfacility.
While at, also add stdout/stderr documentation.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
2019-05-02 17:38:51 +02:00
Robert Marko
a9190ee3a4 kernel: iio: Fix BMP280 Auto probing
Currently Auto probing for BMP/BME280 does not work because kernel
module name in the call is not correct.
Package name was used instead of kernel module name.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-05-02 09:35:35 +02:00
Rafał Miłecki
d6643aca34 libroxml: bump to the 3.0.1 version
Some of changes:
* Support for local-name()
* General refactoring
* Better parsing performance
* Fix possible buffer overflow & memleak
* Validation checks
* More commit functions (file, buffer, fd)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-05-01 07:25:55 +02:00
Hans Dedecker
430b66bbe8 procd: update to latest git HEAD
cfaed56 procd: add SIGPWR as signal
a30a8fd procd: copy the respawn property of new instance

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-29 21:48:09 +02:00
Daniel Golle
26dafeeba4 mac80211: rt2x00: replace patches with upstream version
Support for RT3883/RT3663 was merged upstream [1]. Use that patch
instead of our original series. The resulting source tree is
exactly identical, this commit is merely reorganizing the patches.

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git/commit/?id=d0e61a0f7cca51ce340a5a73595189972122ff25

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-29 18:39:04 +02:00
Eneas U de Queiroz
17cb490ac4 openssl: build kmods only if engines are selected
Add a conditional to the individual package's for the kmods in DEPENDS.
This avoids the need to compile the kernel modules when the crypto
engine packages are not selected.  The final binares are not affected by
this.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2019-04-26 15:31:34 +02:00
Jose Olivera
40de4c038a elfutils: bump to 0.176
*Fixes:
  -CVE-2019-7150
  -CVE-2019-7149
  -CVE-2019-7146
  -CVE-2019-7665
  -CVE-2019-7664
  -CVE-2019-7148

*Refresh 003-libintl-compatibility.patch

*Also reset PKG_RELEASE.

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
2019-04-26 10:04:47 +02:00
Felix Fietkau
6e7e2f4421 mac80211: fix regression in skb resizing optimization in monitor mode (FS#2254)
struct ieee80211_local needs to be passed in separately instead of
dereferencing the (potentially NULL) sdata

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-24 09:33:38 +02:00
Koen Vandeputte
6afe175e5e ath10k-ct: Update to 2019-04-08
9cd701a4f028 ath10k-ct:  Add PN get/set API for wave-2 firmware.
5c8a4668323b ath10k-ct:  Support over-riding the power ctl table in eeprom
75e2705f31bb ath10k-ct:  CCA, eeprom, other changes.
a696e602a0fc ath10k-ct:  Attempt to fix-out-of-tree compile for 4.16
a2aec62262df ath10k:  Improve beacon tx status for 4.20 kernel.
be5c21a82b15 ath10k-ct:  Fix out-of-tree compile for 4.20, pull in stable changes for 4.19

Fixes compile errors when using the 4.20 flavour.
Also the amount of beacon errors seems to have dropped.

Tested on a Mikrotik RB912UAGS-5HPacD

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-23 13:22:31 +02:00
Jo-Philipp Wich
f00a4ae6e0 Revert "uhttpd: disable concurrent requests by default"
This reverts commit c6aa9ff388.

Further testing has revealed that we will need to allow concurrent
requests after all, especially for situations where CGI processes
initiate further HTTP requests to the local host.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-23 08:15:46 +02:00
Eneas U de Queiroz
8abb505048 openssl: add Eneas U de Queiroz as maintainer
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-22 21:37:31 +02:00
Eneas U de Queiroz
ff9ac986ce openssl: fix OPENSSL_config bug affecting wget
This applies an upstream patch that fixes a OPENSSL_config() bug that
causes SSL initialization to fail when the openssl.cnf file is not
found.  The config file is not installed by default.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-22 20:30:02 +02:00
Hans Dedecker
47dc4f96cb nghttp2: bump to 1.38.0
4a9d2005 Update manual pages
acf6a922 Bump up version number to 1.38.0, LT revision to 31:3:17
4ff45821 Update AUTHORS
42dce01e Merge branch 'nghttpx-fix-backend-selection-on-retry'
a35059e3 nghttpx: Fix bug that altered authority and path affect backend selection
5a30fafd Merge branch 'nghttpx-fix-chunked-request-stall'
dce91ad3 Merge branch 'nghttpx-dont-log-authorization'
2cff8b43 nghttpx: Fix bug that chunked request stalls
be96654d nghttpx: Don't log authorization request header field value with -LINFO
ce962c3f Merge branch 'update-http-parser'
f931504e Update http-parser to v2.9.1
d978f351 Fix bug that on_header callback is still called after stream is closed
ec519f22 Merge pull request #1270 from baitisj/master
e8b213e3 Bump up version number to 1.38.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-22 13:42:24 +02:00
Hans Dedecker
399aa0b933 odhcpd: update to latest git HEAD (FS#2243, FS#2244)
6633efe router: fix dns search list option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-19 19:24:39 +02:00
Rosy Song
524810ce6d dropbear: allow build without dbclient
This can save ~16KBytes size for the ipk

Signed-off-by: Rosy Song <rosysong@rosinson.com>
2019-04-18 22:34:19 +02:00
Rafał Miłecki
083056c83f mac80211: brcm: backport brcmfmac 5.2 patches
This includes some USB fixes and early work on FullMAC firmware crash
recovery.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-04-18 10:16:10 +02:00
Hans Dedecker
e20c2909a5 odhcpd: update to latest git HEAD (FS#2206)
38bc630 router: use ra_lifetime as lifetime for RA options (FS#2206)
0523bdd router: improve code readibility
0a3b279 Revert "router:"
207f8e0 treewide: align syslog loglevels
f1d7da9 router:
0e048ac treewide: fix compiler warnings
83698f6 CMakeList.txt: enable extra compiler checks

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-17 14:43:38 +02:00
Eneas U de Queiroz
450d44a8ea openssl: change defaults: ENGINE:on, NPN:off, misc
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enable engine support by default.  Right now, some packages require
this, so it is always enabled by the bots.  Many packages will compile
differently when engine support is detected, needing engine symbols from
the libraries.

However, being off by default, a user compiling its own image will fail
to run some popular packages from the official repo.
Note that disabling engines did not work in 1.0.2, so this problem never
showed up before.

NPN support has been removed in major browsers & servers, and has become
a small bloat, so it does not make sense to leave it on by default.

Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-17 11:26:55 +02:00
Lucian Cristian
e762f5d44a kernel: Fix kmod-drm-amdgpu and kmod-drm-radeon dependencies
Currently the Geode builds fails on following kernel module missing
dependencies:

 Package kmod-drm-amdgpu is missing dependencies for the following libraries:
 backlight.ko
 drm_kms_helper.ko
 fb.ko
 ttm.ko

So this patch tries to fix the kmod-drm-amdgpu module dependecies.

Fixes: 2f239c0 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918e ("x86: video: add radeon DRM module support")
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-04-16 22:51:29 +02:00
Martin Schiller
e79b9601bf procd/hotplug: add dependency to dialout and audio group
Commit 6e060bd62c introduced a dependency to the dialout group.
Adding this group to the "group" file in the base-files package is not
enough to handle this dependency, because after a sysupgrade this entry
will be missing in the "group" file.

To address this problem the dependencies to the required groups needs to
be set in the Makefile of the procd package.
Then, the uci-default script "13_fix_group_user" will add the groups
on first boot-up after a sysupgrade.

Fixes: 6e060bd62c ("base-files/hotplug: fix dedicated group for tty devices")
Tested-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2019-04-16 22:51:29 +02:00
Hans Dedecker
3e803499c3 netifd: update to latest git HEAD
666c14f system-linux: remove debug tracing
08989e4 interface: add neighbor config support
bfd4de3 interface: fix "if-down" hotplug event handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-15 23:20:20 +02:00
Christian Lamparter
d599890efd layerscape: unbreak ehci-fsl interaction with mpc85xx
Both targets have their own idea of how to use ehci-fsl.
This patch reverts part of commit
68b8d3b079 ("kernel: usb: add FSL EHCI package") and moves
ehci-fsl back into kmod-usb2, while also making it hopefully
useable for the mpc85xx target.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-04-15 00:20:56 +02:00
Petr Štetiar
ecdd26fe2b umbim: update to latest git HEAD
24f9dc7 Iron out all extra compiler warnings
9d8dbc9 Enable extra compiler checks
ff8d356 mbim-proxy support
ccca03f umbim: add registration set support

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-15 00:01:57 +02:00
Petr Štetiar
8293e7532f mac80211: Fix rate_idx underflow in mwl8k (FS#2218)
Add a patch for mwl8k which fixes endless reboot loops on Linksys EA4500
with certain 5G configurations.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-14 23:42:03 +02:00
David Bauer
68b8d3b079 kernel: usb: add FSL EHCI package
Add kernel module package for the Freescale USB2 EHCI used on the
mpc85xx platform.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-04-13 15:09:09 +02:00
Daniel Golle
9385ff654e mac80211: rt2x00: replace patch with upstream version
Replace the patch introduced by commit d0b969eee8 ("mac80211: rt2x00:
do not increment sequence number while re-transmitting") was merged
into wireless-drivers.git. Replace our version with the merged version.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-12 22:14:47 +02:00
Daniel Golle
44ae5f37fb uboot-envtools: fix fw_env.config for ox820/stg-212
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-11 19:21:55 +02:00
Stefan Lippers-Hollmann
8f17c019a1 hostapd: fix CVE-2019-9497, CVE-2019-9498, CVE-2019-9499
EAP-pwd missing commit validation

Published: April 10, 2019
Identifiers:
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for
  scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for
  scalar/element)

Latest version available from: https://w1.fi/security/2019-4/

Vulnerability

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate the received scalar and element
values in EAP-pwd-Commit messages properly. This could result in attacks
that would be able to complete EAP-pwd authentication exchange without
the attacker having to know the used password.

A reflection attack is possible against the EAP-pwd server since the
hostapd EAP server did not verify that the EAP-pwd-Commit contains
scalar/element values that differ from the ones the server sent out
itself. This allows the attacker to complete EAP-pwd authentication
without knowing the password, but this does not result in the attacker
being able to derive the session key (MSK), i.e., the attacker would not
be able to complete the following key exchange (e.g., 4-way handshake in
RSN/WPA).

An attack using invalid scalar/element values is possible against both
the EAP-pwd server and peer since hostapd and wpa_supplicant did not
validate these values in the received EAP-pwd-Commit messages. If the
used crypto library does not implement additional checks for the element
(EC point), this could result in attacks where the attacker could use a
specially crafted commit message values to manipulate the exchange to
result in deriving a session key value from a very small set of possible
values. This could further be used to attack the EAP-pwd server in a
practical manner. An attack against the EAP-pwd peer is slightly more
complex, but still consider practical. These invalid scalar/element
attacks could result in the attacker being able to complete
authentication and learn the session key and MSK to allow the key
exchange to be completed as well, i.e., the attacker gaining access to
the network in case of the attack against the EAP server or the attacker
being able to operate a rogue AP in case of the attack against the EAP
peer.

While similar attacks might be applicable against SAE, it should be
noted that the SAE implementation in hostapd and wpa_supplicant does
have the validation steps that were missing from the EAP-pwd
implementation and as such, these attacks do not apply to the current
SAE implementation. Old versions of wpa_supplicant/hostapd did not
include the reflection attack check in the SAE implementation, though,
since that was added in June 2015 for v2.5 (commit 6a58444d27fd 'SAE:
Verify that own/peer commit-scalar and COMMIT-ELEMENT are different').

Vulnerable versions/configurations

All hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build
configuration and EAP-pwd being enabled in the runtime configuration)
are vulnerable against the reflection attack.

All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration) are vulnerable against the invalid
scalar/element attack when built against a crypto library that does not
have an explicit validation step on imported EC points. The following
list indicates which cases are vulnerable/not vulnerable:
- OpenSSL v1.0.2 or older: vulnerable
- OpenSSL v1.1.0 or newer: not vulnerable
- BoringSSL with commit 38feb990a183 ('Require that EC points are on the
  curve.') from September 2015: not vulnerable
- BoringSSL without commit 38feb990a183: vulnerable
- LibreSSL: vulnerable
- wolfssl: vulnerable

Acknowledgments

Thanks to Mathy Vanhoef (New York University Abu Dhabi) for discovering
and reporting the issues and for proposing changes to address them in
the implementation.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  CVE-2019-9497:
  EAP-pwd server: Detect reflection attacks

  CVE-2019-9498:
  EAP-pwd server: Verify received scalar and element
  EAP-pwd: Check element x,y coordinates explicitly

  CVE-2019-9499:
  EAP-pwd client: Verify received scalar and element
  EAP-pwd: Check element x,y coordinates explicitly

  These patches are available from https://w1.fi/security/2019-4/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
57ab9e3add hostapd: fix CVE-2019-9496
hostapd: fix SAE confirm missing state validation

Published: April 10, 2019
Identifiers:
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
Latest version available from: https://w1.fi/security/2019-3/

Vulnerability

When hostapd is used to operate an access point with SAE (Simultaneous
Authentication of Equals; also known as WPA3-Personal), an invalid
authentication sequence could result in the hostapd process terminating
due to a NULL pointer dereference when processing SAE confirm
message. This was caused by missing state validation steps when
processing the SAE confirm message in hostapd/AP mode.

Similar cases against the wpa_supplicant SAE station implementation had
already been tested by the hwsim test cases, but those sequences did not
trigger this specific code path in AP mode which is why the issue was
not discovered earlier.

An attacker in radio range of an access point using hostapd in SAE
configuration could use this issue to perform a denial of service attack
by forcing the hostapd process to terminate.

Vulnerable versions/configurations

All hostapd versions with SAE support (CONFIG_SAE=y in the build
configuration and SAE being enabled in the runtime configuration).

Possible mitigation steps

- Merge the following commit to hostapd and rebuild:

  SAE: Fix confirm message validation in error cases

  These patches are available from https://w1.fi/security/2019-3/

- Update to hostapd v2.8 or newer, once available

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
262229e924 hostapd: fix CVE-2019-9495
EAP-pwd side-channel attack

Published: April 10, 2019
Identifiers:
- CVE-2019-9495 (cache attack against EAP-pwd)
Latest version available from: https://w1.fi/security/2019-2/

Vulnerability

Number of potential side channel attacks were recently discovered in the
SAE implementations used by both hostapd and wpa_supplicant (see
security advisory 2019-1 and VU#871675). EAP-pwd uses a similar design
for deriving PWE from the password and while a specific attack against
EAP-pwd is not yet known to be tested, there is no reason to believe
that the EAP-pwd implementation would be immune against the type of
cache attack that was identified for the SAE implementation. Since the
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) does not support MODP groups, the timing attack described against
SAE is not applicable for the EAP-pwd implementation.

A novel cache-based attack against SAE handshake would likely be
applicable against the EAP-pwd implementation. Even though the
wpa_supplicant/hostapd PWE derivation iteration for EAP-pwd has
protections against timing attacks, this new cache-based attack might
enable an attacker to determine which code branch is taken in the
iteration if the attacker is able to run unprivileged code on the victim
machine (e.g., an app installed on a smart phone or potentially a
JavaScript code on a web site loaded by a web browser). This depends on
the used CPU not providing sufficient protection to prevent unprivileged
applications from observing memory access patterns through the shared
cache (which is the most likely case with today's designs).

The attacker could use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full recovery of the used password if that password is
not strong enough to protect against dictionary attacks.

This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on an authentication server
(EAP server), so the most likely target for this would be a client
device using EAP-pwd.

The commits listed in the end of this advisory change the EAP-pwd
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.

Vulnerable versions/configurations

All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration).

It should also be noted that older versions of wpa_supplicant/hostapd
prior to v2.7 did not include additional protection against certain
timing differences. The definition of the EAP-pwd (RFC 5931) does not
describe such protection, but the same issue that was addressed in SAE
earlier can be applicable against EAP-pwd as well and as such, that
implementation specific extra protection (commit 22ac3dfebf7b, "EAP-pwd:
Mask timing of PWE derivation") is needed to avoid showing externally
visible timing differences that could leak information about the
password. Any uses of older wpa_supplicant/hostapd versions with EAP-pwd
are recommended to update to v2.7 or newer in addition to the mitigation
steps listed below for the more recently discovered issue.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  OpenSSL: Use constant time operations for private bignums
  Add helper functions for constant time operations
  OpenSSL: Use constant time selection for crypto_bignum_legendre()
  EAP-pwd: Use constant time and memory access for finding the PWE

  These patches are available from https://w1.fi/security/2019-2/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

- Use strong passwords to prevent dictionary attacks

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
af606d077f hostapd: fix CVE-2019-9494
SAE side-channel attacks

Published: April 10, 2019
Identifiers:
- VU#871675
- CVE-2019-9494 (cache attack against SAE)
Latest version available from: https://w1.fi/security/2019-1/

Vulnerability

Number of potential side channel attacks were discovered in the SAE
implementations used by both hostapd (AP) and wpa_supplicant
(infrastructure BSS station/mesh station). SAE (Simultaneous
Authentication of Equals) is also known as WPA3-Personal. The discovered
side channel attacks may be able to leak information about the used
password based on observable timing differences and cache access
patterns. This might result in full password recovery when combined with
an offline dictionary attack and if the password is not strong enough to
protect against dictionary attacks.

Cache attack

A novel cache-based attack against SAE handshake was discovered. This
attack targets SAE with ECC groups. ECC group 19 being the mandatory
group to support and the most likely used group for SAE today, so this
attack applies to the most common SAE use case. Even though the PWE
derivation iteration in SAE has protections against timing attacks, this
new cache-based attack enables an attacker to determine which code
branch is taken in the iteration if the attacker is able to run
unprivileged code on the victim machine (e.g., an app installed on a
smart phone or potentially a JavaScript code on a web site loaded by a
web browser). This depends on the used CPU not providing sufficient
protection to prevent unprivileged applications from observing memory
access patterns through the shared cache (which is the most likely case
with today's designs).

The attacker can use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full discovery of the used password.

This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on access points, so the
most likely target for this would be a client device using SAE in an
infrastructure BSS or mesh BSS.

The commits listed in the end of this advisory change the SAE
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.

Timing attack

The timing attack applies to the MODP groups 22, 23, and 24 where the
PWE generation algorithm defined for SAE can have sufficient timing
differences for an attacker to be able to determine how many rounds were
needed to find the PWE based on the used password and MAC
addresses. When the attack is repeated with multiple times, the attacker
may be able to gather enough information about the password to be able
to recover it fully using an offline dictionary attack if the password
is not strong enough to protect against dictionary attacks. This attack
could be performed by an attacker in radio range of an access point or a
station enabling the specific MODP groups.

This timing attack requires the applicable MODP groups to be enabled
explicitly in hostapd/wpa_supplicant configuration (sae_groups
parameter). All versions of hostapd/wpa_supplicant have disabled these
groups by default.

While this security advisory lists couple of commits introducing
additional protection for MODP groups in SAE, it should be noted that
the groups 22, 23, and 24 are not considered strong enough to meet the
current expectation for a secure system. As such, their use is
discouraged even if the additional protection mechanisms in the
implementation are included.

Vulnerable versions/configurations

All wpa_supplicant and hostapd versions with SAE support (CONFIG_SAE=y
in the build configuration and SAE being enabled in the runtime
configuration).

Acknowledgments

Thanks to Mathy Vanhoef (New York University Abu Dhabi) and Eyal Ronen
(Tel Aviv University) for discovering the issues and for discussions on
how to address them.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  OpenSSL: Use constant time operations for private bignums
  Add helper functions for constant time operations
  OpenSSL: Use constant time selection for crypto_bignum_legendre()
  SAE: Minimize timing differences in PWE derivation
  SAE: Avoid branches in is_quadratic_residue_blind()
  SAE: Mask timing of MODP groups 22, 23, 24
  SAE: Use const_time selection for PWE in FFC
  SAE: Use constant time operations in sae_test_pwd_seed_ffc()

  These patches are available from https://w1.fi/security/2019-1/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

- In addition to either of the above alternatives, disable MODP groups
  1, 2, 5, 22, 23, and 24 by removing them from hostapd/wpa_supplicant
  sae_groups runtime configuration parameter, if they were explicitly
  enabled since those groups are not considered strong enough to meet
  current security expectations. The groups 22, 23, and 24 are related
  to the discovered side channel (timing) attack. The other groups in
  the list are consider too weak to provide sufficient security. Note
  that all these groups have been disabled by default in all
  hostapd/wpa_supplicant versions and these would be used only if
  explicitly enabled in the configuration.

- Use strong passwords to prevent dictionary attacks

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Hans Dedecker
d1739c6c9a procd: update to latest git HEAD
baaf38c procd: instance: Support deleting stopped instances

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-10 14:16:53 +02:00
Florian Eckert
2101002b3d wireguard: remove obvious comments
Remove obvious comments to save disk space.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-04-09 22:25:11 +02:00
Florian Eckert
78b6931a1a wireguard: converted whitespaces from space to tab
With this change, the file is reduced from 5186 bytes to 4649 bytes that
its approximately 10.5 percent less memory consumption. For small
devices, sometimes every byte counts.
Also, all other protocol handler use tabs instead of spaces.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-04-09 22:25:02 +02:00
Hans Dedecker
c8a8294f6e ethtool: bump to 5.0
170d821 Release version 5.0.
909f8c0 Revert "ethtool: change to new sane powerpc64 kernel headers"
a484274 ethtool: dsa: mv88e6xxx: add pretty dump for others
034a17b ethtool: dsa: mv88e6xxx: add pretty dump for 88E6390
7f1cc44 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6352
a13a053 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6161
4e98029 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6185
ff99e46 ethtool: dsa: mv88e6xxx: add pretty dump
cb8e980 ethtool: dsa: add pretty dump
4df55c8 ethtool: change to new sane powerpc64 kernel headers
0cb963e ethtool: zero initialize coalesce struct
8f05538 ethtool: don't report UFO on kernels v4.14 and above

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-09 14:27:59 +02:00
Daniel Gimpelevich
f61e754522 ath79: add support for Netgear EX6400 and EX7300
This is sold as a dual-band 802.11ac range extender. It has a sliding
switch for Extender mode or Access Point mode, a WPS button, a recessed
Reset button, a hard-power button, and a multitude of LED's, some
multiplexed via an NXP 74AHC164D chip. The internal serial header pinout is
Vcc, Tx, Rx, GND, with GND closest to the corner of the board. You may
connect at 115200 bps, 8 data bits, no parity, 1 stop bit.

Specification:
- System-On-Chip: QCA9558
- CPU/Speed: 720 MHz
- Flash-Chip: Winbond 25Q128FVSG
- Flash size: 16 MiB
- RAM: 128 MiB
- Wireless No1: QCA9558 on-chip 2.4GHz 802.11bgn, 3x3
- Wireless No2: QCA99x0 chip 5GHz 802.11an+ac, 4x4
- PHY: Atheros AR8035-A

Installation:
If you can get to the stock firmware's firmware upgrade option, just feed
it the factory.img and boot as usual. As an alternative, TFTP the
factory.img to the bootloader.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
[whitespace fix in DTS and reorder of make variables]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-09 11:09:26 +02:00
Petr Štetiar
adb0a420e5 uboot-envtools: imx6: Add support for Toradex Apalis board family
This patch is needed in order to be able to use fw_{set,print}env
commands.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-08 18:37:03 +02:00
Petr Štetiar
136001675e uboot-imx6: Add support for Toradex Apalis board family
This patch is needed in order to properly boot OpenWrt bootscript.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-08 18:37:03 +02:00
Hans Dedecker
80568e5854 dropbear: bump to 2019.78
Fix dbclient regression in 2019.77. After exiting the terminal would be left
in a bad state. Reported by Ryan Woodsmall

drop patch applied upstream:
	010-tty-modes-werent-reset-for-client.patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-07 20:32:55 +02:00
Stijn Tintel
310e2764a8 ubox: bump to git HEAD
5130fa4 kmodloader: fix and optimize loading of failed modules

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-04-07 19:37:18 +03:00
Michael Heimpold
32a6c252db wpan-tools: clean up Makefile
When we only call the default, we do not need to define it explicitly.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-04-06 19:14:06 +02:00
Michael Heimpold
007e947976 fconfig: cleanup Makefile
We do not need to define an empty Build/Configure since
the default checks for existing ./configure and does nothing
in case nothing is found.

Similar for Build/Compile: we can remove the definition
when we only call the default.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-04-06 19:14:06 +02:00
Rosen Penev
2a8175a7ac kernel: Add RIPEMD160 module
After getting rid of cryptsetup's heavy openssl dependency, there is now
the problem of missing RIPEMD160 support. RIPEMD160 is used for True/Vera
crypt volumes as well as old LUKS1 ones.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-04-06 19:14:06 +02:00
Tomasz Maciej Nowak
afef17e24d base-files: add leds migration
Currently leds migration scripts in ar71xx and lantiq share a lot of
logic and introducing leds migration to another target would mean
copying this code, again. Therefore add common logic to library in
base-files package.

Suggested-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 19:14:05 +02:00
Jason A. Donenfeld
549d44736a wireguard: bump to 0.0.20190406
* allowedips: initialize list head when removing intermediate nodes

Fix for an important regression in removing allowed IPs from the last
snapshot. We have new test cases to catch these in the future as well.

* tools: warn if an AllowedIP has a nonzero host part

If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8)
will now print a warning. Even though we mask this automatically down to
192.168.1.0/24, usually when people specify it like this, it's a mistake.

* wg-quick: add 'strip' subcommand

The new strip subcommand prints the config file to stdout after stripping
it of all wg-quick-specific options. This enables tricks such as:
`wg addconf $DEV <(wg-quick strip $DEV)`.

* tools: avoid unneccessary next_peer assignments in sort_peers()

Small C optimization the compiler was probably already doing.

* peerlookup: rename from hashtables
* allowedips: do not use __always_inline
* device: use skb accessor functions where possible

Suggested tweaks from Dave Miller.

* blake2s: simplify
* blake2s: remove outlen parameter from final

The blake2s implementation has been simplified, since we don't use any of the
fancy tree hashing parameters or the like. We also no longer separate the
output length at initialization time from the output length at finalization
time.

* global: the _bh variety of rcu helpers have been unified
* compat: nf_nat_core.h was removed upstream
* compat: backport skb_mark_not_on_list

The usual assortment of compat fixes for Linux 5.1.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-04-06 17:26:47 +02:00
Luis Araneda
177a634e18 kernel: can: add Xilinx CAN IP kernel module package
This driver is required to use the CAN IP on devices
from the zynq target

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-04-06 16:31:10 +02:00
Luis Araneda
82b0230bc1 kernel: sound: add missing symbol to sound-soc-core
This fixes compilation on zynq target when migrating
to sound kmod packages

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-04-06 16:31:10 +02:00
Hauke Mehrtens
3183430df4 mac80211: update to version 4.19.32-1
The removed patches are now integrated in the upstream kernel.
Refresh all patches on top of the new backports release.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 16:31:04 +02:00
Josef Schlehofer
4ebd66d7a9 mbedtls: update to version 2.16.1
Refreshed patches

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 16:30:43 +02:00
Tomasz Maciej Nowak
6541897796 kernel: package rtc-em3027 module
Support for Microelectronic EM3027 real time clock chip.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Tomasz Maciej Nowak
1b3dda179a uboot-tegra: add U-Boot for tegra boards
Add U-Boot for NVIDIA Tegra based boards, with the first being CompuLab
TrimSlice. This is part of initial support for this board.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Tomasz Maciej Nowak
42f96ed941 tegra: add new target
New target introduces initial support for NVIDIA Tegra SoC based devices.
It focuses on Tegra 2 CPUs, for successors supporting NEON instruction
set the target should be split in two subtargets.
This initial commit doesn't create any device image, it's groundwork
for further additions.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Daniel Engberg
de3eb0d8a0 curl: Update to 7.64.1
Update curl to 7.64.1
Remove deprecated patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 13:40:29 +02:00
Hans Dedecker
f483274422 odhcpd: update to latest git HEAD
65a9519 ndp: create ICMPv6 socket per interface
c6dae8e router: create ICMPv6 socket per interface
e7b1d4b treewide: initialize properly file descriptors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-05 12:04:01 +02:00
Michael Heimpold
6e060bd62c base-files/hotplug: fix dedicated group for tty devices
Commit 124ab1dc0a and 5523ee3459 introduced the assignment of the
group "tty" to /dev/tty* devices in order to support unprivileged
user access to serial devices.

However, due to an improperly rebased commit this feature broke.

This patch restores the lost hunk in hotplug.json file to
re-introduce this feature and also renames the existing "tty" group
to "dialout" as this is the more typical name for such a group
on desktop systems.

Fixes: 5209cfa534 ("procd: fix hotplug.json syntax")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2019-04-04 17:09:40 +02:00
Felix Fietkau
b3d8b3ab8e mac80211: set noscan=1 if sta/adhoc/mesh interfaces are present
Fixes channel selection issues and suppresses an unnecessary extra scan

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-03 10:40:09 +02:00
Felix Fietkau
1dd536f1fa mac80211: improve performance by deferring tx queue selection
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-03 10:40:09 +02:00
Magnus Kroken
701b8d0050 openvpn: openssl: explicitly depend on deprecated APIs
OpenVPN as of 2.4.7 uses some OpenSSL APIs that are deprecated in
OpenSSL >= 1.1.0.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [white space fix]
2019-04-03 10:00:39 +02:00
Hans Dedecker
848d85d13b netifd: update to latest git HEAD
361b3e4 proto-shell: return error in case setup fails
a97297d interface: set interface in TEARDOWN state when checking link state

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-01 23:12:29 +02:00
Magnus Kroken
4376c06e80 openvpn: update to 2.4.7
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2019-04-01 11:23:43 +02:00
Kabuli Chana
6ba3d70c95 mwlwifi: Fix pcie timeout issue
Increase MAX_WAIT_FW_COMPLETE_ITERATIONS to 10000 as before commit
e5e0700 to prevent timeout as reported here: #308 (Original OP issue is
probably not related though as his post preceeds commit e5e0700).

compile/test target mvebu/mamba, rango

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
[commit subject and message tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-01 10:05:49 +02:00
Christian Lamparter
fbe2e7d15e ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1 / 10.1:
2019-03-28: Fix sometimes using bad TID for management frames
	    in htt-mgt mode. (Backported from wave2, looks
	    like bug would be the same though.)

Release notes for wave-2 / 10.4:
2019-03-28: Fix off-channel scanning while associated in
	    proxy-station mode.

2019-03-29: Fix sometimes sending mgt frames on wrong tid when
	    using htt-mgt. This bug has been around since I first
	    enabled htt-mgt mode.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-30 10:36:31 +01:00
Hans Dedecker
6df5ab89cf odhcpd: update to latest git HEAD
7798d50 netlink: rework IPv4 address refresh logic
0b20876 netlink: rework IPv6 address refresh logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-29 15:55:08 +01:00
Daniel Golle
b0395cfc56 iwinfo: Fix 802.11ad channel to frequency
c2cfe9d iwinfo: Fix 802.11ad channel to frequency

Fixes 9725aa271a ("iwinfo: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-28 15:20:58 +01:00
Petr Štetiar
1e55171a12 fstools: update to the latest master branch
ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant
bc2c876 libfstools: Print error in case of loop blkdev failure

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-03-28 12:57:08 +01:00
Alexander Couzens
95f07502b7
package/uboot-omap: backport patches to fix build
* 106: fix build when libfdt-devel is installed on host
* 107: fix stdbool.h includes

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-03-28 02:10:12 +01:00
Daniel Golle
28920330f8 wireguard: introduce 'nohostroute' option
Instead of creating host-routes depending on fwmark as (accidentally)
pushed by commit
1e8bb50b93 ("wireguard: do not add host-dependencies if fwmark is set")
use a new config option 'nohostroute' to explicitely prevent creation
of the route to the endpoint.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:59:03 +01:00
Daniel Golle
1e8bb50b93 wireguard: do not add host-dependencies if fwmark is set
The 'fwmark' option is used to define routing traffic to
wireguard endpoints to go through specific routing tables.
In that case it doesn't make sense to setup routes for
host-dependencies in the 'main' table, so skip setting host
dependencies if 'fwmark' is set.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:53:14 +01:00
Hans Dedecker
b2152c8e6b odhcpd: update to latest git HEAD (FS#2204)
420945c netlink: fix IPv6 address updates (FS#2204)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-27 21:05:07 +01:00
Koen Vandeputte
555ee02f77 kernel: fix missing dependency in 4.14.108
The 4.14.108 bump introduced a missing dependency when building
specific netfilters.

Thsi was not seen as the error does not occur on all targets.

Thanks to Jo-Philipp Wich for providing the fix

Fixes: af6c86dbe5 ("kernel: bump 4.14 to 4.14.108")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-27 16:46:39 +01:00
Felix Fietkau
b65a270c85 mt76: update to the latest version
f2a18f5 mt76x02: introduce mt76x02_beacon.c
91ade88 mt76x02: add hrtimer for pre TBTT for USB
6370485 mt76x02: introduce beacon_ops
37af803 mt76x02u: implement beacon_ops
41d6190 mt76x02: generalize some mmio beaconing functions
dcccc04 mt76x02u: add sta_ps
5ac5289 mt76x02: disable HW encryption for group frames
e284cc2 mt76x02u: implement pre TBTT work for USB
77e56b8 mt76x02: make beacon slots bigger for USB
d4c740f mt76x02u: add mt76_release_buffered_frames
65e6344 mt76: unify set_tim
f720e49 mt76x02: enable AP mode for USB
cf1838d mt76usb: change mt76u_submit_buf
16b2ccf mt76: remove rx_page_lock
e1bfbeb mt76usb: change mt76u_fill_rx_sg arguments
e9c0171 mt76usb: use usb_dev private data
a4eb5db mt76usb: remove mt76u_buf redundant fileds
3f9b68d mt76usb: move mt76u_buf->done to queue entry
4a366bd mt76usb: remove mt76u_buf and use urb directly
0904bc4 mt76usb: remove MT_RXQ_MAIN queue from mt76u_urb_alloc
42f2899 mt76usb: resue mt76u_urb_alloc for tx
4d4d73a mt76usb: remove unneded sg_init_table
57309c7 mt76usb: allocate urb and sg as linear data
2e89721 mt76usb: remove queue variable from rx_tasklet
30a256a mt76x02: remove extra_tx_headroom (obsoleted by mac8211 skb aligning)
ae166b0 Revert "mt76: mt7603: store software PN/IV in wcid"
bf6e72d Revert "mt76: mt76x02: store software PN/IV in wcid"
a11b673 mt76: fix tx power issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-27 13:05:03 +01:00
Hauke Mehrtens
6af639e0bf linux: Add kmod-sched-act-vlan
This allows to configure rules to push or pop vlan headers.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
72c7e2dc46 linux: Add kmod-sched-flower
This allows to classify packets based on a configurable combination
of packet keys and masks.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
f83522fa63 linux: Add kmod-sched-mqprio
This adds Multi-queue priority scheduler (MQPRIO).

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
187ab0bceb linux: Add kmod-crxypto-xcbc
This can be used for IPsec.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Konstantin Demin
01964148c6 dropbear: split ECC support to basic and full
- limit ECC support to ec*-sha2-nistp256:
  * DROPBEAR_ECC now provides only basic support for ECC
- provide full ECC support as an option:
  * DROPBEAR_ECC_FULL brings back support for ec{dh,dsa}-sha2-nistp{384,521}
- update feature costs in binary size

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:35 +01:00
Konstantin Demin
5eb7864aad dropbear: rewrite init script startup logic to handle both host key files
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
6145e59881 dropbear: change type of config option "Port" to scalar type "port"
it was never used anywhere, even LuCI works with "Port" as scalar type.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
5d27b10c61 dropbear: introduce config option "keyfile" (replacement for "rsakeyfile")
* option "keyfile" is more generic than "rsakeyfile".
* option "rsakeyfile" is considered to be deprecated and should be removed
  in future releases.
* warn user (in syslog) if option "rsakeyfile" is used
* better check options ("rsakeyfile" and "keyfile"): don't append
  "-r keyfile" to command line if file is absent (doesn't exist or empty),
  warn user (in syslog) about such files

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
efc533cc2f dropbear: add initial support for ECC host key
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
c40a84cc15 dropbear: fix regression where TTY modes weren't reset for client
cherry-pick upstream commit 7bc6280613f5ab4ee86c14c779739070e5784dfe

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
ddf1a06326 dropbear: honour CFLAGS while building bundled libtomcrypt/libtommath
Felix Fietkau pointed out that bundled libtomcrypt/libtommath do funny stuff with CFLAGS.
fix this with checking environment variable OPENWRT_BUILD in both libs.
change in dropbear binary size is drastical: 221621 -> 164277.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
9c3bfd0906 dropbear: fix hardening flags during configure
compiler complains about messed up CFLAGS in build log:
  <command-line>: warning: "_FORTIFY_SOURCE" redefined
  <command-line>: note: this is the location of the previous definition

and then linker fails:
  mips-openwrt-linux-musl-gcc [...] -o dropbearmulti [...]
  collect2: fatal error: ld terminated with signal 11 [Segmentation fault]
  compilation terminated.
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans0.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans1.ltrans.o: relocation R_MIPS_HI16 against `ses' can not be used when making a shared object; recompile with -fPIC
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans2.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
  [...]
  /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550
  make[3]: *** [Makefile:198: dropbearmulti] Error 1
  make[3]: *** Deleting file 'dropbearmulti'
  make[3]: Leaving directory '/build_dir/target-mips_24kc_musl/dropbear-2018.76'
  make[2]: *** [Makefile:158: /build_dir/target-mips_24kc_musl/dropbear-2018.76/.built] Error 2
  make[2]: Leaving directory '/package/network/services/dropbear'

This FTBFS issue was caused by hardening flags set up by dropbear's configure script.

By default, Dropbear offers hardening via CFLAGS and LDFLAGS,
but this may break or confuse OpenWrt settings.

Remove most Dropbear's hardening settings in favour of precise build,
but preserve Spectre v2 mitigations:
* -mfunction-return=thunk
* -mindirect-branch=thunk

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
a1099edf32 dropbear: bump to 2019.77
- drop patches applied upstream:
  * 010-runtime-maxauthtries.patch
  * 020-Wait-to-fail-invalid-usernames.patch
  * 150-dbconvert_standalone.patch
  * 610-skip-default-keys-in-custom-runs.patch
- refresh patches
- move OpenWrt configuration from patch to Build/Configure recipe,
  thus drop patch 120-openwrt_options.patch

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:32 +01:00
Christian Lamparter
616ec4365c ath10k-ct: Update to 2019-03-25
2e917efb607f ath10k: Add slow-pci bus work-around, sw-crypt blockack support.
cc73ceb0dbc7 ath10k: Fix out-of-tree compile for 4.16 driver.
4b3cf7c20972 ath10k: Improve tx-status reporting.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-25 21:19:40 +01:00
Christian Lamparter
f803ee3ba9 ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1:

- 2019-03-12: Add btcoex feature flag for 2.4Ghz only adapters,
	      backported from upstream 10.2 firmware.

- 2019-03-12: Support offloading decrypt of PMF blockack frames
	      to the host. This lets us do blockack with PMF and
	      rx-sw-crypt. Normal hwcrypt scenarios would not need this.

Release notes for wave-2:

- 2019-03-12: Fix crash when tearing down VI TID when pending frames
	      exist. Could reproduce this while doing rmmod when VI
	      traffic was flowing and PMF was enabled but broken.
	      Bad luck could rarely cause it to happen in more normal
	      config too.

- 2019-03-12: Support offloading decrypt of PMF blockack frames to
	      the host.  This lets us do blockack with PMF and
	      rx-sw-crypt. Normal hwcrypt scenarios would not need this.

- 2019-03-12: Re-work problematic patch that attempted to fix transmit
	      on non-QOS tids. It appears buggy in several ways,
	      hopefully improved now.  This was introduced last fall.
	      See github bug 78.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-25 21:19:39 +01:00
Felix Fietkau
503edc913b mt76: update to the latest version
4d8c7e8 mt76: mt76x02: send no-skb tx status without holding the status lock
7e9e9ad mt76: mt7603: add missing initialization for dev->ps_lock
3a7e6bb mt76: fix potential deadlock on cancelling workqueues
deacb8f mt76: fix using mac80211 tx skb header padding
c9402eb mt76: use napi polling for tx cleanup
60e508e mt76: use readl/writel instead of ioread32/iowrite32
5912e8a mt7603: fix sequence number assignment
95a83cc mt7603: send BAR after powersave wakeup

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-23 18:03:38 +01:00
Hauke Mehrtens
94ffb7be4d netifd: update to latest git HEAD
a8cf037 netifd: wireless: Add support for GCMP cipher
34a70b6 netifd: wireless: Add support for 802.11ad

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-21 17:07:52 +01:00
Hauke Mehrtens
0168af502b ubox: update to latest git HEAD
a782779 kmodloader: increase module name length

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-21 17:07:47 +01:00
Hauke Mehrtens
9725aa271a iwinfo: update to latest git HEAD
ce1814b iwinfo: Add device ID for Wilocity Wil6210
a8e8275 iwinfo: Add support for 802.11ad

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-21 17:07:43 +01:00
Hauke Mehrtens
b36d250b55 Revert "valgrind: enable LTO and refresh patches"
This reverts commit 0331770299.

With LTO enabled valgridn does not build on MIPS32 any more, deactivate
it for now. The patch refresh was not reverted.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-03-21 17:07:00 +01:00
Rosy Song
488e7ccfbc libnftnl: bump to latest version
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2019-03-21 17:05:44 +01:00
Eneas U de Queiroz
fc1386ccf8 openssl: revert disallowing parallel build
Openssl 1.1.0 made wholesale changes to its building system.
Apparently, parallel builds are working now.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-03-21 17:05:34 +01:00
Hans Dedecker
1ca69003fd odhcpd: update to latest git HEAD (FS#2160)
6d23385 dhcpv6: extra syslog tracing
b076916 dhcpv6/router: add support for mutiple master interfaces
e4a24dc ndp: fix adding proxy neighbor entries
4ca7f7e router: add extra syslog tracing
8318e93 netlink: fix neighbor event handling (FS#2160)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-21 16:06:10 +01:00
Christian Lamparter
41bceb0d4e uboot-fritz4040: fix PKG_MIRROR_HASH
The PKG_MIRROR_HASH was for some reason wrong.

Fixes: d75db67870 ("uboot-fritz4040: bump version to 2019-03-03")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-21 00:57:54 +01:00
Christian Lamparter
133bad46a6 adb: fix missing PKG_MIRROR_HASH
This package was missing a PKG_MIRROR_HASH value.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-21 00:57:54 +01:00
Ozgur Can Leonard
201d3d1a82 ramips: Xiaomi MIR3G: detect board name from DTS
- Former "mir3g" board name becomes "xiaomi,mir3g".
- Reorder some entries to maintain alphabetical order.
- Change DTS so status LEDs (yellow/red/blue) mimic
  Xiaomi stock firmware: (Section Indicator)
<http://files.xiaomi-mi.co.uk/files/router_pro/router%20PRO%20EN.pdf>
<http://files.xiaomi-mi.co.uk/files/Mi_WiFi_router_3/MiWiFi_router3_EN.pdf>
|Yellow: Update (LED flickering), the launch of the system (steady light);
|Blue: during normal operation (steady light);
|Red: Safe mode (display flicker), system failure (steady light);

Signed-off-by: Ozgur Can Leonard <ozgurcan@gmail.com>
[Added link to similar Router 3 model]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-21 00:57:54 +01:00
Josef Schlehofer
f22c33b40c ca-certificates: update to version 20190110
- Tested on Turris MOX, OpenWrt master
- Removed PKG_BUILD_DIR
In build_dir there were two folders
ca-certificates and ca-certificates-20190110 and it failed as files
were in ca-certificates-20190110

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
2019-03-21 00:57:54 +01:00
Steve Glennon
dc4f6b896f ipq40xx: add support for EnGenius ENS620EXT
Hardware
--------
CPU:   Qualcomm IPQ4018
RAM:   256M
FLASH: 32M SPI NOR W25Q256
ETH:   QCA8075
WiFi2: IPQ4018 2T2R 2SS b/g/n
WiFi5: IPQ4018 2T2R 2SS n/ac
LED:    - Power amber
        - LAN1(PoE) green
        - LAN2 green
        - Wi-Fi 2.4GHz green
        - Wi-Fi 5GHz green
BTN:    - WPS
UART:  115200n8 3.3V J1
       VCC(1) - GND(2) - TX(3) - RX(4)

Added basic support to get the device up and running for a sysupgrade
image only.
There is currently no way back to factory firmware, so this is a one-way
street to OpenWRT.
Install from factory condition is convoluted, and may brick your device:
1) Enable SSH and disable the CLI on the factory device from the web user
   interface (Management->Advanced)
2) Reboot the device
3) Override the default, limited SSH shell:
   a) Get into the ssh shell:
      ssh admin@192.168.1.1 /bin/sh --login
   b) Change the dropbear script to disable the limited shell. At the
      empty command prompt type:
        sed -i '/login_ssh/s/^/#/g’ dropbear
        /etc/init.d/dropbear restart
        exit
4) ssh in to a (now-) normal OpenWRT SSH session
5) Flash your built image
   a) scp openwrt-ipq40xx-engenius_ens620ext-squashfs-sysupgrade.bin
      admin@192.168.1.1:/tmp/
   b) ssh admin@192.168.1.1
   c) sysupgrade -n
      /tmp/openwrt-ipq40xx-engenius_ens620ext-squashfs-sysupgrade.bin
6) After flash completes (it may say "Upgrade failed" followed by
   "Upgrade completed") and device reboots, log in to newly flashed
   system. Note you will now need to ssh as root rather than admin.

Signed-off-by: Steve Glennon <s.glennon@cablelabs.com>
[whitespace fixes, reordered partitions, removed rng node from 4.14,
fixed 901-arm-boot-add-dts-files.patch]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-21 00:57:54 +01:00
Deng Qingfang
31078dbc76 iproute2: update to 5.0.0
Update iproute2 to 5.0.0
Remove upstream patch 001-tc-fix-undefined-XATTR_SIZE_MAX
Alter patch 170-ip_tiny as support for IPX and DECnet is dropped
Update patch 010-cake-fwmark to match upstream commit

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-03-20 21:48:04 +01:00
Felix Fietkau
38860fe2e4 mac80211: fix an issue with the TXQ scheduling API and powersave clients
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-20 10:41:30 +01:00
Felix Fietkau
ca9ad880f2 mac80211: improve the txq scheduling API to deal with driver buffered packets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-20 10:41:30 +01:00
Felix Fietkau
60659b2d9e mac80211: optimize skb resizing to avoid reallocation when using 802.11s + batman-adv
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-20 10:41:30 +01:00
Ryan Mounce
ffb2a3aa2a iproute2: add cake fwmark support
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2019-03-20 07:07:15 +10:30
Ryan Mounce
6d5762f6d8 kmod-sched-cake: bump to latest cake
Update the out of tree build of cake. Applicable patches are also in
net-next.

057c738 Fix fwmark_shft assignment (again)
ca6c162 Add support for storing mark back into conntrack
7ed9b6c Fix off-by-one error when setting fwmark_shft.
a4a243a sch_cake: Interpret fwmark parameter as a bitmask
29d707e Simplify logic in cake_select_tin()
8acaaee Permit use of connmarks as tin classifiers
348f186 Make the dual modes fairer
99a7297 compat: Don't lock root qdisc when dumping stats on old kernels

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2019-03-19 22:40:13 +10:30
Daniel Engberg
9b16a69941 usbutils: Update usb.ids to 0.321
Update usb.ids to 0.321

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-03-18 20:43:09 +01:00
Deng Qingfang
89c8232f78 ipset: size optimizations
ipset utility was linked statically to libipset. Disable static library for dynamic linking to save space.
Add -Wl,--gc-sections,--as-needed for further reduction

MIPS ipk size:
ipset: 29KiB -> 2KiB
libipset: 39KiB -> 38KiB

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-03-17 22:17:48 +01:00
Alexander Couzens
dd3214f95d
mac80211: netifd: Use a mask when using iw set antenna
The keyword "all" is only supported by `iw set antenna` if
it's used as the only argument.
Convert "all" into a mask before calling `iw set antenna`.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-03-16 21:16:28 +01:00
Felix Fietkau
8852a09d85 mt76: update to the latest version
00ac79d mt7603: fix initialization of max rx length
320af65 mt76: mt7603: use the correct hweight8() function
bdee924 mt76: fix schedule while atomic in mt76x02_reset_state
abcb544 mt76x02: do not enable RTS/CTS by default
e97a209 mt76: remove mt76_queue dependency from tx_queue_skb function pointer
ddd98f8 mt76: remove mt76_queue dependency from tx_prepare_skb function pointer
9bc2d56 mt76: remove mt76_queue dependency from tx_complete_skb function pointer
06c917f mt76: introduce mt76_sw_queue data structure
2dc63b0 mt76: introduce mt76_txq_id field in mt76_queue_entry
312f6fc mt76: remove irqsave/restore in locking for tx status fifo
0fe6386 mt76: move mt76x02_insert_hdr_pad in mt76-core module
efe9a47 mt76: mmio: move mt76_insert_hdr_pad in mt76_dma_tx_queue_skb
0b03f87 mt76: move skb dma mapping before running tx_prepare_skb
f977a92 mt76: introduce mt76_tx_info data structure
72fe286 mt76: use mac80211 txq scheduling
b77b932 mt76: reduce locking in mt76_dma_tx_cleanup
c0ab515 mt76: store wcid tx rate info in one u32 reduce locking
f37ad72 mt76: mt76x02: store software PN/IV in wcid
5323005 mt76: move tx tasklet to struct mt76_dev
688d708 mt76: only schedule txqs from the tx tasklet
42ce040 mt76: use TX_NEEDS_ALIGNED4_SKBS
2660aa9 mt76: mt7603: store software PN/IV in wcid
3ce8a93 mt76: dma: add static qualifier to mt76_dma_tx_queue_skb
81a32aa mt7603: remove mt7603_mcu_init routine
48dc7e9 mt7603: core: do not use magic numbers in mt7603_reg_map
2236490 mt76: usb: reduce code indentation in mt76u_alloc_tx

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 21:14:43 +01:00
Felix Fietkau
4cf1394f51 mac80211: add a few performance improvement patches
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
6869ae2ab5 mac80211: improve locking around the txq scheduling / airtime fairness API
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
04e4b779cc mac80211: backport the txq scheduling / airtime fairness API
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
fb0a80f4cf mac80211: fix an unaligned access in the mesh hash table function
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
fd8ca8deb3 netifd: add support for suppressing the DHCP request hostname by setting it to *
dnsmasq (and probably other DHCP servers as well) does not like to hand out
leases with duplicate host names.
Adding support for skipping the hostname makes it easier to deploy setups
where it is not guaranteed to be unique

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
5cda4a3e30 mac80211: update and fix the patch to allow 4-byte aligned tx skbs
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Felix Fietkau
51e1092fae mac80211: allocate tailroom for forwarded mesh packets
Fixes a warning + packet loss on encrypted mesh networks with forwarding

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-16 19:59:02 +01:00
Tony Ambardar
b61495409b iproute2: tc: reduce size of dynamic symbol table
In the case of SHARED_LIBS=y, don't use -export-dynamic to place *all*
symbols into the dynamic symbol table. Instead, use --dynamic-list to
export a smaller set of symbols similar to that defined in static-syms.h
in the case of SHARED_LIBS=n, avoiding an 11 KB tc package size increase.
The symbol set is based on that required by the only plugin, m_xt.so.

Also increment PKG_RELEASE.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE fixup]
2019-03-14 22:55:06 +01:00
Tony Ambardar
0b57a2165a iproute2: tc: enable and fix support for using .so plugins
This enables using the tc module m_xt.so, which uses the act_ipt kernel
module to allow tc actions based on iptables targets. e.g.

   tc filter add dev eth0 parent 1: prio 10 protocol ip \
   u32 match u32 0 0 action xt -j DSCP --set-dscp-class BE

Make the SHARED_LIBS parameter configurable and based on tc package
selection.

Fix a problem using the tc m_xt.so plugin as also described in
https://bugs.debian.org/868059:

  Sync include/xtables.h from iptables to make sure the right offset is
  used when accessing structure members defined in libxtables. One could
  get “Extension does not know id …” otherwise. (See also: #868059)

Patch to sync the included xtables.h with system iptables 1.6.x. This
continues to work with iptables 1.8.2.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-03-14 22:54:59 +01:00
Tony Ambardar
f61359e16e iproute2: support eBFP/XDP object file loading, simplify linking libelf
Add build and runtime dependencies on libelf, allowing tc and ip-full
to load BPF and XDP object files respectively.

Define package 'tc' as a singleton package variant, which can be used to
enable additional functionality limited only to tc. Also set ip-tiny
as the default 'ip' variant.

Preserve optionality of libelf by having configuration script follow the
HAVE_ELF environment variable, used similarly to the HAVE_MNL variable.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2019-03-14 22:54:50 +01:00
Hans Dedecker
127d38f219 netifd: update to latest git HEAD (FS#2087)
81ac3bc interface-ip: fix delegate config update on reload (FS#2087)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-14 13:50:51 +01:00
Zoltan HERPAI
5e247f3ac1 uboot-sunxi: add fix for A20-OLinuXino-Lime2-eMMC rev. K boards
The OLinuXino Lime2 rev. K boards use new PHYs (Micrel KSZ9031),
so enable that.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2019-03-13 22:43:13 +01:00
Zoltan HERPAI
e991fb44e0 uboot-sunxi: bump to 2019.01
Tested on:
Bananapro (A20)
Banana Pi M3 (A83t)
Linksprite pcDuino3 (A20)
Olinuxino Lime (A10)
Orange Pi 2 (H3)
Pine64 (A64)

Patches refreshed.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2019-03-13 22:42:38 +01:00