Commit graph

14941 commits

Author SHA1 Message Date
Felix Fietkau
eab7bcc8e1 uboot-imx6: install images into STAGING_DIR_IMAGE
Will be used by a new combined image for cubox

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-03 12:06:24 +02:00
Hans Dedecker
17c9b72046 nghttp2: bump to 1.33.0
9d843334 Update bash_completion
23cb3f38 Update manual pages
1d682dcd Bump up version number to 1.33.0, LT revision to 31:0:17
601fbbb4 Update doc
f44aa246 Update AUTHORS
dd74a6dd Update manual pages
e959e733 src: Refactor utos
fb9a204d nghttpx: Fix compile error without mruby
cd096802 Update doc
7417fd71 nghttpx: Per-pattern not per-backend
2d1a981c Merge branch 'akonskarm-master'
45acc922 clang-format
214d0899 Merge branch 'master' of https://github.com/akonskarm/nghttp2 into akonskarm-master
31fd707d nghttpx: Fix broken healthmon frontend
9a2e38e0 fix code for reuse addr on asio client
d24527e7 Bump up LT revision due to v1.32.1 release
6195d747 nghttpx: Share mruby context if it is compiled from same file
fb97f596 nghttpx: Allocate mruby file because fopen requires NULL terminated string
0ccc7a77 nghttpx: Move blocked request data to request buffer for API request
32826466 nghttpx: Fix crash with API request
0422f8a8 nghttpx: Fix worker process crash with neverbleed write error
e329479a Merge pull request #1215 from nghttp2/mruby-per-backend
f80a7873 Merge branch 'akonskarm-reuse_addr'
866ac6ab add option reuse addr in local endpoint configuration of asio client
b574ae6a nghttpx: Support per-backend mruby script
de4fd7cd doc: Update doc
32d7883c nghttpx: Downstream::request_buf_full: take into account blocked_request_buf_
9b24e197 nghttpx: Choose h1 protocol if headers have been sent to backend on retry
13ffece1 Merge pull request #1214 from nghttp2/fix-rst-without-dconn
9d5b781d Fix stream reset if data from client is arrived before dconn is attached

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-03 10:46:20 +02:00
Kevin Darbyshire-Bryant
dc9388ac55 iproute2: update cake man page
CAKE supports overriding of its internal classification of
packets through the tc filter mechanism.

Update the man page in our package, even though we don't
build them.  Someone may find the documentation useful.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 30598a05385b0ac2380dd4f30037a9f9d0318cf2)
2018-08-31 15:30:28 +07:00
Kevin Darbyshire-Bryant
721dfd4eb8 kmod-sched-cake: bump to 20180827
Expand filter flow mapping to include hosts as well

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit d14ffdc307d36bd9abe908b46ff7baece54c9551)
2018-08-31 15:30:27 +07:00
Jo-Philipp Wich
555c592304 ppp: remove hardcoded lcp-echo-failure, lcp-echo-interval values
OpenWrt used to ship hardcoded defaults for lcp-echo-failure and
lcp-echo-interval in the non-uci /etc/ppp/options file.

These values break uci support for *disabling* LCP echos through
the use of "option keepalive 0" as either omitting the keepalive
option or setting it to 0 will result in no lcp-echo-* flags
getting passed to the pppd cmdline, causing the pppd process to
revert to the defaults in /etc/ppp/options.

Address this issue by letting the uci "keepalive" option default
to the former hardcoded values "5, 1" and by removing the fixed
lcp-echo-failure and lcp-echo-interval settings from the
/etc/ppp/options files.

Ref: https://github.com/openwrt/luci/issues/2112
Ref: https://dev.archive.openwrt.org/ticket/2373.html
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=854
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1259
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-30 15:19:45 +02:00
Thomas Equeter
acedce1d79 uqmi: wait for the control device too
The control device /dev/cdc-wdm0 is not available immediately on the
D-Link DWR-921 Rev.C3, therefore the wwan interface fails to start at
boot with a "The specified control device does not exist" error.

This patch alters /lib/netifd/proto/qmi.sh to wait for
network.wwan.delay earlier, before checking for the control device,
instead of just before interacting with the modem.

One still has to use network.wwan.proto='qmi', as the "wwan" proto
performs that sort of check before any delay is possible, failing with a
"No valid device was found" error.

Signed-off-by: Thomas Equeter <tequeter@users.noreply.github.com>
2018-08-29 13:10:12 +02:00
Giuseppe Lippolis
774d7fc9f2 comgt: increase timeout on runcommands
Some combination of modem/wireless operator requires more time to
execute the commands.
Tested on DWR-512 embedded wwan modem and italian operator iliad (new
virtual operator).

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2018-08-29 08:34:10 +02:00
Paul Wassi
1bd6b91e0f base-files: provide more tolerant xterm detection
Set the window title not only in "xterm", but also in
e.g. "xterm-256color", "xterm-color", etc.
The case statement is taken from Debian / Ubuntu.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-08-29 08:33:54 +02:00
Bruno Randolf
fe960cead7 ugps: Update to fix position calculation
This is necessary to get my position right.
Without this my longitude is incorrecty -15.85xxxx instead of -16.52yyyy

Signed-off-by: Bruno Randolf <br1@einfach.org>
2018-08-29 08:31:10 +02:00
Bruno Randolf
6b14a73f4f ugps: Add option disabled
Like many other packages, an option to disable can be practical.

Signed-off-by: Bruno Randolf <br1@einfach.org>
2018-08-29 08:31:10 +02:00
Robert Marko
a9d7353192 ethtool: Update to 4.18
Tested on 8devices Jalapeno(ipq40xx)
Introduces following changes:
Feature: Add support for WAKE_FILTER (WoL using filters)
Feature: Add support for action value -2 (wake-up filter)
Fix: document WoL filters option also in help message
Feature: ixgbe dump strings for security registers

Signed-off-by: Robert Marko <robimarko@gmail.com>
2018-08-28 13:46:16 +02:00
Hauke Mehrtens
af6e901ae8 strace: update strace to version 4.24
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-28 11:26:53 +02:00
Hauke Mehrtens
a2488f3a24 linux-firmware: realtek: Add FW for rtl8192eu, rtl8723au and rtl8723bu
These devices are more or less supported by the kmod-rtl8xxxu driver.

Fixes: FS#1789
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-27 18:13:33 +02:00
Hans Dedecker
6caa8e09aa nghttp2: bump to 1.32.1
4c76aaee Update manual pages
2b51ad67 Bump up version number to 1.32.1, LT revision to 30:3:16
708379dc Tweak nghttp2_session_set_stream_user_data
73106b0d Compile with clang-6.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-27 10:11:10 +02:00
Stijn Tintel
2c01425d2d ath10k-firmware: update both QCA988X CT variants
This fixes slow performance with 802.11w enabled.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-08-26 18:24:02 +02:00
Stijn Tintel
616b972920 ath10k-ct: bump to git HEAD
e0d2ce0 ath10k:  Support setting tx_antenna in descriptor field.
29c644f Update to latest 4.13 and 4.16 ath10k-ct drivers.
20db9db ath10k:  Support vdev stats for 4.9, 4.16  kernel
fd92066 ath10k:  Support 'ct-sta-mode' for 9984 firmware that supports it.
34954f0 ath10k:  get_tsf, PMF

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-08-26 18:40:46 +03:00
Hans Dedecker
8fd8e79143 iproute2: update to 4.18.0
Update to the latest version of iproute2; see https://lwn.net/Articles/762515/
for a full overview of the changes in 4.18.
Remove upstream patch 001-rdma-sync-some-IP-headers-with-glibc

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-25 20:54:00 +02:00
Felix Fietkau
d9792152fd ath9k: fix setting up tx99 with a monitor mode interface
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-08-25 19:18:08 +02:00
Hauke Mehrtens
e882e63f1e kernel: add missing dependency to regmap to kmod-gpio-mcp23s08
This fixes a build problem recently introduced.

Fixes: a904003b9b ("kernel: fix kmod-gpio-mcp23s08 for linux 4.14")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-25 18:18:35 +02:00
Keith Wong
79c233daa4 kernel: add kmod-tcp-bbr
This adds support for BBR (Bottleneck Bandwidth and RTT) TCP
congestion control. Applications (e.g. webservers, VPN client/server)
which initiate connections from router side can benefit from this.

This provide an easier way for users to use BBR by selecting /
installing kmod-tcp-bbr instead of altering kernel config and
compiling firmware by themselves.

Signed-off-by: Keith Wong <keithwky@gmail.com>
2018-08-25 15:40:24 +02:00
Daniel Engberg
e341f45913 libbsd: Update to 0.8.7
Update libbsd to 0.8.7
Remove glibc dependency
Clean up InstallDev and install entries
Use /usr path for consistency
Cherry pick patches from upstream to fix musl compilation

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-08-25 15:40:23 +02:00
Vladimir Vid
6cda4f6861 imx6: Initial support for SolidRun CuBox-i devices based on i.MX6 processors (i1, i2, i2eX, and i4Pro).
- Specifications -

CuBox i1:
- SoC: i.MX6 Solo
- Cores: 1
- Memory Size: 512MB
- GPU: GC880
- Wifi/Bluetooth: Optional
- USB 2.0 ports: 2
- Ethernet: 10/100/1000 Mbps

CuBox i2 | i2eX:
- SoC: i.MX6 Dual Lite
- Cores: 2
- Memory Size: 1GB
- GPU: GC2000
- Wifi/Bluetooth: Optional
- USB 2.0 ports: 2
- Ethernet: 10/100/1000 Mbps

CuBox i4Pro | i4x4:
- SoC: i.MX6 Quad
- Cores: 4
- Memory Size: 2/4 GB
- GPU: GC2000
- Wifi/Bluetooth: Build In
- USB 2.0 ports: 2
- Ethernet: 10/100/1000 Mbps

Built-in u-boot requires SPL (secondary program loader) to be present on the SD-card regardless of the image type which will be loaded.
SPL is generated by the u-boot-mx6cuboxi package which is preselected by the target device and can be found in bin/u-boot-mx6cuboxi directory.

Flashing the SPL:
dd if=/dev/zero of=/dev/mmcblk0 bs=1M count=4
dd if=bin/targets/imx6/generic/u-boot-mx6cuboxi/SPL of=/dev/mmcblk0 bs=1K seek=1

Preparing the firmware on the SD-card:
(echo o; echo n; echo p; echo 1; echo ''; echo ''; echo w) | fdisk /dev/mmcblk0
mkfs.ext4 /dev/mmcblk0p1
mount /dev/mmcblk0p1 /mnt
tar -xzf bin/targets/imx6/generic/openwrt-imx6-device-cubox-i-rootfs.tar.gz -C /mnt/
mkdir -p /mnt/boot
cp bin/targets/imx6/generic/{*-uImage,*.dtb,*.scr} /mnt/boot/

Generated u-boot.img needs to be placed on the first partition:
cp bin/targets/imx6/generic/u-boot-mx6cuboxi/u-boot.img /mnt/

To boot from the SD card:

Boot script which sets mmc/dtb parameters and boots the board is automatically sourced.
If this does not work for any reason:
mmc dev 0; load mmc 0:1 $scriptaddr boot/boot.scr; source $scriptaddr

Currently imx6dl-cubox-i.dtb (Dual Lite) and imx6q-cubox-i.dtb (Quad) device trees are available.

Tested on i4Pro, MMC, USB (+ HiD), HDMI and ethernet ports are working.
Wireless and bluetooth are broken ATM. According to SolidRun forums, BCM4329/BCM4330 firmware is used which works fine on older kernels.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2018-08-25 15:40:23 +02:00
Antonio Silverio
672c430d6e mac80211: mwl8k: Expand non-DFS 5G channels
Add non-DFS 5G upper channels (149-165) besides existed 4 lower channels
(36, 40, 44, 48).

Signed-off-by: Antonio Silverio <menion@gmail.com>
2018-08-25 15:40:23 +02:00
Martin Schiller
a904003b9b kernel: fix kmod-gpio-mcp23s08 for linux 4.14
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2018-08-25 15:33:52 +02:00
Luis Araneda
43dedd0661 uboot-zynq: add support for the zybo z7 board
Backport board support from the upcoming v2018.09 release,
and add an additional patch to read the MAC address
from flash memory

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-08-25 15:33:50 +02:00
Rosen Penev
3ccc2ebe01 libevent2: Switch to using release tarball
Starting with version 2.1.8, a release tarball is available.

Simplifies the Makefile slightly.

Updated the project URL. HTTPS is broken. Issue has been reported upstream

Adjusted patches. CMake support is not present in the tarball. It's made
for Windows anyway.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-25 13:18:35 +02:00
Felix Fietkau
b6adfde0c6 mt76: update to the latest version
7daf962 mt7603: add survey support
980c606 mt7603: add fix for CCA signal configuration
30b8371 mt7603: fix BAR rate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-08-24 21:33:54 +02:00
Hans Dedecker
2211ee0037 dropbear: backport upstream fix for CVE-2018-15599
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-24 15:25:26 +02:00
Jo-Philipp Wich
a27de701b0 wolfssl: disable broken shipped Job server macro
The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on
plain POSIX shells due to the use of `let`.

Shells lacking `let` will fail to run the generated m4sh code and end up
invoking "make" with "-jyes" as argument, fialing the build.

Since there is no reason in the first place for some random package to
muck with the make job server settings and since we do not want it to
randomly override "-j" either, simply remove references to this defunct
macro to let the build succeed on platforms which not happen to use bash
as default shell.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 20:14:00 +02:00
Jo-Philipp Wich
9ffbe84ea4 grub2: rebase patches
Patch 300-CVE-2015-8370.patch was added without proper rebasing on the
version used by OpenWrt, make it apply and refresh the patch to fix
compilation.

Fixes: 7e73e9128f ("grub2: Fix CVE-2015-8370")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 19:08:58 +02:00
Jo-Philipp Wich
214146c6f2 uhttpd: support multiple Lua prefixes
Update to latest git HEAD in order to support configuring multiple
concurrent Lua prefixes in a single uhttpd instance:

  b741dec lua: support multiple Lua prefixes

Additionally rework the init script and update the default configuration
example to treat the lua_prefix option as key=value uci list, similar to
the interpreter extension mapping. Support for the old "option lua_prefix"
plus "option lua_handler" notation is still present.

Finally drop the sed postinstall hack in uhttpd-mod-lua to avoid mangling
files belonging to other packages. Since Lua prefixes have precedence
over CGI prefixes, simply register `/cgi-bin/luci` as Lua handler which
will only become active if both luci-base and uhttpd-mod-lua is installed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 09:18:04 +02:00
Rosen Penev
7e73e9128f grub2: Fix CVE-2015-8370
This CVE is a culmination of multiple integer overflow issues that cause
multiple issues like Denial of Service and authentication bypass.

More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-23 07:15:53 +02:00
Rosen Penev
f9469efbfa bzip2: Fix CVE-2016-3189
Issue causes a crash with specially crafted bzip2 files.

More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-23 07:15:35 +02:00
Rosen Penev
499773f8ef samba36: Enable umdnsd support
Allows discovery without having to use NetBIOS. Useful for mobile devices.

Could eventually throw nbmd away. But that requires Windows 10...

Tested on Fedora 28 with avahi-discover.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:23:02 +02:00
Rosen Penev
7961009346 yamonenv: Remove dead URLs
uscan errors on the URL as it is no longer available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:22:17 +02:00
Rosen Penev
f5098a69ed fconfig: Remove dead URLs
uscan errors on the URL as it is no longer available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:22:04 +02:00
Rosen Penev
f2e1fd0f35 apex: Remove dead URL.
uscan errors on the URL as it is no longer available.

Also switched the download URL to HTTPS.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:21:53 +02:00
Jo-Philipp Wich
e5f56c07d7 iptables: make iptables-mod-conntrack-extra depend on kmod-ipt-raw
Since kernel 4.14 there is no auto assignment of conntrack helpers anymore
so fw3 needs raw table support in order to stage ct helper assignment rules.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-22 07:14:45 +02:00
Hans Dedecker
6c227e45cb dnsmasq: remove creation of /etc/ethers
Remove creation of file /etc/ethers in dnsmasq init script as the
file is now created by default in the base-files package by
commit fa3301a28e

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-21 15:55:10 +02:00
Luiz Angelo Daros de Luca
d810d44e5a base-files: create /etc/ethers by default
/etc/ethers is missing on /rom but always created when dnsmasq
runs. It is better to have it in place and avoid an extra change
in flash after firstboot.

It will generate an extra /etc/ethers-opkg when it has changed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-21 15:55:00 +02:00
Jo-Philipp Wich
22681cdef2 uhttpd: update to latest Git head
952bf9d build: use _DEFAULT_SOURCE
30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-21 14:48:47 +02:00
Daniel Engberg
e1a1add517 mwlwifi: Update to 10.3.8.0-20180810
Update mwlwifi to 10.3.8.0-20180810

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-08-21 07:44:37 +02:00
Hans Dedecker
40eb9bda44 netifd: update to latest git HEAD
7454d12 interface: let interface_set_down() return void
32f11a8 interface: make __interface_set_down() static
b9d5a8c interface: extend interface error messages in interface_set_up()
de394b3 interface: ensure NO_DEVICE error is always reported

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-20 16:27:38 +02:00
Yury Shvedov
cad9519eba hostapd: process all CSA parameters
This adds processing of all CSA arguments from ubus switch_chan request
in the same manner as in the control interface API.

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
2018-08-20 09:24:43 +02:00
Daniel Engberg
d1ea8ac3b4 util-linux: Update to 2.32.1
Update util-linux to 2.32.1
For release notes see https://lwn.net/Articles/759922/

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-16 22:29:28 +02:00
Mathias Kresin
56b8ac1e86 treewide: consolidate upgrade state set
Set the (sys)upgrade state when sourcing the stage2 script instead of
setting the state for each target individual.

This change fixes the, due to a missing state set, not working upgrade
led on ath79 and apm821xx.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-16 21:20:57 +02:00
Jo-Philipp Wich
8c91807214 rpcd: update to latest git HEAD
41333ab uci: tighten uci reorder operation error handling
f91751b uci: tighten uci delete operation error handling
c2c612b uci: tighten uci set operation error handling
948bb51 uci: tighten uci add operation error handling
51980c6 uci: reject invalid section and option names

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-16 09:43:11 +02:00
Hauke Mehrtens
d74d6c4522 openssl: update to version 1.0.2p
This fixes the following security problems:
 * CVE-2018-0732: Client DoS due to large DH parameter
 * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:32:07 +02:00
Jo-Philipp Wich
5762efd8b2 libubox: set RPATH for host build
This is required for programs that indirectly link libjson-c through the
libubox blobmsg_json library.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-14 23:54:59 +02:00
Hans Dedecker
e2791e80cb netifd: update to latest git HEAD
522456b device: gracefully handle device names exceeding IFNAMESIZ

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-14 22:56:31 +02:00
Stijn Tintel
03e5dcbf10 firewall: bump to git HEAD
12a7cf9 Add support for DSCP matches and target
06fa692 defaults: use a generic check_kmod() function
1c4d5bc defaults: fix check_kmod() function

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-08-13 22:05:46 +03:00
Christian Lamparter
7b1b49bd32 packages: nvram: make it possible to include it for ath79 targets
The WD My Net Range Extender stores the MAC addresses inside the
nvram partition. This utility can extract it, but it's currently
not avilable on the ath79 target. Hence, this patch adds the
necessary target declaration, so it can be built.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-08-13 08:46:22 +02:00
Luis Araneda
09ac4aa86b uboot-zynq: update to 2018.07
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-08-13 08:43:58 +02:00
Jason A. Donenfeld
42dc0e2594 wireguard: bump to 0.0.20180809
* send: switch handshake stamp to an atomic

Rather than abusing the handshake lock, we're much better off just using
a boring atomic64 for this. It's simpler and performs better. Also, while
we're at it, we set the handshake stamp both before and after the
calculations, in case the calculations block for a really long time waiting
for the RNG to initialize.

* compat: better atomic acquire/release backport

This should fix compilation and correctness on several platforms.

* crypto: move simd context to specific type

This was a suggestion from Andy Lutomirski on LKML.

* chacha20poly1305: selftest: use arrays for test vectors

We no longer have lines so long that they're rejected by SMTP servers.

* qemu: add easy git harness

This makes it a bit easier to use our qemu harness for testing our mainline
integration tree.

* curve25519-x86_64: avoid use of r12

This causes problems with RAP and KERNEXEC for PaX, as r12 is a
reserved register.

* chacha20: use memmove in case buffers overlap

A small correctness fix that we never actually hit in WireGuard but is
important especially for moving this into a general purpose library.

* curve25519-hacl64: simplify u64_eq_mask
* curve25519-hacl64: correct u64_gte_mask

Two bitmath fixes from Samuel, which come complete with a z3 script proving
their correctness.

* timers: include header in right file

This fixes compilation in some environments.

* netlink: don't start over iteration on multipart non-first allowedips

Matt Layher found a bug where a netlink dump of peers would never terminate in
some circumstances, causing wg(8) to keep trying forever. We now have a fix as
well as a unit test to mitigate this, and we'll be looking to create a fuzzer
out of Matt's nice library.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-12 16:12:01 +02:00
Mathias Kresin
dfee452713 base-files: add function to get mac as text from flash
Add a function to get a mac stored as text from flash. The octets of
the mac address need to be separated by any separator supported by
macaddr_canonicalize().

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-11 21:36:27 +02:00
Mathias Kresin
ec28d2797c base-files: use consistent coding style
Add the opening bracket right after the function name, to do it the
same way for all functions in this file.

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-11 21:36:27 +02:00
Yousong Zhou
3493c1cf41 uci: bump to source date 2018-08-11
Fixes segfault when parsing malformed delta lines

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-08-11 12:04:31 +00:00
John Crispin
1961948585 wpa_supplicant: fix CVE-2018-14526
Unauthenticated EAPOL-Key decryption in wpa_supplicant

Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/

Vulnerability

A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.

When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.

Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.

Vulnerable versions/configurations

All wpa_supplicant versions.

Acknowledgments

Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.

Possible mitigation steps

- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.

- Merge the following commits to wpa_supplicant and rebuild:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

This patch is available from https://w1.fi/security/2018-1/

- Update to wpa_supplicant v2.7 or newer, once available

Signed-off-by: John Crispin <john@phrozen.org>
2018-08-10 15:48:21 +02:00
Thibaut VARÈNE
78b5764fd8 base-files: make wifi report unknown command
Avoid having /sbin/wifi silently ignore unknown keywords and execute
"up"; instead display the help message and exit with an error.

Spell out the "up" keyword (which has users), add it to usage output,
and preserve the implicit assumption that runing /sbin/wifi without
argument performs "up".

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2018-08-10 05:30:57 +02:00
David Bauer
c4931713df ath79: add support for OCEDO Koala
This commit adds support for the OCEDO Koala

SOC:	Qualcomm QCA9558 (Scorpion)
RAM:    128MB
FLASH:  16MiB
WLAN1:  QCA9558 2.4 GHz 802.11bgn 3x3
WLAN2:  QCA9880 5 GHz 802.11nac 3x3
INPUT:  RESET button
LED:    Power, LAN, WiFi 2.4, WiFi 5, SYS
Serial: Header Next to Black metal shield
        Pinout is 3.3V - GND - TX - RX (Arrow Pad is 3.3V)
        The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet
 - 2.4 GHz WiFi
 - 5 GHz WiFi
 - TFTP boot from ramdisk image
 - Installation via ramdisk image
 - OpenWRT sysupgrade
 - Buttons
 - LEDs

Installation seems to be possible only through booting an OpenWRT
ramdisk image.

Hold down the reset button while powering on the device. It will load a
ramdisk image named 'koala-uImage-initramfs-lzma.bin' from 192.168.100.8.

Note: depending on the present software, the device might also try to
pull a file called 'koala-uimage-factory'. Only the name differs, it
is still used as a ramdisk image.

Wait for the ramdisk image to boot. OpenWRT can be written to the flash
via sysupgrade or mtd.

Due to the flip-flop bootloader which we not (yet) support, you need to
set the partition the bootloader is selecting. It is possible from the
initramfs image with

 > fw_setenv bootcmd run bootcmd_1

Afterwards you can reboot the device.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-08-09 18:44:57 +02:00
Hans Dedecker
2e02fdb363 odhcp6c: apply IPv6/ND configuration earlier
Apply IPv6/ND configuration before proto_send_update so that all config info
is available when netifd is handling the notify_proto ubus call.
In particular this fixes an issue when netifd is updating the downstream IPv6 mtu
as netifd was still using the not yet updated upstream IPv6 mtu to set the
downstream IPv6 mtu

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-09 18:46:57 +02:00
Hans Dedecker
e0fbf62821 iproute2: remove libutil from InstallDev section
Commit 4d961538f6 added libutil to the iproute2 InstallDev section
but lead to compile issues with packages picking up the wrong libutil
since libutil is quite a generic name ...
Further libutil is rather meant for internal usage in iproute2 than a
public API; therefore let's remove it from the InstallDev section together
with ll_map.h

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-09 17:48:03 +02:00
Hans Dedecker
6579af7a77 netifd: update to latest git HEAD
115a694 interface-ip: always override downstream IPv6 mtu

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-09 17:39:24 +02:00
Antonio Silverio
e2e39328d5 sunxi: Added support for Xunlong Orange Pi PC2
CPU: H5 High Performance Quad-core 64-bit Cortex-A53
GPU: Mali450 OpenGL ES 2.0/1.1/1.0, OpenVG 1.1, EGL
Memory: 1GB DDR3 (shared with GPU)
Onboard Storage: TF card (Max. 32GB) / NOR flash(2MB)
Onboard Network: 1000M/100M Ethernet RJ45
USB 2.0 Ports: Three USB 2.0 HOST, one USB 2.0 OTG, HOST mode
role by default in DTS
Buttons: Power Button(SW4) Debug TTL

UART: ..DC-IN..
>[GND][RX][TX] ..HDMI..

Signed-off-by: Antonio Silverio <menion@gmail.com>
2018-08-09 12:06:58 +02:00
Zoltan HERPAI
f4d3047671 firmware: intel-microcode: bump to 20180703
* New upstream microcode data file 20180703
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
      sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
      sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
      sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
      sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
      sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
      sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
      sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
    + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
    + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
      Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
      Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
      server dies.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-08-09 01:00:06 +02:00
Rob Mosher
8a3582fa8a busybox: prevent compile hang with bzip2 enabled
The BZIP2_SMALL option was not being exposed via Config.in which
caused the build to fail as 'yes' is piped to the config during
build.  As it's expecting a number, it gets stuck in a loop.

Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
2018-08-08 22:08:49 +02:00
Jo-Philipp Wich
cc21dab6cc ucert: update to lastest git HEAD
Update to latest HEAD in order to fix a stack memory corruption issue:

1056e73 Change the sigb buffer to be the same size as the fread

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-08 19:52:13 +02:00
Hans Dedecker
4d961538f6 iproute2: add libutil to InstallDev section
In iproute2 v4.17 ll_map has been moved from the libnetlink to the libutil
library; add libutil as well to the staging dir in order to keep support
for ll_map

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-08 14:29:08 +02:00
David Bauer
5107ba2374 uboot-envtools: add ath79 target
This adds uci entries for all ath79 devices for which this already was
the case on ar71xx. Additionally we add the OCEDO Koala as there was no
support in OpenWRT yet.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-08-08 08:38:45 +02:00
Daniel Golle
8174853c78 base-files: introduce sysupgrade signature chain verification
Verify ucert signature chains in sysupgrade images in case ucert is
installed and $CHECK_IMAGE_SIGNARURE = 1.
Also make sure ucert host binary is present and generate a self-signed
ucert in case $TOPDIR/key-build.ucert is missing.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-08 02:22:54 +02:00
Daniel Golle
7a52ce3faf ucert: update source
ad816fc set rpath to make bundle-libraries.sh happy
 63ad591 blob_buf needs to be zero'd

Now that libubox, libjson-c and libblobms_json are installed into
STAGING_DIR_HOST we can properly bundle ucert in the ImageBuilder.
Follow-up commits will make use of it to include a signature-chain in
sysupgrade images using fwtool.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 23:20:18 +02:00
Daniel Golle
73100024d3 libubox: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 22:31:48 +02:00
Daniel Golle
a5368dc30c libjson-c: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 22:31:48 +02:00
Jo-Philipp Wich
1c4a255aa1 libubox: fix source version date
The referenced Git commit was made on the 25th of July, not June.

Fixes 432eaa940f ("libubox: fix mirror hash")
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-07 17:27:05 +02:00
Jo-Philipp Wich
432eaa940f libubox: fix mirror hash
Correct the mirror hash to reflect whats on the download server.

A locally produced libubox SCM tarball was also verified to yield an identical
checksum compared to the one currently on the download server.

Fixes FS#1707.
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-07 16:32:30 +02:00
Eneas U de Queiroz
33fd1d0d91 ustream-ssl: update to latest git HEAD
23a3f28 openssl, wolfssl: match mbedTLS ciphersuite list
450ada0 ustream-ssl: Revised security on mbedtls
34b0b80 ustream-ssl: add openssl-1.1.0 compatibility

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-08-07 14:28:16 +02:00
Hans Dedecker
9537c1a153 procd: update to latest git HEAD
e29966f Allow disabling seccomp or changing the whitelist
5f57223 trace: Use properly sized type for PTRACE_GETEVENTMSG
747efb6 procd: fix ustream deadlock when there are 0 bytes or no newlines

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-06 22:48:42 +02:00
Jo-Philipp Wich
93ac8b03b0 Revert "netfilter: separate IPv6 relevant kernel modules from IPv4"
This reverts commit 42a3c6465a.

The change was apparently never build-tested with all kmods enabled. I took
a brief look but found no simple way to untangle this, so revert it.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-06 19:46:37 +02:00
Rosy Song
42a3c6465a netfilter: separate IPv6 relevant kernel modules from IPv4
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-08-06 12:09:04 +02:00
Rosy Song
2b637e5ab8 base-files: do not add relevant sections & options except when ipv6 is support in kernel
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-08-06 12:08:47 +02:00
Christian Lamparter
3fce12568a kernel: modules: fix kmod-regmap redux
Jonas Gorski commented on the previous patch:
|This is actually the wrong fix and papers over an issue in one of our
|local patches.
|
|We intentionally allow regmap to be built as a module, see
|
|/target/linux/generic/hack-4.14/259-regmap_dynamic.patch
|[...]
|[The regulator code] optionally supports regmap thanks to the stubs
|provided if regmap is disabled - which breaks if you compile regmap
|as a module.

In order to mitigate this issue, this patch reverts the previous patch
and replaces the existing IS_ENABLED(CONFIG_REGMAP) with
IS_REACHABLE(CONFIG_REGMAP). This solves this particular issue as the
regulator code will now automatically fallback to the regmap stubs in
case the kmod-regmap module is enabled, but nothing else sets
CONFIG_REGMAP=y.

Note: There's still a potential issue that this patch doesn't solve:
If someone ever wants to make a OpenWrt kernel package for a
regulator module that requires the REGMAP feature for a target that
doesn't set CONFIG_REGMAP=y but has CONFIG_REGULATOR=y, the resulting
kmod-regulator-xyz package will not work on the target.
Luckily, there aren't any in-tree OpenWrt kernel module packages for
regulators at the moment. On the bright side: regmap is a critical
part nowadays and all new and upcoming architectures require it by
default. This will likely only ever be a problem for legacy targets
and devices that cannot afford to enable REGMAP.

Cc: Jonas Gorski <jonas.gorski@gmail.com>
Cc: John Crispin <john@phrozen.org>
Fixes: d00913d121 ("kernel: modules: fix kmod-regmap")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-08-06 07:17:12 +02:00
Andreas Ziegler
72489ebeb6 base-files: sysupgrade: abort if config backup fails
Sysupgrade shouldn't proceed, if the backup of the configuration
fails because tar (or gzip) exit with a non-zero code.

Signed-off-by: Andreas Ziegler <dev@andreas-ziegler.de>
2018-08-06 06:51:44 +02:00
Jason A. Donenfeld
68e2ebe64a wireguard: bump to 0.0.20180802
Changelog taken from the version announcement

> == Changes ==
>
>   * chacha20poly1305: selftest: split up test vector constants
>
>   The test vectors are encoded as long strings -- really long strings -- and
>   apparently RFC821 doesn't like lines longer than 998.
>   https://cr.yp.to/smtp/message.html
>
>   * queueing: keep reference to peer after setting atomic state bit
>
>   This fixes a regression introduced when preparing the LKML submission.
>
>   * allowedips: prevent double read in kref
>   * allowedips: avoid window of disappeared peer
>   * hashtables: document immediate zeroing semantics
>   * peer: ensure resources are freed when creation fails
>   * queueing: document double-adding and reference conditions
>   * queueing: ensure strictly ordered loads and stores
>   * cookie: returned keypair might disappear if rcu lock not held
>   * noise: free peer references on failure
>   * peer: ensure destruction doesn't race
>
>   Various fixes, as well as lots of code comment documentation, for a
>   small variety of the less obvious aspects of object lifecycles,
>   focused on correctness.
>
>   * allowedips: free root inside of RCU callback
>   * allowedips: use different macro names so as to avoid confusion
>
>   These incorporate two suggestions from LKML.
>
> This snapshot contains commits from: Jason A. Donenfeld and Jann Horn.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-08-04 04:04:34 +00:00
Jo-Philipp Wich
e44162ffca uclient: update to latest git HEAD
f2573da uclient-fetch: use package name pattern in message for missing SSL library
9fd8070 uclient-fetch: Check for nullpointer returned by uclient_get_url_filename
f41ff60 uclient-http: basic auth: Handle memory allocation failure
a73b23b uclient-http: auth digest: Handle multiple possible memory allocation failures
66fb58d uclient-http: Handle memory allocation failure
2ac991b uclient: Handle memory allocation failure for url
63beea4 uclient-http: Implement error handling for header-sending
eb850df uclient-utils: Handle memory allocation failure for url file name
ae1c656 uclient-http: Close ustream file handle only if allocated

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-03 23:50:29 +02:00
Kevin Darbyshire-Bryant
13c66f8820 iproute2: cake: make gso/gro splitting configurable
This patch makes sch_cake's gso/gro splitting configurable
from userspace.

To disable breaking apart superpackets in sch_cake:

tc qdisc replace dev whatever root cake no-split-gso

to enable:

tc qdisc replace dev whatever root cake split-gso

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Signed-off-by: Dave Taht <dave.taht@gmail.com>
[pulled from netdev list - no API/ABI change]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-08-02 22:00:19 +01:00
Kevin Darbyshire-Bryant
4f3c9a63b2 kmod-sched-cake: bump to 20180728 optional gso split
Follow upstream kernel patch that restores always splitting gso packets
by default whilst making the option configurable from (tc) userspace.

No ABI/API change

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-08-02 22:00:19 +01:00
Hannu Nyman
12fb4bb834 busybox: update to 1.29.2
* Update busybox to 1.29.2
* refresh default config
* remove upstreamed patches

Config refreshed with
  cd config/
  ../convert_menuconfig.pl ../../../../build_dir/target-arm_cortex-a9+vfpv3_musl_eabi/busybox-1.29.2
  cd ..
  ./convert_defaults.pl < ../../../build_dir/target-arm_cortex-a9+vfpv3_musl_eabi/busybox-1.29.2/.config > Config-defaults.in

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
Tested-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-02 22:36:00 +02:00
Koen Vandeputte
457e6d5a27 iperf: bump to 2.0.12
Fixes the annoying 'feature' were TTL was set to "1" by default ..
Users had to specify -T manually to test outside the own network.

2.0.12 change set (as of June 25th 2018)

o Change the unicast TTL default value from 1 to the system default (to be compatable with previous versions.) Multicast still defaults to 1.
o adpative formatting bug fix: crash occurs when values exceed 1 Tera. Add support for Tera and Peta and eliminate the potential crash condition
o configure default compile to include isochronous support (use configure --disable-isochronous to remove support)
o replace 2.0.11's --vary-load option with a more general -b option to include <mean>,<stdev>, e.g. -b 100m,40m, which will pull from a log normal distribution every 0.1 seconds
o fixes for windows cross compile (using mingw32)
o compile flags of -fPIE for android
o configure --enable-checkprograms to compile ancillary binaries used to test things such as delay, isoch, pdf generation
o compile tests when trying to use 64b seq numbers on a 32b platform
o Fix GCC ver 8 warnings

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-02 15:03:21 +02:00
Koen Vandeputte
a2a225517d gdb: bump to 8.1.1
GDB 8.1.1 brings the following fixes and enhancements over GDB 8.1:

 * PR gdb/22824 (misleading description of new rbreak Python function in GDB 8.1 NEWS file)
 * PR gdb/22849 (ctrl-c doesn't work in extended-remote)
 * PR gdb/22907 ([Regression] gdbserver doesn't work with filename-only binaries)
 * PR gdb/23028 (inconsistent disassemble of vcvtpd2dq)
 * PR gdb/23053 (Fix -D_GLIBCXX_DEBUG gdb-add-index regression)
 * PR gdb/23127 ([AArch64] GDB cannot be used for debugging software that uses high Virtual Addresses)
 * PR server/23158 (gdbserver no longer functional on Windows)
 * PR breakpoints/23210 ([8.1/8.2 Regression] Bogus Breakpoint address adjusted from 0xf7fe7dd3 to 0xfffffffff7fe7dd3)

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-08-01 16:12:53 +02:00
Eneas U de Queiroz
f63f20fb93 adb: added patch for openssl 1.1.0 compatibility
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-08-01 11:44:30 +02:00
Rosy Song
f30583c41d nftables: allow to build with json support
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-08-01 11:25:04 +02:00
Jo-Philipp Wich
fdd6c556ab iwinfo: update to latest Git HEAD
a514139 build: compile with -ffunction-sections, -fdata-sections and LTO
3c30b17 wl: only invoke nvram executable if it exists
65b8333 Revert "build: compile with -ffunction-sections, -fdata-sections and LTO"

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-07-31 20:40:33 +02:00
Rafał Miłecki
fecbd91c7c mac80211: brcmfmac: backport patch for per-firmware features
This allows driver to support features that can't be dynamically
discovered.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-07-31 09:45:03 +02:00
Christian Schoenebeck
c89195eb25 ca-caertificates: remove myself as PKG_MAINTAINER
remove myself as PKG_MAINTAINER

Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com>
2018-07-31 00:00:20 +02:00
John Crispin
3c4eeb5d21 netifd: update to latest git HEAD
fix a compile error

Signed-off-by: John Crispin <john@phrozen.org>
2018-07-30 23:56:14 +02:00
Hans Dedecker
929eac5b82 netifd: update to latest git HEAD (FS#1668)
75ee790 interface-ip: fix eui64 ifaceid generation (FS#1668)
ca97097 netifd: make sure the vlan ifname fits into the buffer
b8c1bca iprule: remove bogus assert calls
a2f952d iprule: fix broken in_dev/out_dev checks
263631a vlan: use alloca to get rid of IFNAMSIZE in vlan_dev_set_name()
291ccbb ubus: display correct prefix size for IPv6 prefix address
908a9f4 CMakeLists.txt: add -Wimplicit-fallthrough to the compiler flags
b06b011 proto-shell.c: add a explicit "fall through" comment to make the compiler happy
60293a7 replace fall throughs in switch/cases where possible with simple code changes

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-07-30 23:01:55 +02:00
Christian Lamparter
d00913d121 kernel: modules: fix kmod-regmap
This patch fixes the a compile issue that was triggered by
apm821xx/sata when kmod-regmap was selected.

The CONFIG_REGMAP is declared in drivers/base/regmap/Kconfig
as type "bool" and not "tristate". Hence the symbol should
never be set to module, as this confuses the #if CONFIG_REGMAP
guards in include/linux/regmap.h:

|.../drivers/regulator/core.c:4041: undefined reference to `dev_get_regmap'
|.../drivers/regulator/core.c:4042: undefined reference to `dev_get_regmap'
|.../drivers/regulator/core.c:4044: undefined reference to `dev_get_regmap'
|.../drivers/regulator/helpers.o: In function `regulator_is_enabled_regmap':
|.../drivers/regulator/helpers.c:36: undefined reference to `regmap_read'
|...

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-07-30 22:37:22 +02:00
Stijn Tintel
50c5fdd54d tcpdump: explicitly disable libcap-ng support
When libcap-ng is detected during build, support for it is enabled. This
will cause a build failure due to a missing dependency. Explicitly
disable libcap-ng support to avoid this.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-07-30 23:27:55 +03:00
Sven Eckelmann
ef39d0079b mac80211: ath10k: Limit available channels via DT ieee80211-freq-limit
Tri-band devices (1x 2.4GHz + 2x 5GHz) often incorporate special filters in
the RX and TX path. These filtered channel can in theory still be used by
the hardware but the signal strength is reduced so much that it makes no
sense.

There is already a DT property to limit the available channels but ath10k
has to manually call this functionality to limit the currrently set wiphy
channels further.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
2018-07-30 20:46:13 +02:00
Torbjörn Jansson
af9a96d23e kernel: add kmod-iio-htu21
This adds support for the htu21 humidity and temperature sensor.

To get it to work you have to do something like this:
echo "htu21 0x40" >/sys/class/i2c-dev/i2c-1/device/new_device
for example by adding it to rc.local

Compile tested on brcm2708 and I have used an earlier version of this
patch for more than a year.

Signed-off-by: Torbjörn Jansson <torbjorn.jansson@mbox200.swipnet.se>
2018-07-30 19:34:43 +02:00