Commit Graph

17035 Commits

Author SHA1 Message Date
Hauke Mehrtens
14c59a147c rbcfg: Add missing mode to open call
When open() is called with O_CREAT a 3. parameter has to be given with
the file system permissions of the new file.

Not giving this is an error, which results in a compile error with glibc.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
In file included from /include/fcntl.h:329,
                 from main.c:18:
In function 'open',
    inlined from 'rbcfg_update' at main.c:501:7:
/include/bits/fcntl2.h:50:4: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT or O_TMPFILE in second argument needs 3 arguments
    __open_missing_mode ();
    ^~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
70a962ca6f upgs: Remove extra _DEFAULT_SOURCE definition
This extra _DEFAULT_SOURCE definition results in a double definition
which is a compile error.

This fixes the following compile error with glibc:
----------------------------------------------------------------------
ugps-2019-06-25-cd7eabcd/nmea.c:19: error: "_DEFAULT_SOURCE" redefined [-Werror]
 #define _DEFAULT_SOURCE

<command-line>: note: this is the location of the previous definition
cc1: all warnings being treated as errors

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:45 +02:00
Hauke Mehrtens
7637b84fde busybox: backport Remove stime() function calls
glibc 2.31 does not provide stime() any more, backport a fix from
current busybox master to avoid using this function.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-04-18 21:06:36 +02:00
Magnus Kroken
d7e98bd7c5 openvpn: update to 2.4.9
This is primarily a maintenance release with bugfixes and improvements.
This release also fixes a security issue (CVE-2020-11810) which allows
disrupting service of a freshly connected client that has not yet
negotiated session keys. The vulnerability cannot be used to
inject or steal VPN traffic.

Release announcement:
https://openvpn.net/community-downloads/#heading-13812
Full list of changes:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.9

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-04-18 20:34:08 +02:00
Hans Dedecker
5f126c541a binutils: add ALTERNATIVES for strings (FS#3001)
Don't move strings anymore to /bin/strings to avoid clash with
busybox /usr/bin/strings but move it to /usr/bin/binutils-strings.
Use ALTERNATIVES support to install it as /usr/bin/strings

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-18 10:44:30 +02:00
Magnus Kroken
02fcbe2f3d mbedtls: update to 2.16.6
Security fixes for:
* CVE-2020-10932
* a potentially remotely exploitable buffer overread in a DTLS client
* bug in DTLS handling of new associations with the same parameters

Full release announement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-04-17 23:43:01 +02:00
Daniel Golle
0495324b9b mac80211: make sure existing iface belongs to correct (fullmac) phy
Some FullMAC cfg80211 wireless devices do not support virtual
interfaces, hence there is script logic to keep the existing network
device. Improve this to support renaming the interface if needed and
make sure the existing interface actually belongs to the right phy.
Change calls to 'iw' to avoid outputing warnings and errors to not
confuse users of such devices.

Also bump PKG_RELEASE which has been forgotten in the previous two
mac80211 changes.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-17 13:31:58 +01:00
Lucian Cristian
16ad4de2c0 elfutils: aarch64 fix build on musl
aarch64_initreg.c: In function 'aarch64_set_initial_registers_tid':
aarch64_initreg.c:85:37: error: invalid operands to binary & (have 'long double' and 'unsigned int')
     dwarf_fregs[r] = fregs.vregs[r] & 0xFFFFFFFF;
                      ~~~~~~~~~~~~~~ ^

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2020-04-17 13:43:34 +02:00
Petr Štetiar
8e99bbda19 uboot-sunxi: bump to 2020.04 relase
Refreshed patches, removed upstreamed patch:

 260-configs-a64-olinuxino-emmc-add-eMMC-boot-part-config.patch

Boot tested on a64-olinuxino-emmc.

Cc: Zoltan HERPAI <wigyori@uid0.hu>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 13:43:34 +02:00
Petr Štetiar
260a225ba4 uboot-imx6: bump to 2020.04 release
Refreshed all patches, run tested on apalis.

Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-04-17 13:43:34 +02:00
David Bauer
0f1b5ce2f5 mac80211: drop data frames without key on encrypted links
If we know that we have an encrypted link (based on having had
a key configured for TX in the past) then drop all data frames
in the key selection handler if there's no key anymore.

This fixes an issue with mac80211 internal TXQs - there we can
buffer frames for an encrypted link, but then if the key is no
longer there when they're dequeued, the frames are sent without
encryption. This happens if a station is disconnected while the
frames are still on the TXQ.

Detecting that a link should be encrypted based on a first key
having been configured for TX is fine as there are no use cases
for a connection going from with encryption to no encryption.
With extended key IDs, however, there is a case of having a key
configured for only decryption, so we can't just trigger this
behaviour on a key being configured.

Cc: stable@vger.kernel.org
Reported-by: Jouni Malinen <j@w1.fi>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-17 13:27:40 +02:00
Daniel Golle
99d567a83d mac80211: fix detecting existing interface
Instead of using the actual interface name, a hard-coded 'wlan0' has
slipped into the script. Replace it.

Fixes: ccf2aa9d4b ("mac80211: detect existing interface before adding")
Reported-by: John Crispin <john@phrozen.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-17 11:36:35 +01:00
Daniel Golle
7c2e0fa586 procd: jail fixes and improvements
32c717e jail: only mess with rootfs if CLONE_NEWNS was set
 b275a62 instance: harmonize instance API
 511fd97 jail: make /proc more secure
 4953b7c jail: mount /sys read-only
 a4d6442 jail: replace /etc/resolv.conf with symlink in extroot+overlay
 a4cc165 jail: always mount /dev as additional tmpfs

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 16:16:06 +01:00
Daniel Golle
e23de62845 netifd: clean up netns functionality
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 13:53:11 +01:00
Kevin Darbyshire-Bryant
9fd36f54f5 Revert "kmod-sched: add act_police"
This reverts commit 1b973b54ea.

It turns out act_police is included in the kmod-sched package so this
package turns out to be superfluous and causes file provision conflicts.

Ooooops!  Best revert it then.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-14 08:48:33 +01:00
Daniel Golle
a5a90a94ce netifd: fix jail ifdown and jails without jail_ifname
The previous commit introduced a regression for netns jails without
jail_ifname set. Fix that.

Fixes: 4e4f7c6d2d ("netifd: network namespace jail improvements")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 00:55:02 +01:00
Daniel Golle
4e4f7c6d2d netifd: network namespace jail improvements
aaaca2e interface: allocate and free memory for jail name
 d93126d interface: allow renaming interface when moving to jail netns

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 00:22:21 +01:00
Daniel Golle
a66efbf916 mac80211: adapt for single-instance wpad
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 00:22:21 +01:00
Daniel Golle
f37d634236 hostapd: reduce to a single instance per service
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-14 00:22:21 +01:00
Rosen Penev
d27623b542 elfutils: update to 0.179
Removed sys/cdefs usage. The header is deprecated.

Removed canonicalize_file_name define. It's already fixed upstream.

Added --disable-debuginfod. Seems to be needed.

Modified patch 005 to build more stuff. It was failing before. It still
only builds libraries.

Modified patch 100 to use strerror under non-glibc. It is used under
glibc as strerror is not thread safe. It is under musl and uClibc-ng.
strerror_l is not available under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-04-13 22:40:19 +02:00
Rosen Penev
76d22fc24b hostapd: backport usleep patch
Optionally fixes compilation with uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-04-13 22:40:19 +02:00
Kirill Lukonin
dce97df740 wpa_supplicant: disable CONFIG_WRITE functionality
CONFIG_WRITE functionality is not used and could be removed.
Looks helpful for devices with small flash because wpad is also affected.

Little testing shows that about 6 KB could be saved.

Signed-off-by: Kirill Lukonin <klukonin@gmail.com>
2020-04-13 22:40:06 +02:00
Jose Olivera
93a8cdf5d8 mwlwifi: Update the 88W8964's firmware to 9.3.2.12 and fix backports version detection
Updates the 88W8964 firmware used in the Linksys WRT3200ACM and WRT32X
[v9.3.2.6 -> v9.3.2.12]

Removes 0c43219 ("mwlwifi: Fix loading with backports v5.3")
as it has been merged upstream.

Unfortunately, there is a bug wherein Kaloz's repo, the version
detection mechanism for fixing vendor commands doesn't work.

It pulls in the Linux kernel version, which as of this time is
"4.14.y" or "4.19.y"

However, the proper behaviour is that it should pull in the mac80211
backports version which as of now is "5.4.27"

The included patch works around this using a backports define found
only on versions >5.3, "VENDOR_CMD_RAW_DATA".

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
2020-04-13 22:11:26 +02:00
Lucian Cristian
8f342a39de kernel: hwmon: add dme1737 driver
SMSC DME1737, SCH3112, SCH3114, SCH3116, SCH5027 monitoring support

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2020-04-13 22:11:22 +02:00
Álvaro Fernández Rojas
97c5fb4709 cypress-firmware: update to v5.4.18-2020_0402
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-04-13 10:14:48 +02:00
Daniel Golle
0aa2ecf5b2 base-files: don't ship local build key when on buildbot
Including the local build key in /etc/opkg/keys isn't feasible when
building on the buildbot: The included key collides with its copy
already in openwrt-keyring which breaks the ImageBuilder.
Not including a locally generated key also makes the base-files package
more reproducible.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-12 20:35:00 +01:00
Chuanhong Guo
f017f617ae base-files: preinit: also config switch when no port roles defined
current preinit code in base-files doesn't config switch when there are
no port roles defined. But this kind of configuration exists on single
port devices where switch vlan is simply disabled.
configure reset and enable_vlan property when a switch node exist.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-04-12 22:29:02 +08:00
Kevin Darbyshire-Bryant
4f34e430ed dnsmasq: bump to v2.81
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-12 15:04:48 +01:00
Adrian Schmutzler
ae636effd2 base-files: source functions.sh in /lib/functions/system.sh
The file /lib/functions/system.sh depends on find_mtd_index() and
find_mtd_part() located in /lib/function.sh, so let's source that
file.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 14:16:57 +02:00
Adrian Schmutzler
282e817350 base-files: do not source system.sh in functions.sh
The default_postinst() function in /lib/functions.sh sources
/lib/functions/system.sh before cycling through uci-defaults files.

This creates a pseudo-cyclic dependency as system.sh also uses
functions that are located in functions.sh. Despite that, there
is actually only one uci-defaults file in the entire repo that needs
system.sh, and this one contains an explicit source for system.sh
anyway.

Consequently, this patch removes the sourcing of system.sh in
functions.sh. There are no relevant uses in packages, routing and
luci repositories.
This may require adjustments for downstream, though.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 14:16:54 +02:00
Adrian Schmutzler
23d3fafd87 broadcom-wl: fix compilation with kernel 5.4
This adds two fixes for compilation with kernel 5.4:

1. dev_open from include/linux/netdevice.h needs a second parameter
   since kernel 5.0:
   00f54e68924e ("net: core: dev: Add extack argument to dev_open()")
2. get_ds() macro definition has been dropped since kernel 5.1:
   736706bee329 ("get rid of legacy 'get_ds()' function")
   Since get_ds() has been just a macro before, replace it in
   the driver instead of creating a version switch.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 12:41:12 +02:00
Adrian Schmutzler
d761b9f211 broadcom-wl: fix compilation with kernel >= 4.15
Since kernel 4.15, init_timer is not available anymore, and has been
replaced by timer_setup. The fixes compilation of wl_linuc.c, which
returned the following errors beforehand (line-wrapped manually):

.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c: In function 'wl_init_timer':
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2576:2: error: implicit
	declaration of function 'init_timer'; did you mean 'init_timers'?
	[-Werror=implicit-function-declaration]
  init_timer(&t->timer);
  ^~~~~~~~~~
  init_timers
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2577:10: error:
	'struct timer_list' has no member named 'data'
  t->timer.data = (ulong) t;
          ^
.../broadcom-wl-5.10.56.27.3/driver/wl_linux.c:2578:20: error: assignment
	to 'void (*)(struct timer_list *)' from incompatible pointer type
	'void (*)(ulong)' {aka 'void (*)(long unsigned int)'}
	[-Werror=incompatible-pointer-types]
  t->timer.function = wl_timer;

This should fix build of several devices on bcm63xx with testing
kernel (4.19).

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-04-12 12:35:37 +02:00
Hans Dedecker
8d9e26457c iproute2: update to 5.6.0
Update iproute2 to latest stable 5.6.0; for the changes see https://lwn.net/Articles/816778/

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-11 21:02:26 +02:00
Pawel Dembicki
c30220d458 ipq40xx: add support for Cell C RTL30VW
Cell C RTL30VW is a LTE router with tho gigabit ethernets and integrated
QMI mPCIE modem.

This is stripped version of ASKEY RTL0030VW.

Hardware:

Specification:
-CPU: IPQ4019
-RAM: 256MB
-Flash: NAND 128MB + NOR 16MB
-WiFi: Integrated bgn/ac
-LTE: mPCIe card (Modem chipset MDM9230)
-LAN: 2 Gigabit Ports
-USB: 2x USB2.0
-Serial console: RJ-45 115200 8n1
-Unsupported VoIP

Known issues:

None so far.

Instruction install:

There are two methods: Factory web-gui and serial + tftp.

Web-gui:
1. Apply factory image via stock web-gui.

Serial + initramfs:
1. Rename OpenWrt initramfs image to "image"
2. Connect serial console (115200,8n1)
3. Set IP to different than 192.168.1.11, but 24 bit mask, eg. 192.168.1.4.

4. U-Boot commands:
sf probe && sf read 0x80000000 0x180000 0x10000
setenv serverip 192.168.1.4
set fdt_high 0x85000000
tftpboot 0x84000000 image
bootm 0x84000000

5. Install sysupgrade image via "sysupgrade -n"

Back to stock:

All is needed is swap 0x4c byte in mtd8 from 0 to 1 or 1 to 0,
do firstboot and factory reset with OFW:

1. read mtd8:
dd if=/dev/mtd8 of=/tmp/mtd8
2. go to tmp:
cd /tmp/
3. write first part of partition:
dd if=mtd8 of=mtd8.new bs=1 count=76
4. check which layout uses bootloader:
cat /proc/mtd
5a. If first are kernel_1 and rootfs_1 write 0:
echo -n -e '\x00' >> mtd8.new
5b. If first are kernel and rootfs write 1:
echo -n -e '\x01' >> mtd8.new
6. fill with rest of data:
dd if=mtd8 bs=1 skip=77 >> mtd8.new
7. CHECK IF mtd8.new HAVE CHANGED ONLY ONE BYTE! e.g with:
hexdump mtd8.new
8. write new mtd8 to flash:
mtd write mtd8.new /dev/mtd8
9. do firstboot
10.reboot
11. Do back to factory defaults in OFW GUI.

Based on work: Cezary Jackiewicz <cezary@eko.one.pl>

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2020-04-10 15:22:26 +02:00
DENG Qingfang
a30abb1b6b ipq40xx: add support for MobiPromo CM520-79F
MobiPromo CM520-79F is an AC1300 dual band router based on IPQ4019

Specification:

SoC/Wireless: QCA IPQ4019
RAM: 512MiB
Flash: 128MiB SLC NAND
Ethernet PHY: QCA8075
Ethernet ports: 1x WAN, 2x LAN
LEDs: 7 LEDs
      2 (USB, CAN) are GPIO
      other 5 (2.4G, 5G, LAN1, LAN2, WAN) are connected to a shift register
Button: Reset

Flash instruction:
Disassemble the router, connect UART pins like this:
 GND TX    RX
  [x x . . x .]
  [. . . . . .]

(QCA8075 and IPQ4019 below)
Baud-rate: 115200

Set up TFTP server: IP 192.168.1.188/24
Power on the router and interrupt the booting with UART console
env backup (in case you want to go back to stock and need it there):
	printenv
	(Copy the output to somewhere save)
Set bootenv:
	setenv set_ubi 'set mtdids nand0=nand0; set mtdparts mtdparts=nand0:0x7480000@0xb80000(fs); ubi part fs'
	setenv bootkernel 'ubi read 0x84000000 kernel; bootm 0x84000000#config@1'
	setenv cm520_boot 'run set_ubi; run bootkernel'
	setenv bootcmd 'run cm520_boot'
	setenv bootargs
	saveenv
Boot initramfs from TFTP:
	tftpboot openwrt-ipq40xx-generic-mobipromo_cm520-79f-initramfs-fit-zImage.itb
	bootm
After initramfs image is booted, backup rootfs partition in case of reverting to stock image
	cat /dev/mtd12 > /tmp/mtd12.bin
Then fetch it via SCP

Upload nand-factory.ubi to /tmp via SCP, then run
	mtd erase rootfs
	mtd write /tmp/*nand-factory.ubi rootfs
	reboot

To revert to stock image, restore default bootenv in uboot UART console
	setenv bootcmd 'bootipq'
	printenv
use the saved dump you did back when you installed OpenWrt to verify that
there are no other differences from back in the day.
	saveenv
upload the backed up mtd12.bin and run
	tftpboot mtd12.bin
	nand erase 0xb80000 0x7480000
	nand write 0x84000000 0xb80000 0x7480000
The BOOTCONFIG may have been configured to boot from alternate partition (rootfs_1) instead
In case of this, set it back to rootfs:
	cd /tmp
	cat /dev/mtd7 > mtd7.bin
	echo -ne '\x0b' | dd of=mtd7.bin conv=notrunc bs=1 count=1 seek=4
	for i in 28 48 68 108; do
		dd if=/dev/zero of=mtd7.bin conv=notrunc bs=1 count=1 seek=$i
	done
	mtd write mtd7.bin BOOTCONFIG
	mtd write mtd7.bin BOOTCONFIG1

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[renamed volume to ubi to support autoboot,
as per David Lam's test in PR#2432]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-04-10 15:22:26 +02:00
Kevin Darbyshire-Bryant
1b973b54ea kmod-sched: add act_police
"Whoop whoop, sound of da police"

Add an ingress capable traffic policer module configurable with tc.

From the man page:

The police action allows to limit bandwidth of traffic matched by the
filter it is attached to. Basically there are two different algorithms
available to measure the packet rate: The first one uses an internal
dual token bucket and is configured using the rate, burst, mtu,
peakrate, overhead and linklayer parameters. The second one uses an
in-kernel sampling mechanism. It can be fine-tuned using the estimator
filter parameter.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-10 12:26:31 +01:00
Daniel Engberg
cb511ceb45 e2fsprogs: Update to 1.45.6
Update e2fsprogs to 1.45.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2020-04-09 22:08:16 +02:00
Daniel Golle
de63466364 exfat-utils: add exFAT File System utilities package
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-09 15:11:44 +01:00
Daniel Golle
02a1914585 procd: bump to latest HEAD
2188d81 jail: add support for launching extroot containers
 6f3dbd2 jail: add support for userns and cgroupsns
 28a06e5 jail: add support for (ram-)overlayfs

Add handling for extroot, overlaydir and tmpoverlaysize as well as
jail flags for userns and cgroupsns to OpenWrt's shell script to
allow their use in init scripts.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-09 13:07:22 +01:00
Eneas U de Queiroz
1da014fcca busybox: quote 'source' filenames in Config.in
Newer versions of the kconfig program requires quoting the arguments of
the 'source' directive.  These are the last ones not using them.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-09 12:51:10 +02:00
Eneas U de Queiroz
2e6b6f9fca kernel: add @IPV6 dependency to ipv6 modules
IPv6 modules should all depend on @IPV6, to avoid circular dependencies
problems, especially if they select a module that depends on IPV6 as
well.  In theory, if a package A depends on IPV6, any package doing
'select A' (DEPENDS+= A) should also depend on IPV6; otherwise selecting
A will fail.  Sometimes the build system is forgiving this, but
eventually, and unexpectedly, it may blow up on some other commit.

Alternatively one can conditionally add IPv6 dependencies only if
CONFIG_IPV6 is selected: (DEPENDS+= +IPV6:package6).

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-09 12:51:10 +02:00
Norbert van Bolhuis
9aa3d5b345 linux-atm: Include linux/sockios.h for SIOCGSTAMP
Since linux kernel commit 0768e17073dc527ccd18ed5f96ce85f9985e9115
(2019-04-19) the asm-generic/sockios.h header no longer defines
SIOCGSTAMP. Instead it provides only SIOCGSTAMP_OLD.

The linux/sockios.h header now defines SIOCGSTAMP using either
SIOCGSTAMP_OLD or SIOCGSTAMP_NEW as appropriate. This linux only
header file is not included so we get a build failure.

Signed-off-by: Norbert van Bolhuis <nvbolhuis@aimvalley.nl>
2020-04-09 00:12:46 +02:00
Florian Eckert
91c61aae20 base-files: add enabled commands to service rc.common
Add missing enbaled command help output.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-04-08 22:07:18 +02:00
Pawel Dembicki
5a5a9b7a75 packages: mt76: add 14c3:7610 pci id to list
This commit add patch with 14c3:7610 pci id addition.

It was sent upstream.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
[bumped PKG_RELEASE]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-08 14:05:29 +01:00
Rosen Penev
d8bde3687a iproute2: add kmod-netlink-diag for ss
Allows proper usage of the ss tool. Otherwise, several errors and bad
data gets thrown:

Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported
Cannot open netlink socket: Protocol not supported

Originally reported here: https://github.com/openwrt/packages/issues/8232

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-04-07 20:40:03 +02:00
Rosen Penev
92792ead34 kmod: add netlink-diag package
This is used by the ss utility from iproute2.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-04-07 20:39:47 +02:00
Hans Dedecker
ae06a650d6 ppp: update to version 2.4.8.git-2020-03-21
Use upstream latest git HEAD as it allows to remove the patches
700-radius-Prevent-buffer-overflow-in-rc_mksid,
701-pppd-Fix-bounds-check-in-EAP-code and
702-pppd-Ignore-received-EAP-messages-when-not-doing-EAP and
take in other fixes.

41a7323 pppd: Fixed spelling 'unkown' => 'unknown' (#141)
6b014be pppd: Print version information to stdout instead of stderr (#133)
cba2736 pppd: Add RFC1990 (Multilink) to the See Also section of the man page
f2f9554 pppd: Add mppe.h to the list of headers to install if MPPE is defined
ae54fcf pppd: Obfuscate password argument string
8d45443 pppd: Ignore received EAP messages when not doing EAP
8d7970b pppd: Fix bounds check in EAP code
858976b radius: Prevent buffer overflow in rc_mksid()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-04-06 20:42:45 +02:00
Tan Zien
02f07c6401 kernel: netdev: add missing config for mlx5 driver
The mlk5 kmod lacks all necessary build symbols
for kernel 4.14 (again).

Add missing symbols to avoid build failure on these targets.

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
[rewrite commit message - reorder symbols]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-06 12:39:00 +02:00
Kevin Darbyshire-Bryant
4540c3c3bf dnsmasq: bump to 2.81rc5
Bump to 2.81rc5 and re-work ipset-remove-old-kernel-support.

More runtime kernel version checking is done in 2.81rc5 in various parts
of the code, so expand the ipset patch' scope to inlude those new areas
and rename to something a bit more generic.:wq

Upstream changes from rc4

532246f Tweak to DNSSEC logging.
8caf3d7 Fix rare problem allocating frec for DNSSEC.
d162bee Allow overriding of ubus service name.
b43585c Fix nameserver list in auth mode.
3f60ecd Fixed resource leak on ubus_init failure.
0506a5e Handle old kernels that don't do NETLINK_NO_ENOBUFS.
e7ee1aa Extend stop-dns-rebind to reject IPv6 LL and ULA addresses. We also reject the loopback address if rebind-localhost-ok is NOT set.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-06 09:30:45 +01:00
Peter Stadler
5c1d88a83f netifd: fix 14_migrate-dhcp-release script
prepend 'uci' to 'commit network'

Signed-off-by: Peter Stadler <peter.stadler@student.uibk.ac.at>
2020-04-05 18:54:22 +02:00
Kevin Darbyshire-Bryant
82df192a01 dropbear: backport add ip address to exit without auth messages
201e359 Handle early exit when addrstring isn't set
fa4c464 Improve address logging on early exit messages (#83)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-05 10:56:52 +01:00
Kevin Darbyshire-Bryant
1c6143e4a0 hostapd: Move hostapd variants to WirelessAPD menu
It seemed very confusing when trying to select the different variants of
hostapd which are somewhat scattered about under the menu 'Network'.
Moving all hostapd variants under a common submenu helps avoid
confusion.

Inspired-by: Kevin Mahoney <kevin.mahoney@zenotec.net>
[Fixup badly formatted patch, change menu name]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-05 10:41:49 +01:00
Kevin Darbyshire-Bryant
22ae8bd50e umdns: update to the version 2020-04-05
ab7a39a umdns: fix unused error
45c4953 dns: explicitly endian-convert all fields in header and question

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-05 09:24:22 +01:00
Tan Zien
d24e43a7f6 kernel: Fix miss config and module for mlx driver
Missing config symbols could lead to build failures on kernel
4.14/4.19.

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
[rephrase commit message - reorder symbols]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-04-04 17:12:43 +02:00
Kevin Darbyshire-Bryant
02640f0147 umdns: suppress address-of-packed-member warning
gcc 8 & 9 appear to be more picky with regards access alignment to
packed structures, leading to this warning in dns.c:

dns.c:261:2: error: converting a packed ‘struct dns_question’ pointer
(alignment 1) to a ‘uint16_t’ {aka ‘short unsigned int’} pointer
(alignment 2) may result in an unaligned pointer value
[-Werror=address-of-packed-member]

261 |  uint16_t *swap = (uint16_t *) q;

Work around what I think is a false positive by turning the warning off.
Not ideal, but not quite as not ideal as build failure.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-04 11:28:18 +01:00
Kevin Darbyshire-Bryant
c14c6902f5 treewide: convert sed -r to posix -E
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-04 11:28:15 +01:00
Tan Zien
3ec70052c5 kernel: add module for Mellanox mlx Network Driver
add module to support Mellanox Connect-X card
mlx4 supports ConnectX-3 series and previous cards
mlx5 supports Connect-IB/ConnectX-4 series and later cards

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
2020-04-03 15:33:27 +02:00
Kevin Darbyshire-Bryant
fcd1401700 grub2: fix build when ASLR enabled
Disable ASLR and filter '-fno-plt' from CFLAGS: solves building when
ASLR enabled by basically disabling ASLR.

Solves errors similar to:
relocation R_X86_64_32S against `.rodata' can not be used when making a PIE object; recompile with -fPIE
or
module missing GLOBAL_OFFSET_TABLE

Suggested-by: 李国 <uxgood.org@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-02 13:42:26 +01:00
Kevin Darbyshire-Bryant
b74386acc6 kmod-sched-cake: switch to in-tree cake for 4.19+
Use in tree version of cake for kernels 4.19+ and backport features from
later kernel versions to 4.19.

Unfortunately PROVIDES dependency handling produces bogus circular
dependency warnings so whilst this package and kmod-sched-cake-oot
should be able to PROVIDE kmod-sched-cake this doesn't work.

Instead, remove the PROVIDES option and modify package sqm-scripts to
depend on the correct module independently.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-01 21:59:45 +01:00
Kevin Darbyshire-Bryant
475738c9af kmod-sched-cake: rename to kmod-sched-cake-oot
In preparation for dropping the out of tree cake module and using
in tree cake from upstream, rename the package to kmod-sched-cake-oot
(out of tree)

Initially add a PROVIDES kmod-sched-cake so that package dependencies
can be satisfied.

Ultimately this package will be removed when linux 4.14 is removed.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-01 21:59:45 +01:00
Jason A. Donenfeld
e32eaf5896 wireguard: bump to 1.0.20200401
Recent backports to 5.5 and 5.4 broke our compat layer. This release is
to keep things running with the latest upstream stable kernels.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-04-01 22:24:58 +02:00
Daniel Golle
a24a9bbc8c mac80211: rt2x00: prune more unnecessary exports
The calibration patches for MT7620 unnecessarily export symbols and
populate never accessed function pointers. Remove all that and make
functions static as the only place where each of those functions is
called is within rt2800lib.c.
Also make code more readable by fixing indentation, removing
unnecessary parantheses and simplifying some instructions using
shorthands here and there.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-04-01 19:47:59 +01:00
Kevin Darbyshire-Bryant
51edc4eb89 jansson: convert to cmake
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-04-01 16:36:04 +01:00
Eneas U de Queiroz
af5ccfbac7 openssl: bump to 1.1.1f
There were two changes between 1.1.1e and 1.1.1f:
- a change in BN prime generation to avoid possible fingerprinting of
  newly generated RSA modules
- the patch reversing EOF detection we had already applied.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-04-01 08:12:20 +02:00
李国
a6b7c3e672 x86: generate EFI platform bootable images
Add EFI platform bootable images for x86 platforms. These images can
also boot from legacy BIOS platform.

EFI System Partition need to be fat12/fat16/fat32 (not need to load
filesystem drivers), so the first partition of EFI images are not ext4
filesystem any more.

GPT partition table has an alternate partition table, we did not
generate it. This may cause problems when use these images as qemu disk
(kernel can not find rootfs), we pad enough sectors will be ok.

Signed-off-by: 李国 <uxgood.org@gmail.com>
[part_magic_* refactoring, removed genisoimage checks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-31 16:20:47 +02:00
李国
d9228514cc grub2: make some change to add efi platform support
1.generate boot image at Package/install section
2.move boot image to $(STAGING_DIR_IMAGE)/grub2/
3.add efi variant to support efi platform

Signed-off-by: 李国 <uxgood.org@gmail.com>
2020-03-31 16:20:47 +02:00
Álvaro Fernández Rojas
332ed4a835 bcm27xx-gpu-fw: update to latest version from RPi foundation
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-03-31 13:22:59 +02:00
Jason A. Donenfeld
84025110cc wireguard: bump to 1.0.20200330
* queueing: backport skb_reset_redirect change from 5.6
* version: bump

This release has only one slight change, to put it closer to the 5.6
codebase, but its main purpose is to bump us to a 1.0.y version number.
Now that WireGuard 1.0.0 has been released for Linux 5.6 [1], we can put
the same number on the backport compat codebase.

When OpenWRT bumps to Linux 5.6, we'll be able to drop this package
entirely, which I look forward to seeing.

[1] https://lists.zx2c4.com/pipermail/wireguard/2020-March/005206.html

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-31 08:01:34 +02:00
Jose Olivera
5c57d15aed ath10k-ct: Support AQL on ath10k CT_KVER-5.4
Commit ea50780 backported Airtime Queue Limits (AQL) from Linux 5.5
to OpenWrt's backports 5.4. However, this only enabled AQL for the
vanilla ath10k driver. This patch also enables it for ath10k-ct.

Tested on:
* 2xTP-Link Archer A7v5 (QCA9563/QCA988X)
* Backports version 5.4-rc8 & 5.4.27
* ath10k-ct and ath10k-ct-htt firmware version 014 to 017
* ath10k-ct driver versions dc025dc to 3d173a4 (CT_KVER-5.4)
* WPA2, 802.11krv

Tested since January 25, 2020.

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
2020-03-30 01:46:50 +02:00
Nick Hainke
c9c3fd1320 hostapd: add abridged flag in disassoc_imminent
If the abridged flag is set to 1 the APs that are listed in the BSS
Transition Candidate List are prioritized. If the bit is not set, the
APs have the same prioritization as the APs that are not in the list.

If you want to steer a client, you should set the flag!

The flag can be set by adding {...,'abridged': true,...} to the normal
ubus call.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2020-03-30 01:46:50 +02:00
Nick Hainke
c8ef465e10 hostapd: expose beacon reports through ubus
Subscribe to beacon reports through ubus.
Can be used for hearing map and client steering purposes.

First enable rrm:
    ubus call hostapd.wlan0 bss_mgmt_enable '{"beacon_report":True}'

Subscribe to the hostapd notifications via ubus.

Request beacon report:
    ubus call hostapd.wlan0 rrm_beacon_req
	'{"addr":"00:xx:xx:xx:xx:xx", "op_class":0, "channel":1,
	"duration":1,"mode":2,"bssid":"ff:ff:ff:ff:ff:ff", "ssid":""}'

Signed-off-by: Nick Hainke <vincent@systemli.org>
[rework identation]
Signed-off-by: David Bauer <mail@david-bauer.net>
2020-03-30 01:46:50 +02:00
Jesus Fernandez Manzano
86440659b5 hostapd: Add 802.11r support for WPA3-Enterprise
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
2020-03-30 01:46:50 +02:00
Hans Dedecker
089cddc252 odhcp6c: update to latest git HEAD
f575351 ra: fix sending router solicitations

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-03-29 22:24:30 +02:00
Kevin Darbyshire-Bryant
8d25c8e7f6 dnsmasq: bump to 2.81rc4
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-29 18:30:08 +01:00
Kevin Darbyshire-Bryant
94dae0f191 nftables: implement no/json variants
Replace the build time choice of json support with a package based
choice.  Users requiring a json aware version of 'nft' may now install
nftables-json.

The default choice to fulfill the 'nftables' package dependency is
'nftables-nojson'

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-29 17:27:54 +01:00
Kevin Darbyshire-Bryant
9e835377ad jansson: import jansson from packages
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-29 17:27:54 +01:00
Hauke Mehrtens
f0aff72c2b mac80211: Update to version 5.4.27
The removed patches are all integrated in the upstream version now.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-03-29 18:22:10 +02:00
Hauke Mehrtens
94949801de mac80211: Fix rt2x00 exports
Do not export static functions, they are anyway not referenced by any
code in a different module.

This fixes the following compile warning:
WARNING: "rt2800_rf_aux_tx0_loopback" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_write_dc" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_rf_configstore" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_do_sqrt_accumulation" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_rf_configrecover" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_loft_search" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_iq_search" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_setbbptonegenerator" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL
WARNING: "rt2800_rf_aux_tx1_loopback" [/drivers/net/wireless/ralink/rt2x00/rt2800lib] is a static EXPORT_SYMBOL_GPL

Acked-by: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-03-29 18:22:01 +02:00
DENG Qingfang
972daf7fdc curl: rebuild when libopenssl config changes
When some libopenssl options change curl will have to be rebuild to
adapt to those changes, avoiding undefined reference errors or features
disabled in curl.

Add CONFIG_OPENSSL_ENGINE, CONFIG_OPENSSL_WITH_COMPRESSION and
CONFIG_OPENSSL_WITH_NPN to PKG_CONFIG_DEPENDS so it will trigger
rebuild every time the options are changed.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-03-29 14:31:04 +01:00
Petr Štetiar
19760563f7 mac80211: rtl8723bs: fix missing MMC dependency
Building of ath79-tiny has uncovered following:

 Package kmod-rtl8723bs is missing dependencies for the following libraries:
 mmc_core.ko

So add this missing dependency.

Fixes: 8c26d67a67 ("mac80211: realtek: add staging driver for RTL8723BS SDIO module")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 22:58:36 +01:00
Nick Bowler
2785d003d3 kernel: package gpio-f7188x driver
This driver enables support for the GPIO capabilities found in many
Fintek Super-IO chips.

Signed-off-by: Nick Bowler <nbowler@draconx.ca>
2020-03-28 13:03:02 +01:00
Nick Bowler
3ad0cf7d93 kernel: package f71808e-wdt driver
This driver enables support for the watchdog timers found in many
Fintek Super-IO chips.

Signed-off-by: Nick Bowler <nbowler@draconx.ca>
2020-03-28 13:03:02 +01:00
Nick Bowler
922dfe0fa0 kernel: package f71882fg hwmon driver
This driver enables hardware monitoring support using the sensors
found in many Fintek Super-IO chips.

Signed-off-by: Nick Bowler <nbowler@draconx.ca>
2020-03-28 13:03:02 +01:00
Eneas U de Queiroz
2e8a4db9b6 openssl: revert EOF detection change in 1.1.1
This adds patches to avoid possible application breakage caused by a
change in behavior introduced in 1.1.1e.  It affects at least nginx,
which logs error messages such as:
nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error:
4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while
keepalive, client: xxxx, server: [::]:443

Openssl commits db943f4 (Detect EOF while reading in libssl), and
22623e0 (Teach more BIOs how to handle BIO_CTRL_EOF) changed the
behavior when encountering an EOF in SSL_read().  Previous behavior was
to return SSL_ERROR_SYSCALL, but errno would still be 0.  The commits
being reverted changed it to SSL_ERRO_SSL, and add an error to the
stack, which is correct.  Unfortunately this affects a number of
applications that counted on the old behavior, including nginx.

The reversion was discussed in openssl/openssl#11378, and implemented as
PR openssl/openssl#11400.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-03-28 13:03:02 +01:00
Petr Štetiar
5f2ff607e2 uboot-sunxi: a64: allow booting directly from eMMC
Current boot script uses hardcoded bootdevice, which allows booting from
SD card only, so this patch allows booting directly from eMMC as well.
While at it, replace fixed root device with more flexible UUID based
probing, so from now on probing order of MMC device doesn't matter.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Petr Štetiar
90897df61a uboot-sunxi: add support for Olimex A64-Olinuxino eMMC
Adding U-Boot image for Olimex A64-Olinuxino eMMC, including patch which
adds eMMC boot partition configuration commands.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Petr Štetiar
cda9af568b uboot-sunxi: add support for Olimex A64-Olinuxino
Adding U-Boot image for Olimex A64-Olinuxino.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Petr Štetiar
461a1d5a04 uboot-sunxi: rename Sinovoip BPI M2 Plus to Bananapi M2 Plus H3
Rename the board as done in upstream commit 268ae6548779 ("sunxi: Rename
Sinovoip BPI M2 Plus to Bananapi M2 Plus H3") which backs the rename
with the following reasoning:

 The brand Sinovoip is used for Sinovoip's original VOIP products, while
 the Bananapi brand is for the single board computers they produce.  This
 has been verified by Bananapi. Rename the board from "Sinovoip BPI M2
 Plus" to "Bananapi M2 Plus". For the defconfig file, all lowercase is
 used.

 To support the H5 variant of this board, the "H3" suffix is added to
 the defconfig name.

This has to be done in order to allow building U-Boot past v2019.04
release where this change was introduced.

Ref: https://github.com/openwrt/openwrt/pull/2849#discussion_r396401489
Suggested-by: Pawel Dembicki <paweldembicki@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Aleksander Jan Bajkowski
a9bd89fe18 uboot-sunxi: Banana Pi M2 Ultra switch to mainline defconfig
U-boot also have defconfig for this board. In 2019.01 branch they are identical.

Signed-off-by: Aleksander Jan Bajkowski <A.Bajkowski@stud.elka.pw.edu.pl>
2020-03-28 13:03:02 +01:00
Petr Štetiar
48436953e9 uboot-sunxi: bump to 2020.01
Refreshed patches, removed following, probably obsolete patches:

 221-compatible-old-dtc.patch
 240-sun50i-h5-Orange-Pi-Zero-Plus-Fix-SdCard-detection.patch

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Petr Štetiar
5fbcb52648 linux-firmware: add firmware for RTL8723BS SDIO modules
Adds firmware package for Realtek RTL8723BS SDIO Wireless LAN NIC driver
available in the staging.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
Petr Štetiar
8c26d67a67 mac80211: realtek: add staging driver for RTL8723BS SDIO module
Adds kernel module for Realtek RTL8723BS SDIO Wireless LAN NIC driver
available in the staging.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-28 13:03:02 +01:00
John Crispin
22d896eb21 hostapd: fix no_reload logic
the code would unconditionally tear down all interfaces upon a reconf.
This should only be done when the reconf call fails.

Signed-off-by: John Crispin <john@phrozen.org>
2020-03-27 16:18:57 +01:00
Rafał Miłecki
038318f766 mac80211: fix brcmfmac monitor interface crash
This fixes bug in brcmfmac *exposed* by ipv6/addrconf fix.

Fixes: ec8e8e2ef0 ("kernel: backport out-of-memory fix for non-Ethernet devices")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-03-27 14:57:01 +01:00
Álvaro Fernández Rojas
84f4a783c6 ath10k-firmware: update ath10k-ct firmware images
Release notes for 017:

Wave-1:

 *  March 19, 2020:  Fix problem where power-save was not enabled when going off-channel to scan.
                     The problem was a boolean logic inversion in the chmgr code, a regression I introduced
                     a long time ago.

 *  March 19, 2020:  When scanning only on current working channel, do not bother with disable/enable
                     powersave.  This should make an on-channel scan less obtrusive than it was previously.

 *  March 23, 2020:  Fix channel-mgr use-after-free problem that caused crashes in some cases.  The crash
                     was exacerbated by recent power-save changes.

 *  March 23, 2020:  Fix station-mode power-save related crash:  backported the fix from 10.2 QCA firmware.

 *  March 23, 2020:  Attempt to better clean up power-save objects and state, especially in station mode.

Release notes for 016:

Wave-1 changes, some debugging code for a crash someone reported, plus:

*  February 28, 2020:  Fix custom-tx path when sending in 0x0 for rate-code.  Have tries == 0 mean
                        one try but NO-ACK (similar to how wave-2 does it).

wave-2:

 * Fixed some long-ago regressions related to powersave and/or multicast.  Maybe fix some
   additional multicast and/or tx-scheduling bugs.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-03-27 10:18:41 +01:00
Álvaro Fernández Rojas
3114a4ef6c ath10k-ct: update to version 2020-03-25
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-03-27 10:18:39 +01:00
Hans Dedecker
001211a5ba netifd: fix compilation with musl 1.2.0
1e8328 system-linux: fix compilation with musl 1.2.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-03-26 21:58:02 +01:00
Hans Dedecker
ea69b13d84 odhcp6c: fix compilation with musl 1.2.0
49305e6 odhcp6c: fix compilation with musl 1.2.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-03-26 21:58:02 +01:00
Henrique de Moraes Holschuh
556b8581a1 dnsmasq: fix dnssec+ntp chicken-and-egg workaround (FS#2574)
Fix the test for an enabled sysntp initscript in dnsmasq.init, and get
rid of "test -o" while at it.

Issue reproduced on openwrt-19.07 with the help of pool.ntp.br and an
RTC-less ath79 router.  dnssec-no-timecheck would be clearly missing
from /var/etc/dnsmasq.conf.* while the router was still a few days in
the past due to non-working DNSSEC + DNS-based NTP server config.

The fix was tested with the router in the "DNSSEC broken state": it
properly started dnsmasq in dnssec-no-timecheck mode, and eventually ntp
was able to resolve the server name to an IP address, and set the system
time.  DNSSEC was then enabled by SIGINT through the ntp hotplug hook,
as expected.

A missing system.ntp.enabled UCI node is required for the bug to show
up.  The reasons for why it would be missing in the first place were not
investigated.

Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-03-25 21:40:51 +01:00
Henrique de Moraes Holschuh
f81403c433 dnsmasq: init: get rid of test -a and test -o
Refer to shellcheck SC2166.  There are just too many caveats that are
shell-dependent on test -a and test -o to use them.

Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
2020-03-25 21:39:20 +01:00
Jo-Philipp Wich
dd166960f4 uclient: update mirror hash
Fixes: 98017228dd ("uclient: bump to latest Git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-25 19:34:34 +01:00
Jo-Philipp Wich
98017228dd uclient: bump to latest Git HEAD
af585db uclient-fetch: support specifying advertised TLS ciphers

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-25 19:32:18 +01:00
Jo-Philipp Wich
052aaa7c96 uhttpd: bump to latest Git HEAD
5e9c23c client: allow keep-alive for POST requests
5fc551d tls: support specifying accepted TLS ciphers

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-25 19:22:10 +01:00
Jo-Philipp Wich
cd23dc1d21 ustream-ssl: bump to latest Git HEAD
5e1bc34 ustream-openssl: clear error stack before SSL_read/SSL_write
f7f93ad add support for specifying usable ciphers

Also bump the ABI version since the layout of `struct ustream_ssl_ops`
changed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-03-25 19:16:19 +01:00
Kevin Darbyshire-Bryant
9b0290ffbd nftables: bump to 0.9.3
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-24 14:42:48 +00:00
Kevin Darbyshire-Bryant
a0027f8dbf libnftnl: drop unsupported configure option
--without-json-parsing is not a supported configure option.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-23 21:31:05 +00:00
Álvaro Fernández Rojas
31922c4560 bcm27xx-userland: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-03-23 09:06:49 +01:00
Álvaro Fernández Rojas
8c02e7fe9f bcm27xx-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-03-23 08:55:14 +01:00
Jordan Sokolic
27ffd5ee30 dnsmasq: add 'scriptarp' option
Add option 'scriptarp' to uci dnsmasq config to enable --script-arp functions.
The default setting is false, meaning any scripts in `/etc/hotplug.d/neigh` intended
to be triggered by `/usr/lib/dnsmasq/dhcp-script.sh` will fail to execute.

Also enable --script-arp if has_handlers returns true.

Signed-off-by: Jordan Sokolic <oofnik@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-03-22 22:17:37 +01:00
David Bauer
46d0ce19f1 iwinfo: update to latest Git HEAD
9f5a7c4 iwinfo: add missing HT modename for HT-None
06a03c9 Revert "iwinfo: add BSS load element to scan result"
9a4bae8 iwinfo: add device id for Qualcomm Atheros QCA9990
eba5a20 iwinfo: add device id for BCM43602
a6914dc iwinfo: add BSS load element to scan result
bb21698 iwinfo: add device id for Atheros AR9287
7483398 iwinfo: add device id for MediaTek MT7615E

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-03-22 02:08:02 +01:00
Rafał Miłecki
8c33debb52 samba36: log error if getting device info failed
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-03-21 22:35:45 +01:00
Rafał Miłecki
547f1ec25a busybox: enable truncate on bcm53xx target
It's needed for optimized sysupgrade. On host machine this change
increased busybox size by 4096 B.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-03-21 22:31:35 +01:00
Christian Lamparter
d107aaa910 kernel: backport and package drivetemp hwmon from v5.5
This patch backports the hwmon drivetemp sensor module from vanilla
linux 5.5 to be available on OpenWrt's 5.4 kernel.

Extract from The upstream commit by Guenter Roeck <linux@roeck-us.net>:
hwmon: Driver for disk and solid state drives with temperature sensors

"Reading the temperature of ATA drives has been supported for years
by userspace tools such as smarttools or hddtemp. The downside of
such tools is that they need to run with super-user privilege, that
the temperatures are not reported by standard tools such as 'sensors'
or 'libsensors', and that drive temperatures are not available for use
in the kernel's thermal subsystem.

This driver solves this problem by adding support for reading the
temperature of ATA drives from the kernel using the hwmon API and
by adding a temperature zone for each drive.

With this driver, the hard disk temperature can be read [...]
using sysfs:

$ grep . /sys/class/hwmon/hwmon9/{name,temp1_input}
/sys/class/hwmon/hwmon9/name:drivetemp
/sys/class/hwmon/hwmon9/temp1_input:23000

If the drive supports SCT transport and reports temperature limits,
those are reported as well.

drivetemp-scsi-0-0
Adapter: SCSI adapter
temp1:        +27.0<C2><B0>C (low  =  +0.0<C2><B0>C, high = +60.0<C2><B0>C)
                             (crit low = -41.0<C2><B0>C, crit = +85.0<C2><B0>C)
                             (lowest = +23.0<C2><B0>C, highest = +34.0<C2><B0>C)

The driver attempts to use SCT Command Transport to read the drive
temperature. If the SCT Command Transport feature set is not available,
or if it does not report the drive temperature, drive temperatures may
be readable through SMART attributes. Since SMART attributes are not well
defined, this method is only used as fallback mechanism."

This patch incorperates a patch made by Linus Walleij:
820-libata-Assign-OF-node-to-the-SCSI-device.patch
This patch is necessary in order to wire-up the drivetemp
sensor into the device tree's thermal-zones.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-03-21 17:48:34 +01:00
Eneas U de Queiroz
dcef8d6093 openssl: update to 1.1.1e
This version includes bug and security fixes, including medium-severity
CVE-2019-1551, affecting RSA1024, RSA1536, DSA1024 & DH512 on x86_64.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-03-21 17:48:34 +01:00
Eneas U de Queiroz
d9d689589b openssl: add configuration example for afalg-sync
This adds commented configuration help for the alternate, afalg-sync
engine to /etc/ssl/openssl.cnf.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-03-21 17:48:34 +01:00
Paul Spooren
5a5df62d95 x86/grub2: move grub2 image creation to package
Let the grub2 package take care of creating installable grub2 images,
this will allow creating grub2 images without first calling x86 image
generation recipe. Also as side effect, since those images are now
shared, it'll reduce the number of calling grub-mkimage.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
[rebase, adjusted commit title]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2020-03-21 10:36:00 +00:00
Jason A. Donenfeld
2bd56595a6 wireguard: bump to 0.0.20200318
WireGuard had a brief professional security audit. The auditors didn't find
any vulnerabilities, but they did suggest one defense-in-depth suggestion to
protect against potential API misuse down the road, mentioned below. This
compat snapshot corresponds with the patches I just pushed to Dave for
5.6-rc7.

* curve25519-x86_64: avoid use of r12

This buys us 100 extra cycles, which isn't much, but it winds up being even
faster on PaX kernels, which use r12 as a RAP register.

* wireguard: queueing: account for skb->protocol==0

This is the defense-in-depth change. We deal with skb->protocol==0 just fine,
but the advice to deal explicitly with it seems like a good idea.

* receive: remove dead code from default packet type case

A default case of a particular switch statement should never be hit, so
instead of printing a pretty debug message there, we full-on WARN(), so that
we get bug reports.

* noise: error out precomputed DH during handshake rather than config

All peer keys will now be addable, even if they're low order. However, no
handshake messages will be produced successfully. This is a more consistent
behavior with other low order keys, where the handshake just won't complete if
they're being used anywhere.

* send: use normaler alignment formula from upstream

We're trying to keep a minimal delta with upstream for the compat backport.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-21 09:42:07 +01:00
Jason A. Donenfeld
858c6b17c8 wireguard-tools: bump to 1.0.20200319
* netlink: initialize mostly unused field
* curve25519: squelch warnings on clang

Code quality improvements.

* man: fix grammar in wg(8) and wg-quick(8)
* man: backlink wg-quick(8) in wg(8)
* man: add a warning to the SaveConfig description

Man page improvements. We hope to rewrite our man pages in mdocml at some
point soon.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-03-21 09:41:52 +01:00
Luiz Angelo Daros de Luca
5a326688ea kernel: load rtl8366_smi and rtl8367b on boot
This external switch driver should be loaded on boot for network support
in failsafe mode.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
[alter commit message]
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-03-21 12:58:29 +08:00
Oldřich Jedlička
23a885bf89 mac80211: do not try to setup hostapd-managed interfaces.
For virtual access points (when multiple SSIDs are used for one
physical AP), there exist one physical network interface and
multiple virtual interfaces, which are fully under control of
hostapd. When networking is setup, the script
`/lib/netifd/wireless/mac80211.sh` is called, which tries to bring
the interface up by a call to `ip link set dev <iface> up`. This
call might fail for virtual APs, because the virtual interface
might not have been created by hostapd yet. There are some artifical
delays in the script most probably to handle this, but when DFS
channel availability check on 5GHz band is issued, hostapd can
delay creating virtual interfaces by a minute.

In order to fix this (or work around it), do not try to bring the
interface up (this is responsibility of hostapd anyway) and
do not try to set txpower on the virtual interface.

Fixes FS#2698.

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
2020-03-20 21:55:17 +00:00
Chen Minqiang
ec5e8461c1 x86: make crashdump works
1. KERNEL_CRASH_DUMP should depends on KERNEL_PROC_KCORE (kexec use it)
2. select crashkernel mem size by totalmem
   mem <= 256M disable crashkernel by default
   mem >= 4G use 256M for crashkernel
   mem >= 8G use 512M for crashkernel
   default use 128M
3. set BOOT_IMAGE in kdump.init
4. resolve a "Unhandled rela relocation: R_X86_64_PLT32" error

Tested on x86_64

Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2020-03-20 21:45:06 +00:00
Jan Kardell
ecef29b294 readline: needs host depend on ncurses to build
We must ensure that host ncurses is build before host readline.

Signed-off-by: Jan Kardell <jan.kardell@telliq.com>
2020-03-20 17:08:58 +00:00
Jeffery To
d33200824f cryptodev-linux: Fix error when compiling with 5.4 kernel
Currently, cryptodev-linux fails to compile with a
'"crypto_givcipher_type" undefined' error for targets on the 5.4 kernel,
e.g. armvirt[1].

This backports an upstream patch[2] that fixes this error.

[1]: https://downloads.openwrt.org/snapshots/faillogs/aarch64_generic/base/cryptodev-linux/compile.txt
[2]: f971e0cd4a

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-03-18 23:12:48 +01:00
Daniel Golle
50a59b3a39 hostapd: fix segfault in wpa_supplicant ubus
When introducing ubus reload support, ubus initialization was moved
to the service level instead of being carried out when adding a BSS
configuration. While this works when using wpa_supplicant in that way,
it breaks the ability to run wpa_supplicant on the command line, eg.
for debugging purposes.
Fix that by re-introducing ubus context intialization when adding
configuration.

Reported-by: @PolynomialDivision https://github.com/openwrt/openwrt/pull/2417
Fixes: 60fb4c92b6 ("hostapd: add ubus reload")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-03-18 19:05:22 +01:00
Leon M. George
b78f61c336 hostapd: fix pointer cast warnings
Signed-off-by: Leon M. George <leon@georgemail.eu>
2020-03-17 10:23:28 +01:00
Leon M. George
a8a993e64c hostapd: remove trailing whitespace
Signed-off-by: Leon M. George <leon@georgemail.eu>
2020-03-17 10:23:28 +01:00
Martin Blumenstingl
0dbe8b9029 lantiq: ltq-tapi: fix compilation with newer Linux kernels
Compiling the ltq-tapi driver against Linux 5.4 results in a compile
error complaining that the size of struct sched_param is not known.
Switch the existing "sched/types.h" include to reference
include/uapi/linux/sched/types.h to fix compilation against Linux 5.4.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2020-03-16 22:28:16 +01:00
Martin Blumenstingl
588d574eb9 lantiq: ltq-deu: fix compatibility with Linux 5.3+
Upstream commit 84ede58dfcd1d ("crypto: hash - remove
CRYPTO_ALG_TYPE_DIGEST") drops the CRYPTO_ALG_TYPE_DIGEST define because
it has the same value as CRYPTO_ALG_TYPE_HASH. This was the case for
earlier kernels as well. Switch to CRYPTO_ALG_TYPE_HASH to fix building
against Linux 5.4.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2020-03-16 22:28:16 +01:00
Martin Blumenstingl
3fa5f058f6 lantiq: ltq-vdsl: fix compilation with Linux 5.0+
Upstream commit e4b92b108c6cd6 ("timekeeping: remove obsolete time
accessors") removed do_gettimeofday(). In Linux 4.19 this was only a
wrapper around ktime_get_real_ts64(). Use ktime_get_real_ts64() now that
the wrapper is gone to fix compilation against Linux 5.4.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2020-03-16 22:28:16 +01:00
Mathias Kresin
a6698551e5 ltq-adsl: fix compilation with Linux 5.0+
Upstream commit e4b92b108c6cd6 ("timekeeping: remove obsolete time
accessors") removed do_gettimeofday(). In Linux 4.19 this was only a
wrapper around ktime_get_real_ts64(). Use ktime_get_real_ts64() now that
the wrapper is gone to fix compilation against Linux 5.4.

Move the ifxmips_mei_interface header to the include directory, it can't
be found otherwise during compilation. The reason for the changed
behaviour is not yet clear, however having header files in an include
directory is more straight forward.

To use the of_device_id struct, the mod_devicetable header need to be
included. Instead of including this header, include the of_platform
header, which includes the mod_devicetable on its own.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2020-03-16 22:28:16 +01:00
Mathias Kresin
a3539c82cb ltq-atm: add Linux 5.0+ compatibility
Upstream commit 96d4f267e40f95 ("Remove 'type' argument from access_ok()
function") removes the first argument to access_ok.
Adjust the code so it builds with Linux 5.4.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2020-03-16 22:28:16 +01:00
Mathias Kresin
c01c01891c kernel: kmod-serial-8250: fix linux 5.3 dependencies
Beginning with linux 5.3, kmod-serial-8250 uses functions provided by
serial_mctrl_gpio.ko if GPIO support is enabled.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2020-03-16 22:28:16 +01:00
Petr Štetiar
52e6fb1369 rpcd: fix respawn settings
Commit 432ec292cc ("rpcd: add respawn param") has introduced infinite
restarting of the service which could be reached over network. This is
not recommended security practice as it might give potential adversary
infinite number of tries in case there might be some issue in the rpcd
or its surrounding stack.

So lets remove the currently bogus `respawn_retry` variable (it wasn't
possible to override it anyway), reverting to the previous default max.
of 5 service restarts which could be now overriden via system's UCI
settings if desired.

Cc: Jo-Philip Wich <jow@mein.io>
Cc: Florian Eckert <fe@dev.tdt.de>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Fixes: 432ec292cc ("rpcd: add respawn param")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-16 22:21:45 +01:00
Hans Dedecker
3db9b83f16 curl: bump to 7.69.1
For changes in 7.69.1; see https://curl.haxx.se/changes.html#7_69_1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-03-16 21:31:01 +01:00
Rozhuk Ivan
d890f85e59 wwan: fix hotplug event handling
Hotplug manager send: "remove" -> "add" -> "bind" events,
script interpret bind as "not add" = "remove" and mark device
as unavailable.

Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-03-16 21:03:25 +01:00
Rozhuk Ivan
4821ff064b comgt: fix hotplug event handling
Hotplug manager send: "remove" -> "add" -> "bind" events,
script interpret bind as "not add" = "remove" and mark device
as unavailable.

Signed-off-by: Rozhuk Ivan <rozhuk.im@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2020-03-16 21:02:33 +01:00
Hans Dedecker
d21f5aaa99 netifd: update to latest git HEAD
dbdef93 interface-ip: transfer prefix route ownership for deprecated ipv6addr to kernel

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-03-16 20:59:12 +01:00
Kevin Darbyshire-Bryant
77b4cb0b39 libnftnl: bump to 1.1.5
Solve missing references to nftnl_set_list_lookup_byname when building
iptables with Nftables support enabled (CONFIG_IPTABLES_NFTABLES)

Bump the ABI version to force everything to match.

/Users/kevin/wrt/staging_dir/toolchain-x86_64_gcc-9.2.0_musl/lib/gcc/x86_64-openwrt-linux-musl/9.2.0/../../../../x86_64-openwrt-linux-musl/bin/ld: xtables_nft_multi-nft-bridge.o: in function `nft_bridge_parse_lookup':
nft-bridge.c:(.text.nft_bridge_parse_lookup+0xcd): undefined reference to `nftnl_set_list_lookup_byname'
/Users/kevin/wrt/staging_dir/toolchain-x86_64_gcc-9.2.0_musl/lib/gcc/x86_64-openwrt-linux-musl/9.2.0/../../../../x86_64-openwrt-linux-musl/bin/ld: xtables_nft_multi-nft-cache.o: in function `nftnl_set_list_cb':
nft-cache.c:(.text.nftnl_set_list_cb+0x80): undefined reference to `nftnl_set_list_lookup_byname'
/Users/kevin/wrt/staging_dir/toolchain-x86_64_gcc-9.2.0_musl/lib/gcc/x86_64-openwrt-linux-musl/9.2.0/../../../../x86_64-openwrt-linux-musl/bin/ld: xtables_nft_multi-nft-cache.o: in function `fetch_set_cache':
nft-cache.c:(.text.fetch_set_cache+0x10a): undefined reference to `nftnl_set_list_lookup_byname'
collect2: error: ld returned 1 exit status
make[6]: *** [xtables-nft-multi] Error 1
make[5]: *** [all] Error 2
make[4]: *** [all-recursive] Error 1
make[3]: *** [all] Error 2
make[2]: *** [/Users/kevin/wrt/build_dir/target-x86_64_musl/linux-x86_64/iptables-1.8.4/.built] Error 2
make[2]: Leaving directory `/Users/kevin/wrt/package/network/utils/iptables'

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-16 15:49:13 +00:00
Sungbo Eo
6508766d24 kernel: make kmod-i2c-mux selected by dependent modules
Currently kmod-i2c-mux-* will not get into images unless kmod-i2c-mux is added
to DEVICE_PACKAGES as well. By changing the dependencies from "depends on" to
"select", we do not have the issue anymore.

Furthermore, we can remove most occurrences of the package from DEVICE_PACKAGES
and similar variables, as it is now pulled by dependent modules such as:
- kmod-i2c-mux-pca954x

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-03-16 16:26:29 +01:00
Mathias Kresin
1a9408281b iproute2: revert add libcap support, enabled in ip-full
This reverts commit a6da3f9ef7.

The libcap isn't as optional as the commit messages suggests. A hard
dependency to the libcap package is added, which is only available in
the external packages feed. Therefore it is impossible to package
ip-full without having the external packages feed up and running, which
is a regression to the former behaviour.

Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2020-03-15 21:38:05 +01:00
Hans Dedecker
a5c30efeb1 odhcpd: update to latest git HEAD
6594c6b ubus: use dhcpv6 ia assignment flag
a90cc2e dhcpv6-ia: avoid setting lifetime to infinite for static assignments
bb07fa4 dhcpv4: avoid setting lifetime to infinite for static assignments

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-03-15 20:09:19 +01:00
Kevin Darbyshire-Bryant
d7613bd02f iptables: update to 1.8.4
Bump to iptable 1.8.4 and address packaging issue as mentioned in the
original bump/revert cycle.

"This reverts commit 10cbc896c0.
The updated iptables package does not build due to the following error
encountered on the buildbots:
    cp: cannot stat '.../iptables-1.8.4/ipkg-install/usr/lib/libiptc.so.*': No such file or directory

The changelog mentions "build: remove -Wl,--no-as-needed and libiptc.so" so
it appears as if further packaging changes are needed beyond a simple
version bump."

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-15 15:55:56 +00:00
Daniel Golle
0933d1363b procd: update to latest git HEAD
77a6782 jail: mount-bind /etc/resolv.conf for non-netns jails

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-03-13 20:06:55 +01:00
Adrian Schmutzler
5c2e409be7 base-files: convert leading spaces to tabs in functions.sh
Use tabs for indent consistently.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-03-13 15:51:30 +01:00
Sungbo Eo
4caaa778f7 kernel: make kmod-i2c-core selected by dependent modules
Currently kmod-i2c-* will not get into images unless kmod-i2c-core is added to
DEVICE_PACKAGES as well. By changing the dependencies from "depends on" to
"select", we do not have the issue anymore.

Furthermore, we can remove most occurrences of the package from DEVICE_PACKAGES
and similar variables, as it is now pulled by dependent modules such as:
- kmod-hwmon-lm75
- kmod-i2c-gpio
- kmod-i2c-gpio-custom
- kmod-i2c-mux
- kmod-i2c-ralink

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[do not touch ar71xx]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-03-13 15:40:43 +01:00
Sungbo Eo
4159054fbb kernel: make kmod-hwmon-core selected by dependent modules
Currently kmod-hwmon-* will not get into images unless kmod-hwmon-core is added
to DEVICE_PACKAGES as well. By changing the dependencies from "depends on" to
"select", we do not have the issue anymore.

Furthermore, we can remove most occurrences of the package from DEVICE_PACKAGES
and similar variables, as it is now pulled by dependent modules such as:
- kmod-hwmon-gpiofan
- kmod-hwmon-lm63
- kmod-hwmon-lm75
- kmod-hwmon-lm85
- kmod-hwmon-lm90

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[do not touch ar71xx, adjust line wrapping]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-03-13 14:23:33 +01:00
Kevin Darbyshire-Bryant
5c2b130ec9 kernel: ifb: set default numifbs to 0
By default on module load, 2 ifb interfaces are created and typically
remain unused, cluttering 'ip link' outputs and generally confusing
things.  sqm-scripts for example, creates its own ifb interface/s
instead of using these 2 defaults ifbs.

Tell the ifb module to not create any default ifbs on load via the
numifbs parameter.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-13 09:46:55 +00:00
Daniel Golle
40e578992b procd: actually wire-up netns support
When support for network namespaces was added to procd, adding the
corresponding jail flag in procd.sh was ommitted. Add it now.

Fixes: 97a03a4760 ("procd: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-03-12 20:55:50 +01:00
Tomasz Maciej Nowak
5031fbfd22 layerscape: ls1012afrdm: introduce dynamic partitioning
Combine fixed sizes of "kernel" and "rootfs" partitions into one
partition managed by OpenWrt splitter, it will allow better management
of chip capacity and less maintenance burden when compiled kernel image
will outgrow allocated size for kernel partition. This also changes kernel
image format, since splitter only manages kernel and rootfs partitions,
the dtb needs to be updated with the kernel, so for convenience, kernel is
packed to FIT image.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-03-12 12:59:44 +01:00
Tomasz Maciej Nowak
63f5268c7f layerscape: ls1012afrdm: convert image to squashfs
This commit replaces UBIFS root partition with squashfs+overlay. It's
preparation for introducing dynamic partitioning.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-03-12 12:59:44 +01:00
Tomasz Maciej Nowak
3a3d998c12 layerscape: resurrect support for FRDM-LS1012A
Re-add support for NXP FRDM-LS1012A, which mimics the flash layout of the
rest boards supported by LSDK.

0x000000000000-0x000000100000 : "bl2"
0x000000100000-0x000000500000 : "fip"
0x000000500000-0x000000600000 : "u-boot-env"
0x000000600000-0x000000a00000 : "reserved-1"
0x000000a00000-0x000000d00000 : "pfe"
0x000000d00000-0x000000f00000 : "reserved-2"
0x000000f00000-0x000001000000 : "dtb"
0x000001000000-0x000002000000 : "kernel"
0x000002000000-0x000004000000 : "ubifs"

Specification
SoC: LS1012A single core 800MHz
RAM: 512 MB DDR3
Flash: 64 MB QSPI NOR
Ethernet: 2x 10/100/1000 Mbps
Connectors: µUSB 3.0 OTG
            µUSB 2.0 (debugging & power input)
            2x 3.5mm jack for microphone & headphone (SGTL5000)
            Arduino Shield expansion with I2C, SPI, UART, and GPIO
            JTAG
LEDS: 3x (non-configurable)
Buttons: 1x (reset, non-configurable)

Be advised that erasing or writing 64MB flash takes some time to finish.
Do not reset the board until all operations end with success, otherwise
You'll need external tools to re-program the flash chip.

Installation
Follow the QSPI programing procedure for LS1012AFRWY board in
target/linux/layerscape/README, point 3.3.
Don't forget about updating U-Boot environment with MAC addresses of
ethernet interfaces, variable 'ethaddr' for eth0 and 'eth1addr' for eth1.

As the LSDK images do not support sysupgrade, nor do changes in this
commit, it's planed in upcoming submissions.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-03-12 12:59:44 +01:00
Sungbo Eo
228bb84744 kernel: make kmod-ata-core selected by dependent modules
Currently kmod-ata-* will not get into images unless kmod-ata-core is added to
DEVICE_PACKAGES as well. By changing the dependencies from "depends on" to
"select", we do not have the issue anymore.

Furthermore, we can remove most occurrences of the package from DEVICE_PACKAGES
and similar variables, as it is now pulled by dependent modules such as:
- kmod-ata-ahci
- kmod-ata-ahci-mtk
- kmod-ata-sunxi

While at it, use AddDepends/ata for kmod-ata-pdc202xx-old.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-03-11 19:40:03 +01:00
Felix Fietkau
0f8c806eb8 mt76: update to the latest version
a94e43f277e2 mt76: mt76x02: reset MCU timeout counter earlier in watchdog reset

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-03-11 13:33:36 +01:00
Hans Dedecker
659ae99e9b curl: bump to 7.69.0
For changes in 7.69.0; see https://curl.haxx.se/changes.html#7_69_0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-03-10 22:15:18 +01:00
Kevin Darbyshire-Bryant
04a21c26a0 dnsmasq: bump to v2.81rc3
Bump to latest release candidate and drop 2 local patches that have been
upstreamed.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-10 12:49:07 +00:00
Yousong Zhou
847f3e603d kernel: kmod-fs-exfat: fix typo LINUX_4_{,1}4
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Reported-by: Petr Štetiar <ynezz@true.cz>
2020-03-09 22:40:48 +08:00
DENG Qingfang
b255260bb7 kernel: add exFAT fs driver
This was available since kernel 5.4.  The one provided in packages feed
will be considered deprecated and renamed to kmod-fs-exfat0.

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(use name kmod-fs-exfat.  use "@!(LINUX_4_4||LINUX_4_19)" for dependency)
2020-03-09 22:04:59 +08:00
Robert Marko
6256ca3232 ipq40xx: add support for 8devices Habanero DVK
This patch adds support for the 8devices Habanero development board.

Specs are:
CPU: QCA IPQ4019
RAM: DDR3L 512MB
Storage: 32MB SPI-NOR and optional Parallel SLC NAND(Some boards ship with it and some without)
WLAN1: 2.4 GHz built into IPQ4019 (802.11n) 2x2
WLAN2: 5 GHz built into IPO4019 (802.11ac Wawe-2) 2x2
Ethernet: 5x Gbit LAN (QCA 8075)
USB: 1x USB 2.0 and 1x USB 3.0 (Both built into IPQ4019)
MicroSD slot (Uses SD controller built into IPQ4019)
SDIO3.0/EMMC slot (Uses the same SD controller)
Mini PCI-E Gen 2.0 slot (Built into IPQ4019)
5x LEDs (4 GPIO controllable)
2x Pushbutton (1 is connected to GPIO, other to SoC reset)
LCD ZIF socket (Uses the LCD controller built into IPQ4019 which has no driver support)
1x UART 115200 rate on J18

2x breakout development headers
12V DC Jack for power
DIP switch for bootstrap configuration

Installation instructions:
Since boards ship with vendors fork of OpenWrt sysupgrade can be used.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2020-03-09 00:53:50 +01:00
Tim Harvey
1ff8054092 kernel: fix lib-xor for ARM64
use LINUX_KARCH in directory path to avoid failures in non-arm targets.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2020-03-08 15:10:55 +01:00
Michael Heimpold
9405fb079b uboot-mxs: bump to v2020.01
Also update the U-Boot BSP patch for I2SE Duckbill devices.

Run tested on I2SE Duckbill and Olimex OLinuXino Maxi boards.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2020-03-08 15:10:55 +01:00
Michael Heimpold
a468a45253 uboot-envtools: mxs: add support for olimex, imx23-olinuxino
Add ubootenv uci config for Olimex OLinuXino boards.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2020-03-08 15:10:55 +01:00
Petr Štetiar
a61c787f9f uboot-imx6: bump to 2020.01 and refresh patches
Update U-Boot to latest release, remove `100-wandboard-enable-fit.patch`
as FIT support was added in commit 5b8585825128 ("wandboard: Add FIT
image support").

Rework `110-mx6cuboxi-mmc-fallback.patch` into two patches as there was
new config option `CONFIG_SPL_FORCE_MMC_BOOT` added upstream which
should provide the same functionality as the previous patch hunk.

Moving Apalis towards generic distro_bootcmd.

Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Tim Harvey <tharvey@gateworks.com>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-08 15:10:55 +01:00
Petr Štetiar
d1c2b25212 gpio-button-hotplug: remove duplicate logging text
Removes one of the duplicate `gpio-keys` words found in the logs:

 gpio-keys gpio-keys: gpio-keysdoes not support key code:143

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-08 15:10:55 +01:00
Petr Štetiar
aae4d85647 kernel: add kernel module for Sensirion SPS30 PMS
Adds into 4.19 backported kernel module from 5.1 for Sensirion SPS30
particulate matter sensor, for kernel 5.4 backported dependency fix.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-08 15:10:55 +01:00
Petr Štetiar
ea1823a867 kernel: iio: split buffer modules into separate packages
Otherwise we would need to enable IIO_TRIGGERED_BUFFER symbol in all
kernels in order to be able to use any of the IIO modules which are
utilizing triggered buffer based data acquisition method.

Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-08 15:10:55 +01:00
Sven Over
5b13ea8d28 mac80211: fix symbol dependency of rt2x00lib kernel module
On platforms that do not have CONFIG_MTD enabled, loading the
rt2x00lib kernel module fails because it depends on symbols from
the mtd module ("Unknown symbol get_mtd_device_nm").

This commit disables the code that can read the eeprom from mtd if
mtd is not enabled.

Signed-off-by: Sven Over <sp@cedenti.st>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-03-07 20:18:30 +01:00
Manuel Giganto
b2130b9ce8 ath79: add support for Devolo Magic 2 WIFI
This patch support Devolo Magic 2 WIFI, board devolo_dlan2-2400-ac.
This device is a plc wifi AC2400 router/extender with 2 Ethernet
ports, has a G.hn PLC and uses LCMP protocol from Home Grid Forum.

Hardware:
   SoC:         AR9344
   CPU:         560 MHz
   Flash:       16 MiB (W25Q128JVSIQ)
   RAM:         128 MiB DDR2
   Ethernet:    2xLAN 10/100/1000
   PLC:         88LX5152 (MaxLinear G.hn)
   PLC Flash:   W25Q32JVSSIQ
   PLC Uplink:  1Gbps MIMO
   PLC Link:    RGMII 1Gbps (WAN)
   WiFi:        Atheros AR9340 2.4GHz 802.11bgn
                Atheros AR9882-BR4A 5GHz 802.11ac
   Switch:      QCA8337, Port0:CPU, Port2:PLC, Port3:LAN1, Port4:LAN2
   Button:      3x Buttons (Reset, wifi and plc)
   LED:         3x Leds (wifi, plc white, plc red)
   GPIO Switch: 11-PLC Pairing (Active Low)
                13-PLC Enable
                21-WLAN power

MACs Details verified with the stock firmware:
   Radio1: 2.4 GHz &wmac     *:4c Art location: 0x1002
   Radio0: 5.0 GHz &pcie     *:4d Art location: 0x5006
   Ethernet        &ethernet *:4e = 2.4 GHz + 2
   PLC uplink      ---       *:4f = 2.4 GHz + 3
Label MAC address is from PLC uplink

OEM SSID: echo devolo-$(grep SerialNumber /dev/mtd1 | grep -o ...$)
OEM WiFi password: grep DlanSecurityID /dev/mtd1|tr -d -|cut -d'=' -f 2

Recommendations: Configure and link your PLC with OEM firmware
BEFORE you flash the device. PLC configuration/link should
remain in different memory and should work straight forward
after flashing.

Restrictions: PLC link detection to trigger plc red led is not
available. PLC G.hn chip is not compatible with open-plc-tools,
it uses LCMP protocol with AES-128 and requires different
software.

Notes: Pairing should be possible with gpio switch. Default
configuration will trigger wifi led with 2.4Ghz wifi traffic
and plc white led with wan traffic.

Flash instruction (TFTP):
 1. Set PC to fixed ip address 192.168.0.100
 2. Download the sysupgrade image and rename it to uploadfile
 3. Start a tftp server with the image file in its root directory
 4. Turn off the router
 5. Press and hold Reset button
 6. Turn on router with the reset button pressed and wait ~15 seconds
 7. Release the reset button and after a short time
    the firmware should be transferred from the tftp server
 8. Allow 1-2 minutes for the first boot.

Signed-off-by: Manuel Giganto <mgigantoregistros@gmail.com>
2020-03-07 11:02:13 +08:00
WeiDong Jia
643cab4f31 ath79: add support for DomyWifi DW33D
This commit ports the device from ar71xx to the ath79 target and
modifies the partition layout.
1. Firmware is installed to nand flash.
2. Modify the uboot-env parameter to boot from the nand flash.
3. The kernel size is extended to 5M.
4.nor flash retains the oem firmware.

oem partition layout
dev:    size   erasesize  name
mtd0: 00040000 00010000 "u-boot"
mtd1: 00010000 00010000 "u-boot-env"
mtd2: 00e30000 00010000 "rootfs"
mtd3: 00170000 00010000 "kernel"
mtd4: 00010000 00010000 "art"
mtd5: 00f90000 00010000 "firmware"
mtd6: 06000000 00020000 "rootfs_data"
mtd7: 02000000 00020000 "backup"

new partition layout
dev:    size   erasesize  name
mtd0: 00040000 00010000 "u-boot"
mtd1: 00010000 00010000 "u-boot-env"
mtd2: 00fa0000 00010000 "oem-firmware"
mtd3: 00010000 00010000 "art"
mtd4: 00500000 00020000 "kernel"
mtd5: 05b00000 00020000 "ubi"
mtd6: 02000000 00020000 "oem-backup"

MAC address overview:
All mac addresses are stored in the art partition.
eth0: 0x0
eth1: 0x6
ath9k: 0xc
ath10k: 0x12
No valid addresses in 0x1002 and 0x5006. All addresses match the OEM
firmware.

Install from oem firmware.
Enable ssh service:
Connect to the router web, click professional, click system-startup,
and add dropbear in the local startup input box. Click
system-administration, delete ssh-key, and replace your ssh pub key.
Restart the router.
1.Upload openwrt firmware to the device
scp openwrt-snapshot-r11365-df60a0852c-ath79-nand-domywifi_dw33d-\
squashfs-factory.bin root@192.168.10.1:/tmp
2.modify uboot-env.
ssh login to the device:
fw_setenv bootcmd 'nboot 0x8050000 0;bootm || bootm 0x9fe80000'
Run the fw_printenv command to check if the settings are correct.
3.Write openwrt firmware.
ssh login to the device:
mtd -r write /tmp/openwrt-snapshot-r11365-df60a0852c-ath79-nand-\
domywifi_dw33d-squashfs-factory.bin /dev/mtd6
The device will restart automatically and the openwrt firmware
installation is complete.

Restore oem firmware.just erase the kernel partition and the ubi
partition.
ssh login to the device:
mtd erase /dev/mtd4
mtd -r erase /dev/mtd5
Reboot the device

Signed-off-by: WeiDong Jia <jwdsccd@gmail.com>
[alter flash instruction in commit message]
Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2020-03-07 11:02:13 +08:00
Kevin Darbyshire-Bryant
0b84b89251 dnsmasq: bump to 2.81rc2 + 2 local
Bump to dnsmasq 2.81rc2.  In the process discovered several compiler
warnings one with a logical error.

2 relevant patches sent upstream, added as 2 local patches for OpenWrt

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-06 15:47:56 +00:00
DENG Qingfang
a017773a92 ncurses: update to 6.2
Update ncurses to 6.2

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-03-05 20:48:58 +01:00
Kevin Darbyshire-Bryant
3251ac8f2d dnsmasq: bump to v2.81rc1
1st release candidate for v2.81 after 18 months.

Refresh patches & remove all upstreamed leaving:

110-ipset-remove-old-kernel-support.patch

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-03-04 20:44:23 +00:00
Ansuel Smith
57432b9648 modules: fix dwc3-qcom wrong condition
Since now we support both kernel 4.19 and 5.2, change the
condition to remove driver when on kernel 4.14

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2020-03-03 23:38:23 +01:00
Alan Swanson
25cb5685c1 netifd: rename 20-smp-tune to 20-smp-packet-steering
Rename the script to be more obvious that this is for
packet steering only.

Signed-off-by: Alan Swanson <reiver@improbability.net>
2020-03-03 22:43:09 +01:00
Alan Swanson
d3868f15f8 netifd: change RPS/XPS handling to all CPUs and disable by default
The current implementation is significantly lowering lantiq
performace [1][2] by using RPS with non-irq CPUs and XPS
with alternating CPUs.

The previous netifd implementation (by default but could be
configured) simply used all CPUs and this patch essentially
reverts to this behaviour.

The only document suggesting using non-interrupt CPUs is Red
Hat [3] where if the network interrupt rate is extremely high
excluding the CPU that handles network interrupts *may* also
improve performance.

The original packet steering patches [4] advise that optimal
settings for the CPU mask seems to depend on architectures
and cache hierarcy so one size does not fit all. It also
advises that the overhead in processing for a lightly loaded
server can cause performance degradation.

Ideally, proper IRQ balancing is a better option with
the irqbalance daemon or manually.

The kernel does not enable packet steering by default, so
also disable in OpenWRT by default. (Though mvebu with its
hardware scheduling issues [5] might want to enable packet
steering by default.)

Change undocumented "default_ps" parameter to clearer
"packet_steering" parameter. The old parameter was only ever
set in target/linux/mediatek/base-files/etc/uci-defaults/99-net-ps
and matched the default.

[1] https://forum.openwrt.org/t/18-06-4-speed-fix-for-bt-homehub-5a
[2] https://openwrt.ebilan.co.uk/viewtopic.php?f=7&t=1105
[3] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/performance_tuning_guide/network-rps
[4] https://marc.info/?l=linux-netdev&m=125792239522685&w=2
[5] https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=2e1f6f1682d3974d8ea52310e460f1bbe470390f

Fixes: #1852
Fixes: #2573

Signed-off-by: Alan Swanson <reiver@improbability.net>
2020-03-03 22:43:08 +01:00
Petr Štetiar
ee92838dd2 kernel: iio: fix st-accel dependencies properly
Add missing register map access SPI/I2C modules.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-02 14:48:53 +01:00
Petr Štetiar
4642c4864e kernel: iio: fix st-accel missing dependency
Fixes following build error on mpc85xx/p2020:

 Package kmod-iio-st_accel is missing dependencies for the following libraries:
  regmap-core.ko

Fixes: 2d8f4c4fbd ("kernel: iio: add st-accel driver modules")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-02 08:44:02 +01:00
Tomasz Maciej Nowak
b322243d2f x86: add bootloader upgrade on sysupgrade
Currently bootloader always stays on the same version as when first
written to boot medium (not true if partition layout changed, which will
trigger sysupgrade process to write full disk image). That creates
inconveniences as it always stays with same features or/and bugs. Users
wishing to add support to additional modules or new version, would need
to write the whole image, potentially destroying previous system
configuration. To fix these, this commit adds additional routine to
sysupgrade which upgrades unconditionally the bootloader to the latest
state provided by OpenWrt.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-03-01 21:36:00 +01:00
Tim Harvey
1d8f21e3a0 kernel: iio: add fxos8700 driver support
Adds various kernel modules for Freescale FXOS8700 3-axis accelerometer.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-01 21:36:00 +01:00
Tim Harvey
2d8f4c4fbd kernel: iio: add st-accel driver modules
Adds kernel modules for various STMicroelectronics accelerometers.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-01 21:36:00 +01:00
Tim Harvey
b56e669af9 kernel: can: add MCP251x CAN controller module support
Adds kernel module for Microchip MCP251x SPI CAN controller.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-01 21:36:00 +01:00
Tomasz Maciej Nowak
af878339ae uboot-mvebu: point to UBOOT_CONFIG when setting options
The BUILD_VARIANT might differ from UBOOT_CONFIG, so point to a file we
are actually changing. Being here let's call 'Build/Configure/U-Boot'
definition, instead of definig the same command. This'll be more future
proof, if U-Boot configuration procedure will change.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-03-01 21:36:00 +01:00
Jeffery To
12020f8a95 base-files: Add /etc/shinit for non-login shell init
Because /etc/profile (and ~/.profile) are read by login shells only,
aliases and functions defined there are not available to non-login
shells, e.g. when using screen or tmux.

If the ENV environment variable exists (exported by /etc/profile or
~/.profile) and references an existing file, then all interactive shells
(login or non-login) will read that file as well.

This sets the ENV environment variable in /etc/profile, pointing to
/etc/shinit.

This also adds /etc/shinit, which:

* Contains alias and function definitions originally in /etc/profile

* Sources /etc/mkshrc if the user is using mksh (also originally in
  /etc/profile), as /etc/mkshrc is meant for all interactive shells

* Sources ~/.mkshrc if the user is using mksh, to compensate for the
  fact that mksh will not read ~/.mkshrc if ENV is set

* Sources ~/.shinit if the user is not using mksh

This also removes the shebang from /etc/profile, as the file is sourced,
not executed.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2020-03-01 21:35:59 +01:00
Petr Štetiar
2c3c83e40b ppp: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on imx6:

 112681 ppp_2.4.8-2_arm_cortex-a9_neon.ipk
 121879 ppp_2.4.8-2_arm_cortex-a9_neon.ipk
 = 9198 diff

Acked-by: Alexander Couzens <lynxis@fe80.eu>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-03-01 21:35:59 +01:00
Stijn Tintel
8ce359d6bb libpcap: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected. This is required to enable PIE ASLR support by default in ppp,
as it fails to build without it, on x86/64.

The .so file size stays identical.

Suggested-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-03-01 21:35:59 +01:00
Christian Lamparter
632a7b2997 mvebu: fix build regression due to neon-asm ghash module
This patch fixes the regression caused by adding the NEON
variant of the ghash as the default ghash package package:

> ERROR: module '[...]/arch/arm/crypto/ghash-arm-ce.ko' is missing.
> modules/crypto.mk:286: recipe for target
>  '[...]/kmod-crypto-ghash_4.19.106-1_aarch64_cortex-a53.ipk' failed

This patch limits the scope to the ARM32/cortexa9 target of mvebu.

Fixes: 285df63efc ("kernel: build neon-asm version of ghash module")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-02-29 14:14:08 +01:00
Álvaro Fernández Rojas
8f5d714a7f bcm27xx-gpu-fw: update to latest version
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-02-29 08:24:57 +01:00
Eneas U de Queiroz
e889489bed kernel: build arm/neon-optimized sha1/512 modules
This builds the regular arm and arm-neon asm optmized modules for sha1
and sha512, for targets that set CONFIG_ARM_CRYPTO.

On ip40xx, the arm-asm version of sha1 improves performance by 5% over
the generic C implementation; sha1-neon is 25% faster than generic,
and sha512-neon, 259%.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-02-28 22:46:09 +01:00
Eneas U de Queiroz
285df63efc kernel: build neon-asm version of ghash module
This alone improves AES-GCM performance by up to 50% on ipq40xx.  This
is enabled for targets that support neon and set CONFIG_ARM_CRYPTO:
imx6, ipq40xx, and mvebu.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-02-28 22:46:09 +01:00
Steven Lin
a736d912e2 ipq40xx: add support for EnGenius EAP2200
SOC:    IPQ4019 / QCA Dakota
CPU:    Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:   256 MiB
FLASH:  NOR 4 MiB + NAND 128 MiB
ETH:    Qualcomm Atheros QCA8072
WLAN1:  Qualcomm Atheros QCA4019 2.4GHz 802.11bgn 2:2x2
WLAN2:  Qualcomm Atheros QCA4019 5GHz 802.11a/n/ac 2:2x2
WLAN2:  Qualcomm Atheros QCA9888 5GHz 802.11a/n/ac 2:2x2
INPUT:  WPS Button
LEDS:   Power, LAN1, LAN2, WLAN 2.4GHz, WLAN 5GHz-1, WLAN 5GHz-2, OPMODE

1. Load Ramdisk via U-Boot

To set up the flash memory environment, do the following:
a. As a preliminary step, ensure that the board console port is connected to the PC using these RS232 parameters:
   * 115200bps
   * 8N1
b. Confirm that the PC is connected to the board using one of the Ethernet ports.
c. Set a static ip 192.168.99.8 for Ethernet that connects to board.
d. The PC must have a TFTP server launched and listening on the interface to which the board is connected.
e. At this stage power up the board and, after a few seconds, press 4 and then any key during the countdown.

U-BOOT> set serverip 192.168.99.9 && tftpboot 0x84000000 192.168.99.8:openwrt.itb && bootm

Signed-off-by: Steven Lin <steven.lin@senao.com>
[copied 4.19 dts to 5.4]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-02-28 22:29:10 +01:00
Álvaro Fernández Rojas
49737c359c bcm27xx-userland: update to latest version
Remove upstream cmake fix.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-02-28 19:30:16 +01:00
Hauke Mehrtens
34fcdcd7c2 kernel: Remove nvmem hack patch from 5.4
The nvmem framework is now used in net/ethernet/eth.c and the nvmem
sysfs is split into a separate Kconfig option. More work would be needed
to adapt this patch for the broader use. The current patch compiles fine
on ath79, but it breaks the x86 target.

nvmem is also compiled into the kernel for most of our targets for
example ath79 anyway, so patching the kernel to remove it is now harder
and not the case on multiple targets anyway. Instead of making this work
on kernel 5.4 just remove this hack patch.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
f1ff9410f6 kernel: Remove chash.ko from kmod-drm-amdgpu
This module was added with kernel 4.15, but is was removed again with
kernel version 5.3. OpenWrt does not support specifying a kernel version
range so just break it with kernel 4.14 and only support recent kernel
versions.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
a847e0ddd2 kernel: Add snd-intel-nhlt.ko to kmod-sound-hda-intel
With kernel 5.4 kmod-sound-hda-intel also needs snd-intel-nhlt.ko, but
this kernel module is only build on x86, make the OpenWrt kmod depend on
TARGET_x86.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
59f2814c09 kernel: Make kmod-ixgbe depend on kmod-libphy
With kernel 5.4 kmod-ixgbe is depending on kmod-libphy, add this
missing dependency.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
c9ef72aa13 nat46: Fix compile with kernel 5.4
nf_reset() was renamed to nf_reset_ct() in upstream Linux commit
895b5c9f206e ("netfilter: drop bridge nf reset from nf_reset)"

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Koen Vandeputte
cc34b55b77 kernel: Make kmod-rtc-pcf2123 depend on kmod-regmap-spi
In kernel 5.4 kmod-rtc-pcf2123 depends on kmod-regmap-spi, add this missing
dependency.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
19b1739bbe kernel: Make kmod-nft-core depend on kmod-nf-nat
In kernel 5.4 kmod-nf-core depends on kmod-nf-nat, add this missing
dependency.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
6350118cc3 kernel: Make kmod-fs-f2fs depend on kmod-nls-base
Since kernel 5.4 kmod-fs-f2fs is depending on kmod-nls-base.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
a09fbd1071 kernel: Add of_touchscreen.ko to kmod-input-touchscreen-ads7846
kmod-input-touchscreen-ads7846 depends on of_touchscreen.ko since
kernel 5.4.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
c4072dba76 kernel: Remove kmod-gigaset for kernel 5.4
gigaset was moved to staging in kernel 5.4, just deactivate it on
recent kernel versions instead of adapting it.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
97a5706ea5 kernel: Add roles.ko to kmod-usb-chipidea
kmod-usb-chipidea depends on roles.ko since kernel 5.4.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
c86ede094c kernel: Make kmod-gpio-pca953x depend on kmod-regmap-i2c
In kernel 5.4 kmod-gpio-pca953x depends on kmod-regmap-i2c.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
30d31763f6 kernel: module v4l2-common.ko was removed
The content of v4l2-common.ko was merged into videodev.ko and it was
removed in kernel 5.4.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
aa39bbc2ca kernel: Adapt moved crodic.ko module
The module was moved in the kernel, adapt OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Hauke Mehrtens
c4437d4e08 kernel: Add crypto libraries to modules
In kernel 5.3 and 5.4 some crypto modules were split into two modules,
one implementing the crypto algorithm and the other integrating it
into the Linux crypto framework.

Adapt OpenWrt to support this split.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-28 17:50:46 +01:00
Koen Vandeputte
1556ed155a kernel: mode_beet mode_transport mode_tunnel xfram modules
This adds the new xfrm4_mode_beet, xfrm4_mode_transport,
xfrm4_mode_tunnel and their IPv6 versions on kernel 5.4. These modules
were newly added in kernel 5.2.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-02-28 17:50:46 +01:00
Jo-Philipp Wich
955634b473 libubox: update to latest Git HEAD
7da6643 tests: blobmsg: add test case
75e300a blobmsg: fix wrong payload len passed from blobmsg_check_array

Fixes: FS#2833
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-27 22:03:18 +01:00
Xu Wang
2299808c68 base-files: add all buildinfo with INCLUDE_CONFIG
CONFIG_INCLUDE_CONFIG option is helpful for being able to rebuild the
exact same firmware as you see on a live OpenWRT instance, but it's
crucially missing feeds information, so we can't rebuild the exact same
package versions. This commit fixes this by adding the remaining feeds
(and version) buildinfo files to the image.

Signed-off-by: Xu Wang <xwang1498@gmx.com>
2020-02-27 12:14:09 +01:00
Petr Štetiar
35890514bb ppp: backport security fixes
8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP
8d7970b8f3db pppd: Fix bounds check in EAP code
858976b1fc31 radius: Prevent buffer overflow in rc_mksid()

Signed-off-by: Petr Štetiar <ynezz@true.cz>
Fixes: CVE-2020-8597
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-26 16:38:43 +01:00
Jo-Philipp Wich
817e775319 Revert "ppp: backport security fixes"
This reverts commit 215598fd03 since it
didn't contain a reference to the CVE it addresses. The next commit
will re-add the commit including a CVE reference in its commit message.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-26 16:37:27 +01:00
Roger Pueyo Centelles
c81b2e94c7 rbextract: support devices with plain RLE caldata
Old MikroTik devices have the RLE-encoded radio calibration data
directly stored in the art (hard_config) partition, without LZO
compression nor any preceding ERD magic bytes. This commit adds
a fallback for these devices.

Tested on the ath79 target with a MikroTik SXT 5nD r2 (SXT Lite5),
only locally --not yet merged upstream--.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2020-02-26 14:46:46 +01:00
John Crispin
a1dd773272 mac80211: enhance wifi reload
If the reconf call fails force a full restart of the radio.

Signed-off-by: John Crispin <john@phrozen.org>
2020-02-25 17:03:44 +01:00
John Crispin
d3b7838ebe hostapd: enhance wifi reload
Add a radio_config_id property. If the radio config changes return an error
upon receiving the reconf call.

Signed-off-by: John Crispin <john@phrozen.org>
2020-02-25 17:01:55 +01:00
Felix Fietkau
e8fae62f64 mt76: update to the latest version
0a53dcda5203 mt76: mt7603: add upper limit for dynamic sensitivity minimum receive power
46e63c05f7d1 mt76: mt7603: enable dynamic sensitivity adjustment by default
81476f11b68c mt76: mt7615: fix antenna mask initialization in DBDC mode

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-02-25 13:36:29 +01:00
Piotr Dymacz
a422b171ac base-files: diag: restore default trigger for 'boot' LED
For devices without a dedicated 'diag' LED, we use sometimes one of
other LEDs for indicating at least 'boot', 'failsafe' and 'upgrade'
stages. In some cases, at the same time these LEDs have defined default
triggers in DTS using 'linux,default-trigger' property. Current 'diag'
setup removes the trigger and turns off 'boot' LED after bootup.

One of the examples of such device is TP-Link TL-WR841N v14 (ramips)
which uses 'wlan' LED with defined 'linux,default-trigger' for 'diag':

aliases {
        led-boot = &led_wlan;
        led-failsafe = &led_wlan;
        led-upgrade = &led_wlan;
};

[...]

led_wlan: wlan {
        label = "tl-wr841n-v14:green:wlan";
        gpios = <&gpio1 9 GPIO_ACTIVE_LOW>;
        linux,default-trigger = "phy0tpt";
};

This patch extends 'diag.sh' and 'leds.sh' scripts to make sure default
trigger defined in DTS is restored for 'diag' LED which isn't used for
indicating 'running' stage.

Acked-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-02-24 23:27:50 +01:00
Piotr Dymacz
2d113f89d2 hostapd: start hostapd/wpa_supplicant for all wiphy devices
c888e17e06 ("hostapd: manage instances via procd instead of pidfile")
added procd support for managing hostapd and wpa_supplicant daemons
but at the same time limited wiphy names to 'phy*'.

This brings back initial behaviour (introduced in 60fb4c92b6 ("hostapd:
add ubus reload") and makes procd manage daemons for any wiphy device
found in '/sys/class/ieee80211'.

CC: Felix Fietkau <nbd@nbd.name>
CC: Daniel Golle <daniel@makrotopia.org>
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-02-24 23:27:50 +01:00
Piotr Dymacz
82679ca0b9 umbim: move package to 'WWAN' submenu
'uqmi' was moved to 'WWAN' submenu in 9abdeee0b7.
Let's be consistent and do the same with 'umbim'.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2020-02-24 23:27:50 +01:00
Josef Schlehofer
8fe9daf775 mbedtls: use correct SPDX License Identifier and add License file
License "GPL-2.0+" is deprecated License Identifier according to
SPDX License list [1]. The correct one is GPL-2.0-or-later.
While at it, also add the License file.

[1] https://spdx.org/licenses/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-02-24 23:25:28 +01:00
Josef Schlehofer
36af1967f5 mbedtls: update to version 2.16.5
Changelog:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.5-and-2.7.14-released

Security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-02-24 23:25:28 +01:00
Josef Schlehofer
b55f68d553 strace: update to version 5.5
Changelog:
https://strace.io/files/5.5/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-02-24 23:25:28 +01:00
Hauke Mehrtens
806354ab53 linux-atm: Fix compile warning
The function trace_on_exit() is given to atexit() as a parameter, but
atexit() only takes a function pointer to a function with a void
parameter.

This problem was introduced when the on_exit() function was incompletely
replaced by atexit().

Fixes: ba6c8bd614 ("linux-atm: add portability fixes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-24 23:25:28 +01:00
Hauke Mehrtens
930fc09803 ath10k-ct: Use ath10k-ct version 5.4
This makes ath10k-ct use the version based on kernel 5.4 by default.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-24 23:25:28 +01:00
Hauke Mehrtens
d97b6204a2 ath10k-ct: Update to version 2020-02-18
This adds AP VLAN support.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-24 23:25:22 +01:00
Hauke Mehrtens
a9363914a3 mac80211: Allow IBSS mode and different beacon intervals
ath10k-ct supports the combination to select IBSS (ADHOC) mode and
different beacon intervals together. mac80211 does not like this
combination, but Ben says this is ok, so remove this check.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-24 23:23:46 +01:00
Hauke Mehrtens
f2fc7a62c0 rtl8812au-ct: Update to version 2020-01-12
This fixes compile problems with kernel 5.4

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-02-24 21:27:08 +01:00
Sungbo Eo
3124c9afe3 urngd: avoid PKG_NAME in define lines
> Avoid reuse of PKG_NAME in call, define and eval lines for consistency and
> readability. Write the full name instead.

Ref: https://openwrt.org/docs/guide-developer/packages

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-02-23 22:42:51 +01:00
Sungbo Eo
33ecc694d5 urandom-seed: avoid PKG_NAME in define lines
> Avoid reuse of PKG_NAME in call, define and eval lines for consistency and
> readability. Write the full name instead.

Ref: https://openwrt.org/docs/guide-developer/packages

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-02-23 22:42:36 +01:00
Sungbo Eo
e6c55d70f4 ltq-vdsl-mei: avoid underscore in package name
As 07e1d88d7b ("kernel: avoid underscore in *6lowpan package names") shows,
underscores might cause build failures. Replace underscore with dash.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-02-23 13:20:50 +01:00
Scott Roberts
34e7d31983 packages/boot: bump arm-trusted-firmware-mvebu version
The current version of ATF does not support power off for SGMII
COMPHY.  Update to latest ATF to resolve this issue.

Signed-off-by: Scott Roberts <ttocsr@gmail.com>
2020-02-22 18:21:37 +01:00
Fredrik Olofsson
9ad1ccbe15 mac80211: backport fix TID field in monitor mode transmit
Backport 753ffad3d6243303994227854d951ff5c70fa9e0 as merged in Linux v5.5-rc3.

Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
2020-02-22 16:38:41 +01:00
Daniel Engberg
f0864cb31b package/utils/f2fs-tools: Update to 1.13.0
Update f2fs-tools to 1.13.0
Remove upstreamed patches
Disable build of static library

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2020-02-22 16:38:41 +01:00
Davide Fioravanti
9003115d6f usbmode: Update modeswitch data to 20191128
Add support for new hardware

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
2020-02-22 16:38:41 +01:00
Tomasz Maciej Nowak
9c6b6abdcd kernel: replace SUBDIRS with M in package recipes
The SUBDIRS variable has been removed in kernel 5.4, and was deprecated
since the beginnig of kernel git history in favour of M or KBUILD_EXTMOD.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2020-02-22 16:38:41 +01:00
DENG Qingfang
e6cec17568 linux-firmware: update to 20200122
Update linux-firmware to 20200122

git log --pretty=oneline --abbrev-commit 20191215..20200122

1eb2408 linux-firmware: Update firmware file for Intel Bluetooth AX200
0dc1611 linux-firmware: Update firmware file for Intel Bluetooth AX201
d03f79c linux-firmware: Update firmware file for Intel Bluetooth 9560
aab62bc linux-firmware: Update firmware file for Intel Bluetooth 9260
ed0aa3a nvidia: add TU102/TU104/TU106 signed firmware
9c340bd amdgpu: update navi10 firmware for 19.50
3b4a503 amdgpu: Add navi10 TA ucode
16cc13a Merge branch 'v1.1.3' of https://github.com/ruiwang-mtk/linux_fw_vpu_v1.1.37f3177d mediatek: update MT8173 VPU firmware to v1.1.3
67d4ff5 Mellanox: Add new mlxsw_spectrum firmware xx.2000.2714
f1c9e7b radeon: update oland rlc microcode from amdgpu
b1dafb7 amdgpu: update vega20 microcode for 19.50
c38789e amdgpu: update vega12 microcode for 19.50
5a141c1 amdgpu: update vega10 microcode for 19.50
a03173a amdgpu: update picasso microcode for 19.50
86e9a5f amdgpu: update raven2 microcode for 19.50
febe09a amdgpu: update raven microcode for 19.50
af76fd0 amdgpu: update navi10 microcode for 19.50
b5b176a amdgpu: update navi14 microcode for 19.50
ad90178 amdgpu: add TA microcode for Raven asics
379551b qed: Add firmware 8.42.2.0
58b4003 Merge branch 'RB3-wlan-firmware-1387-v2' of https://github.com/andersson/linux-firmware
5967a45 Adjust WHENCE entry to check_whence doesn't complain
d1e743d Merge branch 'master' of https://github.com/NXP/mwifiex-firmware
d6219ab qcom: Switch SDM845 WLAN firmware
e65245c linux-firmware: add NXP firmware licence file
6871bff Merge branch 'ath10k-20191220' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/linux-firmware
b142c2e ath10k: WCN3990 hw1.0: add firmware WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1
8809b87 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00070
513d70c ath10k: QCA988X hw2.0: update firmware-5.bin to 10.2.4-1.0-00047
203435b ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00070
a66d2fc ath10k: QCA9887 hw1.0: update firmware-5.bin to 10.2.4-1.0-00047
6d19154 ath10k: QCA6174 hw3.0: update board-2.bin
c4586ff linux-firmware: Update AMD cpu microcode

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-02-22 16:38:41 +01:00
DENG Qingfang
b9d29b78c8 iw: update to 5.4
Update iw to 5.4
This increases the ipk size of iw-tiny/full by about 400 bytes

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-02-22 16:38:41 +01:00
Rosen Penev
499ebb791f libbsd: update to 0.10.0
Removed all upstream patches.

Added PKG_BUILD_PARALLEL for faster compilation.

Small Makefile rearrangements for consistency between packages.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-02-22 16:34:57 +01:00
Adrian Schmutzler
a5b2c6f5ed rssileds: add dependencies based on LDFLAGS
This adds the direct dependencies introduced by TARGET_LDFLAGS
to the package's DEPENDS variable.

This was found by accidentally building rssileds on octeon, which
resulted in:

"Package rssileds is missing dependencies for the following libraries:
libnl-tiny.so"

Though the dependencies are provided when building for the
relevant targets ar71xx, ath79 and ramips, it seems more tidy to
specify them explicitly.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-22 14:26:01 +01:00
Stijn Tintel
a9b5473c92 lldpd: bump to 1.0.5
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2020-02-22 10:31:28 +02:00
Felix Fietkau
3e11ddaf2e mt76: update to the latest version
f4415afce213 mt76: mt76u: loop over all possible rx queues in mt76u_rx_tasklet
5b9f949cb760 mt76: mt76u: fix a possible memory leak in mt76u_init
fd892bc033fb mt76: mt76u: rely only on data buffer for usb control messagges

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-02-20 15:06:35 +01:00
Petr Štetiar
215598fd03 ppp: backport security fixes
8d45443bb5c9 pppd: Ignore received EAP messages when not doing EAP
8d7970b8f3db pppd: Fix bounds check in EAP code
858976b1fc31 radius: Prevent buffer overflow in rc_mksid()

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-02-20 09:12:12 +01:00
Daniel Engberg
0e7d404a94 util-linux: Update to 2.35.1
Update util-linux to 2.35.1 and refresh patches.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[commit subject and description tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-02-20 09:12:12 +01:00
Felix Fietkau
69a9a08396 mt76: update to the latest version
bd0df1b017a8 mt76: avoid extra RCU synchronization on station removal
d5a5e97b67c7 mt76: mt76x2: avoid starting the MAC too early
a67e42990d8a mt76: mt7615: fix msdu_id endianness in mt7615_write_hw_txp
d3af8bd3c722 mt76: mt7615: set proper length in strncmp
9c43417db17c mt76: mt7615: fix max_nss in mt7615_eeprom_parse_hw_cap
764e1d208a06 mt76: mt7615: fix tx power reporting
1881241c7ee5 mt76: fix rounding issues on converting per-chain and combined txpower
fa14e7f33199 mt76: mt7615: rework rx phy index handling
a205ce3e3e2d mt76: mt7615: fix ext_phy flag for stations
457a93203690 mt76: mt7615: fix MT_TX_HW_QUEUE_EXT_PHY to deal with mac80211 changes
c75cf513c674 mt76: do not set HOST_BROADCAST_PS_BUFFERING for mt7615
cc56c400167c mt76: fix LED link time failure
4dbd56b86970 mt76: mt76x0u: add support to TP-Link T2UHP
e226309c4bc4 mt76: mt7615: rely on mt76_queues_read for mt7622
c6a025318075 mt76: mt76u: extend RX scatter gather number
dfc24bc504e3 mt76: mt76u: rename stat_wq in wq
2bbffd2cb37b mt76: mt7615: remove rx_mask in mt7615_eeprom_parse_hw_cap
f408a2b7566c mt76: Introduce mt76_mcu data structure
17ecf0762542 mt76: mt76x02: fix handling MCU timeouts during hw restart
284e9fd72912 mt76: mt7615: fix monitor injection of beacon frames
8f8e9161b355 mt76: fix array overflow on receiving too many fragments for a packet

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-02-19 22:12:46 +01:00
Eneas U de Queiroz
07e1d88d7b kernel: avoid underscore in *6lowpan package names
Packages kmod-bluetooth_6lowpan and kmod-ieee802154_6lowpan contain an
underscore in the package name.  This causes problems in package/install
because when building a list of package files to install offline using
opkg, it uses a wildcard of the form $(dir)/$(pkg)_*.ipk.

If you were to select kmod-bluetooth=y, but kmod-bluetooth_6lowpan=m,
the latter would be picked up by that wildcard, and make package/install
would fail:

Collected errors:
 * satisfy_dependencies_for: Cannot satisfy the following dependencies
 * for kmod-bluetooth_6lowpan:
 *      kmod-6lowpan
 * opkg_install_cmd: Cannot install package kmod-bluetooth_6lowpan.

Changing the wildcard pattern is not trivial, and there may be other
places in the build system making this assumption about the package name
format.

Using a dash in place of the underscore avoids the issue.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-02-19 22:07:40 +01:00
Russell Senior
731f7ea48a dnsmasq: fix uci-defaults script to exit 0 so it is cleaned up
A file, package/network/services/dnsmasq/files/50-dnsmasq-migrate-resolv-conf-auto.sh,
was added in commit 6a28552120, but it
does not exit in a way that tells the uci-defaults mechanism that it
succeeded, and so it is not cleaned up after running successfully. Add
an exit 0 to the end to correct that.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2020-02-19 22:02:59 +01:00
Jason A. Donenfeld
49caf9f98a wireguard: bump to 0.0.20200215
* send: cleanup skb padding calculation
* socket: remove useless synchronize_net

Sorry for the back-to-back releases. This fixes a regression spotted by Eric
Dumazet.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-15 08:57:49 +01:00
Adrian Schmutzler
7d7aa2fd92 brcm2708: rename target to bcm27xx
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.

Despite, since subtargets range from bcm2708 to bcm2711, it seems
appropriate to use bcm27xx instead of bcm2708 (again, as already done
for BOARDNAME).

This also renames the packages brcm2708-userland and brcm2708-gpu-fw.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-02-14 14:10:51 +01:00
Adrian Schmutzler
e7bfda2c24 brcm63xx: rename target to bcm63xx
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-14 14:10:51 +01:00
Adrian Schmutzler
8fe5ad5d33 brcm47xx: rename target to bcm47xx
This change makes the names of Broadcom targets consistent by using
the common notation based on SoC/CPU ID (which is used internally
anyway), bcmXXXX instead of brcmXXXX.
This is even used for target TITLE in make menuconfig already,
only the short target name used brcm so far.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-14 14:10:51 +01:00
DENG Qingfang
5715b21f80 iproute2: update to 5.5.0, enable LTO
Update iproute2 to 5.5.0
Enable LTO to save several KB of size

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-02-13 21:35:13 +01:00
Tomislav Požega
cd5dbba905 mac80211: expose chanbw support to debugfs for ath9k_htc
This will ensure the htc suffixed driver also gets created
chanbw debugfs entry.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
2020-02-13 17:45:46 +01:00
Michael Yartys
1862263883 ath10k-firmware: update ath10k-ct firmware
This supports better per-chain noise floor reporting, which in turn allows for
better RSSI reporting in the driver.

Wave-2 fixes a long-standing rate-ctrl problem when connected to xbox (and probably other devices).

Wave-2 has fix for crash likely related to rekeying.

Wave-1 has some debugging code added where a user reported a crash.

Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>  [ipq806x+qca9984,ipq4019+qca9986]
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
2020-02-13 17:45:46 +01:00
Michael Yartys
67174adc94 ath10k-ct: update to 2020-01-29
Changes:

ath10k-ct: Support better RSSI measurements.

When used with recent firmware, these changes allow the driver to
query per-chain noise-floor from the radio to better calculate the
per-chain RSSI. The per-chain RSSI is then summed to provide the
'combined RSSI'. This gives better per-chain RSSI as well as combined
RSSI, especially when running with more than 20Mhz bandwidths.

Refresh patches.

Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>  [ipq806x+qca9984,ipq4019+qca9986]
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
2020-02-13 17:45:46 +01:00
Jo-Philipp Wich
04069fde19 uhttpd: update to latest Git HEAD
2ee323c file: poke ustream after starting deferred program

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-12 18:01:13 +01:00
Kevin Darbyshire-Bryant
dba431d8ab procd: seccomp: fix resource leak
Bump to latest commit:

c30b23e seccomp: fix resource leak

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-02-11 18:54:29 +00:00
Hans Dedecker
7df120b1b0 uci: fix PKG_SOURCE_VERSION value
Fixes PKG_SOURCE_VERSION value which was wrongly set in commit f6e07c8284

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-09 21:50:59 +01:00
Jason A. Donenfeld
cb17d7aed7 wireguard-tools: bump to 1.0.20200206
* wg-quick: android: split uids into multiple commands

Newer android's ndc implementations have limits on uid size, so we have to
break these into several lists.

* man: document dynamic debug trick for Linux

This comes up occasionally, so it may be useful to mention its
possibility in the man page. At least the Arch Linux and Ubuntu kernels
support dynamic debugging, so this advice will at least help somebody. So that
you don't have to go digging into the commit, this adds this helpful tidbit
to the man page for getting debug logs on Linux:

 # modprobe wireguard && echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control

* extract-{handshakes,keys}: rework for upstream kernel

These tools will now use the source code from the running kernel instead of
from the old monolithic repo. Essential for the functioning of Wireshark.

* netlink: remove libmnl requirement

We no longer require libmnl. It turns out that inlining the small subset of
libmnl that we actually use results in a smaller binary than the overhead of
linking to the external library. And we intend to gradually morph this code
into something domain specific as a libwg emerges. Performance has also
increased, thanks to the inliner. On all platforms, wg(8) only needs a normal
libc. Compile time on my system is still less than one second. So all in all
we have: smaller binary, zero dependencies, faster performance.

Packagers should no longer have their wireguard-tools package depend on
libmnl.

* embeddable-wg-library: use newer string_list
* netlink: don't pretend that sysconf isn't a function

Small cleanups.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-09 21:25:51 +01:00
Hans Dedecker
39a49c2d6a procd: update to latest git HEAD
Fixes c0c988e179

bcb8655 instance: add 'requirejail' attribute

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-09 19:26:00 +01:00
Sungbo Eo
757715c474 kernel: move b43 install function to broadcom.mk
Most of the broadcom packaging codes were moved to broadcom.mk in commit
7f984dab1c ("mac80211: move broadcom packaging code to broadcom.mk"),
but b43/install still remained. Move it now.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-02-08 17:58:38 +01:00
Sungbo Eo
9d03eede18 kernel: fix typos in KernelPackage description
Fixes: ed2839ac41 ("kernel/modules: add kmod-pmbus-zl6100 module")
Fixes: bbcb9de935 ("Add package for gpio rotary encoder")
Fixes: 7685458982 ("package/kernel: package kmod-input-matrixkmap")
Fixes: 8bfef35385 ("kernel: rename kmod-switch-rtl8366_smi to
       kmod-switch-rtl8366-smi to avoid underscores in package names")
Fixes: f03bf608b1 ("kernel: Add dummy sound driver")
Fixes: dda5d9b786 ("ramips: rename pwm kernel module")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-02-08 17:58:38 +01:00
Jo-Philipp Wich
766e778226 hostapd: remove erroneous $(space) redefinition
The $(space) definition in the hostapd Makefile ceased to work with
GNU Make 4.3 and later, leading to syntax errors in the generated
Kconfig files.

Drop the superfluous redefinition and reuse the working $(space)
declaration from rules.mk to fix this issue.

Fixes: GH#2713
Ref: https://github.com/openwrt/openwrt/pull/2713#issuecomment-583722469
Reported-by: Karel Kočí <cynerd@email.cz>
Suggested-by: Jonas Gorski <jonas.gorski@gmail.com>
Tested-by: Shaleen Jain <shaleen@jain.sh>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-08 11:45:33 +01:00
Rafał Miłecki
aca274091a mac80211: brcm: backport remaining 5.6 kernel patches
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2020-02-06 11:36:15 +01:00
Jason A. Donenfeld
71de48bd37 wireguard: bump to 0.0.20200205
* compat: support building for RHEL-8.2
* compat: remove RHEL-7.6 workaround

Bleeding edge RHEL users should be content now (which includes the actual
RedHat employees I've been talking to about getting this into the RHEL kernel
itself). Also, we remove old hacks for versions we no longer support anyway.

* allowedips: remove previously added list item when OOM fail
* noise: reject peers with low order public keys

With this now being upstream, we benefit from increased fuzzing coverage of
the code, uncovering these two bugs.

* netns: ensure non-addition of peers with failed precomputation
* netns: tie socket waiting to target pid

An added test to our test suite for the above and a small fix for high-load CI
scenarios.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-02-05 21:56:02 +01:00
Jo-Philipp Wich
5f5ec7660c Revert "iwinfo: update to latest Git HEAD"
This reverts commit 96424c143d.

The commit changed libiwinfo's internal ABI which breaks a number of
downstream projects, including LuCI and rpcd-mod-iwinfo.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-02-05 15:31:39 +01:00
Kevin Darbyshire-Bryant
c0c988e179 procd: support 'requirejail' attribute
Bump procd package to reduce log spam related to missing jail binaries
in a non-jail capable system.

bcb8655 instance: add 'requirejail' attribute

An additional jail attribute 'requirejail' can now be used to indicate
mandatory use of a jailed environment and hence prevent process startup
in the event that the jail subsystem is unavailable.

Procd will now only log errors if jail is unavailable and 1) is a mandatory
requirement or 2) a procd debug level of at least 2 is in use.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-02-04 21:51:11 +00:00
David Bauer
96424c143d iwinfo: update to latest Git HEAD
eba5a20 iwinfo: add device id for BCM43602
a6914dc iwinfo: add BSS load element to scan result
bb21698 iwinfo: add device id for Atheros AR9287
7483398 iwinfo: add device id for MediaTek MT7615E

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-02-04 20:14:47 +01:00
Álvaro Fernández Rojas
953973c299 brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-02-04 19:02:20 +01:00
Michal Cieslakiewicz
a09408fa57 uboot-envtools: ath79: add Netgear WNDR3700v2
Add Netgear WNDR3700v2 to the list of supported boards.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
[rebase, adjusted commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-02-04 12:23:48 +01:00
John Crispin
df773ead9a bcm4xxx: fix iwinfo behaviour
Signed-off-by: John Crispin <john@phrozen.org>
2020-02-04 07:48:09 +01:00
Felix Fietkau
8216766ad9 mt76: update to the latest version
8f33a1e936fd mt76: mt7615: report firmware log event messages
43db699b1ad8 mt76: mt7615: increment the MAC address of the secondary PHY (DBDC)
161d1c73c62a mt7615: use local MAC address for the second PHY
9453dbe921b9 mt76: set dma-done flag for flushed descriptors
65745c5ac503 mt76: fix handling full tx queues in mt76_dma_tx_queue_skb_raw
14f37f8d86eb mt76: dma: do not write cpu_idx on rx queue reset until after refill
99ce68625473 mt76: mt7603: increase dma mcu rx ring size
62c447e2c75f mt76: enable Airtime Queue Limit support
1c258940d818 mt76: mt7615: report TSF information
2d22ef618712 mt76: mt7615: add per-phy mib statistics
8d690f3bfbc4 mt76: mt7615: add a get_stats() callback
b06177ce387c mt76: move dev_irq tracepoint in mt76 module
5ac9889c33f1 mt76: move mac_txdone tracepoint in mt76 module
7801ebd775e3 mt76: mt7615: add tracing support
fd877a17cc0a mt76: mt76x2: get rid of leftover target
039471502578 mt76: mt7615: initialize radar specs from host driver
b208305e6275 mt76: mt7615: fix endianness in mt7615_mcu_set_eeprom
fd1fa6860666 mt76: move WIPHY_FLAG_HAS_CHANNEL_SWITCH in mt76_phy_init
c94afbe3d70a mt76: mt7615: remove leftover routine declaration
29fec3a9b0b4 mt76: rely on mac80211 utility routines to compute airtime
2bb518752b3f mt76: mt76x02u: avoid overwrite max_tx_fragments
a0f1ff0473b5 mt76: mt76u: check tx_status_data pointer in mt76u_tx_tasklet
a5dca118bf40 mt76: mt76u: add mt76u_process_rx_queue utility routine
06caaf0d33b4 mt76: mt76u: add mt76_queue to mt76u_get_next_rx_entry signature
cf8e2590e46b mt76: mt76u: add mt76_queue to mt76u_refill_rx signature
0077b30ce2c8 mt76: mt76u: use mt76_queue as mt76u_complete_rx context
06d466b86981 mt76: mt76u: add queue id parameter to mt76u_submit_rx_buffers
580ddd175eee mt76: mt76u: move mcu buffer allocation in mt76x02u drivers
acc227e14d95 mt76: mt76u: introduce mt76u_free_rx_queue utility routine
aa28404bf287 mt76: mt76u: stop/free all possible rx queues
885fe4a29bb9 mt76: mt76u: add mt76u_alloc_rx_queue utility routine
c85dec848303 mt76: mt76u: add queue parameter to mt76u_rx_urb_alloc
ca7991699109 mt76: mt76u: resume all rx queue in mt76u_resume_rx
e2a39697fb0a mt76: mt76u: introduce mt76u_alloc_mcu_queue utility routine
39fb59ce927b mt76: mt76u: add {read/write}_extended utility routines
8c6cf328eb1f mt76: mt76u: take into account different queue mapping for 7663
e742618fc5ce mt76: mt76u: introduce mt76u_skb_dma_info routine
23b3328e52fe mt76: mt76u: add endpoint to mt76u_bulk_msg signature
82bedb294534 mt76: mt76u: introduce MT_DRV_RX_DMA_HDR flag
2db2bab099d0 firmware: update mt7615 N9 firmware to 20200107155603
60e27689603d firmware: update MT7615 CR4 firmware to 20190121161307
d15a4bbb3f69 mt76: mt7615: add __aligned(4) to txp structs
1c4ff4f2dc7f mt76: mt7615: move mmio related code from pci.c to mmio.c
51b1eb7a4902 mt76: mt7615: split up firmware loading functions
f84b590b6454 mt76: mt7615: store N9 firmware version instead of CR4
92bafd4b1bfc mt76: mt7615: fix MT_INT_TX_DONE_ALL definition for MT7622
13a4269a1bfa mt76: mt7615: add dma and tx queue initialization for MT7622
ab94a85efb18 mt76: mt7615: add eeprom support for MT7622
f0b02d8115b0 mt76: mt7615: add calibration free support for MT7622
fd3ae9a342ae mt76: mt7615: disable 5 GHz on MT7622
80d3681b404d mt76: mt7615: implement probing and firmware loading on MT7622
79808e62324e mt76: mt7615: implement DMA support for MT7622
bddcbb25cd0e mt76: mt7615: decrease rx ring size for MT7622
6cd5c381eaee mt76: mt7615: disable DBDC on MT7622
f66b480434e9 mt76: mt7615: add Kconfig entry for MT7622
68f38eea39b5 firmware: add firmware for MT7622 built-in WiFi
7882bbd25c38 mt76: mt7615: fix and rework tx power handling
0f06914acfb4 mt76: mt7615: implement hardware reset support
db97358df47e mt76: mt7615: add support for testing hardware reset
b9d9f91b1522 mt76: mt7615: fix adding active monitor interfaces
fd216cb5b2f9 mt76: mt7615: fix monitor mode on second PHY
269de7c22957 firmware: fix version number for upcoming mt7615 mcu v2 support patches
9f8c6c4a20b4 mt76: mt7615: simplify mcu_set_bmc flow
ff32af25f83e mt76: mt7615: simplify mcu_set_sta flow
f16433cd7889 mt76: mt7615: add a helper to encapsulate sta_rec operation
77b9d8586307 mt76: mt7615: add starec operating flow for firmware v2
170b21f9ec78 mt76: mt7615: use new tag sta_rec_wtbl
648ce1aaa493 mt76: mt7615: switch mt7615_mcu_set_tx_ba to v2 format
721673759d82 mt76: mt7615: switch mt7615_mcu_set_rx_ba to v2 format

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-02-02 20:20:20 +01:00
Hans Dedecker
f6e07c8284 uci: update to version 2020-01-27
e8d8373 file: fix segfault in uci_parse_option
aa5e77a file: fix segfault in uci_parse_config

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-02-02 18:59:43 +01:00
Daniel Golle
2699ccd084 kernel: hwmon: package mcp3021 module
Package kernel module for Linear Technology MCP3021/3221 I2C connected
current and voltage monitor chips.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-02-02 17:49:20 +02:00
Álvaro Fernández Rojas
ffbb8ed5a2 cypress-firmware: update to v4.14.77-2020_0115
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2020-02-01 10:59:51 +01:00
Kevin Darbyshire-Bryant
e481df07fa iptables: set-dscpmark follow upstreamimg attempt
I'm having another attempt at trying to getting the 'store dscp into
conntrack connmark' functionality into upstream kernel, since the
restore function (act_ctinfo) has been accepted.

The syntax has changed from 'savedscp' to 'set-dscpmark' since that
conforms more closely with existing functionality.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-01-31 20:21:43 +00:00
Jo-Philipp Wich
c69c20c667 opkg: update to latest Git HEAD
80d161e opkg: Fix -Wformat-overflow warning
c09fe20 libopkg: fix skipping of leading whitespace when parsing checksums

Fixes: CVE-2020-7982
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-29 17:00:53 +01:00
Felix Fietkau
b3e86cbb4f hostapd: add back support for passing CSA events from sta/mesh to AP interfaces
Fixes handling CSA when using AP+STA or AP+Mesh
This change was accidentally dropped in commit 167028b75
("hostapd: Update to version 2.9 (2019-08-08)")

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-29 12:25:10 +01:00
Felix Fietkau
ea5078014d mac80211: backport airtime queue limits support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-29 12:24:57 +01:00
Felix Fietkau
e0ab33ea49 mac80211: backport fix for an no-ack tx status issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-29 12:24:57 +01:00
Jason A. Donenfeld
c2859bf126 wireguard: bump to 0.0.20200128
This fixes a few small oversights for the 5.5 compat layer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-28 22:33:40 +01:00
Felix Fietkau
03e9e4ba9e hostapd: unconditionally enable ap/mesh for wpa-cli
Without this change, wpa-cli features depend on which wpad build variant was
used to build the wpa-cli package

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-28 14:38:43 +01:00
Adrian Schmutzler
9e0aab44b6 kernel: use older kernel for explicitly setting dependencies
It is generally more desirable to use older kernel versions for
dependencies, as this will require less changes when newer kernels
are added (they will by default select the newer packages).

Since we currently only have two kernels (4.14 and 4.19) in master,
this patch applies this logic by converting all LINUX_4_19 symbols
to their inverted LINUX_4_14 equivalents.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-26 22:07:48 +01:00
Sven Roederer
3519bf4976 hostapd: remove some bashisms
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
[remove shebang, slightly facelift commit title/message]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-26 22:03:00 +01:00
Sven Roederer
bad59fd51b 6in4/6in4.sh: remove some bashism (usage of [[)
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-01-26 22:02:51 +01:00
Sven Roederer
bc357aaa2b netifd/config.sh: remove some bashism (usage of [[)
"[[" is a bash extension for test. As the ash-implementation is not
fully compatible we drop its usage.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2020-01-26 22:02:39 +01:00
Sven Roederer
0fecc997f8 base-files: remove some bashisms
"[[" is a bash extension for test. As the ash-implementation is
not fully compatible we drop its usage.
Also change to "=" for simple test, which is sufficient. (see d6ac8ca76c)

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
[split patch, removed shebang]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-26 21:51:24 +01:00
Martin Schiller
996f02e5ba lantiq: ltq-ptm: vr9: fix skb handling in ptm_hard_start_xmit()
Call skb_orphan(skb) to call the owner's destructor function and make
the skb unowned.

This is necessary to prevent sk_wmem_alloc of a socket from overflowing,
which leads to ENOBUFS errors on application level.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2020-01-26 18:38:17 +01:00
Magnus Kroken
6e96fd9047 mbedtls: update to 2.16.4
Fixes side channel vulnerabilities in mbed TLS' implementation of ECDSA.

Release announcement:
https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.4-and-2.7.13-released

Security advisory:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12

Fixes:
 * CVE-2019-18222: Side channel attack on ECDSA

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2020-01-26 15:07:59 +01:00
Christian Lamparter
a59f1ec30f ipq-wifi: drop deprecated .bin support
This patch converts the Qxwlan E2600AC image away from
the deprecated .bin file and to the new .qca4019 method.

As a result, we no longer need to carry around the
legacy support for handling .bin files.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-26 01:20:46 +01:00
Yen-Ting-Shen
51f3035978 ipq40xx: add support for EnGenius EMD1
SOC:     IPQ4018 / QCA Dakota
CPU:     Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:    256 MiB
NOR:     32 MiB
ETH:     Qualcomm Atheros QCA8072 (1 port)
WLAN1:   Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:   Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:   RESET Button
LEDS:    White, Blue, Red, Orange

Flash instruction:

From EnGenius firmware to OpenWrt firmware:

In Firmware Upgrade page, upgrade your openwrt-ipq40xx-generic-engenius_emd1-squashfs-factory.bin directly.

From OpenWrt firmware to EnGenius firmware:

1. Setup a TFTP server on your computer and configure static IP to 192.168.99.8
   Put the EnGenius firmware in the TFTP server directory on your computer.
2. Power up EMD1. Press 4 and then press any key to enter u-boot.
3. Download EnGenius firmware
   (IPQ40xx) # tftpboot 0x84000000 openwrt-ipq40xx-emd1-nor-fw-s.img
4. Flash the firmware
   (IPQ40xx) # imgaddr=0x84000000 && source 0x84000000:script
5. Reboot
   (IPQ40xx) # reset

Signed-off-by: Yen-Ting-Shen <frank.shen@senao.com>
[removed BOARD_NAME]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-26 01:20:45 +01:00
Fredrik Olofsson
52b8c7a892 ipq40xx: Add support for D-Link DAP-2610
Specifications
==============
- SOC: IPQ4018
- RAM: DDR3 256MB
- Flash: SPI NOR 16MB
- WiFi:
    - 2.4GHz: IPQ4018, 2x2, front end SKY85303-11
    - 5GHz: IPQ4018, 2x2, front end SKY85717-21
- Ethernet: 1x 10/100/1000Mbps, POE 802.3af
- PHY: QCA8072
- UART: GND, blocked, 3.3V, RX, TX / 115200 8N1
- LED: 1x red / green
- Button: 1x reset / factory default
- U-Boot bootloader with tftp and "emergency web server" accessible
  using serial port.

Installation
============
Flash factory image from D-Link web UI. Constraints in the D-Link web UI
makes the factory image unnecessarily large. Flash again using
sysupgrade from inside OpenWrt to reclaim some flash space.

Return to stock D-Link firmware
===============================
Partition layout is preserved, and it is possible to return to the stock
firmware simply by downloading it from D-Link and writing it to the
firmware partition.

    # mtd -r write dap2610-firmware.bin firmware

Quirks
======
To be flashable from the D-Link http server, the firmware must be larger
then 6MB, and the size in the firmware header must match the actual file
size. Also, the boot loader verifies the checksum of the firmware before
each boot, thus the jffs2 must be after the checksum covered part. This
is solved in the factory image by having the rootfs at the very end of
the image (without pad-rootfs).

The sysupgrade image which does not have to be flashable from the D-Link
web UI may be smaller, and the checksum in the firmware header only
covers the kernel part of the image.

Signed-off-by: Fredrik Olofsson <fredrik.olofsson@anyfinetworks.com>
[added WRGG Variables to DEVICE_VARS, squashed spi pinconf/mux,
added emd1's gmac0 config,fix dtc warnings]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-26 01:20:45 +01:00
Jason A. Donenfeld
4576a753f2 wireguard-tools: bump to 1.0.20200121
* Makefile: remove pwd from compile output
* Makefile: add standard 'all' target
* Makefile: evaluate git version lazily

Quality of life improvements for packagers.

* ipc: simplify inflatable buffer and add fuzzer
* fuzz: add generic command argument fuzzer
* fuzz: add set and setconf fuzzers

More fuzzers and a slicker string list implementation. These fuzzers now find
themselves configuring wireguard interfaces from scratch after several million
mutations, which is fun to watch.

* netlink: make sure to clear return value when trying again

Prior, if a dump was interrupted by a concurrent set operation, we'd try
again, but forget to reset an error flag, so we'd keep trying again forever.
Now we do the right thing and succeed when we succeed.

* Makefile: sort inputs to linker so that build is reproducible

Earlier versions of make(1) passed GLOB_NOSORT to glob(3), resulting in the
linker receiving its inputs in a filesystem-dependent order. This screwed up
reproducible builds.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-24 08:21:04 +01:00
Jason A. Donenfeld
ec13b34118 wireguard: bump to 0.0.20200121
* Makefile: strip prefixed v from version.h

This fixes a mistake in dmesg output and when parsing the sysfs entry in the
filesystem.

* device: skb_list_walk_safe moved upstream

This is a 5.6 change, which we won't support here, but it does make the code
cleaner, so we make this change to keep things in sync.

* curve25519: x86_64: replace with formally verified implementation

This comes from INRIA's HACL*/Vale. It implements the same algorithm and
implementation strategy as the code it replaces, only this code has been
formally verified, sans the base point multiplication, which uses code
similar to prior, only it uses the formally verified field arithmetic
alongside reproducable ladder generation steps. This doesn't have a
pure-bmi2 version, which means haswell no longer benefits, but the
increased (doubled) code complexity is not worth it for a single
generation of chips that's already old.

Performance-wise, this is around 1% slower on older microarchitectures,
and slightly faster on newer microarchitectures, mainly 10nm ones or
backports of 10nm to 14nm. This implementation is "everest" below:

Xeon E5-2680 v4 (Broadwell)

armfazh: 133340 cycles per call
everest: 133436 cycles per call

Xeon Gold 5120 (Sky Lake Server)

armfazh: 112636 cycles per call
everest: 113906 cycles per call

Core i5-6300U (Sky Lake Client)

armfazh: 116810 cycles per call
everest: 117916 cycles per call

Core i7-7600U (Kaby Lake)

armfazh: 119523 cycles per call
everest: 119040 cycles per call

Core i7-8750H (Coffee Lake)

armfazh: 113914 cycles per call
everest: 113650 cycles per call

Core i9-9880H (Coffee Lake Refresh)

armfazh: 112616 cycles per call
everest: 114082 cycles per call

Core i3-8121U (Cannon Lake)

armfazh: 113202 cycles per call
everest: 111382 cycles per call

Core i7-8265U (Whiskey Lake)

armfazh: 127307 cycles per call
everest: 127697 cycles per call

Core i7-8550U (Kaby Lake Refresh)

armfazh: 127522 cycles per call
everest: 127083 cycles per call

Xeon Platinum 8275CL (Cascade Lake)

armfazh: 114380 cycles per call
everest: 114656 cycles per call

Achieving these kind of results with formally verified code is quite
remarkable, especialy considering that performance is favorable for
newer chips.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-24 08:21:04 +01:00
DENG Qingfang
2d758129ca ath10k-firmware: fix mirror hash
Fix PKG_MIRROR_HASH hash mismatch.

Fixes: 641a93f0f2 ("ath10k-firmware: update wave 1 firmware to 10.2.4-1.0-00047")
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-24 08:21:04 +01:00
Petr Štetiar
76bbe4b960 procd: update to version 2020-01-24
00aafc4f439e procd: show process's exit code
856b5f8be046 state: fix reboot causing shutdown inside LXC container
b44417c20c7f instance: provide error feedback if ujail binary is missing

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-24 08:21:04 +01:00
Roger Pueyo Centelles
7d39946ea0 rbextract: support devices directly showing ERD magic
Older ath79-based MikroTik devices have the ERD calibration data
compressed and stored different to newer IPQ40xx ones. This commit
adds support for these former ones.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-23 15:28:03 +01:00
Roger Pueyo Centelles
ba730d61af rbextract: add package
This utility extracts the radio calibration data, as well as other
board-related information (model, serial number, etc.), from MikroTik
Routerboard devices' flash.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-23 15:28:02 +01:00
Roger Pueyo Centelles
51526bcf1e rbcfg: make package available for ath79
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2020-01-23 15:28:02 +01:00
Felix Fietkau
c07f6e8659 hostapd: fix faulty WMM IE parameters with ETSI regulatory domains
hostapd sets minimum values for CWmin/CWmax/AIFS and maximum for TXOP.
The code for applying those values had a few bugs leading to bogus values,
which caused significant latency and packet loss.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-23 14:53:13 +01:00
Kimmo Vuorinen
a8723c48ad uboot-envtools: ath79: add support for glinet,gl-ar150
Add ubootenv uci config for GL.inet GL-AR150

Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-23 14:08:24 +01:00
Kimmo Vuorinen
dc6dfaac80 uboot-envtools: ar71xx: add support for gl-ar150/-domino/-mifi
Add ubootenv uci config for gl-ar150, gl-domino and gl-mifi

Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
[commit message/title facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-23 14:04:50 +01:00
Daniel Golle
3d6c571083 mac80211: add support for wds_bridge hostapd feature
hostapd allows putting WDS (4addr mode) clients into a separate bridge
other than the bridge regular (3addr mode) clients end up in. This is
useful for example giving WDS clients access to several VLANs
(trunking) while regular clients will end up inside a specific VLAN.

Add 'wds_bridge' config parameter for wifi-iface which contains the
name of the bridge. hostapd-mini already supports this feature, so all
needed is to add the UCI wrapping in mac80211.sh.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-22 14:22:17 +02:00
Russell King
a1358fc7ae kernel: add SFP support for Methode DM7052 NBASE-T module
Add support for Methode DM7052 NBASE-T module to OpenWRT. These
patches are taken from my "phy" branch, and will be sent for the
next kernel merge window.

Signed-off-by: Russell King <linux@armlinux.org.uk>
[jonas.gorski: move patches to pending, refresh patches]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2020-01-21 22:32:48 +01:00
Jan Pavlinec
2982997f1b curl: update to version 7.68.0 (security fix)
Fixes
CVE-2019-15601

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-01-21 22:17:53 +01:00
Petr Štetiar
0f81a0979c fstools: update to version 2020-01-21
deb745f82b93 Revert "fstools: Add support to read-only MTD partitions (eg. recovery images)"

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-21 17:25:56 +01:00
Petr Štetiar
3d8edd9bb4 urngd: update to version 2020-01-21
c7f7b6b65b82 Tag version 1.0.2
236b7a0aef21 Fix blocked entropy generation

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-21 17:16:01 +01:00
Daniel Golle
97a03a4760 procd: update to latest git HEAD
58c12f7 jail: add basic support for network namespaces
 ba69639 jail: create resolv.conf symlink for netns jails
 81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/

Add new 'netns' flag for procd_add_jail to make ujail setup a new
network namespace for the jailed service.
See previous netifd commit for example configuration for netns jailed
service.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-21 12:52:12 +02:00
Daniel Golle
e4ce8f59f5 netifd: add basic support for jail network namespaces
Prepare netifd for handling procd service jails having their own
network namespace.
Intefaces having the jail attribute will only be brought up inside the
jail's network namespace by procd calling the newly introduced ubus
method 'netns_updown'.
Currently proto 'static' is supported and configuration changes are
not yet being handled (ie. you'll have to restart the jailed service
for changes to take effect).

Example /etc/config/network snippet:
config device 'veth0'
    option type 'veth'
    option name 'vhost0'
    option peer_name 'virt0'

config interface 'virt'
    option type 'bridge'
    list ifname 'vhost0'
    option proto 'static'
    option ipaddr '10.0.0.1'
    option netmask '255.255.255.0'

config interface 'virt0'
    option ifname 'virt0'
    option proto 'static'
    option ipaddr '10.0.0.2'
    option netmask '255.255.255.0'
    option gateway '10.0.0.1'
    option dns '10.0.0.1'
    option jail 'transmission'

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-21 10:25:27 +02:00
Petr Štetiar
5c73bb12c8 libubox: update to version 2020-01-20
43a103ff17ee blobmsg: blobmsg_parse and blobmsg_parse_array oob read fixes
 5c0faaf4f5e2 tests: prefer dynamically allocated buffers
 1ffa41535369 blobmsg_json: prefer snprintf usage
 132ecb563da7 blobmsg: blobmsg_vprintf: prefer vsnprintf
 a2aab30fc918 jshn: prefer snprintf usage
 b0886a37f39a cmake: add a possibility to set library version
 a36ee96618a9 blobmsg: blobmsg_add_json_element() 64-bit values
 f0da3a4283b7 blobmsg_json: fix int16 serialization
 20a070f08139 tests: blobmsg/json: add more test cases
 379cd33d1992 tests: include json script shunit2 based testing

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-20 20:57:21 +01:00
Petr Štetiar
63000bfaf7 fstools: update to version 2020-01-18
f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images)
 189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-20 20:57:21 +01:00
Sungbo Eo
c26b687e31 kernel: remove further obsolete kernel version switches
Most of the kernel version switches below 4.14 were removed in commit
97940f8766 ("kernel: remove obsolete kernel version switches"),
but some of them still remained. Remove them now.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-01-18 19:39:05 +01:00
Rosen Penev
8df14c229c base-files/functions.sh: use grep -q instead of []
It's cleaner and faster as it does not need to do extra work.

Also removed $() to avoid executing the output. The shell can handle it.

https://github.com/koalaman/shellcheck/wiki/SC2143

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[correct || to && for one conversion]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-18 00:24:06 +01:00
Rosen Penev
d4009d7985 base-files/system.sh: remove $ in $(())
Not needed.

https://github.com/koalaman/shellcheck/wiki/Sc2004

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev
fb56573dc4 base-files/functions.sh: use && instead of -a
-a is not well defined.

https://github.com/koalaman/shellcheck/wiki/SC2166

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev
b8e17aefea base-files/functions.sh: remove useless cat
The cut command can take a file as an input.

https://github.com/koalaman/shellcheck/wiki/SC2002

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev
cba5fa0352 base-files/functions.sh: don't use $var in $(())
It's not needed. It can also lead to subtle bugs.

https://github.com/koalaman/shellcheck/wiki/Sc2004

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:35 +01:00
Stijn Tintel
1322190fd3 libcxx: fix build for x86/64
When building libcxx for x86/64, the library is installed in /usr/lib64.
As the install section tries to copy the library from /usr/lib, this
breaks build on x86/64. Override the lib dir suffix to fix this.

Fixes: 856ea2bad3 ("libcxx: Add package")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 00:42:49 +02:00
Hans Dedecker
f0c0f92ce4 odhcpd: update to version 2020-01-14
6db312a dhcpv6-ia: use dhcp leasetime to set preferred/valid statefull lifetimes
2520c48 dhcpv6-ia: introduce DHCPv6 pd and ia assignments flags
b413d8a dhcpv6-ia: cleanup prefix delegation routes
b0902af dhcpv6-ia: remove passing interface as parameter to apply_lease

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-01-16 21:53:17 +01:00
David Lam
a5f3648a1c hostapd: add support for system cert bundle validation
Currently, it is very cumbersome for a user to connect to a WPA-Enterprise
based network securely because the RADIUS server's CA certificate must first be
extracted from the EAPOL handshake using tcpdump or other methods before it can
be pinned using the ca_cert(2) fields. To make this process easier and more
secure (combined with changes in openwrt/openwrt#2654), this commit adds
support for validating against the built-in CA bundle when the ca-bundle
package is installed. Related LuCI changes in openwrt/luci#3513.

Signed-off-by: David Lam <david@thedavid.net>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16 12:08:18 +01:00
Daniel Golle
702c70264b hostapd: cleanup IBSS-RSN
set noscan also for IBSS and remove redundant/obsolete variable.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-16 10:26:21 +02:00
Andrea Dalla Costa
5adca1cf2a uboot-oxnas: fix memory leak in tool mkox820crc
In function `main` add calls to `free` for the variable `executable`.
This is needed because the variable `executable` is allocated but
never freed. This cause a memory leak.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-15 23:15:19 +01:00
John Crispin
a3dd95ef63 dropbear: fix compile error
Fixes: 0da193ee69 ("dropbear: move failsafe code out of base-files")
Signed-off-by: John Crispin <john@phrozen.org>
2020-01-15 21:31:12 +01:00
Florian Eckert
7151054abd wireguard: skip peer config if public key of the peer is not defined
If a config section of a peer does not have a public key defined, the
whole interface does not start. The following log is shown

daemon.notice netifd: test (21071): Line unrecognized: `PublicKey='
daemon.notice netifd: test (21071): Configuration parsing erro

The command 'wg show' does only show the interface name.

With this change we skip the peer for this interface and emit a log
message. So the other peers get configured.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-15 21:19:01 +01:00
John Crispin
d9cfa827ac busybox: fix build issues
Fixes: f704f97e4c ("busybox: Include hdparm by default on nas type device")
Signed-off-by: John Crispin <john@phrozen.org>
2020-01-15 21:17:47 +01:00
Michal Cieslakiewicz
a736f39432 ath79: add support for Netgear WNDR4500 v3
This patch introduces support for Netgear WNDR4500v3. Router
is very similar to WNDR4300v2 and is based on the same PCB.

Information gathered from various Internet sources (including
https://patchwork.ozlabs.org/patch/809227/) shows following
differences to WNDR4300v2:

 * two USB 2.0 ports with separate LEDs
 * USB LEDs soldered to secondary pads
 * WPS and RFKILL buttons soldered to secondary pads
 * described as N900 device with 3x3:3 MIMO for 2.4GHz radio
 * power supply requirement is DC 12V 2.5A
 * vendor HW ID suffix differs in one digit
 * bigger chassis

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-01-15 20:56:05 +01:00
Michal Cieslakiewicz
37a36a588a ath79: add support for Netgear WNDR4300 v2
This patch introduces support for Netgear WNDR4300v2.

Specification
=============
  * Description: Netgear WNDR4300 v2
  * Loader: U-boot
  * SOC: Qualcomm Atheros QCA9563 (775 MHz)
  * RAM: 128 MiB
  * Flash: 2 MiB SPI-NOR + 128 MiB SPI-NAND
	- NOR: U-boot binary: 256 KiB
	- NOR: U-boot environment: 64 KiB
	- NOR: ART Backup: 64 KiB
 	- NOR: Config: 64 KiB
	- NOR: Traffic Meter: 64 KiB
	- NOR: POT: 64 KiB
	- NOR: Reserved: 1408 KiB
	- NOR: ART: 64 KiB
	- NAND: Firmware: 25600 KiB (see notes for OpenWrt)
	- NAND: Language: 2048 KiB
	- NAND: mtdoops Crash Dump: 128 KiB
	- NAND: Reserved: 103296 KiB
  * Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8337)
  * Wireless:
	- 2.4 GHz b/g/n (internal)
	- 5 GHz a/n (AR9580)
  * USB: yes, 1 x USB 2.0
  * Buttons:
	- Reset
	- WiFi (rfkill)
	- WPS
  * LEDs:
	- Power (amber/green)
	- WAN (amber/green)
	- WLAN 2G (green)
	- WLAN 5G (blue)
	- 4 x LAN (amber/green)
	- USB (green)
	- WPS (green)
  * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
  * Power supply: DC 12V 1.5A
  * MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2

Important Notes
===============
0. NOR Flash (2 MiB) is not touched by OpenWrt installation.
1. NAND Flash (128 MiB) layout under OpenWrt is changed as follows:
   all space is split between 4 MiB kernel and 124 MiB UBI areas;
   vendor partitions (language and mtdoops) are removed; kernel space
   size can be further expanded if needed; maximum image size is set
   to 25600k for compatibility reasons and can also be increased.
2. CPU clock is 775 MHz, not 750 MHz.
3. 5 GHz wireless radio chip is Atheros AR9580-AR1A with bogus PCI
   device ID 0xabcd. For ath9k driver to load successfully, this is
   overriden in DTS with correct value for this chip, 0x0033.
4. RFKILL button is wired to AR9580 pin 9 which is normally disabled
   by chip definition in ath9k code (0x0000F4FF gpio mask). Therefore
   'qca,gpio-mask=<0xf6ff>' hack must be used for button to work
   properly.
5. USB port is always on, no GPIO for 5V power control has been
   identified.

Installation
============
  * TFTP recovery
  * TFTP via U-boot prompt
  * sysupgrade
  * Web interface

Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_nand=y
CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr4300-v2=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-01-15 20:55:56 +01:00
Michal Cieslakiewicz
4a0a1fc91c mac80211: ath9k: add GPIO mask dts property
This patch adds 'qca,gpio-mask=<u32>' device tree property to ath9k node.
This optional setting is a hack and should only be used in very special
(and rare) cases when a button or LED is wired to a GPIO pin normally
masked out (due to being one-way etc). Netgear WNDR4300 v2 is one such
example - it uses GPI9 for RFKILL.

See ath9k/reg.h *_GPIO_MASK constants.

Use with caution and expect to see stream of kernel warnings if wrong
mask value is provided.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-01-15 20:55:31 +01:00
Maxim Storchak
5f07b6f367 zram-swap: support swap priority
If zram-backed swap is added after an existing swap, it gets a lower
priority. Assiming that usually all other swaps are slower, there should
be a way to assign a higher priority to zram swap.

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2020-01-15 20:49:00 +01:00
Rosen Penev
475a504dbc perf: Add libunwind only if selected
The depends are totally wrong. libunwind does not work with powerpc and
i386 as it needs glibc.

Instead of duplicating the platforms, just change the dependency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-15 20:34:16 +01:00
Florian Eckert
ee2014e680 uhttpd: add enable instance option
With this change it is now possible to switch off single instances of
the uhttpd config. Until now it was only possible to switch all
instances of uhttpd on or off.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-15 20:16:42 +01:00
Kyle Copperfield
0fcb4a3981 hostapd: add wpa_strict_rekey support
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Rekey GTK on STA disassociate

Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2020-01-15 20:13:49 +01:00
Kyle Copperfield
30c64825c7 hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_required
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Allows dtim_period to be configurable, the default is from hostapd.
Adds additional regulatory tunables for power constraint and spectrum
managment.

Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2020-01-15 20:13:44 +01:00
Kyle Copperfield
0da193ee69 dropbear: move failsafe code out of base-files
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Failsafe code of dropbear should be in the dropbear package not the
base-files package.

Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2020-01-15 20:04:06 +01:00
Linus Walleij
f704f97e4c busybox: Include hdparm by default on nas type device
NAS devices certainly need to have hdparm to configure
things like spin-down time or their disks will be
constantly spinning. Just catenate CONFIG_HDPARM=y
on these configs.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2020-01-15 19:57:27 +01:00
Eneas U de Queiroz
9b25f833eb cryptodev-linux: remove DEFAULT redefinition
The 'DEFAULT:=m if ALL' line prevents the phase1 buildbots from building
the package, and users from downloading it, since they use 'ALL_KMODS=y'
but 'ALL' is not set.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-01-15 19:31:08 +01:00
Felix Fietkau
866790fd82 mac80211: fix MAC address allocations if the local bit is set on the base addr
If it's set, don't subtract 1 from the interface index encoded into the first
byte of the address

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-15 15:36:26 +01:00
Jo-Philipp Wich
b070101c50 valgrind: do not strip internal preload libraries and executables
Implement the suggestions laid out in README_PACKAGERS, mainly by preventing
the stripping of the internal vgpreload*.so libraries.

Also retain the symbol information of valgrind's private helper executables
and enable LTO as suggested in the packagers readme.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-14 17:52:34 +01:00
Xu Wang
44304c1d67 base-files: fix build for /sbin/pkg_check
Setting CONFIG_IPK_FILES_CHECKSUMS=y causes sha256 checksum files to be
included with the packages to check for corruption. This commit fixes two
issues:
- /sbin/pkg_check was being removed incorrectly if IPK_FILES_CHECKSUMS=y
- checksums were being saved in the wrong file

Signed-off-by: Xu Wang <xwang1498@gmx.com>
2020-01-14 17:52:34 +01:00
David Lam
22b07ff73e hostapd: add support for subject validation
The wpa_supplicant supports certificate subject validation via the
subject match(2) and altsubject_match(2) fields. domain_match(2) and
domain_suffix_match(2) fields are also supported for advanced matches.
This validation is especially important when connecting to access
points that use PAP as the Phase 2 authentication type. Without proper
validation, the user's password can be transmitted to a rogue access
point in plaintext without the user's knowledge. Most organizations
already require these attributes to be included to ensure that the
connection from the STA and the AP is secure. Includes LuCI changes via
openwrt/luci#3444.

From the documentation:

subject_match - Constraint for server certificate subject. This substring
is matched against the subject of the authentication server certificate.
If this string is set, the server sertificate is only accepted if it
contains this string in the subject. The subject string is in following
format: /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as
.example.com

subject_match2 - Constraint for server certificate subject. This field is
like subject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST
tunnel) authentication.

altsubject_match - Constraint for server certificate alt. subject.
Semicolon separated string of entries to be matched against the
alternative subject name of the authentication server certificate. If
this string is set, the server sertificate is only accepted if it
contains one of the entries in an alternative subject name extension.
altSubjectName string is in following format: TYPE:VALUE Example:
EMAIL:server@example.com Example:
DNS:server.example.com;DNS:server2.example.com Following types are
supported: EMAIL, DNS, URI

altsubject_match2 - Constraint for server certificate alt. subject. This
field is like altsubject_match, but used for phase 2 (inside
EAP-TTLS/PEAP/FAST tunnel) authentication.

domain_match - Constraint for server domain name. If set, this FQDN is
used as a full match requirement for the
server certificate in SubjectAltName dNSName element(s). If a
matching dNSName is found, this constraint is met. If no dNSName
values are present, this constraint is matched against SubjectName CN
using same full match comparison. This behavior is similar to
domain_suffix_match, but has the requirement of a full match, i.e.,
no subdomains or wildcard matches are allowed. Case-insensitive
comparison is used, so "Example.com" matches "example.com", but would
not match "test.Example.com". More than one match string can be
provided by using semicolons to
separate the strings (e.g., example.org;example.com). When multiple
strings are specified, a match with any one of the values is considered
a sufficient match for the certificate, i.e., the conditions are ORed
together.

domain_match2 - Constraint for server domain name. This field is like
domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel)
authentication.

domain_suffix_match - Constraint for server domain name. If set, this
FQDN is used as a suffix match requirement for the AAA server
certificate in SubjectAltName dNSName element(s). If a matching dNSName
is found, this constraint is met. If no dNSName values are present,
this constraint is matched against SubjectName CN using same suffix
match comparison. Suffix match here means that the host/domain name is
compared one label at a time starting from the top-level domain and all
the labels in domain_suffix_match shall be included in the certificate.
The certificate may include additional sub-level labels in addition to
the required labels. More than one match string can be provided by using
semicolons to separate the strings (e.g., example.org;example.com).
When multiple strings are specified, a match with any one of the values
is considered a sufficient match for the certificate, i.e., the
conditions are ORed together. For example,
domain_suffix_match=example.com would match test.example.com but would
not match test-example.com. This field is like domain_match, but used
for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication.

domain_suffix_match2 - Constraint for server domain name. This field is
like domain_suffix_match, but used for phase 2 (inside
EAP-TTLS/PEAP/FAST tunnel) authentication.

Signed-off-by: David Lam <david@thedavid.net>
2020-01-14 17:46:27 +01:00
Felix Fietkau
b1a1c222c9 mac80211: fix list_phy_interfaces for multiple wiphys on the same device
Network interfaces are looked up based on the device behind a phy, so the
phy needs to be checked separately

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:57:13 +01:00
Felix Fietkau
9501469e11 mac80211: fix a page refcounting issue leading to leaks/crashes in rx A-MSDU decap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:56:59 +01:00
Felix Fietkau
d5b3024139 mac80211: fix sta TID stats leak on a few nl80211 calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:56:54 +01:00
Felix Fietkau
fe1818cdbc mac80211: renumber subsys patches accepted upstream
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:56:46 +01:00
Florian Eckert
0f33c6b74a base-files: use jshn lib for ubus sysupgrade argument generation
With this change the well known jshn library will be used, to build the
json arguments for the ubus sysupgrade method. This is also used in all
other shell program that uses JSON. This commit unifies that.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-14 00:06:03 +01:00
Petr Štetiar
3d62463755 rpcd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:44 +01:00
Petr Štetiar
2b28358a37 odhcpd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 odhcpd-ipv6only Installed-Size: 36821 -> 38216

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:40 +01:00
Petr Štetiar
9c628cc76c procd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 procd Installed-Size: 44931 -> 47362

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:35 +01:00
Petr Štetiar
d38dd6e1ef ubus: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 ubus  Installed-Size:  5602 ->  5950
 ubusd Installed-Size: 11643 -> 12119

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:03 +01:00
Hauke Mehrtens
a2571f3c81 uhttpd: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 39% uncompressed and 21% compressed
on MIPS BE.

old:
33,189 /usr/sbin/uhttpd
23,016 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk

new:
46,212 /usr/sbin/uhttpd
27,979 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hauke Mehrtens
6b2379d048 hostapd: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 26% uncompressed and 16% compressed
on MIPS BE.

old:
460,933 /usr/sbin/wpad
283,891 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk

new:
584,508 /usr/sbin/wpad
330,281 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hauke Mehrtens
7ab6613026 dropbear: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 18% uncompressed and 17% compressed
on MIPS BE.

old:
164,261 /usr/sbin/dropbear
 85,648 dropbear_2019.78-2_mips_24kc.ipk

new:
194,492 /usr/sbin/dropbear
100,309 dropbear_2019.78-2_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hauke Mehrtens
dae0ac7770 dnsmasq: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 37% uncompressed and 18% compressed
on MIPS BE.

old:
146,933 /usr/sbin/dnsmasq
101,837 dnsmasq_2.80-14_mips_24kc.ipk

new:
202,020 /usr/sbin/dnsmasq
120,577 dnsmasq_2.80-14_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00