Commit Graph

19114 Commits

Author SHA1 Message Date
Stijn Tintel
ae60af8572 firewall4: order DEPENDS alphabetically
Add some line breaks while at at, to improve readability.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:54:06 +02:00
Stijn Tintel
3d4acc34bb firewall4: drop kmod-ipt-nat from CONFLICTS
The limitation of not being able to use iptables and nft nat at the same
time exists only in kernels before 4.18.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
2022-01-06 14:53:47 +02:00
Daniel Kestrel
b61d756b6c ltq-deu: disable arc4 algorithm
ARC4 was used for WEP, which is not secure anymore. Therefor it is
disabled in the driver, but the code is not removed for now.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
fc4d88cf73 ltq-deu: add aes_gcm algorithm
The lantiq AES hardware does not support the gcm algorithm. But it
can be implemented in the driver as a combination of the aes_ctr
algorithm and the xor plus gfmul operations for the hashing.
Due to the wrapping of the several algorithms and the inefficient
16 byte block by 16 byte block invokation in the kernel
implementations, this driver is about 3 times faster for the larger
block sizes.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
973e28f248 ltq-deu: change PKG_RELEASE to AUTORELEASE
As per suggestion by adschm, PKG_RELEASE is set to AUTORELEASE.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
a0d6b09c36 ltq-deu: remove redundant code for setting the key in aes
After adding xts and cbcmac the aes algorithm source had three sections
for setting the aes key to the hardware which are identical.
Method aes_set_key_hw was created which is now called from within the
spinlock secured control sections in methods ifx_deu_aes, ifx_deu_aes_xts
and aes_cbcmac_final_impl and reduces the size of ifxmips_aes.c.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
79efaa7f8f ltq-deu: add shash cbcmac-aes algorithm to the driver
Since commit 53b6783 hostapd is using the kernel api which includes the
cbcmac-aes shash algorithm. The kernels implementation is a wrapper around
the aes encryption algorithm, which encrypts block (16 bytes) by block.
When the ltq-deu driver is present, it uses hardware aes, but every 16 byte
encrypt requires setting the key. This is very inefficient and is a huge
overhead. Since the cbcmac-aes is simply a hash that uses the cbc aes
algorithm starting with an iv set to x'00' with an optional ecb aes
encryption of a possible last incomplete block that is padded with the
positional bytes of the last cbc encrypted block, this algorithm is now
added to the driver. Most of the code is derived from md5-hmac and
tailored for aes. Tested with the kernels crypto testmgr including extra
tests against the kernels generic ccm module implementation.
This patch also fixes the overallocation in the aes_ctx that is caused
by using u32 instead of u8 for the aes keys.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
f8e5c6080c ltq-deu: remove driver disablement for kernel 5.4 and above
Remove the dependency on kernel 5.4 from the Makefile to allow the
driver to compile with kernel 5.10 or kernel versions higher than
5.4.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:15 +01:00
Daniel Kestrel
43422deed3 ltq-deu: add aes_xts algorithm
The lantiq AES hardware does not support the xts algorithm. Apart
from the cipher text stealing (XTS), the AES XTS implementation is
just an XOR with the IV, followed by AES ECB, followed by another
XOR with the IV and as such can be also implemented by using the
lantiq hardware's CBC AES implemention plus one additional XOR with
the IV in the driver. The output IV by CBC AES is also not usable
and the gfmul operation not supported by lantiq hardware. Both need
to be done in the driver too in addition to the IV treatment which is
the initial encryption by the other half of the input key and to
set the IV to the IV registers for every block.
In the generic kernel implementation, the block size for XTS is set
to 16 bytes, although the algorithm is designed to process any size
of input larger than 16 bytes. But since there is no way to
indicate a minimum input length, the block size is used. This leads
to certain issues when the skcipher walk functions are used, e.g.
processing less than block size bytes is not supported by calling
skcipher_walk_done.
The walksize is 2 AES blocks because otherwise for splitted input
or output data, less than blocksize is to be returned in some cases,
which cannot be processed. Another issue was that depending on
possible split of input/output data, just 16 bytes are returned while
less than 16 bytes were remaining, while cipher text stealing
requires 17 bytes or more for processing.
For example, if the input is 60 bytes and the walk is 48, then
processing 48 bytes leads to a return code of -EINVAL for
skcipher_walk_done. Therefor the processed counter is used to
figure out, when the actual cipher text stealing for the remaining
bytes less than blocksize needs to be applied.
Measured with cryptsetup benchmark, this XTS AES implementation is
about 19% faster than the kernels XTS implementation that uses the
hardware ECB AES (ca. 18.6 MiB/s vs. 15.8 MiB/s decryption 256b key).
The implementation was tested with the kernels crypto testmgr against
the kernels generic XTS AES implementation including extended tests.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:08 +01:00
Daniel Kestrel
006fee0dad ltq-deu: update initialisations for hmac algorithms
The processing in the hmac algorithms depends on the status fields:
count, dbn and started. Not all were initialised in the init method
and after finishing the final method. Added missing fields to init
method and call init method after finishing final.
The memsets have the wrong size in the original driver and did not
clear everything and are not necessary. Since no memset is done in
the kernels generic implementation, memsets were removed.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:05 +01:00
Daniel Kestrel
6ade9d1dda ltq-deu: remove compiler warning and shorten locked sections
Removing hash pointer in _hmac_setkey since its not needed and causes
a compiler warning.
Make the spinlock control sections shorter and move initializations
out of the control sections to free the spinlock faster for allowing
other threads to use the hash engine.
Minor improvements for indentation and removal of blanks and blank
lines in some areas.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:23:02 +01:00
Daniel Kestrel
0470b05b56 ltq-deu: fix temp size exceed in hmac algorithms
Exceeding the temp array size was not checked and instead storage not
allocated by the driver was used/overwritten which in most cases
resulted in reboots. This patch implements processing the input to the
hash algorithm in tempsize chunks.
The _hmac_final methods were changed to _hmac_final_impl adding a
parameter that indicates intermediate or final processing. The started
variable was added to the context to indicate, if there is an
intermediate result in the context. For sha1_hmac the variable to store
the intermediate hash was added to the context too.
In order to avoid md5_hmac_final_impl being recursively called if the
padding of the input and the resulting last transform during the hmac
algorighms final processing causes the temp array to overflow and to
make sure that there is at least one block in the temp array when the
_hmac_final for final processing is called, the check for exceeding
the temp array in _hmac_transform was moved before copying the block
and incrementing dbn. dbn needs to be at least 1 at final processing
time to let the hash engine apply the opad operation.
To make the hash engine not apply the hmac algorithms final opad
operation, for intermediate processing the dbn in the control register
is set to a higher value than number of dbns are actually processed.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:59 +01:00
Daniel Kestrel
85383b3112 ltq-deu: fix setkey errors and static shared temp for hmac algos
The hmac algorithms state, that keys larger than the key size should be
hashed with the underlying hash algorithms and then those hashes are to
be used as keys. This patch implements this. In order to avoid allocating
a descriptor during setkey, a shash_desc pointer is added to the context.
Another issue for multithreaded callers is the shared temp array.
The temp array is static and as such would be shared among multithreaded
callers, which obviously would neither work nor produce correct results.
The temp array (4k size) is moved to the context and since the size of
the context is limited, it can only be defined as pointer otherwise the
initialisation of the hash algorithm fails.
The allocations and freeing of both the temp and the desc pointer in the
context are done by implementing cra_init and cra_exit functions for
the hmac algorithms.
Also improved indentation in some areas.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:57 +01:00
Daniel Kestrel
9cb1875d2f ltq-deu: fix ifxdeu-ctr-rfc3686(aes) not matching generic impl
Error ifxdeu-ctr-rfc3686(aes) (16) doesn't match generic impl (20) occurs
when running the cryptomgr extra tests that compare against the linux
kernels generic implementation.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:53 +01:00
Daniel Kestrel
34a3eaf07f ltq-deu: changes for hash multithread callers and md5 endianess
The algorithms sha1, sha1_hmac and md5_hmac all use ENDI=1. The md5
algorithm uses ENDI=0 and the endian_swap methods to reverse the
endianess switch by using user CPU time, which is unnecessary overhead.
Danube and AR9 devices do not set endianess for SHA1, so is done for
MD5.
Furthermore the patch replaces endian_swap with le32_to_cpu for md5 and
md5 hmac algorithms and removes endian_swap for them.
The init functions initialize the algorithm in the hardware. The lock is
not used to write to the control register. If another thread calls
another hash algo before update or final, the result will be wrong.
Therefore move the algorithm init to the lock protected sections in the
transform or final methods.
Setting the hw key for the hmac algorithms is now done from within the
lock protected sections in their final methods. The lock protecting is
removed from the _hmac_setkey_hw functions.
In final for md5 and sha1 the lock section is removed, because all the
work was already done in transform (which is called from final). As such
only copying the hash to the output is required.
MD5 and MD5_HMAC produce 16 byte hashes (4 DWORDS) only, therefor
writing register D5R to the hash output is removed for MD5_HMAC.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:50 +01:00
Daniel Kestrel
87a19c9345 ltq-deu: make deu hash lock global and remove md5_hmac_ exports
All hash algorithms use the same base IFX_HASH_CON to access the hash unit.
Parallel threads should not be able to call different hash algorithms and
therefor a global lock is required.
Fixed linker warning, that md5_hmac_init, md5_hmac_update and
md5_hmac_final are static export symbols. The export symbols are not
required, because the functions are exposed using shash_alg structure.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:48 +01:00
Daniel Kestrel
536dc6f164 ltq-deu: add aes_ofb and aes_cfb algorithms
The functions ifx_deu_aes_cfg and ifx_deu_aes_ofb have been part of the
driver ever since. But the functions and definitions to make the
algorithms actually usable were missing.
This patch adds the neccessary code for aes_ofb and aes_cfb algorithms.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:45 +01:00
Daniel Kestrel
cd01d41c77 ltq-deu: fix cryptomgr test errors for aes
When running cryptomgr tests against the driver, there are several
occurences of different errors for even and uneven splitted data in the
underlying scatterlists for the ctr and ctr_rfc3686 algorithms which are
now fixed.
Fixed error in ctr_rfc3686_aes_decrypt function which was introduced with
the previous commit by using CRYPTO_DIR_ENCRYPT in the decrypt function.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:42 +01:00
Daniel Kestrel
19cb3c9dff ltq-deu: fix cryptomgr test errors for des
When running cryptomgr tests against the driver, there are several
occurences of different errors for setkey of des and des3-ede
algorithms.
Those key checks are already implemented in the kernels des
implementation, so this is added as dependency and the kernel methods
are called. It also required adding the kernels des/des3 context
definitions to the des_ctx internal structure to be able to call the
kernel methods.
Fixed ifxdeu-des... setkey unexpectedly succeeded on test vector x;
expected_error=-22.
Fixed ifxdeu-des... setkey failed on test vector x; expected_error=0,
actual_error=-22.
Renamed des_ctx internal structure and des_encrypt/des_decrypt methods
because they are already defined in the kernel module.
Fixed wrong DES_xxx constant definitions in crypto_alg definition for
ifxdeu_des3_ede_alg.
Fixed method comment errors.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:38 +01:00
Daniel Kestrel
e84c4b54f3 ltq-deu: convert SHA1 after library impl of SHA1 was removed
The <linux/cryptohash.h> was removed with Linux 5.8, because it only
contained the library implementation of SHA1, which was folded
into <crypto/sha.h>.
So switch this driver away from using <linux/cryptohash.h>.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:35 +01:00
Daniel Kestrel
737bd4f296 ltq-deu: convert blkcipher to skcipher
Convert blkcipher to skcipher for the synchronous versions of AES,
DES and ARC4.
The Block Cipher API was depracated for a while and was removed with
Linux 5.5. So switch this driver to the skcipher API.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:30 +01:00
Daniel Kestrel
c8967d6d12 ltq-deu: set correct control register for AES
Some devices initialize AES during boot and AES works out of the box
and the correct endianess is set.
NDC means (No Danube Compatibility Mode) and the endianess setting has
no effect if its set to 0.
NDC 0: OFF ENDI bit cannot be written as in Danube
To make it work for other devices, the NDC control register needs to
be set to 1.

Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-06 00:22:18 +01:00
Mathias Kresin
8dafa98bfb ltq-deu: make cipher/digest usable by openssl
OpenSSL with cryptdev support uses the data encryption unit (DEU) driver
for hard accelerated processing of ciphers/digests, if the flag
CRYPTO_ALG_KERN_DRIVER_ONLY is set.

Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-05 23:05:38 +01:00
Mathias Kresin
17656f21f3 ltq-deu: aes-ctr: process all input data
Even if the minimum blocksize is set to 16 (AES_BLOCK_SIZE), the crypto
manager tests pass 499 bytes of data to the aes-ctr encryption, from
which only 496 bytes are actually encrypted.

Reading the comment regarding the minimum blocksize, it only states that
it's the "smallest possible unit which can be transformed with this
algorithm". Which doesn't necessarily mean, the data have to be a
multiple of the minimal blocksize.

All kernel hardware crypto driver enforce a minimum blocksize of 1,
which perfect fine works for the lantiq data encryption unit as well.

Lower the blocksize limit to 1, to process not padded data as well.
In AES for processing the remaining bytes, uninitialized pointers
were used.
This patch fixes using uninitialized pointers and wrong offsets.

Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-05 23:05:38 +01:00
Mathias Kresin
ab270c6fbc ltq-deu: aes: do not read/write behind buffer
When handling non-aligned remaining data (not padded to 16 byte
[AES_BLOCK_SIZE]), a full 16 byte block is read from the input buffer
and written to the output buffer after en-/decryption.

While code already assumes that an input buffer could have less than 16
byte remaining, as it can be seen by the code zeroing the remaining
bytes till AES_BLOCK_SIZE, the full AES_BLOCK_SIZE is read.

An output buffer size of a multiple of AES_BLOCK_SIZE is expected but
never validated.

To get rid of the read/write behind buffer, use a temporary buffer when
dealing with not padded data and only write as much bytes to the output
as we read.

Do not memcpy directly to the register, to make used of the endian swap
macro and to trigger the crypto start operator via the ID0R to trigger
the register. Since we might need an endian swap for the output in
future, use a temporary buffer for the output as well.

The issue could not be observed so far, since all caller of ifx_deu_aes
will ignore the padded (remaining) data. Considering that the minimum
blocksize for the algorithm is set to AES_BLOCK_SIZE, the behaviour
could be called expected.

Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-05 23:05:38 +01:00
Mathias Kresin
11d2c71538 ltq-deu: init des/aes before registering crpyto algorithms
The crypto algorithms are registered and available to the system before
the chip is actually powered on and the generic parameter for the DEU
behaviour set.

The issue can mainly be observed if the crypto manager tests are enabled
in the kernel config. The crypto manager test run directly after an
algorithm is registered.

Signed-off-by: Mathias Kresin <dev@kresin.me>
[fix commit title prefix]
Signed-off-by: Daniel Kestrel <kestrel1974@t-online.de>
2022-01-05 23:05:38 +01:00
Paul Spooren
6ba8d510b8 lua: add HOST_FPIC for host builds
Compiling without fPIC causes linking issues for packages using liblua.

Add $(HOST_FPIC) to host builds for both lua and lua5.3.

Suggested-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Paul Spooren <mail@aparcar.org>
2022-01-03 10:34:31 +01:00
Nick Hainke
7df80be410 binutils: fix compiling with arch-based distros
Arch Linux users have encountered problems with packages that have a dependency on binutils. This error happens when libtool is doing:
  libtool: relink: ...
So change PKG_FIXUP to "patch-libtool".

Fixes error in the form of:
  libtool: install: error: relink `libctf.la' with the above command
           before installing it

Upstream Bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=28545

OpenWrt Bug:
https://bugs.openwrt.org/index.php?do=details&task_id=4149

Acked-by: John Audia <graysky@archlinux.us>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2022-01-02 20:33:28 +01:00
Eneas U de Queiroz
def9565be6 openssl: bump to 1.1.1m
This is a bugfix release.  Changelog:

  *) Avoid loading of a dynamic engine twice.
  *) Fixed building on Debian with kfreebsd kernels
  *) Prioritise DANE TLSA issuer certs over peer certs
  *) Fixed random API for MacOS prior to 10.12

Patches were refreshed.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2022-01-01 18:02:49 +01:00
Nick Hainke
f61816fdff hostapd: refresh patchset
Recently the hostapd has undergone many changes. The patches were not refreshed.
Refreshed with
    make package/hostapd/{clean,refresh}

Refreshed:
    - 380-disable_ctrl_iface_mib.patch
    - 600-ubus_support.patch
    - 700-wifi-reload.patch
    - 720-iface_max_num_sta.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-12-31 12:11:59 +01:00
Stijn Tintel
9ba6ee4e25 nftables: allow quoted string in flowtable_expr_member
This is required to be able to use flow offloading on devices with
ifnames that start with a digit, like 6in4-wan6.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-31 02:07:13 +02:00
Sergey V. Lobanov
6bfc8bb4a3 utils/px5g-wolfssl: make selfsigned certicates compatible with chromium
Chromium based web-browsers (version >58) checks x509v3 extended attributes.
If this check fails then chromium does not allow to click "Proceed to ...
(unsafe)" link. This patch add three x509v3 extended attributes to self-signed
certificate:
1. SAN (Subject Alternative Name) (DNS Name) = CN (common name)
2. Key Usage = Digital Signature, Non Repudiation, Key Encipherment
3. Extended Key Usage = TLS Web Server Authentication

SAN will be added only if CONFIG_WOLFSSL_ALT_NAMES=y

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2021-12-29 22:55:16 +01:00
Sergey V. Lobanov
dfd695f4b9 libs/wolfssl: add SAN (Subject Alternative Name) support
x509v3 SAN extension is required to generate a certificate compatible with
chromium-based web browsers (version >58)

It can be disabled via unsetting CONFIG_WOLFSSL_ALT_NAMES

Signed-off-by: Sergey V. Lobanov <sergey@lobanov.in>
2021-12-29 22:55:16 +01:00
Pawel Dembicki
4e46ae1f69 kirkwood: add support for NETGEAR ReadyNAS Duo v2
NETGEAR ReadyNAS Duo v2 is a NAS based on Marvell kirkwood SoC.

Specification:
 - Processor Marvell 88F6282 (1.6 GHz)
 - 256MB RAM
 - 128MB NAND
 - 1x GBE LAN port (PHY: Marvell 88E1318)
 - 1x USB 2.0
 - 2x USB 3.0
 - 2x SATA
 - 3x button
 - 5x leds
 - serial on J5 connector accessible from rear panel
   (115200 8N1) (VCC,TX,RX,GND) (3V3 LOGIC!)

Installation by USB + serial:
  - Copy initramfs image to fat32 usb drive
  - Connect pendrive to USB 2.0 front socket
  - Connect serial console
  - Stop booting in u-boot
  - Do:
	usb reset
        setenv bootargs 'console=ttyS0,115200n8 earlyprintk'
        setenv bootcmd 'nand read.e 0x1200000 0x200000 0x600000;bootm 0x1200000'
        saveenv
	fatload usb 0:1 0x1200000 openwrt-kirkwood-netgear_readynas-duo-v2-initramfs-uImage
	bootm 0x1200000
  - copy sysupgrade image via ssh.
  - run sysupgrade

Installation by TFTP + serial:
  - Setup TFTP server and copy initramfs image
  - Connect serial console
  - Stop booting in u-boot
  - Do:
	setenv bootargs 'console=ttyS0,115200n8 earlyprintk'
	setenv bootcmd 'nand read.e 0x1200000 0x200000 0x600000;bootm 0x1200000'
	saveenv
	setenv serverip 192.168.1.1
	setenv ipaddr 192.168.1.2
	tftpboot 0x1200000 openwrt-kirkwood-netgear_readynas-duo-v2-initramfs-uImage
	bootm 0x1200000
  - copy sysupgrade image via ssh.
  - run sysupgrade

Known issues:
  - Power button and PHY INTn pin are connected to the same GPIO. It
    causes that every network restart button is pressed in system.
    As workaround, button is used as regular BTN_1.

For more info please look at file:
RND_5.3.13_WW.src/u-boot/board/mv_feroceon/mv_hal/usibootup/usibootup.c
from Netgear GPL sources.

Tested-by: Raylynn Knight <rayknight@me.com>
Tested-by: Lech Perczak <lech.perczak@gmail.com>
Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2021-12-29 20:35:57 +01:00
Pawel Dembicki
c6ab514863 packages: kernel: add i2c hwmon g762 kmod package
This patch adds kernel module for Global Mixed-mode Technology Inc
G762 and G763 fan speed PWM controller chips.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2021-12-29 20:35:57 +01:00
Hauke Mehrtens
d0501dc7fc tfa-layerscape: fix build on systems without openssl headers
The build fails when the openssl/sha.h header file is not installed on
the host system. Fix this by setting the HOSTCCFLAGS variable to the
OpenWrt HOST_CFLAGS variable, without setting this the include paths and
other modifications in the host flags done by OpenWrt will be ignored by
the build.

This fixes the following build problem:
gcc -c -D_GNU_SOURCE -D_XOPEN_SOURCE=700 -Wall -Werror -pedantic -std=c99 -O2 -I../../include/tools_share fiptool.c -o fiptool.o
In file included from fiptool.h:16,
                 from fiptool.c:19:
fiptool_platform.h:19:11: fatal error: openssl/sha.h: No such file or directory
   19 | # include <openssl/sha.h>
      |           ^~~~~~~~~~~~~~~

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-28 18:04:13 +01:00
Hauke Mehrtens
137a7607ec layerscape: restool: Remove build of manpages
The build of the manpages needs the pandoc tool, this is not in the
minimal requirements of OpenWrt, just remove the build of the restool
manpage. This fixes the build on systems without pandoc like the OpenWrt build bots.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-28 16:09:12 +01:00
Raphaël Mélotte
69ce75fb12 hostapd: add fallback for WPS on stations
Up to now the WPS script triggered WPS on the stations only if it
could not trigger it successfully on any hostapd instance.

In a Multi-AP context, there can be a need (to establish a new
wireless backhaul link) to trigger WPS on the stations, regardless of
whether there is already a hostapd instance configured or not. The
current script makes it impossible, as if hostapd is running and
configured, WPS would always be triggered on hostapd only.

To allow both possibilities, the following changes are made:

- Change the "pressed" action to "release", so that we can make use of
the "$SEEN" variables (to know for how long the button was pressed).

- If the button is pressed for less than 3 seconds, keep the original
behavior.

- If the button is pressed for 3 seconds or more, trigger WPS on the
stations, regardless of the status of any running hostapd instance.

- Add comments explaining both behaviors.

- While at it, replace the usage of '-a' with a '[] && []'
construct (see [1]).

This gives users a "fallback" mechanism to onboard a device to a
Multi-AP network, even if the device already has a configured hostapd
instance running.

[1]: https://github.com/koalaman/shellcheck/wiki/SC2166

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
2021-12-27 16:32:02 +00:00
Christian Lamparter
cf8ee49c9b linux-firmware: amd: consolidate amd's linux-firmware entries
this patch consolidates the amd64-microcode
(moved to linux-firmware.git, previously this was an extra
debian source package download), amdgpu and radeon firmwares
into a shared "amd" makefile.

With the upcoming 20211216 linux-firmware bump,
this will include a microcode update for ZEN 3 CPUs.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-27 13:51:41 +01:00
Martin Schiller
a0ad1f36f0 umbim: add missing json_close_object call
Otherwise, connection setup may fail due to JSON parse error in netifd.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Updated commit description]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2021-12-27 13:51:41 +01:00
Martin Schiller
6d1cca7e65 umbim: explicitly check for PIN1 state
PIN2 is used only to restrict changing of fixed dialling feature,
does not affect network registration. Therefore explicitly check for
PIN1 state during connection setup, which is required for network
registration.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Updated commit description]
Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2021-12-27 13:51:41 +01:00
Martin Schiller
049870a7fe umbim: call umbim disconnect in error case
This is needed to properly close the control channel.

Otherwise, on the next try the caps call may fail.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-27 13:51:41 +01:00
Javier Marcet
018ada5403 base-files: upgrade: fix efi partitions size calculation
We were missing (not using) the last sector of each partition,
compared with the output of gparted.

Signed-off-by: Javier Marcet <javier@marcet.info>
[moved the dot]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-27 13:51:41 +01:00
David Bauer
5ca7793418 hostapd: add missing function declaration
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-27 03:13:36 +01:00
Hauke Mehrtens
18bdfc803b tcpdump: libpcap: Remove http://www.us.tcpdump.org mirror
The http://www.us.tcpdump.org mirror will go offline soon, only use the
normal download URL.

Reported-by: Denis Ovsienko <denis@ovsienko.info>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-27 00:49:08 +01:00
Hauke Mehrtens
397dfe4a97 linux-firmware: Update to version 20121216
The rtl8723bs firmware was removed and a symlink to the rtl8723bu
firmware was created like it is done in upstream linux-firmware.

The following OpenWrt packages are changing:
* amdgpu-firmware: Multiple updates and new files
* ar3k-firmware: Multiple updates and new files
* ath10k-firmware-qca6174: Updated ath10k/QCA6174/hw3.0/board-2.bin
* bnx2x-firmware: Added bnx2x-e1-7.13.21.0.fw, bnx2x-e1h-7.13.21.0.fw and bnx2x-e2-7.13.21.0.fw
* iwlwifi-firmware-iwl8260c: Updated iwlwifi-8000C-36.ucode
* iwlwifi-firmware-iwl8265: Updated iwlwifi-8265-36.ucode
* iwlwifi-firmware-iwl9000: Updated iwlwifi-9000-pu-b0-jf-b0-46.ucode
* iwlwifi-firmware-iwl9260: Updated iwlwifi-9260-th-b0-jf-b0-46.ucode
* r8169-firmware: Updated rtl8153c-1.fw
* rtl8723bs-firmware: removed
* rtl8723bu-firmware: Added rtlwifi/rtl8723bs_nic.bin symlink
* rtl8822ce-firmware: Updated rtw8822c_fw.bin

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-27 00:10:29 +01:00
Nick Hainke
236c3ea730 kernel: mac80211: refresh patchset
Refreshed:
- 311-mac80211-use-coarse-boottime-for-airtime-fairness-co.patch

Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-12-24 22:15:50 +00:00
Nick Hainke
694757a08f kernel: ath10k: provide a build variant for small RAM devices
Based on: 1ac627024d ("kernel: ath10k-ct: provide a build variant for
small RAM devices")

Like described in the ath10k-ct-smallbuffers version, oom-killer gets
triggered frequently by devices with small RAM.

That change is necessary for many community mesh networks which use
ath10k based devices with too little RAM. The -ct driver has been
proven unstable if used with 11s meshing and only wave2 chipsets are
supporting 11s. Freifunk Berlin is nowadays assembling its
firmware-based completely of vanilla OpenWRT with some package additions
which are made through the imagebuilder. Therefore we cannot take the
approach other freifunk communities have taken to maintain that patch
downstream [1]. Other communities consider these devices as broken and
that change would pretty much give those devices a second life [2].
[1] - 450b306e54
[2] - https://github.com/freifunk-gluon/gluon/issues/1988#issuecomment-619532909

Signed-off-by: Simon Polack <spolack+git@mailbox.org>
Signed-off-by: Nick Hainke <vincent@systemli.org>
2021-12-24 22:15:50 +00:00
Rafał Miłecki
f18288e267 arm-trusted-firmware-bcm63xx: add ATF for Broadcom devices
Right now it includes bcm4908 variant only that is required by BCM4908
family devices with U-Boot.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-12-24 22:42:03 +01:00
Felix Fietkau
5e67cd63c4 hostapd: only attempt to set qos map if supported by the driver
Fixes issues with brcmfmac

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-23 19:18:56 +01:00
Arnout Vandecappelle (Essensium/Mind)
0210f37534 hostapd: keep HE capability after channel switch in AP+STA/Mesh
The auto-ht option already kept HT and VHT support, but wasn't updated
to support HE (11ax).

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-12-21 22:21:38 +00:00
Stijn Tintel
3fda16078b qoriq: add support for WatchGuard Firebox M300
This device is based on NXP's QorIQ T2081QDS board, with a quad-core
dual-threaded 1.5 GHz ppc64 CPU and 4GB ECC RAM. The board has 5
ethernet interfaces, of which 3 are connected to the ethernet ports on
the front panel. The other 2 are internally connected to a Marvell
88E6171 switch; the other 5 ports of this switch are also connected to
the ethernet ports on the front panel.

Installation: write the sdcard image to an SD card. Stock U-Boot will
not boot, wait for it to fail then run these commands:

setenv OpenWrt_fdt image-watchguard-firebox-m300.dtb
setenv OpenWrt_kernel watchguard_firebox-m300-kernel.bin
setenv wgBootSysA 'setenv bootargs root=/dev/mmcblk0p2 rw rootdelay=2 console=$consoledev,$baudrate fsl_dpaa_fman.fsl_fm_max_frm=1530; ext2load mmc 0:1 $fdtaddr $OpenWrt_fdt; ext2load mmc 0:1 $loadaddr $OpenWrt_kernel; bootm $loadaddr - $fdtaddr'
saveenv
reset

The default U-Boot boot entry will now boot OpenWrt from the SD card.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-12-21 21:37:46 +02:00
Stijn Tintel
080a769b4d qoriq: new target
Add a new target named "qoriq", that will support boards using PowerPC
processors from NXP's QorIQ brand.

This doesn't actually add support for any board yet, so that
installation instructions can go in the commit message of the commit
that adds actual support for a board.

Using CONFIG_E6500_CPU here due to the kernel using -mcpu=powerpc64
rather than -mcpu=e5500 when selecting CONFIG_E5500_CPU. The only
difference between e5500 and e6500 is AltiVec support, and the kernel
checks for it at runtime. Musl will only check at runtime if AltiVec
support is disabled at compile-time, so we need to use e5500 in CPU_TYPE
to avoid SIGILL.

Math emulation (CONFIG_MATH_EMULATION_HW_UNIMPLEMENTED) is required, as
neither e5500 nor e6500 implement fsqrt nor fsqrts, and musl hardcodes
sqrt and sqrtf to use these ASM instructions on PowerPC64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-12-21 21:37:39 +02:00
Stijn Tintel
052e31ed47 libunwind: add ppc64 support
Backport an upstream patch to make libunwind build on ppc64, and add
powerpc64 to the dependencies.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-12-21 21:37:05 +02:00
Stijn Tintel
38c3ead820 nettle: disable assembler on ppc64
As of version 3.7, Nettle added PowerPC64 assembly for several
algorithms. Unfortunately, they cause build to fail due to ABI mismatch:

gcm-hash.o: ABI version 1 is not compatible with ABI version 2 output

Disable assembler when ppc64 and musl are used for now.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-12-21 21:36:55 +02:00
Stijn Tintel
ac8673ff85 openssl: add ppc64 support
Backport an upstream patch that adds support for ELFv2 ABI on big endian
ppc64. As musl only supports ELFv2 ABI on ppc64 regardless of
endianness, this is required to be able to build OpenSSL for ppc64be.

Modify our targets patch to add linux-powerpc64-openwrt, which will use
the linux64v2 perlasm scheme. This will probably break the combination
ppc64 with glibc, but as we really only want to support musl, this
shouldn't be a problem.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-12-21 21:36:38 +02:00
Lorenzo Bianconi
3eff363ec3 mt76: fix Makefile dependencies for mt7921
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
2021-12-21 11:29:09 +01:00
Stijn Tintel
7e54e9f860 kernel: drop obsolete kmod-video-core dependencies
These dependencies do not exist in any of the supported kernel versions.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-20 19:57:01 +02:00
Stijn Tintel
a47c82b556 kernel: drop obsolete symbols from kmod-video-core
These symbols don't exist in any of the supported kernel versions.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-20 19:57:01 +02:00
Daniel Golle
15d0c4d5cd
procd: update to git HEAD
eb522fc uxc: consider uvol and etc location for configurations
 16a6ee9 uxc: integrate console into uxc
 129d050 remove ujail-console

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-12-20 02:23:47 +00:00
David Bauer
54cfe0774c hostapd: make OpenWrt statistics per-BSS
WNM and RRM statistics were incorrectly per-PHY, leading to shared
statistic counters per BSS.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-20 00:15:03 +01:00
David Bauer
6d1e380666 hostapd: provide BSS-transition-queries to ubus subscribers
Provide incoming BSS transition queries to ubus subscribers.

This allows external steering daemons to provide clients with
an optimal list of transition candidates.

This commit has no functional state in case no ubus subscriber is
present or it does not handle this ubus message.

To prevent hostapd from sending out a generic response by itself, a
subscribing daemon has to return a non-zero response code to hostapd.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-20 00:15:03 +01:00
David Bauer
dd39249f08 hostapd: WNM: allow specifying dialog-token
Backport a patch to allow extending the ubus BSS-transition method
for specifying individual dialog tokens for BSS transition
management requests.

This is required for handling BSS transition queries in the future.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-20 00:15:03 +01:00
Hans Dedecker
df9a62a085 odhcp6c: update to latest git HEAD
39b584b Revert "dhcpv6: add a minimum valid lifetime for IA_PD updates"
c9578e1 dhcpv6: add support for null IA_PD valid lifetime
ca43ea3 dhcpv6: add a minimum valid lifetime for IA_PD updates

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-12-17 21:06:34 +01:00
Hans Dedecker
1e57d52e2f netifd: update to latest git HEAD
5ca5e0b netifd: allow disabling rule/rule6 config sections
8875960 interface-ip: add support for IPv6 prefix invalidation
e589c05 interface-ip: use metric when looking for a route
b54ffde main: fix hotplug script usage message

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-12-17 21:06:24 +01:00
Felix Fietkau
87def9efd8 mac80211: optimize airtime fairness code to reduce cpu usage
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-17 15:03:05 +01:00
David Bauer
9090e0be4d hostapd: close correct blobmsg table
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-16 20:27:07 +01:00
David Bauer
16bcaa71fa hostapd: add OpenWrt specific statistic counters
This adds a new struct for storing statistics not (yet) tracked by
hostapd regarding RRM and WNM activity.

These statistics can be read using the get_status hostapd interface ubus
method.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-12-15 00:13:40 +01:00
Hauke Mehrtens
a5cc9e033c iw: Update to version 5.16
Revert a commit to allow providing CFLAGS and LIBS from OpenWrt package
Makefile.

This downgrades the nl80211.h to kernel 5.15 and removes FILS_CRYPTO_OFFLOAD.
This is needed to make it compatible with our patched mac80211 from
kernel 5.15

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-14 22:59:10 +01:00
Hauke Mehrtens
954e1278a9 libnl-tiny: update to the latest version
8e0555f attr.h: Add NLA_PUT_S32

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-14 22:59:10 +01:00
Hauke Mehrtens
3531a96df7 mac80211: Update to version 5.15.8
The following patches were backported from upstream before and are not
needed any more:
  package/kernel/mac80211/patches/ath10k/081-ath10k-fix-module-load-regression-with-iram-recovery-feature.patch
  package/kernel/mac80211/patches/ath10k/980-ath10k-fix-max-antenna-gain-unit.patch
  package/kernel/mac80211/patches/build/010-headers-Add-devm_platform_get_and_ioremap_resource.patch
  package/kernel/mac80211/patches/subsys/300-mac80211-drop-check-for-DONT_REORDER-in-__ieee80211_.patch
  package/kernel/mac80211/patches/subsys/307-mac80211-do-not-access-the-IV-when-it-was-stripped.patch
  package/kernel/mac80211/patches/subsys/308-mac80211-fix-radiotap-header-generation.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-12-14 22:15:06 +01:00
Martin Schiller
210128240b ls-ddr-phy: bump to LSDK-21.08
Update ls-ddr-phy to latest LSDK-21.08.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
4002a6aa76 restool: bump to LSDK-21.08
Update restool to latest LSDK-21.08.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
693923030c ls-dpl: bump to LSDK-21.08
Update ls-dpl to latest LSDK-21.08.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
a82e766f17 ls-mc: bump to LSDK-21.08
Update ls-mc to latest LSDK-21.08.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
5df38cc7ba ppfe-firmware: bump to LSDK-21.08
Update ppfe-firmware to latest LSDK-21.08.

Switched to AUTORELEASE for simplicity.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
d6ca827043 fman-ucode: bump to LSDK-21.08
Just update PKG_VERSION/PKG_MIRROR_HASH since fman-ucode
of LSDK-21.08 had no changes.

Switched to AUTORELEASE for simplicity.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
294140c124 tfa-layerscape: bump to LSDK-21.08
Update tfa package to latest LSDK-21.08.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
674af9c1f6 uboot-layerscape: bump to LSDK-21.08
Update layerscape u-boot package to LSDK-21.08 and drop patches which
are no longer needed.

The new env variable 'fsl_bootcmd_mcinitcmd_set' is needed to protect
the configured bootcmd and mc_init values. See [1] for more
informations.

[1] b62c174e86

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 23:22:29 +01:00
Martin Schiller
8ef768c2ef ls-rcw: bump to LSDK-21.08
Update ls-rcw to latest LSDK-21.08.
Drop patch 0001 since it had been integrated.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2021-12-13 22:25:28 +01:00
Rafał Miłecki
942facd14f otrx: update to the latest master
56e8e19 otrx: support TRX from stdin when extracting
a37ccaf otrx: support unsorted partitions offsets
1fa145e otrx: extract shared code opening & parsing TRX format
4ecefda otrx: allow validating TRX from stdin
cf01e69 otrx: avoid unneeded fseek() when calculating CRC32

Fixes: 80041dea70 ("bcm53xx: sysupgrade: refactor handling different firmware formats")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-12-13 13:48:08 +01:00
Rafał Miłecki
a2cf659ad8 dtc: support printing binary data with fdtget
It's needed for extracting binary images.

Cc: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-12-13 08:51:09 +01:00
Rafał Miłecki
80fe8d027c dtc: import package for dtc & fdt from packages feed
fdt* utils are needed by targets that use U-Boot FIT images for
sysupgrade. It includes all recent BCM4908 SoC routers as Broadcom
switched from CFE to U-Boot.

fdtget is required for extracting images (bootfs & rootfs) from
Broadcom's ITB. Extracted images can be then flashed to UBI volumes.

sysupgrade is core functionality so it needs dtc as part of base code
base.

Cc: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-12-13 08:36:26 +01:00
Daniel Golle
56b14fdeb2
procd: update to git HEAD
bb95fe8 jail: make sure jailed process is terminated

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-12-11 03:16:57 +00:00
Janpieter Sollie
03c0049774 rtl8812au-ct: update driver to be ready for 5.15
update rtl8812au-ct driver to be ready for 5.15 Linux.

Signed-off-by: Janpieter Sollie <janpieter.sollie@edpnet.be>
[added commit message from PR with changes, added tag to subject]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-11 00:50:02 +01:00
Felix Fietkau
ea49690ff4 hostapd: add support for specifying the FILS DHCP server
The 'fils_dhcp' option can be set to '*' in order to autodetect the DHCP server
For proto=dhcp networks, the discovered dhcp server will be used
For all other networks, udhcpc is called to discover the address

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-10 11:33:49 +01:00
Felix Fietkau
baba2fdaa6 netifd: on dhcp interfaces, store the dhcp server in interface data
Among other things, this can be used to auto-configure the DHCP server
address for wireless APs using FILS, if the bridged interface is
configured to DHCP

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-10 11:33:49 +01:00
Felix Fietkau
b7d9bced30 hostapd: add support for enabling FILS on AP and client interfaces
This is only supported with WPA-enterprise

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-10 11:33:49 +01:00
Felix Fietkau
5b66dfaf6c hostapd: enable FILS support in the full config and add build feature discovery
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-10 11:33:49 +01:00
Josef Schlehofer
362695acdf kernel: add kmod-video-gspca-sq930x
This module adds support for USB WebCams, which uses SQ930X chip [1].

[1] https://cateee.net/lkddb/web-lkddb/USB_GSPCA_SQ930X.html

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2021-12-05 18:49:14 +01:00
Josef Schlehofer
fcb82e42df kernel: btrfs: enable ACL
By default CONFIG_BTRFS_FS_POSIX_ACL is disabled, it should be enabled
only when you enable CONFIG_FS_POSIX_ACL.

Right now, when you enable CONFIG_FS_POSIX_ACL it will enable
CONFIG_BTRFS_FS_POSIX_ACL, but it will be disabled once you install
kmod-btrfs. This should prevent it.

Btrfs has enabled by default ACL for mount option.

More details:
https://cateee.net/lkddb/web-lkddb/BTRFS_FS_POSIX_ACL.html
https://btrfs.wiki.kernel.org/index.php/Manpage/btrfs(5)

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
2021-12-05 18:49:14 +01:00
Hans Dedecker
eddb51392a nat46: update to latest git HEAD
d9bc161 nat46-core: Fix typo since day one (#31)
840e235 Fix coverity issues observed so far (#30)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-12-05 18:40:19 +01:00
Florian Eckert
dd681838d3 base-files: fix service_running check
The following command checks if a instance of a service is running.
/etc/init.d/<service> running <instance>

 In the variable `$@`, which is passed to the function
`service_running`, the first argument is always the `instance` which
should be checked. Because all other variables where removed from `$@`
with `shift`.

Before this change the first argument of `$@` was set to the `$service`
Variable. So the function does not work as expected. The `$service`
variable was always the instance which should be checked. This is not
what we want.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
2021-12-04 09:39:11 +09:00
Tan Zien
1add2c0d95 firmware: intel-microcode: update to 20210608
intel-microcode (3.20210608.2)

  * Correct INTEL-SA-00442 CVE id to CVE-2020-24489 in changelog and
    debian/changelog (3.20210608.1).

intel-microcode (3.20210608.1)

  * New upstream microcode datafile 20210608 (closes: #989615)
    * Implements mitigations for CVE-2020-24511 CVE-2020-24512
      (INTEL-SA-00464), information leakage through shared resources,
      and timing discrepancy sidechannels
    * Implements mitigations for CVE-2020-24513 (INTEL-SA-00465),
      Domain-bypass transient execution vulnerability in some Intel Atom
      Processors, affects Intel SGX.
    * Implements mitigations for CVE-2020-24489 (INTEL-SA-00442), Intel
      VT-d privilege escalation
    * Fixes critical errata on several processors
    * New Microcodes:
      sig 0x00050655, pf_mask 0xb7, 2018-11-16, rev 0x3000010, size 47104
      sig 0x000606a5, pf_mask 0x87, 2021-03-08, rev 0xc0002f0, size 283648
      sig 0x000606a6, pf_mask 0x87, 2021-04-25, rev 0xd0002a0, size 283648
      sig 0x00080664, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x00080665, pf_mask 0x01, 2021-02-17, rev 0xb00000f, size 130048
      sig 0x000806c1, pf_mask 0x80, 2021-03-31, rev 0x0088, size 109568
      sig 0x000806c2, pf_mask 0xc2, 2021-04-07, rev 0x0016, size 94208
      sig 0x000806d1, pf_mask 0xc2, 2021-04-23, rev 0x002c, size 99328
      sig 0x00090661, pf_mask 0x01, 2021-02-04, rev 0x0011, size 19456
      sig 0x000906c0, pf_mask 0x01, 2021-03-23, rev 0x001d, size 19456
      sig 0x000a0671, pf_mask 0x02, 2021-04-11, rev 0x0040, size 100352
    * Updated Microcodes:
      sig 0x000306f2, pf_mask 0x6f, 2021-01-27, rev 0x0046, size 34816
      sig 0x000306f4, pf_mask 0x80, 2021-02-05, rev 0x0019, size 19456
      sig 0x000406e3, pf_mask 0xc0, 2021-01-25, rev 0x00ea, size 105472
      sig 0x000406f1, pf_mask 0xef, 2021-02-06, rev 0xb00003e, size 31744
      sig 0x00050653, pf_mask 0x97, 2021-03-08, rev 0x100015b, size 34816
      sig 0x00050654, pf_mask 0xb7, 2021-03-08, rev 0x2006b06, size 36864
      sig 0x00050656, pf_mask 0xbf, 2021-03-08, rev 0x4003102, size 30720
      sig 0x00050657, pf_mask 0xbf, 2021-03-08, rev 0x5003102, size 30720
      sig 0x0005065b, pf_mask 0xbf, 2021-04-23, rev 0x7002302, size 27648
      sig 0x00050663, pf_mask 0x10, 2021-02-04, rev 0x700001b, size 24576
      sig 0x00050664, pf_mask 0x10, 2021-02-04, rev 0xf000019, size 24576
      sig 0x00050665, pf_mask 0x10, 2021-02-04, rev 0xe000012, size 19456
      sig 0x000506c9, pf_mask 0x03, 2020-10-23, rev 0x0044, size 17408
      sig 0x000506ca, pf_mask 0x03, 2020-10-23, rev 0x0020, size 15360
      sig 0x000506e3, pf_mask 0x36, 2021-01-25, rev 0x00ea, size 105472
      sig 0x000506f1, pf_mask 0x01, 2020-10-23, rev 0x0034, size 11264
      sig 0x000706a1, pf_mask 0x01, 2020-10-23, rev 0x0036, size 74752
      sig 0x000706a8, pf_mask 0x01, 2020-10-23, rev 0x001a, size 75776
      sig 0x000706e5, pf_mask 0x80, 2020-11-01, rev 0x00a6, size 110592
      sig 0x000806a1, pf_mask 0x10, 2020-11-06, rev 0x002a, size 32768
      sig 0x000806e9, pf_mask 0x10, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2021-01-06, rev 0x00ea, size 103424
      sig 0x000806eb, pf_mask 0xd0, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000806ec, pf_mask 0x94, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906e9, pf_mask 0x2a, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906ea, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 102400
      sig 0x000906eb, pf_mask 0x02, 2021-01-05, rev 0x00ea, size 104448
      sig 0x000906ec, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
      sig 0x000906ed, pf_mask 0x22, 2021-01-05, rev 0x00ea, size 103424
      sig 0x000a0652, pf_mask 0x20, 2021-02-07, rev 0x00ea, size 93184
      sig 0x000a0653, pf_mask 0x22, 2021-03-08, rev 0x00ea, size 94208
      sig 0x000a0655, pf_mask 0x22, 2021-03-08, rev 0x00ec, size 94208
      sig 0x000a0660, pf_mask 0x80, 2020-12-08, rev 0x00e8, size 94208
      sig 0x000a0661, pf_mask 0x80, 2021-02-07, rev 0x00ea, size 93184
  * source: update symlinks to reflect id of the latest release, 20210608

intel-microcode (3.20210216.1)

  * New upstream microcode datafile 20210216
    * Mitigates an issue on Skylake Server (H0/M0/U0), Xeon-D 21xx,
      and Cascade Lake Server (B0/B1) when using an active JTAG
      agent like In Target Probe (ITP), Direct Connect Interface
      (DCI) or a Baseboard Management Controller (BMC) to take the
      CPU JTAG/TAP out of reset and then returning it to reset.
    * This issue is related to the INTEL-SA-00381 mitigation.
    * Updated Microcodes:
      sig 0x00050654, pf_mask 0xb7, 2020-12-31, rev 0x2006a0a, size 36864
      sig 0x00050656, pf_mask 0xbf, 2020-12-31, rev 0x4003006, size 53248
      sig 0x00050657, pf_mask 0xbf, 2020-12-31, rev 0x5003006, size 53248
  * source: update symlinks to reflect id of the latest release, 20210216

intel-microcode (3.20201118.1)

  * New upstream microcode datafile 20201118
    * Removes a faulty microcode update from release 2020-11-10 for Tiger Lake
      processors.  Note that Debian already had removed this specific falty
      microcode update on the 3.20201110.1 release
    * Add a microcode update for the Pentium Silver N/J5xxx and Celeron
      N/J4xxx which didn't make it to release 20201110, fixing security issues
      (INTEL-SA-00381, INTEL-SA-00389)
    * Updated Microcodes:
      sig 0x000706a1, pf_mask 0x01, 2020-06-09, rev 0x0034, size 74752
    * Removed Microcodes:
      sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520

intel-microcode (3.20201110.1)

  * New upstream microcode datafile 20201110 (closes: #974533)
    * Implements mitigation for CVE-2020-8696 and CVE-2020-8698,
      aka INTEL-SA-00381: AVX register information leakage;
      Fast-Forward store predictor information leakage
    * Implements mitigation for CVE-2020-8695, Intel SGX information
      disclosure via RAPL, aka INTEL-SA-00389
    * Fixes critical errata on several processor models
    * Reintroduces SRBDS mitigations(CVE-2020-0543, INTEL-SA-00320)
      for Skylake-U/Y, Skylake Xeon E3
    * New Microcodes
      sig 0x0005065b, pf_mask 0xbf, 2020-08-20, rev 0x700001e, size 27648
      sig 0x000806a1, pf_mask 0x10, 2020-06-26, rev 0x0028, size 32768
      sig 0x000806c1, pf_mask 0x80, 2020-10-02, rev 0x0068, size 107520
      sig 0x000a0652, pf_mask 0x20, 2020-07-08, rev 0x00e0, size 93184
      sig 0x000a0653, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 94208
      sig 0x000a0655, pf_mask 0x22, 2020-07-08, rev 0x00e0, size 93184
      sig 0x000a0661, pf_mask 0x80, 2020-07-02, rev 0x00e0, size 93184
    * Updated Microcodes
      sig 0x000306f2, pf_mask 0x6f, 2020-05-27, rev 0x0044, size 34816
      sig 0x000406e3, pf_mask 0xc0, 2020-07-14, rev 0x00e2, size 105472
      sig 0x00050653, pf_mask 0x97, 2020-06-18, rev 0x1000159, size 33792
      sig 0x00050654, pf_mask 0xb7, 2020-06-16, rev 0x2006a08, size 35840
      sig 0x00050656, pf_mask 0xbf, 2020-06-18, rev 0x4003003, size 52224
      sig 0x00050657, pf_mask 0xbf, 2020-06-18, rev 0x5003003, size 52224
      sig 0x000506c9, pf_mask 0x03, 2020-02-27, rev 0x0040, size 17408
      sig 0x000506ca, pf_mask 0x03, 2020-02-27, rev 0x001e, size 15360
      sig 0x000506e3, pf_mask 0x36, 2020-07-14, rev 0x00e2, size 105472
      sig 0x000706a8, pf_mask 0x01, 2020-06-09, rev 0x0018, size 75776
      sig 0x000706e5, pf_mask 0x80, 2020-07-30, rev 0x00a0, size 109568
      sig 0x000806e9, pf_mask 0x10, 2020-05-27, rev 0x00de, size 104448
      sig 0x000806e9, pf_mask 0xc0, 2020-05-27, rev 0x00de, size 104448
      sig 0x000806ea, pf_mask 0xc0, 2020-06-17, rev 0x00e0, size 104448
      sig 0x000806eb, pf_mask 0xd0, 2020-06-03, rev 0x00de, size 104448
      sig 0x000806ec, pf_mask 0x94, 2020-05-18, rev 0x00de, size 104448
      sig 0x000906e9, pf_mask 0x2a, 2020-05-26, rev 0x00de, size 104448
      sig 0x000906ea, pf_mask 0x22, 2020-05-25, rev 0x00de, size 103424
      sig 0x000906eb, pf_mask 0x02, 2020-05-25, rev 0x00de, size 104448
      sig 0x000906ec, pf_mask 0x22, 2020-06-03, rev 0x00de, size 103424
      sig 0x000906ed, pf_mask 0x22, 2020-05-24, rev 0x00de, size 103424
      sig 0x000a0660, pf_mask 0x80, 2020-07-08, rev 0x00e0, size 94208
  * 0x806c1: remove the new Tiger Lake update: causes hang on cold/warm boot
    https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/issues/44
    INTEL-SA-00381 AND INTEL-SA-00389 MITIGATIONS ARE THEREFORE NOT INSTALLED
    FOR 0x806c1 TIGER LAKE PROCESSORS by this package update.  Contact your
    system vendor for a firmware update, or wait fo a possible fix in a future
    Intel microcode release.
  * source: update symlinks to reflect id of the latest release, 20201110
  * source: ship new upstream documentation (security.md, releasenote.md)

Signed-off-by: Tan Zien <nabsdh9@gmail.com>
[used different .tar.xz source, but with the same content]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-03 22:40:13 +01:00
Felix Fietkau
fc4398fe71 mt76: update to the latest version
71e08471ab56 mt76: eeprom: fix return code on corrected bit-flips
9a8fc6636d83 mt76: move sar_capa configuration in common code
7cdbea1dc82a mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr
678071ef7029 mt76: mt7615: clear mcu error interrupt status on mt7663

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-03 10:56:49 +01:00
TruongSinh Tran-Nguyen
febc2b831f
ipq40xx: add support for GL.iNet GL-B2200
This patch adds supports for the GL-B2200 router.

Specifications:
  - SOC: Qualcomm IPQ4019 ARM Quad-Core
  - RAM: 512 MiB
  - Flash: 16 MiB NOR - SPI0
  - EMMC: 8GB EMMC
  - ETH: Qualcomm QCA8075
  - WLAN1: Qualcomm Atheros QCA4019 2.4GHz 802.11b/g/n 2x2
  - WLAN2: Qualcomm Atheros QCA4019 5GHz 802.11n/ac W2 2x2
  - WLAN3: Qualcomm Atheros QCA9886 5GHz 802.11n/ac W2 2x2
  - INPUT: Reset, WPS
  - LED: Power, Internet
  - UART1: On board pin header near to LED (3.3V, TX, RX, GND), 3.3V without pin - 115200 8N1
  - UART2: On board with BLE module
  - SPI1: On board socket for Zigbee module

Update firmware instructions:
Please update the firmware via U-Boot web UI (by default at 192.168.1.1, following instructions found at
https://docs.gl-inet.com/en/3/troubleshooting/debrick/).
Normal sysupgrade, either via CLI or LuCI, is not possible from stock firmware.
Please do use the *gl-b2200-squashfs-emmc.img file, gunzipping the produced *gl-b2200-squashfs-emmc.img.gz one first.

What's working:
- WiFi 2G, 5G
- WPA2/WPA3

Not tested:
- Bluetooth LE/Zigbee

Credits goes to the original authors of this patch.

V1->V2:
- updates *arm-boot-add-dts-files.patch correctly (sorry, my mistake)
- add uboot-envtools support
V2->V3:
- Li Zhang updated official patch to fix wrong MAC address on wlan0 (PCI) interface
V3->V4:
- wire up sysupgrade

Signed-off-by: Li Zhang <li.zhang@gl-inet.com>
[fix tab and trailing space, document what's working and what's not]
Signed-off-by: TruongSinh Tran-Nguyen <i@truongsinh.pro>
[rebase on top of master, address remaining comments]
Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
[remove redundant check in platform.sh]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-12-02 20:43:07 +00:00
Enrico Mioso
57c1f3f9c5
base-files: add eMMC sysupgrade support
Adds generic support for sysupgrading on eMMC-based devices.

Provide function emmc_do_upgrade and emmc_copy_config to be used in
/lib/upgrade/platform.sh instead of redundantly implementing the same
logic over and over again.
Similar to generic sysupgrade on NAND, use environment variables
CI_KERNPART, CI_ROOTPART and newly introduce CI_DATAPART to indicate
GPT partition names to be used. On devices with more than one MMC
block device, CI_ROOTDEV can be used to specify the MMC device for
partition name lookups.

Also allow to select block devices directly using EMMC_KERN_DEV,
EMMC_ROOT_DEV and EMMC_DATA_DEV, as using GPT partition names is not
always an option (e.g. when forced to use MBR).

To easily handle writing kernel and rootfs make use of sysupgrade.tar
format convention which is also already used for generic NAND support.

Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
CC: Li Zhang <li.zhang@gl-inet.com>
CC: TruongSinh Tran-Nguyen <i@truongsinh.pro>
2021-12-02 20:42:58 +00:00
Felix Fietkau
a1a71a7199 mac80211: fix tx aggregation locking issue
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-02 14:11:21 +01:00
Felix Fietkau
15d8c7aa74 mac80211: fix queue assignment of aggregation start requests
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-02 13:52:18 +01:00
Felix Fietkau
7e15390056 mt76: update to the latest version
a6451fea5a3d mt76: mt7615: improve wmm index allocation
1911486414dc mt76: mt7915: improve wmm index allocation
7998a41d1321 mt76: clear sta powersave flag after notifying driver
664475574438 mt76: mt7603: introduce SAR support
5c0da39c940b mt76: mt7915: introduce SAR support
77fc6c439a32 mt76: mt7603: improve reliability of tx powersave filtering
094b3d800835 firmware: update mt7663 rebb firmware to 20200904171623
25237b19bcc1 mt76: eeprom: tolerate corrected bit-flips
1463cb4c6ac2 mt76: mt7921: fix boolreturn.cocci warning
586bad6020f7 mt76: mt7921: use correct iftype data on 6GHz cap init
8ec95c910425 mt76: mt7921s: fix bus hang with wrong privilege
688e30c7d854 firmware: update mt7921 firmware to version 20211014
6fad970893dd mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi
95acf972750c mt76: fix 802.3 RX fail by hdr_trans
3f402b0cf6c0 mt76: mt7921s: fix possible kernel crash due to invalid Rx count
929a03a8d65d mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-02 12:44:34 +01:00
Christian Lamparter
25bc66eb40 ca-certificates: fix python3-cryptography woes in certdata2pem.py
This patch is a revert of the upstream patch to Debian's ca-certificate
commit 033d52259172 ("mozilla/certdata2pem.py: print a warning for expired certificates.")

The reason is, that this change broke builds with the popular
Ubuntu 20.04 LTS (focal) releases which are shipping with an
older version of the python3-cryptography package that is not
compatible.

|Traceback (most recent call last):
|  File "certdata2pem.py", line 125, in <module>
|    cert = x509.load_der_x509_certificate(obj['CKA_VALUE'])
|TypeError: load_der_x509_certificate() missing 1 required positional argument: 'backend'
|make[5]: *** [Makefile:6: all] Error 1

...or if the python3-cryptography was missing all together:
|Traceback (most recent call last):
|  File "/certdata2pem.py", line 31, in <module>
|    from cryptography import x509
|ModuleNotFoundError: No module named 'cryptography'

More concerns were raised by Jo-Philipp Wich:
"We don't want the build to depend on the local system time anyway.
Right now it seems to be just a warning but I could imagine that
eventually certs are simply omitted of found to be expired at
build time which would break reproducibility."

Link: <https://github.com/openwrt/openwrt/commit/7c99085bd697>
Reported-by: Chen Minqiang <ptpt52@gmail.com>
Reported-by: Shane Synan <digitalcircuit36939@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-12-01 17:52:35 +01:00
Felix Fietkau
fbc9ce779f hostapd: make hostapd/supplicant/wpad packages depend on a specific version of hostapd-commoon
This avoids potential version mismatch between packages when upgraded
individually

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-01 16:39:12 +01:00
Felix Fietkau
b7ce8a8c17 qosify: remove bulk flow detection from default ports
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-01 16:39:12 +01:00
Felix Fietkau
ac83015621 qosify: add besteffort class and switch all default classifications to class names
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-12-01 16:39:12 +01:00
Stijn Tintel
6832271ee7 nftables: bump to 1.0.1
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-01 00:39:36 +02:00
Stijn Tintel
7f7034d79f libnftnl: bump to 1.2.1
This version is required by nftables 1.0.1.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-12-01 00:39:26 +02:00
Christian Lamparter
7c99085bd6 ca-certicficates: Update to version 20211016
Update the ca-certificates and ca-bundle package from version 20210119 to
version 20211016.

Debian change-log entry [1]:
|[...]
|[ Julien Cristau ]
|* mozilla/{certdata.txt,nssckbi.h}: Update Mozilla certificate authority
|    bundle to version 2.50
|    The following certificate authorities were added (+):
|    + "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
|    + "GlobalSign Root R46"
|    + "GlobalSign Root E46"
|    + "GLOBALTRUST 2020"
|    + "ANF Secure Server Root CA"
|    + "Certum EC-384 CA"
|    + "Certum Trusted Root CA"
|    The following certificate authorities were removed (-):
|    - "QuoVadis Root CA"
|    - "Sonera Class 2 Root CA"
|    - "GeoTrust Primary Certification Authority - G2"
|    - "VeriSign Universal Root Certification Authority"
|    - "Chambers of Commerce Root - 2008"
|    - "Global Chambersign Root - 2008"
|    - "Trustis FPS Root CA"
|    - "Staat der Nederlanden Root CA - G3"
|  * Blacklist expired root certificate "DST Root CA X3" (closes: #995432)
|[...]

[1] <https://metadata.ftp-master.debian.org/changelogs//main/c/ca-certificates/ca-certificates_20211016_changelog>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-11-30 20:14:26 +01:00
Kevin Darbyshire-Bryant
7a48dfc90c nftables: install package file
Install pc file so dnsmasq can find libnftables

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2021-11-30 15:16:17 +00:00
Oldřich Jedlička
8d6a534cc1 mac80211: fixed missing cfg80211 dependency on kmod-rfkill
When compiling with CONFIG_USE_RFKILL=y, the build fails and mentions that
dependency on kmod-rfkill is missing, which is correct [1]. Add this
dependency to the Makefile.

Depend on +USE_RFKILL and not PACKAGE_kmod-rfkill, because it forces
selection of kmod-rfkill package. Other combinations in DEPENDS like
USE_RFKILL:kmod-rfkill or (+)PACKAGE_kmod-rfkill:kmod-rfkill do not force
selection of kmod-rfkill package.

The kmod-rfkill package itself depends on USE_RFKILL, so with +USE_RFKILL
in kmod-cfg80211 package it is not possible to select wrong combination of
packages.

[1] https://linux-wireless.vger.kernel.narkive.com/m8JY9Iks/cfg80211-depends-on-rfkill-or-not

Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
2021-11-29 22:11:15 +01:00
Robert Marko
040c02497c ath10k-ct: Fix spectral scan NULL pointer
If spectral scan support is enabled then ath10k-ct will cause a NULL
pointer due to relay_open() being called with a const callback struct
which is only supported in kernel 5.11 and later.

So, simply check the kernel version and if 5.11 and newer use the const
callback struct, otherwise use the regular struct.

Fixes: 553a3ac ("ath10k-ct: use 5.15 version")
Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-11-29 21:48:03 +01:00
Hauke Mehrtens
889043a155 uboot-omap: Remove omap3_overo configuration
The configs/omap3_overo_defconfig file was removed from upstream U-Boot
in commit ed3294d6d1f9 ("arm: Remove overo board"). Remove it in OpenWrt
too. If someone needs this please add it also to upstream U-Boot.

This fixes the compile of the omap target.

Fixes: ffb807ec90 ("omap: update u-boot to 2021.07")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-28 22:26:27 +01:00
Felix Matouschek
1cc3b95efc ipq40xx: Add support for Teltonika RUTX10
This patch adds support for the Teltonika RUTX10.
This device is an industrial DIN-rail router with 4 ethernet ports,
2.4G/5G dualband WiFi, Bluetooth, a USB 2.0 port and two GPIOs.

The RUTX series devices are very similiar so common parts of the DTS
are kept in a DTSI file. They are based on the QCA AP-DK01.1-C1 dev
board.

See https://teltonika-networks.com/product/rutx10 for more info.

Hardware:
  SoC:                 Qualcomm IPQ4018
  RAM:                 256MB DDR3
  SPI Flash 1:         XTX XT25F128B (16MB, NOR)
  SPI Flash 2:         XTX XT26G02AWS (256MB, NAND)
  Ethernet:            Built-in IPQ4018 (SoC, QCA8075), 4x 10/100/1000 ports
  WiFi 1:              Qualcomm QCA4019 IEEE 802.11b/g/n
  Wifi 2:              Qualcomm QCA4019 IEEE 802.11a/n/ac
  USB Hub:             Genesys Logic GL852GT
  Bluetooth:           Qualcomm CSR8510 (A10U)
  LED/GPIO controller: STM32F030 with custom firmware
  Buttons:             Reset button
  Leds:                Power (green, cannot be controlled)
                       WiFi 2.4G activity (green)
                       WiFi 5G activity (green)

MACs Details verified with the stock firmware:
   eth0:             Partition 0:CONFIG Offset: 0x0
   eth1:             = eth0 + 1
   radio0 (2.4 GHz): = eth0 + 2
   radio1 (5.0 GHz): = eth0 + 3
Label MAC address is from eth0.

The LED/GPIO controller needs a separate kernel driver to function.
The driver was extracted from the Teltonika GPL sources and can be
found at following feed: https://github.com/0xFelix/teltonika-rutx-openwrt

USB detection of the bluetooth interface is sometimes a bit flaky. When
not detected power cycle the device. When the bluetooth interface was
detected properly it can be used with bluez / bluetoothctl.

Flash instructions via stock web interface (sysupgrade based):
  1. Set PC to fixed ip address 192.168.1.100
  2. Push reset button and power on the device
  3. Open u-boot HTTP recovery at http://192.168.1.1
  4. Upload latest stock firmware and wait until the device is rebooted
  5. Open stock web interface at http://192.168.1.1
  6. Set some password so the web interface is happy
  7. Go to firmware upgrade settings
  8. Choose
     openwrt-ipq40xx-generic-teltonika_rutx10-squashfs-nand-factory.ubi
  9. Set 'Keep settings' to off
  10. Click update, when warned that it is not a signed image proceed

Return to stock firmware:
  1. Set PC to fixed ip address 192.168.1.100
  2. Push reset button and power on the device
  3. Open u-boot HTTP recovery at http://192.168.1.1
  4. Upload latest stock firmware and wait until the device is rebooted

Note: The DTS expects OpenWrt to be running from the second rootfs
partition. u-boot on these devices hot-patches the DTS so running from the
first rootfs partition should also be possible. If you want to be save follow
the instructions above. u-boot HTTP recovery restores the device so that when
flashing OpenWrt from stock firmware it is flashed to the second rootfs
partition and the DTS matches.

Signed-off-by: Felix Matouschek <felix@matouschek.org>
2021-11-28 18:39:01 +01:00
Matthew Hagan
529eac5371 kernel: add back kmod-leds-tlc591xx
Add back support for the TLC591xx series LEDs which are used in the
ipq806x-based Meraki Cryptid series devices.

This module previously existed for the mvebu platform but was removed
at commit f849c2c832 due to being enabled
in that platform's kernel config.

Signed-off-by: Matthew Hagan <mnhagan88@gmail.com>
2021-11-28 17:41:18 +01:00
Robert Marko
3ad229db0b ipq40xx: add support for MikroTik hAP ac3
This adds support for the MikroTik RouterBOARD RBD53iG-5HacD2HnD
(hAP ac³), a  indoor dual band, dual-radio 802.11ac
wireless AP with external omnidirectional antennae, USB port, five
10/100/1000 Mbps Ethernet ports and PoE passthrough.

See https://mikrotik.com/product/hap_ac3 for more info.

Specifications:
 - SoC: Qualcomm Atheros IPQ4019
 - RAM: 256 MB
 - Storage: 16 MB NOR + 128 MB NAND
 - Wireless:
   · Built-in IPQ4019 (SoC) 802.11b/g/n 2x2:2, 3 dBi antennae
   · Built-in IPQ4019 (SoC) 802.11a/n/ac 2x2:2, 5.5 dBi antennae
 - Ethernet: Built-in IPQ4019 (SoC, QCA8075) , 5x 1000/100/10 port,
             passive PoE in, PoE passtrough on port 5
- 1x USB Type A port

Installation:
1. Boot the initramfs image via TFTP
2. Run "cat /proc/mtd" and look for "ubi" partition mtd device number, ex. "mtd1"
3. Use ubiformat to remove MikroTik specific UBI volumes
* Detach the UBI partition by running: "ubidetach -d 0"
* Format the partition by running: "ubiformat /dev/mtdN -y"
Replace mtdN with the correct mtd index from step 2.
3. Flash the sysupgrade image using "sysupgrade -n"

Signed-off-by: Robert Marko <robimarko@gmail.com>
Tested-by: Mark Birss <markbirss@gmail.com>
Tested-by: Michael Büchler <michael.buechler@posteo.net>
Tested-by: Alex Tomkins <tomkins@darkzone.net>
2021-11-28 17:19:52 +01:00
Robert Marko
f2c4064ecb base-files: dont always create kernel UBI volume
Currently nand_upgrade_tar() will pass the kernel length
to nand_upgrade_prepare_ubi() in all cases except for when
the kernel is to be installed in a separate partition as a
binary with the MTD tool.

While this is fine for almost all cases newer MikroTik NAND
devices like hAP ac3 require the kernel to be installed as a
UBIFS packed UBI volume in its own partition.

So, since we have a custom recipe to use ubiformat to flash
the kernel in its partition it makes no sense for sysupgrade
to also install the kernel as a UBI volume in the "ubi"
partition as it only wastes space and will never be used.

So, simply check whether CI_KERNPART is set to "none" and
if so unset the "has_kernel" variable which will in turn
prevent the kernel length from being passed on and then
the kernel UBI volume wont be created for no usefull purpose.

The ath79 MikroTik NAND target has been setting CI_KERNPART
to "none" for a while now altough that was not preventing
the kernel to be installed as UBI volume as well.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2021-11-28 17:17:22 +01:00
Hannu Nyman
26a7a385bb ath10k-ct: update version to fix DFS for VHT160
Update ath10k-ct to get the upstream fix for
DFS support for VHT160 in the 5.15 based ath10k-ct.
(Switch from 5.10 to 5.15 surfaced the upstream regression.)

* refresh one patch

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2021-11-28 13:57:41 +01:00
Christian Lamparter
49d400191d ath10k: support nvmem-cells for (pre-)calibration
refreshes mac80211 + ath10k-ct patches.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-11-28 01:13:08 +01:00
Mathias Kresin
b7befd8d81 uboot-lantiq: danube: fix hanging lzma kernel uncompression #2
Follow up to commit 565b62cca2. Managed to
hit the very same issue again while playing with the NOR SPL builds.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-11-27 21:49:10 +01:00
Andre Heider
1404ed25b8 uboot-mvebu: update to v2021.10
Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-11-27 19:39:17 +01:00
Andre Heider
50f65a9c46 arm-trusted-firmware-mvebu: bump mv-ddr-marvell to current version
efcad0e Merge pull request #33 from Semihalf/cn913x_cex7_eval
91bed2c cn913x: Add cn913x_cex7_eval config
55139f6 Merge pull request #32 from pali/master
e5573cc ARM: mvebu: a38x: Correct mismatched bound warnings
d83c38b a3700: Remove duplicate check for DDR_TYPE
c0c6bf7 a3700: Put temporary a3700_ddr_type file into $(OBJ_DIR)

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-11-27 19:36:36 +01:00
Andre Heider
b18e87cc39 arm-trusted-firmware-mvebu: bump a3700-utils to current version
With cryptocpp in place we can now update past the point of dropping
the old tbb_linux binary and build it instead.

Hauke confirmed that this also allows this firmware to be built on
aarch64.

97f01f5 Wtpdownloader: Properly retrieve current tty options
a33ff86 Wtpdownloader: Set CREAD tty cflag
af461d2 Wtpdownloader: Fix stuck during opening UART tty device
38c2135 Makefile: Print error when specified CLOCKSPRESET is not valid
f014428 TBB: Remove out-of-dated x86-64 ELF binary tbb_linux
1b6cb50 TBB: Fix compilation with Crypto++ 5.6.5
d9fb291 TBB: Fix memory corruptions by calling correct delete[] operator
d575885 TBB: Fix initializing CCTIM object
b9e1c4e Wtpdownloader: Fix makefile
8f61591 Wtpdownloader: Fix building with gcc 11
eabea5f TBB: Fix building with gcc 11

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-11-27 19:36:36 +01:00
Josef Schlehofer
8d9f462731 arm-trusted-firmware-mvebu: add cryptopp
Based on the Build Instructions for Trusted-Firmware-A [1],
there is a required cryptopp [2].

In the past, it used 'tbb_linux' image tool binary, which seems to
be buggy, deprecated and removed from A3700-utils-marvell and it should
not be used anymore. That's why I removed 001-imagetool.patch, which is
no longer necessary.

[1] https://trustedfirmware-a.readthedocs.io/en/v2.5/plat/marvell/armada/build.html
[2] https://cryptopp.com/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2021-11-27 19:36:36 +01:00
Kerma Gérald
35b0dc36a3 arm-trusted-firmware-mvebu: fix commit ids to for mv-ddr-marvell
without this patch a3700-utils/tim/ddr/ddr_tool.verstr contains the OpenWrt commit ID.
this patch fix the mv_ddr version commit ID by using the global variable MV_DDR_COMMIT_ID.

Upon boot it now prints "mv_ddr-devel-g02e23dbc-d DDR4 16b 1GB 1CS".

Cc: Andre Heider <a.heider@gmail.com>
Signed-off-by: Kerma Gérald <gandalf@gk2.net>
2021-11-27 19:36:36 +01:00
Ansuel Smith
553a3ac221 ath10k-ct: use 5.15 version
We switched to mac80211 5.15 backport version.
Also switch ath10k-ct to 5.15 and drop the mac address patch
that got merged upstream.
Compile and tested on ipq806x Netgear R7800.
Also update the ath10k-ct to latest version to fix a typo
for the new version in the kernel log.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2021-11-27 01:11:05 +01:00
Felix Fietkau
b92a9f607b mac80211: fix a regression in generating radiotap headers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-26 08:42:37 +01:00
Felix Fietkau
68189835ac mac80211: backport fix for dealing with stripped IV on rx
This fixes potental rx drop issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-26 08:42:36 +01:00
David Bauer
3ba9846842 hostapd: add beacon_interval to get_status ubus output
Add the beacon interval to hostapd status output. This allows external
services to discover the beacon interval for a specific VAP.

This way, external wireless management daemons can correctly calculate
fields containing TBTT value from absolute time-values.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-11-25 02:41:42 +01:00
Felix Fietkau
f84053af5c hostapd: add a patch that allows processing auth requests for peers in blocked state
If authentication fails repeatedly e.g. because of a weak signal, the link
can end up in blocked state. If one of the nodes tries to establish a link
again before it is unblocked on the other side, it will block the link to
that other side. The same happens on the other side when it unblocks the
link. In that scenario, the link never recovers on its own.

To fix this, allow restarting authentication even if the link is in blocked
state, but don't initiate the attempt until the blocked period is over.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-24 18:26:47 +01:00
Felix Fietkau
d439c7d85a mac80211: add a fix for kernel warnings when forwarding packets in mesh mode
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-24 15:39:34 +01:00
Felix Fietkau
ddd977fcc5 mac80211: fix regression in SSN handling of addba tx
Some drivers that do their own sequence number allocation (e.g. ath9k, mwlwifi) rely
on being able to modify params->ssn on starting tx ampdu sessions.
This was broken by a change that modified it to use sta->tid_seq[tid] instead.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-24 15:39:34 +01:00
Mark Mentovai
398cbb76fa
hostapd: allow hostapd under ujail to communicate with hostapd_cli
When procd-ujail is available, 1f78538387 runs hostapd as user
"network", with only limited additional capabilities (CAP_NET_ADMIN and
CAP_NET_RAW).

hostapd_cli (CONFIG_PACKAGE_hostapd-utils) communicates with hostapd
over a named UNIX-domain socket. hostapd_cli is responsible for creating
this socket at /tmp/wpa_ctrl_$pid_$counter. Since it typically runs as
root, this endpoint is normally created with uid root, gid root, mode
0755. As a result, hostapd running as uid network is able to receive
control messages sent through this interface, but is not able to respond
to them. If debug-level logging is enabled (CONFIG_WPA_MSG_MIN_PRIORITY
<= 2 at build, and log_level <= 2 in /etc/config/wireless wifi-device),
this message will appear from hostapd:

CTRL: sendto failed: Permission denied

As a fix, hostapd_cli should create the socket node in the filesystem
with uid network, gid network, mode 0770. This borrows the presently
Android-only strategy already in hostapd intended to solve the same
problem on Android.

If procd-ujail is not available and hostapd falls back to running as
root, it will still be able to read from and write to the socket even if
the node in the filesystem has been restricted to the network user and
group. This matches the logic in
package/network/services/hostapd/files/wpad.init, which sets the uid and
gid of /var/run/hostapd to network regardless of whether procd-ujail is
available.

As it appears that the "network" user and group are statically allocated
uid 101 and gid 101, respectively, per
package/base-files/files/etc/passwd and USERID in
package/network/services/hostapd/Makefile, this patch also uses a
constant 101 for the uid and gid.

Signed-off-by: Mark Mentovai <mark@moxienet.com>
[refreshed patch]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-23 18:53:31 +00:00
Felix Fietkau
5aa62cb799 mt76: update to the latest version
f0a5b1118fa4 mt76: mt7915: fix decap offload corner case with 4-addr VLAN frames
67f93aa9a207 mt76: mt7615: fix decap offload corner case with 4-addr VLAN frames
46261d4bbfb5 mt76: fix possible pktid leak
a7fdd272efee mt76: mt7921: move mt76_connac_mcu_set_hif_suspend to bus-related files
3d9e13f567a4 mt76: mt7921s: fix the device cannot sleep deeply in suspend
99225b985cbc mt76: mt7615: fix unused tx antenna mask in testmode

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-23 16:59:54 +01:00
Felix Fietkau
d1ea575baa mac80211: fix crash in drivers relying on mac80211 retransmitting packets for powersave clients
This showed up primarily on rt2x00

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-23 16:49:37 +01:00
Oldřich Jedlička
1818157daa dnsmasq: fix ismounted check
Fix the return value, shell return codes should be 0 to indicate success
(i.e. mount point found), 1 should be failure (i.e. mount point not-found).

Fixes: ac4e8aa ("dnsmasq: fix more dnsmasq jail issues")
Signed-off-by: Oldřich Jedlička <oldium.pro@gmail.com>
2021-11-23 14:57:52 +00:00
Jo-Philipp Wich
50bc06e774 procd: setup /dev/stdin, /dev/stdout and /dev/stderr symlinks
Extend the hotplug.json ruleset to setup the common /dev/std{in,out,err}
symbolic links which are needed by some applications, e.g. nftables when
applying rulesets from stdin.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-11-23 14:03:39 +00:00
Daniel Golle
507f50df07
procd: update to git HEAD
8de12de system: add diskfree infos to ubus
 bf3fe0e service: move jail parsing to end of instance parser
 87b5836 procd: add full service shutdown prior to sysupgrade
 01ac2c4 procd: service_stop_all: also kill inittab actions

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-23 14:03:23 +00:00
Felix Fietkau
7a496e4b4b qosify: update to the latest version
06872673c10f map: allow referring to a class index directly in tcp/udp default entries

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-22 17:23:15 +01:00
Felix Fietkau
3a1597c7bd qosify: install hotplug handler into /etc/hotplug.d/iface as well
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-22 17:23:15 +01:00
Felix Fietkau
24bb494b6c mt76: update to the latest version
5dd32475c859 mt76: mt7915: get rid of mt7915_mcu_set_fixed_rate routine
f5cfaaff3dd1 mt76: mt7921: drop offload_flags overwritten
f5ad840ca5c0 mt76: mt7615: fix possible deadlock while mt7615_register_ext_phy()
29a8a08827b1 mt76: mt7921: fix MT7921E reset failure
f44685f2faee mt76: mt7915: fix return condition in mt7915_tm_reg_backup_restore()
ae8e02ddd2b0 mt76: mt7915: fix SMPS operation fail
e814e15716b0 mt76: reverse the first fragmented frame to 802.11
c9bca3ed9566 mt76: mt7915: fix NULL pointer dereference in mt7915_get_phy_mode
dd054b7e16e7 mt76: only set rx radiotap flag from within decoder functions
f1520c9bb332 mt76: mt7915: add default calibrated data support
0c489ea2865a mt76: testmode: add support to set MAC
91c5da3d0a7c mt76: mt7921: add support for PCIe ID 0x0608/0x0616
ca39b4bbc227 mt76: debugfs: fix queue reporting for mt76-usb
00b6f497e2e8 mt76: mt7921: introduce 160 MHz channel bandwidth support
c1574466c733 mt76: fix possible OOB issue in mt76_calculate_default_rate
9680a17b0aed mt76: mt7921: fix possible NULL pointer dereference in mt7921_mac_write_txwi
78fc0dcdcef0 mt76: connac: fix a theoretical NULL pointer dereference in mt76_connac_get_phy_mode
05953e7d6fe7 mt76: mt7615: remove dead code in get_omac_idx
39f6c37127c1 mt76: connac: remove PHY_MODE_AX_6G configuration in mt76_connac_get_phy_mode
526591b203f3 mt76: do not pass the received frame with decryption error
256789bb400f mt76: fix the wiphy's available antennas to the correct value
fa187f5cf068 mt76: fix timestamp check in tx_status
11ebf11a3587 mt76: mt7915: fix the wrong SMPS mode
8c69b815ee7f mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in mt7921_config
bc6798f729f9 mt76: move sar utilities to mt76-core module
b1d0ad2e74fe mt76: mt76x02: introduce SAR support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-22 16:08:09 +01:00
Felix Fietkau
e2c4998f6d mac80211: set beamformer/beamformee number of antennas in VHT caps
Without this, beamforming is probably not working

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-22 13:04:34 +01:00
Daniel Golle
8f45849876
uqmi: update to git HEAD
20cd907 uqmi: use unmodified upstream JSON files
 b2c53dc command-nas: fix out-of-bounds read

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-22 01:30:03 +00:00
Felix Fietkau
e9610794fd qosify: add support for configuring overhead
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-21 13:47:18 +01:00
Felix Fietkau
9962585f2d qosify: update to the latest version
2743e58741b3 bpf: work around a verifier issue

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-21 13:47:18 +01:00
Hans Dedecker
9b29c14b0e ethtool: update to version 5.15
cef54c4 Release version 5.15.
23beb39 update UAPI header copies
fd7db64 netlink: settings: Correct duplicate condition
88892ec Merge branch 'review/module-fixes-2-v2'
79cb4ab sff-8636: Remove extra blank lines
128e97c sff-8636: Convert if statement to switch-case
7ff603b sff-8636: Fix incorrect function name
86e9784 sff-8636: Remove incorrect comment
001aecd cmis: Correct comment
1bad83c cmis: Fix wrong define name
2c2fa88 cmis: Fix CLEI code parsing
d007b49 Merge branch 'review/module-fixes' into master
a7431bc netlink: eeprom: Fix compilation when pretty dump is disabled
d02409c ethtool: Fix compilation warning when pretty dump is disabled
2ddb1a1 netlink: eeprom: Fallback to IOCTL when a complete hex/raw dump is requested
7e153a7 cmis: Fix invalid memory access in IOCTL path
769a50e sff-8636: Fix parsing of Page 03h in IOCTL path

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-11-21 12:52:39 +01:00
Daniel Golle
c1ab687349
fstools: update to git HEAD
77c0288 fstools: fix a couple of minor code problems

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-20 21:09:59 +00:00
Daniel Danzberger
0e96e06867 nftables: install libnftables to staging dir
Makes libnftables library and headers available for other packages.

Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
2021-11-20 21:08:25 +01:00
Marius Durbaca
f1b4c1d82d kernel: add kmod-usb-net-smsc75xx
add kernel module for smsc75xx based USB 2.0 Gigabit Ethernet devices

Signed-off-by: Marius Durbaca <mariusd84@gmail.com>
2021-11-20 21:08:25 +01:00
Andre Heider
ffb807ec90 omap: update u-boot to 2021.07
Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-11-20 21:08:25 +01:00
Rosen Penev
e6f569406f gettext: remove package
This package was necessary when uClibc was in the tree. Now that uClibc
is gone, this can go too.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-11-20 21:08:25 +01:00
Nian Bohung
454ebdf1c9 linux-firmware: add firmware for intel ax200
Signed-off-by: Nian Bohung <n0404.n0404@gmail.com>
2021-11-20 21:08:25 +01:00
Nian Bohung
b1db558555 cypress-nvram: fix firmware is not exist for raspberry pi compute 4
Fix file "brcmfmac43455-sdio.raspberrypi,4-compute-module.txt" is not exist.

Signed-off-by: Nian Bohung <n0404.n0404@gmail.com>
2021-11-20 21:08:25 +01:00
Rosen Penev
a3cd6c0b89 pcre: bring back C++ bindings
It seems some people use them privately.

Reported-by: Jan Kardell <jan.kardell@telliq.com>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-11-20 21:08:24 +01:00
Rosen Penev
a24de89539 readline: disable shared library for host
Allows to avoid rpath hacks with at least softethervpn.

--with-pic is needed as it's not default with static libraries, only
shared ones.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-11-20 21:08:24 +01:00
Rosen Penev
3d6e25dd32 libjson-c: don't build shared host libraries
Avoids having to deal with various rpath hacks.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-11-20 21:08:24 +01:00
Karel Kočí
507911f477 kernel: add kmod-ledtrig-pattern
This allows LEDs to be triggered by custom pattern and not just
predefined ones.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
2021-11-20 18:53:14 +01:00
Daniel Golle
6fcb4f4e04
libubox: update to git HEAD
cce5e35 vlist: define vlist_for_each_element_safe

This is change affects only a macro in headers and hence it is not
required to bump ABI_VERSION.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-20 17:48:49 +00:00
Felix Fietkau
b764cb9e5b qosify: add qosify-status script
This will show detailed status for all devices/interfaces

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-19 23:51:20 +01:00
Felix Fietkau
991966f1f5 qosify: add class specific bulk flow detection example to voice class
With the new version, priority/bulk flow detection can be selectively enabled
and configured per class

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-19 23:51:20 +01:00
Felix Fietkau
0351a5ff87 qosify: update to the latest version
68961a555e42 ubus: drop dnsmasq check for dns_result method
1ca3e26b8169 bpf: refactor code to support explicit opt-in for bulk+prio detection
3f0acf039f41 bpf: move flow prio/bulk detection config into a separate data structure
bc54c97e3333 map, bpf: create a separate map for configured dscp classes
46cf3eae2d99 bpf: fix bulk flow detaction
88f1db7dd611 bpf: fix priority flow detection
b5dec7874373 bpf: remove access to skb->gso_size
e728a319a9a5 interface: unify status, always include ifname, ingress, egress

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-19 23:51:20 +01:00
Felix Fietkau
8f355becdf bpf-headers: switch to mips64 for 64 bit targets
BTF pointer data has a different size on 32 vs 64 bit targets,
and while the generated eBPF code works, the BTF data fails to validate
on mismatch

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-19 23:51:20 +01:00
Felix Fietkau
ff6b89df70 qosify: keep ICMP in the default best-effort class
Also preserve existing DSCP tags to make it easier to test latency for
different DSCP values

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-19 23:51:20 +01:00
Rodrigo B. de Sousa Martins
537df46a39 qosify: move package to Base System
Since sqm-scripts and qos-scripts packages are in the same category as qosify,
the firsts being in the Base System category, I find it understandable to move
the latter to Base System instead of network section.

Signed-off-by: Rodrigo B. de Sousa Martins <rodrigo.sousa.577@gmail.com>
2021-11-19 23:51:20 +01:00
David Bauer
7ae04d3799 hostapd: fix use after free bugs
Using a pointer one lifter after it freed is not the best idea.
Let's not do that.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-11-19 21:58:12 +01:00
Bastian Bittorf
ea5fce3f46 mac80211: fix IBSS/adhoc mode for brcmfmac
On systems using brmcfmac (e.g. Raspberry Pi Zero W) without this fix,
the final setup-call:
iw dev wlan0 ibss join ...

fails with returncode 161 and message:
"command failed: Not supported (-95)"

So this patch calls an explicit:
iw dev wlan0 set type ibss
just prior to the 'ibss join' command.

I have tested several ath9k and mt76xx devices
with different revisions: this patch does not harm.

please also apply to stable branch.

Signed-off-by: Bastian Bittorf <bb@npl.de>
2021-11-19 18:27:47 +00:00
Daniel Golle
2f95dd8ff0
ltq-vdsl-fw: update w921v firmware download URL
Update Telekom Speedport W921V firmware download URL.
Contained TAPI and VDSL firmware blobs are identical.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-15 15:18:03 +00:00
Eneas U de Queiroz
5720ac8f4c hostapd: set VARIANT=* for wpa-cli, hostapd-utils
19aae94 [build: avoid rebuilds of unset VARIANT packages] builds
packages defined without a VARIANT only once, using the first VARIANT
defined in the Makefile.

This caused problems with wpa-cli, as it is only built for variants that
include supplicant support, and the first VARIANT defined may not build
it.

The same happens to hostapd-utils, which is not built for
supplicant-only variants.

To circumvent this, set VARIANT=* for both packages so that they get
built for every defined variant.  This should not cause spurious
rebuilds, since tey are not a dependency of any other package defined in
this Makefile.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-11-15 00:38:46 +01:00
Stijn Tintel
53247d3cb4 lldpd: add reload trigger
This is needed to reload the service when calling reload_config, if the
UCI config has changed.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-11-14 21:26:41 +02:00
Stijn Tintel
d44ab665a6 lldpd: consolidate procd command lines
There is no need to have multiple lines for this.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-11-14 21:26:41 +02:00
Stijn Tintel
f054fcd98a lldpd: bump to 1.0.13
Fixes CVE-2021-43612.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-11-14 21:26:41 +02:00
Mathias Kresin
9daf57d960 uboot-lantiq: reduce stack size
On lantiq a lot of stuff expects to be loaded to and executed at
0x80002000, including our own second stage bootloader.

For all build u-boots, the initial stack pointer is at 0x80008000. After
loading data to 0x80002000, every further stack operation corrupts the
loaded code.

Set the initial stack pointer to 0x80002000, to not overwrite code
loaded in memory. A stack of 0x2000 bytes has been proven as enough in
all done tests.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-11-14 20:15:50 +01:00
Mathias Kresin
e6f8cf6223 uboot-lantiq: danube: fix SPL boot
On danube we only have 0x6800 bytes of usable SRAM. Everything behind
can't be written to and a SPL u-boot locks up during boot.

Since it's a hard to debug issue and took me more than two years to fix
it, I consider it worth to include fix albeit SPL u-boots are not build
in OpenWrt.

I faced the issue while trying to shrink the u-boot to 64K since some
boards only have an u-boot partition of that size from the days
ifx-uboot was used.

Signed-off-by: Mathias Kresin <dev@kresin.me>
Reviewed-by: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>
2021-11-14 20:15:42 +01:00
Mathias Kresin
87b8f095af uboot-lantiq: fix out of bounds cache invalidate
With gcc10 the variables are placed more tightly to each other, which
uncovers a long existing bug in the lantiq DMA code. It can be observed
when using tftpboot with the filename parameter, which gets reset during
the tftpboot execution.

NetRxPackets[] points to cache line size aligned addresses. In
ltq_eth_rx_packet_align() the address NetRxPackets[] points to is
increased by LTQ_ETH_IP_ALIGN and the resulting not cache aligned
address is used further on. While doing so, the length/size is never
updated.

The "not cache aligned address" + len/size for a cache aligned address
is passed to invalidate_dcache_range(). Hence, invalidate_dcache_range()
invalidates the next 32 bit as well, which flashes the BootFile variable
as well.

   variable BootFile is at address: 0x83ffe12c
   NetRxPackets[] points to 0x83ffdb20 (len is 0x600)
   data points to: 0x83ffdb22 (len is 0x600)

   ltq_dma_dcache_inv: 0x83ffdb22 (for len 0x600)
   invalidate_dcache_range: 0x83ffdb20 to 0x83ffe120 (size: 32)
   invalidate_dcache_range: 0x83ffdb20 to 0x83ffdb40 (Bootfile: a.bin)
   ...
   invalidate_dcache_range: 0x83ffe100 to 0x83ffe120 (Bootfile: a.bin)
   invalidate_dcache_range: 0x83ffe120 to 0x83ffe140 (Bootfile: )

In ltq_dma_tx_map() and ltq_dma_rx_map() the start address passed to
ltq_dma_dcache_wb_inv() is incorrect. By considering the offset, the
start address passed to flush_dcache_range() is always aligned to 32, 64
or 128 bytes dependent on configured DMA burst size.

Fixes: FS#4113

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-11-14 20:15:35 +01:00
Mathias Kresin
565b62cca2 uboot-lantiq: danube: fix hanging lzma kernel uncompression
At least since gcc 7.3.0 (OpenWrt 18.06) lwr/lwl are used in the
assembly of LzmaProps_Decode. While the decission made by the compiler
looks perfect fine, it triggers some obscure hang on lantiq danube-s
v1.5 with MX29LV640EB NOR flash chips.

Only if the offset 1 is used, the hang can be observed. Using any other
offset works fine:

  lwl s0,0(a1) - s0 == 0x6d000080
  lwl s0,1(a1) - hangs
  lwl s0,2(a1) - s0 == 0x0080xxxx
  lwl s0,3(a1) - s0 == 0x80xxxxxx

It isn't clear whether it is a limitation of the flash chip, the EBU or
something else.

Force 8bit reads to prevent gcc optimizing the read with lwr/lwl
instructions.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2021-11-14 20:15:29 +01:00
Felix Fietkau
9bd9e04b6f qosify: add missing alias support in the init script
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-14 19:36:34 +01:00
Richard Yu
12d33d388c ipq40xx: add support for P&W R619AC (aka G-DOCK 2.0)
P&W R619AC is a IPQ4019 Dual-Band AC1200 router.
It is made by P&W (p2w-tech.com) known as P&W R619AC
but marketed and sold more popularly as G-DOCK 2.0.

Specification:

* SOC: Qualcomm Atheros IPQ4019 (717 MHz)
* RAM: 512 MiB
* Flash: 16 MiB (NOR) + 128 MiB (NAND)
* Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN)
* Wireless:
  - 2.4 GHz b/g/n Qualcomm Atheros IPQ4019
  - 5 GHz a/n/ac Qualcomm Atheros IPQ4019
* USB: 1 x USB 3.0
* LED: 4 x LAN, 1 x WAN, 2 x WiFi, 1 x Power (All Blue LED)
* Input: 1 x reset
* 1 x MicroSD card slot
* Serial console: 115200bps, pinheader J2 on PCB
* Power: DC 12V 2A
* 1 x Unpopulated mPCIe Slot (see below how to connect it)
* 1 x Unpopulated Sim Card Slot

Installation:
1. Access to tty console via UART serial
2. Enter failsafe mode and mount rootfs
   <https://openwrt.org/docs/guide-user/troubleshooting/failsafe_and_factory_reset>
3. Edit inittab to enable shell on tty console
   `sed -i 's/#ttyM/ttyM/' /etc/inittab`
4. Reboot and upload `-nand-factory.bin` to the router (using wget)
5. Use `sysupgrade` command to install

Another installation method is to hijack the upgrade server domain
of stock firmware, because it's using insecure http.

This commit is based on @LGA1150(at GitHub)'s work
<a4932c8d5a>
With some changes:
1. Added `qpic_bam` node in dts. I don't know much about this,
   but I observed other dtses have this node.
2. Removed `ldo` node under `sd_0_pinmux`, because `ldo` cause SD card not
   working. This fix is from
   <51143b4c75>
3. Removed the 32MB NOR variant.
4. Removed `cd-gpios` in `sdhci` node, because it's reported that it makes
   wlan2g led light up.
5. Added ethphy led config in dts.
6. Changed nand partition label from `rootfs` to `ubi`.

About the 128MiB variant: The stock bootloader sets size of nand to 64MiB.
But most of this devices have 128MiB nand. If you want to use all 128MiB,
you need to modify the `MIBIB` data of bootloader. More details can be
found on github:
<https://github.com/openwrt/openwrt/pull/3691#issuecomment-818770060>
For instructions on how to flash the MIBIB partition from u-boot console:
<https://github.com/openwrt/openwrt/pull/3691#issuecomment-819138232>

About the Mini PCIe slot: (from "ygleg")
"The REFCLK signals on the Mini PCIe slot is not connected on
this board out of the box. If you want to use the Mini PCIe slot
on the board, you need to (preferably) solder two 0402 resistors:
R436 (REFCLK+) and R444 (REFCLK-)..."
This and much more information is provoided in the github comment:
<https://github.com/openwrt/openwrt/pull/3691#issuecomment-968054670>

Signed-off-by: Richard Yu <yurichard3839@gmail.com>
Signed-off-by: DENG Qingfang <dqfext@gmail.com>
[Added comment about MIBIB+128 MiB variant. Added commit
message section about pcie slot. Renamed gpio-leds' subnodes
and added color, function+enum properties.]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-11-14 14:28:34 +01:00
Paul Spooren
7bc18aa284 firewall4: update to latest Git HEAD
eb0a3ee fw4.uc: Do not quote port ranges
c5a8e3e tests: adapt test to new ICMP print logic

Also start using $(AUTORELEASE)

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-11-13 09:40:14 -10:00
Daniel Golle
4d3303b1bd
base-files: stage2: improve /proc/*/stat parser
Simply reading /proc/*/stat as a space-separated string will not work
as the process name may itself contain spaces. Hence we must match on
the '(' and ')' characters around the process name and can then handle
the remaining string as space-separated values.
This fixes shell error messages which have been popping up the console
due to spaces in process names being interpreted as field separators.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-13 18:36:52 +00:00
Hauke Mehrtens
c90e10b62e mac80211: Fix deadlock when configuring wifi
The nl80211_set_wiphy() function was changed between kernel 5.11 and
5.12 to take the rdev->wiphy lock which should be freed at the end
again. The 500-mac80211_configure_antenna_gain.patch added some code
which just returned in some cases without unlocking. This resulted in a
deadlock with brcmfmac.
This patch fixes this by also jumping to the out label in case we want
to leave the function.
This fixes a hanging system when brcmfmac is in use. I do not know why
we do not see this with other driver.

The kernel returns very useful debug details when setting these OpenWrt
configuration options:
CONFIG_KERNEL_DETECT_HUNG_TASK=y
CONFIG_KERNEL_PROVE_LOCKING=y

Fixes: FS#4122
Fixes: b96c2569ac ("mac80211: Update to version 5.12.19-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-13 19:09:22 +01:00
Russell Senior
fa7356dd9d iproute2: update to 5.15
from https://git.kernel.org/pub/scm/network/iproute2/iproute2.git

changes since 5.14.0:

ad3a118f rdma: Fix SRQ resource tracking information json
7a235a10 man: devlink-port: fix pfnum for devlink port add
229eaba5 uapi: pickup fix for xfrm ABI breakage
a500c5ac lib/bpf: fix map-in-map creation without prepopulation
7c032cac man: devlink-port: remove extra .br
04ee8e6f man: devlink-port: fix style
14802d84 man: devlink-port: fix the devlink port add synopsis
897772a7 cmd: use spaces instead of tabs for usage indentation
e7a98a96 mptcp: unbreak JSON endpoint list
2f5825cb lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists
d756c08a tc/f_flower: fix port range parsing
92e32f77 uapi: updates from 5.15-rc1
e7e0e2ce iptuntap: fix multi-queue flag display
deef844b man: ip-link: remove double of
a3272b93 configure: restore backward compatibility
ceba5930 tree-wide: fix some typos found by Lintian
7a705242 ip: remove leftovers from IPX and DECnet
8ab1834e uapi: update headers from 5.15 merge
6d0d35ba ip/bond: add lacp active support
926ad641 Update kernel headers
c730bd0b ip/tunnel: always print all known attributes
df8912ed ipioam6: use print_nl instead of print_null
7e7270bb tc/skbmod: Introduce SKBMOD_F_ECN option
86c596ed IOAM man8
2d83c710 New IOAM6 encap type for routes
f0b3808a Add, show, link, remove IOAM namespaces and schemas
acbdef93 Import ioam6 uapi headers
2d6fa30b Update kernel headers
508ad89c ipneigh: add support to print brief output of neigh cache in tabular format

* update patch 170-ip_tiny.patch to accomodate ioam.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2021-11-13 18:00:11 +01:00
Felix Fietkau
bdaacdc2fc qosify: add default alias sections
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-12 23:11:56 +01:00
Felix Fietkau
50d33fcf7d qosify: update to the latest version
0750f2b4d329 README: dnsmasq integration is complete
8e48d0b0cbba bpf: add initial support for splitting map dscp value into ingress and egress
bfc2cafe2a8c map: add support for defining aliases

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-12 23:11:56 +01:00
Rui Salvaterra
c8340120e7 dnsmasq: fix the dynamic dns object names patch
We can't use booleans, since we're not including stdbool.h. Use integers
instead.

Fixes: 0b79e7c01e ("dnsmasq: generate the dns object name dynamically")

Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
2021-11-12 23:11:56 +01:00
Daniel Golle
0cbc6b16db
dnsmasq: add ubus acl to allow calls to hotplug.tftp object
dnsmasq may call hotplug.dhcp, hotplug.neigh and hotplug.tftp.
Only the first two callees were listed in the ACL, so add missing
hotplug.tftp.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-12 15:02:58 +00:00
Daniel Golle
9224ddf72d
procd: update to git HEAD
9d1431e jail: allow passing environment variable to procd jailed process

Fixes dnsmasq in ujail which needs USER_SCRIPT env variable to be
passed to jailed process.

Reported-by: Bastian Bittorf <bb@npl.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-11 14:09:25 +00:00
Felix Fietkau
49f615022c mac80211: fix queue selection issue
When __ieee80211_select_queue is called, skb->cb has not been cleared yet,
which means that info->control.flags can contain garbage.
In some cases this leads to IEEE80211_TX_CTRL_DONT_REORDER being set, causing
packets marked for other queues to randomly end up in BE instead.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-10 22:25:27 +01:00
Hans Dedecker
a564e1df52 nat46: update to latest git HEAD
1fdf2a3 Fix kernel panic due to device deletion (#29)
e7b48d1 add the mutex lock for create/delete/config/insert nat46 devices to fix nat46 module crash issues. (#28)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-11-10 20:29:12 +01:00
Felix Fietkau
0b79e7c01e dnsmasq: generate the dns object name dynamically
Fixes an issue with running multiple dnsmasq instances

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-10 10:07:04 +01:00
Paul Fertser
8a6b1a8d29 dnsmasq: add match_tag for --dhcp-host
A set of tags can be specified for --dhcp-host option to restrict the
assignment to the requests which match all the tags.

Example usage:

config vendorclass
        option networkid 'udhcp'
        option vendorclass 'udhcp'

config host
        option mac '*:*:*:*:*:*'
        list match_tag 'switch.10'
        list match_tag 'udhcp'
        option ip '192.168.25.10'

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
2021-11-09 16:45:38 +00:00
Felix Fietkau
a667f6b8dd qosify: mark as nonshared
The SDK does not have the LLVM toolchain yet

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-09 14:07:19 +01:00
Felix Fietkau
85cc004606 qosify: move files to /etc/qosify
Now that wildcard matching is supported, this makes it easier for packages
to supply their own qosify rules

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-08 22:26:46 +01:00
Felix Fietkau
0e4ef0e5a4 qosify: update to the latest version
737970946bc0 map: default to fnmatch matching for dns patterns. support regex via leading /
b56b112e62e2 ubus: fix crash caused by missing static keyword
3a420e272c18 qosify: support wildcards in classifier filenames

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-08 22:26:22 +01:00
Felix Fietkau
48c754d653 qosify: add missing dependency
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-08 21:32:40 +01:00
Daniel Golle
32ba52e217
rpcd: reload rpcd on installation of rpcd-mod-*
When installing additional rpcd modules, a restart of rpcd is required.
This often confuses users as even after installing rpcd-mod-rpcsys the
relevant ubus objects are still missing until rpcd has been reloaded
(or the system has been rebooted, obviously).
Let rpcd-mod-* reload rpcd as post-install action.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-08 14:21:02 +00:00
Felix Fietkau
afb9c24d90 qosify: update to the latest version
2ca7352543da map: make a helper function for freeing entries
411432ec853b map: add support for adding dns regex patterns
14803cb559d8 ubus: remove unused enum
a0740172eda6 ubus: add api for providing dns lookup results for dns regex rules
406fbf478e87 ubus: add support for dynamically adding dns based rules
5fc91183d60a README: mention dns regex entries
3ed8c3eb1a3b README: document mapping file syntax
91ce2e77d302 map: introduce low effort codepoint from RFC8622
5ff14acca0e7 interface: enable NAT on interfaces by default
e70f70e496d7 README: fix typo
f25ded617478 README: fix another typo
675238bc2ce5 loader: always reinitialize programs
010eea0d98c3 map: improve timeout handling of IP entries
7ef54a7f04a0 map: add DF codepoint
6f7fbe698555 map: increase active timeout to 300
60e06a579a13 qosify-bpf: inline check_flow() to ensure that it is jited
f5ae89e8d869 ubus: subscribe to dnsmasq.dns for dns lookup results

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-08 15:06:20 +01:00
Felix Fietkau
d8b33dad0b dnsmasq: add support for monitoring and modifying dns lookup results via ubus
The monitoring functionality will be used for dns rule support in qosify

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-08 15:06:19 +01:00
Hauke Mehrtens
71af55ae2a gdb: Make only full gdb depend on libgmp
libgmp is only needed for the full gdb and not for the gdbserver
application.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-07 18:32:21 +01:00
Hauke Mehrtens
84616a1725 gdb: Add explicit patch to libgmp
Without giving the patch gdb does not compile on Arch Linux.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-07 18:32:21 +01:00
Hauke Mehrtens
13bd0721d1 kernel: Add regmap-i2c dependency to sound-soc-imx-sgtl5000
This dependency is needed on the imx/cortexa7 subtarget.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-07 17:08:51 +01:00
Christian Lamparter
d91318662d ath9k: nvmem for ath9k caldata
With "getting WIFI MAC from NVMEM" working on ath79 on 5.10,
the next logical step I think is to utilize nvmem subsystem
to also get the calibration data from there.

This will tremendously speed up the wifi bring-up, since
we no longer need the userspace helper for the simple
devices that can just load them from there.

included with this patch is a package/mac80211/refresh.

Tested on: WNDR3700v2, TP-Link Archer C7v2

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-11-06 16:40:48 +01:00
Daniel Golle
81832b38a0
uqmi: update to git HEAD and improve proto handler script
e303ba8 uqmi: update code generator
 7880de8 uqmi: sync data from libqmi project
 d647f8d uqmi: add more diagnostics commands
 6f95626 uim: add --uim-get-sim-state

Use newly introduce --uim-get-sim-state command to query PIN status
from modems which require using uim instead of dms command for that.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-06 02:46:36 +00:00
Felix Fietkau
1cead21e8b procd: make rpcd dependency conditional
Avoids building rpcd when not needed

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-04 16:54:31 +01:00
Stijn Tintel
a05452e4d6 omcproxy: bump to git HEAD
bfba2aa groups: use uloop_timeout_remaining64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-11-04 15:04:45 +02:00
Stijn Tintel
f5cdf9cb78 procd: bump to git HEAD
0ee8e73 trigger: use uloop_timeout_remaining64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-11-04 15:01:53 +02:00
Stijn Tintel
6a7388f673 rpcd: bump to git HEAD
20bf958 session: use uloop_timeout_remaining64
 d11ffe9 session: use blobmsg_get_u64 for RPC_DUMP_EXPIRES

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-11-04 14:58:31 +02:00
Stijn Tintel
36a621b1e7 libubox: bump to git HEAD
123e976 uloop: restore return type of uloop_timeout_remaining
 3344157 uloop: add uloop_timeout_remaining64
 c87d3e1 lua/uloop: use uloop_timeout_remaining64
 c86a894 uloop: deprecate uloop_timeout_remaining

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-11-04 13:18:13 +02:00
Felix Fietkau
efff3520f4 hostapd: support qos_map_set without CONFIG_INTERWORKING
This feature is useful on its own even without full interworking support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-04 11:50:51 +01:00
Stijn Tintel
8802b21dff libubox: bump to git HEAD
be3dc72 uloop: avoid integer overflow in tv_diff

Fixes: FS#3943
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-11-04 01:56:53 +02:00
Hauke Mehrtens
db3acbac11 toolchain: Allow sanitizer on mips and mipsel
Support for libsanitizer on MIPS 32 and MIPSEL 32 was added with GCC 9.
MIPS 64 and ARC are still not supported.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-03 23:52:08 +01:00
Hauke Mehrtens
7f1edbd412 binutils: Update to version 2.37
This matches the version used in the toolchain.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-03 23:52:08 +01:00
Hauke Mehrtens
c4415993e1 strace: Update to version 5.14
Explicitly deactivate libselinux, otherwise we get a hard dependency to
libselinux.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-03 23:52:08 +01:00
Hauke Mehrtens
11ad15ed89 valgrind: Activate also on MIPS 64
This activates valgrind also on mips64 and mips64el.

This was working fine in a basic test in qemu.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-03 23:52:08 +01:00
Hauke Mehrtens
e1db26085b valgrind: Update to version 3.18.1
This version has some improvements for musl.
This version works fine for me on MIPS 32 BE without MIPS16 even on musl.

The additional patch is needed to make valgrind use the correct syscall
numbers for new syscalls like clock_gettime64. The MIPS architecture
uses special syscall ranges which are different from most other systems.
The patch is pending upstream: https://bugs.kde.org/show_bug.cgi?id=444781

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-03 23:52:08 +01:00
Hauke Mehrtens
90a2398a11 gdb: Update to version 11.1
GDB 11.1 now depends on gmp.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-11-03 23:52:08 +01:00
Felix Fietkau
a5e3def182 hostapd: add wmm qos map set by default
This implements the mapping recommendations from RFC8325, with an
update from RFC8622. This ensures that DSCP marked packets are properly
sorted into WMM classes.
The map can be disabled by setting iw_qos_map_set to something invalid
like 'none'

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-03 22:47:55 +01:00
Florian Eckert
b14f062849 vti: squash vtiv4 and vtiv6 packages into vti
This change adds the same package behaviour as gre package.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-11-03 20:34:43 +01:00
Felix Fietkau
063d49b8a0 qosify: add missing config option for nat support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-03 19:41:49 +01:00
Felix Fietkau
ff4fd56732 qosify: include nls.mk to avoid build error with full NLS support enabled
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-03 18:54:12 +01:00
Piotr Dymacz
b6b09bf00c uboot-imx: set BUILD_SUBTARGET to 'cortexa9'
All currently supported devices belong to the imx/cortexa9 subtarget.

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-11-03 12:45:40 +01:00
Piotr Dymacz
ddfebaff9f uboot-envtools: move imx to imx_cortexa9
Subtarget-specific files under 'uboot-envtools' package are supported
since 6f3a05ebb0 ("uboot-envtools: support uci-default config also per
subtargets").

Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-11-03 12:45:40 +01:00
Piotr Dymacz
53cdf9bf33 uboot-imx6: rename to 'uboot-imx'
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-11-03 12:45:40 +01:00
Piotr Dymacz
346db2f3b0 uboot-envtools: rename 'imx6' to 'imx'
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-11-03 12:45:40 +01:00
Piotr Dymacz
297f10d334 kobs-ng: update dependencies after 'imx6' -> 'imx' rename
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-11-03 12:45:40 +01:00
Piotr Dymacz
b769bf553d kernel: update dependencies after 'imx6' -> 'imx' rename
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2021-11-03 12:45:40 +01:00
Rosen Penev
9a329c4d87 strace: remove code coverage makefile var
It relies on a custom ax_code_coverage.m4 file included with strace.
Unfortunately, this conflicts with the one included with
autoconf-macros. Instead of creating a huge patch to fix it, just remove
the variable as code coverage is not used here.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-11-02 23:37:19 +01:00
Felix Fietkau
605192f46c qosify: add missing dependency
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-02 10:57:29 +01:00
Felix Fietkau
da668eb03b bpf-headers: unset PKG_CONFIG_PATH
This fixes an issue where the kernel would pick up an incompatible target
libyaml for building host tools

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-02 10:36:15 +01:00
Eneas U de Queiroz
4ea0cfe810 iproute2: Avoid unnecessary package rebuilds
Build the tc-mod-iptables before the tc-tiny and tc-full packages.

This avoids unnecessary package rebuild when calling make back to back.
Before this change, tc-mod-iptables will be built after the main tc
binary packages.

Both tc-tiny and tc-full depend on tc-mod-ipables.  If make is called
after the packages are already built, it will check the timestamps of
both packages, and will rebuild the main binaries, since the module
package will be newer than the tc package.

Calling BuildPackage,mod-iptables first ensures that its variant gets
built before the other packages' variants.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-11-01 20:18:55 +01:00
Eneas U de Queiroz
93a42cf16e f2fstools: set each library package VARIANT
Set the different libf2fs packages's VARIANT, so that the right settings
will be used by each different variant, if they are both being built.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-11-01 20:18:55 +01:00
Eneas U de Queiroz
67f9245ee5 hostapd: avoid unnecessary package rebuilds
Package hostapd-common is a dependency of every other package defined in
hostpad Makefile.  It is currently built next to the bottom of that
Makefile's package list.

If you run make back to back, then check-compile will compare the
hostapd-common timestamp to the variant being compiled, to decide if the
varint needs to be rebuilt or not.  Since the hostapd-conf package is
built towards the end of the list, it will be newer than most of the
variants, causing unnecessary package rebuilds.

Move it to the top, so that its timestamp will be older than dependent
packages, avoiding unnecessary rebuild of every selected variant.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2021-11-01 20:18:55 +01:00
Felix Fietkau
9ae5f09dc8 qosify: fix package section/category
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-01 20:17:02 +01:00
Daniel Golle
fab84bf18c
procd: update to git HEAD
1056fc4 jail: elf: Use 64 bit variables for elf offsets
 c1976e5 jail: elf: Remove MIPS 64 warning

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-01 18:20:24 +00:00
Daniel Golle
d05eae9249
fstools: update to git HEAD
19fd7fc libfstools: make sure file is closed on error
 d390744 libfstools: use uevent instead of relying on custom kernel patch

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-01 18:01:08 +00:00
Daniel Golle
73657dfbdd
base-files: drop get_partition_by_name shell function
find_mmc_part provides a better alternative and all users of
get_partition_by_name have been removed.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-01 18:01:02 +00:00
Daniel Golle
cb5953635e
uboot-envtools: mt7622: make use of find_mmc_part
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-01 18:00:47 +00:00
Daniel Golle
9f223a20bd
base-files: allow specifiying rootdev for find_mmc_part
Some devices got more than one mmc device.
Allow specifying the root device as 2nd parameter of find_mmc_part so
scripts can avoid matching irrelevant partitions on wrong mmc device.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-01 18:00:42 +00:00
Felix Fietkau
6738820bf6 build: fix bpf toolchain dependency for qosify
Add hidden symbols to fix defaults with CONFIG_DEVEL unset

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-01 18:41:20 +01:00
Felix Fietkau
f3a28b6bcf qosify: add package for simple qos based on ebpf+cake
qosify is simple daemon for setting up and managing CAKE along with a custom
eBPF based classifier that sets DSCP fields of packets.

It is configured via UCI and it supports the following features:
- simple TCP/UDP port based mapping
- IP address based mapping
- priority boosting based on average packet size
- bulk flow detection based on number of packets per second
- dynamically add IP entries with timeout

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-01 16:39:52 +01:00
Felix Fietkau
a537d06c72 bpf-headers: add a package with kernel headers for ebpf
In order to genererate suitable kernel headers, a 5.10 kernel tree is
prepared with a default config for mips. The arch is forced to mips in
order to avoid issues with inline asm on various architectures in a way
that doesn't involve relying on the host toolchain/headers.
It also has the advantage of supporting both endian types

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-01 16:39:09 +01:00
Daniel Golle
a44e4aaef9
dnsmasq: fix jail mount in case of ignore_hosts_dir being set
Commit a2fcd3900c ("dnsmasq: improve init script") broke the existing
handling for hosts_dir. Remove the redundant mount again to fix it.

Reported-by: Hartmut Birr <e9hack@gmail.com>
Fixes: a2fcd3900c ("dnsmasq: improve init script")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-11-01 12:02:24 +00:00
Felix Fietkau
d7843fd7ef ubus: update to the latest version
b743a331421d ubusd: log ACL init errors
2099bb3ad997 libubus: use list_empty/list_first_entry in ubus_process_pending_msg
ef038488edc3 libubus: process pending messages in data handler if stack depth is 0
a72457b61df0 libubus: increase stack depth for processing obj msgs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-11-01 12:00:21 +01:00
Davide Fioravanti
6e13794344 base-files: add minimal mmc support
Added minimal mmc support for helper functions:

 - find_mmc_part: Look for a given partition name. Returns the
	coresponding partition path
 - caldata_extract_mmc: Look for a given partition name and then
	extracts the calibration data
 - mmc_get_mac_binary: Returns the mac address from a given partition
	name and offset

Signed-off-by: Davide Fioravanti <pantanastyle@gmail.com>
Signed-off-by: Robert Marko <robimarko@gmail.com>
[replace dd with caldata_dd, moved sysupgrade mmc to orbi]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-11-01 00:56:51 +01:00
Florian Eckert
b69dfb0a99 kernel/modules: prevent bonding driver to create default bond0 interface
When loading the bonding driver, bonding interface are automatically
created on bonding module load.

> ip a s bond0
> 14: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN
> group default qlen 1000
>    link/ether a6:f2:20:64:c1:b9 brd ff:ff:ff:ff:ff:ff

This is not necessary in openwrt as we do not use this created interface.
The netifd creates a bonding interface based on its network configuration
name and configures this over the netifd bonding proto handler.

In order to keep the overview of the interfaces clear, bonding
interfaces should not be created automatically when loading this module,
because they are not used anyway.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2021-11-01 00:56:51 +01:00
Lucian Cristian
8550086c24 elfutils: enable host build
frr 8.0 needs host libelf dev
add option for host build
tested on x86, ramips, kirkwood

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[changed commit author's email]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-11-01 00:56:51 +01:00
Jihoon Han
84451173f0 ath79: add support for Dongwon T&I DW02-412H
Dongwon T&I DW02-412H is a 2.4/5GHz band 11ac (WiFi-5) router, based on
Qualcomm Atheros QCA9557.

Specifications
--------------

- SoC: Qualcomm Atheros QCA9557-AT4A
- RAM: DDR2 128MB
- Flash: SPI NOR 2MB (Winbond W25Q16DVSSIG / ESMT F25L16PA(2S)) +
         NAND 64/128MB
- WiFi:
  - 2.4GHz: QCA9557 WMAC
  - 5GHz: QCA9882-BR4A
- Ethernet: 5x 10/100/1000Mbps
  - Switch: QCA8337N-AL3C
- USB: 1x USB 2.0
- UART:
  - JP2: 3.3V, TX, RX, GND (3.3V is the square pad) / 115200 8N1

Installation
--------------

1.  Connect a serial interface to UART header and
    interrupt the autostart of kernel.
2.  Transfer the factory image via TFTP and write it to the NAND flash.
3.  Update U-Boot environment variable.
    > tftpboot 0x81000000 <your image>-factory.img
    > nand erase 0x1000000
    > nand write 0x81000000 0x1000000 ${filesize}
    > setenv bootpart 2
    > saveenv

Revert to stock firmware
--------------

1.  Revert to stock U-Boot environment variable.
    > setenv bootpart 1
    > saveenv

MAC addresses as verified by OEM firmware
--------------

   WAN: *:XX (label)
   LAN: *:XX + 1
  2.4G: *:XX + 3
    5G: *:XX + 4

The label MAC address was found in art 0x0.

Credits
--------------

Credit goes to the @manatails who first developed how to port OpenWRT
to this device and had a significant impact on this patch.

And thanks to @adschm and @mans0n for guiding me to revise the code
in many ways.

Signed-off-by: Jihoon Han <rapid_renard@renard.ga>
Reviewed-by: Sungbo Eo <mans0n@gorani.run>
Tested-by: Sungbo Eo <mans0n@gorani.run>
2021-10-31 21:58:28 +01:00
Eduardo Santos
3c97fb4346 ramips: add support for Xiaomi MiWifi 3C
This commit adds support for Xiaomi MiWiFi 3C device.

Xiaomi MiWifi 3C has almost the same system architecture
as the Xiaomi Mi WiFi Nano, which is already officially
supported by OpenWrt.

The differences are:

 - Numbers of antennas (4 instead of 2). The antenna management
   is done via the µC. There is no configuration needed in the
   software code.
 - LAN port assignments are different. LAN1 and WAN are
   interchanged.

OpenWrt Wiki: https://openwrt.org/toh/xiaomi/mir3c

OpenWrt developers forum page:
https://forum.openwrt.org/t/support-for-xiaomi-mi-3c

Specifications:

 - CPU: MediaTek MT7628AN (575MHz)
 - Flash: 16MB
 - RAM: 64MB DDR2
 - 2.4 GHz: IEEE 802.11b/g/n with Integrated LNA and PA
 - Antennas: 4x external single band antennas
 - WAN: 1x 10/100M
 - LAN: 2x 10/100M
 - LED: 1x amber/blue/red. Programmable
 - Button: Reset

MAC addresses as verified by OEM firmware:

use address source
LAN *:92 factory 0x28
WAN *:92 factory 0x28
2g *:93 factory 0x4

OEM firmware uses VLAN's to create the network interface for WAN and LAN.

Bootloader info:
The stock bootloader uses a "Dual ROM Partition System".
OS1 is a deep copy of OS2.
The bootloader start OS2 by default.
To force start OS1 it is needed to set "flag_try_sys2_failed=1".

How to install:
1- Use OpenWRTInvasion to gain telnet, ssh and ftp access.
   https://github.com/acecilia/OpenWRTInvasion
   (IP: 192.168.31.1 - Username: root - Password: root)
2- Connect to router using telnet or ssh.
3- Backup all partitions. Use command  "dd if=/dev/mtd0 of=/tmp/mtd0".
   Copy /tmp/mtd0 to computer using ftp.
4- Copy openwrt-ramips-mt76x8-xiaomi_miwifi-3c-squashfs-sysupgrade.bin
   to /tmp in router using ftp.
5- Enable UART access and change start image for OS1.
```
nvram set uart_en=1
nvram set flag_last_success=1
nvram set boot_wait=on
nvram set flag_try_sys2_failed=1
nvram commit
```
6- Installing Openwrt on OS1 and free OS2.
```
mtd erase OS1
mtd erase OS2
mtd -r write /tmp/openwrt-ramips-mt76x8-xiaomi_miwifi-3c-squashfs-sysupgrade.bin OS1
```

Limitations: For the first install the image size needs to be less
than 7733248 bits.

Thanks for all community and especially for this device:
minax007, earth08, S.Farid

Signed-off-by: Eduardo Santos <edu.2000.kill@gmail.com>
[wrap lines, remove whitespace errors, add mediatek,mtd-eeprom to
 &wmac, convert to nvmem]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-10-31 21:24:47 +01:00
Daniel Golle
a2fcd3900c
dnsmasq: improve init script
* fix restart in LuCI (inherited umask was to restrictive)
 * make directory of hosts-file (!= /tmp) accessible in ujail

Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-31 13:07:48 +00:00
Dominick Grift
61a36cefd6 secilc: update to version 3.3
Update VERSIONs to 3.3 for release.
Update VERSIONs to 3.3-rc3 for release.
Correct some typos
Update VERSIONs to 3.3-rc2 for release.
Update VERSIONs and Python bindings version to 3.3-rc1 for release
libsepol/secilc/docs: Update the CIL documentation
secilc: fix memory leaks in secilc2conf
secilc: fix memory leaks in secilc
libsepol/cil: Add support for using qualified names to secil2conf
libsepol/cil: Add support for using qualified names to secil2tree
secilc: Add support for using qualified names to secilc
secilc/test: Add test for anonymous args
secilc/docs: Relocate and reword macro call name resolution order
secilc/docs: Document the order that inherited rules are resolved in
secilc: Create the new program called secil2tree to write out CIL AST
secilc/docs: Update the CIL documentation for various blocks
secilc.c: Don't fail if input file is empty
cil_conditional_statements.md: fix expr definition
secilc/docs: Lists are now allowed in constraint expressions

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[re-apply now that libsepol is up-to-date as well]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-31 13:02:49 +00:00
Dominick Grift
25e15f5951 libsepol: update to version 3.3
Update VERSIONs to 3.3 for release.
libsepol/cil: Fix potential undefined shifts
libsepol: Fix potential undefined shifts
Update VERSIONs to 3.3-rc3 for release.
libsepol/cil: Do not skip macros when resolving until later passes
libsepol/cil: Limit the amount of reporting for bounds failures
libsepol/cil: silence clang void-pointer-to-enum-cast warning
libsepol: resolve GCC warning about null-dereference
libsepol: use correct cast
libsepol: ebitmap: mark nodes of const ebitmaps const
Update VERSIONs to 3.3-rc2 for release.
libsepol/cil: Handle operations in a class mapping when verifying
libsepol/cil: Do not use original type and typeattribute datums
libsepol: free memory after policy validation
libsepol: avoid implicit conversions
libsepol: fix typo
libsepol/cil: Free duplicate datums in original calling function
libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
Update VERSIONs and Python bindings version to 3.3-rc1 for release
libsepol/cil: Limit the number of active line marks
libsepol/cil: Add function to get number of items in a stack
libsepol: Fix detected RESOURCE_LEAKs
libsepol/cil: Fix syntax checking in __cil_verify_syntax()
libsepol/cil: Use size_t for len in __cil_verify_syntax()
libsepol/cil: Remove redundant syntax checking
libsepol/cil: Improve in-statement to allow use after inheritance
libsepol/cil: Simplify cil_tree_children_destroy()
libsepol/cil: Refactor the function __cil_build_ast_node_helper()
libsepol/cil: Don't destroy optionals whose parent will be destroyed
libsepol/cil: Properly check for parameter when inserting name
libsepol/cil: Reset expandtypeattribute rules when resetting AST
libsepol/cil: Properly check parse tree when printing error messages
libsepol/cil: Allow some duplicate macro and block declarations
libsepol/cil: When writing AST use line marks for src_info nodes
libsepol/cil: Report correct high-level language line numbers
libsepol/cil: Add line mark kind and line number to src info
libsepol/cil: Create common string-to-unsigned-integer functions
libsepol/cil: Push line mark state first when processing a line mark
libsepol/cil: Check for valid line mark type immediately
libsepol/cil: Check the token type after getting the next token
libsepol/cil: Check syntax of src_info statement
libsepol/cil: move the fuzz target and build script to the selinux repository
libsepol: replace strerror by %m
libsepol/cil: remove obsolete comment
libsepol/cil: do not allow \0 in quoted strings
libsepol/cil: Fix handling category sets in an expression
libsepol: assure string NUL-termination of ibdev_name
libsepol: avoid implicit conversions
libsepol: ignore UBSAN false-positives
libsepol: avoid unsigned integer overflow
libsepol/cil: Improve checking for bad inheritance patterns
libsepol: silence -Wextra-semi-stmt warning
libsepol/cil: do not override previous results of __cil_verify_classperms
libsepol/cil: Provide option to allow qualified names in declarations
libsepol/cil: make array cil_sym_sizes const
libsepol/cil: Only reset AST if optional has a declaration
libsepol/cil: Add function to determine if a subtree has a declaration
libsepol/cil: Improve degenerate inheritance check
libsepol/cil: Reduce the initial symtab sizes for blocks
libsepol/cil: Check for empty list when marking neverallow attributes
libsepol/cil: Fix syntax checking of defaultrange rule
libsepol/cil: Properly check for loops in sets
libsepol/cil: Allow duplicate optional blocks in most cases
libsepol: declare read-only arrays const
libsepol: declare file local variable static
libsepol: drop unnecessary casts
libsepol: drop repeated semicolons
libsepol/cil: avoid using maybe uninitialized variables
libsepol/cil: drop unnecessary casts
libsepol/cil: drop dead store
libsepol/cil: drop extra semicolon
libsepol/cil: silence cast warning
libsepol: remove dead stores
libsepol: do not allocate memory of size 0
libsepol: mark read-only parameters of type_set_ interfaces const
libsepol: mark read-only parameters of ebitmap interfaces const
libsepol: remove dead stores
libsepol/cil: follow declaration-after-statement
libsepol: follow declaration-after-statement
libsepol: avoid unsigned integer overflow
libsepol: remove unused functions
libsepol: resolve missing prototypes
libsepol: fix typos
libsepol: Quote paths when generating policy.conf from binary policy
libsepol/cil: Account for anonymous category sets in an expression
libsepol/cil: Fix anonymous IP address call arguments
libsepol: quote paths in CIL conversion
libsepol/cil: Resolve anonymous levels only once
libsepol/cil: Pointers to datums should be set to NULL when resetting
libsepol/cil: Resolve anonymous class permission sets only once
libsepol/cil: Limit the number of open parenthesis allowed
libsepol/cil: Destroy the permission nodes when exiting with an error
libsepol/cil: Handle disabled optional blocks in earlier passes
libsepol/cil: Do not resolve arguments to declarations in the call
libsepo/cil: Refactor macro call resolution
libsepol/cil: Do not add NULL node when inserting key into symtab
libsepol/cil: Make name resolution in macros work as documented
libsepol/cil: Fix name resolution involving inherited blocks
libsepol/cil: Check for self-referential loops in sets
libsepol/cil: Return an error if a call argument fails to resolve
libsepol/cil: Check datum in ordered list for expected flavor
libsepol/cil: Detect degenerate inheritance and exit with an error
libsepol/cil: Fix instances where an error returns SEPOL_OK
libsepol/cil: Properly reset an anonymous classperm set
libsepol: use checked arithmetic builtin to perform safe addition
libsepol/cil: Add functions to make use of cil_write_ast()
libsepol/cil: Create functions to write the CIL AST
libsepol/cil: Use CIL_ERR for error messages in cil_compile()
libsepol/cil: Make invalid statement error messages consistent
libsepol/cil: Do not allow tunable declarations in in-statements
libsepol/cil: Sync checks for invalid rules in macros
libsepol/cil: Check for statements not allowed in optional blocks
libsepol/cil: Sync checks for invalid rules in booleanifs
libsepol/cil: Reorder checks for invalid rules when resolving AST
libsepol/cil: Use AST to track blocks and optionals when resolving
libsepol/cil: Create new first child helper function for building AST
libsepol/cil: Cleanup build AST helper functions
libsepol/cil: Reorder checks for invalid rules when building AST
libsepol/cil: Move check for the shadowing of macro parameters
libsepol/cil: Create function cil_add_decl_to_symtab() and refactor
libsepol/cil: Refactor helper function for cil_gen_node()
libsepol/cil: Allow permission expressions when using map classes
libsepol/cil: Exit with an error if declaration name is a reserved word
libsepol/cil: More strict verification of constraint leaf expressions
libsepol/cil: Set class field to NULL when resetting struct cil_classperms
libsepol/cil: cil_reset_classperms_set() should not reset classpermission
libsepol/cil: Destroy classperm list when resetting map perms
libsepol/cil: Destroy classperms list when resetting classpermission
libsepol/cil: Fix out-of-bound read of file context pattern ending with "\"
libsepol/cil: Check for duplicate blocks, optionals, and macros
libsepol: Write "NO_IDENTIFIER" for empty CIL constraint expression
libsepol: Enclose identifier lists in CIL constraint expressions
libsepol/cil: Allow lists in constraint expressions
libsepol: Enclose identifier lists in constraint expressions
libsepol: Write "NO_IDENTIFIER" for empty constraint expression
libsepol: make num_* unsigned int in module_to_cil
libsepol/cil: do not leak avrulex_ioctl_table memory when an error occurs
libsepol/cil: fix NULL pointer dereference in __cil_insert_name
libsepol/cil: replace printf with proper cil_tree_log
libsepol/cil: remove stray printf
libsepol/cil: make cil_post_fc_fill_data static
libsepol: Check kernel to CIL and Conf functions for supported versions
libsepol: Remove unnecessary copying of declarations from link.c
libsepol: Properly handle types associated to role attributes
libsepol: Expand role attributes in constraint expressions

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[re-apply now that buildbot phase1 has caught up]
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-31 13:01:24 +00:00
Chukun Pan
e43eb16efe uboot-sunxi: add support for FriendlyARM NanoPi R1S H5
Merged in https://github.com/u-boot/u-boot/commit/e7510d2,
adjust back to the current 2020.04 version.

Signed-off-by: Chukun Pan <amadeus@jmu.edu.cn>
2021-10-30 21:17:20 +02:00
Zhijun You
e6a486fe79 ath10k: backport fix for module load regression with iram-recovery
Backport upstream fix for module load regression caused by IRAM recovery.
Without this patch devices using mainline ath10k driver could lost wireless
function because ath10k module failed to load.

Signed-off-by: Zhijun You <hujy652@gmail.com>
2021-10-30 21:17:20 +02:00
Hans Dedecker
2d2c7c4250 6in4: remove 6in4 tunnel delete workaround (FS#3690)
Remove 6in4 tunnel delete workaround as the real issue is
now solved in netifd
(https://git.openwrt.org/?p=project/netifd.git;a=commit;h=8f82742ca4f47f459284f3a07323d04da72ea5f6)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-10-30 21:15:18 +02:00
Hans Dedecker
c4d292969f 6rd : remove 6rd tunnel delete workaround
Remove 6rd tunnel delete workaround in as the real issue
is now solved in netifd
(https://git.openwrt.org/?p=project/netifd.git;a=commit;h=8f82742ca4f47f459284f3a07323d04da72ea5f6)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-10-30 21:14:30 +02:00
Hans Dedecker
4eba313065 netifd: fix deletion of ip tunnels (FS#4058)
8f82742 system-linux: fix deletion of ip tunnels (FS#4058)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-10-30 21:14:01 +02:00
Christian Lamparter
fd717f54be ipq40xx: detangle ath10k-board-qca4019 from ath10k-firmware-qca4019*
Back in the day, the board-2.bin came with ath10k-firmware-qca4019.
This changed with
commit c3b2efaf24 ("linux-firmware: ath10k: add board firmware packages")
which placed the board-2.bin into a separate package: ath10k-board-qca4019.
This was great, because it addressed one of the caveat of the original
ipq-wifi package:
commit fa03d441e9 ("firmware: add custom IPQ wifi board definitions")

|  2. updating ath10k-firmware-qca4019 will also replace
|      the board-2.bin. For this cases the user needs to
|      manually reinstall the wifi-board package once the
|      ath10k-firmware-qca4019 is updated.

This could be extended further so that ipq-wifi packages
no longer use "install-override" and the various QCA4019
variants list the ath10k-board-qca4019 as a CONFLICT
package.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-30 16:32:59 +02:00
Christian Lamparter
4c8dd973ef ath9k: OF: qca,disable-(2|5)ghz => ieee80211-freq-limit
OpenWrt maintains two special out-of-tree DT properties:
"qca,disable-5ghz" and "qca,disable-2ghz". These are implemented
in a mac80211 ath9k patch "550-ath9k-disable-bands-via-dt.patch".

With the things being what they are, now might be a good
point to switch the devices to the generic and upstream
"ieee80211-freq-limit" property. This property is much
broader and works differently. Instead of disabling the
drivers logic which would add the affected band and
channels. It now disables all channels which are not
within the specified frequency range.

Reviewed-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
Tested-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> # HH5A
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-30 16:32:59 +02:00
Sven Roederer
5287defa1f dropbear: add config options for agent-forwarding support
* SSH agent forwarding might cause security issues, locally and on the jump
  machine (https://defn.io/2019/04/12/ssh-forwarding/). So allow to
  completely disabling it.
* separate options for client and server
* keep it enabled by default

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
2021-10-30 16:32:54 +02:00
Daniel Golle
19c5277206
Revert "secilc: update to version 3.3"
This reverts commit 2da891e735.
secilc 3.3 requires libsepol to be version 3.3 as well and doesn't
build otherwise. Revert for now.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-29 14:16:35 +01:00
Daniel Golle
ae4069c577
Revert "libsepol: update to version 3.3"
This reverts commit de8a800ca9.
Host build uses host includes instead of staging/hostpkg.
This breaks the build in case of selinux host libs being older than
version 3.3. Revert for now until better fix is found.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-29 14:16:30 +01:00
Dominick Grift
04c5bcd074 selinux-policy: update to version 1.0
wifi: writes to terminal
hotplugcall and sqm read class sysfile symlinks
unbound and sqm related loose ends
support/example: policycoreutils host-compile is required
TODO: this was wrong and it is actually needed
linguist detectable does not work this way
linguist-detectable
updates README
adds workflows
adds a note about persistent /var option

project moved to https://github.com/DefenSec/selinux-policy

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-28 22:15:02 +01:00
Dominick Grift
2da891e735 secilc: update to version 3.3
Update VERSIONs to 3.3 for release.
Update VERSIONs to 3.3-rc3 for release.
Correct some typos
Update VERSIONs to 3.3-rc2 for release.
Update VERSIONs and Python bindings version to 3.3-rc1 for release
libsepol/secilc/docs: Update the CIL documentation
secilc: fix memory leaks in secilc2conf
secilc: fix memory leaks in secilc
libsepol/cil: Add support for using qualified names to secil2conf
libsepol/cil: Add support for using qualified names to secil2tree
secilc: Add support for using qualified names to secilc
secilc/test: Add test for anonymous args
secilc/docs: Relocate and reword macro call name resolution order
secilc/docs: Document the order that inherited rules are resolved in
secilc: Create the new program called secil2tree to write out CIL AST
secilc/docs: Update the CIL documentation for various blocks
secilc.c: Don't fail if input file is empty
cil_conditional_statements.md: fix expr definition
secilc/docs: Lists are now allowed in constraint expressions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-28 22:15:02 +01:00
Dominick Grift
a8c293ce8d policycoreutils: update to version 3.3
Update VERSIONs to 3.3 for release.
Update VERSIONs to 3.3-rc3 for release.
libselinux/semodule: Improve extracting message
Correct some typos
Update VERSIONs to 3.3-rc2 for release.
Update VERSIONs and Python bindings version to 3.3-rc1 for release
policycoreutils: free memory of allocated context in newrole
policycoreutils: free memory of allocated context in run_init
policycoreutils: free memory on lstat failure in sestatus
policycoreutils: silence -Wextra-semi-stmt warning
fixfiles: do not exclude /dev and /run in -C mode
policycoreutils/setfiles: do not create useless setfiles.8.man file

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-28 22:15:02 +01:00
Dominick Grift
b97890d75e checkpolicy: update to version 3.3
Update VERSIONs to 3.3 for release.
checkpolicy: Fix potential undefined shifts
Update VERSIONs to 3.3-rc3 for release.
checkpolicy: delay down-cast to avoid align warning
checkpolicy: drop incorrect cast
checkpolicy: update documentation
checkpolicy: print reason of fopen failure
checkpolicy: policy_define: cleanup declarations
Update VERSIONs to 3.3-rc2 for release.
checkpolicy: free extended permission memory
checkpolicy: print warning on source line overflow
checkpolicy: error out on parsing too big integers
checkpolicy: avoid implicit conversion
checkpolicy: resolve dismod memory leaks
checkpolicy: add missing function declarations
checkpolicy: mark file local functions in policy_define static
checkpolicy: mark read-only parameters in module compiler const
checkpolicy: misc checkpolicy tweaks
checkpolicy: misc checkmodule tweaks
checkpolicy: enclose macro argument in parentheses
Update VERSIONs and Python bindings version to 3.3-rc1 for release
checkpolicy: mark read-only parameters in policy define const
checkpolicy/test: mark file local functions static
checkpolicy: parse_util drop unused declaration
checkpolicy: drop redundant cast to the same type
checkpolicy: avoid potential use of uninitialized variable
checkpolicy: check before potential NULL dereference
checkpolicy: remove dead assignments
checkpolicy: follow declaration-after-statement
checkpolicy: use correct format specifier for unsigned
checkpolicy: drop dead condition
checkpolicy: simplify assignment
checkpolicy: drop -pipe compile option
checkpolicy: pass CFLAGS at link stage
checkpolicy: silence -Wextra-semi-stmt warning
checkpolicy: Do not automatically upgrade when using "-b" flag
libsepol/checkpolicy: Set user roles using role value instead of dominance

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-28 22:15:02 +01:00
Dominick Grift
c8d1f8fda7 libsemanage: update to version 3.3
Update VERSIONs to 3.3 for release.
Update VERSIONs to 3.3-rc3 for release.
Update VERSIONs to 3.3-rc2 for release.
Update VERSIONs and Python bindings version to 3.3-rc1 for release
libsemanage: Fix USE_AFTER_FREE (CWE-672) in semanage_direct_write_langext()
libsemanage: silence -Wextra-semi-stmt warning
libsemanage: fix use-after-free in parse_module_store()

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-28 22:15:02 +01:00
Dominick Grift
6925c7580d libselinux: update to version 3.3
Update VERSIONs to 3.3 for release.
libselinux: Fix potential undefined shifts
Update VERSIONs to 3.3-rc3 for release.
Update VERSIONs to 3.3-rc2 for release.
libselinux/utils: drop requirement to combine compiling and linking
Update VERSIONs and Python bindings version to 3.3-rc1 for release
Improve error message for label file validation
libselinux: replace strerror by %m
libselinux: silence -Wextra-semi-stmt warning
libselinux/utils/getseuser.c: fix build with gcc 4.8
selinux.8: document how mount flag nosuid affects SELinux
libselinux: fix typo
libselinux: improve getcon(3) man page
libselinux: selinux_status_open: return 1 in fallback mode
libselinux: do not use status page fallback mode internally
libselinux: make selinux_status_open(3) reentrant
libselinux: avc_destroy(3) closes status page
libselinux: label_file.c: fix indent
libselinux: regex: unify parameter names
libselinux: sidtab_sid_stats(): unify parameter name
libselinux: drop redundant casts to the same type
libselinux: label_db::db_init(): open file with CLOEXEC mode
libselinux: matchpathcon: free memory on realloc failure
libselinux: label_file::init(): do not pass NULL to strdup
libselinux: init_selinux_config(): free resources on error
libselinux: matchmediacon(): close file on error
libselinux: store_stem(): do not free possible non-heap object
libselinux: getdefaultcon: free memory on multiple same arguments
libselinux: setexecfilecon(): drop dead assignment
libselinux: label_media::init(): drop dead assignment
libselinux: label_x::init(): drop dead assignment
libselinux: context_new(): drop dead assignment
libselinux: exclude_non_seclabel_mounts(): drop unused variable
libselinux: getconlist: free memory on multiple level arguments
libselinux: selabel_get_digests_all_partial_matches: free memory after FTS_D block
libselinux: selinux_restorecon: mark local variable static
libselinux: avcstat: use standard length modifier for unsigned long long
libselinux: sefcontext_compile: mark local variable static
libselinux: Sha1Finalise(): do not discard const qualifier
libselinux: label_common(): do not discard const qualifier
libselinux: selinux_file_context_cmp(): do not discard const qualifier
libselinux: sidtab_hash(): do not discard const qualifier
libselinux: silence -Wstringop-overflow warning from gcc 10.3.1
libselinux: selinux_check_passwd_access_internal(): respect deny_unknown
libselinux: do not duplicate make target when going into subdirectory

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-28 22:15:02 +01:00
Dominick Grift
de8a800ca9 libsepol: update to version 3.3
Update VERSIONs to 3.3 for release.
libsepol/cil: Fix potential undefined shifts
libsepol: Fix potential undefined shifts
Update VERSIONs to 3.3-rc3 for release.
libsepol/cil: Do not skip macros when resolving until later passes
libsepol/cil: Limit the amount of reporting for bounds failures
libsepol/cil: silence clang void-pointer-to-enum-cast warning
libsepol: resolve GCC warning about null-dereference
libsepol: use correct cast
libsepol: ebitmap: mark nodes of const ebitmaps const
Update VERSIONs to 3.3-rc2 for release.
libsepol/cil: Handle operations in a class mapping when verifying
libsepol/cil: Do not use original type and typeattribute datums
libsepol: free memory after policy validation
libsepol: avoid implicit conversions
libsepol: fix typo
libsepol/cil: Free duplicate datums in original calling function
libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
Update VERSIONs and Python bindings version to 3.3-rc1 for release
libsepol/cil: Limit the number of active line marks
libsepol/cil: Add function to get number of items in a stack
libsepol: Fix detected RESOURCE_LEAKs
libsepol/cil: Fix syntax checking in __cil_verify_syntax()
libsepol/cil: Use size_t for len in __cil_verify_syntax()
libsepol/cil: Remove redundant syntax checking
libsepol/cil: Improve in-statement to allow use after inheritance
libsepol/cil: Simplify cil_tree_children_destroy()
libsepol/cil: Refactor the function __cil_build_ast_node_helper()
libsepol/cil: Don't destroy optionals whose parent will be destroyed
libsepol/cil: Properly check for parameter when inserting name
libsepol/cil: Reset expandtypeattribute rules when resetting AST
libsepol/cil: Properly check parse tree when printing error messages
libsepol/cil: Allow some duplicate macro and block declarations
libsepol/cil: When writing AST use line marks for src_info nodes
libsepol/cil: Report correct high-level language line numbers
libsepol/cil: Add line mark kind and line number to src info
libsepol/cil: Create common string-to-unsigned-integer functions
libsepol/cil: Push line mark state first when processing a line mark
libsepol/cil: Check for valid line mark type immediately
libsepol/cil: Check the token type after getting the next token
libsepol/cil: Check syntax of src_info statement
libsepol/cil: move the fuzz target and build script to the selinux repository
libsepol: replace strerror by %m
libsepol/cil: remove obsolete comment
libsepol/cil: do not allow \0 in quoted strings
libsepol/cil: Fix handling category sets in an expression
libsepol: assure string NUL-termination of ibdev_name
libsepol: avoid implicit conversions
libsepol: ignore UBSAN false-positives
libsepol: avoid unsigned integer overflow
libsepol/cil: Improve checking for bad inheritance patterns
libsepol: silence -Wextra-semi-stmt warning
libsepol/cil: do not override previous results of __cil_verify_classperms
libsepol/cil: Provide option to allow qualified names in declarations
libsepol/cil: make array cil_sym_sizes const
libsepol/cil: Only reset AST if optional has a declaration
libsepol/cil: Add function to determine if a subtree has a declaration
libsepol/cil: Improve degenerate inheritance check
libsepol/cil: Reduce the initial symtab sizes for blocks
libsepol/cil: Check for empty list when marking neverallow attributes
libsepol/cil: Fix syntax checking of defaultrange rule
libsepol/cil: Properly check for loops in sets
libsepol/cil: Allow duplicate optional blocks in most cases
libsepol: declare read-only arrays const
libsepol: declare file local variable static
libsepol: drop unnecessary casts
libsepol: drop repeated semicolons
libsepol/cil: avoid using maybe uninitialized variables
libsepol/cil: drop unnecessary casts
libsepol/cil: drop dead store
libsepol/cil: drop extra semicolon
libsepol/cil: silence cast warning
libsepol: remove dead stores
libsepol: do not allocate memory of size 0
libsepol: mark read-only parameters of type_set_ interfaces const
libsepol: mark read-only parameters of ebitmap interfaces const
libsepol: remove dead stores
libsepol/cil: follow declaration-after-statement
libsepol: follow declaration-after-statement
libsepol: avoid unsigned integer overflow
libsepol: remove unused functions
libsepol: resolve missing prototypes
libsepol: fix typos
libsepol: Quote paths when generating policy.conf from binary policy
libsepol/cil: Account for anonymous category sets in an expression
libsepol/cil: Fix anonymous IP address call arguments
libsepol: quote paths in CIL conversion
libsepol/cil: Resolve anonymous levels only once
libsepol/cil: Pointers to datums should be set to NULL when resetting
libsepol/cil: Resolve anonymous class permission sets only once
libsepol/cil: Limit the number of open parenthesis allowed
libsepol/cil: Destroy the permission nodes when exiting with an error
libsepol/cil: Handle disabled optional blocks in earlier passes
libsepol/cil: Do not resolve arguments to declarations in the call
libsepo/cil: Refactor macro call resolution
libsepol/cil: Do not add NULL node when inserting key into symtab
libsepol/cil: Make name resolution in macros work as documented
libsepol/cil: Fix name resolution involving inherited blocks
libsepol/cil: Check for self-referential loops in sets
libsepol/cil: Return an error if a call argument fails to resolve
libsepol/cil: Check datum in ordered list for expected flavor
libsepol/cil: Detect degenerate inheritance and exit with an error
libsepol/cil: Fix instances where an error returns SEPOL_OK
libsepol/cil: Properly reset an anonymous classperm set
libsepol: use checked arithmetic builtin to perform safe addition
libsepol/cil: Add functions to make use of cil_write_ast()
libsepol/cil: Create functions to write the CIL AST
libsepol/cil: Use CIL_ERR for error messages in cil_compile()
libsepol/cil: Make invalid statement error messages consistent
libsepol/cil: Do not allow tunable declarations in in-statements
libsepol/cil: Sync checks for invalid rules in macros
libsepol/cil: Check for statements not allowed in optional blocks
libsepol/cil: Sync checks for invalid rules in booleanifs
libsepol/cil: Reorder checks for invalid rules when resolving AST
libsepol/cil: Use AST to track blocks and optionals when resolving
libsepol/cil: Create new first child helper function for building AST
libsepol/cil: Cleanup build AST helper functions
libsepol/cil: Reorder checks for invalid rules when building AST
libsepol/cil: Move check for the shadowing of macro parameters
libsepol/cil: Create function cil_add_decl_to_symtab() and refactor
libsepol/cil: Refactor helper function for cil_gen_node()
libsepol/cil: Allow permission expressions when using map classes
libsepol/cil: Exit with an error if declaration name is a reserved word
libsepol/cil: More strict verification of constraint leaf expressions
libsepol/cil: Set class field to NULL when resetting struct cil_classperms
libsepol/cil: cil_reset_classperms_set() should not reset classpermission
libsepol/cil: Destroy classperm list when resetting map perms
libsepol/cil: Destroy classperms list when resetting classpermission
libsepol/cil: Fix out-of-bound read of file context pattern ending with "\"
libsepol/cil: Check for duplicate blocks, optionals, and macros
libsepol: Write "NO_IDENTIFIER" for empty CIL constraint expression
libsepol: Enclose identifier lists in CIL constraint expressions
libsepol/cil: Allow lists in constraint expressions
libsepol: Enclose identifier lists in constraint expressions
libsepol: Write "NO_IDENTIFIER" for empty constraint expression
libsepol: make num_* unsigned int in module_to_cil
libsepol/cil: do not leak avrulex_ioctl_table memory when an error occurs
libsepol/cil: fix NULL pointer dereference in __cil_insert_name
libsepol/cil: replace printf with proper cil_tree_log
libsepol/cil: remove stray printf
libsepol/cil: make cil_post_fc_fill_data static
libsepol: Check kernel to CIL and Conf functions for supported versions
libsepol: Remove unnecessary copying of declarations from link.c
libsepol: Properly handle types associated to role attributes
libsepol: Expand role attributes in constraint expressions

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
2021-10-28 22:15:02 +01:00
Daniel Golle
b2aca61360
base-files, metadata: support additional group membership
Some packages may require additional group membership for the system
user added by that package. Allow defining additional groups as third
member of the ':'-separated tuple, allowing to specify multiple
','-separated groups with optional GID.

Example:
USERID:=foouser=1000:foogroup=1000:addg1=1001,addg2=1002,addg3

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-28 16:27:21 +01:00
Michael Peleshenko
db639238f2 umdns: add missing syscall to seccomp filter
The 'madvise', syscall is missing.
Found with 'utrace /usr/sbin/umdns' on an R7800 and RT3200.

Signed-off-by: Michael Peleshenko <mpeleshenko@gmail.com>
2021-10-27 19:25:59 +01:00
Jo-Philipp Wich
269bdf6eef ucode: update to latest Git HEAD
0f022aa lib: increase refcount when returning cached module instance
c9e68bb lib: introduce resolver library
9041e24 lib: fix uninitialized memory access on handling %J string formats
4ee06d8 syntax: introduce optional chaining operators
ce4a7d9 vm: reset callframes before invoking unhandled exception handler
218e822 vm: clear exception information before calling managed code functions
5b908bd ubus: properly handle signed 64bit values too
e43b751 ubus: fix handling signed 16bit and 32bit integers
137428f nl80211: fix issues spotted by static code analyzer
b9d4f61 nl80211: treat signal attr values as signed integers
9a7c355 nl80211: expose sta_info attributes
bb358d9 lib: introduce Linux 802.11 netlink binding
914f54c types: fix invalid memory access on setting non-contiguous array indexes
631f00d main: fix leaking module name when processing -m flag
e55188b compiler: properly handle jumps to offset 0
98c4147 tests: support specifying cmdline args in testcase files
64e4f68 types: fix formatting escape sequences for 8 bit chars
dd86e1d rtnl: automatically derive message family from certain address attrs
74fdb97 rtnl: expose IPv4 and IPv6 devconfig information
7fa1008 rtnl: allow reply nla payloads to be smaller than headsize
cbae3cb lib: introduce Linux route netlink binding
e6dd389 ci: adjust build prereqs for GitHub as well
07ae165 ci: add libnl-tiny to prereqs

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2021-10-25 23:08:42 +02:00
Claudiu Beznea
8746ba3657 at91: add support for sam9x60-ek board
Add support for SAM9X60-EK board.

Hardware:
- SoC: SAM9X60
- RAM: Winbond W972GG6KB-25 (2Gbit DDR2)
- NAND Flash: Micron MT29F4G08ABAEA
- QSPI Flash: Microchip SST26VF064B
- EEPROM: Microchip 24AA02E48
- SDMMC: One standard 4-bit SD card interface
- USB: two stacked Type-A connectors with power switches, one micro-B
       USB device
- CAN: 2 interfaces (Microchip MCP2542)
- Ethernet: one 10/100Mbps
- WiFi/BT: one optional WiFi/Bluetooth interface
- Audio: one ClassD port
- Display: one 24-bit LCD interface
- Camera: one 12-bit image sensor interface
- IO: one IO expander (Microchip MCP23008)
- Debug ports: one J-Link-OB + CDC, one JTAG interface
- Leds: one RGB LED
- Buttons: 4 push button switches
- Expansion: one PIO connector, one mikrobus connector
- Power management: two power regulators, two power consumption measurement
                    devices

Flashing:
- follow the procedure at [1]

[1] https://www.linux4sam.org/bin/view/Linux4SAM/Sam9x60EKMainPage#Create_a_SD_card_with_the_demo

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2021-10-24 18:52:29 +02:00
Claudiu Beznea
60f52f9b0d at91: add support for sama5d27-wlsom1-ek board
Add support for SAMA5D27 WLSOM1-EK board.

Hardware:
- SIP: SAMA5D27C-LD2G-CU including SAMA5D27 MPU and 2Gbit LPDDR2-SDRAM
- MMC: one standard SD card interface
- Flash: 64 Mb serial quad I/O flash memory (SST26VF064BEUIT-104I/MF)
	 with embedded EUI-48 and EUI-64 MAC addresses
- USB: one USB device, one USB host one HSIC interface
- Ethernet: 1x10/100Mbps port
- WiFi/BT: IEEE 802.11 b/g/n Wi-Fi plus Bluetooth (Wi-Fi/BT) module
	   (ATWILC3000-MR110UA)
- Crypto: one ATECC608B-TNGTLS secure element
- Video: one LCD RGB 18-bit interface, one ISC 12-bit camera interface
- Debug port: one JTAG interface, one UART interface, one WILC UART
              interface
- Leds: one RGB LED
- Buttons: start, reset, wakeup, user buttons
- Expansion: one tamper connector, one mikrobus interface, 2 XPRO PTC
             connector
- Power managament: PMIC (MCP16502)

Flashing:
- follow procedure at [1]

[1] https://www.linux4sam.org/bin/view/Linux4SAM/Sama5d27WLSom1EKMainPage#Create_a_SD_card_with_the_demo

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2021-10-24 18:52:21 +02:00
Claudiu Beznea
8b7e577f76 at91: add support for sama5d2 icp board
Add support for SAMA5D2 ICP board.

Hardware:
- SoC: SAMA5D27
- RAM: 512 MB DDR3L
- MMC: One stanard SD card interface
- USB: One USB host switch 4 ports with power switch,
       One USB device type Micro-AB
- CAN: 2 interfaces
- Ethernet: One Gigabit Ethernet PHY through HSIC,
	    One ETH switchport,
	    One EtherCAT interface
- WiFi/BT: Footprint for IEEE 802.11 b/g/n Wi-Fi plus
	   Bluetooth module (Wi-Fi/BT), suitable for
	   Microchip WILC3000-MR110CA or WILC3000-MR110UA
- Debug port: One J-Link-OB/J-Link-CDC, one JTAG interface
- Leds: one RGB LED
- Buttons: reset, wakeup, 2 user buttons
- Expansion: one PIOBU/PIO connector, 3 mikrobus sockets
- Power mangament: PMIC (MCP16502), one power consumption device
                   (PAC1934)

Not working in Linux:
- EtherCAT interface: there is no Linux support integrated
- PAC1934: driver available at [1] but not integrated in Linux

Flashing:
- follow the procedure at [2]

[1] https://ww1.microchip.com/downloads/en/DeviceDoc/pac193x_linux_driver.zip
[2] https://www.linux4sam.org/bin/view/Linux4SAM/Sama5d2IcpMainPage#Create_a_SD_card_with_the_demo

Signed-off-by: Claudiu Beznea <claudiu.beznea@microchip.com>
2021-10-24 18:52:17 +02:00
Stan Grishin
05a7af9ca0 wolfssl: enable ECC Curve 25519 by default
* fixes https://github.com/openwrt/packages/issues/16652
 see https://github.com/openwrt/packages/issues/16674#issuecomment-934983898

Signed-off-by: Stan Grishin <stangri@melmac.net>
2021-10-24 18:46:24 +02:00
Rosen Penev
6b2ed6101e uclibc++: remove
No package here depends on it. Furthermore, uClibc++ is a fairly buggy
C++ library and seems to be relatively inactive upstream.

It also lacks proper support for modern C++11 features.

The main benefit of it is size: 66.6 KB	vs 287.3 KB on mips24kc. Static
linking and LTO can help bring the size down of packages that need it.

Added warning message to uclibc++.mk

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-24 18:20:50 +02:00
Andre Heider
09465d802b u-boot.mk: always link host libraries static
Host libraries are only build static, so let's pass --static to
pkg-config globally and remove the then unnecessary patches doing
exactly that individually.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-10-24 18:00:49 +02:00
Andre Heider
f262d2aae1 u-boot.mk: fix pkg-config usage
Using Host/Exports doesn't work as intended, explicitly add the
required vars so that u-boot finds the required libraries when building
its tools.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-10-24 18:00:49 +02:00
Hauke Mehrtens
6a1284cfa8 mac80211: Add devm_platform_get_and_ioremap_resource()
This function is missing in kernel 5.4, but it is sued by ath10k.
This fixes the build of ath10k on some targets.

Fixes: cfe0eb7485 ("mac80211: Update to version 5.14.13-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-24 15:03:20 +02:00
Hauke Mehrtens
0a274d67b8 mac80211: Update to version 5.15-rc6-1
The removed patches were applied upstream.
The Cisco Aironet 802.11b driver was removed from backports, remove
it also from OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-24 00:08:38 +02:00
Hauke Mehrtens
cfe0eb7485 mac80211: Update to version 5.14.13-1
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-24 00:08:38 +02:00
Hauke Mehrtens
1c0d5ee8e6 mac80211: Update to version 5.13.19-1
The removed patches were applied upstream.

of_get_mac_address() was backported in our OpenWrt kernel, remove the
change from backports.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-24 00:08:03 +02:00
Hauke Mehrtens
b96c2569ac mac80211: Update to version 5.12.19-1
The removed patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-23 23:17:28 +02:00
Hauke Mehrtens
e185080c87 mac80211: Update to version 5.11.22-1
The removed patches were applied upstream.
This backports version 5.11.22 and later does not support kernel
versions < 4.4, this allows us to remove some patches too.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-23 23:17:23 +02:00
Hans Dedecker
a1d3796efe ethtool: update to v5.14
Update to newly released version 5.14

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-10-23 21:41:09 +02:00
Hans Dedecker
abc7a97e9c Revert "ethtool: update to v5.14"
This reverts commit 7630001427

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-10-23 21:39:00 +02:00
Hans Dedecker
7630001427 ethtool: update to v5.14
Update to newly released version 5.14

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2021-10-23 21:35:38 +02:00
Michael Peleshenko
40c18e95dc umdns: add missing syscall to seccomp filter
The 'clock_gettime64', syscall is missing.
Found with 'utrace /usr/sbin/umdns' on an R7800.

Signed-off-by: Michael Peleshenko <mpeleshenko@gmail.com>
2021-10-23 19:31:32 +02:00
Christian Lamparter
dbb4c47798 wireless-regdb: update to version 2021.08.28
e983a25 Update regulatory rules for Ecuador (EC)
a0bcb88 wireless-regdb: Update regulatory rules for Norway (NO) on 6 and 60 GHz
cdf854d wireless-regdb: Update regulatory rules for Germany (DE) on 6GHz
86cba52 wireless-regdb: reduce bandwidth for 5730-5850 and 5850-5895 MHz in US
6fa2384 wireless-regdb: remove PTMP-ONLY from 5850-5895 MHz for US
9839e1e wireless-regdb: recent FCC report and order allows 5850-5895 immediately
42dfaf4 wireless-regdb: update 5725-5850 MHz rule for GB

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-23 19:31:32 +02:00
Deomid Ryabkov
430f691943 base-files: chmod 1777 /var/lock
Per FHS 3.0, /var/lock is the location for lock files [1].
However its current permissions (755) are too restrictive
for use by unprivileged processes.
Debian and Ubuntu set them to 1777, and now so do we.

[1] <https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#varlockLockFiles>

Signed-off-by: Deomid Ryabkov <rojer@rojer.me>
[fixed typo in commit message, had to remove "rojer" due to git hooks]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-23 19:30:54 +02:00
Felix Fietkau
94c41ef2ef mt76: update to the latest version
f6bde7ba82ee mt76: connac: fix unresolved symbols when CONFIG_PM is unset

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-23 13:31:22 +02:00
Felix Fietkau
66cbf5fd4e mt76: update to the latest version
9d288d7c0c73 mt76: mt7615: apply cached RF data for DBDC
4d2e81d9ecab mt76: mt7915: remove mt7915_mcu_add_he()
2c8c3bcd766c mt76: mt7915: rework .set_bitrate_mask() to support more options
577d45f6e4a0 mt76: mt7915: rework debugfs fixed-rate knob
b68af355f707 mt76: mt7915: fix endiannes warning mt7915_mcu_beacon_check_caps
b52adf981561 mt76: mt7915: add WA firmware log support
ed3d8569c400 mt76: mt7915: add debugfs knobs for MCU utilization
0f49a22314a5 mt76: mt7921: disable 4addr capability
754d4a37ab71 mt76: mt7921: fix mt7921s Kconfig
f81f42fe875f mt76: Print error message when reading EEPROM from mtd failed
fd25a550965d mt76: Make use of the helper macro kthread_run()
1d01257662a6 wireless: mediatek: mt7921: fix Wformat build warning

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-23 07:31:46 +02:00
Hauke Mehrtens
eeeb9b7496 uci: update to git HEAD
cmake: Allow override of install directories

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-22 23:51:51 +02:00
Hauke Mehrtens
0ca81ff047 procd: update to git HEAD
jail: Fix build with glibc

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-22 23:51:50 +02:00
David Bauer
9b880f09f3 hostapd: ubus: fix uninitialized pointer
This fixes passing a bogus non-null pointer to the ubus handler in case
the transition request is rejected.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-10-21 17:09:35 +02:00
Felix Fietkau
63c01ad025 hostapd: fix up patches after the last commit
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-21 12:37:23 +02:00
Felix Fietkau
da4be02fcd hostapd: fix a race condition on adding AP mode wds sta interfaces
Both hostapd and netifd attempt to add a VLAN device to a bridge.
Depending on which one wins the race, bridge vlan settings might be incomplete,
or hostapd might run into an error and refuse to service the client.
Fix this by preventing hostapd from adding interfaces to the bridge and
instead rely entirely on netifd handling this properly

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-21 11:31:53 +02:00
Felix Fietkau
f448c26923 netifd: update to the latest version
c61a1d432b34 wireless: fix creating AP mode WDS station interfaces
f78bdec2ed5f wireless: fix handling vif attributes on reload with mode change

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-21 11:31:53 +02:00
Andre Heider
70729d3454 ltq-vdsl-app: add error vector counters to the ubus metrics
These are useful stats to debug vector related line deteriorations,
see [0].

Example output:
    "erb": {
	    "sent": 169925,
	    "discarded": 0
    }

[0] https://forum.openwrt.org/t/vectoring-on-lantiq-vrx200-vr9-missing-callback-for-sending-error-samples/104046

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-10-21 00:17:36 +02:00
Andre Heider
276c80bdc0 ltq-vdsl-app: prepare for multiple mei ioctls
Refactor so that the outer function opens and closes the mei fd and
passes it around, just as with the main fd.

That also allows us to use the IOCTL macro in get_vector_status() and
clean up accordingly.

Switch to AUTORELEASE while at it.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-10-21 00:17:36 +02:00
Andrew Robbins
1d2bc94f78 ath10k-ct: update to version from 2021-09-22
Add in a fix for 160Mhz dfs on 5.10 and higher.
Add support for 5.13 and 5.15 kernels.
Add of_get_mac_address support for 5.15 driver.

Signed-off-by: Andrew Robbins <andrew@robbinsa.me>
2021-10-21 00:17:36 +02:00
Ivan Pavlov
be3e260f92 wolfssl: fix compile when enable-devcrypto is set
fixing linking error when --enable-devcrypto=yes
fixes: 7d92bb0509 wolfssl: update to 4.8.1-stable

Signed-off-by: Ivan Pavlov <AuthorReflex@gmail.com>
2021-10-21 00:17:36 +02:00
Hauke Mehrtens
36019ed589 iw: sync nl80211 with kernel backports
The nl80211 was out of sync with the version used in our backports. This
broke the configuration of the antenna gain.

Fixes: 2bfac61483 ("mac80211: backport support for BSS color changes")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2021-10-21 00:17:36 +02:00
Felix Fietkau
a889dcd3f2 mac80211: add missing patch chunk for mac80211_hwsim
Fixes build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-20 14:04:40 +02:00
Felix Fietkau
192c41001a mt76: update to the latest version
ebf5b2336591 mt7615/mt7915: fix hwmon device name
8d12f9ed275d mt76: mt7615: mt7622: fix ibss and meshpoint
e7883cdc0b4e mt76: mt7915: improve code readability in mt7915_mcu_sta_bfer_ht
831d5967abb9 wireless: fix spelling of A-MSDU in HE capabilities
f09cb04be261 wireless: align some HE capabilities with the spec
0eeba8f2952d wireless: align HE capabilities A-MPDU Length Exponent Extension
655a6c65b8a7 mt76: mt7915: introduce mt7915_mcu_beacon_check_caps()
4440025d0ba9 mt76: mt7915: fix txbf starec TLV issues
87d2fb6fbff5 mt76: mt7915: improve starec readability of txbf
53c6a3cb7f6b mt76: mt7915: fix sta_rec_wtbl tag len
f517845e4f28 mt76: mt7915: rework starec TLV tags
1df017bc39a3 mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req()
6724b0a9a748 mt76: mt7915: set VTA bit in tx descriptor
f1f505cbbb30 mt76: mt7915: set muru platform type
8c9d4b38d258 mt76: mt7915: remove dead code in mt7915_get_et_stats
d0ccc4297935 mt76: rely on phy pointer in mt76_register_debugfs_fops routine signature
0af0af82bb97 mt76: mt7915: introduce mt76 debugfs sub-dir for ext-phy
10e85d62f213 mt76: mt7915: improve code readability for xmit-queue handler
b6051f7713d2 mt76: sdio: export mt76s_alloc_rx_queue and mt76s_alloc_tx routines
9a97c38a309d mt76: mt7921: get rid of unused variable in mt7921_tx_complete_skb
c02847c05884 mt76: mt7921: get rid of unused variable in mt7921_mac_tx_free
60dd47a0a62e mt76: mt7915: remove dead code in debugfs code
ce74fc020d81 mt76: mt7921: add MU EDCA cmd support
c062f6920356 mt76: mt7921: refactor mac.c to be bus independent
bfa909c833e8 mt76: mt7921: refactor dma.c to be pcie specific
6556bddf26d2 mt76: mt7921: refactor mcu.c to be bus independent
1c8418207c86 mt76: mt7921: refactor init.c to be bus independent
6cf8248c1a44 mt76: mt7921: add MT7921_COMMON module
77600b0c10ac mt76: connac: move mcu reg access utility routines in mt76_connac_lib module
65362a00d07d mt76: mt7663s: rely on mcu reg access utility
956206bb55c3 mt76: mt7921: make all event parser reusable between mt7921s and mt7921e
f0dedcf6aaf0 mt76: mt7921: use physical addr to unify register access
5079d5b0b13c mt76: sdio: move common code in mt76_sdio module
26257594398b mt76: sdio: introduce parse_irq callback
e353424f1b07 mt76: sdio: extend sdio module to support CONNAC2
ddab3dd25f94 mt76: connac: extend mcu_get_nic_capability
b2d9a1748a41 mt76: mt7921: rely on mcu_get_nic_capability
e6ce5d9cbda0 mt76: mt7921: refactor mt7921_mcu_send_message
ce3706a65ccd mt76: mt7921: introduce mt7921s support
3143118baf53 mt76: mt7921s: add reset support
645eac64bece mt76: mt76x0: correct VHT MCS 8/9 tx power eeprom offset
d54796787cb7 mt76: move mt76_sta_stats in mt76.h
094e085abf5a mt76: move mt76_ethtool_worker_info in mt76 module
f80ab6dde63d mt76: mt7915: run mt7915_get_et_stats holding mt76 mutex
4a11cb67dc27 mt76: mt7915: move tx amsdu stats in mib_stats
486da6fa2512 mt76: do not reset MIB counters in get_stats callback
d8837b7c8dcd mt76: mt7921: add some more MIB counters
5ffe086fcd1b mt76: mt7921: introduce stats reporting through ethtool
69154ae23f6b mt76: mt7921: add sta stats accounting in mt7921_mac_add_txs_skb
4b65fbc4e203 mt76: mt7921: move tx amsdu stats in mib_stats
35b8025f466b mt76: mt7921: add per-vif counters in ethtool
cfbbd861eb12 mt76: mt7915: enable HE UL MU-MIMO
a0b94987df80 mt76: mt7915: rework mt7915_mcu_sta_muru_tlv()
5fbb686e9c0c mt76: mt7915: fix missing HE phy cap
b649678c18ca mt76: mt7915: change max rx len limit of hw modules

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-20 11:35:34 +02:00
Felix Fietkau
e62c550470 mac80211: backport a few trivial patches
No functional changes, just some renames to make it easier to keep mt76 in
sync with upstream

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-20 11:35:34 +02:00
Jitao Lu
917126ff4c ncurses: add tmux terminfo
They're preferred terminal descriptions for tmux, with additional support to
some special characters and italic fonts. More info can be found at:
https://github.com/tmux/tmux/wiki/FAQ

Fixes: FS#3404

Signed-off-by: Jitao Lu <dianlujitao@gmail.com>
2021-10-19 08:11:38 -10:00
David Bauer
43c64ffa74 hostapd: fix goto loop for ubus assoc handler
When a ubus event handler denies a association with a non-zero return
value, the code jumps to preceeding code, creating an endless loop until
the event handler accepts the assc request.

Move the ubus handler further up the code to avoid creating such a loop.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-10-19 17:27:05 +02:00
Stepan Henek
c4e994011f wireguard-tools: add uci option to disable wireguard peers
Right now when I want to temporarily disable wg peer I need to delete
the entire peer section. This is not such a good solution because I
loose the previous configuration of the peer.

This patch adds `disabled` option to peer config which causes that
the config section is ignored.

Signed-off-by: Stepan Henek <stepan.henek@nic.cz>
[use $(AUTORELEASE)]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-10-18 12:14:36 -10:00
Stijn Tintel
dbb0019cbe nftables: bump to 1.0.0
This introduces support for hardware flow offloading, which was added in
in nftables 0.9.9.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2021-10-19 00:12:13 +02:00
Daniel Golle
333f93333e
procd: update to git HEAD
9b1e035 jail: netifd: code cosmetics
 d2a2ecc jail: netifd: fix error handling issue reported by coverity
 e1d7cee jail: netifd: check target netns fd before using it
 59f7699 uxc: add missing 'break' statement

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-17 21:58:47 +01:00
Andre Heider
7cb5af30f4 wolfssl: remove --enable-sha512 configure switch
It's the default anyway and this just looks confusing, as if it wasn't.

Switch to AUTORELEASE while at it.

The binary size is unchanged.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-10-17 16:30:12 +02:00
Andre Heider
c76300707e wolfssl: always build with --enable-reproducible-build
This gates out anything that might introduce semantically frivolous jitter,
maximizing chance of identical object files.

The binary size shrinks by 8kb:
1244352 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f

Signed-off-by: Andre Heider <a.heider@gmail.com>
2021-10-17 16:29:00 +02:00
Andre Heider
28d8e6a871 wolfssl: build with WOLFSSL_ALT_CERT_CHAINS
"Alternate certification chains, as oppossed to requiring full chain
validataion. Certificate validation behavior is relaxed, similar to
openssl and browsers. Only the peer certificate must validate to a trusted
certificate. Without this, all certificates sent by a peer must be
used in the trust chain or the connection will be rejected."

This fixes e.g. uclient-fetch and curl connecting to servers using a Let's
Encrypt certificate which are cross-signed by the now expired
DST Root CA X3, see [0].

This is the recommended solution from upstream [1].

The binary size increases by ~12.3kb:
1236160 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f
1248704 staging_dir/target-mipsel_24kc_musl/usr/lib/libwolfssl.so.4.8.1.39c36f2f

[0] https://github.com/openwrt/packages/issues/16674
[1] https://github.com/wolfSSL/wolfssl/issues/4443#issuecomment-934926793

Signed-off-by: Andre Heider <a.heider@gmail.com>
[bump PKG_RELEASE]
Signed-off-by: David Bauer <mail@david-bauer.net>
2021-10-17 16:25:10 +02:00
Florian Eckert
b118efa0d2
buildsystem: add CONFIG_SECCOMP
Until now, this feature was switched on via the kernel configuration
option KERNEL_SECCOMP.

The follwing change a7f794cd2a now requires that
the package procd-seccomp must also enabled for buildinmg.

However, this is not the case we have no dependency and the imagebuilder
cannot build the image, because of the implicit package selection.

This change adds a new configuration option CONFIG_SECCOMP.
The new option  has the same behaviour as the configuration
option CONFIG_SELINUX.

If the CONFIG_SECCOMP is selected then the package procd-seccomp and
KERNEL_SECCOMP is enabled for this build.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-16 02:00:47 +01:00
David Bauer
0eed96ca5d hostapd: ubus: add BSS transtiton request method
The existing wnm_disassoc_imminent ubus method only supports issuing a
bss transition request with the disassoc imminent flag set.
For use-cases, where the client is requested to roam to another BSS
without a pending disassoc, this existing method is not suitable.

Add a new bss_transition_request ubus method, which provides a more
universal way to dispatch a transition request. It takes the following
arguments:

Required:
addr: String - MAC-address of the STA to send the request to (colon-seperated)

Optional:
abridged - Bool - Indicates if the abridged flag is set
disassociation_imminent: Bool - Whether or not the disassoc_imminent
                         flag is set
disassociation_timer: I32 - number of TBTTs after which the client will
                      be disassociated
validity_period: I32 - number of TBTTs after which the beacon
                 candidate list (if included) will be invalid
neighbors: blob-array - Array of strings containing neighbor reports as
           hex-string

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-10-13 22:55:45 +02:00
David Bauer
a3de42e72c hostapd: ubus: add notification for BSS transition response
To allow steering daemons to be aware of the STA-decided transition
target, publish WNM transition responses to ubus. This way, steerings
daemons can learn about STA-chosen targets and send a better selection
of transition candidates.

Signed-off-by: David Bauer <mail@david-bauer.net>
2021-10-13 22:55:06 +02:00
Daniel Golle
213ce1d837
procd: update to git HEAD
97bcdcf uxc: fix segfault caused by use-after-free
 6398e05 uxc: don't free the stack
 324ebd0 jail: fs: add support for asymmetric mount bind
 c44ab7f jail: netifd: generate netifd uci config and mount it
 82dd390 jail: make use of per-container netifd via ubus

The new per-jail netifd is now configured by filtering the host
network configuration. As libuci is used for that, procd-ujail now
depends on libuci.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-13 00:40:29 +01:00
Daniel Golle
c1685d92e4
netifd: update to git HEAD
be8cd8f interface: don't fork() to start jail interface
 7a048bd interface, ubus: rework netns up/down

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-13 00:40:23 +01:00
Felix Fietkau
ade56b8d9e mt76: update to the latest version
83598c2e872f mt76: avoid possible infinite loop in mt76_tx_status_check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-12 14:45:09 +02:00
Felix Fietkau
9d994f35b4 mt76: update to the latest version
1af0242d1241 mt76: mt7915: replace a 64 bit divsion with a call to div_u64_rem

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-11 21:54:16 +02:00
Felix Fietkau
af9d31aacc mac80211: remove kcov bits from TWT backport patch
Our backports version does not have support for kcov in mac80211
Fixes build errors on some platforms

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-11 17:19:53 +02:00
Felix Fietkau
4f2fd0215b mt76: update to the latest version
74dedf9352c5 mt76: mt7615: fix skb use-after-free on mac reset
7201290eda43 mt76: mt7921: Fix out of order process by invalid event pkt
ca1b57e9971a mt76: mt7915: add a missing HT flag for GI parsing
4932c5d80153 of: net: pass the dst buffer to of_get_mac_address()
51d9eb3e6f52 mt76: mt7915: fix endianness warnings in mu radiotap
833ca13014ab mt76: mt7921: Add mt7922 support
8f8ed44d026e mt76: mt7915: add control knobs for thermal throttling
16f18bab6b11 mt76: mt7915: send EAPOL frames at lowest rate
affea639c586 mt76: mt7921: send EAPOL frames at lowest rate
ac00fed412d4 mt76: mt7915: fix potential overflow of eeprom page index [update]
e576ddb76dfa mt76: mt7915: switch proper tx arbiter mode in testmode
222847c3d5eb mt76: mt7915: fix bit fields for HT rate idx
d04814366c83 mt76: add support for setting mcast rate
4602acc9271a mt76: mt7921: fix dma hang in rmmod
ec2cf3bf96fd mt76: connac: fix GTK rekey offload failure on WPA mixed mode
2fdb9d621431 mt76: connac: add support for limiting to maximum regulatory Tx power
489ace63d42c mt76: mt7921: get rid of monitor_vif
22da8d28fcc8 mt76: mt7921: get rid of mt7921_mac_set_beacon_filter
c94130519786 mt76: mt7921: introduce mt7921_mcu_set_beacon_filter utility routine
51cff39d7ad3 mt76: overwrite default reg_ops if necessary
da11c1c6edef mt76: mt7615: move mt7615_mcu_set_p2p_oppps in mt76_connac module
47f50b0aa4b8 mt76: mt7921: report HE MU radiotap
4f48ba4b0254 mt76: mt7915: checkpatch cleanup
bc7ee7d7bdea mt76: mt7915: add HE-LTF into fixed rate command
6a19e40820aa mt76: mt7921: continue to probe driver when fw already downloaded
8b3d8e2de084 mt76: mt7921: fix firmware usage of RA info using legacy rates
17305a54b166 mt76: mt7921: fix kernel warning from cfg80211_calculate_bitrate
801c15577293 mt76: mt7921: fix endianness warnings in mt7921_mac_decode_he_mu_radiotap
0182a5b99a7a mt76: mt7915: update mac timing settings
e2ee9d0a33ed mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD
fa6504aceb4f Revert "mt76: mt7915: checkpatch cleanup"
56b842b72a72 mt76: mt7915: fix wmm index on DBDC cards
8044311f5de5 mt76: mt7915: fix potential NPE in TXS processing
28da4baec7c5 mt76: mt7915: fix he_mcs capabilities for 160mhz
f7088ebe7452 mt76: mt7915: add LED support
ee019046284d mt76: mt7915: introduce bss coloring support
9848094e4bb5 mt76: mt7921: Fix fall-through warning for Clang
5710d0643418 mt76: add a bound check in mt76_calculate_default_rate()
a509cf2b654e mt76: mt7921: move mt7921_queue_rx_skb to mac.c
5a0f2382fcfe mt76: mt7915: rework debugfs queue info
62ffc31f4d7b mt76: mt7915: rename debugfs tx-queues
4750b5c918e5 mt76: mt7921: always wake device if necessary in debugfs
ac6adf74b3f2 mt76: mt7921: update mib counters dumping phy stats
eb75b9266ce6 net🛜mt76: fix boolreturn.cocci warnings
d7c4698435b3 mt76: mt7921: fix the inconsistent state between bind and unbind
9dcfba3169c4 mt76: switch from 'pci_' to 'dma_' API
d8b5e42c9a73 mt76: fill boottime_ns in Rx path
8ee6446075f2 mt76: disable BH around napi_schedule() calls
e17d730bf2f6 mt76: mt7915: add LED support [update to v3]
80fe40c9457e mt76: mt7915: enable configured beacon tx rate
c8f0d1d81d05 mt76: mt7915: fix hwmon temp sensor mem use-after-free
3b9ba7e02076 mt76: mt7615: fix hwmon temp sensor mem use-after-free
5e82eceb45cb mt76: mt7921: start reworking tx rate reporting
eb66b5c9ff77 mt76: mt7921: add support for tx status reporting
c8010f170e76 mt76: mt7921: report tx rate directly from tx status
4dc7f3db572b mt76: mt7921: remove mcu rate reporting code
db89c6f86724 mt76: mt7921: remove mt7921_sta_stats
6bb8b4267dbe mt76: move spin_lock_bh to spin_lock in tasklet
0eacf41985da mt76: mt7915: honor all possible error conditions in mt7915_mcu_init()
4dfff296ee6e mt76: mt7915: fix possible infinite loop release semaphore
537ed88dd2d0 mt76: mt7921: robustify hardware initialization flow
e0b846159221 mt76: mt7921: fix retrying release semaphore without end
c55dedcea268 mt76: mt7915: add ethtool stats support
d1d5e8cd3a3e mt76: mt7915: add tx stats gathered from tx-status callbacks
1687189d68b7 mt76: mt7915: add some per-station tx stats to ethtool
f4dde5f765af mt76: mt7915: add tx mu/su counters to mib
9752bf0643c9 mt76: mt7915: add more MIB registers
4727415017c9 mt76: mt7915: add mib counters to ethtool stats
4ca80a749e7f mt76: connac: set 6G phymode in mt76_connac_get_phy_mode{,v2}
3f2a5d39631e mt76: connac: enable 6GHz band for hw scan
817a41826bd7 mt76: connac: add 6GHz support to mt76_connac_mcu_set_channel_domain
a6ab81c21080 mt76: connac: set 6G phymode in single-sku support
ca4f47028a44 mt76: connac: add 6GHz support to mt76_connac_mcu_sta_tlv
d2e192ea81e2 mt76: connac: add 6GHz support to mt76_connac_mcu_uni_add_bss
c3dd12b4c8ae mt76: connac: enable hw amsdu @ 6GHz
91ed2b256c20 mt76: add 6GHz support
de8c4f92621f mt76: mt7921: add 6GHz support
f143aedc1d57 mt76: introduce packet_id idr
bcc8d9e03a5d mt76: remove mt76_wcid pointer from mt76_tx_status_check signature
ccbd84763153 mt76: substitute sk_buff_head status_list with spinlock_t status_lock
69bb59df894c mt76: schedule status timeout at dma completion
03a992645310 mt76: support reading EEPROM data embedded in fdt
75615480b3fe mt76: introduce __mt76_mcu_send_firmware routine
e8e2eae41f94 mt76: drop MCU header size from buffer size in __mt76_mcu_send_firmware
4c455e8b1a20 mt76: mt7915: introduce __mt7915_get_tsf routine
9d49c611a2d7 mt76: mt7915: introduce mt7915_mcu_twt_agrt_update mcu command
f44ca79c9aed mt76: mt7915: introduce mt7915_mac_add_twt_setup routine
2f9555a2f18f mt76: mt7915: enable twt responder capability
440e2db8d541 mt76: mt7915: add twt_stats knob in debugfs
eb5f640f8afa mt76: debugfs: improve queue node readability
53d7eb3b4884 mt76: mt7615: fix monitor mode tear down crash
2aa3d4414826 mt76: mt7921: add delay config for sched scan
47e8e96e8e4d mt76: use a separate CCMP PN receive counter for management frames
5560b08f8e2d mt76: do not access 802.11 header in ccmp check for 802.3 rx skbs

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-11 13:27:19 +02:00
Felix Fietkau
978e822db3 mac80211: backport AP mode TWT support
Required for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-10-11 13:27:19 +02:00
Christian Lamparter
80b7a8a7f5 Revert "gpio-cdev: add nu801 userspace driver"
This reverts commit f536f5ebdd.

As Hauke commented, this causes builder failures on 5.4 kernels.
This revert includes changes to the mx100 kernel modules
dependency as well as the uci led definitions.

Tested-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-10 23:15:05 +02:00
Chris Blake
f536f5ebdd gpio-cdev: add nu801 userspace driver
This adds a userspace interpretation of the nu801 driver used by Meraki
hardware. Previously this was a driver that was added per target, but as
multiple targets now have this driver, we should move to something that
can be shared by all targets since no driver exists upstream.

Co-developed-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2021-10-10 16:47:41 +02:00
Adrian Schmutzler
91eed5d9fb rockchip: rename "Rock Pi 4" to "Rock Pi 4A"
Kernel has added the different variants of the Rock Pi 4 in commit
b5edb0467370 ("arm64: dts: rockchip: Mark rock-pi-4 as rock-pi-4a
dts"). The former Rock Pi 4 is now Rock Pi 4A.

For compatibility with kernel 5.4, this rename has been held back
so far. Having switched to kernel 5.10 now, we can finally apply
it in our tree as well.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-10-10 00:57:56 +02:00
Ronny Kotzschmar
72bfc35f8f umdns: add missing syscalls to seccomp filter
The 'mmap', 'mmap2', 'munmap' syscalls are missing.
Found with 'utrace /usr/sbin/umdns'.

Signed-off-by: Ronny Kotzschmar <ro.ok@me.com>
2021-10-07 23:21:59 -10:00
Stijn Tintel
b4a3c20aa4 kernel: drop kmod-gpio-dev
The GPIO_DEVICE symbol belonged to a custom driver that was removed from
OpenWrt in 2012. The symbol never existed in the upstream kernel.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-10-05 23:30:48 +03:00
Hannu Nyman
9fb038ca64 busybox: update to 1.34.1
Update busybox to version 1.34.1, which is a minor
maintenance release. It contains just the two post-1.34.0
upstream patches that we earlier backported plus a few fixes
to awk.

* Remove the two backported upstream patches that are
  now unnecessary.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2021-10-05 20:59:32 +02:00
Daniel Golle
b6da10f2d1
uboot-mediatek: update to 2021.10
U-Boot 2021.10 has been released.
Rebase mediatek patches on top of new release and remove some patches
which have been merged upstream.

Tested on Bananapi BPi-R2 (mt7623), Bananapi BPi-R64 (mt7622) and
Linksys E8450 (mt7622).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-10-04 20:46:30 +01:00
Paul Fertser
ed7769aa40 dnsmasq: add explicit "set:" for client-matching options
Bring the usage in line with the dnsmasq man page and the other options
where set: is mandatory.

No functional change.

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
2021-10-03 21:48:16 +02:00
Adrian Schmutzler
53d19bb8cf treewide: use AUTORELEASE on all uboot-* packages
Nobody ever updates PKG_RELEASE when changing devices or setup in
the various uboot-* packages. Use $(AUTORELEASE) so we still have
proper versioning there.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-10-02 21:26:12 +02:00
Rafał Miłecki
c4d5e60f61 bcm4908img: detect Linksys images
Linksys uses an extra 0x100 bytes long tail for BCM4908 images.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-10-02 20:26:42 +02:00
Rafał Miłecki
063038bcef bcm4908img: store offset of tail data
This simplifies some operations as it doesn't have to be caculated over
and over. It will also allow adding support for more vendor formats.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2021-10-02 20:26:42 +02:00
Robert Marko
78cf3e53b1 mvebu: add Globalscale MOCHAbin
Globalscale MOCHAbin is a Armada 7040 based development board.

Specifications:
* Armada 7040 Quad core ARMv8 Cortex A-72 @ 1.4GHz
* 2 / 4 / 8 GB of DDR4 DRAM
* 16 GB eMMC
* 4MB SPI-NOR (Bootloader)
* 1x M.2-2280 B-key socket (for SSD expansion, SATA3 only)
* 1x M.2-2250 B-key socket (for modems, USB2.0 and I2C only)
* 1x Mini-PCIe 3.0 (x1, USB2.0 and I2C)
* 1x SATA 7+15 socket (SATA3)
* 1x 16-pin (2×8) MikroBus Connector
* 1x SIM card slot (Connected to the mini-PCIe and both M.2 slots)
* 2x USB3.0 Type-A ports via SMSC USB5434B hub
* Cortex 2x5 JTAG
* microUSB port for UART (PL2303GL/PL2303SA onboard)
* 1x 10G SFP+
* 1x 1G SFP (Connected to 88E1512 PHY)
* 1x 1G RJ45 with PoE PD (Connected to 88E1512 PHY)
* 4x 1G RJ45 ports via Topaz 88E6141 switch
* RTC with battery holder (SoC provided, requires CR2032 battery)
* 1x 12V DC IN
* 1x Power switch
* 1x 12V fan header (3-pin, power only)
* 1x mini-PCIe LED header (2x0.1" pins)
* 1x M.2-2280 LED header (2x0.1" pins)
* 6x Bootstrap jumpers
* 1x Power LED (Green)
* 3x Tri-color RGB LEDs (Controllable)
* 1x Microchip ATECC608B secure element

Note that 1G SFP and 1G WAN cannot be used at the same time as they are in
parallel connected to the same PHY.

Installation:

Copy dtb from build_dir to bin/ and run tftpserver there:
$ cp ./build_dir/target-aarch64_cortex-a72_musl/linux-mvebu_cortexa72/image-armada-7040-mochabin.dtb bin/targets/mvebu/cortexa72/
$ in.tftpd -L -s bin/targets/mvebu/cortexa72/

Connect to the device UART via microUSB port and power on the device.

Power on the device and hit any key to stop the autoboot.

Set serverip (host IP) and ipaddr (any free IP address on the same subnet), e.g:
$ setenv serverip 192.168.1.10 # Host
$ setenv ipaddr 192.168.1.15 # Device

Set the ethernet device (Example for the 1G WAN):
$ setenv ethact mvpp2-2

Ping server to confirm network is working:
$ ping $serverip
Using mvpp2-2 device
host 192.168.1.15 is alive

Tftpboot the firmware:
$ tftpboot $kernel_addr_r openwrt-mvebu-cortexa72-globalscale_mochabin-initramfs-kernel.bin
$ tftpboot $fdt_addr_r image-armada-7040-mochabin.dtb

Boot the image:
$ booti $kernel_addr_r - $fdt_addr_r

Once the initramfs is booted, transfer openwrt-mvebu-cortexa72-globalscale_mochabin-squashfs-sdcard.img.gz
to /tmp dir on the device.

Gunzip and dd the image:
$ gunzip /tmp/openwrt-mvebu-cortexa72-globalscale_mochabin-squashfs-sdcard.img.gz
$ dd if=/tmp/openwrt-mvebu-cortexa72-globalscale_mochabin-squashfs-sdcard.img of=/dev/mmcblk0 && sync

Reboot the device.

Hit any key to stop the autoboot.

Reset U-boot env and set the bootcmd:
$ env default -a
$ setenv bootcmd 'load mmc 0 ${loadaddr} boot.scr && source ${loadaddr}'

Optionally I would advise to edit the console env variable to remove earlycon as that
causes the kernel to never use the driver for the serial console.
Earlycon should be used only for debugging before the kernel can configure the console
and will otherwise cause various issues with the console.

$ setenv console 'console=ttyS0,115200'

Save and reset
$ saveenv
$ reset

OpenWrt should boot from eMMC now.

Signed-off-by: Robert Marko <robert.marko@sartura.hr>
2021-10-02 16:45:35 +02:00
Alan Swanson
8db6410492 uboot-lantiq: fix sha1.h header clash when system libmd installed
Backport of u-boot commit "includes: move openssl headers to include/u-boot"
2b9912e6a7

Fixes: FS#3955
Signed-off-by: Alan Swanson <reiver@improbability.net>
2021-10-02 13:33:46 +02:00
Daniel Golle
454e411a77 uboot-mediatek: fix and make use of LEDs on BPi-R2
Fix BPi-R2 GPIO LEDs to indicate boot into production or recovery
firmware in DTS and define them in default environment.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2021-09-30 22:49:55 +01:00
Felix Fietkau
fa13dd658f netifd: update to the latest version
186f6eaeba70 wireless: display log messages for setup/teardown/retry
fac471c4934a wireless: process and close script file descriptor when rerunning setup
62e2bb56f48e main: poll process log stream even if processes are killed
0e311d3f2d1a wireless: reset number of retries on config change
e467e0ff44c0 wireless: reset retry counter when setup succeeds
448ffc154fe7 wireless: fix index for stations

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-09-30 11:33:37 +02:00
Felix Fietkau
42dda0ed3e mac80211: allow retry of wifi setup if an iw interface add command fails
In some cases, spurious failures might be cleared by teardown and retry

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-09-30 11:33:37 +02:00
Rosen Penev
585cef5f1a cryptodev-linux: update to 1.12
Remove upstream backport.

Use AUTORELEASE for simplicity.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-09-29 22:56:59 +02:00
Stijn Tintel
0e30276632 kernel: add missing symbol to kmod-kvm
Even though TRACEPOINTS is not enabled in my kernel config, my build
fails due to KVM_MMU_AUDIT being missing. Add this symbol to kmod-kvm to
fix this.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-09-29 19:17:55 +03:00
Stijn Tintel
73a2570fa0 kernel: order kmod-kvm symbols alphabetically
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2021-09-29 19:17:55 +03:00
Felix Fietkau
9c3b1d5563 netifd: update to the latest version
4d0c2ad3fd26 wireless: fix applying wireless devices attributes on hotplug events

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-09-28 14:27:34 +02:00
Felix Fietkau
6cd54254e4 netifd: update to the latest version
5a4ac30c7a15 netifd: rework/fix device free handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-09-27 19:00:28 +02:00
Felix Fietkau
2bfac61483 mac80211: backport support for BSS color changes
This is needed for an upcoming mt76 update

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2021-09-25 09:38:37 +02:00
Jesus Fernandez Manzano
5269c47e8d hostapd: fix segfault when deinit mesh ifaces
In hostapd_ubus_add_bss(), ubus objects are not registered for mesh
interfaces. This provokes a segfault when accessing the ubus object in
mesh deinit.

This commit adds the same condition to hostapd_ubus_free_bss() for
discarding those mesh interfaces.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.net>
2021-09-24 12:32:19 +02:00
Paul Spooren
70543aafb2 base-files: reduce number of mkdir calls
The `mkdir` commands supports passing multiple arguments to batch create
multiple folders, instead of calling the tool every single time.

If the creation of one of the folders fails, all other folder are still
created and therefore doesn't change the error handling.

Also stop creating `/etc/` explicitly after subfolders of `/etc/` were
already created.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-09-23 21:40:52 -10:00
Paul Spooren
9c331a6a91 base-files: reduce sed calls
The `sed`-script shouldn't be called multiple times, especially not with
the same files.

This commit merges all files together in a single `sed`-script call.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-09-23 21:39:46 -10:00
Rosen Penev
67cd648fa2 restool: add back PKG_VERSION
For some reason, the build system chops off the last number from the version,
which is not correct. Add it back.

Update hash.

Fixes: 96c7164acd ("restool: update to LSDK-20.12")

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[add Fixes]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2021-09-23 23:20:42 +02:00
Sven Eckelmann
8b09070820 ipq-wifi: Work around Plasma Cloud PA1200 5GHz crash
It was noticed [1] that the ath10k firmware crashes on 5GHz since OpenWrt
21.02.0. The problem seems to be triggered by the the nonLinearTxFir field
in the 5GHz BDF. If baseEepHeader.nonLinearTxFir (offset 0xc2) is 1 then
the firmware just crashes when setting up the 5Ghz radio using `ifconfig
wlan1 up`:

  ath10k_ahb a800000.wifi: firmware crashed! (guid 9e36ee82-4d2c-4c63-b20b-609a1eaca30c)
  ath10k_ahb a800000.wifi: qca4019 hw1.0 target 0x01000000 chip_id 0x003b00ff sub 0000:0000
  ath10k_ahb a800000.wifi: kconfig debug 0 debugfs 1 tracing 0 dfs 1 testmode 0
  ath10k_ahb a800000.wifi: firmware ver 10.4-3.6-00140 api 5 features no-p2p,mfp,peer-flow-ctrl,btcoex-param,allows-mesh-bcast,no-ps crc32 ba79b746
  ath10k_ahb a800000.wifi: board_file api 2 bmi_id 0:17 crc32 5f400efc
  ath10k_ahb a800000.wifi: htt-ver 2.2 wmi-op 6 htt-op 4 cal pre-cal-file max-sta 512 raw 0 hwcrypto 1
  ath10k_ahb a800000.wifi: firmware register dump:
  ath10k_ahb a800000.wifi: [00]: 0x0000000B 0x000015B3 0x009C3C27 0x00975B31
  ath10k_ahb a800000.wifi: [04]: 0x009C3C27 0x00060530 0x00000018 0x004176B8
  ath10k_ahb a800000.wifi: [08]: 0x00405A50 0x00412A30 0x00000000 0x00000000
  ath10k_ahb a800000.wifi: [12]: 0x00000009 0x00000000 0x009B9742 0x009B974F
  ath10k_ahb a800000.wifi: [16]: 0x00971238 0x009B9742 0x00000000 0x00000000
  ath10k_ahb a800000.wifi: [20]: 0x409C3C27 0x004053DC 0x00000D2C 0x00405A60
  ath10k_ahb a800000.wifi: [24]: 0x809C3E13 0x0040543C 0x00000000 0xC09C3C27
  ath10k_ahb a800000.wifi: [28]: 0x809B9AC5 0x0040547C 0x00412A30 0x0040549C
  ath10k_ahb a800000.wifi: [32]: 0x809B8ECD 0x0040549C 0x00000001 0x00412A30
  ath10k_ahb a800000.wifi: [36]: 0x809B8FF3 0x004054CC 0x00412838 0x00000014
  ath10k_ahb a800000.wifi: [40]: 0x809BEF98 0x0040551C 0x0041627C 0x00000002
  ath10k_ahb a800000.wifi: [44]: 0x80986D47 0x0040553C 0x0041627C 0x00416A88
  ath10k_ahb a800000.wifi: [48]: 0x809CBB0A 0x0040559C 0x0041ACC0 0x00000000
  ath10k_ahb a800000.wifi: [52]: 0x809864EE 0x0040560C 0x0041ACC0 0x00000001
  ath10k_ahb a800000.wifi: [56]: 0x809CA8A4 0x0040564C 0x0041ACC0 0x00000001
  ath10k_ahb a800000.wifi: Copy Engine register dump:
  ath10k_ahb a800000.wifi: [00]: 0x0004a000  14  14   3   3
  ath10k_ahb a800000.wifi: [01]: 0x0004a400  16  16  22  23
  ath10k_ahb a800000.wifi: [02]: 0x0004a800   3   3   2   3
  ath10k_ahb a800000.wifi: [03]: 0x0004ac00  15  15  15  15
  ath10k_ahb a800000.wifi: [04]: 0x0004b000   4   4  44   4
  ath10k_ahb a800000.wifi: [05]: 0x0004b400   3   3   2   3
  ath10k_ahb a800000.wifi: [06]: 0x0004b800   1   1   1   1
  ath10k_ahb a800000.wifi: [07]: 0x0004bc00   1   1   1   1
  ath10k_ahb a800000.wifi: [08]: 0x0004c000   0   0 127   0
  ath10k_ahb a800000.wifi: [09]: 0x0004c400   0   0   0   0
  ath10k_ahb a800000.wifi: [10]: 0x0004c800   0   0   0   0
  ath10k_ahb a800000.wifi: [11]: 0x0004cc00   0   0   0   0
  ath10k_ahb a800000.wifi: failed to update channel list: -108
  ath10k_ahb a800000.wifi: failed to set pdev regdomain: -108
  ath10k_ahb a800000.wifi: failed to create WMI vdev 0: -108
  ieee80211 phy1: Hardware restart was requested

Since no actual solution is known (besides downgrading the ath10k firmware)
it seems to be better to disable the nonLinearTxFir for now.

[1] https://lore.kernel.org/ath10k/3423718.UToCqzeSYe@ripper/

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2021-09-23 20:50:58 +02:00
Sven Eckelmann
e0721608f9 ipq-wifi: Update Plasma Cloud PA1200 BDFs to firmware 3.5.12
The official Plasma Cloud firmware adjusted the BDFs to contain new
conformance test limits and target power values. These should be imported
to avoid emissions outside the allowed limits.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2021-09-23 20:50:58 +02:00
Timo Sigurdsson
f83e927b87 fstools: ensure filesystems are mounted before log service starts
Currently, the fstab service starts after the log service which breaks
the ability to write a persistent log file to a filesystem mounted by
the fstab service. Thus, change the start order of the fstab service so
it starts right before the log service.

Fixes: b131853 ("ubox: update to latest git revision")
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[set to 11 to be explicitly before log, not only alphabetically, SPDX]
Signed-off-by: Paul Spooren <mail@aparcar.org>
2021-09-22 16:49:10 -10:00