Commit graph

14008 commits

Author SHA1 Message Date
Felix Fietkau
12f9305c12 wireguard: fix portability issue
Check if the compiler defines __linux__, instead of assuming that the
host OS is the same as the target OS.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-11 13:20:39 +01:00
Felix Fietkau
f7186599ce wireguard: move to kernel build directory
It builds a kernel module, so its build dir should be target specific

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-11 13:20:39 +01:00
John Crispin
b4e30b863c procd: update to latest git HEAD
7c9aa7c service: add data within the service itself
e2b819a service: fix calls to blobmsg_parse()

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-10 23:35:38 +01:00
Pierre Lebleu
832b6b8305 procd: service_data: Support data within the service itself
Use the same approach than the service_triggers for the service_data.

Signed-off-by: Pierre Lebleu <pme.lebleu@gmail.com>
2017-11-10 23:31:27 +01:00
Yangbo Lu
2b1ec44dbd layerscape: add ls1012afrdm device support
The QorIQ FRDM-LS1012A Board is an ultra-low-cost
development platform for QorIQ LS1012A Series Network
Processors built on ARM Cortex-A53 processor.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:49 +01:00
Yangbo Lu
9e7b166704 layerscape: enlarge ext4 rootfs size to 30MB
This patch is to enlarge ext4 rootfs size to 30MB.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:49 +01:00
Yangbo Lu
5b8639f02e layerscape: add ppa firmware package
This patch is to add PPA (The Primary Protected Application)
package and also enable it for all layerscape devices.
LSDK github provides ppa source code git tree, but it
only could be compiled with 64-bit toolchain. For 32-bit
devices, there was no method to use it.
https://github.com/qoriq-open-source/ppa-generic

This patch is to directly use a private ppa binary tree for
both 32-bit and 64-bit devices.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:49 +01:00
Yangbo Lu
82fbca8aaa layerscape: support LSDK ppfe
This patch is to use ppfe git tree on LSDK github
instead of private git tree, and support the latest
ppfe on ls1012ardb.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:49 +01:00
Yangbo Lu
ede04541ba layerscape: stop pfe before starting up kernel
For ls1012ardb, pfe should be stopped before starting up
kernel.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
38417e9ce1 layerscape: update u-boot to LSDK-1709-update-103017 tag
Updated u-boot to LSDK-1709-update-103017 tag.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
1552dd01d9 layerscape: use 1GHz CPU fequency for ls1012ardb
Used 1GHz CPU fequency for ls1012ardb instead of 800MHz.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
b915ac8ce2 layerscape: update rcw to LSDK-17.09-update-103017 tag
Updated rcw to LSDK-17.09-update-103017 tag.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
69c8e8d00b layerscape: support LEDE boot for ls1088ardb/ls2088ardb
Added u-boot patches to support LEDE boot for ls1088ardb
and ls2088ardb.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
47cff4cf5f layerscape: support all-in-one firmware for ls1088ardb/ls2088ardb
Suppport all-in-one firmware for ls1088ardb/ls2088ardb by
integrating u-boot/rcw/mc/dpl/restool.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
23c1504059 layerscape: add restool package
restool is a user space application providing the
ability to dynamically create and manage Layerscape
DPAA2 containers and objects from Linux.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
1e0276a39a layerscape: add dpl firmware package
This patch is to add data path layout files for the
second generation Data Path Acceleration Architecture.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
71a1df796e layerscape: add mc firmware package
This patch is to add package support for Management
Complex Firmware for the second generation Data Path
Acceleration Architecture.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Yangbo Lu
85e0d259d2 layerscape: move fman/rcw/ppfe packages to layerscape/
This patch is to create a layerscape directory for all
firmware packages of layerscape.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-11-10 23:00:47 +01:00
Rafał Miłecki
5cd48280fd rpcd: update to the latest version from 2017-11-09
9a8640183c031 plugin: use RTLD_LOCAL instead of RTLD_GLOBAL when loading library

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-09 17:30:38 +01:00
Yousong Zhou
b2aa820b48 base-files: fix getting gid from group_add_next
Shell function return code only has range [0, 255].  Other values will
be truncated, e.g. return 65536 will have the same effect as return 0

While at it, drop other "return $rc" where rc will almost always take
value 0 and whose value current callers actually do not check

Fixes FS#988

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-11-09 17:42:36 +08:00
Marko Ratkaj
73c745f64f functions.sh: fix default_postinst function
When we run "opkg install" on a package that installs an uci-defaults
script, functions.sh will fail to evaluate that script in its
default_postinst function.

This happens because there is no "./" present and it searches for the
file in paths specified by the PATH variable. This would work on bash,
but it will not work on ash and some other shells like sh, zsh. This
applys to the ". filename" directive used in this case.

This patch will make the path relative to the /etc/uci-defaults
directory.

Fixes: FS#1021

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
2017-11-08 23:18:22 +01:00
Jonas Gorski
dea3bad84e ltq-ptm: add missing depency to ltq-?dsl-*-mei
Add the required dependency to the mei driver as cought by the depenceny
checker.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-11-07 22:58:58 +01:00
Jonas Gorski
e76340198f ltq-atm: fix dependency for xrx200
Ad the missing dependency for the xrx200 variant, which depends on the
vdsl mei driver.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-11-07 22:58:58 +01:00
Jonas Gorski
a9a78a70cc ltq-adsl-mei: use the same file name for all variant
Due to limitations in the symvers treatment and the mei drivers
exporting the same funtions, modpost might use the wrong mei driver
to link against.

Work around this by renaming them all to the same name, making it
always the "right" module name even if the wrong file was used.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-11-07 22:58:58 +01:00
Jonas Gorski
ee59f8126f partially revert "mwlwifi: switch to AutoProbe"
Apearently we need to ensure mwlwifi loads before mwifiex on
the WRT3200ACM, else mwifiex will claim the wifi.

Fix this by reverting to AutoLoad, but keep the removal of
mac80211 line.

This partially reverts commit 471d5dc6e3.

Fixes: 471d5dc6e3 ("mwlwifi: switch to AutoProbe")
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-11-07 22:58:58 +01:00
Hans Dedecker
1928fc93ce firewall: update to latest git HEAD
c430937 ubus: parse the firewall data within the service itself

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-07 22:35:46 +01:00
Jo-Philipp Wich
2b6facc8d4 include: kernel.mk: simplify module autoloading
Let the generic postinstall script invoke "kmodloader" when the just
installed package contains any /etc/module.d/ entries.

This allows us to skip the explicit "insert_module()" calls in the
package postinstall.

Due to the removed insert_module calls we do not need to assemble a
complete list of modules per package anymore, which allows for vast
simplification of the package generation code.

While we're at it, also support specifying default parameters for
modules using either the MODPARAM or MODPARAM.modulename variables
in KernelPackage.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-11-07 12:02:06 +01:00
Jo-Philipp Wich
05a4200d56 uhttpd: fix query string handling
Update to latest Git in order to fix potential memory corruption and invalid
memory access when handling query strings in conjunction with active basic
authentication.

a235636 2017-11-04 file: fix query string handling

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-11-07 12:02:06 +01:00
Daniel Golle
ebdf5ed50b netifd: fix PKG_MIRROR_HASH
commit fbde9ac718 set an incorrect sha256sum which doesn't match the
file http://sources.lede-project.org/netifd-2017-10-31-0f96606b.tar.xz
or a locally packaged checkout (which resulted in a file identical with
the one referenced by the URL above).

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-11-07 00:21:02 +01:00
Yury Shvedov
09f90b7829 hostapd: remove default r1_key_holder generation
By default, hostapd assumes r1_key_holder equal to bssid. If LEDE
configures the same static r1 key holder ID on two different APs (BSSes) the
RRB exchanges fails behind them.

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
2017-11-06 16:39:41 +01:00
Denis Osvald
ee791fa4ab netfilter, iptables: add optional CHECKSUM module
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
2017-11-06 16:39:41 +01:00
Zoltan HERPAI
f9ecb0d562 sunxi: add Orange Pi 2 support
- H3 @ 1.3 GHz
- 1GiB DDR3
- 10/100Mbps Ethernet
- Realtek RTL8189ETV wifi
- 4 USB 2.0

Difference to the "Orange Pi Plus" is the lack of Gbit ethernet
and lack of onboard flash.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-11-06 16:39:41 +01:00
Marek Vasut
6d2f3b1b19 package: kernel: dtc: Add DTO support
Add patch with the DT overlay support into the DTC package.

Signed-off-by: Marek Vasut <marex@denx.de>
2017-11-06 16:39:41 +01:00
Ralph Sennhauser
f5468d2486 openssl: fix cryptodev config dependency
Signed-off-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
2017-11-06 16:39:41 +01:00
Kayo Phoenix
6a3565985f sunxi: Added profile for HAOYU Electronics Marsboard A10
The MarsBoard was a short-lived credit-card sized, extendable board with an Allwinner A10 SoC.
http://linux-sunxi.org/MarsBoard_A10

Signed-off-by: Kayo Phoenix <kayo@illumium.org>
[Forward-ported to new target layout:]
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-11-06 16:39:41 +01:00
Arjun AK
63d7c45886 iwinfo: add "PKG_MIRROR_HASH" to the Makefile
Defining it will let the build tool download the tarball file from
a buildbot server, avoiding a clone of the source repo.

Signed-off-by: Arjun AK <lede@arjunak.com>
2017-11-06 16:39:41 +01:00
Felix Fietkau
94491a1571 ubox: update to the latest version, fixes syslog issues
7a49632 logd: use uloop instead of ustream_fd for syslog
69d6542 logd: only create pipe in stream mode
df30c8c logread: terminate after EOF
bdcacad logd: implement oneshot mode for stream log read
4a10d4e logread: use oneshot mode without -f, wait for logd to close
ea3d7fa logd: enforce line length limit for ubus based log messages as well
960a29d logread: remove leftover debug code
a081904 logread: fix line buffer size
2c0d9cf logd: move stripping of newlines to log_add()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-06 11:58:40 +01:00
Philip Prindeville
e03dcf494e iperf3: update to 3.3 and refresh patches
Taking the same patchset I've submitted upstream for inclusion.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-10-31 14:19:51 -06:00
John Crispin
bd60c9063d bubox: update to latest git HEAD
729f47f jshn: read and write 64-bit integers

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-06 10:06:35 +01:00
Koen Vandeputte
06d5d01e8a uqmi: replace legacy command invoke with newer type
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-10-24 16:20:22 +02:00
Koen Vandeputte
09582d6b4d uqmi: also try newer pin verification
Newer devices tend to only support the newer version of the pin
verification command, so also try that one.

Fixes PIN issues with modems like the Sierra Wireless MC7455

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-10-24 16:20:21 +02:00
John Crispin
5b3e35d85b ubox: update to latest git HEAD
da5b8b4 log/syslog: Add missing static to two structs.
dd61c9f ubox: Replace { 0 } with {}.

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-06 09:07:39 +01:00
John Crispin
f62e2f611c procd: update to latest git HEAD
53e92d4 procd: lower the logging threshold
b39c362 service: Start services normally when seccomp is disabled
3ba6b45 procd: add missing new lines inside debug code
56a02e3 service: fix service_handle_event array
d4a183f service: fix SERVICE_ATTR_NAME usage in service_handle_set

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-06 08:50:18 +01:00
Michal Sojka
0e300a3a71 procd: Always tell cmake whether to include seccomp support or not
Without this change, when a user disables seccomp support in .config,
procd does not get recompiled unless the package is cleaned manually.
It is because when -D option is missing from cmake command line, cmake
uses cached value from the previous run where seccomp was enabled.

Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
2017-11-03 22:31:42 +01:00
John Crispin
727ab294d0 ubus: update to latest git HEAD
24ffe9b libubus-req: add data_cb callback handling for ubus notifications

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-06 08:31:38 +01:00
Yousong Zhou
f0c37f6ceb libunwind: disable building with ssp
If we enable -fstack-protector while building libunwind, function
__stack_chk_fail_local will be referred to for i386 and powerpc32
arches.  This will cause link failure because the default gcc build
specs says no link_ssp if -nostdlib is given.

The error message:

    OpenWrt-libtool: link: ccache_cc -shared  -fPIC -DPIC  .libs/os-linux.o mi/.libs/init.o mi/.libs/flush_cache.o mi/.libs/mempool.o mi/.libs/strerror.o x86/.libs/is_fpreg.o x86/.libs/regname.o x86/.libs/Los-linux.o mi/.libs/backtrace.o mi/.libs/dyn-cancel.o mi/.libs/dyn-info-list.o mi/.libs/dyn-register.o mi/.libs/Ldyn-extract.o mi/.libs/Lfind_dynamic_proc_info.o mi/.libs/Lget_accessors.o mi/.libs/Lget_proc_info_by_ip.o mi/.libs/Lget_proc_name.o mi/.libs/Lput_dynamic_unwind_info.o mi/.libs/Ldestroy_addr_space.o mi/.libs/Lget_reg.o mi/.libs/Lset_reg.o mi/.libs/Lget_fpreg.o mi/.libs/Lset_fpreg.o mi/.libs/Lset_caching_policy.o x86/.libs/Lcreate_addr_space.o x86/.libs/Lget_save_loc.o x86/.libs/Lglobal.o x86/.libs/Linit.o x86/.libs/Linit_local.o x86/.libs/Linit_remote.o x86/.libs/Lget_proc_info.o x86/.libs/Lregs.o x86/.libs/Lresume.o x86/.libs/Lstep.o x86/.libs/getcontext-linux.o  -Wl,--whole-archive ./.libs/libunwind-dwarf-local.a ./.libs/libunwind-elf32.a -Wl,--no-whole-archive  -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/target-i386_i486_musl-1.1.16/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/usr/lib -L/var/lib/bbmnt/buildbot/slaves/dave-builder/i386_i486/build/sdk/staging_dir/toolchain-i386_i486_gcc-5.4.0_musl-1.1.16/lib -lc -lgcc  -Os -march=i486 -fstack-protector -Wl,-z -Wl,now -Wl,-z -Wl,relro -nostartfiles -nostdlib   -Wl,-soname -Wl,libunwind.so.8 -o .libs/libunwind.so.8.0.1
    .libs/os-linux.o: In function `_Ux86_get_elf_image':
    os-linux.c:(.text+0x588): undefined reference to `__stack_chk_fail_local'
    x86/.libs/Lregs.o: In function `_ULx86_access_fpreg':
    Lregs.c:(.text+0x25b): undefined reference to `__stack_chk_fail_local'
    x86/.libs/Lresume.o: In function `_ULx86_resume':
    Lresume.c:(.text+0xdc): undefined reference to `__stack_chk_fail_local'
    collect2: error: ld returned 1 exit status
    Makefile:2249: recipe for target 'libunwind.la' failed

The snippet from gcc -dumpspecs

    %{!nostdlib:%{!nodefaultlibs:%(link_ssp) %(link_gcc_c_sequence)}}

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-11-06 10:49:58 +08:00
Kevin Darbyshire-Bryant
e0bd225269 wireguard: version bump to 0.0.20171101
Update wireguard to latest snapshot:

9fc5daf version: bump snapshot
748ca6b compat: unbreak unloading on kernels 4.6 through 4.9
7be9894 timers: switch to kees' new timer_list functions
6be9a66 wg-quick: save all hooks on save
752e7af version: bump snapshot
2cd9642 wg-quick: fsync the temporary file before renaming
b139499 wg-quick: allow for saving existing interface
582c201 contrib: add reresolve-dns
8e04be1 tools: correct type for CTRL_ATTR_FAMILY_ID
c138276 wg-quick: allow for the hatchet, but not by default
d03f2a0 global: use fewer BUG_ONs
6d681ce timers: guard entire setting in block
4bf32ca curve25519: only enable int128 if compiler support is sound
86e06a3 device: expand scope of destruct lock
e3661ab global: get rid of useless forward declarations
bedc77a device: only take reference if netns is different
7c07e22 wg-quick: remember to rewind DNS settings on failure
2352ec0 wg-quick: allow specifiying multiple hooks
573cb19 qemu: test using four cores
e09ec4d global: style nits
4d3deae qemu: work around ccache bugs
7491cd4 global: infuriating kernel iterator style
78e079c peer: store total number of peers instead of iterating
d4e2752 peer: get rid of peer_for_each magic
6cf12d1 compat: be sure to include header before testing
3ea08d8 qemu: allow for cross compilation
d467551 crypto/avx: make sure we can actually use ymm registers
c786c46 blake2: include headers for macros
328e386 global: accept decent check_patch.pl suggestions
a473592 compat: fix up stat calculation for udp tunnel
9d930f5 stats: more robust accounting
311ca62 selftest: initialize mutex in routingtable selftest
8a9a6d3 netns: use time-based test instead of quantity-based
e480068 netns: use read built-in instead of ncat hack for dmesg

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-11-04 18:10:21 +01:00
Mathias Kresin
8d3857a347 ath9k: unset the default LED pin if used by platform buttons
Unset the default LED gpio pin if the same gpio pin is used by a button
defined via platform button. It prevents the change of the GPIO value
on wireless up/down or wireless traffic.

Fixes: FS#1129

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-04 09:50:13 +01:00
Edmunt Pienkowsky
fdc7cc9907 base-files: add interval option to netdev LED trigger configuration
Add an uci option to set the interval parameter of the netdev trigger.

Signed-off-by: Edmunt Pienkowsky <roed@onet.eu>
2017-11-03 20:04:52 +01:00
Paul Wassi
67da6a7c5e uboot-kirkwood: update to 2017.09
Upgrade uboot-kirkwood to upstream release 2017.09
Catch up with upstream and move configuration options from
simple defines to Kconfig, as otherwise dependencies would
not be resolved and code would not compile.

Tested-by: Alberto Bursi <alberto.bursi@outlook.it>
Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2017-11-03 20:04:52 +01:00
Mathias Kresin
56189f1e32 ltq-atm: add missing dependency to kmod-ltq-adsl-*-mei
Commit 2e496876c6 fixed the generation of the depends line for external
kernel modules which makes it possible for the build system to
automatically detect this missing dependency.

This fixes the packaging of kmod-ltq-atm for the ar9, xway and
xway-legacy subtarget.

Fixes: FS#1124

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-03 20:04:40 +01:00
Felix Fietkau
eb58eba08b uclient: update to the latest version, fixes fetch of multiple files
4b87d83 uclient-fetch: fix overloading of output_file variable

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-02 22:54:09 +01:00
Tero Jänkä
82a4b8dd6a netifd: fix dns and domain variables pollution in dhcp.script
Unmodified dns and domain variables could be needed in user script (/etc/udhcpc.user).

Signed-off-by: Tero Jänkä <tero.janka@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (cleanup)
2017-11-02 18:20:55 +01:00
Hans Dedecker
f90f94d2c1 nghttp2: switch to release tarball
Switch from git to xz release tarball as there's no good reason to keep
using git when release tarballs are provided.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-01 22:08:14 +01:00
Baptiste Jonglez
098afa1e1b openssl: Enable assembler optimizations for aarch64
OpenSSL is built with the generic linux settings for most targets,
including aarch64.  These generic settings are designed for 32-bit CPU and
provide no assembler optmization: this is widely suboptimal for aarch64.

This patch simply switches to the aarch64 settings that are already
available in OpenSSL.

Here is the output of "openssl speed" before the optimization, with
"(...)" representing build flags that didn't change:

    OpenSSL 1.0.2l  25 May 2017
    options:bn(64,32) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr)
    compiler: aarch64-openwrt-linux-musl-gcc  (...)

And after this patch, OpenSSL uses 64 bit mode and assembler optimizations:

    OpenSSL 1.0.2l  25 May 2017
    options:bn(64,64) rc4(ptr,char) des(idx,cisc,2,int) aes(partial) blowfish(ptr)
    compiler: aarch64-openwrt-linux-musl-gcc  (...)  -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM

Here are some benchmarks on a pine64+ running latest LEDE master r5142-20d363aed3:

    before# openssl speed sha aes blowfish
    The 'numbers' are in 1000s of bytes per second processed.
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              3918.89k     9982.43k    19148.03k    24933.03k    27325.78k
    sha256            4604.51k    10240.64k    17472.51k    21355.18k    22801.07k
    sha512            3662.19k    14539.41k    21443.16k    29544.11k    33177.60k
    blowfish cbc     16266.63k    16940.86k    17176.92k    17237.33k    17252.35k
    aes-128 cbc      19712.95k    21447.40k    22091.09k    22258.35k    22304.09k
    aes-192 cbc      17680.12k    19064.47k    19572.14k    19703.13k    19737.26k
    aes-256 cbc      15986.67k    17132.48k    17537.28k    17657.17k    17689.26k

    after# openssl speed sha aes blowfish
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              6770.87k    26172.80k    86878.38k   205649.58k   345978.20k
    sha256           20913.93k    74663.85k   184658.18k   290891.09k   351032.66k
    sha512            7633.10k    30110.14k    50083.24k    71883.43k    82485.25k
    blowfish cbc     16224.93k    16933.55k    17173.76k    17234.94k    17252.35k
    aes-128 cbc      19425.74k    21193.31k    22065.74k    22304.77k    22380.54k
    aes-192 cbc      17452.29k    18883.84k    19536.90k    19741.70k    19800.06k
    aes-256 cbc      15815.89k    17003.01k    17530.03k    17695.40k    17746.60k

For some reason AES and blowfish do not benefit, but SHA performance
improves between 1.7x and 15x.  SHA256 clearly benefits the most from the
optimization (4.5x on small blocks, 15x on large blocks!).

When using EVP (with "openssl speed -evp <algo>"):

    # Before, EVP mode
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              3824.46k    10049.66k    19170.56k    24947.03k    27325.78k
    sha256            3368.33k     8511.15k    16061.44k    20772.52k    22721.88k
    sha512            2845.23k    11381.57k    19467.69k    28512.26k    33008.30k
    bf-cbc           15146.74k    16623.83k    17092.01k    17211.39k    17249.62k
    aes-128-cbc      17873.03k    20870.61k    21933.65k    22216.36k    22301.35k
    aes-192-cbc      16184.18k    18607.15k    19447.13k    19670.02k    19737.26k
    aes-256-cbc      14774.06k    16757.25k    17457.58k    17639.42k    17686.53k

    # After, EVP mode
    type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
    sha1              7056.97k    27142.10k    89515.86k   209155.41k   347419.99k
    sha256            7745.70k    29750.06k    95341.48k   211001.69k   332376.75k
    sha512            4550.47k    18086.06k    39997.10k    65880.75k    81431.21k
    bf-cbc           15129.20k    16619.03k    17090.56k    17212.76k    17246.89k
    aes-128-cbc      99619.74k   269032.34k   450214.23k   567353.00k   613933.06k
    aes-192-cbc      93180.74k   231017.79k   361766.66k   433671.51k   461731.16k
    aes-256-cbc      89343.23k   209858.58k   310160.04k   362234.88k   380878.85k

Blowfish does not seem to have assembler optimization at all, and SHA
still benefits (between 1.6x and 14.5x) but is generally slower than in
non-EVP mode.

However, AES performance is improved between 5.5x and 27.5x, which is
really impressive!  For aes-128-cbc on large blocks, a core i7-6600U
@2.60GHz is only twice as fast...

Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
2017-10-31 10:43:10 +08:00
Jonas Gorski
5302abe745 acx-mac80211: allow compilation on 4.9
acx-mac80211 compiles fine with 4.9, so no reason to not allow it.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-29 23:41:00 +01:00
Jonas Gorski
c77ba7df09 ar7-atm: fix function signatures with expected ones
Newer kernels treat differing signatures an error, not just a warning,
so fix the signatures to match.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-29 23:41:00 +01:00
Jonas Gorski
fce2664f19 ar7-atm: fixup proc fixes
They were incomplete, so fix them to properly update the function signatures
to what is expected.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-29 23:41:00 +01:00
Jonas Gorski
889b21f954 ar7-atm: drop LINUX_VERSION tests
Minimum supported kernel is 3.18, so we don't need to test for anything
older. In addition, the API hasn't changed since then, so we don't need
to check for any kernel version at all.  This helps to keeps the amount
of changes more managable.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-29 23:41:00 +01:00
Hans Dedecker
b00cf0e58e curl: bump to 7.56.1
Refresh patches
Remove 320-curl-confopts.m4-fix-disable-threaded-resolver.patch as
integrated upstream

See https://curl.haxx.se/changes.html for the bugfixes in 7.56.0 and
7.56.1

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-29 23:07:43 +01:00
Hans Dedecker
f6c01306cb nghttp2: bump to 1.27.0
Changes in v1.27.0 :

build: Fixed accidental compiler flags concatenation for MSVC (Patch from LazyHamster) (GH-1029)
build: Reduce libxml2 version requirement to 2.6.26 (Patch from Mike Lothian) (GH-1020)
asio: Support for Windows / MinGW (Patch from Daniel Evers) (GH-1027)
h2load: Print out h2 header fields with --verbose option (GH-1015)
nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client only (GH-1016)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-29 23:05:33 +01:00
Hauke Mehrtens
1e5e005841 ltq-atm: Add missing dependency to kmod-ltq-adsl-ase-mei
Commit 2e496876c6 fixed the generation of the depends line for external
kernel modules which makes it possible for the build system to
automatically detect this missing dependency. This fixes the build bot
build of the lantiq/aes target.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-29 17:01:26 +01:00
Karl Vogel
76378c6b9f build: use KERNEL_MAKE_FLAGS for kernel file compilations
The build system already defines KERNEL_CROSS which defaults to TARGET_CROSS.
Make use of this variable for kernel makefiles.

Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
2017-10-29 16:17:05 +01:00
Matt Mets
851644bf5b adb: fix package description
Signed-off-by: Matt Mets <matt@blinkinlabs.com>
2017-10-29 16:16:35 +01:00
Jonas Gorski
471d5dc6e3 mwlwifi: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
5df30a169c mt76: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
3689f7c8ef mac80211: ath10k: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
7eda0d2272 broadcom-wl: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
5cee71904f broadcom-wl: reorder kmod build and pass EXTRA_VERSIONS
Reoder the build to build the glue module first and pass the glue module's
Module.symvers to the wl driver builds.

This allows modpost to properly store a wl_glue dependency in the driver.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
557e98ebcc broadcom-wl: define module directories
Define the module subdirs so our build system properly picks up the
Module.symvers.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
5172f799a3 ath10k-ct: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
dd9df74dfa ath10k-ct: define module directories
Define the module subdir so our buildsystem properly picks up the
Module.symvers.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
70e7efb12f acx-mac80211: drop PKG_BUILD_DEPENDS
We already have a DEPENDS on mac80211, which should be enough to ensure
headers are available before build.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
860aba9e48 acx-mac80211: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jo-Philipp Wich
75021e9411 Revert "wpa_supplicant: log to syslog instead of stdout"
This reverts commit e7373e489d.

Support of "-s" depends on the CONFIG_DEBUG_SYSLOG compile time flag which
is not enabled for all build variants.

Revert the change for now until we can properly examine the size impact of
CONFIG_DEBUG_SYSLOG.

Fixes FS#1117.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-27 11:43:59 +02:00
Jo-Philipp Wich
d4e7af5278 mdadm: fix parameter quoting
Ensure that path defines are passed quoted to the compiler in order
to avoid cpp syntax errors.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-27 03:26:37 +02:00
Rosen Penev
8eadec40bd mdadm: Fix config generation
The init script generated something like "DEVICE=/dev/sda" when it should
have been generating "DEVICE /dev/sda". mdadm errors on this. Patch by jow.

Also changed the default sendmail path to /usr/sbin/sendmail. No package
in LEDE provides /sbin/sendmail. msmtp provides /usr/sbin/sendmail so use
that.

Also add a patch to fix file paths for mdadm runtime files. mdadm currently
errors on them since /run is missing. Once /run is added to stock LEDE, this
patch can be removed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-27 02:32:32 +02:00
Martin Wetterwald
378e1a4858 iptables: Fix target TRACE issue
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.

The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.

But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.

I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!

https://dev.openwrt.org/ticket/16694
https://dev.openwrt.org/ticket/19661

Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
                  and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
2017-10-27 02:31:33 +02:00
Henryk Heisig
f774d68fff ath10k-firmware: qca9888 firmware: remove board.bin
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2017-10-27 00:45:32 +02:00
Jonas Gorski
1dcd8e7cf1 mac80211: backport fixes for fix for CVE-2017-13080
Backport two fixes for the fix of CVE-2017-13080, preventing side channel
attacks and making it work for TKIP.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-26 15:41:07 +02:00
John Crispin
21e59ee3a2 hostapd: fix up ubus support
Signed-off-by: John Crispin <john@phrozen.org>
2017-10-25 21:45:31 +02:00
Kevin Darbyshire-Bryant
240d4b1b6e ltq-xdsl-app: script style nit
Fix missing space style nit.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-25 18:48:51 +02:00
Mathias Kresin
dacf6db2ee ltq-adsl-app: add more script notifications
Backport HANDSHAKE and TRAINING notification from ltq-vdsl-app. It
unifies the dsl led blinking pattern accross all subtargets and allows
to get the current line status from the dsl led.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Mathias Kresin
63c436ea4b ltq-atm: remove xrx200 special handling
The lantiq ATM driver is load for all subtargets on demand now. There
is not need to handle the xrx200 ATM driver in a special way any
longer.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Mathias Kresin
b02b7004f8 lantiq: xway: rename nas0/ptm0 to dsl0
This change makes it possible to configure the wan/dsl ppp interface
settings independantly from the used TC-Layer (ATM/PTM).

By using dsl0 as interface name as for the xrx200 we can get rid of a
few conditionals which were introduced because of the different default
TC-Layer in xway and xrx200.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Mathias Kresin
1470c79ceb ltq-adsl-app: use notification based ATM/PTM driver load
This patch removes the fixed atm/ptm driver loading and
switches to notification based driver loading.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Mathias Kresin
d456a888d0 ltq-adsl-app: convert init script to procd
Use the procd features for the init script.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Stefan Oberhumer
06e41056aa libs/lzo: Reenable unaligned access on ARM, PPC, ...
Due a compiler bug on ARM targets
 ( https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64516 )
unaligned access was disabled on all targets other than i386 and
x86_64 with commit 061319ec3d .

A fix has been added to lzo-2.09 so it is not necessary to disable
unaligned access within the Makefile anymore.

Signed-off-by: Stefan Oberhumer <stefan@obssys.com>
2017-10-24 13:24:04 +02:00
Florian Fainelli
1a53315951 uboot-sunxi: Backport fix for stale CONFIG_SUNXIG_GMAC references
This backports the upstream commit fixing stale references to
CONFIG_SUNXI_GMAC which have been later replaced by CONFIG_SUN7I_GMAC.
This fixes the designware MAC pinmuxing on e.g: Lamobo R1.

Refresh patches while we are at it.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-10-23 18:42:25 -07:00
Stijn Tintel
683350873e kernel: add kmod-iio-bmp280
This driver supports the Bosch Sensortec BMP180/BMP280 pressure and
temperature sensors. It also supports the BME280 sensors with an
additional humidity channel.

Tested I2C and SPI modes with a BME280 sensor on a Raspberry Pi Zero W.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 12:50:30 +03:00
Stijn Tintel
19a7f44a5a kernel: move IIO modules to iio.mk
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 12:50:30 +03:00
Hans Dedecker
fbde9ac718 netifd: bump to git HEAD version (FS#1037)
0f96606 proto: add point-to-point IPv4 address config support (FS#1037)
1ee788d ubus: display the point-to-point IPv4 address

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-19 21:48:49 +02:00
Felix Fietkau
184c92e7fb uboot-envtools: add support for Nokia WI2A-AC200i
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-19 12:27:44 +02:00
Hauke Mehrtens
db4550c4c8 broadcom-wl: fix compile with kernel 4.9
ENOENT could not be found by the compiler when compiling again kernel
4.9.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-18 23:26:15 +02:00
Stijn Tintel
060e37567e hostapd: bump PKG_RELEASE
The previous commit did not adjust PKG_RELEASE, therefore the
hostapd/wpad/wpa_supplicant packages containing the AP-side workaround
for KRACK do not appear as opkg update.

Bump the PKG_RELEASE to signify upgrades to downstream users.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-18 13:02:12 +03:00
Jason A. Donenfeld
f6c4a9c045 wireguard: version bump to 0.0.20171017
This is a simple version bump. Changes:

  * noise: handshake constants can be read-only after init
  * noise: no need to take the RCU lock if we're not dereferencing
  * send: improve dead packet control flow
  * receive: improve control flow
  * socket: eliminate dead code
  * device: our use of queues means this check is worthless
  * device: no need to take lock for integer comparison
  * blake2s: modernize API and have faster _final
  * compat: support READ_ONCE
  * compat: just make ro_after_init read_mostly

  Assorted cleanups to the module, including nice things like marking our
  precomputations as const.

  * Makefile: even prettier output
  * Makefile: do not clean before cloc
  * selftest: better test index for rate limiter
  * netns: disable accept_dad for all interfaces

  Fixes in our testing and build infrastructure. Now works on the 4.14 rc
  series.

  * qemu: add build-only target
  * qemu: work on ubuntu toolchain
  * qemu: add more debugging options to main makefile
  * qemu: simplify shutdown
  * qemu: open /dev/console if we're started early
  * qemu: phase out bitbanging
  * qemu: always create directory before untarring
  * qemu: newer packages
  * qemu: put hvc directive into configuration

  This is the beginning of working out a cross building test suite, so we do
  several tricks to be less platform independent.

  * tools: encoding: be more paranoid
  * tools: retry resolution except when fatal
  * tools: don't insist on having a private key
  * tools: add pass example to wg-quick man page
  * tools: style
  * tools: newline after warning
  * tools: account for padding being in zero attribute

  Several important tools fixes, one of which suppresses a needless warning.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-17 19:43:06 +02:00
Stijn Tintel
c5f97c9372 hostapd: add wpa_disable_eapol_key_retries option
Commit 2127425434 introduced an AP-side
workaround for key reinstallation attacks. This option can be used to
mitigate KRACK on the station side, in case those stations cannot be
updated. Since many devices are out there will not receive an update
anytime soon (if at all), it makes sense to include this workaround.

Unfortunately this can cause interoperability issues and reduced
robustness of key negotiation, so disable the workaround by default, and
add an option to allow the user to enable it if he deems necessary.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 17:25:05 +03:00
Stijn Tintel
2127425434 hostapd: backport extra changes related to KRACK
While these changes are not included in the advisory, upstream
encourages users to merge them.
See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 17:24:47 +03:00
Stijn Tintel
5fff2f44d5 hostapd: bump PKG_RELEASE
The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the
fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update.

Bump the PKG_RELEASE to signify upgrades to downstream users.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 02:13:34 +03:00
Stijn Tintel
2f701194c2 mac80211: backport kernel fix for CVE-2017-13080
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 01:56:31 +03:00
Hauke Mehrtens
a29848c671 ppp: make the patches apply correctly again
This fixes a compile problem recently introduced by me.

Fixes: f40fd43ab2 ("ppp: fix compile warning")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-16 20:08:56 +02:00
Jason A. Donenfeld
699c6fcc31 wireguard: add wireguard to base packages
Move wireguard from openwrt/packages to base a package.

This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving
experimental kernel module that many find essential and useful. The
other is a VPN client. Both are inside of core. When you combine the two
characteristics, you get WireGuard. Generally speaking, because of the
extremely lightweight nature and "stateless" configuration of WireGuard,
many view it as a core and essential utility, initiated at boot time
and immediately configured by netifd, much like the use of things like
GRE tunnels.

WireGuard has a backwards and forwards compatible Netlink API, which
means the userspace tools should work with both newer and older kernels
as things change. There should be no versioning requirements, therefore,
between kernel bumps and userspace package bumps.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
2017-10-16 14:01:21 +03:00
Felix Fietkau
bbda81ce30 hostapd: merge fixes for WPA packet number reuse with replayed messages and key reinstallation
Fixes:
- CERT case ID: VU#228519
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088

For more information see:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-16 12:01:57 +02:00
Hauke Mehrtens
f40fd43ab2 ppp: fix compile warning
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-15 14:19:49 +02:00
Martin Schiller
2dc9c8206b lantiq: xrx200: rename nas0/ptm0 to dsl0
This change makes it possible to configure the wan/dsl ppp interface
settings independantly from the used TC-Layer (ATM/PTM).

Now you can move a device from an ADSL/ATM port to an VDSL/PTM port
without any configuration changes for example.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[use the dsl0 interface name for the default netdev trigger in 01_led,
add ip dependency]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-15 11:11:29 +02:00
Hauke Mehrtens
08bbb804c8 mac80211: ath6kl: add missing usb-core dependency to kmod-ath6kl-usb
This fixes a build problem with many targets.

Fixes 618ed77a17 ("mac80211: add ath6kl kernel modules")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-15 10:53:46 +02:00
Christian Lamparter
81e28be824 kernel: kmod-macsec module for 4.9
MACsec/IEEE 802.1AE is useful to secure communication to and
from endpoints at Layer 2.

Starting with 4.6, the linux kernel provides a universal
macsec driver for authentication and encryption of traffic
in a LAN, typically with GCM-AES-128, and optional replay
protection.

http://standards.ieee.org/getieee802/download/802.1AE-2006.pdf

Note:
LEDE can utilize MACsec with a static connectivity association
key (static PSK) with the ip-full package installed.
<http://man7.org/linux/man-pages/man8/ip-macsec.8.html>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-10-15 00:24:22 +02:00
Daniel Engberg
e4b6900fd6 libs/libnl: Update to 3.3.0
Update libnl to 3.3.0
Import patches to fix compilation
Source: https://git.busybox.net/buildroot/tree/package/libnl
Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287
Use more automatic toolchain logic

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-10-15 00:24:22 +02:00
Florian Eckert
2e6d4c362b package/kernel/leds-apu2: add apu3 board detection
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-10-15 00:24:22 +02:00
Florian Eckert
2af41487e0 package/kernel/leds-apu2: fix whitespaces
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-10-15 00:24:22 +02:00
Yunhui Fu
0f061af98e wpan-tools: add the wpan-ping to test the 6LoWPAN network
This patch adds the help tool wpan-ping to test the 6LoWPAN
network to help the user debug network problem.

Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
2017-10-15 00:24:22 +02:00
Ben Whitten
618ed77a17 mac80211: add ath6kl kernel modules
Allow board to include the ath6kl kernel modules.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-15 00:24:21 +02:00
Ben Whitten
76662637fa linux-firmware: add ath6k firmware to package
Systems which include the ath6k chipset need to have the firmware included
in the image.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-15 00:24:21 +02:00
Hans Dedecker
1cec4d4ef0 busybox: provide "ip"
Let busybox provide "ip" as it supports the ip applets link, address,
route, rule and neighbor

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-14 20:23:55 +02:00
Sandeep Sheriker Mallikarjun
0a919afae4 at91bootstrap: remove manual copy of binaries to BIN_DIR
removed copying of binaries to BIN_DIR during install and using
default/install to install binaries to BIN_DIR folder.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-10-14 00:33:34 +02:00
Sandeep Sheriker Mallikarjun
cc443e894a at91bootstrap: Add BUILD_SUBTARGET variable
Added sama5 to BUILD_SUBTARGET variable.This will populate at91bootstrap
menu options in bootloader menu only when SAMA5 devices are selected as
SUBTARGET and to avoid showing up this menu when legacy device is
selected as SUBTARGET and fixed typo mistake: sama5d3 -> sama5d2.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-10-14 00:33:34 +02:00
Hauke Mehrtens
b4c3570666 uboot-at91: multiple build fixes
This fixes the following problems:
 * Add BUILD_DEVICES for legacy subtarget
 * Use features from u-boot.mk for sama5 subtarget This is mainly done
   by changing the prefix from uboot to U-Boot. This makes them depend
   on the sama5 subtarget and not selectable for the legacy subtarget
   any more

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-14 00:13:35 +02:00
Hans Dedecker
db18cee2d7 iproute2: bump to 4.13
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-13 21:48:44 +02:00
Felix Fietkau
5bd006aa26 mac80211: fix tx power regression
Revert an accidental change that was introduced by having an old version
of the patch in my git tree, which was merged in 609208597b

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-13 20:28:47 +02:00
Christian Lamparter
7ffb707576 dnsmasq: add listen_address parameter
This patch adds a parser for the uci representation of
dnsmasq's "-a | --listen-address" option.

In summary, this option forces dnsmasq to listen on the
given IP address(es). Both interface and listen-address
options may be given, in which case the set of both
interfaces and addresses is used.

Note that if no interface option is given, but listen_address is,
dnsmasq will not automatically listen on the loopback interface.
To achieve this, the loopback IP addresses, 127.0.0.1 and/or ::1
must be explicitly added.

This option is useful for ujailed dnsmasq instances, that would
otherwise fail to work properly, because listening to the
"This host on this network" address (aka 0.0.0.0 see rfc1700 page 4)
may not be allowed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
2017-10-13 16:54:58 +02:00
Felix Fietkau
878456caf6 mt76: update to the latest version
e781569 update to latest mac80211/cfg80211 API changes
37654d7 mt76x2: fix tx status ampdu length corner case

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-13 11:45:57 +02:00
Felix Fietkau
609208597b mac80211: update to wireless-testing 2017-10-06
Rework the code to get rid of some extra kernel module dependencies
introduced in the last update.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-13 11:45:57 +02:00
Hauke Mehrtens
efbd4e721d ath10k-ct: activate user space firmware loading again
This backports a patch from kernel 4.14 to the ath10k-ct version based
on kernel 4.13.
Some devices are using a user space script to load the calibration data
from the flash and this was not trigged any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-12 23:40:27 +02:00
Ben Greear
3888e77c1c ath10k-ct driver: use dma_alloc_coherent, 4.13 based driver
This should help ath10k work on systems with little or no IOMMU
memory.  apu2 can boot two 9888 NICs now, for instance.  From
upstream patch by Adrian Chadd.

And, start building the 4.13 based CT ath10k driver.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-10-12 23:40:27 +02:00
Ben Greear
d8c559d614 ath10k-ct firmware: Tx-hang and EAPOL handling fixes for wave-2 firmware.
Changes since last LEDE release include:

  *  Fix key-setting bug that broke sending the EAPOL 2/4 in some cases.  This was a
     bug I introduced some time back while trying to fix .11r and simplify the key
     handling logic.  (Patch to wpa_supplicant fixed the race with sending the 4/4
     and setting the key...un-patched supplicant will still have this race and the 4-way
     auth will not work as reliably.)

  *  Increase amount of active-tids that can be scheduled.  This fixes a tx-stall
     seen with many station vdevs.

  *  Fix bug in upstream code that would cause the maximum peer to never be scheduled
     for tx.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-10-12 23:40:27 +02:00
Alexandru Ardelean
a5d016f361 net: uqmi: fix blocking in endless loops when unplugging device
If you unplug a QMI device, the /dev/cdc-wdmX device
disappears but uqmi will continue to poll it endlessly.

Then, when you plug it back, you have 2 uqmi processes,
and that's bad, because 2 processes talking QMI to the
same device [and the same time] doesn't seem to work well.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-10-09 16:07:42 +02:00
Stijn Tintel
f8595a51d9 conntrack-tools: switch to git
There have been a number of interesting fixes in conntrack-tools since
the current latest release. Most notable is that this fixes IPv6
conntrack table syncing when cross-compiling conntrack-tools.

7e7748d src/main: refresh help message
fe32043 conntrackd.8: refresh file
47a4dda conntrackd.8: add reference to systemd
0cfe7ff doc/manual: include some bits about init systems
74a418b conntrackd: cthelper: ftp: Set match offset/len for PORT mangling
d833bed conntrackd: cthelper: ftp: Fix debug print
dd4b5a1 conntrackd: cthelper: Add new mdns helper
498d698 Link nfct and helper modules with `-z lazy`
9e94e85 sync-mode: print errno message on failure
ab81c35 log: print messages to stdout/sderr if running in console mode
631d92b log: introduce a mechanism to know if log was initialized
ccb1c8b conntrackd: replace error reporting in the config parser with dlog()
bee121e conntrackd: replace fprintf calls with dlog()
5a51b04 conntrack-tools: update Arturo Borrero Gonzalez email address
abb9984 helper: remove copy and paste from uapi kernel header
a91a004 src: add log message when resync is requested by other node
c2d8be1 systemd: fix missing log.h include
f6ca216 config: drop old/obsolete/deprecated conntrackd.conf config options
8b83771 conntrack: send mark filter to kernel iff set
1ba5e76 conntrackd: cthelper: Don't leak nat_tuple
832166d conntrackd: cthelper: Free pktb after use
ff843bc conntrackd: config: Do not strdup() tokens
b61c454 conntrackd: cthelper: ssdp: Track UPnP eventing
8ea394e conntrackd: Remove obsolete rule to catch ambiguous Checksum option
39398cd conntrackd: CommitTimeout breaks DisableExternalCache set On
29b390a conntrack: Support IPv6 NAT
381827a conntrackd: factorice tx_queue functions
131df89 conntrackd: factorize resync operations
d31bacc conntrackd: consolidate more code to use resync_send()
3d98496 conntrackd: request resync at startup
ef410bf conntrackd: remove use of HAVE_INET_PTON_IPV6
9d38445 conntrackd: evaluate configuration earlier
6feded7 conntrackd: cleanup if failed forking
dbfdea7 conntrackd: deprecate unix backlog configuration
210f542 conntrackd: make the daemon run in RT mode by default
37cc7f0 conntrackd: remove warning for -S
d2849d1 conntrack: Show multiple CPUs stats from proc
bc0b49a conntrackd: cthelper: ssdp: fix build with musl
0c77a25 tests: don't fail on modprobe since the driver might be built-in
eefe649 conntrack.8: refresh manpage

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:15:14 +03:00
Stijn Tintel
7695f144eb libnetfilter_conntrack: switch to git
In order to build conntrack-tools from git, a newer version of
libnetfilter_conntrack is required. As 1.0.6 is currently the latest
release, switch to git.

b0a7cf7 include: expose a copy of nf_conntrack_common.h
f68f7b3 conntrack: fix missing break in setobjopt_undo_dnat()
79dac5a conntrack: revert getobjopt_is_nat() condition
b266523 libnetfilter_conntrack: bump version to 1.0.7
e870432 labels: don't crash on NULL labelmap

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:12:00 +03:00
Stijn Tintel
bcfc39b763 libnetfilter_queue: bump to git HEAD
b39cac7 src: Correct typo in the location of internal.h in #include
58cb066 src: Declare the define visibility attribute together
e84b559 Revert "src: Declare the define visibility attribute together"
003c2b1 examples: set dummy connmark value to show use of NFQA_CT nested attribute
63973da doc: extend the doxygen section about NFQA_CFG_F_GSO
d7f74c7 build: bump version to 1.0.3
3f9eb57 build: bump library release version too
601abd1 doc: Add information about retrieving UID/GID/SECCTX fields

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:06:06 +03:00
Stijn Tintel
9e9696afc8 treewide: switch git.netfilter.org to HTTPS
As git.netfilter.org seems to support HTTPS, use that instead of HTTP
which is insecure, or GIT which is blocked on many corporate networks.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 21:10:36 +03:00
Stijn Tintel
6b533fd4bc ipset-dns: bump to git HEAD
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 20:51:03 +03:00
Daniel Golle
b80f6a5876 uboot-sunxi: build for NanoPi NEO
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-10-08 17:16:39 +02:00
Yangbo Lu
2e2203ff72 layerscape: update packages with LSDK git trees
NXP Layerscape LSDK had set up its own open source web site
and github for release.

https://lsdk.github.io
https://github.com/qoriq-open-source

This patch is to update rcw/fman_ucode/u-boot packages with LSDK
git trees. Also add some patches of packages to support LEDE.
Since ARMv8 32-bit u-boot images are same with ARMv8 64-bit images
but 64-bit toolchain couldn't be used for 32-bit targets, we still
use a private tree for ARMv8 32-bit u-boot images. This is in plan
to move this private tree to NXP Layerscape github.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-10-07 23:13:22 +02:00
Yangbo Lu
806624add5 layerscape: rename subtargets and update makefile files
Rename subtargets 32b/64b with armv8_32b/armv8_64b which are
more proper, and update makefile files. There also will be other
subtargets added in the future, like armv7.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-10-07 23:13:22 +02:00
Hans Dedecker
778970735b curl: add nghttp2 support
Add config option support for nghttp2

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-07 19:17:44 +02:00
Hans Dedecker
0e265dc0c7 nghttp2: add libnghttp2 package
The nghttp2 library is an implementation of the Hypertext Transfer
Protocol version 2 in C; it supports RFC7540 and RFC7541.
The package enables only the reusable C library; binary size is 130K (X86)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-07 19:17:44 +02:00
Thibaut VARENE
2be307c998 rbcfg: Implement CPU frequency control
This patch implements CPU frequency control as found on several
routerboard devices.

Supported SoCs:
- QCA953X
- AR9344

Tested on hAP lite and mAP lite (QCA953x): steps of 50MHz
Tested on LHG 5 (AR9344): steps of 50MHz

On unsupported hardware, this patch is a NOP: it will not alter the
new field.
"rbcfg help" will display an empty "cpu_freq" help listing.
"rbcfg show" will not show the cpu_freq field.
"rbcfg set/get cpu_freq" will return an error code.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
[adjusted subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-07 15:00:26 +02:00
Stijn Tintel
c088203535 hostapd: escape double quoutes in wpad CFLAGS
A recent commit in hostapd added a build option to specify the default
TLS ciphers. This build option is passed via CFLAGS. Due to the way
CFLAGS are handled when building wpad, the compiler tries to recursively
expand TLS_DEFAULT_CIPHERS, resulting in the following error:

../src/crypto/tls_openssl.c: In function 'tls_init':
<command-line>:0:21: error: 'DEFAULT' undeclared (first use in this function)
../src/crypto/tls_openssl.c:1028:13: note: in expansion of macro 'TLS_DEFAULT_CIPHERS'
   ciphers = TLS_DEFAULT_CIPHERS;
             ^

Escape double quotes in the .cflags file to avoid this.

Fixes: 2f78034c3e ("hostapd: update to version 2017-08-24")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-07 05:49:22 +03:00
Koen Vandeputte
2f78034c3e hostapd: update to version 2017-08-24
- Deleted upstreamed patches & parts
- Refreshed all

Compile tested: full-option package + tools (hostapd + wpa_supplicant)
Run-tested: hostapd wpa2 hotspot & wpa_supplicant IBSS link

Targets: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-10-07 05:46:04 +03:00
Hans Dedecker
bd27331eea netifd: update to latest git HEAD version (FS#1030)
5df3f01 config: suppress error if no wireless config present (FS#1030)
3429bd8 system-linux: add support for hotplug event 'move'

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-06 22:12:33 +02:00
Hans Dedecker
834c93e00b dropbear: fix PKG_CONFIG_DEPENDS
Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-06 09:38:00 +02:00
Hans Dedecker
7d905f1e95 uci: bump to git HEAD version
5ad59ad Add bitfield_set function from libubox

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-04 21:29:34 +02:00
Hans Dedecker
470b13975d libubox: bump to git HEAD version
632688e utils: nuke bitfield functions and macros
f714be1 uloop: make SIGCHLD signal handling optional

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-04 21:29:00 +02:00
Mathias Kresin
d07f924978 ltq-vmmc: disable for falcon
The module fails to compile with falcon. Remove the falcon depends from
the module to not (try to) compile it for falcon any longer.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-04 20:08:15 +02:00
Mathias Kresin
bd523d4573 ltq-ptm: mark AmazonSE support as broken
Albeit ltq-ptm is supported on AmazonSE, the package fails to compile.
Mark the AmazonSE variant as broken to not mark it unnecessary harder
to fix (and test) the compile error.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-04 20:08:15 +02:00
Hans Dedecker
a37655baca procd: use LN macro
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-03 11:07:26 +02:00
Kevin Darbyshire-Bryant
67ac017fef dnsmasq: bump to v2.78
Fixes CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495, 2017-CVE-14496

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-10-02 18:26:53 +02:00
Hauke Mehrtens
5508510e74 sunxi: add Orange Pi R1 support
The following features are working and tested:
* both Ethernet ports
* MMC
* LED

The following features are not working:
* Wifi (There is a crappy driver we could port)
* SPI flash (I haven't looked into this)

I haven't tried out the rest.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-01 17:10:33 +02:00
Hauke Mehrtens
ba1aedafeb mac80211: fix compile error on PowerPC (PPC_85xx)
Including linux/interrupt.h in linux/hrtimer.h causes this error message
on PowerPC builds on x86, ARM and MIPS it works:

  CC [M]  /backports-4.14-rc2-1/compat/main.o
In file included from /backports-4.14-rc2-1/backport-include/linux/printk.h:5:0,
                 from ./include/linux/kernel.h:13,
                 from /backports-4.14-rc2-1/backport-include/linux/kernel.h:3,
                 from ./include/linux/list.h:8,
                 from /backports-4.14-rc2-1/backport-include/linux/list.h:3,
                 from ./include/linux/module.h:9,
                 from /backports-4.14-rc2-1/backport-include/linux/module.h:3,
                 from /backports-4.14-rc2-1/compat/main.c:1:
./include/linux/ratelimit.h: In function 'ratelimit_state_exit':
./include/linux/ratelimit.h:62:11: error: dereferencing pointer to incomplete type 'struct task_struct'
    current->comm, rs->missed);
           ^
./include/linux/printk.h:279:37: note: in definition of macro 'pr_warning'
  printk(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
                                     ^
./include/linux/ratelimit.h:61:3: note: in expansion of macro 'pr_warn'
   pr_warn("%s: %d output lines suppressed due to ratelimiting\n",
   ^

The backport of the hrtimer_start() functions needs the
linux/interrupt.h because some parts are defined there. Fix this by
moving the hrtimer_start() backport to the linux/interrupt.h backport
header file.

Fixes: a8f63a0717: ("mac80211: update to backports-4.14-rc2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-01 16:41:19 +02:00
Hauke Mehrtens
a8f63a0717 mac80211: update to backports-4.14-rc2
This updates mac80211 to backprots-4.14-rc2.
This was compile and runtime tested with ath9k, ath10k and b43
with multiple stations and ieee80211w and in different scenarios by many
other people.

To create the backports-4.14-rc2-1.tar.xz use this repository:
https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git
from tag v4.14-rc2-1

Then run this:
./gentree.py --git-revision v4.14-rc2 --clean  <path to linux repo> ../backports-4.14-rc2-1

This also adapts the ath10k-ct and mt76 driver to the changed cfg80211
APIs and syncs the nl80211.h file in iw with the new version from
backports-4.14-rc2.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-01 12:49:11 +02:00
Lucian Cristian
1114f5dc10 sunxi: improve A20 Lime2 upload speed
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-09-30 23:50:57 +02:00
Daniel Engberg
c4562a9069 package/utils/f2fs-tools: Update to 1.9.0
Update f2fs-tools to 1.9.0
Remove patch as its been committed upstream

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-09-30 22:43:17 +02:00
Ryan Mounce
6a5a58ed27 util-linux: update to 2.30.2
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2017-09-30 22:41:43 +02:00
Hauke Mehrtens
3adafda07c base-files: create /etc/config/ directory
The /bin/config_generate script and some other scripts are assuming the
/etc/config directory exists in the image. This is true in case for
example the package firewall, dropbear or dnsmasq are included, which
are adding the files under /etc/config/. Without any of these package
the system will not boot up fully because the /etc/config/ directory is
missing and some init scripts just fail.

Make sure all images with the base-files contain a /etc/config/
directory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: John Crispin <john@phrozen.org>
2017-09-30 22:22:38 +02:00
Mathias Kresin
fe36f7b0a6 ltq-vdsl-mei: revert disable optimized firmware download
This reverts commit b428f45c062dc8ca8c2f35f491fa467dc5b85519.

If the optimized firmware download is disabled, the xdsl subsystem
hangs in the "idle request" state after physically disconnecting and
reconnecting the xdsl modem from the line.

It might fix the failing line init on boot as well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-30 20:36:48 +02:00
Stijn Tintel
c317af777b iw: fix build on musl host
The empty version.sh script causes a problem when run by make:
make[3]: /usr/bin/env bash: Shell program not found

Adding a shebang line in version.sh seems to solve it.

Fixes FS#977.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-29 14:59:06 +03:00
Felix Fietkau
e64463ebde util-linux: avoid using the getrandom syscall
getrandom blocks until the random pool is being initialized.
Unfortunately, this code is being called early during init to create the
overlay filesystem, on some devices leaving little chance for a
successful random pool init.
True randomness is not that important here, so fix this issue by
sticking to using /dev/urandom, like in older versions of this code.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-29 12:32:44 +02:00
Stijn Tintel
1d7042231b gdb: bump to 8.0.1
Add -static-libstdc++ to TARGET_LDFLAGS to avoid a hard dependency on
libstdc++, and -Wl,--gc-sections to further reduce the size on platforms
that support it.

Fixes CVE-2017-9778.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-29 06:33:39 +03:00
Felix Fietkau
6919f95bb3 mt76: update to the latest version, improves mt7603 stability
cb83f33 mt7603: mac: fix logic in mt7603_tx_hang()
21f20b4 mt7603: mac: fix register configuration in mt7603_rx_dma_busy()
d5e945e mt7603: mcu: fix indentation of mcu command definition

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-28 22:57:48 +02:00
Felix Fietkau
afe83f6151 linux-firmware: fix intel wireless-n 100 firmware package name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-28 22:57:46 +02:00
Felix Fietkau
79216243d7 hostapd: add support for accessing 802.11k neighbor report elements via ubus
This API can be used to distribute neighbor report entries across
multiple APs on the same LAN.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-28 22:46:26 +02:00
Felix Fietkau
9f5f5d250e hostapd: add support for specifying device config options directly in uci
This is useful for tuning some more exotic parameters where it doesn't
make sense to attempt to cover everything in uci directly

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-28 22:45:59 +02:00
Marcin Jurkowski
a816e1eac7 dropbear: make ssh compression support configurable
Adds config option to enable compression support which is usefull
when using a terminal sessions over a slow link. Impact on binary
size is negligible but additional 60 kB (uncompressed) is needed for
a shared zlib library.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
2017-09-28 21:47:16 +02:00
John Crispin
00e9a7aacb umdns: update to latest git HEAD
b84fdac Add debug output for service_timeout
8f7e3bc Remove incorrect comma in http service json config
9f40133 Remove ttl==255 restriction for queries

Signed-off-by: John Crispin <john@phrozen.org>
2017-09-28 09:29:31 +02:00
Michal Sojka
1a5bf778fb procd: Install seccomp-trace symlink
Signed-off-by: Michal Sojka <sojkam1@fel.cvut.cz>
2017-09-28 09:22:02 +02:00
John Crispin
3398e8e94d procd: update to latest git HEAD
ee582d1 instance: properly compare and reload respawn config
260a4cd utrace: Start the tracee only after uloop initialization
520ad3c utrace: Switch all logging to ulog
1c48104 utrace: Support non-contiguous syscall numbers
582cf97 utrace: Forward SIGTERM to the traced process
32534f7 utrace: Report ptrace errors
ccde3fb seccomp: Improve error message
7f9b174 preload-seccomp: Use proper log level for error messages
e3c4302 Start seccomp-enabled services via seccomp-trace
5e4ad02 seccomp: Log seccomp violations with utrace
2661b2f utrace: Use PTHREAD_SEIZE instead of PTHREAD_TRACEME
b5d53c6 utrace: Deliver signals to traced processes
b416ed9 utrace: Support tracing multi-threaded processes and vfork
8b7d47a utrace: Trace processes across forks
c6b6ec6 utrace: Sort syscalls by number of invocations
592c532 Update trace attribute
c8faedc Do not disable seccomp when configuration is not found
017f3a1 utrace: Fix off-by-one errors
5acaf15 utrace: Fix environment initialization

Signed-off-by: John Crispin <john@phrozen.org>
2017-09-28 09:22:02 +02:00
Kevin Darbyshire-Bryant
f2107fc328 ramips: improve Xiaomi Mi Router 3G support
This commit improves support for the Xiaomi Mi Router 3G originally
added in commit 6e283cdc0d

Improvements:

- Remove software watchdog as hardware watchdog now working as per
  commit 3fbf3ab44f for all mt7621
  devices.

- Reset button polarity corrected - length of press determines reboot
  (short press) vs. reset to defaults (long press) behaviour.

- Enable GPIO amber switch port LEDs on board rear - lit indicates 1Gbit
  link and blink on activity.  Green LEDs driven directly by switch
  indicating any link speed and tx activity.

- USB port power on/off GPIO exposed as 'usbpower'

- Add access to uboot environment settings for checking/setting uboot
  boot order preference from user space.

Changes:

- Front LED indicator is physically made of independent Yellow/Amber,
  Red & Blue LEDs combined via a plastic 'lightpipe' to a front panel
  indicator, hence the colour behaviour is similar to an RGB LED. RGB
  LEDs are not supported at this time because they produce colour results
  that do not then match colour labels, e.g. enabling 'mir3g:red' and
  'mir3g:blue' would result in a purple indicator and we have no such
  label for purple.
  The yellow, red & blue LEDs have been split out as individual yellow,
  red & blue status LEDs, with yellow being the default status LED as
  before and with red's WAN and blue's USB default associations removed.

- Swapped order of vlan interfaces (eth0.1 & eth0.2) to match stock vlan
  layout. eth0.1 is LAN, eth0.2 is WAN

- Add 'lwlll' vlan layout to mt7530 switch driver to prevent packet
  leakage between kernel switch init and uci swconfig

uboot behaviour & system 'recovery'

uboot expects to find bootable kernels at nand addresses 0x200000 &
0x600000 known by uboot as "system 1" and "system 2" respectively.
uboot chooses which system to hand control to based on 3 environment
variables: flag_last_success, flag_try_sys1_failed & flag_try_sys2_failed

last_success represents a preference for a particular system and is set
to 0 for system 1, set to 1 for system 2.  last_success is considered *if*
and only if both try_sys'n'_failed flags are 0 (ie. unset) If *either*
failed flags are set then uboot will attempt to hand control to the
non failed system. If both failed flags are set then uboot will check
the uImage CRC of system 1 and hand control to it if ok.  If the uImage
CRC of system is not ok, uboot will hand control to system 2
irrespective of system 2's uImage CRC.

NOTE: uboot only ever sets failed flags, it *never* clears them. uboot
sets a system's failed flag if that system's was selected for boot but
the uImage CRC is incorrect.

Fortunately with serial console access, uboot provides the ability to
boot an initramfs image transferred via tftp, similarly an image may
be flashed to nand however it will flash to *both* kernels so a backup
of stock kernel image is suggested. Note that the suggested install
procedure below set's system 1's failed flag (stock) thus uboot ignores
the last_success preference and boots LEDE located in system 2.

Considerable thought has gone into whether LEDE should replace both
kernels, only one (and which one) etc. LEDE kernels do not include a
minimal rootfs and thus unlike the stock kernel cannot include a
method of controlling uboot environment variables in the event of
rootfs mount failure. Similarly uboot fails to provide an external
mechanism for indicating boot system failure.

Installation - from stock.

Installation through telnet/ssh:
- copy lede-ramips-mt7621-mir3g-squashfs-kernel1.bin and
  lede-ramips-mt7621-mir3g-squashfs-rootfs0.bin to usb disk or wget it
  from LEDE download site to /tmp
- switch to /extdisks/sda1/ (if copied to USB drive) or to /tmp if
  wgetted from LEDE download site
- run: mtd write lede-ramips-mt7621-mir3g-squashfs-kernel1.bin kernel1
- run: mtd write lede-ramips-mt7621-mir3g-squashfs-rootfs0.bin rootfs0
- run: nvram set flag_try_sys1_failed=1
- run: nvram commit
- run: reboot

Recovery - to stock.

Assuming you used the above installation instructions you will have a
stock kernel image in system 1. If it can be booted then it may be used
to perform a stock firmware recovery, thus erasing LEDE completely. From
a 'working' LEDE state (even failsafe)

Failsafe only:
- run: mount_root
- run: sh /etc/uci-defaults/30_uboot-envtools
Then do the steps for 'All'

All:
- run: fw_setenv flag_try_sys2_failed 1
- run: reboot

The board will reboot into system 1 (stock basic kernel) and wait with
system red light slowly blinking for a FAT formatted usb stick with a
recovery image to be inserted.  Press and hold the reset button for
around 1 second. Status LED will turn yellow during recovery and blue
when recovery complete.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-28 09:20:36 +02:00
Mathias Kresin
36fd53f9a9 ltq-vdsl-mei: disable optimized firmware download
With ltq-vdsl-mei 1.5.17.6 an optimized firmware download was added and
enabled by default. As soon as the optimized firmware download is
enabled, a watchdog based reboot is trigger between 24h to 48h of
uptime if the board isn't connected to a xdsl line.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-28 07:23:18 +02:00
Martin Schiller
f1ae982f8d ltq-vdsl: fix PM thread suspend and resume handling
This is a backport form drv_dsl_cpe_api-4.18.10 and fixes some PM
thread handling issues which lead to high system load and watchdog
trigger within 1h of uptime for boards not connected to a xdsl line.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-09-28 07:23:18 +02:00
Magnus Kroken
a9a37526a9 openvpn: update to 2.4.4
Fixes CVE-2017-12166: out of bounds write in key-method 1.

Remove the mirror that was temporarily added during the
2.4.3 release.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2017-09-28 04:05:44 +03:00
Lorenzo Santina
c14cc531e5 hostapd: update wpa_supplicant p2p config
Update the config file to the latest version.

Added CONFIG_EAP_FAST=y because it was the only
missing flag about EAP compared to full config.

Removed NEED_80211_COMMON flag because it is not part
of config file, it is set by the hostapd upstream Makefile.

Other flags are the same as before.

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:27:36 +03:00
Lorenzo Santina
1cde4395d0 hostapd: update wpa_supplicant mini config
Update the config file to the latest version.
Enabled flags are the same as before.

Removed NEED_80211_COMMON flag because it is not part
of config file, it is set by the hostapd upstream Makefile.

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:27:26 +03:00
Lorenzo Santina
65113799d7 hostapd: update wpa_supplicant full config
Update the config file to the latest version.
Enabled flags are the same as before.

Commented CONFIG_IEEE80211W=y flag because it is
set in the Makefile, only if the driver supports it.

Removed NEED_80211_COMMON flag because it is not part
of config file, it is set by the hostapd upstream Makefile.

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:27:14 +03:00
Lorenzo Santina
70ade53692 hostapd: update hostapd mini config
Update the config file to the latest version.
Enabled flags are the same as before.

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:27:01 +03:00
Lorenzo Santina
7865e86b0e hostapd: update hostapd full config
Update the config file to the latest version.
Enabled flags are the same as before.

Removed flag CONFIG_WPS2 because it is no more
needed due to this changelog (2014-06-04 - v2.2):
"remove WPS 1.0 only support, i.e., WSC 2.0
support is now enabled whenever CONFIG_WPS=y is set".

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[add punctuation to commit msg]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-28 00:26:11 +03:00
Hans Dedecker
754659ddb5 curl: fix disable threaded resolver
Bump to 7.55.1 broke the disable threaded resolver feature as reported
in https://github.com/curl/curl/issues/1784.
As a result curl is always compiled with the threaded resolver feature
enabled which causes a dependency issue on pthread for uclibc.
Fix this issue by backporting the upstream curl commit which fixes
disable threaded resolver.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-27 17:33:48 +02:00
Stijn Tintel
456de21297 ipset: replace patch that was reverted upstream
Use the correct prefix for backports while at it.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-26 18:18:44 +03:00
Marko Ratkaj
56348c95e9 uboot-mvebu: add OpenSSL compat patches
Fixes the following build issue: "undefined reference to `EVP_MD_CTX_create'"

From: Jelle van der Waa <jelle@vdwaa.nl>

The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.

EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
called to reinitialise an already created structure.

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
2017-09-25 23:08:33 +02:00
Marko Ratkaj
49e6e9ca39 uboot-mvebu: fix SETEXPR redefinition warning
Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
2017-09-25 23:08:32 +02:00
Marko Ratkaj
ad0e107c23 uboot-mvebu: add missing UBOOT_MAKE_FLAGS variable
This patch removes "/bin/sh: HOSTCPPFLAGS: command not found" errors douring build.

Signed-off-by: Marko Ratkaj <marko.ratkaj@sartura.hr>
2017-09-25 22:38:29 +02:00
Stijn Tintel
b0f8b13331 samba36: add Package/samba/Default
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 22:53:59 +03:00
Stijn Tintel
7e58392bcb ipset: bump to 6.34
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 22:52:46 +03:00
Stijn Tintel
d9beae9b9e curl: bump to 7.55.1
Update 200-no_docs_tests.patch.
Refresh patches.

Fixes the following CVEs:
- CVE-2017-1000099
- CVE-2017-1000100
- CVE-2017-1000101

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 07:42:34 +03:00
Stijn Tintel
2ad649d134 iperf: bump to 2.0.10
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-25 07:42:34 +03:00
Lucian Cristian
a7465f375a sunxi: add Olimex A20-OLinuXino-LIME2-eMMC
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
[replaced u-boot patch with original version from u-boot git]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-24 16:28:28 +02:00
James Christopher Adduono
82739648c0 kernel: kmod-usb-storage-uas
This will allow you to build and package the uas.ko module.
With more routers supporting USB 3.0 host this could help
speed up activities like DLNA and Samba, as well as reduce
CPU utilization over BOT mass storage drivers.

Signed-off-by: James Christopher Adduono <jc@adduono.com>
2017-09-22 19:16:54 +02:00
Adrian Panella
ab26fc6c8d uhttp: update to latest version
3fd58e9 2017-08-19 uhttpd: add manifest support
88c0b4b 2017-07-09 file: fix basic auth regression
99957f6 2017-07-02 file: remove unused "auth" member from struct
path_info
c0a569d 2017-07-02 proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASS
ad93be7 2017-07-02 auth: store parsed username and password
fa51d7f 2017-07-02 proc: do not declare empty process variables
a8bf9c0 2017-01-26 uhttpd: Add TCP_FASTOPEN support
e6cfc91 2016-10-25 lua: ensure that PATH_INFO starts with a slash

Signed-off-by: Adrian Panella <ianchi74@outlook.com>
2017-09-21 23:03:46 +02:00
Hans Dedecker
47f3645930 libubox: fix uloop race condition
7a10576 uloop: Fix race condition in SIGCHLD handling

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-21 23:03:36 +02:00
Stijn Tintel
6c32e05218 arm-trusted-firmware-sunxi: depend on sunxi target
The arm-trusted-firmware-sunxi package is only used by the Allwinner
A64, so only make it selectable for its subtarget sunxi/cortexa53.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hauke Mehrtens <hauke@hauke-m.de>
Reviewed-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-09-20 23:49:36 +03:00
Sandeep Sheriker Mallikarjun
670448a002 at91bootstrap: New package at91bootstrap
at91bootstrap is a second-level bootloader for Microchip(Atmel AT91) SoCs.
It provides a set of algorithms to manage the hardware initialization and
to download the main application or a third-level bootloader(i.e. uboot)
from specified boot media to main memory and execute it.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-09-20 09:01:46 +02:00
Sandeep Sheriker Mallikarjun
5b9cff921e uboot-at91: Add support for SAMA5D4 Xplained board
Add support for SAMA5D4 Xplained board and options to select & build
u-boot configs for different media storage.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-09-20 09:01:38 +02:00
Sandeep Sheriker Mallikarjun
dacab6472d uboot-at91: Add support for SAMA5D2 Xplained board
Add support for SAMA5D2 Xplained board and options to select & build
u-boot configs for different media storage.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-09-20 09:01:31 +02:00
Sandeep Sheriker Mallikarjun
8f1764b98a uboot-at91: Add support for SAMA5D3 Xplained board
Add support for SAMA5D3 Xplained board and options to select & build
u-boot configs for different media storage.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-09-20 09:01:24 +02:00
Sandeep Sheriker Mallikarjun
71a93a22fd uboot-at91: move BUILD_SUBTARGET from U-Boot/Default to devices
currenlty U-Boot/Default supports only at91 legacy devices.To add
sama5 support, moving BUILD_SUBTARGET from U-Boot/Default to target
devices.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-09-20 09:01:16 +02:00
Chen Minqiang
40fd77fd10 ipq-wifi: fix missing define of PKG_NAME
Signed-off-by: Chen Minqiang <ptpt52@gmail.com>
2017-09-20 08:49:49 +02:00
Philip Prindeville
3008fc9a7b usbutils: avoid duplicating the git revision
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-09-20 02:08:09 +02:00
Sven Roederer
ce53c0e718 openvpn: add "extra-certs" option
This option is used to specify a file containing PEM certs, to complete the
local certificate chain. Which is quite usefull for "split-CA" setups.

Signed-off-by: Sven Roederer <devel-sven@geroedel.de>
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-09-19 20:05:57 +08:00
Lucian Cristian
f295db6e46 sunxi: add Olimex A20-OlinuXino-LIME2
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-09-18 21:29:16 +02:00
Lorenzo Santina
b0d2c4ac41 hostapd: ft_over_ds support
Add support for ft_over_ds flag in ieee80211r

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
2017-09-18 21:24:10 +02:00
Lorenzo Santina
70593acdd5 hostapd: ft_psk_generate_local support
Add support for ft_psk_generate_local flag in ieee80211r

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[original author]
Signed-off-by: Sergio <mailbox@sergio.spb.ru>
2017-09-18 21:23:35 +02:00
Hauke Mehrtens
2a2b32a77f ath10k-firmware: use firmware from git instead of extra download
Instead of manually downloading the files again we can also take the
same files directly from the ath10k-firmware git which was cloned
before.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 20:56:56 +02:00
Hauke Mehrtens
e080a7ce07 uboot-sunxi: build A64 SoC and pine64 U-Boot
This creates a U-Boot for the aarch64 SoC A64 on the pine64 board.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 18:36:27 +02:00
Hauke Mehrtens
ea46d386e0 arm-trusted-firmware-sunxi: add new package
This is needed for the Boot loader of the A64 SoC.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 18:36:26 +02:00
Hauke Mehrtens
41e7d2e2e8 sunxi: split into cortex A8 and A7 subtarget
Now we can activate some compiler optimizations for the cortex A7.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 18:36:26 +02:00
Hauke Mehrtens
b9a35920bf uboot-sunxi: revert the usage of binman
This will avoid the usage of swig.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 18:36:26 +02:00
Hauke Mehrtens
85b7d780c5 uboot-sunxi: do not depend on dtc being install on host
make mkimage check the DTC environment variable first.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 18:36:26 +02:00
Hauke Mehrtens
1422d4435b uboot-sunxi: update to version 2017.07
The deleted patches are already integrated in the upstream U-Boot
version.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-18 18:36:26 +02:00
Marcin Jurkowski
feab5fa51e dnsmasq: fix dhcp "ignore" option on wwan interfaces
Init script won't append --no-dhcp-interface option if interface
protocol is one of: ncm, directip, qmi, mbim.
This is caused by IP address assigned to dynamically created netifd
interfaces. As a result there's no netmask assigned to the main
interface and dhcp_add() function returns prematurely.

By moving network subnet check we can ensure that --no-dhcp-interface is
properly generated for wwan interfaces.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase; move network checks]
2017-09-18 10:14:34 +02:00
Hans Dedecker
400c5f03c3 base-files: fix wan6 interface config generation for pppoe
Setting ipv6 to auto in case of a pppoe interface will trigger the
creation of a dynamic wan_6 interface meaning two IPv6 interfaces
(wan6 and wan_6) will be active on top of the pppoe interface.
This leads to unpredictable behavior in the network; therefore set
ipv6 to 1 which will prevent the dynamic creation of the wan_6
interface.
Further alias the wan6 interface on top of the wan interface for pppoe
as the wan6 interface can only be started when the link local address is
ready. In case of pppoe the link local address is negotiated during the
Internet Protocol Control Protocol when the PPP link is setup meaning
all the IP address info is only available when the wan interface is up.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-18 09:57:34 +02:00
Stijn Tintel
2375e279a7 tcpdump: noop commit to refer CVEs fixed in 4.9.2
When bumping tcpdump from 4.9.1 to 4.9.2, I did not include the fixed
CVEs in the commit message. As the list of fixed CVEs is quite long,
we should probably mention them in the changelogs of the releases to
come. This commit will make sure this happens.

The following CVEs were fixed in 21014d9708:

CVE-2017-11541
CVE-2017-11541
CVE-2017-11542
CVE-2017-11542
CVE-2017-11543
CVE-2017-11543
CVE-2017-12893
CVE-2017-12894
CVE-2017-12895
CVE-2017-12896
CVE-2017-12897
CVE-2017-12898
CVE-2017-12899
CVE-2017-12900
CVE-2017-12901
CVE-2017-12902
CVE-2017-12985
CVE-2017-12986
CVE-2017-12987
CVE-2017-12988
CVE-2017-12989
CVE-2017-12990
CVE-2017-12991
CVE-2017-12992
CVE-2017-12993
CVE-2017-12994
CVE-2017-12995
CVE-2017-12996
CVE-2017-12997
CVE-2017-12998
CVE-2017-12999
CVE-2017-13000
CVE-2017-13001
CVE-2017-13002
CVE-2017-13003
CVE-2017-13004
CVE-2017-13005
CVE-2017-13006
CVE-2017-13007
CVE-2017-13008
CVE-2017-13009
CVE-2017-13010
CVE-2017-13011
CVE-2017-13012
CVE-2017-13013
CVE-2017-13014
CVE-2017-13015
CVE-2017-13016
CVE-2017-13017
CVE-2017-13018
CVE-2017-13019
CVE-2017-13020
CVE-2017-13021
CVE-2017-13022
CVE-2017-13023
CVE-2017-13024
CVE-2017-13025
CVE-2017-13026
CVE-2017-13027
CVE-2017-13028
CVE-2017-13029
CVE-2017-13030
CVE-2017-13031
CVE-2017-13032
CVE-2017-13033
CVE-2017-13034
CVE-2017-13035
CVE-2017-13036
CVE-2017-13037
CVE-2017-13038
CVE-2017-13039
CVE-2017-13040
CVE-2017-13041
CVE-2017-13042
CVE-2017-13043
CVE-2017-13044
CVE-2017-13045
CVE-2017-13046
CVE-2017-13047
CVE-2017-13048
CVE-2017-13049
CVE-2017-13050
CVE-2017-13051
CVE-2017-13052
CVE-2017-13053
CVE-2017-13054
CVE-2017-13055
CVE-2017-13687
CVE-2017-13688
CVE-2017-13689
CVE-2017-13690
CVE-2017-13725

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-18 01:33:40 +03:00
Hauke Mehrtens
45d0b88e44 mac80211: make iwlwifi select AC support
Some NICs supported by this driver support ieee80211 AC.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-17 15:08:53 +02:00
Hauke Mehrtens
aa00d11526 linux-firmware: pack Intel iwl FW separately
Do not create one big package with all the Intel firmware files
supported by the iwlwifi driver, but use a separate package for each
chip.

This also updates some 7000 and 8000 series firmware files to more
recent version. The older versions shipped are not supported by the
current driver any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-17 15:08:52 +02:00
Hauke Mehrtens
1b2c93988f mac80211: add dev_coredumpm() function
dev_coredumpm() was added with kernel 4.7, but it is used by iwlwifi.
When the dev coredump framework form compat-wireless is used this is not
a problem because it already contains this, but this is deactivated if
the build system finds out that it is already included in the kernel we
compile against. This option was now activated by the bluetooth driver
btmrvl. Having dev coredump in the kernel adds about 400 bytes to the
lzma compressed kernel for brcm47xx.

This is copied from a more recent backports version to add the
dev_coredumpm() function when the internal core devdump is not used.

Fixes: a5922f6 ("kernel: bluetooth: add marvell sdio bluetooth module")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-17 14:54:28 +02:00
Daniel Engberg
692aa82981 kernel: kmod-btmrvl: Add kmod-mmc as dependency
This fixes the build of this module and should fix the build bots.

Fixes: a5922f6 ("kernel: bluetooth: add marvell sdio bluetooth module")
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
[removed mveub dependency and update commit comment]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-17 10:42:07 +02:00
Florian Fainelli
ef485bb23d dnsmasq: Pass TARGET_CPPFLAGS to Makefile
With the introduction of the ubus notifications, we would now fail building
dnsmasq with external toolchains that don't automatically search for headers.
Pass TARGET_CPPFLAGS to the Makefile to resolve that.

Fixes: 34a206bc11 ("dnsmasq: add ubus notifications for new leases")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-09-16 16:38:19 -07:00
Henryk Heisig
a5922f6c46 kernel: bluetooth: add marvell sdio bluetooth module
This commit add support for Marvell bluetooth with SDIO interface.

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
[Fix KCONFIG and FILES option]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-17 00:59:55 +02:00
Henryk Heisig
8637110189 linux-firmware: update to the commit from 2017-09-06
update firmware mrvl/sd8887_uapsta.bin

Signed-off-by: Henryk Heisig <hyniu@o2.pl>
[update to version 2017-09-06]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-09-17 00:59:41 +02:00
Daniel Engberg
5b1660a538 utils/e2fsprogs: Update to 1.43.6
Update e2fsprogs to 1.43.6
Disable compilation of fuse2fs (we don't package it)
Disable thread support (only affects fuse2fs)
Enable linking with libblkid instead of using private (included) version.
The libblkid is ~210KBytes in size, but with using the shared library
the binaries are ~25KBytes smaller. This also brings it in sync with
most other Linux distributions.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-09-17 00:26:52 +02:00
Philip Prindeville
344fde35e3 kernel: add packaging for Xeon iTCO watchdog timer
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-09-17 00:08:00 +02:00
Kabuli Chana
010cddc2b0 mwlwifi: update to version 10.3.4.0 / 2017-08-10
Update mwlwifi

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2017-09-17 00:07:36 +02:00
Alexandru Ardelean
7bc80364b7 libs/wolfssl: bump to version 3.12.0 ; add myself as maintainer
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
41706d05b9 libs/wolfssl: adjust symbol defaults against libwolfssl defaults
Some symbols have been renamed.
Some are default enabled/disabled, so we need
to adjust semantics against that.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
8334a23679 libs/wolfssl: disable hardening check in settings.h
This seems to cause a false-positive warning/error
while building `libwebsockets-cyassl`.

```
make[6]: Leaving directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
make[6]: Entering directory '/home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1'
[  2%] Building C object CMakeFiles/websockets.dir/lib/base64-decode.c.o
In file included from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/ssl.h:31:0,
                 from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/ssl.h:33,
                 from /home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/cyassl/openssl/ssl.h:30,
                 from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/private-libwebsockets.h:256,
                 from /home/sandu/work/lede/build_dir/target-x86_64_musl/libwebsockets-cyassl/libwebsockets-2.2.1/lib/base64-decode.c:43:
/home/sandu/work/lede/staging_dir/target-x86_64_musl/usr/include/wolfssl/wolfcrypt/settings.h:1642:14: error: #warning "For timing resistance / side-channel attack prevention consider using harden options" [-Werror=cpp]
             #warning "For timing resistance / side-channel attack prevention consider using harden options"

```

Hardening is enabled by default in libwolfssl at build-time.

However, the `settings.h` header is exported (along with other headers)
for build (via Build/InstallDev).

This looks like a small bug/issue with wolfssl.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
d03c23c8d4 cyassl,curl,libustream-ssl: rename every cyassl to wolfssl
This is to eliminate any ambiguity about the cyassl/wolfssl lib.

The rename happened some time ago (~3+ years).
As time goes by, people will start to forget cyassl and
start to get confused about the wolfSSL vs cyassl thing.

It's a good idea to keep up with the times (moving forward).

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
560b7334ec libs/wolfssl: add libcysassl to PROVIDES field (for backwards compat)
Until other packages from feeds decide to rename the
dependency of `+libcyassl` to `+libwolfssl`, this allows
for a bit of backwards compatibility with those packages.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-17 00:00:12 +02:00
Alexandru Ardelean
ad510c4d62 wwan: json format in some modem definitions
Method used:
```
cd package/network/utils/wwan/files/data
sed -e 's/}}/}/g' -i *
sed -e 's/}\t"acm": 1/\t"acm": 1/g' -i *
sed -e 's/}\t"generic": 1/\t"generic": 1/g' -i *
```

Manually adjusted commas.
Validated with
```
for f in `ls` ; do echo $f ; python -m json.tool < $f || break ; done
```

Thanks to @lynxis for pointing out the commas.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-09-16 23:04:46 +02:00
Karl Palsson
ae57675bba odhcpd: don't enable server mode on non-static lan port
Instead of blindly enabling the odhcpd v6 server and RA server on the
lan port, only do that if the lan port protocol is "static"

This prevents the unhelpful case of a device being a dhcpv4 client and
v6 server on the same ethernet port.

Signed-off-by: Karl Palsson <karlp@etactica.com>
[PKG_SOURCE_DATE increase; odhcpd.defaults script cleanup]
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-16 09:37:50 +02:00
Hans Dedecker
c88770c766 odhcpd: update to git HEAD version
f0bce9c dhcpv4: fix memset compile issue
0ba3278 dhcpv4: rework assignment lookup
e3b49f3 dhcpv4: cleanup dhcpv4_test usage
47fe122 dhcpv4: rework lease expire handling logic
028ab85 dhcpv4: force renew nonce authentication support
a827fca dhcpv4: avoid segfault when there's no IPv4 prefix
bea088b ndp: detect ifindex changes via interface netlink events
f66103e ubus: display accept reconf status for DHCPv6 assignments
f0e354b treewide: replace RELAYD prefix naming in macros
1a313f9 dhcpv4: fix possible segfault when lease is not created
e2d6eb4 dhcpv4: dhcpv4: move interface lease list insertion out of dhcpv4_assign

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-13 22:32:52 +02:00
Lorenzo Santina
fd84ecda7d treewide: fix shellscript syntax errors/typos
Fix multiple syntax errors in shelscripts (of packages only)
These errors were causing many conditions to not working properly

Signed-off-by: Lorenzo Santina <lorenzo.santina@edu.unito.it>
[increase PKG_RELEASE, drop command substitution from directip.sh]
Signed-off-by: Mathias Kresin <dev@kresin.em>
2017-09-13 08:07:54 +02:00
Kevin Darbyshire-Bryant
7765e442d0 basefiles: allow suid coredumps
Set sysctl fs.suid_dumpable = 2

This allows suid processes to dump core according to kernel.core_pattern
setting.  LEDE typically uses suid to drop root priviledge rather than
gain it but without this setting any suid process would be unable to
produce coredumps (e.g. dnsmasq)

Processes still need to set a non zero core file process limit ('ulimit
-c unlimited' or if procd used 'procd_set_param limits
core="unlimited"') in order to produce a core.  This setting removes an
obscure stumbling block along the way.

>From https://www.kernel.org/doc/Documentation/sysctl/fs.txt

suid_dumpable:

This value can be used to query and set the core dump mode for setuid
or otherwise protected/tainted binaries. The modes are

0 - (default) - traditional behaviour. Any process which has changed
	privilege levels or is execute only will not be dumped.
1 - (debug) - all processes dump core when possible. The core dump is
	owned by the current user and no security is applied. This is
	intended for system debugging situations only. Ptrace is unchecked.
	This is insecure as it allows regular users to examine the memory
	contents of privileged processes.
2 - (suidsafe) - any binary which normally would not be dumped is dumped
	anyway, but only if the "core_pattern" kernel sysctl is set to
	either a pipe handler or a fully qualified path. (For more details
	on this limitation, see CVE-2006-2451.) This mode is appropriate
	when administrators are attempting to debug problems in a normal
	environment, and either have a core dump pipe handler that knows
	to treat privileged core dumps with care, or specific directory
	defined for catching core dumps. If a core dump happens without
	a pipe handler or fully qualifid path, a message will be emitted
	to syslog warning about the lack of a correct setting.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2017-09-12 22:18:45 +02:00
Toke Høiland-Jørgensen
76c3a033f6 ath10k: Re-enable intermediate softqueues for all devices
The upstream ath10k driver disables the intermediate softqueues for some
devices. This patch reverts that behaviour and always enables the
softqueues (and associated bufferbloat fixes). We have had reports of people
running this with good results:
https://lists.bufferbloat.net/pipermail/make-wifi-fast/2017-September/001497.html

This also refreshes mac80211 patches.

Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
2017-09-11 17:16:17 +02:00
Stijn Tintel
c11762e435 strace: bump to 4.19
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Kevin Darbyshire-Bryant
69ac637fbb mbedtls: update to 2.6.0 CVE-2017-14032
Fixed an authentication bypass issue in SSL/TLS. When the TLS
authentication mode was set to 'optional',
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the
peer's X.509 certificate chain had more than
MBEDTLS_X509_MAX_INTERMEDIATE_CA intermediates (default: 8), even when
it was not trusted. This could be triggered remotely on both the client
and server side. (Note, with the authentication mode set by
mbedtls_ssl_conf_authmode()to be 'required' (the default), the handshake
was correctly aborted).

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Tested-by: Magnus Kroken <mkroken@gmail.com>
2017-09-11 01:56:14 +02:00
Stijn Tintel
21014d9708 tcpdump: bump to 4.9.2
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Stijn Tintel
910e3bed12 lldpd: bump to 0.9.8
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-11 01:56:14 +02:00
Lorenzo Santina
bd24d53ea2 hostapd: fix iapp_interface option
ifname variable were not assigned due to syntax error
causing the hostapd config file to have an empty iapp_interface= option

Signed-off-by: Lorenzo Santina <lorenzo.santina.dev@gmail.com>
2017-09-10 08:30:32 +02:00
Kevin Darbyshire-Bryant
5629904ea8 dnsmasq: backport arcount edns0 fix
Don't return arcount=1 if EDNS0 RR won't fit in the packet.

Omitting the EDNS0 RR but setting arcount gives a malformed packet.
Also, don't accept UDP packet size less than 512 in received EDNS0.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-09-08 10:07:04 +02:00
Kevin Darbyshire-Bryant
9a753c49ea dnsmasq: backport official fix for CVE-2017-13704
Remove LEDE partial fix for CVE-2017-13704.

Backport official fix from upstream.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
2017-09-07 08:09:54 +02:00
Matthias Schiffer
f12a5b8f6d
uclient: update to 2017-09-06
24d6eded73de uclient-http: fix Host: header for literal IPv6 addresses
83ce236dab86 uclient-fetch: read_data_cb: fix a potential buffer overflow

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-09-06 15:46:03 +02:00
Hans Dedecker
995193ccdb odhcp6c: add workaround for broken extendprefix scenario
Extendprefix is typically used to extend an IPv6 RA prefix from a mobile
wan link to the LAN; such scenario requires correct RA prefix settings
like the on link flag not being set.
However some mobile manufacter set the RA prefix on link flag which breaks
basic IPv6 routing.
Work around this issue by filtering out the route being equal to the
extended prefix.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-05 14:46:18 +02:00
John Crispin
5117911d91 ramips: fix mt76x8 dependencies
The commit merging mt7628 and mt7688 failed to update some
dependencies.

Signed-off-by: John Crispin <john@phrozen.org>
2017-09-05 08:08:36 +02:00
Hans Dedecker
05c3647d35 odhcp6c: add ra_holdoff config option and update to git HEAD version (FS#964)
51733a6 ra: align RA update interval with RFC4861 (FS#964)

Add ra_holdoff config option which allows to configure the RA minimum
update interval which is by default 3 seconds as stated in RFC4861.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-03 21:34:48 +02:00
Stijn Tintel
ef255fc57e base-files: add /etc/profile.d to conffiles
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 01:27:46 +03:00
Stijn Tintel
8446d3de05 base-files: order conffiles alphabetically
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-03 01:27:46 +03:00
Hans Dedecker
80e2ee3e64 ubox: update to git HEAD version
b1bc8d5 kmodloader: log error message in case of out of memory
f346111 kmodloader: lift restriction on module alias info
f1ef2c3 kmodloader: fix possible segfaults
9cb63df kmodloader: fix endianess check
2cff779 kmodloader: Check module endian before loading
d54f38a kmodloader/get_module_info: initialized aliases to make it more clean
a0b6fef kmodloader: insmod: fix a memoryleak in error case
278c4c4 kmodloader/get_module_name: null-terminate the string
16f7e16 syslog: remove unnecessary sizeof struct between messages

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-09-01 16:05:59 +02:00
Karl Palsson
7a423c389a procd: mdns: Support txt values with spaces
Properly quote the arguments so that you can register a service with TXT
entries that contains spaces.

Example:
   procd_add_mdns myservice tcp 9999 "key=descriptive text field 1" \
         "another=something equally verbose"

Output before:
$ avahi-browse -r -v _myservice._tcp
_myservice._tcp      local
   hostname = [blah.local]
   address = [192.168.255.74]
   port = [9999]
   txt = ["verbose" "equally" "another=something" "1" "field" "text" "key=descriptive"]

Output now:
$ avahi-browse -r -v _myservice._tcp
_myservice._tcp      local
   hostname = [blah.local]
   address = [192.168.255.74]
   port = [9999]
   txt = ["another=something equally verbose" "key=descriptive text field 1"]

Signed-off-by: Karl Palsson <karlp@etactica.com>
2017-09-01 08:58:09 +02:00
John Crispin
12930fc045 Revert "dropbear: Link ssh and scp command to /bin instead of /usr/bin"
This reverts commit f7528ed0a8.

Signed-off-by: John Crispin <john@phrozen.org>
2017-08-31 21:09:13 +02:00
Rosen Penev
f7528ed0a8 dropbear: Link ssh and scp command to /bin instead of /usr/bin
ssh and scp commands interfere with OpenSSH when installed in /usr/bin .

One use case is when installing dropbear to get root access when only OpenSSH is available (OpenSSH disallows root password logins). Once dropbear installs, it replaces OpenSSH's executables, even when removed with opkg. OpenSSH must be reinstalled to get them back.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-08-31 19:14:43 +02:00
Magnus Kroken
89f8a01dab busybox: update to 1.27.2
Refresh patches, delete patches backported from upstream.

This fixes ntpd sync issues (ntpd would not sync if the first provided
peer address was unreachable).

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-08-30 22:34:41 +02:00
Ram Chandra Jangir
9adfeccd84 uboot-envtools: Add support for IPQ806x AP148 and DB149
IPQ806x AP148 and DB149 boards didn't have the UCI ubootenv
section initialized, so the usage of fw_printenv required manual
configuration. With this change, the "fw_printenv" and "fw_setenv"
command will automatically work on NOR and NAND based platforms.

Signed-off-by: Ram Chandra Jangir <rjangir@codeaurora.org>
2017-08-30 18:12:48 +02:00