Commit Graph

14904 Commits

Author SHA1 Message Date
Hans Dedecker
8bb9d053eb dropbear: backport upstream fix for CVE-2018-15599
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-24 19:17:50 +02:00
Jo-Philipp Wich
4b4a6308e7 OpenWrt v18.06.1: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-16 18:36:52 +02:00
Jo-Philipp Wich
70255e3d62 OpenWrt v18.06.1: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-16 18:36:48 +02:00
Jo-Philipp Wich
5eb055306f rpcd: update to latest git HEAD
41333ab uci: tighten uci reorder operation error handling
f91751b uci: tighten uci delete operation error handling
c2c612b uci: tighten uci set operation error handling
948bb51 uci: tighten uci add operation error handling
51980c6 uci: reject invalid section and option names

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 8c91807214)
2018-08-16 09:51:15 +02:00
Hauke Mehrtens
e11df1eac6 openssl: update to version 1.0.2p
This fixes the following security problems:
 * CVE-2018-0732: Client DoS due to large DH parameter
 * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:42:39 +02:00
Yousong Zhou
508adbd871 uci: bump to source date 2018-08-11
Fixes segfault when parsing malformed delta lines

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 3493c1cf41)
2018-08-11 12:05:58 +00:00
Kabuli Chana
ec1c66f53f mwlwifi: update to version 10.3.8.0-20180615
fix mcs rate for HT
support 88W8997
protect rxringdone

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2018-08-11 09:51:16 +02:00
John Crispin
433c94f296 wpa_supplicant: fix CVE-2018-14526
Unauthenticated EAPOL-Key decryption in wpa_supplicant

Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/

Vulnerability

A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.

When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.

Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.

Vulnerable versions/configurations

All wpa_supplicant versions.

Acknowledgments

Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.

Possible mitigation steps

- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.

- Merge the following commits to wpa_supplicant and rebuild:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

This patch is available from https://w1.fi/security/2018-1/

- Update to wpa_supplicant v2.7 or newer, once available

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 1961948585)
2018-08-10 15:51:24 +02:00
Jo-Philipp Wich
2a8d8adfb0 Revert "libevent2: Don't build tests and samples"
This reverts commit fe90d14880.

The cherry pick does not apply cleanly to 18.06.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-09 15:27:52 +02:00
Zoltan HERPAI
aeec1dd7ba firmware: intel-microcode: bump to 20180703
* New upstream microcode data file 20180703
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
      sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
      sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
      sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
      sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
      sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
      sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
      sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
    + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
    + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
      Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
      Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
      server dies.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-08-09 00:45:39 +02:00
Hauke Mehrtens
8d903be35a curl: Fix CVE-2018-0500
This backports a fix for:
* CVE-2018-0500 SMTP send heap buffer overflow
See here for details: https://curl.haxx.se/docs/adv_2018-70a2.html

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:51:41 +02:00
Hauke Mehrtens
1e4b5c8b1f ustream-ssl: update to version 2018-05-22
5322f9d mbedtls: Fix setting allowed cipher suites
e8a1469 mbedtls: Add support for a session cache

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:51:41 +02:00
Hauke Mehrtens
ea22e3df3e mbedtls: Update to 2.12.0
Multiple security fixes
* CVE-2018-0497 Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel
* CVE-2018-0498 Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel

Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
Disable Chacha20 and Poly1305 cryptographic primitives, added in 2.12.0
Patch the so version back to the original one, the API changes are
looking no so invasive.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.967 Bytes
ipkg for mips_24kc after:
164.753 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:49:59 +02:00
Hauke Mehrtens
0d5a041095 mbedtls: Activate the session cache
This make sit possible to store informations about a session and reuse
it later. When used by a server it increases the time to create a new
TLS session from about 1 second to less than 0.1 seconds.

The size of the ipkg file increased by about 800 Bytes.
ipkg for mips_24kc before:
163.140 Bytes
ipkg for mips_24kc after:
163.967 Bytes

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 22:49:17 +02:00
Daniel Engberg
69c75f076a mbedtls: cleanup config patch
Clean up patch, use "//" consistently.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 21:34:20 +02:00
Hauke Mehrtens
6603a0c232 mbedtls: Deactivate platform abstraction
This makes mbedtls use the POSIX API directly and not use the own
abstraction layer.
The size of the ipkg decreased by about 100 bytes.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-08 21:32:26 +02:00
John Crispin
6a27c2f4b1 base-files: drop fwtool_pre_upgrade
this feature has never worked, the fw image name was not passed and the -t
parameter was missing in the tool invocation. drop the feature.

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 5e1b4c57de)
2018-08-08 15:42:06 +02:00
Eneas U de Queiroz
fe90d14880 libevent2: Don't build tests and samples
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This reduces build time significantly.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit 26dbf79f49)
2018-08-08 15:41:44 +02:00
Masashi Honma
25cb85abe7 wwan: Fix teardown for sierra_net driver
The sierra_net driver is using proto_directip_setup for setup. So use
proto_directip_teardown for teardown.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
(cherry picked from commit d05967baec)
2018-08-08 15:39:57 +02:00
Lukas Mrtvy
7e03be7e2e kernel: leds-apu2 remove boardname check
'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'

Signed-off-by: Lukas Mrtvy <lukas.mrtvy@gmail.com>
(cherry picked from commit f21bcb4db8)
2018-08-08 15:37:10 +02:00
Christian Schoenebeck
8139438fc0 dropbear: close all active clients on shutdown
Override the default shutdown action (stop) and close all processes
of dropbear

Since commit 498fe85, the stop action only closes the process
that's listening for new connections, maintaining the ones with
existing clients.
This poses a problem when restarting or shutting-down a device,
because the connections with existing SSH clients, like OpenSSH,
are not properly closed, causing them to hang.

This situation can be avoided by closing all dropbear processes when
shutting-down the system, which closes properly the connections with
current clients.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
[Luis: Rework commit message]
Signed-off-by: Luis Araneda <luaraneda@gmail.com>

(cherry picked from commit 1e177844bc)
2018-08-08 15:36:46 +02:00
Lukáš Mrtvý
c3df07ab3b kernel: gpio-nct5104d remove boardname check
'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'

Signed-off-by: Lukáš Mrtvý <lukas.mrtvy@gmail.com>
(cherry picked from commit d3b8e6b2a7)
2018-08-08 15:35:46 +02:00
Kevin Darbyshire-Bryant
da9a7a9a51 basefiles: Reword sysupgrade message
sysupgrade 'upgrade' message more verbose than needs be.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit edf338f248)
2018-08-08 15:32:44 +02:00
Florian Eckert
d101899395 linux: update license tag to use correct SPDX tag
Use SPDX tag.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit c79ef6fbe3)
2018-08-08 15:30:34 +02:00
Zoltan HERPAI
c61f543532 firmware: amd64-microcode: update to 20180524
* New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00800f12, patch id 0x08001227, 2018-02-09
    + Updated Microcodes:
      sig 0x00600f12, patch id 0x0600063e, 2018-02-07
      sig 0x00600f20, patch id 0x06000852, 2018-02-06
  * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
    plus other unspecified fixes/updates.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
(cherry picked from commit 10e393262c)
2018-08-08 15:29:36 +02:00
Jo-Philipp Wich
5742a2ba35 libubox: fix mirror hash
Correct the mirror hash to reflect whats on the download server.

A locally produced libubox SCM tarball was also verified to yield an identical
checksum compared to the one currently on the download server.

Fixes FS#1707.
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 432eaa940f)
2018-08-07 16:33:02 +02:00
John Crispin
23d4f663e3 netifd: update to latest git HEAD
a0a1e52 fix compile error
75ee790 interface-ip: fix eui64 ifaceid generation (FS#1668)
ca97097 netifd: make sure the vlan ifname fits into the buffer
b8c1bca iprule: remove bogus assert calls
a2f952d iprule: fix broken in_dev/out_dev checks
263631a vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name()
291ccbb ubus: display correct prefix size for IPv6 prefix address
908a9f4 CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags
b06b011 proto-shell.c: add a explicit "fall through" comment to make the compiler happy
60293a7 replace fall throughs in switch/cases where possible with simple code changes
5cf7975 iprule: rework interface based rules to handle dynamic interfaces
57f87ad Introduce new interface event "create" (IFEV_CREATE)
03785fb system-linux: fix build error on older kernels
d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming
e9eff34 system-linux: extend link mode speed definitions
c1f6a82 system-linux: add autoneg and link-partner output

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 3c4eeb5d21)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-06 21:45:22 +02:00
Jo-Philipp Wich
8be3af93b4 uclient: update to latest git HEAD
f2573da uclient-fetch: use package name pattern in message for missing SSL library
9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename
f41ff60 uclient-http: basic auth: Handle memory allocation failure
a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures
66fb58d uclient-http: Handle memory allocation failure
2ac991b uclient: Handle memory allocation failure for url
63beea4 uclient-http: Implement error handling for header-sending
eb850df uclient-utils: Handle memory allocation failure for url file name
ae1c656 uclient-http: Close ustream file handle only if allocated

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e44162ffca)
2018-08-03 23:55:36 +02:00
Koen Vandeputte
7d15f96eaf iperf: bump to 2.0.12
2.0.12 change set (as of June 25th 2018)

o Change the unicast TTL default value from 1 to the system default (to be compatable with previous versions.) Mulitcast still defaults to 1.
o adpative formatting bug fix: crash occurs when values exceed 1 Tera. Add support for Tera and Peta and eliminate the potential crash condition
o configure default compile to include isochronous support (use configure --disable-isochronous to remove support)
o replace 2.0.11's --vary-load option with a more general -b option to include <mean>,<stdev>, e.g. -b 100m,40m, which will pull from a log normal distribution every 0.1 seconds
o fixes for windows cross compile (using mingw32)
o compile flags of -fPIE for android
o configure --enable-checkprograms to compile ancillary binaries used to test things such as delay, isoch, pdf generation
o compile tests when trying to use 64b seq numbers on a 32b platform
o Fix GCC ver 8 warnings

2.0.11 change set (as of May 24th, 2018)

o support for -b on server (read rate limiting)
o honor -T (ttl) for unicast. (Note: the default value is 1 so this will impact unicast tests that require routing)
o support for --isochronous traffic with optional frames per second, mean and variance uses a log normal distribution (requires configure w/-enable-isochronous and compile)
o support for --udp triggers (requires configure w/ --enable-udptriggers, early code with very limited support)
o support for --udp-histogram with optional bin width and number of bins (default is 1 millisecond bin width and 1000 bins)
o support for frame (burst) latency histograms when --isochronous is set
o support for --tx-sync with -P for synchonrized writes. Initial use is for WiFi OFDMA latency testing.
o support for --incr-dstip with -P for simultaneous flows to multiple destinations (use case is for OFDMA)
o support for --vary-load with optional weight, uses log normal distribution (requires -b to set the mean)
o support for --l2checks to detect L2 length errors not detected by v4 or v6 payload length errors (requires linux, berkeley packet filters BPFs and AF_PACKET socket support)
o support for server joining mulitcast source specific multicast (S,G) and (*,G) for both v4 and v6 on platforms that support it
o improved write counters (requires -e)
o accounting bug fix on client when write fails, this bug was introduced in 2.0.10
o slight restructure client/server traffic thread code for maintainability
o python: flow example script updates
o python: ssh node object using asyncio
o python: histograms in flows with plotting (assumed gnuplot available)
o python: hierarchical clustering of latency histograms (early code)
o man pages updates
o Note: latency histograms require client and server system clock synchronization. A GPS disciplined oscillator using Precision Time Protocol works well for this.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-02 15:00:17 +02:00
Christian Schoenebeck
93782d5e8e ca-certificates[18.06]]: remove myself as PKG_MAINTAINER
remove myself as PKG_MAINTAINER

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2018-07-31 00:01:56 +02:00
Jo-Philipp Wich
ce234299bc OpenWrt v18.06.0: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-30 18:30:59 +02:00
Jo-Philipp Wich
03b693064b OpenWrt v18.06.0: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-30 18:30:59 +02:00
Jo-Philipp Wich
f24e012997 base-files: network.sh: gracefully handle missing network.interface ubus ns
When attempting to use any of the functions in network.sh while netifd is
not started yet, the ubus interface dump query will fail with "Not found",
yielding an empty response.

Subsequently, jsonfilter is invoked with an empty string instead of a valid
JSON document, causing it to emit a second "unexpected end of data" error.

This caused the dnsmasq init script to log the following errors during
early boot on some systems:

    procd: /etc/rc.d/S19dnsmasq: Command failed: Not found.
    procd: /etc/rc.d/S19dnsmasq: Failed to parse json data: unexpected end of data.

Fix the issue by allowing the ubus query to fail with "Not found" but still
logging other failures, and by passing an empty JSON object to jsonfilter
if the interface status cache is empty.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-30 13:19:19 +02:00
Nick Hainke
d4a4f06589 iwinfo: update to version 2018-07-24
Update to new iwinfo version.
Adds support for channel survey.
Adds ubus support.
Etc.

Signed-off-by: Nick Hainke <vincent@systemli.org>
(cherry picked from commit 296ae7ab89)
2018-07-30 11:21:25 +02:00
John Crispin
4a39d8cfd0 iwinfo: bump to latest git HEAD
e59f925 hardware: add device ids for QCA9984, 88W8887 and 88W8964 radios
2a82f87 nl80211: back out early when receiving FAIL-BUSY reply
77c32f0 nl80211: fix code calculating average signal and rate

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 20b76c0a5b)
2018-07-30 11:21:24 +02:00
Kevin Darbyshire-Bryant
cf5a892430 dnsmasq: bump to dnsmasq v2.80test3
Refresh patches

Upstream commits since last bump:

3b6eb19 Log DNSSEC trust anchors at startup.
f3e5787 Trivial comment change.
c851c69 Log failure to confirm an address in DHCPv6.
a3bd7e7 Fix missing fatal errors when parsing some command-line/config options.
ab5ceaf Document the --help option in the french manual
1f2f69d Fix recurrent minor spelling mistake in french manual
f361b39 Fix some mistakes in french translation of the manual
eb1fe15 When replacing cache entries, preserve CNAMES which target them.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 1e93ef8498)
2018-07-28 11:23:58 +01:00
Hans Dedecker
bf1b0fad2b dnsmasq: don't use network functions at boottime (FS#1542)
As dnsmasq is started earlier than netifd usage of network.sh functions
at boottime will fail; therefore don't call at boottime the functions
which construct the dhcp pool/relay info.
As interface triggers are installed the dhcp pool/relay info will be
constructed when the interface gets reported as up by netifd.
At the same time also register interface triggers based on DHCP relay
config.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 2336b942b3)
2018-07-28 11:23:57 +01:00
Kevin Darbyshire-Bryant
cb9d5f0a7c dnsmasq: bump to latest patches on 2.80rc2
Refresh patches and backport upstream to current HEAD:

a997ca0 Fix sometimes missing DNSSEC RRs when DNSSEC validation not enabled.
51e4eee Fix address-dependent domains for IPv6.
05ff659 Fix stupid infinite loop introduced by preceding commit.
db0f488 Handle some corner cases in RA contructed interfaces with addresses changing interface.
7dcca6c Warn about the impact of cache-size on performance.
090856c Allow zone transfer in authoritative mode whenever auth-peer is specified.
cc5cc8f Sane error message when pcap file header is wrong.
c488b68 Handle standard and contructed dhcp-ranges on the same interface.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit fbf475403b)
2018-07-28 11:23:57 +01:00
Rafał Miłecki
29aab93ea2 mac80211: backport brcmfmac fixes & debugging helpers from 4.18
The most important is probably regression fix in handling platform
NVRAM. That bug stopped hardware from being properly calibrated breaking
e.g. 5 GHz for Netgear R8000.

Other than that it triggers memory dumps when experiencing firmware
problems which is important for debugging purposes.

Fixes: 2811c97803 ("mac80211: backport brcmfmac firmware & clm_blob loading rework")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b26214adb5)
2018-07-27 08:14:13 +02:00
Jo-Philipp Wich
4e7f4777b0 odhcpd: update to latest git HEAD
Changes:

  81a281e dhcpv6-ia: fix border assignment size setting
  a2ffc59 dhcpv6-ia: fix status code for not on link IAs
  5b087a6 dhcpv6-ia: improve error checking in assign_pd()
  c9114a1 config: fix wrong assignment
  bb8470f dhcpv4: delay forced renew transaction start
  62a1b09 dhcpv4: fix DHCP address space logic
  d5726ff dhcpv4: improve logging when sending DHCP messages
  9484351 odhcpd: call handle_error when socket error can be retrieved
  c45e2eb dhcpv6: fix out of bounds write in handle_nested_message()
  c2ff5af dhcpv6-ia: log renew messages as well
  676eb38 router: fix possible segfault in send_router_advert()
  392701f odhcpd: fix passing possible negative parameter
  029123b treewide: switch to C-code style comments
  6b79748 router: improve error checking
  12e21bc netlink: fix incorrect sizeof argument
  d7aa414 dhcpv6: improve error checking in dhcpv6_setup_interface()
  373495a ubus: fix invalid ipv6-prefix json
  79d5e6f ndp: improve error checking
  d834ae3 dhcpv4: fix error checking in dhcpv4_setup_interface()
  f2aa383 dhcpv4: fix out of bound access in dhcpv4_put
  4591b36 dhcpv4: improve error checking in dhcpv4_setup_interface()
  4983ee5 odhcpd: fix strncpy bounds
  c0f6390 odhcpd: Check if open the ioctl socket failed
  345bba0 dhcpv4: improve error checking in handle_dhcpv4()
  44cce31 ubus: avoid dumping interface state with NULL message

Cherry picked and squashed from commits:

  b7ef10cbf0 odhcpd: update to latest git HEAD
  98a6bee09a odhcpd: update to latest git HEAD
  88c88823d5 odhcpd: update to latest git HEAD

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-26 18:55:32 +02:00
Jo-Philipp Wich
da0dd6adc2 ubus: update to latest git HEAD
40e0931 libubus: pass an empty UBUS_ATTR_DATA block if msg is NULL on invoke

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 7316515891)
2018-07-26 18:37:18 +02:00
Hans Dedecker
3f0d44b8de firewall: update to latest git HEAD and build with LTO
Reduces .ipk size on MIPS from 41.6k to 41.1k

Changes:

  30463d0 zones: add interface/subnet bound LOG rules
  0e77bf2 options: treat time strings as UTC times
  d2bbeb7 firewall3: make reject types selectable by user
  aa8846b ubus: avoid dumping interface state with NULL message

Cherry picked and squashed from commits:

  a3f2451fba firewall: update to latest git HEAD
  433d71e73e fw3: update to latest git HEAD
  ef96d1e34a firewall: compile with LTO enabled
  1e83f775a3 firewall3: update to latest git HEAD
  3ee2c76ae0 firewall: update to latest git HEAD

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-26 08:49:52 +02:00
John Crispin
69021e9b89 ubus: update to latest git HEAD
884be45 libubus: check for non-NULL data before running callbacks

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit a5c3bbaf56)
2018-07-25 13:03:58 +02:00
John Crispin
6302f0161b libubox: update to latest git HEAD
c83a84a fix segfault when passed blobmsg attr is NULL

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 5dc32620c4)
2018-07-25 13:03:55 +02:00
Aleksandr V. Piskunov
f91a0f3b1a wireguard-tools: add wireguard_watchdog script
This watchdog script tries to re-resolve hostnames for inactive WireGuard peers.
Use it for peers with a frequently changing dynamic IP.
persistent_keepalive must be set, recommended value is 25 seconds.
Run this script from cron every minute:
echo '* * * * * /usr/bin/wireguard_watchdog' >> /etc/crontabs/root

Signed-off-by: Aleksandr V. Piskunov <aleksandr.v.piskunov@gmail.com>
[bump the package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 20c4819c7b)
2018-07-25 11:23:35 +01:00
Jason A. Donenfeld
f1dbfa1937 wireguard: bump to 0.0.20180718
80b41cd version: bump snapshot
fe5f0f6 recieve: disable NAPI busy polling
e863f40 device: destroy workqueue before freeing queue
81a2e7e wg-quick: allow link local default gateway
95951af receive: use gro call instead of plain call
d9501f1 receive: account for zero or negative budget
e80799b tools: only error on wg show if all interfaces failk

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[Added commit log to commit description]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 57b808ec88)
2018-07-25 11:23:35 +01:00
Jason A. Donenfeld
ff91b32d26 wireguard: bump to 0.0.20180708
* device: print daddr not saddr in missing peer error
* receive: style

Debug messages now make sense again.

* wg-quick: android: support excluding applications

Android now supports excluding certain apps (uids) from the tunnel.

* selftest: ratelimiter: improve chance of success via retry
* qemu: bump default kernel version
* qemu: decide debug kernel based on KERNEL_VERSION

Some improvements to our testing infrastructure.

* receive: use NAPI on the receive path

This is a big change that should both improve preemption latency (by not
disabling it unconditionally) and vastly improve rx performance on most
systems by using NAPI. The main purpose of this snapshot is to test out this
technique.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 4630159294)
2018-07-25 11:23:34 +01:00
Kevin Darbyshire-Bryant
a80276235a iproute2: tc: backport canonical cake support
iproute2's tc was updated to support the recently upstreamed cake qdisc.
Backport this canonical support from upstream into iproute2 v4.16

There is no kernel kmod/userspace tc ABI change in this release from the
previous package bump, so everyone can breath a sigh of relief.

This is largely a code style change, the exception to prove the rule:
option 'autorate_ingress' has been changed to 'autorate-ingress' to fit
in with upstream option naming expectations.

No openwrt package (e.g. sqm-scripts) has knowledge of
'autorate_ingress' thus only users who made their own scripts or used
it within the 'dangerous configuration' options of sqm-scripts will be
affected.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-21 09:08:45 +01:00
Luiz Angelo Daros de Luca
a297324a13 base-files: fix wrong sysctl parameter order
Restarting service sysctl echos multiple errors like:

  sysctl: -e: No such file or directory

After the first filename, all remaining arguments are treated
as files.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-07-18 19:20:07 +02:00
Kevin Darbyshire-Bryant
1e48546a6a igmpproxy: run in foreground for procd
procd needs processes to stay in foreground to remain under its gaze and
control.  Failure to do so means service stop commands fail to actually
stop the process (procd doesn't think it's running 'cos the process has
exited already as part of its forking routing)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 9d5a246930)
2018-07-18 18:06:15 +01:00
Rafał Miłecki
1086408b17 mtd: improve check for TRX header being already fixed
First of all lengths should be compared after checking all blocks for
being good/bad. It's because requested length may differ from a final
one if there were some bad blocks.

Secondly it makes sense to also compare crc32 since we already have a
new one calculated.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 82498a7f7a)
2018-07-16 23:18:45 +02:00
Rafał Miłecki
5dca299fab mtd: support bad blocks within the mtd_fixtrx()
Reading MTD data with (p)read doesn't return any error when accessing
bad block. As the result, with current code, CRC32 covers "data" stored
in bad blocks.

That behavior doesn't match CFE's one (bootloader simply skips bad
blocks) and may result in:
1) Invalid CRC32
2) CFE refusing to boot firmware with a following error:
Boot program checksum is invalid

Fix that problem by checking every block before reading its content.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0f54489f75)
2018-07-16 23:18:45 +02:00
Kevin Darbyshire-Bryant
5889cf70e9 kmod-sched-cake: bump to 20180716
Bump to the latest cake recipe.

This backports tc class support to kernel 4.9 and other than conditional
kernel compilation pre-processor macros represents the cake that has
gone upstream into kernel 4.19.  Loud cheer!

Fun may be had by changing cake tin classification for packets on
ingress. e.g.

tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \
ip dport 6981 0xffff action skbedit priority 800b:1

Where 800b: represents the filter handle for the ifb obtained by 'tc
qdisc' and the 1 from 800b:1 represents the cake tin number.  So the
above example puts all incoming packets destined for port 6981 into the
BULK (lowest priority) tin.

f39ab9a Obey tin_order for tc filter classifiers
1e2473f Clean up after latest backport.
82531d0 Reorder includes to fix out of tree compilation
52cbc00 Code style cleanup
6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR()
cab17b6 Remove duplicate call to qdisc_watchdog_init()
71c7991 Merge branch 'backport-classful'
32aa7fb Fix compilation on Linux 4.9
9f8fe7a Fix compilation on Linux 4.14
ceab7a3 Rework filter classification
aad5436 Fixed version of class stats
be1c549 Add cake-specific class stats
483399d Use tin_order for class dumps
80dc129 Add class dumping
0c8e6c1 Fix dropping when using filters
c220493 Add the minimum class ops
5ed54d2 Start implementing tc filter/class support

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit c729c43b39)
2018-07-16 13:57:31 +01:00
Tony Ambardar
393ee8d0b2 qos-scripts: fix uci callback handling
The previous callback code was fragile, dependent on some UCI callback
bugs and side-effects now fixed in master commit 73d8a6ab.

Update scripts to use callbacks where appropriate and necessary, while
using normal UCI config parsing for all else. This results in smaller,
simpler, more robust code. Use callbacks in generate.sh to only process
'interface' defaults and the varying entries for 'reclassify', 'default'
and 'classify' sections. Also switch qos-stat to use non-callback UCI
handling.

The current changes work independently of 73d8a6ab (i.e. both before and
after), and are consistent with UCI config parsing documentation.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-07-16 09:32:27 +02:00
Tony Ambardar
c9c0fc28a9 base-files: fix UCI config parsing and callback handling
There are several long-standing issues present in the UCI shell API as
documented in https://wiki.openwrt.org/doc/devel/config-scripting. They
relate both to high-level, user-defined callback functions used to
process UCI config files, and also to low-level functions used within
scripts generally.

The related problems have been encountered now and in the past, e.g.
https://forum.openwrt.org/viewtopic.php?id=54295, and include:

a) UCI parsing option() function and user-defined option_cb() callbacks
being erroneously called during processing of "list" config file entries;

b) normal usage of the low-level config_set() unexpectedy calling any
defined option_cb() if present; and

c) handling of the list_cb() not respecting the NO_CALLBACK variable.

Root causes include a function stack "inversion", where the low-level
config_set() function incorrectly calls the high-level option() function,
intended only for processing the "option" keyword of UCI config files.

This change addresses the inversion and other issues, making the option
handling code more consistent and smaller, and simplifying developers'
usage of UCI callbacks.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-07-16 09:32:06 +02:00
Hans Dedecker
3539430b3d odhcp6c: add noserverunicast config option for broken DHCPv6 servers
Fix broken DHCPv6 servers which provide the server unicast option but
do not reply on DHCPv6 renew messages directed to the IPv6 address
contained in the server unicast option which results in broken IPv6
connectivity.

67ae6a7 odhcp6c: add option to ignore Server Unicast option

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-15 22:23:09 +02:00
Hans Dedecker
6363377c47 odhcp6c: update to latest git HEAD
b99c1f6 odhcp6c: remove len check in option parsing handle

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-15 22:22:26 +02:00
Hans Dedecker
ce8cab388a odhcp6c: user string option support
ca8822b odhcp6c: add support for user string options

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-15 22:22:17 +02:00
Jo-Philipp Wich
7fc7128b08 OpenWrt v18.06.0-rc2: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-15 17:54:39 +02:00
Jo-Philipp Wich
4de335bdbe OpenWrt v18.06.0-rc2: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-15 17:54:33 +02:00
Jo-Philipp Wich
e4d0ee5af5 uhttpd: update to latest Git head
db86175 lua: honour size argument in recv() function
d3b9560 utils: add uh_htmlescape() helper
8109b95 file: escape strings in HTML output
393b59e proc: expose HTTP Origin header in process environment
796d42b client: flush buffered SSL output when tearing down client ustream

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b54bef2058)
2018-07-15 14:30:50 +02:00
Felix Fietkau
68f40d7ecc mt76: update to the latest version
08719b1 mt76: use a per rx queue page fragment cache
4d2c565 mt76x2: reset HW before probe
f622975 mt76x2: fix CCK protection control frame rate
6780375 mt76x2: add frame protection support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 16:39:55 +02:00
Matthias Schiffer
514a4b3e1b
include/feeds.mk: rework generation of opkg distfeeds.conf
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 16035a7dd3)
2018-07-12 21:26:42 +02:00
Matthias Schiffer
3e89f58a5e
base-files: fix feed list in PKG_CONFIG_DEPENDS
FEEDS_ENABLED and FEEDS_DISABLED are derived from FEEDS_AVAILABLE, not
FEEDS_INSTALLED.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
(cherry picked from commit 6dac434c00)
2018-07-12 21:26:41 +02:00
Koen Vandeputte
27014da237 mac80211: Expose support for ath9k Dynack
Enables support for Dynack feature.

When a remote station is far away, we need to compensate for the distance
by allowing more time for an ACK to arrive back before issueing a retransmission.
Currently, it needs to be set fixed to indicate the maximum distance the remote
station will ever be.

While this mostly works for static antennae, it introduces 2 issues:
- If the actual distance is less, speed is reduced due to a lot of wates wait-time
- If the distance becomes greater, retries start to occur and comms can get lost.

Allowing to set it dynamically using dynack ensures the best possible tradeoff
between speed vs distance.

This feature is currently only supported in ath9k.
it is also disabled by default.

Enabling it can be done in 2 ways:
- issue cmd:  iw phy0 set distance auto
- sending the NL80211_ATTR_WIPHY_DYN_ACK flag to mac80211 driver using netlink

Disabling it can be done by providing a valid fixed value.

To give an idea of a practical example:

In my usecase, we have mesh wifi device installed on ships/platforms.
Currently, the coverage class is set at 12000m fixed.

When a vessel moved closer (ex. 1500m), the measured link capacity was a lot
lower compared to setting the coverage class fixed to 1500m

Dynack completely solved this, nearly providing double the bandwidth at closer range
compared to the fixed setting of 12000m being used.

Also when a vessel sailed to a distance greater than the fixed setting,
communication was lost as the ACK's never arrived within the max allowed timeframe.

Actual distance: 6010m
iperf 60s run avg

Fixed 12150m:  31 Mbit/s
Dynack:        58 Mbit/s

Fixed 6300m:   51 Mbit/s
Dynack:        59 Mbit/s

Fixed 3000m:   13 Mbit/s  (lots of retries)
Dynack:        58 Mbit/s

Actual distance: 1504m
iperf 60s run avg

Fixed 12150m:  31 Mbit/s
Dynack:        86 Mbit/s

Fixed 6300m:   55 Mbit/s
Dynack:        87 Mbit/s

Fixed 3000m:   67 Mbit/s
Dynack:        87 Mbit/s

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-12 11:46:17 +02:00
Sven Eckelmann
b84a07b380
mac80211: initialize sinfo in cfg80211_get_station
Most of the implementations behind cfg80211_get_station will not initialize
sinfo to zero before manipulating it. For example, the member "filled",
which indicates the filled in parts of this struct, is often only modified
by enabling certain bits in the bitfield while keeping the remaining bits
in their original state. A caller without a preinitialized sinfo.filled can
then no longer decide which parts of sinfo were filled in by
cfg80211_get_station (or actually the underlying implementations).

cfg80211_get_station must therefore take care that sinfo is initialized to
zero. Otherwise, the caller may tries to read information which was not
filled in and which must therefore also be considered uninitialized. In
batadv_v_elp_get_throughput's case, an invalid "random" expected throughput
may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may
switch to non-optimal neighbors for certain destinations.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
(cherry picked from commit 87493dac11)
2018-07-08 23:22:17 +02:00
Sven Eckelmann
6258c965a0
ath10k-ct: search DT for BDF variant info
Board Data File (BDF) is loaded upon driver boot-up procedure. The right
board data file is identified on QCA4019 using bus, bmi-chip-id and
bmi-board-id.

The problem, however, can occur when the (default) board data file cannot
fulfill the vendor requirements and it is necessary to use a different
board data file.

This problem was solved for SMBIOS by adding a special SMBIOS type 0xF8.
Something similar has to be provided for systems without SMBIOS but with
device trees. No solution was specified by QCA and therefore a new one has
to be found for ath10k.

The device tree requires addition strings to define the variant name

    wifi@a000000 {
    	status = "okay";
    	qcom,ath10k-calibration-variant = "RT-AC58U";
    };

    wifi@a800000 {
    	status = "okay";
    	qcom,ath10k-calibration-variant = "RT-AC58U";
    };

This would create the boarddata identifiers for the board-2.bin search

 *  bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=RT-AC58U
 *  bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=RT-AC58U

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
(cherry picked from commit 1c01e02575)
2018-07-08 23:22:17 +02:00
Kevin Darbyshire-Bryant
585208a356 wireguard: bump to 0.0.20180625
dfd9827 version: bump snapshot
88729f0 wg-quick: android: prevent outgoing handshake packets from being dropped
1bb9daf compat: more robust ktime backport
68441fb global: use fast boottime instead of normal boottime
d0bd6dc global: use ktime boottime instead of jiffies
18822b8 tools: fix misspelling of strchrnul in comment
0f8718b manpages: eliminate whitespace at the end of the line
590c410 global: fix a few typos
bb76804 simd: add missing header
7e88174 poly1305: give linker the correct constant data section size
fd8dfd3 main: test poly1305 before chacha20poly1305
c754c59 receive: don't toggle bh

Compile-tested-for: ath79 Archer C7 v2
Run-tested-on: ath79 Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 3ce11588f6)
2018-07-07 11:27:21 +01:00
Kevin Darbyshire-Bryant
c9a51c471d kmod-sched-cake: bump to latest 20180706
Fixes a potential infinite loop bug when in unlimited (ie not using
built in shaper) mode.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 4bd4ece9ea)
2018-07-07 11:13:02 +01:00
Kevin Darbyshire-Bryant
9ada61881c kmod-sched-cake: bump to latest cake
This bumps to the latest & possibly greatest cake, sadly it's still
inedible but from an SQM point of view quite tasty :-)

Main tweaks since previous bump, improved ack_filter, some extra stats,
support for 64bit netlink parameters (higher rates/byte counters)

0520a6c Fix NAT option handling
8da93e1 Make sure we always call qdisc_watchdog_init() in cake_init()
f65daf6 Fix mismatched parenthesis
51d4ab3 Change flag handling to be safe even when mixing with non-eligible ACKs
f2ea091 ack_filter: protect DCTCP with stricter filtering of ECE marks
28b4560 ACK filter: Handle wrapping sequence numbers and DSACKs
73f62d9 Use the right PAD attribute for options
5969c14 Use 32 for tin backlog
e289f31 Move all the u64 netlink attributes together
36180a0 Check ACK seqno before parsing SACKs
91bbc01 Merge branch 'mine' into cobalt
58c55ec Rework SACK check to compare the ranges of two SACKs
9a5d593 ack_filter: Add proper handling of SACKs
eca95d4 ack_filter: short-circuit TCP flag check
d50a246 compat: backport some ktime functions
7b7ad11 compat: define tcpopt_fastopen for pre-4.1 kernels
ca54cdb Fix ktime compare
9d7dcc0 ack filter: Parse TCP options and only drop safe ones
b119882 Return EOPNOTSUPP on NAT option if conntrack is not available
842d7f0 Don't try to pad stats with tin_stats padding
bd46dc2 Use 64-bit divide helper
8e41bf0 Make sure we never drop SACKs when filtering ACKs
66e5d60 Avoid comparing ktime_t to scalar values
7fab017 Actually commit the ktime_t changes
fca6d13 Switch to ktime_t and get rid of cobalt.h
6f7e5af Can't use do_div with 64-bit divisors

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit abeae38dbb)
2018-07-07 11:13:02 +01:00
Kevin Darbyshire-Bryant
b05619fe09 iproute2: tc: update support for cake
Bump iproute2/tc support of cake.

Add support for cake's change to u64 attribute passing for certain
attributes (rate & byte counts)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit a2165f936e)
2018-07-07 11:13:01 +01:00
Alberto Bursi
ce73f89469 uboot-kirkwood: fix malformed boot configuration
With current uboot default configuration the bootloader will
fail to start the OpenWrt firmware with the following error:
-----
unexpected character 'b' at the end of partition
Error initializing mtdparts!
incorrect device type in ubi
Partition ubi not found!
Error, no UBI device/partition selected!
Wrong Image Format for bootm command
Error occured, error code = 112
-----

If the uboot configuration is examined with printenv
I can see that mdtparts line (on a nsa310) is wrong:
-----
mtdparts=mtdparts=orion_nand:0x0c0000(uboot),
0x80000(uboot_env),0x7ec0000(ubi)bootargs_root=
----

The "bootargs_root=" that was appended to it should not be there.

Fix the issue by adding a \0 line terminator at the end of affected lines,
mimicking what is also done by uboot upstream.

This issue was detected and confirmed on a nsa310, nsa325 and
a pogoplug v4, but it's not hardware-specific, so apply the same fix
to other devices as well.

Note that the issue is with the uboot's integrated boot configuration,
which is not used unless the uboot configuration in flash is unavailable
(erased or corrupted), which happens only on first time installation,
or if the user deletes the uboot configuration when upgrading uboot.
People just upgrading from an older uboot without erasing their previous
uboot configuration stored in flash would not have noticed this issue.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2018-06-26 23:35:18 +02:00
John Crispin
ecee5bf1a1 mac80211: make rtl8xxxu build again
we only wanted to drop rtl8xxxue support

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit d8981133b2)
2018-06-26 16:01:50 +02:00
John Crispin
cff16587bd mac80211: rtl8xxxu: drop support patches
After a very enlightening but unfortunately far too short exchange with Jes
we mutually agreed to drop the patches. They are unfortunately not ready
yet.

Acked-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 66c5696cdf)
2018-06-26 15:46:26 +02:00
Sven Roederer
3f3a2c966a base-files: fix links in banner.failsafe
Update the link to the current section in the documentaion wiki.
This fixes https://github.com/openwrt/packages/issues/6282

Signed-off-by: Sven Roederer <freifunk@it-solutions.geroedel.de>
2018-06-24 22:30:32 +02:00
Rafał Miłecki
c437adb024 mac80211: backport brcmfmac changes from kernel 4.18
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c446e38c86)
2018-06-23 14:29:39 +02:00
Rafał Miłecki
2811c97803 mac80211: backport brcmfmac firmware & clm_blob loading rework
It backports remaining brcmfmac changes from 4.17.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 7e8eb7f309)
2018-06-23 14:29:39 +02:00
Rafał Miłecki
72f6025d69 mac80211: backport brcmfmac data structure rework
It backports brcmfmac commits from kernel 4.17.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 3c8bb92655)
2018-06-23 14:29:39 +02:00
Rafał Miłecki
8cfd43d1d6 mac80211: backport "brcmfmac: cleanup and some rework" from 4.17
It was described by Arend as:

> This series is intended for 4.17 and includes following:
>
>  * rework bus layer attach code.
>  * remove duplicate variable declaration.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0da9303e5b)
2018-06-23 14:29:29 +02:00
Jo-Philipp Wich
c51d292c47 OpenWrt v18.06.0-rc1: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 12:30:02 +02:00
Jo-Philipp Wich
13f64a1e59 OpenWrt v18.06.0-rc1: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 12:30:02 +02:00
Jo-Philipp Wich
d2aa3a1b62 Revert "LEDE v18.06.0-rc1: adjust config defaults"
This reverts commit 97b1765a45.
The tree is in an inconsistent state and we need to complete some rebranding.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 12:22:57 +02:00
Jo-Philipp Wich
78abc65347 Revert "LEDE v18.06.0-rc1: revert to branch defaults"
This reverts commit 55df39e684.
The tree is in an inconsistent state and we need to complete some rebranding.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 12:22:50 +02:00
Jo-Philipp Wich
55df39e684 LEDE v18.06.0-rc1: revert to branch defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 12:12:13 +02:00
Jo-Philipp Wich
97b1765a45 LEDE v18.06.0-rc1: adjust config defaults
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-06-22 12:12:09 +02:00
John Crispin
f27e0b6bc4 iptables: set nonshared flag
this makes sure that offloading support is properly included for v4.14 targets.

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit ebe1216c7c)
2018-06-22 11:47:17 +02:00
John Crispin
04353c3af8 mac80211: fix up ath10k led patch
Signed-off-by: John Crispin <john@phrozen.org>
2018-06-22 10:51:22 +02:00
John Crispin
6e4fb77f9e mac80211: drop 355-ath9k-limit-retries-for-powersave-response-frames.patch
several people reported this bug to be causing drop out issues

Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit cac1a4be66)
2018-06-22 09:45:43 +02:00
Ansuel Smith
642acc0fb0 mac80211: ath10k fix vht160 firmware crash
When the 160mhz width is selected the ath10k firmware crash. This fix this problem.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit 134e832814)
2018-06-22 09:45:08 +02:00
Ansuel Smith
843e421a05 mac80211: ath10k add leds support
This adds support for leds handled by the wireless chipset.

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
(cherry picked from commit 61d57a2f88)
2018-06-22 09:45:08 +02:00
David Thornley
c4a0c0718a wwan: Add support for Gemalto Cinterion cellular modules
Includes specific support for PH8(1e2d-0053) / ELS61(1e2d-005b) modules.

Note for ELS61, the serial driver changes from serial option(ttyUSB) to usb-cdc (ttyACM).

Two additional fixes in this commit resolve issues with ttyACM devices: -

* wwan.sh - sys-fs has a subdirectory indirection (*/tty/ttyACMx) which was not handled properly
* wwan.usb - dependent scripts were not included, so this never actually called proto_set_available for example (and relied on inadvertent call for ttyUSB case)

Signed-off-by: David Thornley <david.thornley@touchstargroup.com>
(cherry picked from commit cb262b0939)
2018-06-22 09:45:08 +02:00
Hans Dedecker
2ac5800fd9 busybox: udhcpc: replace udhcpc_no_msg_dontroute patch by upstream fix
Replace 204-udhcpc_no_msg_dontroute patch by the upstream busybox fix
which removes the code which requires the server ID to be on local
network

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-21 22:40:54 +02:00
Hans Dedecker
c2da3505e2 Revert "base-files: fix UCI config parsing and callback handling"
This reverts commit 0239448532 as users
report Qos scripts are broken (FS#1602)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-21 21:43:03 +02:00
Felix Fietkau
b72bced2d7 mt76: update to the latest version
072fdac mt76x2: mac: consider multicast/broadcast frames in ewma rssi estimation
f450659 mt76x2: improve gain adjustment in noisy environments
1d4ca10 mt76x2: track rssi for gain adjustment per station

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-21 11:22:05 +02:00
Magnus Frühling
36234df96c ipq40xx: add support for ZyXEL WRE6606
Specifications:
SOC:	Qualcomm IPQ4018 (DAKOTA) ARM Quad-Core
RAM:	128 MB Nanya NT5CC64M16GP-DI
FLASH:	16 MiB Macronix MX25L12845EMI-12G
ETH:	Qualcomm QCA8072
WLAN1:  Qualcomm Atheros QCA4018 2.4GHz 802.11b/g/n 2x2
WLAN2:  Qualcomm Atheros QCA4018 5GHz 802.11n/ac W2 2x2
INPUT:  WPS, Mode-toggle-switch
LED:	Power, WLAN 2.4GHz, WLAN 5GHz, LAN, WPS
        (LAN not controllable by software)
        (WLAN each green / red)
SERIAL:	Header next to eth-phy.
        VCC, TX, GND, RX (Square hole is VCC)
        The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet (Correct MAC-address)
 - 2.4 GHz WiFi (Correct MAC-address)
 - 5 GHz WiFi (Correct MAC-address)
 - Factory installation from tftp
 - OpenWRT sysupgrade
 - LEDs
 - WPS Button

Not Working:
 - Mode-toggle-switch

Install via TFTP:

Connect to the devices serial. Hit Enter-Key in bootloader to stop
autobooting. Command `tftpboot` will pull an initramfs image named
`C0A86302.img` from a tftp server at `192.168.99.08/24`.
After successfull transfer, boot the image with `bootm`.

To persistently write the firmware, flash an openwrt sysupgrade image
from inside the initramfs, for example transfer
via `scp <sysupgrade> root@192.168.1.1:/tmp` and flash on the device
with `sysupgrade -n /tmp/<sysupgrade>`.

append-cmdline patch taken from chunkeeys work on the NBG6617.

Signed-off-by: Magnus Frühling <skorpy@frankfurt.ccc.de>
Co-authored-by: David Bauer <mail@david-bauer.net>
Co-authored-by: Christian Lamparter <chunkeey@googlemail.com>
(cherry picked from commit 4b280ad91a)
2018-06-21 07:02:37 +02:00
David Bauer
0c4f658d58 ar71xx: add support for OCEDO Koala
This commit adds support for the OCEDO Koala

SOC:	Qualcomm QCA9558 (Scorpion)
RAM:    128MB
FLASH:  16MiB
WLAN1:  QCA9558 2.4 GHz 802.11bgn 3x3
WLAN2:  QCA9880 5 GHz 802.11nac 3x3
INPUT:  RESET button
LED:    Power, LAN, WiFi 2.4, WiFi 5, SYS
Serial: Header Next to Black metal shield
        Pinout is 3.3V - GND - TX - RX (Arrow Pad is 3.3V)
        The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet
 - 2.4 GHz WiFi
 - 5 GHz WiFi
 - TFTP boot from ramdisk image
 - Installation via ramdisk image
 - OpenWRT sysupgrade
 - Buttons
 - LEDs

Installation seems to be possible only through booting an OpenWRT
ramdisk image.

Hold down the reset button while powering on the device. It will load a
ramdisk image named 'koala-uImage-initramfs-lzma.bin' from 192.168.100.8.

Note: depending on the present software, the device might also try to
pull a file called 'koala-uimage-factory'. Only the name differs, it
is still used as a ramdisk image.

Wait for the ramdisk image to boot. OpenWRT can be written to the flash
via sysupgrade or mtd.

Due to the flip-flop bootloader which we not (yet) support, you need to
set the partition the bootloader is selecting. It is possible from the
initramfs image with

 > fw_setenv bootcmd run bootcmd_1

Afterwards you can reboot the device.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit e36f8b3f39)
2018-06-21 07:02:30 +02:00
Kevin Darbyshire-Bryant
0daff7fe23 wireguard: bump to 0.0.20180620
0bc4230 version: bump snapshot
ed04799 poly1305: add missing string.h header
cbd4e34 compat: use stabler lkml links
caa718c ratelimiter: do not allow concurrent init and uninit
894ddae ratelimiter: mitigate reference underflow
0a8a62c receive: drop handshake packets if rng is not initialized
cad9e52 noise: wait for crng before taking locks
83c0690 netlink: maintain static_identity lock over entire private key update
0913f1c noise: take locks for ss precomputation
073f31a qemu: bump default kernel
bec4c48 wg-quick: android: don't forget to free compiled regexes
7ce2ef3 wg-quick: android: disable roaming to v6 networks when v4 is specified
9132be4 dns-hatchet: apply resolv.conf's selinux context to new resolv.conf
41a5747 simd: no need to restore fpu state when no preemption
6d7f0b0 simd: encapsulate fpu amortization into nice functions
f8b57d5 queueing: re-enable preemption periodically to lower latency
b7b193f queueing: remove useless spinlocks on sc
5bb62fe tools: getentropy requires 10.12
4e9f120 chacha20poly1305: use slow crypto on -rt kernels on arm too

Compiled-for: ar71xx, lantiq
Run-tested-on: ar71xx Archer C7 v2 & lantiq HH5a

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-20 22:22:37 +02:00
Hans Dedecker
eb568e0aba dnsmasq: fix dnsmasq startup issue
Commit ecd954d530 installs specific interface triggers which rewrites the dnsmasq config
file and restarts dnsmasq if the network interface becomes active for which a trigger
has been installed.
In case no dhcp sections are specified or ignore is set to 1 dnsmasq will not be started
at startup which breaks DNS resolving.
Fix this by ditching the BOOT check in start_service and always start dnsmasq at startup.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-20 14:08:01 +02:00
Hans Dedecker
2af5cfe9b7 ds-lite: make tunnel encapsulation limit support configurable (FS#1501)
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501.
Setting the uci parameter encaplimit to ignore; allows to disable the insertion
of the destination option header in the ds-lite packets.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit uci parameter accordingly.
If no encaplimit value is specified the default value is 4 as before.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-19 13:25:19 +02:00
Hans Dedecker
3c4cf92f13 odhcp6c: make ds-lite/map tunnel encapsulation limit support configurable (FS#1501)
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501 for dynamic created ds-lite/map
interfaces.
Setting the uci parameter encaplimit_dslite/map to ignore; allows to disable the insertion
of the destination option header for the dynamic created ds-lite/map interface.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit_dslite/map uci parameter accordingly.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-19 13:25:19 +02:00
Hans Dedecker
192866d2b8 netifd: update to latest git HEAD (FS#1501)
a580028 system-linux: make encaplimit configurable for ip6 tunnels (FS#1501)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-19 13:25:19 +02:00
Hans Dedecker
2369c89b75 map: make tunnel encapsulation limit support configurable (FS#1501)
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501.
Setting the uci parameter encaplimit to ignore; allows to disable the insertion
of the destination option header in the map-e packets.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit uci parameter accordingly.
If no encaplimit value is specified the default value is 4 as before.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-19 13:25:18 +02:00
John Crispin
747600e93c kernel: add missing softdog symbol
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 9c409cb4e2)
2018-06-19 07:52:30 +02:00
Paul Spooren
38eee4da94 cron: add procd listeners for crontabs
Add procd file listeners to check files in `/etc/crontabs/`.

Also unified a bit the function style.

Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit cbf69fb2ad)
2018-06-18 21:21:55 +02:00
Martin Schiller
4a571ae62b ltq-vdsl-mei: reset g_tx_link_rate on showtime exit
Without this change, ifx_mei_atm_showtime_check() will always return
"showtime" after one call of MEI_InternalXtmSwhowtimeEntrySignal()
was done, even if MEI_InternalXtmSwhowtimeExitSignal() was called
in the meantime.

The ifx_mei_atm_showtime_check() function is used by the ltq-atm and
ltq-ptm driver.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit eee8ab59dc)
2018-06-18 21:21:54 +02:00
Mirko Parthey
9fd0a2f273 mtd: mark as nonshared to fix FS#484
The mtd tool is built with different configurations depending on the
target. For example, brcm47xx adds the fixtrx subcommand, without which
an image fails when booting the second time.

Mark the mtd package as nonshared to really fix FS#484.

Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
(cherry picked from commit 46d7ced9d1)
2018-06-18 21:21:54 +02:00
Daniel Golle
763c0473c8 uboot-oxnas: fix typo accidentally committed during oxnas reboot
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from ff0f3522b7)
2018-06-18 18:58:12 +02:00
Daniel Golle
b32c304be8 uboot-oxnas: fix build with newer GCC
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from d44b7b7d31)
2018-06-18 18:57:56 +02:00
Daniel Golle
6f398aa762 oxnas: reboot target
Reboot the oxnas target based on Linux 4.14 by rebasing our support on
top of the now-existing upstream kernel support.
This commit brings oxnas support to the level of v4.17 having upstream
drivers for Ethernet, Serial and NAND flash.
Botch up OpenWrt's local drivers for EHCI, SATA and PCIe based on the
new platform code and device-tree.
Re-introduce base-files from old oxnas target which works for now but
needs further clean-up towards generic board support.

Functional issues:
 * PCIe won't come up (hence no USB3 on Shuttle KD20)
 * I2C bus of Akitio myCloud device is likely not to work (missing
   debounce support in new pinctrl driver)

Code-style issues:
 * plla/pllb needs further cleanup -- currently their users are writing
   into the syscon regmap after acquireling the clk instead of using
   defined clk_*_*() functions to setup multipliers and dividors.
 * PCIe phy needs its own little driver.
 * SATA driver is a monster and should be split into an mfd having
   a raidctrl regmap, sata controller, sata ports and sata phy.

Tested on MitraStar STG-212 aka. Medion Akoya MD86xxx and Shuttle KD20.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(squash-picked commit 17511a7ea8 and commit dcc34574ef from master)
2018-06-18 18:44:14 +02:00
Felix Fietkau
68598374d1 mt76: update to the latest version
73edb22 mt76: discard early received packets if not running yet
0b8d1dd mt76: fix beacon timer drift
20c0766 mt7603: adjust rx hang watchdog for MT7628
664e321 mt7603: add extra PSE hang check signature for MT7628
f24b56f update MT7628 firmware to the latest version
d87e4b0 mt7603: clear PSE reset bit if PSE reset fails
0ef26ef mt76: only stop tx queues on offchannel, not during the entire scan
f399da3 mt76: prevent tx scheduling during channel change
21c1e1e mt76: move ieee80211_hw allocation to common core
730c292 mt76: wait for pending tx to complete before switching channel
fcbb49e mt76x2: use udelay instead of usleep_range in mt76x2_mac_stop
792dbe0 mt7603: do not hold dev->mutex while flushing dev->mac_work
9090f9c mt76x2: fix threshold for gain adjustment
2cbaa57 mt76x2: fix swapped values for RXO-18 in gain control
a39ab70 mt76x2: adjust AGC control register 26 based on gain for VHT80
4936c0c mt76x2: clear false CCA counters after changing gain settings
1528fe7 mt76x2: fix variable gain adjustment range
f3522e1 mt76x2: add a debugfs file to dump agc calibration information
65e161b mt76x2: fix tracking rssi for dynamic gain adjustment

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-15 22:30:17 +02:00
Daniel Engberg
e0363a7d74 libnfnetlink: Remove dead mirror
Remove mirrors.evolva.ro as it's no longer available

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-06-14 21:47:54 +02:00
Hans Dedecker
c0763f08a5 dnsmasq: fix confdir option processing (FS#1572)
Fix condir option processing allowing to use the format
"<directory>[,<file-extension>......]," as documented on the dnsmasq man
page which previously resulted into bogus dir being created.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-11 22:30:38 +02:00
Matthias Schiffer
e6c17aa219
base-files: sysupgrade: fix handling get_image unpack commands
On bcm53xx and brcm47xx, commands are passed to default_do_upgrade that
expect the image to be passed on stdin, rather than as an argument.

Fixes: 30f61a34b4 ("base-files: always use staged sysupgrade")
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-06-11 19:26:34 +02:00
Daniel Golle
f18f08d9c8 mac80211: rt2x00: no longer use TXOP_BACKOFF for probe frames
Import a revert-commit from Stanislaw Gruszka which significantly
improves WiFi performance on rt2x00 based hardware.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(cherry-picked from commit f4a639a3d7)
2018-06-11 00:31:38 +02:00
Christian Lamparter
48c5d6ab77 mtd-utils: revert faulty upstream patch for now
Some of the ubi-tools in the upstream mtd-utils have been
broken by a bad patch upstream. It causes major breakage
during sysupgrade when the kernel, rootfs, ... volumes
are deleted in the wrong order.

This patch therefore reverts the faulty upstream commit which
fixes the bug.

linux-mtd mailing-list thread:
<http://lists.infradead.org/pipermail/linux-mtd/2018-June/081562.html>

Cc: John Crispin <john@phrozen.org>
Reported-by: L. Wayne Leach <LLeachii@aol.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit daf19649db)
2018-06-08 09:33:44 +02:00
Adi Shammout
9811057ed1 busybox: udhcpc: no MSG_DONTROUTE when sending packet
This reverts a change made in Sep 2017 [1] which introduced
MSG_DONTROUTE flag to prevent udhcpc from reaching out to servers on a
different subnet. That change violates RFC2131 by forcing fully
configured clients, who got their configurations through an offer
relayed by a DHCP relay, from renewing through a unicast request
directly to the DHCP server, resulting in the client resorting to
boradcasting lease extension requests instead of unicasting them,
further breaking RFC2131.

The problem with MSG_DONTROUTE appears when talking to a properly
configured DHCP server that rejects non-compliant requests. Such server
will reject lease extension attempts sent via broadcast rather than
unicast, as is the case with Finnish ISPs Telia and DNA as well as
Estonian ISP Starman. Once the lease expires without renewal, udhcpc
enters init mode, taking down the interfaces with it, and thus causing
interruption on every lease expiry. On some ISPs (such as the ones
mentioned above) that can be once every 10-20 minutes. The interruptions
appear in the logs as such:
----
udhcpc: sending renew to x.x.x.x
udhcpc: send: Network unreachable
udhcpc: sending renew to 0.0.0.0
udhcpc: sending renew to 0.0.0.0
...
udhcpc: lease lost, entering init state
Interface 'wan' has lost the connection
Interface 'wan' is now down
Network alias 'eth0' link is down
udhcpc: sending select for y.y.y.y
udhcpc: lease of y.y.y.y obtained, lease time 1200
Network alias 'eth0' link is up
Interface 'wan' is now up
----

During lease extension, a fully configured client should be able to
reach out to the server from which it recieved the lease for extension,
regardless in which network it is; that's up to the gateway to find. [2]
This patch ensures that.

[1]
http://lists.busybox.net/pipermail/busybox-cvs/2017-September/037402.html
[2]
https://www.netmanias.com/en/post/techdocs/6000/dhcp-network-protocol/
understanding-dhcp-relay-agents

Signed-off-by: Adi Shammout <adi.shammout@outlook.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-06-07 21:49:42 +02:00
Karl Palsson
c24c8bfd0a logd: create log directory for log_file
If log_file is specified, make sure its directory exists.

Signed-off-by: Karl Palsson <karlp@etactica.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-06-07 17:20:40 +02:00
Tony Ambardar
0239448532 base-files: fix UCI config parsing and callback handling
There are several long-standing issues present in the UCI shell API as
documented in https://wiki.openwrt.org/doc/devel/config-scripting. They
relate both to high-level, user-defined callback functions used to
process UCI config files, and also to low-level functions used within
scripts generally.

The related problems have been encountered now and in the past, e.g.
https://forum.openwrt.org/viewtopic.php?id=54295, and include:

a) UCI parsing option() function and user-defined option_cb() callbacks
being erroneously called during processing of "list" config file entries;

b) normal usage of the low-level config_set() unexpectedy calling any
defined option_cb() if present; and

c) handling of the list_cb() not respecting the NO_CALLBACK variable.

Root causes include a function stack "inversion", where the low-level
config_set() function incorrectly calls the high-level option() function,
intended only for processing the "option" keyword of UCI config files.

This change addresses the inversion and other issues, making the option
handling code more consistent and smaller, and simplifying developers'
usage of UCI callbacks.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-06-06 15:02:00 +02:00
Jason A. Donenfeld
dd49c62611 wireguard: bump to 0.0.20180531 to fix flow offloading
This version bump was made upstream mostly for OpenWRT, and should fix
an issue with a null dst when on the flow offloading path.

While we're at it, Kevin and I are the only people actually taking care
of this package, so trim the maintainer list a bit.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-31 07:41:12 +02:00
John Crispin
acdac1aa55 kernel: whitespace fixes
Signed-off-by: John Crispin <john@phrozen.org>
(cherry picked from commit 22c16c5d82)
2018-05-24 17:24:30 +02:00
Gospod Nassa
d4cad59927 hostapd: fix IEEE 802.11r (fast roaming) defaults
Use ft_psk_generate_local=1 by default, as it makes everything else fairly
trivial. All of the r0kh/r1kh and key management stuff goes away and hostapd
fairly much does it all	for us.

We do need to provide nas_identifier, which can	be derived from	the BSSID,
and we need to generate	a mobility_domain, for which we	default	to the first
four chars of the md5sum of the	SSID.

The complex manual setup should also still work, but the defaults also
now work easily out of the box. Verified by manually running hostapd
(with the autogenerated config) and watching the debug output:

wlan2: STA ac:37:43:a0:a6:ae WPA: FT authentication already completed - do not start 4-way handshake

 This was previous submitted to LEDE in
 https://github.com/lede-project/source/pull/1382

[dwmw2: Rewrote commit message]
Signed-off-by: Gospod Nassa <devianca@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>

(cherry picked from commit 3cc56a5534)
2018-05-24 17:24:30 +02:00
Kevin Darbyshire-Bryant
09cb0a5626 wireguard: no longer need portability patch
Drop package/network/services/wireguard/patches/100-portability.patch

Instead pass 'PLATFORM=linux' to make since we are always building FOR
linux.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit f06def4221)
2018-05-24 17:24:30 +02:00
Mathias Kresin
d4df69697d ltq-xdsl-app: start after led script
During handshake we are highjack and reset a LED to the configured trigger
afterwards. ltq-xdsl-app need to start after the LED init script, to
ensure that the LED init script doesn't re-highjack the LED we are
currently using for handshake indication.

Drop the comment about the atm dependency. The dependency was fixed quite
some time ago by using hotplug scripts for br2684ctl.

Signed-off-by: Mathias Kresin <dev@kresin.me>
(cherry picked from commit 0678cc850c)
2018-05-24 17:24:30 +02:00
Hans Dedecker
fdeba0e0ef Revert "dnsmasq: use "hostsdir" instead of "addn-hosts""
This reverts commit c97189e26d
as it has different issues:
-Host file is not written in a directory unique per dnsmasq instance
-odhcpd writes host info into the same directory but still sends a SIGHUP to dnsmasq

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-24 10:29:58 +02:00
Christian Schoenebeck
c97189e26d dnsmasq: use "hostsdir" instead of "addn-hosts"
1.) "addn-hosts" per default point to a file (but it supports directory)
2.) "hostsdir" only support directory with the additional benefit: New or changed files are read automatically.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2018-05-23 22:11:14 +02:00
Jo-Philipp Wich
60522320f6 uboot-zynq: fix build on hosts lacking pkg-config
The uboot-mvebu package incorrectly used the host pkg-config for the tool
build parts, which broke the build on systems lacking pkg-config and only
worked by accident on those that have it installed.

Export the host-build specific environment variables for the uboot build
to redirect pkg-config invocations to our staged host build pkg-config in
buildroot.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 1289e00fff)
2018-05-23 09:40:45 +02:00
Jo-Philipp Wich
68586cf233 uboot-mxs: fix build on hosts lacking pkg-config
The uboot-mvebu package incorrectly used the host pkg-config for the tool
build parts, which broke the build on systems lacking pkg-config and only
worked by accident on those that have it installed.

Export the host-build specific environment variables for the uboot build
to redirect pkg-config invocations to our staged host build pkg-config in
buildroot.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 208b984dda)
2018-05-23 09:29:28 +02:00
Jo-Philipp Wich
938908f400 uboot-mvebu: fix build on hosts lacking pkg-config
The uboot-mvebu package incorrectly used the host pkg-config for the tool
build parts, which broke the build on systems lacking pkg-config and only
worked by accident on those that have it installed.

Export the host-build specific environment variables for the uboot build
to redirect pkg-config invocations to our staged host build pkg-config in
buildroot.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 01c2ce3c7d)
2018-05-23 09:09:16 +02:00
Jason A. Donenfeld
a88ff7bf5b wireguard: bump to 20180519
* chacha20poly1305: add mips32 implementation

"The OpenWRT Commit" - this significantly speeds up performance on cheap
plastic MIPS routers, and presumably the remaining MIPS32r2 super computers
out there.

* timers: reinitialize state on init
* timers: round up instead of down in slack_time
* timers: remove slack_time
* timers: clear send_keepalive timer on sending handshake response
* timers: no need to clear keepalive in persistent keepalive

Andrew He and I have helped simplify the timers and remove some old warts,
making the whole system a bit easier to analyze.

* tools: fix errno propagation and messages

Error messages are now more coherent.

* device: remove allowedips before individual peers

This avoids an O(n^2) traversal in favor of an O(n) one. Before systems with
many peers would grind when deleting the interface.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-22 16:46:51 +02:00
Jo-Philipp Wich
8948a78862 openwrt-keyring: bundle latest usign certificates
Includes the public usign certificates used by the 18.06.* release builds.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 6d108c4a1a)
2018-05-20 19:39:58 +02:00
Jo-Philipp Wich
7d368e41ce base-files: depend on openwrt-keyring
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 01329877bc)
2018-05-20 19:39:55 +02:00
Jo-Philipp Wich
fc6f1fd8fe openwrt-keyring: rename from lede-keyring
Also let the new openwrt-keyring package provide lede-keyring for backwards
compatibility.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit fd72e67ffe)
2018-05-20 19:39:52 +02:00
Hans Dedecker
54a864d914 curl: bump to 7.60.0
Refresh patches; remove 320-mbedtls_dont_use_deprecated_sha256_function
patch as upstream fixed

For changes in version 2.60 see https://curl.haxx.se/changes.html#7_60_0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-17 09:49:55 +02:00
Kevin Darbyshire-Bryant
4dab912edb wireguard: bump to 20180514
52be69b version: bump snapshot
4884b45 ncat-client-server: add wg-quick variant
a333551 wg-quick: add darwin implementation
f5bf84d compat: backport for OpenSUSE 15
fe1ae1b wg-quick: add wg symlink
ecc1c5f wg-quick: add android implementation
3e6bb79 tools: reorganize for multiplatform wg-quick
b289d12 allowedips: Fix graphviz output after endianness patch

Refresh cross compile compatibility patch

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-17 09:48:45 +02:00
Kevin Darbyshire-Bryant
323285ac00 kmod-sched-cake: bump to latest 20180515
Following changes as part of the kernel
upstreaming attempts.  And fix a slight fsck up
when calculating overheads for GSO packets.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-16 08:58:36 +02:00
Felix Fietkau
dc7487885e mt76: update to the latest version
b2ecc52 mt76x2: fix avg_rssi estimation
fd58b28 mt76x2: add a polling delay in mt76x2_mac_stop routine
a78673d mt76: fix sending encrypted broadcast packets for secondary interfaces
e87f925 mt76x2: apply coverage class on slot time too

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-05-15 15:30:57 +02:00
John Crispin
f93c029395 OpenWrt v18.06: set branch defaults
Signed-off-by: John Crispin <john@phrozen.org>
2018-05-15 15:14:27 +02:00
Toke Høiland-Jørgensen
50913b77e4 wireguard: Add support for ip6prefix config option
This makes it easier to distribute prefixes over a wireguard tunnel
interface, by simply setting the ip6prefix option in uci (just like with
other protocols).

Obviously, routing etc needs to be setup properly for things to work; this
just adds the config option so the prefix can be assigned to other
interfaces.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2018-05-15 06:41:38 +02:00
David Woodhouse
4424a9ff20 linux-firmware: Add firmware for usb-serial-ti-usb
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2018-05-15 06:39:46 +02:00
Daniel Golle
96f4792fdb mac80211: refactor non-{sae,dfs} mesh initialization
Refactor mesh initialization into a separate function, do some cleaning
on the way to make the code more readable.
Changes:
 * Move iw mesh setup to new mac80211_setup_mesh()
 * fallback on 'ssid' parameter in case 'mesh_id' isn't set
 * move setting of freq variable to shared code as it is needed for
   both, the wpa_supplicant and the iw based setup.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-15 02:05:56 +02:00
Sven Eckelmann
ba5ec6b77c hostapd: fix VHT80 for encrypted mesh channel settings
The max_oper_chwidth settings was parsed incorrectly for big endian system.
This prevented the system to switch to VHT80 (or VHT160). Instead they were
mapped to:

* HT20:   20MHz
* VHT20:  20MHz
* HT40:   40MHz
* VHT40:  40MHz
* VHT80:  40MHz
* VHT160: 40MHz

This happened because each max_oper_chwidth setting in the config file was
parsed as "0" instead of the actual value.

Fixes: a4322eba2b ("hostapd: fix encrypted mesh channel settings")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-05-14 19:07:37 +02:00
Sven Eckelmann
547042398a mac80211: Re-enable encrypted 11s meshpoint
The commit 574e4377fa ("mac80211: properly setup mesh interface") uses
the variable $wpa to decide whether encrypted meshpoint is requested by the
user or not. But the variable $wpa will only be set correctly after the
function wireless_vif_parse_encryption is called.

Fixes: 574e4377fa ("mac80211: properly setup mesh interface")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-05-14 18:37:44 +02:00
Michael Gray
bfbdeeb3de mvebu: add support for WRT32X (venom)
Linksys WRT32X (Venom) is identical in hardware to the WRT3200ACM
with a different flash layout and boots zImage rather than uImage.

Specification:
- Marvell Armada 385 88F6820 (2x 1.8GHz)
- 256MB of Flash
- 512MB of RAM
- 2.4GHz (bgn) and 5GHz (an+ac wave 2)
- 4x 1Gbps LAN + 1x 1Gbps WAN
- 1x USB 3.0 and 1x USB 2.0/eSATA (combo port)

Flash instruction:
Apply factory image via web-gui.

Signed-off-by: Michael Gray <michael.gray@lantisproject.com>
2018-05-14 17:20:10 +02:00
John Crispin
e1a9485b0e firewall3: update to latest git HEAD
b45e162 helpers: fix the set_helper in the rule structure
f742ba7 helpers.conf: support also tcp in the CT sip helper
08b2c61 helpers: make the proto field as a list rather than one option

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-14 16:24:10 +02:00
Daniel Golle
574e4377fa mac80211: properly setup mesh interface
Setup wpa_supplicant for encrypted mesh or when using DFS channels and
adjust interface setup to pass fixed frequency for mesh mode.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-14 09:48:58 +02:00
Daniel Golle
6e0fa4a76d hostapd: fix mesh+AP
Fix encrypted (or DFS) AP+MESH interface combination in a way similar
to how it's done for AP+STA and fix netifd shell script.
Refresh patches while at it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-14 09:48:58 +02:00
Jo-Philipp Wich
6aaeec666d rpcd: update to lastest HEAD
8206219 uci: fix memory leak in rpc_uci_replace_savedir()
10f7878 exec: close stdout and stderr streams on child signal
92d0d75 uci: use correct sort index when reordering sections

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-14 07:16:47 +02:00
Kevin Darbyshire-Bryant
89c5e32c3e wireguard: bump to 0.0.20180513
6b4a340 version: bump snapshot
faa2103 compat: don't clear header bits on RHEL
4014532 compat: handle RHEL 7.5's recent backports
66589bc queueing: preserve pfmemalloc header bit
37f114a chacha20poly1305: make gcc 8.1 happy
926caae socket: use skb_put_data
724d979 wg-quick: preliminary support for go implementation
c454c26 allowedips: simplify arithmetic
71d44be allowedips: produce better assembly with unsigned arithmetic
5e3532e allowedips: use native endian on lookup
856f105 allowedips: add selftest for allowedips_walk_by_peer
41df6d2 embeddable-wg-library: zero attribute padding
9a1bea6 keygen-html: add zip file example
f182b1a qemu: retry on 404 in wget for kernel.org race

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-14 10:41:21 +08:00
Jo-Philipp Wich
56bd23cf52 kernel: let kmod-rtl8366-smi conditionally depend on kmod-of-mdio
We cannot depend on CONFIG_OF in the module definition context as this symbol
is not defined for OpenWrt menuconfig. Depend on the targets that appear to
need the kmod-of-mdio module instead.

The target dependency list may not be complete, it is based on the build
failures encountered by the build bots.

Fixes: dc629d9cf5 ("kernel: fix kmod-switch-rtl8366-smi dependency")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-13 18:24:38 +02:00
Kevin Darbyshire-Bryant
066c85321e dnsmasq: bump to 2.80test2
Refresh patches and backport upstream to current HEAD:

1f1873a Log warning on very large cachesize config, instead of truncating it.
0a496f0 Do unsolicited RAs for interfaces which appear after dnsmasq startup.
e27825b Fix logging in previous.
1f60a18 Retry SERVFAIL DNSSEC queries to a different server, if possible.
a0088e8 Handle query retry on REFUSED or SERVFAIL for DNSSEC-generated queries.
34e26e1 Retry query to other servers on receipt of SERVFAIL rcode.
6b17335 Add packet-dump debugging facility.
07ed585 Add logging for DNS error returns from upstream and local configuration.
0669ee7 Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip are set.
f84e674 Be persistent with broken-upstream-DNSSEC warnings.

Compile & run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-12 22:05:07 +02:00
hux
ecd954d530 dnsmasq: add specific interface procd triggers
Right now interface.update events are sent out by netifd upon interface state,
route, address (lifetime), prefix lifetime changes.
Dnsmasq is only interested in interface state changes and currently adds an
interface trigger for all the "interface.*" events.
In combination with commit 23bba9cb33, which triggers a SIGHUP signal to dnsmasq,
IPv6 address/prefix lifetime changes on the wan will trigger dnsmasq reloads which
can become frequent in case of shorter lifetimes.

To avoid frequent dnsmasq reload, this patch adds specific interface triggers.
During dnsmasq init it loops dhcp uci section; if the value of the ignore option
is set to 0, then the corresponding interface trigger is not installed.
Otherwise, if the ignore option value is 1, then procd_add_interface_trigger is
called which adds the interface trigger.

Signed-off-by: hux <xinxing.huchn@gmail.com>
2018-05-11 13:49:03 +02:00
John Crispin
dc629d9cf5 kernel: fix kmod-switch-rtl8366-smi dependency
Signed-off-by: John Crispin <john@phrozen.org>
2018-05-10 10:22:19 +02:00
John Crispin
a564cfcd83 kernel: fix chipidea2 dependencies
Signed-off-by: John Crispin <john@phrozen.org>
2018-05-09 19:55:10 +02:00
Hans Dedecker
419238fdb3 nghttp2: bump to 1.32.0
572735e4 Update manual pages
e8d693c3 Bump up version number to 1.32.0, LT revision to 30:2:16
f44dfcd9 Update AUTHORS
1f1b0d93 Update manual pages
ce8c749b Merge pull request #1173 from nghttp2/asio-client-sni
3e4f257b asio: Support client side SNI
86fab997 Upgrade neverbleed to the latest master
c3ecd445 Merge pull request #1171 from nghttp2/h2load-rate-and-duration
c65ca20a h2load: -r and --duration are mutually exclusive
a5c408c5 Ignore all input after calling session_terminate_session
06379b28 Fix treatment of padding
e04de48e Merge pull request #1162 from nghttp2/libressl
00964642 Use LIBRESSL_IN_USE instead of defined(LIBRESSL_VERSION_NUMBER)
8d0b4544 libressl 2.7 has X509_VERIFY_PARAM_*
d8a34131 libressl 2.7 has SSL_CTX_get0_certificate
5db17d0a Compile with libressl 2.7.2
1bf69b56 Define LIBRESSL_LEGACY_API and LIBRESSL_2_7_API
3febaef1 Bump up LT revision to 30:1:16 due to v1.31.1 release
b1bd6035 Fix frame handling
b48bcb21 examples: Use C style comment in .c files
6f3ce2c7 examples: Remove unused lambda capture
2f9121cf Merge branch 'Sp1l-Sp1l/allow-no-npn'
e65e7711 Add comment on #endif
636ef51b Fix compile error with -Wunused-function
400934e5 [PATCH] Allow building without NPN
4c3a3acf Merge pull request #1146 from vszakats/cmakestaticlib
9aa6002c Merge pull request #1144 from hellojaewon/master
f342260b cmake: add ENABLE_STATIC_LIB option to build static lib
a6dd4970 Fix typo
842509da Don't allow 101 HTTP status code because HTTP/2 removes HTTP Upgrade
4add618a Bump up version number to 1.32.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-09 11:26:45 +02:00
Kevin Darbyshire-Bryant
e7f24f35b3 kmod-sched-cake: bump to latest cake 2018-05-07
No functional change.  Code tidy ups.

735eaf2 Make sure we don't reallocate q->tins (we didn't anyway but his
really makes sure)
6c5ad6e Get rid of __GFP_NOWARN flag for memory allocation
2a37333 Don't need the wrapper for kvfree, and no need to check before calling it
2b1c631 Whitespace fix
7fe6e28 compat tidyup (for older kernel versions <4.4)
93b805c pedant tidy up superfluous semicolons on switch statements

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-08 14:16:35 +02:00
Kevin Darbyshire-Bryant
247055cbfb igmpproxy: bump to 0.2.1
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Point at github which is new, maintained location for igmpproxy.
Remove all patches as all have been upstreamed.

Closes FS#1456

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-07 11:01:39 +02:00
Jaap Buurman
0b04926433 igmpproxy: fix creation of firewall rules
The init sccript for igmpproxy uses the option 'network' both as an interface name for fetching the l3_device name and for creating the firewall rules. This only works if the name of the network and firewall zone are identical.

This commit introduces a new option 'zone' for configuring the upstream and downstream firewall zones in order for the init script to create the required firewall rules automatically. When no such options are given, the init script falls back to not creating the firewall rules and the user can opt to create these manually.

Signed-off-by: Jaap Buurman <jaapbuurman@gmail.com>
2018-05-07 11:01:04 +02:00
Nick Hainke
0a7657c300 hostapd: add channel utilization as config option
Add the channel utilization as hostapd configuration option.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2018-05-07 10:44:09 +02:00
Sandeep Sheriker Mallikarjun
441c26da6a kernel: fix build error for external kernel.
fixed build error when external kernel is selected from menuconfig.
The patches present in target/linux/generic does not gets applied
to external kernel and build fails while compiling mac82011 &
regmap-core kernel modules. as a fix added check in Makefile for
CONFIG_EXTERNAL_KERNEL_TREE present or not.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-07 10:31:35 +02:00
Yousong Zhou
f87dff8f72 flock: enable alternatives support
Fixes FS#1510

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-05-07 15:50:18 +08:00
Yousong Zhou
46a2c0d9c5 busybox: order alternatives in alphabetical order
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-05-07 15:50:18 +08:00
Kevin Darbyshire-Bryant
c451434b96 cake: bump to 20180504 bake
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Cake is bearing fruits of kernel upstreaming efforts.

diffserv-llt dropped. DSCP mapping paper died and no one using it.

ack-filter re-written & simplified

tc userspace & cake kmod netlink interface usage changed in non
backwards compatible way, thus this once requires tc & cake to be
in-step.  Change due to upstream requirements.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-07 08:09:18 +02:00
Kevin Darbyshire-Bryant
080fb7a3fb iproute2: import latest cake
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Bearing fruits of the latest upstreaming efforts on cake.

Changes: diffserv-llt dropped.  The paper describing this DSCP
allocation has gone stale and doesn't appear used.

The userspace to kernel netlink messages for cake have been reworked in
a backwards incompatible way, so tc & cake must be bumped together this
once.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-07 08:09:12 +02:00
Kevin Darbyshire-Bryant
ad5af37ca7 iproute2: backport json_print-fix-hidden-64-bit-type-promotion
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
print_uint() will silently promote its variable type to uint64_t, but there
is nothing that ensures that the format string specifier passed along with
it fits (and the function name suggest to pass "%u").

Fix this by changing print_uint() to use a native 'unsigned int' type, and
introduce a separate print_u64() function for printing 64-bit values. All
call sites that were actually printing 64-bit values using print_uint() are
converted to use print_u64() instead.

Since print_int() was already using native int types, just add a
print_s64() to match, but don't convert any call sites.

Fixes wonkyness in some stats from some qdiscs under tc

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-07 08:09:05 +02:00
John Crispin
53c474abbd ath79: add new OF only target for QCA MIPS silicon
This target aims to replace ar71xx mid-term. The big part that is still
missing is making the MMIO/AHB wifi work using OF. NAND and mikrotik
subtargets will follow.

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-07 08:06:51 +02:00
Jianhui Zhao
1e90ba8958 krnel: The dm9000 module does not need to depend on pci
Signed-off-by: Jianhui Zhao <jianhuizhao329@gmail.com>
2018-05-05 09:37:36 +02:00
Christian Schoenebeck
80cb5c5703 ca-certificates: Update to Version 20180409
ca-certificates: Update to Version 20180409

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2018-05-05 09:32:04 +02:00
Chuanhong Guo
b05b16f09b kernel: Remove AutoLoad for legacy usb gadget modules
These modules usually require some special arguments to customize the
emulated device and they should be loaded manually by users.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2018-05-05 08:47:51 +02:00
Sandeep Sheriker Mallikarjun
27ca6cdc7b at91: Add SAMA5D2 PTC EK board
Add target device as at91-sama5d2_ptc_ek in SAMA5D2 subtarget and
build images for SAMA5D2 PTC Ek board.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-05 06:55:22 +02:00
Sandeep Sheriker Mallikarjun
60750ab505 at91: reorganize at91 subtargets
reorganizing at91 subtargets based on sama5 soc features and this fix
below problems.
  1. able to set neon flags to sama5d2 & sama5d4 subtargets.
  2. fix the make clean which removes all the subtargets in bin folder.
  3. able to configure kernel specific to subtarget.
  4. able to set vfpu4 flags to samad3 subtargets.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-05 06:55:22 +02:00
Sandeep Sheriker Mallikarjun
f34b495a2e uboot-at91: fix DTC command not found.
fixed DTC command not found error while compling uboot-at91. The fix
is to set DTC PATH in uboot-at91 MAKE command.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-05 06:55:22 +02:00
Sandeep Sheriker Mallikarjun
22c398d257 at91: Add SAMA5D27 SOM1 EK board
Add support for SAMA5D27 SOM1 with target device as at91-sama5d27_som1_ek
in SAMA5 subtarget and build images for SAMA5D27 SOM1 Ek board.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-05 06:55:21 +02:00
Sandeep Sheriker Mallikarjun
790b20b6f4 uboot-at91: fetch uboot src from u-boot-at91 github
fetching uboot src from linux4sam/u-boot-at91 github for all at91
target.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-05 06:55:01 +02:00
Sandeep Sheriker Mallikarjun
87f87e45c0 at91bootstrap:update to v3.8.10
updating to new version v3.8.10 and copying at91bootstrap.bin to bin folder.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-05 06:55:01 +02:00
Felix Fietkau
3a456683e5 hostapd: fix a mesh mode crash with CONFIG_TAXONOMY enabled
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-05-03 12:38:33 +02:00
Rosy Song
fd569e5e9d samba36: add hotplug support
Add hotplug handle script for storage devices,
  this will add corresponding option in the
  /etc/config/samba file automatically.

Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-05-02 09:18:27 +02:00
Rosen Penev
2c4294f786 libusb: Add SourceForge mirror.
SourceForge is still getting updated so might as well have it here.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-02 09:18:26 +02:00
Hans Dedecker
2f1e329d7a iproute2: update to 4.16
Update to latest version of iproute2, refresh patches.
See https://lkml.org/lkml/2018/4/2/349 for a full overview of the
changes in 4.16.
Build and tested on AR7xxx against musl

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-02 09:18:26 +02:00
Rosen Penev
3aa28f4833 uboot-envtools: Change download to git.
Currently, the build system uses an openwrt mirror which does not currently
work and FTP can be unreliable under several circumstances. This change
implicitly allows using all the mirrors to download.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-02 09:18:26 +02:00
Daniel Golle
c67a9bed20 wolfssl: fix options and add support for wpa_supplicant features
Some options' default values have been changed upstream, others were
accidentally inverted (CONFIG_WOLFSSL_HAS_DES3). Also add options
needed to build hostapd/wpa_supplicant against wolfssl.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-02 09:18:26 +02:00
Rosen Penev
20e5fefb0c sysctl: Protect hard/symlinks by default.
There is no usecase for not protecting symlinks that I know of in OpenWrt.
Not even on desktop systems where you have multiple users with a shell.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-01 11:19:03 +02:00
John Crispin
52ba5760b7 ustream-ssl: update to latest git HEAD
527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode.
39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL.
45ac930 remove polarssl support

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-01 11:12:15 +02:00
John Crispin
90e65763a4 iptables: fix per object LDFLAGS for aggragate object builds
Without this patch the extra LDFLAGS of objects were selected based on the
name of the extension being built, which breaks for aggregate so builds.

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-01 11:12:15 +02:00
Hauke Mehrtens
3088c2a63d libnl: Disable debug support
This dereses the size of the libnl pakcage a little bit
old:
   857 bin/packages/mips_24kc/base/libnl_3.4.0-1_mips_24kc.ipk
 41195 bin/packages/mips_24kc/base/libnl-core_3.4.0-1_mips_24kc.ipk
  7818 bin/packages/mips_24kc/base/libnl-genl_3.4.0-1_mips_24kc.ipk
 24322 bin/packages/mips_24kc/base/libnl-nf_3.4.0-1_mips_24kc.ipk
136075 bin/packages/mips_24kc/base/libnl-route_3.4.0-1_mips_24kc.ipk

new:
   852 bin/packages/mips_24kc/base/libnl_3.4.0-1_mips_24kc.ipk
 35020 bin/packages/mips_24kc/base/libnl-core_3.4.0-1_mips_24kc.ipk
  7615 bin/packages/mips_24kc/base/libnl-genl_3.4.0-1_mips_24kc.ipk
 24114 bin/packages/mips_24kc/base/libnl-nf_3.4.0-1_mips_24kc.ipk
131134 bin/packages/mips_24kc/base/libnl-route_3.4.0-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-30 09:01:28 +02:00
Rosen Penev
c0574d08da libusb: Update to 1.0.22
Switched download from SourceForge to GitHub. It seems the author migrated to that.

Also fixed the website URL as the SourceForge link is dead.

Compile tested on ar71xx and mvebu. Small size decrease on ar71xx: 30444 vs. 30099 bytes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-04-30 09:01:12 +02:00
Hans Dedecker
7ff31bed98 odhcp6c: update to latest git HEAD
5316d7f ra: always trigger update in case of RA parameter change
327f73d dhcpv6: fix strncpy bounds

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-29 23:12:31 +02:00
Hauke Mehrtens
9bfca30826 uboot-mvebu: Fix build with libressl 2.7.2
When libressl was linked the libpthread was missing, add it in addition.

Fixes: 2c192b6916 ("tools/libressl: update to version 2.7.2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-29 10:13:14 +02:00
Hauke Mehrtens
c21a4c7246 uboot-mxs: Fix build with libressl 2.7.2
When libressl was linked the libpthread was missing, add it in addition.
Also make the mxsimage tool to use the OpenSSL 1.1 API for the recent
libressl version.

Fixes: 2c192b6916 ("tools/libressl: update to version 2.7.2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-29 00:57:36 +02:00
Hauke Mehrtens
5ca159ab3b uboot-zynq: Fix build with libressl 2.7.2
When libressl was linked the libpthread was missing, add it in addition.

Fixes: 2c192b6916 ("tools/libressl: update to version 2.7.2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-29 00:57:35 +02:00
Hauke Mehrtens
3e93df0707 mtd-utils: activate --gc-sections
This reduces the size of the binary a bit:

old:
 37556 bin/targets/lantiq/xrx200/packages/nand-utils_2.0.1-1_mips_24kc.ipk
 81697 bin/targets/lantiq/xrx200/packages/ubi-utils_2.0.1-1_mips_24kc.ipk

new:
 27450 bin/targets/lantiq/xrx200/packages/nand-utils_2.0.1-1_mips_24kc.ipk
 71796 bin/targets/lantiq/xrx200/packages/ubi-utils_2.0.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:29:22 +02:00
Syrone Wong
f37f63f38c mtd-utils: update to 2.0.2
010-fix-rpmatch.patch is upstream, removed from our patchset
The file structure is changed, modify patch accordingly
use CONFIGURE_ARGS to disable tests, xattr and lzo

Compile and run tested on mvebu and x86_64

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:29:17 +02:00
Hauke Mehrtens
8dcd941d8b tools/zlib: move zlib build to tools
This allows us to link the other tools against our libz and we do not
need the system zlib any more.

Only the static linked library is copied to the staging directory so we
have a statically linked library on all systems and not only on Linux.
This also adds the new dependencies of the packages which are depending
on zlib.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:28:59 +02:00
Hans Dedecker
afdca53ace netifd: update to latest git HEAD (Coverity fixes)
56ceced interface-ip: remove superfluous iface check in interface_ip_set_enabled()
4f4a8c0 system-linux: fix strncpy bounds

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-27 21:39:57 +02:00
Kevin Darbyshire-Bryant
78f4305933 iftop: bump to latest
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Choose first running interface, rather than first "up" interface (Redhat #1403025)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-27 09:59:28 +02:00
Damir Samardzic
bdb0de1bbc uboot-envtools: add support for ESPRESSObin and MACCHIATObin
Added for convenience. These boards can be used as dev boards running
various operating systems from different media, and this simplifies work
with U-Boot environment.

Signed-off-by: Damir Samardzic <damir.samardzic@sartura.hr>
2018-04-25 20:37:28 +02:00
Sven Eckelmann
0b20490207 ipq40xx: add support for OpenMesh A62
* QCA IPQ4019
* 256 MB of RAM
* 32 MB of SPI NOR flash (s25fl256s1)
  - 2x 15 MB available; but one of the 15 MB regions is the recovery image
* 2T2R 2.4 GHz
  - QCA4019 hw1.0 (SoC)
  - requires special BDF in QCA4019/hw1.0/board-2.bin with
    bus=ahb,bmi-chip-id=0,bmi-board-id=20,variant=OM-A62
* 2T2R 5 GHz (channel 36-64)
  - QCA9888 hw2.0 (PCI)
  - requires special BDF in QCA9888/hw2.0/board-2.bin
    bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=OM-A62
* 2T2R 5 GHz (channel 100-165)
  - QCA4019 hw1.0 (SoC)
  - requires special BDF in QCA4019/hw1.0/board-2.bin with
    bus=ahb,bmi-chip-id=0,bmi-board-id=21,variant=OM-A62
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x button (reset; kmod-input-gpio-keys compatible)
* external watchdog
  - triggered GPIO
* 1x USB (xHCI)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x gigabit ethernet
  - phy@mdio3:
    + Label: Ethernet 1
    + gmac0 (ethaddr) in original firmware
    + 802.3at POE+
  - phy@mdio4:
    + Label: Ethernet 2
    + gmac1 (eth1addr) in original firmware
    + 18-24V passive POE (mode B)
* powered only via POE

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.

The initramfs image can be started using

  setenv bootargs 'loglevel=8 earlycon=msm_serial_dm,0x78af000 console=ttyMSM0,115200 mtdparts=spi0.0:256k(0:SBL1),128k(0:MIBIB),384k(0:QSEE),64k(0:CDT),64k(0:DDRPARAMS),64k(0:APPSBLENV),512k(0:APPSBL),64k(0:ART),64k(0:custom),64k(0:KEYS),15552k(inactive),15552k(inactive2)'
  tftpboot 0x84000000 openwrt-ipq40xx-openmesh_a62-initramfs-fit-uImage.itb
  set fdt_high 0x85000000
  bootm 0x84000000

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-04-23 22:07:22 +02:00
Sven Eckelmann
e6bd568051 ipq-wifi: drop custom board-2.bins
The BDFs for all boards were upstreamed to the ath10k-firmware
repository and are now part of ath10k-firmware 2018-04-19.

We switched to the upstream board-2.bin, hence the files can be removed
here.

Keep the ipq-wifi package in case new boards are added. It might take
some time till board-2.bins send upstream are merged.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-04-23 22:07:22 +02:00
Sven Eckelmann
23894524a5 firmware: ath10k-firmware: update to 2018-04-19
* introduces the BDFs in /lib/firmware/ath10k/QCA4019/hw1.0/board-2.bin
  for:
  - 8devices Jalapeno
  - Asus RT-AC58U
  - AVM FRITZ!Box 4040
  - GL.iNet GL-B1300
  - Meraki MR33
  - Netgear EX6100v2
  - Netgear EX6150v2
  - OpenMesh A62
* introduces the BDFs in /lib/firmware/ath10k/QCA9888/hw2.0/board-2.bin
  - OpenMesh A62
* adds new firmware for QCA6174 hw3.0
  - firmware-6.bin_RM.4.4.1.c1-00038-QCARMSWP-1
  - firmware-6.bin_RM.4.4.1.c1-00041-QCARMSWP-1
* various undocumented BDF updates to:
  - QCA4019 hw1.0:
    + bus=ahb,bmi-chip-id=0,bmi-board-id=16
    + bus=ahb,bmi-chip-id=0,bmi-board-id=17
    + bus=ahb,bmi-chip-id=0,bmi-board-id=19
    + bus=ahb,bmi-chip-id=0,bmi-board-id=20
    + bus=ahb,bmi-chip-id=0,bmi-board-id=21
    + bus=ahb,bmi-chip-id=0,bmi-board-id=29
    + bus=ahb,bmi-chip-id=0,bmi-board-id=30
  - QCA9888 hw2.0:
    + bus=pci,bmi-chip-id=0,bmi-board-id=16
    + bus=pci,bmi-chip-id=0,bmi-board-id=17
    + bus=pci,bmi-chip-id=0,bmi-board-id=18
    + bus=pci,bmi-chip-id=0,bmi-board-id=23
    + bus=pci,bmi-chip-id=0,bmi-board-id=24
    + bus=pci,bmi-chip-id=0,bmi-board-id=25
  - QCA9984 hw1.0:
    + bus=pci,bmi-chip-id=0,bmi-board-id=1
    + bus=pci,bmi-chip-id=0,bmi-board-id=3
    + bus=pci,bmi-chip-id=0,bmi-board-id=5
    + bus=pci,bmi-chip-id=0,bmi-board-id=6
    + bus=pci,bmi-chip-id=0,bmi-board-id=7
    + bus=pci,bmi-chip-id=0,bmi-board-id=8

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-04-23 22:07:22 +02:00
Hans Dedecker
99815690a2 odhcpd: update to latest git HEAD
4136529 dhcpv6-ia: keep tentative assignments alive for a short time
200cc8f dhcpv6-ia: make assignment lookup more strict

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-23 21:47:23 +02:00
Thomas Hebb
751746c736 mac80211: update patch to read ath10k variant from DT
This patch was revised upstream before being merged, and OpenWrt's copy
was never updated to reflect the revision.

Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
[refreshed patches]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-20 21:08:52 +02:00
Kevin Darbyshire-Bryant
5950ab067b wireguard: bump to 20180420
7cc2668 version: bump snapshot
860c7c7 poly1305: do not place constants in different sections
5f1e4ca compat: remove unused dev_recursion_level backport
7e4b991 blake2s: remove unused helper
13225fc send: simplify skb_padding with nice macro
a1525bf send: account for route-based MTU
bbb2fde wg-quick: account for specified fwmark in auto routing mode
c452105 qemu: bump default version
dbe5223 version: bump snapshot
1d3ef31 chacha20poly1305: put magic constant behind macro
cdc164c chacha20poly1305: add self tests from wycheproof
1060e54 curve25519: add self tests from wycheproof
0e1e127 wg-quick.8: fix typo
2b06b8e curve25519: precomp const correctness
8102664 curve25519: memzero in batches
1f54c43 curve25519: use cmov instead of xor for cswap
fa5326f curve25519: use precomp implementation instead of sandy2x
9b19328 compat: support OpenSUSE 15
3102d28 compat: silence warning on frankenkernels
8f64c61 compat: stable kernels are now receiving b87b619
62127f9 wg-quick: hide errors on save

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-04-20 18:59:46 +02:00
Daniel Golle
a4322eba2b hostapd: fix encrypted mesh channel settings
Import two patches from Peter Oh to allow setting channel
bandwidth in the way it already works for managed interfaces.
This fixes mesh interfaces on 802.11ac devices always coming up in
VHT80 mode.

Add a patch to allow HT40 also on 2.4GHz if noscan option is set, which
also skips secondary channel scan just like noscan works in AP mode.

This time also make sure to add all files to the patch before
committing it...

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-20 16:00:01 +02:00
Jo-Philipp Wich
99d9c98748 rpcd: update to latest HEAD
6994c87 uci: fix session delta isolation
f0f6f81 session: remove redundant key attribute to rpc_session_set()
3d400c7 session: support reclaiming pending apply session
eb09f3a session: ignore non-string username attribute upon restore
edd37f8 uci: add rpc_uci_replace_savedir() helper
2423162 uci: switch to proper save directory on apply/rollback
66a9bad uci: fix memory leak in rpc_uci_apply_timeout()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-20 14:05:48 +02:00
Felix Fietkau
1a89547957 Revert "hostapd: fix encrypted mesh channel settings"
This reverts commit 7f52919a2f, which is
currently breaking the builds and needs to be reworked

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-20 10:36:42 +02:00
Felix Fietkau
d92ec071b2 mtd: fix erase handling with partition offset on write
When a partition offset is given, it is used in an lseek call, which
affects write, but not erase. Add it to the offset for erase calls as
well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-20 10:03:38 +02:00
Felix Fietkau
bc43f75def uboot-envtools: remove makefile duplication for supported targets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-20 10:03:38 +02:00
Daniel Golle
7f52919a2f hostapd: fix encrypted mesh channel settings
Import two patches from Peter Oh to allow setting channel
bandwidth in the way it already works for managed interfaces.
This fixes mesh interfaces on 802.11ac devices always coming up in
VHT80 mode.

Add a patch to allow HT40 also on 2.4GHz if noscan option is set, which
also skips secondary channel scan just like noscan works in AP mode.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-20 07:52:19 +02:00
Daniel Golle
465d4bc538 mac80211: pass down noscan to wpa_supplicant
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-20 07:52:19 +02:00
Daniel Golle
2ec96787c3 netifd: update to latest git HEAD
b3dca7b wireless: include noscan option in common wdev vars

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-20 07:52:19 +02:00
Hans Dedecker
fdf2e1fe1e odhcpd: update to latest git HEAD (FS#1457)
dcfc06a router: fix managed address configuration setting

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-19 15:51:13 +02:00
Leon M. George
3a6c3c9c1c mac80211: join 5GHz checks
Before this commit, devices supporting both 2.4GHz and 5GHz would be
configured for 2.4GHz by default - unless they have VHT capabilities.

With this commit, channel 36 is only set when the frequency is supported.
VHT isn't checked unless that is the case.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2018-04-19 14:40:26 +02:00
Florian Eckert
4a243f7a09 network/uqmi: pipe the output off qmi_wds_stop to /dev/null
Pipe uqmi output from qmi_wds_stop function into /dev/null.
This will supress the following output in proto teardown.

netifd: wwan (x): "No effect"
netifd: wwan (x): Command failed: Permission denied

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-04-19 14:39:38 +02:00
Paul Wassi
3c79bb5606 package/utils/lua: cleanup source mirrors
Remove inactive mirrors from the sources list.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-04-18 23:59:32 +02:00
Luis Araneda
68150d3125 uboot-envtools: update to 2018.03
Several changes has been made:

+ AES support has been removed by
  upstream commit c6831c7 (2017-11-14)
  [remove patch "200-fw_env_no_aes.patch"]

+ Support for UBI volumes has beed added by
  upstream commit 34255b9 (2017-11-15)
  [remove patch "300-support-env-in-ubivol-chardev.patch"]

+ A command line argument has beed added ("-c") to manually indicate
  the location of the environment configuration file

Also, patch "400-u-boot-2015.10-stdint.patch" is no longer
necessary, and the config option to enable UBI support has
been removed.

Size comparisons:

fw_printenv size:
Target    Before         After
ar71xx    15,189 bytes   18,133 bytes (+2,944 bytes)
ipq40xx   20,873 bytes   20,987 bytes (+114 bytes)
mvebu     20,881 bytes   20,991 bytes (+110 bytes)
ramips    15,128 bytes   18,072 bytes (+2,944 bytes)

OPKG package size:
Target    Before         After
ar71xx    11,309 bytes   12,875 bytes (+1,566 bytes)
ipq40xx   11,772 bytes   13,299 bytes (+1,527 bytes)
mvebu     11,609 bytes   13,114 bytes (+1,505 bytes)
ramips    10,975 bytes   12,503 bytes (+1,528 bytes)

Compile tested: ipq40xx (musl, glibc, gcc5-musl), ar71xx, mvebu, ramips
Run tested: ipq40xx (ASUS RT-AC58U)

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-04-18 23:59:32 +02:00
Hauke Mehrtens
7b758f7f4f ustream-ssl: px5g: Rebuild package
mbedtls changed in version 2.7.0 the soversion of the libmbedcrypto.so
library, all applications using this shared library have to be
recompiled to be able to load the new library.

Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.

Fixes: 75c5ab4ca ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-18 23:57:25 +02:00
Kabuli Chana
a6f24c9a78 mwlwifi: update to version 10.3.4.0-2018-03-30
Upgrade 88W8964 firmware to 9.3.2.6

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2018-04-18 23:57:25 +02:00
Stefan Lippers-Hollmann
8267a0b234 mac80211: ipw2200-fw: fix download mirror(s)
bughost.org hasn't existed for 6-8 years, add a couple of current
mirrors to avoid the fallback to http://mirror2.openwrt.org/sources/.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2018-04-18 23:57:20 +02:00
Stefan Lippers-Hollmann
18fe577530 mac80211: ipw2100-fw: fix download mirror(s)
bughost.org hasn't existed for 6-8 years, add a couple of current
mirrors to avoid the fallback to http://mirror2.openwrt.org/sources/.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2018-04-18 23:57:13 +02:00
Hauke Mehrtens
97a3e69f61 ath10k-ct: make it depend on PCI support again
The missing dependency causes build problems on systems without PCI
support.
The ath10k_pci kernel module depends on PCI support so this dependency
should be added. ath10k now also supported the ahb interface on the
IPQ4019 SoC, but this SoC also has PCI support so this extra dependency
is not as problem.

Fixes: d0f3dd5b9f ("ath10k-ct: update to latest version, enable AHB.")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-18 23:57:12 +02:00
Stefan Lippers-Hollmann
a330ecebf5 mac80211: ath10k: Suppress "Unknown eventid: 36925" warnings
Merge upstream patch from Sathishkumar Muruganandam
<murugana@codeaurora.org> for OpenWrt's backports package:
https://lkml.kernel.org/r/<1522049641-19521-1-git-send-email-murugana@codeaurora.org>
Commit-ID: 606204bb863fa3b0bb54929d79b4dc46338f9180

* FW has Smart Logging feature enabled by default for detecting failures
* and processing FATAL_CONDITION_EVENTID (36925 - 0x903D) back to host.
*
* Since ath10k doesn't implement the Smart Logging and FATAL CONDITION
* EVENT processing yet, suppressing the unknown event ID warning by moving
* this under ATH10K_DBG_WMI.
*
* Simulated the same issue by having associated STA powered off when
* ping flood was running from AP backbone. This triggerd STA KICKOUT
* in AP followed by FATAL CONDITION event 36925.
*
* Issue was reproduced and verified in below DUT
* ------------------------------------------------
* AP mode of OpenWRT QCA9984 running 6.0.8 with FW ver 10.4-3.5.3-00053
*
* Signed-off-by: Sathishkumar Muruganandam <murugana@codeaurora.org>

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2018-04-18 23:57:03 +02:00
Hauke Mehrtens
51e4868fc9 mac80211: Fix loading of rsi_sdio module
When CONFIG_PM was not set rsi_sdio_reinit_device() was not compiled
into the driver but referenced.
This is a backport form the mainline Linux kernel.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-18 23:57:03 +02:00
Evgeniy Didin
36314c12c0 mac80211: add RedPine RS9113 module support
RedPine RS9113 wireless module requires rsi91x driver to be built
and linux-firmware/rsi/rs9113_wlan_qspi.rps to be installed.
Also we add patch for successful compilation of rsi91x driver.

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
Cc: Alexey Brodkin <abrodkin@synopsys.com>
Cc: Hauke Mehrtens <hauke@hauke-m.de>
Cc: John Crispin <john@phrozen.org>
2018-04-18 23:56:55 +02:00
Daniel Golle
ff8df2b3f9 hostapd: mesh: make forwarding configurable
For unencrypted mesh networks our scripts take care of setting
the various mesh_param values. wpa_supplicant changes somes of them
when being used for SAE encrypted mesh and previously didn't allow
configuring any of them. Add support for setting mesh_fwding (which
has to be set to 0 when using other routing protocols on top of
802.11s) and update our script to pass the value to wpa_supplicant.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-18 22:12:18 +02:00
Daniel Golle
e633b21c14 Revert "mac80211: pass hostapd control socket to mesh-mode supplicant"
This reverts commit 1356a66f94.
The change breaks wpa_supplicant.conf generation, more work is needed
to fix mesh+AP.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-18 17:55:23 +02:00
Felix Fietkau
a18d88e863 mt76: update to the latest version
ec8435e mt76: initialize rx lock earlier
e08d5da mt76x2: fix is_mt7612 routine
e2eedc9 mt7603: retry PSE reset calls

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-18 12:19:57 +02:00
Matthias Schiffer
bb46520159
kernel: disable accept_ra by default
Our commands setting accept_ra to 0 on all interfaces got lost in the
transition to procd. This remained unnoticed for a long time, as we also
enable forwarding on all interfaces, which prevents RA handling by default.

Restore the commands, while also fixing a possible race condition in the
old version.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-17 22:08:12 +02:00
Felix Fietkau
030a23001b mt76: update to the latest version
ea6dd6f mt7603: add missing spin lock init
2d08440 mt76: add rcu locking around tx scheduling
8c92c91 mt7603: turn vif wcid entry back into a full mt7603_sta
ca5cc9a mt76: fix concurrent rx calls on A-MPDU release

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-17 15:02:41 +02:00
Matthias Schiffer
14c78a7dfc
base-files: /lib/functions.sh: remove unused insert_modules
insert_modules has been unused since r5279.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-17 11:32:56 +02:00
Daniel Engberg
ed4ac0ed65 curl: Deprecate idn(1) support and switch to xz tarball
libidn(1) is deprecated, add libidn2 support
Switch to xz tarball (smaller size)

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-04-16 22:01:09 +02:00
Rafał Miłecki
e8f8d6cde4 fstools: update to latest master branch
e243683 libfstools: move mount points when switching to JFFS2
3782b59 libfstools: add "const" to char pointer arguments in mount_move()
79721f0 libfstools: fix foreachdir() to pass dir with a trailing slash

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-04-16 19:47:44 +02:00
Hans Dedecker
20d3c118ae netifd: update to latest git HEAD (coverity fixes)
513eb27 system-linux: check ioctl return value in system_vlan()
df1625d system-linux: check ioctl return value in system_if_flags()
209c508 system-linux: fix segfault on alloc failure in system_if_check()
4a8e20e system-linux: fix segfault on error in system_add_ip6_tunnel()
36e4700 handler: fix resource leak on error in netifd_init_script_handlers()
86a0e7c system-linux: remove unnecessary open call in system_if_dump_info()
1e2cf67 system-linux: fix memory leak on error in system_add_vxlan()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-16 13:12:48 +02:00
Stijn Tintel
03774d28e1 lldpd: bump to 1.0.1
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-04-15 21:41:36 +03:00
Hans Dedecker
d78dd1f306 nghttp2: bump to 1.31.1
1e22b36c Update manual pages
0f818baf Bump up version number to 1.31.1
c411d169 Fix frame handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-15 20:24:44 +02:00
Felix Fietkau
cd7878e69d mt76: update to the latest version
1d23142 mt76: add led active low to debugfs
549f43b mt7603: ensure that the ACK flag is set for A-MPDUs with any acked subframe
df9f9f6 mt7603: always try tx rate1 first
9c52f36 mt7603: pull the final rate index from the status descriptor
f36f308 mt7603: improve validation of rx frames
9a23989 mt7603: remove warning on rx with invalid channel info
7a31731 mt76: check for pending reset before attempting to schedule tx
873a7c9 mt7603: call mt76_txq_schedule_all as a barrier to prevent tx during reset
d9e5da3 mt76: add rcu locking in tid reorder function
a8e8921 mt7603: add more checks to avoid dereferencing invalid pointers in wcid lookup

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-15 10:21:54 +02:00
Matthias Schiffer
d13c7acd9e
base-files: remove /etc/sysctl.d/ from conffiles
Let's use /etc/sysctl.d for package-provided snippets and leave
/etc/sysctl.conf to the admin. Don't backup /etc/sysctl.d on upgrades, so
old defaults get replaced properly.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-13 14:36:43 +02:00
Matthias Schiffer
445682c07d
base-files: move netfilter sysctl defaults to specific kmod packages
Avoid warnings when applying settings for uninstalled kmods. See also
FS#1073.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-13 10:16:45 +02:00
Matthias Schiffer
bee696d66c
base-files: move sysctl defaults to /etc/sysctl.d/10-default.conf
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-13 10:16:45 +02:00
Matthias Schiffer
dbeb780ba4
base-files: evaluate /etc/sysctl.d/* before /etc/sysctl.conf
We can use /etc/sysctl.d/* for package-supplied sysctl snippets, giving
admins the option to use /etc/sysctl.conf to override settings.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-13 10:16:45 +02:00
Matthias Schiffer
6c7307f133
base-files: remove /etc/uci-defaults/11_migrate-sysctl
11_migrate-sysctl has not been updated with new file hashes since 2012.
Let's get rid of it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-13 10:16:45 +02:00
Ben Greear
b2bbef7eb4 ath10k-ct: Update firmware
This firmware has only small changes from the last commit, but
it does have an important fix for at least some PTK rekey logic.

The old firmware would have issues if the driver managed to set
a clear key while encryption was 'enabled'.  This new firmware for
both wave-1 and wave-2 should not be susceptible to this type of
bug any more.

And remove mesh-bcast IE flag from wave-2, still need more work before
we can enable that flag in ath10k-ct firmware it seems.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-04-13 07:48:19 +02:00
Mathias Kresin
fb528b1674 ipq40xx: unbundle firmware and board file
Don't select the firmware with the board file, it prevents an easy use
of the -ct ath10k firmware. Select the firmware within the default
packages instead.

Remove the per device selection of the firmware now that it the
firmware is selected by default.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-13 07:48:19 +02:00
David Bauer
970f1914be ipq40xx: add support for Netgear EX6100v2/EX6150v2
Specifications:
SOC:	Qualcomm IPQ4018 (DAKOTA) ARM Quad-Core
RAM:	256 MB Winbond W632GU6KB12J
FLASH:	16 MiB Macronix MX25L12805D
ETH:	Qualcomm QCA8072
WLAN1:  Qualcomm Atheros QCA4018 2.4GHz 802.11b/g/n/ac 2x2
WLAN2:  Qualcomm Atheros QCA4018 5GHz 802.11n/ac
	1x1 (EX6100)
	2x2 (EX6150)
INPUT:  Power, WPS, reset button
	AP / Range-extender toggle
LED:	Power, Router, Extender (dual), WPS, Left-/Right-arrow
SERIAL:	Header next to QCA8072 chip.
	VCC, TX, RX, GND (Square hole is VCC)
	WARNING: The serial port needs a TTL/RS-232 v3.3 level converter!
        The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet
 - 2.4 GHz WiFi (Correct MAC-address)
 - 5 GHz WiFi (Correct MAC-address)
 - Factory installation from WebIF
 - Factory installation from tftp
 - OpenWRT sysupgrade (Preserving and non-preserving)
 - LEDs
 - Buttons

Not Working:
 - AP/Extender toggle-switch

Untested:
 - Support on EX6100v2. They share the same GPL-Code and vendor-images.
   The 6100v2 seems to lack one 5GHz stream and differs in the 5GHz
   board-blob. I only own a EX6150v2, therefore i am only able to verify
   functionality on this device.

Install via Web-Interface:
Upload the factory image to the device to the Netgear Web-Interface.
The device might asks you to confirm the update a second time due to
detecting the OpenWRT firmware as older. The device will automatically
reboot after the image is written to flash.

Install via TFTP:
Connect to the devices serial. Hit Enter-Key in bootloader to stop
autobooting. Command "fw_recovery" will start a tftp server, waiting for
a DNI image to be pushed.
Assign your computer the IP-address 192.168.1.10/24. Push image with
tftp -4 -v -m binary 192.168.1.1 -c put <OPENWRT_FACTORY>
Device will erase factory-partition first, then writes the pushed image
to flash and reboots.

Parts of this commit are based on Thomas Hebb's work on the
openwrt-devel mailinglist.

See https://lists.openwrt.org/pipermail/openwrt-devel/2018-January/043418.html

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-04-13 07:48:19 +02:00
Robert Marko
be6e28b516 ipq-wifi: Add 8devices Jalapeno
Add custom board-2.bin for 8devices Jalapeno.
Upstreaming is in progress.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2018-04-13 07:48:19 +02:00
Daniel Golle
c52ef396f9 hostapd: fix compile of -mini variants
Fixes commit d88934aa5a (hostapd: update to git snapshot of 2018-04-09)

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-13 06:01:16 +02:00
Daniel Golle
1356a66f94 mac80211: pass hostapd control socket to mesh-mode supplicant
Unlike when operating in Ad-Hoc mode, we apparently need to pass the
hostapd control socket interface to wpa_supplicant when using 802.11s
mesh mode.

There also seems to still be something wrong with the logic setting
channel and (v)htmode parameters...

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-13 03:27:01 +02:00
Daniel Golle
d88934aa5a hostapd: update to git snapshot of 2018-04-09
And import patchset to allow 802.11s mesh on DFS channels, see also
http://lists.infradead.org/pipermail/hostap/2018-April/038418.html
Fix sae_password for encryption mesh (sent upstream as well).
Also refreshed existing patches and fixed 463-add-mcast_rate-to-11s.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-13 03:27:01 +02:00
Hans Dedecker
b28e995fc7 libubox: update to latest git HEAD
6eff829 utils: fix build error with g++

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-12 14:02:07 +02:00
Matthias Schiffer
85a35c644e
ebtables: update to latest git 2018-04-11
2e783b227766 ebt_ip: add support for matching IGMP type
b5fbb8d786c9 ebt_ip: add support for matching ICMP type and code
c5e5b784fd1a Move ICMP type handling functions from ebt_ip6 to useful_functions.c
11da52177196 include: sync linux/netfilter_bridge/ebt_ip.h with kernel

Note: the new features require at least kernel 4.17 or backported patches.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-12 07:34:57 +02:00
Alexander Couzens
f6e6eadc99
packages/uboot-omap: bugfix: serial using ns16550 fifo not enabled
The serial was working before, but not when doing copy&pasting longer
commands in a short time.

Fixes: a4def18f29 ("uboot-omap: Update to u-boot v2017.01")
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2018-04-11 03:43:38 +02:00
Matthias Schiffer
177fa14340
iptables: split physdev match out as a separate package
Split physdev match out of ipt-extra to allow installing ipt-extra without
pulling in br-netfilter.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-09 19:41:48 +02:00
Matthias Schiffer
ff9a2ab830
kernel: kmod-ebtables: do not depend on kmod-br-netfilter
While ebtables can be combined with br-netfilter, there is no good reason
to make it a dependency.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-09 19:01:56 +02:00
Matthias Schiffer
f640ed73f9
kernel: unhide kmod-br-netfilter
kmod-br-netfilter is not only a support module, but can be useful on its
own, using the net.bridge.bridge-nf-call-* sysctls.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-09 18:56:53 +02:00
Matthias Schiffer
24749ee88f
kernel: change dependency of kmod-ebtables-* on kmod-ebtables to selecting
Non-selecting dependencies easily lead to Kconfig failures due to recursive
dependencies. We hit such an issue in Gluon; the easiest fix is to make
the dependency selecting.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-04-09 18:51:57 +02:00
Hans Dedecker
3612d90351 dnsmasq: remove example domains from rfc6761.conf (FS#1447)
RFC6771 does not exclude the forwarding of the example domain as it
states : "Caching DNS servers SHOULD NOT recognize example names as
special and SHOULD resolve them normally."
Example domains cannot be assigned to any user or person by DNS
registrars as they're registered in perpetuity to IANA meaning
they can be resolved; therefore let's remove the example domains
from the rfc6761.conf file.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-09 17:35:17 +02:00
Hans Dedecker
9356a6bfc7 odhcpd: update to latest git HEAD
31f217f router: improve RFC7084 compliancy

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-09 17:17:24 +02:00
Felix Fietkau
c0bbb9703f mt76: update to the latest version
c66094e mt76x2: fix possible NULL pointer dereferencing in mt76x2_tx()
249fa2d mt76x2: fix warning in ieee80211_get_key_rx_seq()
54d6710 mt76: use mt76_poll_msec routine in mt76pci_load_firmware()
eb359f1 mt76x2: remove unnecessary len variable in mt76x2_eeprom_load()
7e6e00b mt76: initialize available_antennas_{tx,rx} info
6469dca mt76: add mt76_init_stream_cap routine
ced433d mt76x2: add mac80211 {set,get}_antenna callbacks
238f3f1 mt76x2: remove warnings in mt76x2_mac_write_txwi()
880611b mt7603: main: fix warning in ieee80211_get_key_rx_seq()
bc35af8 mt76x2: fix tssi initialization for 5GHz band
700ed20 mt76x2: make mt76x2_mac_reset routine static
6e7d5ce mt76x2: remove unnecessary MT_TX_ALC_CFG_4 configuration
5153ece mt76x2: set default values in TX_ALC_CFG_{1,2} for tempetaure compensation
a3e7740 mt76x2: fix tx_alc_enabled check

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-09 10:43:45 +02:00
Felix Fietkau
08ccfdea78 libubox: update to the latest version
42a8ecd jshn: fix format string for int64 type
92009b7 utils: ensure that byte-order conversion functions evaluate the argument only once
ace6489 switch from typeof to the more portable __typeof__

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-07 15:26:11 +02:00
Felix Fietkau
1566dbd57d Revert "libubox: update to the latest version"
This reverts commit def82714d9.
Needs further fixes

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-07 15:06:14 +02:00
Felix Fietkau
def82714d9 libubox: update to the latest version
42a8ecd jshn: fix format string for int64 type
92009b7 utils: ensure that byte-order conversion functions evaluate the argument only once

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-07 14:47:56 +02:00
Piotr Dymacz
10ea53f900 ramips: add U-Boot env support for ALFA Network AC1200RM
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-04-06 23:11:00 +02:00
Piotr Dymacz
3fc8f50f56 uboot-envtools: fix ALFA Network AWUSFREE1 support
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-04-06 23:11:00 +02:00
Hannu Nyman
c089671339 busybox: update to 1.28.3
Bug fix release. 1.28.3 has fixes for
* ash and hush (do not leave stray open file destriptors in children),
* cpio (fix for symlink extraction),
* grep ("grep -Fw a" was matching "aa").

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-04-05 22:15:58 +02:00
Hans Dedecker
f890821fe7 odhcp6c: update to latest git HEAD
74b5a3 script: fix possible negative delay
473f248 dhcpv6: always trigger script update in case of IA updates
ea18935 ra: rework route information option handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-05 21:52:15 +02:00
Felix Fietkau
adc3f31b2c firewall: update to the latest version, adds hw flow offload support
35b3e74 defaults: add support for setting --hw on the xt_FLOWOFFLOAD rule

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-05 18:12:30 +02:00
Felix Fietkau
d073f650cd kernel: add support for enabling hardware flow offload via iptables
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-05 18:12:30 +02:00
Felix Fietkau
11a3d27043 kernel: add hardware offload patch for flow tables support
Supports offloading through VLAN, bridge and PPPoE devices as well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-05 18:12:30 +02:00
Alexander Couzens
2b84f95f38
base-files: change /var link from /tmp to tmp
Some packages are already using $(1)/var on package install.
On multiuser systems this breaks the build when multiple
users build OpenWrt.

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2018-04-05 11:48:34 +02:00
Jo-Philipp Wich
1ef0be3e5b Revert "ncurses: Remove obsolete compile fixes"
This reverts commit 4fb684a755.

The compile fixes are still required for host systems using GCC 5.x,
such as Ubuntu 16.04 LTS.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-04 17:08:10 +02:00
Mathias Kresin
3a4bf25fd6 base-files: get_dt_led: don't warn about missing led
It's intentional that some boards within a target don't have all LEDs
which are tried to be setup in a common script. Don't show a warning in
such cases.

Fixes: 4f4fc993db ("base-files: add more name source to get_dt_led helper function")
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-04 09:12:39 +02:00
Sebastian Fleer
7e42cbaf2a leds-apu2: add newer board names
In recent firmware releases the board names changed from "apuX" to "PC Engines apuX"

Signed-off-by: Sebastian Fleer <pubalias@posteo.net>
2018-04-03 23:26:45 +02:00
Daniel Engberg
fe8350e92e package/utils/f2fs-tools: Update to 1.10.0
Update f2fs-tools to 1.10.0

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-04-03 23:26:45 +02:00
Rosen Penev
4fb684a755 ncurses: Remove obsolete compile fixes
It seems both issues (GCC5 and Musl) were fixed at some point. Thus, they can be dropped.

Did not bump version as there is no change in functionality or size.

Compile-tested on ar71xx and mvebu, both with musl.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-04-03 23:26:45 +02:00
Adrià Llaudet
482bc646a5 nand-utils: add flash_erase utility
flash_erase utility allows to erase MTD partitions on NAND flash.
Useful when you want to clean or write an MTD partition from scratch.

e.g., before using kobs-ng to flashing SPL images it's recommended
to erase the MTD partition to ensure it's empty.

Signed-off-by: Adrià Llaudet <adria.llaudet@gmail.com>
2018-04-03 23:26:45 +02:00
Hannu Nyman
d674422a81 busybox: update to 1.28.2
Update busybox to 1.28.2, refresh patches and default config.

* modify 230-add_nslookup_lede.patch as opt_complementary was removed
    Also move nslookup_longopts variable declaration to be inside
    the same conditional as the function itself.
* modify 250-date-k-flag.patch to match upstream (opt_complementary)
* remove 600-cve-2017-16544.patch that is upstreamed

Notes about config changes:
* Some applet-specific LONG_OPTIONS config options were removed
* Config help text indentation changed, caused lots of
  text formatting changes for convert_menuconfig.pl
* convert_defaults.pl moved lots of defaults around, summary of
  actual changes below

New applets/features:
---------------------
ARCH
HEXEDIT
MINIPS
NETCAT
NUKE
RESUME
RUN_INIT
SETFATTR

New options:
------------
FEATURE_CATN
FEATURE_CROND_SPECIAL_TIMES
FEATURE_LIBBUSYBOX_STATIC
FEATURE_SETPRIV_CAPABILITIES
FEATURE_SETPRIV_CAPABILITY_NAMES
FEATURE_SETPRIV_DUMP
FEATURE_SH_READ_FRAC
FEATURE_SWAPONOFF_LABEL
FEATURE_VOLUMEID_MINIX
FEATURE_XARGS_SUPPORT_ARGS_FILE
FEATURE_XARGS_SUPPORT_PARALLEL
HUSH_GETOPTS
HUSH_READONLY
HUSH_TIMES

Removed:
--------
FEATURE_HAVE_RPC
MSH

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-04-03 23:26:45 +02:00
Hauke Mehrtens
9aaa23ec8b samba36: fix some security problems
This Adds fixes for the following security problems based on debians patches:
CVE-2016-2125: Unconditional privilege delegation to Kerberos servers in trusted realms
CVE-2017-12163: Server memory information leak over SMB1
CVE-2017-12150: SMB1/2/3 connections may not require signing where they should
CVE-2018-1050: Denial of Service Attack on external print server.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-03 23:26:45 +02:00
Hauke Mehrtens
56d0dd56e9 mtd-utils: Mark some lzma functions as static
These functions are not declared in any header file and only used in
same compile unit, mark them as static to remove one gcc warning and
make it easier for the compiler to optimize them out.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-03 23:26:45 +02:00
Hans Dedecker
986f80595b netifd: update to latest git HEAD
3dc8c91 interface-ip: fix memory leak in interface_ip_add_target_route()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-03 21:28:53 +02:00
Hans Dedecker
ac593d895a odhcp6c: update to latest git HEAD
5cbd305 odhcp6c: improve code readibility
eb83b7e treewide: improve error handling
b7b11cb dhcpv6: initialize ifreq struct
f0469e2 ra: handle socket fail creation
d573461 odhcp6c: fix file pointer leakage

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-31 19:31:42 +02:00
Paul Wassi
ef6939b0af package/libs/mbedtls: add package with some mbedtls binaries.
Add some basic binaries required for private key and CSR generation.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-03-31 16:31:26 +02:00
Hauke Mehrtens
2e75914bee mbedtls: update to version 2.8.0
This fixes some minor security problems.

Old size:
162262 bin/packages/mips_24kc/base/libmbedtls_2.7.0-1_mips_24kc.ipk

New size:
163162 bin/packages/mips_24kc/base/libmbedtls_2.8.0-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-31 16:30:30 +02:00
Jan Pavlinec
8c2b8d862b xfsprogs: add xfs-admin util
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
2018-03-31 16:30:30 +02:00
Paul Wassi
198172c048 package/utils/e2fsprogs: update to 1.44.1
Update e2fsprogs to upstream 1.44.1 (feature and bugfix release)

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-03-31 16:30:27 +02:00
Paul Wassi
960b90f435 packages/util/util-linux: Update to 2.32
- Update to upstream 2.32
- License file 'getopt/COPYING' not present (any more)
- Disable 'chown root:root'-commands during 'make install'
- Add new dependency to wipefs
- Refresh patch 003

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-03-31 16:30:17 +02:00
Rosen Penev
af35ce1065 ncurses: Update to 6.1.
Compile tested on ar71xx.

Old size:
  6527 bin/packages/mips_24kc/base/terminfo_6.0-1_mips_24kc.ipk
141465 bin/packages/mips_24kc/base/libncurses_6.0-1_mips_24kc.ipk

New size:
  6873 bin/packages/mips_24kc/base/terminfo_6.1-1_mips_24kc.ipk
146950 bin/packages/mips_24kc/base/libncurses_6.1-1_mips_24kc.ipk

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-03-31 16:28:36 +02:00
Rosen Penev
2a82db7ed5 libtool: Update to 2.4.6
Compile tested on mvebu.

old size:
12947 bin/packages/mips_24kc/base/libltdl_2.4-2_mips_24kc.ipk

new size:
13002 bin/packages/mips_24kc/base/libltdl_2.4.6-1_mips_24kc.ipk

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-03-31 16:27:24 +02:00
Josua Mayer
dff904a955 u-boot-mvebu: update to 2018.03
This release brings various improvements to clearfog support, such as distro-boot.
Obsoletes:
0002-clearfog-reset-usom-onboard-1512-phy.patch
0003-clearfog-enable-distro-boot-code.patch

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2018-03-31 16:12:40 +02:00
Josua Mayer
0a3e07b2f5 u-boot-mvebu: set configuration options in Makefile
CONFIG_* variables can easily be set by overriding Build/Configure.
so set NET_RANDOM_ETHADDR=y and CMD_SETEXPR=y here.

This replaces the following patches:
0001-clearfog-generate-random-MAC-address.patch
0004-clearfog-enable-setexpr-command-by-default.patch

Signed-off-by: Josua Mayer <josua.mayer97@gmail.com>
2018-03-31 16:12:39 +02:00
Ben Greear
d6939baac2 ath10k-ct: Update firmware to latest.
Wave-1 firmware has a fix for 'addba' not finding the peer.  Thanks to Hauke
for finding and reporting this.

Wave-2 firmware has a fix for leaking a peer multicast key when a monitor device
is created.

And I re-ordered the '4019' firmware images in the Makefile to match the order
of the others.  No functional change for that reorder.

Signed-off-by: Ben Greear <greearb@candelatech.com>
Tested-by: Rosen Penev <rosenp@gmail.com>
2018-03-31 16:12:33 +02:00
Paul Wassi
db893ec7f0 openssl: update to 1.0.2o
Fixes CVE-2018-0739

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-03-31 10:20:20 +02:00
Kevin Darbyshire-Bryant
a64fae8354 Revert "iproute2: fix hidden uint to uin64_t promotion in json_print"
This reverts commit 745d0e7f4b.

It looks like upstream don't want the patch so let's revert it here too.

I hope a fix from upstream is forthcoming.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-03-31 09:18:31 +02:00
Hans Dedecker
479aaf6375 map: fix psidlen becoming negative (FS#1430)
Fix psidlen becomes negative in case embedded address bit lenght is smaller than
IPv4 suffix length.
While at it improve parameter checking making the code more logical and
easier to read.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-29 22:19:18 +02:00
Felix Fietkau
4bcf6acb14 Revert "ppp: make ppp-multilink provide ppp"
opkg currently has some issues with Provides and this change makes the
image builder fail because of that. Revert the change for now until opkg
is fixed

This reverts commit 092d75aa3e.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-29 11:57:40 +02:00
Yousong Zhou
01b835970a procd: update to the latest version
Changes since last version

    dfb68f8 service: initialize supplementary group ids
    3db4e6d service: add func for string config change check
    c3faabe procd: get rid of putenv usage.

The supplementary group id change fixes FS#988

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-03-28 17:42:40 +08:00
Daniel Golle
eba3b028e4 hostapd: update to git snapshot of 2018-03-26
The following patches were merged upstream:
000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
 replaced by commit 0e3bd7ac6
001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
 replaced by commit cb5132bb3
002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
 replaced by commit 87e2db16b
003-Prevent-installation-of-an-all-zero-TK.patch
 replaced by commit 53bb18cc8
004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
 replaced by commit 0adc9b28b
005-TDLS-Reject-TPK-TK-reconfiguration.patch
 replaced by commit ff89af96e
006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
 replaced by commit adae51f8b
007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
 replaced by commit 2a9c5217b
008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
 replaced by commit a00e946c1
009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
 replaced by commit b488a1294
010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
 replaced by commit 6f234c1e2
011-Additional-consistentcy-checks-for-PTK-component-len.patch
 replaced by commit a6ea66530
012-Clear-BSSID-information-in-supplicant-state-machine-.patch
 replaced by commit c0fe5f125
013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
 replaced by commit 114f2830d

Some patches had to be modified to work with changed upstream source:
380-disable_ctrl_iface_mib.patch (adding more ifdef'ery)
plus some minor knits needed for other patches to apply which are not
worth being explicitely listed here.

For SAE key management in mesh mode, use the newly introduce
sae_password parameter instead of the psk parameter to also support
SAE keys which would fail the checks applied on the psk field (ie.
length and such). This fixes compatibility issues for users migrating
from authsae.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-03-27 19:25:32 +02:00
Hans Dedecker
9b92afa3aa uci: update to latest git HEAD
5d2bf09 uci: fix a potential use-after-free in uci_set()
3b3d63e list: only record ordering deltas if element position changed
4c4d343 cmake: Fix cli shared linking against ubox

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-27 13:49:49 +02:00
Felix Fietkau
d290024c42 netifd: update to the latest version (fixes FS#1452)
9c8d781 netifd: return the interface for locally addressable host dependencies

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-27 11:33:51 +02:00
Felix Fietkau
83e1fce17a kernel: add kmod-sound-ens1371
This audio chip is provided as a virtual audio device by VMware

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-25 21:18:35 +02:00
Hans Dedecker
287f5ebd2f dnsmasq: improve init script portability (FS#1446)
Improve portability of init script by declaring resolvfile as local
in dnsmasq_stop function.
Fixes resolvfile being set for older busybox versions in dnsmasq_start
in a multi dnsmasq instance config when doing restart; this happens when
the last instance has a resolvfile configured while the first instance
being started has noresolv set to 1.

Base on a patch by "Phil"

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-24 18:50:45 +01:00
Fan Fan
8e1065d681 sunxi: add build for sopine
This will generate image for Pine64 Sopine board.

Signed-off-by: Fan Fan <fkpwolf@gmail.com>
2018-03-23 23:53:20 +01:00
Rosen Penev
43788a91fb ethtool: Update to 4.15.
Contains kernel 4.14 updates. Compile tested on mvebu.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-03-23 23:49:55 +01:00