Commit graph

14615 commits

Author SHA1 Message Date
Kevin Darbyshire-Bryant
a64fae8354 Revert "iproute2: fix hidden uint to uin64_t promotion in json_print"
This reverts commit 745d0e7f4b.

It looks like upstream don't want the patch so let's revert it here too.

I hope a fix from upstream is forthcoming.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-03-31 09:18:31 +02:00
Hans Dedecker
479aaf6375 map: fix psidlen becoming negative (FS#1430)
Fix psidlen becomes negative in case embedded address bit lenght is smaller than
IPv4 suffix length.
While at it improve parameter checking making the code more logical and
easier to read.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-29 22:19:18 +02:00
Felix Fietkau
4bcf6acb14 Revert "ppp: make ppp-multilink provide ppp"
opkg currently has some issues with Provides and this change makes the
image builder fail because of that. Revert the change for now until opkg
is fixed

This reverts commit 092d75aa3e.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-29 11:57:40 +02:00
Yousong Zhou
01b835970a procd: update to the latest version
Changes since last version

    dfb68f8 service: initialize supplementary group ids
    3db4e6d service: add func for string config change check
    c3faabe procd: get rid of putenv usage.

The supplementary group id change fixes FS#988

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-03-28 17:42:40 +08:00
Daniel Golle
eba3b028e4 hostapd: update to git snapshot of 2018-03-26
The following patches were merged upstream:
000-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
 replaced by commit 0e3bd7ac6
001-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
 replaced by commit cb5132bb3
002-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
 replaced by commit 87e2db16b
003-Prevent-installation-of-an-all-zero-TK.patch
 replaced by commit 53bb18cc8
004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
 replaced by commit 0adc9b28b
005-TDLS-Reject-TPK-TK-reconfiguration.patch
 replaced by commit ff89af96e
006-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
 replaced by commit adae51f8b
007-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
 replaced by commit 2a9c5217b
008-WPA-Extra-defense-against-PTK-reinstalls-in-4-way-ha.patch
 replaced by commit a00e946c1
009-Clear-PMK-length-and-check-for-this-when-deriving-PT.patch
 replaced by commit b488a1294
010-Optional-AP-side-workaround-for-key-reinstallation-a.patch
 replaced by commit 6f234c1e2
011-Additional-consistentcy-checks-for-PTK-component-len.patch
 replaced by commit a6ea66530
012-Clear-BSSID-information-in-supplicant-state-machine-.patch
 replaced by commit c0fe5f125
013-WNM-Ignore-WNM-Sleep-Mode-Request-in-wnm_sleep_mode-.patch
 replaced by commit 114f2830d

Some patches had to be modified to work with changed upstream source:
380-disable_ctrl_iface_mib.patch (adding more ifdef'ery)
plus some minor knits needed for other patches to apply which are not
worth being explicitely listed here.

For SAE key management in mesh mode, use the newly introduce
sae_password parameter instead of the psk parameter to also support
SAE keys which would fail the checks applied on the psk field (ie.
length and such). This fixes compatibility issues for users migrating
from authsae.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-03-27 19:25:32 +02:00
Hans Dedecker
9b92afa3aa uci: update to latest git HEAD
5d2bf09 uci: fix a potential use-after-free in uci_set()
3b3d63e list: only record ordering deltas if element position changed
4c4d343 cmake: Fix cli shared linking against ubox

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-27 13:49:49 +02:00
Felix Fietkau
d290024c42 netifd: update to the latest version (fixes FS#1452)
9c8d781 netifd: return the interface for locally addressable host dependencies

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-27 11:33:51 +02:00
Felix Fietkau
83e1fce17a kernel: add kmod-sound-ens1371
This audio chip is provided as a virtual audio device by VMware

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-25 21:18:35 +02:00
Hans Dedecker
287f5ebd2f dnsmasq: improve init script portability (FS#1446)
Improve portability of init script by declaring resolvfile as local
in dnsmasq_stop function.
Fixes resolvfile being set for older busybox versions in dnsmasq_start
in a multi dnsmasq instance config when doing restart; this happens when
the last instance has a resolvfile configured while the first instance
being started has noresolv set to 1.

Base on a patch by "Phil"

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-24 18:50:45 +01:00
Fan Fan
8e1065d681 sunxi: add build for sopine
This will generate image for Pine64 Sopine board.

Signed-off-by: Fan Fan <fkpwolf@gmail.com>
2018-03-23 23:53:20 +01:00
Rosen Penev
43788a91fb ethtool: Update to 4.15.
Contains kernel 4.14 updates. Compile tested on mvebu.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-03-23 23:49:55 +01:00
Kevin Darbyshire-Bryant
4a788fcf63 iproute2: cake: support new overhead reporting & stats structures
Cake in kernel space now splits stats structure handling across netlink
messages to reduce stack usage issue flagged by upstream kernel checks.
Update user space (tc) qdisc handling to understand this new regime.

Cake also reports packet overheads & compensation in a different way so
add display code for this. e.g.

'tc -s qdisc show dev eth0' reports this extra detail:

 min/max transport layer size:         28 /    1500
 min/max overhead-adjusted size:       65 /    1550
 average transport hdr offset:         14

Cake also supports output in JSON format.

Patch is bulkier than before because a (slightly out of date - see above
stats) man page is included for reference. Better than nothing!

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-03-23 22:08:22 +01:00
Kevin Darbyshire-Bryant
c9154c270a kmod-sched-cake: split stats structures, add overhead stats
Relevant changes:

0afc1be Fixes for kernel 4.16
d2d6780 Reinitialise overhead compensation stats when reconfiguring.
a3bab9d Export overhead compensation stats to userspace.
9cd2fa8 Split tin stats to its own structure to decrease size of tc_cake_xstats
71c7b44 Gather more statistics about packet length transformations.
0517357 Rework overhead compensation to use dynamic transport header offset instead of (inaccurate) static one.
c1a0c8e Refactor length handling code to better centralise overhead calculations

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-03-23 22:08:22 +01:00
Hauke Mehrtens
dd8bf0cf64 ath10k-ct: fix module depends
PKG_EXTMOD_SUBDIRS should be set to the sub directory where the kernel
module gets build in, for the ath10k-ct driver this changed in commit
3888e77c1c from ath10k to ath10k-4.13. Without this fix the depends
line of the ath10*.ko modules is empty and the kernel module load system
will not automatically load the depended modules like mac80211.

Fixes: 3888e77c1c ("ath10k-ct driver: use dma_alloc_coherent, 4.13 based driver")
Fixes: 23a388fe41 ("ath10k-ct: Force loading mac80211 and ath modules.")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-23 22:08:22 +01:00
Ben Greear
d15b09aab8 ath10k-ct: Add htt-mgt variants of ath10k-ct firmware.
The HTT-MGT variants transport management frames over the
normal HTT tx path, just like data frames.  This saves
limitted WMI buffers which can become depleted if lots of
management frames become stuck in TX queues due to peer
that went away.

In addition, at least for the wave-1 firmware, htt-mgt is
required in order for 802.11r (fast roaming) authentication
to function properly.

The htt-mgt firmware requires the use of the ath10k-ct
driver.  Normal non-htt-mgt ath10k-ct firmware should work
with stock drivers.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-03-23 22:08:22 +01:00
Ben Greear
545a561785 ath10k-ct: Update wave-1 and wave-2 firmware to latest.
This updates to latest ath10k-ct firmware.  Hopefully we are
at the end of the development cycle for this firmware release,
so these should be stable.

wave-1 changes since last release:

Release 20

  *  Allow flushing peer when deleting.  Hopefully this will allow the
     peer delete command to happen in a reasonable amount of time even
     if the RF environment is busy (or peer has died).
     To enable this, set the high flag in the mac-addr second word in the
     ath10k driver near end of the ath10k_wmi_op_gen_peer_delete method:

     cmd->peer_macaddr.word1 |= __cpu_to_le32(0x80000000);

  *  Attempt to fix crash seen in resmgr-ocs, appearantly due to list corruption.
     Use a temporary list instead of trying to rely on for-each-safe.

  *  Add flag to tx-descriptor to allow driver to request no-ack on data
     frames.  This is bit 15 on the flag1 field (previously un-used).

  *  Add option to support specifying the tx-rate-code and retry count on
     a per-packet basis.  Only a single series is supported at this time.
     Useful mainly for radiotap monitor-tx type testing at this point.

  *  Fix crash on startup when chip is at -40 deg C and calibration fails.  Instead
     of asserting, just keep retrying calibration, which appears to start working
     after a few minutes (when the chip warms up).

  *  Allow reporting per-chain rssi for management frames.  We pack the values into
     empty space in the mgt-frame wmi header.  This will only be enabled if the driver
     requests it, since otherwise the driver is assumed to not understand the new API.
     ath10k-ct drivers that support this feature will automatically enable it.

  *  A customer reports a case that appears to be the hardware not properly detecting
     end of AMPDU, so frames were being mis-delivered to the wrong peer.  Attempt to
     work around this, and in doing so, clean up a bunch of void* abuse in the block-ack
     reordering code (could not ever confirm there was a problem in this area).

  *  Re-work the rx-mem logic to be less complicated and to use less memory.

  *  Attempt to fix crash that appearanty happens because the driver can sometimes
     delete a vdev in 'up' state.

  *  Attempt to fix hung scan state machine issues.

  *  Fix crash in tx path due to un-initialized memory.

wave-2 changes since last release:

Release 10

  *  Fix an assert related to tx scheduling.  This hopefully fixes
     what appears to be a regression that I added some time back.

  *  Enable CSI reporting for 9984, and maybe 9888/9886.  Only in
     non-trimmed builds.

  *  Other stability improvements, including regression fixes from
     some tricky bugs introduced in earlier releases.

  *  Allow compiling for IPQ4019 chipset.

  *  Firmware will now send txbf frames to the host (driver) if the
     TXBF (0xF00000001) set-special feature is enabled, or when the radio
     is in monitor mode.  But, if the frame is consumed by the txbf_cv
     logic, then the pkt cannot be delivered to the host in this manner.  Instead,
     a WMI event will be sent and host can find the txbf_cv data in shared
     memory.  See ath10k_wmi_event_txbf_cv_mesg() in ath10k-ct driver.

  *  Support rx-all-mgt option.  When enabled, the firmware will deliver all
     management frames that it can to the host.  No RX filters are changed
     when this option is enabled.

  *  Fix at least some problems with sending tx-beamforming frames to SU-MIMO
     peers.  Looks like this was a regression in my code.

  *  Fix a crash in rate-ctrl due to nss mismatch.  This was something I introduced
     while trying to fix other bugs in rate-ctrl some time back.

  *  Attempt to fix a sw-peer-key object leak in IBSS mode.  The peer key code
     is very complex, and shares some pointers as union members.  I think I fixed
     at least some of the issues, but would not be surprised if more exist.

  *  Improve ath10k user guide to document CT firmware features:
     https://www.candelatech.com/ath10k-ug.php

  *  Add ct-special option to configure the txbf sounding time.  See ath10k-ug.php

  *  Fix and allow the driver to tell the firmware to send sounding frames.  See ath10k-ug.php
     In further testing, this seems to fail much of the time, and I am not sure why.
     Disabling this in diet (trimmed) builds.

  *  Fix crashes related to deleting peers while they are in power-save mode.  Reported
     by LEDE user on r7800 with 9984 NIC.
  *  Make rate-ctrl txbf probe work better.  If enabled, the rate-ctrl logic will periodically
     send out probes at an NSS that can to txbf.  Previously, txbf probes would not reliably happen
     if both AP and peer had the same nss (ie, 2x2 talking to 2x2).  To enable this feature, you
     need to enable the fwtest-cmdid number 20.

  *  Report rx-timeout error counters.  These were previously un-reported, though the
     field existed in the wmi struct already.

  *  txbf:  Ignore frames not destined for us.  If NIC is in promisc mode, it
     could acquire and process NDPA frames that were not destined for it.  Check
     the dest-MAC and ignore frames not for us (pass them up the stack for monitor
     mode instead of save them in the peer's rate-ctrl logic.)

  *  Port ping-pong crash handling and othe related features to IPQ4019 target.  It should
     now act similar to 9984 in this regard.

  *  Fix a few asserts related to txbf and tx-seq logic.

  *  Add custom-stats support, for rx-reorder-stats.  Similar to what I did for wave-1.

  *  Disable AMSDU for IBSS.  This now matches what I did for peregrine.  It seems to
     work better this way, though I did not debug it in detail.

  *  Enable the set-special command to re-enable AMSDU for IBSS if user wants to experiment.

  *  Fix bug where dbglog did not disable IRQs, so if you made dbglog messages from the IRQ
     handler, it could cause corruption that could crash the firmware and/or corrupt the log
     message buffers.

  *  Don't assert if there are no buffer descriptors for RX of non-data frame.

  *  Retry any stuck block-ack sessions every 20 seconds instead of just disabling BA for
     ever when we get too many failures.

  *  Fix SGI flag when reporting tx-rate info.  The flag moved since wave-1 days, and
     I did not notice that when I ported my changes forward to wave-2.

  *  Allow disabling special CCA handling for IBSS txqs.  Earlier testing indicated this
     might improve throughput in some testing on 9984 chips in IBSS mode, but subsequent
     testing looks about the same without it.  Since I do not really understand what this
     setting exists for, leave it at upstream defaults.  A new set-special API command (0x12)
     can be used to enable this hack for testing.  Setting 0x1 bit disables special CCA handling
     for non-beacon IBSS txqs, setting 0x2 bit disables it for beacon queues as well.

  *  Add MCAST-BCAST feature flag.  This tells driver we do not need a monitor interface
     to do MESH.

  *  When calculating the rx-address filter (affects ACK & BLOCK-ACK, among other things),
     to not add in monitor interfaces if other interfaces are up.  There is no need for
     a monitor device to ACK frames.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-03-23 22:08:22 +01:00
Ben Greear
5eb2b99b15 ath10k-ct: Update driver to latest.
Among other things, this will check for an htt-mgt variant of
ath10k-ct firmware before loading 'normal' firmware, and it disables
verbose printing of firmware DBGLOG messages by default.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-03-23 22:08:22 +01:00
Ben Greear
375be15429 ath10k-ct: Update DEPENDS and PROVIDES
Update DEPENDS and PROVIDES so that ath10k-ct firmware
and drivers can be used to replace stock firmware
and drivers.  The -htt firmware variant, which requires
ath10k-ct driver now selects ath10k-ct driver when the
firmware is selected.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-03-23 22:08:22 +01:00
Felix Fietkau
5f7d134454 libubox: update to the latest version
3aad294 libubox: Plug a small memory leak.
eebe3fc utils: use constant byte-order conversion

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-23 20:56:34 +01:00
Hans Dedecker
02fba1a181 busybox: drop providing virtual package ip
Drop providing the virtual package ip by busybox which was added in commit
1cec4d4ef0.

Letting busybox provide the virtual package ip is not optimal for the
following reasons :

	- Applications depending on ip expect either the ip-full or
	  ip-tiny package to be enabled.
	- Busybox ip applet cannot be added or removed at runtime

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-22 21:54:20 +01:00
Hans Dedecker
0f30f56e38 firewall: update to latest git HEAD
5cdf15e helpers.conf: add CT rtsp helper
d5923f1 Reword rule comments
c1a295a defaults: add support for xt_FLOWOFFLOAD rule
41c2ab5 ipsets: add support for specifying entries

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-22 13:29:22 +01:00
Ben Greear
8bb9f8dd47 ath10k-firmware: Support CT IPQ4019 firmware.
Initial beta release of the CT IPQ4019 firmware.  Features are
similar to the CT 9984 firmware

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-03-22 09:09:55 +01:00
Ben Greear
23a388fe41 ath10k-ct: Force loading mac80211 and ath modules.
They are not automatically loaded on IPQ4019 (at least) machines
for some reason.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2018-03-22 09:09:54 +01:00
Ben Greear
d0f3dd5b9f ath10k-ct: update to latest version, enable AHB.
The driver updates include:

ath10k driver backport to fix WPA 'pn' related security bugs
(4.13 based driver only currently),
a fix for off-channel TX for CT wave-1 firmware, a likely
fix for napi related crashes, and a backport of the firmware fetch
patch.

AHB is needed for the IPQ4019 platform radios.

Signed-off-by: Ben Greear <greearb@candelatech.com>
[use common subject format]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-22 09:09:54 +01:00
Zoltan HERPAI
3db9d6e57d intel-microcode: update to 20180312
- Update microcode for 24 CPU types
- Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation for:
  Sandybridge, Ivy Bridge, Haswell, Broadwell, Skylake, Kaby Lake,
  Coffee Lake
- Missing production updates:
   - Broadwell-E/EX Xeons (sig 0x406f1)
   - Anniedale/Morefield, Apollo Lake, Avoton, Cherry Trail, Braswell,
     Gemini Lake, Denverton
- New Microcodes:
   - sig 0x00050653, pf_mask 0x97, 2018-01-29, rev 0x1000140
   - sig 0x00050665, pf_mask 0x10, 2018-01-22, rev 0xe000009

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-03-21 23:24:09 +01:00
Zoltan HERPAI
ed369e0481 uboot-sunxi: refresh patches
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-03-21 17:08:35 +01:00
Hauke Mehrtens
367ee3274d uboot-sunxi: fix build by adding comparabilities for old dtc
We use the dtc from the kernel and that does not have all the options
which u-boot would like to use now. make these parameters optional.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
[wigyori@uid0.hu: renamed to 221-compatible-old-dtc.patch from 220-]
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-03-21 17:08:19 +01:00
Zoltan HERPAI
7e1e29de75 uboot-sunxi: bump again to 2017.11
Runtime-tested on:
 - Pine64 (A64)
 - Orange Pi 2 (H3)
 - Bananapro (A20)
 - Olimex A20-Micro (A20)
 - Pcduino v3 (A20)
 - Pcduino v2 (A10)

Compile-tested on:
 - all A8/A7/A53 boards

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-03-21 17:07:06 +01:00
Rafał Miłecki
0f1a1489a6 mac80211: backport brcmfmac fixes from 4.16
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-21 08:36:14 +01:00
Paul Wassi
f21cd96400 uboot-kirkwood: update to 2018.03
U-Boot now requires GCC > 5

Catch up with upstream and move some configuration options from
the header files to the corresponding defconfig files.
Also move some options of patch 010 affecting the whole platform
to 010's device only.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-03-20 21:45:27 +01:00
Hans Dedecker
89b8ba96b4 openvpn: remove deprecated config options
Remove deprecated config options in 2.5 as described in [0]

[0] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-20 21:15:27 +01:00
Felix Fietkau
e062bd8563 mac80211: avoid changing skb truesize in A-MSDU aggregation
Should fix recently reported data corruption issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-19 21:35:00 +01:00
Kevin Darbyshire-Bryant
745d0e7f4b iproute2: fix hidden uint to uin64_t promotion in json_print
print_int used 'int' type internally, whereas print_uint used 'uint64_t'

These helper functions eventually call vfprintf(fp, fmt, args) which is
a variable argument list function and is dependent upon 'fmt' containing
correct information about the length of the passed arguments.

Unfortunately print_int v print_uint offered no clue to the programmer
that internally passed ints to print_uint were being promoted to 64bits,
thus the format passed in 'fmt' string vs the actual passed integer
could be different lengths.  This is even more interesting on big endian
architectures where 'vfprintf' would be looking in the middle of an
int64 type.  Symptoms of this included tc qdisc showing bizarre values
for a variety of fields across a variety of qdiscs (e.g. refcnt, flows,
quantum)

print_u/int now stick with native int size.

A similar patch has been sent upstream.

Fixes FS#1425

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-03-19 11:40:01 +01:00
Kevin Darbyshire-Bryant
b0b5d0aebb dnsmasq: bump to 2.79 release
94b6878 Tidy crypto.c of old library compat. Now need libnettle 3.
8b96552 Fix compiler warning.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-03-19 11:39:13 +01:00
Rosen Penev
f4ea74abb6 curl: Update to 7.59
Compile tested on ar71xx.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-03-19 11:39:13 +01:00
Pawel Dembicki
5323477184 firmware: add JBOOT based devices config extractor
Adds tool to extract MAC and pre-calibration data required for JBOOT
based D-Link routers.

Signed-off-by: Pawel Dembicki <paweldembicki@gmail.com>
2018-03-18 22:22:38 +01:00
Hauke Mehrtens
d11aa1d4af ltq-vdsl-mei: Fix section mismatch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-18 14:06:00 +01:00
Hauke Mehrtens
5587b8f451 ltq-deu: Fix section mismatches
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-18 14:06:00 +01:00
Jo-Philipp Wich
becf58e080 e2fsprogs: fix InstallDev recipe
Create the correct bin directory before staging the host utilities.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-18 14:05:28 +01:00
Hauke Mehrtens
e273860351 mtd: fix compile warnings
This callback should have one parameter less, this parameter is not used
so this was not a so big problem.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-18 00:59:18 +01:00
Hauke Mehrtens
5d3fbd5996 uboot-mxs: fix compile problems related to OpenSSL
Use the UBOOT_MAKE_FLAGS defined in include/u-boot.mk and do not
overwrite them to compile the host tools against the shipped LibreSSL.
In addition add a patch to fix a compile problem when compiling the
tools against LibreSSL caused by differences in the API between OpenSSL
1.1 and LibreSSL.

This should fix the compile problems seen in build bot from time to time
by not depending on the host libssl-dev package any more but using the
LibreSSL version from OpenWrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-17 23:22:40 +01:00
Hauke Mehrtens
8cc22fad6a uboot-mxs: refresh patches
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-17 23:21:58 +01:00
Gabe Rodriguez
12d3d87a91 mwlwifi: Updated to upstream stable release
mwlwifi was updated to a new stable. Included in this stable release are the
followin benefits:
- Fixed compiling for kernel 4.14
- Fixed crash on 88W8864 binary

Compiled and tested on: WRT3200ACM and WRT1900AC

Signed-off-by: Gabe Rodriguez <lifehacksback@gmail.com>
2018-03-17 22:15:38 +01:00
Christian Bayer
49f3286bde openvpn: add config param verify_client_cert
Option --client-cert-not-required DEPRECATED is deprecated in v2.4 and removed in OpenVPN 2.5.
Replaced by param --verify-client-cert none|optional|require in v2.4 see
https://community.openvpn.net/openvpn/wiki/ DeprecatedOptions#a--client-cert-not-required

Signed-off-by: Christian Bayer <cave@cavebeat.org>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_	RELEASE increase]
2018-03-17 14:56:39 +01:00
Mathias Kresin
35e01cf68a ipq-wifi: add board-2.bin for ASUS RT-AC58U
The existing file is 0 byte. Replace the ASUS RT-AC58U board-2.bin with
the correct file.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-03-15 21:00:39 +01:00
Chris Blake
4943afd781 ipq40xx: add Cisco Meraki MR33 Support
This patch adds support for Cisco Meraki MR33

hardware highlights:

SOC:	IPQ4029 Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:	256 MiB DDR3L-1600 @ 627 MHz Micron MT41K128M16JT-125IT
NAND:	128 MiB SLC NAND Spansion S34ML01G200TFV00 (106 MiB usable)
ETH:	Qualcomm Atheros AR8035 Gigabit PHY (1 x LAN/WAN) + PoE
WLAN1:	QCA9887 (168c:0050) PCIe 1x1:1 802.11abgn ac Dualband VHT80
WLAN2:	Qualcomm Atheros QCA4029 2.4GHz 802.11bgn 2:2x2
WLAN3:	Qualcomm Atheros QCA4029 5GHz 802.11a/n/ac 2:2x2 VHT80
LEDS:	1 x Programmable RGB+White Status LED (driven by Ti LP5562 on i2c-1)
	1 x Orange LED Fault Indicator (shared with LP5562)
	2 x LAN Activity / Speed LEDs (On the RJ45 Port)
BUTTON:	one Reset button
MISC:	Bluetooth LE Ti cc2650 PG2.3 4x4mm - BL_CONFIG at 0x0001FFD8
	AT24C64 8KiB EEPROM
	Kensington Lock

Serial:
	WARNING: The serial port needs a TTL/RS-232 3V3 level converter!
	The Serial setting is 115200-8-N-1. The board has a populated
	1x4 0.1" header with half-height/low profile pins.
	The pinout is: VCC (little white arrow), RX, TX, GND.

Flashing needs a serial adaptor, as well as patched ubootwrite utility
(needs Little-Endian support). And a modified u-boot (enabled Ethernet).
Meraki's original u-boot source can be found in:
<https://github.com/riptidewave93/meraki-uboot/tree/mr33-20170427>

Add images to do an installation via bootloader:
 0. open up the MR33 and connect the serial console.

 1. start the 2nd stage bootloader transfer from client pc:

  # ubootwrite.py --write=mr33-uboot.bin
  (The ubootwrite tool will interrupt the boot-process and hence
   it needs to listen for cues. If the connection is bad (due to
   the low-profile pins), the tool can fail multiple times and in
   weird ways. If you are not sure, just use a terminal program
   and see what the device is doing there.

 2. power on the MR33 (with ethernet + serial cables attached)
    Warning: Make sure you do this in a private LAN that has
    no connection to the internet.

 - let it upload the u-boot this can take 250-300 seconds -

 3. use a tftp client (in binary mode!) on your PC to upload the sysupgrade.bin
    (the u-boot is listening on 192.168.1.1)
    # tftp 192.168.1.1
    binary
    put openwrt-ipq40xx-meraki_mr33-squashfs-sysupgrade.bin

 4. wait for it to reboot

 5. connect to your MR33 via ssh on 192.168.1.1

For more detailed instructions, please take a look at the:
"Flashing Instructions for the MR33" PDF. This can be found
on the wiki: <https://openwrt.org/toh/meraki/mr33>
(A link to the mr33-uboot.bin + the modified ubootwrite is
also there)

Thanks to Jerome C. for sending an MR33 to Chris.

Signed-off-by: Chris Blake <chrisrblake93@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-03-14 19:04:52 +01:00
Mathias Kresin
4f4fc993db base-files: add more name source to get_dt_led helper function
Not all LED driver are using the label devicetree property for the led
name. Add support for the TI/National Semiconductor LP55xx Led Drivers,
which are using the chan-name property for the led name, as fallback.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-03-14 19:04:52 +01:00
Mathias Kresin
64fef8f901 base-files: add function to get binary mac from file
Add a fucntion to get the a binary mac address from file. Use the new
function for mtd_get_mac_binary() to limit duplicate code.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-03-14 19:04:52 +01:00
Christian Lamparter
87c42101cf ipq40xx: add support for ASUS RT-AC58U/RT-ACRH13
This patch adds support for ASUS RT-AC58U/RT-ACRH13.

hardware highlights:

SOC:	IPQ4018 / QCA Dakota
CPU:	Quad-Core ARMv7 Processor rev 5 (v7l) Cortex-A7
DRAM:	128 MiB DDR3L-1066 @ 537 MHz (1074?) NT5CC64M16GP-DI
NOR:	2 MiB Macronix MX25L1606E (for boot, QSEE)
NAND:   128 MiB Winbond W25NO1GVZE1G (cal + kernel + root, UBI)
ETH:    Qualcomm Atheros QCA8075 Gigabit Switch (4 x LAN, 1 x WAN)
USB:    1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
WLAN1:  Qualcomm Atheros QCA4018 2.4GHz 802.11bgn 2:2x2
WLAN2:  Qualcomm Atheros QCA4018 5GHz 802.11a/n/ac 2:2x2
INPUT:	one Reset and one WPS button
LEDS:	Status, WAN, WIFI1/2, USB and LAN (one blue LED for each)
Serial:
	WARNING: The serial port needs a TTL/RS-232 3V3 level converter!
	The Serial setting is 115200-8-N-1. The board has an unpopulated
	1x4 0.1" header. The pinout (VDD, RX, GND, TX) is printed on the
	PCB right next to the connector.

U-Boot Note: The ethernet driver isn't always reliable and can sometime
time out... Don't worry, just retry.

Access via the serial console is required. As well as a working
TFTP-server setup and the initramfs image. (If not provided, it
has to be built from the OpenWrt source. Make sure to enable
LZMA as the compression for the INITRAMFS!)

To install the image permanently, you have to do the following
steps in the listed order.

1. Open up the router.
   There are four phillips screws hiding behind the four plastic
   feets on the underside.

2. Connect the serial cable (See notes above)

3. Connect your router via one of the four LAN-ports (yellow)
   to a PC which can set the IP-Address and ssh and scp from.

   If possible set your PC's IPv4 Address to 192.168.1.70
   (As this is the IP-Address the Router's bootloader expects
   for the tftp server)

4. power up the router and enter the u-boot
   choose option 1 to upload the initramfs image. And follow
   through the ipv4 setup.

Wait for your router's status LED to stop blinking rapidly and
glow just blue. (The LAN LED should also be glowing blue).

3. Connect to the OpenWrt running in RAM

   The default IPv4-Address of your router will be 192.168.1.1.

   1. Copy over the openwrt-sysupgrade.bin image to your router's
      temporary directory

   # scp openwrt-sysupgrade.bin root@192.168.1.1:/tmp

   2. ssh from your PC into your router as root.

   # ssh root@192.168.1.1

   The default OpenWrt-Image won't ask for a password. Simply hit the Enter-Key.

   Once connected...: run the following commands on your temporary installation

   3. delete the "jffs2" ubi partition to make room for your new root partition

   # ubirmvol /dev/ubi0 --name=jffs2

   4. install OpenWrt on the NAND Flash.

   # sysupgrade -v /tmp/openwrt-sysupgrade.bin

   - This will will automatically reboot the router -

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-03-14 19:04:51 +01:00
Christian Lamparter
e713b5ba6f mac80211: ath10k: search all IEs for variant before falling back
This patch adds the patch that was posted to ath10k-devel ML:
<https://patchwork.kernel.org/patch/10233491/>
|From: Thomas Hebb <tommyhebb@gmail.com>
|Subject: [PATCH] ath10k: search all IEs for variant before falling back
|Date: Wed, 21 Feb 2018 11:43:39 -0500
|[...]
|This patch fixes the issue by first searching the entire file for the ID
|with variant, and searching for the fallback ID only if that search
|fails. It also includes some code cleanup in the area, as
|ath10k_core_fetch_board_data_api_n() no longer does its own string
|mangling to remove the variant from an ID, instead leaving that job to a
|new flag passed to ath10k_core_create_board_name().
|
|I've tested this patch on a QCA4019 and verified that the driver behaves
|correctly for 1) both fallback and variant BDFs present, 2) only fallback
|BDF present, and 3) no matching BDFs present.
|
|Fixes: 1657b8f84ed9 ("ath10k: search SMBIOS for OEM board file extension")
|Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>

Note: 937-ath10k-calibration-variant.patch has been reassigned a new 081
number, as it now ships with upstream.... But also because this patch
requires the change in ath10k_core_create_board_name().

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-03-14 19:04:51 +01:00
Mathias Kresin
1b906723eb ipq40xx/ipq806x: move qcom-dwc3 usb driver to generic
If the a kernel package exists within multiple targets an error/warning
is shown.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-03-14 19:04:51 +01:00
John Crispin
54b275c8ed ipq40xx: add target
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
Signed-off-by: John Crispin <john@phrozen.org>
2018-03-14 19:04:50 +01:00
Andy Walsh
20d63ebc94 e2fsprogs: break out libcomerr/libss, FS#1310
libext2fs breaks krb5 by always installing its own copies of libcom_err.so
and libss.so.

Move the libraries into separate libcomerr and libss packages respectively
and add a host build recipe to stage the required compile_et and mk_cmds
utilities for use by other packages.

This allows the krb5 package to be fixed to use the system wide libcomerr
and libss libraries.

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
[rename libcom_err to libcomerr, make compile_et and mk_cmds relocatable,
 cleanup makefile, add dependency on host build, reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-14 18:49:24 +01:00
Jo-Philipp Wich
093b75e106 jsonfilter: update to latest git HEAD
c7e938d implement POSIX regexp support
cd6629f lexer: fix encoding 7 bit escape sequences
8614470 main: implement array mode

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-14 18:48:23 +01:00
Hans Dedecker
d88e928a44 dnsmasq: bump to 2.79rc2
ae29065 Fix debian/changelog syntax.
6b2b564 Enhance --synth-domain to allow names with sequential integers.
4f7bb57 Fix deletion of dhcp-options from inotify dynamic files.
56f0623 Allow trailing dot in CNAME.
f3223fb Fix nettle_hash() function to avoid ABI incompatibilities.
4c4f4c2 Debian dependency tweaking for new dnsmasq-base-lua package.
773af30 Man page typo fix.
4cc944b Merge branch 'master' of ssh://thekelleys.org.uk/var/local/git/dnsmasq
87e00fe Compiler warning fixes.
e7a4af8 Compiler warning fixes.
2d69d61 Add liblua-dev to Debian build-depends.
30e4a94 Debian package: add dnsmasq-base-lua binary package.
232a8f3 Merge messages for release.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-13 22:39:24 +01:00
Hauke Mehrtens
43f35ce971 uboot-imx6: fix build with GCC 7
Backport the compiler support patches from upstream u-boot to this older
version to make it compile with GCC 7.
This was found by build bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-13 22:28:59 +01:00
Jo-Philipp Wich
e83bc5e3c7 6in4: support multiple additional user prefixes
Support configuration in the form...

    list ip6prefix 2001:db8:1234::/64
    list ip6prefix 2001:db8:5678::/64

... to allow specifying multiple routed IPv6 prefixes.

Implements feature request FS#1361.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-13 18:27:41 +01:00
Felix Fietkau
1cd76e2d85 netifd: update to the latest version (fixes FS#1358)
1f5a29c ip: do not add local routes for host dependencies
c06f842 device: add support for setting the isolate options for bridge ports
69aeaab interface-ip: fix route selection for host dependencies

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-13 13:35:05 +01:00
Felix Fietkau
092d75aa3e ppp: make ppp-multilink provide ppp
Fixes dependencies on ppp from other packages

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-12 20:02:29 +01:00
Felix Fietkau
d85a7f1eb2 uboot-fritz4040: fix build with gcc7
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-12 19:31:50 +01:00
Matthias Schiffer
b8d9a064f0
busybox: remove i386-specific build flags
busybox tries to be smart and passes a number of additional flags to the
compiler. Unfortunately, the i386-specific flags break ABI compatiblity
with libc.

Fixes busybox crashes observed on x86-generic with GCC 7.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-12 12:49:03 +01:00
Felix Fietkau
916277a033 mac80211: minstrel: make short preamble CCK available when not used at connect time
The BSS short preamble state can change without rate control
update notification.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-10 11:57:42 +01:00
Felix Fietkau
6011f7bcf0 mac80211: fix a tx queue memory accounting error
Fixes rare hard to trigger tx hangs after some time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-10 10:20:45 +01:00
Hauke Mehrtens
be3da900cd mvebu: Add subtarget for Cortex A9 build
This is in preparation for adding a subtarget for the Cortex A53 later.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-10 01:15:21 +01:00
Ryan Mounce
9f3f61a0d9 mvebu: add support for Turris Omnia
Adds support for the Turris Omnia and builds an eMMC sysupgrade image in
the same format as the SolidRun ClearFog.

An initramfs image in the simple yet Omnia-specific 'medkit' image format
is also built in order to ease the initial flashing process.

Notable hardware support omissions are support for switching between SFP
cage and copper PHY, and RGB LED control.

Due to a current limitation of DSA, only 1/2 CPU switch uplinks are used.

Specifications:
- Marvell Armada 385 1.6GHz dual-core ARMv7 CPU
- 1GB DDR3 RAM
- 8GB eMMC Flash
- 5x Gigabit LAN via Marvell 88E6176 Switch (2x RGMII CPU ports)
- 1x switchable RJ45 (88E1514 PHY) / SFP SGMII WAN
- 2x USB 3.0
- 12x dimmable RGB LEDs controlled by independent MCU
- 3x Mini PCIe slots
- Optional Compex WLE200N2 Mini PCIe AR9287 2x2 802.11b/g/n (2.4GHz)
- Optional Compex WLE900VX Mini PCIe QCA9880 3x3 802.11ac (2.4 / 5GHz)
- Optional Quectel EC20 Mini PCIe LTE modem

Flash instructions:
If the U-Boot environment has been modified previously (likely manually via
serial console), first use serial to reset the default environment.
=> env default -a
=> saveenv

Method 1 - USB 'medkit' image w/o serial
- Copy openwrt-mvebu-turris-omnia-sysupgrade.img.gz and
omnia-medkit-openwrt-mvebu-turris-omnia-initramfs.tar.gz to the root of a
USB flash drive formatted with FAT32 / ext2/3/4 / btrfs / XFS.
Note that the medkit MUST be named omnia-medkit*.tar.gz
- Disconnect other USB devices from the Omnia and connect the flash drive
to either USB port.
- Power on the Omnia and hold down the rear reset button until 4 LEDs are
illuminated, then release.
- Wait approximately 2 minutes for the Turris Omnia to flash itself with
the temporary image, during which LEDs will change multiple times.
- Connect a computer to a LAN port of the Turris Omnia with a DHCP client
- (if necessary) ssh-keygen -R 192.168.1.1
- ssh root@192.168.1.1
$ mount /dev/sda1 /mnt
$ sysupgrade /mnt/openwrt-mvebu-turris-omnia-sysupgrade.img.gz
- Wait another minute for the final OpenWrt image to be flashed. The Turris
Omnia will reboot itself and you can remove the flash drive.

Method 2 - TFTP w/ serial
- Extract omnia-medkit-openwrt-mvebu-turris-omnia-initramfs.tar.gz and copy
dtb + zImage to your TFTP server (rename if desired)
- Connect Turris Omnia WAN port to DHCP-enabled network with TFTP server
- Connect serial console and interrupt U-Boot
=> dhcp
=> setenv serverip <tftp_server_ip_here>
=> tftpboot 0x01000000 zImage
=> tftpboot 0x02000000 dtb
=> bootz 0x01000000 - 0x02000000
- OpenWrt will now boot from ramdisk
- Download openwrt-mvebu-turris-omnia-sysupgrade.img.gz to /tmp/
$ sysupgrade /tmp/openwrt-mvebu-turris-omnia-sysupgrade.img.gz
- Wait another minute for the final OpenWrt image to be flashed. The Turris
Omnia will reboot itself.

Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2018-03-10 01:15:21 +01:00
Henryk Heisig
21486911ac firmware: ath10k-firmware: update QCA9984 firmware to 10.4-3.5.3-00053
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.5.3-00053 firmware for the QCA9984.

The update fixes "ath10k_pci 0001:01:00.0: Invalid VHT mcs 15 peer
stats" spamming the kernel ring buffer at very high frequencies, but
introduces the new "ath10k_pci 0001:01:00.0: Unknown eventid: 36925".
This new warning doesn't appear to cause problems in practice and is
only emitted relatively rarely, not causing dmesg to overflow within
minutes.

Tested on the ZyXEL NBG6817; early feedback also suggests this firmware
to work well (with the same fixes and caveats) on the Netgear r7800 as
well.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2018-03-09 22:15:02 +01:00
Henryk Heisig
11b476f925 firmware: ath10k-firmware: update to 2018-02-09
This patch updates ath10k-firmware to last commit and use the
firmware-5.bin_10.4-3.5.3-00053 firmware for the QCA9888.

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2018-03-09 22:15:01 +01:00
Toni Uhlig
57468c7142 util-linux: added unshare and nsenter executables
Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
2018-03-09 22:15:01 +01:00
Philip Prindeville
61e0af06d9 iperf3: update to 3.5
Get rid of patches which are already upstream.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-03-09 22:13:22 +01:00
Magnus Kroken
ffbe51b294 openvpn: update to 2.4.5
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-03-09 22:13:21 +01:00
Stijn Segers
dc7f2fdd52 linux-firmware: bump firmware for Intel Wireless 8260AC to version 31
Bump the firmware for 8260AC and related hardware to version 31.

Signed-off-by: Stijn Segers <foss@volatilesystems.org>
2018-03-09 22:13:21 +01:00
Hans Dedecker
332b736a3e ebtables: update to latest git 2018-01-17
068ba95 Fix locking if LOCKDIR does not exist

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-08 21:16:24 +01:00
Stijn Tintel
7cc9914aae firewall: bump to git HEAD
392811a ubus: let fw3_ubus_address() return the number of resolved addresses
359adcf options: emit an empty address item when resolving networks fails
503db4a zones: disable masq when resolving of all masq_src or masq_dest items failed
f50a524 helpers: implement explicit CT helper assignment support
a3ef503 zones: allow per-table log control
8ef12cb iptables: fix possible NULL pointer access on constructing rule masks

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-03-08 02:40:30 +02:00
Matthias Schiffer
057369ae1f
base-files: tune fragment queue thresholds for available system memory
The default fragment low/high thresholds are 3 and 4 MB. On devices with
only 32MB RAM, these settings may lead to OOM when many fragments that
cannot be reassembled are received. Decrease fragment low/high thresholds
to 384 and 512 kB on devices with less than 64 MB RAM.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 19:14:22 +01:00
Matthias Schiffer
2fbf669730
imagebuilder: reuse rootfs preparation from rootfs.mk
In addition to removing redundant code, this fixes various issues in
IB-generated images that have been fixed in prepare_rootfs before,
including better handling of CONFIG_CLEAN_IPKG and enabling of initscripts
from FILES.

We also reuse the opkg macro and remove --force-... flags that have been
removed from rootfs.mk as well.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 09:59:08 +01:00
Matthias Schiffer
cf1c7c0f17
include/rootfs.mk: pass additional files dir to prepare_rootfs as an argument
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 09:59:07 +01:00
Matthias Schiffer
6ed389da85
base-files: sysupgrade: do not rely on opkg to list changed conffiles
Many packages use the opkg conffiles field to list configuration files that
are to be retained on upgrades. Make this work on systems without opkg.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-03-07 08:49:39 +01:00
Mathias Kresin
cde4f9008a lantiq: ltq-adsl: deactivate ASLR support
The package still leaks some user space linker options into the kernel
space. This breaks the build when ASLR is activated, deactivate it for
now.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-03-06 19:49:06 +01:00
Jason A. Donenfeld
b562c0c91b wireguard: bump to 20180304
7c0d711 version: bump snapshot
b6a5cc0 contrib: add extract-handshakes kprobe example
37dc953 wg-quick: if resolvconf/run/iface exists, use it
1f9be19 wg-quick: if resolvconf/interface-order exists, use it
4d2d395 noise: align static_identity keys
14395d2 compat: use correct -include path
38c6d8f noise: fix function prototype
302d0c0 global: in gnu code, use un-underscored asm
ff4e06b messages: MESSAGE_TOTAL is unused
ea81962 crypto: read only after init
e35f409 Kconfig: require DST_CACHE explicitly
9d5baf7 Revert "contrib: keygen-html: rewrite in pure javascript"
6e09a46 contrib: keygen-html: rewrite in pure javascript
e0af0f4 compat: workaround netlink refcount bug
ec65415 contrib: embedded-wg-library: add key generation functions
06099b8 allowedips: fix comment style
ce04251 contrib: embedded-wg-library: add ability to add and del interfaces
7403191 queueing: skb_reset: mark as xnet

Changes:

* queueing: skb_reset: mark as xnet

This allows cgroups to classify packets.

* contrib: embedded-wg-library: add ability to add and del interfaces
* contrib: embedded-wg-library: add key generation functions

The embeddable library gains a few extra tricks, for people implementing
plugins for various network managers.

* crypto: read only after init
* allowedips: fix comment style
* messages: MESSAGE_TOTAL is unused
* global: in gnu code, use un-underscored asm
* noise: fix function prototype

Small cleanups.

* compat: workaround netlink refcount bug

An upstream refcounting bug meant that in certain situations it became
impossible to unload the module. So, we work around it in the compat code. The
problem has been fixed in 4.16.

* contrib: keygen-html: rewrite in pure javascript
* Revert "contrib: keygen-html: rewrite in pure javascript"

We nearly moved away from emscripten'ing the fiat32 code, but the resultant
floating point javascript was just too terrifying.

* Kconfig: require DST_CACHE explicitly

Required for certain frankenkernels.

* compat: use correct -include path

Fixes certain out-of-tree build systems.

* noise: align static_identity keys

Gives us better alignment of private keys.

* wg-quick: if resolvconf/interface-order exists, use it
* wg-quick: if resolvconf/run/iface exists, use it

Better compatibility with Debian's resolvconf.

* contrib: add extract-handshakes kprobe example

Small utility for extracting ephemeral key data from the kernel's memory.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (git log --oneline description)
2018-03-06 08:52:13 +01:00
Hans Dedecker
5cbd22bb0f nghttp2: bump to 1.31.0
6e744662 Update bash_completion
478eac09 Update manual pages
88e2029e Bump up version number to 1.31.0, LT revision to 30:0:16
45d76cf5 nghttpx: Close listening socket on graceful shutdown
54573f28 Merge pull request #1137 from nghttp2/session-set-user-data
17793e99 Add nghttp2_session_set_user_data() public API function
5eac3c90 Update manual pages
e70195ae nghttpx: Update doc
fe51e7fa Merge pull request #1130 from nghttp2/avoid-inet_pton-macro
eb951c2c src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro
39f0ce7c Merge pull request #1126 from nghttp2/nghttpx-expired-client-cert
65157811 Merge pull request #1123 from nghttp2/mruby-client-cert-not-before-after
e8af7afc nghttpx: Add an option to accept expired client certificate
38abfd18 nghttpx: Add mruby tls_client_not_before, and tls_client_not_after
ff3edc09 nghttpx: Fix potential memory leak
0bb15406 Bump up version number to 1.31.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-05 10:44:20 +01:00
Felix Fietkau
606cea8f1b mt76: update to the latest version
cda627f mt76: add missing VHT maximum A-MPDU length capability
ffa2069 mt76: fix potential sleep in atomic context

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-04 19:40:29 +01:00
Felix Fietkau
97c624631a kernel: remove an old kernel compatibility line from module packaging
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-04 19:37:22 +01:00
Felix Fietkau
11d70f0600 mac80211: avoid sampling rates that are too slow, improves throughput
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-03 18:51:53 +01:00
Hauke Mehrtens
45ae5c2de3 lantiq: Deactivate ASLR support for some applications
The lantiq components still leak some user space linker options into the
kernel space. This breaks with build when ASLR is activated, deactivate
it for now on these packages.

Fixes: FS#1391
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-03 12:58:55 +01:00
Hauke Mehrtens
d67b3d0df8 lantiq: ltq-vmmc: Do not leak user space CFLAGS into kernel space
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-03 12:58:55 +01:00
Hauke Mehrtens
58ad312755 lantiq: ltq-tapi: Do not leak user space CFLAGS into kernel space
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-03 12:58:55 +01:00
Hauke Mehrtens
4d90887496 lantiq: ltq-adsl: Do not leak user space CFLAGS into kernel space
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-03 12:58:55 +01:00
Hauke Mehrtens
b5c5f7d203 lantiq: ltq-vdsl: Do not leak user space CFLAGS into kernel space
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-03 12:58:55 +01:00
Hauke Mehrtens
13639e76dd lantiq: ltq-vdsl-mei: Do not leak user space CFLAGS into kernel space
Do not leak the user space CFLAGS into the kernel space any more, this
allows us to activate the MIPS16 build.

This decreases the size of the ipk file from 87589 bytes to 81267 bytes.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-03 00:53:35 +01:00
Hauke Mehrtens
c8abbf1e22 lantiq: ltq-ifxos: Do not force O3 build any more
Do not force to build with O3 optimization any more, but take what was
selected by the OpenWrt build system.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-03 00:53:35 +01:00
Hauke Mehrtens
c6162fdc50 lantiq: ltq-ifxos: activate build with mips16
The build process does not leak the user space cflags into the kernel
build process any more, this allows to activate MIPS16 builds.
This was fixed with some update of ifxos.

This decreases size of the  libifxos.a and the ltq-vdsl-app
old:
78320 libifxos.a
44383 ltq-vdsl-app_4.17.18.6-2_mips_24kc.ipk

new:
66852 libifxos.a
43506 ltq-vdsl-app_4.17.18.6-2_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-03-03 00:35:26 +01:00
Kabuli Chana
0a3df09cd1 mwlwifi: Update to version 10.3.4.0-20180226
move to latest version, address vfs_write issue

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2018-03-02 21:33:07 +01:00
Hans Dedecker
694f0bb5af gre: squash grev4 and grev6 packages into gre (FS#1399)
The split-up into packages gre, grev4 and grev6 causes confusion for the
users as reported in FS#1399.
As IPv4 and IPv6 are considered now as bundled; squash the grev4 and grev6
packages into the gre package and let gre provide both grev4 and grev6.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-02 15:58:09 +01:00
Hans Dedecker
175b262328 netifd: add udhcpc link check to dhcp shell handler script
Fixes the assumption the busybox udhcpc applet is always enabled; in case
the symbolic link check fails the DHCP shell handler script will exit and
as result the DHCP protocol handler will not be registered in netifd.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-03-02 09:48:41 +01:00
Rafał Miłecki
9046e921af mac80211: brcmfmac: better logging of firmware api errors
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-01 18:45:20 +01:00
Rafał Miłecki
9543fb1ecd mac80211: brcmfmac: backport remaining changes from 4.16
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-01 18:36:04 +01:00
Rafał Miłecki
8d78cccc6e mac80211: brcmfmac: enlarge caps buffer & final sdio restructuring
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-01 18:26:12 +01:00
Rafał Miłecki
66bdf62a2a mac80211: brcmfmac: restructuring sdio access functions - take 2
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-01 18:15:51 +01:00
Rafał Miłecki
bb04b7ced7 mac80211: brcmfmac: restructuring sdio access functions
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-01 18:07:09 +01:00
Rafał Miłecki
e52e8480ad mac80211: brcmfmac: backport remaining changes from 4.15
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-01 15:17:03 +01:00
Rafał Miłecki
c29a2a4283 mac80211: brcmfmac: firmware halt and scan cleanup
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-01 15:17:02 +01:00
Rafał Miłecki
81542331cb mac80211: reorder patches putting backports first
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-01 15:14:11 +01:00
Felix Fietkau
1f427bd616 mac80211: add a missing check to the last minstrel fix
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-01 14:45:11 +01:00
Rafał Miłecki
a186c2ab70 mac80211: rename patches accepted upstream
This is to simplify maintenance. It's easy to say now which patches need
some extra work and/or sending upstream. Updating to newer backports
should be also simpler with this.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-01 13:54:42 +01:00
Felix Fietkau
2389ebbd48 Revert "ath: do not apply broken power limits with ATH_USER_REGD"
This reverts commit 79a768a90f.
Some devices can go over their power limits with this commit, so this
needs to be handled on a case by case basis instead

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-01 13:35:30 +01:00
Felix Fietkau
cc19aa3e71 mac80211: update the A-MSDU fast-rx patch to the latest version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-01 13:35:29 +01:00
Felix Fietkau
d59c6b53f4 mac80211: add more minstrel fixes
Improves 2.4 GHz throughput

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-01 13:35:11 +01:00
Felix Fietkau
55bd80f6d8 mac80211: fix regression introduced by the recent minstrel changes
The cck rates array needs to be initialized for both the minstrel and
the minstrel_ht variant

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-03-01 12:03:10 +01:00
Rafał Miłecki
2995d9dfee base-files: fix off-by-one in counting seconds for factory reset
There was a mismatch between indicating factory reset and code actually
starting it. After 5 seconds status LED started blinking rapidly letting
user know it's ready to release reset button. In practice button had to
stay pressed for another second in order to relly start the process.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-01 08:04:51 +01:00
Felix Fietkau
13224f8b73 iw: update to version 4.14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-28 12:46:02 +01:00
Felix Fietkau
c4c64f5305 mac80211: add an optimization for fast-rx support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-28 12:46:02 +01:00
Felix Fietkau
916e33fa1e netifd: update to the latest version, rewrite RPS/XPS handling
Remove RPS/XPS support from netifd core, move the logic to a hotplug
script that uses a different policy which provides better performance
and more fairness across flows

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-28 12:46:02 +01:00
Yousong Zhou
83d8df1ea2 kernel: kmod-geneve: kmod for Geneve tunneling
This will be required for Open vSwitch geneve tunneling support

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-02-28 12:56:51 +08:00
Hans Dedecker
3bd2e195ec netifd: support DHCP sendopts as list options
Support config in the form of ....
	add_list sendopts=router:10.10.10.2
	add_list sendopts=nissrv:20.20.20.2
	add_list sendopts=0x7D:abba

This allows to configure sendopts having white spaces as option value

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-27 13:36:46 +01:00
Hauke Mehrtens
fc54256bc8 iptables: fix compile with kernel 3.18
This fixes a compile bug found by build bot with kernel 3.18

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-26 17:52:15 +01:00
Alif M. Ahmad
f5b4f5f8e3 kernel: package efivarfs module
With this, `mount -t efivarfs` is available and tools such as efitools
and efibootmgr will be usable.

Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
[daniel@makrotopia.org: some whitespace fixes, match From: with SoB]
2018-02-26 13:54:11 +01:00
Vitalij Alshevsky
8584fee310 uboot-sunxi: add Xunlong Orange Pi PC
Signed-off-by: Vitalij Alshevsky <v_alshevsky@tut.by>
2018-02-26 11:23:55 +01:00
Johnny S. Lee
c8e62f830d mwlwifi: add and use individual firmware packages
As each mvebu device only uses one of the firmwares provided by mwlwifi
package, it makes sense to put them in separate packages and only install
the one that is needed.

Current mwlwifi version's firmware sizes and usages by devices:
88W8864.bin  118776  caiman, mamba, cobra, shelby
88W8897.bin  489932  (none)
88W8964.bin  449420  rango

Changes by this commit:
 * indicate in title that mwlwifi also is driver for 88W8897 and 88W8964
 * remove mwlwifi package's firmware installation rules
 * add 3 new individual firmware packages (all depends on kmod-mwlwifi):
    - mwlwifi-firmware-88w8864
    - mwlwifi-firmware-88w8897
    - mwlwifi-firmware-88w8964
 * add firmware package to mvebu devices' DEVICE_PACKAGES accordingly

Signed-off-by: Johnny S. Lee <_@jsl.io>
[Add the used FW files to the PACKAGES of default image]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-26 11:23:40 +01:00
Matthias Schiffer
9bf440fcd9
perf: restrict libunwind dependency to archs that actually support libunwind
Allow building perf on uncommon targets again.

Depending on the kernel version, not all of these archs will actually use
libunwind in perf. Still, it seems simpler and less error-prone to use the
same list that is defined in the libunwind package.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-02-25 17:03:42 +01:00
Matthias Schiffer
05dba65569
libunwind: fix build with musl on PPC
Works around two incompatiblities between glibc and (POSIX-compliant) musl:

- missing register definitions from asm/ptrace.h
- non-POSIX-compliant ucontext_t on PPC32 with glibc

Compile tested on mpc85xx.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-02-25 16:58:10 +01:00
Felix Fietkau
28a74f3076 kernel: remove nf_flow_table hardware offload patch (it is not ready yet)
It also does not have any users yet. It will be addde back when the core
API issues have been sorted out

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-25 16:24:02 +01:00
Felix Fietkau
8f24653184 hostapd: do not register ubus objects for mesh interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-24 21:33:22 +01:00
Hans Dedecker
1a5863d6d7 odhcp6c: rework sendopts handling
Bring logic of sendopts handling in line with ip6prefix handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-24 21:04:06 +01:00
Jo-Philipp Wich
66222dd92b odhcp6c: support multiple additional user prefixes
Support configuration in the form...

    list ip6prefix 2001:db8:1234::/64
    list ip6prefix 2001:db8:5678::/64

... to allow specifying multiple additional IPv6 prefixes.

Implements feature request FS#1361.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-02-24 21:03:31 +01:00
Felix Fietkau
0f54d96d24 ethtool: import from packages, add myself as maintainer
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-24 16:12:57 +01:00
Tomasz Moń
9a0cc49089 util-linux: add lscpu package
lscpu is used by lxc-debian template.

Signed-off-by: Tomasz Moń <desowin@gmail.com>
2018-02-24 11:24:20 +01:00
Jakub Tymejczyk
316eb26a3a samba36: fix build (issue #5574)
As indicated in #5574 samba fails to build with linker error due to lack
of talloc_* functions when the packet libtalloc also gets build.

According to Makefile it is compiled with "--without-libtalloc" option.
Running ./configure --help shows that there is another option connected
to libtalloc: --enable/disable-external-libtalloc.
Adding this option fixes build.

Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
2018-02-24 11:23:46 +01:00
Hauke Mehrtens
92419ab4c7 iproute2: Add support for ports in xfrm on SCTP
Remove this old patch which prevents showing the xfrm ports for SCTP

This was added in commit 60c1f0f64d ("finally move buildroot-ng to trunk")

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-24 10:29:25 +01:00
Felix Fietkau
608c84b96e mt76: update to the latest version, improves performance and fixes tx power issues
62d52e9 mt76: set RX_FLAG_DUP_VALIDATED for A-MPDU reordered packets
5ba5995 mt76x2: rework tx power handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-24 10:28:15 +01:00
Ansuel Smith
2805402f86 iptables: update to 1.6.2
459b6932 policy: add nft translation for simple policy none/strict use case
255e55b7 tests: xlate-test: no need to require superuser privileges
6990bbc5 extensions: hashlimit: remove space before burst in translation to nft
13ecaeb0 extensions: hashlimit: Rename 'flow table' keyword to meter
c252a2b0 extensions: Add test for cluster nft translation
bda1daa4 extensions: ip6t_{S,D}NAT: add more tests
88fa4543 extensions: ip6t_{S,D}NAT: multiple to-dst/to-src arguments not reported
64a0e098 extensions: libxt_cluster: Add translation to nft
6067208f extensions: add support for 'srh' match
0f387b07 extensions: hashlimit: fix incorrect burst in translations
1ffe6a74 extensions: libxt_hashlimit: Do not print default timeout and burst
27de281d extensions: Add macro _DEFAULT_SOURCE.
75364151 iptables: Remove const qualifier from struct option.
8b0da213 iptables: masquerade: add randomize-full support
e64db006 iptables: patch to correct linker flag sequence
033eac81 extensions: libxt_tcpmss: Add test case for invalid ranges.
505bfa11 iptables: xtables-eb: Remove const qualifier from struct option
a6d6821a iptables: extensions: Fix MARK target help
71de414c libxt_sctp: fix array out of range in print_chunk
1a32381a extensions: add tests for ipcomp protocol
4bd51770 tests: xlate: print output in same way as nft-test.py
d0e3d95f libxt_recent: Remove ineffective checks for info->name
23e6ed71 libxt_TOS: add tests for translation infrastructure
9564595e Update .gitignore
bebce197 iptables: iptables-compat translation for TCPMSS
dbbab0aa extensions: libxt_tcpmss: Detect invalid ranges
0e958281 iptables-translate: add test file for TCPMSS extension
de3c68b6 iptables-compat: do not allow to delete populated user define chains
f4b80ce7 iptables: change large file support handling
f5b46c2f iptables: Constify option struct
21ba5b38 ip{,6}tables-restore: Don't accept wait-interval without wait
60e0ffd3 ip{,6}tables-restore: Don't ignore missing wait-interval value
af468b6e utils: Add a man page for nfnl_osf
1773dcaa utils: nfnl_osf: Fix synopsis in help text
895ce096 extensions: libxt_bpf: fix missing __NR_bpf declaration
3c633296 xtables-compat-restore: fix translation of mangle's OUTPUT
1c32e560 netfilter: xt_hashlimit: add rate match mode
b5331f88 xtables-compat: fix memory leak when listing
91ae12e3 xtables-compat-restore: fix several memory leaks
79e1edd1 iptables-xml: Fix segfault on jump without a target
c49a93f1 xtables-translate: fix double space before comment
79fa7cc2 libip6t_icmp6: xlate: remove leftover space
8e62f572 tests: xlate: generalize owner
8d994bcf iptables: Add file output option to iptables-save
f8e5ebc5 iptables: Fix crash on malformed iptables-restore
80d8bfaa iptables: insist that the lock is held.
c29d99c8 libxtables: Display weird character warning for wildcards
1fe96cfb tests: xlate: check if it is being run as root
3f92b259 tests: xlate: remove python 3.5 dependency
d89dc47a iptables-restore/save: exit when given an unknown option
65801d02 iptables-restore.8: document -w/-W options
9cd3adbe iptables-restore/ip6tables-restore: add --version/-V argument
1ec1fb7a extensions: libxt_hashlimit: fix 64-bit printf formats
27f69f4a iptables: extensions: Remove typedef in struct.
340105fa tests: add regression tests for xtables-translate
b669e184 extensions: libxt_TOS: Add translation to nft
b2a84476 iptables: Remove unnecessary braces.
2963a8df iptables: Remove explicit static variables initalization.
1cf4ba6f iptables: Constify option struct
999eaa24 iptables-restore: support acquiring the lock.
6e2e169e iptables: remove duplicated argument parsing code
836846f0 iptables: move XT_LOCK_NAME from CFLAGS to config.h.
b91af533 iptables: set the path of the lock file via a configure option.
0e94eb2e iptables-translate: print nft iff there are more expanded rules to print
48ad179b libxtables: abolish AI_CANONNAME
9f50bbdf libxtables: remove unnecessary nesting from host_to_ip(6)addr
c6df55d6 iptables-translate: print nft command for each expand rules via dns names
82dacbb8 xtables-translate: Avoid querying the kernel
9f972f45 extensions: libxt_addrtype: Add translation to nft
2c8e251e utils: nfsynproxy: fix build with musl libc
9b8cb756 libiptc: don't set_changed() when checking rules with module jumps
eb66632d extensions: libxt_hashlimit: Add translation to nft
72bb3dbf xshared: using the blocking file lock request when we wait indefinitely
24f81746 xshared: do not lock again and again if "-w" option is not specified
fc3c3b4e libxt_hashlimit: add new unit test to catch kernel bug
516d9191 iptables: update pf.os

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-02-23 19:15:54 +01:00
Felix Fietkau
fb1be20d63 mac80211: sync fast-rx patch with updated version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-23 13:58:36 +01:00
Felix Fietkau
393661640b mac80211: fix various issues with fast-rx mode
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-23 10:15:23 +01:00
Piotr Dymacz
f01b394266 uboot-envtools: add support for ALFA Network AWUSFREE1
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-02-22 23:40:16 +01:00
Piotr Dymacz
3b8a858d5c uboot-envtools: add support for YunCore T830
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-02-22 18:53:22 +01:00
Piotr Dymacz
f487133322 uboot-envtools: add support for Samsung WAM250
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-02-22 18:53:22 +01:00
Piotr Dymacz
c6bd0b4894 uboot-envtools: add support for WHQX E1700AC/E600G/E600GAC v2
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-02-22 18:53:22 +01:00
Felix Fietkau
848a4abf27 ath9k: merge a RCU fix for station tx cleanup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-22 15:37:59 +01:00
Felix Fietkau
14a01311f5 kernel: remove kmod-appletalk
This has been obsolete for many years now and has been implicated in a
recent build failure

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-22 12:08:38 +01:00
Felix Fietkau
ecd810d0f5 kernel: fix kernel module packaging errors on imx6
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-22 11:58:00 +01:00
Felix Fietkau
1b13cbc15b grub2: disable building platform code for target utility
It is not used and it was causing a build error with GCC 7.3

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-22 09:30:22 +01:00
Felix Fietkau
820f030998 netfilter: add a xt_FLOWOFFLOAD target for NAT/routing offload support
This makes it possible to add an iptables rule that offloads routing/NAT
packet processing to a software fast path. This fast path is much
quicker than running packets through the regular tables/chains.

Requires Linux 4.14

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 20:12:42 +01:00
Felix Fietkau
1033356442 kernel: backport netfilter NAT offload support to 4.14
This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 20:12:42 +01:00
Felix Fietkau
bc3e0f6052 nftables: update to 0.8.2, backport flowtable support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 20:12:41 +01:00
Felix Fietkau
8cdc71fc92 libnftnl: backport flowtable support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 20:12:41 +01:00
Felix Fietkau
c8d07575e5 mac80211: add minstrel improvements/fixes
- Simplify debugfs code
- Reduce size
- Fix handling of CCK rates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 19:29:33 +01:00
Felix Fietkau
981cca12b6 hostapd: add support for sending 802.11v disassoc imminent notifications to clients via ubus
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 19:29:09 +01:00
Felix Fietkau
01b2c0fc49 hostapd: add support for issuing 802.11k beacon measurement requests via ubus
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 19:29:04 +01:00
Felix Fietkau
21bb42fb8a hostapd: expose client 802.11k capabilities via ubus
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 19:28:59 +01:00
Nick Hainke
e2681eb06a hostapd: return with 80211 codes in handle event function
If the auth or assoc request was denied the reason
was always WLAN_STATUS_UNSPECIFIED_FAILURE.
That's why for example the wpa supplicant was always
trying to reconnect to the AP.
Now it's possible to give reasoncodes why the auth
or assoc was denied.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2018-02-21 19:28:56 +01:00
Lorenzo Santina
83b4fa9b3b hostapd: add IEEE 802.11v support
Add Wireless Network Management (IEEE 802.11v)
support to:
- hostapd-full
- wpa_supplicant-full

It must be enabled at runtime via UCI with:
- option ieee80211v '1'

Add UCI support for:
- time_advertisement
- time_zone
- wnm_sleep_mode
- bss_transition

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
2018-02-21 19:28:50 +01:00
Felix Fietkau
6b1816f8a3 hostapd: add support for turning on 802.11k/v features via ubus
Neighbor reports are enabled implicitly on use, beacon reports and BSS
transition management need to be enabled explicitly

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 19:28:43 +01:00
Felix Fietkau
526921f20e mac80211: round up tx status headroom
Fixes unaligned access exceptions in mt76 when transmitting beacons

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 19:28:36 +01:00
John Crispin
3cb38368e2 ubox: fix PKG_MIRROR_HASH
Signed-off-by: John Crispin <john@phrozen.org>
2018-02-20 21:35:14 +01:00
Hauke Mehrtens
73ba5e11f7 lantiq: fix lantiq applications kernel 4.14 compatiblity
This is fixing multiple compile problems with kernel 4.14 and updates the
code to take care of changes introduced between kernel 4.9 and 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-02-20 19:25:17 +01:00
Mathias Kresin
627a28eb09 lantiq: rename gphy firmware
Rename the gphy firmware to match the name requested by kernel 4.14 and
update the devicetree source files to use the new name.

Update the u-boot lantiq Makefile to be compatible with the new names as
well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-02-20 19:25:17 +01:00
Mathias Kresin
6112abf186 kernel: enable CONFIG_USB_PCI for PCI usb modules
With upstream commit 2c93e790e825 ("usb: add CONFIG_USB_PCI for system
have both PCI HW and non-PCI based USB HW") the CONFIG_USB_PCI was
introduced.

The option is disabled by default in our generic kernel 4.14 config, hence
we need to set the option for all related kernel modules.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-02-20 19:25:17 +01:00
Mathias Kresin
04cb1e0fd2 ppp: fix build with kernel 4.14.9+
With a9772285a724 ("linux/compiler.h: Split into compiler.h and
compiler_types.h") compiler.h was refactored and most its content was
moved to compiler_types.h. Both files are required to build ppp-mod-pppoa.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-02-20 19:25:17 +01:00
Hans Dedecker
97c27f01be odhcpd: fix interop with wide DHCPv6 client (FS#1377)
96033e9 dhcpv6-ia: don't always send reconf accept option (FS#1377)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-20 16:30:15 +01:00
Zoltan HERPAI
d2ac070552 modules: iio-mxs-lradc: build on mxs only
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-20 15:03:12 +01:00
Zoltan HERPAI
5360441d8f modules: gpio-mcp23s08: fully depend on i2c-core
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-20 14:13:20 +01:00
Michael Heimpold
42845f4550 kernel: add kmod-iio-mxs-lradc
This adds support for the Freescale i.MX23/28 SoC's Low-Resolution ADC.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2018-02-20 13:24:57 +01:00
Koen Vandeputte
e16cc7a8c8 uqmi: ensure CID is a numeric value before proceeding
The current implementation only checked if uqmi itself executed
correctly which is also the case when the returned value is actually
an error.

Rework this, checking that CID is a numeric value, which can only
be true if uqmi itself also executed correctly.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-20 08:33:07 +01:00
Tim Harvey
3b2708f09c imx6: add support for Linux 4.14
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-19 09:32:43 +01:00
Kevin Darbyshire-Bryant
16245a5d8e dnsmasq: bump to 2.79rc1
1721453 Remove special handling of A-for-A queries.
499d8dd Fix boundary for test introduced in 3e3f1029c9ec6c63e430ff51063a6301d4b2262
6f1cbfd Fix debian/readme typo.
55ecde7 Inotify: Ignore backup files created by editors
6b54d69 Make failure to chown() pidfile a warning.
246a31c Change ownership of pid file, to keep systemd happy.
83e4b73 Remove confusion between --user and --script-user.
6340ca7 Tweak heuristic for initial DNSSEC memory allocation.
baf553d Default min-port to 1024 to avoid reserved ports.
486bcd5 Simplify and correct bindtodevice().
be9a74d Close Debian bug for CVE-2017-15107.
ffcbc0f Example config typo fixes.
a969ba6 Special case NSEC processing for root DS record, to avoid spurious BOGUS.
f178172 Add homepage to Debian control file.
cd7df61 Fix DNSSEC validation errors introduced in 4fe6744a220eddd3f1749b40cac3dfc510787de6
c1a4e25 Try to be a little more clever at falling back to smaller DNS packet sizes.
4fe6744 DNSSEC fix for wildcard NSEC records. CVE-2017-15107 applies.
3bd4c47 Remove limit on length of command-line options.
98196c4 Typo fix.
22cd860  Allow more than one --bridge-interface option to refer to an interface.
3c973ad Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC time validation.
faaf306 Spelling fixes.
c7e6aea Change references to gPXE to iPXE. Development of EtherBoot gPXE was always development of iPXE core developer Michael Brown.
e541245 Handle duplicate RRs in DNSSEC validation.
84a01be Bump year in Debian copyright notice.
d1ced3a Update copyrights to 2018.
a6cee69 Fix exit code from dhcp_release6.
0039920 Severely fix code formating of contrib/lease-tools/dhcp_release6.c
39d8550 Run Debian startup regex in "C" locale.
ef3d137 Fix infinite retries in strict-order mode.
8c707e1 Make 373e91738929a3d416e6292e65824184ba8428a6 compile without DNSSEC.
373e917 Fix a6004d7f17687ac2455f724d0b57098c413f128d to cope with >256 RRs in answer section.
74f0f9a Commment language tweaks.
ed6bdb0 Man page typos.
c88af04 Modify doc.html to mention git-over-http is now available.
ae0187d Fix trust-anchor regexp in Debian init script.
0c50e3d Bump version in Debian package.
075366a Open inotify socket only when used.
8e8b2d6 Release notes update.
087eb76 Always return a SERVFAIL response to DNS queries with RD=0.
ebedcba Typo in printf format string added in 22dee512f3738f87539a79aeb52b9e670b3bd104
0954a97 Remove RSA/MD5 DNSSEC algorithm.
b77efc1 Tidy DNSSEC algorithm table use.
3b0cb34 Fix manpage which said ZSK but meant KSK.
aa6f832 Add a few DNS RRs to the table.
ad9c6f0 Add support for Ed25519 DNSSEC signature algorithm.
a6004d7 Fix caching logic for validated answers.
c366717 Tidy up add_resource_record() buffer size checks.
22dee51 Log DNS server max packet size reduction.
6fd5d79 Fix logic on EDNS0 headers.
9d6918d Use IP[V6]_UNICAST_IF socket option instead of SO_BINDTODEVICE for DNS.
a49c5c2 Fix search_servers() segfault with DNSSEC.
30858e3 Spaces in CNAME options break parsing.

Refresh patches.
Remove upstreamed patches:
	250-Fix-infinite-retries-in-strict-order-mode.patch
	260-dnssec-SIGINT.patch
	270-dnssec-wildcards.patch

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-02-18 22:10:17 +01:00
Stijn Tintel
1c308bbbf5 dropbear: add option to set receive window size
The default receive window size in dropbear is hardcoded to 24576 byte
to limit memory usage. This value was chosen for 100Mbps networks, and
limits the throughput of scp on faster networks. It also severely limits
scp throughput on high-latency links.

Add an option to set the receive window size so that people can improve
performance without having to recompile dropbear.

Setting the window size to the highest value supported by dropbear
improves throughput from my build machine to an APU2 on the same LAN
from 7MB/s to 7.9MB/s, and to an APU2 over a link with ~65ms latency
from 320KB/s to 7.5MB/s.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:57 +01:00
Philip Prindeville
81ccf24c09 iperf3: update to 3.4
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-02-17 13:48:02 +01:00
Russell Senior
42b94a74e9 openvpn: fix interface with mbedtls_sha256
Between mbedtls 2.6.0 and 2.7.0, the void returning mbedtls_MODULE* functions
were deprecated in favor of functions returning an int error code.  Use
the new function mbedtls_sha256_ret().

Signed-off-by: Russell Senior <russell@personaltelco.net>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-17 12:29:33 +01:00
Russell Senior
e05a6018fc curl: fix interface with mbedtls_sha256
Between mbedtls 2.6.0 and 2.7.0, the void returning mbedtls_MODULE* functions
were deprecated in favor of functions returning an int error code.  Use
the new function mbedtls_sha256_ret().

Signed-off-by: Russell Senior <russell@personaltelco.net>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-17 12:29:23 +01:00
Hauke Mehrtens
718e5cd1cf uboot-sunxi: Add Xunlong Orange Pi Zero Plus
This is based on a patch from armbian:
https://github.com/armbian/build/blob/master/patch/u-boot/u-boot-sunxi/add-orangepi-zeroplus.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-17 01:15:25 +01:00
Antony Antony
3c24a1d423 sunxi: add support for NanoPi NEO Plus2 board
arm64: allwinner: h5: NanoPi NEO Plus2 DT support
Add initial DT for NanoPi NEO Plus2 by FriendlyARM
    - Allwinner quad core H5 Cortex A53 with an ARM Mali-450MP GPU
    - 1 GB DDR3 RAM
    - 8GB eMMC flash (Samsung KLM8G1WEPD-B031)
    - micro SD card slot
    - Gigabit Ethernet (external RTL8211E-VB-CG chip)
    - 802.11 b/g/n WiFi, Bluetooth 4.0 (Ampak AP6212A module)
    - 2x USB 2.0 host ports & 2x USB via headers

Signed-off-by: Antony Antony <antony@phenome.org>
2018-02-17 01:15:24 +01:00
Antony Antony
6247929d66 uboot-sunxi: add u-boot DT for NanoPi NEO Plus2 board
u-boot upstream commit 6130b1f6bc23

Signed-off-by: Antony Antony <antony@phenome.org>
2018-02-17 01:15:24 +01:00
Hauke Mehrtens
c971b4eeea uboot-sunxi: dts: Update orange Pi R1 integration
This syncs the Orange Pi R1 device tree files with the one from the
upstream kernel and also uses the default configuration from the Orange
Pi Zero.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-17 01:15:24 +01:00
Hauke Mehrtens
9f5a4f8a42 mbedtls: activate deprecated functions
Some functions used by a lot of other software was renamed and is only
active when deprecated functions are allowed, deactivate the removal of
deprecated functions for now.

Fixes: 75c5ab4caf ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-16 20:09:34 +01:00
Jasper Scholte
7da6480700 gpio-nct5104d: Add support for new chip ID
The PC Engines APU3b has a new nct5104b version with chip ID 0xc453.
This adds support for that version.

Signed-off-by: Jasper Scholte <NightNL@outlook.com>
2018-02-16 14:46:03 +01:00
Zoltan HERPAI
94ef87f49d Revert "uboot-sunxi: bump to 2017.11"
This reverts commit 805f756d6e.

Move back to 2017.07 until we move sunxi to GCC7.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-16 12:17:15 +01:00
Zoltan HERPAI
4bc1ebbd88 Revert "uboot-sunxi: refresh patches"
This reverts commit f142de5f44.

Revert until we can move to 2017.11

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-16 11:40:01 +01:00
Zoltan HERPAI
616f883a20 Revert "uboot-sunxi: fix build by adding comparabilities for old dtc"
This reverts commit ef0416666f.

Revert until we can move to 2017.11

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-16 11:39:13 +01:00
Hauke Mehrtens
95745516a2 nftables: update to version 0.8.2
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-15 23:31:23 +01:00
Hauke Mehrtens
e7c179326a iproute2: update to version 4.15.0
The musl compatibility patches are now included in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-15 23:31:23 +01:00
Hauke Mehrtens
75c5ab4caf mbedtls: update to version 2.7.0
This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-15 21:58:47 +01:00
Daniel Golle
a3b9cbafc3 iwinfo: update to latest git HEAD
223e09b add support for expected throughput

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-02-15 04:57:38 +01:00
Dongming Han
04d3308b62 ipq806x: add support for GL.iNet GL-B1300
This patch adds support for GL.iNet GL-B1300

Specification:
- SOC:        IPQ4028 / QCA Dakota
- RAM:        256 MiB
- FLASH:      32 MiB
- ETH:        Qualcomm Atheros QCA8075 Gigabit Switch (2 x LAN, 1 x WAN)
- USB:        1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
- WLAN1:      Qualcomm Atheros QCA4028 2.4GHz 802.11bgn 2:2x2
- WLAN2:      Qualcomm Atheros QCA4028 5GHz 802.11a/n/ac 2:2x2
- INPUT:      one reset and one WPS button
- LEDS:       3 leds: Power, WIFI(only for 2.4G currently), and one reserved
- UART:       1 x UART on PCB (3.3V, TX, RX, GND) - 115200 8N1

Installation:
Method 1:
- use serial port to stop uboot
- uboot command: run lf
Method 2:
- push down reset button and power on
- wait until three leds constantly on then release
- upgrade by uboot web at http://192.168.1.1
Note:
- the sysupgrade image need to be renamed to lede-gl-b1300.bin in both method.
- the sysupgrade image can be automatically downloaded if tftp server at
  192.168.1.2 have that file.
- the wifi led will be flashing when writing image.

Signed-off-by: Dongming Han <handongming@gl-inet.com>
2018-02-14 09:40:32 +01:00
John Crispin
88a41074e8 ubox: update to latest git HEAD
128bc35 logread: fix reconnect logd logic
66347ec logread: move the code setting up the request blob out of the main loop
975a258 logread: move output connection setup code out of main loop
b81bea7 logread: cleanup pid file handling
d73e7d2 ubox: Replace strerror(errno) with %m format.

Signed-off-by: John Crispin <john@phrozen.org>
2018-02-14 09:30:07 +01:00
Hauke Mehrtens
0b8629c0e3 mwlwifi: downgrade to version 10.3.4.0-20180118
Some people reported problems with the current development version, so
go back to the latests more or less release.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-13 23:21:12 +01:00
Hauke Mehrtens
de0d0c68c4 mwlwifi: fix compile problem with kernel 4.14
vfs_write() is not exported on kernel 4.14 any more and kernel_write()
should be used instead.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-13 22:31:00 +01:00
Hauke Mehrtens
8db89c4485 mwlwifi: use PKG_SOURCE_DATE instead of version
Using PKG_SOURCE_DATE instead of PKG_VERSION will make the build system
generate the version based on the date and the git hash. This way the
tar file name changes when the git hash changes and this avoids problems
when someone forgets to change the version, but changes the git hash.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-13 22:31:00 +01:00
Chris Breuer
eab378ef17 mwlwifi: Update to latest commit 20180208
Changes since last merge into OpenWrt since 2017-12-14:
 - Added debugfs file tx_hist.
 - Added debugfs file fixed_rate.
 - Added debugfs file ba_hist.
 - Modified the way to establish BA stream.
 - Added code to control BF type.
 - Added functions to check/dump dhcp packet.
 - Upgrade 88W8964 firmware to 9.3.2.4.
 - Added debugfs file coredump.
 - Corrected the way to transmit multicast packets.
 - Change driver version to 10.3.4.0-20180118.
 - Corrected the way to get qos control.
 - Assigned broadcast dhcpoffer to another queue.
 - Separated broadcast and multicast packets. Bump to latest commit 20180206

Signed-off-by: Chris Breuer <github@chrisbreuer.de>
2018-02-13 22:31:00 +01:00
Hauke Mehrtens
80771af83d mac80211: move wifi detect hotplug script to later
Make it easily possible to add a custom script in front of this hotplug
script which adds new devices. This is needed for the mvebu target in
which we want to migrate the old configuration before new devices are
getting detected.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-13 22:24:56 +01:00
Lucian Cristian
7f61924dcb i2c.mk: sort kernel modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-02-13 11:55:21 +01:00
Lucian Cristian
f646188f77 hwmon.mk: sort kernel modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-02-13 11:54:42 +01:00
Lucian Cristian
0b004ccec3 can.mk: sort modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-02-13 11:53:49 +01:00
Lucian Cristian
d1aae1a054 crypto.mk: sort kernel modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-02-13 11:51:46 +01:00
Lucian Cristian
de62386b2d fs.mk: sort kernel modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-02-13 11:49:26 +01:00
Lucian Cristian
c2d3047f25 firewire.mk: sort kernel modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-02-13 11:48:49 +01:00
George Hopkins
13f9e40602 ramips: add support for D-Link DAP-1522 A1
D-Link DAP-1522 is a wireless bridge/access point with 4 LAN
ports and a dual-band wireless chipset.

Specifications:
- Ralink RT2880
- 32 MB of RAM
- 4 MB of Flash
- 4x 10/100/1000 Mbps Ethernet (RTL8366SR)
- 802.11abgn (RT2850)

Flash Instructions:
1. Download lede-ramips-rt288x-dap-1522-a1-squashfs-factory.bin
2. Open the web interface and upload the image

Signed-off-by: George Hopkins <george-hopkins@null.net>
2018-02-13 11:18:07 +01:00
George Hopkins
5203355062 mtd: add fixwrg command
Add a command to fix WRG headers, based on wrgg.c.

Signed-off-by: George Hopkins <george-hopkins@null.net>
2018-02-13 11:16:49 +01:00
Koen Vandeputte
f21f8376e9 uqmi: bump package release
fixes: da8990e717 ("uqmi: use built-in command for data-link verification")

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-13 10:25:30 +01:00
Karl Palsson
b2a5f7683b ar71xx: Add eTactica EG-200 support
EG-200 is a DIN rail mountable device with one ethernet port, wifi,
an RS-485 port, and an internal USB attached uSD card reader.

Two leds, "modbus" and "etactica" are managed by userspace applications
in factory firmware.

Flash instruction:
    Original firmware is based on OpenWrt.
    Use sysupgrade image directly in vendor GUI.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2018-02-13 10:01:53 +01:00
Koen Vandeputte
da8990e717 uqmi: use built-in command for data-link verification
uqmi contains a command for directly querying the modem if there
is a valid data connection, so let's use it.

This avoids the cases were all previous tests are succesful, but the
actual data link is not up for some reasons, leading to states were we
thought the link was up when it actually wasn't ..

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-13 10:01:53 +01:00
Koen Vandeputte
3508f8abb4 uqmi: use correct value for connection checking
Originally, the implementation only checked if uqmi command
execution succeeded properly without actually checking it's returned data.

This lead to a pass, even when the returned data was indicating an error.

Rework the verification to actually check the returned data,
which can only be correct if the uqmi command itself also executed correctly.

On command execution success, value "pdh_" is a pure numeric value.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-13 10:01:53 +01:00
Koen Vandeputte
3c5471032b uqmi: use general method for state cleaning
Debugging shows that using the general method properly cleans on each
run, while the method specifying the client-ID shows "No effect"
even while in connected state.

Fixes several connectivity issues seen on specific modems.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-13 10:01:53 +01:00
Michael Heimpold
123dbb77aa packages: uboot-mxs: override instead of appending u-boot make flags
This prevents passing down the HOSTCC stuff set in u-boot.mk
which results in linking errors against openssl:

tools/mxsimage.o: In function `sb_aes_reinit':
mxsimage.c:(.text+0x202): undefined reference to `EVP_CIPHER_CTX_reset'
tools/mxsimage.o: In function `mxsimage_generate':
mxsimage.c:(.text+0x110d): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x114f): undefined reference to `EVP_MD_CTX_free'
mxsimage.c:(.text+0x11c3): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x1323): undefined reference to `EVP_MD_CTX_free'
mxsimage.c:(.text+0x134a): undefined reference to `EVP_CIPHER_CTX_reset'
tools/mxsimage.o: In function `mxsimage_verify_print_header':
mxsimage.c:(.text+0x23ce): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x242c): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x246b): undefined reference to `EVP_MD_CTX_free'
mxsimage.c:(.text+0x24ef): undefined reference to `EVP_CIPHER_CTX_reset'
mxsimage.c:(.text+0x2e52): undefined reference to `EVP_MD_CTX_free'
collect2: error: ld returned 1 exit status

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2018-02-13 10:01:52 +01:00
Michael Heimpold
dc263cd125 packages: uboot-mxs: bump to 2017.11
Also update the U-Boot BSP patch for I2SE Duckbill devices.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2018-02-13 10:01:52 +01:00
Kristian Evensen
2d27ebbb93 iptables: Support building connlabel module
It is currently possible to enable connlabel-support in iptables.
However, in order for connlabel to work properly, the kernel module must
also be present. This patch adds support for building the
connlabel-module, and selects it by default when connlabel-support is
enabled.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
2018-02-13 10:01:52 +01:00
Yangbo Lu
e547bd36bd layerscape: support ubifs rootfs in u-boot env
ls1012ardb/ls1012afrdm/ls1046ardb/ls1088ardb firmwares now use ubifs
rootfs. So u-boot env should be set accordingly.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:51 +01:00
Yangbo Lu
d6fd44cebf layerscape: update u-boot to LSDK1712
This patch is to update layerscape u-boot to
NXP LSDK1712 release.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:51 +01:00
Yangbo Lu
0f7c83bb26 layerscape: update ppfe firmware to LSDK1712
Updated ppfe firmware to NXP LSDK1712 release. Used
ppfe firmware git tree on NXP github since it was
migrated here from qoriq-open-source github.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:51 +01:00
Yangbo Lu
13b2735a46 layerscape: add ls-rcw-bin package
NXP LSDK1712 release used two rcw git trees. The
original rcw git tree was still source code but
dropping ls1012a/ls1088a/ls2088a boards in LSDK1712.
Instead another new rcw git tree was used to just
provided rcw binaries for these boards dropped. So
this patch is to update ls-rcw to LSDK1712 release
and add a new ls-rcw-bin package.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:50 +01:00
Yangbo Lu
0a4d12b769 layerscape: update PPA firmware to LSDK1712
This patch is to update PPA firmware to NXP LSDK1712
release.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:50 +01:00
Yangbo Lu
4e85171e85 layerscape: migrate fman-ucode to NXP github
fman-ucode had been migrated from qoriq-open-source
github to NXP github. So the Makefile should be fixed
accordingly.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:50 +01:00
Yangbo Lu
f613743687 layerscape: update MC firmware to LSDK1712
Updated MC firmware to NXP LSDK1712 release. Used
MC firmware git tree on NXP github since it was
migrated here from qoriq-open-source github.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:50 +01:00
Yangbo Lu
3a0fa1e7b8 layerscape: update restool to 2017-12-03
Updated restool to 2017-12-03 and removed patches
since the new version had involved them.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:49 +01:00
Philip Prindeville
78f5af626c kmod-sched: add sch_multiq to extra schedulers
For hardware that supports multiple h/w output queues, add
a compatible scheduler (NET_SCH_MULTIQ).

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-02-13 09:21:20 +01:00
Daniel Golle
267873ac9b
base-files: don't evaluate block-device uevent
Current code and also before commit da52dd0c83 was vulnerable to shell
injection using volume lables in the GPT partition table of block
devices. Given that partition names can be freely defined in GPT tables
we really shouldn't evaluate a string which is potentially crafted with
evil intentions. Hence rather use `export -n` to absorb the uevent's
variables into the environment.

Fixes commit da52dd0c83 (base-files: quote values when evaluating uevent)
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[mschiffer@universe-factory.net: suggested export -n usage]
2018-02-13 00:01:44 +01:00
Daniel Gimpelevich
49d3c5f057 kernel: add IEEE-1284 parallel port support
The kmod-lp package included both lp.ko and ppdev.ko, but ECP device
drivers may or may not require lp NOT to be loaded, needing only ppdev.
Additionally, There were no packages for any parport interface modules,
such as uss720 or parport_pc, provided here. It has not been otherwise
possible to use PC-style parport hardware for kmod-lp.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2018-02-12 15:21:43 +01:00
Jonas Gorski
592472f60f broadcom-wl: fix compilation with 4.14
The last_rx field was removed from net_device. Since the field wasn't
used by the generic subsystem, and the driver only writes to it, just
remove the usage.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2018-02-11 23:15:05 +01:00
Felix Fietkau
c991dab993 wrt55agv2-spidevs: remove obsolete package
It hasn't compiled in a long time and needs to be updated before it can
be restored anyway.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-11 18:06:10 +01:00
Daniel Golle
da52dd0c83 base-files: quote values when evaluating uevent
When sourcing /sys/class/block/*/uevent values have to be quoted as
they may contain spaces (e.g. in PARTNAME).
Fix this by pre-processing with sed before sourcing.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-02-11 16:42:01 +01:00
Sven Eckelmann
25a72f5a01 ipq-wifi: drop OpenMesh A42 board-2.bin
The BDFs for OpenMesh A42 were upstreamed [1] to the ath10k-firmware
repository and are now part of ath10k-firmware 2018-01-26. The
ipq-wifi-openmesh_a42 package can now be dropped because OpenWrt already
ships the QCA4019 board-2.bin from this version.

[1] https://wireless.wiki.kernel.org/en/users/drivers/ath10k/boardfiles

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2018-02-11 16:33:00 +01:00
Sven Eckelmann
80b54b85ad firmware: ath10k-firmware: update to 2018-01-26
* introduces the BDFs for the OpenMesh A42 in
  /lib/firmware/ath10k/QCA4019/hw1.0/board-2.bin.
* adds new firmware firmware-6.bin_RM.4.4.1.c1-00037-QCARMSWP-1 for
  QCA6174 hw3.0

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2018-02-11 16:33:00 +01:00
Philip Prindeville
83d99924fa kexec-tools: bump version to 2.0.16
All patches have been integrated upstream.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-02-11 16:10:51 +01:00
Philip Prindeville
d59cc79e00 kexec-tools: issue warning when dd'ing vmcore
With no warning, it just looks like the box has hung during boot.

We don't want users resetting it without having captured a crashdump.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-02-11 16:05:48 +01:00
Zoltan HERPAI
01020bc74d firmware: add microcode package for Intel
Compiling the Intel microcode package results in a
microcode.bin and a microcode-64.bin. As we can
decide based on the subtarget which should be used,
we'll only split the required .bin file with
iucode-tool.

x64 will get the intel-microcode-64.bin
All other variants will get intel-microcode.bin

The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-11 14:39:21 +01:00
Zoltan HERPAI
8fb3476345 firmware: add microcode package for AMD
Use the Debian repository for sourcing the ucode files.

Current (20171205) includes support for fam17h CPUs already.

The microcodes will be updated from preinit via a common
script - that's the earliest place where we can do it.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-11 14:39:18 +01:00
Zoltan HERPAI
d3da2fcb8b tools: add iucode-tool
Add tool to "compile" Intel microcode files. The tool will be
compiled for host (to split the microcode.dat) and for target
(to forcibly reload the microcode if required).

Instead of using the large microcode.bin/microcode-64.bin, the
splitted ucode files (separate for CPU families) will be
installed.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-11 14:39:16 +01:00
John Crispin
d3ddced0c7 fstools: update to latest git HEAD
3d23981 strip trailing spaces from vfat labels
c4a3c97 fix vfat volume label
5010710 block: support /dev/nvme* nodes

Signed-off-by: John Crispin <john@phrozen.org>
2018-02-11 14:32:37 +01:00
Hauke Mehrtens
13e8d54917 uboot-fritz4040: Fix build with HOSTCFLAGS
When we provide the HOSTCFLAGS to the U-Boot build it will fail because
it can not find the u-boot provided header files any more.
Just overwrite and not append the package specific configuration on top
of the configuration provided by u-boot.mk.
uboot-fritz4040 is based on U-Boot 2012.07 and this problem is probably
similar to the problem seen with the lantiq and ar71xx u-boot build.

Fixes: df9781a420 ("u-boot,at91bootstrap: fix incorrect HOSTCPPFLAGS variable")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-11 00:56:50 +01:00
Filip Moc
7c5960ddc4 kernel: add kmod-fou
Once installed fou kernel module allows you to use FOU (Foo over UDP)
and GUE (Generic UDP encapsulation) tunnel protocols.

To get ip fou command working you also need to install ip-full.

Signed-off-by: Filip Moc <lede@moc6.cz>
2018-02-10 20:58:18 +01:00
Alexandru Ardelean
a6f79f5e5e uboot-mvebu: fix build ; use the build's tools/libressl
Since I have no openssl-dev on my machine, I first
get this error:

```
tools/kwbimage.c:21:10: fatal error: openssl/bn.h: No such file or directory
 #include <openssl/bn.h>
```

After removing the UBOOT_MAKE_FLAGS the next error is:
```
tools/kwbimage.c:40:6: error: conflicting types for ‘EVP_MD_CTX_cleanup’
 void EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
```

After removing the OpenSSL patches the next error is:
```
  HOSTLD  tools/dumpimage
/usr/bin/ld: cannot find -lssl
/usr/bin/ld: cannot find -lcrypto
collect2: error: ld returned 1 exit status
scripts/Makefile.host:108: recipe for target 'tools/dumpimage' failed
make[5]: *** [tools/dumpimage] Error 1

```

So, the final part is to add the build system's
HOST_LDFLAGS to the UBOOT_MAKE_FLAGS.
(which was done in the previous commit)

Then the image builds.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-02-10 20:52:31 +01:00
Alexandru Ardelean
df9781a420 u-boot,at91bootstrap: fix incorrect HOSTCPPFLAGS variable
This would should up as `$$(HOSTCPPFLAGS)` in the host CFLAGS.
```
make --jobserver-fds=3,4 -j -C <openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/u-boot-A10-OLinuXino-Lime/u-boot-2017.07 CROSS_COMPILE=arm-openwrt-linux-muslgnueabi- DTC="<openwrt>/build_dir/target-arm_cortex-a8+vfpv3_musl_eabi/linux-sunxi_cortexa8/linux-4.9.76/scripts/dtc/dtc" HOSTCC="gcc" HOSTCFLAGS='-O2 -I<openwrt>/staging_dir/host/include -I<openwrt>/staging_dir/host/usr/include -I<openwrt>/staging_dir/hostpkg/include -I<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/host/include $$(HOSTCPPFLAGS)' HOSTLDFLAGS="" BL31=<openwrt>/staging_dir/target-arm_cortex-a8+vfpv3_musl_eabi/image/bl31.bin
```

And then it would complain with:
```
 /bin/sh: 1: HOSTCPPFLAGS: not found
```

Also, HOSTCPPFLAGS does not exist.
The correct var is HOST_CPPFLAGS.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2018-02-10 20:52:31 +01:00
Hauke Mehrtens
d0d37e89af valgrind: Fix compile on ARM64
Activate the support for 64 bit on all 64 bit CPUs and not only x86_64.
ARM64 does not provide an xml file, so do not pack any.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-10 20:17:43 +01:00
Hauke Mehrtens
b6d6e3fdf1 bunwind: build for ARM64
ARM64 is supported by libunwind since some versions, allow building it
for aarch64.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-10 20:17:21 +01:00
Hauke Mehrtens
ef0416666f uboot-sunxi: fix build by adding comparabilities for old dtc
We use the dtc from the kernel and that does not have all the options
which u-boot would like to use now. make these parameters optional.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-10 15:39:00 +01:00
Hauke Mehrtens
f142de5f44 uboot-sunxi: refresh patches
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-10 15:39:00 +01:00
Felix Fietkau
175538ffdb mt76: update to the latest version, fixes mt7603 stability issues
3413961 mt7603: avoid reordering qos-null data packets
c60e6db mt76: toggle driver station powersave bit before notifying mac80211
246d548 mt76: stop tx queues from the driver callback instead of common code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-09 16:05:02 +01:00
Felix Fietkau
02191389d5 kernel: remove kmod-spi-gpio-old
It is unused and has been deprecated for a long time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-09 10:29:07 +01:00
Felix Fietkau
f997a6ab26 wrt55agv2-spidevs: mark as broken
The target it was meant for was updated to a version that this does not
compile with. It probably also hasn't been used in years

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-09 10:29:07 +01:00
Hans Dedecker
787326b43e odhcp6c: fix appending of emtpy sendopt value (FS#1336)
Don't append an empty sendopts value as odhcp6c bails out
immediately on an empty -x option triggering an infinite start
loop of odhcp6c

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-08 18:29:37 +01:00
Hans Dedecker
30d34358a9 libubox: bump to git HEAD version
b0c830 sh/jshn.sh: add json_for_each_item()

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-08 13:14:36 +01:00
Hans Dedecker
d8acbb86a1 odhcp6c: change sendopts option into list
Commit a26045049b added support for sendopts as a string; since multiple
sendopts values can be specified it makes more sense to model it as a
list of strings.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-08 12:19:48 +01:00
Hans Dedecker
112f0469c4 netifd: update to latest git HEAD
1be329c netifd-proto: add proto_config_add_array wrapper

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-07 12:03:56 +01:00
Zoltan HERPAI
805f756d6e uboot-sunxi: bump to 2017.11
Runtime-tested on:
 - Pine64 (A64)
 - Orange Pi 2 (H3)
 - Bananapro (A20)
 - Olimex A20-Micro (A20)
 - Pcduino v3 (A20)
 - Pcduino v2 (A10)

Compile-tested on:
 - all A8/A7/A53 boards

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-06 12:52:00 +01:00
Martin Schiller
a8b023272d
ltq-atm: cleanup unused variables and functions
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2018-02-05 17:45:54 +01:00
Alexander Couzens
17eb826a70 ltq-atm: rewrite tx path to use IRQs
The ATM subsystem is different from the generic ethernet NICs. The ATM
subsystem requires a callback when a packet has been sent. It means a
tx skb_buff need to be used after it has sent. While the generic NIC
can fill up the TX ring and free skb_buffs if it encounter a ring buffer slot
with an already sent skbuff.
The ATM drivers need call the pop() function after it has send a
single ATM package. The ATM subsystem controls via this ways the queuing.

The ppe engine use DMA channels for read and write. Every atm_vcc has it's
own TX DMA channel and each TX DMA channel has it's own ring buffer.

The old driver had multiple issues:
- Call the subsystem callback at the beginning of tx function (ppe_send).
  Didn't allowed the ATM subsystem to control the enqueued package
  amount.
- Filled up the TX ring until full and fail futher
- copy or decouple the skb from all other subsystem before giving it
  over to TX ring

The new tx path uses interupts.
- call the subsystem callback _after_ it was sent by hardware
- no need to copy our decouple the skb any more
- gives back control to the atm subsystem over the enqueued packages
- use an interupt for every sent atm package

Using interupts shouldn't be a problem because of the slow uplink bandwidth of
ADSL.
The speed _through_ the DSL router was always as high as it should
be, only traffic generated on the router itself were affected.

After changing to new tx path, the speed of iperf's run on the
router itself reached the same speed. The master/trunk wasn't as much
affected because of TCP optimisations (reboot-5022-gb2ea46fe236a).
The following results are taken on the remote server, which receives
the stream over the internet and the DSL line.

The sync moves between every sync a litte bit, but is so far stable
Latency / Interleave Delay:               Down: Fast (0.25 ms) / Up: Fast (0.50 ms)
Data Rate:                                Down: 13.287 Mb/s / Up: 1.151 Mb/s

reboot-5521-g9f8d28285d without patch
[ ID] Interval           Transfer     Bandwidth       Retr
[  5]   0.00-10.04  sec   947 KBytes   773 Kbits/sec    0             sender
[  5]   0.00-10.04  sec   928 KBytes   757 Kbits/sec                  receiver

reboot-5521-g9f8d28285d with patch
[  5]   0.00-10.06  sec  1.16 MBytes   970 Kbits/sec    0             sender
[  5]   0.00-10.06  sec  1.15 MBytes   959 Kbits/sec                  receiver

v17.01.4-239-g55c23e44f4 without patch
[ ID] Interval           Transfer     Bandwidth       Retr
[  5]   0.00-10.04  sec  87.4 KBytes  71.3 Kbits/sec    0             sender
[  5]   0.00-10.04  sec  59.6 KBytes  48.7 Kbits/sec                  receiver

v17.01.4-239-g55c23e44f4 with patch
[ ID] Interval           Transfer     Bandwidth       Retr
[  5]   0.00-10.05  sec  1.18 MBytes   983 Kbits/sec    1             sender
[  5]   0.00-10.05  sec  1.15 MBytes   959 Kbits/sec                  receiver

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2018-02-05 16:36:26 +01:00
Zoltan HERPAI
e7469d5192 arm-trusted-firmware-sunxi: use release build and bump version
- use release build instead of debug to reduce size
 - bump to use latest commit in allwinner tree

Tested on Pine64/1G.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-05 12:58:27 +01:00
Felix Fietkau
fe1244e04d mt76: update to the latest version
2b7fae4 mt76: fix returnvar.cocci warnings
939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params()
cf59170 mt76x2: dfs: add set_domain handler
5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params()
f76e25f mt76x2: fix WMM parameter configuration
34d612d mt76: retry rx polling as long as there is budget left
0f8327a mt76x2: fix TSF value in probe responses
ad3f8e9 mt76: add an intermediate struct for rx status information
58a41f1 mt76: get station pointer by wcid and pass it to mac80211
b0508d3 mt76: implement A-MPDU rx reordering in the driver code
cf3cfc4 mt76: split mt76_rx_complete
461cdf9 mt76: pass the per-vif wcid to the core for multicast rx
9b2c778 mt76: validate rx CCMP PN
302af90 mt76x2: init: disable all pending tasklets during device removal
9f685fe mt7603: init: disable tbtt tasklet during device removal
c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames
3968dae mt7603: fix 40 mhz channel bandwidth reporting
9c2e03d mt7603: fix rx LDPC reporting
f515dfc mt76: implement AP_LINK_PS
974142c mt76: implement processing of BlockAckReq frames
c5209db mt76: avoid re-queueing A-MPDU rx reorder work if no frames are pending
e67e7a5 mt76x2: do not set status->aggr for NULL data frames
8693864 mt76: check qos ack policy before reordering packets

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-05 10:31:44 +01:00
Hans Dedecker
ecc347dd6e nghttp2: bump to 1.30.0
f0836c7e Update manual pages
25db178b Bump up version number to 1.30.0, LT revision to 29:2:15
1b6713e6 Update AUTHORS
c1a496cf nghttpx: Fix bug that h1 backend idle timeout expires sooner
e098a211 mruby: Fix bug that response header is unexpectedly overwritten
0ba4bf51 Merge pull request #1120 from dylanplecki/issue-1119-mruby-header-overwrite
6deee203 Fix #1119: Stop overwrite of first header on mruby call to env.req.set_header(..)
6761a933 Merge pull request #1105 from nghttp2/nghttpx-upgrade-scheme
5cc3d159 nghttpx: Add upgrade-scheme parameter to backend option
652f57e7 Merge pull request #1104 from nghttp2/allow-ping-after-goaway
acd6b40e Allow PING frame to be sent after GOAWAY
0fbb46ed Merge pull request #1101 from nghttp2/remember-pushed-links
6ad629de Merge pull request #1102 from nghttp2/fix-missing-alpn-validation
74754982 nghttpx: Fix missing ALPN validation (--npn-list)
a31a2e3b nghttpx: Remember which resource is pushed
a776b0db Merge pull request #1092 from nghttp2/define-103
cfd926f0 src: Define 103 status code
72f52716 Bump up version number to 1.30.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-04 21:19:51 +01:00
Kevin Darbyshire-Bryant
256477f7af wireguard: bump to 20180202
Bump to latest wireguard release snapshot:

2675814 version: bump snapshot
381d703 qemu: update base versions
c3fbd9d curve25519: break more things with more test cases
93fa0d9 curve25519: replace fiat64 with faster hacl64
6177bdd curve25519: replace hacl64 with fiat64
b9bf37d curve25519: verify that specialized basepoint implementations are correct
bd3f0d8 tools: dedup secret normalization
1f87434 chacha20poly1305: better buffer alignment
78959ed chacha20poly1305: use existing rol32 function
494cdea tools: fread doesn't change errno
ab89bdc device: let udev know what kind of device we are
62e8720 qemu: disable AVX-512 in userland
6342bf7 qemu: disable PIE for compilation
e23e451 contrib: keygen-html: share curve25519 implementation with kernel
6b28fa6 tools: share curve25519 implementations with kernel
c80cbfa poly1305: add poly-specific self-tests
10a2edf curve25519-fiat32: uninline certain functions

No patch refresh required.

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-02-03 14:29:57 +01:00
Matthias Schiffer
1cb06d8907
firewall: depend on kmod-nf-conntrack6
Firewall rules don't work as intended without conntrack support. The recent
cleanup removed the kmod-nf-conntrack6 dependency from the iptables
modules; add it to the firewall package instead.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-02-02 14:00:04 +01:00
Philip Prindeville
ff8e9a4ecb treewide: combine VERSION_SED and VERSION_SED_SCRIPT
We don't need two versions of this.  The escaping quotes
is so that the sed commands aren't misinterpreted by shell;
it has nothing to do with the contents of the file, thus
one version is adequate.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-02-02 13:59:34 +01:00
Hans Dedecker
ab44f8fc0d leds: correct ledtrig-heartbeat Kconfig description
Fix ledtrig-heartbeat Kconfig description

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-02 12:08:19 +01:00
Hans Dedecker
60e07ffec5 netifd: add defaultreqopts config option
By default udhcpc asks for a default list of options; the config option
defaultreqopts allows to tweak this behavior.
When set to 0 udhcpc will not ask for any options except for the options
specified in the reqopts config option.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-01 21:44:12 +01:00
Hans Dedecker
cc7a005c1a odhcp6c: add defaultreqopts config option
By default odhcp6c asks for a default list of options; the config option
defaultreqopts allows to tweak this behavior.
When set to 0 odhcp6c will not ask for any options except for the options
specified in the reqopts config option.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-01 15:19:30 +01:00
Matthias Schiffer
33e8f7ee49
netfilter: add missing dependency to kmod-ipt-tproxy
Fixes: e7e025426a "netfilter: clean up dependencies of kernel modules"
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-31 14:43:12 +01:00
Matthias Schiffer
bf1032d71f
mac80211: replace revert for 11s compatiblity with upstream fix
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-31 13:42:23 +01:00
Matthias Schiffer
352c74fcb4
netfilter: add packages for arp and bridge tables of nftables
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-31 13:32:40 +01:00
Matthias Schiffer
bbef76f1b1
nftables: remove dependency on kmod-nf-nat
For minimal firewall setups, NAT support may be unnecessary.

It would be possible to further reduce the minimum number of installed
modules, e.g. by separating IPv4 and IPv6 support or moving conntrack
support into a separate kmod package. We go with a more complete
kmod-nft-core for now, until a concrete usecase for smaller packages
arises.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-31 13:32:40 +01:00
Matthias Schiffer
e7e025426a
netfilter: clean up dependencies of kernel modules
The nf_reject_ipv4 and nf_reject_ipv6 modules are moved into separate
packages, as they are a common dependency of ip(6)tables and nftables. This
avoids a dependency of nftables on kmod-nf-ipt(6). Also, fewer iptables
modules depend on nf-conntrack(6) now.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-31 13:32:40 +01:00
Yousong Zhou
c9c2e4d78d openssl: remove call to now absent clean-staging make target
It's not needed now since commit a621b8c ("include: clean package
staging dir files before configure")

Fixes FS#1309

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-30 14:36:44 +08:00
Hans Dedecker
f65591f113 kernel: add test MTD driver package
Allows to test MTD driver using RAM

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-29 21:12:46 +01:00
Hauke Mehrtens
a9c65c22a1 netdevices.mk: add missing dependency to kmod-hwmon-core
The IGB and IXGBE drivers depend on kmod-hwmon core now.

Fixes: af707a178f ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-29 12:16:15 +01:00
Philip Prindeville
b81b18b5a4 netdevices.mk: add hwmon to IGB and IXGBE drivers
Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.

Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-01-29 12:15:41 +01:00
Hans Dedecker
1d9296dcdb curl: bump to 7.58.0
a0b5e8944 progress-bar: get screen width on windows
65ceb20df test1454: --connect-to with IPv6 address w/o IPv6 support!
eb6e3c4f6 CONNECT_TO: fail attempt to set an IPv6 numerical without IPv6 support
96186de1f docs: fix man page syntax to make test 1140 OK again
af32cd385 http: prevent custom Authorization headers in redirects
993dd5651 curl: progress bar refresh, get width using ioctl()
9d82cde7b RELEASE-NOTES: synced with bb0ffcc36
bb0ffcc36 libcurl-env.3: first take
ec122c4c8 TODO: two possible name resolver improvements
a5e6d6ebc http2: don't close connection when single transfer is stopped
87ddeee59 test558: fix for multissl builds
da07dbb86 examples/url2file.c: add missing curl_global_cleanup() call
ddafd45af SSH: Fix state machine for ssh-agent authentication
9e4ad1e2a openssl: fix potential memory leak in SSLKEYLOGFILE logic
ca9c93e3e openssl: fix the libressl build again
2c0c4dff0 unit1307: test many wildcards too
2a1b2b4ef curl_fnmatch: only allow 5 '*' sections in a single pattern
cb5accab9 ftp-wildcard: fix matching an empty string with "*[^a]"
25c40c9af SMB: fix numeric constant suffix and variable types
945df7410 CURLOPT_TCP_NODELAY.3: fix typo
8dd4edeb9 smtp/pop3/imap_get_message: decrease the data length too...
84fcaa2e7 openssl: enable SSLKEYLOGFILE support by default
e44ddfd47 mime: clone mime tree upon easy handle duplication.
2c821bba8 docs: comment about CURLE_READ_ERROR returned by curl_mime_filedata
a06311be2 test395: HTTP with overflow Content-Length value
67595e7d2 test394: verify abort of rubbish in Content-Length: value
ac17d7947 test393: verify --max-filesize with excessive Content-Length
f68e67271 HTTP: bail out on negative Content-Length: values
0616dfa1e configure.ac: append extra linker flags instead of prepending them.
650b9c1d6 RELEASE-NOTES: synced with 6fa10c8fa
6fa10c8fa setopt: fix SSLVERSION to allow CURL_SSLVERSION_MAX_ values
3b548ffde setopt: reintroduce non-static Curl_vsetopt() for OS400 support
fa3dbb9a1 http2: fix incorrect trailer buffer size
2a6dbb815 easy: fix connection ownership in curl_easy_pause
89f680473 system.h: Additionally check __LONG_MAX__ for defining curl_off_t
14d07be37 COPYING: it's 2018!
a8ce5efba progress: calculate transfer speed on milliseconds if possible
d4e40f069 scripts: allow all perl scripts to be run directly
e4f86025d mail-rcpt.d: fix short-text description
908a9a674 build: remove HAVE_LIMITS_H check
129390a51 openssl: fix memory leak of SSLKEYLOGFILE filename
272613df0 Revert "curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX"
481539e90 test1554: improve the error handling
593dcc553 test1554: add global initialization and cleanup
dc831260b curl_version_info.3: call the argument 'age'
58d7cd28a brotli: data at the end of content can be lost
a0f3eaf25 examples/cacertinmem: ignore cert-already-exists error
859ac3602 tool_getparam: Support size modifiers for --max-filesize
b399b0490 build: Fixed incorrect script termination from commit ad1dc10e61
a9b774a77 Makefile.vc: Added our standard copyright header
22fddb85a winbuild: Added support for VC15
ad1dc10e6 build: Added Visual Studio 2017 project files
d409640d6 build-wolfssl.bat: Added support for VC15
a4e88317d build-openssl.bat: Added support for VC15
c97648b55 curl/system.h: fix compilation with gcc on AIX PPC and IA64 HP-UX
b43755789 examples/rtsp: fix error handling macros
f009bbe1f curl_easy_reset: release mime-related data.
4acc9d3d1 content_encoding: rework zlib_inflate
e639d4ca4 brotli: allow compiling with version 0.6.0.
9c6a6be88 CURLOPT_READFUNCTION.3: refer to argument with correct name
02f207a76 rand: add a clang-analyzer work-around
13ce373a5 krb5: fix a potential access of uninitialized memory
41982b6ac conncache: fix a return code [regression]
5d0ba70e1 curl: support >256 bytes warning messsages
188a43a8f libssh: fix a syntax error in configure.ac
7ef0c2d86 examples/smtp-mail.c: use separate defines for options and mail
621b24505 THANKS: added missing names
cc0cca1ba mailmap: added/clarified several names
9d7a59c8f setopt: less *or equal* than INT_MAX/1000 should be fine
2437dbbf1 vtls: replaced getenv() with curl_getenv()
ef5633d4b RELEASE-NOTES: synced with 3b9ea70ee
3b9ea70ee TODO: Expose tried IP addresses that failed
48c184a60 curl.1: mention http:// and https:// as valid proxy prefixes
76db03dd9 curl.1: documented two missing valid exit codes
63e58b8b4 CURLOPT_DNS_LOCAL_IP4.3: fixed the seel also to not self-reference
671f0b506 Revert "curl: don't set CURLOPT_INTERLEAVEDATA"
4b6f3cff7 tests: mark data files as non-executable in git
98c572ed3 tests: update .gitignore for libtests
e959f16c5 multi_done: prune DNS cache
06a0a26fb mailmap: fixup two old git Author "aliases"
7ab4e7adb openssl: Disable file buffering for Win32 SSLKEYLOGFILE
b1b94305d RESOLVE: output verbose text when trying to set a duplicate name
bbea75ad6 CURLOPT_DNS_CACHE_TIMEOUT.3: see also CURLOPT_RESOLVE
a4a56ec93 sftp: allow quoted commands to use relative paths
9fb5a943f CURLOPT_PRIVATE.3: fix grammar
179ee78e8 curl: remove __EMX__ #ifdefs
9dfb19483 openssl: improve data-pending check for https proxy
9ffad8eb1 curl: don't set CURLOPT_INTERLEAVEDATA
912324024 curl.h: remove incorrect comment about ERRORBUFFER
ebaab4d17 configure: add AX_CODE_COVERAGE only if using gcc
b5881d1fb curl: limit -# update frequency for unknown total size
546e7db78 BINDINGS: another PostgreSQL client
55e609890 CONNECT: keep close connection flag in http_connect_state struct
c103cac3c include: get netinet/in.h before linux/tcp.h
00cda0f9b openldap: fix checksrc nits
ff07f07cc openldap: add commented out debug possibilities
bb0ca2d44 examples: move threaded-shared-conn.c to the "complicated" ones
4fb85b87b RELEASE-NOTES: synced with b261c44e8
b261c44e8 URL: tolerate backslash after drive letter for FILE:
24dcd7466 tests: added netinet/in6.h includes in test servers
76ebd5417 configure: check for netinet/in6.h
0c65678e7 curl-config: add --ssl-backends
ea3a5d07d conncache: only allow multiplexing within same multi handle
415b8dff8 threaded-shared-conn.c: fixed typo in commenta
5254d8bf2 threaded-shared-conn.c: new example
07cb27c98 conncache: fix several lock issues
85f0133ea libssh: remove dead code in sftp_qoute
615edc1f7 sasl_getmesssage: make sure we have a long enough string to pass
440140946 libssh2: remove dead code from SSH_SFTP_QUOTE
6401ddad4 ssh-libssh.c: please checksrc
918530752 libssh: fixed dereference in statvfs access
8dad32bcf RESOURCES: update spec names
a08f5a77c libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS
8843c0939 libssh: no need to call sftp_get_error as ssh_get_error is sufficient
3cef6f22e libssh: fix minor static code analyzer nits
10bb0b471 openssl: pkcs12 is supported by boringssl
8eff32f0b travis: use pip2 instead of pip
b7f534597 lib582: do not verify host for SFTP
a2f396680 libssh: added SFTP support
c75c9d4fb symbols-in-versions: added new symbols with 7.56.3 version
05675ab5a .travis.yml: added build --with-libssh
38aef6dc4 libssh2: return CURLE_UPLOAD_FAILED on failure to upload
75427291e libssh2: send the correct CURLE error code on scp file not found
c92d2e14c Added support for libssh SSH SCP back-end
3973ee6a6 RELEASE-NOTES: synced with af8cc7a69
af8cc7a69 curlver: towards 7.57.1
4b4142491 lib: don't export all symbols, just everything curl_*
9194a9959 SSL: Avoid magic allocation of SSL backend specific data
744ee5838 examples/xmlstream.c: don't switch off CURL_GLOBAL_SSL
270494e1a travis: add boringssl build

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-28 21:03:46 +01:00
John Crispin
74beb6f710 Revert "netdevices.mk: add hwmon to IGB and IXGBE drivers"
This reverts commit af707a178f.

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-28 08:53:50 +01:00
John Crispin
d4f539030b Revert "netdevices.mk: add missing dependency to kmod-hwmon-core"
This reverts commit 53f62bc5e5.

commit made the builders fail with
"Package kmod-igb is missing dependencies for the following libraries: hwmon.ko"

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-28 08:51:11 +01:00
Yousong Zhou
60ad837bea procd: fix procd_lock() when prepare_roofs
This fixes the following errors when doing "make package/install"

    /home/yousong/git-repo/lede-project/lede/build_dir/target-mips_24kc_musl/root-malta/lib/functions/procd.sh: line 47: /home/yousong/git-repo/l
    ede-project/lede/build_dir/target-mips_24kc_musl/root-malta/var/lock/procd_urandom_seed.lock: No such file or directory
    flock: 1000: Bad file descriptor

Fixes FS#1260

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-28 09:51:06 +08:00
Hauke Mehrtens
53f62bc5e5 netdevices.mk: add missing dependency to kmod-hwmon-core
The IGB and IXGBE drivers depend on kmod-hwmon core now.

Fixes: af707a178f ("netdevices.mk: add hwmon to IGB and IXGBE drivers")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-28 00:26:50 +01:00
Julien Dusser
241e6dd3e9 build: cleanup SSP_SUPPORT configure option
Configure variable SSP_SUPPORT is ambiguous for packages (tor, openssh,
avahi, freeswitch). It means 'toolchain supporting SSP', but for toolchain
and depends it means 'build gcc with libssp'.

Musl no longer uses libssp (1877bc9d8f), it has internal support, so
SSP_SUPPORT was disabled leading some package to not use SSP.

No information why Glibc and uClibc use libssp, but they may also provide
their own SSP support. uClibc used it own with commit 933b588e25 but it was
reverted in f3cacb9e84 without details.

Create an new configure GCC_LIBSSP and automatically enable SSP_SUPPORT
if either USE_MUSL or GCC_LIBSSP.

Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 19:02:48 +01:00
Julien Dusser
df0bd42fde build: add hardened builds with PIE (ASLR) support
Introduce a configuration option to build a "hardened" OpenWrt with
ASLR PIE support.

Add new option PKG_ASLR_PIE to enable Address Space Layout Randomization (ASLR)
by building Position Independent Executables (PIE). This new option protects
against "return-to-text" attacks.

Busybox need a special care, link is done with ld, not gcc, leading to
unknown flags. Set BUSYBOX_DEFAULT_PIE instead and disable PKG_ASLR_PIE.

If other failing packages were found, PKG_ASLR_PIE:=0 should be added to
their Makefiles.

Original Work by: Yongkui Han <yonhan@cisco.com>
Signed-off-by: Julien Dusser <julien.dusser@free.fr>
2018-01-27 16:46:45 +01:00
Stephan Brunner
285791934b hostapd: add support for hostapd's radius_client_addr
Add support for hostapd's radius_client_addr in order to
force hostapd to send RADIUS packets from the correct source
interface rather than letting linux select the most appropriate.

Signed-off-by: Stephan Brunner <s.brunner@stephan-brunner.net>
2018-01-27 16:46:45 +01:00
Maxim Gorbachyov
006a8a063c perf: use libunwind
Without libunwind perf does not show userspace stack frames.
Tested on mvebu.

Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
2018-01-27 16:46:45 +01:00
Maxim Gorbachyov
8590a5c06d libunwind: enable build for arm
Tested with perf on mvebu.

Signed-off-by: Maxim Gorbachyov <maxim.gorbachyov@gmail.com>
2018-01-27 16:46:45 +01:00
Philip Prindeville
af707a178f netdevices.mk: add hwmon to IGB and IXGBE drivers
Off-chip NICs can run hotter than the CPU, so they're definitely
worth instrumenting.

Adding hardware monitoring increases by ~3744 and ~2672 bytes,
respectively, the sizes of the igb.ko and ixgbe.ko drivers.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-01-27 16:46:45 +01:00
Tim Harvey
a5199379c0 kernel/modules/other: disable Nokia BT UART
disable the Nokia BT UART present on Nikia N9, N900 & N950 added in 4.12.

Signed-off-by: Tim Harvey <tharvey@gateworks.com>
2018-01-27 16:46:44 +01:00
Evgeniy Didin
e47fe3284f toolchain/arc: update to the most recent release arc-2017.09
This commit finally bumps ARC tools to the most recent arc-2017.09 release version.

ARC GNU tools of version arc-2017.09 bring some quite significant changes like:
 * Binutils v2.29 with additional ARC patches
 * GCC 7.1.1 with additional ARC patches

More information on this release could be found here:
  https://github.com/foss-for-synopsys-dwc-arc-processors/toolchain/releases/tag/arc-2017.09-release

Signed-off-by: Evgeniy Didin <Evgeniy.Didin@synopsys.com>
CC: Alexey Brodkin <abrodkin@synopsys.com>
CC: John Crispin <john@phrozen.org>
2018-01-27 16:46:44 +01:00
Matthias Schiffer
d58c8f4029
mac80211: revert "wireless: set correct mandatory rate flags"
Revert upstream commit 1bd773c077de "wireless: set correct mandatory rate
flags", as it breaks 11s interoperability: nodes can only associate when
neither or both have this patch. As this is a regression from released
versions, revert to the old code for now.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-26 23:30:23 +01:00
Yousong Zhou
2c50af0cea openssl: tell the build system that we are doing CROSS_COMPILE
So that it will not try to run c_rehash with the just built binaries on
certs/demo.

Fixes openwrt/packages#5432

Reported-by: Val Kulkov <val.kulkov@gmail.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-26 18:19:00 +08:00
Yousong Zhou
e6de92cdcc iptables: make kmod-ipt-debug part of default ALL build
The iptables TRACE target is only available in raw table that's why the
dependency was moved from iptables-mod-trace into kmod-ipt-debug

Fixes FS#1219

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-01-26 15:29:02 +08:00
Kevin Darbyshire-Bryant
03a00eeab3 wireguard: bump to 20180118
Bump to latest wireguard release snapshot:

9a93a3d version: bump snapshot
7bc0579 contrib: keygen-html: update curve25519 implementation
ffc13a3 tools: import new curve25519 implementations
0ae7356 curve25519: wire up new impls and remove donna
f90e36b curve25519: resolve symbol clash between fe types
505bc05 curve25519: import 64-bit hacl-star implementation
8c02050 curve25519: import 32-bit fiat-crypto implementation
96157fd curve25519: modularize implementation
4830fc7 poly1305: remove indirect calls
bfd1a5e tools: plug memleak in config error path
09bf49b external-tests: add python implementation
b4d5801 wg-quick: ifnames have max len of 15
6fcd86c socket: check for null socket before fishing out sport
ddb8270 global: year bump
399d766 receive: treat packet checking as irrelevant for timers

No patch refresh required.

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-25 22:40:06 +01:00
Felix Fietkau
6271539fc5 Revert "mt76: update to the latest version"
This reverts commit 99eb128aca.
Connectivity issues reported by users, needs rework

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-25 21:19:13 +01:00
Felix Fietkau
99eb128aca mt76: update to the latest version
2b7fae4 mt76: fix returnvar.cocci warnings
939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params()
cf59170 mt76x2: dfs: add set_domain handler
5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params()
f76e25f mt76x2: fix WMM parameter configuration
34d612d mt76: retry rx polling as long as there is budget left
0f8327a mt76x2: fix TSF value in probe responses
ad3f8e9 mt76: add an intermediate struct for rx status information
58a41f1 mt76: get station pointer by wcid and pass it to mac80211
b0508d3 mt76: implement A-MPDU rx reordering in the driver code
cf3cfc4 mt76: split mt76_rx_complete
461cdf9 mt76: pass the per-vif wcid to the core for multicast rx
9b2c778 mt76: validate rx CCMP PN
302af90 mt76x2: init: disable all pending tasklets during device removal
9f685fe mt7603: init: disable tbtt tasklet during device removal
c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames
3968dae mt7603: fix 40 mhz channel bandwidth reporting
9c2e03d mt7603: fix rx LDPC reporting

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-25 16:50:10 +01:00
Felix Fietkau
166741240a mac80211: mesh: drop frames appearing to be from us
Upstream backport to fix issues arising from devices with duplicate MAC
addresses

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-25 10:54:14 +01:00
Matthias Schiffer
95ab18e012
vxlan: add options to enable and disable UDP checksums
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-24 13:53:34 +01:00
Matthias Schiffer
4d001af7c5
netifd: update to latest git HEAD
af3cadb system-linux: VXLAN: add options to enable and disable UDP checksums

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-24 13:50:50 +01:00
Hans Dedecker
a9ffe9fd75 procd: update to latest git HEAD
653629f trace: check asprintf() return value
67eb7e6 trace: add missing limits.h include

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-23 11:46:45 +01:00
Jo-Philipp Wich
eaf79d06b7 Revert "kernel: add IEEE-1284 parallel port support"
This reverts commit 666e9cf222.

The change has not been build-tested on non-x86 targets and leads to
stalled kernel builds due to unset configuration symbols there.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-22 13:41:20 +01:00
John Crispin
24b0424ecb procd: update to latest git HEAD
846e20c procd: add timing to start/stop logging

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-22 12:53:34 +01:00
Koen Vandeputte
5bdbc10b1b uqmi: silence error on pin verification
If a device only supports the 2nd verification method (uim),
the first method will fail as expected reporting an error:

"Command not supported"

Silence both separate methods and only report an error regarding
pin verification if both fail.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-22 08:46:46 +01:00
Daniel Gimpelevich
666e9cf222 kernel: add IEEE-1284 parallel port support
The kmod-lp package included both lp.ko and ppdev.ko, but ECP device
drivers may or may not require lp NOT to be loaded, needing only ppdev.
Additionally, There were no packages for any parport interface modules,
such as uss720 or parport_pc, provided here. It has not been otherwise
possible to use PC-style parport hardware for kmod-lp.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2018-01-22 07:17:11 +01:00
Hauke Mehrtens
4336efe14b kernel: use upstream patches for musl
This replaces the current patches used to make the kernel headers
compatible with musl with the version which was accepted upstream. This
is included in upstream kernel 4.15.
This was compile tested with iproute2 build on all supported kernel
versions with musl and one one with glibc.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 22:11:33 +01:00
Hauke Mehrtens
e3c43ade0b ubus: fix PKG_MIRROR_HASH
Fixes: dd975d15a7 ("ubus: fix wrong PKG_SOURCE_DATE")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 20:22:01 +01:00
Philip Prindeville
a30791242b nftables: update to 0.8.1
Note this requires libnftnl-1.0.8 or higher, so that update needs
to be merged first.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-01-20 20:22:01 +01:00
Philip Prindeville
3d8040e04f libnftnl: update to 1.0.9
Also, drop unsupported configure options.

Don't use git retrieve but released tarball instead.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant
adaf1cbcc8 dnsmasq: backport validation fix in dnssec security fix
A DNSSEC validation error was introduced in the fix for CVE-2017-15107

Backport the upstream fix to the fix (a simple typo)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-20 14:22:39 +01:00
Kevin Darbyshire-Bryant
a3198061f8 dnsmasq: backport dnssec security fix
CVE-2017-15107

An interesting problem has turned up in DNSSEC validation. It turns out
that NSEC records expanded from wildcards are allowed, so a domain can
include an NSEC record for *.example.org and an actual query reply could
expand that to anything in example.org  and still have it signed by the
signature for the wildcard. So, for example

!.example.org NSEC zz.example.org

is fine.

The problem is that most implementers (your author included, but also
the Google public DNS people, powerdns and Unbound) then took that
record to prove the nothing exists between !.example.org and
zz.example.org, whereas in fact it only provides that proof between
*.example.org and zz.example.org.

This gives an attacker a way to prove that anything between
!.example.org and *.example.org doesn't exists, when it may well do so.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-19 22:11:16 +01:00
Christian Lamparter
51dd8f3875 ipq-wifi: align AVM FRITZ!Box 4040's board-2.bin package
This patch renames the AVM FRITZ!Box 4040's board-2.bin
file and package to match the 'vendor_product' format.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
8d755ef052 firmware: ath10k-firmware: update QCA988x firmware to 10.2.4-1.0-00033
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA988x.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
f6a8505de0 firmware: ath10k-firmware: update QCA9887 firmware to 10.2.4-1.0-00033
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA9887.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
2d3a73afc4 firmware: ath10k-firmware: update QCA9888 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9888.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
da5312d06e firmware: ath10k-firmware: update QCA9984 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9984.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00