Commit Graph

16328 Commits

Author SHA1 Message Date
Christian Lamparter
4d34216ea5 linux-firmware: update to 20190815
Update linux-firmware to 20190815

git log --pretty=oneline --abbrev-commit 20190815..20190815

07b925b Install only listed firmware files
5621bfc rtw88: add a README file
7e431c5 rtw88: RTL8822C: add WoW firmware v7.3
2dc7023 rtw88: RTL8822C: update rtw8822c_fw.bin to v7.3
d3d000d Merge branch 'ath10k-20190808' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/linux-firmware
d3e17e9 Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
d3f7234 Merge commit '70af908f4ad7aa8bc65032253f99a0a4fbe1e6c3' of https://github.com/Netronome/linux-firmware
1f0a99f ath10k: QCA9984 hw1.0: update board-2.bin
49c1187 ath10k: QCA9984 hw1.0: update firmware-5.bin to 10.4-3.9.0.2-00046
1031f01 ath10k: QCA988X hw2.0: update firmware-5.bin to 10.2.4-1.0-00045
cf714a2 ath10k: QCA9888 hw2.0: update board-2.bin
81e2e77 ath10k: QCA9888 hw2.0: update firmware-5.bin to 10.4-3.9.0.2-00040
8dc2dfb ath10k: QCA9887 hw1.0: update firmware-5.bin to 10.2.4-1.0-00045
1bd3ef2 ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00140-QCARMSWPZ-1
e043109 ath10k: QCA4019 hw1.0: update board-2.bin
b1e26aa cxgb4: update firmware to revision 1.24.3.0
70af908 nfp: update Agilio SmartNIC flower firmware to rev AOTC-2.10.A.38
dff98c6 Merge branch 'master' of git://github.com/skeggsb/linux-firmware
580b076 Merge branch 'nxp_mc' of https://github.com/NXP/linux-firmware
f9b0071 Merge tag 'iwlwifi-fw-2019-07-20' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
2a3b75d nvidia: add missing entries in WHENCE
6fc1eb1 linux-firmware: Update NXP Management Complex firmware to version 10.16.2
cd6cb7b iwlwifi: update -48 FWs for Qu and cc
b5f09bb iwlwifi: update FWs for 3168, 7265D, 9000, 9260, 8000, 8265 and cc
bf13a71 Merge branch 'guc_v33' of git://anongit.freedesktop.org/drm/drm-firmware
d52556e linux-firmware: Update firmware file for Intel Bluetooth AX201
dbcc2fb linux-firmware: Update firmware file for Intel Bluetooth 22161
a5ee415 linux-firmware: Update firmware file for Intel Bluetooth 9560
7444ca4 linux-firmware: Update firmware file for Intel Bluetooth 9260
3d1e553 amdgpu: update vega10 VCE firmware
5d4e3cc amdgpu: update picasso vcn firmware
6a45d9e amdgpu: update raven vcn firmware
9c8161f amdgpu: update tonga to latest 19.20 firmware
7b6c49c amdgpu: update vega12 to latest 19.20 firmware
4f7b71b amdgpu: partially revert 2579167548be33afb1fe2a9a5c141561ee5a8bbe
fd3cc24 amdgpu: update vega10 to latest 19.20 firmware
c190efa amdgpu: update polaris12 to latest 19.20 firmware
f42b54e amdgpu: update raven2 to latest 19.20 firmware
fc89ce8 amdgpu: update raven to latest 19.20 firmware
3bebb5a amdgpu: update picasso to latest 19.20 firmware
05dbae6 drm/i915/firmware: Add v33 of GuC for ICL
786f17a drm/i915/firmware: Add v33 of GuC for KBL
aae0eb5 drm/i915/firmware: Add v33 of GuC for SKL
9cf240f drm/i915/firmware: Add v33 of GuC for GLK
8a0a6a6 drm/i915/firmware: Add v33 of GuC for BXT
70e4394 linux-firmware: rsi: add firmware image for redpine 9116 chipset
fd69a5d linux-firmware: Add firmware file for Intel Bluetooth AX201
7ae3a09 Merge tag 'iwlwifi-fw-2019-06-20' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
90e6845 iwlwifi: add new firmwares for integrated 22000 series
71ef30c iwlwifi: update FW for 22000 to Core45-96
e58cbf7 iwlwifi: update FWs for 9000 series to Core45-96
b443218 iwlwifi: update Core45 FWs for 22260, 9000 and 9260
5157165 iwlwifi: udpate -36 firmware for 8000 series

This commit was created with the help of the make-package-update-commit.sh script.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-18 20:56:41 +02:00
Christian Lamparter
cfd0748497 iftop: update to HEAD of 2018-10-03 - 77901c
Update iftop to commit 77901c8c53e01359d83b8090aacfe62214658183

git log --pretty=oneline --abbrev-commit 949ed0f7..77901c8c

77901c8 Support scales beyond 1Gbps

Created with the help of the make-package-update-commit.sh script.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-08-18 20:56:41 +02:00
Jo-Philipp Wich
d1f207ecc9 uhttpd: update to latest Git HEAD
6b03f96 ubus: increase maximum ubus request size to 64KB

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-18 20:00:06 +02:00
Hans Dedecker
58f929077f nghttp2: bump to 1.39.2
957abacf Bump up version number to 1.39.2, LT revision to 32:0:18
83d362c6 Don't read too greedily
a76d0723 Add nghttp2_option_set_max_outbound_ack
db2f612a nghttpx: Fix request stall

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-18 18:58:16 +02:00
Yousong Zhou
f0f5cb26cb ltq-ifxos: refer to https://bugs.openwrt.org
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-08-18 15:23:49 +00:00
Yousong Zhou
26615ededc ct-bugcheck: report to https://openwrt.org by default
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-08-18 15:23:25 +00:00
Alin Nastac
a6da3f9ef7 iproute2: add libcap support, enabled in ip-full
Preserve optionality of libcap by having configuration script follow the
HAVE_CAP environment variable, used similarly to the HAVE_ELF variable.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase/refresh patches]
2019-08-18 14:44:10 +02:00
James Taylor
eff6e10604 lua: add lua.hpp to InstallDev
This is necessary to build PowerDNS authoritative and recursor against
OpenWRT, and may avoid packages depending on lua/host unnecessarily.

Signed-off-by: James Taylor <james@jtaylor.id.au>
2019-08-18 14:06:24 +02:00
Hauke Mehrtens
397faa6e7c rtl8812au-ct: Add vendor command policy
Fixes: 928e893a11 ("mac80211: Update to version 5.3-rc4-1")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-18 14:06:24 +02:00
Boris Krasnovskiy
0c43219a35 mwlwifi: Fix loading with backports v5.3
This adds a vendor command policy which is enforced since mac80211 from
kernel 5.3

Fixes: 928e893a11 ("mac80211: Update to version 5.3-rc4-1")
Signed-off-by: Boris Krasnovskiy <boris.krasnovskiy@lairdtech.com>
2019-08-18 14:06:14 +02:00
Sandeep Sheriker M
0b7c66c93b at91bootstrap: add sama5d27_som1_eksd1_uboot as default defconfig
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:08:44 +02:00
Sandeep Sheriker M
8ff5d69734 at91bootstrap: add support for at91sam9x5ek
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:08:38 +02:00
Sandeep Sheriker M
f9c7ca84bc at91bootstrap: bump v3.8.10 to v3.8.12
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:08:31 +02:00
Sandeep Sheriker M
b39dc6e550 uboot-at91: fix -Wformat-security
add patch to fix -Wformat-security warnings.

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:08:10 +02:00
Sandeep Sheriker M
adc69febc0 uboot-at91: changed som1 ek default defconfigs
replaced som1 ek spi flash with qspi defconfig and mmc with mmc1
defconfig.

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:08:05 +02:00
Sandeep Sheriker M
4fe08476ce uboot-at91: add at91sam9x5ek soc
add support to build u-boot binaries for at91sam9x5ek socs.

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:08:00 +02:00
Sandeep Sheriker M
8309a3c8b1 uboot-at91: bump linux4sam_5.8 to linux4sam_6.0
Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-08-17 23:07:53 +02:00
Hauke Mehrtens
ced2b7bb98 ustream-ssl: update to latest git HEAD
e8f9c22 Revise supported ciphersuites
7e9e269 wolfssl, openssl: use TLS 1.3, set ciphersuites

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 17:09:42 +02:00
Luiz Angelo Daros de Luca
0d0617ff14 musl: ldso/dlsym: fix mips returning undef dlsym
This happens only the second time a library is loaded by dlopen().
After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef
symbol from lib1 dependencies. After the second library is loaded,
dlsym(lib2,"undef1") was returning the address of "undef1" in lib2
instead of searching lib2 dependencies.

Using upstream fix which now uses the same logic for relocation time
and dlsym.

Fixes openwrt/packages#9297

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2019-08-17 16:57:32 +02:00
Eneas U de Queiroz
77e0e99d31 wolfssl: bump to 4.1.0-stable
Always build AES-GCM support.
Unnecessary patches were removed.

This includes two vulnerability fixes:

CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK
extension parsing.

CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-08-17 16:43:23 +02:00
Rosen Penev
1673041013 bzip2: Update to 1.0.8
It seems bzip2 was abandoned by the author and adopted by the sourceware
people. The last release of bzip2 was from 2010.

Several security bugs were fixed as well as others.

Fixed up PKG_LICENSE to be compatible with SPDX.

Changed URLs to point to the new home.

Added patch that gets rid of deprecated utime function and switches it to
utimensat.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-17 16:43:22 +02:00
Hauke Mehrtens
928e893a11 mac80211: Update to version 5.3-rc4-1
The removed patches were applied upstream.
The type of the RT2X00_LIB_EEPROM config option was changed to bool,
because boolean is an invalid value and the new kconfig system
complained about this.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 13:41:16 +02:00
Hauke Mehrtens
742505ef09 mac80211: Update to version 5.2.8-1
This contains multiple fixes from the upstream kernel.
The removed patch was merged upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 13:39:14 +02:00
Hauke Mehrtens
ebbec2fdc6 mdadm: Use upstream fix for musl 1.1.23 compile
Fixes: ba8aeb02ea ("mdadm: Fix compile with musl 1.1.23")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 00:30:52 +02:00
Hauke Mehrtens
1d4df52c21 hostapd: Allow CONFIG_IEEE80211W for all but mini variant
This commit will activate CONFIG_IEEE80211W for all, but the mini
variant when at least one driver supports it. This will add ieee80211w
support for the mesh variant for example.

Fixes: FS#2397
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 00:16:08 +02:00
Hauke Mehrtens
f34e825834 hostapd: Remove ROBO switch support
The driver was removed from OpenWrt a long time ago.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-17 00:16:08 +02:00
Colby Whitney
762fa36b6f lua5.3: include hpp header
The install was missing the hpp header.  Adding that in.

Signed-off-by: Colby Whitney <colby.whitney@luxul.com>
2019-08-16 22:53:06 +02:00
Kevin Darbyshire-Bryant
51ffce0694 firewall: improve ipset support
Bump to latest git HEAD

509e673 firewall3: Improve ipset support

The enabled option did not work properly for ipsets, as it was not
checked on create/destroy of a set. After this commit, sets are only
created/destroyed if enabled is set to true.

Add support for reloading, or recreating, ipsets on firewall reload.  By
setting "reload_set" to true, the set will be destroyed and then
re-created when the firewall is reloaded.

Add support for the counters and comment extensions. By setting
"counters" or "comment" to true, then counters or comments are added to
the set.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-08-16 11:27:24 +01:00
Paul Spooren
454021581f build: add buildinfo files for reproducibility
generate feeds.buildinfo and version.buildinfo in build dir after
containing the feed revisions (via ./scripts/feeds list -sf) as well as
the current revision of buildroot (via ./scripts/getver.sh).

With this information it should be possible to reproduce any build,
especially the release builds.

Usage would be to move feeds.buildinfo to feeds.conf and git checkout the
revision hash of version.buildinfo.

Content of feeds.buildinfo would look similar to this:

    src-git routing https://git.openwrt.org/feed/routing.git^bf475d6
    src-git telephony https://git.openwrt.org/feed/telephony.git^470eb8e
    ...

Content of version.buildinfo would look similar to this:

    r10203+1-c12bd3a21b

Without the exact feed revision it is not possible to determine
installed package versions.

Also rename config.seed to config.buildinfo to follow the recommended
style of https://reproducible-builds.org/docs/recording/

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-08-13 10:40:36 +02:00
Felix Fietkau
7ec092e641 Revert faulty tree push
Revert "mac80211: add new minstrel_ht patches to improve probing on mt76x2" (9861050b85)
Revert "kernel: use bulk free in kfree_skb_list to improve performance" (98b654de2e)
Revert "ramips: add preliminary support for WIO ONE" (085141dc5b)
Revert "ramips: add preliminary support for SGE AP-MTKH7-0006 developer board" (b1db6d0539)
Revert "build: use config.site generated by autoconf-lean, drop hardcoded sitefiles" (363ce4329d)
Revert "toolchain: add autoconf-lean" (fdb30eed03)
Revert "build: allow overriding the filename on the remote server when downloading" (6fa0e07758)

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-12 12:27:06 +02:00
Felix Fietkau
9861050b85 mac80211: add new minstrel_ht patches to improve probing on mt76x2
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-08-12 11:43:39 +02:00
Hans Dedecker
63ced14048 dnsmasq: use nettle ecc_curve access functions
Fixes compile issues with nettle 3.5.1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-09 21:40:13 +02:00
Daniel Engberg
9e489b41b5 nettle: Update to 3.5.1
Update (lib)nettle to 3.5.1
Bump ABI_VERSION

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-08-09 21:40:13 +02:00
Vincent Wiemann
ccb4b96b8a comgt-ncm: add driver dependencies again
In the commit 623716dd43 ("comgt-ncm: Fix NCM protocol")
the dependencies to vendor NCM drivers were removed, because:

> comgt-ncm should not depend on the USB-serial-related kernel modules,
> as the cdc-wdm control device works without them. There is also no need
> to depend on kmod-huawei-cdc-ncm, since other manufacturers (like
> Ericsson and Samsung) which use other kernel modules should also be
> supported.

From a user-perspective this does not make sense, as installing comgt-ncm
(or luci-proto-ncm) should install all needed dependencies for using such
a device.

Furthermore depending on kmod-huawei-cdc-ncm does not mean that Ericsson
and Samsung devices can't be supported. By the way it seems that Ericsson
and Samsung devices never used NCM, but act as serial modems.

Thus this commit adds the dependencies again.

Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com>
[fixed title capitalization, formatted commit message,
renamed Sony-Ericsson to Ericsson]
Signed-off-by: David Bauer <mail@david-bauer.net>
2019-08-08 21:33:34 +02:00
Chuanhong Guo
11182349e1 gpio-button-hotplug: add volume button handling
This is used by PISEN WMB001N.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-08-08 21:00:59 +08:00
Hans Dedecker
d9364c1cbc procd: update to latest git HEAD (FS#2425)
8323690 state: fix shutdown when running in a container (FS#2425)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-07 13:56:53 +02:00
Hans Dedecker
d70a35c365 netifd: update to latest git HEAD
5e02f94 system-linux: fix resource leak

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-07 13:55:52 +02:00
Jo-Philipp Wich
e1f588e446 packages: apply usign padding workarounds to package indexes if needed
Since usign miscalculates SHA-512 digests for input sizes of exactly
64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some
white space padding to avoid triggering the hashing edge case.

While usign itself has been fixed already, there is still many firmwares
in the wild which use broken usign versions to verify current package
indexes so we'll need to carry this workaround in the forseeable future.

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Ref: https://git.openwrt.org/5a52b379902471cef495687547c7b568142f66d2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-07 07:15:07 +02:00
Jo-Philipp Wich
f565f276e2 config: introduce separate CONFIG_SIGNATURE_CHECK option
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.

This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.

Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.

As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-06 21:22:27 +02:00
Jo-Philipp Wich
991dd5a893 usign: update to latest Git HEAD
This update fixes usign signature verification on files with certain
file sizes triggering a bug in the shipped SHA-512 implementation.

5a52b37 sha512: fix bad hardcoded constant in sha512_final()
3e6648b README: replace unicode character
716c3f2 README: add reference to OpenBSD signify
86d3668 README: provide reference for ed25519 algorithm
939ec35 usign: main.c: describe necessary arguments for -G

Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-08-06 20:57:37 +02:00
Petr Štetiar
79596f782e adb: fix build breakage on recent musl
Fix build breakage as upstream has removed implicit include of
sys/sysmacros.h from sys/types.h:

 remove implicit include of sys/sysmacros.h from sys/types.h

 this reverts commit f552c792c7ce5a560f214e1104d93ee5b0833967, which
 exposed the sysmacros.h macros (device major/minor calculations) for
 BSD and GNU profiles to mimic an unintentional glibc behavior some
 code depended on. glibc has deprecated and since removed them as the
 resolution to bug #19239, so it makes no sense for us to keep this
 behavior. affected code should all have been fixed by now, and if it's
 not yet fixed it needs to be for use with modern glibc anyway.

Ref: https://git.musl-libc.org/cgit/musl/commit/include/sys/types.h?id=a31a30a0076c284133c0f4dfa32b8b37883ac930
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-08-06 00:09:48 +02:00
Rosen Penev
1b1c47577b linux-atm: Add missing headers
This fixes compilation with -Werror=implicit-function-declaration.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-08-05 23:22:26 +02:00
Tomasz Maciej Nowak
d6b585eb4e kernel: drop mvebu support in kmod-usb3
This is already enabled as kernel built-in feature in mvebu target and
none other target will use it.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-08-05 23:22:26 +02:00
Jeffery To
e545fac8d9 build: include BUILD_VARIANT in PKG_BUILD_DIR
This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into
account (if set), so that packages do not need to manually override
PKG_BUILD_DIR just to handle variants.

This also updates most base packages with variants to use the updated
default PKG_BUILD_DIR.

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-08-05 23:22:26 +02:00
Hans Dedecker
018395392c ethtool: bump to 5.2
379c096 Release version 5.2.
2bce6d9 ethtool: Add 100BaseT1 and 1000BaseT1 link modes
67ffbf5 ethtool: sync ethtool-copy.h with linux-next from 30/05/2019
687152b ethtool.spec: Use standard file location macros

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-05 21:04:44 +02:00
Hans Dedecker
efb7b7a12a firewall: update to latest git HEAD
de94097 utils: coverity resource leak warning

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-08-05 14:18:27 +02:00
DENG Qingfang
edd9b39fab ipset: update to 7.3
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-08-05 09:42:09 +02:00
Petr Štetiar
b6bae4a2c9 wireless-regdb: fix build when python2 from package feeds exists
wireless-regdb fails to build if there is python2 installed from package
feeds, as staging_dir/hostpkg/bin/python is python2 and
staging_dir/hostpkg/bin takes precedence over staging_dir/host/bin
(proper place with python -> python3 symlink) which leads to the build
failure of wireless-regdb, so this patch makes it explicit which python
should be used.

Reported-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Russell Senior <russell@personaltelco.net>
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-08-04 22:09:20 +02:00
Kevin Darbyshire-Bryant
fc5d46dc62 Revert "dnsmasq: backport latest patches"
This reverts commit e9eec39aac.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-08-03 20:55:52 +01:00
Kevin Darbyshire-Bryant
a275466729 Revert "dnsmasq: improve insecure DS warning"
This reverts commit cd91f2327f.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-08-03 20:55:45 +01:00
Hauke Mehrtens
ba8aeb02ea mdadm: Fix compile with musl 1.1.23
This adds missing includes for sys/sysmacros.h which are needed with
musl libc 1.1.23.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-08-03 11:29:40 +02:00
Álvaro Fernández Rojas
a56d2e9d1b brcm27xx-armstub: remove package
Apparently, latest RPi firmware doesn't need this to boot RPi 4
64 bit kernels.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-08-03 09:03:30 +02:00
Álvaro Fernández Rojas
b0b5424378 linux-firmware: fix RPi 4 NVRAM
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-08-03 08:16:10 +02:00
Álvaro Fernández Rojas
bf6e79db8b brcm27xx-armstub: add new package
This package is needed for RPi 4B AARCH64 support

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-08-02 20:35:08 +02:00
Álvaro Fernández Rojas
6d79e097e9 brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-08-02 19:02:01 +02:00
Piotr Dymacz
bc1ad40991 uboot-envtools: ath79: add support for ALFA Network AP121F
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-07-31 08:38:06 +02:00
Piotr Dymacz
d99206b375 uboot-envtools: ath79: fix indent and alphabetical order
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-07-31 08:38:06 +02:00
Kevin Darbyshire-Bryant
12840674d0 wireless-regdb: fix patch fuzz
Refresh patches to tidy up some fuzz warnings

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-30 09:42:05 +01:00
John Crispin
8562e77953 wireless-regdb: fix Makefile indentation
Signed-off-by: John Crispin <john@phrozen.org>
2019-07-30 00:33:12 +02:00
Kevin Darbyshire-Bryant
4bc02a421f iptables: fix connmark savedscp build
Add <strings.h> for ffs() definition.

Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-29 20:23:13 +01:00
Kevin Darbyshire-Bryant
4dcef8263e Revert "kmod-sched-cake: drop out of tree package, use kernel version"
This reverts commit 5c094ff660.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-29 16:12:42 +01:00
Kevin Darbyshire-Bryant
5c661f5aaa Revert "netsupport: move out sch_cake from kmod-sched"
This reverts commit b31f9190c3.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-29 16:11:39 +01:00
Rafał Miłecki
6a7b201b6c mac80211: brcm: improve brcmfmac debugging of firmware crashes
This provides a complete console messages dump.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-28 14:10:37 +02:00
Rafał Miłecki
8e466fb7e3 mac80211: brcm: update brcmfmac 5.4 patches
Use commits from wireless-drivers-next.git.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-28 14:10:19 +02:00
Biwen Li
83d5ca2186 tfa-layerscape: fix create_pbl and byte_swap host build
- make create_pbl and byte_swap as host tools

- fix a bug that maybe use the cross compiler
to compile create_pbl and byte_swap:

	# -a option appends the image for Chassis 3 devices in case of non secure boot
	aarch64-openwrt-linux-musl-gcc -Wall -Werror -pedantic -std=c99 -O2
	 -DVERSION=v1.5(release):reboot-10604-ge9216b3336 -D_GNU_SOURCE -D_XOPEN_SOURCE=700
	 -c -o create_pbl.o create_pbl.c
	cc1: note: someone does not honour COPTS correctly, passed 0 times
	  LD      create_pbl
	/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
	/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
	/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
	create_pbl.o: error adding symbols: File in wrong format
	collect2: error: ld returned 1 exit status
	Makefile:43: recipe for target create_pbl failed
	make[4]: *** [create_pbl] Error 1
	plat/nxp/tools/pbl_ch2.mk:45: recipe for target pbl failed
	make[3]: *** [pbl] Error 2

- add tfa- prefix to all tools in order to avoid future clashes with
  other toolnames

Signed-off-by: Biwen Li <biwen.li@nxp.com>
[added missing HOST_CFLAGS, added tfa- prefix to the tools]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-26 15:21:58 +02:00
Petr Štetiar
57d1c05ec9 wireless-regdb: set PKGARCH:=all
As it's an architecture-independent binary file.

Ref: https://github.com/openwrt/openwrt/pull/1521#issuecomment-514687053
Suggested-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-26 08:09:16 +02:00
Petr Štetiar
d3853d17a3 wireless-regdb: prefer python provided by make variable
Usage of predefined make variables is preferred.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-26 08:09:16 +02:00
Zachary Riedlshah
ef3f868da0 wireless-regdb: update to 2019.06.03
Fixes build issues on a python3 host (issues with the print statement
formatting in the current build).

Includes 100-regdb-write-firmware-file-format-version-code-20.patch and
other fixes.

Closes bugs.openwrt.org/index.php?do=details&task_id=1605.

Uses the tarball as requested.

Signed-off-by: Zachary Riedlshah <git@zacharyrs.me>
2019-07-26 08:09:16 +02:00
Yangbo Lu
df0d555ea5 layerscape: convert to python3 for rcw
Python 2.7 will not be maintained past 2020. Let's convert
to python3 for rcw. Also drop byte swapping since TF-A had
been already used which handled byte swapping instead.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-07-26 08:09:16 +02:00
Jo-Philipp Wich
e9216b3336 openwrt-keyring: update to Git HEAD
8080ef3 usign: add 19.07 release build pubkey
e24fe0d usign: use distro agnostic comments
251ded7 usign: fix filename of Stijn's usign key
14f0efc gpg: update snapshots public signing key
14f845b gpg: replace my public GPG key
4f735b8 gpg: add OpenWrt 19.07 signing key
228f8da gpg: add OpenWrt 18.06 v2 signing key
36057d9 gpg: update LEDE 17.01 public signing key
f2989ab Add my public GPG and usign key

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-07-25 19:39:51 +02:00
Kevin Darbyshire-Bryant
cd91f2327f dnsmasq: improve insecure DS warning
Log the failing domain in the insecure DS warning.

Patch has been sent upstream.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-25 12:29:08 +01:00
Kevin Darbyshire-Bryant
e9eec39aac dnsmasq: backport latest patches
Backport upstream patches pre 2.81rc for testing purposes.

Let's see what falls out!

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-25 12:23:46 +01:00
Kevin Darbyshire-Bryant
1aad1d17ed iptables: add connmark savedscp support
iptables: connmark - add savedscp option

Naive user space front end to xt_connmark 'savedscp' option.

e.g.

iptables -A QOS_MARK_eth0 -t mangle -j CONNMARK --savedscp-mark 0xfc000000/0x01000000

Will save DSCP into the top 6 bits and OR 0x01 (ie set) the least
significant bit of most significant byte.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-25 10:18:23 +01:00
Petr Štetiar
b8249cef9f tfa-layerscape: fix fiptool host build
fiptool is a host tool, used in a firmware generation pipeline, but it's
not treated as such, leading to the build breakage on the hosts which
don't have {Open,Libre}SSL dev package installed:

 In file included from fiptool.h:16:0,
                 from fiptool.c:19:
		 fiptool_platform.h:18:27: fatal error: openssl/sha.h:
		 No such file or directory
		  #  include <openssl/sha.h>

So this patch promotes fiptool into the host tool with proper host
include and library paths under STAGING_DIR.

Ref: https://github.com/openwrt/openwrt/pull/2267
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-25 07:48:10 +02:00
Petr Štetiar
09c33df76f mt76: fix kernel Oops by updating to the latest version
75656a4590a3 net: wireless: support of_get_mac_address new ERR_PTR error

Ref: https://github.com/openwrt/mt76/issues/299
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-24 14:08:32 +02:00
Hans Dedecker
11617bcb3b netifd: update to latest git HEAD
899f168 system-linux: Coverity fixes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-07-22 21:48:34 +02:00
Rafał Miłecki
790692dde2 base-files: drop support for the platform_nand_pre_upgrade()
No target uses it anymore. All code from that callback was moved into
the platform_do_upgrade().

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-22 14:27:37 +02:00
Hans Dedecker
fc2df4f705 curl: update to 7.65.3
For changes in 7.65.3; see https://curl.haxx.se/changes.html#7_65_3

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-07-21 23:30:27 +02:00
Rafał Miłecki
db8e08a5a4 mac80211: brcm: backport first set of 5.4 brcmfmac changes
This doesn't include 9ff8614a3dbe ("brcmfmac: use separate Kconfig file
for brcmfmac") due to a few conflicts with backports changes.

An important change is:
[PATCH 2/7] brcmfmac: change the order of things in brcmf_detach()
which fixes a rmmod crash in the brcmf_txfinalize().

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-21 11:26:06 +02:00
Hauke Mehrtens
9c0c1c4401 ath10k-ct: Revert back to version 4.19
Version 5.2 shows a error when registering the devive for me.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-18 00:22:04 +02:00
Hauke Mehrtens
bc5b2bcd9c ath10k-ct: switch to version 5.2
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-18 00:22:04 +02:00
Hauke Mehrtens
10fe5ca362 ath10k-ct: remove patches for old versions
the ath10k-ct package ships multiple versions of the ath10k-ct driver,
OpenWrt currently only uses the version 4.19, but we still ship some
patches for older versions. Remove all patches only touching older
versions and also remove the patch for older versions from patches which
do the same changes to multiple versions of ath10k-ct.

This removes some unneeded patches, the end binary should stay the same.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-18 00:22:04 +02:00
Hauke Mehrtens
8f61b4cac4 ath10k-ct: update to version 2019-06-13
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-18 00:22:04 +02:00
Hauke Mehrtens
0b2c42ced2 mac80211: Update to version 5.2-rc7
This updates mac80211 to version 5.2-rc7, this contains all the changes
to the wireless subsystem up to Linux 5.2-rc7.

* The removed patches are applied upstream
* b43 now uses kmod-lib-cordic
* Update the nl80211.h file in iw to match backports version.
* Remove the two backports from kernel 4.9, they were needed for mt76,
  but that can use the version from backports now, otherwise they
  collide and cause compile errors.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-18 00:22:04 +02:00
Petr Štetiar
d6198d8625 mtd: cleanup unused code and variables in fis.c
While compile checking mtd changes in PR#1359 I've noticed following
compiler warnings and cleaned them up:

 fis.c: In function 'fis_remap':
 fis.c:143:25: warning: variable 'redboot' set but not used [-Wunused-but-set-variable]
   struct fis_image_desc *redboot = NULL;
                         ^~~~~~~
 fis.c:142:25: warning: variable 'fisdir' set but not used [-Wunused-but-set-variable]
   struct fis_image_desc *fisdir = NULL;
                         ^~~~~~

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-17 23:06:02 +02:00
Daniel Gimpelevich
fd104daa2f mtd: add CRC signature to RedBoot partition map
The code for calculating the CRC32 signatures for RedBoot FIS partitions
was already included, but for unknown reasons, it was never invoked. Some
bootloaders enforce checking these for loaded kernels, so they should be
written. This patch does so.

Tested-by: Brian Gonyer <bgonyer@gmail.com>
Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2019-07-17 22:59:29 +02:00
Martin Schiller
261df949fa openvpn: add new list option tls_ciphersuites
To configure the list of allowable TLS 1.3 ciphersuites, the option
tls_ciphersuites is used instead of tls_ciphers.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2019-07-17 22:59:29 +02:00
Petr Štetiar
16ac5c4fbd perf: simplify the build process
Redirect the build output to PKG_BUILD_DIR instead of copying over
complete source code.

Build tested on following targets:

 x86/64 ar7/generic ipq40xx/generic imx6/generic ar71xx/generic
 ramips/mt7621 ramips/mt7620 sunxi/cortexa7

Run tested on imx6/apalis.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-17 12:16:29 +02:00
Felix Fietkau
4c46bbbd93 mt76: update to the latest version
3d7f738 mt76: mt7615: add missing register initialization

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-07-17 09:36:44 +02:00
Felix Fietkau
8650201f10 mac80211: add config tweak for tx bursting when using VHT
By default, set BE tx queue TXOP limit to 1.0 in the hostapd config
Many vendor drivers are doing similar things to boost throughput.
On MT7612 under ideal conditions, it improves tx throughput from 470 Mbit/s
to about 570 Mbit/s.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-07-17 09:36:44 +02:00
Rafał Miłecki
3f4c785a6b base-files: don't set ARGV and ARGC
Those are not used by any image check function anymore.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-17 08:10:40 +02:00
Chuanhong Guo
e2cd70d6b1 package: mtd: add fixseama command for ath79
This is needed by Qihoo C301.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-07-16 20:14:02 +08:00
Chuanhong Guo
a9360452f0 ath79: add support for Qihoo C301
Specifications:
- SoC: AR9344
- RAM: 128MB
- Flash: 2 * 16MB (MX25L12845)
- Ethernet: 2 * FE LAN & 1 * FE WAN
- WiFi: 2.4G: AR9344 5G: QCA9882

Flash instruction:
1. Hold reset and power up the router
2. Set your IP to 192.168.1.x
3. Open 192.168.1.1 and upload the generated *factory* firmware

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2019-07-16 09:51:03 +08:00
Rafał Miłecki
430d65c544 libroxml: bump to the 3.0.2 version
* Fix for memory leak regression
* Support for (un)escaping

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-15 21:35:56 +02:00
Eneas U de Queiroz
c47eff0df3 libs/toolchain: remove eglibc remnant file
This removes package/libs/toolchain/eglibc-files/etc/nsswitch.conf.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-07-15 19:29:07 +02:00
Rafał Miłecki
1b937cb141 ubox: implement service_running() in log init.d script
It allows checking if service is running.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-15 16:21:56 +02:00
Rafał Miłecki
285c83a004 rpcd: implement service_running() in init.d script
It allows checking if service is running.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-15 16:21:56 +02:00
Petr Štetiar
cbae306815 fstools: add direct dependencies on libblobmsg-json and libjson-c
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefore add all libraries linked by
block-mount and blockd as direct dependencies to the corresponding
binary package definition.

This ensures that block-mount and blockd is automatically rebuilt and
relinked if any of these libraries has its ABI_VERSION updated in the
future.

Fixes: FS#2373
[jow: similar fix for procd and 98.42% of commit message]
Signed-off-by: Jo-Philip Wich <jow@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-07-15 00:38:24 +02:00
David Bauer
27f3f493de gpio-button-hotplug: unify polled and interrupt code
This patch unifies the polled and interrupt-driven gpio_keys code
paths as well implements consistent handling of the debounce
interval set for the GPIO buttons and switches.

Hotplug events will only be fired if

1. The input changes its state and remains stable for the duration
   of the debounce interval (default is 5 ms).

2. In the initial stable (no state-change for duration of the
   debounce interval) state once the driver module gets loaded.

   Switch type inputs will always report their stable state.
   Unpressed buttons will not trigger an event for the initial
   stable state. Whereas pressed buttons will trigger an event.
   This is consistent with upstream's gpio-key driver that uses
   the input subsystem (and dont use autorepeat).

Prior to this patch, this was handled inconsistently for interrupt-based
an polled gpio-keys. Hence this patch unifies the shared logic into the
gpio_keys_handle_button() function and modify both implementations to
handle the initial state properly.

The changes described in 2. ) . can have an impact on the
failsafe trigger. Up until now, the script checked for button
state changes. On the down side, this allowed to trigger the
failsafe by releasing a held button at the right time. On the
plus side, the button's polarity setting didn't matter.

Now, the failsafe will only engage when a button was pressed
at the right moment (same as before), but now it can
theoretically also trigger when the button was pressed the
whole time the kernel booted and well into the fast-blinking
preinit phase. However, the chances that this can happen are
really small. This is because the gpio-button module is usually
up and ready even before the preinit state is entered. So, the
initial pressed button event gets lost and most devices behave
as before.

Bisectors: If this patch causes a device to permanently go into
failsafe or experience weird behavior due to inputs, please
check the following:
 - the GPIO polarity setting for the button
 - the software-debounce value

Run-tested for 'gpio-keys' and 'gpio-keys-polled' on

 - devolo WiFi pro 1200e
 - devolo WiFi pro 1750c
 - devolo WiFi pro 1750x
 - Netgear WNDR4700
 - Meraki MR24
 - RT-AC58U

Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [further
cleanups, simplification and unification]
2019-07-14 14:02:20 +02:00
Álvaro Fernández Rojas
9e8932c17f brcm2708: switch to linux-firmware SDIO NVRAM
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-07-14 12:44:14 +02:00
Álvaro Fernández Rojas
aa00ac44d9 linux-firmware: add RPi SDIO NVRAM packages
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-07-14 12:44:14 +02:00
Álvaro Fernández Rojas
6c3e7d5ea0 brcm2708-gpu-fw: add support for Raspberry Pi 4
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-07-14 12:44:14 +02:00
Felix Fietkau
f1875e902d mt76: revert an accidental leftover debug change
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-07-13 16:01:51 +02:00
Hans Dedecker
9a72e7f601 procd: update to latest git HEAD
31f0765 procd: check strchr() result before using it

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-07-13 13:28:18 +02:00
Felix Fietkau
ba5878f056 mt76: update to the latest version
8fc3e6e mt76: mt7615: fix using VHT STBC rates
b21b991 mt76: mt7615: fix PS buffering of action frames
3d43dd8 mt76: mt7615: fix invalid fallback rates
0ce4682 mt76: mt7603: fix invalid fallback rates
3b08966 Revert "mt76: usb: use full intermediate buffer in mt76u_copy"
48800e7 Revert "mt76: usb: remove unneeded {put,get}_unaligned"
439354d Revert "mt76: usb: fix endian in mt76u_copy"
8c1da93 mt76: usb: fix endian in mt76u_copy
307be50 mt76: usb: remove unneeded {put,get}_unaligned
5d29829 mt76: mt76x02: use params->ssn value directly
f74d117 mt76: mt7603: use params->ssn value directly
649f2e8 mt76: mt7615: use params->ssn value directly
b647180 mt76: mt7615: unlock dfs bands

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-07-12 16:12:01 +02:00
Hauke Mehrtens
e05310b9b8 mac80211: Do not build b43legacy on BRCM47xx mips74 subtarget
b43legacy needs ssb support and we do not compile the mips74 subtarget
of the brcm47xx target with SSB support. This causes a build failure in
the mac80211 package and only some of the kernel modules are being
created.

I am not aware of any device with a BRCM47xx mips74 CPU which uses a
b43legacy compatible device.

Fixes: FS#2334
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-12 01:15:50 +02:00
Colby Whitney
c52ca08d40 lua5.3: build shared library
Update the lua5.3 package to build a shared object just like the old lua
package. Ported / recreated the same patch number as the other lua
package. Built and tested library / interpreter on BCM5301X.

Signed-off-by: Colby Whitney <colby.whitney@luxul.com>
2019-07-11 18:38:51 +02:00
Rafał Miłecki
f7edd94a65 base-files: move stage2 upgrade to separated file
do_upgrade_stage2() isn't really any common code. It isn't used anywhere
except for /sbin/sysupgrade that passes it to the stage2.

Moving its code to separated file also simplifies COMMAND variable.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-11 17:05:20 +02:00
Adrian Schmutzler
b4588c8538 kernel/om-watchdog: Apply device renames from ramips
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-07-10 17:36:29 +02:00
Adrian Schmutzler
1096d1b697 uboot-envtools: Apply ramips device renames
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-07-10 17:36:29 +02:00
Adrian Schmutzler
6ed3349308 base-files: Fix path check in get_mac_binary
Logic was inverted when changing from string check to file check.
Fix it.

Fixes: 8592602d0a ("base-files: Really check path in get_mac_binary")
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-07-09 23:05:51 +02:00
Kevin Darbyshire-Bryant
b31f9190c3 netsupport: move out sch_cake from kmod-sched
Fix file installation clash between kmod-sched & kmod-sched-cake as both
try to install sch_cake.ko

Remove cake from kmod-sched package as cake is supposed to be the
optional qdisc.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-09 13:54:24 +01:00
Rosen Penev
653e05d27f usbreset: Add missing header
Fixes undefined reference to strtoul

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-07-08 17:01:54 +02:00
Konstantin Demin
5dc7d63d0a netsupport: move out mqprio from kmod-sched
Currently, there's unable to install "kmod-sched-mqprio" after
"kmod-sched" (or vice versa), because "sch_mqprio.ko" is
shipped in both packages.

Fixes: f83522fa63 ("linux: Add kmod-sched-mqprio")
Fixes: 6af639e0bf ("linux: Add kmod-sched-act-vlan")
Fixes: 72c7e2dc46 ("linux: Add kmod-sched-flower")
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
[Add cls_flower and act_vlan]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-08 16:42:26 +02:00
Daniel Engberg
d51f53b5ba util-linux: Update to 2.34
Update util-linux to 2.34
Refresh patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-07-08 16:42:26 +02:00
DENG Qingfang
42b3a3a89b iperf3: update to 3.7
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-07-08 16:28:47 +02:00
Kevin Darbyshire-Bryant
5c094ff660 kmod-sched-cake: drop out of tree package, use kernel version
CAKE made it to kernel 4.19 and since OpenWrt now at kernel 4.19 we can
drop the out of tree cake package in base repository.

Add kmod-sched-cake to netsupport so package dependencies are still met.
Similarly CAKE is retained as an optional qdisc module to avoid base
scheduler package size implications.

Backport upstream patches from k5.1 to address some small bugs and
support fwmark usage.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-07-08 11:05:43 +01:00
Rafał Miłecki
ea4e1dac71 base-files: drop support for NAND upgrade in platform_pre_upgrade()
With bcm53xx switched to the new procedure there is no more need for
keeping that backward compatibility code.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-08 07:38:51 +02:00
Rafał Miłecki
f58ca6ee57 base-files: drop unused jffs2_copy_config()
Its last usage was dropped back in 2013 in the commit b95bdc8ab5
("kernel/base-files: clean up old code related to refreshing mtd
partitions, it is no longer used anywhere").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-07-08 07:38:06 +02:00
Hauke Mehrtens
7c640c2960 ath10k-firmware: Fix mirror hash
Fixes: 7f79882d44 ("ath10k-firmware: update board-2.bin for community firmwares")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-07-07 17:37:06 +02:00
Emil Muratov
a9deed62af zram-swap: Add extra commands for status/compaction
This patch adds two new commands:
  zram status - shows memory stats for all zram swaps
  zram compaction - trigger compaction for all zram swaps

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-07-07 13:02:06 +02:00
Emil Muratov
afa5ce2493 busybox: enable swapon/off by default to make it consistent with mkswap
No size increase on busybox binary.
  Since busybox mkswap is already enabled by default it seems reasonable
  to enable swapon/off too. For ex. this obsoletes installing block-mount
  dependency for zram-swap.

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
2019-07-07 13:02:06 +02:00
Emil Muratov
b062c90f47 zram-swap: Add zram compaction and statistics info output
Executing '/etc/init.d/zram start' during runtime (with a swap being already
mounted) triggers zram device compaction and prints out nice stats info about
zram memory usage

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [use IEC's MiB unit]
2019-07-07 13:02:06 +02:00
Emil Muratov
c0d93432f2 zram-swap: Fix busybox dependency check
- fix dependency on BUSYBOX_CONFIG_SWAPONOFF (removed in 84da2a6)
   - add busybox defaults checking (fix zram-swap always installs swap-utils
     and libblkid as dependency, even if busybox includes mkswap by default)

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
2019-07-07 13:02:06 +02:00
Konstantin Demin
ce8027ed29 libnftnl: bump to version 1.1.3
bump ABI version accordingly (thanks to Jo-Philipp Wich).

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-07-07 13:02:06 +02:00
Adrian Schmutzler
8592602d0a base-files: Really check path in get_mac_binary
Currently, path argument is only checked for being not empty.

This changes behavior to actually check whether path exists.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-07-07 13:02:05 +02:00
Eneas U de Queiroz
94d131332b hostapd: adjust removed wolfssl options
This edjusts the selection of recently removed wolfssl options which
have always been built into the library even in their abscence.
Also remove the selection of libwolfssl itself, allowing the library to
be built as a module.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-07-07 13:02:05 +02:00
Eneas U de Queiroz
ff69364ad8 wolfssl: update to 4.0.0-stable
Removed options that can't be turned off because we're building with
--enable-stunnel, some of which affect hostapd's Config.in.
Adjusted the title of OCSP option, as OCSP itself can't be turned off,
only the stapling part is selectable.
Mark options turned on when wpad support is selected.
Add building options for TLS 1.0, and TLS 1.3.
Add hardware crypto support, which due to a bug, only works when CCM
support is turned off.
Reorganized option conditionals in Makefile.
Add Eneas U de Queiroz as maintainer.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-07-07 13:02:05 +02:00
Eneas U de Queiroz
2792daab5a wolfssl: update to 3.15.7, fix Makefile
This includes a fix for a medium-level potential cache attack with a
variant of Bleichenbacher’s attack.  Patches were refreshed.
Increased FP_MAX_BITS to allow 4096-bit RSA keys.
Fixed poly1305 build option, and some Makefile updates.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-07-07 13:02:05 +02:00
Christian Lamparter
7f79882d44 ath10k-firmware: update board-2.bin for community firmwares
This patch updates the board-2.bin for the default
IPQ4019, QCA9984 and QCA9888 ath10k-firmware-xyz-ct
and -ct-htt firmwares.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-07-07 13:02:05 +02:00
Rosen Penev
243765e389 gdb-arc: Remove
Normal GDB has supported ARC since 8.0

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-07-07 13:02:05 +02:00
Rosen Penev
787922682a gdb: Remove !arc dependency
Supported since 8.0.

Added uClibc-ng patch.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-07-07 13:02:05 +02:00
Deng Qingfang
917eeaf26b iproute2: update to 5.1.0
Update iproute2 to 5.1.0
Remove upstream patch 010-cake-fwmark.patch
Backport a patch to fix struct sysinfo redefinition error

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-07-04 21:40:12 +02:00
Felix Fietkau
92f83abc5e mt76: update to the latest version
6cafaca mt7603: use READ_ONCE instead of ACCESS_ONCE
9e2e0b8 mt76: round up length on mt76_wr_copy
e378ef1 mt76: mt7615: fix sparse warnings: warning: restricted __le16 degrades to integer
7991dd7 mt76: mt7615: introduce mt7615_regd_notifier
901a4c7 mt76: mt7615: add hw dfs pattern detector support
57c600e mt76: mt7615: do not perform txcalibration before cac is complited
6afc952 mt76: mt7615: add csa support
8919516 mt76: mt7615: add radar pattern test knob to debugfs
3be723c mt76: mt7615: clean up FWDL TXQ during/after firmware upload
47fe37e mt76: mt7615: fall back to sw encryption for unsupported ciphers
bc5e041 mt76: mt7603: enable hardware rate up/down selection
ae760db mt76: mt7615: move mt7615_mcu_set_rates to mac.c
2ae01f7 mt76: mt7615: reset rate index/counters on rate table update
6f98378 mt76: mt7615: sync with mt7603 rate control changes
edbe88e mt76: usb: fix endian in mt76u_copy
f43b622 mt76: usb: remove unneeded {put,get}_unaligned
5e1e5b7 mt76: usb: use full intermediate buffer in mt76u_copy
017d0ff mt76: mt76u: fix typo in mt76u_fill_rx_sg
2c0ccf1 mt76: mt7615: always release sem in mt7615_load_patch
0c6f1a2 mt76: mt7615: introduce mt7615_mcu_send_ram_firmware routine
3dfc1ee mt76: mt7615: fix sparse warnings: incorrect type in assignment (different base types)
9475320 mt76: mt7603: fix sparse warnings: warning: incorrect type in assignment (different base types)
e07451d mt76: mt7615: fix sparse warnings: warning: cast from restricted __le16
b973bef mt7603: do not use tssi-off power value for mt7628

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-07-04 20:15:00 +02:00
Martin Blumenstingl
bf21b6e44d lantiq: ltq-tapi: fix compatibility with Linux 4.15+
Linux 4.15 removes the init_timer() API. It's replaced by two functions:
- timer_setup() is used instead of init_timer() and also replaces the
  timer "function" (callback) setup.
- from_timer() has to be used to obtain the use-case specific data from
  a struct timer_list, which is now passed to the timer callback.

Update the timer API to be compatible with Linux 4.15+ so it compiles
with the upcoming Linux 4.19 kernel update.

Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
2019-07-04 08:29:13 +02:00
Matt Merhar
1d4c4cbd20 openvpn: fix handling of list options
This addresses an issue where the list option specified in
/etc/config/openvpn i.e. 'tls_cipher' would instead show up in the
generated openvpn-<name>.conf as 'ncp-ciphers'. For context,
'ncp_ciphers' appears after 'tls_cipher' in OPENVPN_LIST from
openvpn.options.

Also, the ordering of the options in the UCI config file is now
preserved when generating the OpenVPN config. The two currently
supported list options deal with cipher preferences.

Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
2019-07-03 07:45:00 +02:00
Florian Eckert
313444a79e comgt: add delay option for 3g proto
All protos for wwan (ncm,qmi,mbim) do have a delay option.
To standardize that add also the missing delay option to the 3g proto.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-07-03 07:45:00 +02:00
Karel Kočí
537b801c54 base-files: supress service restart of umount
Restart is in default implemented so it calls stop and start. This is
pretty unsafe to call on umount service. This service should not do
anything on restart the same way as on start. Only use of this service
is on stop.

Signed-off-by: Karel Kočí <cynerd@email.cz>
2019-07-03 07:45:00 +02:00
Florian Eckert
c06f2a2dcb uqmi: fix indentation style and boundary
Fix indentation style and boundary.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-07-03 07:45:00 +02:00
Florian Eckert
8eb63cb7df uqmi: add mtu config option possibility
There are mobile carrier who have different MTU size in their network.
With this change it is now possible to configure this with the qmi
proto handler.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-07-03 07:45:00 +02:00
Jo-Philipp Wich
47a984477b lua5.3: stage Lua headers in proper location
Fix wrong paths in InstallDev which cause Lua 5.3 headers to be staged
in /usr/include/, overwriting Lua 5.1 headers and leading to widespread
build failures in all Lua related packages.

Fixes: FS#2348
Fixes: 6b161bb8d5 ("lua5.3: package Lua 5.3 version")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-07-03 07:21:52 +02:00
Jason A. Donenfeld
7c23f741e9 wireguard: bump to 0.0.20190702
* curve25519: not all linkers support bmi2 and adx

This should allow WireGuard to build on older toolchains.

* global: switch to coarse ktime

Our prior use of fast ktime before meant that sometimes, depending on how
broken the motherboard was, we'd wind up calling into the HPET slow path. Here
we move to coarse ktime which is always super speedy. In the process we had to
fix the resolution of the clock, as well as introduce a new interface for it,
landing in 5.3. Older kernels fall back to a fast-enough mechanism based on
jiffies.

https://lore.kernel.org/lkml/tip-e3ff9c3678b4d80e22d2557b68726174578eaf52@git.kernel.org/
https://lore.kernel.org/lkml/20190621203249.3909-3-Jason@zx2c4.com/

* netlink: cast struct over cb->args for type safety

This follow recent upstream changes such as:

https://lore.kernel.org/lkml/20190628144022.31376-1-Jason@zx2c4.com/

* peer: use LIST_HEAD macro

Style nit.

* receive: queue dead packets to napi queue instead of empty rx_queue

This mitigates a WARN_ON being triggered by the workqueue code. It was quite
hard to trigger, except sporadically, or reliably with a PC Engines ALIX, an
extremely slow board with an AMD LX800 that Ryan Whelan of Axatrax was kind
enough to mail me.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-07-02 22:06:42 +02:00
Deng Qingfang
299f6cb2da iptables: update to 1.8.3
Update iptables to 1.8.3

ChangeLog:
  https://netfilter.org/projects/iptables/files/changes-iptables-1.8.3.txt

Removed upstream patches:
- 001-extensions_format-security_fixes_in_libip.patch
- 002-include_fix_build_with_kernel_headers_before_4_2.patch
- 003-ebtables-vlan-fix_userspace_kernel_headers_collision.patch

Altered patches:
- 200-configurable_builtin.patch
- 600-shared-libext.patch

No notable size changes

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [lipibtc ABI_VERSION fix]
2019-07-02 21:50:54 +02:00
Rafał Miłecki
17ae3eb9ff lua5.3: drop unwanted & unneeded PROVIDES
The plan for packaging Lua is to have "lua5.1" and "lua5.3" packages
with only the first one having "lua" alias (PROVIDES) for backward
compatibility with existing packages.

Putting PROVIDES in lua5.3 was a copy & paste mistake.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-30 10:16:08 +02:00
Florian Eckert
9e780ed5f7 base-files: add network_get_uptime() to /lib/functions/network.sh
Add missing ubus api call for uptime value.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-06-29 21:00:58 +02:00
Vladimir Vid
026714613d u-boot-mvebu: bump to 2019.04
Some devices and packages require newer version of u-boot to work
properly, update u-boot to keep up with 4.19 kernel.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
[re-added missing commit message]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-28 21:43:27 +02:00
Rafał Miłecki
1cd46d2e4f lua5.3: fix build with MacOS's make
It apparently requires passing V variable explicitly.

Fixes: 6b161bb8d5 ("lua5.3: package Lua 5.3 version")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-28 12:04:16 +02:00
Rafał Miłecki
24645c0ee1 lua: fix build with MacOS's make
It apparently requires passing V variable explicitly.

Fixes: fe59b46ca7 ("lua: include version number in installed files")
Reported-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-28 11:40:08 +02:00
Rafał Miłecki
6b161bb8d5 lua5.3: package Lua 5.3 version
This package provides an interpreter and compiler for Lua 5.3.5. It has
been decided to use separated package due to a backward incompatibility
of Lua 5.2 and 5.3.

This package/version:
1) Does not include lnum patch as its author didn't decide to port it to
   the new version.
2) Does not provide shared library as the old patch doesn't apply
   anymore. It can be added later if needed.
3) Does not come with examples package as tests were dropped by upstream
   developers.

That said there is definitely a room for improvement and any further
work is highly appreciated. It works however and can be safely pushed as
a basic/early package release.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-28 09:25:59 +02:00
Rafał Miłecki
fe59b46ca7 lua: include version number in installed files
This will allow installing Lua 5.1 and newer versions at the same time.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-28 09:25:59 +02:00
Rafał Miłecki
c0c5c63514 lua: clean up host patch fuzz
Refresh host patches to match target changes from the commit
4e800716ac ("lua: clean up patch fuzz").

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-28 09:25:59 +02:00
Koen Vandeputte
1ffca55456 uqmi: bump to latest git HEAD
1965c7139374 uqmi: add explicit check for message type when expecting a response
01944dd7089b uqmi_add_command: fixed command argument assignment

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-27 14:16:32 +02:00
Petr Štetiar
f924fab3dc upgs: update to latest git HEAD
cd7eabcd8c9d ugps: Fix compilation under 64-bit
198c06051dd0 Fix build error caused by enabled extra compiler warnings
fc2ab8756b3b Enable extra compiler warnings

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-26 07:00:20 +02:00
Bjørn Mork
8a34a54b6a base-files: use OPENWRT prefix for os-release variables
Just stumbled across this LEDE legacy, without finding any real reason
to keep it.  There is a single LEDE_DEVICE_MANUFACTURER_URL dependency
in the luci feed repo which needs to be syncronized.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
[re-added missing commit message]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-26 07:00:04 +02:00
Felix Fietkau
a0e5ca4f35 mt76: update to the latest version, adds preliminary mt7615 support
b3a2965 mt76x02: fix crash on device reset
ffddb68 mt76x02u: check chip version on probe
7fc5f92 mt76x2u: remove duplicated entry in mt76x2u_device_table
61311d9 mt76: introduce mt76_free_device routine
a7dfcf2 mt76: move mac_work in mt76_dev
334b4ce mt76: add mac80211 driver for MT7615 PCIe-based chipsets
edb2a00 mt76: add unlikely() for dma_mapping_error() check
355c079 mt76: use macro for sn and seq_ctrl conversion
133bffb add firmware for MT7615E
49d9c1b mt76: usb: reduce locking in mt76u_tx_tasklet
3e371ca mt76: set txwi_size according to the driver value
5007326 mt76: add skb pointer to mt76_tx_info
c47a568 mt76: dma: introduce skb field in mt76_txwi_cache
9029560 mt76: dma: add skb check for dummy pointer
e9eea39 mt76: mt7615: use sizeof instead of sizeof_field
98c5359 Revert "mt76: fix potential deadlock on cancelling workqueues"
bc9baa7 mt76x02u: remove bogus stop on suspend
6c1cab9 mt76usb: fix tx/rx stop
0e674c5 mt76x02: remove bogus mutex usage
59f7bb6 Revert "mt76: mt76x02: send no-skb tx status without holding the status lock"
b0f2a30 mt76x02: avoid status_list.lock and sta->rate_ctrl_lock dependency
62054de mt76: mt7603: remove query from mt7603_mcu_msg_send signature
e79d96a mt76: mt7603: use standard signature for mt7603_mcu_msg_send
be8f039 mt76: mt7603: initialize mt76_mcu_ops data structure
9a9c656 mt76: introduce mt76_mcu_restart macro
980b91e mt76: mt7603: init mcu_restart function pointer
a97db3f mt76: mt7603: run __mt76_mcu_send_msg in mt7603_mcu_send_firmware
151115f mt76: mt76x02: mt76x02_poll_tx() can be static
7391f98 mt76: fix endianness sparse warnings
6c06f73 mt76: mt7603: report firmware version using ethtool
f06647e mt76: usb: use EP max packet aligned buffer sizes for rx
f43fccf mt76: move beacon_int in mt76_dev
74ab2cf mt76: move beacon_mask in mt76_dev
23c2f94 mt76: add TX/RX antenna pattern capabilities
6e790e1 mt76: move pre_tbtt_tasklet in mt76_dev
7606c08 mt76: mt7603: enable/disable pre_tbtt_tasklet in mt7603_set_channel
ff22eee mt76: do not enable/disable pre_tbtt_tasklet in scan_start/scan_complete
3157385 mt76: mt7603: dynamically alloc mcu req in mt7603_mcu_set_eeprom
cc674e2 mt76: mt76x02: remove useless return in mt76x02_resync_beacon_timer
6b18427 mt76: move tx_napi in mt76_dev
bce63c4 mt76: mt7603: use napi polling for tx cleanup
4afd89e mt76: mt7615: use napi polling for tx cleanup
2cb4683 mt76: move netif_napi_del in mt76_dma_cleanup
b4ceb9f mt76: Fix a signedness bug in mt7615_add_interface()
d00dc95 mt76: mt7615: Use after free in mt7615_mcu_set_bcn()
4e0ccc6 mt76: mt7615: Make mt7615_irq_handler static
0fd552a mt7615: mcu: simplify __mt7615_mcu_set_wtbl
50f7094 mt7615: mcu: simplify __mt7615_mcu_set_sta_rec
4434d04 mt7615: mcu: remove bss_info_convert_vif_type routine
083fbb9 mt7615: mcu: use proper msg size in mt7615_mcu_add_wtbl_bmc
f61ca80 mt7615: mcu: use proper msg size in mt7615_mcu_add_wtbl
35bd12d mt7615: mcu: unify mt7615_mcu_add_wtbl_bmc and mt7615_mcu_del_wtbl_bmc
f8f990b mt7615: mcu: remove unused parameter in mt7615_mcu_del_wtbl
965bca1 mt7615: remove query from mt7615_mcu_msg_send signature
9b9ca18 mt7615: remove dest from mt7615_mcu_msg_send signature
935b7e5 mt7615: mcu: remove skb_ret from mt7615_mcu_msg_send
2442db4 mt7615: mcu: unify __mt7615_mcu_set_dev_info and mt7615_mcu_set_dev_info
645bc45 mt7615: mcu: do not use function pointers whenever possible
40c4201 mt7615: mcu: remove unused structure in mcu.h
a8834a2 mt7615: mcu: use standard signature for mt7615_mcu_msg_send
824d25c mt7615: initialize mt76_mcu_ops data structure
d943427 mt7615: mcu: init mcu_restart function pointer
c2211e4 mt7615: mcu: run __mt76_mcu_send_msg in mt7615_mcu_send_firmware
cb63a06 mt76: mt7603: stop mac80211 queues before setting the channel
c6aaa3a mt76: mt7615: rearrange cleanup operations in mt7615_unregister_device
97609f3 mt76: mt7615: add static qualifier to mt7615_rx_poll_complete
f9dadd2 mt76: mt7603: add debugfs knob to enable/disable edcca
89cda5d mt7603: fix reading target tx power from eeprom
77d0e33 mt76: fix setting chan->max_power
f575da2 mt76: mt76x02: fix tx status reporting issues
a5d18dc mt76: mt76x02: fix tx reordering on rate control probing without a-mpdu
bd32a93 mt76: mt76x02: remove enable from mt76x02_edcca_init signature
18386ee mt76: mt76x2u: remove mt76x02_edcca_init in mt76x2u_set_channel
da3514f mt76: mt76x2: move mutex_lock inside mt76x2_set_channel
0d4719c mt76: mt76x02: run mt76x02_edcca_init atomically in mt76_edcca_set
fd5af73 mt76: mt76x02: fix edcca file permission
a0f51f2 mt76: mt7615: do not process rx packets if the device is not initialized
753cdee mt76: mt7615: stop mcu first in mt7615_unregister_device
899efe7 mt76: move mt76_insert_ccmp_hdr in mt76-module
6960b6e mt76: mt7615: add support for mtd eeprom parsing
4bcb057 mt76: mt7615: select wifi band according to eeprom
866f2c6 mt76: generalize mt76_get_txpower for 4x4:4 devices
514fb04 mt76: mt7615: add the capability to configure tx power
ced9d43 mt76: mt7615: init get_txpower mac80211 callback
8abd502 mt76: mt7615: rearrange locking in mt7615_config
5b9b62e mt76: move mt76_get_rate in mt76-module
661c7c8 mt76: Remove set but not used variables 'pid' and 'final_mpdu'
f072c7b mt76: mt7615: enable support for mesh
28d9496 mt76: mt7615: fix slow performance when enable encryption
827b9ad mt76: mt7615: remove unused variable in mt7615_mcu_set_bcn
34eea14 mt76: mt7615: remove key check in mt7615_mcu_set_wtbl_key
2bfae5a mt76: usb: fix rx A-MSDU support
b033532 mt76: usb: do not always copy the first part of received frames
3e7fc15 mt76x02: fix reporting of non-probing frames with tx status requested
0d5caea Revert "mt76: usb: do not always copy the first part of received frames"
335e8c6 Revert "mt76: usb: fix rx A-MSDU support"
47ddf4b mt76: revert support for TX_NEEDS_ALIGNED4_SKBS
0b6520b mt7603: rework and fix tx status reporting
539b679 mt7603: improve hardware rate switching configuration
d86d6ef mt76x0: fix RF frontend initialization for external PA
f476a14 mt76x02: fix endian issue in tx status reporting patch
f8d0517 mt76: mt7615: simplify mt7615_mcu_set_sta_rec routine
73ff45f mt76: mt7615: add support for per-chain signal strength reporting
9b67ae6 mt76: mt7615: init per-channel target power
160fdc0 mt76: mt7615: take into account extPA when configuring tx power
2211d93 mt76: mt76x02u: fix sparse warnings: should it be static?
3750533 mt76: mt7615: fix incorrect settings in mesh mode
c37c1ca mt76: mt7615: update peer's bssid when state transition occurs
9dd1089 mt76: mt76u: reduce rx memory footprint
0789f45 mt76: mt7615: remove cfg80211_chan_def from mt7615_set_channel signature
2dca431 mt76: move nl80211_dfs_regions in mt76_dev data structure
3386ccf mt76: mt76u: get rid of {out,in}_max_packet
d680ab0 mt76: usb: fix rx A-MSDU support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-06-25 13:24:49 +02:00
Felix Fietkau
e08296a851 mac80211: add rate control support for 4 spatial streams, improve precision
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-06-25 13:24:49 +02:00
Eneas U de Queiroz
82a8ddd603 ustream-ssl: update to 2019-06-24
This adds chacha20-poly1305 support to the mbedtls variant.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-06-24 22:01:17 +02:00
Joseph Tingiris
8a5a01a677 rssileds: change rssileds.init STOP index
This patch is in a series to allow additional STOP indexes after
umount, so that other block devices may stop cleanly.

rssileds.init is now STOP=89

Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com>
2019-06-24 20:22:24 +02:00
Joseph Tingiris
5883b5a1f8 kexec-tools: change kdump.init STOP index
This patch is in a series to allow additional STOP indexes after umount,
so that other block devices may stop cleanly.

kdumpinit is now STOP=90

Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com>
2019-06-24 20:22:24 +02:00
Joseph Tingiris
04811007e5 base-files: change boot & umount STOP indexes
This patch is in a series to allow additional STOP indexes after umount,
so that other block devices may stop cleanly.

boot is now STOP=90
umount is now STOP=90

After this patch series, the resulting STOP indexes in the 80s & 90s
will be:

STOP=85 odhcpd.init
STOP=89 conntrackd.init
STOP=89 log.init
STOP=89 rssileds.init
STOP=90 boot
STOP=90 kdump.init
STOP=90 network
STOP=90 sysfixtime
STOP=90 umount
STOP=98 mdadm.init (note: will be addressed in a separate patch)

Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[PKG_RELEASE is now 200]
2019-06-24 20:22:23 +02:00
Josef Schlehofer
a2f54f6d5d mbedtls: Update to version 2.16.2
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
2019-06-24 20:22:23 +02:00
Christian Lamparter
629e6538a1 linux-firmware: update to 20190618
Update linux-firmware to 20190618.

git log --pretty=oneline --abbrev-commit 20190416..20190618

acb56f2 cavium: Add firmware for CNN55XX crypto driver.
a03f1a0 linux-firmware: Update firmware file for Intel Bluetooth 22161
abb7cb6 linux-firmware: Update firmware file for Intel Bluetooth 9560
1e8253b linux-firmware: Update firmware file for Intel Bluetooth 9260
c436aaf linux-firmware: Update AMD SEV firmware
6ae3652 linux-firmware: update licence text for Marvell firmware
1884732 linux-firmware: update firmware for mhdp8546
87b35ca linux-firmware: rsi: update firmware images for Redpine 9113 chipset
55edf52 imx: sdma: update firmware to v3.5/v4.5
93d56c0 nvidia: update GP10[2467] SEC2 RTOS with the one already used on GP108
1f8ebdf linux-firmware: Update firmware file for Intel Bluetooth 8265
bccb385 linux-firmware: Update firmware file for Intel Bluetooth 9260
29a536a linux-firmware: Update firmware file for Intel Bluetooth 9560
cedd500 linux-firmware: Update firmware file for Intel Bluetooth 22161
e04cc56 amlogic: add video decoder firmwares
95a9353 iwlwifi: update -46 firmwares for 22260 and 9000 series
68040ce iwlwifi: add firmware for 22260 and update 9000 series -46 firmwares
fdfb153 iwlwifi: add -46.ucode firmwares for 9000 series
92e17d0 amdgpu: update vega20 to the latest 19.10 firmware
7536c3b amdgpu: update vega12 to the latest 19.10 firmware
2579167 amdgpu: update vega10 to the latest 19.10 firmware
4ea5c73 amdgpu: update polaris11 to the latest 19.10 firmware
4475802 amdgpu: update polaris10 to the latest 19.10 firmware
f9551dc amdgpu: update raven2 to the latest 19.10 firmware
9eaa40d amdgpu: update raven to the latest 19.10 firmware
3c1ab75 amdgpu: update picasso to the latest 19.10 firmware
8e3e08c linux-firmware: update fw for qat devices
cdef971 Mellanox: Add new mlxsw_spectrum firmware 13.2000.1122
13d6bc8 drm/i915/firmware: Add ICL HuC v8.4.3238
1dbb095 drm/i915/firmware: Add ICL GuC v32.0.3
77b6b40 drm/i915/firmware: Add GLK HuC v03.01.2893
f8521cc drm/i915/firmware: Add GLK GuC v32.0.3
9fb9526 drm/i915/firmware: Add KBL GuC v32.0.3
3fbec60 drm/i915/firmware: Add SKL GuC v32.0.3
c7e32a1 drm/i915/firmware: Add BXT GuC v32.0.3

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-22 13:17:48 +02:00
Stefan Lippers-Hollmann
cba6832622 kernel: alx driver for AR816x/AR817x Ethernet
These ethernet cards can be found onboard various x86 and
x86_64 Gigabyte mainboards since the sandy-bridge/ ivy-bridge era.

This driver supports the following QCA/"Killer" ethernet cards:

	1969:1091 - AR8161 Gigabit Ethernet
	1969:1090 - AR8162 Fast Ethernet
	1969:10A1 - AR8171 Gigabit Ethernet
	1969:10A0 - AR8172 Fast Ethernet

	1969:E091 - Killer E2200 Gigabit Ethernet
	1969:E0A1 - Killer E2400 Gigabit Ethernet
	1969:E0B1 - Killer E2500 Gigabit Ethernet

Successfully runtime tested with the onboard ethernet card of a
Gigabyte GA-H77M-D3H ivy-bridge mainboard (x86_64/EFI image):

02:00.0 Ethernet controller [0200]: Qualcomm Atheros AR8161 [...]
	Subsystem: Gigabyte Technology Co., Ltd AR8161 [...]
	Kernel driver in use: alx
	Kernel modules: alx

alx 0000:02:00.0 eth0: Qualcomm Atheros AR816x/AR817x Ethernet [...]
alx 0000:02:00.0 eth0: NIC Up: 1 Gbps Full

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [fix typo,
shorten subject to <50 characters, shorten lines to <76 chars.]
2019-06-22 13:17:47 +02:00
Stefan Lippers-Hollmann
5691665361 mac80211: update WDS/4addr fix to the version accepted upstream
This updates "{nl,mac}80211: allow 4addr AP operation on crypto
controlled devices" to the version (v3), which was accepted into
upstream mac80211.git and which is tagged for -stable backporting
(v4.18+).

https://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211.git/commit/?id=33d915d9e8ce811d8958915ccd18d71a66c7c495

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[format-patch]
2019-06-22 13:17:47 +02:00
Christian Lamparter
c4fb221376 kernel: fix kmod-tpm 4.19 dependencies
This patch fixes the ath79-nand build error:
|Package kmod-tpm is missing dependencies for the following libraries:
|rng-core.ko

by making it depend on rng-core from 4.19 onwards.
This should work as 4.9 is gone so only 4.14 and 4.19
are there.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-22 13:17:47 +02:00
Deng Qingfang
6762e72524 package/network: add PKGARCH:=all to non-binary packages
Packages such as xfrm contain only script files, add PKGARCH:=all

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-06-22 12:55:30 +02:00
Eneas U de Queiroz
ee1a783314 nghttp2: deduplicate files in staging_dir
'38b22b1e: deduplicate files in libnghttp2' missed duplicates in
staging_dir by Build/InstallDev.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-06-22 10:23:56 +02:00
Jo-Philipp Wich
eaad2211db rpcd: add direct dependency on libjson-c
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by rpcd
as direct dependencies to the corresponding binary package definition.

This ensures that rpcd is automatically rebuilt and relinked if any
of these libraries has its ABI_VERSION updated in the future.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-21 17:43:17 +02:00
Karel Kočí
3ead9e7b74 fstools: block-mount: fix restart of fstab service
Restarting service causes file-systems to be unmounted without being
mounted back. When this service was obsoleted it should have been
implemented in a way that all actions are ignored. Up to this commit
default handler was called when restart was requested. This default
handler just simply calls stop and start. That means that stop called
unmount but start just printed that this service is obsoleted.

This instead implements restart that just prints same message like start
does. It just calls start in reality. This makes restart unavailable for
call.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>
2019-06-21 14:13:58 +02:00
Yousong Zhou
3dc4f59eab base-files: apply new sysctl.conf at postinst
This is mainly for kmod-br-netfilter.  To turn off
bridge-netfilter-call-xxx immediately after installation

While at it

 - Define filelist="/usr/lib/opkg/info/${pkgname}.list"
 - Reuse "[ -z "$root" ]"
 - Grep with "-m1"

Fixes FS#2300

Reported-by: Marco Sartorius <tidbits@ormoorgmen.info>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-21 03:29:20 +00:00
Kevin Darbyshire-Bryant
a8f0c02f80 iproute2: update ctinfo support
Follow upstream changes - header file changes only
no functional or executable changes, hence no package bump
required

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-20 21:12:24 +01:00
Chris Koying Browet
0e961a1f9f kernel: dm: add dm-raid for LVM raid
This adds the dm-raid kmod, which is needed for
LVM builtin raid configurations, aka "MD-over-LVM"

Signed-off-by: Chris Koying Browet <cbro@semperpax.com>
2019-06-20 20:02:29 +02:00
Christian Lamparter
99bf9a1ac2 hostapd: remove stale WPA_SUPPLICANT_NO_TIMESTAMP_CHECK option
Support to disable the timestamp check for certificates in
wpa_supplicant (Useful for devices without RTC that cannot
reliably get the real date/time) has been accepted in the
upstream hostapd. It's implemented in wpa_supplicant as a
per-AP flag tls_disable_time_checks=[0|1].

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-20 20:02:29 +02:00
Petko Bordjukov
1e2e5c66ed kernel: package Broadcom BNX2X driver
bnx2x driver support for the x86 architecture. Includes module and
firmware for Broadcom QLogic 5771x/578xx 10/20-Gigabit ethernet
adapters.

Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[added +kmod-lib-zlib-inflate as well]
2019-06-20 20:02:29 +02:00
Robinson Wu
869ff80d31 base-files: fix uci led oneshot/timer trigger
This patch adds a missing type property. This fixes
the creation of oneshot and timer led triggers like:

| ucidef_set_led_timer "system" "system" "zhuotk:green:system" "1000" "1000"

from /etc/init.d/01_leds.

Fixes: b06a286a48 ("base-files: cleanup led functions in uci-defaults.sh")
Signed-off-by: Robinson Wu <wurobinson@qq.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-20 19:59:31 +02:00
Jo-Philipp Wich
a95ddaba02 uhttpd: add direct dependency on libjson-c
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by uhttpd
as direct dependencies to the corresponding binary package definition.

This ensures that uhttpd is automatically rebuilt and relinked if any
of these libraries has its ABI_VERSION updated in the future.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-20 18:09:48 +02:00
Jo-Philipp Wich
74739c4228 treewide: fix syntax errors exposed after kconfig update
After commit e82a4d9cfb ("config: regenerate *_shipped sources") the mconf
parser became more strict as a side effect and started to spew a series of
warnings when evaluating our generated kconfig sources:

  tmp/.config-package.in:705:warning: ignoring unsupported character '@'

The root cause of these warnings is a wrong use of the @SYMBOL dependency
syntax in various Makefile. Fix the corresponding Makefiles by turning
`@SYM||@SYM2` expressions into the proper `@(SYM||SYM2)` form.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-20 14:16:08 +02:00
Jo-Philipp Wich
66838cd851 procd: add direct dependencies on libblobmsg-json and libjson-c
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by procd
as direct dependencies to the corresponding binary package definition.

This ensures that procd is automatically rebuilt and relinked
if any of these libraries has its ABI_VERSION updated in the
future.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-20 14:13:01 +02:00
Yousong Zhou
f528d771c4 netsupport: add kmod-nsh
This is required by kmod-openvswitch since linux 4.15.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-20 08:24:20 +00:00
Deng Qingfang
080ba31eec
libjson-c: update to 0.13.1
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-06-19 22:44:28 +02:00
Vladimir Vid
bc47285cb3 mvebu: fix regression for non-generic ESPRESSObin versions
When targets for multiple ESPRESSObin devices were added, not all
files were updated which means any ESPRESSObin version beside generic
won't have proper networking, sysupgrade and uboot-env. This patch
fixes the issue.

* fixup network detection
* fixup uboot-env
* fixup platform.sh for sysupgrade

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2019-06-18 16:13:10 +02:00
Petr Štetiar
bec8fb1ee7 urngd: move project to git.openwrt.org
Let's move project to a proper place.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-17 15:29:58 +02:00
Petr Štetiar
dd6d82112a gpio-button-hotplug: fix 4.19 build breakage on malta/be64
While testing 4.19 build on malta/be64, I've encountered following
error:

 gpio-button-hotplug/gpio-button-hotplug.c:529:18: error: implicit
 declaration of function 'gpio_to_desc'

which is caused by the missing include fixed by this patch.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-17 09:42:36 +02:00
Tomasz Maciej Nowak
7046a249d8 kernel: package module for SafeXcel crypto engine
Supports EIP97 and EIP197 found on Armada 37xx, 7k and 8k SoCs.
Unfortunately firmware for EIP197 is not easily obtainable, therefore
to not cause lot of user requests directed at OpenWrt, package it as
module with explanation where to obtain the firmware.

Cc: Marek Behún <marek.behun@nic.cz>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-06-17 09:36:03 +02:00
Hauke Mehrtens
3c401f45c9 uhttpd: Fix format string build problems
91fcac34ac uhttpd: Fix multiple format string problems

Fixes: fc454ca153 libubox: update to latest git HEAD
Reported-by: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-16 22:57:39 +02:00
Hans Dedecker
865e25e049 nghttp2: bump to 1.39.1
7ffc239b Bump up version number to 1.39.1
bc886a0e Fix FPE with default backend
a3a14a9c Fix log-level is not set with cmd-line or configuration file
acfb3607 Update manual pages
bdfd14c2 Bump up version number to 1.39.0, LT revision to 31:4:17
cddc09fe Update AUTHORS
3c3b6ae8 Add missing colon
2f83aa9e Fix multi-line text travis issue
fc591d0c Run nghttpx integration test with cmake build
9a17c3ef travis: use multi-line text
b7220f07 cmake: Remove SPDY related files
a1556fd1 Merge pull request #1356 from nghttp2/fix-log-level-on-reload
77f1c872 nghttpx: Fix unchanged log level on configuration reload
49ce44e1 Merge pull request #1352 from nghttp2/travis-osx
f54b3ffc Fix libxml2 CFLAGS output
b0f5e5cc Implement daemon() using fork() for OSX
8d6ecd66 Enable osx build on travis
f82fb521 Update doc
2e1975dd clang-format-8
97ce392b Merge pull request #1347 from nghttp2/nghttpx-ignore-cl-te-on-upgrade
afefbda5 Ignore content-length in 200 response to CONNECT request
4fca2502 nghttpx: Ignore Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT
6975c336 Update llhttp to 1.1.3
0288093c Fix llhttp_get_error_pos usage
a3a03481 Merge pull request #1340 from nghttp2/nghttpx-llhttp
c64d2573 Replace http-parser with llhttp
f028cc43 clang-format
302e3746 Merge pull request #1337 from nghttp2/upgrade-mruby
3cdbc5f5 Merge pull request #1335 from adamgolebiowski/boost-1.70
a6925186 Fix mruby build error
45d63d20 Upgrade mruby to 2.0.1
cbba1ebf asio: support boost-1.70
e86d1378 Bump up version number to 1.39.0-DEV
4a9d2005 Update manual pages

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-16 21:34:56 +02:00
Hauke Mehrtens
1ae1276eab urngd: Fix more wrong type in format string
Also the other type is worng and causes compile problems on ARM64
platforms.

Fixes: 9b53201d9c ("urngd: Fix wrong type in format string")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-16 19:03:04 +02:00
Rafał Miłecki
8888cb725d mac80211: brcm: backport remaining brcmfmac 5.2 patches
This improves FullMAC firmware compatibility, adds logging in case of
firmware crash and *may* fix "Invalid packet id" errors.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-06-16 18:58:51 +02:00
André Valentin
8f5873f6c8 netsupport: improve xfrm module support
-switch to module autoprobe
-exclude 4.9 kernel

Signed-off-by: André Valentin <avalentin@marcant.net>
2019-06-16 17:32:27 +02:00
Hauke Mehrtens
fc454ca153 libubox: update to latest git HEAD
9dd2dcf libubox: add format string checking to ulog()
ecf5617 ustream: Add format string checks to ustream_(v)printf()

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-16 16:40:08 +02:00
Hauke Mehrtens
9b53201d9c urngd: Fix wrong type in format string
GCC 9.1 complains about this wrong type used in the format string, fix
this to make the compiler happy.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-16 16:40:08 +02:00
Hauke Mehrtens
22d3d91c77 ubox: bump to git HEAD
4df34a4 kmodloader: Increase path array size to make it always fit

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-06-16 15:49:45 +02:00
Hans Dedecker
1fd900ddc2 netifd: xfrm fixes
9932ed0 netifd: fix xfrm interface deletion and standardize netlink call

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-15 21:27:01 +02:00
Christian Lamparter
82b78a9659 mac80211: refresh patches
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-15 19:55:32 +02:00
Sven Eckelmann
2f84bb1af2 mac80211: ath10k: adjust tx power reduction for US regulatory domain
FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4):

> (4) The conducted output power limit
> specified in paragraph (b) of this section
> is based on the use of antennas
> with directional gains that do not exceed
> 6 dBi. Except as shown in paragraph
> (c) of this section, if transmitting
> antennas of directional gain greater
> than 6 dBi are used, the conducted
> output power from the intentional radiator
> shall be reduced below the stated
> values in paragraphs (b)(1), (b)(2),
> and (b)(3) of this section, as appropriate,
> by the amount in dB that the
> directional gain of the antenna exceeds
> 6 dBi.

https://www.gpo.gov/fdsys/pkg/CFR-2013-title47-vol1/pdf/CFR-2013-title47-vol1-sec15-247.pdf

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-06-15 19:55:32 +02:00
Sven Eckelmann
f17529a122 mac80211: ath10k: fix max antenna gain unit
Most of the txpower for the ath10k firmware is stored as twicepower (0.5 dB
steps). This isn't the case for max_antenna_gain - which is still expected
by the firmware as dB.

The firmware is converting it from dB to the internal (twicepower)
representation when it calculates the limits of a channel. This can be seen
in tpc_stats when configuring "12" as max_antenna_gain. Instead of the
expected 12 (6 dB), the tpc_stats shows 24 (12 dB).

Tested on QCA9888 and IPQ4019 with firmware 10.4-3.5.3-00057.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-06-15 19:55:32 +02:00
Sven Eckelmann
01142665b7 mac80211: ath9k: Increase allowed antenna gain to 6 dBi
FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4):

> (4) The conducted output power limit
> specified in paragraph (b) of this section
> is based on the use of antennas
> with directional gains that do not exceed
> 6 dBi. Except as shown in paragraph
> (c) of this section, if transmitting
> antennas of directional gain greater
> than 6 dBi are used, the conducted
> output power from the intentional radiator
> shall be reduced below the stated
> values in paragraphs (b)(1), (b)(2),
> and (b)(3) of this section, as appropriate,
> by the amount in dB that the
> directional gain of the antenna exceeds
> 6 dBi.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
2019-06-15 19:55:32 +02:00
Christian Lamparter
dec686fbc6 iwinfo: update PKG_MIRROR_HASH
This patch updates the PKG_MIRROR_HASH to match the one
of the current version.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-06-15 19:55:32 +02:00
Rosen Penev
481fbc3724 kernel: Add AEAD and RNG support to kmod-crypto-user
Now that kernel 3.18 is gone, we can safely add these features.

Tested on Turris Omnia.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-06-15 19:55:31 +02:00
Hannu Nyman
696c511fb4 busybox: update to 1.31.0
* Update busybox to version 1.31.0.
    New applets: ts, i2ctransfer
    New (restored) feature: error/info levels in syslog messages.
    Leave new features disabled by default.
* Refresh patches
* Remove patch that was backported from upstream

Config refreshed with commands below, after which the OpenWrt specific
config defaults (ipv6, login session child) were corrected:

  make package/busybox/compile   (to populate the build_dir)

  cd package/utils/busybox/config/
  ../convert_menuconfig.pl ../../../../build_dir/target-mips_24kc_musl/busybox-1.31.0

  cd package/utils/busybox
  ./convert_defaults.pl < ../../../build_dir/target-mips_24kc_musl/busybox-1.31.0/.config > Config-defaults.in

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2019-06-15 19:26:47 +02:00
André Valentin
f6dab98044 network/config/xfrm: add host-dependency for xfrm interface parent
Add proto_add_host_dependency to add a dependency to the tunlink interface

Signed-off-by: André Valentin <avalentin@marcant.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-06-15 13:41:39 +02:00
Yousong Zhou
62be427067 busybox: strip off ALTERNATIVES spec
Now that busybox is a known alternatives provider by opkg, we remove the
ALTERNATIVES spec and add a note to make the implicit situation clear

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-14 01:51:24 +00:00
Yousong Zhou
e51b513f75 opkg: bump to version 2019-06-14
Opkg starting from this version special-cases busybox as alternatives
provider.  There should be no need to add entries to ALTERNATIVES of
busybox package

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-14 01:51:24 +00:00
Hans Dedecker
55fcc77072 netifd: update to latest git HEAD
42a3878 interface-ip: fix possible null pointer dereference
c1964d8 system-linux: remove superfluous dev check

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-13 22:18:57 +02:00
Kevin Darbyshire-Bryant
ff2382e36c ath10k-firmware: update Candela Tech firmware images
wave-1:

2019-05-09: Tweak rate-ctrl:  Ramp PER up faster, down slower.  This
	    helps throughput in rate-vs-range test, especially with
	    nss1.

2019-05-20: Disable adaptive-CCA.  I am not sure it helps, and it may
	    make it slower to detect noise that should tell the system
	    to stop transmitting.  If someone has means to test this
	    properly, I'd be happy to work with them.

wave-2:

2019-05-15: Fix problem where rate-ctrl sometimes used rix of 0x0.

2019-05-15: Allow raw-tx of encrypted frame.  Requires a patch to the
	    driver to use raw mode when skb has WEP flag enabled AND
	    skb is flagged to not be encrypted.  Lightly tested.

2019-05-16: Fix tx-hang that happened when rate-ctrl chose an OFDM rate
	    for 20Mhz and sent that as AMPDU.  To fix, limit to (V)HT
	    rates if peer is (V)HT.  It seems that MCS0 (V)HT20 should
	    have as good of a chance of being detected as CCK or OFDM.

2019-06-06: Disable TX-BFEE, TX-BFER for IBSS connections.  I suspect
	    this is part of the tx-hang issue seen with IBSS between
	    two 9984 radios.

2019-06-12: Fix rx-rate reporting in 'fw_stats' logic.  This was at
	    least partly due to regressions I had added earlier when
	    working on some multi-vdev enhancements.

2019-6-12: Fix case where extd peer-stats were not always populated.
	   The stats gathering code did not handle error conditions
	   well.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-13 19:35:19 +01:00
Kevin Darbyshire-Bryant
49b3dcb2ab ath10k-ct: Update to 2019-06-13
Changes:

ath10k:  Improve PMF/MPF mgt frame check

And add a driver for 5.2 (beta, not even tested yet) kernel.

Refresh patches.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-13 19:35:19 +01:00
Paul Spooren
35a70d6262 f2fs-tools: fixup SPDX license
The f2fs-tools have a wrong PKG_LICENSE with is not SPDX compatible.

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-06-12 23:55:53 +02:00
Konstantin Demin
38b22b1e70 nghttp2: deduplicate files in libnghttp2
libnghttp2 accidentally ships library twice:

$ tar -Oxzf libnghttp2-14_1.38.0-1_mips_24kc.ipk ./data.tar.gz | tar -tzvf -
drwxr-xr-x root/root         0 2019-06-07 23:14 ./
drwxr-xr-x root/root         0 2019-06-07 23:14 ./usr/
drwxr-xr-x root/root         0 2019-06-07 23:14 ./usr/lib/
-rw-r--r-- root/root    144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14
-rw-r--r-- root/root    144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14.17.3

after fix, there's library and symlink (as designed):

$ tar -Oxzf libnghttp2-14_1.38.0-2_mips_24kc.ipk ./data.tar.gz | tar -tzvf -
drwxr-xr-x root/root         0 2019-06-07 23:14 ./
drwxr-xr-x root/root         0 2019-06-07 23:14 ./usr/
drwxr-xr-x root/root         0 2019-06-07 23:14 ./usr/lib/
lrwxrwxrwx root/root         0 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14 -> libnghttp2.so.14.17.3
-rw-r--r-- root/root    144412 2019-06-07 23:14 ./usr/lib/libnghttp2.so.14.17.3

Binary package size reduced accordingly: 134621 -> 66593.

Compile/run-tested: ar71xx/generic.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-06-12 23:00:58 +02:00
Koen Vandeputte
c12bd3a21b iwinfo: update to latest git HEAD
1372f47eff34 iwinfo: Add Mikrotik R11e-5HnDr2

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-06-12 15:04:09 +02:00
Yousong Zhou
04b45d3a31 dnsmasq: move feature detection inside a shell func
Resolves openwrt/packages#9219

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-11 08:32:54 +00:00
Petr Štetiar
27bfde9c9f base-files: move urandom seed bits into separate package
So it's possible to install or remove it as needed.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-11 08:06:28 +02:00
Petr Štetiar
9b4de712ca ubox: move getrandom into separate getrandom package
So it's possible to install or remove it as needed.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-11 08:06:28 +02:00
Petr Štetiar
714bd89fce urng: add micro non-physical true RNG based on timing jitter
μrngd is OpenWrt's micro non-physical true random number generator based
on timing jitter.

Using the Jitter RNG core, the rngd provides an entropy source that
feeds into the Linux /dev/random device if its entropy runs low. It
updates the /dev/random entropy estimator such that the newly provided
entropy unblocks /dev/random.

The seeding of /dev/random also ensures that /dev/urandom benefits from
entropy. Especially during boot time, when the entropy of Linux is low,
the Jitter RNGd provides a source of sufficient entropy.

Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-11 08:06:28 +02:00
Alexander Couzens
79948e9d61
replace links towards lede-project.org with openwrt.org
Modify VERSION_SUPPORT_URL VERSION_REPO
Replace BUGS variable in toolchain/gcc/common.mk

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-06-11 01:46:53 +02:00
André Valentin
452d88e8f7 config: add xfrm interface support scripts
This package adds scripts for xfrm interfaces support.
Example configuration via /etc/config/network:

config interface 'xfrm0'
        option proto 'xfrm'
        option mtu '1300'
        option zone 'VPN'
        option tunlink 'wan'
        option ifid 30

config interface 'xfrm0_static'
        option proto 'static'
        option ifname '@xfrm0'
        option ip6addr 'fe80::1/64'
        option ipaddr '10.0.0.1/30'

Now set in strongswan IPsec policy:
 	if_id_in = 30
	if_id_out = 30

Signed-off-by: André Valentin <avalentin@marcant.net>
2019-06-10 10:07:24 +02:00
Hans Dedecker
cc092a285a curl: update to 7.65.1
For changes in 7.65.1; see https://curl.haxx.se/changes.html#7_65_1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-10 10:06:05 +02:00
André Valentin
ae3e232b11 netsupport: add xfrmi interface support
Add support for xfrm interfaces in kernel. XFRM interfaces are used by
the IPsec stack for tunneling.
XFRM interfaces are available since linux 4.19.

Signed-off-by: André Valentin <avalentin@marcant.net>
2019-06-09 21:48:22 +02:00
Petr Štetiar
6c5bfaac84 gpio-button-hotplug: gpio-keys: fix always missing first event
Commit afc056d7dc ("gpio-button-hotplug: support interrupt
properties") changed the gpio-keys interrupt handling logic in a way,
that it always misses first event, which causes issues with rc.button
scripts, so this patch restores the previous behaviour.

Fixes: afc056d7dc ("gpio-button-hotplug: support interrupt properties")
Reported-by: Kristian Evensen <kristian.evensen@gmail.com>
Tested-by: Kuan-Yi Li <kyli.tw@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [drop state check]
2019-06-09 14:51:47 +02:00
Petr Štetiar
27d234a345 gpio-button-hotplug: fix wrong initial seen value
Currently the generated event contains wrong seen value, when the button
is pressed for the first time:

 rmmod gpio_button_hotplug; modprobe gpio_button_hotplug
 [ pressing the wps key immediately after modprobe ]
 gpio-keys: create event, name=wps, seen=1088, pressed=1

So this patch adds a check for this corner case and makes seen=0 if the
button is pressed for the first time.

Tested-by: Kuan-Yi Li <kyli.tw@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-09 14:51:47 +02:00
Petr Štetiar
33ccfe0e14 gpio-button-hotplug: use pr_debug and pr_err
pr_debug can be used with dynamic debugging.

Tested-by: Kuan-Yi Li <kyli.tw@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-09 14:51:47 +02:00
Yousong Zhou
0299a4b73e dnsmasq: skip options that are not compiled in
This is to make life easier for users with customized build of
dnsmasq-full variant.  Currently dnsmasq config generated by current
service script will be rejected by dnsmasq build lacking DHCP feature

 - Options like --dhcp-leasefile have default values.  Deleting them
   from uci config or setting them to empty value will make them take on
   default value in the end
 - Options like --dhcp-broadcast are output unconditionally

Tackle this by

 - Check availablility of features from output of "dnsmasq --version"
 - Make a list of options guarded by HAVE_xx macros in src/options.c of
   dnsmasq source code
 - Ignore these options in xappend()

Two things to note in this implementation

 - The option list is not exhaustive.  Supposedly only those options that
   may cause dnsmasq to reject with "unsupported option (check that
   dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)" are taken
   into account here
 - This provides a way out but users' cooperation is still needed.  E.g.
   option dnssec needs to be turned off, otherwise the service script
   will try to add --conf-file pointing to dnssec specific anchor file
   which dnsmasq lacking dnssec support will reject

Resolves FS#2281

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-09 08:17:52 +00:00
Hans Dedecker
6b762dd75f netifd: xfrm tunnel support
8c6358b netifd: add xfrm tunnel interface support

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-06-08 21:51:37 +02:00
Konstantin Demin
10011f91c5 busybox: add ALTERNATIVES for brctl
Busybox brctl applet conflicts with the version from bridge-utils.
Fix this by using ALTERNATIVE support for brctl in busybox.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-06-08 13:51:40 +02:00
Kevin Darbyshire-Bryant
021a9b4cb9 iproute2: add tc action ctinfo support
Add the userspace control portion of the backported kernelspace
act_ctinfo.

ctinfo is a tc action restoring data stored in conntrack marks to
various fields.  At present it has two independent modes of operation,
restoration of DSCP into IPv4/v6 diffserv and restoration of conntrack
marks into packet skb marks.

It understands a number of parameters specific to this action in
additional to the usual action syntax.  Each operating mode is
independent of the other so all options are optional, however not
specifying at least one mode is a bit pointless.

Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE]
		  [CONTROL] [index <INDEX>]

DSCP mode

dscp enables copying of a DSCP stored in the conntrack mark into the
ipv4/v6 diffserv field.  The mask is a 32bit field and specifies where
in the conntrack mark the DSCP value is located.  It must be 6
contiguous bits long. eg. 0xfc000000 would restore the DSCP from the
upper 6 bits of the conntrack mark.

The DSCP copying may be optionally controlled by a statemask.  The
statemask is a 32bit field, usually with a single bit set and must not
overlap the dscp mask.  The DSCP restore operation will only take place
if the corresponding bit/s in conntrack mark ANDed with the statemask
yield a non zero result.

eg. dscp 0xfc000000 0x01000000 would retrieve the DSCP from the top 6
bits, whilst using bit 25 as a flag to do so.  Bit 26 is unused in this
example.

CPMARK mode

cpmark enables copying of the conntrack mark to the packet skb mark.  In
this mode it is completely equivalent to the existing act_connmark
action.  Additional functionality is provided by the optional mask
parameter, whereby the stored conntrack mark is logically ANDed with the
cpmark mask before being stored into skb mark.  This allows shared usage
of the conntrack mark between applications.

eg. cpmark 0x00ffffff would restore only the lower 24 bits of the
conntrack mark, thus may be useful in the event that the upper 8 bits
are used by the DSCP function.

Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE]
		  [CONTROL] [index <INDEX>]
where :
	dscp MASK is the bitmask to restore DSCP
	     STATEMASK is the bitmask to determine conditional restoring
	cpmark MASK mask applied to restored packet mark
	ZONE is the conntrack zone
	CONTROL := reclassify | pipe | drop | continue | ok |
		   goto chain <CHAIN_INDEX>

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-07 12:05:32 +01:00
Kevin Darbyshire-Bryant
b8a72dfd28 kernel: backport act_ctinfo
ctinfo is a new tc filter action module.  It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths.  At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.

The DSCP restore mode:

This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.

The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links.  Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.

Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway.  Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.

Parameters related to DSCP restore mode:

dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.

statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask.  This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set.  This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP.  A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)

e.g. dscpmask 0xfc000000 statemask 0x01000000

|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP       | unused | flag  |unused   |
|-----------------------0x01---000000---|
      |                   |
      |                   |
      ---|             Conditional flag
         v             only restore if set
|-ip diffserv-|
| 6 bits      |
|-------------|

The skb mark restore mode (cpmark):

This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.

Parameters related to skb mark restore mode:

mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration.  This can be useful where the conntrack
mark is being used for different purposes by different applications.  If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)

e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.

|----0x00----conntrack mark----ffffff---|
| Bits 31-24 |                          |
| DSCP & flag|      some value here     |
|---------------------------------------|
			|
			|
			v
|------------skb mark-------------------|
|            |                          |
|  zeroed    |                          |
|---------------------------------------|

Overall parameters:

zone - conntrack zone

control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Make suitable adjustments for backporting to 4.14 & 4.19
and add to SCHED_MODULES_FILTER

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-06 15:41:07 +01:00
Biwen Li
639d127b83 layerscape: fix u-boot bootcmd
Current latest LSDK-19.03 u-boot had a bug that bootcmd
environment was always been reset when u-boot started up.
This was found on boards with spi NOR boot. Before the
proper fix-up is applied, we have to use a workaround
to hard code the bootcmd for OpenWrt booting for now.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:09 +02:00
Yangbo Lu
8468bf04d0 layerscape: drop ppa package
Drop ppa package since TF-A is used instead.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:09 +02:00
Biwen Li
c07d3302b3 layerscape: convert to use TF-A for firmware
This patch is to convert to use TF-A for firmware.
- Use un-swapped rcw since swapping will be done in TF-A.
- Use u-boot with TF-A defconfig.
- Rework memory map for TF-A introduction.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:09 +02:00
Biwen Li
17dcbe1b8e layerscape: add ARM Trusted Firmware package
Add TF-A packages for Layerscape to implement trusted firmware.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
f7f1f39c34 layerscape: add rcw packages for ls1043ardb/ls1046ardb SD boot
Add rcw packages for ls1043ardb/ls1046ardb SD boot.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Yangbo Lu
b4b53cd39b layerscape: drop armv8_32b support
NXP LSDK has decided to drop armv8_32b support considering
few users are using it.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Yangbo Lu
9ad7c53383 layerscape: update restool to LSDK 19.03
Update restool to LSDK 19.03.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
4b4b686b1d layerscape: update u-boot to LSDK 19.03
Update u-boot to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
fbb865099b layerscape: update ppfe-firmware to LSDK 19.03
Update ppfe-firmware to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
f4f4b053b9 layerscape: update ls-rcw to LSDK 19.03
Update ls-rcw to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
584611e076 layerscape: update ls-mc to LSDK 19.03
Update to ls-mc to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
1efc6f3515 layerscape: update ls-dpl to LSDK 19.03
Update ls-dpl to LSDK 19.03.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Biwen Li
5dd307afef layerscape: update fman-ucode to LSDK 19.03
The source code was same from lsdk-1806 to lsdk-1903.

Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2019-06-06 15:40:08 +02:00
Sebastian Meiling
239b79f668 kernel: add package for atusb wpan module
This adds a new package for the kernel module of the ATUSB WPAN driver.

Signed-off-by: Sebastian Meiling <s@mlng.net>
[fixed SoB: and From: mismatch]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-06 15:40:08 +02:00
Kevin Darbyshire-Bryant
24e09bac48 Revert "kernel: backport act_ctinfo"
This reverts commit 7c50182e0c.

Produces build error:
Package kmod-sched is missing dependencies for the following libraries:
nf_conntrack.ko

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-06 10:45:15 +01:00
Jo-Philipp Wich
f664d560df rpcd: fix init script reload action
Drop the legacy start() and stop() procedures and define a proper
reload signal action instead.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-06-06 11:27:11 +02:00
Kevin Darbyshire-Bryant
7c50182e0c kernel: backport act_ctinfo
ctinfo is a new tc filter action module.  It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths.  At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.

The DSCP restore mode:

This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.

The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links.  Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.

Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway.  Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.

Parameters related to DSCP restore mode:

dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.

statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask.  This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set.  This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP.  A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)

e.g. dscpmask 0xfc000000 statemask 0x01000000

|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP       | unused | flag  |unused   |
|-----------------------0x01---000000---|
      |                   |
      |                   |
      ---|             Conditional flag
         v             only restore if set
|-ip diffserv-|
| 6 bits      |
|-------------|

The skb mark restore mode (cpmark):

This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.

Parameters related to skb mark restore mode:

mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration.  This can be useful where the conntrack
mark is being used for different purposes by different applications.  If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)

e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.

|----0x00----conntrack mark----ffffff---|
| Bits 31-24 |                          |
| DSCP & flag|      some value here     |
|---------------------------------------|
			|
			|
			v
|------------skb mark-------------------|
|            |                          |
|  zeroed    |                          |
|---------------------------------------|

Overall parameters:

zone - conntrack zone

control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

Make suitable adjustments for backporting to 4.14 & 4.19

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-06-06 09:41:26 +01:00
Petr Štetiar
dc8ec266dd rpcd: update to the latest git head
89bfaa424606 Fix possible linker errors by using CMake find_library macro
 569284a119f9 session: handle NULL return values of crypt()

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-06 10:16:22 +02:00
Yousong Zhou
ef7aa03bdb libunwind: bump to version 1.3.1
Libunwind provides a sigreturn stub for x86 in version 1.2 [1].  However
the arch still depends on setcontext() which is unavailable in musl-libc
and which is supposed to be "deprecated everywhere" [2]

 [1] x86 sigreturn unimplemented for some libcs,
     https://github.com/libunwind/libunwind/issues/13
 [2] setcontext deprecated on x86,
     https://github.com/libunwind/libunwind/issues/69

Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497791552
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-06-05 01:13:07 +00:00
Jason A. Donenfeld
593b487538 wireguard: bump to 0.0.20190601
There was an issue with the backport compat layer in yesterday's snapshot,
causing issues on certain (mostly Atom) Intel chips on kernels older than
4.2, due to the use of xgetbv without checking cpu flags for xsave support.
This manifested itself simply at module load time. Indeed it's somewhat tricky
to support 33 different kernel versions (3.10+), plus weird distro
frankenkernels.

If OpenWRT doesn't support < 4.2, you probably don't need to apply this.
But it also can't hurt, and probably best to stay updated.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-06-01 14:00:51 +02:00
Jason A. Donenfeld
a1210f8888 wireguard: bump to 0.0.20190531
* tools: add wincompat layer to wg(8)

Consistent with a lot of the Windows work we've been doing this last cycle,
wg(8) now supports the WireGuard for Windows app by talking through a named
pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw.
Because programming things for Windows is pretty ugly, we've done this via a
separate standalone wincompat layer, so that we don't pollute our pretty *nix
utility.

* compat: udp_tunnel: force cast sk_data_ready

This is a hack to work around broken Android kernel wrapper scripts.

* wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel

FreeBSD had a number of kernel race conditions, some of which we can vaguely
work around. These are in the process of being fixed upstream, but probably
people won't update for a while.

* wg-quick: make darwin and freebsd path search strict like linux

Correctness.

* socket: set ignore_df=1 on xmit

This was intended from early on but didn't work on IPv6 without the ignore_df
flag. It allows sending fragments over IPv6.

* qemu: use newer iproute2 and kernel
* qemu: build iproute2 with libmnl support
* qemu: do not check for alignment with ubsan

The QEMU build system has been improved to compile newer versions. Linking
against libmnl gives us better error messages. As well, enabling the alignment
check on x86 UBSAN isn't realistic.

* wg-quick: look up existing routes properly
* wg-quick: specify protocol to ip(8), because of inconsistencies

The route inclusion check was wrong prior, and Linux 5.1 made it break
entirely. This makes a better invocation of `ip route show match`.

* netlink: use new strict length types in policy for 5.2
* kbuild: account for recent upstream changes
* zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2

The usual churn of changes required for the upcoming 5.2.

* timers: add jitter on ack failure reinitiation

Correctness tweak in the timer system.

* blake2s,chacha: latency tweak
* blake2s: shorten ssse3 loop

In every odd-numbered round, instead of operating over the state
    x00 x01 x02 x03
    x05 x06 x07 x04
    x10 x11 x08 x09
    x15 x12 x13 x14
we operate over the rotated state
    x03 x00 x01 x02
    x04 x05 x06 x07
    x09 x10 x11 x08
    x14 x15 x12 x13
The advantage here is that this requires no changes to the 'x04 x05 x06 x07'
row, which is in the critical path. This results in a noticeable latency
improvement of roughly R cycles, for R diagonal rounds in the primitive. As
well, the blake2s AVX implementation is now SSSE3 and considerably shorter.

* tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES

System integrators can now specify things like
WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init
scripts and services, or 0, or any other integer.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-05-31 21:01:33 +02:00
Eneas U de Queiroz
f22ef1f1de openssl: update to version 1.1.1c
Highlights of this version:
 - Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
 - Fix OPENSSL_config bug (patch removed)
 - Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
 - Enable SHA3 pre-hashing for ECDSA and DSA

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
2019-05-31 11:21:22 +02:00
Christian Lamparter
afc056d7dc gpio-button-hotplug: support interrupt properties
Upstream Linux's input gpio-keys driver supports
specifying a external interrupt for a gpio via the
'interrupts' properties as well as having support
for software debounce.

This patch ports these features to OpenWrt's event
version. Only the "pure" interrupt-driven support is
left behind, since this goes a bit against the "gpio"
in the "gpio-keys" and I don't have a real device to
test this with.

This patch also silences the generated warnings showing
up since 4.14 due to the 'constification' of the
struct gpio_keys_button *buttons variable in the
upstream struct gpio_keys_platform_data declaration.

gpio-button-hotplug.c: In function 'gpio_keys_get_devtree_pdata':
gpio-button-hotplug.c:392:10: warning: assignment discards 'const'
	qualifier from pointer target type [-Wdiscarded-qualifiers]
   button = &pdata->buttons[i++];
          ^
gpio-button-hotplug.c: In function 'gpio_keys_button_probe':
gpio-button-hotplug.c:537:12: warning: assignment discards 'const'
	qualifier from pointer target type [-Wdiscarded-qualifiers]
   bdata->b = &pdata->buttons[i];
            ^
gpio-button-hotplug.c: In function 'gpio_keys_probe':
gpio-button-hotplug.c:563:37: warning: initialization discards 'const'
	qualifier from pointer target type [-Wdiscarded-qualifiers]
   struct gpio_keys_button *button = &pdata->buttons[i];
                                   ^
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-05-31 10:30:03 +02:00
Hans Dedecker
678ee30ee4 ppp: add config options to tune discovery timeout and attempts
Upstream PPP project has added in commit 8e77984 options to tune discovery
timeout and attempts in the rp-pppoe plugin.

Expose these options in the uci datamodel for pppoe:
	padi_attempts: Number of discovery attempts
	padi_timeout: Initial timeout for discovery packets in seconds

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-31 09:43:10 +02:00
Hans Dedecker
42977978e2 ppp: update to version 2.4.7.git-2019-05-25
8e77984 rp-pppoe plugin: Add options to tune discovery timeout and number of attempts

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-31 09:43:03 +02:00
Fabian Bläse
0f8b9addfc gre: introduce 'nohostroute' option
It is not always necessary to add a host route for the gre peer address.

This introduces a new config option 'nohostroute' (similar to the
option introduced for wireguard in d8e2e19) to allow to disable
the creation of those routes explicitely.

Signed-off-by: Fabian Bläse <fabian@blaese.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-05-31 09:42:32 +02:00
Yousong Zhou
cf463159df uclient: bump to version 2019-05-30
This version bump contains the following commit to fix FS#2222

	3b3e368 uclient-http: set data_eof when content-length is 0

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-05-30 12:13:31 +00:00
Yousong Zhou
1e5f4dcd66 libunwind: requires glibc if arch in powerpc
libunwind for powerpc depends on getcontext() from libc which musl-libc
does not provide because this API and its friends are supposed to be
"obsolescent" [1,2]

 [1] Subject: Re: setcontext/getcontext/makecontext missing?
     https://www.openwall.com/lists/musl/2016/02/04/5
 [2] http://pubs.opengroup.org/onlinepubs/009695399/functions/makecontext.html

Refs: https://github.com/openwrt/packages/issues/8548#issuecomment-497200058
Reported-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-05-30 10:30:45 +00:00
Sandeep Sheriker M
a765a2178c at91:renaming subtraget legacy to sam9x
renaming subtraget legacy to sam9x for adding new sam9 soc's

Signed-off-by: Sandeep Sheriker M <sandeep.sheriker@microchip.com>
2019-05-30 12:12:57 +02:00
Hauke Mehrtens
aff084adf3 at91: Merge SAMA5 subtargets
Instead of maintaining 3 very similar subtargets merge them into one.
This does not use the Arm NEON extension any more, because the SAMA5D3
does not support NEON.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
2019-05-30 12:12:37 +02:00
Alan Swanson
5422fed787 gpio-button-hotplug: add KEY_POWER2 handling
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.

As KEY_RESTART is already used for reset script (and there's no
KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new
reboot script with 5 second seen delay.

Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
2019-05-30 11:55:50 +02:00
Alan Swanson
a46259787d button-hotplug: add KEY_POWER2 handling
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.

As KEY_RESTART is already used for reset script (and there's no
KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new
reboot script with 5 second seen delay.

Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
2019-05-30 11:55:50 +02:00
Alan Swanson
70c7a0c33e base-files: add reboot only button handler
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.

Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
2019-05-30 11:55:49 +02:00
Petr Štetiar
6a92eb5b38 procd: update to latest git HEAD
ade00ca585a4 container: fix .dockerenv stat check
 385b904b2f0a hotplug: improve error message during group ownership change

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-30 08:03:02 +02:00
Paul Spooren
62940df3a9 procd: update to latest git HEAD
7f0f6b2 procd: add docker support

Signed-off-by: Paul Spooren <mail@aparcar.org>
2019-05-29 17:57:35 +02:00
Mikael Magnusson
8128a7e4fc busybox: fix: ip addr flush hangs when run by non-root user
Add upstream patch from:
https://git.busybox.net/busybox/commit/?id=028c5aa18b5273c029f0278232d922ee1a164de6

The patch fixes a problem with an infinite loop causing 100% CPU usage
when running the following command /lib/preinit/10_indicate_preinit
without the CAP_NET_ADMIN capability (such as in Docker):
  ip -4 address flush dev $pi_ifname

Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patch]
2019-05-28 13:18:58 +02:00
Hans Dedecker
6636171bed netifd: fix missing ip rules after network reload (FS#2296)
beb810d iprule: fix missing ip rules after a reload (FS#2296)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-28 10:21:02 +02:00
Hans Dedecker
7d77879236 curl: bump to 7.65.0
For changes in 7.65.0; see https://curl.haxx.se/changes.html#7_65_0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-26 21:51:04 +02:00
Hans Dedecker
f54611b06d map: don't set default firewall zone to wan
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add procd inbound/outbound firewall rules if a zone is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-26 09:44:37 +02:00
Hans Dedecker
470f5b31e3 464xlat: don't set default firewall zone to wan
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add a procd inbound firewall rule if a zone is specified.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-26 09:43:57 +02:00
Petr Štetiar
ace241014c ethtool: bump to 5.1
* Feature: Add support for 200Gbps (50Gbps per lane) link mode
 * Feature: simplify handling of PHY tunable downshift
 * Feature: add support for PHY tunable Fast Link Down
 * Feature: add PHY Fast Link Down tunable to man page
 * Feature: Add a 'start N' option when specifying the Rx flow hash indirection table.
 * Feature: Add bash-completion script
 * Feature: add 10000baseR_FEC link mode name
 * Fix: qsfp: fix special value comparison
 * Feature: move option parsing related code into function
 * Feature: move cmdline_coalesce out of do_scoalesce
 * Feature: introduce new ioctl for per-queue settings
 * Feature: support per-queue sub command --show-coalesce
 * Feature: support per-queue sub command --coalesce
 * Fix: fix up dump_coalesce output to match actual option names
 * Feature: fec: add pretty dump

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-25 13:44:43 +02:00
Hans Dedecker
0293aa72d1 uci: fix heap use after free (FS#2288)
f199b96 uci: fix options list of section after type change

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-23 22:05:40 +02:00
Liangbin Lian
4bb9af48ca lua: lnum: fix strtoul based number parsing
Lua's LNUM patch currently doesn't parse properly certain numbers as
it's visible from the following simple tests.

On x86_64 host (stock Lua 5.1.5, expected output):

 $ /usr/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  2147483648
  8796093022208
  4294967296

On x86_64 host:

 $ staging_dir/hostpkg/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  0
  0

On x86_64 target:

 $ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  0
  0

On ath79 target:

 $ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'

  -2147483648
  8796093022208
  4294967296

It's caused by two issues fixed in this patch, first issue is caused by
unhadled strtoul overflow and second one is caused by the cast of
unsigned to signed Lua integer when parsing from hex literal.

Run tested on:

 * Zidoo Z9S with RTD1296 CPU (aarch64_cortex-a53)
 * qemu/x86_64
 * qemu/armvirt_64
 * ath79

Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
[commit subject/message touches, fixed From to match SOB, fixed another
 unhandled case in luaO_str2i, host Lua, package bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-23 10:19:52 +02:00
Koen Vandeputte
4da5ba4a6b iwinfo: update to latest git HEAD
073a838891e5 iwinfo: Complete device IDs for Ubiquiti airOS XM/XW devices
04f5a7d3a431 iwinfo: Add Mikrotik R11e-5HnD
c2cfe9d96c9a iwinfo: Fix 802.11ad channel to frequency

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-05-21 14:24:18 +02:00
Petr Štetiar
049748e87e uboot-imx6: bump to 2019.04 and refresh patches
Build tested: apalis, mx6sabresd, nitrogen6dl, nitrogen6dl2g, nitrogen6q,
	      nitrogen6q2g, nitrogen6s, nitrogen6s1g, wandboard

Run tested: apalis

Cc: Felix Fietkau <nbd@nbd.name>
Cc: Vladimir Vid <vladimir.vid@sartura.hr>
Cc: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-20 21:19:48 +02:00
Petr Štetiar
aac8b52184 base-files: add support for the new ar8xxx MIB counters settings
Commit "generic: ar8216: add mib_poll_interval switch attribute" has
added mib_poll_interval global config option and commit "generic:
ar8216: group MIB counters and use two basic ones only by default" has
added mib_type config option.

So this patch adds ucidef_set_ar8xxx_switch_mib helper function which
would allow configuration of the above mentioned new switch config
options.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-20 21:19:48 +02:00
Petr Štetiar
2c26dc7b41 netifd: add support for the new ar8xxx MIB counters settings
Commit "generic: ar8216: add mib_poll_interval switch attribute" has added
mib_poll_interval global config option and commit "generic: ar8216: group
MIB counters and use two basic ones only by default" has added mib_type
config option.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-20 21:19:48 +02:00
Hauke Mehrtens
df6e8c8771 uboot-fritz4040: Add host flags for host compiler
This adds the host staging directory to the include path to make it use
the zlib.h files from the staging include directory and also link
against the zlib version from the staging directory.

This fixes a compile problem when the zlib header were not installed on
the build host.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[picked from openwrt-18.06]
2019-05-19 12:29:24 +02:00
Hans Dedecker
a7967bada9 ppp: update to version 2.4.7.git-2019-05-18
c9d9dbf pppoe: Custom host-uniq tag
44012ae plugins/rp-pppoe: Fix compile errors

Refresh patches
Drop 520-uniq patch as upstream accepted
Drop 150-debug_compile_fix patch as fixed upstream

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-18 21:39:19 +02:00
Linus Walleij
76338fded0 gemini: Fix up firmware checksum on DIR-685
Using the same method as the D-Link DAP-2695 A1 we use
the "mtd" tool to augment the firmware checkum in flash
on first boot of a new firmware on the D-Link DIR-685.
We need to augment the Makefile for "mtd" to build in
the special WRGG fixup support for Gemini as well.

This works around the problem of the machine not booting
after factory install unless the sysupgrade is applied
immediately.

Based on commit e3875350f3
"ar71xx: add support for D-Link DAP-2695 rev. A1"

Cc: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2019-05-18 16:37:30 +02:00
Linus Walleij
30b4b7ee09 mtd: Make fixwrgg command work on DIR-685
The D-Link DIR-685 has the same problem as the
D-Link DAP-2695: when flashing the factory image, the
checksum includes the whole flashed image, even the
rootfs_data part with the end of filesystem mark.
Also the whole flashed image is stored in the flash,
so on the first boot, the whole rootfs image is loaded
into memory with the kernel.

This is fixed using the fixwrgg command to mtd, but
for this to work we need to make fixwrgg work with
the Little-Endian ARM DIR-685.

The code tries to be endian agnostic but this fails
because the WRGG image loader doesn't. On ARM, the
file size is stored in little endian format, and on
big-endian systems it is stored in big endian format,
so we can just drop all the friendly htonl() that
will make the shdr->size big endian: this will
actually break the little endian systems, and on
the big endian systems the native endianness will
still be correct.

The magic number is always stored in little endian
format however, so make sure this is always read
in LE32 format. I chose to create a straight-forward
le32_to_cpu() static inline that IMO is simple and
easy to read.

Cc: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2019-05-18 16:37:30 +02:00
sven friedmann
30dcbc741d ath79: add support for EnGenius ECB1750
Specification:

- Qualcomm Atheros SoC QCA9558
- 720/600/200 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 1x 10/100/1000 Mbps Ethernet
- 3T3R 2.4 GHz (QCA9558 WMAC)
- 3T3R 5.8 Ghz (QCA9880-BR4A, Senao PCE4553AH)

https://fccid.io/A8J-ECB1750

Tested and working:

- lan, wireless, leds, sysupgrade (tftp)

Flash instructions:

1.) tftp recovery

- use a 1GbE switch or direct attached 1GbE link
- setup client ip address 192.168.1.10 and start tftpd
- save "openwrt-ath79-generic-engenius_ecb1750-initramfs-kernel.bin" as "ap.bin" in tfpd root directory
- plugin powercord and hold reset button 10secs.. "ap.bin" will be downloaded and executed
- afterwards login via ssh and do a sysuprade

2.) oem webinterface factory install (not tested)

Use normal webinterface upgrade page und select "openwrt-ath79-generic-engenius_ecb1750-squashfs-factory.bin".

3.) oem webinterface command injection

OEM Firmware already running OpenWrt (Attitude Adjustment 12.09).
Use OEM webinterface and command injection. See wiki for details.

https://openwrt.org/toh/engenius/engenius_ecb1750_1

Signed-off-by: sven friedmann <sf.openwrt@okay.ms>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[use interrupt-driven "gpio-keys" binding]
2019-05-18 13:43:55 +02:00
Jeff Kletsky
819e7946b0 ipq40xx: Add support for Linksys EA8300 (Dallas)
The Linksys EA8300 is based on QCA4019 and QCA9888 and provides three,
independent radios. NAND provides two, alternate kernel/firmware
images with fail-over provided by the OEM U-Boot.

Installation:

  "Factory" images may be installed directly through the OEM GUI.

Hardware Highlights:

  * IPQ4019 at 717 MHz (4 CPUs)
  * 256 MB NAND (Winbond W29N02GV, 8-bit parallel)
  * 256 MB RAM
  * Three, fully-functional radios; `iw phy` reports (FCC/US, -CT):
      * 2.4 GHz radio at 30 dBm
      * 5 GHz radio on ch. 36-64 at 23 dBm
      * 5 GHz radio on ch. 100-144 at 23 dBm (DFS), 149-165 at 30 dBm
      #{ managed } <= 16, #{ AP, mesh point } <= 16, #{ IBSS } <= 1
      * All two-stream, MCS 0-9
  * 4x GigE LAN, 1x GigE Internet Ethernet jacks with port lights
  * USB3, single port on rear with LED
  * WPS and reset buttons
  * Four status lights on top
  * Serial pads internal (unpopulated)

  "Linksys Dallas WiFi AP router based on Qualcomm AP DK07.1-c1"

Implementation Notes:

  The OEM flash layout is preserved at this time with 3 MB kernel and
  ~69 MB UBIFS for each firmware version. The sysdiag (1 MB) and
  syscfg (56 MB) partitions are untouched, available as read-only.

Serial Connectivity:

  Serial connectivity is *not* required to flash.

  Serial may be accessed by opening the device and connecting
  a 3.3-V adapter using 115200, 8n1. U-Boot access is good,
  including the ability to load images over TFTP and
  either run or flash them.

  Looking at the top of the board, from the front of the unit,
  J3 can be found on the right edge of the board, near the rear

      |
   J3 |
  |-| |
  |O| | (3.3V seen, open-circuit)
  |O| | TXD
  |O| | RXD
  |O| |
  |O| | GND
  |-| |
      |

Unimplemented:

    * serial1 "ttyQHS0" (serial0 works as console)
    * Bluetooth; Qualcomm CSR8811 (potentially conected to serial1)

Other Notes:

    https://wikidevi.com/wiki/Linksys_EA8300 states

        FCC docs also cover the Linksys EA8250. According to the
	RF Test Report BT BR+EDR, "All models are identical except
	for the EA8300 supports 256QAM and the EA8250 disable 256QAM."

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2019-05-18 13:43:54 +02:00
Jeff Kletsky
b3770eaca3 mtd: base-files: Unify dual-firmware devices (Linksys)
Consistently handle boot-count reset and upgrade across
ipq40xx, ipq806x, kirkwood, mvebu

Dual-firmware devices often utilize a specific MTD partition
to record the number of times the boot loader has initiated boot.

Most of these devices are NAND, typically with a 2k erase size.
When this code was ported to the ipq40xx platform, the device in hand
used NOR for this partition, with a 16-byte "record" size. As the
implementation of `mtd resetbc` is by-platform, the hard-coded nature
of this change prevented proper operation of a NAND-based device.

* Unified the "NOR" variant with the rest of the Linksys variants

* Added logging to indicate success and failure

* Provided a meaningful return value for scripting

* "Protected" the use of `mtd resetbc` in start-up scripts so that
   failure does not end the boot sequence

* Moved Linksys-specific actions into common `/etc/init.d/bootcount`

For upgrade, these devices need to determine which partition to flash,
as well as set certain U-Boot envirnment variables to change the next
boot to the newly flashed version.

* Moved upgrade-related environment changes out of bootcount

* Combined multiple flashes of environment into single one

* Current-partition detection now handles absence of `boot_part`

Runtime-tested: Linksys EA8300

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[checkpatch.pl fixes, traded split strings for 80+ chars per line]
2019-05-18 13:43:51 +02:00
Jeff Kletsky
4bdc873a5f firmware/ipq-wifi: Extend for multi-chip boards
This package provides board-specific reference ("cal") data
on an interim basis until included in the upstream distros

While originally conceived for IPQ4019-based boards, similar needs
are appearing with three-radio devices. For some of these devices,
both a board-2.bin file needs to be supplied both for the IPQ4019
as well as for the other radio on the board.

This patch allows new or multiple overrides to be specified by:

  * Adding board name to ALLWIFIBOARDS
  * Placing file(s) in this directory named as
      board-<devicename>.<qca4019|qca9888|qca9984>
  * Adding
      $(eval $(call generate-ipq-wifi-package,<device>,<display name>))

(along with suitable package selection for the board)

At this time, QCA4019, QCA9888, and QCA9984 are supported.
Extension to other chips should be straightforward.

The existing files, board-*.bin, are "grandfathered" as QCA4019.

The package name has been retained for compatability reasons.
At this time it DEPENDS:=@TARGET_ipq40xx, limiting its visibility.

Build-tested-on: asus_map-ac2200, alfa-network_ap120c-ac,
    avm_fritzbox-7530, avm_fritzrepeater-3000, engenius_eap1300,
    engenius_ens620ext, linksys_ea6350v3, qxwlan-e2600ac-c1/-c2

Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
2019-05-18 13:43:22 +02:00
Hans Dedecker
7b58c58733 netifd: update to latest git HEAD
22e8e58 interface-ip: use ptp address as well to find local address target
f1aa0f9 treewide: pass bool as second argument of blobmsg_check_attr

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-18 09:35:25 +02:00
Rosen Penev
395bef4bba libbsd: Fix compilation under ARC
The 8 year old file does not have any ARC definitions.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[updated content of the patch with version sent to upstream]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-17 21:41:43 +02:00
Kristian Evensen
97780e363f system: uci: Use config dir on uci_add and support add_/del_list
This commit makes three changes to the uci shell library:

* A check for UCI_CONFIG_DIR has been added to the command line when
adding anonymous sections. Without this change, adding anonymous
sections to configs not stored in /etc/config is not possible.

* Support for adding/removing items from lists were missing, so I have
added the functions uci_add_list() and uci_remove_list() to simplify
working with uci lists from scripts.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[added missing package version bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-05-17 21:41:43 +02:00
Jeffery To
782eda9750 zlib: Use relative paths in pkg-config metadata file
The buildroot pkg-config (in staging_dir/host/bin) overrides the prefix
and exec_prefix variables in *.pc files, to supply the correct
(buildroot) paths for callers. If other variables are not defined
relative to prefix and exec_prefix, then the returned values will be
incorrect.

The default zlib.pc file generated by cmake contains absolute paths.
This patches the file to use relative paths (relative to ${prefix} and
${exec_prefix}).

Signed-off-by: Jeffery To <jeffery.to@gmail.com>
2019-05-17 21:41:43 +02:00
Hans Dedecker
5546fe9fc3 odhcpd: update to latest git HEAD (FS#2242)
41a74cb config: remove 'ignore' config option
c0c8034 treewide: init assignment lists head
f98b7ee config: use list safe iterator in lease_delete
3c9810b dhcpv4: fix lease ordering by ip address
b60c384 config: use multi-stage parsing of uci sections
a2dd8d6 treewide: always init interface list heads during initialization
a17665e dhcpv4: do not allow pool end address to overlap with broadcast address
6b951c5 treewide: give file descriptors safe initial value
39e11ed dhcpv4: DHCP pool size is off-by-one
4a600ce dhcpv4: add support for Parameter Request List option 55
09e5eca dhcpv4: fix DHCP packet size
3cd4876 ndp: fix syslog flooding (FS#2242)
79fbba1 config: set default loglevel to LOG_WARNING

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-17 08:54:30 +02:00
Tomasz Maciej Nowak
e7756974aa tegra: add vendor string to device name
for better identification. Also create SUPPORTED_DEVICES string from it
which corresponds to dts compatible string.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-15 13:34:23 +02:00
Rosen Penev
2f97797471 nftables: Fix compilation with uClibc-ng
Missing header for va_list.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
2019-05-15 13:34:23 +02:00
Deng Qingfang
172b02c05f linux-firmware: update to 20190416
Update linux-firmware to 20190416, which includes updated firmwares e.g. for ath10k
Also switch to official tarball source.

The following firmware files we use are updated in this change:
ath10k/QCA6174/hw3.0/board-2.bin
ath10k/QCA9888/hw2.0/firmware-5.bin
ath10k/QCA988X/hw2.0/firmware-5.bin
ath10k/QCA9984/hw1.0/firmware-5.bin
mrvl/sd8887_uapsta.bin
mrvl/pcie8897_uapsta.bin
iwlwifi-8000C-36.ucode
iwlwifi-8265-36.ucode

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-05-14 21:59:38 +02:00
Hauke Mehrtens
5ee62b23f8 valgrind: Add support for ARM64 architecture
valgrind also works on the ARM64 architecture, build it also for such CPUs.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:41 +02:00
Hauke Mehrtens
a489f72ab5 valgrind: Update to version 3.15.0
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:34 +02:00
Hauke Mehrtens
e669cf7f6a strace: Update to version 5.0
The removed patch was merged upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:26 +02:00
Hauke Mehrtens
02d4d36d4b iperf: Update to version 2.0.13
The removed patches are already integrated in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-14 20:28:18 +02:00
Hans Dedecker
06403981e1 ppp: update to version 2.4.7.git-2019-05-06
fcb076c Various fixes for errors found by coverity static analysis (#109)
d98ab38 Merge branch 'pppd_print_changes' of https://github.com/nlhintz/ppp into nlhintz-pppd_print_changes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-13 15:34:42 +02:00
Tomasz Maciej Nowak
ee96fa15b1 mvebu: use device-tree board detection
Convert whole target to Device Tree based board detection instead of
identifying devices by dts file name. With this we can drop mvebu.sh
translation script and rely on common method for model detection.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 23:11:04 +02:00
Tomasz Maciej Nowak
a39d2a8053 mvebu: align device names to vendor_device format
Add vendors in device names and also rename few device names, for easier
identyfying potential firmware to flash. The vendor and device string is
mainly derived from model/compatipble string in dts from particular
device, but since not all devices are well described, some of the renames
follow marketing names.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 23:11:04 +02:00
Rosen Penev
0b26382533 uClibc++: Update to 0.2.5
Switched to xz archives for smaller size.

Removed upstreamed patches.

Reorganized Makefile a little bit for clarity. Build/Prepare is not useful
anymore. Upstream converted the file to LF.

Refreshed config.

Removed -ansi option from the original CFLAGS as this was causing long
long support to be missing.

Removed fPIC. We have the macro $(FPIC) already used. No point in setting
fpic and fPIC together.

Removed pedantic -Wlong-long warnings as they are not useful.

Removed -std=gnu++98. Not only is it unnecessary (it compiles against all
standards), it actually results in a size increase. 75843 vs. 75222 (gcc
in OpenWrt defaults to g++14).

Added --gc-sections to linker flags to reduce size: 72653 vs 75222.

Removed warn linker options. They have been upstreamed.

Tested on Archer C7v2 and GnuBee PC1.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-05-11 23:10:10 +02:00
Rosen Penev
e49b6bb618 xfsprogs: Replace valloc with posix_memalign
Fixes compilation under uClibc-ng.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-05-11 23:10:10 +02:00
Christian Lamparter
bdaaf66e28 utils/spidev_test: build package directly from Linux
Jeff Kletsky noted in his patch titled:
"utils/spidev_test: Update to current source from upstream Linux"
that the spidev_test utility OpenWrt ships is severly out of date.

Instead of updating the spidev_test.c from the current kernel,
this patch replaces the package building code to utilize the
very file that gets shipped with the kernel we compiling for
anyway much like the "perf" package already does.

Reported-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-05-11 16:37:11 +02:00
Lucian Cristian
4582fe7c14 lldpd: add option to edit hostname
also fixes the annoying repeating syslog
lldp[]: unable to get system name

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-05-11 16:37:11 +02:00
Lucian Cristian
cb30971a44 lldpd: update to 1.0.3
Support for CDP PD PoE

Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-05-11 16:37:11 +02:00
Robert Marko
671d8752d1 ath10k-ct: Update to current version
This patch updates ath10k-ct to current version.
Changes are:
     ath10k-ct:  Fix printing PN in peer stats.

     Previous logic was incorrect.  Also add set-special API to enable
     returning PN.

Patches refreshed and tested on 8devices Jalapeno dev board(IPQ4019)

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-05-11 16:37:11 +02:00
Robert Marko
61f4ceb146 ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1:

2019-04-02: Support some get/set API for eeprom rate power tables.
	    Mostly backported from 10.2

2019-04-02: Support adaptive-CCA, backported from 10.2

2019-04-02: Support adding eeprom configAddr pairs via the
            set-special API. These configAddrs can be used to change
            the default register settings for up to 12 registers.

2019-05-03: Fix tx-power settings for 2x2, 3x3 rates.
	    Original logic I put in back in 2016 set 2x2 and 3x3 lower
	    than the needed to be when using most NICs (very high
	    powered NICs would not have been affected I think, not sure
	    any of those exist though.)

	    This improves throughput for 2x2 and 3x3 devices,
	    especially when the signal is weaker.

Release notes for wave-2:

2019-04-08: When setting keys, if high bit of high value of
	    key_rsc_counter is set to 0x1, then the lower 48 bits will
	    be used as the PN value.  By default, PN is set to 1 each
	    time the key is set.

2019-04-08: Pack PN into un-used 'excretries' aka
	    'num_pkt_loss_excess_retry' high 16 bits.
	    This lets us report peer PN, but *only* if driver has
	    previously set a PN when setting key (or set-special cmd is
	    used to enable PN reporting).

	    This is done so that we know the driver is recent
            enough to deal with the PN stat reporting.

2019-04-16: Support specifying tx rate on a per-beacon packet.
	    See ath10k_wmi_op_gen_beacon_dma and
	    ath10k_convert_hw_rate_to_rate_info for API details.

	     Driver needs additional work to actually enable this
	     feature currently.

2019-04-30: Compile out tx-prefetch caching logic.
	    It is full of tricky bugs that cause tx hangs.
	    I fixed at least one, but more remain and I have wasted too
	    much time on this already.

2019-05-08: Start rate-ctrl at mcs-3 instead of mcs-5.
	    This significantly helps DHCP happen quickly, probably
	    because the initial rate being too high would take a while
	    to ramp down, especially since there are few packets sent
	    by the time DHCP needs to start.

	    This bug was triggered by me decreasing retries of 0x1e
	    (upstream default) to 0x4.  But, I think it is better to
	    start with lower initial MCS instead of always having a
	    very high retry count.

Tested on 8devices Jalapeno dev board(IPQ4019)

Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [neatify]
2019-05-11 16:37:11 +02:00
Klaus Kudielka
ad62247800 base-files: improve lib/upgrade/common.sh
Recently, upgrade device autodetection has been added to the mvebu target.
This exposes some shortcomings of the generic export_bootdevice function,
e.g. on the Turris Omnia: export_bootdevice silently reports the root
partition to be the boot device. This makes the sysupgrade process fail at
several places.

Fix this by clearly distinguishing between /proc/cmdline arguments which
specify the boot disk, and those which specify the root partition. Only in
the latter case, strip off the partition, and do it consistently.
root=PARTUUID=<pseudo PARTUUID for MBR> (any partition) and root=/dev/*
(any partition) are accepted.

The root of the problem is that the *existing* export_bootdevice in
/lib/upgrade/common.sh behaves differently, if the kernel is booted with
root=/dev/..., or if it is booted with root=PARTUUID=...

In the former case, it reports back major/minor of the root partition,
in the latter case it reports back major/minor of the complete boot disk.

Targets, which boot with root=/dev/... *and* use export_bootdevice /
export_partdevice, have added workarounds to this behaviour, by specifying
*negative* increments to the export_partdevice function.

Consequently, those targets have to be adapted to use positive increments,
otherwise they are broken by the change to export_bootdevice.

Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-11 16:37:11 +02:00
Deng Qingfang
367813b9b1 ramips: mt7620: fix dependencies
MT7620 integrated WMAC does not need RT2x00 PCI driver or firmware
Also corrected kmod-eeprom-93cx6 and kmod-lib-crc-itu-t dependencies
according to original Kconfig and lsmod output

This will remove some unnecessary packages from MT7620 target to
save some space

Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[75 characters per line in the commit message]
2019-05-11 01:05:11 +02:00
Hans Dedecker
290a7dc0c7 procd: fix compile issue
1361b97 container: include stdbool.h

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-09 18:33:39 +02:00
Hans Dedecker
165d598521 netifd: update to latest git HEAD
f6fb700 interface-ip: fine tune IPv6 mtu warning
975a5c4 interface: tidy ipv6 mtu warning

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-08 22:15:19 +02:00
Hans Dedecker
792c9fc8ca procd: update to latest git HEAD
9b35439 procd: detect lxc container and behave accordingly

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-08 20:52:45 +02:00
Rosen Penev
4760541027 elfutils: Fix compile with uClibc-ng
Probably glibc too. argp_help takes a char *. not const char *.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
2019-05-05 21:11:01 +02:00
Tomasz Maciej Nowak
b18d1d5d3f uboot-tegra: bump to 2019.04
This version has important change for tegra boards which is reserving
32MB memory for Linux kernel instead of current 16MB.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-05-05 21:11:01 +02:00
Arthur Skowronek
fc23bcdaa2 base-files: add service_stopped as a post stop hook
Purpose of these changes is to introduce a hook for post service
shutdown in a similar fashion to the existing hook service_started. I
found it to be useful to specify a hook that is called once the service
has been stopped and not before the service is stopped like the
stop_service hook does.

The concrete use case I have for this is that I'm running a binary that
takes over the hardware watchdog timer. Said binary unfortunately can
not use ubus directly to tell procd to hand over the watchdog timer so
this has to be done in the service file for the binary in question. In
order to support a clean handover of the watchdog timer back to procd,
the service init script has to dispatch the ubus invocation once the
binary in question has been stopped.

Signed-off-by: Arthur Skowronek <ags@digineo.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[added commit message, use the same form as other hooks]
2019-05-05 21:11:01 +02:00
Hauke Mehrtens
1325e74e0c kernel: Remove support for kernel 3.18
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.

The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 22:41:38 +02:00
Hauke Mehrtens
675832de79 xburst: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
cd3b298533 omap24xx: Remove unmaintained target
This target only supports kernel 4.1, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
e6f9a8e89b au1000: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Hauke Mehrtens
2d0a2ff1e0 adm5120: Remove unmaintained target
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-05-03 21:27:12 +02:00
Rafał Miłecki
2c3dd70741 procd: add procd_running() helper for checking running state
This should be helpful for implementing service_running() in procd init
scripts.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: John Crispin <john@phrozen.org>
2019-05-02 22:14:19 +02:00
Hans Dedecker
8696f0c3e3 procd: update to latest git HEAD
01f3dc8 instance: dump user and group as well

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-05-02 17:39:16 +02:00
Michael Heimpold
218b1bbecd procd: allow passing optional group instance parameter
Sometimes is desirable to run a process with a specific group id
instead of the default one which is derived from passwd entry.
This can be achived now by using procd_set_param group $mygroup.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
2019-05-02 17:39:16 +02:00
Michael Heimpold
a12ab07e21 procd: allow passing optional syslog facility as instance parameter
Optional syslog facility can be set by adding procd_set_param facility
$myfacility.
While at, also add stdout/stderr documentation.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_SOURCE_VERSION update]
2019-05-02 17:38:51 +02:00
Robert Marko
a9190ee3a4 kernel: iio: Fix BMP280 Auto probing
Currently Auto probing for BMP/BME280 does not work because kernel
module name in the call is not correct.
Package name was used instead of kernel module name.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2019-05-02 09:35:35 +02:00
Rafał Miłecki
d6643aca34 libroxml: bump to the 3.0.1 version
Some of changes:
* Support for local-name()
* General refactoring
* Better parsing performance
* Fix possible buffer overflow & memleak
* Validation checks
* More commit functions (file, buffer, fd)

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-05-01 07:25:55 +02:00
Hans Dedecker
430b66bbe8 procd: update to latest git HEAD
cfaed56 procd: add SIGPWR as signal
a30a8fd procd: copy the respawn property of new instance

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-29 21:48:09 +02:00
Daniel Golle
26dafeeba4 mac80211: rt2x00: replace patches with upstream version
Support for RT3883/RT3663 was merged upstream [1]. Use that patch
instead of our original series. The resulting source tree is
exactly identical, this commit is merely reorganizing the patches.

[1]: https://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next.git/commit/?id=d0e61a0f7cca51ce340a5a73595189972122ff25

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-29 18:39:04 +02:00
Eneas U de Queiroz
17cb490ac4 openssl: build kmods only if engines are selected
Add a conditional to the individual package's for the kmods in DEPENDS.
This avoids the need to compile the kernel modules when the crypto
engine packages are not selected.  The final binares are not affected by
this.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2019-04-26 15:31:34 +02:00
Jose Olivera
40de4c038a elfutils: bump to 0.176
*Fixes:
  -CVE-2019-7150
  -CVE-2019-7149
  -CVE-2019-7146
  -CVE-2019-7665
  -CVE-2019-7664
  -CVE-2019-7148

*Refresh 003-libintl-compatibility.patch

*Also reset PKG_RELEASE.

Signed-off-by: Jose Olivera <oliverajeo@gmail.com>
2019-04-26 10:04:47 +02:00
Felix Fietkau
6e7e2f4421 mac80211: fix regression in skb resizing optimization in monitor mode (FS#2254)
struct ieee80211_local needs to be passed in separately instead of
dereferencing the (potentially NULL) sdata

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-24 09:33:38 +02:00
Koen Vandeputte
6afe175e5e ath10k-ct: Update to 2019-04-08
9cd701a4f028 ath10k-ct:  Add PN get/set API for wave-2 firmware.
5c8a4668323b ath10k-ct:  Support over-riding the power ctl table in eeprom
75e2705f31bb ath10k-ct:  CCA, eeprom, other changes.
a696e602a0fc ath10k-ct:  Attempt to fix-out-of-tree compile for 4.16
a2aec62262df ath10k:  Improve beacon tx status for 4.20 kernel.
be5c21a82b15 ath10k-ct:  Fix out-of-tree compile for 4.20, pull in stable changes for 4.19

Fixes compile errors when using the 4.20 flavour.
Also the amount of beacon errors seems to have dropped.

Tested on a Mikrotik RB912UAGS-5HPacD

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-04-23 13:22:31 +02:00
Jo-Philipp Wich
f00a4ae6e0 Revert "uhttpd: disable concurrent requests by default"
This reverts commit c6aa9ff388.

Further testing has revealed that we will need to allow concurrent
requests after all, especially for situations where CGI processes
initiate further HTTP requests to the local host.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-23 08:15:46 +02:00
Eneas U de Queiroz
8abb505048 openssl: add Eneas U de Queiroz as maintainer
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-22 21:37:31 +02:00
Eneas U de Queiroz
ff9ac986ce openssl: fix OPENSSL_config bug affecting wget
This applies an upstream patch that fixes a OPENSSL_config() bug that
causes SSL initialization to fail when the openssl.cnf file is not
found.  The config file is not installed by default.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-22 20:30:02 +02:00
Hans Dedecker
47dc4f96cb nghttp2: bump to 1.38.0
4a9d2005 Update manual pages
acf6a922 Bump up version number to 1.38.0, LT revision to 31:3:17
4ff45821 Update AUTHORS
42dce01e Merge branch 'nghttpx-fix-backend-selection-on-retry'
a35059e3 nghttpx: Fix bug that altered authority and path affect backend selection
5a30fafd Merge branch 'nghttpx-fix-chunked-request-stall'
dce91ad3 Merge branch 'nghttpx-dont-log-authorization'
2cff8b43 nghttpx: Fix bug that chunked request stalls
be96654d nghttpx: Don't log authorization request header field value with -LINFO
ce962c3f Merge branch 'update-http-parser'
f931504e Update http-parser to v2.9.1
d978f351 Fix bug that on_header callback is still called after stream is closed
ec519f22 Merge pull request #1270 from baitisj/master
e8b213e3 Bump up version number to 1.38.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-22 13:42:24 +02:00
Hans Dedecker
399aa0b933 odhcpd: update to latest git HEAD (FS#2243, FS#2244)
6633efe router: fix dns search list option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-19 19:24:39 +02:00
Rosy Song
524810ce6d dropbear: allow build without dbclient
This can save ~16KBytes size for the ipk

Signed-off-by: Rosy Song <rosysong@rosinson.com>
2019-04-18 22:34:19 +02:00
Rafał Miłecki
083056c83f mac80211: brcm: backport brcmfmac 5.2 patches
This includes some USB fixes and early work on FullMAC firmware crash
recovery.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-04-18 10:16:10 +02:00
Hans Dedecker
e20c2909a5 odhcpd: update to latest git HEAD (FS#2206)
38bc630 router: use ra_lifetime as lifetime for RA options (FS#2206)
0523bdd router: improve code readibility
0a3b279 Revert "router:"
207f8e0 treewide: align syslog loglevels
f1d7da9 router:
0e048ac treewide: fix compiler warnings
83698f6 CMakeList.txt: enable extra compiler checks

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-17 14:43:38 +02:00
Eneas U de Queiroz
450d44a8ea openssl: change defaults: ENGINE:on, NPN:off, misc
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Enable engine support by default.  Right now, some packages require
this, so it is always enabled by the bots.  Many packages will compile
differently when engine support is detected, needing engine symbols from
the libraries.

However, being off by default, a user compiling its own image will fail
to run some popular packages from the official repo.
Note that disabling engines did not work in 1.0.2, so this problem never
showed up before.

NPN support has been removed in major browsers & servers, and has become
a small bloat, so it does not make sense to leave it on by default.

Remove deprecated CONFIG_ENGINE_CRYPTO symbol that is no longer needed.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2019-04-17 11:26:55 +02:00
Lucian Cristian
e762f5d44a kernel: Fix kmod-drm-amdgpu and kmod-drm-radeon dependencies
Currently the Geode builds fails on following kernel module missing
dependencies:

 Package kmod-drm-amdgpu is missing dependencies for the following libraries:
 backlight.ko
 drm_kms_helper.ko
 fb.ko
 ttm.ko

So this patch tries to fix the kmod-drm-amdgpu module dependecies.

Fixes: 2f239c0 ("x86: video: add amdgpu DRM kernel package")
Fixes: 2f6918e ("x86: video: add radeon DRM module support")
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2019-04-16 22:51:29 +02:00
Martin Schiller
e79b9601bf procd/hotplug: add dependency to dialout and audio group
Commit 6e060bd62c introduced a dependency to the dialout group.
Adding this group to the "group" file in the base-files package is not
enough to handle this dependency, because after a sysupgrade this entry
will be missing in the "group" file.

To address this problem the dependencies to the required groups needs to
be set in the Makefile of the procd package.
Then, the uci-default script "13_fix_group_user" will add the groups
on first boot-up after a sysupgrade.

Fixes: 6e060bd62c ("base-files/hotplug: fix dedicated group for tty devices")
Tested-by: Michael Heimpold <mhei@heimpold.de>
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2019-04-16 22:51:29 +02:00
Hans Dedecker
3e803499c3 netifd: update to latest git HEAD
666c14f system-linux: remove debug tracing
08989e4 interface: add neighbor config support
bfd4de3 interface: fix "if-down" hotplug event handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-15 23:20:20 +02:00
Christian Lamparter
d599890efd layerscape: unbreak ehci-fsl interaction with mpc85xx
Both targets have their own idea of how to use ehci-fsl.
This patch reverts part of commit
68b8d3b079 ("kernel: usb: add FSL EHCI package") and moves
ehci-fsl back into kmod-usb2, while also making it hopefully
useable for the mpc85xx target.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-04-15 00:20:56 +02:00
Petr Štetiar
ecdd26fe2b umbim: update to latest git HEAD
24f9dc7 Iron out all extra compiler warnings
9d8dbc9 Enable extra compiler checks
ff8d356 mbim-proxy support
ccca03f umbim: add registration set support

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-15 00:01:57 +02:00
Petr Štetiar
8293e7532f mac80211: Fix rate_idx underflow in mwl8k (FS#2218)
Add a patch for mwl8k which fixes endless reboot loops on Linksys EA4500
with certain 5G configurations.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-14 23:42:03 +02:00
David Bauer
68b8d3b079 kernel: usb: add FSL EHCI package
Add kernel module package for the Freescale USB2 EHCI used on the
mpc85xx platform.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-04-13 15:09:09 +02:00
Daniel Golle
9385ff654e mac80211: rt2x00: replace patch with upstream version
Replace the patch introduced by commit d0b969eee8 ("mac80211: rt2x00:
do not increment sequence number while re-transmitting") was merged
into wireless-drivers.git. Replace our version with the merged version.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-12 22:14:47 +02:00
Daniel Golle
44ae5f37fb uboot-envtools: fix fw_env.config for ox820/stg-212
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-04-11 19:21:55 +02:00
Stefan Lippers-Hollmann
8f17c019a1 hostapd: fix CVE-2019-9497, CVE-2019-9498, CVE-2019-9499
EAP-pwd missing commit validation

Published: April 10, 2019
Identifiers:
- CVE-2019-9497 (EAP-pwd server not checking for reflection attack)
- CVE-2019-9498 (EAP-pwd server missing commit validation for
  scalar/element)
- CVE-2019-9499 (EAP-pwd peer missing commit validation for
  scalar/element)

Latest version available from: https://w1.fi/security/2019-4/

Vulnerability

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) was discovered not to validate the received scalar and element
values in EAP-pwd-Commit messages properly. This could result in attacks
that would be able to complete EAP-pwd authentication exchange without
the attacker having to know the used password.

A reflection attack is possible against the EAP-pwd server since the
hostapd EAP server did not verify that the EAP-pwd-Commit contains
scalar/element values that differ from the ones the server sent out
itself. This allows the attacker to complete EAP-pwd authentication
without knowing the password, but this does not result in the attacker
being able to derive the session key (MSK), i.e., the attacker would not
be able to complete the following key exchange (e.g., 4-way handshake in
RSN/WPA).

An attack using invalid scalar/element values is possible against both
the EAP-pwd server and peer since hostapd and wpa_supplicant did not
validate these values in the received EAP-pwd-Commit messages. If the
used crypto library does not implement additional checks for the element
(EC point), this could result in attacks where the attacker could use a
specially crafted commit message values to manipulate the exchange to
result in deriving a session key value from a very small set of possible
values. This could further be used to attack the EAP-pwd server in a
practical manner. An attack against the EAP-pwd peer is slightly more
complex, but still consider practical. These invalid scalar/element
attacks could result in the attacker being able to complete
authentication and learn the session key and MSK to allow the key
exchange to be completed as well, i.e., the attacker gaining access to
the network in case of the attack against the EAP server or the attacker
being able to operate a rogue AP in case of the attack against the EAP
peer.

While similar attacks might be applicable against SAE, it should be
noted that the SAE implementation in hostapd and wpa_supplicant does
have the validation steps that were missing from the EAP-pwd
implementation and as such, these attacks do not apply to the current
SAE implementation. Old versions of wpa_supplicant/hostapd did not
include the reflection attack check in the SAE implementation, though,
since that was added in June 2015 for v2.5 (commit 6a58444d27fd 'SAE:
Verify that own/peer commit-scalar and COMMIT-ELEMENT are different').

Vulnerable versions/configurations

All hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build
configuration and EAP-pwd being enabled in the runtime configuration)
are vulnerable against the reflection attack.

All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration) are vulnerable against the invalid
scalar/element attack when built against a crypto library that does not
have an explicit validation step on imported EC points. The following
list indicates which cases are vulnerable/not vulnerable:
- OpenSSL v1.0.2 or older: vulnerable
- OpenSSL v1.1.0 or newer: not vulnerable
- BoringSSL with commit 38feb990a183 ('Require that EC points are on the
  curve.') from September 2015: not vulnerable
- BoringSSL without commit 38feb990a183: vulnerable
- LibreSSL: vulnerable
- wolfssl: vulnerable

Acknowledgments

Thanks to Mathy Vanhoef (New York University Abu Dhabi) for discovering
and reporting the issues and for proposing changes to address them in
the implementation.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  CVE-2019-9497:
  EAP-pwd server: Detect reflection attacks

  CVE-2019-9498:
  EAP-pwd server: Verify received scalar and element
  EAP-pwd: Check element x,y coordinates explicitly

  CVE-2019-9499:
  EAP-pwd client: Verify received scalar and element
  EAP-pwd: Check element x,y coordinates explicitly

  These patches are available from https://w1.fi/security/2019-4/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
57ab9e3add hostapd: fix CVE-2019-9496
hostapd: fix SAE confirm missing state validation

Published: April 10, 2019
Identifiers:
- CVE-2019-9496 (SAE confirm missing state validation in hostapd/AP)
Latest version available from: https://w1.fi/security/2019-3/

Vulnerability

When hostapd is used to operate an access point with SAE (Simultaneous
Authentication of Equals; also known as WPA3-Personal), an invalid
authentication sequence could result in the hostapd process terminating
due to a NULL pointer dereference when processing SAE confirm
message. This was caused by missing state validation steps when
processing the SAE confirm message in hostapd/AP mode.

Similar cases against the wpa_supplicant SAE station implementation had
already been tested by the hwsim test cases, but those sequences did not
trigger this specific code path in AP mode which is why the issue was
not discovered earlier.

An attacker in radio range of an access point using hostapd in SAE
configuration could use this issue to perform a denial of service attack
by forcing the hostapd process to terminate.

Vulnerable versions/configurations

All hostapd versions with SAE support (CONFIG_SAE=y in the build
configuration and SAE being enabled in the runtime configuration).

Possible mitigation steps

- Merge the following commit to hostapd and rebuild:

  SAE: Fix confirm message validation in error cases

  These patches are available from https://w1.fi/security/2019-3/

- Update to hostapd v2.8 or newer, once available

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
262229e924 hostapd: fix CVE-2019-9495
EAP-pwd side-channel attack

Published: April 10, 2019
Identifiers:
- CVE-2019-9495 (cache attack against EAP-pwd)
Latest version available from: https://w1.fi/security/2019-2/

Vulnerability

Number of potential side channel attacks were recently discovered in the
SAE implementations used by both hostapd and wpa_supplicant (see
security advisory 2019-1 and VU#871675). EAP-pwd uses a similar design
for deriving PWE from the password and while a specific attack against
EAP-pwd is not yet known to be tested, there is no reason to believe
that the EAP-pwd implementation would be immune against the type of
cache attack that was identified for the SAE implementation. Since the
EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP
peer) does not support MODP groups, the timing attack described against
SAE is not applicable for the EAP-pwd implementation.

A novel cache-based attack against SAE handshake would likely be
applicable against the EAP-pwd implementation. Even though the
wpa_supplicant/hostapd PWE derivation iteration for EAP-pwd has
protections against timing attacks, this new cache-based attack might
enable an attacker to determine which code branch is taken in the
iteration if the attacker is able to run unprivileged code on the victim
machine (e.g., an app installed on a smart phone or potentially a
JavaScript code on a web site loaded by a web browser). This depends on
the used CPU not providing sufficient protection to prevent unprivileged
applications from observing memory access patterns through the shared
cache (which is the most likely case with today's designs).

The attacker could use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full recovery of the used password if that password is
not strong enough to protect against dictionary attacks.

This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on an authentication server
(EAP server), so the most likely target for this would be a client
device using EAP-pwd.

The commits listed in the end of this advisory change the EAP-pwd
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.

Vulnerable versions/configurations

All wpa_supplicant and hostapd versions with EAP-pwd support
(CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled
in the runtime configuration).

It should also be noted that older versions of wpa_supplicant/hostapd
prior to v2.7 did not include additional protection against certain
timing differences. The definition of the EAP-pwd (RFC 5931) does not
describe such protection, but the same issue that was addressed in SAE
earlier can be applicable against EAP-pwd as well and as such, that
implementation specific extra protection (commit 22ac3dfebf7b, "EAP-pwd:
Mask timing of PWE derivation") is needed to avoid showing externally
visible timing differences that could leak information about the
password. Any uses of older wpa_supplicant/hostapd versions with EAP-pwd
are recommended to update to v2.7 or newer in addition to the mitigation
steps listed below for the more recently discovered issue.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  OpenSSL: Use constant time operations for private bignums
  Add helper functions for constant time operations
  OpenSSL: Use constant time selection for crypto_bignum_legendre()
  EAP-pwd: Use constant time and memory access for finding the PWE

  These patches are available from https://w1.fi/security/2019-2/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

- Use strong passwords to prevent dictionary attacks

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Stefan Lippers-Hollmann
af606d077f hostapd: fix CVE-2019-9494
SAE side-channel attacks

Published: April 10, 2019
Identifiers:
- VU#871675
- CVE-2019-9494 (cache attack against SAE)
Latest version available from: https://w1.fi/security/2019-1/

Vulnerability

Number of potential side channel attacks were discovered in the SAE
implementations used by both hostapd (AP) and wpa_supplicant
(infrastructure BSS station/mesh station). SAE (Simultaneous
Authentication of Equals) is also known as WPA3-Personal. The discovered
side channel attacks may be able to leak information about the used
password based on observable timing differences and cache access
patterns. This might result in full password recovery when combined with
an offline dictionary attack and if the password is not strong enough to
protect against dictionary attacks.

Cache attack

A novel cache-based attack against SAE handshake was discovered. This
attack targets SAE with ECC groups. ECC group 19 being the mandatory
group to support and the most likely used group for SAE today, so this
attack applies to the most common SAE use case. Even though the PWE
derivation iteration in SAE has protections against timing attacks, this
new cache-based attack enables an attacker to determine which code
branch is taken in the iteration if the attacker is able to run
unprivileged code on the victim machine (e.g., an app installed on a
smart phone or potentially a JavaScript code on a web site loaded by a
web browser). This depends on the used CPU not providing sufficient
protection to prevent unprivileged applications from observing memory
access patterns through the shared cache (which is the most likely case
with today's designs).

The attacker can use information about the selected branch to learn
information about the password and combine this information from number
of handshake instances with an offline dictionary attack. With
sufficient number of handshakes and sufficiently weak password, this
might result in full discovery of the used password.

This attack requires the attacker to be able to run a program on the
target device. This is not commonly the case on access points, so the
most likely target for this would be a client device using SAE in an
infrastructure BSS or mesh BSS.

The commits listed in the end of this advisory change the SAE
implementation shared by hostapd and wpa_supplicant to perform the PWE
derivation loop using operations that use constant time and memory
access pattern to minimize the externally observable differences from
operations that depend on the password even for the case where the
attacker might be able to run unprivileged code on the same device.

Timing attack

The timing attack applies to the MODP groups 22, 23, and 24 where the
PWE generation algorithm defined for SAE can have sufficient timing
differences for an attacker to be able to determine how many rounds were
needed to find the PWE based on the used password and MAC
addresses. When the attack is repeated with multiple times, the attacker
may be able to gather enough information about the password to be able
to recover it fully using an offline dictionary attack if the password
is not strong enough to protect against dictionary attacks. This attack
could be performed by an attacker in radio range of an access point or a
station enabling the specific MODP groups.

This timing attack requires the applicable MODP groups to be enabled
explicitly in hostapd/wpa_supplicant configuration (sae_groups
parameter). All versions of hostapd/wpa_supplicant have disabled these
groups by default.

While this security advisory lists couple of commits introducing
additional protection for MODP groups in SAE, it should be noted that
the groups 22, 23, and 24 are not considered strong enough to meet the
current expectation for a secure system. As such, their use is
discouraged even if the additional protection mechanisms in the
implementation are included.

Vulnerable versions/configurations

All wpa_supplicant and hostapd versions with SAE support (CONFIG_SAE=y
in the build configuration and SAE being enabled in the runtime
configuration).

Acknowledgments

Thanks to Mathy Vanhoef (New York University Abu Dhabi) and Eyal Ronen
(Tel Aviv University) for discovering the issues and for discussions on
how to address them.

Possible mitigation steps

- Merge the following commits to wpa_supplicant/hostapd and rebuild:

  OpenSSL: Use constant time operations for private bignums
  Add helper functions for constant time operations
  OpenSSL: Use constant time selection for crypto_bignum_legendre()
  SAE: Minimize timing differences in PWE derivation
  SAE: Avoid branches in is_quadratic_residue_blind()
  SAE: Mask timing of MODP groups 22, 23, 24
  SAE: Use const_time selection for PWE in FFC
  SAE: Use constant time operations in sae_test_pwd_seed_ffc()

  These patches are available from https://w1.fi/security/2019-1/

- Update to wpa_supplicant/hostapd v2.8 or newer, once available

- In addition to either of the above alternatives, disable MODP groups
  1, 2, 5, 22, 23, and 24 by removing them from hostapd/wpa_supplicant
  sae_groups runtime configuration parameter, if they were explicitly
  enabled since those groups are not considered strong enough to meet
  current security expectations. The groups 22, 23, and 24 are related
  to the discovered side channel (timing) attack. The other groups in
  the list are consider too weak to provide sufficient security. Note
  that all these groups have been disabled by default in all
  hostapd/wpa_supplicant versions and these would be used only if
  explicitly enabled in the configuration.

- Use strong passwords to prevent dictionary attacks

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-04-11 11:26:01 +02:00
Hans Dedecker
d1739c6c9a procd: update to latest git HEAD
baaf38c procd: instance: Support deleting stopped instances

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-10 14:16:53 +02:00
Florian Eckert
2101002b3d wireguard: remove obvious comments
Remove obvious comments to save disk space.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-04-09 22:25:11 +02:00
Florian Eckert
78b6931a1a wireguard: converted whitespaces from space to tab
With this change, the file is reduced from 5186 bytes to 4649 bytes that
its approximately 10.5 percent less memory consumption. For small
devices, sometimes every byte counts.
Also, all other protocol handler use tabs instead of spaces.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-04-09 22:25:02 +02:00
Hans Dedecker
c8a8294f6e ethtool: bump to 5.0
170d821 Release version 5.0.
909f8c0 Revert "ethtool: change to new sane powerpc64 kernel headers"
a484274 ethtool: dsa: mv88e6xxx: add pretty dump for others
034a17b ethtool: dsa: mv88e6xxx: add pretty dump for 88E6390
7f1cc44 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6352
a13a053 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6161
4e98029 ethtool: dsa: mv88e6xxx: add pretty dump for 88E6185
ff99e46 ethtool: dsa: mv88e6xxx: add pretty dump
cb8e980 ethtool: dsa: add pretty dump
4df55c8 ethtool: change to new sane powerpc64 kernel headers
0cb963e ethtool: zero initialize coalesce struct
8f05538 ethtool: don't report UFO on kernels v4.14 and above

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-09 14:27:59 +02:00
Daniel Gimpelevich
f61e754522 ath79: add support for Netgear EX6400 and EX7300
This is sold as a dual-band 802.11ac range extender. It has a sliding
switch for Extender mode or Access Point mode, a WPS button, a recessed
Reset button, a hard-power button, and a multitude of LED's, some
multiplexed via an NXP 74AHC164D chip. The internal serial header pinout is
Vcc, Tx, Rx, GND, with GND closest to the corner of the board. You may
connect at 115200 bps, 8 data bits, no parity, 1 stop bit.

Specification:
- System-On-Chip: QCA9558
- CPU/Speed: 720 MHz
- Flash-Chip: Winbond 25Q128FVSG
- Flash size: 16 MiB
- RAM: 128 MiB
- Wireless No1: QCA9558 on-chip 2.4GHz 802.11bgn, 3x3
- Wireless No2: QCA99x0 chip 5GHz 802.11an+ac, 4x4
- PHY: Atheros AR8035-A

Installation:
If you can get to the stock firmware's firmware upgrade option, just feed
it the factory.img and boot as usual. As an alternative, TFTP the
factory.img to the bootloader.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
[whitespace fix in DTS and reorder of make variables]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-09 11:09:26 +02:00
Petr Štetiar
adb0a420e5 uboot-envtools: imx6: Add support for Toradex Apalis board family
This patch is needed in order to be able to use fw_{set,print}env
commands.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-08 18:37:03 +02:00
Petr Štetiar
136001675e uboot-imx6: Add support for Toradex Apalis board family
This patch is needed in order to properly boot OpenWrt bootscript.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-08 18:37:03 +02:00
Hans Dedecker
80568e5854 dropbear: bump to 2019.78
Fix dbclient regression in 2019.77. After exiting the terminal would be left
in a bad state. Reported by Ryan Woodsmall

drop patch applied upstream:
	010-tty-modes-werent-reset-for-client.patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-07 20:32:55 +02:00
Stijn Tintel
310e2764a8 ubox: bump to git HEAD
5130fa4 kmodloader: fix and optimize loading of failed modules

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2019-04-07 19:37:18 +03:00
Michael Heimpold
32a6c252db wpan-tools: clean up Makefile
When we only call the default, we do not need to define it explicitly.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-04-06 19:14:06 +02:00
Michael Heimpold
007e947976 fconfig: cleanup Makefile
We do not need to define an empty Build/Configure since
the default checks for existing ./configure and does nothing
in case nothing is found.

Similar for Build/Compile: we can remove the definition
when we only call the default.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2019-04-06 19:14:06 +02:00
Rosen Penev
2a8175a7ac kernel: Add RIPEMD160 module
After getting rid of cryptsetup's heavy openssl dependency, there is now
the problem of missing RIPEMD160 support. RIPEMD160 is used for True/Vera
crypt volumes as well as old LUKS1 ones.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-04-06 19:14:06 +02:00
Tomasz Maciej Nowak
afef17e24d base-files: add leds migration
Currently leds migration scripts in ar71xx and lantiq share a lot of
logic and introducing leds migration to another target would mean
copying this code, again. Therefore add common logic to library in
base-files package.

Suggested-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 19:14:05 +02:00
Jason A. Donenfeld
549d44736a wireguard: bump to 0.0.20190406
* allowedips: initialize list head when removing intermediate nodes

Fix for an important regression in removing allowed IPs from the last
snapshot. We have new test cases to catch these in the future as well.

* tools: warn if an AllowedIP has a nonzero host part

If you try to run `wg set wg0 peer ... allowed-ips 192.168.1.82/24`, wg(8)
will now print a warning. Even though we mask this automatically down to
192.168.1.0/24, usually when people specify it like this, it's a mistake.

* wg-quick: add 'strip' subcommand

The new strip subcommand prints the config file to stdout after stripping
it of all wg-quick-specific options. This enables tricks such as:
`wg addconf $DEV <(wg-quick strip $DEV)`.

* tools: avoid unneccessary next_peer assignments in sort_peers()

Small C optimization the compiler was probably already doing.

* peerlookup: rename from hashtables
* allowedips: do not use __always_inline
* device: use skb accessor functions where possible

Suggested tweaks from Dave Miller.

* blake2s: simplify
* blake2s: remove outlen parameter from final

The blake2s implementation has been simplified, since we don't use any of the
fancy tree hashing parameters or the like. We also no longer separate the
output length at initialization time from the output length at finalization
time.

* global: the _bh variety of rcu helpers have been unified
* compat: nf_nat_core.h was removed upstream
* compat: backport skb_mark_not_on_list

The usual assortment of compat fixes for Linux 5.1.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-04-06 17:26:47 +02:00
Luis Araneda
177a634e18 kernel: can: add Xilinx CAN IP kernel module package
This driver is required to use the CAN IP on devices
from the zynq target

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-04-06 16:31:10 +02:00
Luis Araneda
82b0230bc1 kernel: sound: add missing symbol to sound-soc-core
This fixes compilation on zynq target when migrating
to sound kmod packages

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2019-04-06 16:31:10 +02:00
Hauke Mehrtens
3183430df4 mac80211: update to version 4.19.32-1
The removed patches are now integrated in the upstream kernel.
Refresh all patches on top of the new backports release.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 16:31:04 +02:00
Josef Schlehofer
4ebd66d7a9 mbedtls: update to version 2.16.1
Refreshed patches

Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
Tested-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 16:30:43 +02:00
Tomasz Maciej Nowak
6541897796 kernel: package rtc-em3027 module
Support for Microelectronic EM3027 real time clock chip.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Tomasz Maciej Nowak
1b3dda179a uboot-tegra: add U-Boot for tegra boards
Add U-Boot for NVIDIA Tegra based boards, with the first being CompuLab
TrimSlice. This is part of initial support for this board.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Tomasz Maciej Nowak
42f96ed941 tegra: add new target
New target introduces initial support for NVIDIA Tegra SoC based devices.
It focuses on Tegra 2 CPUs, for successors supporting NEON instruction
set the target should be split in two subtargets.
This initial commit doesn't create any device image, it's groundwork
for further additions.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2019-04-06 14:48:46 +02:00
Daniel Engberg
de3eb0d8a0 curl: Update to 7.64.1
Update curl to 7.64.1
Remove deprecated patch

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2019-04-06 13:40:29 +02:00
Hans Dedecker
f483274422 odhcpd: update to latest git HEAD
65a9519 ndp: create ICMPv6 socket per interface
c6dae8e router: create ICMPv6 socket per interface
e7b1d4b treewide: initialize properly file descriptors

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-05 12:04:01 +02:00
Michael Heimpold
6e060bd62c base-files/hotplug: fix dedicated group for tty devices
Commit 124ab1dc0a and 5523ee3459 introduced the assignment of the
group "tty" to /dev/tty* devices in order to support unprivileged
user access to serial devices.

However, due to an improperly rebased commit this feature broke.

This patch restores the lost hunk in hotplug.json file to
re-introduce this feature and also renames the existing "tty" group
to "dialout" as this is the more typical name for such a group
on desktop systems.

Fixes: 5209cfa534 ("procd: fix hotplug.json syntax")
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
Acked-by: Jo-Philipp Wich <jo@mein.io>
2019-04-04 17:09:40 +02:00
Felix Fietkau
b3d8b3ab8e mac80211: set noscan=1 if sta/adhoc/mesh interfaces are present
Fixes channel selection issues and suppresses an unnecessary extra scan

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-03 10:40:09 +02:00
Felix Fietkau
1dd536f1fa mac80211: improve performance by deferring tx queue selection
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-04-03 10:40:09 +02:00
Magnus Kroken
701b8d0050 openvpn: openssl: explicitly depend on deprecated APIs
OpenVPN as of 2.4.7 uses some OpenSSL APIs that are deprecated in
OpenSSL >= 1.1.0.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [white space fix]
2019-04-03 10:00:39 +02:00
Hans Dedecker
848d85d13b netifd: update to latest git HEAD
361b3e4 proto-shell: return error in case setup fails
a97297d interface: set interface in TEARDOWN state when checking link state

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-04-01 23:12:29 +02:00
Magnus Kroken
4376c06e80 openvpn: update to 2.4.7
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2019-04-01 11:23:43 +02:00
Kabuli Chana
6ba3d70c95 mwlwifi: Fix pcie timeout issue
Increase MAX_WAIT_FW_COMPLETE_ITERATIONS to 10000 as before commit
e5e0700 to prevent timeout as reported here: #308 (Original OP issue is
probably not related though as his post preceeds commit e5e0700).

compile/test target mvebu/mamba, rango

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
[commit subject and message tweaks]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-04-01 10:05:49 +02:00
Christian Lamparter
fbe2e7d15e ath10k-firmware: update Candela Tech firmware images
Release notes since last time:

Release notes for wave-1 / 10.1:
2019-03-28: Fix sometimes using bad TID for management frames
	    in htt-mgt mode. (Backported from wave2, looks
	    like bug would be the same though.)

Release notes for wave-2 / 10.4:
2019-03-28: Fix off-channel scanning while associated in
	    proxy-station mode.

2019-03-29: Fix sometimes sending mgt frames on wrong tid when
	    using htt-mgt. This bug has been around since I first
	    enabled htt-mgt mode.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-03-30 10:36:31 +01:00
Hans Dedecker
6df5ab89cf odhcpd: update to latest git HEAD
7798d50 netlink: rework IPv4 address refresh logic
0b20876 netlink: rework IPv6 address refresh logic

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-29 15:55:08 +01:00
Daniel Golle
b0395cfc56 iwinfo: Fix 802.11ad channel to frequency
c2cfe9d iwinfo: Fix 802.11ad channel to frequency

Fixes 9725aa271a ("iwinfo: update to latest git HEAD")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-28 15:20:58 +01:00
Petr Štetiar
1e55171a12 fstools: update to the latest master branch
ff1ded6 libfstools: Fix overflow of F2FS_MINSIZE constant
bc2c876 libfstools: Print error in case of loop blkdev failure

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-03-28 12:57:08 +01:00
Alexander Couzens
95f07502b7
package/uboot-omap: backport patches to fix build
* 106: fix build when libfdt-devel is installed on host
* 107: fix stdbool.h includes

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2019-03-28 02:10:12 +01:00
Daniel Golle
28920330f8 wireguard: introduce 'nohostroute' option
Instead of creating host-routes depending on fwmark as (accidentally)
pushed by commit
1e8bb50b93 ("wireguard: do not add host-dependencies if fwmark is set")
use a new config option 'nohostroute' to explicitely prevent creation
of the route to the endpoint.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:59:03 +01:00
Daniel Golle
1e8bb50b93 wireguard: do not add host-dependencies if fwmark is set
The 'fwmark' option is used to define routing traffic to
wireguard endpoints to go through specific routing tables.
In that case it doesn't make sense to setup routes for
host-dependencies in the 'main' table, so skip setting host
dependencies if 'fwmark' is set.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-03-27 22:53:14 +01:00
Hans Dedecker
b2152c8e6b odhcpd: update to latest git HEAD (FS#2204)
420945c netlink: fix IPv6 address updates (FS#2204)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-03-27 21:05:07 +01:00
Koen Vandeputte
555ee02f77 kernel: fix missing dependency in 4.14.108
The 4.14.108 bump introduced a missing dependency when building
specific netfilters.

Thsi was not seen as the error does not occur on all targets.

Thanks to Jo-Philipp Wich for providing the fix

Fixes: af6c86dbe5 ("kernel: bump 4.14 to 4.14.108")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-03-27 16:46:39 +01:00
Felix Fietkau
b65a270c85 mt76: update to the latest version
f2a18f5 mt76x02: introduce mt76x02_beacon.c
91ade88 mt76x02: add hrtimer for pre TBTT for USB
6370485 mt76x02: introduce beacon_ops
37af803 mt76x02u: implement beacon_ops
41d6190 mt76x02: generalize some mmio beaconing functions
dcccc04 mt76x02u: add sta_ps
5ac5289 mt76x02: disable HW encryption for group frames
e284cc2 mt76x02u: implement pre TBTT work for USB
77e56b8 mt76x02: make beacon slots bigger for USB
d4c740f mt76x02u: add mt76_release_buffered_frames
65e6344 mt76: unify set_tim
f720e49 mt76x02: enable AP mode for USB
cf1838d mt76usb: change mt76u_submit_buf
16b2ccf mt76: remove rx_page_lock
e1bfbeb mt76usb: change mt76u_fill_rx_sg arguments
e9c0171 mt76usb: use usb_dev private data
a4eb5db mt76usb: remove mt76u_buf redundant fileds
3f9b68d mt76usb: move mt76u_buf->done to queue entry
4a366bd mt76usb: remove mt76u_buf and use urb directly
0904bc4 mt76usb: remove MT_RXQ_MAIN queue from mt76u_urb_alloc
42f2899 mt76usb: resue mt76u_urb_alloc for tx
4d4d73a mt76usb: remove unneded sg_init_table
57309c7 mt76usb: allocate urb and sg as linear data
2e89721 mt76usb: remove queue variable from rx_tasklet
30a256a mt76x02: remove extra_tx_headroom (obsoleted by mac8211 skb aligning)
ae166b0 Revert "mt76: mt7603: store software PN/IV in wcid"
bf6e72d Revert "mt76: mt76x02: store software PN/IV in wcid"
a11b673 mt76: fix tx power issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-03-27 13:05:03 +01:00
Hauke Mehrtens
6af639e0bf linux: Add kmod-sched-act-vlan
This allows to configure rules to push or pop vlan headers.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
72c7e2dc46 linux: Add kmod-sched-flower
This allows to classify packets based on a configurable combination
of packet keys and masks.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
f83522fa63 linux: Add kmod-sched-mqprio
This adds Multi-queue priority scheduler (MQPRIO).

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Hauke Mehrtens
187ab0bceb linux: Add kmod-crxypto-xcbc
This can be used for IPsec.

Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
2019-03-25 22:50:28 +01:00
Konstantin Demin
01964148c6 dropbear: split ECC support to basic and full
- limit ECC support to ec*-sha2-nistp256:
  * DROPBEAR_ECC now provides only basic support for ECC
- provide full ECC support as an option:
  * DROPBEAR_ECC_FULL brings back support for ec{dh,dsa}-sha2-nistp{384,521}
- update feature costs in binary size

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:35 +01:00
Konstantin Demin
5eb7864aad dropbear: rewrite init script startup logic to handle both host key files
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
6145e59881 dropbear: change type of config option "Port" to scalar type "port"
it was never used anywhere, even LuCI works with "Port" as scalar type.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
5d27b10c61 dropbear: introduce config option "keyfile" (replacement for "rsakeyfile")
* option "keyfile" is more generic than "rsakeyfile".
* option "rsakeyfile" is considered to be deprecated and should be removed
  in future releases.
* warn user (in syslog) if option "rsakeyfile" is used
* better check options ("rsakeyfile" and "keyfile"): don't append
  "-r keyfile" to command line if file is absent (doesn't exist or empty),
  warn user (in syslog) about such files

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:34 +01:00
Konstantin Demin
efc533cc2f dropbear: add initial support for ECC host key
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
c40a84cc15 dropbear: fix regression where TTY modes weren't reset for client
cherry-pick upstream commit 7bc6280613f5ab4ee86c14c779739070e5784dfe

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00
Konstantin Demin
ddf1a06326 dropbear: honour CFLAGS while building bundled libtomcrypt/libtommath
Felix Fietkau pointed out that bundled libtomcrypt/libtommath do funny stuff with CFLAGS.
fix this with checking environment variable OPENWRT_BUILD in both libs.
change in dropbear binary size is drastical: 221621 -> 164277.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2019-03-25 22:25:33 +01:00