Commit Graph

15288 Commits

Author SHA1 Message Date
Kevin Darbyshire-Bryant
6c4cbe94bd dnsmasq: Change behavior when RD bit unset in queries.
Backport upstream commit

Change anti cache-snooping behaviour with queries with the
recursion-desired bit unset. Instead to returning SERVFAIL, we
now always forward, and never answer from the cache. This
allows "dig +trace" command to work.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-21 09:59:03 +01:00
Jonathan Lancett
95b3f8ec8d mwlwifi: driver version to 10.3.8.0-20180920
Signed-off-by: Jonathan Lancett <j.lancett@ntlworld.com>
[minor tweak to commit title]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-20 21:03:48 +01:00
Felix Fietkau
ccab68f2d3 ath9k: fix unloading the module
Registering a GPIO chip with the ath9k device as parent prevents unload,
because the gpiochip core increases the module use count.
Unfortunately, the only way to avoid this at the moment seems to be to
register the GPIO chip without a parent device

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-20 10:08:17 +02:00
Rosen Penev
5efd080e20 mdadm: Install /etc/config file as 600
/etc/config/mdadm is only used by the init script which is ran as root.
There is no need for it to be readable by anything else.

Added PKG_CPE_ID for proper CVE tracking.

Small reorganization for consistency between Makefiles.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:42:13 +01:00
Rosen Penev
4ad87744fa fstools: Install mount.hotplug and 10-fstab.defaults as 600
Both of these are used by programs that run as root and nothing else.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Rosen Penev
873801a671 usbmode: Update modeswitch data to 20170806
Changed hotplug file to 600 as it is only read by procd, which runs as
root.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Rosen Penev
39d8b2cf79 trelay: Install hotplug and config files as 600
The hotplug file is ran by procd, which runs as root. The config file is
used by the init script, which also runs as root.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Rosen Penev
7651e254d5 dropbear: Install /etc/config as 600
/etc/config/dropbear is used by the init script which only runs as root.

Small whitespace change.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Rosen Penev
add4871582 lldpd: Install /etc/config file as 600
/etc/config/lldpd is only used by the init script, which only runs as root

Adjusted homepage and download URLs to use HTTPS.

-std=c99 is useful for GCC versions less than 6. Current OpenWrt uses 7.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Hans Dedecker
6cd41ca673 netifd: update to latest git HEAD
23941d7 system-linux: enable by default ignore encaplimit for ip6 tunnels

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-19 10:09:25 +02:00
Hans Dedecker
d9691b66e2 map: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken map connectivity.
Therefore drop the default encaplimit value for map tunnels so
no destination option header is included by default.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-19 09:42:45 +02:00
Hans Dedecker
1241707b40 ds-lite: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken ds-lite connectivity.
Therefore drop the default encaplimit value for ds-lite tunnels so
no destination option header is included by default.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-19 09:42:28 +02:00
Jason A. Donenfeld
f07a94da50 wireguard: bump to 0.0.20180918
* blake2s-x86_64: fix whitespace errors
* crypto: do not use compound literals in selftests
* crypto: make sure UML is properly disabled
* kconfig: make NEON depend on CPU_V7
* poly1305: rename finish to final
* chacha20: add constant for words in block
* curve25519-x86_64: remove useless define
* poly1305: precompute 5*r in init instead of blocks
* chacha20-arm: swap scalar and neon functions
* simd: add __must_check annotation
* poly1305: do not require simd context for arch
* chacha20-x86_64: cascade down implementations
* crypto: pass simd by reference
* chacha20-x86_64: don't activate simd for small blocks
* poly1305-x86_64: don't activate simd for small blocks
* crypto: do not use -include trick
* crypto: turn Zinc into individual modules
* chacha20poly1305: relax simd between sg chunks
* chacha20-x86_64: more limited cascade
* crypto: allow for disabling simd in zinc modules
* poly1305-x86_64: show full struct for state
* chacha20-x86_64: use correct cut off for avx512-vl
* curve25519-arm: only compile if symbols will be used
* chacha20poly1305: add __init to selftest helper functions
* chacha20: add independent self test

Tons of improvements all around the board to our cryptography library,
including some performance boosts with how we handle SIMD for small packets.

* send/receive: reduce number of sg entries

This quells a powerpc stack usage warning.

* global: remove non-essential inline annotations

We now allow the compiler to determine whether or not to inline certain
functions, while still manually choosing so for a few performance-critical
sections.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-19 08:30:13 +01:00
Kevin Darbyshire-Bryant
687168ccd9 dnsmasq: Handle memory allocation failure in make_non_terminals()
Backport upstream commit:

ea6cc33 Handle memory allocation failure in make_non_terminals()

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-19 07:43:02 +01:00
Mike McCormack
e8cbfedc72 ucert: work around short read
usign occasionally writes 16 characters then exits without writing a LF,
leaving ucert hanging waiting for more input.  Accept 16 characters
or more rather than 17 to work around the short read.

Signed-off-by: Mike McCormack <mike@atratus.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-09-18 13:51:09 +02:00
Daniel Golle
e51aa699f7 uqmi: pass-through ipXtable to child interfaces
Allow setting specific routing tables via the ip4table and ip6table
options also when ${ifname}_4 and ${ifname}_6 child interfaces are
being created.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-09-15 19:18:42 +02:00
Kevin Darbyshire-Bryant
033f02b9b5 iproute2: q_cake: Also print nonat, nowash and no-ack-filter keywords
Pull in latest upstream tweaks:
Similar to the previous patch for no-split-gso, the negative keywords for
'nat', 'wash' and 'ack-filter' were not printed either. Add those as well.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-15 08:46:32 +01:00
Hannu Nyman
4a3298c124 busybox: update to 1.29.3
Update busybox to 1.29.3, minor bugfix release

https://git.busybox.net/busybox/log/?h=1_29_3

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-09-15 08:57:14 +02:00
Rosy Song
918ec4d549 odhcpd: enable ipv6 server mode only when it is supported
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-09-12 21:47:33 +02:00
Kevin Darbyshire-Bryant
8cac857289 iproute2: q_cake: Add printing of no-split-gso option
When the GSO splitting was turned into dual split-gso/no-split-gso options,
the printing of the latter was left out. Add that, so output is consistent
with the options passed

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-12 09:13:44 +01:00
Rafał Miłecki
b3d441c5f7 mac80211: brcmfmac: backport CYW89342 support & fixes from 4.20
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-09-12 08:40:24 +02:00
Kevin Darbyshire-Bryant
66fd41ba79 kmod-sched-cake: fix 6in4/gso performance issue
Bump to latest upstream cake:

Add workaround for wrong skb->mac_len values after splitting GSO

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-12 05:34:44 +01:00
Florian Fainelli
4fca0e8896 netifd: update to latest HEAD
0059335c5b60 CMakeList: Check that compiler supports -Wimplicit-fallthrough

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2018-09-11 17:19:51 -07:00
Jason A. Donenfeld
a54f492d0c wireguard: bump to 0.0.20180910
* curve25519: arm: do not modify sp directly
* compat: support neon.h on old kernels
* compat: arch-namespace certain includes
* compat: move simd.h from crypto to compat since it's going upstream

This fixes a decent amount of compat breakage and thumb2-mode breakage
introduced by our move to Zinc.

* crypto: use CRYPTOGAMS license

Rather than using code from OpenSSL, use code directly from AndyP.

* poly1305: rewrite self tests from scratch
* poly1305: switch to donna

This makes our C Poly1305 implementation a bit more intensely tested and also
faster, especially on 64-bit systems. It also sets the stage for moving to a
HACL* implementation when that's ready.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-11 11:34:23 +02:00
Andy Walsh
4549ab46a8 base-files: /etc/services: add missing 'rpcbind' alias
* add missing 'rpcbind' alias to /etc/services

Allows rpcbind to open its 111 port and be reachable via lan, this is the default behaviour.

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-09-10 10:44:03 +02:00
Eneas U de Queiroz
0317fc3658 libpcap: patch to add limits.h to pcap-usb-linux.c
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This is an upstream-applied patch that fixes 'PATH_MAX' and 'NAME_MAX'
undeclared when compiling on musl with CONFIG_PCAP_HAS_USB.

[aafa351] pcap-usb-linux.c: add missing limits.h for musl systems.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-09-10 09:15:26 +02:00
Rosen Penev
a9aa25c8b6 usbutils: Update usb.ids to 0.315
Referencing the version instead of revision should fix uscan.

Tested on Turria Omnia.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-10 09:10:20 +02:00
Rafał Miłecki
ffa80bf5a7 mac80211: add iw command wrapper with error logging
Currently it's close to impossible to tell what part of mac80211 setup
went wrong. Errors logged into system log look like this:
radio0 (6155): command failed: No error information (-524)
radio0 (6155): command failed: Not supported (-95)
radio0 (6155): command failed: I/O error (-5)
radio0 (6155): command failed: Too many open files in system (-23)

With this commit change it's getting clear:
command failed: No error information (-524)
Failed command: iw dev wlan0 del
command failed: Not supported (-95)
Failed command: iw phy phy0 set antenna_gain 0
command failed: I/O error (-5)
Failed command: iw phy phy0 set distance 0
command failed: Too many open files in system (-23)
Failed command: iw phy phy0 interface add wlan0 type __ap

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-09-10 09:03:09 +02:00
Rosen Penev
f78e07ad2a hostapd: Fix compile with OpenSSL 1.1.0 + no deprecated APIs
Patch was accepted upsteam:

https://w1.fi/cgit/hostap/commit/?id=373c796948599a509bad71695b5b72eef003f661

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-10 09:01:37 +02:00
Luis Araneda
e2a4d14aaa uboot-zynq: use a file to modify the default environment
Follow the strategy of other targets and create a
default environment file, uEnv.txt, to configure the
behavior of U-Boot.
For now, use it to pass bootargs to the kernel

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-09-10 08:54:41 +02:00
Luis Araneda
306a60fcfe uboot-zynq: copy U-Boot images to STAGING_DIR
Create a directory inside STAGING_DIR and copy U-Boot
output images, so they can be used later when creating the
sdcard image

Additionally, like others targets, override the default
install method to avoid copying the images to bin directory

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-09-10 08:54:25 +02:00
Luis Araneda
e62df3dd8b uboot-zynq: automatically select the appropriate variant
Select the U-Boot variant automatically based on the
current selected device, and hide the package from
menuconfig

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-09-10 08:54:00 +02:00
Luis Araneda
5d2b702590 uboot-zynq: remove ZC706 board
The board was added when creating the target, but the
corresponding device was never defined inside the target

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-09-10 08:53:28 +02:00
Hans Dedecker
43d4b8e89e dnsmasq: bump to dnsmasq 2.80test6
Refresh patches

Changes since latest bump:

af3bd07 Man page typo.
d682099 Picky changes to 47b45b2967c931fed3c89a2e6a8df9f9183a5789
47b45b2 Fix lengths of interface names
2b38e38 Minor improvements in lease-tools
282eab7 Mark die function as never returning
c346f61 Handle ANY queries in context of da8b6517decdac593e7ce24bde2824dd841725c8
03212e5 Manpage typo.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-09 22:02:45 +02:00
Daniel Engberg
9cfa5f2cec curl: Update to 7.61.1
Update curl to 7.61.1

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-09-09 21:38:10 +02:00
pacien
ef01c1d308 odhcp6c: add client fqdn and reconfigure options
Allowing DHCPV6_CLIENT_FQDN and DHCPV6_ACCEPT_RECONFIGURE to be turned off.
Defaulting to false, former behavior remains unchanged.

Signed-off-by: pacien <pacien.trangirard@pacien.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-09-08 21:36:30 +02:00
Koen Vandeputte
2253524023 gdb: bump to 8.2
*** Changes in GDB 8.2

 Support for the following target has been added:

    RiscV ELF (riscv*-*-elf)

 Support for following targets and native configurations has been removed:

    m88k running OpenBSD (m88*-*-openbsd*)
    SH-5/SH64 ELF (sh64-*-elf*)
    SH-5/SH64 (sh*)
    SH-5/SH64 running GNU/Linux (sh*-*-linux*)
    SH-5/SH64 running OpenBSD (sh*-*-openbsd*)

 Various Python API enhancements
 Aarch64/Linux enhancements:

    SVE support.
    Hardware watchpoints improvements for entities stored at unaligned addresses.
        New "c" response to disable the pager for the rest of the current command.
        C expressions can now use _Alignof, and C++ expressions can now use alignof.
        Improved flexibility for loading symbol files.
        The 'info proc' command nows works on running processes on FreeBSD systems as well as core files created on FreeBSD systems.
        A new --enable-codesign=CERT configure option to automatically codesign GDB after build (useful on MacOS X).

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Koen Vandeputte
77024a9d95 mac80211: backport upstream fixes
Backport most significant upstream fixes (excl. hwsim fixes)
Refreshed all patches.

Contains important fixes for CSA (Channel Switch Announcement)
and A-MSDU frames.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Henrique de Moraes Holschuh
ca1b347691 dnsmasq: allow dnsmasq variants to be included in image
The dnsmasq variants should provide dnsmasq, otherwise it is impossible
to include them in the image.

This change allows one to have CONFIG_PACKAGE_dnsmasq=m and
CONFIG_PACKAGE_dnsmasq-full=y, e.g. because you want DNSSEC support, or
IPSETs suport on your 3000-devices fleet ;-)

Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
2018-09-06 17:57:59 +02:00
Hans Dedecker
3d377f4375 dnsmasq: bump to dnsmasq v2.80test5
Refresh patches
Remove 240-ubus patch as upstream accepted.
Add uci option ubus which allows to enable/disable ubus support (enabled
by default)

Upstream commits since last bump:

da8b651 Implement --address=/example.com/#
c5db8f9 Tidy 7f876b64c22b2b18412e2e3d8506ee33e42db7c
974a6d0 Add --caa-record
b758b67 Improve logging of RRs from --dns-rr.
9bafdc6 Tidy up file parsing code.
97f876b Properly deal with unaligned addresses in DHCPv6 packets.
cbfbd17 Fix broken DNSSEC records in previous.
b6f926f Don't return NXDOMAIN to empty non-terminals.
c822620 Add --dhcp-name-match
397c050 Handle case of --auth-zone but no --auth-server.
1682d15 Add missing EDNS0 section. EDNS0 section missing in replies to EDNS0-containing queries where answer generated from --local=/<domain>/
dd33e98 Fix crash parsing a --synth-domain with no prefix. Problem introduced in 2.79/6b2b564ac34cb3c862f168e6b1457f9f0b9ca69c
c16d966 Add copyright to src/metrics.h
1dfed16 Remove C99 only code.
6f835ed Format fixes - ubus.c
9d6fd17 dnsmasq.c fix OPT_UBUS option usage
8c1b6a5 New metrics and ubus files.
8dcdb33 Add --enable-ubus option.
aba8bbb Add collection of metrics
caf4d57 Add OpenWRT ubus patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-06 15:48:13 +02:00
Stijn Tintel
067e2f5f1d strace: fix build on aarch64
As of version 4.21, strace enforces mpers by default. The current
implementation of aarch64 compat in strace assumes it's identical to
ARMv7 EABI and therefore tries to enable m32 personality support. As
there is no -m32 support on aarch64, this causes the build to fail.

Restore previous strace behavior to fix build on aarch64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Karl Palsson <karlp@tweak.net.au>
2018-09-05 23:49:15 +02:00
Hans Dedecker
ecc3165cbc odhcpd: bump to git HEAD (detect broken hostnames)
881f66b odhcpd: detect broken hostnames
3e17fd9 config: fix odhcpd_attrs array size

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-05 11:04:19 +02:00
Felix Fietkau
36c6ba3735 imx6: use BUILD_DEVICES in uboot-imx6 for mx6cuboxi
Fixes build with the default profile

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-05 10:00:01 +02:00
Jason A. Donenfeld
4ccbe7de6c wireguard: bump to 0.0.20180904
* Kconfig: use new-style help marker
* global: run through clang-format
* uapi: reformat
* global: satisfy check_patch.pl errors
* global: prefer sizeof(*pointer) when possible
* global: always find OOM unlikely

Tons of style cleanups.

* crypto: use unaligned helpers

We now avoid unaligned accesses for generic users of the crypto API.

* crypto: import zinc

More style cleanups and a rearrangement of the crypto routines to fit how this
is going to work upstream. This required some fairly big changes to our build
system, so there may be some build errors we'll have to address in subsequent
snapshots.

* compat: rng_is_initialized made it into 4.19

We therefore don't need it in the compat layer anymore.

* curve25519-hacl64: use formally verified C for comparisons

The previous code had been proved in Z3, but this new code from upstream
KreMLin is directly generated from the F*, which is preferable. The
assembly generated is identical.

* curve25519-x86_64: let the compiler decide when/how to load constants

Small performance boost.

* curve25519-arm: reformat
* curve25519-arm: cleanups from lkml
* curve25519-arm: add spaces after commas
* curve25519-arm: use ordinary prolog and epilogue
* curve25519-arm: do not waste 32 bytes of stack
* curve25519-arm: prefix immediates with #

This incorporates ASM nits from upstream review.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-05 08:52:36 +02:00
Alexander Couzens
967d6460c0
hostapd: fix build of wpa-supplicant-p2p
VARIANT:= got removed by accident.

Fixes: 3838b16943 ("hostapd: fix conflicts hell")
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2018-09-03 21:51:06 +02:00
Felix Fietkau
7165378d19 uboot-imx6: fall back to MMC for SPL if boot mode is invalid
Fixes boot on Hummingboard

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-03 12:06:24 +02:00
Felix Fietkau
aa3efca8d9 uboot-imx6: remove obsolete patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-03 12:06:24 +02:00
Felix Fietkau
eab7bcc8e1 uboot-imx6: install images into STAGING_DIR_IMAGE
Will be used by a new combined image for cubox

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-03 12:06:24 +02:00
Hans Dedecker
17c9b72046 nghttp2: bump to 1.33.0
9d843334 Update bash_completion
23cb3f38 Update manual pages
1d682dcd Bump up version number to 1.33.0, LT revision to 31:0:17
601fbbb4 Update doc
f44aa246 Update AUTHORS
dd74a6dd Update manual pages
e959e733 src: Refactor utos
fb9a204d nghttpx: Fix compile error without mruby
cd096802 Update doc
7417fd71 nghttpx: Per-pattern not per-backend
2d1a981c Merge branch 'akonskarm-master'
45acc922 clang-format
214d0899 Merge branch 'master' of https://github.com/akonskarm/nghttp2 into akonskarm-master
31fd707d nghttpx: Fix broken healthmon frontend
9a2e38e0 fix code for reuse addr on asio client
d24527e7 Bump up LT revision due to v1.32.1 release
6195d747 nghttpx: Share mruby context if it is compiled from same file
fb97f596 nghttpx: Allocate mruby file because fopen requires NULL terminated string
0ccc7a77 nghttpx: Move blocked request data to request buffer for API request
32826466 nghttpx: Fix crash with API request
0422f8a8 nghttpx: Fix worker process crash with neverbleed write error
e329479a Merge pull request #1215 from nghttp2/mruby-per-backend
f80a7873 Merge branch 'akonskarm-reuse_addr'
866ac6ab add option reuse addr in local endpoint configuration of asio client
b574ae6a nghttpx: Support per-backend mruby script
de4fd7cd doc: Update doc
32d7883c nghttpx: Downstream::request_buf_full: take into account blocked_request_buf_
9b24e197 nghttpx: Choose h1 protocol if headers have been sent to backend on retry
13ffece1 Merge pull request #1214 from nghttp2/fix-rst-without-dconn
9d5b781d Fix stream reset if data from client is arrived before dconn is attached

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-03 10:46:20 +02:00
Kevin Darbyshire-Bryant
dc9388ac55 iproute2: update cake man page
CAKE supports overriding of its internal classification of
packets through the tc filter mechanism.

Update the man page in our package, even though we don't
build them.  Someone may find the documentation useful.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 30598a05385b0ac2380dd4f30037a9f9d0318cf2)
2018-08-31 15:30:28 +07:00
Kevin Darbyshire-Bryant
721dfd4eb8 kmod-sched-cake: bump to 20180827
Expand filter flow mapping to include hosts as well

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit d14ffdc307d36bd9abe908b46ff7baece54c9551)
2018-08-31 15:30:27 +07:00
Jo-Philipp Wich
555c592304 ppp: remove hardcoded lcp-echo-failure, lcp-echo-interval values
OpenWrt used to ship hardcoded defaults for lcp-echo-failure and
lcp-echo-interval in the non-uci /etc/ppp/options file.

These values break uci support for *disabling* LCP echos through
the use of "option keepalive 0" as either omitting the keepalive
option or setting it to 0 will result in no lcp-echo-* flags
getting passed to the pppd cmdline, causing the pppd process to
revert to the defaults in /etc/ppp/options.

Address this issue by letting the uci "keepalive" option default
to the former hardcoded values "5, 1" and by removing the fixed
lcp-echo-failure and lcp-echo-interval settings from the
/etc/ppp/options files.

Ref: https://github.com/openwrt/luci/issues/2112
Ref: https://dev.archive.openwrt.org/ticket/2373.html
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=854
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1259
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-30 15:19:45 +02:00
Thomas Equeter
acedce1d79 uqmi: wait for the control device too
The control device /dev/cdc-wdm0 is not available immediately on the
D-Link DWR-921 Rev.C3, therefore the wwan interface fails to start at
boot with a "The specified control device does not exist" error.

This patch alters /lib/netifd/proto/qmi.sh to wait for
network.wwan.delay earlier, before checking for the control device,
instead of just before interacting with the modem.

One still has to use network.wwan.proto='qmi', as the "wwan" proto
performs that sort of check before any delay is possible, failing with a
"No valid device was found" error.

Signed-off-by: Thomas Equeter <tequeter@users.noreply.github.com>
2018-08-29 13:10:12 +02:00
Giuseppe Lippolis
774d7fc9f2 comgt: increase timeout on runcommands
Some combination of modem/wireless operator requires more time to
execute the commands.
Tested on DWR-512 embedded wwan modem and italian operator iliad (new
virtual operator).

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2018-08-29 08:34:10 +02:00
Paul Wassi
1bd6b91e0f base-files: provide more tolerant xterm detection
Set the window title not only in "xterm", but also in
e.g. "xterm-256color", "xterm-color", etc.
The case statement is taken from Debian / Ubuntu.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-08-29 08:33:54 +02:00
Bruno Randolf
fe960cead7 ugps: Update to fix position calculation
This is necessary to get my position right.
Without this my longitude is incorrecty -15.85xxxx instead of -16.52yyyy

Signed-off-by: Bruno Randolf <br1@einfach.org>
2018-08-29 08:31:10 +02:00
Bruno Randolf
6b14a73f4f ugps: Add option disabled
Like many other packages, an option to disable can be practical.

Signed-off-by: Bruno Randolf <br1@einfach.org>
2018-08-29 08:31:10 +02:00
Robert Marko
a9d7353192 ethtool: Update to 4.18
Tested on 8devices Jalapeno(ipq40xx)
Introduces following changes:
Feature: Add support for WAKE_FILTER (WoL using filters)
Feature: Add support for action value -2 (wake-up filter)
Fix: document WoL filters option also in help message
Feature: ixgbe dump strings for security registers

Signed-off-by: Robert Marko <robimarko@gmail.com>
2018-08-28 13:46:16 +02:00
Hauke Mehrtens
af6e901ae8 strace: update strace to version 4.24
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-28 11:26:53 +02:00
Hauke Mehrtens
a2488f3a24 linux-firmware: realtek: Add FW for rtl8192eu, rtl8723au and rtl8723bu
These devices are more or less supported by the kmod-rtl8xxxu driver.

Fixes: FS#1789
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-27 18:13:33 +02:00
Hans Dedecker
6caa8e09aa nghttp2: bump to 1.32.1
4c76aaee Update manual pages
2b51ad67 Bump up version number to 1.32.1, LT revision to 30:3:16
708379dc Tweak nghttp2_session_set_stream_user_data
73106b0d Compile with clang-6.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-27 10:11:10 +02:00
Stijn Tintel
2c01425d2d ath10k-firmware: update both QCA988X CT variants
This fixes slow performance with 802.11w enabled.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-08-26 18:24:02 +02:00
Stijn Tintel
616b972920 ath10k-ct: bump to git HEAD
e0d2ce0 ath10k:  Support setting tx_antenna in descriptor field.
29c644f Update to latest 4.13 and 4.16 ath10k-ct drivers.
20db9db ath10k:  Support vdev stats for 4.9, 4.16  kernel
fd92066 ath10k:  Support 'ct-sta-mode' for 9984 firmware that supports it.
34954f0 ath10k:  get_tsf, PMF

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-08-26 18:40:46 +03:00
Hans Dedecker
8fd8e79143 iproute2: update to 4.18.0
Update to the latest version of iproute2; see https://lwn.net/Articles/762515/
for a full overview of the changes in 4.18.
Remove upstream patch 001-rdma-sync-some-IP-headers-with-glibc

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-25 20:54:00 +02:00
Felix Fietkau
d9792152fd ath9k: fix setting up tx99 with a monitor mode interface
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-08-25 19:18:08 +02:00
Hauke Mehrtens
e882e63f1e kernel: add missing dependency to regmap to kmod-gpio-mcp23s08
This fixes a build problem recently introduced.

Fixes: a904003b9b ("kernel: fix kmod-gpio-mcp23s08 for linux 4.14")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-25 18:18:35 +02:00
Keith Wong
79c233daa4 kernel: add kmod-tcp-bbr
This adds support for BBR (Bottleneck Bandwidth and RTT) TCP
congestion control. Applications (e.g. webservers, VPN client/server)
which initiate connections from router side can benefit from this.

This provide an easier way for users to use BBR by selecting /
installing kmod-tcp-bbr instead of altering kernel config and
compiling firmware by themselves.

Signed-off-by: Keith Wong <keithwky@gmail.com>
2018-08-25 15:40:24 +02:00
Daniel Engberg
e341f45913 libbsd: Update to 0.8.7
Update libbsd to 0.8.7
Remove glibc dependency
Clean up InstallDev and install entries
Use /usr path for consistency
Cherry pick patches from upstream to fix musl compilation

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-08-25 15:40:23 +02:00
Vladimir Vid
6cda4f6861 imx6: Initial support for SolidRun CuBox-i devices based on i.MX6 processors (i1, i2, i2eX, and i4Pro).
- Specifications -

CuBox i1:
- SoC: i.MX6 Solo
- Cores: 1
- Memory Size: 512MB
- GPU: GC880
- Wifi/Bluetooth: Optional
- USB 2.0 ports: 2
- Ethernet: 10/100/1000 Mbps

CuBox i2 | i2eX:
- SoC: i.MX6 Dual Lite
- Cores: 2
- Memory Size: 1GB
- GPU: GC2000
- Wifi/Bluetooth: Optional
- USB 2.0 ports: 2
- Ethernet: 10/100/1000 Mbps

CuBox i4Pro | i4x4:
- SoC: i.MX6 Quad
- Cores: 4
- Memory Size: 2/4 GB
- GPU: GC2000
- Wifi/Bluetooth: Build In
- USB 2.0 ports: 2
- Ethernet: 10/100/1000 Mbps

Built-in u-boot requires SPL (secondary program loader) to be present on the SD-card regardless of the image type which will be loaded.
SPL is generated by the u-boot-mx6cuboxi package which is preselected by the target device and can be found in bin/u-boot-mx6cuboxi directory.

Flashing the SPL:
dd if=/dev/zero of=/dev/mmcblk0 bs=1M count=4
dd if=bin/targets/imx6/generic/u-boot-mx6cuboxi/SPL of=/dev/mmcblk0 bs=1K seek=1

Preparing the firmware on the SD-card:
(echo o; echo n; echo p; echo 1; echo ''; echo ''; echo w) | fdisk /dev/mmcblk0
mkfs.ext4 /dev/mmcblk0p1
mount /dev/mmcblk0p1 /mnt
tar -xzf bin/targets/imx6/generic/openwrt-imx6-device-cubox-i-rootfs.tar.gz -C /mnt/
mkdir -p /mnt/boot
cp bin/targets/imx6/generic/{*-uImage,*.dtb,*.scr} /mnt/boot/

Generated u-boot.img needs to be placed on the first partition:
cp bin/targets/imx6/generic/u-boot-mx6cuboxi/u-boot.img /mnt/

To boot from the SD card:

Boot script which sets mmc/dtb parameters and boots the board is automatically sourced.
If this does not work for any reason:
mmc dev 0; load mmc 0:1 $scriptaddr boot/boot.scr; source $scriptaddr

Currently imx6dl-cubox-i.dtb (Dual Lite) and imx6q-cubox-i.dtb (Quad) device trees are available.

Tested on i4Pro, MMC, USB (+ HiD), HDMI and ethernet ports are working.
Wireless and bluetooth are broken ATM. According to SolidRun forums, BCM4329/BCM4330 firmware is used which works fine on older kernels.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2018-08-25 15:40:23 +02:00
Antonio Silverio
672c430d6e mac80211: mwl8k: Expand non-DFS 5G channels
Add non-DFS 5G upper channels (149-165) besides existed 4 lower channels
(36, 40, 44, 48).

Signed-off-by: Antonio Silverio <menion@gmail.com>
2018-08-25 15:40:23 +02:00
Martin Schiller
a904003b9b kernel: fix kmod-gpio-mcp23s08 for linux 4.14
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2018-08-25 15:33:52 +02:00
Luis Araneda
43dedd0661 uboot-zynq: add support for the zybo z7 board
Backport board support from the upcoming v2018.09 release,
and add an additional patch to read the MAC address
from flash memory

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-08-25 15:33:50 +02:00
Rosen Penev
3ccc2ebe01 libevent2: Switch to using release tarball
Starting with version 2.1.8, a release tarball is available.

Simplifies the Makefile slightly.

Updated the project URL. HTTPS is broken. Issue has been reported upstream

Adjusted patches. CMake support is not present in the tarball. It's made
for Windows anyway.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-25 13:18:35 +02:00
Felix Fietkau
b6adfde0c6 mt76: update to the latest version
7daf962 mt7603: add survey support
980c606 mt7603: add fix for CCA signal configuration
30b8371 mt7603: fix BAR rate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-08-24 21:33:54 +02:00
Hans Dedecker
2211ee0037 dropbear: backport upstream fix for CVE-2018-15599
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-24 15:25:26 +02:00
Jo-Philipp Wich
a27de701b0 wolfssl: disable broken shipped Job server macro
The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on
plain POSIX shells due to the use of `let`.

Shells lacking `let` will fail to run the generated m4sh code and end up
invoking "make" with "-jyes" as argument, fialing the build.

Since there is no reason in the first place for some random package to
muck with the make job server settings and since we do not want it to
randomly override "-j" either, simply remove references to this defunct
macro to let the build succeed on platforms which not happen to use bash
as default shell.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 20:14:00 +02:00
Jo-Philipp Wich
9ffbe84ea4 grub2: rebase patches
Patch 300-CVE-2015-8370.patch was added without proper rebasing on the
version used by OpenWrt, make it apply and refresh the patch to fix
compilation.

Fixes: 7e73e9128f ("grub2: Fix CVE-2015-8370")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 19:08:58 +02:00
Jo-Philipp Wich
214146c6f2 uhttpd: support multiple Lua prefixes
Update to latest git HEAD in order to support configuring multiple
concurrent Lua prefixes in a single uhttpd instance:

  b741dec lua: support multiple Lua prefixes

Additionally rework the init script and update the default configuration
example to treat the lua_prefix option as key=value uci list, similar to
the interpreter extension mapping. Support for the old "option lua_prefix"
plus "option lua_handler" notation is still present.

Finally drop the sed postinstall hack in uhttpd-mod-lua to avoid mangling
files belonging to other packages. Since Lua prefixes have precedence
over CGI prefixes, simply register `/cgi-bin/luci` as Lua handler which
will only become active if both luci-base and uhttpd-mod-lua is installed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 09:18:04 +02:00
Rosen Penev
7e73e9128f grub2: Fix CVE-2015-8370
This CVE is a culmination of multiple integer overflow issues that cause
multiple issues like Denial of Service and authentication bypass.

More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-23 07:15:53 +02:00
Rosen Penev
f9469efbfa bzip2: Fix CVE-2016-3189
Issue causes a crash with specially crafted bzip2 files.

More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-23 07:15:35 +02:00
Rosen Penev
499773f8ef samba36: Enable umdnsd support
Allows discovery without having to use NetBIOS. Useful for mobile devices.

Could eventually throw nbmd away. But that requires Windows 10...

Tested on Fedora 28 with avahi-discover.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:23:02 +02:00
Rosen Penev
7961009346 yamonenv: Remove dead URLs
uscan errors on the URL as it is no longer available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:22:17 +02:00
Rosen Penev
f5098a69ed fconfig: Remove dead URLs
uscan errors on the URL as it is no longer available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:22:04 +02:00
Rosen Penev
f2e1fd0f35 apex: Remove dead URL.
uscan errors on the URL as it is no longer available.

Also switched the download URL to HTTPS.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:21:53 +02:00
Jo-Philipp Wich
e5f56c07d7 iptables: make iptables-mod-conntrack-extra depend on kmod-ipt-raw
Since kernel 4.14 there is no auto assignment of conntrack helpers anymore
so fw3 needs raw table support in order to stage ct helper assignment rules.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-22 07:14:45 +02:00
Hans Dedecker
6c227e45cb dnsmasq: remove creation of /etc/ethers
Remove creation of file /etc/ethers in dnsmasq init script as the
file is now created by default in the base-files package by
commit fa3301a28e

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-21 15:55:10 +02:00
Luiz Angelo Daros de Luca
d810d44e5a base-files: create /etc/ethers by default
/etc/ethers is missing on /rom but always created when dnsmasq
runs. It is better to have it in place and avoid an extra change
in flash after firstboot.

It will generate an extra /etc/ethers-opkg when it has changed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-21 15:55:00 +02:00
Jo-Philipp Wich
22681cdef2 uhttpd: update to latest Git head
952bf9d build: use _DEFAULT_SOURCE
30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-21 14:48:47 +02:00
Daniel Engberg
e1a1add517 mwlwifi: Update to 10.3.8.0-20180810
Update mwlwifi to 10.3.8.0-20180810

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-08-21 07:44:37 +02:00
Hans Dedecker
40eb9bda44 netifd: update to latest git HEAD
7454d12 interface: let interface_set_down() return void
32f11a8 interface: make __interface_set_down() static
b9d5a8c interface: extend interface error messages in interface_set_up()
de394b3 interface: ensure NO_DEVICE error is always reported

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-20 16:27:38 +02:00
Yury Shvedov
cad9519eba hostapd: process all CSA parameters
This adds processing of all CSA arguments from ubus switch_chan request
in the same manner as in the control interface API.

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
2018-08-20 09:24:43 +02:00
Daniel Engberg
d1ea8ac3b4 util-linux: Update to 2.32.1
Update util-linux to 2.32.1
For release notes see https://lwn.net/Articles/759922/

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-16 22:29:28 +02:00
Mathias Kresin
56b8ac1e86 treewide: consolidate upgrade state set
Set the (sys)upgrade state when sourcing the stage2 script instead of
setting the state for each target individual.

This change fixes the, due to a missing state set, not working upgrade
led on ath79 and apm821xx.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-16 21:20:57 +02:00
Jo-Philipp Wich
8c91807214 rpcd: update to latest git HEAD
41333ab uci: tighten uci reorder operation error handling
f91751b uci: tighten uci delete operation error handling
c2c612b uci: tighten uci set operation error handling
948bb51 uci: tighten uci add operation error handling
51980c6 uci: reject invalid section and option names

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-16 09:43:11 +02:00
Hauke Mehrtens
d74d6c4522 openssl: update to version 1.0.2p
This fixes the following security problems:
 * CVE-2018-0732: Client DoS due to large DH parameter
 * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:32:07 +02:00
Jo-Philipp Wich
5762efd8b2 libubox: set RPATH for host build
This is required for programs that indirectly link libjson-c through the
libubox blobmsg_json library.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-14 23:54:59 +02:00
Hans Dedecker
e2791e80cb netifd: update to latest git HEAD
522456b device: gracefully handle device names exceeding IFNAMESIZ

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-14 22:56:31 +02:00
Stijn Tintel
03e5dcbf10 firewall: bump to git HEAD
12a7cf9 Add support for DSCP matches and target
06fa692 defaults: use a generic check_kmod() function
1c4d5bc defaults: fix check_kmod() function

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-08-13 22:05:46 +03:00
Christian Lamparter
7b1b49bd32 packages: nvram: make it possible to include it for ath79 targets
The WD My Net Range Extender stores the MAC addresses inside the
nvram partition. This utility can extract it, but it's currently
not avilable on the ath79 target. Hence, this patch adds the
necessary target declaration, so it can be built.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-08-13 08:46:22 +02:00
Luis Araneda
09ac4aa86b uboot-zynq: update to 2018.07
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-08-13 08:43:58 +02:00
Jason A. Donenfeld
42dc0e2594 wireguard: bump to 0.0.20180809
* send: switch handshake stamp to an atomic

Rather than abusing the handshake lock, we're much better off just using
a boring atomic64 for this. It's simpler and performs better. Also, while
we're at it, we set the handshake stamp both before and after the
calculations, in case the calculations block for a really long time waiting
for the RNG to initialize.

* compat: better atomic acquire/release backport

This should fix compilation and correctness on several platforms.

* crypto: move simd context to specific type

This was a suggestion from Andy Lutomirski on LKML.

* chacha20poly1305: selftest: use arrays for test vectors

We no longer have lines so long that they're rejected by SMTP servers.

* qemu: add easy git harness

This makes it a bit easier to use our qemu harness for testing our mainline
integration tree.

* curve25519-x86_64: avoid use of r12

This causes problems with RAP and KERNEXEC for PaX, as r12 is a
reserved register.

* chacha20: use memmove in case buffers overlap

A small correctness fix that we never actually hit in WireGuard but is
important especially for moving this into a general purpose library.

* curve25519-hacl64: simplify u64_eq_mask
* curve25519-hacl64: correct u64_gte_mask

Two bitmath fixes from Samuel, which come complete with a z3 script proving
their correctness.

* timers: include header in right file

This fixes compilation in some environments.

* netlink: don't start over iteration on multipart non-first allowedips

Matt Layher found a bug where a netlink dump of peers would never terminate in
some circumstances, causing wg(8) to keep trying forever. We now have a fix as
well as a unit test to mitigate this, and we'll be looking to create a fuzzer
out of Matt's nice library.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-12 16:12:01 +02:00
Mathias Kresin
dfee452713 base-files: add function to get mac as text from flash
Add a function to get a mac stored as text from flash. The octets of
the mac address need to be separated by any separator supported by
macaddr_canonicalize().

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-11 21:36:27 +02:00
Mathias Kresin
ec28d2797c base-files: use consistent coding style
Add the opening bracket right after the function name, to do it the
same way for all functions in this file.

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-11 21:36:27 +02:00
Yousong Zhou
3493c1cf41 uci: bump to source date 2018-08-11
Fixes segfault when parsing malformed delta lines

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-08-11 12:04:31 +00:00
John Crispin
1961948585 wpa_supplicant: fix CVE-2018-14526
Unauthenticated EAPOL-Key decryption in wpa_supplicant

Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/

Vulnerability

A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.

When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.

Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.

Vulnerable versions/configurations

All wpa_supplicant versions.

Acknowledgments

Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.

Possible mitigation steps

- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.

- Merge the following commits to wpa_supplicant and rebuild:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

This patch is available from https://w1.fi/security/2018-1/

- Update to wpa_supplicant v2.7 or newer, once available

Signed-off-by: John Crispin <john@phrozen.org>
2018-08-10 15:48:21 +02:00
Thibaut VARÈNE
78b5764fd8 base-files: make wifi report unknown command
Avoid having /sbin/wifi silently ignore unknown keywords and execute
"up"; instead display the help message and exit with an error.

Spell out the "up" keyword (which has users), add it to usage output,
and preserve the implicit assumption that runing /sbin/wifi without
argument performs "up".

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2018-08-10 05:30:57 +02:00
David Bauer
c4931713df ath79: add support for OCEDO Koala
This commit adds support for the OCEDO Koala

SOC:	Qualcomm QCA9558 (Scorpion)
RAM:    128MB
FLASH:  16MiB
WLAN1:  QCA9558 2.4 GHz 802.11bgn 3x3
WLAN2:  QCA9880 5 GHz 802.11nac 3x3
INPUT:  RESET button
LED:    Power, LAN, WiFi 2.4, WiFi 5, SYS
Serial: Header Next to Black metal shield
        Pinout is 3.3V - GND - TX - RX (Arrow Pad is 3.3V)
        The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet
 - 2.4 GHz WiFi
 - 5 GHz WiFi
 - TFTP boot from ramdisk image
 - Installation via ramdisk image
 - OpenWRT sysupgrade
 - Buttons
 - LEDs

Installation seems to be possible only through booting an OpenWRT
ramdisk image.

Hold down the reset button while powering on the device. It will load a
ramdisk image named 'koala-uImage-initramfs-lzma.bin' from 192.168.100.8.

Note: depending on the present software, the device might also try to
pull a file called 'koala-uimage-factory'. Only the name differs, it
is still used as a ramdisk image.

Wait for the ramdisk image to boot. OpenWRT can be written to the flash
via sysupgrade or mtd.

Due to the flip-flop bootloader which we not (yet) support, you need to
set the partition the bootloader is selecting. It is possible from the
initramfs image with

 > fw_setenv bootcmd run bootcmd_1

Afterwards you can reboot the device.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-08-09 18:44:57 +02:00
Hans Dedecker
2e02fdb363 odhcp6c: apply IPv6/ND configuration earlier
Apply IPv6/ND configuration before proto_send_update so that all config info
is available when netifd is handling the notify_proto ubus call.
In particular this fixes an issue when netifd is updating the downstream IPv6 mtu
as netifd was still using the not yet updated upstream IPv6 mtu to set the
downstream IPv6 mtu

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-09 18:46:57 +02:00
Hans Dedecker
e0fbf62821 iproute2: remove libutil from InstallDev section
Commit 4d961538f6 added libutil to the iproute2 InstallDev section
but lead to compile issues with packages picking up the wrong libutil
since libutil is quite a generic name ...
Further libutil is rather meant for internal usage in iproute2 than a
public API; therefore let's remove it from the InstallDev section together
with ll_map.h

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-09 17:48:03 +02:00
Hans Dedecker
6579af7a77 netifd: update to latest git HEAD
115a694 interface-ip: always override downstream IPv6 mtu

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-09 17:39:24 +02:00
Antonio Silverio
e2e39328d5 sunxi: Added support for Xunlong Orange Pi PC2
CPU: H5 High Performance Quad-core 64-bit Cortex-A53
GPU: Mali450 OpenGL ES 2.0/1.1/1.0, OpenVG 1.1, EGL
Memory: 1GB DDR3 (shared with GPU)
Onboard Storage: TF card (Max. 32GB) / NOR flash(2MB)
Onboard Network: 1000M/100M Ethernet RJ45
USB 2.0 Ports: Three USB 2.0 HOST, one USB 2.0 OTG, HOST mode
role by default in DTS
Buttons: Power Button(SW4) Debug TTL

UART: ..DC-IN..
>[GND][RX][TX] ..HDMI..

Signed-off-by: Antonio Silverio <menion@gmail.com>
2018-08-09 12:06:58 +02:00
Zoltan HERPAI
f4d3047671 firmware: intel-microcode: bump to 20180703
* New upstream microcode data file 20180703
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
      sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
      sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
      sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
      sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
      sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
      sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
      sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
    + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
    + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
      Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
      Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
      server dies.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-08-09 01:00:06 +02:00
Rob Mosher
8a3582fa8a busybox: prevent compile hang with bzip2 enabled
The BZIP2_SMALL option was not being exposed via Config.in which
caused the build to fail as 'yes' is piped to the config during
build.  As it's expecting a number, it gets stuck in a loop.

Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
2018-08-08 22:08:49 +02:00
Jo-Philipp Wich
cc21dab6cc ucert: update to lastest git HEAD
Update to latest HEAD in order to fix a stack memory corruption issue:

1056e73 Change the sigb buffer to be the same size as the fread

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-08 19:52:13 +02:00
Hans Dedecker
4d961538f6 iproute2: add libutil to InstallDev section
In iproute2 v4.17 ll_map has been moved from the libnetlink to the libutil
library; add libutil as well to the staging dir in order to keep support
for ll_map

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-08 14:29:08 +02:00
David Bauer
5107ba2374 uboot-envtools: add ath79 target
This adds uci entries for all ath79 devices for which this already was
the case on ar71xx. Additionally we add the OCEDO Koala as there was no
support in OpenWRT yet.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-08-08 08:38:45 +02:00
Daniel Golle
8174853c78 base-files: introduce sysupgrade signature chain verification
Verify ucert signature chains in sysupgrade images in case ucert is
installed and $CHECK_IMAGE_SIGNARURE = 1.
Also make sure ucert host binary is present and generate a self-signed
ucert in case $TOPDIR/key-build.ucert is missing.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-08 02:22:54 +02:00
Daniel Golle
7a52ce3faf ucert: update source
ad816fc set rpath to make bundle-libraries.sh happy
 63ad591 blob_buf needs to be zero'd

Now that libubox, libjson-c and libblobms_json are installed into
STAGING_DIR_HOST we can properly bundle ucert in the ImageBuilder.
Follow-up commits will make use of it to include a signature-chain in
sysupgrade images using fwtool.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 23:20:18 +02:00
Daniel Golle
73100024d3 libubox: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 22:31:48 +02:00
Daniel Golle
a5368dc30c libjson-c: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 22:31:48 +02:00
Jo-Philipp Wich
1c4a255aa1 libubox: fix source version date
The referenced Git commit was made on the 25th of July, not June.

Fixes 432eaa940f ("libubox: fix mirror hash")
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-07 17:27:05 +02:00
Jo-Philipp Wich
432eaa940f libubox: fix mirror hash
Correct the mirror hash to reflect whats on the download server.

A locally produced libubox SCM tarball was also verified to yield an identical
checksum compared to the one currently on the download server.

Fixes FS#1707.
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-07 16:32:30 +02:00
Eneas U de Queiroz
33fd1d0d91 ustream-ssl: update to latest git HEAD
23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-08-07 14:28:16 +02:00
Hans Dedecker
9537c1a153 procd: update to latest git HEAD
e29966f Allow disabling seccomp or changing the whitelist
5f57223 trace: Use properly sized type for PTRACE_GETEVENTMSG
747efb6 procd: fix ustream deadlock when there are 0 bytes or no newlines

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-06 22:48:42 +02:00
Jo-Philipp Wich
93ac8b03b0 Revert "netfilter: separate IPv6 relevant kernel modules from IPv4"
This reverts commit 42a3c6465a.

The change was apparently never build-tested with all kmods enabled. I took
a brief look but found no simple way to untangle this, so revert it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-06 19:46:37 +02:00
Rosy Song
42a3c6465a netfilter: separate IPv6 relevant kernel modules from IPv4
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-08-06 12:09:04 +02:00
Rosy Song
2b637e5ab8 base-files: do not add relevant sections & options except when ipv6 is support in kernel
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-08-06 12:08:47 +02:00
Christian Lamparter
3fce12568a kernel: modules: fix kmod-regmap redux
Jonas Gorski commented on the previous patch:
|This is actually the wrong fix and papers over an issue in one of our
|local patches.
|
|We intentionally allow regmap to be built as a module, see
|
|/target/linux/generic/hack-4.14/259-regmap_dynamic.patch
|[...]
|[The regulator code] optionally supports regmap thanks to the stubs
|provided if regmap is disabled - which breaks if you compile regmap
|as a module.

In order to mitigate this issue, this patch reverts the previous patch
and replaces the existing IS_ENABLED(CONFIG_REGMAP) with
IS_REACHABLE(CONFIG_REGMAP). This solves this particular issue as the
regulator code will now automatically fallback to the regmap stubs in
case the kmod-regmap module is enabled, but nothing else sets
CONFIG_REGMAP=y.

Note: There's still a potential issue that this patch doesn't solve:
If someone ever wants to make a OpenWrt kernel package for a
regulator module that requires the REGMAP feature for a target that
doesn't set CONFIG_REGMAP=y but has CONFIG_REGULATOR=y, the resulting
kmod-regulator-xyz package will not work on the target.
Luckily, there aren't any in-tree OpenWrt kernel module packages for
regulators at the moment. On the bright side: regmap is a critical
part nowadays and all new and upcoming architectures require it by
default. This will likely only ever be a problem for legacy targets
and devices that cannot afford to enable REGMAP.

Cc: Jonas Gorski <jonas.gorski@gmail.com>
Cc: John Crispin <john@phrozen.org>
Fixes: d00913d121 ("kernel: modules: fix kmod-regmap")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-08-06 07:17:12 +02:00
Andreas Ziegler
72489ebeb6 base-files: sysupgrade: abort if config backup fails
Sysupgrade shouldn't proceed, if the backup of the configuration
fails because tar (or gzip) exit with a non-zero code.

Signed-off-by: Andreas Ziegler <dev@andreas-ziegler.de>
2018-08-06 06:51:44 +02:00
Jason A. Donenfeld
68e2ebe64a wireguard: bump to 0.0.20180802
Changelog taken from the version announcement

> == Changes ==
>
>   * chacha20poly1305: selftest: split up test vector constants
>
>   The test vectors are encoded as long strings -- really long strings -- and
>   apparently RFC821 doesn't like lines longer than 998.
>   https://cr.yp.to/smtp/message.html
>
>   * queueing: keep reference to peer after setting atomic state bit
>
>   This fixes a regression introduced when preparing the LKML submission.
>
>   * allowedips: prevent double read in kref
>   * allowedips: avoid window of disappeared peer
>   * hashtables: document immediate zeroing semantics
>   * peer: ensure resources are freed when creation fails
>   * queueing: document double-adding and reference conditions
>   * queueing: ensure strictly ordered loads and stores
>   * cookie: returned keypair might disappear if rcu lock not held
>   * noise: free peer references on failure
>   * peer: ensure destruction doesn't race
>
>   Various fixes, as well as lots of code comment documentation, for a
>   small variety of the less obvious aspects of object lifecycles,
>   focused on correctness.
>
>   * allowedips: free root inside of RCU callback
>   * allowedips: use different macro names so as to avoid confusion
>
>   These incorporate two suggestions from LKML.
>
> This snapshot contains commits from: Jason A. Donenfeld and Jann Horn.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-08-04 04:04:34 +00:00
Jo-Philipp Wich
e44162ffca uclient: update to latest git HEAD
f2573da uclient-fetch: use package name pattern in message for missing SSL library
9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename
f41ff60 uclient-http: basic auth: Handle memory allocation failure
a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures
66fb58d uclient-http: Handle memory allocation failure
2ac991b uclient: Handle memory allocation failure for url
63beea4 uclient-http: Implement error handling for header-sending
eb850df uclient-utils: Handle memory allocation failure for url file name
ae1c656 uclient-http: Close ustream file handle only if allocated

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-03 23:50:29 +02:00
Kevin Darbyshire-Bryant
13c66f8820 iproute2: cake: make gso/gro splitting configurable
This patch makes sch_cake's gso/gro splitting configurable
from userspace.

To disable breaking apart superpackets in sch_cake:

tc qdisc replace dev whatever root cake no-split-gso

to enable:

tc qdisc replace dev whatever root cake split-gso

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Dave Taht <dave.taht@gmail.com>
[pulled from netdev list - no API/ABI change]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-08-02 22:00:19 +01:00
Kevin Darbyshire-Bryant
4f3c9a63b2 kmod-sched-cake: bump to 20180728 optional gso split
Follow upstream kernel patch that restores always splitting gso packets
by default whilst making the option configurable from (tc) userspace.

No ABI/API change

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-08-02 22:00:19 +01:00
Hannu Nyman
12fb4bb834 busybox: update to 1.29.2
* Update busybox to 1.29.2
* refresh default config
* remove upstreamed patches

Config refreshed with
  cd config/
  ../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a9+vfpv3_musl_eabi/busybox-1.29.2
  cd ..
  ./convert_defaults.pl < ../../../build_dir/target-arm_cortex-a9+vfpv3_musl_eabi/busybox-1.29.2/.config > Config-defaults.in

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Tested-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-02 22:36:00 +02:00
Koen Vandeputte
457e6d5a27 iperf: bump to 2.0.12
Fixes the annoying 'feature' were TTL was set to "1" by default ..
Users had to specify -T manually to test outside the own network.

2.0.12 change set (as of June 25th 2018)

o Change the unicast TTL default value from 1 to the system default (to be compatable with previous versions.) Multicast still defaults to 1.
o adpative formatting bug fix: crash occurs when values exceed 1 Tera. Add support for Tera and Peta and eliminate the potential crash condition
o configure default compile to include isochronous support (use configure --disable-isochronous to remove support)
o replace 2.0.11's --vary-load option with a more general -b option to include <mean>,<stdev>, e.g. -b 100m,40m, which will pull from a log normal distribution every 0.1 seconds
o fixes for windows cross compile (using mingw32)
o compile flags of -fPIE for android
o configure --enable-checkprograms to compile ancillary binaries used to test things such as delay, isoch, pdf generation
o compile tests when trying to use 64b seq numbers on a 32b platform
o Fix GCC ver 8 warnings

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-02 15:03:21 +02:00
Koen Vandeputte
a2a225517d gdb: bump to 8.1.1
GDB 8.1.1 brings the following fixes and enhancements over GDB 8.1:

 * PR gdb/22824 (misleading description of new rbreak Python function in GDB 8.1 NEWS file)
 * PR gdb/22849 (ctrl-c doesn't work in extended-remote)
 * PR gdb/22907 ([Regression] gdbserver doesn't work with filename-only binaries)
 * PR gdb/23028 (inconsistent disassemble of vcvtpd2dq)
 * PR gdb/23053 (Fix -D_GLIBCXX_DEBUG gdb-add-index regression)
 * PR gdb/23127 ([AArch64] GDB cannot be used for debugging software that uses high Virtual Addresses)
 * PR server/23158 (gdbserver no longer functional on Windows)
 * PR breakpoints/23210 ([8.1/8.2 Regression] Bogus Breakpoint address adjusted from 0xf7fe7dd3 to 0xfffffffff7fe7dd3)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-01 16:12:53 +02:00
Eneas U de Queiroz
f63f20fb93 adb: added patch for openssl 1.1.0 compatibility
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-08-01 11:44:30 +02:00
Rosy Song
f30583c41d nftables: allow to build with json support
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-08-01 11:25:04 +02:00
Jo-Philipp Wich
fdd6c556ab iwinfo: update to latest Git HEAD
a514139 build: compile with -ffunction-sections, -fdata-sections and LTO
3c30b17 wl: only invoke nvram executable if it exists
65b8333 Revert "build: compile with -ffunction-sections, -fdata-sections and LTO"

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-31 20:40:33 +02:00
Rafał Miłecki
fecbd91c7c mac80211: brcmfmac: backport patch for per-firmware features
This allows driver to support features that can't be dynamically
discovered.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-07-31 09:45:03 +02:00
Christian Schoenebeck
c89195eb25 ca-caertificates: remove myself as PKG_MAINTAINER
remove myself as PKG_MAINTAINER

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2018-07-31 00:00:20 +02:00
John Crispin
3c4eeb5d21 netifd: update to latest git HEAD
fix a compile error

Signed-off-by: John Crispin <john@phrozen.org>
2018-07-30 23:56:14 +02:00
Hans Dedecker
929eac5b82 netifd: update to latest git HEAD (FS#1668)
75ee790 interface-ip: fix eui64 ifaceid generation (FS#1668)
ca97097 netifd: make sure the vlan ifname fits into the buffer
b8c1bca iprule: remove bogus assert calls
a2f952d iprule: fix broken in_dev/out_dev checks
263631a vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name()
291ccbb ubus: display correct prefix size for IPv6 prefix address
908a9f4 CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags
b06b011 proto-shell.c: add a explicit "fall through" comment to make the compiler happy
60293a7 replace fall throughs in switch/cases where possible with simple code changes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-30 23:01:55 +02:00
Christian Lamparter
d00913d121 kernel: modules: fix kmod-regmap
This patch fixes the a compile issue that was triggered by
apm821xx/sata when kmod-regmap was selected.

The CONFIG_REGMAP is declared in drivers/base/regmap/Kconfig
as type "bool" and not "tristate". Hence the symbol should
never be set to module, as this confuses the #if CONFIG_REGMAP
guards in include/linux/regmap.h:

|.../drivers/regulator/core.c:4041: undefined reference to `dev_get_regmap'
|.../drivers/regulator/core.c:4042: undefined reference to `dev_get_regmap'
|.../drivers/regulator/core.c:4044: undefined reference to `dev_get_regmap'
|.../drivers/regulator/helpers.o: In function `regulator_is_enabled_regmap':
|.../drivers/regulator/helpers.c:36: undefined reference to `regmap_read'
|...

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-07-30 22:37:22 +02:00
Stijn Tintel
50c5fdd54d tcpdump: explicitly disable libcap-ng support
When libcap-ng is detected during build, support for it is enabled. This
will cause a build failure due to a missing dependency. Explicitly
disable libcap-ng support to avoid this.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-07-30 23:27:55 +03:00
Sven Eckelmann
ef39d0079b mac80211: ath10k: Limit available channels via DT ieee80211-freq-limit
Tri-band devices (1x 2.4GHz + 2x 5GHz) often incorporate special filters in
the RX and TX path. These filtered channel can in theory still be used by
the hardware but the signal strength is reduced so much that it makes no
sense.

There is already a DT property to limit the available channels but ath10k
has to manually call this functionality to limit the currrently set wiphy
channels further.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-07-30 20:46:13 +02:00
Torbjörn Jansson
af9a96d23e kernel: add kmod-iio-htu21
This adds support for the htu21 humidity and temperature sensor.

To get it to work you have to do something like this:
echo "htu21 0x40" >/sys/class/i2c-dev/i2c-1/device/new_device
for example by adding it to rc.local

Compile tested on brcm2708 and I have used an earlier version of this
patch for more than a year.

Signed-off-by: Torbjörn Jansson <torbjorn.jansson@mbox200.swipnet.se>
2018-07-30 19:34:43 +02:00
Alexandru Ardelean
20346a63f6 wolfssl: remove myself as maintainer
I no longer have the time, nor the desire to maintain this package.
Remove myself as maintainer.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-07-30 19:34:43 +02:00
John Crispin
5e1b4c57de base-files: drop fwtool_pre_upgrade
this feature has never worked, the fw image name was not passed and the -t
parameter was missing in the tool invocation. drop the feature.

Signed-off-by: John Crispin <john@phrozen.org>
2018-07-30 17:42:39 +02:00
Ademar Arvati Filho
27b2f0fc0f kirkwood: add support for Iomega Storcenter ix2-200
Iomega Storcenter ix2-200 is a dual SATA NAS powered by a Marvell
 Kirkwood SoC clocked at 1GHz. It has 256MB of RAM and 32MB of
 flash memory, 3x USB 2.0 and 1x 1Gbit/s NIC

Specification:
- SoC: Marvell Kirkwood 88F6281
- CPU/Speed: 1000Mhz
- Flash-Chip: Hynix NAND
- Flash size: 32 MiB,erase size:16 KiB,page size:512,OOB size:16
- RAM: 256MB
- LAN: 1x 1000 Mbps Ethernet
- WiFi: none
- 3x USB 2.0
- UART: for serial console

Installation instructions - easy steps:
1. download factory.bin and copy into tftp server
2. access uboot environment with serial cable and run
    ```
    setenv mainlineLinux yes
    setenv arcNumber 1682
    setenv console 'console=ttyS0,115200n8'
    setenv mtdparts 'mtdparts=orion_nand:0x100000@0x000000(u-boot)ro,0x20000@0xA0000(u-boot environment)ro,0x300000@0x100000(kernel),0x1C00000@0x400000(ubi)'
    setenv bootargs_root 'root='
    setenv bootcmd 'setenv bootargs ${console} ${mtdparts} ${bootargs_root}; nand read.e 0x800000 0x100000 0x300000; bootm 0x00800000'
    saveenv
    setenv serverip 192.168.1.1
    setenv ipaddr 192.168.1.13
    tftpboot 0x00800000 factory.bin
    nand erase 0x100000 $(filesize)
    nand write 0x00800000 0x100000 $(filesize)
    run bootcmd
    ```
3. access openwrt by dhcp ip address assigned by your router (p.ex: 192.168.1.13)

Installation steps nand bad blocks proof:
1. download initramfs-uImage and copy into usb ext2 partition
    ```
    mkfs.ext2 -L ext2 /dev/sdh1
    mount -t ext2 /dev/sdh1 /mnt
    cp initramfs-uImage /mnt/initramfs.bin
    umount /mnt
    ```
2. access uboot environment with serial cable and run
    ```
    setenv mainlineLinux yes
    setenv arcNumber 1682
    setenv console 'console=ttyS0,115200n8'
    setenv mtdparts 'mtdparts=orion_nand:0x100000@0x000000(u-boot)ro,0x20000@0xA0000(u-boot environment)ro,0x300000@0x100000(kernel),0x1C00000@0x400000(ubi)'
    setenv bootargs_root 'root='
    setenv bootcmd 'setenv bootargs ${console} ${mtdparts} ${bootargs_root}; nand read.e 0x800000 0x100000 0x300000; bootm 0x00800000'
    saveenv
    usb reset; ext2load usb 0:1 0x00800000 /initramfs.bin; bootm 0x00800000
    ```
3. log into openwrt and sysupgrade to install into flash
    ```
    sysupgrade -n /tmp/sysupgrade.bin
    ```
4. access openwrt by dhcp ip address assigned by your router (p.ex: 192.168.1.13)

Signed-off-by: Ademar Arvati Filho <arvati@hotmail.com>
2018-07-30 15:21:00 +02:00
Eneas U de Queiroz
26dbf79f49 libevent2: Don't build tests and samples
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This reduces build time significantly.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-07-30 15:19:16 +02:00
Jo-Philipp Wich
3083962dd4 ath10k-ct: fix build with current mac80211 package
Commit 2dcd955aea ("mac80211: backport and update patches for ath10k")
changed the DFS detector API, causing ath10k-ct to fail building due to
a missing add_pulse() argument.

Extend the already existing kernel compatibility patch to also adjust
the add_pulse() call accordingly.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-30 15:03:44 +02:00
Lucian Cristian
40f66f1431 omap: rename image for sysupgrade compatibility
for sysupgrade to work we need to change the image name based on dts target name

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-07-30 11:03:02 +02:00
Nick Hainke
abefb4fda3 hostapd: add ht and vht support in handle event function Add ht and vht capabilities. If a device sends a probe request, the capabilities are added.
Signed-off-by: Nick Hainke <vincent@systemli.org>
2018-07-30 11:01:04 +02:00
Nick Hainke
74ac742277 hostapd: add ubus call for ap features
The call "get_features" allows to gather hostapd config options
via ubus. As first infos we add the ht and vht support.
Although nl80211 supports to gather informations about
ht and vht capabilities, the hostapd configuration can disable
vht and ht. However, it is possible that the iw output is not
representing the actual hostapd configuration.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2018-07-30 10:59:25 +02:00
Mathew McBride
ae95a8ad3e uboot-envtools: add configuration for Traverse LS1043 boards.
Signed-off-by: Mathew McBride <matt@traverse.com.au>
2018-07-30 10:53:57 +02:00
Luiz Angelo Daros de Luca
f1bef0596f openvpn-easy-rsa: update to 3.0.4
Upstream renamed openssl-1.0.cnf to openssl-easyrsa.cnf.
However, pkg kept using openssl-1.0.cnf.

Upstream easyrsa searchs for vars, openssl-*, x509-types in the
same directory as easyrsa script. This was patched to revert
back to static /etc/easy-rsa/ directory (as does OpenSUSE).
EASYRSA_PKI still depends on $PWD.

Move easyrsa from /usr/sbin to /usr/bin as root is not needed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-07-30 10:43:38 +02:00
Daniel Gimpelevich
c762817c92 kernel: package x86-optimized crypto-misc modules
Some of the modules in the crypto-misc package have alternate
implementations optimized for different x86 instruction set extensions,
but only one of these was built for this package until now: twofish-i586.ko

Tested with insmod, on both x86 and x86_64. The modules now have an
autoload, which they previous didn't, loading the dependencies in the
correct order.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2018-07-30 10:43:38 +02:00
Leon M. George
025688794d libevent: update to 2.1.8
Signed-off-by: Leon M. George <leon@georgemail.eu>
2018-07-30 10:43:37 +02:00
Rosy Song
b4d4e4ceb5 include: add netdev family support for nftables
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-07-30 10:43:37 +02:00
Andy Walsh
1639ebcb06 ncurses: install lib on host build
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-07-30 10:43:37 +02:00
Martin Strobel
7d7323bccd iptables: add ip[6|]tables-compat packages + libxtables-compat depends on IPTABLES_NFTABLES
allows iptables-compat to use nft packet filtering
allows to translate iptables-style to nft-style

Signed-off-by: Martin Strobel <arctus@crza.de>
2018-07-30 10:43:36 +02:00
Dmitry Tunin
c128371124 igmpproxy: drop SSDP packets
It is insecure to let this type of packets inside
They can e.g. open ports on some other routers with UPnP, etc

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
2018-07-30 10:43:36 +02:00
Massimo Tum
0a492ee39e ath10k: update QCA4019 firmware
With AVM Fritz!Box 4040 and OpenWrt 18.06 RC1 there are many kernel warnings
kern.warn kernel: [87771.917049] ath10k_ahb a000000.wifi: Invalid VHT mcs 15 peer stats
and there are disconnections when the connected clients are many, at the moment I tried with 16 clients on 2.4 GHz and 8 on 5 GHZ.

Firmware 10.4-3.5.3-00057 fixes these warnings and the problem of disconnections of some clients.

Signed-off-by: Massimo Tum <masnia@tiscali.it>
2018-07-30 10:43:35 +02:00
Nick Hainke
296ae7ab89 iwinfo: update to version 2018-07-24
Update to new iwinfo version.
Adds support for channel survey.
Adds ubus support.
Etc.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2018-07-30 10:43:31 +02:00
Edi Turn
e9dee19487 grub2: fix packed-not-aligned error on GCC 8
Fix the compile error "packed-not-aligned" when using GCC 8.

Signed-off-by: Edi Turn <yyxstter@gmail.com>
2018-07-30 10:42:47 +02:00
Daniel Engberg
5647cc7bd4 treewide: Bump PKG_RELEASE due to mbedtls update
Bump PKG_RELEASE on packages that depends on (lib)mbedtls to avoid library
mismatch.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-30 10:35:12 +02:00
Daniel Engberg
5b614e3347 mbedtls: Update to 2.12.0
Update mbedtls to 2.12.0
Multiple security fixes
Add support for Chacha20 and Poly1305 cryptographic primitives and their
associated ciphersuites

Difference in size on mips_24kc (ipk):
164kbytes (167882 bytes)
170kbytes (173563 bytes)

https://tls.mbed.org/tech-updates/releases/mbedtls-2.12.0-2.7.5-and-2.1.14-released

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-30 10:35:12 +02:00
Rosen Penev
0394ca26c3 admswconfig: Remove dead URL + HTTPS
Found using uscan.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-07-30 10:35:11 +02:00
Christian Lamparter
df495305f3 ipq-wifi: add a note / reminder about upstreaming new board files
|Please send a mail with your device-specific board files upstream.
|You can find instructions and examples on the linux-wireless wiki:
|<https://wireless.wiki.kernel.org/en/users/drivers/ath10k/boardfiles>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-07-30 08:11:21 +02:00
Rosen Penev
fc89831ae8 thc-ipv6: Update URLs
Development has moved to GitHub. Found using UScan.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-07-29 12:11:31 +02:00
Rosen Penev
31f87ebcb2 libjson-c: Update package URL
Found through UScan.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-07-29 12:05:53 +02:00
Dmitry Tunin
7a6b2badfa igmpproxy: add a silent logging option
[0-3](none, minimal[default], more, maximum)

It is not 100% backward compatible, because now 0 disables logging

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
2018-07-28 15:20:39 +01:00
Kevin Darbyshire-Bryant
1e93ef8498 dnsmasq: bump to dnsmasq v2.80test3
Refresh patches

Upstream commits since last bump:

3b6eb19 Log DNSSEC trust anchors at startup.
f3e5787 Trivial comment change.
c851c69 Log failure to confirm an address in DHCPv6.
a3bd7e7 Fix missing fatal errors when parsing some command-line/config options.
ab5ceaf Document the --help option in the french manual
1f2f69d Fix recurrent minor spelling mistake in french manual
f361b39 Fix some mistakes in french translation of the manual
eb1fe15 When replacing cache entries, preserve CNAMES which target them.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-28 11:16:41 +01:00
Daniel Golle
af4b23dde2 util-linux: package blockdev executable
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-07-27 12:51:03 +02:00
Masashi Honma
d05967baec wwan: Fix teardown for sierra_net driver
The sierra_net driver is using proto_directip_setup for setup. So use
proto_directip_teardown for teardown.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2018-07-27 11:17:20 +02:00
Syrone Wong
7dfd72dfff ead: use new protocol setting API since libpcap 1.9.0
Dropped the protocol API specific symbol: HAS_PROTO_EXTENSION and
switch to the official API

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
2018-07-27 11:17:20 +02:00
Syrone Wong
4d57c696b1 libpcap: update to 1.9.0
001-Fix-compiler_state_t.ai-usage-when-INET6-is-not-defi.patch dropped due to upstream
002-Add-missing-compiler_state_t-parameter.patch dropped due to upstream

202-protocol_api.patch dropped due to implemented upstream by another way
upstream commit: 55c690f6f8
and renamed via: 697b1f7e9b

ead is the only user who use the protocol api, we have to use the new api since libpcap 1.9.0

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
2018-07-27 11:17:20 +02:00
Rafał Miłecki
c0608c6a27 mac80211: brcmfmac: backport 4.19 patches preparing monitor mode support
Monitor mode isn't supported yet with brcmfmac, it's just an early work.
This also prepares brcmfmac to work stable with new firmwares which use
updated struct for passing STA info.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-07-27 08:04:14 +02:00
Rafał Miłecki
b26214adb5 mac80211: backport brcmfmac fixes & debugging helpers from 4.18
The most important is probably regression fix in handling platform
NVRAM. That bug stopped hardware from being properly calibrated breaking
e.g. 5 GHz for Netgear R8000.

Other than that it triggers memory dumps when experiencing firmware
problems which is important for debugging purposes.

Fixes: 7e8eb7f309 ("mac80211: backport brcmfmac firmware & clm_blob loading rework")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-07-26 23:21:46 +02:00
Jo-Philipp Wich
7316515891 ubus: update to latest git HEAD
40e0931 libubus: pass an empty UBUS_ATTR_DATA block if msg is NULL on invoke

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-26 16:48:07 +02:00
Jo-Philipp Wich
88c88823d5 odhcpd: update to latest git HEAD
44cce31 ubus: avoid dumping interface state with NULL message

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-26 14:53:05 +02:00
Jo-Philipp Wich
3ee2c76ae0 firewall: update to latest git HEAD
aa8846b ubus: avoid dumping interface state with NULL message

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-26 08:44:53 +02:00
John Crispin
a5c3bbaf56 ubus: update to latest git HEAD
884be45 libubus: check for non-NULL data before running callbacks

Signed-off-by: John Crispin <john@phrozen.org>
2018-07-25 12:15:45 +02:00
John Crispin
5dc32620c4 libubox: update to latest git HEAD
c83a84a fix segfault when passed blobmsg attr is NULL

Signed-off-by: John Crispin <john@phrozen.org>
2018-07-25 12:13:19 +02:00
Ted Hess
354de22bad elfutils: Copy missing libraries to staging and packages
Newer shared libraries seem to have the package version as part of their name.
E.g.: libelf-0.173.so

Signed-off-by: Ted Hess <thess@kitschensync.net>
2018-07-24 14:32:27 -04:00
Daniel Engberg
f486f81c64 utils/curl: Disable libpsl
Disabled libpsl to fix build issue reported by buildbots

Package libcurl is missing dependencies for the following libraries:
libpsl.so.5


Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-24 15:35:51 +02:00
Aleksandr V. Piskunov
20c4819c7b wireguard-tools: add wireguard_watchdog script
This watchdog script tries to re-resolve hostnames for inactive WireGuard peers.
Use it for peers with a frequently changing dynamic IP.
persistent_keepalive must be set, recommended value is 25 seconds.
Run this script from cron every minute:
echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root

Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
[bump the package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-22 21:52:20 +01:00
Ansuel Smith
2dcd955aea mac80211: backport and update patches for ath10k
This commit refreshes and updates the VHT160 ath10k support fix patches
and adds a number of backports from ath-next:

 * 8ed05ed06fca ath10k: handle tdls peer events
 * 229329ff345f ath10k: wmi: modify svc bitmap parsing for wcn3990
 * 14d65775687c ath10k: advertise TDLS wider bandwidth support for 5GHz
 * bc64d05220f3 ath10k: debugfs support to get final TPC stats for 10.4 variants
 * 8b2d93dd2261 ath10k: Fix kernel panic while using worker (ath10k_sta_rc_update_wk)
 * 4b190675ad06 ath10k: fix kernel panic while reading tpc_stats
 * be8cce96f14d ath10k: add support to configure channel dwell time
 * f40105e67478 ath: add support to get the detected radar specifications
 * 6f6eb1bcbeff ath10k: DFS Host Confirmation
 * 260e629bbf44 ath10k: fix memory leak of tpc_stats
 * 38441fb6fcbb ath10k: support use of channel 173
 * 2e9bcd0d7324 ath10k: fix spectral scan for QCA9984 and QCA9888 chipsets

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
[move backported patches in the 3xx number space, bring in upstream order,
 replace incomplete patch files with git format-patch ones, rewrite commit
 message, fix subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-22 22:25:33 +02:00
Jason A. Donenfeld
57b808ec88 wireguard: bump to 0.0.20180718
80b41cd version: bump snapshot
fe5f0f6 recieve: disable NAPI busy polling
e863f40 device: destroy workqueue before freeing queue
81a2e7e wg-quick: allow link local default gateway
95951af receive: use gro call instead of plain call
d9501f1 receive: account for zero or negative budget
e80799b tools: only error on wg show if all interfaces failk

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[Added commit log to commit description]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-22 21:01:34 +01:00
Felix Fietkau
f0ac9afe69 hostapd: remove unused struct hostapd_ubus_iface
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-22 17:17:20 +02:00
Kevin Darbyshire-Bryant
03fce62c09 iproute2: tc: backport canonical cake support
iproute2's tc was updated to support the recently upstreamed cake qdisc.
Backport this canonical support from upstream into iproute2 v4.17

There is no kernel kmod/userspace tc ABI change in this release from the
previous package bump, so everyone can breath a sigh of relief.

This is largely a code style change, the exception to prove the rule:
option 'autorate_ingress' has been changed to 'autorate-ingress' to fit
in with upstream option naming expectations.

No openwrt package (e.g. sqm-scripts) has knowledge of
'autorate_ingress' thus only users who made their own scripts or used
it within the 'dangerous configuration' options of sqm-scripts will be
affected.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-21 08:47:40 +01:00
Luiz Angelo Daros de Luca
4c42887286 base-files: fix wrong sysctl parameter order
Restarting service sysctl echos multiple errors like:

  sysctl: -e: No such file or directory

After the first filename, all remaining arguments are treated
as files.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-07-18 19:17:46 +02:00
Mathias Kresin
3838b16943 hostapd: fix conflicts hell
Add each variant to the matching PROVIDERS variables after evaluating
the respective hostapd*, wpad* and wpa* variant.

Each package providing the same feature will automatically conflict with
all prior packages providing the same feature.

This way we can handle the conflicts automatically without introducing
recursive dependencies.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-07-18 19:17:46 +02:00
Mathias Kresin
8af8ceb1c8 hostapd: cleanup package definition
Move common variables and/or values to the package (variant) default.
Add additional values in variant packages if necessary. Remove further
duplicates by introducing new templates.

Remove the ANY_[HOSTAPD|SUPPLICANT_PROVIDERS]_PROVIDERS. The are the
same as the variables without the any prefix. No need to maintain both
variables.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-07-18 19:17:46 +02:00
Kevin Darbyshire-Bryant
9d5a246930 igmpproxy: run in foreground for procd
procd needs processes to stay in foreground to remain under its gaze and
control.  Failure to do so means service stop commands fail to actually
stop the process (procd doesn't think it's running 'cos the process has
exited already as part of its forking routing)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-18 18:00:42 +01:00
Hans Dedecker
1e83f775a3 firewall3: update to latest git HEAD
d2bbeb7 firewall3: make reject types selectable by user

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-17 22:15:03 +02:00
Hans Dedecker
2336b942b3 dnsmasq: don't use network functions at boottime (FS#1542)
As dnsmasq is started earlier than netifd usage of network.sh functions
at boottime will fail; therefore don't call at boottime the functions
which construct the dhcp pool/relay info.
As interface triggers are installed the dhcp pool/relay info will be
constructed when the interface gets reported as up by netifd.
At the same time also register interface triggers based on DHCP relay
config.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-17 21:32:20 +02:00
Jo-Philipp Wich
9019323ec1 ppp: fix building pptp plugin
The pptp.so plugin needs to be built with -fPIC as well in order to be
linkable again.

Fixes 888a15ff83 ("ppp: add missing -fPIC to rp-pppoe.so CFLAGS")
Fixes e7397eef69 ("ppp: compile with LTO enabled")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-17 21:21:44 +02:00
Jo-Philipp Wich
28d3a1b54b openvpn: increase procd termination timeout to 15s
Increase the termination timeout to 15s to let OpenVPN properly tear down
its connections, especially when weak links or complex down scripts are
involved.

Fixes FS#859.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-17 16:03:56 +02:00
Jo-Philipp Wich
1bad852ff5 base-files: network.sh: gracefully handle missing network.interface ubus ns
When attempting to use any of the functions in network.sh while netifd is
not started yet, the ubus interface dump query will fail with "Not found",
yielding an empty response.

Subsequently, jsonfilter is invoked with an empty string instead of a valid
JSON document, causing it to emit a second "unexpected end of data" error.

This caused the dnsmasq init script to log the following errors during
early boot on some systems:

    procd: /etc/rc.d/S19dnsmasq: Command failed: Not found.
    procd: /etc/rc.d/S19dnsmasq: Failed to parse json data: unexpected end of data.

Fix the issue by allowing the ubus query to fail with "Not found" but still
logging other failures, and by passing an empty JSON object to jsonfilter
if the interface status cache is empty.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-17 08:10:20 +02:00
Peter Wagner
d8d2133c35 librpc: add host build to install h files needed for nfs-kernel-server to get compiled
Signed-off-by: Peter Wagner <tripolar@gmx.at>
2018-07-16 15:12:19 +02:00
Steffen Förster
1ef65ceeaf kernel: insmod phy-broadcom module during preinit
Some HP Thin clients use the broadcom nextreme chip as integrated NIC.
It is connected via PCI express and will only be found automatically if
phy-broadcom is loaded before tg3. This small change makes the thin
client usable for Freifunk with gluon out of the box.

Signed-off-by: Steffen Förster <steffen@chemnitz.freifunk.net>
2018-07-16 15:12:18 +02:00
Daniel Engberg
09d794ab92 popt: Replace dead upstream site with mirror
We can safely assume by now that rpm5.org is dead and isn't coming back
so just add another mirror instead.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-16 15:12:18 +02:00
Daniel Engberg
0a4cd1a682 package/utils/f2fs-tools: Update to 1.11.0
Update f2fs-tools to 1.11.0

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-16 15:12:18 +02:00
Daniel Engberg
804c51e1e6 package/utils/e2fsprogs: Update to 1.44.3
Update e2fsprogs to 1.44.3
Enable threads
Enable LTO

Numbers on mips_24kc (a few packages):

Old --> New --> LTO and threads
e2fsprogs_*_mips_24kc.ipk: 173 --> 174 --> 154kbyte
libblkid_*_mips_24kc.ipk:  114 --> 114 --> 114kbyte
libext2fs_*_mips_24kc.ipk: 138 --> 139 --> 139kbyte

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-16 15:12:18 +02:00
Lukas Mrtvy
f21bcb4db8 kernel: leds-apu2 remove boardname check
'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'

Signed-off-by: Lukas Mrtvy <lukas.mrtvy@gmail.com>
2018-07-16 15:12:17 +02:00
Kevin Darbyshire-Bryant
c729c43b39 kmod-sched-cake: bump to 20180716
Bump to the latest cake recipe.

This backports tc class support to kernel 4.9 and other than conditional
kernel compilation pre-processor macros represents the cake that has
gone upstream into kernel 4.19.  Loud cheer!

Fun may be had by changing cake tin classification for packets on
ingress. e.g.

tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \
ip dport 6981 0xffff action skbedit priority 800b:1

Where 800b: represents the filter handle for the ifb obtained by 'tc
qdisc' and the 1 from 800b:1 represents the cake tin number.  So the
above example puts all incoming packets destined for port 6981 into the
BULK (lowest priority) tin.

f39ab9a Obey tin_order for tc filter classifiers
1e2473f Clean up after latest backport.
82531d0 Reorder includes to fix out of tree compilation
52cbc00 Code style cleanup
6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR()
cab17b6 Remove duplicate call to qdisc_watchdog_init()
71c7991 Merge branch 'backport-classful'
32aa7fb Fix compilation on Linux 4.9
9f8fe7a Fix compilation on Linux 4.14
ceab7a3 Rework filter classification
aad5436 Fixed version of class stats
be1c549 Add cake-specific class stats
483399d Use tin_order for class dumps
80dc129 Add class dumping
0c8e6c1 Fix dropping when using filters
c220493 Add the minimum class ops
5ed54d2 Start implementing tc filter/class support

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-16 13:55:58 +01:00
Christian Schoenebeck
1e177844bc dropbear: close all active clients on shutdown
Override the default shutdown action (stop) and close all processes
of dropbear

Since commit 498fe85, the stop action only closes the process
that's listening for new connections, maintaining the ones with
existing clients.
This poses a problem when restarting or shutting-down a device,
because the connections with existing SSH clients, like OpenSSH,
are not properly closed, causing them to hang.

This situation can be avoided by closing all dropbear processes when
shutting-down the system, which closes properly the connections with
current clients.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
[Luis: Rework commit message]
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-07-16 08:40:51 +02:00
Rafał Miłecki
82498a7f7a mtd: improve check for TRX header being already fixed
First of all lengths should be compared after checking all blocks for
being good/bad. It's because requested length may differ from a final
one if there were some bad blocks.

Secondly it makes sense to also compare crc32 since we already have a
new one calculated.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-07-15 23:27:09 +02:00
Daniel Engberg
49bdd43da2 curl: Update to 7.61.0
Update curl to 7.61.0

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-15 22:35:22 +02:00
Hans Dedecker
def5b7f285 odhcp6c: add noserverunicast config option for broken DHCPv6 servers
Fix broken DHCPv6 servers which provide the server unicast option but
do not reply on DHCPv6 renew messages directed to the IPv6 address
contained in the server unicast option whihc results in broken IPv6
connectivity.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-15 22:19:10 +02:00
Rafał Miłecki
0f54489f75 mtd: support bad blocks within the mtd_fixtrx()
Reading MTD data with (p)read doesn't return any error when accessing
bad block. As the result, with current code, CRC32 covers "data" stored
in bad blocks.

That behavior doesn't match CFE's one (bootloader simply skips bad
blocks) and may result in:
1) Invalid CRC32
2) CFE refusing to boot firmware with a following error:
Boot program checksum is invalid

Fix that problem by checking every block before reading its content.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-07-15 16:51:41 +02:00
Felix Fietkau
888a15ff83 ppp: add missing -fPIC to rp-pppoe.so CFLAGS
Fixes build error with LTO

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-14 11:00:23 +02:00
Felix Fietkau
154c0c4006 ubus: compile with LTO enabled
Reduces total .ipk size by about 1k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
73fc67b614 procd: compile with LTO enabled
Reduces .ipk size on MIPS from 42k to 39k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
47b42137ce dropbear: compile with LTO enabled
Reduces size of the .ipk on MIPS from 87k to 84k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
ef96d1e34a firewall: compile with LTO enabled
Reduces .ipk size on MIPS from 41.6k to 41.1k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
ef16a394d2 iw: compile with LTO enabled
Reduces .ipk size on MIPS from 34k to 33k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
e7397eef69 ppp: compile with LTO enabled
Reduces .ipk size on MIPS from 98.5k to 98k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
dfbd49bd22 ppp: fix linker flags for the radius plugin
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
07940acc34 netifd: compile with LTO enabled
Reduces .ipk size from 65k to 63k on MIPS

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
8c11133c9d busybox: compile with LTO enabled
In the default configuration on MIPS, it reduces the .ipk size
from 214k to 207k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
4e56af5ab4 mt76: update to the latest version
08719b1 mt76: use a per rx queue page fragment cache
4d2c565 mt76x2: reset HW before probe
f622975 mt76x2: fix CCK protection control frame rate
6780375 mt76x2: add frame protection support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 16:36:56 +02:00
Matthias Schiffer
16035a7dd3
include/feeds.mk: rework generation of opkg distfeeds.conf
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-12 21:18:41 +02:00
Matthias Schiffer
6dac434c00
base-files: fix feed list in PKG_CONFIG_DEPENDS
FEEDS_ENABLED and FEEDS_DISABLED are derived from FEEDS_AVAILABLE, not
FEEDS_INSTALLED.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-12 21:18:41 +02:00
Lukáš Mrtvý
d3b8e6b2a7 kernel: gpio-nct5104d remove boardname check
'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'

Signed-off-by: Lukáš Mrtvý <lukas.mrtvy@gmail.com>
2018-07-12 08:51:27 +02:00
Hans Dedecker
af70d86d62 netifd: update to latest git HEAD
5cf7975 iprule: rework interface based rules to handle dynamic interfaces
57f87ad Introduce new interface event "create" (IFEV_CREATE)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-11 21:55:23 +02:00
Felix Fietkau
68f9921ed8 netifd: update to the latest version
c1f6a82 system-linux: add autoneg and link-partner output
e9eff34 system-linux: extend link mode speed definitions
d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming
03785fb system-linux: fix build error on older kernels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-11 20:59:05 +02:00
Felix Fietkau
e07ad61aec procd: update to the latest version, fixes gcc 8 build error
a0372ac procd: increase watchdog fd_buf storage size to fix gcc8 build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-11 18:34:59 +02:00
Koen Vandeputte
8b42a260ed mac80211: Expose support for ath9k Dynack
Enables support for Dynack feature.

When a remote station is far away, we need to compensate for the distance
by allowing more time for an ACK to arrive back before issueing a retransmission.
Currently, it needs to be set fixed to indicate the maximum distance the remote
station will ever be.

While this mostly works for static antennae, it introduces 2 issues:
- If the actual distance is less, speed is reduced due to a lot of wates wait-time
- If the distance becomes greater, retries start to occur and comms can get lost.

Allowing to set it dynamically using dynack ensures the best possible tradeoff
between speed vs distance.

This feature is currently only supported in ath9k.
it is also disabled by default.

Enabling it can be done in 2 ways:
- issue cmd:  iw phy0 set distance auto
- sending the NL80211_ATTR_WIPHY_DYN_ACK flag to mac80211 driver using netlink

Disabling it can be done by providing a valid fixed value.

To give an idea of a practical example:

In my usecase, we have mesh wifi device installed on ships/platforms.
Currently, the coverage class is set at 12000m fixed.

When a vessel moved closer (ex. 1500m), the measured link capacity was a lot
lower compared to setting the coverage class fixed to 1500m

Dynack completely solved this, nearly providing double the bandwidth at closer range
compared to the fixed setting of 12000m being used.

Also when a vessel sailed to a distance greater than the fixed setting,
communication was lost as the ACK's never arrived within the max allowed timeframe.

Actual distance: 6010m
iperf 60s run avg

Fixed 12150m:  31 Mbit/s
Dynack:        58 Mbit/s

Fixed 6300m:   51 Mbit/s
Dynack:        59 Mbit/s

Fixed 3000m:   13 Mbit/s  (lots of retries)
Dynack:        58 Mbit/s

Actual distance: 1504m
iperf 60s run avg

Fixed 12150m:  31 Mbit/s
Dynack:        86 Mbit/s

Fixed 6300m:   55 Mbit/s
Dynack:        87 Mbit/s

Fixed 3000m:   67 Mbit/s
Dynack:        87 Mbit/s

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-11 16:23:51 +02:00
Moritz Warning
954faac7bc qos-scripts: fix indentation
Signed-off-by: Moritz Warning <moritzwarning@web.de>
2018-07-11 09:40:40 +02:00
Jason A. Donenfeld
4630159294 wireguard: bump to 0.0.20180708
* device: print daddr not saddr in missing peer error
* receive: style

Debug messages now make sense again.

* wg-quick: android: support excluding applications

Android now supports excluding certain apps (uids) from the tunnel.

* selftest: ratelimiter: improve chance of success via retry
* qemu: bump default kernel version
* qemu: decide debug kernel based on KERNEL_VERSION

Some improvements to our testing infrastructure.

* receive: use NAPI on the receive path

This is a big change that should both improve preemption latency (by not
disabling it unconditionally) and vastly improve rx performance on most
systems by using NAPI. The main purpose of this snapshot is to test out this
technique.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-11 09:04:03 +02:00
Hans Dedecker
7e82418372 iproute2: update to 4.17.0
Update to the latest version of iproute2; see https://lwn.net/Articles/756991/
for a full overview of the changes in 4.17.
Remove upstream patch 002-json_print-fix-hidden-64-bit-type-promotion.
Backport upstream patch 001-rdma-sync-some-IP-headers-with-glibc fixing
rdma compile issue.
At the same time re-organize patch numbering so the OpenWRT specific
patches start at 100.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-10 19:30:12 +02:00
Felix Fietkau
6dac92a42e hostapd: build with LTO enabled (using jobserver for parallel build)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-10 14:26:35 +02:00
Hans Dedecker
98a6bee09a odhcpd: update to latest git HEAD
345bba0 dhcpv4: improve error checking in handle_dhcpv4()
c0f6390 odhcpd: Check if open the ioctl socket failed

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-09 09:28:55 +02:00
Kevin Darbyshire-Bryant
edf338f248 basefiles: Reword sysupgrade message
sysupgrade 'upgrade' message more verbose than needs be.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-08 09:41:53 +01:00
Konstantin Demin
f715d816b7 libnl: bump to 3.4.0
refresh patches

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2018-07-07 18:33:58 +02:00
Vladimir Vid
856cc6d999 uboot-imx: bump to 2018.03 which fixes the build issues with fdt64_t redefinitions
* change mx6qsabresd to mx6qsabres to match defconfig name
* merge wanboard profiles since there is only one defconfig for the target device
* move wanboard options from wandboard.h to defconfig
* remove legacy patches

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2018-07-07 18:33:57 +02:00
Sven Eckelmann
87493dac11 mac80211: initialize sinfo in cfg80211_get_station
Most of the implementations behind cfg80211_get_station will not initialize
sinfo to zero before manipulating it. For example, the member "filled",
which indicates the filled in parts of this struct, is often only modified
by enabling certain bits in the bitfield while keeping the remaining bits
in their original state. A caller without a preinitialized sinfo.filled can
then no longer decide which parts of sinfo were filled in by
cfg80211_get_station (or actually the underlying implementations).

cfg80211_get_station must therefore take care that sinfo is initialized to
zero. Otherwise, the caller may tries to read information which was not
filled in and which must therefore also be considered uninitialized. In
batadv_v_elp_get_throughput's case, an invalid "random" expected throughput
may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may
switch to non-optimal neighbors for certain destinations.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-07-07 18:33:57 +02:00
Sven Eckelmann
1c01e02575 ath10k-ct: search DT for BDF variant info
Board Data File (BDF) is loaded upon driver boot-up procedure. The right
board data file is identified on QCA4019 using bus, bmi-chip-id and
bmi-board-id.

The problem, however, can occur when the (default) board data file cannot
fulfill the vendor requirements and it is necessary to use a different
board data file.

This problem was solved for SMBIOS by adding a special SMBIOS type 0xF8.
Something similar has to be provided for systems without SMBIOS but with
device trees. No solution was specified by QCA and therefore a new one has
to be found for ath10k.

The device tree requires addition strings to define the variant name

    wifi@a000000 {
    	status = "okay";
    	qcom,ath10k-calibration-variant = "RT-AC58U";
    };

    wifi@a800000 {
    	status = "okay";
    	qcom,ath10k-calibration-variant = "RT-AC58U";
    };

This would create the boarddata identifiers for the board-2.bin search

 *  bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=RT-AC58U
 *  bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=RT-AC58U

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2018-07-07 18:33:57 +02:00
Hauke Mehrtens
b19622044d mbedtls: Activate deterministic ECDSA
With deterministic ECDSA the value k needed for the ECDSA signature is
not randomly generated any more, but generated from a hash over the
private key and the message to sign. If the value k used in a ECDSA
signature or the relationship between the two values k used in two
different ECDSA signatures over the same content is know to an attacker
he can derive the private key pretty easily. Using deterministic ECDSA
as defined in the RFC6979 removes this problem by deriving the value k
deterministically from the private key and the content which gets
signed.

The resulting signature is still compatible to signatures generated not
deterministic.

This increases the size of the ipk on mips 24Kc by about 2 KByte.
old:
166.240 libmbedtls_2.11.0-1_mips_24kc.ipk
new:
167.811 libmbedtls_2.11.0-1_mips_24kc.ipk

This does not change the ECDSA performance in a measurable way.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-07-07 18:33:53 +02:00
Daniel Engberg
5a078180d0 mbedtls: Disable MBEDTLS_SHA256_SMALLER implementation
Disable MBEDTLS_SHA256_SMALLER implementation, not enabled by default in
upstream and reduces performance by quite a bit.

Source: include/mbedtls/config.h

Enable an implementation of SHA-256 that has lower ROM footprint but also
lower performance.

The default implementation is meant to be a reasonnable compromise between
performance and size. This version optimizes more aggressively for size at
the expense of performance. Eg on Cortex-M4 it reduces the size of
mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of
about 30%.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
164.382 Bytes
ipkg for mips_24kc after:
166.240 Bytes

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-07 18:31:13 +02:00
Daniel Engberg
10554cfcc1 mbedtls: Update to 2.11.0
Update mbed TLS to 2.11.0

Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS
This is to avoid having a mismatch between packages when upgrading.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.846 Bytes
ipkg for mips_24kc after:
164.382 Bytes

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-07 18:29:14 +02:00
Daniel Engberg
f15f3286e3 mbedtls: cleanup config patch
Clean up patch, use "//" consistently.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-07-07 18:19:39 +02:00
Enrico Mioso
231b0177fb libconfig: update to version 1.7.2
The previous link did not work here.

Compile-tested on: bcm47xx
Runtime-tested on: bcm47xx

Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
2018-07-07 18:19:39 +02:00
Yousong Zhou
191078e83d ca-certificates: ca-bundle: add symlink for openssl default setting
OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem.  This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation

Fixes openwrt/packages#6152

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-07-07 18:19:39 +02:00
Florian Eckert
c79ef6fbe3 linux: update license tag to use correct SPDX tag
Use SPDX tag.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-07-07 16:12:03 +02:00
Felix Fietkau
bf136c637c perf: remove linux 4.4 workarounds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-07 14:53:26 +02:00
Felix Fietkau
1e6c30690c libubox: update to the latest version
3c1b33b utils: add const_* byteswapping functions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-07 14:53:26 +02:00
Zoltan HERPAI
10e393262c firmware: amd64-microcode: update to 20180524
* New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00800f12, patch id 0x08001227, 2018-02-09
    + Updated Microcodes:
      sig 0x00600f12, patch id 0x0600063e, 2018-02-07
      sig 0x00600f20, patch id 0x06000852, 2018-02-06
  * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
    plus other unspecified fixes/updates.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-07-07 12:23:00 +02:00
Kevin Darbyshire-Bryant
4bd4ece9ea kmod-sched-cake: bump to latest 20180706
Fixes a potential infinite loop bug when in unlimited (ie not using
built in shaper) mode.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-07 11:10:59 +01:00
Luiz Angelo Daros de Luca
b724443f9f elfutils: bump to 0.173
- Removed hacks to use standalone argp as upstream now detects it nicely.
- As we are already installing files, use files from PKG_INSTALL_DIR and
  not PKG_BUILD_DIR
- Only changes Makefile.am as PKG_FIXUP:=autoreconf is in use

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-07-04 16:18:08 +02:00
Kevin Darbyshire-Bryant
fbf475403b dnsmasq: bump to latest patches on 2.80rc2
Refresh patches and backport upstream to current HEAD:

a997ca0 Fix sometimes missing DNSSEC RRs when DNSSEC validation not enabled.
51e4eee Fix address-dependent domains for IPv6.
05ff659 Fix stupid infinite loop introduced by preceding commit.
db0f488 Handle some corner cases in RA contructed interfaces with addresses changing interface.
7dcca6c Warn about the impact of cache-size on performance.
090856c Allow zone transfer in authoritative mode whenever auth-peer is specified.
cc5cc8f Sane error message when pcap file header is wrong.
c488b68 Handle standard and contructed dhcp-ranges on the same interface.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-03 13:58:55 +01:00
Kevin Darbyshire-Bryant
abeae38dbb kmod-sched-cake: bump to latest cake
This bumps to the latest & possibly greatest cake, sadly it's still
inedible but from an SQM point of view quite tasty :-)

Main tweaks since previous bump, improved ack_filter, some extra stats,
support for 64bit netlink parameters (higher rates/byte counters)

0520a6c Fix NAT option handling
8da93e1 Make sure we always call qdisc_watchdog_init() in cake_init()
f65daf6 Fix mismatched parenthesis
51d4ab3 Change flag handling to be safe even when mixing with non-eligible ACKs
f2ea091 ack_filter: protect DCTCP with stricter filtering of ECE marks
28b4560 ACK filter: Handle wrapping sequence numbers and DSACKs
73f62d9 Use the right PAD attribute for options
5969c14 Use 32 for tin backlog
e289f31 Move all the u64 netlink attributes together
36180a0 Check ACK seqno before parsing SACKs
91bbc01 Merge branch 'mine' into cobalt
58c55ec Rework SACK check to compare the ranges of two SACKs
9a5d593 ack_filter: Add proper handling of SACKs
eca95d4 ack_filter: short-circuit TCP flag check
d50a246 compat: backport some ktime functions
7b7ad11 compat: define tcpopt_fastopen for pre-4.1 kernels
ca54cdb Fix ktime compare
9d7dcc0 ack filter: Parse TCP options and only drop safe ones
b119882 Return EOPNOTSUPP on NAT option if conntrack is not available
842d7f0 Don't try to pad stats with tin_stats padding
bd46dc2 Use 64-bit divide helper
8e41bf0 Make sure we never drop SACKs when filtering ACKs
66e5d60 Avoid comparing ktime_t to scalar values
7fab017 Actually commit the ktime_t changes
fca6d13 Switch to ktime_t and get rid of cobalt.h
6f7e5af Can't use do_div with 64-bit divisors

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-03 11:40:18 +01:00
Kevin Darbyshire-Bryant
a2165f936e iproute2: tc: update support for cake
Bump iproute2/tc support of cake.

Add support for cake's change to u64 attribute passing for certain
attributes (rate & byte counts)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-03 11:40:18 +01:00
Jo-Philipp Wich
b54bef2058 uhttpd: update to latest Git head
db86175 lua: honour size argument in recv() function
d3b9560 utils: add uh_htmlescape() helper
8109b95 file: escape strings in HTML output
393b59e proc: expose HTTP Origin header in process environment
796d42b client: flush buffered SSL output when tearing down client ustream

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-03 06:59:13 +02:00
Hans Dedecker
afac2a2dd6 ebtables: update to latest git 2018-06-27
48cff25 build: drop install -o/-g root
53d7e7a extensions: ebt_string: take action if snprintf discards data

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-02 17:33:55 +02:00
John Crispin
433d71e73e fw3: update to latest git HEAD
72684e5 firewall3: Fix GCC8 warnings by replacing sprintf with snprintf

Signed-off-by: John Crispin <john@phrozen.org>
2018-07-02 07:23:42 +02:00
Rosen Penev
1f2612a4dd samba36: Disable external libtdb and libtevent
This was causing issues recently as samba36 is not API compatible with the
libtdb in the packages repo. It shouldn't be using it anyway. Nor tevent.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-07-02 07:12:41 +02:00
Rosen Penev
f23271f3b4 usbutils: Switch to Fedora usbutils
The Gentoo GitHub mirror went down. One benefit of Fedora's usb.ids file
is that it's versioned.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-07-02 07:12:34 +02:00
Alexander Couzens
b06c447c5f
swconfig: swlib_map_settings(): change return type to void
The return value of the function isn't used anywhere.
Fixes missing return value, CID 1329717.

Found-by: Coverity
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2018-06-29 05:46:25 +02:00
Alexander Couzens
e37ad4e5ca
swconfig: fix un-initialized return value
Fix CID 1330844

Found-by: Coverity
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2018-06-29 05:45:20 +02:00
Tony Ambardar
b701d78105 qos-scripts: fix uci callback handling
The previous callback code was fragile, dependent on some UCI callback
bugs and side-effects now fixed in master commit 73d8a6ab.

Update scripts to use callbacks where appropriate and necessary, while
using normal UCI config parsing for all else. This results in smaller,
simpler, more robust code. Use callbacks in generate.sh to only process
'interface' defaults and the varying entries for 'reclassify', 'default'
and 'classify' sections. Also switch qos-stat to use non-callback UCI
handling.

The current changes work independently of 73d8a6ab (i.e. both before and
after), and are consistent with UCI config parsing documentation.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-06-28 16:41:45 +02:00
Alberto Bursi
e13d9cd07f uboot-kirkwood: fix malformed boot configuration
With current uboot default configuration the bootloader will
fail to start the OpenWrt firmware with the following error:
-----
unexpected character 'b' at the end of partition
Error initializing mtdparts!
incorrect device type in ubi
Partition ubi not found!
Error, no UBI device/partition selected!
Wrong Image Format for bootm command
Error occured, error code = 112
-----

If the uboot configuration is examined with printenv
I can see that mdtparts line (on a nsa310) is wrong:
-----
mtdparts=mtdparts=orion_nand:0x0c0000(uboot),
0x80000(uboot_env),0x7ec0000(ubi)bootargs_root=
----

The "bootargs_root=" that was appended to it should not be there.

Fix the issue by adding a \0 line terminator at the end of affected lines,
mimicking what is also done by uboot upstream.

This issue was detected and confirmed on a nsa310, nsa325 and
a pogoplug v4, but it's not hardware-specific, so apply the same fix
to other devices as well.

Note that the issue is with the uboot's integrated boot configuration,
which is not used unless the uboot configuration in flash is unavailable
(erased or corrupted), which happens only on first time installation,
or if the user deletes the uboot configuration when upgrading uboot.
People just upgrading from an older uboot without erasing their previous
uboot configuration stored in flash would not have noticed this issue.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2018-06-27 08:42:54 +02:00
Alberto Bursi
ccd1dc3d20 uboot-kirkwood: fix whitespaces
remove whitespaces from the patches

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2018-06-27 08:42:54 +02:00
Mathias Kresin
52a9edb1bf base-files: add menuconfig option for HOME_URL
Add a menuconfig option to set the HOME_URL exposed in
/usr/lib/os-release independent from the
LEDE_DEVICE_MANUFACTURER_URL.

Fixes: FS#1123

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-06-27 08:40:34 +02:00
Kevin Darbyshire-Bryant
3ce11588f6 wireguard: bump to 0.0.20180625
dfd9827 version: bump snapshot
88729f0 wg-quick: android: prevent outgoing handshake packets from being dropped
1bb9daf compat: more robust ktime backport
68441fb global: use fast boottime instead of normal boottime
d0bd6dc global: use ktime boottime instead of jiffies
18822b8 tools: fix misspelling of strchrnul in comment
0f8718b manpages: eliminate whitespace at the end of the line
590c410 global: fix a few typos
bb76804 simd: add missing header
7e88174 poly1305: give linker the correct constant data section size
fd8dfd3 main: test poly1305 before chacha20poly1305
c754c59 receive: don't toggle bh

Compile-tested-for: ath79 Archer C7 v2
Run-tested-on: ath79 Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-26 20:10:54 +01:00
John Crispin
d8981133b2 mac80211: make rtl8xxxu buils again
we only wanted to drop rtl8xxxue support

Signed-off-by: John Crispin <john@phrozen.org>
2018-06-26 16:00:33 +02:00
John Crispin
66c5696cdf mac80211: rtl8xxxu: drop support patches
After a very enlightening but unfortunately far too short exchange with Jes
we mutually agreed to drop the patches. They are unfortunately not ready
yet.

Acked-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: John Crispin <john@phrozen.org>
2018-06-26 15:45:30 +02:00
Hans Dedecker
b7ef10cbf0 odhcpd: update to latest git HEAD
81a281e dhcpv6-ia: fix border assignment size setting
a2ffc59 dhcpv6-ia: fix status code for not on link IAs
5b087a6 dhcpv6-ia: improve error checking in assign_pd()
c9114a1 config: fix wrong assignment
bb8470f dhcpv4: delay forced renew transaction start
62a1b09 dhcpv4: fix DHCP address space logic
d5726ff dhcpv4: improve logging when sending DHCP messages
9484351 odhcpd: call handle_error when socket error can be retrieved
c45e2eb dhcpv6: fix out of bounds write in handle_nested_message()
c2ff5af dhcpv6-ia: log renew messages as well
676eb38 router: fix possible segfault in send_router_advert()
392701f odhcpd: fix passing possible negative parameter
029123b treewide: switch to C-code style comments
6b79748 router: improve error checking
12e21bc netlink: fix incorrect sizeof argument
d7aa414 dhcpv6: improve error checking in dhcpv6_setup_interface()
373495a ubus: fix invalid ipv6-prefix json
79d5e6f ndp: improve error checking
d834ae3 dhcpv4: fix error checking in dhcpv4_setup_interface()
f2aa383 dhcpv4: fix out of bound access in dhcpv4_put
4591b36 dhcpv4: improve error checking in dhcpv4_setup_interface()
4983ee5 odhcpd: fix strncpy bounds

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-26 14:48:25 +02:00
Daniel Engberg
1b46bce850 package/utils/e2fsprogs: Update to 1.44.2
Update e2fsprogs to 1.44.2

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-06-26 10:26:05 +02:00
Christian Lamparter
82618062cf ipq40xx: add support for the ZyXEL NBG6617
This patch adds support for ZyXEL NBG6617

Hardware highlights:

SOC:    IPQ4018 / QCA Dakota
CPU:    Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:   256 MiB DDR3L-1600/1866 Nanya NT5CC128M16IP-DI @ 537 MHz
NOR:    32 MiB Macronix MX25L25635F
ETH:    Qualcomm Atheros QCA8075 Gigabit Switch (4 x LAN, 1 x WAN)
USB:    1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1:  Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:  Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:  RESET Button, WIFI/Rfkill Togglebutton, WPS Button
LEDS:   Power, WAN, LAN 1-4, WLAN 2.4GHz, WLAN 5GHz, USB, WPS

Serial:
	WARNING: The serial port needs a TTL/RS-232 3.3v level converter!
	The Serial setting is 115200-8-N-1. The 1x4 .1" header comes
	pre-soldered. Pinout:
	  1. 3v3 (Label printed on the PCB), 2. RX, 3. GND, 4. TX

first install / debricking / restore stock:
 0. Have a PC running a tftp-server @ 192.168.1.99/24
 1. connect the PC to any LAN-Ports
 2. put the openwrt...-factory.bin (or V1.00(ABCT.X).bin for stock) file
    into the tftp-server root directory and rename it to just "ras.bin".
 3. power-cycle the router and hold down the the WPS button (for 30sek)
 4. Wait (for a long time - the serial console provides some progress
    reports. The u-boot says it best: "Please be patient".
 5. Once the power LED starts to flashes slowly and the USB + WPS LEDs
    flashes fast at the same time. You have to reboot the device and
    it should then come right up.

Installation via Web-UI:
 0. Connect a PC to the powered-on router. It will assign your PC a
    IP-address via DHCP
 1. Access the Web-UI at 192.168.1.1 (Default Passwort: 1234)
 2. Go to the "Expert Mode"
 3. Under "Maintenance", select "Firmware-Upgrade"
 4. Upload the OpenWRT factory image
 5. Wait for the Device to finish.
    It will reboot into OpenWRT without any additional actions needed.

To open the ZyXEL NBG6617:
 0. remove the four rubber feet glued on the backside
 1. remove the four philips screws and pry open the top cover
    (by applying force between the plastic top housing from the
    backside/lan-port side)

Access the real u-boot shell:
ZyXEL uses a proprietary loader/shell on top of u-boot: "ZyXEL zloader v2.02"
When the device is starting up, the user can enter the the loader shell
by simply pressing a key within the 3 seconds once the following string
appears on the serial console:

|   Hit any key to stop autoboot:  3

The user is then dropped to a locked shell.

|NBG6617> HELP
|ATEN    x[,y]     set BootExtension Debug Flag (y=password)
|ATSE    x         show the seed of password generator
|ATSH              dump manufacturer related data in ROM
|ATRT    [x,y,z,u] RAM read/write test (x=level, y=start addr, z=end addr, u=iterations)
|ATGO              boot up whole system
|ATUR    x         upgrade RAS image (filename)
|NBG6617>

In order to escape/unlock a password challenge has to be passed.
Note: the value is dynamic! you have to calculate your own!

First use ATSE $MODELNAME (MODELNAME is the hostname in u-boot env)
to get the challange value/seed.

|NBG6617> ATSE NBG6617
|012345678901

This seed/value can be converted to the password with the help of this
bash script (Thanks to http://www.adslayuda.com/Zyxel650-9.html authors):

- tool.sh -
ror32() {
  echo $(( ($1 >> $2) | (($1 << (32 - $2) & (2**32-1)) ) ))
}
v="0x$1"
a="0x${v:2:6}"
b=$(( $a + 0x10F0A563))
c=$(( 0x${v:12:14} & 7 ))
p=$(( $(ror32 $b $c) ^ $a ))
printf "ATEN 1,%X\n" $p
- end of tool.sh -

|# bash ./tool.sh 012345678901
|
|ATEN 1,879C711

copy and paste the result into the shell to unlock zloader.

|NBG6617> ATEN 1,0046B0017430

If the entered code was correct the shell will change to
use the ATGU command to enter the real u-boot shell.

|NBG6617> ATGU
|NBG6617#

Co-authored-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
2018-06-26 08:57:26 +02:00
Philip Prindeville
d375d5fafe iperf3: update to 3.6
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-06-26 08:57:25 +02:00
Alin Nastac
ab07ae2f27 netfilter: add bpf match support
Add xt_bpf modules to {kmod-ipt,iptables-mod}-filter.

Match using Linux Socket Filter. Expects a BPF program in decimal
format. This is the format generated by the nfbpf_compile utility.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
2018-06-26 08:57:25 +02:00
Stijn Tintel
34e22653ac mac80211: enable ath10k LED support by default
Commit 61d57a2f88 adds ath10k LED
support, but doesn't add an option to actually enable it.

After enabling this option, a LED named ath10k-phy0 appears in sysfs,
and a trigger can be assigned to it. Since 60deb3cdef the default set
trigger is the tpt one.

Enable it by default, as most devices using ath10k chips shouldn't be
severely space-constrained. There are likely many devices that can
benefit from having it enabled, like my testing device.

Before:
   text    data     bss     dec     hex filename
 245311    8899      16  254226   3e112 ath10k_core.ko

After:
   text    data     bss     dec     hex filename
 245979    8899      16  254894   3e3ae ath10k_core.ko

Tested on a D-Link DAP-2695-A1 (ar71xx).

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-06-25 22:00:05 +02:00
Mathias Kresin
60deb3cdef mac80211: ath10k: use tpt LED trigger by default
Use the tpt LED trigger for each created phy led. Ths way LEDs attached
to the ath10k GPIO pins are indicating the phy status and blink on
traffic.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-06-25 20:52:18 +02:00
Yousong Zhou
c4aadbdaf6 dropbear: let opkg manage symlinks of ssh, scp
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-06-25 15:21:24 +08:00
John Crispin
ebe1216c7c iptables: set nonshared flag
this makes sure that offloading support is properly included for v4.14 targets.

Signed-off-by: John Crispin <john@phrozen.org>
2018-06-22 11:46:21 +02:00
John Crispin
cac1a4be66 mac80211: drop 355-ath9k-limit-retries-for-powersave-response-frames.patch
several people reported this bug to be causing drop out issues

Signed-off-by: John Crispin <john@phrozen.org>
2018-06-22 09:43:56 +02:00
Ansuel Smith
134e832814 mac80211: ath10k fix vht160 firmware crash
When the 160mhz width is selected the ath10k firmware crash. This fix this problem.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-06-22 09:31:32 +02:00
Ansuel Smith
61d57a2f88 mac80211: ath10k add leds support
This adds support for leds handled by the wireless chipset.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-06-22 09:31:32 +02:00
David Thornley
cb262b0939 wwan: Add support for Gemalto Cinterion cellular modules
Includes specific support for PH8(1e2d-0053) / ELS61(1e2d-005b) modules.

Note for ELS61, the serial driver changes from serial option(ttyUSB) to usb-cdc (ttyACM).

Two additional fixes in this commit resolve issues with ttyACM devices: -

* wwan.sh - sys-fs has a subdirectory indirection (*/tty/ttyACMx) which was not handled properly
* wwan.usb - dependent scripts were not included, so this never actually called proto_set_available for example (and relied on inadvertent call for ttyUSB case)

Signed-off-by: David Thornley <david.thornley@touchstargroup.com>
2018-06-22 09:31:32 +02:00
Hans Dedecker
b8bdeace39 busybox: rename udhcpc-remove-code-which-requires-server-ID-to-be-on patch
Move udhcpc-remove-code-which-requires-server-ID-to-be-on patch from 500
to 400

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-21 22:48:23 +02:00
Hans Dedecker
c6e50075f2 busybox: udhcpc: replace udhcpc_no_msg_dontroute patch by upstream fix
Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix
which removes the code which requires the server ID to be on local
network

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-21 22:33:35 +02:00
Stijn Tintel
f9a42ae2d7 kernel: define THERMAL_EMERGENCY_POWEROFF_DELAY_MS
Enabling CONFIG_ATH10K_THERMAL on targets that don't have CONFIG_THERMAL
enabled in their kernel config causes build to fail due to missing
symbol THERMAL_EMERGENCY_POWEROFF_DELAY_MS. Add it to kmod-thermal.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-06-21 20:02:22 +03:00
Daniel Golle
a704a2c06f ltq-vdsl-fw: fix ltq-vdsl-vr9-vectoring-fw-installer package install
The package is not being generated otherwise, which is fatal because
it is part of the subtargets default package set...

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-21 12:00:12 +02:00
Felix Fietkau
4fb27cc9d8 mt76: update to the latest version
1d4ca10 mt76x2: track rssi for gain adjustment per station

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-21 11:19:05 +02:00
Kevin Darbyshire-Bryant
3b11b225b3 wireguard: bump to 0.0.20180620
0bc4230 version: bump snapshot
ed04799 poly1305: add missing string.h header
cbd4e34 compat: use stabler lkml links
caa718c ratelimiter: do not allow concurrent init and uninit
894ddae ratelimiter: mitigate reference underflow
0a8a62c receive: drop handshake packets if rng is not initialized
cad9e52 noise: wait for crng before taking locks
83c0690 netlink: maintain static_identity lock over entire private key update
0913f1c noise: take locks for ss precomputation
073f31a qemu: bump default kernel
bec4c48 wg-quick: android: don't forget to free compiled regexes
7ce2ef3 wg-quick: android: disable roaming to v6 networks when v4 is specified
9132be4 dns-hatchet: apply resolv.conf's selinux context to new resolv.conf
41a5747 simd: no need to restore fpu state when no preemption
6d7f0b0 simd: encapsulate fpu amortization into nice functions
f8b57d5 queueing: re-enable preemption periodically to lower latency
b7b193f queueing: remove useless spinlocks on sc
5bb62fe tools: getentropy requires 10.12
4e9f120 chacha20poly1305: use slow crypto on -rt kernels on arm too

Compiled-for: ar71xx, lantiq
Run-tested-on: ar71xx Archer C7 v2 & lantiq HH5a

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-20 22:10:33 +02:00
Hans Dedecker
a9222e0328 odhcp6c: update to latest git HEAD
b99c1f6 odhcp6c: remove len check in option parsing handle

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-20 15:42:22 +02:00
Robert Marko
4bb2532ec1 ethtool: Update to 4.17
Tested on 8devices Jalapeno(ipq40xx)
Introduces following changes
* Fix: In ethtool.8, remove superfluous and incorrect \
* Fix: fix uninitialized return value
* Fix: fix RING_VF assignment
* Fix: remove unused global variable
* Fix: several fixes in do_gregs()
* Fix: correctly free hkey when get_stringset() fails
* Fix: remove unreachable code
* Fix: fix stack clash in do_get_phy_tunable and do_set_phy_tunable
* Feature: Add register dump support for MICROCHIP LAN78xx

Signed-off-by: Robert Marko <robimarko@gmail.com>
2018-06-20 15:36:02 +02:00
Daniel Golle
3d20bee2cd ltq-vdsl-fw: add meaningful version information
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-20 14:39:22 +02:00
Hans Dedecker
0e84393ee2 dnsmasq: fix dnsmasq startup issue
Commit ecd954d530 installs specific interface triggers which rewrites the dnsmasq config
file and restarts dnsmasq if the network interface becomes active for which a trigger
has been installed.
In case no dhcp sections are specified or ignore is set to 1 dnsmasq will not be started
at startup which breaks DNS resolving.
Fix this by ditching the BOOT check in start_service and always start dnsmasq at startup.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-20 14:07:19 +02:00
Daniel Golle
512c57e7f3 ltq-vdsl-fw: add nonshared flag
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-19 17:57:06 +02:00
Kabuli Chana
0845a34666 mwlwifi: update to version 10.3.8.0-20180615
fix mcs rate for HT
support 88W8997
protect rxringdone

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2018-06-19 14:32:47 +02:00
Hauke Mehrtens
d661a5d754 kernel/modules: kmod-chaoskey: Add missing dependency
This new package was missing the dependency to kmod-random-core which
caused some build errors.

Fixes: 163ab9135a ("kernel/modules: add chaoskey module, hardware TRNG")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-06-18 22:51:33 +02:00
Magnus Kroken
ccc728a0e2 busybox: update to 1.28.4
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2018-06-18 22:05:30 +02:00
Kevin Darbyshire-Bryant
83f31b7947 ltq_atm: burn ifx_atm_alloc_tx with fire
Drop code that was never used.

Tested on: BT HomeHub 5a

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-18 21:47:05 +02:00
Hannu Nyman
163ab9135a kernel/modules: add chaoskey module, hardware TRNG
Package the driver for Chaoskey, a USB dongle that provides a
True Random Number Generator (TRNG) and feeds entropy to kernel.

Chaoskey driver is included the upstream Linux sources, so
only packaging it is needed.

Run-tested with ipq806x/R7800 and mvebu/WRT3200ACM.

(Requires CONFIG_HW_RANDOM kernel option.)

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-06-18 20:29:38 +02:00
Daniel Engberg
5297a759ae mbedtls: Cosmetic cleanups
This is more of a cosmetic change and a reminder that the CMake script hardcodes -O2.
Source:
https://github.com/ARMmbed/mbedtls/blob/mbedtls-2.7/CMakeLists.txt#L73
https://github.com/ARMmbed/mbedtls/blob/master/CMakeLists.txt#L97

Remove the release type option as it's already provided by the toolchain.
Source:
https://github.com/openwrt/openwrt/blob/master/include/cmake.mk#L50

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-06-18 20:28:20 +02:00
Daniel Golle
ff0f3522b7 uboot-oxnas: fix typo accidentally committed during oxnas reboot
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-18 18:55:19 +02:00
Paul Spooren
cbf69fb2ad cron: add procd listeners for crontabs
Add procd file listeners to check files in `/etc/crontabs/`.

Also unified a bit the function style.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2018-06-18 18:21:20 +02:00
Rosy Song
1ee98fdef3 nftables: bump to version 0.9.0
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-06-18 18:21:20 +02:00
Rosy Song
9d6a0352e7 libnftnl: bump to version 1.1.1
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-06-18 18:21:20 +02:00
Magnus Frühling
4b280ad91a ipq40xx: add support for ZyXEL WRE6606
Specifications:
SOC:	Qualcomm IPQ4018 (DAKOTA) ARM Quad-Core
RAM:	128 MB Nanya NT5CC64M16GP-DI
FLASH:	16 MiB Macronix MX25L12845EMI-12G
ETH:	Qualcomm QCA8072
WLAN1:  Qualcomm Atheros QCA4018 2.4GHz 802.11b/g/n 2x2
WLAN2:  Qualcomm Atheros QCA4018 5GHz 802.11n/ac W2 2x2
INPUT:  WPS, Mode-toggle-switch
LED:	Power, WLAN 2.4GHz, WLAN 5GHz, LAN, WPS
        (LAN not controllable by software)
        (WLAN each green / red)
SERIAL:	Header next to eth-phy.
        VCC, TX, GND, RX (Square hole is VCC)
        The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet (Correct MAC-address)
 - 2.4 GHz WiFi (Correct MAC-address)
 - 5 GHz WiFi (Correct MAC-address)
 - Factory installation from tftp
 - OpenWRT sysupgrade
 - LEDs
 - WPS Button

Not Working:
 - Mode-toggle-switch

Install via TFTP:

Connect to the devices serial. Hit Enter-Key in bootloader to stop
autobooting. Command `tftpboot` will pull an initramfs image named
`C0A86302.img` from a tftp server at `192.168.99.08/24`.
After successfull transfer, boot the image with `bootm`.

To persistently write the firmware, flash an openwrt sysupgrade image
from inside the initramfs, for example transfer
via `scp <sysupgrade> root@192.168.1.1:/tmp` and flash on the device
with `sysupgrade -n /tmp/<sysupgrade>`.

append-cmdline patch taken from chunkeeys work on the NBG6617.

Signed-off-by: Magnus Frühling <skorpy@frankfurt.ccc.de>
Co-authored-by: David Bauer <mail@david-bauer.net>
Co-authored-by: Christian Lamparter <chunkeey@googlemail.com>
2018-06-18 18:21:20 +02:00
Mirko Parthey
c84ef1f188 iptables: increment PKG_RELEASE to force update
While support for the FLOWOFFLOAD target is available in the firmware
images, it is still missing in some of the binary packages on
downloads.openwrt.org, e.g. for the mipsel_mips32 architecture.

Increment PKG_RELEASE to force an update of these packages.
Also adjust the package description to include the FLOWOFFLOAD target.

Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
2018-06-18 15:27:57 +02:00
Felix Fietkau
7271eacb72 mt76: update to the latest version
072fdac mt76x2: mac: consider multicast/broadcast frames in ewma rssi estimation
f450659 mt76x2: improve gain adjustment in noisy environments

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-18 12:36:04 +02:00
Rafał Miłecki
c446e38c86 mac80211: backport brcmfmac changes from kernel 4.18
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-06-18 07:41:40 +02:00
Rafał Miłecki
7e8eb7f309 mac80211: backport brcmfmac firmware & clm_blob loading rework
It backports remaining brcmfmac changes from 4.17.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-06-18 07:41:40 +02:00
Hauke Mehrtens
9a26a9e8b9 uboot-sunxi: update Orange Pi R1 and Zero Plus
The device tree files are now matching the kernel 4.17 and this will be
send also for integration into mainline U-Boot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-06-18 07:10:20 +02:00
Hauke Mehrtens
f2135e7811 uboot-sunxi: update to version 2018.05
This patch 220-add-sunxi50i-nanopi-neo-plus2.patch was merged upstream.
The u-boot-sunxi-with-spl.bin is now also created for the ARM64 sunxi
boards by U-Boot itself, no need to do it manually any more.

This was tested on a H2+ Orange Pi R1 and a H5 Orange Pi Zero Plus.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-06-18 07:10:20 +02:00
Hauke Mehrtens
7afe1caf70 arm-trusted-firmware-sunxi: update to version from 2018-02-10
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-06-18 07:10:20 +02:00
Sven Roederer
2314c2c6f2 base-files: fix links in banner.failsafe
Update the link to the current section in the documentaion wiki.
This fixes https://github.com/openwrt/packages/issues/6282

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
2018-06-18 07:10:15 +02:00
Rafał Miłecki
5b2e20807d base-files: exit if mtd write command fails during sysupgrade
It avoids confusing situations like:
> Could not get image magic
> Image check failed.
> Upgrade completed
> Rebooting system...

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-06-18 06:37:28 +02:00
Rafał Miłecki
3c8bb92655 mac80211: backport brcmfmac data structure rework
It backports brcmfmac commits from kernel 4.17.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-06-17 22:46:35 +02:00
Rafał Miłecki
0da9303e5b mac80211: backport "brcmfmac: cleanup and some rework" from 4.17
It was described by Arend as:

> This series is intended for 4.17 and includes following:
>
>  * rework bus layer attach code.
>  * remove duplicate variable declaration.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-06-17 22:46:29 +02:00
Felix Fietkau
2f3c5fe962 mt76: update to the latest version
9090f9c mt76x2: fix threshold for gain adjustment
2cbaa57 mt76x2: fix swapped values for RXO-18 in gain control
a39ab70 mt76x2: adjust AGC control register 26 based on gain for VHT80
4936c0c mt76x2: clear false CCA counters after changing gain settings
1528fe7 mt76x2: fix variable gain adjustment range
f3522e1 mt76x2: add a debugfs file to dump agc calibration information
65e161b mt76x2: fix tracking rssi for dynamic gain adjustment

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-15 20:56:31 +02:00
Daniel Golle
70f4845777 ltq-vdsl-fw: strip legacy dsl_fw logic
We unfortunately dropped support for persistent in-flash DSL firmware.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-15 13:30:47 +02:00
Daniel Golle
c8ac28237d ltq-vdsl-app: use downloaded vectoring firmware
Use vectoring firmware downloaded via vdsl_fw_install.sh from
ltq-vdsl-fw package for annex B and annex J.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-15 13:28:38 +02:00
Daniel Golle
0653e31270 lantiq-vdsl-fw: update to provide recent vectoring firmware
Recent Speedport firmware downloads only work over HTTPS, so the user
either needs to provide the already downloaded file or install
ustream-ssl-* as well as ca-certificates or ca-bundle.

So to get VDSL2 with vectoring on xRX200, simply run
vdsl_fw_install.sh
on the target and either provide the downloaded file as instructed or
make sure the device is connected to the Internet and can download that
HTTPS url itself.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-15 12:45:37 +02:00
Daniel Golle
8e2f8b0c83 Revert "lantiq: get rid of ltq-vdsl-fw"
This reverts commit 0938233fcd.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-15 12:45:37 +02:00
Daniel Golle
f47d7df6a8 ucert: fix build
set PKG_BUILD_DIR before including package.mk to avoid problems as
seen on buildbot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-15 08:57:44 +02:00
Daniel Golle
5e9470a93b libjson-c: fix host-build
Add -Wno-implicit-fallthrough to HOST_CFLAGS.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-14 22:53:58 +02:00
Daniel Engberg
8428156f48 package/libs/libnfnetlink: Remove dead mirror
Remove mirrors.evolva.ro as it's no longer available

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-06-14 21:48:38 +02:00
Daniel Golle
56e3a19ad6 libubox: make sure blobmsg-json is included in host-build
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-14 20:30:47 +02:00
Daniel Golle
6fc8e06078 libjson-c: add host build (for libblobmsg-json)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-14 20:09:29 +02:00
Daniel Golle
1b8f3d9c2e ucert: add package
ucert is a wrapper around usign to allow delegation and revocation of
public keys for future use in sysupgrade.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This work was sponsored by WIO (wiowireless.com)
2018-06-14 19:39:25 +02:00
Daniel Golle
037ef13a16 brcm2708: move wifi calibration EEPROMs out of base-files
Ship EEPROM blobs for specific supported board only and don't have them
lurking around in our source tree but rather download them from
@github/RPi-Distro/firmware-nonfree upstream.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-14 18:15:33 +02:00
Daniel Golle
2826471254 linux-firmware: add firmware for BCM43455 SDIO wlan found on RPi3B+
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-14 13:54:17 +02:00
Daniel Engberg
79bab45772 popt: Add backup site
Add Gentoo's distfiles repo as backup site.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-06-13 12:15:38 +02:00
Matthias Schiffer
3b6f865b01
base-files: sysupgrade: fix handing get_image unpack commands
On bcm53xx and brcm47xx, commands are passed to default_do_upgrade that
expect the image to be passed on stdin, rather than as an argument.

Fixes: 30f61a34b4 ("base-files: always use staged sysupgrade")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-06-11 19:25:40 +02:00
Hans Dedecker
31f35be016 odhcp6c: user string option support
ca8822b odhcp6c: add support for user string options

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-11 15:48:32 +02:00
Hans Dedecker
8d60f6ee40 dnsmasq: fix confdir option processing (FS#1572)
Fix condir option processing allowing to use the format
"<directory>[,<file-extension>......]," as documented on the dnsmasq man
page which previously resulted into bogus dir being created.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-11 11:41:26 +02:00
Hauke Mehrtens
83483ba787 kernel/modules: fix kmod-mdio-gpio module dependencies
On some targets this module depends on kmod-of-mdio.

This is similar to the fixes done in:
dc629d9cf5 ("kernel: fix kmod-switch-rtl8366-smi dependency")
56bd23cf52 ("kernel: let kmod-rtl8366-smi conditionally depend on kmod-of-mdio")

Fixes: 32f32398af ("kernel/modules: add kmod-mdio-gpio module")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-06-10 22:04:27 +02:00
Martin Schiller
5609bbabf1 kernel/modules: add kmod-switch-rtl8306 module
Add kernel module for kmod-switch-rtl8306.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2018-06-09 22:39:17 +02:00
Martin Schiller
32f32398af kernel/modules: add kmod-mdio-gpio module
Add kernel module package for kmod-mdio-gpio.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2018-06-09 22:39:17 +02:00
Florian Eckert
2f46f43754 kernel/modules: add kmod-adcxx module
Add kernel module package for kmod-adcxx.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-06-09 22:39:17 +02:00
Martin Schiller
503ac967c5 kernel/modules: add kmod-random-tpm module
Add kernel module package for kmod-random-tpm.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2018-06-09 22:39:17 +02:00
Sven Eckelmann
4270847a2c mac80211: ath10k: Allow to enable the thermal code of ath10k
Some ath10k firmware versions allow to access the chip internal a
temperature sensor and allow to reduce the amount of the time when the card
is allowed to send. The latter is required on devices which tend to
overheat.

An userspace service has to read
/sys/class/ieee80211/phy*/device/hwmon/hwmon*/temp1_input regularly and
then decide how much the device has to be throttled. This can be done by
writing to /sys/class/ieee80211/phy*/device/cooling_device/cur_state. By
default it is not throttled (0) but it can be throttled up to 100(%).

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-06-09 16:32:39 +02:00
Martin Schiller
eee8ab59dc ltq-vdsl-mei: reset g_tx_link_rate on showtime exit
Without this change, ifx_mei_atm_showtime_check() will always return
"showtime" after one call of MEI_InternalXtmSwhowtimeEntrySignal()
was done, even if MEI_InternalXtmSwhowtimeExitSignal() was called
in the meantime.

The ifx_mei_atm_showtime_check() function is used by the ltq-atm and
ltq-ptm driver.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2018-06-09 16:32:39 +02:00
Christian Lamparter
daf19649db mtd-utils: revert faulty upstream patch for now
Some of the ubi-tools in the upstream mtd-utils have been
broken by a bad patch upstream. It causes major breakage
during sysupgrade when the kernel, rootfs, ... volumes
are deleted in the wrong order.

This patch therefore reverts the faulty upstream commit which
fixes the bug.

linux-mtd mailing-list thread:
<http://lists.infradead.org/pipermail/linux-mtd/2018-June/081562.html>

Cc: John Crispin <john@phrozen.org>
Reported-by: L. Wayne Leach <LLeachii@aol.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-06-08 09:31:37 +02:00
Adi Shammout
e4259bed3f busybox: udhcpc: no MSG_DONTROUTE when sending packet
This reverts a change made in Sep 2017 [1] which introduced
MSG_DONTROUTE flag to prevent udhcpc from reaching out to servers on a
different subnet. That change violates RFC2131 by forcing fully
configured clients, who got their configurations through an offer
relayed by a DHCP relay, from renewing through a unicast request
directly to the DHCP server, resulting in the client resorting to
boradcasting lease extension requests instead of unicasting them,
further breaking RFC2131.

The problem with MSG_DONTROUTE appears when talking to a properly
configured DHCP server that rejects non-compliant requests. Such server
will reject lease extension attempts sent via broadcast rather than
unicast, as is the case with Finnish ISPs Telia and DNA as well as
Estonian ISP Starman. Once the lease expires without renewal, udhcpc
enters init mode, taking down the interfaces with it, and thus causing
interruption on every lease expiry. On some ISPs (such as the ones
mentioned above) that can be once every 10-20 minutes. The interruptions
appear in the logs as such:
----
udhcpc: sending renew to x.x.x.x
udhcpc: send: Network unreachable
udhcpc: sending renew to 0.0.0.0
udhcpc: sending renew to 0.0.0.0
...
udhcpc: lease lost, entering init state
Interface 'wan' has lost the connection
Interface 'wan' is now down
Network alias 'eth0' link is down
udhcpc: sending select for y.y.y.y
udhcpc: lease of y.y.y.y obtained, lease time 1200
Network alias 'eth0' link is up
Interface 'wan' is now up
----

During lease extension, a fully configured client should be able to
reach out to the server from which it recieved the lease for extension,
regardless in which network it is; that's up to the gateway to find. [2]
This patch ensures that.

[1]
http://lists.busybox.net/pipermail/busybox-cvs/2017-September/037402.html
[2]
https://www.netmanias.com/en/post/techdocs/6000/dhcp-network-protocol/
understanding-dhcp-relay-agents

Signed-off-by: Adi Shammout <adi.shammout@outlook.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-06-07 21:44:04 +02:00
Karl Palsson
987e10af07 logd: create log directory for log_file
If log_file is specified, make sure its directory exists.

Signed-off-by: Karl Palsson <karlp@etactica.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-06-07 17:19:42 +02:00
David Bauer
e36f8b3f39 ar71xx: add support for OCEDO Koala
This commit adds support for the OCEDO Koala

SOC:	Qualcomm QCA9558 (Scorpion)
RAM:    128MB
FLASH:  16MiB
WLAN1:  QCA9558 2.4 GHz 802.11bgn 3x3
WLAN2:  QCA9880 5 GHz 802.11nac 3x3
INPUT:  RESET button
LED:    Power, LAN, WiFi 2.4, WiFi 5, SYS
Serial: Header Next to Black metal shield
        Pinout is 3.3V - GND - TX - RX (Arrow Pad is 3.3V)
        The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet
 - 2.4 GHz WiFi
 - 5 GHz WiFi
 - TFTP boot from ramdisk image
 - Installation via ramdisk image
 - OpenWRT sysupgrade
 - Buttons
 - LEDs

Installation seems to be possible only through booting an OpenWRT
ramdisk image.

Hold down the reset button while powering on the device. It will load a
ramdisk image named 'koala-uImage-initramfs-lzma.bin' from 192.168.100.8.

Note: depending on the present software, the device might also try to
pull a file called 'koala-uimage-factory'. Only the name differs, it
is still used as a ramdisk image.

Wait for the ramdisk image to boot. OpenWRT can be written to the flash
via sysupgrade or mtd.

Due to the flip-flop bootloader which we not (yet) support, you need to
set the partition the bootloader is selecting. It is possible from the
initramfs image with

 > fw_setenv bootcmd run bootcmd_1

Afterwards you can reboot the device.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-06-07 09:31:58 +02:00
Denton Gentry
a84962ea35 hostapd: make cli treat UNKNOWN COMMAND as failing
Avoid infinite loop at 100% CPU when running hostapd_cli
if CONFIG_CTRL_IFACE_MIB is not defined.

  _newselect(4, [3], NULL, NULL, ...)
  recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
  sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24

Signed-off-by: Denton Gentry <denny@geekhold.com>
2018-06-07 09:27:50 +02:00
Rosen Penev
2737cea0bb ethtool: Update to 4.16
Tested on Turris Omnia (mvebu).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-06-07 09:06:04 +02:00
Rosen Penev
802afaaf5e iperf: Update to 2.0.11
Tested on Turris Omnia (mvebu).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-06-07 09:05:48 +02:00
Rosen Penev
525b8f0650 gdb: Update to 8.1
Tested on Turris Omnia (mvebu).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-06-07 09:05:32 +02:00
Rosen Penev
d12d81f8d4 strace: Update to 4.22
SourceForge is deprecated according to upstream, so switch to main site
for downloads.

Tested on Turris Omnia (mvebu).

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-06-07 09:05:12 +02:00
Luis Araneda
8c8499f0ea uboot-zynq: update to 2017.03
Compile-tested: ZedBoard

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-06-07 09:00:49 +02:00
Christo Nedev
c335649629 brcm2708: Update brcm2708-gpu-fw package
Problem - rapsberry pi 3 b/b+ does not boot with bcm2710 images!

How Raspberry Pi boots Actualy?

When Raspberry is switched on GPU is activated.
1. GPU execute First stage bootloader from ROM.
First stage bootloader mount the FAT boot partition on the SD card
and execute second stage bootloader (bootcode.bin).
2. Second stage bootloader (bootcode.bin) activate SDRAM.
Load the GPU firmware (start.elf).
3. GPU firmware (start.elf)
  a) display Rainbow splash.
  b) read firmware configuration file config.txt and
     split the RAM using fixup.dat.
  c) loads a cmdline.txt
  d) enables the CPU.
  e) loads the kernel image configurable via config.txt

In your target/linux/brcm2708/image/config.txt
 493 ## kernel (string)
 494 ##     Alternative name to use when loading kernel.
 495 ##
 496 #kernel=""
it is not configured!

But in your target/linux/brcm2708/image/Makefile
  75   KERNEL_IMG := kernel8.img
  76   DEVICE_TITLE := Raspberry Pi 3B/3B+
you have kernel8.img

GPU Firmware search order by default for a PI 3 is:
kernel8.img if found boot in 64 bit mode
kernel8-32.img if found boot in 32 bit mode
kernel7.img if found boot in 32 bit mode
kernel.img if found boot in 32 bit mode

But a PI 2 will start the search from kernel7.img and
a PI 1 only looks for kernel.img.

Оbviously the kernel has been found.
But something goes wrong and the device is restarted.

In your package/kernel/brcm2708-gpu-fw/Makefile
  11 PKG_NAME:=brcm2708-gpu-fw
  12 PKG_VERSION:=2017-08-08
  13 PKG_RELEASE:=e7ba7ab135f5a68b2c00a919ea9ac8d5528a5d5b
boot loader is 10 monts old.

In conclusion, the best way to solve the problem is
to update the boot loader!

Fixup_cd.dat and start_cd.elf files are not necessary.
These are used when GPU memory is set to 16 MB, which disables
some GPU features.
I did not remove them just in case!

cheers

Signed-off-by: Christo Nedev <christo.nedev@gmail.com>
2018-06-07 09:00:13 +02:00
Hans Dedecker
1bbe813db0 ebtables: update to latest git 2018-06-06
5699354 extensions: fix build failure on fc28
e6359ee build: update ebtables.h from kernel and drop local unused copy

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-06 22:34:41 +02:00
Tony Ambardar
73d8a6ab76 base-files: fix UCI config parsing and callback handling
There are several long-standing issues present in the UCI shell API as
documented in https://wiki.openwrt.org/doc/devel/config-scripting. They
relate both to high-level, user-defined callback functions used to
process UCI config files, and also to low-level functions used within
scripts generally.

The related problems have been encountered now and in the past, e.g.
https://forum.openwrt.org/viewtopic.php?id=54295, and include:

a) UCI parsing option() function and user-defined option_cb() callbacks
being erroneously called during processing of "list" config file entries;

b) normal usage of the low-level config_set() unexpectedy calling any
defined option_cb() if present; and

c) handling of the list_cb() not respecting the NO_CALLBACK variable.

Root causes include a function stack "inversion", where the low-level
config_set() function incorrectly calls the high-level option() function,
intended only for processing the "option" keyword of UCI config files.

This change addresses the inversion and other issues, making the option
handling code more consistent and smaller, and simplifying developers'
usage of UCI callbacks.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-06-06 15:00:08 +02:00
Daniel Golle
987900f2de hostapd: properly build hostapd-only SSL variants
Make sure hostapd-openssl is actually build against OpenSSL, same
for wolfSSL.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-05 15:33:35 +02:00
Daniel Golle
187da94808 kernel: modules: package module for Exar 8250 UARTs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-05 15:27:36 +02:00
Felix Fietkau
7d8681ccb9 hostapd: expose device taxonomy signature via ubus
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-05 09:28:04 +02:00
Felix Fietkau
23c1827e34 hostapd: add support for client taxonomy in the full config
This can be used to fingerprint clients to try to identify the exact
model

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-05 09:28:00 +02:00
Felix Fietkau
09ef028e58 mt76: update to the latest version
20c0766 mt7603: adjust rx hang watchdog for MT7628
664e321 mt7603: add extra PSE hang check signature for MT7628
f24b56f update MT7628 firmware to the latest version
d87e4b0 mt7603: clear PSE reset bit if PSE reset fails
0ef26ef mt76: only stop tx queues on offchannel, not during the entire scan
f399da3 mt76: prevent tx scheduling during channel change
21c1e1e mt76: move ieee80211_hw allocation to common core
730c292 mt76: wait for pending tx to complete before switching channel
fcbb49e mt76x2: use udelay instead of usleep_range in mt76x2_mac_stop
792dbe0 mt7603: do not hold dev->mutex while flushing dev->mac_work

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-05 08:52:33 +02:00
Hans Dedecker
e4577d2e68 map: make tunnel encapsulation limit support configurable (FS#1501)
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501.
Setting the uci parameter encaplimit to ignore; allows to disable the insertion
of the destination option header in the map-e packets.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit uci parameter accordingly.
If no encaplimit value is specified the default value is 4 as before.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-04 17:07:29 +02:00
Hans Dedecker
082cd951bb netifd: update to latest git HEAD (FS#1501)
a580028 system-linux: make encaplimit configurable for ip6 tunnels (FS#1501)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-04 17:07:15 +02:00
Hans Dedecker
327c711da4 odhcp6c: make ds-lite/map tunnel encapsulation limit support configurable (FS#1501)
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501 for dynamic created ds-lite/map
interfaces.
Setting the uci parameter encaplimit_dslite/map to ignore; allows to disable the insertion
of the destination option header for the dynamic created ds-lite/map interface.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit_dslite/map uci parameter accordingly.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-04 17:05:28 +02:00
Hans Dedecker
a3372953e9 ds-lite: make tunnel encapsulation limit support configurable (FS#1501)
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501.
Setting the uci parameter encaplimit to ignore; allows to disable the insertion
of the destination option header in the ds-lite packets.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit uci parameter accordingly.
If no encaplimit value is specified the default value is 4 as before.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-04 17:04:45 +02:00
Daniel Golle
dcc34574ef oxnas: bring in new oxnas target
Reboot the oxnas target based on Linux 4.14 by rebasing our support on
top of the now-existing upstream kernel support.
This commit brings oxnas support to the level of v4.17 having upstream
drivers for Ethernet, Serial and NAND flash.
Botch up OpenWrt's local drivers for EHCI, SATA and PCIe based on the
new platform code and device-tree.
Re-introduce base-files from old oxnas target which works for now but
needs further clean-up towards generic board support.

Functional issues:
 * PCIe won't come up (hence no USB3 on Shuttle KD20)
 * I2C bus of Akitio myCloud device is likely not to work (missing
   debounce support in new pinctrl driver)

Code-style issues:
 * plla/pllb needs further cleanup -- currently their users or writing
   into the syscon regmap after acquireling the clk instead of using
   defined clk_*_*() functions to setup multipliers and dividors.
 * PCIe phy needs its own little driver.
 * SATA driver is a monster and should be split into an mfd having
   a raidctrl regmap, sata controller, sata ports and sata phy.

Tested on MitraStar STG-212 aka. Medion Akoya MD86xxx and Shuttle KD20.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-01 15:45:06 +02:00
Daniel Golle
d44b7b7d31 uboot-oxnas: fix build with newer GCC
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-01 15:45:06 +02:00
Ivan Shapovalov
91b5b2e20d netifd: drop conflicting 'device' interface property
Do not set device runtime property on interfaces in the hotplug handler
and in fixup_interfaces(). This property conflicts with device option
in several proto handlers (mainly QMI and other WWAN/3G protos) and does
not seem to be used anywhere.

Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-06-01 15:02:41 +02:00
Kevin Darbyshire-Bryant
1ee5051f20 nettle: bump to 3.4
3.4 is mainly a bug fix/maintenance release.

3KB increase in ipk lib size on mips.

Compile tested for: ar71xx, ramips
Run tested on: ar71xx Archer C7 v2, ramips mir3g

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-01 08:39:59 +02:00
Mirko Parthey
46d7ced9d1 mtd: mark as nonshared to fix FS#484
The mtd tool is built with different configurations depending on the
target. For example, brcm47xx adds the fixtrx subcommand, without which
an image fails when booting the second time.

Mark the mtd package as nonshared to really fix FS#484.

Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
2018-06-01 08:29:11 +02:00
Koen Vandeputte
e5ff84d1f0 ath10k-ct: Update driver to latest
127f98189ee5 ath10k:  Fix bad return w/out unlock, compile w/out debugfs
b8f48f3c138f Fix survey-dump for 4.7, 4.9 and 4.13 kernels.
fa8259ad5d6d ath10k-ct:  Support survey dump in 10.1 firmware.
2853e1337ecf ath10k-ct:  Add 4.16 ath10k-ct driver to package.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
CC: Ben Greear <greearb@candelatech.com>
2018-06-01 08:22:26 +02:00
Jason A. Donenfeld
060e1ecefa wireguard: bump to 0.0.20180531 to fix flow offloading
This version bump was made upstream mostly for OpenWRT, and should fix
an issue with a null dst when on the flow offloading path.

While we're at it, Kevin and I are the only people actually taking care
of this package, so trim the maintainer list a bit.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-31 07:40:15 +02:00
Daniel Golle
78f1974bc5 hostapd: update packaging and patches
Clean up conflicts/provides/depends hell and add PROVIDES for
eapol-test variants while at it.
Update mesh-DFS patchset from Peter Oh to v5 (with local fixes) which
allows to drop two revert-patches for upstream commits which previously
were necessary to un-break mesh-DFS support.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-31 00:38:16 +02:00
Daniel Golle
dad39249fb wolfssl: change defaults to cover wpa_supplicant needs
Implicetely selecting the required options via Kconfig snippet from
hostapd worked fine in local builds when using menuconfig but confused
the buildbots which (in phase1) may build wpad-mini and hence already
come with CONFIG_WPA_WOLFSSL being defined as unset which then won't
trigger changing the defaults of wolfssl.

Work around by explicitely reflecting wpa_supplicant's needs in
wolfssl's default settings to make buildbots happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-31 00:38:16 +02:00
Rosen Penev
7a20c7a05d curl: Add ca-bundle dependency
While building, curl complains that the path specified is missing.
Also, without ca-bundle, something like 'curl https://www.google.com'
does not work due to a certificate verify error.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-30 06:38:19 +02:00
Rosen Penev
f97946c496 curl: Use ca-bundle for all TLS libraries.
It simplifies the Makefile a bit. In addition, using ca-bundle
saves some space as well.

It also fixes an issue with at least transmission, which has a dependency
on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it not
to work.

This has been tested on mt7621 with OpenSSL and GnuTLS just by running
'curl https://www.google.com' and seeing if there's a verify error.
The rest are already using ca-bundle and therefore work fine.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-30 06:38:06 +02:00
Rosen Penev
e191c7ee79 ath10k-firmware: Fix two more typos
Actually tested with a local build instead of with scp'ing the firmware.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-30 06:33:19 +02:00
Daniel Golle
f4a639a3d7 mac80211: rt2x00: no longer use TXOP_BACKOFF for probe frames
Import a revert-commit from Stanislaw Gruszka which significantly
improves WiFi performance on rt2x00 based hardware.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-28 15:49:41 +02:00
Rosen Penev
d0fbe1956b ath10k-firmware: Fix typo in last commit
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-27 19:44:43 +02:00
John Crispin
9c409cb4e2 kernel: add missing softdog symbol
Signed-off-by: John Crispin <john@phrozen.org>
2018-05-27 09:26:13 +02:00
Rosen Penev
27eab4fa57 ath10k-firmware: Fix QCA6174 support
Currently when installing the firmware, a bunch of files and directories
that the ath10k driver does not look for are created.

The package now installs firmware for both hw 2.1 and 3.0 devices.
2.1 is abandonware but may be useful to keep.

3.0 firmware was tested on a Killer 1535 to be relatively stable with
802.11w disabled. 802.11w causes multiple firmware crashes but that's true
of other ath10k firmwares as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-27 08:16:45 +02:00
Daniel Golle
5857088c5e wolfssl: add PKG_CONFIG_DEPENDS symbols
This change will trigger rebuild on buildbots in case of changed config
symbols, like in the case of hostapd selecting some wolfssl symbols
lately.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-25 20:36:46 +02:00
Daniel Golle
c8fdd0e9c8 hostapd: convert ssl provider build options to variants
Instead of selecting the SSL provider at compile time, build package
variants for each option so users can select the binary package without
having to build it themselves.
Most likely not all variants have actually ever been user by anyone.
We should reduce the selection to the reasonable and most used
combinations at some point in future. For now, build them all.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-25 16:01:59 +02:00
Hans Dedecker
a3f2451fba firewall: update to latest git HEAD
30463d0 zones: add interface/subnet bound LOG rules
0e77bf2 options: treat time strings as UTC times

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-25 14:33:59 +02:00
Hans Dedecker
5df2597c59 fstools: update to latest git HEAD
dd02dad fstools: allow the mounting with full access time accounting
242248c fstools: allow to compress the filesystem

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-25 09:52:50 +02:00
Jo-Philipp Wich
7e664b7c2d base-files: fix ucidef_set_interface() protocol selection
The previous refactoring of ucidef_set_interface() removed the protocol
selection heuristic which breaks the networking defaults for the majority
of boards.

Re-add the protocol selection and rename two bad "proto" references to
the expected "protocol" value.

Fixes: 85048a9c1f ("base-files: rework _ucidef_set_interface to be more generic")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-25 07:48:25 +02:00
Daniel Golle
69f544937f hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl
Support for building wpa_supplicant/hostapd against wolfssl has been
added upstream recently, add build option to allow users using it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-24 22:21:10 +02:00
Daniel Golle
4f67c1522d wolfssl: update to version 3.14.4
Use download from github archive corresponding to v3.14.4 tag because
the project's website apparently only offers 3.14.0-stable release
downloads.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-24 21:46:35 +02:00
Daniel Golle
4f442f5f38 ustream-ssl: fix build against wolfSSL
commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke
build against wolfSSL because wolfSSL doesn't (yet) support
SSL_CTX_set_ecdh_auto() of the OpenSSL API.

Fix this in ustream-ssl:

 189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-24 18:55:34 +02:00
Pierre Lebleu
e6b8ce4c08 fstools: Add the new options available in the menuconfig
Mounting using the zlib compression and mounting with
full access accounting are now available in the
menuconfig.

Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
2018-05-24 16:05:07 +02:00
John Crispin
83fb9ec5e0 ath79: make ahb wifi work
Signed-off-by: John Crispin <john@phrozen.org>
2018-05-24 15:43:39 +02:00
Hans Dedecker
bcf20e0583 Revert "dnsmasq: use "hostsdir" instead of "addn-hosts""
This reverts commit a03035dad1
as it has several issues:
-Host file is located in a directory which is not unique per dnsmasq instance
-odhcpd writes host info into the same directory but still sends a SIGHUP to dnsmasq

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-24 10:20:45 +02:00
Roman Yeryomin
85048a9c1f base-files: rework _ucidef_set_interface to be more generic
This is a rework of previously submitted patch reworking
ucidef_set_interface_raw [1]. Here, keep the idea but instead
make _ucidef_set_interface more generic and use it instead of
ucidef_set_interface_raw.
Also change the users like ucidef_set_interface_lan and others.

[1] https://patchwork.ozlabs.org/patch/844961/

Signed-off-by: Roman Yeryomin <roman@advem.lv>
2018-05-24 09:39:47 +02:00
Christian Schoenebeck
a03035dad1 dnsmasq: use "hostsdir" instead of "addn-hosts"
1.) "addn-hosts" per default point to a file (but it supports directory)
2.) "hostsdir" only support directory with the additional benefit: New or changed files are read automatically.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2018-05-23 22:13:26 +02:00
Jo-Philipp Wich
1289e00fff uboot-zynq: fix build on hosts lacking pkg-config
The uboot-mvebu package incorrectly used the host pkg-config for the tool
build parts, which broke the build on systems lacking pkg-config and only
worked by accident on those that have it installed.

Export the host-build specific environment variables for the uboot build
to redirect pkg-config invocations to our staged host build pkg-config in
buildroot.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-23 09:32:25 +02:00
Jo-Philipp Wich
208b984dda uboot-mxs: fix build on hosts lacking pkg-config
The uboot-mvebu package incorrectly used the host pkg-config for the tool
build parts, which broke the build on systems lacking pkg-config and only
worked by accident on those that have it installed.

Export the host-build specific environment variables for the uboot build
to redirect pkg-config invocations to our staged host build pkg-config in
buildroot.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-23 09:15:52 +02:00
Jo-Philipp Wich
01c2ce3c7d uboot-mvebu: fix build on hosts lacking pkg-config
The uboot-mvebu package incorrectly used the host pkg-config for the tool
build parts, which broke the build on systems lacking pkg-config and only
worked by accident on those that have it installed.

Export the host-build specific environment variables for the uboot build
to redirect pkg-config invocations to our staged host build pkg-config in
buildroot.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-23 09:05:55 +02:00
John Crispin
346d4c75ea ustream-ssl: update to latest git HEAD
5322f9d mbedtls: Fix setting allowed cipher suites
e8a1469 mbedtls: Add support for a session cache

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-22 20:47:21 +02:00
Hauke Mehrtens
2ea8f9c244 mbedtls: Deactivate platform abstraction
This makes mbedtls use the POSIX API directly and not use the own
abstraction layer.
The size of the ipkg decreased by about 100 bytes.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-05-22 20:47:21 +02:00
Hauke Mehrtens
f2c8f6dc32 mbedtls: Activate the session cache
This make sit possible to store informations about a session and reuse
it later. When used by a server it increases the time to create a new
TLS session from about 1 second to less than 0.1 seconds.

The size of the ipkg file increased by about 800 Bytes.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-05-22 20:47:20 +02:00
Hauke Mehrtens
cb11b23d60 mbedtls: update to version 2.9.0
The soversion was changed in this version again and is now aligned with
the 2.7.2 version.
The size of the ipkg file stayed mostly the same.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-05-22 20:47:20 +02:00
Rodolfo Giometti
2437e0f670 package sysfsutils: add support for sysfs settings at boot
This patch is based on sysfsutils package's behaviour on Debian OS.

Signed-off-by: Rodolfo Giometti <giometti@linux.it>
2018-05-22 20:47:20 +02:00
Tomasz Maciej Nowak
9c0ddafd46 kernel: merge kmod-fbcon with kmod-fb
As of commit in kernel:
6104c37094 fbcon: Make fbcon a built-time depency for fbdev
framebuffer console is build in into framebuffer module and there's no
standalone fbcon module. Therefore drop the kmod-fbcon and enable
console in kmod-fb. The only targets which use these modules are imx6
and geode, both are on kernel 4.14 so no fallback for other kernels is
introduced.
Being at that this commit also fixes autoload of fbdev for x86.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-05-21 18:07:48 +02:00