Commit graph

42903 commits

Author SHA1 Message Date
Magnus Kroken
7849f74117 mbedtls: update to 2.13.0
* Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing.
* Several bugfixes.
* Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2018-09-22 19:26:25 +02:00
Felix Fietkau
a32a70f4f2 ath9k: add back support for using tx99 with active monitor interfaces
Fixes controlling bitrate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-22 18:41:38 +02:00
Felix Fietkau
7decdf923a mac80211: fix tx queue allocation for active monitor interfaces
Fixes a crash with drivers like ath9k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-22 18:41:36 +02:00
Felix Fietkau
a6beca1f56 mt76: fix tx power issue for mt76x2
6e1898d mt76x2: fix tx power configuration for VHT mcs 9

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-22 12:56:18 +02:00
Kevin Darbyshire-Bryant
8ee7a80d19 kernel: re-enable MIPS VDSO
kernel upstream commit 9efcaa7c4afba5628f2650a76f69c798f47eeb18 to 4.14
itself a backport of 0f02cfbc3d9e413d450d8d0fd660077c23f67eff has
resolved the cache line issues that led to us disabling VDSO by default
on MIPS.

Remove our force disable patch:

pending-4.14/206-mips-disable-vdso.patch

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-09-22 07:48:15 +01:00
Luiz Angelo Daros de Luca
38a88ade14 elfutils: bump to 0.174
- Simplified musl patch with error.h concentrated into system.h

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-09-21 21:32:12 +02:00
Christian Lamparter
1801e60390 toolchain/musl: update to version 1.1.20
This release introduces the ability to replace/interpose the allocator
(malloc) subject to certain restrictions, adds an experimental m68k
port, and makes notable improvements to stdio (application-provided
buffers), getaddrinfo (AI_ADDRCONFIG, support for IPv4-only kernel
configurations), the dynamic linker (safety against dlopen of
libraries using initial-exec TLS model, reclaiming unused memory on
FDPIC archs, better dladdr results), and handling of default thread
stack size (pthread_setattr_default_np now works more reliably).

Many bugs have been fixed, including potentially dangerous regressions
in iconv (only for new conversions to legacy encodings) and visibly
incorrect behavior in printf on non-x86 archs (%a format with
precision specifier), in getopt_long_only when short options are a
prefix for a long option, in complex arc-trig/hyperbolic functions, in
strftime and mktime (timezone-specific issues), and numerous
less-obvious places.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[altered commit msg a bit keeping it tight]
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-21 13:25:08 +02:00
Koen Vandeputte
0dbdb476f3 kernel: bump 4.14 to 4.14.71
Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-21 13:23:16 +02:00
Koen Vandeputte
72e9b4059e kernel: bump 4.9 to 4.9.128
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-21 13:23:16 +02:00
Kevin Darbyshire-Bryant
6c4cbe94bd dnsmasq: Change behavior when RD bit unset in queries.
Backport upstream commit

Change anti cache-snooping behaviour with queries with the
recursion-desired bit unset. Instead to returning SERVFAIL, we
now always forward, and never answer from the cache. This
allows "dig +trace" command to work.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-21 09:59:03 +01:00
Jonathan Lancett
95b3f8ec8d mwlwifi: driver version to 10.3.8.0-20180920
Signed-off-by: Jonathan Lancett <j.lancett@ntlworld.com>
[minor tweak to commit title]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-20 21:03:48 +01:00
Felix Fietkau
ccab68f2d3 ath9k: fix unloading the module
Registering a GPIO chip with the ath9k device as parent prevents unload,
because the gpiochip core increases the module use count.
Unfortunately, the only way to avoid this at the moment seems to be to
register the GPIO chip without a parent device

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-20 10:08:17 +02:00
Rosen Penev
5efd080e20 mdadm: Install /etc/config file as 600
/etc/config/mdadm is only used by the init script which is ran as root.
There is no need for it to be readable by anything else.

Added PKG_CPE_ID for proper CVE tracking.

Small reorganization for consistency between Makefiles.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:42:13 +01:00
Rosen Penev
4ad87744fa fstools: Install mount.hotplug and 10-fstab.defaults as 600
Both of these are used by programs that run as root and nothing else.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Rosen Penev
873801a671 usbmode: Update modeswitch data to 20170806
Changed hotplug file to 600 as it is only read by procd, which runs as
root.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Rosen Penev
39d8b2cf79 trelay: Install hotplug and config files as 600
The hotplug file is ran by procd, which runs as root. The config file is
used by the init script, which also runs as root.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Rosen Penev
7651e254d5 dropbear: Install /etc/config as 600
/etc/config/dropbear is used by the init script which only runs as root.

Small whitespace change.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Rosen Penev
add4871582 lldpd: Install /etc/config file as 600
/etc/config/lldpd is only used by the init script, which only runs as root

Adjusted homepage and download URLs to use HTTPS.

-std=c99 is useful for GCC versions less than 6. Current OpenWrt uses 7.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Hans Dedecker
6cd41ca673 netifd: update to latest git HEAD
23941d7 system-linux: enable by default ignore encaplimit for ip6 tunnels

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-19 10:09:25 +02:00
Hans Dedecker
d9691b66e2 map: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken map connectivity.
Therefore drop the default encaplimit value for map tunnels so
no destination option header is included by default.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-19 09:42:45 +02:00
Hans Dedecker
1241707b40 ds-lite: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken ds-lite connectivity.
Therefore drop the default encaplimit value for ds-lite tunnels so
no destination option header is included by default.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-19 09:42:28 +02:00
Jason A. Donenfeld
f07a94da50 wireguard: bump to 0.0.20180918
* blake2s-x86_64: fix whitespace errors
* crypto: do not use compound literals in selftests
* crypto: make sure UML is properly disabled
* kconfig: make NEON depend on CPU_V7
* poly1305: rename finish to final
* chacha20: add constant for words in block
* curve25519-x86_64: remove useless define
* poly1305: precompute 5*r in init instead of blocks
* chacha20-arm: swap scalar and neon functions
* simd: add __must_check annotation
* poly1305: do not require simd context for arch
* chacha20-x86_64: cascade down implementations
* crypto: pass simd by reference
* chacha20-x86_64: don't activate simd for small blocks
* poly1305-x86_64: don't activate simd for small blocks
* crypto: do not use -include trick
* crypto: turn Zinc into individual modules
* chacha20poly1305: relax simd between sg chunks
* chacha20-x86_64: more limited cascade
* crypto: allow for disabling simd in zinc modules
* poly1305-x86_64: show full struct for state
* chacha20-x86_64: use correct cut off for avx512-vl
* curve25519-arm: only compile if symbols will be used
* chacha20poly1305: add __init to selftest helper functions
* chacha20: add independent self test

Tons of improvements all around the board to our cryptography library,
including some performance boosts with how we handle SIMD for small packets.

* send/receive: reduce number of sg entries

This quells a powerpc stack usage warning.

* global: remove non-essential inline annotations

We now allow the compiler to determine whether or not to inline certain
functions, while still manually choosing so for a few performance-critical
sections.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-19 08:30:13 +01:00
Kevin Darbyshire-Bryant
687168ccd9 dnsmasq: Handle memory allocation failure in make_non_terminals()
Backport upstream commit:

ea6cc33 Handle memory allocation failure in make_non_terminals()

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-19 07:43:02 +01:00
Mike McCormack
e8cbfedc72 ucert: work around short read
usign occasionally writes 16 characters then exits without writing a LF,
leaving ucert hanging waiting for more input.  Accept 16 characters
or more rather than 17 to work around the short read.

Signed-off-by: Mike McCormack <mike@atratus.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-09-18 13:51:09 +02:00
Koen Vandeputte
0cda4af005 kernel: bump 4.14 to 4.14.70
Refreshed all patches.

Added new patch:
- 192-Revert-ubifs-xattr-Don-t-operate-on-deleted-inodes.patch

This fixes a bug introduced in upstream 4.14.68 which caused targets using
ubifs to produce file-system errors on boot, rendering them useless.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-17 15:47:44 +02:00
Koen Vandeputte
784d7f0251 kernel: bump 4.9 to 4.9.127
Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-17 15:47:44 +02:00
Koen Vandeputte
92511d21cc kernel: bump 3.18 to 3.18.122
Refreshed all patches.

Compile-tested on: adm5120
Runtime-tested on: none

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-17 15:47:44 +02:00
Daniel Golle
e51aa699f7 uqmi: pass-through ipXtable to child interfaces
Allow setting specific routing tables via the ip4table and ip6table
options also when ${ifname}_4 and ${ifname}_6 child interfaces are
being created.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-09-15 19:18:42 +02:00
Felix Fietkau
03c7c8c853 tools/e2fsprogs: fix build with clang
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-15 15:49:43 +02:00
Kevin Darbyshire-Bryant
033f02b9b5 iproute2: q_cake: Also print nonat, nowash and no-ack-filter keywords
Pull in latest upstream tweaks:
Similar to the previous patch for no-split-gso, the negative keywords for
'nat', 'wash' and 'ack-filter' were not printed either. Add those as well.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-15 08:46:32 +01:00
Hannu Nyman
4a3298c124 busybox: update to 1.29.3
Update busybox to 1.29.3, minor bugfix release

https://git.busybox.net/busybox/log/?h=1_29_3

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-09-15 08:57:14 +02:00
Hans Dedecker
24d82c2e5c toolchain/glibc: update to latest 2.26 commit
c5c90b480e Fix segfault in maybe_script_execute.
174709d879 pthread_cond_broadcast: Fix waiters-after-spinning case [BZ #23538]

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-13 11:06:30 +02:00
Rosy Song
918ec4d549 odhcpd: enable ipv6 server mode only when it is supported
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-09-12 21:47:33 +02:00
Kevin Darbyshire-Bryant
8cac857289 iproute2: q_cake: Add printing of no-split-gso option
When the GSO splitting was turned into dual split-gso/no-split-gso options,
the printing of the latter was left out. Add that, so output is consistent
with the options passed

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-12 09:13:44 +01:00
Rafał Miłecki
b3d441c5f7 mac80211: brcmfmac: backport CYW89342 support & fixes from 4.20
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-09-12 08:40:24 +02:00
Kevin Darbyshire-Bryant
66fd41ba79 kmod-sched-cake: fix 6in4/gso performance issue
Bump to latest upstream cake:

Add workaround for wrong skb->mac_len values after splitting GSO

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-12 05:34:44 +01:00
Florian Fainelli
4fca0e8896 netifd: update to latest HEAD
0059335c5b60 CMakeList: Check that compiler supports -Wimplicit-fallthrough

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2018-09-11 17:19:51 -07:00
Marko Ratkaj
6e80dd58bb tools/expat: fix docbook2man error on some systems
On some systems (Gentoo) configure stage fails because of docbook2man
working with SGML rather than with XML. We don't need xmlwf man pages so
we disable this.

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
2018-09-11 15:00:09 +02:00
Jason A. Donenfeld
a54f492d0c wireguard: bump to 0.0.20180910
* curve25519: arm: do not modify sp directly
* compat: support neon.h on old kernels
* compat: arch-namespace certain includes
* compat: move simd.h from crypto to compat since it's going upstream

This fixes a decent amount of compat breakage and thumb2-mode breakage
introduced by our move to Zinc.

* crypto: use CRYPTOGAMS license

Rather than using code from OpenSSL, use code directly from AndyP.

* poly1305: rewrite self tests from scratch
* poly1305: switch to donna

This makes our C Poly1305 implementation a bit more intensely tested and also
faster, especially on 64-bit systems. It also sets the stage for moving to a
HACL* implementation when that's ready.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-11 11:34:23 +02:00
John Crispin
9926f7cf29 kernel: add missing symbol
Signed-off-by: John Crispin <john@phrozen.org>
2018-09-10 17:50:40 +02:00
Andy Walsh
4549ab46a8 base-files: /etc/services: add missing 'rpcbind' alias
* add missing 'rpcbind' alias to /etc/services

Allows rpcbind to open its 111 port and be reachable via lan, this is the default behaviour.

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-09-10 10:44:03 +02:00
Tobias Wolf
93bfafb8dc ramips: Fix early memory calculation for certain MIPS platforms
Kernel upstream commit 67a3ba25aa95 ("MIPS: Fix incorrect mem=X@Y handling") introduced a new issue for rt288x where "PHYS_OFFSET" is 0x0 but the calculated "ramstart" is not. As the prerequisite of custom memory map has been removed, this results in the full memory range of 0x0 - 0x8000000 to be marked as reserved
for this platform.

This patch adds the originally intended prerequisite again.

Signed-off-by: Tobias Wolf <dev-NTEO@vplace.de>
2018-09-10 10:07:42 +02:00
Sven Eckelmann
78a5d25dca ar71xx: Skip more hashed blocks for OM2P(-HS) 64k variant
The OM2P(-HS)v4 got a variant which uses a slightly different flash. The
standard versions used a flash with 256KB blocks which is no longer
available. The replacement flash uses a flash with 64K blocks.

The padding for the image rootfs is already for 64K and 256K and thus can
be flashed on the device without any problems. Unfortunately, the
bootloader will check $rootfs_size (rounded down to the nearest 64k block)
minus 1x 64k. But it is now possible that the new JFFS2 rootfs_data starts
even earlier and modifies the checked region. The check will then fail and
the backup image (when available) will be booted.

Just setting it to the same number of skipped blocks as other 64K models
avoids this problem.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-09-10 10:01:58 +02:00
Daniel Engberg
3e734e822b tools/expat: Update to 2.2.6
Update (lib)expat to 2.2.6

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-09-10 10:01:27 +02:00
Daniel Engberg
c6a0d57ca9 tools/e2fsprogs: Update to 1.44.4
Update e2fsprogs to 1.44.4

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-09-10 10:01:09 +02:00
Lech Perczak
4f93342d92 ath79: ubnt-xm: add rssileds package
In order to make RSSI indicator on the device work out of box,
include "rssileds" package in per-device rootfs image by default
for Ubiquiti XM family.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2018-09-10 09:58:31 +02:00
Lech Perczak
e440a9d73f ath79: ubnt-xm: create RSSI monitor on wlan0
When mapping for RSSI LEDs was defined for interface wlan0 on
Ubiquiti XM family, the mapping for rssileds monitor was omitted
by mistake. Therefore create the mapping, so RSSI LEDs work without
additional configuration, after starting rssileds service.

Signed-off-by: Lech Perczak <lech.perczak@gmail.com>
2018-09-10 09:58:31 +02:00
Bernhard Frauendienst
480bf28273 ath79: add support for Buffalo WZR-HP-AG300H
Buffalo WZR-HP-AG300H is a dual band router based on
Qualcom Atheros AR7161 rev 2

Specification:
- 680 MHz CPU (Qualcomm Atheros AR7161)
- 128 MiB RAM (2x Samsung K4H511638G-LCCC)
- 32 MiB Flash (2x Winbond 25Q128BVFG)
- WiFi 5 GHz a/n (Atheros AR9220)
- WiFi 2.4 GHz b/g/n (Atheros AR9223)
- 1000Base-T WAN (Atheros AR7161)
- 4x 1000Base-T Switch (Atheros AR8316)
- 1x USB 2.0
- 3 Buttons (AOSS/WPS, Reset, USB Eject)
- 2 Slide switches (Router (on/off/auto), Movie Engine (on/off))
- 9 LEDs (Power green, WLAN 2GHz green, WLAN 2GHz amber,
    WLAN 5GHz green, WLAN 5GHz LED amber, Router green,
    Diag red, Movie Engine blue, USB green)

It is already supported by the ar71xx target.

For more information on the device visit the wiki:
<https://openwrt.org/toh/buffalo/wzr-hp-ag300h>

Serial console:
- The UART Header is next to Movie Engine Switch.
- Pinout is RX - TX - GND - 3.3V (Square Pad is 3.3V)
- The Serial setting is 115200-8-N-1.

Installation of OpenWRT from vendor firmware:
- Connect to the Web-interface at http://192.168.11.1
- Go to “Administration” → “Firmware Upgrade”
- Upload the OpenWrt factory image

Tested:
- Ethernet (LAN, WAN)
- WiFi
- Installation
  - via TFTP rescue
  - via factory image
    - on firmware v1.77 (28-05-2012)
    - on pro firmware v24SP2 r30356 (26-03-2018)
  - via sysupgrade from ar71xx
    (wlan devices don't work because of new names)
  - via sysupgrade from itself
- Buttons
- LEDS
- USB (Power control and device recognition)

Signed-off-by: Bernhard Frauendienst <openwrt@nospam.obeliks.de>
2018-09-10 09:35:07 +02:00
Bernhard Frauendienst
3370e10495 kernel: add driver for virtual mtd_concat devices
Some systems require multiple flash chips to be concatenated and read as
a single mtd device. The ar71xx target provides custom code to create
such mtdconcat devices. When porting devices to ath79, however, there is
no way to create such devices from within the device tree.

This commit adds a driver for creating virtual mtd-concat devices to the
ath79 target. Nodes must have a compatible = "virtual,mtd-concat" line,
and define a list of devices to concat in the 'devices' property,
for example:

flash {
	compatible = "virtual,mtd-concat";

	devices = <&flash0 &flash1>;
};

The driver is added to the very end of the mtd Makefile to increase the
likelyhood of all child devices already being loaded at the time of
probing, preventing unnecessary deferred probes which might in turn
cause other problems (like failure to load MAC addresses from art because
the partitions are not loaded yet).

Signed-off-by: Bernhard Frauendienst <openwrt@nospam.obeliks.de>
2018-09-10 09:35:07 +02:00
INAGAKI Hiroshi
7768f11534 ath79: add support for ELECOM WRC-300GHBK2-I
ELECOM WRC-300GHBK2-I is a 2.4 GHz wireless router, based on Qualcomm
Atheros QCA9563.

Specification:

- Qualcomm Atheros QCA9563
- 64 MB of RAM (DDR2)
- 8 MB of Flash (SPI-NOR)
- 2T2R 2.4 GHz wifi
  - SoC internal
- 5x 10/100/1000 Mbps Ethernet
- 3x LEDs, 4x keys(connected to GPIO: 3x)
- UART header on PCB
  - TX, GND, RX, Vcc from ethernet port side
  - 115200n8

Flash instruction using factory image:

1. Boot the WRC-300GHBK2-I normaly and connect the computer to its
LAN port
2. Access to "http://192.168.2.1/" and open firmware update page
("ファームウェア更新 手動更新(アップデート)")
3. Select the OpenWrt factory image and click apply ("適用") button
to perform firmware update
4. On the (initramfs) factory image, execute "mtd erase firmware" to
erase stock firmware and execute sysupgrade with squashfs-sysupgrade
image for WRC-300GHBK2-I
5. Wait ~150 seconds to complete flashing

Signed-off-by: INAGAKI Hiroshi <musashino.open@gmail.com>
2018-09-10 09:30:28 +02:00