Commit Graph

16594 Commits

Author SHA1 Message Date
DENG Qingfang
2d758129ca ath10k-firmware: fix mirror hash
Fix PKG_MIRROR_HASH hash mismatch.

Fixes: 641a93f0f2 ("ath10k-firmware: update wave 1 firmware to 10.2.4-1.0-00047")
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[added missing commit description]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-24 08:21:04 +01:00
Petr Štetiar
76bbe4b960 procd: update to version 2020-01-24
00aafc4f439e procd: show process's exit code
856b5f8be046 state: fix reboot causing shutdown inside LXC container
b44417c20c7f instance: provide error feedback if ujail binary is missing

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-24 08:21:04 +01:00
Roger Pueyo Centelles
7d39946ea0 rbextract: support devices directly showing ERD magic
Older ath79-based MikroTik devices have the ERD calibration data
compressed and stored different to newer IPQ40xx ones. This commit
adds support for these former ones.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-23 15:28:03 +01:00
Roger Pueyo Centelles
ba730d61af rbextract: add package
This utility extracts the radio calibration data, as well as other
board-related information (model, serial number, etc.), from MikroTik
Routerboard devices' flash.

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
Acked-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2020-01-23 15:28:02 +01:00
Roger Pueyo Centelles
51526bcf1e rbcfg: make package available for ath79
Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>
2020-01-23 15:28:02 +01:00
Felix Fietkau
c07f6e8659 hostapd: fix faulty WMM IE parameters with ETSI regulatory domains
hostapd sets minimum values for CWmin/CWmax/AIFS and maximum for TXOP.
The code for applying those values had a few bugs leading to bogus values,
which caused significant latency and packet loss.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-23 14:53:13 +01:00
Kimmo Vuorinen
a8723c48ad uboot-envtools: ath79: add support for glinet,gl-ar150
Add ubootenv uci config for GL.inet GL-AR150

Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
[commit title/message facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-23 14:08:24 +01:00
Kimmo Vuorinen
dc6dfaac80 uboot-envtools: ar71xx: add support for gl-ar150/-domino/-mifi
Add ubootenv uci config for gl-ar150, gl-domino and gl-mifi

Signed-off-by: Kimmo Vuorinen <kimmo.vuorinen@gmail.com>
[commit message/title facelift]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-23 14:04:50 +01:00
Daniel Golle
3d6c571083 mac80211: add support for wds_bridge hostapd feature
hostapd allows putting WDS (4addr mode) clients into a separate bridge
other than the bridge regular (3addr mode) clients end up in. This is
useful for example giving WDS clients access to several VLANs
(trunking) while regular clients will end up inside a specific VLAN.

Add 'wds_bridge' config parameter for wifi-iface which contains the
name of the bridge. hostapd-mini already supports this feature, so all
needed is to add the UCI wrapping in mac80211.sh.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-22 14:22:17 +02:00
Russell King
a1358fc7ae kernel: add SFP support for Methode DM7052 NBASE-T module
Add support for Methode DM7052 NBASE-T module to OpenWRT. These
patches are taken from my "phy" branch, and will be sent for the
next kernel merge window.

Signed-off-by: Russell King <linux@armlinux.org.uk>
[jonas.gorski: move patches to pending, refresh patches]
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2020-01-21 22:32:48 +01:00
Jan Pavlinec
2982997f1b curl: update to version 7.68.0 (security fix)
Fixes
CVE-2019-15601

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2020-01-21 22:17:53 +01:00
Petr Štetiar
0f81a0979c fstools: update to version 2020-01-21
deb745f82b93 Revert "fstools: Add support to read-only MTD partitions (eg. recovery images)"

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-21 17:25:56 +01:00
Petr Štetiar
3d8edd9bb4 urngd: update to version 2020-01-21
c7f7b6b65b82 Tag version 1.0.2
236b7a0aef21 Fix blocked entropy generation

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-21 17:16:01 +01:00
Daniel Golle
97a03a4760 procd: update to latest git HEAD
58c12f7 jail: add basic support for network namespaces
 ba69639 jail: create resolv.conf symlink for netns jails
 81b88b1 jail: more strict mount options for /tmp/resolv.conf.d/

Add new 'netns' flag for procd_add_jail to make ujail setup a new
network namespace for the jailed service.
See previous netifd commit for example configuration for netns jailed
service.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-21 12:52:12 +02:00
Daniel Golle
e4ce8f59f5 netifd: add basic support for jail network namespaces
Prepare netifd for handling procd service jails having their own
network namespace.
Intefaces having the jail attribute will only be brought up inside the
jail's network namespace by procd calling the newly introduced ubus
method 'netns_updown'.
Currently proto 'static' is supported and configuration changes are
not yet being handled (ie. you'll have to restart the jailed service
for changes to take effect).

Example /etc/config/network snippet:
config device 'veth0'
    option type 'veth'
    option name 'vhost0'
    option peer_name 'virt0'

config interface 'virt'
    option type 'bridge'
    list ifname 'vhost0'
    option proto 'static'
    option ipaddr '10.0.0.1'
    option netmask '255.255.255.0'

config interface 'virt0'
    option ifname 'virt0'
    option proto 'static'
    option ipaddr '10.0.0.2'
    option netmask '255.255.255.0'
    option gateway '10.0.0.1'
    option dns '10.0.0.1'
    option jail 'transmission'

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-21 10:25:27 +02:00
Petr Štetiar
5c73bb12c8 libubox: update to version 2020-01-20
43a103ff17ee blobmsg: blobmsg_parse and blobmsg_parse_array oob read fixes
 5c0faaf4f5e2 tests: prefer dynamically allocated buffers
 1ffa41535369 blobmsg_json: prefer snprintf usage
 132ecb563da7 blobmsg: blobmsg_vprintf: prefer vsnprintf
 a2aab30fc918 jshn: prefer snprintf usage
 b0886a37f39a cmake: add a possibility to set library version
 a36ee96618a9 blobmsg: blobmsg_add_json_element() 64-bit values
 f0da3a4283b7 blobmsg_json: fix int16 serialization
 20a070f08139 tests: blobmsg/json: add more test cases
 379cd33d1992 tests: include json script shunit2 based testing

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-20 20:57:21 +01:00
Petr Štetiar
63000bfaf7 fstools: update to version 2020-01-18
f5c7c1813f52 fstools: Add support to read-only MTD partitions (eg. recovery images)
 189b41b6b487 libblkid-tiny: fix f2fs labels by increasing label buffer

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-20 20:57:21 +01:00
Sungbo Eo
c26b687e31 kernel: remove further obsolete kernel version switches
Most of the kernel version switches below 4.14 were removed in commit
97940f8766 ("kernel: remove obsolete kernel version switches"),
but some of them still remained. Remove them now.

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2020-01-18 19:39:05 +01:00
Rosen Penev
8df14c229c base-files/functions.sh: use grep -q instead of []
It's cleaner and faster as it does not need to do extra work.

Also removed $() to avoid executing the output. The shell can handle it.

https://github.com/koalaman/shellcheck/wiki/SC2143

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[correct || to && for one conversion]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-18 00:24:06 +01:00
Rosen Penev
d4009d7985 base-files/system.sh: remove $ in $(())
Not needed.

https://github.com/koalaman/shellcheck/wiki/Sc2004

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev
fb56573dc4 base-files/functions.sh: use && instead of -a
-a is not well defined.

https://github.com/koalaman/shellcheck/wiki/SC2166

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev
b8e17aefea base-files/functions.sh: remove useless cat
The cut command can take a file as an input.

https://github.com/koalaman/shellcheck/wiki/SC2002

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:36 +01:00
Rosen Penev
cba5fa0352 base-files/functions.sh: don't use $var in $(())
It's not needed. It can also lead to subtle bugs.

https://github.com/koalaman/shellcheck/wiki/Sc2004

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 12:17:35 +01:00
Stijn Tintel
1322190fd3 libcxx: fix build for x86/64
When building libcxx for x86/64, the library is installed in /usr/lib64.
As the install section tries to copy the library from /usr/lib, this
breaks build on x86/64. Override the lib dir suffix to fix this.

Fixes: 856ea2bad3 ("libcxx: Add package")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Rosen Penev <rosenp@gmail.com>
2020-01-17 00:42:49 +02:00
Hans Dedecker
f0c0f92ce4 odhcpd: update to version 2020-01-14
6db312a dhcpv6-ia: use dhcp leasetime to set preferred/valid statefull lifetimes
2520c48 dhcpv6-ia: introduce DHCPv6 pd and ia assignments flags
b413d8a dhcpv6-ia: cleanup prefix delegation routes
b0902af dhcpv6-ia: remove passing interface as parameter to apply_lease

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-01-16 21:53:17 +01:00
David Lam
a5f3648a1c hostapd: add support for system cert bundle validation
Currently, it is very cumbersome for a user to connect to a WPA-Enterprise
based network securely because the RADIUS server's CA certificate must first be
extracted from the EAPOL handshake using tcpdump or other methods before it can
be pinned using the ca_cert(2) fields. To make this process easier and more
secure (combined with changes in openwrt/openwrt#2654), this commit adds
support for validating against the built-in CA bundle when the ca-bundle
package is installed. Related LuCI changes in openwrt/luci#3513.

Signed-off-by: David Lam <david@thedavid.net>
[bump PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-16 12:08:18 +01:00
Daniel Golle
702c70264b hostapd: cleanup IBSS-RSN
set noscan also for IBSS and remove redundant/obsolete variable.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-16 10:26:21 +02:00
Andrea Dalla Costa
5adca1cf2a uboot-oxnas: fix memory leak in tool mkox820crc
In function `main` add calls to `free` for the variable `executable`.
This is needed because the variable `executable` is allocated but
never freed. This cause a memory leak.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-15 23:15:19 +01:00
John Crispin
a3dd95ef63 dropbear: fix compile error
Fixes: 0da193ee69 ("dropbear: move failsafe code out of base-files")
Signed-off-by: John Crispin <john@phrozen.org>
2020-01-15 21:31:12 +01:00
Florian Eckert
7151054abd wireguard: skip peer config if public key of the peer is not defined
If a config section of a peer does not have a public key defined, the
whole interface does not start. The following log is shown

daemon.notice netifd: test (21071): Line unrecognized: `PublicKey='
daemon.notice netifd: test (21071): Configuration parsing erro

The command 'wg show' does only show the interface name.

With this change we skip the peer for this interface and emit a log
message. So the other peers get configured.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-15 21:19:01 +01:00
John Crispin
d9cfa827ac busybox: fix build issues
Fixes: f704f97e4c ("busybox: Include hdparm by default on nas type device")
Signed-off-by: John Crispin <john@phrozen.org>
2020-01-15 21:17:47 +01:00
Michal Cieslakiewicz
a736f39432 ath79: add support for Netgear WNDR4500 v3
This patch introduces support for Netgear WNDR4500v3. Router
is very similar to WNDR4300v2 and is based on the same PCB.

Information gathered from various Internet sources (including
https://patchwork.ozlabs.org/patch/809227/) shows following
differences to WNDR4300v2:

 * two USB 2.0 ports with separate LEDs
 * USB LEDs soldered to secondary pads
 * WPS and RFKILL buttons soldered to secondary pads
 * described as N900 device with 3x3:3 MIMO for 2.4GHz radio
 * power supply requirement is DC 12V 2.5A
 * vendor HW ID suffix differs in one digit
 * bigger chassis

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-01-15 20:56:05 +01:00
Michal Cieslakiewicz
37a36a588a ath79: add support for Netgear WNDR4300 v2
This patch introduces support for Netgear WNDR4300v2.

Specification
=============
  * Description: Netgear WNDR4300 v2
  * Loader: U-boot
  * SOC: Qualcomm Atheros QCA9563 (775 MHz)
  * RAM: 128 MiB
  * Flash: 2 MiB SPI-NOR + 128 MiB SPI-NAND
	- NOR: U-boot binary: 256 KiB
	- NOR: U-boot environment: 64 KiB
	- NOR: ART Backup: 64 KiB
 	- NOR: Config: 64 KiB
	- NOR: Traffic Meter: 64 KiB
	- NOR: POT: 64 KiB
	- NOR: Reserved: 1408 KiB
	- NOR: ART: 64 KiB
	- NAND: Firmware: 25600 KiB (see notes for OpenWrt)
	- NAND: Language: 2048 KiB
	- NAND: mtdoops Crash Dump: 128 KiB
	- NAND: Reserved: 103296 KiB
  * Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8337)
  * Wireless:
	- 2.4 GHz b/g/n (internal)
	- 5 GHz a/n (AR9580)
  * USB: yes, 1 x USB 2.0
  * Buttons:
	- Reset
	- WiFi (rfkill)
	- WPS
  * LEDs:
	- Power (amber/green)
	- WAN (amber/green)
	- WLAN 2G (green)
	- WLAN 5G (blue)
	- 4 x LAN (amber/green)
	- USB (green)
	- WPS (green)
  * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
  * Power supply: DC 12V 1.5A
  * MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2

Important Notes
===============
0. NOR Flash (2 MiB) is not touched by OpenWrt installation.
1. NAND Flash (128 MiB) layout under OpenWrt is changed as follows:
   all space is split between 4 MiB kernel and 124 MiB UBI areas;
   vendor partitions (language and mtdoops) are removed; kernel space
   size can be further expanded if needed; maximum image size is set
   to 25600k for compatibility reasons and can also be increased.
2. CPU clock is 775 MHz, not 750 MHz.
3. 5 GHz wireless radio chip is Atheros AR9580-AR1A with bogus PCI
   device ID 0xabcd. For ath9k driver to load successfully, this is
   overriden in DTS with correct value for this chip, 0x0033.
4. RFKILL button is wired to AR9580 pin 9 which is normally disabled
   by chip definition in ath9k code (0x0000F4FF gpio mask). Therefore
   'qca,gpio-mask=<0xf6ff>' hack must be used for button to work
   properly.
5. USB port is always on, no GPIO for 5V power control has been
   identified.

Installation
============
  * TFTP recovery
  * TFTP via U-boot prompt
  * sysupgrade
  * Web interface

Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_nand=y
CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr4300-v2=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-01-15 20:55:56 +01:00
Michal Cieslakiewicz
4a0a1fc91c mac80211: ath9k: add GPIO mask dts property
This patch adds 'qca,gpio-mask=<u32>' device tree property to ath9k node.
This optional setting is a hack and should only be used in very special
(and rare) cases when a button or LED is wired to a GPIO pin normally
masked out (due to being one-way etc). Netgear WNDR4300 v2 is one such
example - it uses GPI9 for RFKILL.

See ath9k/reg.h *_GPIO_MASK constants.

Use with caution and expect to see stream of kernel warnings if wrong
mask value is provided.

Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
2020-01-15 20:55:31 +01:00
Maxim Storchak
5f07b6f367 zram-swap: support swap priority
If zram-backed swap is added after an existing swap, it gets a lower
priority. Assiming that usually all other swaps are slower, there should
be a way to assign a higher priority to zram swap.

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2020-01-15 20:49:00 +01:00
Rosen Penev
475a504dbc perf: Add libunwind only if selected
The depends are totally wrong. libunwind does not work with powerpc and
i386 as it needs glibc.

Instead of duplicating the platforms, just change the dependency.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-15 20:34:16 +01:00
Florian Eckert
ee2014e680 uhttpd: add enable instance option
With this change it is now possible to switch off single instances of
the uhttpd config. Until now it was only possible to switch all
instances of uhttpd on or off.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-15 20:16:42 +01:00
Kyle Copperfield
0fcb4a3981 hostapd: add wpa_strict_rekey support
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Rekey GTK on STA disassociate

Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2020-01-15 20:13:49 +01:00
Kyle Copperfield
30c64825c7 hostapd: add dtim_period, local_pwr_constraint, spectrum_mgmt_required
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Allows dtim_period to be configurable, the default is from hostapd.
Adds additional regulatory tunables for power constraint and spectrum
managment.

Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2020-01-15 20:13:44 +01:00
Kyle Copperfield
0da193ee69 dropbear: move failsafe code out of base-files
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Failsafe code of dropbear should be in the dropbear package not the
base-files package.

Signed-off-by: Kyle Copperfield <kmcopper@danwin1210.me>
2020-01-15 20:04:06 +01:00
Linus Walleij
f704f97e4c busybox: Include hdparm by default on nas type device
NAS devices certainly need to have hdparm to configure
things like spin-down time or their disks will be
constantly spinning. Just catenate CONFIG_HDPARM=y
on these configs.

Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
2020-01-15 19:57:27 +01:00
Eneas U de Queiroz
9b25f833eb cryptodev-linux: remove DEFAULT redefinition
The 'DEFAULT:=m if ALL' line prevents the phase1 buildbots from building
the package, and users from downloading it, since they use 'ALL_KMODS=y'
but 'ALL' is not set.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2020-01-15 19:31:08 +01:00
Felix Fietkau
866790fd82 mac80211: fix MAC address allocations if the local bit is set on the base addr
If it's set, don't subtract 1 from the interface index encoded into the first
byte of the address

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-15 15:36:26 +01:00
Jo-Philipp Wich
b070101c50 valgrind: do not strip internal preload libraries and executables
Implement the suggestions laid out in README_PACKAGERS, mainly by preventing
the stripping of the internal vgpreload*.so libraries.

Also retain the symbol information of valgrind's private helper executables
and enable LTO as suggested in the packagers readme.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-14 17:52:34 +01:00
Xu Wang
44304c1d67 base-files: fix build for /sbin/pkg_check
Setting CONFIG_IPK_FILES_CHECKSUMS=y causes sha256 checksum files to be
included with the packages to check for corruption. This commit fixes two
issues:
- /sbin/pkg_check was being removed incorrectly if IPK_FILES_CHECKSUMS=y
- checksums were being saved in the wrong file

Signed-off-by: Xu Wang <xwang1498@gmx.com>
2020-01-14 17:52:34 +01:00
David Lam
22b07ff73e hostapd: add support for subject validation
The wpa_supplicant supports certificate subject validation via the
subject match(2) and altsubject_match(2) fields. domain_match(2) and
domain_suffix_match(2) fields are also supported for advanced matches.
This validation is especially important when connecting to access
points that use PAP as the Phase 2 authentication type. Without proper
validation, the user's password can be transmitted to a rogue access
point in plaintext without the user's knowledge. Most organizations
already require these attributes to be included to ensure that the
connection from the STA and the AP is secure. Includes LuCI changes via
openwrt/luci#3444.

From the documentation:

subject_match - Constraint for server certificate subject. This substring
is matched against the subject of the authentication server certificate.
If this string is set, the server sertificate is only accepted if it
contains this string in the subject. The subject string is in following
format: /C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as
.example.com

subject_match2 - Constraint for server certificate subject. This field is
like subject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST
tunnel) authentication.

altsubject_match - Constraint for server certificate alt. subject.
Semicolon separated string of entries to be matched against the
alternative subject name of the authentication server certificate. If
this string is set, the server sertificate is only accepted if it
contains one of the entries in an alternative subject name extension.
altSubjectName string is in following format: TYPE:VALUE Example:
EMAIL:server@example.com Example:
DNS:server.example.com;DNS:server2.example.com Following types are
supported: EMAIL, DNS, URI

altsubject_match2 - Constraint for server certificate alt. subject. This
field is like altsubject_match, but used for phase 2 (inside
EAP-TTLS/PEAP/FAST tunnel) authentication.

domain_match - Constraint for server domain name. If set, this FQDN is
used as a full match requirement for the
server certificate in SubjectAltName dNSName element(s). If a
matching dNSName is found, this constraint is met. If no dNSName
values are present, this constraint is matched against SubjectName CN
using same full match comparison. This behavior is similar to
domain_suffix_match, but has the requirement of a full match, i.e.,
no subdomains or wildcard matches are allowed. Case-insensitive
comparison is used, so "Example.com" matches "example.com", but would
not match "test.Example.com". More than one match string can be
provided by using semicolons to
separate the strings (e.g., example.org;example.com). When multiple
strings are specified, a match with any one of the values is considered
a sufficient match for the certificate, i.e., the conditions are ORed
together.

domain_match2 - Constraint for server domain name. This field is like
domain_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel)
authentication.

domain_suffix_match - Constraint for server domain name. If set, this
FQDN is used as a suffix match requirement for the AAA server
certificate in SubjectAltName dNSName element(s). If a matching dNSName
is found, this constraint is met. If no dNSName values are present,
this constraint is matched against SubjectName CN using same suffix
match comparison. Suffix match here means that the host/domain name is
compared one label at a time starting from the top-level domain and all
the labels in domain_suffix_match shall be included in the certificate.
The certificate may include additional sub-level labels in addition to
the required labels. More than one match string can be provided by using
semicolons to separate the strings (e.g., example.org;example.com).
When multiple strings are specified, a match with any one of the values
is considered a sufficient match for the certificate, i.e., the
conditions are ORed together. For example,
domain_suffix_match=example.com would match test.example.com but would
not match test-example.com. This field is like domain_match, but used
for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication.

domain_suffix_match2 - Constraint for server domain name. This field is
like domain_suffix_match, but used for phase 2 (inside
EAP-TTLS/PEAP/FAST tunnel) authentication.

Signed-off-by: David Lam <david@thedavid.net>
2020-01-14 17:46:27 +01:00
Felix Fietkau
b1a1c222c9 mac80211: fix list_phy_interfaces for multiple wiphys on the same device
Network interfaces are looked up based on the device behind a phy, so the
phy needs to be checked separately

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:57:13 +01:00
Felix Fietkau
9501469e11 mac80211: fix a page refcounting issue leading to leaks/crashes in rx A-MSDU decap
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:56:59 +01:00
Felix Fietkau
d5b3024139 mac80211: fix sta TID stats leak on a few nl80211 calls
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:56:54 +01:00
Felix Fietkau
fe1818cdbc mac80211: renumber subsys patches accepted upstream
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2020-01-14 14:56:46 +01:00
Florian Eckert
0f33c6b74a base-files: use jshn lib for ubus sysupgrade argument generation
With this change the well known jshn library will be used, to build the
json arguments for the ubus sysupgrade method. This is also used in all
other shell program that uses JSON. This commit unifies that.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2020-01-14 00:06:03 +01:00
Petr Štetiar
3d62463755 rpcd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:44 +01:00
Petr Štetiar
2b28358a37 odhcpd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 odhcpd-ipv6only Installed-Size: 36821 -> 38216

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:40 +01:00
Petr Štetiar
9c628cc76c procd: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 procd Installed-Size: 44931 -> 47362

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:35 +01:00
Petr Štetiar
d38dd6e1ef ubus: activate PIE ASLR by default
This activates PIE ASLR support by default when the regular option is
selected.

Size increase on x86/64:

 ubus  Installed-Size:  5602 ->  5950
 ubusd Installed-Size: 11643 -> 12119

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-14 00:06:03 +01:00
Hauke Mehrtens
a2571f3c81 uhttpd: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 39% uncompressed and 21% compressed
on MIPS BE.

old:
33,189 /usr/sbin/uhttpd
23,016 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk

new:
46,212 /usr/sbin/uhttpd
27,979 uhttpd_2019-08-17-6b03f960-4_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hauke Mehrtens
6b2379d048 hostapd: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 26% uncompressed and 16% compressed
on MIPS BE.

old:
460,933 /usr/sbin/wpad
283,891 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk

new:
584,508 /usr/sbin/wpad
330,281 wpad-basic_2019-08-08-ca8c2bd2-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hauke Mehrtens
7ab6613026 dropbear: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 18% uncompressed and 17% compressed
on MIPS BE.

old:
164,261 /usr/sbin/dropbear
 85,648 dropbear_2019.78-2_mips_24kc.ipk

new:
194,492 /usr/sbin/dropbear
100,309 dropbear_2019.78-2_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hauke Mehrtens
dae0ac7770 dnsmasq: Activate PIE by default
This activates PIE ASLR support by default when the regular option is
selected.

This increases the binary size by 37% uncompressed and 18% compressed
on MIPS BE.

old:
146,933 /usr/sbin/dnsmasq
101,837 dnsmasq_2.80-14_mips_24kc.ipk

new:
202,020 /usr/sbin/dnsmasq
120,577 dnsmasq_2.80-14_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2020-01-13 15:34:36 +01:00
Hans Dedecker
3446702cdb ethtool: bump to 5.4
7dc0af7 Release version 5.4.
914912e ethtool: add 0x16 and 0x1c extended compliance codes
600b779 ethtool: mark 10G Base-ER as SFF-8472 revision 10.4 onwards
696565d ethtool: correctly interpret bitrate of 255
2941970 fix unused parameter warning in e1000_get_mac_type()
5e814f2 fix unused parameter warning in fjes_dump_regs()
b1a5279 fix unused parameter warning in ixgb_dump_regs()
6608751 fix unused parameter warning in ibm_emac_dump_regs()
1c30119 fix unused parameter warning in et131x_dump_regs()
a56aba4 fix unused parameter warning in amd8111e_dump_regs()
f40d32d fix unused parameter warning in fec_dump_regs()
8b84f1a fix unused parameter warning in at76c50x_usb_dump_regs()
f725f5a fix unused parameter warning in smsc911x_dump_regs()
a12cd66 fix unused parameter warning in e1000_dump_regs()
e058656 fix unused parameter warning in igb_dump_regs()
debac02 fix unused parameter warning in de2104[01]_dump_regs()
d434eea fix unused parameter warning in e100_dump_regs()
8df12f3 fix unused parameter warning in vioc_dump_regs()
92d716b fix unused parameter warning in tg3_dump_{eeprom, regs}()
211c99e fix unused parameter warning in fec_8xx_dump_regs()
362fb8b fix unused parameter warning in ixgbevf_dump_regs()
87903c2 fix unused parameter warning in st_{mac100, gmac}_dump_regs()
c1eaddf fix unused parameter warning in vmxnet3_dump_regs()
313c9f8 fix unused parameter warning in dsa_dump_regs()
183e8a2 fix unused parameter warning in {skge, sky2}_dump_regs()
7f84c13 fix unused parameter warning in lan78xx_dump_regs()
02d0aaa fix unused parameter warning in realtek_dump_regs()
726d607 fix unused parameter warning in ixgbe_dump_regs()
967177c fix unused parameter warning in netsemi_dump_eeprom()
710a414 fix unused parameter warning in natsemi_dump_regs()
283398a fix unused parameter warning in print_simple_table()
0404267 fix unused parameter warning in sfc_dump_regs()
57c7298 fix unused parameter warning in altera_tse_dump_regs()
302e91a fix unused parameter warning in dump_eeprom()
2054a8c fix unused parameter warning in find_option()
d5432a9 fix unused parameter warnings in do_version() and show_usage()
c430e75 fix arithmetic on pointer to void is a GNU extension warning
e568431 ethtool: implement support for Energy Detect Power Down
e391f4c ethtool: sync ethtool-copy.h: adds support for EDPD

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2020-01-12 22:19:37 +01:00
Adrian Schmutzler
97940f8766 kernel: remove obsolete kernel version switches
After kernel 4.9 has been removed, this removes all (now obsolete)
kernel version switches that deal with versions before 4.14.

Package kmod-crypto-iv is empty now and thus removed entirely.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-12 16:34:20 +01:00
Tom Brouwer
2090b8af0a ipq40xx: add support for EZVIZ CS-W3-WD1200G EUP
Hardware:
SOC:    Qualcomm IPQ4018
RAM:	128 MB Nanya NT5CC64M16GP-DI
FLASH:  16 MB Macronix MX25L12805D
ETH:    Qualcomm QCA8075 (4 Gigabit ports, 3xLAN, 1xWAN)
WLAN:   Qualcomm IPQ4018 (2.4 & 5 Ghz)
BUTTON: Shared WPS/Reset button
LED:    RGB Status/Power LED
SERIAL: Header J8 (UART, Left side of board). Numbered from
        top to bottom:
        (1) GND, (2) TX, (3) RX, (4) VCC (White triangle
        next to it).
        3.3v, 115200, 8N1

Tested/Working:
* Ethernet
* WiFi (2.4 and 5GHz)
* Status LED
* Reset Button (See note below)

Implementation notes:
* The shared WPS/Reset button is implemented as a Reset button
* I could not find a original firmware image to reverse engineer, meaning
currently it's not possible to flash OpenWrt through the Web GUI.

Installation (Through Serial console & TFTP):
1. Set your PC to fixed IP 192.168.1.12, Netmask 255.255.255.0, and connect to
one of the LAN ports
2. Rename the initramfs image to 'C0A8010B.img' and enable a TFTP server on
your pc, to serve the image
2. Connect to the router through serial (See connection properties above)
3. Hit a key during startup, to pause startup
4. type `setenv serverip 192.168.1.12`, to set the tftp server address
5. type `tftpboot`, to load the image from the laptop through tftp
6. type `bootm` to run the loaded image from memory
6. (If you want to return to stock firmware later, create an full MTD backup,
e.g. using instructions here https://openwrt.org/docs/guide-user/installation/generic.backup#create_full_mtd_backup)
7. Transfer the 'sysupgrade' OpenWrt firmware image from PC to router, e.g.:
`scp xxx-squashfs-sysupgrade.bin root@192.168.1.1:/tmp/upgrade.bin`
8. Run sysupgrade to permanently install OpenWrt to flash: `sysupgrade -n /tmp/upgrade.bin`

Revert to stock:
To revert to stock, you need the MTD backup from step 6 above:
1. Unpack the MTD backup archive
2. Transfer the 'firmware' partition image to the router (e.g. mtd8_firmware.backup)
3. On the router, do `mtd write mtd8_firmware.backup firmware`

Signed-off-by: Tom Brouwer <tombrouwer@outlook.com>
[removed BOARD_NAME, OpenWRT->OpenWrt, changed LED device name to board name]
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-12 15:57:58 +01:00
Tobias Schramm
b16e5517b5 kernel: add kmod packages for Broadcom bcm53xxx switch support
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
2020-01-12 14:12:50 +01:00
Kevin Darbyshire-Bryant
35ba9304c6 kmod-sched-cake: bump to 20200110
Keep up with a small amount of churn in the upstream repository.
Upstream now represents the version of CAKE as found in the linux kernel
from 4.19 onwards but with some compatibility stubs to allow building on
<4.19.

After a diversion related to an experimental ECN implementation which
has now been reverted, the important and relevant changes for us are:

8a8946b sch_cake: avoid possible divide by zero in cake_enqueue()
183b320 RFC 8622 diffserv3, 4 & 8 LE PHB support
6ff4561 sch_cake: Make sure we can write the IP header before changing DSCP bits
9fba602 sch_cake: Use tc_skb_protocol for getting packet protocol

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2020-01-11 08:35:23 +00:00
Jason A. Donenfeld
7936cb94a9 wireguard-tools: bump to 1.0.20200102
* systemd: update documentation URL
* global: bump copyright

Usual house keeping.

* Makefile: DEBUG_TOOLS -> DEBUG and document
* Makefile: port static analysis check
* dns-hatchet: adjust path for new repo layout
* Makefile: rework automatic version.h mangling

These are some important-ish cleanups for downstream package maintainers that
should make packaging this a lot smoother.

* man: add documentation about removing explicit listen-port

Documentation improvement.

* wg-quick: linux: quote ifname for nft

This should fix issues with weirdly named ifnames and odd versions of nft(8).

* fuzz: find bugs in the config syntax parser
* fuzz: find bugs when parsing uapi input

These are two fuzzers that have been laying around without a repo for a while.
Perhaps somebody with enough compute power will find bugs with them.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-09 18:54:24 +01:00
Jason A. Donenfeld
62c2199bd8 wireguard: bump to 0.0.20200105
* socket: mark skbs as not on list when receiving via gro

Certain drivers will pass gro skbs to udp, at which point the udp driver
simply iterates through them and passes them off to encap_rcv, which is
where we pick up. At the moment, we're not attempting to coalesce these
into bundles, but we also don't want to wind up having cascaded lists of
skbs treated separately. The right behavior here, then, is to just mark
each incoming one as not on a list. This can be seen in practice, for
example, with Qualcomm's rmnet_perf driver. This lead to crashes on
OnePlus devices and possibly other Qualcomm 4.14 devices. But I fear
that it could lead to issues on other drivers on weird OpenWRT routers.

This commit is upstream in net-next as:
https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=736775d06bac60d7a353e405398b48b2bd8b1e54

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2020-01-09 18:54:24 +01:00
Daniel Golle
6a28552120 dnsmasq: add uci-defaults script for config migration
When running sysupgrade from an existing configuration, UCI option
dhcp.@dnsmasq[0].resolvfile needs to be modified in case it has not
been changed from it's original value.
Accomplish that using a uci-defaults script.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-09 15:37:53 +02:00
David Bauer
ab16adf80b hostapd: disable ft_psk_generate_local for non-PSK networks
Without this commit, ft_psk_generate_local is enabled for non-PSK
networks by default. This breaks 802.11r for EAP networks.

Disable ft_psk_generate_local by default for non-PSK networks resolves
this misbehavior.

Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net>
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Martin Weinelt <martin@darmstadt.freifunk.net>
2020-01-09 01:01:20 +01:00
Adrian Schmutzler
28fd4ac512 ixp4xx: remove unmaintained target
This target is still on kernel 4.9, and it looks like there is no
active maintainer for this target anymore.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-08 16:45:08 +01:00
Adrian Schmutzler
4bc92c1e75 ar7: remove unmaintained target
This target seems to have been unmaintained for quite a while, and not a
single tester for the (now outdated) kernel 4.14 patches has been found.
Remove the code and all the packages which are only used by this target.

To add this target to OpenWrt again port it to a recent and supported
kernel version.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-08 16:45:08 +01:00
Hauke Mehrtens
90740f52e9 ar7: update kernel to version 4.14
This adds support for kernel 4.14 to the target and directly make it the
default kernel version to use.

This patch is build-tested only, but has never been device-tested. It is
only added to preserve the changes in Git history prior to removing this
target. Use it with care.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[rebased and extended commit message, refreshed patches for 4.14.162]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2020-01-08 16:45:08 +01:00
Matthias Schiffer
41c19dd542
ethtool: fix PKG_CONFIG_DEPENDS
Add missing CONFIG_ prefix.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-01-07 20:53:31 +01:00
Matthias Schiffer
9924db5b37
iperf: fix PKG_CONFIG_DEPENDS
Fix typo in PKG_CONFIG_DEPENDS and missing CONFIG_ prefix.

Fixes: e98e046f06 ("iperf: Allow enabling multicast support")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2020-01-07 20:52:23 +01:00
Daniel Golle
2e3cf4500b dnsmasq: bump PKG_RELEASE
Previous commit should have bumped PKG_RELEASE, but git add was
forgotten... Add it now.

Fixes: cd48d8d342 ("dnsmasq: switch to /tmp/resolv.conf.d/resolv.conf.auto")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-07 15:44:16 +02:00
Daniel Golle
cd48d8d342 dnsmasq: switch to /tmp/resolv.conf.d/resolv.conf.auto
Mount-bind directory instead of resolv.conf.auto file in jail to
avoid problems when the file is deleted/replaced.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-07 15:37:22 +02:00
Daniel Golle
5e1604477a netifd: move /tmp/resolv.conf.auto to /tmp/resolv.conf.d/
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-07 15:36:59 +02:00
Daniel Golle
fedc5d30ae base-files: move /tmp/resolv.conf.auto to /tmp/resolv.conf.d/
Having it in a directory it more friendly for mount-bind.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2020-01-07 15:36:03 +02:00
Hauke Mehrtens
414d054138 dnsmasq: Fix potential dnsmasq crash with TCP
This is a backport from the dnsmasq master which should fix a bug which
could cause a crash in dnsmasq.

I saw the following crashes in my log:
[522413.117215] do_page_fault(): sending SIGSEGV to dnsmasq for invalid read access from 2a001450
[522413.124464] epc = 004197f1 in dnsmasq[400000+23000]
[522413.129459] ra  = 004197ef in dnsmasq[400000+23000]
This is happening in blockdata_write() when block->next is
dereferenced, but I am not sure if this is related to this problem or if
this is a different problem. I am unable to reproduce this problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-06 17:44:22 +01:00
Hauke Mehrtens
2d80f7e836 rpcd: Update to version 2020-01-05
efe51f4 iwinfo: add current hw and ht mode to info call

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:21:48 +01:00
Hauke Mehrtens
8fb6be73b5 iwinfo: Update to version 2020-01-05
bf2c106 nl80211: add htmode to iwinfo_ops

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:19:37 +01:00
Hauke Mehrtens
05145ffbef uclient: Update to version 2020-01-05
fef6d3d uclient: Add string error function

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:04:37 +01:00
Hauke Mehrtens
ccd7e2dfb2 ustream-ssl: Update to version 2020-01-05
30cebb4 ustream-ssl: mbedtls: fix ssl client verification
77de09f ustream-ssl: mbedtls: fix net_sockets.h include warning

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:04:37 +01:00
Hauke Mehrtens
5877280463 ubus: Update to version 2020-01-05
d35df8a ubus: make libubus ready for linking into C++

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-01-05 20:04:37 +01:00
Andrea Dalla Costa
52f0b0913d ead: fix resource leak in tinysrp
Add call to fclose for file pointer fp in function t_openpw.
The resource leak could happen during an error handling.

Signed-off-by: Andrea Dalla Costa <andrea@dallacosta.me>
2020-01-05 19:36:46 +01:00
DENG Qingfang
983605e61f pppd: update to 2.4.8
78cd384 Update README and patchlevel.h for 2.4.8 release
5d03403 pppd: Avoid use of strnlen (and strlen) in vslprintf
a1e950a pppd: Fix IPv6 default route code for Solaris
ca5e61b plugins/rp-pppoe: Make tag parsing loop condition more accurate
c10c3c7 pppd: Make sure word read from options file is null-terminated
b311e98 pppd: Limit memory accessed by string formats with max length specified
3ea9de9 pppd: Eliminate some more compiler warnings
57edb1a pppd: Include time.h header before using time_t
09f695f pppd: Don't free static string
03104ba pppd.h: Add missing headers
388597e pppd: Add defaultroute6 and related options
66ce4ba pppd: Avoid declarations within statements in main.c
5637180 pppd: Fix `ifname` option in case of multilink (#105)
d00f8a0 pppd: Fix variable reference syntax in Makefile.linux
b6b4d28 pppd: Check tdb pointer before closing

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2020-01-05 19:36:45 +01:00
Matt Merhar
3d7f76383f dropbear: add missing zlib dependency for dropbearconvert
If CONFIG_DROPBEAR_ZLIB is set, building fails at the packaging stage
due to an undeclared dependency on libz.so.1.

As is already done for the main dropbear package, conditionally add a
dependency on zlib.

Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
2020-01-05 19:36:45 +01:00
Rosen Penev
c2ef6c2148 nettle: Disable ARMEB assembly
It's broken for ARMv5, which is the only armeb target in OpenWrt.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-05 19:36:45 +01:00
Rosen Penev
d040851a6f trace-cmd: Fix compilation without fortify-headers
Upstream backport.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-05 19:36:45 +01:00
Rosen Penev
121ad10601 lldpd: Fix compilation without fortify-headers
Upstream backport.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-05 19:36:45 +01:00
Josef Schlehofer
43eb93441f e2fsprogs: update to version 1.45.4
Removed backported patch

Release notes: http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.45.4

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-01-05 19:36:45 +01:00
Rosen Penev
c84a3458aa libcxx: Remove -flto from LDFLAGS
It seems the buildbots can't handle it.

Added a cmake option to find the cxxabi files as they are part of the
toolchain and not in the normal path. It doesn't seem to make a
difference, just gets rid of cmake warnings.

Added another small GCC warning fix. It's fairly minor.

This has no change in compiled size, and most likely no change in
behavior. Bumped the PKG_RELEASE anyway.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-05 19:36:45 +01:00
Josef Schlehofer
9a3b10b449 strace: update to version 5.4
Changelog: https://strace.io/files/5.4/

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2020-01-05 19:36:45 +01:00
Christian Lamparter
1e27befe63 mac80211: remove ath10k_pci memory hacks
These two hacks are no longer necessary as they've
been moved to a special variant of kmod-ath10k-ct.

So, if you have a device suffering from low-memory
situation and getting applications crashes due to
the OOM reaper or kernel panics with ath10k, please
use the "kmod-ath10k-ct-smallbuffers" package from
now on.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2020-01-05 19:02:55 +01:00
Jo-Philipp Wich
22a178e892 fstools: update to latest Git HEAD
823faa0 block: re-discover mtd devices on extroot mount retry

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2020-01-05 18:40:22 +01:00
Petr Štetiar
059505d614 procd: update to version 2020-01-04
a5af33ce9a16 instance: strdup string attributes
d2e8bf6ef7cf system: watchdog_set: fix misleading indentation
9814807bd71c system: sysupgrade: fix possibly misleading error
c7a2db3c1eb6 system: sysupgrade: rework firmware validation
ea45c4a0f07c system: fix failing image validation due to EINTR
4fde95506243 cmake: fix lookup of external libraries

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 14:13:01 +01:00
Petr Štetiar
cf3da66d2c base-files: sysupgrade: exit if the firmware download failed
Sysupgrade process shouldn't continue if the firmware image couldn't be
downloaded.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020940.html
Reported-by: Petr Novák <petrn@me.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2020-01-05 14:13:01 +01:00
Florian Fainelli
e98e046f06 iperf: Allow enabling multicast support
iperf2 is useful for testing UDP over multicast, add an option to permit
the enabling/disabling of multicast support.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2020-01-03 20:30:09 -08:00
David Bauer
1de8fc93ca mt76: update to the latest version
38f4c57 mt76: mt76x0: fix default mac address overwrite

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-01-03 17:44:23 +01:00
Rosen Penev
9f7d36d1a9 libcxx: Add size optimizations
Changed standard to 2a. 2a (as well as 17) contain more constexpr
functions, which are evaluated at compile time. This saves space.

Added --gc-sections. With the CXXABI change, this now makes the package
smaller.

With these, size went down to 210845 on mipsel_24kc.

Also fixed two small compiler warnings. No real change in behavior.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-01 16:59:32 +01:00
Rosen Penev
1f8ab1c640 libcxx: Build with the libsupc++ ABI
Allows proper exception handling. This includes removing unimplemented
warnings.

File size increased as a result:

Before:

182874

After:

211006

On mipsel_24kc.

Note that this requires libsupc++ anyway. It's specified in g++-libcxx.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-01-01 16:59:13 +01:00
Hans Dedecker
051b9a144f ubox: update to version 2019-12-31
0e34af1 kmodloader: added -a arg to modprobe

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-31 14:35:35 +01:00
Jo-Philipp Wich
0590d74db2 Revert "iptables: update to 1.8.4"
This reverts commit 10cbc896c0.

The updated iptables package does not build due to the following error
encountered on the buildbots:

    cp: cannot stat '.../iptables-1.8.4/ipkg-install/usr/lib/libiptc.so.*': No such file or directory

The changelog mentions "build: remove -Wl,--no-as-needed and libiptc.so" so
it appears as if further packaging changes are needed beyond a simple
version bump.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-30 23:07:29 +01:00
DENG Qingfang
10cbc896c0 iptables: update to 1.8.4
Update iptables to 1.8.4

ChangeLog:
  https://netfilter.org/projects/iptables/files/changes-iptables-1.8.4.txt

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
2019-12-30 21:14:31 +01:00
Daniel Golle
37929ddb70 procd: fix running jailed non-root process
Setting user and group for a jailed process caused the jail not to
come up. Fix this by passing user and group to ujail and change
user only once the jail has been setup.
This allows jailing services which refuse to run as root user.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-12-30 20:32:10 +02:00
David Bauer
3026cfe172 iwinfo: update to 2019-12-27
a6f6c05 nl80211: properly handle netdev names starting with "radio"
31dcef3 iwinfo: add several QC/A device ids

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-12-30 15:09:30 +01:00
David Bauer
985ec835ae rt2x00: add throughput LED trigger
This adds a (currently missing) throughput LED trigger for the rt2x00
driver. Previously, LED triggers had to be assigned to the netdev, which
was limited to a single VAP.

Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Christoph Krapp <achterin@googlemail.com>
2019-12-30 13:09:14 +02:00
Petr Štetiar
e3e939d8e6 libubox: update to version 2019-12-28
Fixes startup issues of some services in procd and bumps ABI_VERSION to 20191228.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020840.html
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-28 21:28:09 +01:00
Hans Dedecker
3fe29ffa7b ubox: update to latest git HEAD
b30e0df kmodloader: print an error when no kernel module dir can be found
17689b6 logread: add option to filter for facilities
c9ffeac kmodloader: added -v arg to modeprobe

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-28 21:25:56 +01:00
Álvaro Fernández Rojas
f8424b1b26 brcm2708-userland: add new package with RPi utils
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-12-28 15:31:50 +01:00
Petr Štetiar
36bace78b7 ubus: update to version 2019-12-27
Fixes socket descriptor passing and bumps ABI_VERSION to 20191227.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020840.html
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-28 08:09:50 +01:00
Jason A. Donenfeld
ea980fb9c6 wireguard: bump to 20191226
As announced on the mailing list, WireGuard will be in Linux 5.6. As a
result, the wg(8) tool, used by OpenWRT in the same manner as ip(8), is
moving to its own wireguard-tools repo. Meanwhile, the out-of-tree
kernel module for kernels 3.10 - 5.5 moved to its own wireguard-linux-
compat repo. Yesterday, releases were cut out of these repos, so this
commit bumps packages to match. Since wg(8) and the compat kernel module
are versioned and released separately, we create a wireguard-tools
Makefile to contain the source for the new tools repo. Later, when
OpenWRT moves permanently to Linux 5.6, we'll drop the original module
package, leaving only the tools. So this commit shuffles the build
definition around a bit but is basically the same idea as before.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-27 16:34:27 +01:00
Felix Fietkau
ba164533e2 mt76: update to the latest version
2a0a19168dce mt7603: remove vif sta from poll list on interface remove
dc14ac64e7f3 mt7615: remove vif sta from poll list on interface remove
d868638fdd96 mt76: remove obsolete .add_buf() from struct mt76_queue_ops
50b1e9bd25cd mt76: refactor cc_lock locking scheme
1987b741dac2 mt76: mt76x0: remove 350ms delay in mt76x0_phy_calibrate
c93a2d1c1304 mt76: mt76x02u: update ewma pkt len in mt76x02u_tx_prepare_skb
58e1e969f03e mt76: mt7615: remove unneeded semicolon
c14d6563c492 mt76: mt76x2e: disable pcie_aspm by default
f2be00b1011a mt76: dma: fix buffer unmap with non-linear skbs
20f05897873a mt76: mt76u: rely on usb_interface instead of usb_dev
3cbaf81a185e mt76: mt76u: rely on a dedicated stats workqueue
ea19cd7ac6c6 mt76: Remove set but not used variable 'idx'
a85c06cec844 mt76: use mt76_dev in mt76_is_{mmio,usb}
e0731a82a14f mt76: move SUPPORTS_REORDERING_BUFFER hw property in mt76_register_device
cfdb75124e7c mt76: mt7615: add ibss support
e2f90adcc3b1 mt76: move interface_modes definition in mt76_core module
5dfb0ec9c6d1 mt76: mt7615: disable radar pattern detector during scanning
7121e163c068 mt76: fix possible out-of-bound access in mt7615_fill_txs/mt7603_fill_txs
db78ee08d95e mt76: move mt76_get_antenna in mt76_core module
faf5e6fedd7e mt76: mt7615: read {tx,rx} mask from eeprom
44825e88a42d mt76: use rcu_read_lock_bh in mt76_dma_rx_poll
af83ee8de928 mt76: move initialization of some struct members to mt76_alloc_device
6493e234b40d mt76: introduce struct mt76_phy
ea46624355ec mt76: add support for an extra wiphy in the rx path
c5f1e83e30d4 mt76: add support for an extra wiphy in the main tx path
1d8011871458 mt76: add support for an extra wiphy in the tx status path
e5e755a7a6b0 mt76: add support for an extra wiphy in mt76_sta_state()
ee36c8e2170f mt76: move channel state to struct mt76_phy
d246beb23350 mt76: keep a set of software tx queues per phy
a3e88bcf17e8 mt76: move state from struct mt76_dev to mt76_phy
9cda51d195db mt76: move chainmask back to driver specific structs
df74d6993383 mt76: move txpower_conf back to driver specific structs
9e95fa6208a2 mt76: move txpower and antenna mask to struct mt76_phy
502d09a6e806 mt76: add multiple wiphy support to mt76_get_min_avg_rssi
842cae558b82 mt76: add priv pointer to struct mt76_phy
8ca04846857b mt76: add function for allocating an external wiphy
04cd17a64520 mt76: add ext_phy field to struct mt76_wcid
1c8d69e7d666 mt76: move ampdu_ref from mt76_dev to driver struct
e6659d12d01e mt76: mt7615: add dual-phy support for mac80211 ops
e5ea72ac7158 mt76: mt7615: add multiple wiphy support for smart carrier sense
bdcd45dd04e0 mt76: mt7615: add missing register init for dual-wiphy support
0954c37d015f mt76: mt7615: remove useless MT_HW_RDD0/1 enum
705a0fcdc3a5 mt76: mt7615: add multiple wiphy support to the dfs support code
849fefacc48a mt76: mt7615: rework chainmask handling
caa47af1d6f2 mt76: mt7615: add multiple wiphy support to the rx path
c5585a735864 mt76: mt7615: initialize dbdc settings on interface add
6265fd1954d7 mt76: mt7615: move radio/mac initialization to .start/stop callbacks
5725d1f919ff mt76: mt7615: select the correct tx queue for frames sent to the second phy
993683d62fb7 mt76: mt7615: add support for registering a second wiphy via debugfs
1456a53ddeb3 mt76: mt7615: update beacon contents on BSS_CHANGED_BEACON
ea41ad8bdb36 mt76: mt7615: defer mcu initialization via workqueue
59de6c9447a7 mt7615: replace sta_state callback with sta_add/sta_remove
88db676f8517 mt76: fix rx dma ring descriptor state on reset
fff2c07193bb Revert "mt76: use rcu_read_lock_bh in mt76_dma_rx_poll"
b3bf83d6da1c mt76: disable bh in mt76_dma_rx_poll
efcbee1d8bfc mt76: mt76x0u: do not reset radio on resume
5dc6f6fcc027 treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 174
84554a1fbb9a kernel: fix typos and some coding style in comments
a116b0a6afe9 mt76: fix possible undetected invalid MAC address
becdec318fce mt76: Off by one in mt76_calc_rx_airtime()
683eb244fa55 mt76: mt7603: reset STA_CCA counter setting the channel
812692db171c mt76: eeprom: add support for big endian eeprom partition
8b362382b10c mt76: mt7615: Fix build with older compilers
fc24815a2cb4 mt76: mt7615: report firmware version using ethtool
5cec93d57e6d mt76: mt76x02: fix coverage_class type
9354f0f41d1c mt76: mt7603: set 0 as min coverage_class value
a589d095eeb6 mt76: mt7615: add set_coverage class support
257c19f5b56f mt76: clear skb pointers from rx aggregation reorder buffer during cleanup
05c87a33831f mt76: do not overwrite max_tx_fragments if it has been set
05fa07c667f3 mt76: use AC specific reorder timeout
3ef5f3444a94 mt76: mt7615: measure channel noise and report it via survey
726fd501651a mt76: mt7615: increase MCU command timeout
99d8cd03edfa mt76: mt7603: fix input validation issues for powersave-filtered frames
32129af2604d net/wireless: Delete unnecessary checks before the macro call “dev_kfree_skb”
85a8abf80385 mt76: mt76x02: omit beacon slot clearing
8b5d3615e1c8 mt76: mt76x02: split beaconing
dc364547d91a mt76: mt76x02: add check for invalid vif idx
462a16e185e4 mt76: mt76x02: remove a copy call for usb speedup
fa24aba4c280 mt76: speed up usb bulk copy
6a84ad21306e mt76: mt76x02: add channel switch support for usb interfaces
09fcbc214b10 mt76: usb: use max packet length for m76u_copy
584c0784e019 mt76: mt76x02u: do not set NULL beacons
ca17e5657e8a mt76: mt76x02: minor mt76x02_mac_set_beacon optimization
d5fdd2e7ced8 mt76: mt7615: fix MT7615_CFEND_RATE_DEFAULT value
ae25a4bf99a9 mt76: mt7615: introduce LED support
cd759b00cc06 mt76: mt76x02: simplify led reg definitions
cf00467c5de4 mt76: mt7603: simplify led reg definitions
1c8e76f4de3e mt76: fix compilation warning in mt76_eeprom_override()
960f5cc2390b mt76: mt76u: fix endpoint definition order
15e1c29ed8e3 mt76: mt7615: add missing settings for simultaneous dual-band support
e09b9f61eeb3 mt76: mt7615: rework set_channel function
4cb1195a1530 mt76: mt7615: add set_antenna callback

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2019-12-27 16:08:13 +01:00
Eneas U de Queiroz
d5ede68f8b wolfssl: bump to 4.3.0-stable
This update fixes many bugs, and six security vulnerabilities, including
CVE-2019-18840.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-12-26 23:30:57 +01:00
Eneas U de Queiroz
3018c4c02f curl: rename cyassl->wolfssl
The old name was dropped and no longer works.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
2019-12-26 23:30:33 +01:00
Petr Štetiar
7cb018c591 ubus: update to version 2019-12-19
Contains following changes:

 a1523d76b016 fix blob parsing vulnerability by using blob_parse_untrusted
 c60583743ccf ubus_monitor: workaround possibly false positive uses of memory after it is freed
 dac6c7c575ac ubusd_monitor: fix possible null pointer dereference
 060dfbb26da3 ubus_common: remove duplicate ARRAY_SIZE and add missing include
 c5f2053dfcfd workaround possibly false positive uses of memory after it is freed
 72be8e93f07d lua: ubus_lua_do_subscribe: fix copy&paste error
 a995b1e68129 lua: workaround false positive dereference of null pointer
 08f17c87a000 add fuzzer and cram based unit tests
 c413be9b376c refactor ubusd.c into reusable ubusd_library
 afd47189e864 examples: remove dead increments
 b2e544238672 add initial GitLab CI support
 058f4e9526ed libubus: fix incompatible pointer types assigment
 d2e026a33df8 iron out all extra compiler warnings
 5d7ca8309d0a ubusd/libubus-io: fix variable sized struct position warning
 d61282db5640 ubusd: fix comparison of integers of different signs
 90fb16234c22 cmake: enable extra compiler checks

and bumps ABI_VERSION to 20191219.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-26 08:54:42 +01:00
Petr Štetiar
2544cb1ba3 ucert: update to version 2019-12-19
14a279411cff fix certificate blob parsing vulnerability by using blob_parse_untrusted
19a7225ac018 fix leaking memory in cert_dump_blob
9dba44ddd4f5 fix possibly garbage value returned in cert_process_revoker
4462ff9dedfa add cram based unit tests
5fe64b5606aa cmake: split usign bits into static library
5d7626a2b6d8 cmake: reindent the file
e284ed941972 cmake: enable hardening compiler flags and fix the reported issues
7e5390666347 add initial GitLab CI support
fa0bf4ef45b1 cmake: add proper include and library dependencies

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-26 08:47:18 +01:00
Petr Štetiar
b9f3af7c89 libubox: update to version 2019-12-26
Contains following changes:

 eb7eb6393d47 blobmsg: fix array out of bounds GCC 10 warning
 86f6a5b8d1f1 blobmsg: reuse blobmsg_namelen in blobmsg_data
 586ce031eaa0 tests: fuzz: fuzz _len variants of checking methods
 b0e21553ae8c blobmsg: add _len variants for all attribute checking methods
 cd3059796a57 Replace use of blobmsg_check_attr by blobmsg_check_attr_len
 143303149c8b Ensure blob_attr length check does not perform out of bounds reads
 f2b2ee441adb blobmsg: fix heap buffer overflow in blobmsg_parse
 4dfd24ed88c4 blobmsg: make blobmsg_len and blobmsg_data_len return unsigned value
 2df6d35e3299 tests: add test cases for blobmsg parsing
 8a34788b46c4 test: fuzz: add blobmsg_check_attr crashes
 478597b9f9ae blob: fix OOB access in blob_check_type
 325418a7a3c0 tests: use blob_parse_untrusted variant
 0b24e24b93e1 blob: introduce blob_parse_untrusted
 6d27336e4a8b blob: refactor attr parsing into separate function
 833d25797b16 test: fuzz: add blob_parse crashes
 09ee90f8d6ed tests: add test cases for blob parsing
 436d6363a10b tests: add libFuzzer based tests
 bf680707acfd tests: add unit tests covered with Clang sanitizers
 f804578847de cmake: add more hardening compiler flags
 46f8268b4b5b blobmsg/ulog: fix format string compiler warnings
 eb216a952407 cmake: use extra compiler warnings only on gcc6+

and bumps ABI_VERSION to 20191226.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-26 08:41:37 +01:00
Kevin Darbyshire-Bryant
9cf9f903a3 wireguard: bump to 20191219
edad0d6 version: bump snapshot
0e38a3c compat: ipv6_dst_lookup_flow was backported to 5.3 and 5.4
2e52c41 wg-quick: linux: use already configured addresses instead of in-memory
3721521 tools: adjust wg.8 syntax for consistency in COMMANDS section
21a1498 wg-quick: linux: try both iptables(8) and nft(8) on teardown

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-12-24 20:53:32 +00:00
Hauke Mehrtens
80f06cb601 ath10k-firmware: Add kmod-ath10k-ct-smallbuffers to depends
Only select ath10k-ct-regular when smallbuffers version was not
selected.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-12-24 00:57:56 +01:00
Paul Fertser
1ac627024d kernel: ath10k-ct: provide a build variant for small RAM devices
According to many bugreports [0][1][2] the default ath10k-ct kernel
module is unusable on devices with just 64 MiB RAM or with 128 MiB and
dual ath10k cards. The target boards boot but eventually oom-killer
starts to interfere with normal operation, so the current state is
effectively broken.

Since the two patches in question have a performance impact (and
possibly some other unexpected side-effects) a dedicated build variant
is added so that users of the low RAM devices can still benefit from all
the ath10k-ct advantages.

According to testing [3] results, the issue can be experienced even with
"a 256MB device with three radios". Measured performance impact of
implementing small buffers was lowering "the maximum 5 GHz throughput on
an IPQ40xx device without RPS/XPS optimizations from 494/432 Mbit/s for
TCP transfers (download/upload) to 438/343 Mbit/s"

The patches were apparently inspired by QSDK tweaks used by ODMs for the
affected devices.

[0] http://lists.infradead.org/pipermail/openwrt-devel/2019-December/020573.html
[1] https://github.com/openwrt/openwrt/pull/1077
[2] https://bugs.openwrt.org/index.php?do=details&task_id=2664
[3] https://github.com/freifunk-gluon/gluon/pull/1440#issue-195607701

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
[Remove double CONFIG_ATH10K-CT_LEDS entry]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-12-24 00:56:51 +01:00
Florian Fainelli
c715f71bce treewide: Remove self from MAINTAINER entries
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2019-12-23 13:18:04 -08:00
Álvaro Fernández Rojas
46c5880b0f brcm2708-gpu-fw: update to latest firmware
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-12-23 17:50:32 +01:00
Rosen Penev
fb19fb868c libcxx: Depenency fixes
Don't build with uClibc-ng. It's totally unsupported as several functions
are missing.

Make the musl libc support conditional.

Fix hash with make check FIXUP=1. Apparently I based the Makefile off of
libedit and forgot to fix the hash.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fixes: 856ea2bad3 ("libcxx: Add package")
2019-12-23 12:08:23 +01:00
Sungbo Eo
a22b7a60d9 kernel: fix *-gpio-custom module unloading
Unloading and reloading the modules fails, as platform_device_put() does not
release resources fully.

root@OpenWrt:/# insmod i2c-gpio-custom bus0=0,18,0,5
[  196.860620] Custom GPIO-based I2C driver version 0.1.1
[  196.871162] ------------[ cut here ]------------
[  196.880517] WARNING: CPU: 0 PID: 1365 at fs/sysfs/dir.c:31 0x80112158
[  196.893431] sysfs: cannot create duplicate filename '/devices/platform/i2c-gpio.0'
...
[  197.513200] kobject_add_internal failed for i2c-gpio.0 with -EEXIST, don't try to register things with the same name in the same directory.

This patch fixes it by replacing platform_device_put() to
platform_device_unregister().

Fixes: da77408537 ("i2c-gpio-custom: minor bugfix")
Fixes: 3bc81edc70 ("package: fix w1-gpio-custom package (closes #6770)")

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
2019-12-23 00:22:07 +01:00
Florian Eckert
432ec292cc rpcd: add respawn param
The rpcd service is an important service, but if the service stops
working for any reason, no one will ever respawn that service. With this
commit, the procd service will monitor if the rpcd service
is running. If the rpcd service has crashed, then
procd respawns the rpcd service.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2019-12-23 00:22:07 +01:00
Bjørn Mork
d034a1f457 adb: fix for SuperSpeed devices
The USB descriptor parsing in adb fails to detect SuperSpeed devices
because of the SuperSpeed Endpoint Companion Descriptor.  This
cherry-picks the upstream fix for the problem.

Unfortunately there never were a release with this fix before the
conversion to C++, so upgrading to a newer version isn't an option.

This makes adb work with SuperSpeed devices like the Sierra Wireless
EM7565.  Tested and verified.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
2019-12-23 00:22:07 +01:00
Maxim Storchak
dd299805ad ca-certificates: provide ca-certs by both ca-certificates and ca-bundle
- both packages provide ca-certs
- make ca-bundle the default provider

This should allow easy transition between these two forms of CA certificates storage

Signed-off-by: Maxim Storchak <m.storchak@gmail.com>
2019-12-23 00:22:07 +01:00
Rosen Penev
856ea2bad3 libcxx: Add package
Currently in OpenWrt, there are two libc++: libstdcpp and uClibc++. The
former is huge and the latter supports only C++98 with some basic support
for C++11. Those C++ versions seem to be specific to the compiler version

libcxx supports C++11 and above while being much smaller than libstdcpp.
On mt7621, these are the sizes of the ipks that I get:

libstdcpp: 460786
libcxx: 182881
uClibc++:67720

libcxx is faster than uClibc++ and is under active development as part of
the LLVM project while uClibc++ is effectively dead.

This PR modifies uclibc++.mk to expose the make menuconfig option. Further
cleanup is beyond the scope of this PR. What that means is, this is not
used by default.

A g++-libcxx wrapper based on the uClibc++ one was added. Works the same
way.

Compile tested with all packages that use uclibc++.mk in their Makefiles
under mipsel_24kc. kismet fails compilation but that package needs to be
cleaned up and updated.

Runtime tested with gddrescue, gdisk, dcwapd, bonnie++, and aircrack-ng
on a TP-Link Archer C7v2.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-12-23 00:22:07 +01:00
Rosen Penev
fd211e1677 iperf: Fix compilation with libcxx
Avoids redefining bool.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2019-12-23 00:22:07 +01:00
Stefan Lippers-Hollmann
6598264266 ath10k-firmware: update Candela Tech firmware images
The release notes since last time for wave-1:

 * No changes to wave-1, but I make a version .014 copy anyway to keep
   the makefile in sync.

The release notes since last time for wave-2:

 * December 16, 2019: Wave-2 has a fix to make setting txpower work
                      better. Before setting the power was ignored at
                      least some of the time (it also appeared to work
                      mostly, so I guess it was being correctly set in
                      other ways).

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2019-12-23 00:21:46 +01:00
DENG Qingfang
36baba65ec linux-firmware: update to 20191215
Update linux-firmware to 20191215

git log --pretty=oneline --abbrev-commit 20190815..20191215

eefb5f7 inside-secure: add new "mini" firmware for the EIP197 driver
dd1a12e Merge branch 'RB3-adsp-cdsp-mss-v4' of https://github.com/andersson/linux-firmware
c523dcd WHENCE: Add raspberry-pi4 SDIO file
99a15a4 Merge branch 'rpi4-fw' of https://git.kernel.org/pub/scm/linux/kernel/git/matthias.bgg/linux-firmware
2260cbd Merge branch 'master' of https://github.com/dikshitaagarwal/video_firmware_5.4
4c688be Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
e10ed21 qcom: update venus firmware files for v5.4
af4c4be cxgb4: Update firmware to revision 1.24.11.0
f93c7a1 brcm: Add BCM43455 NVRAM for Raspberry Pi 4 B
212e441 qcom: Add SDM845 Compute DSP firmware
ec84cf9 qcom: Add SDM845 Audio DSP firmware
62d0a1a qcom: Add SDM845 modem firmware
e8a0f4c rtl_nic: add firmware rtl8168fp-3
9581f15 Merge branch 'nxp_mc' of https://github.com/NXP/linux-firmware
978c04e linux-firmware: Update NXP Management Complex firmware to version 10.18.0
c62c3c2 linux-firmware: Update firmware file for Intel Bluetooth AX201
6272383 linux-firmware: Update firmware file for Intel Bluetooth AX200
84a7ca5 linux-firmware: Update firmware file for Intel Bluetooth 9560
96c3994 linux-firmware: Update firmware file for Intel Bluetooth 9260
7319341 amdgpu: update navi14 vcn firmware
b363d9d amdgpu: update navi10 vcn firmware
f1100dd Merge branch 'ehl_tgl_guc_huc' of git://anongit.freedesktop.org/drm/drm-firmware
4debf21 i915: Add HuC firmware v7.0.3 for TGL
1eb2ac4 i915: Add GuC firmware v35.2.0 for TGL
4b0a210 i915: Add HuC firmware v9.0.0 for EHL
610fe75 i915: Add GuC firmware v33.0.4 for EHL
11bdc57 rtw88: RTL8723D: add firmware file v48
9e194c7 qed: Add firmware 8.40.33.0
4065643 amdgpu: add new navi14 wks gfx firmware for 19.30
d4f88ea amdgpu: update navi14 firmware for 19.30
ea755b6 amdgpu: update raven firmware for 19.30
340e06e linux-firmware: Add firmware file for Intel Bluetooth AX201
ad7a8b2 Mellanox: Add new mlxsw_spectrum2 firmware 29.2000.2308
e756bf3 Mellanox: Add new mlxsw_spectrum firmware 13.2000.2308
b27d123 rtl_nic: add firmware files for RTL8153
180e2b4 rtl_bt: Update configuration file for BT part of RTL8822CU
0acd93e bnx2x: Add FW 7.13.15.0.
2b016af linux-firmware: Update AMD cpu microcode
4c3e853 linux-firmware: Update firmware file for Intel Bluetooth AX200
7a79d22 linux-firmware: Update firmware file for Intel Bluetooth AX201
fdab23a linux-firmware: Update firmware file for Intel Bluetooth 9560
b68efd7 linux-firmware: Update firmware file for Intel Bluetooth 9260
aa95e90 amdgpu: add initial navi14 firmware form 19.30
c1ce20e rtlwifi: rtl8821ae: Add firmware for the RTL8812AE variant.
7d187ac ice: Fix up WHENCE entry and symlink
4c55b97 Merge branch 'dev-queue' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/firmware
7c4db73 nvidia: Update Tegra210 XUSB firmware to v50.24
c054c53 nvidia: Add XUSB firmware for Tegra194
9cfefbd Remove duplicate symlinks
2de7abd copy-firmware: Create symlinks from WHENCE file
2116bcd Make symlinks consistent
c0590d8 amdgpu: update vega20 ucode for 19.30
43cc648 amdgpu: update vega12 ucode for 19.30
ffa0ed7 amdgpu: update vega10 ucode for 19.30
83e1b41 amdgpu: update picasso ucode for 19.30
7008617 amdgpu: update raven2 ucode for 19.30
9200baa amdgpu: update raven ucode for 19.30
f25a39c amdgpu: add new raven rlc firmware
9ae61e7 ice: Add package file for Intel E800 series driver
417a9c6 amdgpu: add initial navi10 firmware
702cc63 Merge branch 'cml_tgl-icl-dmc_huc_updates' of git://anongit.freedesktop.org/drm/drm-firmware
3182b4b Merge branch 'gpu-845' of https://github.com/ndechesne/linux-firmware
3ea84e5 drm/i915/firmware: Add v9.0.0 of HuC for Icelake
60ddd0e drm/i915/firmware: Add v4.0.0 of HuC for Cometlake
c47d8f8 drm/i915/firmware: Add v4.0.0 of HuC for Geminilake
2cdb78c drm/i915/firmware: Add v2.0.0 of HuC for Broxton
38965af drm/i915/firmware: Add v4.0.0 of HuC for Kabylake
8d127af drm/i915/firmware: Add v2.0.0 of HuC for Skylake
e7b6fa7 drm/i915/firmware: Add v33 of GuC for CML
e4ea25f drm/i915/firmware: Add v2.04 of DMC for TGL
51deca6 drm/i915/firmware: Add v1.09 of DMC for ICL
88ea23e qcom: add firmware files for Adreno a630
6c6918a linux-firmware: Update firmware file for Intel Bluetooth AX201
6ddb9d9 Merge branch 'for-upstream' of git://git.chelsio.net/pub/git/linux-firmware
d45c950 nvidia: Add XUSB firmware for Tegra186
65c6595 Add symlinks for Tegra VIC firmware binaries
0b22bfc rtl_bt: Update RTL8723D BT FW to 0x828A_96F1
f667c00 rtl_nic: add firmware rtl8125a-3
fe1ae0d linux-firmware: Add firmware file for Intel Bluetooth AX201
2f885ba Chelsio driver loads firmware configuration file to allow firmware to distribute resources before chip bring up. Chelsio NIC driver, cxgb4 searches for firmware config file at /lib/firmware/cxgb4/ directory.
7307a29 brcm: Add 43455 based AP6255 NVRAM for the Minix Neo Z83-4 Mini PC
65d02cd brcm: Add 43340 based AP6234 NVRAM for the PoV TAB-P1006W-232 tablet
f38fb4f Merge tag 'iwlwifi-fw-2019-08-23' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/linux-firmware
40e4162 iwlwifi: update FWs to core45-152 release
c0fb3d9 check_whence: Add copy-firmware.sh to the list of ignored files
aa703aa rtl_bt: Update RTL8822C BT FW to V0x098A_94A4
665001a linux-firmware: Update firmware file for Intel Bluetooth AX200
c0ca980 linux-firmware: Update firmware file for Intel Bluetooth AX201
b6427bf linux-firmware: Update firmware file for Intel Bluetooth 9560
fe48882 linux-firmware: Update firmware file for Intel Bluetooth 9260
ebd40c6 Mellanox: Add new mlxsw_spectrum firmware 13.2000.1886

Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[Added missing symbolic links to Makefile]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-12-23 00:20:55 +01:00
Jo-Philipp Wich
97af1fc979 uhttpd: reset PKG_RELEASE
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-22 23:03:59 +01:00
Jo-Philipp Wich
f34f9a414d uhttpd: update to latest Git HEAD
5f9ae57 client: fix invalid data access through invalid content-length values

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-22 22:50:00 +01:00
Jo-Philipp Wich
5f4244150f fstools: update to latest git HEAD
b4e25d5 libblkid-tiny: fix symbol collision with full libblkid

Fixes: FS#2691, FS#2692
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-22 21:30:02 +01:00
Magnus Kroken
bf43e5bbf9 openvpn: update to 2.4.8
Backport two upstream commits that allow building
openvpn-openssl without OpenSSLs deprecated APIs.

Full changelog:
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24#OpenVPN2.4.8

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2019-12-22 10:45:09 +01:00
David Bauer
4113d8a255 ipq-wifi: add BDF for Aruba AP-303
The BDF originates from the vendor-firmware.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-12-20 17:48:52 +01:00
Rafał Miłecki
4ebc9dc9c4 fstools: update to latest git HEAD
111a43f libblkid-tiny: vfat: Change parsing label in special cases
f43a1aa libblkid-tiny: vfat: Fix reading labels which starts with byte 0x05
157924d libblkid-tiny: add blkid_probe_set_id_label() stub
0c5761f libblkid-tiny: use separated buffer for each block device read
b82c5c1 libblkid-tiny: add functions for allocating & freeing probe struct
12851d6 blockd: don't flush devices list on "hotplug" call
5ea47fe blockd: fix vlist memory corruption

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-12-20 08:20:16 +01:00
Petr Štetiar
b70052c6e6 uci: update to latest Git HEAD
165b44413145 uci: Fix extra semicolons warnings
66264ed9ec9e cmake: add more hardening compiler flags
cca6f105fae2 libuci: refactor uci_get_errorstr
750b046eb77f tests: cram: Lua: add test case for uci_get_errorstr
654d7c33da28 lua: add missing forward declaration
03dfbbe6fef7 cli: fix format string clang-10 warning

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 22:41:57 +01:00
Karl Palsson
34466afb28 uboot-envtools: ath79: fix missing etactica eg200 support
Was inadvertantly missed from the inital forward port from ar71xx to
ath79.

Fixes: 1588114cf2 ("ath79: add etactica-eg200 support")
Signed-off-by: Karl Palsson <karlp@etactica.com>
[commit description/subject facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 22:41:57 +01:00
Paul Fertser
174ff7d754 base-files: send informational UDP message each second waiting
The preinit network initialisation and failsafe informational message
are inherently racy as the interface takes some time to become
functional after "ip link set $pi_ifname up" command.

Consider this timing:

[   12.002713] IPv6: ADDRCONF(NETDEV_UP): eth1: link is not ready
[   12.008819] IPv6: ADDRCONF(NETDEV_UP): eth1.1: link is not ready
[   12.118877] random: procd: uninitialized urandom read (4 bytes read)
[   13.068614] eth1: link up (1000Mbps/Full duplex)
[   13.073309] IPv6: ADDRCONF(NETDEV_CHANGE): eth1: link becomes ready
[   13.080445] IPv6: ADDRCONF(NETDEV_CHANGE): eth1.1: link becomes ready

Since the UDP message was sent prior to link becoming ready, it was
never seen on the wire.

The default failsafe timeout is set to 2 seconds, so with this patch
there are two attempts to send the message, one spent in vain, and the
other visible in tcpdump on an attached host. Of course, in cases when
the interface is brought up faster it leads to two messages, however it
should be harmless. This patch (almost) doesn't affect normal boot time
while still allowing to enter failsafe reliably with a single button
press, matching the official "generic failsafe" documentation.

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
2019-12-19 22:41:57 +01:00
Petr Štetiar
98b3526bf2 iputils: move iputils tools to packages feed
iputils has moved from the master tree to the packages feed, and is
switching from the abandoned skbuff.net upstream to
github.com/iputils/iputils.

Ref: https://git.openwrt.org/556698cedf9e86a0ffe9f148d4e8e733676c26f6
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-12-19 22:41:57 +01:00
Ansuel Smith
1698b36bb4 kernel: make dwc3 usb driver depends on kernel 4.14
- usb-dwc3-of-simple is not used anymore as we have qcom dedicated driver
- usb-phy-qcom-dwc3 is not dependent of dwc3-of-simple

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2019-12-19 22:41:57 +01:00
Rafał Miłecki
17e2246eca mac80211: brcm: add support for BCM4359 SDIO chipset
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-12-19 09:17:22 +01:00
Rafał Miłecki
c3aa33bf70 mac80211: brcm: backport 5.5 and 5.6 kernel patches
This update doesn't include:
3b1e0a7bdfee brcmfmac: add support for SAE authentication offload
be898fed355e brcmfmac: send port authorized event for FT-802.1X
due to nl80211 dependencies.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-12-19 08:41:34 +01:00
Álvaro Fernández Rojas
859fac2b93 cypress-nvram: add new package
This package contains nvram files for brcmfmac, a mac80211 driver for FullMAC
Cypress devices.

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-12-18 08:44:48 +01:00
Kevin Darbyshire-Bryant
ca7ed1712e wireguard: bump to 0.0.20191212
1ec6ece version: bump snapshot
e13de91 main: remove unused include <linux/version.h>
72eb17c wg-quick: linux: support older nft(8)
1d8e978 global: fix up spelling
e02713e wg-quick: linux: add support for nft and prefer it
b4e3a83 compat: support building for RHEL-8.1 instead of RHEL-8.0
f29e3ac socket: convert to ipv6_dst_lookup_flow for 5.5

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-12-17 19:46:41 +00:00
Álvaro Fernández Rojas
1115c9aad3 brcmfmac-board-rpi: remove uneeded package
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-12-17 19:20:02 +01:00
Álvaro Fernández Rojas
e332453857 cypress-firmware: add new package
This package contains firmwares provided by Cypress
See https://community.cypress.com/community/linux

Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
2019-12-17 19:20:02 +01:00
Imran Khan
27d69d2561 uboot-envtools: check for config prior to append
In the rare event a pre-populated fw_env.config exists in the rootfs prior
to firstboot, calling fw_setenv after the system has initialised will
annihilate the devices environment due to two identical lines in
fw_env.config.

Check for existence prior to blind appendage.

Signed-off-by: Imran Khan <gururug@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: fixed patch format, improved grep, cosmetics]
2019-12-17 19:35:16 +02:00
Jo-Philipp Wich
762aac50c0 rpcd: update to latest Git HEAD
aaa0836 file: extend exec acl checks to commands with arguments

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-17 08:33:33 +01:00
David Bauer
6ec288a178 mac80211: fix txpower when using DFS channels
With this patch, txpower for the PHY is applied when configuring the PHY
instead of the VIF. Otherwise, the configured txpower is not applied for
the first initialized VIF when using DFS channels, as it is currently
applied too early when the CAC hasn't finished.

Reported-by: Martin Weinelt <martin@darmstadt.freifunk.net
Signed-off-by: David Bauer <mail@david-bauer.net>
Tested-by: Martin Weinelt <martin@darmstadt.freifunk.net>
2019-12-16 00:50:10 +01:00
Hans Dedecker
a15f658ed0 odhcpd: update to latest git HEAD
d60f0a6 treewide: optimize syslog priority values

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-15 20:54:25 +01:00
Roman Bazalevsky
69fff339e9 sunxi: add support for FriendlyARM Nano PI NEO Air dev board
Hardware:

  Allwinner H3 upto 1.2GHz
  512MB DDR3 RAM
  8GB on-board eMMC - mountable, can be used as boot with custom boot.scr
  microSD-card slot
  WiFi 802.11n (AP6212A) - working
  Bluetooth (AP6212A) - not working for now
  Micro-USB OTG + 2*USB headers
  UART 3.3V - working
  GPIO/I2C/SPI 2.54mm headers

Standard sunxi SD-card installation procedure - copy image to SD card,
insert in into slot and boot. First time you will need UART adapter to
enable on-board wireless (or just build custom image with enabled WiFi).

To boot from eMMC:

  - boot from SD
  - copy SD image to emmc (dd bs=... if=.... of=/dev/mmcblk2)
  - mount eMMC boot partition and replace boot script on it
  - unmount, reboot

To use i2c, spi and more uarts - replace dtb on boot partition with
fixed one (use dtc or fdt-tools).

Signed-off-by: Roman Bazalevsky <rvb@rvb.name>
[rebase onto device name consolidation patches]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-12-13 12:20:09 +01:00
Adrian Schmutzler
a4cdb537b1 sunxi: use vendor_device scheme for device definitions
This changes device definition to resemble the vendor_device scheme
already present for the majority of device compatible strings.

By doing this, we achieve several advantages at once:
- Image names and node names are more consistent with other targets.
- SUPPORTED_DEVICES can be set automatically for all but two cases.
- Image names and node names are in line with DEVICE_TITLEs.

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-12-13 12:19:44 +01:00
Koen Vandeputte
487e0631d0 ath10k-firmware: update Candela Tech firmware images
The release notes since last time for wave-1:

  *  November 29, 2019:  Fix IBSS merge issue, related to TSF id leakage bug in firmware code.
                         Thanks for Ahmed Zaki @ Mage-Networks for helping to diagnose and test.

The release notes since last time for wave-2:

  *  December 6, 2019:  Fix 160Mhz problem caused by logic that did not take into account the fact that
                        160Mhz has only 1/2 of the NSS of lower bandwidths in the rate table.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-12-10 09:50:42 +01:00
Daniel Golle
3ee767086d mac80211: don't call md5sum on non-existing file
If no AP is configured, hostapd-${phy}.conf is not being created,
hence md5sum fails and causes log pollution:

netifd: radio1 (3183): md5sum: can't open '/var/run/hostapd-phy1.conf': No such file or directoy

Hence make sure the file exists when calling md5sum.

Fixes: a5bc9787d4 ("mac80211: add support for dynamically reconfiguring wifi")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-12-08 19:53:11 +01:00
Daniel Golle
24b97579d2 hostapd: re-introduce process tracking
Before commit 60fb4c92b6 ("hostapd: add ubus reload") netifd was
tracking hostapd/wpa_supplicant and restarting wifi in case of a
process crash. Restore this behaviour by tracking the PIDs of
hostapd and wpa_supplicant.
Also make sure hostapd and/or wpa_supplicant have been started before
emmitting ubus calls to them using ubus wait_for.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-12-08 19:52:39 +01:00
Daniel Golle
2568db3fff mac80211: track unmanaged interfaces
In addition to wpa_supplicant and hostapd managed interfaces, also
track unmanaged interfaces. This is used to make sure that running
'wifi' always returns into a clean state regardless of what the user
did before.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-12-08 19:52:39 +01:00
Felix Fietkau
c888e17e06 hostapd: manage instances via procd instead of pidfile
Allows graceful restart of crashing hostapd/wpa_supplicant instances

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: attempt to launch only present services]
2019-12-08 19:52:38 +01:00
Felix Fietkau
4225b83a76 hostapd: fix crash regression triggered by mesh mode
Fixes: 60fb4c92b6 ("hostapd: add ubus reload")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: polish commit message]
2019-12-08 19:51:53 +01:00
David Bauer
1ccf4bb93b hostapd: enable CTRL_IFACE_MIB for hostapd-full
This enables the CTRL_IFACE_MIB symbol for wpad-full and hostapd-full.
If it is not enabled, statistic outputs such as "hostapd_cli all_sta"
are empty.

Signed-off-by: David Bauer <mail@david-bauer.net>
2019-12-08 12:49:09 +01:00
Hans Dedecker
39d9010c20 iproute2: update to 5.4.0
Update iproute2 to latest stable version, see https://lwn.net/Articles/805654/
for the changes in 5.4.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-06 18:35:55 +01:00
Jason A. Donenfeld
82a8f91c89 wireguard: bump to 0.0.20191205
* wg-quick: linux: suppress error when finding unused table

This fixes a spurious warning messages seen with recent versions of iproute2
and kernels.

* wg-quick: linux: ensure postdown hooks execute
* wg-quick: linux: have remove_iptables return true
* wg-quick: linux: iptables-* -w is not widely supported

Adding in iptables had some hiccups. For the record, I'm very unhappy about
having to put any firewalling code into wg-quick(8). We'll of course need to
support nftables too at some point if this continues. I'm investigating with
upstream the possibility of adding a sysctl to patch the issue that iptables
is handling now, so hopefully at somepoint down the line we'll be able to shed
this dependency once again.

* send: use kfree_skb_list
* device: prepare skb_list_walk_safe for upstreaming
* send: avoid touching skb->{next,prev} directly

Suggestions from LKML.

* ipc: make sure userspace communication frees wgdevice

Free things properly on error paths.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-12-05 12:11:40 +01:00
Alin Nastac
416d2cc71e gre: add ipv6 parameter to gre interfaces
IPv6 protocol is enabled on all gre interfaces, but gre(v6)tap
interfaces are usually added to a bridge interface, in which case
IPv6 should be enabled only on the bridge interface.

Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2019-12-02 21:52:33 +01:00
Hans Dedecker
806339a4cc curl: bump to 7.67.0
For changes in 7.67.0; see https://curl.haxx.se/changes.html#7_67_0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-12-02 20:50:57 +01:00
Christian Lamparter
82a741c774 mac80211: switch to upstream owl-loader driver
The Owl Loader (named after the codename that Atheros gave
these devices back in the day) has been accepted upstream.

This patch removes the "misc" driver OpenWrt had and adds
the remaining differences against the version that ships
with 5.4-rc1 into a separate "120-owl-loader-compat.patch"
file that can be cut down once AR71XX is being dealt with.

Note: I decided to keep the existing (kmod-)owl-loader
package name around for now. The kernel module file in
the kmod package will be called ath9k_pci_owl_loader.ko
though.

Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2019-11-30 13:21:20 +01:00
Satadru Pramanik
f1410902e6 busybox: add glibc dependency for vi regex option
Build with musl libc fails with BUSYBOX_DEFAULT_FEATURE_VI_REGEX_SEARCH
enabled. Enabling BusyBox's vi regex search option depends upon GNU
regex.  Musl libc does not support GNU regex[1].

So this patch adds explicit dependency on GNU libc and while at it
remove the FIXME comment.

1. https://wiki.musl-libc.org/functional-differences-from-glibc.html

Ref: https://dev.archive.openwrt.org/ticket/21741.html
Ref: https://forum.openwrt.org/t/busybox-not-compiling/
Ref: https://github.com/openwrt/packages/issues/4453
Signed-off-by: Satadru Pramanik <satadru@umich.edu>
[commit subject/description tweaks, From: fix, USE_GLIBC fix, removed comments]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-30 00:53:36 +01:00
DENG Qingfang
ca7f1ef575 Revert "mt76: probe load mt7615 driver asynchronously"
This reverts commit 8176431963 ("mt76: probe load mt7615 driver
asynchronously").  After said commit, users report that MT7615 no longer
works on boot and they have to manually enable WiFi (via command "wifi") to
make it working again.

Fixes: FS#2546
Ref: https://forum.openwrt.org/t/xiaomi-r3p-no-wifi-on-boot/45509
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
[commit description facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-30 00:53:36 +01:00
Hans Dedecker
f573e5756a netifd: update to latest git HEAD
e45b140 interface: warn if ip6hint is truncated

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-11-29 21:56:42 +01:00
Santiago Piccinini
c7fb12beb1 mac80211: unify setup of iw htmode for mesh and adhoc
This also fixes mac80211_prepare_vif iw set channel in monitor or
mesh mode.

Signed-off-by: Santiago Piccinini <spiccinini@altermundi.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: fixed commit message]
2019-11-29 18:26:20 +01:00
Daniel Golle
9c272dd3e4 ucert: update to latest git HEAD
e4bd927 cast ucert_argv to proper type when passing to execv

Fixes warnings:

warning: passing argument 2 of 'execv' from incompatible pointer type
[-Wincompatible-pointer-types]
  254 |       execv(usign_argv[0], usign_argv)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-29 00:09:48 +01:00
Jason A. Donenfeld
2fedf023e4 wireguard: bump to 0.0.20191127
* messages: recalculate rekey max based on a one minute flood
* allowedips: safely dereference rcu roots
* socket: remove redundant check of new4
* allowedips: avoid double lock in selftest error case
* tools: add syncconf command

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2019-11-27 20:20:31 +01:00
Hans Dedecker
9057708b3d procd: update to latest git HEAD
3aa051b system: sysupgrade: close input side of pipe before reading

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-11-26 22:16:43 +01:00
Piotr Dymacz
5d2a900163 uboot-envtools: ath79: add support for YunCore XD4200 and A782
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2019-11-25 17:32:46 +01:00
Petr Štetiar
441c7944e6 libubox: update to latest Git HEAD
07413cce72e1 tests: jshn: add more test cases
26586dae43a8 jshn: fix missing usage for -p and -o arguments
8e832a771d3a jshn: fix off by one in jshn_parse_file
cb698e35409b jshn: jshn_parse: fix leaks of memory pointed to by 'obj'
c42f11cc7c0f jshn: main: fix leak of memory pointed to by 'vars'
93848ec96dc5 jshn: refactor main into smaller pieces
9b6ede0e5312 avl: guard against theoretical null pointer dereference
c008294a8323 blobmsg_json: fix possible uninitialized struct member
0003ea9c45cc base64: fix possible null pointer dereference
8baeeea1f52d add assert.h component
b0a5cd8a28bf add cram based unit tests
1fefb7c4d7f9 add initial GitLab CI support
c955464d7a9b enable extra compiler checks
6228df9de91d iron out all extra compiler warnings

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-24 14:19:43 +01:00
Hans Dedecker
68fb38548b nghttp2: bump to 1.40.0
41060943 Bump up version number to 1.40.0, LT revision to 33:0:19
5ae9bb89 Fail fast if huffman decoding context is in failure state
bb519154 Merge pull request #1413 from nghttp2/check-authority
77f5487a Add nghttp2_check_authority as public API
db9a8f6e Merge pull request #1409 from nghttp2/fix-wrong-stream-close-error-code
6f28a69b Merge pull request #1411 from richard78917/fix_warning
6ce4835e Fix the bug that stream is closed with wrong error code
29042f1c priority_spec::valid(): remove const qualifier from return value
d08c4395 Merge pull request #1405 from nghttp2/huffman
5d6964cf Faster huffman decoding
0d855bfc Faster huffman encoding
6f967c6e Fix errors reported by coverity scan
b8a43db8 Merge pull request #1394 from wrowe/fix-static-libname
70b62c1a Merge pull request #1393 from wrowe/fix-static-msvcrt
28b1f0b9 Avoid filename collision of static and dynamic lib
1dd966f1 Merge branch 'fix-nghttpx-mruby'
fe8946dd nghttpx: Fix bug that mruby is incorrectly shared between backends
72b71a6b Add new flag ENABLE_STATIC_CRT for Windows
f8933fe5 nghttpx: Reconnect h1 backend if it lost connection before sending headers
89c33d69 Update neverbleed
7079dc5e Update neverbleed to fix memory leak
5080db84 Revert "nghttpx: Reconnect h1 backend if it lost connection before sending headers"
053c7ac5 nghttpx: Returns 408 if backend timed out before sending headers
8a59ce6d nghttpx: Reconnect h1 backend if it lost connection before sending headers
f2fde180 Remove redundant null check before delete
95efb3e1 Don't read too greedily
0a6ce87c Add nghttp2_option_set_max_outbound_ack
2aa79fa9 Bump up LT revision to 32:0:18
3980678d Merge branch 'nghttpx-fix-request-stall'
319d5ab1 nghttpx: Fix request stall
448bbbc3 integration-tests: gofmt
e575a2aa Merge pull request #1377 from Aldrog/cmake_systemd
4f7aedc9 cmake: Support building nghttpx with systemd
7a590893 Fix clang-8 warning
ee443134 Fix FPE with default backend
abef9b90 Fix log-level is not set with cmd-line or configuration file
12a999f0 Bump up version number to 1.40.0-DEV
acfb3607 Update manual pages

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2019-11-23 21:32:04 +01:00
Sungbo Eo
298814e6be base-files: config_generate: split macaddr with multiple ifaces
netifd does not handle network.@device[x].name properly if it
contains multiple ifaces separated by spaces. Due to this, board.d
lan_mac setup does not work if multiple ifaces are set to LAN by
ucidef_set_interface_lan.

To fix this, create a device node for each member iface when
running config_generate instead. Those are named based on the
member ifname:

  ucidef_set_interface_lan "eth0 eth1.1"
  ucidef_set_interface_macaddr "lan" "yy:yy:yy:yy:yy:01"

will return

  config device 'lan_eth0_dev'
        option name 'eth0'
        option macaddr 'yy:yy:yy:yy:yy:01'

  config device 'lan_eth1_1_dev'
        option name 'eth1.1'
        option macaddr 'yy:yy:yy:yy:yy:01'

ref: https://github.com/openwrt/openwrt/pull/2542

Signed-off-by: Sungbo Eo <mans0n@gorani.run>
[always use new scheme, extend description, change commit title]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
2019-11-23 11:58:27 +01:00
Sebastian Kemper
28d84331f4 mac80211: add default value for noscan
Commit b3d8b3a introduced a new test:

[ -n "$noscan" -a "$noscan" -gt 0 ] && hostapd_noscan=1

But if length of "$noscan" is zero (noscan is not set) this doesn't stop
the shell to evaluate the rest of the test.

root@hank2:~# [ -n "$noscan" -a "$noscan" -gt 0 ]
ash: out of range
root@hank2:~#

So when radios are brought up this shows in the log:

Sat Nov 23 10:51:38 2019 daemon.info procd: - init complete -
Sat Nov 23 10:52:24 2019 daemon.notice netifd: radio1 (1243): sh: out of range
Sat Nov 23 10:52:25 2019 user.notice firewall: Reloading firewall due to ifup of wan (eth0.2)
Sat Nov 23 10:52:25 2019 daemon.notice netifd: radio0 (1242): sh: out of range
Sat Nov 23 10:52:26 2019 authpriv.info dropbear[1536]: Not backgrounding

This commit sets noscan to 0 if unset and removes the gratuitous length
check, preventing the warning.

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
2019-11-23 11:28:27 +01:00
Kevin Darbyshire-Bryant
f1ca277405 dnsmasq: correct sense & usage of dnsseccheckunsigned
dnsmasq v2.80 made 'dnssec-check-unsigned' the default, thus the uci
option was rendered ineffectual: we checked unsigned zones no matter the
setting.

Disabling the checking of unsigned zones is now achieve with the
"--dnssec-check-unsigned=no" dnsmasq option.

Update init script to pass required option in the disabled case.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2019-11-23 08:29:15 +00:00
Hauke Mehrtens
0062aad8ec e2fsprogs: Fix CVE-2019-5094 in libsupport
This adds the following patch from debian:
https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?h=debian/stable&id=09fe1fd2a1f9efc3091b4fc61f1876d0785956a8
libsupport: add checks to prevent buffer overrun bugs in quota code

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-22 22:48:01 +01:00
Hauke Mehrtens
a36c464efe mac80211: update to version 5.4-rc8
This updates mac80211 to backports based on kernel 5.4-rc8.

The deleted patches were applied upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2019-11-22 20:35:54 +01:00
Jo-Philipp Wich
482114d3f7 firewall: update to latest Git HEAD
8174814 utils: persist effective extra_src and extra_dest options in state file
72a486f zones: fix emitting match rules for zones with only "extra" options

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-22 18:53:57 +01:00
Hauke Mehrtens
d3a8a62692 wireless-regdb: Make it build with python2
This backports a patch to build it work with python2 in addition to
python3.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: Petr Štetiar <ynezz@true.cz>
2019-11-21 23:47:35 +01:00
Vladimir Vid
e7a96acf1b uboot-mvebu: add uDPU board
* add u-boot support for uDPU
* add line to copy u-boot binary to STAGING_DIR_IMAGE, this can later be used
as BL33 variable required for ATF build
* add patch to increase max gunzip size in mvebu_armada-37xx.h which is
required for booting the itb recovery images

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2019-11-21 07:32:41 +01:00
Vladimir Vid
52459ebf77 packages/boot: add arm-trusted-firmware-mvebu and initial uDPU support
ATF mvebu is required for building a functional bootloader for A7K/A8K and
A37xx platforms. uDPU device is added as the first target.

A3700 platform has a wide range of settings which can be used per device, so
options are defined under the Device sections.

Platform also required WTP (recovery) tools and mv-ddr package for the DDR
topology configuration. 32-bit cross compiler is used for building the WTMI
image.

After the build, flash-image.bin can be used with the bubt command from the
u-boot shell to flash the new version of u-boot.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2019-11-21 07:32:09 +01:00
Kevin Darbyshire-Bryant
3cee6f3f24 netifd: dhcp proto convert release to norelease
Change dhcp no/release on shutdown to 'norelease' uci option to match
existing proto dhcpv6 usage.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2019-11-20 10:52:57 +00:00
Andre Heider
1bf1490eeb
am33x-cm3: remove
This is currently unused and not working anyway, since the used upstream
kernel loads am335x-pm-firmware.elf and not am335x-pm-firmware.bin [0].

The last downstream patches using the latter were removed with e4eef7e6.

Remove it instead of fixing it since the rtc-only sleep state can even
damage the hardware [1].

[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ccbbb9faac946ce61c241ce9f08b3486fabf031d
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7a6cb0abe1aa63334f3ded6d2b6c8eca80e72302

Signed-off-by: Andre Heider <a.heider@gmail.com>
2019-11-20 10:49:01 +01:00
Andre Heider
c5d121654e omap: support booting off different mmc devices
Tested with installing to/sysupgrading from sd and emmc on boneblack.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2019-11-20 10:46:19 +01:00
Andre Heider
1f37b2226e omap: switch from uEnv.txt to generic distro booting
Which makes supporting different boot devices easy.

Signed-off-by: Andre Heider <a.heider@gmail.com>
2019-11-20 10:46:19 +01:00
Andre Heider
b69df1eee0 omap: update uboot to 2019.10
All patches have been dropped, they're either redundant (e.g. due to the
new and unset CONFIG_SPL_FAT_WRITE), break compilation (thumb hacks) or
have been applied upstream.

The defconfig for am335x_boneblack has been removed upstream [0], so use
am335x_evm for boneblack too.

Size changes (before, after, file):

ti_am335x-evm and ti_am335x-bone-black:
  79804 110832 MLO
 623836 756148 u-boot.img

ti_omap3-beagle:
  54148  57708 MLO
 496272 665728 u-boot.img

ti_omap4-panda:
  39356  40204 MLO
 284648 366672 u-boot.img

Tested on boneblack, which has the biggest spl size increase. The beagle and
panda spl sizes seem reasonable to not break booting.

[0] 8fa7f65dd0

Signed-off-by: Andre Heider <a.heider@gmail.com>
2019-11-20 10:46:19 +01:00
Koen Vandeputte
a74095c68c mac80211: refresh patches
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-19 14:59:03 +01:00
Koen Vandeputte
2d6a062b22 mac80211: backport upstream fixes
This potentially fixes some issues seen on IBSS
when interfaces go out of range and then re-appear.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2019-11-19 14:59:03 +01:00
Hauke Mehrtens
eaa047179a mac80211: Adapt to changes to skb_get_hash_perturb()
The skb_get_hash_perturb() function now takes a siphash_key_t instead of
an u32. This was changed in commit 55667441c84f ("net/flow_dissector:
switch to siphash"). Use the correct type in the fq header file
depending on the kernel version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2019-11-18 20:12:12 +01:00
Rafał Miłecki
cde8c2f2fb mac80211: brcmfmac: fix PCIe reset crash and WARNING
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2019-11-18 14:48:41 +01:00
Daniel Golle
d89427662d base-files: include 'reconf' in help output of 'wifi' command
Reported-by: Dirk Brenken <dev@brenken.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-18 12:58:31 +01:00
Daniel Golle
ccf2aa9d4b mac80211: detect existing interface before adding
Keep existing wdev when creating new nl80211 interfaces if phy and
type match, delete it otherwise.
To make this work, also remove left-over debugging function which
prevented the return-value of the 'iw' command to be taken into
account in mac80211_iw_interface_add().
As 4addr-mode (WDS) was setup during interface creation for station
interfaces, also set it after interface creation to make sure an
existing sta interface ends up with the right mode.

Fixes: a5bc9787d4 ("mac80211: add support for dynamically
                    reconfiguring wifi")
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-16 17:16:25 +01:00
Daniel Golle
50d6e92619 Revert "mac80211: restore mac80211_interface_cleanup()"
This reverts commit 000b7687bc.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2019-11-16 15:49:54 +01:00
Paul Blazejowski
7e623c3128 ath79: add support for Netgear WNDR3700v4
This patch adds ath79 support for Netgear WNDR3700v4.
Router was previously supported by ar71xx target only.
Note: device requires 'ar934x-nand' driver in kernel.

Specification
=============
  * Description: Netgear WNDR3700v4
  * Loader: U-boot
  * SOC: Atheros AR9344 (560 MHz)
  * RAM: 128 MiB
  * Flash: 128 MiB (NAND)
    - U-boot binary: 256 KiB
    - U-boot environment: 256 KiB
    - ART: 256 KiB
    - POT: 512 KiB
    - Language: 2 MiB
    - Config: 512 KiB
    - Traffic Meter: 3 MiB
    - Firmware: 25 MiB
    - ART Backup: 256 KiB
    - Reserved: 96 MiB
  * Ethernet: 5 x 10/100/1000 (4 x LAN, 1 x WAN) (AR8327)
  * Wireless:
    - 2.4 GHz b/g/n (internal)
    - 5 GHz a/n (AR9580)
  * USB: yes, 1 x USB 2.0
  * Buttons:
    - Reset
    - WiFi (rfkill)
    - WPS
  * LEDs:
    - Power (amber/green)
    - WAN (amber/green)
    - WLAN 2G (green)
    - WLAN 5G (blue)
    - 4 x LAN (amber/green)
    - USB (green)
    - WPS (amber/green)
  * UART: 4-pin connector JP1, 3.3V (Vcc, TX, RX, GND), 115200 8N1
  * Power supply: DC 12V 2.5A
  * MAC addresses: LAN=WLAN2G on case label, WAN +1, WLAN5G +2

Installation
============
  * TFTP recovery
  * TFTP via U-boot prompt
  * sysupgrade
  * Web interface

Note about partitioning: firmware partition offset (0x6c0000) is
hardcoded into vendor's u-boot, so this partition cannot be moved
and resized to include Netgear-specific flash areas (pot, language,
config, traffic_meter) not used by OpenWrt.

Test build configuration
========================
CONFIG_TARGET_ath79=y
CONFIG_TARGET_ath79_nand=y
CONFIG_TARGET_ath79_nand_DEVICE_netgear_wndr3700-v4=y
CONFIG_ALL_KMODS=y
CONFIG_DEVEL=y
CONFIG_CCACHE=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_IMAGEOPT=y

Signed-off-by: Paul Blazejowski <paulb@blazebox.homeip.net>
2019-11-14 23:14:15 +01:00
Petr Štetiar
8f0a540648 fwtool: update to latest Git head
8f7fe925ca20 cmake: use extra compiler warnings only on gcc6+

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-14 22:53:31 +01:00
Petr Štetiar
240d590ca4 uci: update to latest Git head
8dd50da20de0 lua: fix error handling
 a2cab3b088a2 ucimap: fix possible use of memory after it is freed
 9cf978bc7964 delta: prevent possible null pointer use
 7736f497d2d9 cli: remove unused variable assigment
 39093f3b040d lua: fix memory leak in set method
 19ceff323f1e lua: fix memory leak in changes method
 18049a84fe40 tests: add cram based unit tests
 2b549cc050de lua: fix copy&paste in error string
 f5dd5217d627 cli: fix realloc issue spotted by cppcheck
 af59f86a0db9 iron out all extra compiler warnings
 1637d2918692 tests: shunit2: run all tests under Valgrind by default
 c1af73bfb023 cmake: enable extra compiler checks
 be69504e3666 cmake: build Lua module only if enabled
 38a2f12ec5ab tests: shunit2: fix issues reported by shellcheck
 266fc9e94c1e add initial GitLab CI support
 17d6144a49c6 tests: shunit2: make it working under CMake
 a6e8bbefd860 cmake: add unit testing option and shunit2 tests
 0ca93fec701a test: move shunit2 tests under standalone subdirectory

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-11-14 22:53:31 +01:00