Commit graph

14307 commits

Author SHA1 Message Date
Rafał Miłecki
2995d9dfee base-files: fix off-by-one in counting seconds for factory reset
There was a mismatch between indicating factory reset and code actually
starting it. After 5 seconds status LED started blinking rapidly letting
user know it's ready to release reset button. In practice button had to
stay pressed for another second in order to relly start the process.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-03-01 08:04:51 +01:00
Felix Fietkau
13224f8b73 iw: update to version 4.14
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-28 12:46:02 +01:00
Felix Fietkau
c4c64f5305 mac80211: add an optimization for fast-rx support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-28 12:46:02 +01:00
Felix Fietkau
916e33fa1e netifd: update to the latest version, rewrite RPS/XPS handling
Remove RPS/XPS support from netifd core, move the logic to a hotplug
script that uses a different policy which provides better performance
and more fairness across flows

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-28 12:46:02 +01:00
Yousong Zhou
83d8df1ea2 kernel: kmod-geneve: kmod for Geneve tunneling
This will be required for Open vSwitch geneve tunneling support

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-02-28 12:56:51 +08:00
Hans Dedecker
3bd2e195ec netifd: support DHCP sendopts as list options
Support config in the form of ....
	add_list sendopts=router:10.10.10.2
	add_list sendopts=nissrv:20.20.20.2
	add_list sendopts=0x7D:abba

This allows to configure sendopts having white spaces as option value

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-27 13:36:46 +01:00
Hauke Mehrtens
fc54256bc8 iptables: fix compile with kernel 3.18
This fixes a compile bug found by build bot with kernel 3.18

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-26 17:52:15 +01:00
Alif M. Ahmad
f5b4f5f8e3 kernel: package efivarfs module
With this, `mount -t efivarfs` is available and tools such as efitools
and efibootmgr will be usable.

Signed-off-by: Alif M. Ahmad <alive4ever@live.com>
[daniel@makrotopia.org: some whitespace fixes, match From: with SoB]
2018-02-26 13:54:11 +01:00
Vitalij Alshevsky
8584fee310 uboot-sunxi: add Xunlong Orange Pi PC
Signed-off-by: Vitalij Alshevsky <v_alshevsky@tut.by>
2018-02-26 11:23:55 +01:00
Johnny S. Lee
c8e62f830d mwlwifi: add and use individual firmware packages
As each mvebu device only uses one of the firmwares provided by mwlwifi
package, it makes sense to put them in separate packages and only install
the one that is needed.

Current mwlwifi version's firmware sizes and usages by devices:
88W8864.bin  118776  caiman, mamba, cobra, shelby
88W8897.bin  489932  (none)
88W8964.bin  449420  rango

Changes by this commit:
 * indicate in title that mwlwifi also is driver for 88W8897 and 88W8964
 * remove mwlwifi package's firmware installation rules
 * add 3 new individual firmware packages (all depends on kmod-mwlwifi):
    - mwlwifi-firmware-88w8864
    - mwlwifi-firmware-88w8897
    - mwlwifi-firmware-88w8964
 * add firmware package to mvebu devices' DEVICE_PACKAGES accordingly

Signed-off-by: Johnny S. Lee <_@jsl.io>
[Add the used FW files to the PACKAGES of default image]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-26 11:23:40 +01:00
Matthias Schiffer
9bf440fcd9
perf: restrict libunwind dependency to archs that actually support libunwind
Allow building perf on uncommon targets again.

Depending on the kernel version, not all of these archs will actually use
libunwind in perf. Still, it seems simpler and less error-prone to use the
same list that is defined in the libunwind package.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-02-25 17:03:42 +01:00
Matthias Schiffer
05dba65569
libunwind: fix build with musl on PPC
Works around two incompatiblities between glibc and (POSIX-compliant) musl:

- missing register definitions from asm/ptrace.h
- non-POSIX-compliant ucontext_t on PPC32 with glibc

Compile tested on mpc85xx.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-02-25 16:58:10 +01:00
Felix Fietkau
28a74f3076 kernel: remove nf_flow_table hardware offload patch (it is not ready yet)
It also does not have any users yet. It will be addde back when the core
API issues have been sorted out

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-25 16:24:02 +01:00
Felix Fietkau
8f24653184 hostapd: do not register ubus objects for mesh interfaces
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-24 21:33:22 +01:00
Hans Dedecker
1a5863d6d7 odhcp6c: rework sendopts handling
Bring logic of sendopts handling in line with ip6prefix handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-24 21:04:06 +01:00
Jo-Philipp Wich
66222dd92b odhcp6c: support multiple additional user prefixes
Support configuration in the form...

    list ip6prefix 2001:db8:1234::/64
    list ip6prefix 2001:db8:5678::/64

... to allow specifying multiple additional IPv6 prefixes.

Implements feature request FS#1361.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-02-24 21:03:31 +01:00
Felix Fietkau
0f54d96d24 ethtool: import from packages, add myself as maintainer
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-24 16:12:57 +01:00
Tomasz Moń
9a0cc49089 util-linux: add lscpu package
lscpu is used by lxc-debian template.

Signed-off-by: Tomasz Moń <desowin@gmail.com>
2018-02-24 11:24:20 +01:00
Jakub Tymejczyk
316eb26a3a samba36: fix build (issue #5574)
As indicated in #5574 samba fails to build with linker error due to lack
of talloc_* functions when the packet libtalloc also gets build.

According to Makefile it is compiled with "--without-libtalloc" option.
Running ./configure --help shows that there is another option connected
to libtalloc: --enable/disable-external-libtalloc.
Adding this option fixes build.

Signed-off-by: Jakub Tymejczyk <jakub@tymejczyk.pl>
2018-02-24 11:23:46 +01:00
Hauke Mehrtens
92419ab4c7 iproute2: Add support for ports in xfrm on SCTP
Remove this old patch which prevents showing the xfrm ports for SCTP

This was added in commit 60c1f0f64d ("finally move buildroot-ng to trunk")

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-24 10:29:25 +01:00
Felix Fietkau
608c84b96e mt76: update to the latest version, improves performance and fixes tx power issues
62d52e9 mt76: set RX_FLAG_DUP_VALIDATED for A-MPDU reordered packets
5ba5995 mt76x2: rework tx power handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-24 10:28:15 +01:00
Ansuel Smith
2805402f86 iptables: update to 1.6.2
459b6932 policy: add nft translation for simple policy none/strict use case
255e55b7 tests: xlate-test: no need to require superuser privileges
6990bbc5 extensions: hashlimit: remove space before burst in translation to nft
13ecaeb0 extensions: hashlimit: Rename 'flow table' keyword to meter
c252a2b0 extensions: Add test for cluster nft translation
bda1daa4 extensions: ip6t_{S,D}NAT: add more tests
88fa4543 extensions: ip6t_{S,D}NAT: multiple to-dst/to-src arguments not reported
64a0e098 extensions: libxt_cluster: Add translation to nft
6067208f extensions: add support for 'srh' match
0f387b07 extensions: hashlimit: fix incorrect burst in translations
1ffe6a74 extensions: libxt_hashlimit: Do not print default timeout and burst
27de281d extensions: Add macro _DEFAULT_SOURCE.
75364151 iptables: Remove const qualifier from struct option.
8b0da213 iptables: masquerade: add randomize-full support
e64db006 iptables: patch to correct linker flag sequence
033eac81 extensions: libxt_tcpmss: Add test case for invalid ranges.
505bfa11 iptables: xtables-eb: Remove const qualifier from struct option
a6d6821a iptables: extensions: Fix MARK target help
71de414c libxt_sctp: fix array out of range in print_chunk
1a32381a extensions: add tests for ipcomp protocol
4bd51770 tests: xlate: print output in same way as nft-test.py
d0e3d95f libxt_recent: Remove ineffective checks for info->name
23e6ed71 libxt_TOS: add tests for translation infrastructure
9564595e Update .gitignore
bebce197 iptables: iptables-compat translation for TCPMSS
dbbab0aa extensions: libxt_tcpmss: Detect invalid ranges
0e958281 iptables-translate: add test file for TCPMSS extension
de3c68b6 iptables-compat: do not allow to delete populated user define chains
f4b80ce7 iptables: change large file support handling
f5b46c2f iptables: Constify option struct
21ba5b38 ip{,6}tables-restore: Don't accept wait-interval without wait
60e0ffd3 ip{,6}tables-restore: Don't ignore missing wait-interval value
af468b6e utils: Add a man page for nfnl_osf
1773dcaa utils: nfnl_osf: Fix synopsis in help text
895ce096 extensions: libxt_bpf: fix missing __NR_bpf declaration
3c633296 xtables-compat-restore: fix translation of mangle's OUTPUT
1c32e560 netfilter: xt_hashlimit: add rate match mode
b5331f88 xtables-compat: fix memory leak when listing
91ae12e3 xtables-compat-restore: fix several memory leaks
79e1edd1 iptables-xml: Fix segfault on jump without a target
c49a93f1 xtables-translate: fix double space before comment
79fa7cc2 libip6t_icmp6: xlate: remove leftover space
8e62f572 tests: xlate: generalize owner
8d994bcf iptables: Add file output option to iptables-save
f8e5ebc5 iptables: Fix crash on malformed iptables-restore
80d8bfaa iptables: insist that the lock is held.
c29d99c8 libxtables: Display weird character warning for wildcards
1fe96cfb tests: xlate: check if it is being run as root
3f92b259 tests: xlate: remove python 3.5 dependency
d89dc47a iptables-restore/save: exit when given an unknown option
65801d02 iptables-restore.8: document -w/-W options
9cd3adbe iptables-restore/ip6tables-restore: add --version/-V argument
1ec1fb7a extensions: libxt_hashlimit: fix 64-bit printf formats
27f69f4a iptables: extensions: Remove typedef in struct.
340105fa tests: add regression tests for xtables-translate
b669e184 extensions: libxt_TOS: Add translation to nft
b2a84476 iptables: Remove unnecessary braces.
2963a8df iptables: Remove explicit static variables initalization.
1cf4ba6f iptables: Constify option struct
999eaa24 iptables-restore: support acquiring the lock.
6e2e169e iptables: remove duplicated argument parsing code
836846f0 iptables: move XT_LOCK_NAME from CFLAGS to config.h.
b91af533 iptables: set the path of the lock file via a configure option.
0e94eb2e iptables-translate: print nft iff there are more expanded rules to print
48ad179b libxtables: abolish AI_CANONNAME
9f50bbdf libxtables: remove unnecessary nesting from host_to_ip(6)addr
c6df55d6 iptables-translate: print nft command for each expand rules via dns names
82dacbb8 xtables-translate: Avoid querying the kernel
9f972f45 extensions: libxt_addrtype: Add translation to nft
2c8e251e utils: nfsynproxy: fix build with musl libc
9b8cb756 libiptc: don't set_changed() when checking rules with module jumps
eb66632d extensions: libxt_hashlimit: Add translation to nft
72bb3dbf xshared: using the blocking file lock request when we wait indefinitely
24f81746 xshared: do not lock again and again if "-w" option is not specified
fc3c3b4e libxt_hashlimit: add new unit test to catch kernel bug
516d9191 iptables: update pf.os

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-02-23 19:15:54 +01:00
Felix Fietkau
fb1be20d63 mac80211: sync fast-rx patch with updated version
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-23 13:58:36 +01:00
Felix Fietkau
393661640b mac80211: fix various issues with fast-rx mode
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-23 10:15:23 +01:00
Piotr Dymacz
f01b394266 uboot-envtools: add support for ALFA Network AWUSFREE1
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-02-22 23:40:16 +01:00
Piotr Dymacz
3b8a858d5c uboot-envtools: add support for YunCore T830
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-02-22 18:53:22 +01:00
Piotr Dymacz
f487133322 uboot-envtools: add support for Samsung WAM250
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-02-22 18:53:22 +01:00
Piotr Dymacz
c6bd0b4894 uboot-envtools: add support for WHQX E1700AC/E600G/E600GAC v2
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-02-22 18:53:22 +01:00
Felix Fietkau
848a4abf27 ath9k: merge a RCU fix for station tx cleanup
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-22 15:37:59 +01:00
Felix Fietkau
14a01311f5 kernel: remove kmod-appletalk
This has been obsolete for many years now and has been implicated in a
recent build failure

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-22 12:08:38 +01:00
Felix Fietkau
ecd810d0f5 kernel: fix kernel module packaging errors on imx6
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-22 11:58:00 +01:00
Felix Fietkau
1b13cbc15b grub2: disable building platform code for target utility
It is not used and it was causing a build error with GCC 7.3

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-22 09:30:22 +01:00
Felix Fietkau
820f030998 netfilter: add a xt_FLOWOFFLOAD target for NAT/routing offload support
This makes it possible to add an iptables rule that offloads routing/NAT
packet processing to a software fast path. This fast path is much
quicker than running packets through the regular tables/chains.

Requires Linux 4.14

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 20:12:42 +01:00
Felix Fietkau
1033356442 kernel: backport netfilter NAT offload support to 4.14
This only works with nftables for now, iptables support will be added
later. Includes a number of related upstream nftables improvements to
simplify backporting follow-up changes

Signed-off-by: John Crispin <john@phrozen.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 20:12:42 +01:00
Felix Fietkau
bc3e0f6052 nftables: update to 0.8.2, backport flowtable support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 20:12:41 +01:00
Felix Fietkau
8cdc71fc92 libnftnl: backport flowtable support
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 20:12:41 +01:00
Felix Fietkau
c8d07575e5 mac80211: add minstrel improvements/fixes
- Simplify debugfs code
- Reduce size
- Fix handling of CCK rates

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 19:29:33 +01:00
Felix Fietkau
981cca12b6 hostapd: add support for sending 802.11v disassoc imminent notifications to clients via ubus
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 19:29:09 +01:00
Felix Fietkau
01b2c0fc49 hostapd: add support for issuing 802.11k beacon measurement requests via ubus
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 19:29:04 +01:00
Felix Fietkau
21bb42fb8a hostapd: expose client 802.11k capabilities via ubus
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 19:28:59 +01:00
Nick Hainke
e2681eb06a hostapd: return with 80211 codes in handle event function
If the auth or assoc request was denied the reason
was always WLAN_STATUS_UNSPECIFIED_FAILURE.
That's why for example the wpa supplicant was always
trying to reconnect to the AP.
Now it's possible to give reasoncodes why the auth
or assoc was denied.

Signed-off-by: Nick Hainke <vincent@systemli.org>
2018-02-21 19:28:56 +01:00
Lorenzo Santina
83b4fa9b3b hostapd: add IEEE 802.11v support
Add Wireless Network Management (IEEE 802.11v)
support to:
- hostapd-full
- wpa_supplicant-full

It must be enabled at runtime via UCI with:
- option ieee80211v '1'

Add UCI support for:
- time_advertisement
- time_zone
- wnm_sleep_mode
- bss_transition

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
2018-02-21 19:28:50 +01:00
Felix Fietkau
6b1816f8a3 hostapd: add support for turning on 802.11k/v features via ubus
Neighbor reports are enabled implicitly on use, beacon reports and BSS
transition management need to be enabled explicitly

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 19:28:43 +01:00
Felix Fietkau
526921f20e mac80211: round up tx status headroom
Fixes unaligned access exceptions in mt76 when transmitting beacons

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-02-21 19:28:36 +01:00
John Crispin
3cb38368e2 ubox: fix PKG_MIRROR_HASH
Signed-off-by: John Crispin <john@phrozen.org>
2018-02-20 21:35:14 +01:00
Hauke Mehrtens
73ba5e11f7 lantiq: fix lantiq applications kernel 4.14 compatiblity
This is fixing multiple compile problems with kernel 4.14 and updates the
code to take care of changes introduced between kernel 4.9 and 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-02-20 19:25:17 +01:00
Mathias Kresin
627a28eb09 lantiq: rename gphy firmware
Rename the gphy firmware to match the name requested by kernel 4.14 and
update the devicetree source files to use the new name.

Update the u-boot lantiq Makefile to be compatible with the new names as
well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-02-20 19:25:17 +01:00
Mathias Kresin
6112abf186 kernel: enable CONFIG_USB_PCI for PCI usb modules
With upstream commit 2c93e790e825 ("usb: add CONFIG_USB_PCI for system
have both PCI HW and non-PCI based USB HW") the CONFIG_USB_PCI was
introduced.

The option is disabled by default in our generic kernel 4.14 config, hence
we need to set the option for all related kernel modules.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-02-20 19:25:17 +01:00
Mathias Kresin
04cb1e0fd2 ppp: fix build with kernel 4.14.9+
With a9772285a724 ("linux/compiler.h: Split into compiler.h and
compiler_types.h") compiler.h was refactored and most its content was
moved to compiler_types.h. Both files are required to build ppp-mod-pppoa.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-02-20 19:25:17 +01:00
Hans Dedecker
97c27f01be odhcpd: fix interop with wide DHCPv6 client (FS#1377)
96033e9 dhcpv6-ia: don't always send reconf accept option (FS#1377)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-02-20 16:30:15 +01:00
Zoltan HERPAI
d2ac070552 modules: iio-mxs-lradc: build on mxs only
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-20 15:03:12 +01:00
Zoltan HERPAI
5360441d8f modules: gpio-mcp23s08: fully depend on i2c-core
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-20 14:13:20 +01:00
Michael Heimpold
42845f4550 kernel: add kmod-iio-mxs-lradc
This adds support for the Freescale i.MX23/28 SoC's Low-Resolution ADC.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2018-02-20 13:24:57 +01:00
Koen Vandeputte
e16cc7a8c8 uqmi: ensure CID is a numeric value before proceeding
The current implementation only checked if uqmi itself executed
correctly which is also the case when the returned value is actually
an error.

Rework this, checking that CID is a numeric value, which can only
be true if uqmi itself also executed correctly.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-20 08:33:07 +01:00
Tim Harvey
3b2708f09c imx6: add support for Linux 4.14
Signed-off-by: Tim Harvey <tharvey@gateworks.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-19 09:32:43 +01:00
Kevin Darbyshire-Bryant
16245a5d8e dnsmasq: bump to 2.79rc1
1721453 Remove special handling of A-for-A queries.
499d8dd Fix boundary for test introduced in 3e3f1029c9ec6c63e430ff51063a6301d4b2262
6f1cbfd Fix debian/readme typo.
55ecde7 Inotify: Ignore backup files created by editors
6b54d69 Make failure to chown() pidfile a warning.
246a31c Change ownership of pid file, to keep systemd happy.
83e4b73 Remove confusion between --user and --script-user.
6340ca7 Tweak heuristic for initial DNSSEC memory allocation.
baf553d Default min-port to 1024 to avoid reserved ports.
486bcd5 Simplify and correct bindtodevice().
be9a74d Close Debian bug for CVE-2017-15107.
ffcbc0f Example config typo fixes.
a969ba6 Special case NSEC processing for root DS record, to avoid spurious BOGUS.
f178172 Add homepage to Debian control file.
cd7df61 Fix DNSSEC validation errors introduced in 4fe6744a220eddd3f1749b40cac3dfc510787de6
c1a4e25 Try to be a little more clever at falling back to smaller DNS packet sizes.
4fe6744 DNSSEC fix for wildcard NSEC records. CVE-2017-15107 applies.
3bd4c47 Remove limit on length of command-line options.
98196c4 Typo fix.
22cd860  Allow more than one --bridge-interface option to refer to an interface.
3c973ad Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC time validation.
faaf306 Spelling fixes.
c7e6aea Change references to gPXE to iPXE. Development of EtherBoot gPXE was always development of iPXE core developer Michael Brown.
e541245 Handle duplicate RRs in DNSSEC validation.
84a01be Bump year in Debian copyright notice.
d1ced3a Update copyrights to 2018.
a6cee69 Fix exit code from dhcp_release6.
0039920 Severely fix code formating of contrib/lease-tools/dhcp_release6.c
39d8550 Run Debian startup regex in "C" locale.
ef3d137 Fix infinite retries in strict-order mode.
8c707e1 Make 373e91738929a3d416e6292e65824184ba8428a6 compile without DNSSEC.
373e917 Fix a6004d7f17687ac2455f724d0b57098c413f128d to cope with >256 RRs in answer section.
74f0f9a Commment language tweaks.
ed6bdb0 Man page typos.
c88af04 Modify doc.html to mention git-over-http is now available.
ae0187d Fix trust-anchor regexp in Debian init script.
0c50e3d Bump version in Debian package.
075366a Open inotify socket only when used.
8e8b2d6 Release notes update.
087eb76 Always return a SERVFAIL response to DNS queries with RD=0.
ebedcba Typo in printf format string added in 22dee512f3738f87539a79aeb52b9e670b3bd104
0954a97 Remove RSA/MD5 DNSSEC algorithm.
b77efc1 Tidy DNSSEC algorithm table use.
3b0cb34 Fix manpage which said ZSK but meant KSK.
aa6f832 Add a few DNS RRs to the table.
ad9c6f0 Add support for Ed25519 DNSSEC signature algorithm.
a6004d7 Fix caching logic for validated answers.
c366717 Tidy up add_resource_record() buffer size checks.
22dee51 Log DNS server max packet size reduction.
6fd5d79 Fix logic on EDNS0 headers.
9d6918d Use IP[V6]_UNICAST_IF socket option instead of SO_BINDTODEVICE for DNS.
a49c5c2 Fix search_servers() segfault with DNSSEC.
30858e3 Spaces in CNAME options break parsing.

Refresh patches.
Remove upstreamed patches:
	250-Fix-infinite-retries-in-strict-order-mode.patch
	260-dnssec-SIGINT.patch
	270-dnssec-wildcards.patch

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-02-18 22:10:17 +01:00
Stijn Tintel
1c308bbbf5 dropbear: add option to set receive window size
The default receive window size in dropbear is hardcoded to 24576 byte
to limit memory usage. This value was chosen for 100Mbps networks, and
limits the throughput of scp on faster networks. It also severely limits
scp throughput on high-latency links.

Add an option to set the receive window size so that people can improve
performance without having to recompile dropbear.

Setting the window size to the highest value supported by dropbear
improves throughput from my build machine to an APU2 on the same LAN
from 7MB/s to 7.9MB/s, and to an APU2 over a link with ~65ms latency
from 320KB/s to 7.5MB/s.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-02-18 02:59:57 +01:00
Philip Prindeville
81ccf24c09 iperf3: update to 3.4
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-02-17 13:48:02 +01:00
Russell Senior
42b94a74e9 openvpn: fix interface with mbedtls_sha256
Between mbedtls 2.6.0 and 2.7.0, the void returning mbedtls_MODULE* functions
were deprecated in favor of functions returning an int error code.  Use
the new function mbedtls_sha256_ret().

Signed-off-by: Russell Senior <russell@personaltelco.net>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-17 12:29:33 +01:00
Russell Senior
e05a6018fc curl: fix interface with mbedtls_sha256
Between mbedtls 2.6.0 and 2.7.0, the void returning mbedtls_MODULE* functions
were deprecated in favor of functions returning an int error code.  Use
the new function mbedtls_sha256_ret().

Signed-off-by: Russell Senior <russell@personaltelco.net>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-17 12:29:23 +01:00
Hauke Mehrtens
718e5cd1cf uboot-sunxi: Add Xunlong Orange Pi Zero Plus
This is based on a patch from armbian:
https://github.com/armbian/build/blob/master/patch/u-boot/u-boot-sunxi/add-orangepi-zeroplus.patch

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-17 01:15:25 +01:00
Antony Antony
3c24a1d423 sunxi: add support for NanoPi NEO Plus2 board
arm64: allwinner: h5: NanoPi NEO Plus2 DT support
Add initial DT for NanoPi NEO Plus2 by FriendlyARM
    - Allwinner quad core H5 Cortex A53 with an ARM Mali-450MP GPU
    - 1 GB DDR3 RAM
    - 8GB eMMC flash (Samsung KLM8G1WEPD-B031)
    - micro SD card slot
    - Gigabit Ethernet (external RTL8211E-VB-CG chip)
    - 802.11 b/g/n WiFi, Bluetooth 4.0 (Ampak AP6212A module)
    - 2x USB 2.0 host ports & 2x USB via headers

Signed-off-by: Antony Antony <antony@phenome.org>
2018-02-17 01:15:24 +01:00
Antony Antony
6247929d66 uboot-sunxi: add u-boot DT for NanoPi NEO Plus2 board
u-boot upstream commit 6130b1f6bc23

Signed-off-by: Antony Antony <antony@phenome.org>
2018-02-17 01:15:24 +01:00
Hauke Mehrtens
c971b4eeea uboot-sunxi: dts: Update orange Pi R1 integration
This syncs the Orange Pi R1 device tree files with the one from the
upstream kernel and also uses the default configuration from the Orange
Pi Zero.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-17 01:15:24 +01:00
Hauke Mehrtens
9f5a4f8a42 mbedtls: activate deprecated functions
Some functions used by a lot of other software was renamed and is only
active when deprecated functions are allowed, deactivate the removal of
deprecated functions for now.

Fixes: 75c5ab4caf ("mbedtls: update to version 2.7.0")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-16 20:09:34 +01:00
Jasper Scholte
7da6480700 gpio-nct5104d: Add support for new chip ID
The PC Engines APU3b has a new nct5104b version with chip ID 0xc453.
This adds support for that version.

Signed-off-by: Jasper Scholte <NightNL@outlook.com>
2018-02-16 14:46:03 +01:00
Zoltan HERPAI
94ef87f49d Revert "uboot-sunxi: bump to 2017.11"
This reverts commit 805f756d6e.

Move back to 2017.07 until we move sunxi to GCC7.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-16 12:17:15 +01:00
Zoltan HERPAI
4bc1ebbd88 Revert "uboot-sunxi: refresh patches"
This reverts commit f142de5f44.

Revert until we can move to 2017.11

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-16 11:40:01 +01:00
Zoltan HERPAI
616f883a20 Revert "uboot-sunxi: fix build by adding comparabilities for old dtc"
This reverts commit ef0416666f.

Revert until we can move to 2017.11

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-02-16 11:39:13 +01:00
Hauke Mehrtens
95745516a2 nftables: update to version 0.8.2
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-15 23:31:23 +01:00
Hauke Mehrtens
e7c179326a iproute2: update to version 4.15.0
The musl compatibility patches are now included in the upstream version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-15 23:31:23 +01:00
Hauke Mehrtens
75c5ab4caf mbedtls: update to version 2.7.0
This fixes the following security problems:
* CVE-2018-0488: Risk of remote code execution when truncated HMAC is enabled
* CVE-2018-0487: Risk of remote code execution when verifying RSASSA-PSS signatures

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-15 21:58:47 +01:00
Daniel Golle
a3b9cbafc3 iwinfo: update to latest git HEAD
223e09b add support for expected throughput

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-02-15 04:57:38 +01:00
Dongming Han
04d3308b62 ipq806x: add support for GL.iNet GL-B1300
This patch adds support for GL.iNet GL-B1300

Specification:
- SOC:        IPQ4028 / QCA Dakota
- RAM:        256 MiB
- FLASH:      32 MiB
- ETH:        Qualcomm Atheros QCA8075 Gigabit Switch (2 x LAN, 1 x WAN)
- USB:        1 x 3.0 (via Synopsys DesignWare DWC3 controller in the SoC)
- WLAN1:      Qualcomm Atheros QCA4028 2.4GHz 802.11bgn 2:2x2
- WLAN2:      Qualcomm Atheros QCA4028 5GHz 802.11a/n/ac 2:2x2
- INPUT:      one reset and one WPS button
- LEDS:       3 leds: Power, WIFI(only for 2.4G currently), and one reserved
- UART:       1 x UART on PCB (3.3V, TX, RX, GND) - 115200 8N1

Installation:
Method 1:
- use serial port to stop uboot
- uboot command: run lf
Method 2:
- push down reset button and power on
- wait until three leds constantly on then release
- upgrade by uboot web at http://192.168.1.1
Note:
- the sysupgrade image need to be renamed to lede-gl-b1300.bin in both method.
- the sysupgrade image can be automatically downloaded if tftp server at
  192.168.1.2 have that file.
- the wifi led will be flashing when writing image.

Signed-off-by: Dongming Han <handongming@gl-inet.com>
2018-02-14 09:40:32 +01:00
John Crispin
88a41074e8 ubox: update to latest git HEAD
128bc35 logread: fix reconnect logd logic
66347ec logread: move the code setting up the request blob out of the main loop
975a258 logread: move output connection setup code out of main loop
b81bea7 logread: cleanup pid file handling
d73e7d2 ubox: Replace strerror(errno) with %m format.

Signed-off-by: John Crispin <john@phrozen.org>
2018-02-14 09:30:07 +01:00
Hauke Mehrtens
0b8629c0e3 mwlwifi: downgrade to version 10.3.4.0-20180118
Some people reported problems with the current development version, so
go back to the latests more or less release.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-13 23:21:12 +01:00
Hauke Mehrtens
de0d0c68c4 mwlwifi: fix compile problem with kernel 4.14
vfs_write() is not exported on kernel 4.14 any more and kernel_write()
should be used instead.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-13 22:31:00 +01:00
Hauke Mehrtens
8db89c4485 mwlwifi: use PKG_SOURCE_DATE instead of version
Using PKG_SOURCE_DATE instead of PKG_VERSION will make the build system
generate the version based on the date and the git hash. This way the
tar file name changes when the git hash changes and this avoids problems
when someone forgets to change the version, but changes the git hash.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-13 22:31:00 +01:00
Chris Breuer
eab378ef17 mwlwifi: Update to latest commit 20180208
Changes since last merge into OpenWrt since 2017-12-14:
 - Added debugfs file tx_hist.
 - Added debugfs file fixed_rate.
 - Added debugfs file ba_hist.
 - Modified the way to establish BA stream.
 - Added code to control BF type.
 - Added functions to check/dump dhcp packet.
 - Upgrade 88W8964 firmware to 9.3.2.4.
 - Added debugfs file coredump.
 - Corrected the way to transmit multicast packets.
 - Change driver version to 10.3.4.0-20180118.
 - Corrected the way to get qos control.
 - Assigned broadcast dhcpoffer to another queue.
 - Separated broadcast and multicast packets. Bump to latest commit 20180206

Signed-off-by: Chris Breuer <github@chrisbreuer.de>
2018-02-13 22:31:00 +01:00
Hauke Mehrtens
80771af83d mac80211: move wifi detect hotplug script to later
Make it easily possible to add a custom script in front of this hotplug
script which adds new devices. This is needed for the mvebu target in
which we want to migrate the old configuration before new devices are
getting detected.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-02-13 22:24:56 +01:00
Lucian Cristian
7f61924dcb i2c.mk: sort kernel modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-02-13 11:55:21 +01:00
Lucian Cristian
f646188f77 hwmon.mk: sort kernel modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-02-13 11:54:42 +01:00
Lucian Cristian
0b004ccec3 can.mk: sort modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-02-13 11:53:49 +01:00
Lucian Cristian
d1aae1a054 crypto.mk: sort kernel modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-02-13 11:51:46 +01:00
Lucian Cristian
de62386b2d fs.mk: sort kernel modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-02-13 11:49:26 +01:00
Lucian Cristian
c2d3047f25 firewire.mk: sort kernel modules
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2018-02-13 11:48:49 +01:00
George Hopkins
13f9e40602 ramips: add support for D-Link DAP-1522 A1
D-Link DAP-1522 is a wireless bridge/access point with 4 LAN
ports and a dual-band wireless chipset.

Specifications:
- Ralink RT2880
- 32 MB of RAM
- 4 MB of Flash
- 4x 10/100/1000 Mbps Ethernet (RTL8366SR)
- 802.11abgn (RT2850)

Flash Instructions:
1. Download lede-ramips-rt288x-dap-1522-a1-squashfs-factory.bin
2. Open the web interface and upload the image

Signed-off-by: George Hopkins <george-hopkins@null.net>
2018-02-13 11:18:07 +01:00
George Hopkins
5203355062 mtd: add fixwrg command
Add a command to fix WRG headers, based on wrgg.c.

Signed-off-by: George Hopkins <george-hopkins@null.net>
2018-02-13 11:16:49 +01:00
Koen Vandeputte
f21f8376e9 uqmi: bump package release
fixes: da8990e717 ("uqmi: use built-in command for data-link verification")

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-13 10:25:30 +01:00
Karl Palsson
b2a5f7683b ar71xx: Add eTactica EG-200 support
EG-200 is a DIN rail mountable device with one ethernet port, wifi,
an RS-485 port, and an internal USB attached uSD card reader.

Two leds, "modbus" and "etactica" are managed by userspace applications
in factory firmware.

Flash instruction:
    Original firmware is based on OpenWrt.
    Use sysupgrade image directly in vendor GUI.

Signed-off-by: Karl Palsson <karlp@etactica.com>
2018-02-13 10:01:53 +01:00
Koen Vandeputte
da8990e717 uqmi: use built-in command for data-link verification
uqmi contains a command for directly querying the modem if there
is a valid data connection, so let's use it.

This avoids the cases were all previous tests are succesful, but the
actual data link is not up for some reasons, leading to states were we
thought the link was up when it actually wasn't ..

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-13 10:01:53 +01:00
Koen Vandeputte
3508f8abb4 uqmi: use correct value for connection checking
Originally, the implementation only checked if uqmi command
execution succeeded properly without actually checking it's returned data.

This lead to a pass, even when the returned data was indicating an error.

Rework the verification to actually check the returned data,
which can only be correct if the uqmi command itself also executed correctly.

On command execution success, value "pdh_" is a pure numeric value.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-13 10:01:53 +01:00
Koen Vandeputte
3c5471032b uqmi: use general method for state cleaning
Debugging shows that using the general method properly cleans on each
run, while the method specifying the client-ID shows "No effect"
even while in connected state.

Fixes several connectivity issues seen on specific modems.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-02-13 10:01:53 +01:00
Michael Heimpold
123dbb77aa packages: uboot-mxs: override instead of appending u-boot make flags
This prevents passing down the HOSTCC stuff set in u-boot.mk
which results in linking errors against openssl:

tools/mxsimage.o: In function `sb_aes_reinit':
mxsimage.c:(.text+0x202): undefined reference to `EVP_CIPHER_CTX_reset'
tools/mxsimage.o: In function `mxsimage_generate':
mxsimage.c:(.text+0x110d): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x114f): undefined reference to `EVP_MD_CTX_free'
mxsimage.c:(.text+0x11c3): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x1323): undefined reference to `EVP_MD_CTX_free'
mxsimage.c:(.text+0x134a): undefined reference to `EVP_CIPHER_CTX_reset'
tools/mxsimage.o: In function `mxsimage_verify_print_header':
mxsimage.c:(.text+0x23ce): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x242c): undefined reference to `EVP_MD_CTX_new'
mxsimage.c:(.text+0x246b): undefined reference to `EVP_MD_CTX_free'
mxsimage.c:(.text+0x24ef): undefined reference to `EVP_CIPHER_CTX_reset'
mxsimage.c:(.text+0x2e52): undefined reference to `EVP_MD_CTX_free'
collect2: error: ld returned 1 exit status

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2018-02-13 10:01:52 +01:00
Michael Heimpold
dc263cd125 packages: uboot-mxs: bump to 2017.11
Also update the U-Boot BSP patch for I2SE Duckbill devices.

Signed-off-by: Michael Heimpold <mhei@heimpold.de>
2018-02-13 10:01:52 +01:00
Kristian Evensen
2d27ebbb93 iptables: Support building connlabel module
It is currently possible to enable connlabel-support in iptables.
However, in order for connlabel to work properly, the kernel module must
also be present. This patch adds support for building the
connlabel-module, and selects it by default when connlabel-support is
enabled.

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
2018-02-13 10:01:52 +01:00
Yangbo Lu
e547bd36bd layerscape: support ubifs rootfs in u-boot env
ls1012ardb/ls1012afrdm/ls1046ardb/ls1088ardb firmwares now use ubifs
rootfs. So u-boot env should be set accordingly.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:51 +01:00
Yangbo Lu
d6fd44cebf layerscape: update u-boot to LSDK1712
This patch is to update layerscape u-boot to
NXP LSDK1712 release.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:51 +01:00
Yangbo Lu
0f7c83bb26 layerscape: update ppfe firmware to LSDK1712
Updated ppfe firmware to NXP LSDK1712 release. Used
ppfe firmware git tree on NXP github since it was
migrated here from qoriq-open-source github.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:51 +01:00
Yangbo Lu
13b2735a46 layerscape: add ls-rcw-bin package
NXP LSDK1712 release used two rcw git trees. The
original rcw git tree was still source code but
dropping ls1012a/ls1088a/ls2088a boards in LSDK1712.
Instead another new rcw git tree was used to just
provided rcw binaries for these boards dropped. So
this patch is to update ls-rcw to LSDK1712 release
and add a new ls-rcw-bin package.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-02-13 10:01:50 +01:00