The size of the ipkgs increase a bit (between 0.7% and 1.1%):
old 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk
new 2019-08-08 (2.9):
290217 wpad-basic_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
258745 wpad-mini_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
431732 wpad-openssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
427641 wpad-wolfssl_2019-08-08-ca8c2bd2-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 167028b750)
This also syncs the configuration files with the default configuration
files, but no extra options are activated or deactivated.
The mesh patches were partially merged into hostapd 2.8, the remaining
patches were extracted from patchwork and are now applied by OpenWrt.
The patches still have open questions which are not fixed by the author.
They were taken from this page:
https://patchwork.ozlabs.org/project/hostap/list/?series=62725&state=*
The changes in 007-mesh-apply-channel-attributes-before-running-Mesh.patch
where first applied to hostapd, but later reverted in hostapd commit
3e949655ccc5 because they caused memory leaks.
The size of the ipkgs increase a bit (between 1.3% and 2.3%):
old 2018-12-02 (2.7):
283337 wpad-basic_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
252857 wpad-mini_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
417473 wpad-openssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
415105 wpad-wolfssl_2018-12-02-c2c6c01b-11_mipsel_24kc.ipk
new 2019-04-21 (2.8):
288264 wpad-basic_2019-04-21-63962824-1_mipsel_24kc.ipk
256188 wpad-mini_2019-04-21-63962824-1_mipsel_24kc.ipk
427475 wpad-openssl_2019-04-21-63962824-1_mipsel_24kc.ipk
423071 wpad-wolfssl_2019-04-21-63962824-1_mipsel_24kc.ipk
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
(cherry picked from commit 8af79550e6)
For AP mode, OpenWrt automatically sets ieee80211w to either 1 or 2, depending
on whether the encryption is set to sae-mixed, or sae/owe/eap suite-b.
Mirror the same defaults for client mode connections, in order to allow an
OpenWrt station to associate to an OpenWrt ap with SAE, OWE or Suite-B encryption
without the need to manually specify "option ieee80211w" on the station.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit abb4f4075e)
This changes fixes the generation of the wpa_supplicant client configuration
in WPA3 OWE client mode. Instead of incorrectly emitting key_mgmt=NONE, use
the proper key_mgmt=OWE setting instead.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 4209b28d23)
wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if
CONFIG_WPS is not defined. With the later inclusion of
600-ubus_support, the issue manifests in warnings like these:
wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration
struct wpa_bss *bss)
^~~~~~~
This patch forward declares 'struct wpa_bss' regardless.
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f974f8213b)
The original wpa_hexdump uses a 'void *' for the payload. With patch
410-limit_debug_messages, the signature changes and compiler warnings
occur at various places. One such warning is:
wpa_debug.h:106:20: note: expected 'const u8 * {aka const unsigned char *}' but argument is of type 'struct wpa_eapol_key *'
Signed-off-by: Leon M. George <leon@georgemail.eu>
[commit message facelift]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit a123df2758)
This edjusts the selection of recently removed wolfssl options which
have always been built into the library even in their abscence.
Also remove the selection of libwolfssl itself, allowing the library to
be built as a module.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 94d131332b)
Discovered recent changes had broken sysupgrade for ar71xx mikrotik
rb-493g, traced the problem to missing /usr/share/libubox/jshn.sh after
switching to tmpfs.
Signed-off-by: Russell Senior <russell@personaltelco.net>
Boards added: WNR1000v2, WNR2000v3, WNR612v2, WNDR3700.
Signed-off-by: Michal Cieslakiewicz <michal.cieslakiewicz@wp.pl>
(cherry picked from commit d47b687006)
[removed WNR1000v2/WNR2000v3 since not supported in 19.07]
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Many bugs were fixed--2 patches removed here.
This release of wolfSSL includes fixes for 5 security vulnerabilities,
including two CVEs with high/critical base scores:
- potential invalid read with TLS 1.3 PSK, including session tickets
- potential hang with ocspstaping2 (always enabled in openwrt)
- CVE-2019-15651: 1-byte overread when decoding certificate extensions
- CVE-2019-16748: 1-byte overread when checking certificate signatures
- DSA attack to recover DSA private keys
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit f4853f7cca)
Hardware acceleration was disabled when AES-CCM was selected as a
workaround for a build failure. This applies a couple of upstream
patches fixing this.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit ab19627ecc)
c9b6668 ustream-ssl: skip writing pending data if .eof is true after connect
Fixes: CVE-2019-5101, CVE-2019-5102
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 6f9157e6bd)
Instead of depending on kmod-usb2 make it depend on the normal USB
dependencies. This should hopefully fix some problems seen in the build
bot builds for powerpc_8540.
In addition also activate DRIVER_11N_SUPPORT support.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 3ff3b044c0)
This patch breaks building on PowerPC, like the mpc85xx_generic
target for me.
Fixes: FS#2585
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit b01305c8d2)
Forward the OpenWrt TARGET_LDFLAGS to the linker of the fw_printenv tool.
In addition also use the more standard make invocation script.
With this change the fw_printenv tool is built with PIE and Full RELRO
support when activated globally in OpenWrt.
Signed-off-by: Hauke Mehrtens <hauke.mehrtens@intel.com>
(cherry picked from commit b7b2be0b26)
Refresh patches, for changes in version 7.66.0 see https://curl.haxx.se/changes.html#7_66_0
Fixes CVEs:
CVE-2019-5481
CVE-2019-5482
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 71cf4a272c)
The QCA953x only supports 25 MHz refclk, however some OEMs set an
invalid bootstrap value for the REF_CLK option, which would break the
clock detection in ath9k.
Force the QCA953x refclk to 25MHz in ath9k, as this is (according to the
datasheet) the only valid frequency.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 4c6fe32468)
The release notes since last time for wave-1:
* October 5, 2019: Fix too-short msg caused by invalid use of PayloadLen in receive path.
This appears to resolve the issue of getting (and ignoring) too-short commands
when we detect loss of CE interrupts and go into polling mode.
* October 12, 2019: Fix regression in IBSS mode that caused SWBA overrun issues. Related to
regression added during the ct-station logic, specifically TSF allocation.
Thanks for Ahmed Zaki @ Mage-Networks for helping to diagnose and test.
* October 15, 2019: Only send beacon tx completion events if we can detect CT driver is being
used (based on CT_STATS_OK flag being set). This should help CT firmware work
better on stock driver.
The release notes since last time for wave-2:
* October 15, 2019: Only send beacon tx completion events if we can detect CT driver is being
used (based on ATH10k_USE_TXCOMPL_TXRATE2 | ATH10k_USE_TXCOMPL_TXRATE1 flags being set).
This should help CT firmware work better on stock driver.
* October 31, 2019: Compile out peer-ratecode-list-event. ath10k driver ignores the event.
* November 1, 2019: Fix rate-ctrl related crash when nss and other things were changed while
station stays associated. See bug: https://github.com/greearb/ath10k-ct/issues/96
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit e716e93a2f7290086f49992c9980773c88100c3a)
Import patches from upstream to sync 19.07 with master:
9f3e3323e996 rt2x00: allow to specify watchdog interval
2034afe4db4a rt2800: add helpers for reading dma done index
759c5b599cf4 rt2800: initial watchdog implementation
09db3b000619 rt2800: add pre_reset_hw callback
710e6cc1595e rt2800: do not nullify initialization vector data
e403fa31ed71 rt2x00: add restart hw
0f47aeeada2a rt2800: do not enable watchdog by default
41a531ffa4c5 rt2x00usb: fix rx queue hang
3b902fa811cf rt2x00usb: remove unnecessary rx flag checks
1dc244064c47 rt2x00: no need to check return value of debugfs_create functions
706f0182b1ad rt2800usb: Add new rt2800usb device PLANEX GW-USMicroN
95844124385e rt2x00: clear IV's on start to fix AP mode regression
567a9b766b47 rt2x00: do not set IEEE80211_TX_STAT_AMPDU_NO_BACK on tx status
14d5e14c8a6c rt2x00: clear up IV's on key removal
13fa451568ab Revert "rt2800: enable TX_PIN_CFG_LNA_PE_ bits per band"
--pending-- rt2800: remove errornous duplicate condition
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This enables PMKSA and opportunistic key caching by default for
WPA2/WPA3-Personal, WPA3-Personal and OWE auth types.
Otherwise, Apple devices won't connect to the WPA3 network.
This should not degrade security, as there's no external authentication
provider.
Tested with OCEDO Koala and iPhone 7 (iOS 13.1).
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 3034f8c3b8)
Signed-off-by: David Bauer <mail@david-bauer.net>
Update libevent to 2.1.11
Use CMake instead GNU Autotools
Backport following commits:
f05ba67193
..and partially
7201062f3e
to fix compilation
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
(cherry picked from commit f351beedfd)
(resolves FS#2435)
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
The kconfig symbol is an invisible one since its introduction. It is
not supposed to be enabled on its own.
Resolves FS#1821
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 4bf9bec361)
Improves rate control responsiveness and performance
Signed-off-by: Felix Fietkau <nbd@nbd.name>
[reworked to apply on 4.19.79 mac80211 + renumbered + refreshed]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This fixes frequent crashes observed on a UniFi AC Mesh using OpenWrt
master and 19.07. 18.06 seems not affected from our testing.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 641a93f0f2)
Signed-off-by: David Bauer <mail@david-bauer.net>
This commit changes the source of the Wave 1 ath10k-firmware
from linux-firmware to Kall Valos ath10k-firmware repository.
This is necessary as the firmware selected in linux-firmware produces
frequent crashes in some circumstances.
This patch can be removed as soon as linux-firmware carries
10.2.4-1.0-00047 firmware.
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit a3914783a3)
Signed-off-by: David Bauer <mail@david-bauer.net>
This adds engine configuration sections to openssl.cnf, with a commented
list of engines. To enable an engine, all you have to do is uncomment
the engine line.
It also adds some useful comments to the devcrypto engine configuration
section. Other engines currently don't have configuration commands.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit cebf024c4d)
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
The first allows usage of several functions in the std namespace, which
broke compilation of gddrescue specifically with uClibc-ng and uClibc++.
The second allows usage of long long with normal C++11, which is part of
the standard. Before, std=gnu++11 needed to be passsed to work around it.
As a result of the second patch, the pedantic patch can safely be removed.
Both patches are upstream backports.
Added -std=c++11 to CFLAGS to guarentee proper inclusion of long long.
Added another patch that fixes a typo with the long long support. Sent to
upstream.
Fixed up license information according to SPDX.
Small cleanups for consistency.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 6ab386c9bc)
Upon writing to "remove" file, debugfs_remove_recursive() blocks while
holding rtnl_lock. This is because debugfs' file_ops callbacks are
executed in debugfs_use_file_*() context which prevents file removal.
Fix this by only flagging the device for removal and then do the cleanup
in file_ops.release callback which is executed out of that context.
Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
(cherry picked from commit c2635b871d)
Since v3.11, netdevice notification data are of type
"struct netdev_notifier_info". Handle it as such!
This should fix a critical bug in which devices are unable get released
because trelay does not release resources in response to UNREGISTER
event spamming the log with something like:
unregister_netdevice: waiting for eth0.1 to become free. Usage count = 1
Signed-off-by: Ali MJ Al-Nasrawy <alimjalnasrawy@gmail.com>
(cherry picked from commit 77cfc0739d)
if gcc not linker whith this LDFLAGS, "file libbz2.so.1.0.8" will
recognize as pie executable ELF file ( which should be shared object).
this because the file command version before 5.36 not recognize
correctly.
Signed-off-by: leo chung <gewalalb@gmail.com>
(cherry picked from commit 56ab58fb6c)
The destination buffer size `d_len` is passed to `lzma_inflate` as a
pointer. Therefore, it needs to be dereferenced to compare its content.
Signed-off-by: Christian Franke <nobody@nowhere.ws>
(cherry picked from commit d544bc84a0)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
The fwutil command will interpret the final 16 byte of a given firmware
image files as "struct fwimage_trailer".
In case these bytes do look like a valid trailer, we must ensure that we
print them out along with the remainder of the image to not accidentally
truncate non-trailer-images by 16 bytes when they're piped through fwtool,
e.g. as part of an image verification command sequence.
Some command sequences pipe images through fwtool in order to strip any
possible metadata, certificate or signature trailers and do not expect
bare images without any of that metadata to get truncated as other non-
fwtool specific metadata is expected at the end of the file, e.g. an
information block with an md5sum in case of the combined image format.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 889b841048)
GDB 8.3.1 brings the following fixes and enhancements over GDB 8.3:
PR c++/20020 (GDB segfault on printing objects)
PR gdb/24454 (nat/x86-linux-dregs.c failed assertion)
PR breakpoints/24541 (Incorrect evaluation of systemtap probes due to register being signed and probe expression assuming unsigned)
PR symtab/24545 (Symbol loading performance regression with cc1)
PR gdb/24592 (amd64->i386 linux syscall restart problem)
PR gdb/25009 (terminate called after throwing an instance of 'srchilite::ParserException')
PR gdb/25010 (Calls to error () can cause SIGTTOU to send gdb to the background)
PR breakpoints/25011 (Breakpoints on file reloads broken for PIE binaries)
This corrective release also brings the following testsuite fixes and
enhancements:
PR testsuite/25005 (gdb-caching-proc.exp takes a lot of time on skip_opencl_tests)
PR testsuite/25016 (Test-case failures for -pie)
GDB 8.3 includes the following changes and enhancements:
* Support for new native configurations (also available as a target configuration):
- RISC-V GNU/Linux (riscv*-*-linux*)
- RISC-V FreeBSD (riscv*-*-freebsd*)
* Support for new target configurations:
- CSKY ELF (csky*-*-elf)
- CSKY GNU/Linux (csky*-*-linux)
- NXP S12Z ELF (s12z-*-elf)
- OpenRISC GNU/Linux (or1k*-*-linux*)
* Native Windows debugging is only supported on Windows XP or later.
* The Python API in GDB now requires Python 2.6 or later.
* GDB now supports terminal styling for the CLI and TUI.
Source highlighting is also supported by building GDB with GNU
Highlight.
* Experimental support for compilation and injection of C++ source
code into the inferior (requires GCC 7.1 or higher, built with
libcp1.so).
* GDB and GDBserver now support IPv6 connections.
* Target description support on RISC-V targets.
* Various enhancements to several commands:
- "frame", "select-frame" and "info frame" commands
- "info functions", "info types", "info variables"
- "info thread"
- "info proc"
- System call alias catchpoint support on FreeBSD
- "target remote" support for Unix Domain sockets.
* Support for displaying all files opened by a process
* DWARF index cache: GDB can now automatically save indices of DWARF
symbols on disk to speed up further loading of the same binaries.
* Various GDB/MI enhancements.
* GDBserver on PowerPC GNU/Linux now supports access to the PPR,
DSCR, TAR, EBB/PMU, and HTM registers.
* Ada task switching support when debugging programs built with
the Ravenscar profile added to aarch64-elf.
* GDB in batch mode now exits with status 1 if the last executed
command failed.
* Support for building GDB with GCC's Undefined Behavior Sanitizer.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
The actual retrieval of the MAC address in mtd_get_mac_binary_ubi()
is the same as in get_mac_binary(). Thus, use the latter function
in the former to reduce duplicate code.
This will also allow to benefit from the enhanced path check there
and bring mtd_get_mac_binary_ubi() more in line with the similar
mtd_get_mac_binary().
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 45600124fc)
572ff7f fritzcreator: actually add checksum spacer
6edce1a fritzcreator: replace obscure padding generation with something more portable
2ff189f add ASUS RT-AC58U "easy install" factory u-boot shim
b91f9c2 readd spi-nand support
486ae53 improve cmd_sysupgrade
b0933f1 replace sstrip with strip
882e48a do not include generated files into git
0c5aa5f fix bugs in ipq40xx_cdp.c
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit af63436d2d)
5e8cd86f90da ath10k-ct: Backport ap-vlan code from 5.2 to 4.20 and 4.19 drivers.
0c518586bd7f ath10k-ct: Fix a few warning splats.
Adds AP VLAN.
Refreshed all patches.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
This enables a feature flag in the wave-2 firmware wmi-services indicating it can send
software-encrypted raw frames. This should in turn allow the AP-VLAN feature to work.
Signed-off-by: Robert Marko <robimarko@gmail.com>
(cherry picked from commit 7c930990af)
This version fixes 3 low-severity vulnerabilities:
- CVE-2019-1547: ECDSA remote timing attack
- CVE-2019-1549: Fork Protection
- CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and
CMS_decrypt_set1_pkey
Patches were refreshed.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit d868d0a5d7)
This patch was originally added to fix compilation with v4l2rtspserver.
Turns out it was v4l2rtspserver that was broken, not uClibc++. This now
causes issues with a different package where the arguments are being
split.
Note that with this patch, shellcheck throws an error:
SC2068: Double quote array expansions to avoid re-splitting elements.
More: https://github.com/openwrt/packages/pull/9972#discussion_r324878373
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 977a8fc5fc)
Remove 300-bn_mul.h-Use-optimized-MULADDC-code-only-on-ARM-6.patch,
the issue has been fixed upstream.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
(cherry picked from commit 49d96ffc5c)
add module to support Emulex OneConnect
common in 10Gbit SFP+ cards by Dell/HP/IBM
supports OneConnect OCe10xxx OCe11xxx OCe14xxx,
LightPulse LPe12xxx
Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
(cherry picked from commit 827f47749b)
Since service and instance names may contain characters which are not allowed
in JSON path labels, such as dashes or spaces, change the filter expression
to array square bracket notation to properly match these cases as well.
Fixes: 2c3dd70741 ("procd: add procd_running() helper for checking running state")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c933b6d224)
This makes brcmfmac use the same wiphy after PCIe reset to help user
space handle corner cases (e.g. firmware crash).
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f39f4b2f6d)
Now that $UPGRADE_BACKUP is set conditionally there is no need to check
the $UPGRADE_OPT_SAVE_CONFIG anymore. All conditions can be simplified.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit a858db3136)
b8238df sysupgrade: support "backup" attribute
This update requires "sysupgrade" method callers to pass "backup"
attribute if $UPGRADE_BACKUP is used in the project.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9785a9121d)
This explicitly tells procd what backup file should be used during
sysupgrade (if any). It's much more generic this way compared to the
magic /tmp/sysupgrade.tgz file that had to be created before a call.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c5223b26a4)
a88fb42 iwinfo: add device id for Qualcomm Atheros QCA9886
1b69d86 iwinfo: add device id for Qualcomm Atheros QCA9887
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7db2f1a71f)
This allows platform code to check if firmware image can be used with
preserving a backup. It may be used e.g. when installing vendor
firmwares that won't restore appended backup archive.
Suggested-by: Luis Araneda <luaraneda@gmail.com>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 1c510fe298)
It's a variable set by procd that should replace hardcoded
/tmp/sysupgrade.tgz.
This change requires the most recent procd with the commit 0f3c136
("sysupgrade: set UPGRADE_BACKUP env variable").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 641f6b6c26)
1) Add BACKUP_FILE and use it when copying an archive to be restored
after sysupgrade (on the next preinit).
2) Use CONF_TAR for copying backup prepared by the /sbin/sysupgrade
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit bf39047872)
Patch getting RAM info got upstreamed. A debugging fs entry for testing
reset feature was added.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 681acdcc54)
0f3c136 sysupgrade: set UPGRADE_BACKUP env variable
0bcbbbf system: fix uninitialized variables in firmware validation code
This update includes a fix for uninitialized variable usage.
Fixes: db5164d3d0 ("procd: update to the latest git HEAD")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit e8dcbbc865)
This makes sysupgrade work with the most recent procd that validates
firmware before proceeding.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b71962da16)
ABI version is same.
The ipkg size increase by about 2.2%:
old:
47.909 libnftnl11_1.1.3-1_arm_cortex-a7_neon-vfpv4.ipk
new:
48.985 libnftnl11_1.1.4-1_arm_cortex-a7_neon-vfpv4.ipk
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit 699955a684)
This adds the key_type and ec_curve options to enable the generation of
EC keys during initialization, using openssl or the new options added to
px5g.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 7f2b230b3b)
This adds an 'eckey' command to generate an EC key, with an optional
curve name argument, with P-256 as default.
For the 'selfsigned' command, it adds an 'ec' algorithm argument to the
'-newkey' option, and a '-pkeyopt ec_paramgen_curve:<curvename>' option,
mirroring the way openssl specifies the curve name.
Notice that curve names are not necessarily the same in mbedtls and
openssl. In particular, secp256r1 works for mbedtls, but openssl uses
prime256v1 instead. px5g uses mbedtls, but short NIST curve names P-256
and P-384 are specifically supported.
Package size increased by about 900 bytes (arm).
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit a552ababd4)
Instead, instruct the configure script to use $(FPIC) only.
Mixing -fPIC and -fpic can cause issues on some platforms like PPC.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 926157c2cc)
The configure scripts matches Linux with -fPIC, which is not exactly what
is desired. Since we are already passing $(FPIC), added a CONFIGURE_VAR to
avoid passing -fPIC.
Removed PKG_BUILD_DIR as it is already the default value.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit e2ecf39e8e)
So far firmware validation result was binary limited: it was either
successful or not. That meant various limitations, e.g.:
1) Lack of proper feedback on validation problems
2) No way of marking firmware as totally broken (impossible to install)
This change introduces JSON for storing detailed validation info. It
provides a list of performed validation tests and their results. It
allows marking firmware as non-forceable (broken image that can't be
even forced to install).
Example:
{
"tests": {
"fwtool_signature": true,
"fwtool_device_match": true
},
"valid": true,
"forceable": true
}
Implementation is based on *internal* check_image bash script that:
1) Uses existing validation functions
2) Provides helpers for setting extra validation info
This allows e.g. platform_check_image() to call notify_check_broken()
when needed & prevent user from bricking a device.
Right now the new JSON info is used by /sbin/sysupgrade only. It still
doesn't make use of "forceable" as that is planned for later
development.
Further plans for this feature are:
1) Expose firmware validation using some new ubus method
2) Move validation step from /sbin/sysupgrade into "sysupgrade" ubus
method so:
a) It's possible to safely sysupgrade using ubus only
b) /sbin/sysupgrade can be more like just a CLI
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f522047958)
This explicitly lets stage2 know if partitions should be preserved. No
more "touch /tmp/sysupgrade.always.overwrite.bootdisk.partmap" hack.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b6f4cd57e1)
9558031 system: support passing "options" to the "sysupgrade" ubus method
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 2b1a6d263c)
Update iftop to commit 77901c8c53e01359d83b8090aacfe62214658183
git log --pretty=oneline --abbrev-commit 949ed0f7..77901c8c
77901c8 Support scales beyond 1Gbps
Created with the help of the make-package-update-commit.sh script.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit cfd0748497)
957abacf Bump up version number to 1.39.2, LT revision to 32:0:18
83d362c6 Don't read too greedily
a76d0723 Add nghttp2_option_set_max_outbound_ack
db2f612a nghttpx: Fix request stall
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 58f929077f)
This commit will activate CONFIG_IEEE80211W for all, but the mini
variant when at least one driver supports it. This will add ieee80211w
support for the mesh variant for example.
Fixes: FS#2397
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1d4df52c21)
Bump to latest git HEAD
509e673 firewall3: Improve ipset support
The enabled option did not work properly for ipsets, as it was not
checked on create/destroy of a set. After this commit, sets are only
created/destroyed if enabled is set to true.
Add support for reloading, or recreating, ipsets on firewall reload. By
setting "reload_set" to true, the set will be destroyed and then
re-created when the firewall is reloaded.
Add support for the counters and comment extensions. By setting
"counters" or "comment" to true, then counters or comments are added to
the set.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 51ffce0694)
generate feeds.buildinfo and version.buildinfo in build dir after
containing the feed revisions (via ./scripts/feeds list -sf) as well as
the current revision of buildroot (via ./scripts/getver.sh).
With this information it should be possible to reproduce any build,
especially the release builds.
Usage would be to move feeds.buildinfo to feeds.conf and git checkout the
revision hash of version.buildinfo.
Content of feeds.buildinfo would look similar to this:
src-git routing https://git.openwrt.org/feed/routing.git^bf475d6
src-git telephony https://git.openwrt.org/feed/telephony.git^470eb8e
...
Content of version.buildinfo would look similar to this:
r10203+1-c12bd3a21b
Without the exact feed revision it is not possible to determine
installed package versions.
Also rename config.seed to config.buildinfo to follow the recommended
style of https://reproducible-builds.org/docs/recording/
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 454021581f)
In the commit 623716dd43 ("comgt-ncm: Fix NCM protocol")
the dependencies to vendor NCM drivers were removed, because:
> comgt-ncm should not depend on the USB-serial-related kernel modules,
> as the cdc-wdm control device works without them. There is also no need
> to depend on kmod-huawei-cdc-ncm, since other manufacturers (like
> Ericsson and Samsung) which use other kernel modules should also be
> supported.
From a user-perspective this does not make sense, as installing comgt-ncm
(or luci-proto-ncm) should install all needed dependencies for using such
a device.
Furthermore depending on kmod-huawei-cdc-ncm does not mean that Ericsson
and Samsung devices can't be supported. By the way it seems that Ericsson
and Samsung devices never used NCM, but act as serial modems.
Thus this commit adds the dependencies again.
Signed-off-by: Vincent Wiemann <vincent.wiemann@ironai.com>
[fixed title capitalization, formatted commit message,
renamed Sony-Ericsson to Ericsson]
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit ccb4b96b8a)
8323690 state: fix shutdown when running in a container (FS#2425)
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit d9364c1cbc)
This fixes compilation with -Werror=implicit-function-declaration.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
(cherry picked from commit 1b1c47577b)
This changes the default PKG_BUILD_DIR to take BUILD_VARIANT into
account (if set), so that packages do not need to manually override
PKG_BUILD_DIR just to handle variants.
This also updates most base packages with variants to use the updated
default PKG_BUILD_DIR.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
(cherry picked from commit e545fac8d9)
379c096 Release version 5.2.
2bce6d9 ethtool: Add 100BaseT1 and 1000BaseT1 link modes
67ffbf5 ethtool: sync ethtool-copy.h with linux-next from 30/05/2019
687152b ethtool.spec: Use standard file location macros
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 018395392c)
To configure the list of allowable TLS 1.3 ciphersuites, the option
tls_ciphersuites is used instead of tls_ciphers.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
(cherry picked from commit 261df949fa)
This removes package/libs/toolchain/eglibc-files/etc/nsswitch.conf.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit c47eff0df3)
do_upgrade_stage2() isn't really any common code. It isn't used anywhere
except for /sbin/sysupgrade that passes it to the stage2.
Moving its code to separated file also simplifies COMMAND variable.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f7edd94a65)
With bcm53xx switched to the new procedure there is no more need for
keeping that backward compatibility code.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ea4e1dac71)
Its last usage was dropped back in 2013 in the commit b95bdc8ab5
("kernel/base-files: clean up old code related to refreshing mtd
partitions, it is no longer used anywhere").
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f58ca6ee57)
This patch adds two new commands:
zram status - shows memory stats for all zram swaps
zram compaction - trigger compaction for all zram swaps
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit a9deed62af)
No size increase on busybox binary.
Since busybox mkswap is already enabled by default it seems reasonable
to enable swapon/off too. For ex. this obsoletes installing block-mount
dependency for zram-swap.
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(cherry picked from commit afa5ce2493)
Executing '/etc/init.d/zram start' during runtime (with a swap being already
mounted) triggers zram device compaction and prints out nice stats info about
zram memory usage
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [use IEC's MiB unit]
(cherry picked from commit b062c90f47)
- fix dependency on BUSYBOX_CONFIG_SWAPONOFF (removed in 84da2a6)
- add busybox defaults checking (fix zram-swap always installs swap-utils
and libblkid as dependency, even if busybox includes mkswap by default)
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
(cherry picked from commit c0d93432f2)
bump ABI version accordingly (thanks to Jo-Philipp Wich).
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit ce8027ed29)
All protos for wwan (ncm,qmi,mbim) do have a delay option.
To standardize that add also the missing delay option to the 3g proto.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 313444a79e)
Restart is in default implemented so it calls stop and start. This is
pretty unsafe to call on umount service. This service should not do
anything on restart the same way as on start. Only use of this service
is on stop.
Signed-off-by: Karel Kočí <cynerd@email.cz>
(cherry picked from commit 537b801c54)
There are mobile carrier who have different MTU size in their network.
With this change it is now possible to configure this with the qmi
proto handler.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
(cherry picked from commit 8eb63cb7df)
* curve25519: not all linkers support bmi2 and adx
This should allow WireGuard to build on older toolchains.
* global: switch to coarse ktime
Our prior use of fast ktime before meant that sometimes, depending on how
broken the motherboard was, we'd wind up calling into the HPET slow path. Here
we move to coarse ktime which is always super speedy. In the process we had to
fix the resolution of the clock, as well as introduce a new interface for it,
landing in 5.3. Older kernels fall back to a fast-enough mechanism based on
jiffies.
https://lore.kernel.org/lkml/tip-e3ff9c3678b4d80e22d2557b68726174578eaf52@git.kernel.org/https://lore.kernel.org/lkml/20190621203249.3909-3-Jason@zx2c4.com/
* netlink: cast struct over cb->args for type safety
This follow recent upstream changes such as:
https://lore.kernel.org/lkml/20190628144022.31376-1-Jason@zx2c4.com/
* peer: use LIST_HEAD macro
Style nit.
* receive: queue dead packets to napi queue instead of empty rx_queue
This mitigates a WARN_ON being triggered by the workqueue code. It was quite
hard to trigger, except sporadically, or reliably with a PC Engines ALIX, an
extremely slow board with an AMD LX800 that Ryan Whelan of Axatrax was kind
enough to mail me.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
(cherry picked from commit 7c23f741e9)
cd7eabcd8c9d ugps: Fix compilation under 64-bit
198c06051dd0 Fix build error caused by enabled extra compiler warnings
fc2ab8756b3b Enable extra compiler warnings
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit f924fab3dc)
This adds chacha20-poly1305 support to the mbedtls variant.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 82a8ddd603)
This patch is in a series to allow additional STOP indexes after
umount, so that other block devices may stop cleanly.
rssileds.init is now STOP=89
Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com>
(cherry picked from commit 8a5a01a677)
This patch is in a series to allow additional STOP indexes after umount,
so that other block devices may stop cleanly.
kdumpinit is now STOP=90
Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com>
(cherry picked from commit 5883b5a1f8)
This patch is in a series to allow additional STOP indexes after umount,
so that other block devices may stop cleanly.
boot is now STOP=90
umount is now STOP=90
After this patch series, the resulting STOP indexes in the 80s & 90s
will be:
STOP=85 odhcpd.init
STOP=89 conntrackd.init
STOP=89 log.init
STOP=89 rssileds.init
STOP=90 boot
STOP=90 kdump.init
STOP=90 network
STOP=90 sysfixtime
STOP=90 umount
STOP=98 mdadm.init (note: will be addressed in a separate patch)
Signed-off-by: Joseph Tingiris <joseph.tingiris@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[PKG_RELEASE is now 200]
(cherry picked from commit 04811007e5)
Packages such as xfrm contain only script files, add PKGARCH:=all
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit 6762e72524)
'38b22b1e: deduplicate files in libnghttp2' missed duplicates in
staging_dir by Build/InstallDev.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
(cherry picked from commit ee1a783314)
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by rpcd
as direct dependencies to the corresponding binary package definition.
This ensures that rpcd is automatically rebuilt and relinked if any
of these libraries has its ABI_VERSION updated in the future.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit eaad2211db)
This is mainly for kmod-br-netfilter. To turn off
bridge-netfilter-call-xxx immediately after installation
While at it
- Define filelist="/usr/lib/opkg/info/${pkgname}.list"
- Reuse "[ -z "$root" ]"
- Grep with "-m1"
Fixes FS#2300
Reported-by: Marco Sartorius <tidbits@ormoorgmen.info>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit 3dc4f59eab)
Support to disable the timestamp check for certificates in
wpa_supplicant (Useful for devices without RTC that cannot
reliably get the real date/time) has been accepted in the
upstream hostapd. It's implemented in wpa_supplicant as a
per-AP flag tls_disable_time_checks=[0|1].
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 99bf9a1ac2)
After commit e82a4d9cfb ("config: regenerate *_shipped sources") the mconf
parser became more strict as a side effect and started to spew a series of
warnings when evaluating our generated kconfig sources:
tmp/.config-package.in:705:warning: ignoring unsupported character '@'
The root cause of these warnings is a wrong use of the @SYMBOL dependency
syntax in various Makefile. Fix the corresponding Makefiles by turning
`@SYM||@SYM2` expressions into the proper `@(SYM||SYM2)` form.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 74739c4228)
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by procd
as direct dependencies to the corresponding binary package definition.
This ensures that procd is automatically rebuilt and relinked
if any of these libraries has its ABI_VERSION updated in the
future.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 66838cd851)
7ffc239b Bump up version number to 1.39.1
bc886a0e Fix FPE with default backend
a3a14a9c Fix log-level is not set with cmd-line or configuration file
acfb3607 Update manual pages
bdfd14c2 Bump up version number to 1.39.0, LT revision to 31:4:17
cddc09fe Update AUTHORS
3c3b6ae8 Add missing colon
2f83aa9e Fix multi-line text travis issue
fc591d0c Run nghttpx integration test with cmake build
9a17c3ef travis: use multi-line text
b7220f07 cmake: Remove SPDY related files
a1556fd1 Merge pull request #1356 from nghttp2/fix-log-level-on-reload
77f1c872 nghttpx: Fix unchanged log level on configuration reload
49ce44e1 Merge pull request #1352 from nghttp2/travis-osx
f54b3ffc Fix libxml2 CFLAGS output
b0f5e5cc Implement daemon() using fork() for OSX
8d6ecd66 Enable osx build on travis
f82fb521 Update doc
2e1975dd clang-format-8
97ce392b Merge pull request #1347 from nghttp2/nghttpx-ignore-cl-te-on-upgrade
afefbda5 Ignore content-length in 200 response to CONNECT request
4fca2502 nghttpx: Ignore Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT
6975c336 Update llhttp to 1.1.3
0288093c Fix llhttp_get_error_pos usage
a3a03481 Merge pull request #1340 from nghttp2/nghttpx-llhttp
c64d2573 Replace http-parser with llhttp
f028cc43 clang-format
302e3746 Merge pull request #1337 from nghttp2/upgrade-mruby
3cdbc5f5 Merge pull request #1335 from adamgolebiowski/boost-1.70
a6925186 Fix mruby build error
45d63d20 Upgrade mruby to 2.0.1
cbba1ebf asio: support boost-1.70
e86d1378 Bump up version number to 1.39.0-DEV
4a9d2005 Update manual pages
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 865e25e049)
Also the other type is worng and causes compile problems on ARM64
platforms.
Fixes: 9b53201d9c ("urngd: Fix wrong type in format string")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 1ae1276eab)
9dd2dcf libubox: add format string checking to ulog()
ecf5617 ustream: Add format string checks to ustream_(v)printf()
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit fc454ca153)
GCC 9.1 complains about this wrong type used in the format string, fix
this to make the compiler happy.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 9b53201d9c)
4df34a4 kmodloader: Increase path array size to make it always fit
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 22d3d91c77)
Add proto_add_host_dependency to add a dependency to the tunlink interface
Signed-off-by: André Valentin <avalentin@marcant.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit f6dab98044)
The f2fs-tools have a wrong PKG_LICENSE with is not SPDX compatible.
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit 35a70d6262)
Preserve optionality of libcap by having configuration script follow the
HAVE_CAP environment variable, used similarly to the HAVE_ELF variable.
Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase/refresh patches]
(backported from commit a6da3f9ef7)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
By default, set BE tx queue TXOP limit to 2.0 in the hostapd config
Many vendor drivers are doing similar things to boost throughput.
On MT7612 under ideal conditions, it improves tx throughput from 470 Mbit/s
to about 570 Mbit/s.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
(cherry-picked from commit 8650201f10)
Close cooperation with Lorenzo Bianconi resulted
in these patches which fix all remaining seen issues
when using dynack.
Fix link losses when:
- Late Ack's are not seen or not present
- switching from too low static coverage class to dynack on a live link
These are fixed by setting the Ack Timeout/Slottime to
the max possible value for the currently used channel width when
a new station has been discovered.
When traffic flows, dynack is able to adjust to optimal values
within a few packets received (typically < 1 second)
These changes have been thoroughly tested on ~60 offshore devices
all interconnected using mesh over IBSS and dynack enabled on all.
Distances between devices varied from <100m up to ~35km
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
(cherry picked from commit f6e8ba0238fe349b7529357793e2fb18635819ed)
6a61b9a probe: fallback to libblkid.so.1 when libblkid.so does not exist
Also remove deprecation notices from init script while we're at it.
Fixes: FS#2274
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 517cb0b70b)
Update fstools to commit 1539b535ac327a3bc599d1ca871e14fd0dc3bba1
git log --pretty=oneline --abbrev-commit ff1ded63..1539b535
1539b53 libblkid-tiny: increment label size to 256
d563f3c libblkid-tiny: fix wrong btrfs label length
3957dd3 block: prevent mount point confusion
9b36dc2 libfstools: avoid false positives when matching devices and volumes
Created with the help of the make-package-update-commit.sh script.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 8036345225)
a9f9557 nl80211: support reading hardware id from phy directly
c586cd3 iwinfo: add device id for MediaTek MT7612E
d4382dd iwinfo: add device id for Atheros AR9390
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b13f3300d5)
Removed upstream patch
Compile and run tested on mvebu
Signed-off-by: DENG Qingfang <dengqf6@mail2.sysu.edu.cn>
(cherry picked from commit fb57c617ba5269a6c2050e42b9d68813e262bf0d)
This should fix a problem with 1560 MTU, 160Mhz on DFS channels,
some other small issues on < 5.2 kernels, and for 5.2 driver,
it pulls in some upstream stable fixes.
wave-1 firmware changes since last update:
* June 24, 2019: Try allocating low-priority WMI msgs if high-prio are not available.
* June 24, 2019: Init rate-ctrl to start at lowest rate instead of in the middle. Hoping
this helps DHCP when station connects from a long distance.
wave-2:
* June 24, 2019 Start rate-ctrl at minimal values to help DHCP work better for far-away peers.
* July 24, 2019 Fix old regression that made /a (and probably /b/g) perform poorly, at least on
diet-compiled images.
* Aug 8, 2019 Improve a/b/g rate-ctrl by damping the PER swings caused by the all-or-nothing logic
of transmitting non-block-ack frames one at a time.
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
(cherry picked from commit de5f0764883ad6a0767da58d7359f3e01aa91139)
the ath10k-ct package ships multiple versions of the ath10k-ct driver,
OpenWrt currently only uses the version 4.19, but we still ship some
patches for older versions. Remove all patches only touching older
versions and also remove the patch for older versions from patches which
do the same changes to multiple versions of ath10k-ct.
This removes some unneeded patches, the end binary should stay the same.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit 10fe5ca362)
This patch updates the board-2.bin for the default
IPQ4019, QCA9984 and QCA9888 ath10k-firmware-xyz-ct
and -ct-htt firmwares.
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit 7f79882d44)
wave-1:
2019-05-09: Tweak rate-ctrl: Ramp PER up faster, down slower. This
helps throughput in rate-vs-range test, especially with
nss1.
2019-05-20: Disable adaptive-CCA. I am not sure it helps, and it may
make it slower to detect noise that should tell the system
to stop transmitting. If someone has means to test this
properly, I'd be happy to work with them.
wave-2:
2019-05-15: Fix problem where rate-ctrl sometimes used rix of 0x0.
2019-05-15: Allow raw-tx of encrypted frame. Requires a patch to the
driver to use raw mode when skb has WEP flag enabled AND
skb is flagged to not be encrypted. Lightly tested.
2019-05-16: Fix tx-hang that happened when rate-ctrl chose an OFDM rate
for 20Mhz and sent that as AMPDU. To fix, limit to (V)HT
rates if peer is (V)HT. It seems that MCS0 (V)HT20 should
have as good of a chance of being detected as CCK or OFDM.
2019-06-06: Disable TX-BFEE, TX-BFER for IBSS connections. I suspect
this is part of the tx-hang issue seen with IBSS between
two 9984 radios.
2019-06-12: Fix rx-rate reporting in 'fw_stats' logic. This was at
least partly due to regressions I had added earlier when
working on some multi-vdev enhancements.
2019-6-12: Fix case where extd peer-stats were not always populated.
The stats gathering code did not handle error conditions
well.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit ff2382e36c)
Changes:
ath10k: Improve PMF/MPF mgt frame check
And add a driver for 5.2 (beta, not even tested yet) kernel.
Refresh patches.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 49b3dcb2ab)
This adds missing includes for sys/sysmacros.h which are needed with
musl libc 1.1.23.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit ba8aeb02ea)
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefor add all libraries linked by uhttpd
as direct dependencies to the corresponding binary package definition.
This ensures that uhttpd is automatically rebuilt and relinked if any
of these libraries has its ABI_VERSION updated in the future.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit a95ddaba02)
This happens only the second time a library is loaded by dlopen().
After lib1 is loaded, dlsym(lib1,"undef1") correctly resolves the undef
symbol from lib1 dependencies. After the second library is loaded,
dlsym(lib2,"undef1") was returning the address of "undef1" in lib2
instead of searching lib2 dependencies.
Using upstream fix which now uses the same logic for relocation time
and dlsym.
Fixesopenwrt/packages#9297
Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
(cherry picked from commit 0d0617ff14)
It seems bzip2 was abandoned by the author and adopted by the sourceware
people. The last release of bzip2 was from 2010.
Several security bugs were fixed as well as others.
Fixed up PKG_LICENSE to be compatible with SPDX.
Changed URLs to point to the new home.
Added patch that gets rid of deprecated utime function and switches it to
utimensat.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Always build AES-GCM support.
Unnecessary patches were removed.
This includes two vulnerability fixes:
CVE-2019-11873: a potential buffer overflow case with the TLSv1.3 PSK
extension parsing.
CVE-2019-13628 (currently assigned-only): potential leak of nonce sizes
when performing ECDSA signing operations. The leak is considered to be
difficult to exploit but it could potentially be used maliciously to
perform a lattice based timing attack.
This brings the package up-to-date with master, so it incorporates
changes from 4.0.0 in master:
* Removed options that can't be turned off because we're building with
--enable-stunnel, some of which affect hostapd's Config.in.
* Adjusted the title of OCSP option, as OCSP itself can't be turned off,
only the stapling part is selectable.
* Mark options turned on when wpad support is selected.
* Add building options for TLS 1.0, and TLS 1.3.
* Add hardware crypto support, which due to a bug, only works when CCM
support is turned off.
* Reorganized option conditionals in Makefile.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
This updates to backports-4.19.57-1 which contains the wireless
subsystem and driver from kernel 4.19.57.
The removed patches are applied upstream.
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Introduce a new option CONFIG_SIGNATURE_CHECK which defaults to the value
of CONFIG_SIGNED_PACKAGES and thus is enabled by default.
This option is needed to support building target opkg with enabled
signature verification while having the signed package lists disabled.
Our buildbots currently disable package signing globally in the
buildroot and SDK to avoid the need to ship private signing keys to
the build workers and to prevent the triggering of random key generation
on the worker nodes since package signing happens off-line on the master
nodes.
As unintended side-effect, updated opkg packages will get built with
disabled signature verification, hence the need for a new override option.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit f565f276e2)
Fix build breakage as upstream has removed implicit include of
sys/sysmacros.h from sys/types.h:
remove implicit include of sys/sysmacros.h from sys/types.h
this reverts commit f552c792c7ce5a560f214e1104d93ee5b0833967, which
exposed the sysmacros.h macros (device major/minor calculations) for
BSD and GNU profiles to mimic an unintentional glibc behavior some
code depended on. glibc has deprecated and since removed them as the
resolution to bug #19239, so it makes no sense for us to keep this
behavior. affected code should all have been fixed by now, and if it's
not yet fixed it needs to be for use with modern glibc anyway.
Ref: https://git.musl-libc.org/cgit/musl/commit/include/sys/types.h?id=a31a30a0076c284133c0f4dfa32b8b37883ac930
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 79596f782e)
Since usign miscalculates SHA-512 digests for input sizes of exactly
64 + N * 128 + 110 or 64 + N * 128 + 111 bytes, we need to apply some
white space padding to avoid triggering the hashing edge case.
While usign itself has been fixed already, there is still many firmwares
in the wild which use broken usign versions to verify current package
indexes so we'll need to carry this workaround in the forseeable future.
Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Ref: https://git.openwrt.org/5a52b379902471cef495687547c7b568142f66d2
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit e1f588e446)
This update fixes usign signature verification on files with certain
file sizes triggering a bug in the shipped SHA-512 implementation.
5a52b37 sha512: fix bad hardcoded constant in sha512_final()
3e6648b README: replace unicode character
716c3f2 README: add reference to OpenBSD signify
86d3668 README: provide reference for ed25519 algorithm
939ec35 usign: main.c: describe necessary arguments for -G
Ref: https://forum.openwrt.org/t/signature-check-failed/41945
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 991dd5a893)
- make create_pbl and byte_swap as host tools
- fix a bug that maybe use the cross compiler
to compile create_pbl and byte_swap:
# -a option appends the image for Chassis 3 devices in case of non secure boot
aarch64-openwrt-linux-musl-gcc -Wall -Werror -pedantic -std=c99 -O2
-DVERSION=v1.5(release):reboot-10604-ge9216b3336 -D_GNU_SOURCE -D_XOPEN_SOURCE=700
-c -o create_pbl.o create_pbl.c
cc1: note: someone does not honour COPTS correctly, passed 0 times
LD create_pbl
/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
/usr/bin/ld: create_pbl.o: Relocations in generic ELF (EM: 183)
create_pbl.o: error adding symbols: File in wrong format
collect2: error: ld returned 1 exit status
Makefile:43: recipe for target create_pbl failed
make[4]: *** [create_pbl] Error 1
plat/nxp/tools/pbl_ch2.mk:45: recipe for target pbl failed
make[3]: *** [pbl] Error 2
- add tfa- prefix to all tools in order to avoid future clashes with
other toolnames
Signed-off-by: Biwen Li <biwen.li@nxp.com>
[added missing HOST_CFLAGS, added tfa- prefix to the tools]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 83d5ca2186)
fiptool is a host tool, used in a firmware generation pipeline, but it's
not treated as such, leading to the build breakage on the hosts which
don't have {Open,Libre}SSL dev package installed:
In file included from fiptool.h:16:0,
from fiptool.c:19:
fiptool_platform.h:18:27: fatal error: openssl/sha.h:
No such file or directory
# include <openssl/sha.h>
So this patch promotes fiptool into the host tool with proper host
include and library paths under STAGING_DIR.
Ref: https://github.com/openwrt/openwrt/pull/2267
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit b8249cef9f)
So it's possible to install or remove it as needed.
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 27bfde9c9f)
So it's possible to install or remove it as needed.
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 9b4de712ca)
μrngd is OpenWrt's micro non-physical true random number generator based
on timing jitter.
Using the Jitter RNG core, the rngd provides an entropy source that
feeds into the Linux /dev/random device if its entropy runs low. It
updates the /dev/random entropy estimator such that the newly provided
entropy unblocks /dev/random.
The seeding of /dev/random also ensures that /dev/urandom benefits from
entropy. Especially during boot time, when the entropy of Linux is low,
the Jitter RNGd provides a source of sufficient entropy.
Acked-by: Jo-Philip Wich <jow@mein.io>
Tested-by: Lucian Cristian <lucian.cristian@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 714bd89fce)
This doesn't include 9ff8614a3dbe ("brcmfmac: use separate Kconfig file
for brcmfmac") due to a few conflicts with backports changes.
An important change is:
[PATCH 2/7] brcmfmac: change the order of things in brcmf_detach()
which fixes a rmmod crash in the brcmf_txfinalize().
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit db8e08a5a4)
This patch unifies the polled and interrupt-driven gpio_keys code
paths as well implements consistent handling of the debounce
interval set for the GPIO buttons and switches.
Hotplug events will only be fired if
1. The input changes its state and remains stable for the duration
of the debounce interval (default is 5 ms).
2. In the initial stable (no state-change for duration of the
debounce interval) state once the driver module gets loaded.
Switch type inputs will always report their stable state.
Unpressed buttons will not trigger an event for the initial
stable state. Whereas pressed buttons will trigger an event.
This is consistent with upstream's gpio-key driver that uses
the input subsystem (and dont use autorepeat).
Prior to this patch, this was handled inconsistently for interrupt-based
an polled gpio-keys. Hence this patch unifies the shared logic into the
gpio_keys_handle_button() function and modify both implementations to
handle the initial state properly.
The changes described in 2. ) . can have an impact on the
failsafe trigger. Up until now, the script checked for button
state changes. On the down side, this allowed to trigger the
failsafe by releasing a held button at the right time. On the
plus side, the button's polarity setting didn't matter.
Now, the failsafe will only engage when a button was pressed
at the right moment (same as before), but now it can
theoretically also trigger when the button was pressed the
whole time the kernel booted and well into the fast-blinking
preinit phase. However, the chances that this can happen are
really small. This is because the gpio-button module is usually
up and ready even before the preinit state is entered. So, the
initial pressed button event gets lost and most devices behave
as before.
Bisectors: If this patch causes a device to permanently go into
failsafe or experience weird behavior due to inputs, please
check the following:
- the GPIO polarity setting for the button
- the software-debounce value
Run-tested for 'gpio-keys' and 'gpio-keys-polled' on
- devolo WiFi pro 1200e
- devolo WiFi pro 1750c
- devolo WiFi pro 1750x
- Netgear WNDR4700
- Meraki MR24
- RT-AC58U
Signed-off-by: David Bauer <mail@david-bauer.net>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [further
cleanups, simplification and unification]
(cherry picked from commit 27f3f493de)
While testing 4.19 build on malta/be64, I've encountered following
error:
gpio-button-hotplug/gpio-button-hotplug.c:529:18: error: implicit
declaration of function 'gpio_to_desc'
which is caused by the missing include fixed by this patch.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
(cherry picked from commit dd6d82112a)
This addresses an issue where the list option specified in
/etc/config/openvpn i.e. 'tls_cipher' would instead show up in the
generated openvpn-<name>.conf as 'ncp-ciphers'. For context,
'ncp_ciphers' appears after 'tls_cipher' in OPENVPN_LIST from
openvpn.options.
Also, the ordering of the options in the UCI config file is now
preserved when generating the OpenVPN config. The two currently
supported list options deal with cipher preferences.
Signed-off-by: Matt Merhar <mattmerhar@protonmail.com>
(cherry picked from commit 1d4c4cbd20)
The OpenWrt buildroot ABI version rebuild tracker does not handle
transient dependencies, therefore add all libraries linked by
block-mount and blockd as direct dependencies to the corresponding
binary package definition.
This ensures that block-mount and blockd is automatically rebuilt and
relinked if any of these libraries has its ABI_VERSION updated in the
future.
Fixes: FS#2373
[jow: similar fix for procd and 98.42% of commit message]
Signed-off-by: Jo-Philip Wich <jow@mein.io>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit cbae306815)
Now that busybox is a known alternatives provider by opkg, we remove the
ALTERNATIVES spec and add a note to make the implicit situation clear
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from commit 62be427067)
Opkg starting from this version special-cases busybox as alternatives
provider. There should be no need to add entries to ALTERNATIVES of
busybox package
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry-picked from commit e51b513f75)
b43legacy needs ssb support and we do not compile the mips74 subtarget
of the brcm47xx target with SSB support. This causes a build failure in
the mac80211 package and only some of the kernel modules are being
created.
I am not aware of any device with a BRCM47xx mips74 CPU which uses a
b43legacy compatible device.
Fixes: FS#2334
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(cherry picked from commit e05310b9b8)
Logic was inverted when changing from string check to file check.
Fix it.
Fixes: 8592602d0a ("base-files: Really check path in get_mac_binary")
Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
(cherry picked from commit 6ed3349308)
This includes a fix for a medium-level potential cache attack with a
variant of Bleichenbacher’s attack. Patches were refreshed.
Increased FP_MAX_BITS to allow 4096-bit RSA keys.
Fixed poly1305 build option, and some Makefile updates.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
(cherry picked from commit 2792daab5a)
Currently, path argument is only checked for being not empty.
This changes behavior to actually check whether path exists.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Restarting service causes file-systems to be unmounted without being
mounted back. When this service was obsoleted it should have been
implemented in a way that all actions are ignored. Up to this commit
default handler was called when restart was requested. This default
handler just simply calls stop and start. That means that stop called
unmount but start just printed that this service is obsoleted.
This instead implements restart that just prints same message like start
does. It just calls start in reality. This makes restart unavailable for
call.
Signed-off-by: Karel Kočí <karel.koci@nic.cz>
(cherry picked from commit 3ead9e7b74)
When targets for multiple ESPRESSObin devices were added, not all
files were updated which means any ESPRESSObin version beside generic
won't have proper networking, sysupgrade and uboot-env. This patch
fixes the issue.
* fixup network detection
* fixup uboot-env
* fixup platform.sh for sysupgrade
Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
(cherry picked from commit bc47285cb3)
Just stumbled across this LEDE legacy, without finding any real reason
to keep it. There is a single LEDE_DEVICE_MANUFACTURER_URL dependency
in the luci feed repo which needs to be syncronized.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
[re-added missing commit message]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
(cherry picked from commit 8a34a54b6a)
Follow upstream changes - header file changes only
no functional or executable changes, hence no package bump
required
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit a8f0c02f80)
This patch adds a missing type property which prevented
the creation of oneshot and timer led triggers when they
are specified in the /etc/board.d/01_leds files.
i.e.:
ucidef_set_led_timer "system" "system" "zhuotk:green:system" "1000" "1000"
Fixes: b06a286a48 ("base-files: cleanup led functions in uci-defaults.sh")
Signed-off-by: Robinson Wu <wurobinson@qq.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This improves FullMAC firmware compatibility, adds logging in case of
firmware crash and *may* fix "Invalid packet id" errors.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 8888cb725d)
FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4):
> (4) The conducted output power limit
> specified in paragraph (b) of this section
> is based on the use of antennas
> with directional gains that do not exceed
> 6 dBi. Except as shown in paragraph
> (c) of this section, if transmitting
> antennas of directional gain greater
> than 6 dBi are used, the conducted
> output power from the intentional radiator
> shall be reduced below the stated
> values in paragraphs (b)(1), (b)(2),
> and (b)(3) of this section, as appropriate,
> by the amount in dB that the
> directional gain of the antenna exceeds
> 6 dBi.
https://www.gpo.gov/fdsys/pkg/CFR-2013-title47-vol1/pdf/CFR-2013-title47-vol1-sec15-247.pdf
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Most of the txpower for the ath10k firmware is stored as twicepower (0.5 dB
steps). This isn't the case for max_antenna_gain - which is still expected
by the firmware as dB.
The firmware is converting it from dB to the internal (twicepower)
representation when it calculates the limits of a channel. This can be seen
in tpc_stats when configuring "12" as max_antenna_gain. Instead of the
expected 12 (6 dB), the tpc_stats shows 24 (12 dB).
Tested on QCA9888 and IPQ4019 with firmware 10.4-3.5.3-00057.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4):
> (4) The conducted output power limit
> specified in paragraph (b) of this section
> is based on the use of antennas
> with directional gains that do not exceed
> 6 dBi. Except as shown in paragraph
> (c) of this section, if transmitting
> antennas of directional gain greater
> than 6 dBi are used, the conducted
> output power from the intentional radiator
> shall be reduced below the stated
> values in paragraphs (b)(1), (b)(2),
> and (b)(3) of this section, as appropriate,
> by the amount in dB that the
> directional gain of the antenna exceeds
> 6 dBi.
https://www.gpo.gov/fdsys/pkg/CFR-2013-title47-vol1/pdf/CFR-2013-title47-vol1-sec15-247.pdf
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Most of the txpower for the ath10k firmware is stored as twicepower (0.5 dB
steps). This isn't the case for max_antenna_gain - which is still expected
by the firmware as dB.
The firmware is converting it from dB to the internal (twicepower)
representation when it calculates the limits of a channel. This can be seen
in tpc_stats when configuring "12" as max_antenna_gain. Instead of the
expected 12 (6 dB), the tpc_stats shows 24 (12 dB).
Tested on QCA9888 and IPQ4019 with firmware 10.4-3.5.3-00057.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
FCC allows maximum antenna gain of 6 dBi. 15.247(b)(4):
> (4) The conducted output power limit
> specified in paragraph (b) of this section
> is based on the use of antennas
> with directional gains that do not exceed
> 6 dBi. Except as shown in paragraph
> (c) of this section, if transmitting
> antennas of directional gain greater
> than 6 dBi are used, the conducted
> output power from the intentional radiator
> shall be reduced below the stated
> values in paragraphs (b)(1), (b)(2),
> and (b)(3) of this section, as appropriate,
> by the amount in dB that the
> directional gain of the antenna exceeds
> 6 dBi.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Add support for xfrm interfaces in kernel. XFRM interfaces are used by
the IPsec stack for tunneling.
XFRM interfaces are available since linux 4.19.
Signed-off-by: André Valentin <avalentin@marcant.net>
Commit afc056d7dc ("gpio-button-hotplug: support interrupt
properties") changed the gpio-keys interrupt handling logic in a way,
that it always misses first event, which causes issues with rc.button
scripts, so this patch restores the previous behaviour.
Fixes: afc056d7dc ("gpio-button-hotplug: support interrupt properties")
Reported-by: Kristian Evensen <kristian.evensen@gmail.com>
Tested-by: Kuan-Yi Li <kyli.tw@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [drop state check]
Currently the generated event contains wrong seen value, when the button
is pressed for the first time:
rmmod gpio_button_hotplug; modprobe gpio_button_hotplug
[ pressing the wps key immediately after modprobe ]
gpio-keys: create event, name=wps, seen=1088, pressed=1
So this patch adds a check for this corner case and makes seen=0 if the
button is pressed for the first time.
Tested-by: Kuan-Yi Li <kyli.tw@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This is to make life easier for users with customized build of
dnsmasq-full variant. Currently dnsmasq config generated by current
service script will be rejected by dnsmasq build lacking DHCP feature
- Options like --dhcp-leasefile have default values. Deleting them
from uci config or setting them to empty value will make them take on
default value in the end
- Options like --dhcp-broadcast are output unconditionally
Tackle this by
- Check availablility of features from output of "dnsmasq --version"
- Make a list of options guarded by HAVE_xx macros in src/options.c of
dnsmasq source code
- Ignore these options in xappend()
Two things to note in this implementation
- The option list is not exhaustive. Supposedly only those options that
may cause dnsmasq to reject with "unsupported option (check that
dnsmasq was compiled with DHCP/TFTP/DNSSEC/DBus support)" are taken
into account here
- This provides a way out but users' cooperation is still needed. E.g.
option dnssec needs to be turned off, otherwise the service script
will try to add --conf-file pointing to dnssec specific anchor file
which dnsmasq lacking dnssec support will reject
Resolves FS#2281
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Busybox brctl applet conflicts with the version from bridge-utils.
Fix this by using ALTERNATIVE support for brctl in busybox.
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
Add the userspace control portion of the backported kernelspace
act_ctinfo.
ctinfo is a tc action restoring data stored in conntrack marks to
various fields. At present it has two independent modes of operation,
restoration of DSCP into IPv4/v6 diffserv and restoration of conntrack
marks into packet skb marks.
It understands a number of parameters specific to this action in
additional to the usual action syntax. Each operating mode is
independent of the other so all options are optional, however not
specifying at least one mode is a bit pointless.
Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE]
[CONTROL] [index <INDEX>]
DSCP mode
dscp enables copying of a DSCP stored in the conntrack mark into the
ipv4/v6 diffserv field. The mask is a 32bit field and specifies where
in the conntrack mark the DSCP value is located. It must be 6
contiguous bits long. eg. 0xfc000000 would restore the DSCP from the
upper 6 bits of the conntrack mark.
The DSCP copying may be optionally controlled by a statemask. The
statemask is a 32bit field, usually with a single bit set and must not
overlap the dscp mask. The DSCP restore operation will only take place
if the corresponding bit/s in conntrack mark ANDed with the statemask
yield a non zero result.
eg. dscp 0xfc000000 0x01000000 would retrieve the DSCP from the top 6
bits, whilst using bit 25 as a flag to do so. Bit 26 is unused in this
example.
CPMARK mode
cpmark enables copying of the conntrack mark to the packet skb mark. In
this mode it is completely equivalent to the existing act_connmark
action. Additional functionality is provided by the optional mask
parameter, whereby the stored conntrack mark is logically ANDed with the
cpmark mask before being stored into skb mark. This allows shared usage
of the conntrack mark between applications.
eg. cpmark 0x00ffffff would restore only the lower 24 bits of the
conntrack mark, thus may be useful in the event that the upper 8 bits
are used by the DSCP function.
Usage: ... ctinfo [dscp mask [statemask]] [cpmark [mask]] [zone ZONE]
[CONTROL] [index <INDEX>]
where :
dscp MASK is the bitmask to restore DSCP
STATEMASK is the bitmask to determine conditional restoring
cpmark MASK mask applied to restored packet mark
ZONE is the conntrack zone
CONTROL := reclassify | pipe | drop | continue | ok |
goto chain <CHAIN_INDEX>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
ctinfo is a new tc filter action module. It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths. At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.
The DSCP restore mode:
This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.
The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links. Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway. Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.
Parameters related to DSCP restore mode:
dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.
statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask. This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set. This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP. A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)
e.g. dscpmask 0xfc000000 statemask 0x01000000
|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP | unused | flag |unused |
|-----------------------0x01---000000---|
| |
| |
---| Conditional flag
v only restore if set
|-ip diffserv-|
| 6 bits |
|-------------|
The skb mark restore mode (cpmark):
This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.
Parameters related to skb mark restore mode:
mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration. This can be useful where the conntrack
mark is being used for different purposes by different applications. If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)
e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.
|----0x00----conntrack mark----ffffff---|
| Bits 31-24 | |
| DSCP & flag| some value here |
|---------------------------------------|
|
|
v
|------------skb mark-------------------|
| | |
| zeroed | |
|---------------------------------------|
Overall parameters:
zone - conntrack zone
control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Make suitable adjustments for backporting to 4.14 & 4.19
and add to SCHED_MODULES_FILTER
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Current latest LSDK-19.03 u-boot had a bug that bootcmd
environment was always been reset when u-boot started up.
This was found on boards with spi NOR boot. Before the
proper fix-up is applied, we have to use a workaround
to hard code the bootcmd for OpenWrt booting for now.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
This patch is to convert to use TF-A for firmware.
- Use un-swapped rcw since swapping will be done in TF-A.
- Use u-boot with TF-A defconfig.
- Rework memory map for TF-A introduction.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
Add TF-A packages for Layerscape to implement trusted firmware.
Signed-off-by: Biwen Li <biwen.li@nxp.com>
Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
This adds a new package for the kernel module of the ATUSB WPAN driver.
Signed-off-by: Sebastian Meiling <s@mlng.net>
[fixed SoB: and From: mismatch]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This reverts commit 7c50182e0c.
Produces build error:
Package kmod-sched is missing dependencies for the following libraries:
nf_conntrack.ko
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
ctinfo is a new tc filter action module. It is designed to restore
information contained in firewall conntrack marks to other packet fields
and is typically used on packet ingress paths. At present it has two
independent sub-functions or operating modes, DSCP restoration mode &
skb mark restoration mode.
The DSCP restore mode:
This mode copies DSCP values that have been placed in the firewall
conntrack mark back into the IPv4/v6 diffserv fields of relevant
packets.
The DSCP restoration is intended for use and has been found useful for
restoring ingress classifications based on egress classifications across
links that bleach or otherwise change DSCP, typically home ISP Internet
links. Restoring DSCP on ingress on the WAN link allows qdiscs such as
but by no means limited to CAKE to shape inbound packets according to
policies that are easier to set & mark on egress.
Ingress classification is traditionally a challenging task since
iptables rules haven't yet run and tc filter/eBPF programs are pre-NAT
lookups, hence are unable to see internal IPv4 addresses as used on the
typical home masquerading gateway. Thus marking the connection in some
manner on egress for later restoration of classification on ingress is
easier to implement.
Parameters related to DSCP restore mode:
dscpmask - a 32 bit mask of 6 contiguous bits and indicate bits of the
conntrack mark field contain the DSCP value to be restored.
statemask - a 32 bit mask of (usually) 1 bit length, outside the area
specified by dscpmask. This represents a conditional operation flag
whereby the DSCP is only restored if the flag is set. This is useful to
implement a 'one shot' iptables based classification where the
'complicated' iptables rules are only run once to classify the
connection on initial (egress) packet and subsequent packets are all
marked/restored with the same DSCP. A mask of zero disables the
conditional behaviour ie. the conntrack mark DSCP bits are always
restored to the ip diffserv field (assuming the conntrack entry is found
& the skb is an ipv4/ipv6 type)
e.g. dscpmask 0xfc000000 statemask 0x01000000
|----0xFC----conntrack mark----000000---|
| Bits 31-26 | bit 25 | bit24 |~~~ Bit 0|
| DSCP | unused | flag |unused |
|-----------------------0x01---000000---|
| |
| |
---| Conditional flag
v only restore if set
|-ip diffserv-|
| 6 bits |
|-------------|
The skb mark restore mode (cpmark):
This mode copies the firewall conntrack mark to the skb's mark field.
It is completely the functional equivalent of the existing act_connmark
action with the additional feature of being able to apply a mask to the
restored value.
Parameters related to skb mark restore mode:
mask - a 32 bit mask applied to the firewall conntrack mark to mask out
bits unwanted for restoration. This can be useful where the conntrack
mark is being used for different purposes by different applications. If
not specified and by default the whole mark field is copied (i.e.
default mask of 0xffffffff)
e.g. mask 0x00ffffff to mask out the top 8 bits being used by the
aforementioned DSCP restore mode.
|----0x00----conntrack mark----ffffff---|
| Bits 31-24 | |
| DSCP & flag| some value here |
|---------------------------------------|
|
|
v
|------------skb mark-------------------|
| | |
| zeroed | |
|---------------------------------------|
Overall parameters:
zone - conntrack zone
control - action related control (reclassify | pipe | drop | continue |
ok | goto chain <CHAIN_INDEX>)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Reviewed-by: Toke Høiland-Jørgensen <toke@redhat.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Make suitable adjustments for backporting to 4.14 & 4.19
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
89bfaa424606 Fix possible linker errors by using CMake find_library macro
569284a119f9 session: handle NULL return values of crypt()
Signed-off-by: Petr Štetiar <ynezz@true.cz>
There was an issue with the backport compat layer in yesterday's snapshot,
causing issues on certain (mostly Atom) Intel chips on kernels older than
4.2, due to the use of xgetbv without checking cpu flags for xsave support.
This manifested itself simply at module load time. Indeed it's somewhat tricky
to support 33 different kernel versions (3.10+), plus weird distro
frankenkernels.
If OpenWRT doesn't support < 4.2, you probably don't need to apply this.
But it also can't hurt, and probably best to stay updated.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tools: add wincompat layer to wg(8)
Consistent with a lot of the Windows work we've been doing this last cycle,
wg(8) now supports the WireGuard for Windows app by talking through a named
pipe. You can compile this as `PLATFORM=windows make -C src/tools` with mingw.
Because programming things for Windows is pretty ugly, we've done this via a
separate standalone wincompat layer, so that we don't pollute our pretty *nix
utility.
* compat: udp_tunnel: force cast sk_data_ready
This is a hack to work around broken Android kernel wrapper scripts.
* wg-quick: freebsd: workaround SIOCGIFSTATUS race in FreeBSD kernel
FreeBSD had a number of kernel race conditions, some of which we can vaguely
work around. These are in the process of being fixed upstream, but probably
people won't update for a while.
* wg-quick: make darwin and freebsd path search strict like linux
Correctness.
* socket: set ignore_df=1 on xmit
This was intended from early on but didn't work on IPv6 without the ignore_df
flag. It allows sending fragments over IPv6.
* qemu: use newer iproute2 and kernel
* qemu: build iproute2 with libmnl support
* qemu: do not check for alignment with ubsan
The QEMU build system has been improved to compile newer versions. Linking
against libmnl gives us better error messages. As well, enabling the alignment
check on x86 UBSAN isn't realistic.
* wg-quick: look up existing routes properly
* wg-quick: specify protocol to ip(8), because of inconsistencies
The route inclusion check was wrong prior, and Linux 5.1 made it break
entirely. This makes a better invocation of `ip route show match`.
* netlink: use new strict length types in policy for 5.2
* kbuild: account for recent upstream changes
* zinc: arm64: use cpu_get_elf_hwcap accessor for 5.2
The usual churn of changes required for the upcoming 5.2.
* timers: add jitter on ack failure reinitiation
Correctness tweak in the timer system.
* blake2s,chacha: latency tweak
* blake2s: shorten ssse3 loop
In every odd-numbered round, instead of operating over the state
x00 x01 x02 x03
x05 x06 x07 x04
x10 x11 x08 x09
x15 x12 x13 x14
we operate over the rotated state
x03 x00 x01 x02
x04 x05 x06 x07
x09 x10 x11 x08
x14 x15 x12 x13
The advantage here is that this requires no changes to the 'x04 x05 x06 x07'
row, which is in the critical path. This results in a noticeable latency
improvement of roughly R cycles, for R diagonal rounds in the primitive. As
well, the blake2s AVX implementation is now SSSE3 and considerably shorter.
* tools: allow setting WG_ENDPOINT_RESOLUTION_RETRIES
System integrators can now specify things like
WG_ENDPOINT_RESOLUTION_RETRIES=infinity when building wg(8)-based init
scripts and services, or 0, or any other integer.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Highlights of this version:
- Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
- Fix OPENSSL_config bug (patch removed)
- Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
- Enable SHA3 pre-hashing for ECDSA and DSA
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [DMARC removal]
Upstream Linux's input gpio-keys driver supports
specifying a external interrupt for a gpio via the
'interrupts' properties as well as having support
for software debounce.
This patch ports these features to OpenWrt's event
version. Only the "pure" interrupt-driven support is
left behind, since this goes a bit against the "gpio"
in the "gpio-keys" and I don't have a real device to
test this with.
This patch also silences the generated warnings showing
up since 4.14 due to the 'constification' of the
struct gpio_keys_button *buttons variable in the
upstream struct gpio_keys_platform_data declaration.
gpio-button-hotplug.c: In function 'gpio_keys_get_devtree_pdata':
gpio-button-hotplug.c:392:10: warning: assignment discards 'const'
qualifier from pointer target type [-Wdiscarded-qualifiers]
button = &pdata->buttons[i++];
^
gpio-button-hotplug.c: In function 'gpio_keys_button_probe':
gpio-button-hotplug.c:537:12: warning: assignment discards 'const'
qualifier from pointer target type [-Wdiscarded-qualifiers]
bdata->b = &pdata->buttons[i];
^
gpio-button-hotplug.c: In function 'gpio_keys_probe':
gpio-button-hotplug.c:563:37: warning: initialization discards 'const'
qualifier from pointer target type [-Wdiscarded-qualifiers]
struct gpio_keys_button *button = &pdata->buttons[i];
^
Acked-by: Petr Štetiar <ynezz@true.cz>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Upstream PPP project has added in commit 8e77984 options to tune discovery
timeout and attempts in the rp-pppoe plugin.
Expose these options in the uci datamodel for pppoe:
padi_attempts: Number of discovery attempts
padi_timeout: Initial timeout for discovery packets in seconds
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
It is not always necessary to add a host route for the gre peer address.
This introduces a new config option 'nohostroute' (similar to the
option introduced for wireguard in d8e2e19) to allow to disable
the creation of those routes explicitely.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
This version bump contains the following commit to fix FS#2222
3b3e368 uclient-http: set data_eof when content-length is 0
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Instead of maintaining 3 very similar subtargets merge them into one.
This does not use the Arm NEON extension any more, because the SAMA5D3
does not support NEON.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Sandeep Sheriker <sandeepsheriker.mallikarjun@microchip.com>
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.
As KEY_RESTART is already used for reset script (and there's no
KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new
reboot script with 5 second seen delay.
Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.
As KEY_RESTART is already used for reset script (and there's no
KEY_REBOOT in Linux input events), use KEY_POWER2 for rebooting via new
reboot script with 5 second seen delay.
Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
For devices such as BTHOMEHUBV5A with both reset and restart buttons,
its easily accessible restart button has been assigned to KEY_POWER
power script to poweroff preventing accidental (or malicious) factory
resets by KEY_RESTART reset script. However an easily accessible button
immediately powering off the device is also undesirable.
Fixes: FS#1965
Signed-off-by: Alan Swanson <reiver@improbability.net>
Signed-off-by: Petr Štetiar <ynezz@true.cz> [long line wrap]
ade00ca585a4 container: fix .dockerenv stat check
385b904b2f0a hotplug: improve error message during group ownership change
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Add upstream patch from:
https://git.busybox.net/busybox/commit/?id=028c5aa18b5273c029f0278232d922ee1a164de6
The patch fixes a problem with an infinite loop causing 100% CPU usage
when running the following command /lib/preinit/10_indicate_preinit
without the CAP_NET_ADMIN capability (such as in Docker):
ip -4 address flush dev $pi_ifname
Signed-off-by: Mikael Magnusson <mikma@users.sourceforge.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [refresh patch]
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add procd inbound/outbound firewall rules if a zone is specified.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Don't set the default firewall zone to wan if not specified to keep the
behavior aligned with other tunnel protocols like gre and 6rd.
If the interface zone is not specified try to get it from the firewall config
when constructing the procd firewall rule.
While at it only add a procd inbound firewall rule if a zone is specified.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* Feature: Add support for 200Gbps (50Gbps per lane) link mode
* Feature: simplify handling of PHY tunable downshift
* Feature: add support for PHY tunable Fast Link Down
* Feature: add PHY Fast Link Down tunable to man page
* Feature: Add a 'start N' option when specifying the Rx flow hash indirection table.
* Feature: Add bash-completion script
* Feature: add 10000baseR_FEC link mode name
* Fix: qsfp: fix special value comparison
* Feature: move option parsing related code into function
* Feature: move cmdline_coalesce out of do_scoalesce
* Feature: introduce new ioctl for per-queue settings
* Feature: support per-queue sub command --show-coalesce
* Feature: support per-queue sub command --coalesce
* Fix: fix up dump_coalesce output to match actual option names
* Feature: fec: add pretty dump
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Lua's LNUM patch currently doesn't parse properly certain numbers as
it's visible from the following simple tests.
On x86_64 host (stock Lua 5.1.5, expected output):
$ /usr/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'
2147483648
8796093022208
4294967296
On x86_64 host:
$ staging_dir/hostpkg/bin/lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'
-2147483648
0
0
On x86_64 target:
$ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'
-2147483648
0
0
On ath79 target:
$ lua -e 'print(0x80000000); print(0x80000000000); print(0x100000000)'
-2147483648
8796093022208
4294967296
It's caused by two issues fixed in this patch, first issue is caused by
unhadled strtoul overflow and second one is caused by the cast of
unsigned to signed Lua integer when parsing from hex literal.
Run tested on:
* Zidoo Z9S with RTD1296 CPU (aarch64_cortex-a53)
* qemu/x86_64
* qemu/armvirt_64
* ath79
Signed-off-by: Liangbin Lian <jjm2473@gmail.com>
[commit subject/message touches, fixed From to match SOB, fixed another
unhandled case in luaO_str2i, host Lua, package bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Commit "generic: ar8216: add mib_poll_interval switch attribute" has
added mib_poll_interval global config option and commit "generic:
ar8216: group MIB counters and use two basic ones only by default" has
added mib_type config option.
So this patch adds ucidef_set_ar8xxx_switch_mib helper function which
would allow configuration of the above mentioned new switch config
options.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Commit "generic: ar8216: add mib_poll_interval switch attribute" has added
mib_poll_interval global config option and commit "generic: ar8216: group
MIB counters and use two basic ones only by default" has added mib_type
config option.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This adds the host staging directory to the include path to make it use
the zlib.h files from the staging include directory and also link
against the zlib version from the staging directory.
This fixes a compile problem when the zlib header were not installed on
the build host.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[picked from openwrt-18.06]
c9d9dbf pppoe: Custom host-uniq tag
44012ae plugins/rp-pppoe: Fix compile errors
Refresh patches
Drop 520-uniq patch as upstream accepted
Drop 150-debug_compile_fix patch as fixed upstream
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Using the same method as the D-Link DAP-2695 A1 we use
the "mtd" tool to augment the firmware checkum in flash
on first boot of a new firmware on the D-Link DIR-685.
We need to augment the Makefile for "mtd" to build in
the special WRGG fixup support for Gemini as well.
This works around the problem of the machine not booting
after factory install unless the sysupgrade is applied
immediately.
Based on commit e3875350f3
"ar71xx: add support for D-Link DAP-2695 rev. A1"
Cc: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
The D-Link DIR-685 has the same problem as the
D-Link DAP-2695: when flashing the factory image, the
checksum includes the whole flashed image, even the
rootfs_data part with the end of filesystem mark.
Also the whole flashed image is stored in the flash,
so on the first boot, the whole rootfs image is loaded
into memory with the kernel.
This is fixed using the fixwrgg command to mtd, but
for this to work we need to make fixwrgg work with
the Little-Endian ARM DIR-685.
The code tries to be endian agnostic but this fails
because the WRGG image loader doesn't. On ARM, the
file size is stored in little endian format, and on
big-endian systems it is stored in big endian format,
so we can just drop all the friendly htonl() that
will make the shdr->size big endian: this will
actually break the little endian systems, and on
the big endian systems the native endianness will
still be correct.
The magic number is always stored in little endian
format however, so make sure this is always read
in LE32 format. I chose to create a straight-forward
le32_to_cpu() static inline that IMO is simple and
easy to read.
Cc: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Specification:
- Qualcomm Atheros SoC QCA9558
- 720/600/200 MHz (CPU/DDR/AHB)
- 128 MB of RAM (DDR2)
- 16 MB of FLASH (SPI NOR)
- 1x 10/100/1000 Mbps Ethernet
- 3T3R 2.4 GHz (QCA9558 WMAC)
- 3T3R 5.8 Ghz (QCA9880-BR4A, Senao PCE4553AH)
https://fccid.io/A8J-ECB1750
Tested and working:
- lan, wireless, leds, sysupgrade (tftp)
Flash instructions:
1.) tftp recovery
- use a 1GbE switch or direct attached 1GbE link
- setup client ip address 192.168.1.10 and start tftpd
- save "openwrt-ath79-generic-engenius_ecb1750-initramfs-kernel.bin" as "ap.bin" in tfpd root directory
- plugin powercord and hold reset button 10secs.. "ap.bin" will be downloaded and executed
- afterwards login via ssh and do a sysuprade
2.) oem webinterface factory install (not tested)
Use normal webinterface upgrade page und select "openwrt-ath79-generic-engenius_ecb1750-squashfs-factory.bin".
3.) oem webinterface command injection
OEM Firmware already running OpenWrt (Attitude Adjustment 12.09).
Use OEM webinterface and command injection. See wiki for details.
https://openwrt.org/toh/engenius/engenius_ecb1750_1
Signed-off-by: sven friedmann <sf.openwrt@okay.ms>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[use interrupt-driven "gpio-keys" binding]
The Linksys EA8300 is based on QCA4019 and QCA9888 and provides three,
independent radios. NAND provides two, alternate kernel/firmware
images with fail-over provided by the OEM U-Boot.
Installation:
"Factory" images may be installed directly through the OEM GUI.
Hardware Highlights:
* IPQ4019 at 717 MHz (4 CPUs)
* 256 MB NAND (Winbond W29N02GV, 8-bit parallel)
* 256 MB RAM
* Three, fully-functional radios; `iw phy` reports (FCC/US, -CT):
* 2.4 GHz radio at 30 dBm
* 5 GHz radio on ch. 36-64 at 23 dBm
* 5 GHz radio on ch. 100-144 at 23 dBm (DFS), 149-165 at 30 dBm
#{ managed } <= 16, #{ AP, mesh point } <= 16, #{ IBSS } <= 1
* All two-stream, MCS 0-9
* 4x GigE LAN, 1x GigE Internet Ethernet jacks with port lights
* USB3, single port on rear with LED
* WPS and reset buttons
* Four status lights on top
* Serial pads internal (unpopulated)
"Linksys Dallas WiFi AP router based on Qualcomm AP DK07.1-c1"
Implementation Notes:
The OEM flash layout is preserved at this time with 3 MB kernel and
~69 MB UBIFS for each firmware version. The sysdiag (1 MB) and
syscfg (56 MB) partitions are untouched, available as read-only.
Serial Connectivity:
Serial connectivity is *not* required to flash.
Serial may be accessed by opening the device and connecting
a 3.3-V adapter using 115200, 8n1. U-Boot access is good,
including the ability to load images over TFTP and
either run or flash them.
Looking at the top of the board, from the front of the unit,
J3 can be found on the right edge of the board, near the rear
|
J3 |
|-| |
|O| | (3.3V seen, open-circuit)
|O| | TXD
|O| | RXD
|O| |
|O| | GND
|-| |
|
Unimplemented:
* serial1 "ttyQHS0" (serial0 works as console)
* Bluetooth; Qualcomm CSR8811 (potentially conected to serial1)
Other Notes:
https://wikidevi.com/wiki/Linksys_EA8300 states
FCC docs also cover the Linksys EA8250. According to the
RF Test Report BT BR+EDR, "All models are identical except
for the EA8300 supports 256QAM and the EA8250 disable 256QAM."
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Consistently handle boot-count reset and upgrade across
ipq40xx, ipq806x, kirkwood, mvebu
Dual-firmware devices often utilize a specific MTD partition
to record the number of times the boot loader has initiated boot.
Most of these devices are NAND, typically with a 2k erase size.
When this code was ported to the ipq40xx platform, the device in hand
used NOR for this partition, with a 16-byte "record" size. As the
implementation of `mtd resetbc` is by-platform, the hard-coded nature
of this change prevented proper operation of a NAND-based device.
* Unified the "NOR" variant with the rest of the Linksys variants
* Added logging to indicate success and failure
* Provided a meaningful return value for scripting
* "Protected" the use of `mtd resetbc` in start-up scripts so that
failure does not end the boot sequence
* Moved Linksys-specific actions into common `/etc/init.d/bootcount`
For upgrade, these devices need to determine which partition to flash,
as well as set certain U-Boot envirnment variables to change the next
boot to the newly flashed version.
* Moved upgrade-related environment changes out of bootcount
* Combined multiple flashes of environment into single one
* Current-partition detection now handles absence of `boot_part`
Runtime-tested: Linksys EA8300
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[checkpatch.pl fixes, traded split strings for 80+ chars per line]
This package provides board-specific reference ("cal") data
on an interim basis until included in the upstream distros
While originally conceived for IPQ4019-based boards, similar needs
are appearing with three-radio devices. For some of these devices,
both a board-2.bin file needs to be supplied both for the IPQ4019
as well as for the other radio on the board.
This patch allows new or multiple overrides to be specified by:
* Adding board name to ALLWIFIBOARDS
* Placing file(s) in this directory named as
board-<devicename>.<qca4019|qca9888|qca9984>
* Adding
$(eval $(call generate-ipq-wifi-package,<device>,<display name>))
(along with suitable package selection for the board)
At this time, QCA4019, QCA9888, and QCA9984 are supported.
Extension to other chips should be straightforward.
The existing files, board-*.bin, are "grandfathered" as QCA4019.
The package name has been retained for compatability reasons.
At this time it DEPENDS:=@TARGET_ipq40xx, limiting its visibility.
Build-tested-on: asus_map-ac2200, alfa-network_ap120c-ac,
avm_fritzbox-7530, avm_fritzrepeater-3000, engenius_eap1300,
engenius_ens620ext, linksys_ea6350v3, qxwlan-e2600ac-c1/-c2
Signed-off-by: Jeff Kletsky <git-commits@allycomm.com>
22e8e58 interface-ip: use ptp address as well to find local address target
f1aa0f9 treewide: pass bool as second argument of blobmsg_check_attr
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
The 8 year old file does not have any ARC definitions.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[updated content of the patch with version sent to upstream]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This commit makes three changes to the uci shell library:
* A check for UCI_CONFIG_DIR has been added to the command line when
adding anonymous sections. Without this change, adding anonymous
sections to configs not stored in /etc/config is not possible.
* Support for adding/removing items from lists were missing, so I have
added the functions uci_add_list() and uci_remove_list() to simplify
working with uci lists from scripts.
Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
[added missing package version bump]
Signed-off-by: Petr Štetiar <ynezz@true.cz>
The buildroot pkg-config (in staging_dir/host/bin) overrides the prefix
and exec_prefix variables in *.pc files, to supply the correct
(buildroot) paths for callers. If other variables are not defined
relative to prefix and exec_prefix, then the returned values will be
incorrect.
The default zlib.pc file generated by cmake contains absolute paths.
This patches the file to use relative paths (relative to ${prefix} and
${exec_prefix}).
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
41a74cb config: remove 'ignore' config option
c0c8034 treewide: init assignment lists head
f98b7ee config: use list safe iterator in lease_delete
3c9810b dhcpv4: fix lease ordering by ip address
b60c384 config: use multi-stage parsing of uci sections
a2dd8d6 treewide: always init interface list heads during initialization
a17665e dhcpv4: do not allow pool end address to overlap with broadcast address
6b951c5 treewide: give file descriptors safe initial value
39e11ed dhcpv4: DHCP pool size is off-by-one
4a600ce dhcpv4: add support for Parameter Request List option 55
09e5eca dhcpv4: fix DHCP packet size
3cd4876 ndp: fix syslog flooding (FS#2242)
79fbba1 config: set default loglevel to LOG_WARNING
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
for better identification. Also create SUPPORTED_DEVICES string from it
which corresponds to dts compatible string.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Missing header for va_list.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
Update linux-firmware to 20190416, which includes updated firmwares e.g. for ath10k
Also switch to official tarball source.
The following firmware files we use are updated in this change:
ath10k/QCA6174/hw3.0/board-2.bin
ath10k/QCA9888/hw2.0/firmware-5.bin
ath10k/QCA988X/hw2.0/firmware-5.bin
ath10k/QCA9984/hw1.0/firmware-5.bin
mrvl/sd8887_uapsta.bin
mrvl/pcie8897_uapsta.bin
iwlwifi-8000C-36.ucode
iwlwifi-8265-36.ucode
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
fcb076c Various fixes for errors found by coverity static analysis (#109)
d98ab38 Merge branch 'pppd_print_changes' of https://github.com/nlhintz/ppp into nlhintz-pppd_print_changes
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Convert whole target to Device Tree based board detection instead of
identifying devices by dts file name. With this we can drop mvebu.sh
translation script and rely on common method for model detection.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Add vendors in device names and also rename few device names, for easier
identyfying potential firmware to flash. The vendor and device string is
mainly derived from model/compatipble string in dts from particular
device, but since not all devices are well described, some of the renames
follow marketing names.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Switched to xz archives for smaller size.
Removed upstreamed patches.
Reorganized Makefile a little bit for clarity. Build/Prepare is not useful
anymore. Upstream converted the file to LF.
Refreshed config.
Removed -ansi option from the original CFLAGS as this was causing long
long support to be missing.
Removed fPIC. We have the macro $(FPIC) already used. No point in setting
fpic and fPIC together.
Removed pedantic -Wlong-long warnings as they are not useful.
Removed -std=gnu++98. Not only is it unnecessary (it compiles against all
standards), it actually results in a size increase. 75843 vs. 75222 (gcc
in OpenWrt defaults to g++14).
Added --gc-sections to linker flags to reduce size: 72653 vs 75222.
Removed warn linker options. They have been upstreamed.
Tested on Archer C7v2 and GnuBee PC1.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Jeff Kletsky noted in his patch titled:
"utils/spidev_test: Update to current source from upstream Linux"
that the spidev_test utility OpenWrt ships is severly out of date.
Instead of updating the spidev_test.c from the current kernel,
this patch replaces the package building code to utilize the
very file that gets shipped with the kernel we compiling for
anyway much like the "perf" package already does.
Reported-by: Jeff Kletsky <git-commits@allycomm.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
This patch updates ath10k-ct to current version.
Changes are:
ath10k-ct: Fix printing PN in peer stats.
Previous logic was incorrect. Also add set-special API to enable
returning PN.
Patches refreshed and tested on 8devices Jalapeno dev board(IPQ4019)
Signed-off-by: Robert Marko <robimarko@gmail.com>
Release notes since last time:
Release notes for wave-1:
2019-04-02: Support some get/set API for eeprom rate power tables.
Mostly backported from 10.2
2019-04-02: Support adaptive-CCA, backported from 10.2
2019-04-02: Support adding eeprom configAddr pairs via the
set-special API. These configAddrs can be used to change
the default register settings for up to 12 registers.
2019-05-03: Fix tx-power settings for 2x2, 3x3 rates.
Original logic I put in back in 2016 set 2x2 and 3x3 lower
than the needed to be when using most NICs (very high
powered NICs would not have been affected I think, not sure
any of those exist though.)
This improves throughput for 2x2 and 3x3 devices,
especially when the signal is weaker.
Release notes for wave-2:
2019-04-08: When setting keys, if high bit of high value of
key_rsc_counter is set to 0x1, then the lower 48 bits will
be used as the PN value. By default, PN is set to 1 each
time the key is set.
2019-04-08: Pack PN into un-used 'excretries' aka
'num_pkt_loss_excess_retry' high 16 bits.
This lets us report peer PN, but *only* if driver has
previously set a PN when setting key (or set-special cmd is
used to enable PN reporting).
This is done so that we know the driver is recent
enough to deal with the PN stat reporting.
2019-04-16: Support specifying tx rate on a per-beacon packet.
See ath10k_wmi_op_gen_beacon_dma and
ath10k_convert_hw_rate_to_rate_info for API details.
Driver needs additional work to actually enable this
feature currently.
2019-04-30: Compile out tx-prefetch caching logic.
It is full of tricky bugs that cause tx hangs.
I fixed at least one, but more remain and I have wasted too
much time on this already.
2019-05-08: Start rate-ctrl at mcs-3 instead of mcs-5.
This significantly helps DHCP happen quickly, probably
because the initial rate being too high would take a while
to ramp down, especially since there are few packets sent
by the time DHCP needs to start.
This bug was triggered by me decreasing retries of 0x1e
(upstream default) to 0x4. But, I think it is better to
start with lower initial MCS instead of always having a
very high retry count.
Tested on 8devices Jalapeno dev board(IPQ4019)
Signed-off-by: Robert Marko <robimarko@gmail.com>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com> [neatify]
Recently, upgrade device autodetection has been added to the mvebu target.
This exposes some shortcomings of the generic export_bootdevice function,
e.g. on the Turris Omnia: export_bootdevice silently reports the root
partition to be the boot device. This makes the sysupgrade process fail at
several places.
Fix this by clearly distinguishing between /proc/cmdline arguments which
specify the boot disk, and those which specify the root partition. Only in
the latter case, strip off the partition, and do it consistently.
root=PARTUUID=<pseudo PARTUUID for MBR> (any partition) and root=/dev/*
(any partition) are accepted.
The root of the problem is that the *existing* export_bootdevice in
/lib/upgrade/common.sh behaves differently, if the kernel is booted with
root=/dev/..., or if it is booted with root=PARTUUID=...
In the former case, it reports back major/minor of the root partition,
in the latter case it reports back major/minor of the complete boot disk.
Targets, which boot with root=/dev/... *and* use export_bootdevice /
export_partdevice, have added workarounds to this behaviour, by specifying
*negative* increments to the export_partdevice function.
Consequently, those targets have to be adapted to use positive increments,
otherwise they are broken by the change to export_bootdevice.
Fixes: 4e8345ff68 ("mvebu: base-files: autodetect upgrade device")
Signed-off-by: Klaus Kudielka <klaus.kudielka@gmail.com>
Tested-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
MT7620 integrated WMAC does not need RT2x00 PCI driver or firmware
Also corrected kmod-eeprom-93cx6 and kmod-lib-crc-itu-t dependencies
according to original Kconfig and lsmod output
This will remove some unnecessary packages from MT7620 target to
save some space
Signed-off-by: Deng Qingfang <dengqf6@mail2.sysu.edu.cn>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[75 characters per line in the commit message]
Probably glibc too. argp_help takes a char *. not const char *.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[updated with upstream version of the patch]
This version has important change for tegra boards which is reserving
32MB memory for Linux kernel instead of current 16MB.
Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
Purpose of these changes is to introduce a hook for post service
shutdown in a similar fashion to the existing hook service_started. I
found it to be useful to specify a hook that is called once the service
has been stopped and not before the service is stopped like the
stop_service hook does.
The concrete use case I have for this is that I'm running a binary that
takes over the hardware watchdog timer. Said binary unfortunately can
not use ubus directly to tell procd to hand over the watchdog timer so
this has to be done in the service file for the binary in question. In
order to support a clean handover of the watchdog timer back to procd,
the service init script has to dispatch the ubus invocation once the
binary in question has been stopped.
Signed-off-by: Arthur Skowronek <ags@digineo.de>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
[added commit message, use the same form as other hooks]
No target is using kernel 3.18 anymore, remove all the generic
support for kernel 3.18.
The removed packages are depending on kernel 3.18 only and are not used on
any recent kernel.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
This target only supports kernel 3.18, which is not supported in OpenWrt
any more for multiple releases. It also looks like there is no active
maintainer for this target.
Remove the code and all the packages which are only used by this target.
To add this target to OpenWrt again port it to a recent and supported
kernel version.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
