Commit graph

14685 commits

Author SHA1 Message Date
Daniel Golle
987900f2de hostapd: properly build hostapd-only SSL variants
Make sure hostapd-openssl is actually build against OpenSSL, same
for wolfSSL.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-05 15:33:35 +02:00
Daniel Golle
187da94808 kernel: modules: package module for Exar 8250 UARTs
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-05 15:27:36 +02:00
Felix Fietkau
7d8681ccb9 hostapd: expose device taxonomy signature via ubus
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-05 09:28:04 +02:00
Felix Fietkau
23c1827e34 hostapd: add support for client taxonomy in the full config
This can be used to fingerprint clients to try to identify the exact
model

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-05 09:28:00 +02:00
Felix Fietkau
09ef028e58 mt76: update to the latest version
20c0766 mt7603: adjust rx hang watchdog for MT7628
664e321 mt7603: add extra PSE hang check signature for MT7628
f24b56f update MT7628 firmware to the latest version
d87e4b0 mt7603: clear PSE reset bit if PSE reset fails
0ef26ef mt76: only stop tx queues on offchannel, not during the entire scan
f399da3 mt76: prevent tx scheduling during channel change
21c1e1e mt76: move ieee80211_hw allocation to common core
730c292 mt76: wait for pending tx to complete before switching channel
fcbb49e mt76x2: use udelay instead of usleep_range in mt76x2_mac_stop
792dbe0 mt7603: do not hold dev->mutex while flushing dev->mac_work

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-06-05 08:52:33 +02:00
Hans Dedecker
e4577d2e68 map: make tunnel encapsulation limit support configurable (FS#1501)
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501.
Setting the uci parameter encaplimit to ignore; allows to disable the insertion
of the destination option header in the map-e packets.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit uci parameter accordingly.
If no encaplimit value is specified the default value is 4 as before.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-04 17:07:29 +02:00
Hans Dedecker
082cd951bb netifd: update to latest git HEAD (FS#1501)
a580028 system-linux: make encaplimit configurable for ip6 tunnels (FS#1501)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-04 17:07:15 +02:00
Hans Dedecker
327c711da4 odhcp6c: make ds-lite/map tunnel encapsulation limit support configurable (FS#1501)
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501 for dynamic created ds-lite/map
interfaces.
Setting the uci parameter encaplimit_dslite/map to ignore; allows to disable the insertion
of the destination option header for the dynamic created ds-lite/map interface.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit_dslite/map uci parameter accordingly.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-04 17:05:28 +02:00
Hans Dedecker
a3372953e9 ds-lite: make tunnel encapsulation limit support configurable (FS#1501)
Be compatible with ISPs which don't support the destination option header containing
the tunnel encapsulation limit as reported in FS#1501.
Setting the uci parameter encaplimit to ignore; allows to disable the insertion
of the destination option header in the ds-lite packets.
Otherwise the tunnel encapsulation limit value can be set to a value from 0 till 255
by setting the encaplimit uci parameter accordingly.
If no encaplimit value is specified the default value is 4 as before.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-06-04 17:04:45 +02:00
Daniel Golle
dcc34574ef oxnas: bring in new oxnas target
Reboot the oxnas target based on Linux 4.14 by rebasing our support on
top of the now-existing upstream kernel support.
This commit brings oxnas support to the level of v4.17 having upstream
drivers for Ethernet, Serial and NAND flash.
Botch up OpenWrt's local drivers for EHCI, SATA and PCIe based on the
new platform code and device-tree.
Re-introduce base-files from old oxnas target which works for now but
needs further clean-up towards generic board support.

Functional issues:
 * PCIe won't come up (hence no USB3 on Shuttle KD20)
 * I2C bus of Akitio myCloud device is likely not to work (missing
   debounce support in new pinctrl driver)

Code-style issues:
 * plla/pllb needs further cleanup -- currently their users or writing
   into the syscon regmap after acquireling the clk instead of using
   defined clk_*_*() functions to setup multipliers and dividors.
 * PCIe phy needs its own little driver.
 * SATA driver is a monster and should be split into an mfd having
   a raidctrl regmap, sata controller, sata ports and sata phy.

Tested on MitraStar STG-212 aka. Medion Akoya MD86xxx and Shuttle KD20.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-01 15:45:06 +02:00
Daniel Golle
d44b7b7d31 uboot-oxnas: fix build with newer GCC
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-06-01 15:45:06 +02:00
Ivan Shapovalov
91b5b2e20d netifd: drop conflicting 'device' interface property
Do not set device runtime property on interfaces in the hotplug handler
and in fixup_interfaces(). This property conflicts with device option
in several proto handlers (mainly QMI and other WWAN/3G protos) and does
not seem to be used anywhere.

Signed-off-by: Ivan Shapovalov <intelfx@intelfx.name>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-06-01 15:02:41 +02:00
Kevin Darbyshire-Bryant
1ee5051f20 nettle: bump to 3.4
3.4 is mainly a bug fix/maintenance release.

3KB increase in ipk lib size on mips.

Compile tested for: ar71xx, ramips
Run tested on: ar71xx Archer C7 v2, ramips mir3g

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-06-01 08:39:59 +02:00
Mirko Parthey
46d7ced9d1 mtd: mark as nonshared to fix FS#484
The mtd tool is built with different configurations depending on the
target. For example, brcm47xx adds the fixtrx subcommand, without which
an image fails when booting the second time.

Mark the mtd package as nonshared to really fix FS#484.

Signed-off-by: Mirko Parthey <mirko.parthey@web.de>
2018-06-01 08:29:11 +02:00
Koen Vandeputte
e5ff84d1f0 ath10k-ct: Update driver to latest
127f98189ee5 ath10k:  Fix bad return w/out unlock, compile w/out debugfs
b8f48f3c138f Fix survey-dump for 4.7, 4.9 and 4.13 kernels.
fa8259ad5d6d ath10k-ct:  Support survey dump in 10.1 firmware.
2853e1337ecf ath10k-ct:  Add 4.16 ath10k-ct driver to package.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
CC: Ben Greear <greearb@candelatech.com>
2018-06-01 08:22:26 +02:00
Jason A. Donenfeld
060e1ecefa wireguard: bump to 0.0.20180531 to fix flow offloading
This version bump was made upstream mostly for OpenWRT, and should fix
an issue with a null dst when on the flow offloading path.

While we're at it, Kevin and I are the only people actually taking care
of this package, so trim the maintainer list a bit.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-31 07:40:15 +02:00
Daniel Golle
78f1974bc5 hostapd: update packaging and patches
Clean up conflicts/provides/depends hell and add PROVIDES for
eapol-test variants while at it.
Update mesh-DFS patchset from Peter Oh to v5 (with local fixes) which
allows to drop two revert-patches for upstream commits which previously
were necessary to un-break mesh-DFS support.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-31 00:38:16 +02:00
Daniel Golle
dad39249fb wolfssl: change defaults to cover wpa_supplicant needs
Implicetely selecting the required options via Kconfig snippet from
hostapd worked fine in local builds when using menuconfig but confused
the buildbots which (in phase1) may build wpad-mini and hence already
come with CONFIG_WPA_WOLFSSL being defined as unset which then won't
trigger changing the defaults of wolfssl.

Work around by explicitely reflecting wpa_supplicant's needs in
wolfssl's default settings to make buildbots happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-31 00:38:16 +02:00
Rosen Penev
7a20c7a05d curl: Add ca-bundle dependency
While building, curl complains that the path specified is missing.
Also, without ca-bundle, something like 'curl https://www.google.com'
does not work due to a certificate verify error.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-30 06:38:19 +02:00
Rosen Penev
f97946c496 curl: Use ca-bundle for all TLS libraries.
It simplifies the Makefile a bit. In addition, using ca-bundle
saves some space as well.

It also fixes an issue with at least transmission, which has a dependency
on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it not
to work.

This has been tested on mt7621 with OpenSSL and GnuTLS just by running
'curl https://www.google.com' and seeing if there's a verify error.
The rest are already using ca-bundle and therefore work fine.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-30 06:38:06 +02:00
Rosen Penev
e191c7ee79 ath10k-firmware: Fix two more typos
Actually tested with a local build instead of with scp'ing the firmware.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-30 06:33:19 +02:00
Daniel Golle
f4a639a3d7 mac80211: rt2x00: no longer use TXOP_BACKOFF for probe frames
Import a revert-commit from Stanislaw Gruszka which significantly
improves WiFi performance on rt2x00 based hardware.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-28 15:49:41 +02:00
Rosen Penev
d0fbe1956b ath10k-firmware: Fix typo in last commit
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-27 19:44:43 +02:00
John Crispin
9c409cb4e2 kernel: add missing softdog symbol
Signed-off-by: John Crispin <john@phrozen.org>
2018-05-27 09:26:13 +02:00
Rosen Penev
27eab4fa57 ath10k-firmware: Fix QCA6174 support
Currently when installing the firmware, a bunch of files and directories
that the ath10k driver does not look for are created.

The package now installs firmware for both hw 2.1 and 3.0 devices.
2.1 is abandonware but may be useful to keep.

3.0 firmware was tested on a Killer 1535 to be relatively stable with
802.11w disabled. 802.11w causes multiple firmware crashes but that's true
of other ath10k firmwares as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-27 08:16:45 +02:00
Daniel Golle
5857088c5e wolfssl: add PKG_CONFIG_DEPENDS symbols
This change will trigger rebuild on buildbots in case of changed config
symbols, like in the case of hostapd selecting some wolfssl symbols
lately.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-25 20:36:46 +02:00
Daniel Golle
c8fdd0e9c8 hostapd: convert ssl provider build options to variants
Instead of selecting the SSL provider at compile time, build package
variants for each option so users can select the binary package without
having to build it themselves.
Most likely not all variants have actually ever been user by anyone.
We should reduce the selection to the reasonable and most used
combinations at some point in future. For now, build them all.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-25 16:01:59 +02:00
Hans Dedecker
a3f2451fba firewall: update to latest git HEAD
30463d0 zones: add interface/subnet bound LOG rules
0e77bf2 options: treat time strings as UTC times

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-25 14:33:59 +02:00
Hans Dedecker
5df2597c59 fstools: update to latest git HEAD
dd02dad fstools: allow the mounting with full access time accounting
242248c fstools: allow to compress the filesystem

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-25 09:52:50 +02:00
Jo-Philipp Wich
7e664b7c2d base-files: fix ucidef_set_interface() protocol selection
The previous refactoring of ucidef_set_interface() removed the protocol
selection heuristic which breaks the networking defaults for the majority
of boards.

Re-add the protocol selection and rename two bad "proto" references to
the expected "protocol" value.

Fixes: 85048a9c1f ("base-files: rework _ucidef_set_interface to be more generic")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-25 07:48:25 +02:00
Daniel Golle
69f544937f hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl
Support for building wpa_supplicant/hostapd against wolfssl has been
added upstream recently, add build option to allow users using it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-24 22:21:10 +02:00
Daniel Golle
4f67c1522d wolfssl: update to version 3.14.4
Use download from github archive corresponding to v3.14.4 tag because
the project's website apparently only offers 3.14.0-stable release
downloads.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-24 21:46:35 +02:00
Daniel Golle
4f442f5f38 ustream-ssl: fix build against wolfSSL
commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke
build against wolfSSL because wolfSSL doesn't (yet) support
SSL_CTX_set_ecdh_auto() of the OpenSSL API.

Fix this in ustream-ssl:

 189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-24 18:55:34 +02:00
Pierre Lebleu
e6b8ce4c08 fstools: Add the new options available in the menuconfig
Mounting using the zlib compression and mounting with
full access accounting are now available in the
menuconfig.

Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
2018-05-24 16:05:07 +02:00
John Crispin
83fb9ec5e0 ath79: make ahb wifi work
Signed-off-by: John Crispin <john@phrozen.org>
2018-05-24 15:43:39 +02:00
Hans Dedecker
bcf20e0583 Revert "dnsmasq: use "hostsdir" instead of "addn-hosts""
This reverts commit a03035dad1
as it has several issues:
-Host file is located in a directory which is not unique per dnsmasq instance
-odhcpd writes host info into the same directory but still sends a SIGHUP to dnsmasq

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-24 10:20:45 +02:00
Roman Yeryomin
85048a9c1f base-files: rework _ucidef_set_interface to be more generic
This is a rework of previously submitted patch reworking
ucidef_set_interface_raw [1]. Here, keep the idea but instead
make _ucidef_set_interface more generic and use it instead of
ucidef_set_interface_raw.
Also change the users like ucidef_set_interface_lan and others.

[1] https://patchwork.ozlabs.org/patch/844961/

Signed-off-by: Roman Yeryomin <roman@advem.lv>
2018-05-24 09:39:47 +02:00
Christian Schoenebeck
a03035dad1 dnsmasq: use "hostsdir" instead of "addn-hosts"
1.) "addn-hosts" per default point to a file (but it supports directory)
2.) "hostsdir" only support directory with the additional benefit: New or changed files are read automatically.

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2018-05-23 22:13:26 +02:00
Jo-Philipp Wich
1289e00fff uboot-zynq: fix build on hosts lacking pkg-config
The uboot-mvebu package incorrectly used the host pkg-config for the tool
build parts, which broke the build on systems lacking pkg-config and only
worked by accident on those that have it installed.

Export the host-build specific environment variables for the uboot build
to redirect pkg-config invocations to our staged host build pkg-config in
buildroot.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-23 09:32:25 +02:00
Jo-Philipp Wich
208b984dda uboot-mxs: fix build on hosts lacking pkg-config
The uboot-mvebu package incorrectly used the host pkg-config for the tool
build parts, which broke the build on systems lacking pkg-config and only
worked by accident on those that have it installed.

Export the host-build specific environment variables for the uboot build
to redirect pkg-config invocations to our staged host build pkg-config in
buildroot.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-23 09:15:52 +02:00
Jo-Philipp Wich
01c2ce3c7d uboot-mvebu: fix build on hosts lacking pkg-config
The uboot-mvebu package incorrectly used the host pkg-config for the tool
build parts, which broke the build on systems lacking pkg-config and only
worked by accident on those that have it installed.

Export the host-build specific environment variables for the uboot build
to redirect pkg-config invocations to our staged host build pkg-config in
buildroot.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-23 09:05:55 +02:00
John Crispin
346d4c75ea ustream-ssl: update to latest git HEAD
5322f9d mbedtls: Fix setting allowed cipher suites
e8a1469 mbedtls: Add support for a session cache

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-22 20:47:21 +02:00
Hauke Mehrtens
2ea8f9c244 mbedtls: Deactivate platform abstraction
This makes mbedtls use the POSIX API directly and not use the own
abstraction layer.
The size of the ipkg decreased by about 100 bytes.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-05-22 20:47:21 +02:00
Hauke Mehrtens
f2c8f6dc32 mbedtls: Activate the session cache
This make sit possible to store informations about a session and reuse
it later. When used by a server it increases the time to create a new
TLS session from about 1 second to less than 0.1 seconds.

The size of the ipkg file increased by about 800 Bytes.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-05-22 20:47:20 +02:00
Hauke Mehrtens
cb11b23d60 mbedtls: update to version 2.9.0
The soversion was changed in this version again and is now aligned with
the 2.7.2 version.
The size of the ipkg file stayed mostly the same.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-05-22 20:47:20 +02:00
Rodolfo Giometti
2437e0f670 package sysfsutils: add support for sysfs settings at boot
This patch is based on sysfsutils package's behaviour on Debian OS.

Signed-off-by: Rodolfo Giometti <giometti@linux.it>
2018-05-22 20:47:20 +02:00
Tomasz Maciej Nowak
9c0ddafd46 kernel: merge kmod-fbcon with kmod-fb
As of commit in kernel:
6104c37094 fbcon: Make fbcon a built-time depency for fbdev
framebuffer console is build in into framebuffer module and there's no
standalone fbcon module. Therefore drop the kmod-fbcon and enable
console in kmod-fb. The only targets which use these modules are imx6
and geode, both are on kernel 4.14 so no fallback for other kernels is
introduced.
Being at that this commit also fixes autoload of fbdev for x86.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
2018-05-21 18:07:48 +02:00
Rosy Song
39e87e0ffc nftables: bump to 0.8.5 version
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-05-21 18:07:47 +02:00
Rosy Song
c7e9d72f05 libnftnl: bump to 1.1.0
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-05-21 18:07:47 +02:00
Harvey Phillips
eee59fa306 kernel: Add configfs support for USB HID gadget
Added a rule to usb.mk to build usb_f_hid.ko for configfs support
Tested on a Raspberry Pi Zero W

Signed-off-by: Harvey Phillips <xcellerator@gmx.com>
2018-05-21 18:07:47 +02:00
Hauke Mehrtens
56a03e4343 ath10k-firmware: Fix mirror hash sum
This now matches what was generated locally on my PC and the file on the
mirror server.

Fixes: 349fe46103 ("ath10k-firmware: Update QCA988X firmware to the latest version")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-05-21 13:53:59 +02:00
Jo-Philipp Wich
6d108c4a1a openwrt-keyring: bundle latest usign certificates
Includes the public usign certificates used by the 18.06.* release builds.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-20 19:39:12 +02:00
Jo-Philipp Wich
01329877bc base-files: depend on openwrt-keyring
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-20 19:39:12 +02:00
Jo-Philipp Wich
fd72e67ffe openwrt-keyring: rename from lede-keyring
Also let the new openwrt-keyring package provide lede-keyring for backwards
compatibility.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-20 19:39:12 +02:00
Jason A. Donenfeld
aa30eb5b07 wireguard: bump to 20180519
* chacha20poly1305: add mips32 implementation

"The OpenWRT Commit" - this significantly speeds up performance on cheap
plastic MIPS routers, and presumably the remaining MIPS32r2 super computers
out there.

* timers: reinitialize state on init
* timers: round up instead of down in slack_time
* timers: remove slack_time
* timers: clear send_keepalive timer on sending handshake response
* timers: no need to clear keepalive in persistent keepalive

Andrew He and I have helped simplify the timers and remove some old warts,
making the whole system a bit easier to analyze.

* tools: fix errno propagation and messages

Error messages are now more coherent.

* device: remove allowedips before individual peers

This avoids an O(n^2) traversal in favor of an O(n) one. Before systems with
many peers would grind when deleting the interface.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-05-19 09:02:33 +02:00
Felix Fietkau
5399de754d mt76: update to the latest version
73edb22 mt76: discard early received packets if not running yet
0b8d1dd mt76: fix beacon timer drift

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-05-18 18:14:32 +02:00
John Crispin
22c16c5d82 kernel: whitespace fixes
Signed-off-by: John Crispin <john@phrozen.org>
2018-05-18 11:19:00 +02:00
Gospod Nassa
3cc56a5534 hostapd: fix IEEE 802.11r (fast roaming) defaults
Use ft_psk_generate_local=1 by default, as it makes everything else fairly
trivial. All of the r0kh/r1kh and key management stuff goes away and hostapd
fairly much does it all	for us.

We do need to provide nas_identifier, which can	be derived from	the BSSID,
and we need to generate	a mobility_domain, for which we	default	to the first
four chars of the md5sum of the	SSID.

The complex manual setup should also still work, but the defaults also
now work easily out of the box. Verified by manually running hostapd
(with the autogenerated config) and watching the debug output:

wlan2: STA ac:37:43:a0:a6:ae WPA: FT authentication already completed - do not start 4-way handshake

 This was previous submitted to LEDE in
 https://github.com/lede-project/source/pull/1382

[dwmw2: Rewrote commit message]
Signed-off-by: Gospod Nassa <devianca@gmail.com>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2018-05-18 11:19:00 +02:00
John Crispin
20b76c0a5b iwinfo: bump to latest git HEAD
e59f925 hardware: add device ids for QCA9984, 88W8887 and 88W8964 radios
2a82f87 nl80211: back out early when receiving FAIL-BUSY reply
77c32f0 nl80211: fix code calculating average signal and rate

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-18 11:19:00 +02:00
Kevin Darbyshire-Bryant
f06def4221 wireguard: no longer need portability patch
Drop package/network/services/wireguard/patches/100-portability.patch

Instead pass 'PLATFORM=linux' to make since we are always building FOR
linux.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-18 11:19:00 +02:00
Robert Marko
6390f27c2e ath3k: Add firmware support for QCA Rome
Add needed firmware for newer QCA Rome Bluetooth family.
This enables use of bluetooth with ath3k driver on QCA9377/9378 devices.

Signed-off-by: Robert Marko <robimarko@gmail.com>
2018-05-18 08:58:08 +02:00
Timo Sigurdsson
349fe46103 ath10k-firmware: Update QCA988X firmware to the latest version
This patch updates the QCA988X firmware to the latest revision
  firmware-5.bin_10.2.4-1.0-00037
found in the ath10k-firmware and linux-firmware repositories.

Tested on TP-Link Archer C7 v2 (ar71xx).

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
2018-05-18 08:49:15 +02:00
Kevin Darbyshire-Bryant
4ff23afdcc wireguard: bump to 20180514
52be69b version: bump snapshot
4884b45 ncat-client-server: add wg-quick variant
a333551 wg-quick: add darwin implementation
f5bf84d compat: backport for OpenSUSE 15
fe1ae1b wg-quick: add wg symlink
ecc1c5f wg-quick: add android implementation
3e6bb79 tools: reorganize for multiplatform wg-quick
b289d12 allowedips: Fix graphviz output after endianness patch

Refresh cross compile compatibility patch

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-17 09:47:20 +02:00
Mathias Kresin
0678cc850c ltq-xdsl-app: start after led script
During handshake we are highjack and reset a LED to the configured trigger
afterwards. ltq-xdsl-app need to start after the LED init script, to
ensure that the LED init script doesn't re-highjack the LED we are
currently using for handshake indication.

Drop the comment about the atm dependency. The dependency was fixed quite
some time ago by using hotplug scripts for br2684ctl.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-05-17 07:40:19 +02:00
Hans Dedecker
0ed9281fda curl: bump to 7.60.0
Refresh patches; remove 320-mbedtls_dont_use_deprecated_sha256_function
patch as upstream fixed

For changes in version 2.60 see https://curl.haxx.se/changes.html#7_60_0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-16 14:36:22 +02:00
Kevin Darbyshire-Bryant
afbb3d20f2 kmod-sched-cake: bump to latest 20180515
Following changes as part of the kernel
upstreaming attempts.  And fix a slight fsck up
when calculating overheads for GSO packets.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-16 08:40:55 +02:00
Hans Dedecker
ac70ac3532 ebtables: update to latest git 2018-05-15
66a9701 ebtables: Fix build errors and warnings
9fff3d5 include: Fix musl libc compatibility
b1cdae8 extensions: Add string filter to ebtables

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-15 14:31:11 +02:00
Felix Fietkau
14ff1278ee mt76: update to the latest version
b2ecc52 mt76x2: fix avg_rssi estimation
fd58b28 mt76x2: add a polling delay in mt76x2_mac_stop routine
a78673d mt76: fix sending encrypted broadcast packets for secondary interfaces
e87f925 mt76x2: apply coverage class on slot time too

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-05-15 13:19:45 +02:00
Toke Høiland-Jørgensen
50913b77e4 wireguard: Add support for ip6prefix config option
This makes it easier to distribute prefixes over a wireguard tunnel
interface, by simply setting the ip6prefix option in uci (just like with
other protocols).

Obviously, routing etc needs to be setup properly for things to work; this
just adds the config option so the prefix can be assigned to other
interfaces.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2018-05-15 06:41:38 +02:00
David Woodhouse
4424a9ff20 linux-firmware: Add firmware for usb-serial-ti-usb
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
2018-05-15 06:39:46 +02:00
Daniel Golle
96f4792fdb mac80211: refactor non-{sae,dfs} mesh initialization
Refactor mesh initialization into a separate function, do some cleaning
on the way to make the code more readable.
Changes:
 * Move iw mesh setup to new mac80211_setup_mesh()
 * fallback on 'ssid' parameter in case 'mesh_id' isn't set
 * move setting of freq variable to shared code as it is needed for
   both, the wpa_supplicant and the iw based setup.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-15 02:05:56 +02:00
Sven Eckelmann
ba5ec6b77c hostapd: fix VHT80 for encrypted mesh channel settings
The max_oper_chwidth settings was parsed incorrectly for big endian system.
This prevented the system to switch to VHT80 (or VHT160). Instead they were
mapped to:

* HT20:   20MHz
* VHT20:  20MHz
* HT40:   40MHz
* VHT40:  40MHz
* VHT80:  40MHz
* VHT160: 40MHz

This happened because each max_oper_chwidth setting in the config file was
parsed as "0" instead of the actual value.

Fixes: a4322eba2b ("hostapd: fix encrypted mesh channel settings")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-05-14 19:07:37 +02:00
Sven Eckelmann
547042398a mac80211: Re-enable encrypted 11s meshpoint
The commit 574e4377fa ("mac80211: properly setup mesh interface") uses
the variable $wpa to decide whether encrypted meshpoint is requested by the
user or not. But the variable $wpa will only be set correctly after the
function wireless_vif_parse_encryption is called.

Fixes: 574e4377fa ("mac80211: properly setup mesh interface")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-05-14 18:37:44 +02:00
Michael Gray
bfbdeeb3de mvebu: add support for WRT32X (venom)
Linksys WRT32X (Venom) is identical in hardware to the WRT3200ACM
with a different flash layout and boots zImage rather than uImage.

Specification:
- Marvell Armada 385 88F6820 (2x 1.8GHz)
- 256MB of Flash
- 512MB of RAM
- 2.4GHz (bgn) and 5GHz (an+ac wave 2)
- 4x 1Gbps LAN + 1x 1Gbps WAN
- 1x USB 3.0 and 1x USB 2.0/eSATA (combo port)

Flash instruction:
Apply factory image via web-gui.

Signed-off-by: Michael Gray <michael.gray@lantisproject.com>
2018-05-14 17:20:10 +02:00
John Crispin
e1a9485b0e firewall3: update to latest git HEAD
b45e162 helpers: fix the set_helper in the rule structure
f742ba7 helpers.conf: support also tcp in the CT sip helper
08b2c61 helpers: make the proto field as a list rather than one option

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-14 16:24:10 +02:00
Daniel Golle
574e4377fa mac80211: properly setup mesh interface
Setup wpa_supplicant for encrypted mesh or when using DFS channels and
adjust interface setup to pass fixed frequency for mesh mode.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-14 09:48:58 +02:00
Daniel Golle
6e0fa4a76d hostapd: fix mesh+AP
Fix encrypted (or DFS) AP+MESH interface combination in a way similar
to how it's done for AP+STA and fix netifd shell script.
Refresh patches while at it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-14 09:48:58 +02:00
Jo-Philipp Wich
6aaeec666d rpcd: update to lastest HEAD
8206219 uci: fix memory leak in rpc_uci_replace_savedir()
10f7878 exec: close stdout and stderr streams on child signal
92d0d75 uci: use correct sort index when reordering sections

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-14 07:16:47 +02:00
Kevin Darbyshire-Bryant
89c5e32c3e wireguard: bump to 0.0.20180513
6b4a340 version: bump snapshot
faa2103 compat: don't clear header bits on RHEL
4014532 compat: handle RHEL 7.5's recent backports
66589bc queueing: preserve pfmemalloc header bit
37f114a chacha20poly1305: make gcc 8.1 happy
926caae socket: use skb_put_data
724d979 wg-quick: preliminary support for go implementation
c454c26 allowedips: simplify arithmetic
71d44be allowedips: produce better assembly with unsigned arithmetic
5e3532e allowedips: use native endian on lookup
856f105 allowedips: add selftest for allowedips_walk_by_peer
41df6d2 embeddable-wg-library: zero attribute padding
9a1bea6 keygen-html: add zip file example
f182b1a qemu: retry on 404 in wget for kernel.org race

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-14 10:41:21 +08:00
Jo-Philipp Wich
56bd23cf52 kernel: let kmod-rtl8366-smi conditionally depend on kmod-of-mdio
We cannot depend on CONFIG_OF in the module definition context as this symbol
is not defined for OpenWrt menuconfig. Depend on the targets that appear to
need the kmod-of-mdio module instead.

The target dependency list may not be complete, it is based on the build
failures encountered by the build bots.

Fixes: dc629d9cf5 ("kernel: fix kmod-switch-rtl8366-smi dependency")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-13 18:24:38 +02:00
Kevin Darbyshire-Bryant
066c85321e dnsmasq: bump to 2.80test2
Refresh patches and backport upstream to current HEAD:

1f1873a Log warning on very large cachesize config, instead of truncating it.
0a496f0 Do unsolicited RAs for interfaces which appear after dnsmasq startup.
e27825b Fix logging in previous.
1f60a18 Retry SERVFAIL DNSSEC queries to a different server, if possible.
a0088e8 Handle query retry on REFUSED or SERVFAIL for DNSSEC-generated queries.
34e26e1 Retry query to other servers on receipt of SERVFAIL rcode.
6b17335 Add packet-dump debugging facility.
07ed585 Add logging for DNS error returns from upstream and local configuration.
0669ee7 Fix DHCP broken-ness when --no-ping AND --dhcp-sequential-ip are set.
f84e674 Be persistent with broken-upstream-DNSSEC warnings.

Compile & run tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-12 22:05:07 +02:00
hux
ecd954d530 dnsmasq: add specific interface procd triggers
Right now interface.update events are sent out by netifd upon interface state,
route, address (lifetime), prefix lifetime changes.
Dnsmasq is only interested in interface state changes and currently adds an
interface trigger for all the "interface.*" events.
In combination with commit 23bba9cb33, which triggers a SIGHUP signal to dnsmasq,
IPv6 address/prefix lifetime changes on the wan will trigger dnsmasq reloads which
can become frequent in case of shorter lifetimes.

To avoid frequent dnsmasq reload, this patch adds specific interface triggers.
During dnsmasq init it loops dhcp uci section; if the value of the ignore option
is set to 0, then the corresponding interface trigger is not installed.
Otherwise, if the ignore option value is 1, then procd_add_interface_trigger is
called which adds the interface trigger.

Signed-off-by: hux <xinxing.huchn@gmail.com>
2018-05-11 13:49:03 +02:00
John Crispin
dc629d9cf5 kernel: fix kmod-switch-rtl8366-smi dependency
Signed-off-by: John Crispin <john@phrozen.org>
2018-05-10 10:22:19 +02:00
John Crispin
a564cfcd83 kernel: fix chipidea2 dependencies
Signed-off-by: John Crispin <john@phrozen.org>
2018-05-09 19:55:10 +02:00
Hans Dedecker
419238fdb3 nghttp2: bump to 1.32.0
572735e4 Update manual pages
e8d693c3 Bump up version number to 1.32.0, LT revision to 30:2:16
f44dfcd9 Update AUTHORS
1f1b0d93 Update manual pages
ce8c749b Merge pull request #1173 from nghttp2/asio-client-sni
3e4f257b asio: Support client side SNI
86fab997 Upgrade neverbleed to the latest master
c3ecd445 Merge pull request #1171 from nghttp2/h2load-rate-and-duration
c65ca20a h2load: -r and --duration are mutually exclusive
a5c408c5 Ignore all input after calling session_terminate_session
06379b28 Fix treatment of padding
e04de48e Merge pull request #1162 from nghttp2/libressl
00964642 Use LIBRESSL_IN_USE instead of defined(LIBRESSL_VERSION_NUMBER)
8d0b4544 libressl 2.7 has X509_VERIFY_PARAM_*
d8a34131 libressl 2.7 has SSL_CTX_get0_certificate
5db17d0a Compile with libressl 2.7.2
1bf69b56 Define LIBRESSL_LEGACY_API and LIBRESSL_2_7_API
3febaef1 Bump up LT revision to 30:1:16 due to v1.31.1 release
b1bd6035 Fix frame handling
b48bcb21 examples: Use C style comment in .c files
6f3ce2c7 examples: Remove unused lambda capture
2f9121cf Merge branch 'Sp1l-Sp1l/allow-no-npn'
e65e7711 Add comment on #endif
636ef51b Fix compile error with -Wunused-function
400934e5 [PATCH] Allow building without NPN
4c3a3acf Merge pull request #1146 from vszakats/cmakestaticlib
9aa6002c Merge pull request #1144 from hellojaewon/master
f342260b cmake: add ENABLE_STATIC_LIB option to build static lib
a6dd4970 Fix typo
842509da Don't allow 101 HTTP status code because HTTP/2 removes HTTP Upgrade
4add618a Bump up version number to 1.32.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-09 11:26:45 +02:00
Kevin Darbyshire-Bryant
e7f24f35b3 kmod-sched-cake: bump to latest cake 2018-05-07
No functional change.  Code tidy ups.

735eaf2 Make sure we don't reallocate q->tins (we didn't anyway but his
really makes sure)
6c5ad6e Get rid of __GFP_NOWARN flag for memory allocation
2a37333 Don't need the wrapper for kvfree, and no need to check before calling it
2b1c631 Whitespace fix
7fe6e28 compat tidyup (for older kernel versions <4.4)
93b805c pedant tidy up superfluous semicolons on switch statements

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-08 14:16:35 +02:00
Kevin Darbyshire-Bryant
247055cbfb igmpproxy: bump to 0.2.1
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Point at github which is new, maintained location for igmpproxy.
Remove all patches as all have been upstreamed.

Closes FS#1456

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-07 11:01:39 +02:00
Jaap Buurman
0b04926433 igmpproxy: fix creation of firewall rules
The init sccript for igmpproxy uses the option 'network' both as an interface name for fetching the l3_device name and for creating the firewall rules. This only works if the name of the network and firewall zone are identical.

This commit introduces a new option 'zone' for configuring the upstream and downstream firewall zones in order for the init script to create the required firewall rules automatically. When no such options are given, the init script falls back to not creating the firewall rules and the user can opt to create these manually.

Signed-off-by: Jaap Buurman <jaapbuurman@gmail.com>
2018-05-07 11:01:04 +02:00
Nick Hainke
0a7657c300 hostapd: add channel utilization as config option
Add the channel utilization as hostapd configuration option.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2018-05-07 10:44:09 +02:00
Sandeep Sheriker Mallikarjun
441c26da6a kernel: fix build error for external kernel.
fixed build error when external kernel is selected from menuconfig.
The patches present in target/linux/generic does not gets applied
to external kernel and build fails while compiling mac82011 &
regmap-core kernel modules. as a fix added check in Makefile for
CONFIG_EXTERNAL_KERNEL_TREE present or not.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-07 10:31:35 +02:00
Yousong Zhou
f87dff8f72 flock: enable alternatives support
Fixes FS#1510

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-05-07 15:50:18 +08:00
Yousong Zhou
46a2c0d9c5 busybox: order alternatives in alphabetical order
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-05-07 15:50:18 +08:00
Kevin Darbyshire-Bryant
c451434b96 cake: bump to 20180504 bake
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Cake is bearing fruits of kernel upstreaming efforts.

diffserv-llt dropped. DSCP mapping paper died and no one using it.

ack-filter re-written & simplified

tc userspace & cake kmod netlink interface usage changed in non
backwards compatible way, thus this once requires tc & cake to be
in-step.  Change due to upstream requirements.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-07 08:09:18 +02:00
Kevin Darbyshire-Bryant
080fb7a3fb iproute2: import latest cake
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Bearing fruits of the latest upstreaming efforts on cake.

Changes: diffserv-llt dropped.  The paper describing this DSCP
allocation has gone stale and doesn't appear used.

The userspace to kernel netlink messages for cake have been reworked in
a backwards incompatible way, so tc & cake must be bumped together this
once.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-07 08:09:12 +02:00
Kevin Darbyshire-Bryant
ad5af37ca7 iproute2: backport json_print-fix-hidden-64-bit-type-promotion
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
print_uint() will silently promote its variable type to uint64_t, but there
is nothing that ensures that the format string specifier passed along with
it fits (and the function name suggest to pass "%u").

Fix this by changing print_uint() to use a native 'unsigned int' type, and
introduce a separate print_u64() function for printing 64-bit values. All
call sites that were actually printing 64-bit values using print_uint() are
converted to use print_u64() instead.

Since print_int() was already using native int types, just add a
print_s64() to match, but don't convert any call sites.

Fixes wonkyness in some stats from some qdiscs under tc

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-05-07 08:09:05 +02:00
John Crispin
53c474abbd ath79: add new OF only target for QCA MIPS silicon
This target aims to replace ar71xx mid-term. The big part that is still
missing is making the MMIO/AHB wifi work using OF. NAND and mikrotik
subtargets will follow.

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-07 08:06:51 +02:00
Jianhui Zhao
1e90ba8958 krnel: The dm9000 module does not need to depend on pci
Signed-off-by: Jianhui Zhao <jianhuizhao329@gmail.com>
2018-05-05 09:37:36 +02:00
Christian Schoenebeck
80cb5c5703 ca-certificates: Update to Version 20180409
ca-certificates: Update to Version 20180409

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2018-05-05 09:32:04 +02:00
Chuanhong Guo
b05b16f09b kernel: Remove AutoLoad for legacy usb gadget modules
These modules usually require some special arguments to customize the
emulated device and they should be loaded manually by users.

Signed-off-by: Chuanhong Guo <gch981213@gmail.com>
2018-05-05 08:47:51 +02:00
Sandeep Sheriker Mallikarjun
27ca6cdc7b at91: Add SAMA5D2 PTC EK board
Add target device as at91-sama5d2_ptc_ek in SAMA5D2 subtarget and
build images for SAMA5D2 PTC Ek board.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-05 06:55:22 +02:00
Sandeep Sheriker Mallikarjun
60750ab505 at91: reorganize at91 subtargets
reorganizing at91 subtargets based on sama5 soc features and this fix
below problems.
  1. able to set neon flags to sama5d2 & sama5d4 subtargets.
  2. fix the make clean which removes all the subtargets in bin folder.
  3. able to configure kernel specific to subtarget.
  4. able to set vfpu4 flags to samad3 subtargets.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-05 06:55:22 +02:00
Sandeep Sheriker Mallikarjun
f34b495a2e uboot-at91: fix DTC command not found.
fixed DTC command not found error while compling uboot-at91. The fix
is to set DTC PATH in uboot-at91 MAKE command.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-05 06:55:22 +02:00
Sandeep Sheriker Mallikarjun
22c398d257 at91: Add SAMA5D27 SOM1 EK board
Add support for SAMA5D27 SOM1 with target device as at91-sama5d27_som1_ek
in SAMA5 subtarget and build images for SAMA5D27 SOM1 Ek board.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-05 06:55:21 +02:00
Sandeep Sheriker Mallikarjun
790b20b6f4 uboot-at91: fetch uboot src from u-boot-at91 github
fetching uboot src from linux4sam/u-boot-at91 github for all at91
target.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-05 06:55:01 +02:00
Sandeep Sheriker Mallikarjun
87f87e45c0 at91bootstrap:update to v3.8.10
updating to new version v3.8.10 and copying at91bootstrap.bin to bin folder.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-05-05 06:55:01 +02:00
Felix Fietkau
3a456683e5 hostapd: fix a mesh mode crash with CONFIG_TAXONOMY enabled
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-05-03 12:38:33 +02:00
Rosy Song
fd569e5e9d samba36: add hotplug support
Add hotplug handle script for storage devices,
  this will add corresponding option in the
  /etc/config/samba file automatically.

Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-05-02 09:18:27 +02:00
Rosen Penev
2c4294f786 libusb: Add SourceForge mirror.
SourceForge is still getting updated so might as well have it here.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-02 09:18:26 +02:00
Hans Dedecker
2f1e329d7a iproute2: update to 4.16
Update to latest version of iproute2, refresh patches.
See https://lkml.org/lkml/2018/4/2/349 for a full overview of the
changes in 4.16.
Build and tested on AR7xxx against musl

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-05-02 09:18:26 +02:00
Rosen Penev
3aa28f4833 uboot-envtools: Change download to git.
Currently, the build system uses an openwrt mirror which does not currently
work and FTP can be unreliable under several circumstances. This change
implicitly allows using all the mirrors to download.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-02 09:18:26 +02:00
Daniel Golle
c67a9bed20 wolfssl: fix options and add support for wpa_supplicant features
Some options' default values have been changed upstream, others were
accidentally inverted (CONFIG_WOLFSSL_HAS_DES3). Also add options
needed to build hostapd/wpa_supplicant against wolfssl.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-05-02 09:18:26 +02:00
Rosen Penev
20e5fefb0c sysctl: Protect hard/symlinks by default.
There is no usecase for not protecting symlinks that I know of in OpenWrt.
Not even on desktop systems where you have multiple users with a shell.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-05-01 11:19:03 +02:00
John Crispin
52ba5760b7 ustream-ssl: update to latest git HEAD
527e700 ustream-ssl: Remove RC4 from ciphersuite in server mode.
39a6ce2 ustream-ssl: Enable ECDHE with OpenSSL.
45ac930 remove polarssl support

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-01 11:12:15 +02:00
John Crispin
90e65763a4 iptables: fix per object LDFLAGS for aggragate object builds
Without this patch the extra LDFLAGS of objects were selected based on the
name of the extension being built, which breaks for aggregate so builds.

Signed-off-by: John Crispin <john@phrozen.org>
2018-05-01 11:12:15 +02:00
Hauke Mehrtens
3088c2a63d libnl: Disable debug support
This dereses the size of the libnl pakcage a little bit
old:
   857 bin/packages/mips_24kc/base/libnl_3.4.0-1_mips_24kc.ipk
 41195 bin/packages/mips_24kc/base/libnl-core_3.4.0-1_mips_24kc.ipk
  7818 bin/packages/mips_24kc/base/libnl-genl_3.4.0-1_mips_24kc.ipk
 24322 bin/packages/mips_24kc/base/libnl-nf_3.4.0-1_mips_24kc.ipk
136075 bin/packages/mips_24kc/base/libnl-route_3.4.0-1_mips_24kc.ipk

new:
   852 bin/packages/mips_24kc/base/libnl_3.4.0-1_mips_24kc.ipk
 35020 bin/packages/mips_24kc/base/libnl-core_3.4.0-1_mips_24kc.ipk
  7615 bin/packages/mips_24kc/base/libnl-genl_3.4.0-1_mips_24kc.ipk
 24114 bin/packages/mips_24kc/base/libnl-nf_3.4.0-1_mips_24kc.ipk
131134 bin/packages/mips_24kc/base/libnl-route_3.4.0-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-30 09:01:28 +02:00
Rosen Penev
c0574d08da libusb: Update to 1.0.22
Switched download from SourceForge to GitHub. It seems the author migrated to that.

Also fixed the website URL as the SourceForge link is dead.

Compile tested on ar71xx and mvebu. Small size decrease on ar71xx: 30444 vs. 30099 bytes.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-04-30 09:01:12 +02:00
Hans Dedecker
7ff31bed98 odhcp6c: update to latest git HEAD
5316d7f ra: always trigger update in case of RA parameter change
327f73d dhcpv6: fix strncpy bounds

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-29 23:12:31 +02:00
Hauke Mehrtens
9bfca30826 uboot-mvebu: Fix build with libressl 2.7.2
When libressl was linked the libpthread was missing, add it in addition.

Fixes: 2c192b6916 ("tools/libressl: update to version 2.7.2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-29 10:13:14 +02:00
Hauke Mehrtens
c21a4c7246 uboot-mxs: Fix build with libressl 2.7.2
When libressl was linked the libpthread was missing, add it in addition.
Also make the mxsimage tool to use the OpenSSL 1.1 API for the recent
libressl version.

Fixes: 2c192b6916 ("tools/libressl: update to version 2.7.2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-29 00:57:36 +02:00
Hauke Mehrtens
5ca159ab3b uboot-zynq: Fix build with libressl 2.7.2
When libressl was linked the libpthread was missing, add it in addition.

Fixes: 2c192b6916 ("tools/libressl: update to version 2.7.2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-29 00:57:35 +02:00
Hauke Mehrtens
3e93df0707 mtd-utils: activate --gc-sections
This reduces the size of the binary a bit:

old:
 37556 bin/targets/lantiq/xrx200/packages/nand-utils_2.0.1-1_mips_24kc.ipk
 81697 bin/targets/lantiq/xrx200/packages/ubi-utils_2.0.1-1_mips_24kc.ipk

new:
 27450 bin/targets/lantiq/xrx200/packages/nand-utils_2.0.1-1_mips_24kc.ipk
 71796 bin/targets/lantiq/xrx200/packages/ubi-utils_2.0.1-1_mips_24kc.ipk

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:29:22 +02:00
Syrone Wong
f37f63f38c mtd-utils: update to 2.0.2
010-fix-rpmatch.patch is upstream, removed from our patchset
The file structure is changed, modify patch accordingly
use CONFIGURE_ARGS to disable tests, xattr and lzo

Compile and run tested on mvebu and x86_64

Signed-off-by: Syrone Wong <wong.syrone@gmail.com>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:29:17 +02:00
Hauke Mehrtens
8dcd941d8b tools/zlib: move zlib build to tools
This allows us to link the other tools against our libz and we do not
need the system zlib any more.

Only the static linked library is copied to the staging directory so we
have a statically linked library on all systems and not only on Linux.
This also adds the new dependencies of the packages which are depending
on zlib.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-28 15:28:59 +02:00
Hans Dedecker
afdca53ace netifd: update to latest git HEAD (Coverity fixes)
56ceced interface-ip: remove superfluous iface check in interface_ip_set_enabled()
4f4a8c0 system-linux: fix strncpy bounds

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-27 21:39:57 +02:00
Kevin Darbyshire-Bryant
78f4305933 iftop: bump to latest
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Choose first running interface, rather than first "up" interface (Redhat #1403025)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-04-27 09:59:28 +02:00
Damir Samardzic
bdb0de1bbc uboot-envtools: add support for ESPRESSObin and MACCHIATObin
Added for convenience. These boards can be used as dev boards running
various operating systems from different media, and this simplifies work
with U-Boot environment.

Signed-off-by: Damir Samardzic <damir.samardzic@sartura.hr>
2018-04-25 20:37:28 +02:00
Sven Eckelmann
0b20490207 ipq40xx: add support for OpenMesh A62
* QCA IPQ4019
* 256 MB of RAM
* 32 MB of SPI NOR flash (s25fl256s1)
  - 2x 15 MB available; but one of the 15 MB regions is the recovery image
* 2T2R 2.4 GHz
  - QCA4019 hw1.0 (SoC)
  - requires special BDF in QCA4019/hw1.0/board-2.bin with
    bus=ahb,bmi-chip-id=0,bmi-board-id=20,variant=OM-A62
* 2T2R 5 GHz (channel 36-64)
  - QCA9888 hw2.0 (PCI)
  - requires special BDF in QCA9888/hw2.0/board-2.bin
    bus=pci,bmi-chip-id=0,bmi-board-id=16,variant=OM-A62
* 2T2R 5 GHz (channel 100-165)
  - QCA4019 hw1.0 (SoC)
  - requires special BDF in QCA4019/hw1.0/board-2.bin with
    bus=ahb,bmi-chip-id=0,bmi-board-id=21,variant=OM-A62
* multi-color LED (controlled via red/green/blue GPIOs)
* 1x button (reset; kmod-input-gpio-keys compatible)
* external watchdog
  - triggered GPIO
* 1x USB (xHCI)
* TTL pins are on board (arrow points to VCC, then follows: GND, TX, RX)
* 2x gigabit ethernet
  - phy@mdio3:
    + Label: Ethernet 1
    + gmac0 (ethaddr) in original firmware
    + 802.3at POE+
  - phy@mdio4:
    + Label: Ethernet 2
    + gmac1 (eth1addr) in original firmware
    + 18-24V passive POE (mode B)
* powered only via POE

The tool ap51-flash (https://github.com/ap51-flash/ap51-flash) should be
used to transfer the factory image to the u-boot when the device boots up.

The initramfs image can be started using

  setenv bootargs 'loglevel=8 earlycon=msm_serial_dm,0x78af000 console=ttyMSM0,115200 mtdparts=spi0.0:256k(0:SBL1),128k(0:MIBIB),384k(0:QSEE),64k(0:CDT),64k(0:DDRPARAMS),64k(0:APPSBLENV),512k(0:APPSBL),64k(0:ART),64k(0:custom),64k(0:KEYS),15552k(inactive),15552k(inactive2)'
  tftpboot 0x84000000 openwrt-ipq40xx-openmesh_a62-initramfs-fit-uImage.itb
  set fdt_high 0x85000000
  bootm 0x84000000

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-04-23 22:07:22 +02:00
Sven Eckelmann
e6bd568051 ipq-wifi: drop custom board-2.bins
The BDFs for all boards were upstreamed to the ath10k-firmware
repository and are now part of ath10k-firmware 2018-04-19.

We switched to the upstream board-2.bin, hence the files can be removed
here.

Keep the ipq-wifi package in case new boards are added. It might take
some time till board-2.bins send upstream are merged.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-04-23 22:07:22 +02:00
Sven Eckelmann
23894524a5 firmware: ath10k-firmware: update to 2018-04-19
* introduces the BDFs in /lib/firmware/ath10k/QCA4019/hw1.0/board-2.bin
  for:
  - 8devices Jalapeno
  - Asus RT-AC58U
  - AVM FRITZ!Box 4040
  - GL.iNet GL-B1300
  - Meraki MR33
  - Netgear EX6100v2
  - Netgear EX6150v2
  - OpenMesh A62
* introduces the BDFs in /lib/firmware/ath10k/QCA9888/hw2.0/board-2.bin
  - OpenMesh A62
* adds new firmware for QCA6174 hw3.0
  - firmware-6.bin_RM.4.4.1.c1-00038-QCARMSWP-1
  - firmware-6.bin_RM.4.4.1.c1-00041-QCARMSWP-1
* various undocumented BDF updates to:
  - QCA4019 hw1.0:
    + bus=ahb,bmi-chip-id=0,bmi-board-id=16
    + bus=ahb,bmi-chip-id=0,bmi-board-id=17
    + bus=ahb,bmi-chip-id=0,bmi-board-id=19
    + bus=ahb,bmi-chip-id=0,bmi-board-id=20
    + bus=ahb,bmi-chip-id=0,bmi-board-id=21
    + bus=ahb,bmi-chip-id=0,bmi-board-id=29
    + bus=ahb,bmi-chip-id=0,bmi-board-id=30
  - QCA9888 hw2.0:
    + bus=pci,bmi-chip-id=0,bmi-board-id=16
    + bus=pci,bmi-chip-id=0,bmi-board-id=17
    + bus=pci,bmi-chip-id=0,bmi-board-id=18
    + bus=pci,bmi-chip-id=0,bmi-board-id=23
    + bus=pci,bmi-chip-id=0,bmi-board-id=24
    + bus=pci,bmi-chip-id=0,bmi-board-id=25
  - QCA9984 hw1.0:
    + bus=pci,bmi-chip-id=0,bmi-board-id=1
    + bus=pci,bmi-chip-id=0,bmi-board-id=3
    + bus=pci,bmi-chip-id=0,bmi-board-id=5
    + bus=pci,bmi-chip-id=0,bmi-board-id=6
    + bus=pci,bmi-chip-id=0,bmi-board-id=7
    + bus=pci,bmi-chip-id=0,bmi-board-id=8

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-04-23 22:07:22 +02:00
Hans Dedecker
99815690a2 odhcpd: update to latest git HEAD
4136529 dhcpv6-ia: keep tentative assignments alive for a short time
200cc8f dhcpv6-ia: make assignment lookup more strict

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-23 21:47:23 +02:00
Thomas Hebb
751746c736 mac80211: update patch to read ath10k variant from DT
This patch was revised upstream before being merged, and OpenWrt's copy
was never updated to reflect the revision.

Signed-off-by: Thomas Hebb <tommyhebb@gmail.com>
[refreshed patches]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-04-20 21:08:52 +02:00
Kevin Darbyshire-Bryant
5950ab067b wireguard: bump to 20180420
7cc2668 version: bump snapshot
860c7c7 poly1305: do not place constants in different sections
5f1e4ca compat: remove unused dev_recursion_level backport
7e4b991 blake2s: remove unused helper
13225fc send: simplify skb_padding with nice macro
a1525bf send: account for route-based MTU
bbb2fde wg-quick: account for specified fwmark in auto routing mode
c452105 qemu: bump default version
dbe5223 version: bump snapshot
1d3ef31 chacha20poly1305: put magic constant behind macro
cdc164c chacha20poly1305: add self tests from wycheproof
1060e54 curve25519: add self tests from wycheproof
0e1e127 wg-quick.8: fix typo
2b06b8e curve25519: precomp const correctness
8102664 curve25519: memzero in batches
1f54c43 curve25519: use cmov instead of xor for cswap
fa5326f curve25519: use precomp implementation instead of sandy2x
9b19328 compat: support OpenSUSE 15
3102d28 compat: silence warning on frankenkernels
8f64c61 compat: stable kernels are now receiving b87b619
62127f9 wg-quick: hide errors on save

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-04-20 18:59:46 +02:00
Daniel Golle
a4322eba2b hostapd: fix encrypted mesh channel settings
Import two patches from Peter Oh to allow setting channel
bandwidth in the way it already works for managed interfaces.
This fixes mesh interfaces on 802.11ac devices always coming up in
VHT80 mode.

Add a patch to allow HT40 also on 2.4GHz if noscan option is set, which
also skips secondary channel scan just like noscan works in AP mode.

This time also make sure to add all files to the patch before
committing it...

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-20 16:00:01 +02:00
Jo-Philipp Wich
99d9c98748 rpcd: update to latest HEAD
6994c87 uci: fix session delta isolation
f0f6f81 session: remove redundant key attribute to rpc_session_set()
3d400c7 session: support reclaiming pending apply session
eb09f3a session: ignore non-string username attribute upon restore
edd37f8 uci: add rpc_uci_replace_savedir() helper
2423162 uci: switch to proper save directory on apply/rollback
66a9bad uci: fix memory leak in rpc_uci_apply_timeout()

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-20 14:05:48 +02:00
Felix Fietkau
1a89547957 Revert "hostapd: fix encrypted mesh channel settings"
This reverts commit 7f52919a2f, which is
currently breaking the builds and needs to be reworked

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-20 10:36:42 +02:00
Felix Fietkau
d92ec071b2 mtd: fix erase handling with partition offset on write
When a partition offset is given, it is used in an lseek call, which
affects write, but not erase. Add it to the offset for erase calls as
well

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-20 10:03:38 +02:00
Felix Fietkau
bc43f75def uboot-envtools: remove makefile duplication for supported targets
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-04-20 10:03:38 +02:00
Daniel Golle
7f52919a2f hostapd: fix encrypted mesh channel settings
Import two patches from Peter Oh to allow setting channel
bandwidth in the way it already works for managed interfaces.
This fixes mesh interfaces on 802.11ac devices always coming up in
VHT80 mode.

Add a patch to allow HT40 also on 2.4GHz if noscan option is set, which
also skips secondary channel scan just like noscan works in AP mode.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-20 07:52:19 +02:00
Daniel Golle
465d4bc538 mac80211: pass down noscan to wpa_supplicant
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-20 07:52:19 +02:00
Daniel Golle
2ec96787c3 netifd: update to latest git HEAD
b3dca7b wireless: include noscan option in common wdev vars

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-04-20 07:52:19 +02:00
Hans Dedecker
fdf2e1fe1e odhcpd: update to latest git HEAD (FS#1457)
dcfc06a router: fix managed address configuration setting

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-04-19 15:51:13 +02:00
Leon M. George
3a6c3c9c1c mac80211: join 5GHz checks
Before this commit, devices supporting both 2.4GHz and 5GHz would be
configured for 2.4GHz by default - unless they have VHT capabilities.

With this commit, channel 36 is only set when the frequency is supported.
VHT isn't checked unless that is the case.

Signed-off-by: Leon M. George <leon@georgemail.eu>
2018-04-19 14:40:26 +02:00
Florian Eckert
4a243f7a09 network/uqmi: pipe the output off qmi_wds_stop to /dev/null
Pipe uqmi output from qmi_wds_stop function into /dev/null.
This will supress the following output in proto teardown.

netifd: wwan (x): "No effect"
netifd: wwan (x): Command failed: Permission denied

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-04-19 14:39:38 +02:00
Paul Wassi
3c79bb5606 package/utils/lua: cleanup source mirrors
Remove inactive mirrors from the sources list.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-04-18 23:59:32 +02:00
Luis Araneda
68150d3125 uboot-envtools: update to 2018.03
Several changes has been made:

+ AES support has been removed by
  upstream commit c6831c7 (2017-11-14)
  [remove patch "200-fw_env_no_aes.patch"]

+ Support for UBI volumes has beed added by
  upstream commit 34255b9 (2017-11-15)
  [remove patch "300-support-env-in-ubivol-chardev.patch"]

+ A command line argument has beed added ("-c") to manually indicate
  the location of the environment configuration file

Also, patch "400-u-boot-2015.10-stdint.patch" is no longer
necessary, and the config option to enable UBI support has
been removed.

Size comparisons:

fw_printenv size:
Target    Before         After
ar71xx    15,189 bytes   18,133 bytes (+2,944 bytes)
ipq40xx   20,873 bytes   20,987 bytes (+114 bytes)
mvebu     20,881 bytes   20,991 bytes (+110 bytes)
ramips    15,128 bytes   18,072 bytes (+2,944 bytes)

OPKG package size:
Target    Before         After
ar71xx    11,309 bytes   12,875 bytes (+1,566 bytes)
ipq40xx   11,772 bytes   13,299 bytes (+1,527 bytes)
mvebu     11,609 bytes   13,114 bytes (+1,505 bytes)
ramips    10,975 bytes   12,503 bytes (+1,528 bytes)

Compile tested: ipq40xx (musl, glibc, gcc5-musl), ar71xx, mvebu, ramips
Run tested: ipq40xx (ASUS RT-AC58U)

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-04-18 23:59:32 +02:00
Hauke Mehrtens
7b758f7f4f ustream-ssl: px5g: Rebuild package
mbedtls changed in version 2.7.0 the soversion of the libmbedcrypto.so
library, all applications using this shared library have to be
recompiled to be able to load the new library.

Some binaries got rebuild to for the 2.7.0 release and are now using
libmbedcrypto.so.1, the older ones are still using libmbedcrypto.so.0.

Fixes: 75c5ab4ca ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-18 23:57:25 +02:00
Kabuli Chana
a6f24c9a78 mwlwifi: update to version 10.3.4.0-2018-03-30
Upgrade 88W8964 firmware to 9.3.2.6

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2018-04-18 23:57:25 +02:00
Stefan Lippers-Hollmann
8267a0b234 mac80211: ipw2200-fw: fix download mirror(s)
bughost.org hasn't existed for 6-8 years, add a couple of current
mirrors to avoid the fallback to http://mirror2.openwrt.org/sources/.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2018-04-18 23:57:20 +02:00
Stefan Lippers-Hollmann
18fe577530 mac80211: ipw2100-fw: fix download mirror(s)
bughost.org hasn't existed for 6-8 years, add a couple of current
mirrors to avoid the fallback to http://mirror2.openwrt.org/sources/.

Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2018-04-18 23:57:13 +02:00
Hauke Mehrtens
97a3e69f61 ath10k-ct: make it depend on PCI support again
The missing dependency causes build problems on systems without PCI
support.
The ath10k_pci kernel module depends on PCI support so this dependency
should be added. ath10k now also supported the ahb interface on the
IPQ4019 SoC, but this SoC also has PCI support so this extra dependency
is not as problem.

Fixes: d0f3dd5b9f ("ath10k-ct: update to latest version, enable AHB.")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-04-18 23:57:12 +02:00