Commit graph

14734 commits

Author SHA1 Message Date
Daniel Engberg
0a4cd1a682 package/utils/f2fs-tools: Update to 1.11.0
Update f2fs-tools to 1.11.0

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-16 15:12:18 +02:00
Daniel Engberg
804c51e1e6 package/utils/e2fsprogs: Update to 1.44.3
Update e2fsprogs to 1.44.3
Enable threads
Enable LTO

Numbers on mips_24kc (a few packages):

Old --> New --> LTO and threads
e2fsprogs_*_mips_24kc.ipk: 173 --> 174 --> 154kbyte
libblkid_*_mips_24kc.ipk:  114 --> 114 --> 114kbyte
libext2fs_*_mips_24kc.ipk: 138 --> 139 --> 139kbyte

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-16 15:12:18 +02:00
Lukas Mrtvy
f21bcb4db8 kernel: leds-apu2 remove boardname check
'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'

Signed-off-by: Lukas Mrtvy <lukas.mrtvy@gmail.com>
2018-07-16 15:12:17 +02:00
Kevin Darbyshire-Bryant
c729c43b39 kmod-sched-cake: bump to 20180716
Bump to the latest cake recipe.

This backports tc class support to kernel 4.9 and other than conditional
kernel compilation pre-processor macros represents the cake that has
gone upstream into kernel 4.19.  Loud cheer!

Fun may be had by changing cake tin classification for packets on
ingress. e.g.

tc filter add dev ifb4eth0 parent 800b: protocol ip u32 match \
ip dport 6981 0xffff action skbedit priority 800b:1

Where 800b: represents the filter handle for the ifb obtained by 'tc
qdisc' and the 1 from 800b:1 represents the cake tin number.  So the
above example puts all incoming packets destined for port 6981 into the
BULK (lowest priority) tin.

f39ab9a Obey tin_order for tc filter classifiers
1e2473f Clean up after latest backport.
82531d0 Reorder includes to fix out of tree compilation
52cbc00 Code style cleanup
6cdb496 Fix argument order for NL_SET_ERR_MSG_ATTR()
cab17b6 Remove duplicate call to qdisc_watchdog_init()
71c7991 Merge branch 'backport-classful'
32aa7fb Fix compilation on Linux 4.9
9f8fe7a Fix compilation on Linux 4.14
ceab7a3 Rework filter classification
aad5436 Fixed version of class stats
be1c549 Add cake-specific class stats
483399d Use tin_order for class dumps
80dc129 Add class dumping
0c8e6c1 Fix dropping when using filters
c220493 Add the minimum class ops
5ed54d2 Start implementing tc filter/class support

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-16 13:55:58 +01:00
Christian Schoenebeck
1e177844bc dropbear: close all active clients on shutdown
Override the default shutdown action (stop) and close all processes
of dropbear

Since commit 498fe85, the stop action only closes the process
that's listening for new connections, maintaining the ones with
existing clients.
This poses a problem when restarting or shutting-down a device,
because the connections with existing SSH clients, like OpenSSH,
are not properly closed, causing them to hang.

This situation can be avoided by closing all dropbear processes when
shutting-down the system, which closes properly the connections with
current clients.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
[Luis: Rework commit message]
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-07-16 08:40:51 +02:00
Rafał Miłecki
82498a7f7a mtd: improve check for TRX header being already fixed
First of all lengths should be compared after checking all blocks for
being good/bad. It's because requested length may differ from a final
one if there were some bad blocks.

Secondly it makes sense to also compare crc32 since we already have a
new one calculated.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-07-15 23:27:09 +02:00
Daniel Engberg
49bdd43da2 curl: Update to 7.61.0
Update curl to 7.61.0

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-15 22:35:22 +02:00
Hans Dedecker
def5b7f285 odhcp6c: add noserverunicast config option for broken DHCPv6 servers
Fix broken DHCPv6 servers which provide the server unicast option but
do not reply on DHCPv6 renew messages directed to the IPv6 address
contained in the server unicast option whihc results in broken IPv6
connectivity.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-15 22:19:10 +02:00
Rafał Miłecki
0f54489f75 mtd: support bad blocks within the mtd_fixtrx()
Reading MTD data with (p)read doesn't return any error when accessing
bad block. As the result, with current code, CRC32 covers "data" stored
in bad blocks.

That behavior doesn't match CFE's one (bootloader simply skips bad
blocks) and may result in:
1) Invalid CRC32
2) CFE refusing to boot firmware with a following error:
Boot program checksum is invalid

Fix that problem by checking every block before reading its content.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-07-15 16:51:41 +02:00
Felix Fietkau
888a15ff83 ppp: add missing -fPIC to rp-pppoe.so CFLAGS
Fixes build error with LTO

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-14 11:00:23 +02:00
Felix Fietkau
154c0c4006 ubus: compile with LTO enabled
Reduces total .ipk size by about 1k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
73fc67b614 procd: compile with LTO enabled
Reduces .ipk size on MIPS from 42k to 39k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
47b42137ce dropbear: compile with LTO enabled
Reduces size of the .ipk on MIPS from 87k to 84k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
ef96d1e34a firewall: compile with LTO enabled
Reduces .ipk size on MIPS from 41.6k to 41.1k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
ef16a394d2 iw: compile with LTO enabled
Reduces .ipk size on MIPS from 34k to 33k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
e7397eef69 ppp: compile with LTO enabled
Reduces .ipk size on MIPS from 98.5k to 98k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
dfbd49bd22 ppp: fix linker flags for the radius plugin
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
07940acc34 netifd: compile with LTO enabled
Reduces .ipk size from 65k to 63k on MIPS

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
8c11133c9d busybox: compile with LTO enabled
In the default configuration on MIPS, it reduces the .ipk size
from 214k to 207k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 17:22:53 +02:00
Felix Fietkau
4e56af5ab4 mt76: update to the latest version
08719b1 mt76: use a per rx queue page fragment cache
4d2c565 mt76x2: reset HW before probe
f622975 mt76x2: fix CCK protection control frame rate
6780375 mt76x2: add frame protection support

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-13 16:36:56 +02:00
Matthias Schiffer
16035a7dd3
include/feeds.mk: rework generation of opkg distfeeds.conf
Allow enabling/commenting/disabling each feed individually by using a
tristate config symbol.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-12 21:18:41 +02:00
Matthias Schiffer
6dac434c00
base-files: fix feed list in PKG_CONFIG_DEPENDS
FEEDS_ENABLED and FEEDS_DISABLED are derived from FEEDS_AVAILABLE, not
FEEDS_INSTALLED.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-07-12 21:18:41 +02:00
Lukáš Mrtvý
d3b8e6b2a7 kernel: gpio-nct5104d remove boardname check
'In different versions of coreboot are different names of apu boardname.
No need to check boardname to load module.'

Signed-off-by: Lukáš Mrtvý <lukas.mrtvy@gmail.com>
2018-07-12 08:51:27 +02:00
Hans Dedecker
af70d86d62 netifd: update to latest git HEAD
5cf7975 iprule: rework interface based rules to handle dynamic interfaces
57f87ad Introduce new interface event "create" (IFEV_CREATE)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-11 21:55:23 +02:00
Felix Fietkau
68f9921ed8 netifd: update to the latest version
c1f6a82 system-linux: add autoneg and link-partner output
e9eff34 system-linux: extend link mode speed definitions
d1251e1 system-linux: adjust bridge isolate mode for upstream attribute naming
03785fb system-linux: fix build error on older kernels

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-11 20:59:05 +02:00
Felix Fietkau
e07ad61aec procd: update to the latest version, fixes gcc 8 build error
a0372ac procd: increase watchdog fd_buf storage size to fix gcc8 build error

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-11 18:34:59 +02:00
Koen Vandeputte
8b42a260ed mac80211: Expose support for ath9k Dynack
Enables support for Dynack feature.

When a remote station is far away, we need to compensate for the distance
by allowing more time for an ACK to arrive back before issueing a retransmission.
Currently, it needs to be set fixed to indicate the maximum distance the remote
station will ever be.

While this mostly works for static antennae, it introduces 2 issues:
- If the actual distance is less, speed is reduced due to a lot of wates wait-time
- If the distance becomes greater, retries start to occur and comms can get lost.

Allowing to set it dynamically using dynack ensures the best possible tradeoff
between speed vs distance.

This feature is currently only supported in ath9k.
it is also disabled by default.

Enabling it can be done in 2 ways:
- issue cmd:  iw phy0 set distance auto
- sending the NL80211_ATTR_WIPHY_DYN_ACK flag to mac80211 driver using netlink

Disabling it can be done by providing a valid fixed value.

To give an idea of a practical example:

In my usecase, we have mesh wifi device installed on ships/platforms.
Currently, the coverage class is set at 12000m fixed.

When a vessel moved closer (ex. 1500m), the measured link capacity was a lot
lower compared to setting the coverage class fixed to 1500m

Dynack completely solved this, nearly providing double the bandwidth at closer range
compared to the fixed setting of 12000m being used.

Also when a vessel sailed to a distance greater than the fixed setting,
communication was lost as the ACK's never arrived within the max allowed timeframe.

Actual distance: 6010m
iperf 60s run avg

Fixed 12150m:  31 Mbit/s
Dynack:        58 Mbit/s

Fixed 6300m:   51 Mbit/s
Dynack:        59 Mbit/s

Fixed 3000m:   13 Mbit/s  (lots of retries)
Dynack:        58 Mbit/s

Actual distance: 1504m
iperf 60s run avg

Fixed 12150m:  31 Mbit/s
Dynack:        86 Mbit/s

Fixed 6300m:   55 Mbit/s
Dynack:        87 Mbit/s

Fixed 3000m:   67 Mbit/s
Dynack:        87 Mbit/s

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-07-11 16:23:51 +02:00
Moritz Warning
954faac7bc qos-scripts: fix indentation
Signed-off-by: Moritz Warning <moritzwarning@web.de>
2018-07-11 09:40:40 +02:00
Jason A. Donenfeld
4630159294 wireguard: bump to 0.0.20180708
* device: print daddr not saddr in missing peer error
* receive: style

Debug messages now make sense again.

* wg-quick: android: support excluding applications

Android now supports excluding certain apps (uids) from the tunnel.

* selftest: ratelimiter: improve chance of success via retry
* qemu: bump default kernel version
* qemu: decide debug kernel based on KERNEL_VERSION

Some improvements to our testing infrastructure.

* receive: use NAPI on the receive path

This is a big change that should both improve preemption latency (by not
disabling it unconditionally) and vastly improve rx performance on most
systems by using NAPI. The main purpose of this snapshot is to test out this
technique.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-11 09:04:03 +02:00
Hans Dedecker
7e82418372 iproute2: update to 4.17.0
Update to the latest version of iproute2; see https://lwn.net/Articles/756991/
for a full overview of the changes in 4.17.
Remove upstream patch 002-json_print-fix-hidden-64-bit-type-promotion.
Backport upstream patch 001-rdma-sync-some-IP-headers-with-glibc fixing
rdma compile issue.
At the same time re-organize patch numbering so the OpenWRT specific
patches start at 100.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-10 19:30:12 +02:00
Felix Fietkau
6dac92a42e hostapd: build with LTO enabled (using jobserver for parallel build)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-10 14:26:35 +02:00
Hans Dedecker
98a6bee09a odhcpd: update to latest git HEAD
345bba0 dhcpv4: improve error checking in handle_dhcpv4()
c0f6390 odhcpd: Check if open the ioctl socket failed

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-09 09:28:55 +02:00
Kevin Darbyshire-Bryant
edf338f248 basefiles: Reword sysupgrade message
sysupgrade 'upgrade' message more verbose than needs be.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-08 09:41:53 +01:00
Konstantin Demin
f715d816b7 libnl: bump to 3.4.0
refresh patches

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
2018-07-07 18:33:58 +02:00
Vladimir Vid
856cc6d999 uboot-imx: bump to 2018.03 which fixes the build issues with fdt64_t redefinitions
* change mx6qsabresd to mx6qsabres to match defconfig name
* merge wanboard profiles since there is only one defconfig for the target device
* move wanboard options from wandboard.h to defconfig
* remove legacy patches

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2018-07-07 18:33:57 +02:00
Sven Eckelmann
87493dac11 mac80211: initialize sinfo in cfg80211_get_station
Most of the implementations behind cfg80211_get_station will not initialize
sinfo to zero before manipulating it. For example, the member "filled",
which indicates the filled in parts of this struct, is often only modified
by enabling certain bits in the bitfield while keeping the remaining bits
in their original state. A caller without a preinitialized sinfo.filled can
then no longer decide which parts of sinfo were filled in by
cfg80211_get_station (or actually the underlying implementations).

cfg80211_get_station must therefore take care that sinfo is initialized to
zero. Otherwise, the caller may tries to read information which was not
filled in and which must therefore also be considered uninitialized. In
batadv_v_elp_get_throughput's case, an invalid "random" expected throughput
may be stored for this neighbor and thus the B.A.T.M.A.N V algorithm may
switch to non-optimal neighbors for certain destinations.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-07-07 18:33:57 +02:00
Sven Eckelmann
1c01e02575 ath10k-ct: search DT for BDF variant info
Board Data File (BDF) is loaded upon driver boot-up procedure. The right
board data file is identified on QCA4019 using bus, bmi-chip-id and
bmi-board-id.

The problem, however, can occur when the (default) board data file cannot
fulfill the vendor requirements and it is necessary to use a different
board data file.

This problem was solved for SMBIOS by adding a special SMBIOS type 0xF8.
Something similar has to be provided for systems without SMBIOS but with
device trees. No solution was specified by QCA and therefore a new one has
to be found for ath10k.

The device tree requires addition strings to define the variant name

    wifi@a000000 {
    	status = "okay";
    	qcom,ath10k-calibration-variant = "RT-AC58U";
    };

    wifi@a800000 {
    	status = "okay";
    	qcom,ath10k-calibration-variant = "RT-AC58U";
    };

This would create the boarddata identifiers for the board-2.bin search

 *  bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=RT-AC58U
 *  bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=RT-AC58U

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2018-07-07 18:33:57 +02:00
Hauke Mehrtens
b19622044d mbedtls: Activate deterministic ECDSA
With deterministic ECDSA the value k needed for the ECDSA signature is
not randomly generated any more, but generated from a hash over the
private key and the message to sign. If the value k used in a ECDSA
signature or the relationship between the two values k used in two
different ECDSA signatures over the same content is know to an attacker
he can derive the private key pretty easily. Using deterministic ECDSA
as defined in the RFC6979 removes this problem by deriving the value k
deterministically from the private key and the content which gets
signed.

The resulting signature is still compatible to signatures generated not
deterministic.

This increases the size of the ipk on mips 24Kc by about 2 KByte.
old:
166.240 libmbedtls_2.11.0-1_mips_24kc.ipk
new:
167.811 libmbedtls_2.11.0-1_mips_24kc.ipk

This does not change the ECDSA performance in a measurable way.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-07-07 18:33:53 +02:00
Daniel Engberg
5a078180d0 mbedtls: Disable MBEDTLS_SHA256_SMALLER implementation
Disable MBEDTLS_SHA256_SMALLER implementation, not enabled by default in
upstream and reduces performance by quite a bit.

Source: include/mbedtls/config.h

Enable an implementation of SHA-256 that has lower ROM footprint but also
lower performance.

The default implementation is meant to be a reasonnable compromise between
performance and size. This version optimizes more aggressively for size at
the expense of performance. Eg on Cortex-M4 it reduces the size of
mbedtls_sha256_process() from ~2KB to ~0.5KB for a performance hit of
about 30%.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
164.382 Bytes
ipkg for mips_24kc after:
166.240 Bytes

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-07 18:31:13 +02:00
Daniel Engberg
10554cfcc1 mbedtls: Update to 2.11.0
Update mbed TLS to 2.11.0

Disable OFB block mode and XTS block cipher mode, added in 2.11.0.
The soVersion of mbedtls changed, bump PKG_RELEASE for packages that use mbedTLS
This is to avoid having a mismatch between packages when upgrading.

The size of mbedtls increased a little bit:
ipkg for mips_24kc before:
163.846 Bytes
ipkg for mips_24kc after:
164.382 Bytes

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-07-07 18:29:14 +02:00
Daniel Engberg
f15f3286e3 mbedtls: cleanup config patch
Clean up patch, use "//" consistently.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-07-07 18:19:39 +02:00
Enrico Mioso
231b0177fb libconfig: update to version 1.7.2
The previous link did not work here.

Compile-tested on: bcm47xx
Runtime-tested on: bcm47xx

Signed-off-by: Enrico Mioso <mrkiko.rs@gmail.com>
2018-07-07 18:19:39 +02:00
Yousong Zhou
191078e83d ca-certificates: ca-bundle: add symlink for openssl default setting
OpenSSL defaults X509_CERT_FILE to /etc/ssl/cert.pem.  This change is
needed for wget-ssl and possibly others to work seamlessly with fresh
ca-bundle installation

Fixes openwrt/packages#6152

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-07-07 18:19:39 +02:00
Florian Eckert
c79ef6fbe3 linux: update license tag to use correct SPDX tag
Use SPDX tag.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-07-07 16:12:03 +02:00
Felix Fietkau
bf136c637c perf: remove linux 4.4 workarounds
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-07 14:53:26 +02:00
Felix Fietkau
1e6c30690c libubox: update to the latest version
3c1b33b utils: add const_* byteswapping functions

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-07-07 14:53:26 +02:00
Zoltan HERPAI
10e393262c firmware: amd64-microcode: update to 20180524
* New microcode update packages from AMD upstream:
    + New Microcodes:
      sig 0x00800f12, patch id 0x08001227, 2018-02-09
    + Updated Microcodes:
      sig 0x00600f12, patch id 0x0600063e, 2018-02-07
      sig 0x00600f20, patch id 0x06000852, 2018-02-06
  * Adds Spectre v2 (CVE-2017-5715) microcode-based mitigation support,
    plus other unspecified fixes/updates.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-07-07 12:23:00 +02:00
Kevin Darbyshire-Bryant
4bd4ece9ea kmod-sched-cake: bump to latest 20180706
Fixes a potential infinite loop bug when in unlimited (ie not using
built in shaper) mode.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-07 11:10:59 +01:00
Luiz Angelo Daros de Luca
b724443f9f elfutils: bump to 0.173
- Removed hacks to use standalone argp as upstream now detects it nicely.
- As we are already installing files, use files from PKG_INSTALL_DIR and
  not PKG_BUILD_DIR
- Only changes Makefile.am as PKG_FIXUP:=autoreconf is in use

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-07-04 16:18:08 +02:00
Kevin Darbyshire-Bryant
fbf475403b dnsmasq: bump to latest patches on 2.80rc2
Refresh patches and backport upstream to current HEAD:

a997ca0 Fix sometimes missing DNSSEC RRs when DNSSEC validation not enabled.
51e4eee Fix address-dependent domains for IPv6.
05ff659 Fix stupid infinite loop introduced by preceding commit.
db0f488 Handle some corner cases in RA contructed interfaces with addresses changing interface.
7dcca6c Warn about the impact of cache-size on performance.
090856c Allow zone transfer in authoritative mode whenever auth-peer is specified.
cc5cc8f Sane error message when pcap file header is wrong.
c488b68 Handle standard and contructed dhcp-ranges on the same interface.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-07-03 13:58:55 +01:00