Commit graph

14287 commits

Author SHA1 Message Date
Kevin Darbyshire-Bryant
03a00eeab3 wireguard: bump to 20180118
Bump to latest wireguard release snapshot:

9a93a3d version: bump snapshot
7bc0579 contrib: keygen-html: update curve25519 implementation
ffc13a3 tools: import new curve25519 implementations
0ae7356 curve25519: wire up new impls and remove donna
f90e36b curve25519: resolve symbol clash between fe types
505bc05 curve25519: import 64-bit hacl-star implementation
8c02050 curve25519: import 32-bit fiat-crypto implementation
96157fd curve25519: modularize implementation
4830fc7 poly1305: remove indirect calls
bfd1a5e tools: plug memleak in config error path
09bf49b external-tests: add python implementation
b4d5801 wg-quick: ifnames have max len of 15
6fcd86c socket: check for null socket before fishing out sport
ddb8270 global: year bump
399d766 receive: treat packet checking as irrelevant for timers

No patch refresh required.

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-25 22:40:06 +01:00
Felix Fietkau
6271539fc5 Revert "mt76: update to the latest version"
This reverts commit 99eb128aca.
Connectivity issues reported by users, needs rework

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-25 21:19:13 +01:00
Felix Fietkau
99eb128aca mt76: update to the latest version
2b7fae4 mt76: fix returnvar.cocci warnings
939e3e0 mt76x2: dfs: avoid tasklet scheduling during mt76x2_dfs_init_params()
cf59170 mt76x2: dfs: add set_domain handler
5e4d60e mt76x2: dfs: take into account dfs region in mt76x2_dfs_init_params()
f76e25f mt76x2: fix WMM parameter configuration
34d612d mt76: retry rx polling as long as there is budget left
0f8327a mt76x2: fix TSF value in probe responses
ad3f8e9 mt76: add an intermediate struct for rx status information
58a41f1 mt76: get station pointer by wcid and pass it to mac80211
b0508d3 mt76: implement A-MPDU rx reordering in the driver code
cf3cfc4 mt76: split mt76_rx_complete
461cdf9 mt76: pass the per-vif wcid to the core for multicast rx
9b2c778 mt76: validate rx CCMP PN
302af90 mt76x2: init: disable all pending tasklets during device removal
9f685fe mt7603: init: disable tbtt tasklet during device removal
c6f8cac mt76: let mac80211 validate CCMP PN for fragmented frames
3968dae mt7603: fix 40 mhz channel bandwidth reporting
9c2e03d mt7603: fix rx LDPC reporting

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-25 16:50:10 +01:00
Felix Fietkau
166741240a mac80211: mesh: drop frames appearing to be from us
Upstream backport to fix issues arising from devices with duplicate MAC
addresses

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-25 10:54:14 +01:00
Matthias Schiffer
95ab18e012
vxlan: add options to enable and disable UDP checksums
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-24 13:53:34 +01:00
Matthias Schiffer
4d001af7c5
netifd: update to latest git HEAD
af3cadb system-linux: VXLAN: add options to enable and disable UDP checksums

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-24 13:50:50 +01:00
Hans Dedecker
a9ffe9fd75 procd: update to latest git HEAD
653629f trace: check asprintf() return value
67eb7e6 trace: add missing limits.h include

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-23 11:46:45 +01:00
Jo-Philipp Wich
eaf79d06b7 Revert "kernel: add IEEE-1284 parallel port support"
This reverts commit 666e9cf222.

The change has not been build-tested on non-x86 targets and leads to
stalled kernel builds due to unset configuration symbols there.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-22 13:41:20 +01:00
John Crispin
24b0424ecb procd: update to latest git HEAD
846e20c procd: add timing to start/stop logging

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-22 12:53:34 +01:00
Koen Vandeputte
5bdbc10b1b uqmi: silence error on pin verification
If a device only supports the 2nd verification method (uim),
the first method will fail as expected reporting an error:

"Command not supported"

Silence both separate methods and only report an error regarding
pin verification if both fail.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-01-22 08:46:46 +01:00
Daniel Gimpelevich
666e9cf222 kernel: add IEEE-1284 parallel port support
The kmod-lp package included both lp.ko and ppdev.ko, but ECP device
drivers may or may not require lp NOT to be loaded, needing only ppdev.
Additionally, There were no packages for any parport interface modules,
such as uss720 or parport_pc, provided here. It has not been otherwise
possible to use PC-style parport hardware for kmod-lp.

Signed-off-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
2018-01-22 07:17:11 +01:00
Hauke Mehrtens
4336efe14b kernel: use upstream patches for musl
This replaces the current patches used to make the kernel headers
compatible with musl with the version which was accepted upstream. This
is included in upstream kernel 4.15.
This was compile tested with iproute2 build on all supported kernel
versions with musl and one one with glibc.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 22:11:33 +01:00
Hauke Mehrtens
e3c43ade0b ubus: fix PKG_MIRROR_HASH
Fixes: dd975d15a7 ("ubus: fix wrong PKG_SOURCE_DATE")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-20 20:22:01 +01:00
Philip Prindeville
a30791242b nftables: update to 0.8.1
Note this requires libnftnl-1.0.8 or higher, so that update needs
to be merged first.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-01-20 20:22:01 +01:00
Philip Prindeville
3d8040e04f libnftnl: update to 1.0.9
Also, drop unsupported configure options.

Don't use git retrieve but released tarball instead.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2018-01-20 20:22:01 +01:00
Kevin Darbyshire-Bryant
adaf1cbcc8 dnsmasq: backport validation fix in dnssec security fix
A DNSSEC validation error was introduced in the fix for CVE-2017-15107

Backport the upstream fix to the fix (a simple typo)

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-20 14:22:39 +01:00
Kevin Darbyshire-Bryant
a3198061f8 dnsmasq: backport dnssec security fix
CVE-2017-15107

An interesting problem has turned up in DNSSEC validation. It turns out
that NSEC records expanded from wildcards are allowed, so a domain can
include an NSEC record for *.example.org and an actual query reply could
expand that to anything in example.org  and still have it signed by the
signature for the wildcard. So, for example

!.example.org NSEC zz.example.org

is fine.

The problem is that most implementers (your author included, but also
the Google public DNS people, powerdns and Unbound) then took that
record to prove the nothing exists between !.example.org and
zz.example.org, whereas in fact it only provides that proof between
*.example.org and zz.example.org.

This gives an attacker a way to prove that anything between
!.example.org and *.example.org doesn't exists, when it may well do so.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-19 22:11:16 +01:00
Christian Lamparter
51dd8f3875 ipq-wifi: align AVM FRITZ!Box 4040's board-2.bin package
This patch renames the AVM FRITZ!Box 4040's board-2.bin
file and package to match the 'vendor_product' format.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
8d755ef052 firmware: ath10k-firmware: update QCA988x firmware to 10.2.4-1.0-00033
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA988x.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
f6a8505de0 firmware: ath10k-firmware: update QCA9887 firmware to 10.2.4-1.0-00033
This patch updates ath10k-firmware to use the
firmware-5.bin_10.2.4-1.0-00033 firmware for the QCA9887.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
2d3a73afc4 firmware: ath10k-firmware: update QCA9888 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9888.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
da5312d06e firmware: ath10k-firmware: update QCA9984 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA9984.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
e0184fd0d5 firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.4-00104
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.4-00104 firmware for the QCA4019.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Christian Lamparter
280a7d3948 firmware: ath10k-firmware: update to 2017-12-20
This update automatically includes a new firmware for the QCA6174:
firmware-6.bin_WLAN.RM.4.4.1-00079-QCARMSWPZ-1

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-01-18 21:21:11 +01:00
Hans Dedecker
26045049ba odhcp6c: add sendopts config support and update to latest git HEAD
Add sendopts config support allowing to add options in sent DHCPv6 packets.

Options can be configured as follows :
	uci set network.wan6.sendopts="sntpservers:3001:3001::1,3001:3001::2 11:00000000000000000000006674692F 0x3e8:ABCDEF"

Based on a patch by Frank Andrieu <fandrieu@gmail.com>

See https://git.openwrt.org/?p=project/odhcp6c.git;a=commit;h=510aaf6d528210c5e8a6159f9b80b32615e88c5f
for a more detailed description.

Latest git changes :
	1f93bd4 dhcpv6: rework option passthrough logic
	a477e95 odhcp6c: rework userclass and vendorclass command handling
	510aaf6 odhcp6c: add -x opt:val support
	ab75be1 treewide: update copyrights to 2018
	f3a4609 odhcp6c: let odhcp6c_add_state return a success/failure indication

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-18 11:39:42 +01:00
Dirk Brenken
ef8cd6be1e util-linux: add fstrim support
This PR adds optional fstrim support

Signed-off-by: Dirk Brenken <dev@brenken.org>
2018-01-18 08:04:18 +01:00
Mathias Kresin
acafbac4b3 base-files: gpio switch: check if direction can be set
Obviously not all GPIO controller allow to change the direction. The issue
is around since the beginning of the script but only due to the recent
changes error messages are more visible.

Add a check if a change of the direction is supported by the GPIO
controller and fallback to setting only the value if not.

Fixes: FS#1271
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-18 07:22:37 +01:00
Mathias Kresin
f476c9a745 base-files: gpio switch: fix inverted logic
GPIOs are exported as active high to the sysfs, hence the logic need to be
inverted.

Fixes: e66c47fb14 ("base-files: gpio switch: set output value with
       direction")
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-18 07:22:36 +01:00
Hans Dedecker
1ca4f8ca1c ubox: update to latest git HEAD
e7a63fb ubox: Remove unnecessary memset calls

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-17 22:00:43 +01:00
Hans Dedecker
dd975d15a7 ubus: fix wrong PKG_SOURCE_DATE
Fix wrong PKG_SOURCE_DATE introduced in e14cac0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-17 14:09:59 +01:00
Hans Dedecker
e14cac0ebf ubus: update to latest git HEAD
5bae22e ubus/lua: pass notification name to callback
212ceb1 valgrind complained about these
d57907c fix invalid close() call

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-17 13:47:14 +01:00
Felix Fietkau
e2c0e904c0 ath9k: discard undersized packets
Sometimes the hardware will push small packets that trigger a WARN_ON
in mac80211. Discard them early to avoid this issue.

Reported-by: Stijn Tintel <stijn@linux-ipv6.be>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-17 12:32:48 +01:00
Felix Fietkau
765599cb0e mac80211: remove support code for authsae
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-17 11:05:11 +01:00
Felix Fietkau
8061c62f5d authsae: remove package
It is no longer actively maintained and does not work well in many
configurations. Fully replaced by wpad-mesh

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-01-17 11:05:11 +01:00
Jo-Philipp Wich
5bbcd80e3f xtables-addons: remove from base
The package has been moved to the package feed repository to allow for
non-base dependencies such as Perl.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-16 19:40:29 +01:00
Jo-Philipp Wich
5c0b288815 netfilter: enable CONFIG_NF_CONNTRACK_MARK from kmod-nf-conntrack
Unconditionally enable connmark support and tie it to the conntrack core
module to allow removing this kernel configuration dependency from the
xtables-addons package.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-16 19:39:08 +01:00
Jo-Philipp Wich
190c1c3cc8 iwinfo: update to latest git HEAD
5a5e21b nl80211: skip event notifications in wpa_supplicant scan result reply

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-16 14:10:52 +01:00
Kevin Darbyshire-Bryant
aba3b1c6a3 dnsmasq: use SIGINT for dnssec time valid
Dnsmasq used SIGHUP to do too many things: 1) set dnssec time validation
enabled, 2) bump SOA zone serial, 3) clear dns cache, 4) reload hosts
files, 5) reload resolvers/servers files.

Many subsystems within LEDE can send SIGHUP to dnsmasq: 1) ntpd hotplug
(to indicate time is valid for dnssec) 2) odhcpd (to indicate a
new/removed host - typically DHCPv6 leases) 3) procd on interface state
changes 4) procd on system config state changes, 5) service reload.

If dnssec time validation is enabled before the system clock has been
set to a sensible time, name resolution will fail.  Because name
resolution fails, ntpd is unable to resolve time server names to
addresses, so is unable to set time.  Classic chicken/egg.

Since commits 23bba9cb33 (service reload) &
4f02285d8b (system config)  make it more
likely a SIGHUP will be sent for events other than 'ntpd has set time'
it is more likely that an errant 'name resolution is failing for
everything' situation will be encountered.

Fortunately the upstream dnsmasq people agree and have moved 'check
dnssec timestamp enable' from SIGHUP handler to SIGINT.

Backport the upstream patch to use SIGINT.
ntpd hotplug script updated to use SIGINT.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-15 22:34:51 +01:00
Koen Vandeputte
7488be7010 uqmi: fix raw-ip mode for newer lte modems
Some newer LTE modems, like the MC7455 or EC25-E do not support
"802.3" mode, and will stay in "raw-ip" regardless of the mode being
set.

In this case, the driver must be informed that it should handle all
packets in raw mode. [1]

This commit fixes connectivity issues for these devices.

Before:

[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending discover
udhcpc: sending discover

After:

[ Node 5 ] udhcpc -i wwan0
udhcpc: started, v1.27.2
udhcpc: sending discover
udhcpc: sending select for 100.66.245.226
udhcpc: lease of 100.66.245.226 obtained, lease time 7200
udhcpc: ifconfig wwan0 100.66.245.226 netmask 255.255.255.252 broadcast
+
udhcpc: setting default routers: 100.66.245.225

[1] https://lists.freedesktop.org/archives/libqmi-
devel/2017-January/002064.html

Tested on cns3xxx using a Sierra Wireless MC7455 LTE-A

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[bumped PKG_RELEASE]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-15 15:30:53 +01:00
Hans Dedecker
4e48230954 6rd: pass ipcalc as argument to eval
Instead of grepping for NETWORK after calling ipcalc.sh; pass ipcalc.sh as
argument to eval allowing to use $NETWORK to retrieve the IPv4 prefix
(ip4prefix).

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-15 09:49:26 +01:00
Piotr Dymacz
53e3df2e71 uboot-envtools: add support for GL.iNet GL-AR750
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-01-15 00:12:13 +01:00
Piotr Dymacz
ec141c1f3d uboot-envtools: add support for ALFA Network R36A
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-01-15 00:12:13 +01:00
Piotr Dymacz
b38ff7847b uboot-envtools: add support for ALFA Network N5Q
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-01-14 21:30:22 +01:00
Piotr Dymacz
62610129b2 uboot-envtools: add support for ALFA Network AP91-5G
Signed-off-by: Piotr Dymacz <pepe2k@gmail.com>
2018-01-14 20:33:18 +01:00
Matthias Schiffer
e9fa0b9f3a
ath9k, ath10k(-ct): move spectral scan support under a separate config symbol
Backport patches that separate spectral scan support from general debugfs
support of ath9k/ath10k; this allows to remove the dependency on
KERNEL_RELAY from these driver packages even with debugfs enabled and
avoids the memory footprint of the relay buffers allocated by ath9k/ath10k
even when they aren't used at all.

The KERNEL_RELAY dependency is moved to a new config symbol that enables
spectral scan support in these drivers.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-13 19:54:45 +01:00
Matthias Schiffer
37cf77d946
treewide: fix build depends to refer to source package names
Build depends must refer to source packages rather than binary package
names.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-13 19:54:44 +01:00
Matthias Schiffer
3abf663c22
build: remove package preconfig feature
This feature has been unused for years, and its scope is too limited to be
actually useful.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-13 19:54:44 +01:00
John Crispin
69a36cbab2 fstools: update to latest git HEAD
18090d9 overlay: fix compilation with glibc
2a9a6ea libfstools: optimize building directory string for glob
de6b026 libfstools: support file paths longer than 255 chars

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-13 16:40:07 +01:00
Sven Eckelmann
9514cde2b9 uboot-envtools: add OpenMesh A42 support
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2018-01-13 07:58:44 +01:00
Sven Eckelmann
28b2a8cb82 ipq-wifi: add board-2.bin for OpenMesh A42
Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2018-01-13 07:58:39 +01:00
Sven Eckelmann
f39fc67c8e mac80211: ath10k: search DT for BDF variant info
Board Data File (BDF) is loaded upon driver boot-up procedure. The right
board data file is identified on QCA4019 using bus, bmi-chip-id and
bmi-board-id.

The problem, however, can occur when the (default) board data file cannot
fulfill the vendor requirements and it is necessary to use a different
board data file.

This problem was solved for SMBIOS by adding a special SMBIOS type 0xF8.
Something similar has to be provided for systems without SMBIOS but with
device trees. No solution was specified by QCA and therefore a new one has
to be found for ath10k.

The device tree requires addition strings to define the variant name

    wifi@a000000 {
    	status = "okay";
    	qcom,ath10k-calibration-variant = "RT-AC58U";
    };

    wifi@a800000 {
    	status = "okay";
    	qcom,ath10k-calibration-variant = "RT-AC58U";
    };

This would create the boarddata identifiers for the board-2.bin search

 *  bus=ahb,bmi-chip-id=0,bmi-board-id=16,variant=RT-AC58U
 *  bus=ahb,bmi-chip-id=0,bmi-board-id=17,variant=RT-AC58U

Signed-off-by: Sven Eckelmann <sven.eckelmann@open-mesh.com>
2018-01-13 07:58:19 +01:00
Luis Araneda
7293499f71 ipq806x: Sort occurrences of boardame alphabetically
This restores the alphabetical sort that was present
before the renaming of boardname.

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-01-13 07:33:03 +01:00
Luis Araneda
33f09cf151 ipq806x: convert to dt-based board-detection
Use the generic board detection method:
- Board name: First compatible string from the device tree
- Board model: Model property from the device tree

Change occurrences of board name in userspace by the compatible
string, and removed target specific board detection script

Replace the definition of SUPPORTED_DEVICES in Device/Default
to extract the dt compatible string from each device definition.
Additionally, for devices supported by lede-17.01, append
the value of BOARD_NAME to SUPPORTED_DEVICES in the device
definition.

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-01-13 07:33:03 +01:00
Mathias Kresin
c3d9fe96dc ipq806x: drop partitial supported boards
There are only artifacts for these boards in our tree and not even
partial support.

Drop teh stale files.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-13 07:33:02 +01:00
Kevin Darbyshire-Bryant
89233a8c49 base-files: sysupgrade: correct command help text
Commit 30f61a34b4 claimed to drop -d & -p
options. In reality only -d was dropped.  Update command help text to
reflect that -d is no longer a supported option.

Fixes FS#1187

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-12 16:06:04 +01:00
Kevin Darbyshire-Bryant
9a9c7fb4cf kmod-sched-cake: bump to latest cake bake
More important bug fix:

402f05c Use full-rate mtu_time in all tins.  Fixes an issue where some
cake tins experienced excessive latency since 49776da (dynamically
adjust target)

Minor bug fixes:

31277c2 Avoid unsigned comparison against zero.  Fix compiler warning,
no known impact.
8cf5278 ack_filter: fix TCP flag check. A very contrived case may have
lead to dropping a SYN packet that should not be dropped.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-11 20:36:16 +01:00
Matthias Schiffer
f73f1aee76
ebtables: update to latest git 2017-10-24
6a82659 Use flock() for --concurrent option
73c2371 ebtables: extensions: Constify option struct

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-11 11:50:50 +01:00
Hans Dedecker
377c4a68fe omcproxy: silence fw3 warnings
Silence fw3 warnings in omcproxy init script in case fw3 is not enabled

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-10 21:38:55 +01:00
Jo-Philipp Wich
fe920d01bb treewide: replace LEDE_GIT with PROJECT_GIT
Remove LEDE_GIT references in favor to the new name-agnostic
PROJECT_GIT variable.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-10 21:27:32 +01:00
Mogula Pranay
012d20eebe netifd: update dhcp.script to handle dynamic routing
Certain DHCP servers push a gateway outside of the assigned interface subnet,
to support those situations, install a host route towards the gateway.

If Gateway and IP are served in same network, openwrt quagga cannot learn
routes (rip routes are not getting added, showing inactive) whereas
working fine when Gateway and IP are in different network.

Signed-off-by: Mogula Pranay <mogula.pranay@nxp.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-10 09:19:08 +01:00
Mathias Kresin
18f49449b0 ltq-xdsl-app: drop script for renaming the netdev
Our netdevs are named dsl by default now, the rename via scripts isn't
required anymore.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-10 08:08:53 +01:00
Mathias Kresin
d3fd38637f lantiq: create ATM/PTM interfaces with dsl as netdev name
Renaming an atm etherbride using 'ip link' (via hotplug) is racy since the
original netdev might disappear before br2684ctl has finished appling it's
setting:

 local2.notice br2684ctl[1667]: Interface "nas0" created sucessfully
 local2.notice br2684ctl[1667]: Communicating over ATM 0.8.35, encapsulation: LLC
 kern.info kernel: dsl0: renamed from nas0
 kern.err kernel: br2684:br2684_regvcc: tried to attach to non-existent device
 local2.err br2684ctl[1667]: Could not configure interface:No such device or address

By passing the final used netdev name to br2684ctl_wrap another race
condition workaround will be enabled again.

Change the lantiq ptm driver to create a netdev with the name dsl as well.
Albeit the rename via 'ip link' works fine so far, using a different
approach for ptm then atm could be confusing.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-10 08:08:53 +01:00
Mathias Kresin
e4936a957d ltq-xdsl-app: drop manual br2684ctl reload
br2684ctl starts automatically, set up reload triggers, which fire as soon
as a atm driver is loaded. No need to do the reload via the script.

The reload is only required as soon as we can reliable switch between atm
and ptm driver and need to be implemented in a race free way.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-10 08:08:53 +01:00
Martin Schiller
1b1388f640 linux-atm: add br2684ctl option to specify the netdev name
Add the uci option nameprefix to specifc a target netdev name. Patch the
br2684ctl code to accept and set a netdev name via commandline parameters.

It allows to use the same netdev name for ATM and PTM lines on lantiq
xdsl hardware.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Mathis Kresin <dev@kresin.me>
2018-01-10 08:08:53 +01:00
Hauke Mehrtens
e1b653944d uboot-at91: make packages hidden
These packages are needed to generate the image, better mark them hidden
so we will activate them based on which boards gets build and they will
be activated always when the board which needs then gets build.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-09 22:58:49 +01:00
Hauke Mehrtens
5147e0d476 at91bootstrap: make packages hidden
These packages are needed to generate the image, better mark them hidden
so we will activate them based on which boards gets build and they will
be activated always when the board which needs then gets build.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-09 22:58:49 +01:00
Hauke Mehrtens
6fc8a44282 at91bootstrap: remove redundant definition of BUILD_SUBTARGET
It is sufficient to define this in AT91Bootstrap/Default as this is not
used for all.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-09 22:58:49 +01:00
Sandeep Sheriker Mallikarjun
21d8fce797 at91bootstrap: at91bootstrap default selection
The fixes following problems
1. changing prefix at91bootstrap to AT91bootstrap will fix the default
   selection of at91bootstrap for the selected sama5 subtarget.
2. fixed missing default selection of sama5d4 nand flash for the
   selected sama5d4 subtarget.
3. corrected at91bootstrap Title name.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-01-09 22:58:49 +01:00
Sandeep Sheriker Mallikarjun
c5292989ed uboot-at91: fix build after fpu activation
neon and VFPv4 support is added to this target and uboot-at91 build
fails due to TARGET_CFLAGS -mfloat-abi set to hard. as a fix, setting
uboot-at91 CFLAGS -mfloat-abi=soft.

Fixes: 01cc6bd495 ("at91: sama5: activate fpu")
Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2018-01-09 22:58:49 +01:00
Jo-Philipp Wich
5aabc2cd3d kernel: kmod-w1 depends on kmod-hwmon-core since Linux 4.14
Fixes the following dependency error encountered by the buildbots:

    Package kmod-w1 is missing dependencies for the following libraries:
    hwmon.ko

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-09 22:56:55 +01:00
Mathias Kresin
0674a99f7e kirkwood: sort occurrences of boardame alphabetically
This restores the alphabetical sort that was present
before the renaming of boardname.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-09 22:06:55 +01:00
Alberto Bursi
0e94df65ca uboot-envtools: add pogoplug v4
add pogoplug v4 envs support in uboot-envtools

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2018-01-09 22:06:55 +01:00
Alberto Bursi
f5d267df63 uboot-kirkwood: add uboot for pogoplug v4
add an uboot able to boot a kernel in an ubi partition

This uboot also has a "recovery" feature, before
booting from flash it will try to boot a initramfs
image called "initramfs.bin" from a FAT32-formatted
USB drive connected to the USB 2.0 port.
(u-boot lacks drivers for usb 3.0 controllers)

Just rename the initramfs image and place it on
the usb drive, the uboot will load it.

In case there is no USB drive or no such file
is found, the uboot will boot from internal flash.

The whole check takes less than a second, boot times
are not impacted.

Signed-off-by: Alberto Bursi <alberto.bursi@outlook.it>
2018-01-09 22:06:55 +01:00
Mathias Kresin
f5df635ccf kirkwood: sync image filename with boardname
Use <manufacturer>_<modelname> as image name.

Use the BOARD_NAME variable to ensure that the former used boardname is
still used as the subdirectory name for the sysupgrade-tar image, to
not break sysupgrade from earlier versions.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-09 22:06:55 +01:00
Mathias Kresin
c9e2c35f46 kirkwood: use the generic board detect
Drop the target specific detection function in favour of the generic
one provided by base-files.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-09 22:06:55 +01:00
Mathias Kresin
2f757f6035 uboot-kirkwood: fix default u-boot selection
Build the Seagate GoFlexHome u-boot for the Seagate GoFlexNet as well. The
name clearly indicates that the u-boot can be used for both boards

Build the Zyxel NSA310 u-boot if the NSA310B image is selected.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-09 22:06:55 +01:00
Mathias Kresin
0ebdf0c1d3 kirkwood: drop support for orphaned boards
No image build code for the Guruplug, Sheevaplug and NSA310S exists. Drop
support for the boards for now.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-09 22:06:54 +01:00
Mathias Kresin
e66c47fb14 base-files: gpio switch: set output value with direction
Use the "low" and "high" values to configure the GPIO as an output with
that initial value. It ensures that the gpio doesn't have a unwanted value
during the time the direction is set to ouput and the actual value is
applied.

We don't need to take care of the GPIO polarity for now, since our
exported GPIOs are always active low.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-09 22:05:46 +01:00
Mathias Kresin
ff874b656b base-files: gpio_switch: start before boot state done is set
Start gpio_switch before the boot state is set to up/initialised/done.
This way the exported GPIOs are available at the time rc.local is started.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-01-09 22:05:46 +01:00
Hauke Mehrtens
f1fb710483 lantiq: activate noise margin delta for VDSL too
Previously this was only activated for ADSL, this patch activates the
same setting also for VDSL, this feature is also support for VDSL in the
same way it works for ADSL.
I tested it with DSL FW 5.7.9.5.1.7 against a Broadcom 177.140 DSLCO
(Deutsche Telekom) and saw different data rates and Max. Attainable Data
Rates depending on the ds_snr_offset settings I choose.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-01-07 23:42:54 +01:00
Matthias Schiffer
ca04884262
uboot-envtool: remove superfluous + sign from PKG_BUILD_DEPENDS
A + sign does not have meaning in build depends.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2018-01-07 19:52:05 +01:00
Jo-Philipp Wich
f089b1fda2 libubox: fix package bump
The previous commit was incorrectly rebased and referred to a not
yet existing PROJECT_GIT variable.

Fixes: d86a269c1f libubox: update to latest git HEAD
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-07 16:34:29 +01:00
Jo-Philipp Wich
d86a269c1f libubox: update to latest git HEAD
1c08e80 jshn: properly support JSON "null" type

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-07 16:28:22 +01:00
Jo-Philipp Wich
4e9af67077 Revert "fstools: update to latest git HEAD"
This reverts commit df326e9b2e.

The referenced commit does not exist in the upstream repository.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-07 13:42:46 +01:00
John Crispin
df326e9b2e fstools: update to latest git HEAD
2a9a6ea libfstools: optimize building directory string for glob
de6b026 libfstools: support file paths longer than 255 chars

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-07 13:05:40 +01:00
Jo-Philipp Wich
6e4fa5d1a3 hostapd: bump PKG_RELEASE after 802.11w changes
Fixes: 8a57531855 "hostapd: set group_mgmt_cipher when ieee80211w is enabled"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-07 12:42:45 +01:00
Jo-Philipp Wich
34e9937f2a kernel: fix packaging of kmod-gpio-nxp-74hc164
The NXP 74HC164 GPIO expander driver uses a different config symbol
("CONFIG_GPIO_74X164") and module name since since at least Kernel
version 2.6.37.

Update the kmod package definition accordingly by adjusting kconfig
and module file names.

This unrelated, but correct change has been separated from the
WNR2000v5 support commits.

Ref: https://github.com/lede-project/source/pull/1256
Suggested-by: Raphael Catolino <raphael.catolino@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-07 12:33:47 +01:00
Jo-Philipp Wich
3f5e39e960 zlib: only enable NEON optimizations on eligible targets
Instead of inferring the availability of NEON support from the target
optimization flags, use a preprocessor test to decide whether to enable
ARMv8 NEON optimizations.

Fixes the following build error spotted by the mediatek/32 buildbot:

    [ 26%] Building C object CMakeFiles/zlib.dir/contrib/arm/inflate.o
    In file included from .../zlib-1.2.11/contrib/arm/chunkcopy.h:10:0,
                     from .../zlib-1.2.11/contrib/arm/inflate.c:87:
    .../arm_neon.h:31:2: error: #error You must enable NEON instructions (e.g. -mfloat-abi=softfp -mfpu=neon) to use arm_neon.h
     #error You must enable NEON instructions (e.g. -mfloat-abi=softfp -mfpu=neon) to use arm_neon.h
      ^
    In file included from .../zlib-1.2.11/contrib/arm/inflate.c:87:0:
    .../zlib-1.2.11/contrib/arm/chunkcopy.h:18:9: error: unknown type name 'uint8x16_t'
     typedef uint8x16_t chunkcopy_chunk_t;
             ^
    [...]
    CMakeFiles/zlib.dir/build.make:302: recipe for target 'CMakeFiles/zlib.dir/contrib/arm/inflate.o' failed

Fixes: 3acecba520 "package/libs/zlib: Add ARM and NEON optimizations"
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-07 12:33:47 +01:00
Jo-Philipp Wich
8a57531855 hostapd: set group_mgmt_cipher when ieee80211w is enabled
In order to properly support 802.11w, hostapd needs to advertise a group
management cipher when negotiating associations.

Introduce a new per-wifi-iface option "ieee80211w_mgmt_cipher" which
defaults to the standard AES-128-CMAC cipher and always emit a
"group_mgmt_cipher" setting in native hostapd config when 802.11w is
enabled.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-07 12:33:47 +01:00
Kevin Darbyshire-Bryant
b153dbf046 argp-standalone: clean up patch fuzz
Refresh patches to tidy up fuzz.  No functional changes

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-05 11:59:59 +01:00
Kevin Darbyshire-Bryant
4e800716ac lua: clean up patch fuzz
Refresh patches to tidy up fuzz.  No functional changes

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-05 10:42:34 +01:00
Kevin Darbyshire-Bryant
b61a648e4a busybox: clean up patch fuzz
Refresh patches to tidy up fuzz.  No functional changes

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-05 10:35:51 +01:00
Jo-Philipp Wich
da95c9aa17 opkg: switch source url to git.openwrt.org
As LEDE is rebranding to OpenWrt now, adjust the Git source references
accordingly.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-04 13:44:42 +01:00
Hans Dedecker
6c76decd61 netifd: update to latest git HEAD
fd5c399 proto: allow dumping protocol handlers without config_params

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-01-04 09:49:45 +01:00
Tony Ambardar
a367645f23 uci: add missing 'option' support to uci_rename()
When using the uci.sh wrapper, allow parameters to match those supported
by the uci binary i.e. "uci rename <config>.<section>[.<option>]=<name>".

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-01-02 17:22:19 +01:00
Daniel Engberg
cbe71649bc package/libs/zlib: Add host build
Some packages such as Python/Python3 (host pip/pip3) needs this
to compile.

More detailed explanation provided by Alexandru:

"i need the zlib/host for Python/Python3 ; because, it seems the
host pip/pip3 needs this to work ; i suspect in older versions
this worked, because some of the host's build env would be used
in the build, and then the zlib-dev from the host distro would
be used ; now, the host-build does not seem to have any
-I/usr/include stuff, which is good

and it also seems that Python/Python3 does not like it if the
zlib-dev package is too old, so using this zlib/host would be
good for this as well"

Source:
https://github.com/lede-project/source/pull/1329#issuecomment-351055861

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-01-02 17:11:12 +01:00
Daniel Engberg
0dd439141d package/libs/zlib: Add option for O3 optimization
Add option to use O3 optimization as not all devices have
space constraints. This option is default using GCC in upstream
but isn't in the CMake makefile for some reason.

Source: https://github.com/madler/zlib/blob/master/configure#L170

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-01-02 17:11:12 +01:00
Daniel Engberg
3acecba520 package/libs/zlib: Add ARM and NEON optimizations
This adds two optimizations for ARM:
NEON optimized Adler(-)32 checksum algorithm (ARMv7 and newer NEON CPUs)
ARM(v7+) specific optimization for inflate
I've also connected inflate optimization to the build using the following
source as template.
0397489124 (diff-a62ad2db6c83dbc205d34bb9a8884f16)

Additional info:
https://codereview.chromium.org/2676493007/
https://codereview.chromium.org/2722063002/

Sources:
https://github.com/madler/zlib/pull/251 (only the first commit)
https://github.com/madler/zlib/pull/256

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-01-02 17:11:12 +01:00
Daniel Engberg
383e8aeec7 package/libs/zlib: Use toolchain build logic
Use build logic provided by toolchain instead of doing it manually.

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-01-02 17:11:12 +01:00
Kevin Darbyshire-Bryant
37bb463daa procd: procd_send_signal use signal names
Usage documentation for 'procd_send_signal' states "The signal is SIGHUP
by default, and must be specified by NAME."  Make actual behaviour match
the stated documented behaviour.

https://wiki.openwrt.org/inbox/procd-init-scripts

Suggested-by: Jo-Philip Wich <jow@mein.io>
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-01-02 17:02:44 +01:00
John Crispin
3804f5743d procd: update to latest git HEAD
a5954cf procd: Add %m to several functions that return errno.
810d7a5 procd: Remove redundant errno variable in several printf functions.
fa5ce1c procd: Replace strerror(errno) with %m.

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 14:29:12 +01:00
John Crispin
25302c0a08 umdns: update to latest git HEAD
7897441 umdnsd: Replace strerror(errno) with %m.

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 14:29:12 +01:00
Daniel Albers
d30c0f4d50 kernel: make uas work during early boot
Add the uas(p) module to the modules loaded early on the boot process.

The uas(p) is an modern alternative, which is used by the modern USB3
storage cases, compared to the bot protocol. To be able to use uas(p)
storage cases for extroot, the kernel module has to be loaded before the
search for extroot has been called. This patch changes the load order to
support uas(p) storage cases for extroot.

Signed-off-by: Daniel Albers <daniel.albers@public-files.de>
2018-01-02 14:29:04 +01:00
John Crispin
16ed8ac8e9 fstools: update to latest git HEAD
11efbf3 overlay: fix race condition when switching to jffs2
bdeb95a libblkid-tiny: add support for NTFS superblock
ef2cc03 fstools: Replace strerror(errno) with %m format.
98fd5b4 libblkid-tiny: add support for UBI superblock

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 07:57:22 +01:00
Roman Yeryomin
8b477d09d1 base-files: protect stop and reload actions with procd_lock
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Andrejs Hanins <ahanins@gmail.com>
2018-01-02 07:52:57 +01:00
Roman Yeryomin
e410f785a4 procd: introduce procd_lock for init script protection
Use flock to protect init script from concurrent execution
(of the same script).
Important for services which generate native config files.

Signed-off-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Andrejs Hanins <ahanins@gmail.com>
2018-01-02 07:52:27 +01:00
Roman Yeryomin
2277cd1249 busybox: enable flock by default
This is needed for procd init script protection to work.
flock adds 4248 bytes to stripped busybox binary.

Signed-off-by: Roman Yeryomin <roman@advem.lv>
2018-01-02 07:51:39 +01:00
John Crispin
7c0a2bc930 busybox: backport cve-2017-16544 fix
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2,
the tab autocomplete feature of the shell, used to get a list of filenames
in a directory, does not sanitize filenames and results in executing any
escape sequence in the terminal. This could potentially result in code
execution, arbitrary file writes, or other attacks.

Fixes: FS#1181 - CVE-2017-16544:

Backport the patch from:
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
https://nvd.nist.gov/vuln/detail/CVE-2017-16544

Signed-off-by: Derek Werthmuller <thewerthfam@gmail.com>
Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 07:14:08 +01:00
Roman Yeryomin
0b1fa809d0 base-files: rc.common: fix enable() return code and logic
In current state, if there is START but no STOP, enbale()
will return 1 (failure), which is wrong.
Moreover there is no need to check for START/STOP twice.
Instead, add err variable to save success state and
and return it's value.
Also eliminate the need to disable() by using 'ln -sf',
which will first delete the old symlink if one exists.

Changes from v1:
- fixed description

Signed-off-by: Roman Yeryomin <roman@advem.lv>
2018-01-02 07:14:08 +01:00
John Crispin
b153745bfb procd: update to latest git HEAD
7aad940 procd: initd: fix path allocation in early_insmod
006c19c procd: Remove unnecessary memset calls.

Signed-off-by: John Crispin <john@phrozen.org>
2018-01-02 07:14:08 +01:00
Jo-Philipp Wich
ab703bf174 uci: bump to git HEAD version
5beb95d lua: additionally return name when looking up sections
ff33bb2 lua: support extended section notation

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-01-01 16:42:29 +01:00
Hauke Mehrtens
9f626501cb nftables: fix sha256sum
The mirror was delivering a file with a different hash.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-31 18:46:13 +01:00
Kabuli Chana
d0a14c1cd9 mwlwifi: update to version 10.3.4.0 / 2017-12-14
Lastest stamped version

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2017-12-31 18:46:13 +01:00
Kevin Darbyshire-Bryant
7aa15953e1 kmod-sched-cake: bump to latest bake
Fix overhead accounting error introduced by f33c4d6 refactor
cake_advance_shaper and ack_filter

Symptoms were links running under rate.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-30 14:17:34 +01:00
rektide de la faye
0f72690a2d iptables: fix nftables compile issue (FS#711)
Enabling IPTABLES_NFTABLES resulted in an error during build:#
*** No rule to make target '../extensions/libext.a',
needed by 'xtables-compat-multi'."

Comments from Alexander Lochmann and Fedor Konstantinov in FS#711
provided fixes for this build error, allowing iptables to compile.
https://bugs.lede-project.org/index.php?do=details&task_id=711.

This commit updates the Makefile.am xtables_compat_multi_LDFLAGS
and _LDADD, moving linking of extensions to LDFLAGS.

Signed-off-by: rektide de la faye <rektide@voodoowarez.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-29 18:06:25 +01:00
Matthias Schiffer
302aa793c0
base-files: fix logic when to show failsafe banner
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Fixes: 8170f280c4 ("base-files: set FAILSAFE in /etc/profile when
/tmp/.failsafe exists")
2017-12-29 15:58:16 +01:00
Matthias Schiffer
8170f280c4
base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists
Since dropbear clears the environment, FAILSAFE was not set as intended in
failsafe mode. This also broke sysupgrade from failsafe mode over SSH.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-29 14:34:03 +01:00
Matthias Schiffer
20c349f68c
busybox: add missing TARGET_CPPFLAGS and TARGET_LDFLAGS
Unconditionally pass TARGET_CPPFLAGS (not passed at all before) and
TARGET_LDFLAGS (passed only in certain non-default configuration before the
Makefile streamlining). Without these flags, hardening options
(PKG_FORTIFY_SOURCE and PKG_RELRO) were not actually applied to busybox.

The addition of these flags increases the size of the stripped busybox
binary by about 6KB (~4KB with fortify headers, ~2KB with "-znow -zrelro")
with the default hardening options PKG_FORTIFY_SOURCE_1 and PKG_RELRO_FULL.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-28 12:26:23 +01:00
Matthias Schiffer
a10fae1133
busybox: streamline Makefile
Use default Build/Install steps where possible. No binary change in default
configuration, so PKG_RELEASE is not incremented.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-28 12:24:25 +01:00
Florian Eckert
23bba9cb33 dnsmasq: send procd signal on service reload
Send a SIGHUP signal via procd to the dnsmasq service so the instance(s)
re-read(s) the /tmp/hosts/dhcp config.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-12-26 23:35:45 +01:00
Florian Eckert
4f02285d8b dnsmasq: rewrite config on host name modification
If the hostname in /etc/config/system is modified the dnsmasq should also
get triggered to rewrite/reload the config.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-12-26 23:35:34 +01:00
Yangbo Lu
ab8da4d285 layerscape: add byte_swap.py script for ls-rcw package
This patch is to add a byte_swap.py script for rcw bin
byte swapping instead of using tclsh.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-12-26 23:30:59 +01:00
Yangbo Lu
5741835ed4 layerscape: fix PKG_BUILD_DIR for packages
PKG_BUILD_DIR was defined with quoting PKG_VERSION in
layerscape package makefiles. Now PKG_VERSION has been
removed from these makefiles. When PKG_BUILD_DIR quotes
PKG_VERSION, '=' should be used instead ':=' to make
sure PKG_VERSION has been defined in common makefile.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-12-26 23:30:59 +01:00
Philip Prindeville
60c4f9ce56 kernel: add i2c-smbus module package
Intel motherboards (as well as the Cavium ThunderX SoC) use a
superset of the I2C protocol called SMBus.

Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
2017-12-26 20:13:43 +01:00
Hans Dedecker
67c1c145f0 nghttp2: bump to 1.29.0
439b9b6c (tag: v1.29.0) Update manual pages
48498452 Bump up version number to v1.29.0, LT revision to 29:1:15
d30f3816 Update manual pages
4d1139f6 Remove SPDY
48f57407 nghttpx: Update doc
c1f14d73 Update manual pages
216f4dad nghttpx: Remove redundant check
a4e27d76 Revert "nghttpx: Use an existing h2 backend connection as much as possible"
2365f12e Fix CMAKE_MODULE_PATH
03f7ec0f nghttpx: Write API request body in temporary file
2056e812 nghttpx: Increase api-max-request-body
1ebb6810 nghttpx: Faster configuration loading with lots of backends
a3ebeeaf nghttpx: Fix crash with --backend-http-proxy-uri option
422ad1be Use NGHTTP2_REFUSED_STREAM for streams which are closed by GOAWAY
97f1735c Bump up version number to 1.29.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-24 17:06:16 +01:00
John Crispin
5bbd493e66 usbmode: update to latest git HEAD
f40f84c support PantechMode
d8dc335 support Quanta and Blackberry modes
333e486 fix support for Option modems

Signed-off-by: John Crispin <john@phrozen.org>
2017-12-24 09:03:01 +01:00
Kevin Darbyshire-Bryant
edf5ae2026 wireguard: bump to 20171221
7e945a8 version: bump snapshot
f2168aa compat: kernels < 3.13 modified genl_ops
52004fd crypto: compile on UML
6b69b65 wg-quick: dumber matching for default routes
aa35d9d wg-quick: add the "Table" config option
037c389 keygen-html: remove prebuilt file

No patch refresh required.

Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-23 22:08:12 +01:00
Hans Dedecker
0fca474e70 uci: update to latest git HEAD (FS#1182)
25fd142 list: remove unncessary increment of n_section (FS#1182)
021fd65 file: remove unnecessary uci_fixup_section calls

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-22 18:30:59 +01:00
Hans Dedecker
d3ba3963c1 odhcpd: update to latest git HEAD
7aa2594 odhcpd: Replace strerror(errno) with %m format
750e457 Support muliple RAs on single interface

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-22 18:30:33 +01:00
Hauke Mehrtens
dda2229c52 layerscape: fix package download
The git hash was changed for multiple layerscape packages without
changing the version number. The LEDE build system will not download the
packages again if the old version is already there and so some people
and the build bots are using wrong version of some packages. Use
PKG_SOURCE_DATE instead of PKG_VERSION to generate packages with the
date and the first charterers of the git hash. This will change the file
name and make the build system download them again, also if in future
the git hash is changed the file name will change and trigger a new
download.

This should fix a problem spotted by build bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-21 10:02:16 +01:00
Mathias Kresin
224d4a96dd ramips: drop LinkIt Smart 7688 Duo userspace support
The  LinkIt Smart 7688/LinkIt Smart 7688 Duo are identical beside the
extra ATmega32U4 - accessible via UART - on the the Duo.

Since all relevant hardware is identical, drop the Duo special handling
in userspace.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-21 01:05:16 +01:00
Hauke Mehrtens
8e03eea875 uboot-layerscape-armv8_32b: fix package download
In commit 2b1ec44dbd ("layerscape: add ls1012afrdm device support")
The git revision and the mirror hash for this package was updated to a
version which includes ls1012afrdm-uboot.bin, but the file name at
dl/uboot-layerscape-armv8_32b-2017.09.tar.xz staid the same. This way
most user did not download the new version but used the old file.
Convert this package to the normal git clone parameters by using
PKG_SOURCE_DATE instated of PKG_VERSION, now the file name in dl also
contains the git hash and should change every time the git hash is
updated.

This should fix a problem spotted by build bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-20 21:54:18 +01:00
Hauke Mehrtens
b80b0e14c9 kernel: kmod-crypto-hw-talitos: fix dependencies
With the updated to kernel 4.9.70 in commit f704b643b9 ("kernel:
Update kernel 4.9 to 4.9.70"), the talitos.ko kernel module got a
new dependency to kmod-crypto-des in this upstream commit:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=552f74cbd6ec806ab5ce45336a26cae1e015dbe2

This fixes a build problem found by built bot.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-20 20:57:13 +01:00
Jake Staehle
e80ab48777 libiconv-full: fix compile-time linking error GCC7
LEDE Flyspray Task 1091:
Fix libiconv-full 'undefined reference' compile linker error using GCC7 Musl
Tested with targets x86 (i386 and x86_64)
Addition of CFLAGS "std=gnu89" fixes the linker issues, credit to harrylwc
Issue found with 'minidlna' package, which depends on 'libiconv-full'
Error in compile log:
../lib/.libs/libiconv.so: undefined reference to `aliases_lookup'
../lib/.libs/libiconv.so: undefined reference to `aliases2_lookup'
collect2: error: ld returned 1 exit status
Makefile:64: recipe for target 'iconv_no_i18n' failed

Signed-off-by: Jake Staehle <jacob@staehle.us>
2017-12-19 22:23:42 +01:00
Felix Fietkau
a428d9229e mt76: update to the latest version, reverts MAC address changes causing performance regressions
cf4a5ce mt76: fix memcpy to potential null pointer on failed allocation
ca5ca8c mt76x2: fix possible NULL pointer dereferencing in mt76x2_ampdu_action()
2d4b8f5 mt76x2: mac: fix possible NULL pointer dereferencing in mt76x2_mac_write_txwi()
4ca8bba mt76x2: eeprom: fix typo in mt76x2_get_power_info_5g()
00f7e60 mt7603: fix configuration for HT40
31e9bdb mt7603: main: fix possible NULL pointer dereferencing in mt7603_ampdu_action()
bf90dd2 mt7603: mcu: fix potential NULL pointer dereferencing on failed allocation
860b185 Revert "mt76x2: init: disable APCLI by default"
bcd576e Revert "mt76x2: drop wiphy->addresses"
bdc6f2f Revert "mt76x2: clean up MAC/BSSID address initialization"
d242650 Revert "mt76x2: remove MAC address limitation for multi-vif setups"
68b0cf1 mt76x2: add functions for setting extended MAC address registers

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-17 12:44:18 +01:00
Mathias Kresin
4a4d957d1a lantiq: sync image filename with boardname
Use <manufacturer>_<modelname> as image name.

Use the BOARD_NAME variable to ensure that the former used boardname is
still used as the subdirectory name for the sysupgrade-tar image, to
not break sysupgrade from earlier versions.

While at it, normalise the image filenames by using only lower case
characters and bin as file extension for sysupgrade images.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-16 23:33:56 +01:00
Mathias Kresin
63d7f7fc92 lantiq: use the compatible string as board name
Use the first compatible string as board name in userspace. Add the new
board name as well as the former used board name to the image metadata
to keep compatibilty with already deployed installations.

Don't add the former used boardname for boards which exists only in
master or evaluation boards.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-16 23:33:56 +01:00
Hauke Mehrtens
712e1b36f4 kernel: add missing dependencies to kmod-crypto-acompress
kmod-lib-lzo and kmod-lib-lz4 depend in kernel 4.14 on
kmod-crypto-acompress, add this missing dependency.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:15:14 +01:00
Hauke Mehrtens
e387d9b0ca kernel: kmod-rtc-ds1307: add dependency to regmap
In kernel 4.14 kmod-rtc-ds1307 depends on regmap-i2c, add this missing
dependency.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:15:08 +01:00
Hauke Mehrtens
b0b9ec8e54 kernel: kmod-iio-bmp280: allow compile with kernel 4.14
This package also compiles with kernel 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:15:02 +01:00
Hauke Mehrtens
36f83dbc41 kernel: kmod-zram: deactivate CONFIG_ZRAM_WRITEBACK for kernel 4.14
This new option was introduced in kernel 4.14 and should be deactivated
by default.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:54 +01:00
Hauke Mehrtens
436fe56485 xtables-addons: fix compile with kernel 4.14
This fixes a compile problems seen with kernel 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:49 +01:00
Hauke Mehrtens
9572bae5b8 kernel: kmod-fbcon: deactivate for kernel 4.14
CONFIG_FRAMEBUFFER_CONSOLE does not activate new modules any more in
kernel 4.14, but CONFIG_FRAMEBUFFER_CONSOLE is now a boolean option
which change the kmod-fb package. kmod-fbcon should be split up.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:35 +01:00
Hauke Mehrtens
228da879fc kernel: kmod-sound-core: handle moved snd-seq-device.ko
The snd-seq-device.ko kernel module was moved with kernel 4.13.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:25 +01:00
Hauke Mehrtens
5c9cc1e73b kernel: kmod-mmc: handle moved mmc_block.ko
mmc_block.ko was moved with kernel 4.10.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:20 +01:00
Hauke Mehrtens
ac27f3867a kernel: kmod-rxrpc: handle renamed kernel module
The kernel module was renamed with kernel 4.11, handle that in the
package definition.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:12 +01:00
Hauke Mehrtens
b0d7fcdc49 kernel: deactivate some new network features
This deactivates the following options which were introduced between
kernel 4.9 and 4.14 in some kernel packages:
CONFIG_INET_ESP_OFFLOAD
CONFIG_INET6_ESP_OFFLOAD
CONFIG_LWTUNNEL_BPF
CONFIG_NET_9P_XEN

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:14:02 +01:00
Hauke Mehrtens
876191d428 kernel: unset CONFIG_CIFS_SMB311 in kmod-fs-cifs
Do not activate the experimental feature CONFIG_CIFS_SMB311.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:13:56 +01:00
Hauke Mehrtens
199273324e kernel: add kmod-crypto-ecdh
In kernel 4.14 kmod-bluetooth depends on kmod-crypto-ecdh, add
kmod-crypto-ecdh to LEDE.
Both packages also depend on the kmod-crypto-kpp package. To build this
we have to fix the dependency of CRYPTO_ECDH which has a typo.
This patch is already accepted upstream.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:13:04 +01:00
Hauke Mehrtens
f1e839dd33 kernel: add kmod-crypto-rsa
In kernel 4.14 kmod-crypto-hw-ccp depends on kmod-crypto-rsa, add it.
kmod-crypto-rsa also packages the ASN1 parser and some other code which
is currently only used by this module.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:12:46 +01:00
Hauke Mehrtens
1ea5f86437 kernel: add kmod-crypto-acompress
In kernel 4.14 kmod-crypto-deflate depends on kmod-crypto-acompress.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:12:40 +01:00
Hauke Mehrtens
00b5df832f kernel: add kmod-lib-zstd
In kernel 4.14 kmod-fs-btrfs depends on the zstd compression libraries,
add it to the package system.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:12:32 +01:00
Hauke Mehrtens
38be62b97e kernel: add kmod-dax
In kernel 4.14 kmod-dm depends on kmod-dax.
Add DAX: "Direct access to differentiated memory" to LEDE.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:12:24 +01:00
Hauke Mehrtens
efd1854050 kernel: tg3: deactivate hwmon for kernel 4.14
In kernel 4.14 hwmon support can be deactivated for the tg3 driver,
deactivate it by default to save some space.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:11:58 +01:00
Hauke Mehrtens
c0160f01ae xtables-addons: update to version 2.14
This includes a compile fix needed for kernel 4.14.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-12-16 22:10:21 +01:00
Lucian Cristian
342d748eaf netdevices.mk: add Sun Neptune 10Gbit Ethernet
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-12-16 14:41:37 +01:00
Jo-Philipp Wich
ea5d9f5f72 kernel: tune e1000e module parameters
The default e1000e parameters (interrupt throttling rate, MSI/MSI-X
mode) are optimized for desktop and server computers to optimize
user-space execution (i.e. what's typically referred to as "useful"
work).  This assumption breaks on a router under load where most of
the "useful" work actually takes place either in hardware interrupt
handlers (IRQ) or at software IRQ (swirq) modes, so we try to reflect
that by overriding these parameters with more appropriate values.

Patch-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-16 14:41:37 +01:00
Kevin Darbyshire-Bryant
a9940ca2d7 iproute2: cake: support new operating modes
There has been recent significant activity with the cake qdisc of late
Some of that effort is related to upstreaming to kernel & iproute2
mainline but we're not quite there yet.  This commit teaches tc how to
activate and interprete the latest cake operating modes, namely:

ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.

ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-15 23:54:51 +01:00
Kevin Darbyshire-Bryant
0589979f7b kmod-sched-cake: bump to latest bake of cake
There has been recent significant activity with the cake qdisc of late
but in the cobalt branch.  Some of that effort is related to upstreaming
to kernel & iproute2 mainline but we're not quite there yet.  Relevant
feature changes:

ingress mode: Instead of only counting packets that make it past the
shaper, include packets we've decided to drop as well, since they did
arrive with us on the link and took link capacity.
This mode is more suitable for shaping the ingress of a link
(e.g. from ISP) rather than the more normal egress.

ptm mode: Minor optimisation in packet overhead calculation.

dual-src/dsthost/triple-isolate: Optimise only calculating src or dst
host hashes only if required.

ack-filter/ack-filter-aggressive: Filter excessive TCP ACKS.  Useful in
highly assymetric links (downstream v upstream capacity) where the
majority of upstream link capacity is occupied with ACKS for downstream
traffic.

A separate iproute2 patch to teach it about Cake's new features will
follow.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-15 23:54:05 +01:00
Hans Dedecker
7f029c3924 netifd: update to latest git HEAD
4268193 interface-ip: harden eui64 IPv6 prefix address generation
81ff6d1 interface-ip: fix race condition in IPv6 prefix address generation
d3a5df0 handler: replace is_error() helper with NULL check

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-15 17:44:50 +01:00
Hans Dedecker
5d6f2a2764 uhttpd: fix PKG_CONFIG_DEPENDS (FS#1189)
Remove PACKAGE_uhttpd_debug config as this is an unused leftover
Add CONFIG_uhttpd_lua to PKG_CONFIG_DEPENDS

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-15 17:44:42 +01:00
Rafał Miłecki
d2e96d55ab opkg: fix PKG_CONFIG_DEPENDS to include version.mk entries
Including version.mk sets PKG_CONFIG_DEPENDS to config entries used for
VERSION_SED command. We should keep these configs to make sure package
gets refreshed when needed.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-12-14 09:39:40 +01:00
Lucian Cristian
1044723ec9 busybox: enable find -newer needed for shorewall firewall, no size increase on binary
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-12-14 09:29:30 +01:00
Luiz Angelo Daros de Luca
3e98674bcf base-files: fix sysupgrade -b/-l when -c is used
Since /overlay/upper appeared, -b ignored -c silently (cause it was
still checking for /overlay/etc). Now, if /overlay/upper is absent,
sysupgrade -c will fail and exit verbosely.

Fix -l to consider -c (it never did).

Clean up to always use /overlay/upper/xxx instead of still checking
for /overlay/xxx.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2017-12-14 09:29:30 +01:00
Rosen Penev
06f8b4ddbd e2fsprogs: Update to 1.43.7
Compiled and tested on ramips with no noticeable problems.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-12-14 09:29:30 +01:00
Christian Lamparter
da6fdce365 base-files: unify get_dt_led helper function
Lantiq and IPQ806X (which includes IPQ40XX) both define the
same custom function {ipq806x|lantiq}_get_dt_led.

This patch moves the function into the base-file package at
lib/functions/leds.sh to make it more accessible for other
targets as well.

Cc: Mathias Kresin <dev@kresin.me>
Cc: John Crispin <john@phrozen.org>
Cc: Hannu Nyman <hannu.nyman@iki.fi>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-14 09:29:30 +01:00
Jonas Gorski
ef1f6092e0 base-files: make including distfeeds.conf optional
To not clutter the system when building an opkg free image, generate the
distfeeds.conf only if CLEAN_IPKG is unset.

Since opkg is now a shared package, we can't rely on PACKAGE_opkg, but
since opkg is not reasonably usable without the status information, we
can tie the distfeeds.conf to it.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-12-13 14:59:07 +01:00
Jonas Gorski
5538b4df7f base-files: create /etc/opkg before generating distfeeds.conf
Ensure /etc/opkg exists before trying to write there. This fixes a build
failure if SIGNED_PACKAGES is disabled.

Reported-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-12-13 14:46:37 +01:00
Jonas Gorski
1cfbd50ff4 package: move distfeeds.conf from opkg to base-files
All the relevant options used for distfeeds.conf are part of base-files,
so it makes more sense to move the file there as well.

This has the added benefit that the we can share the opkg package again,
reducing the amount of target specific packages.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-12-13 13:38:19 +01:00
Kevin Darbyshire-Bryant
30e18c8d64 wireguard: bump to 20171211
Bump to latest WireGuard snapshot release:

44f8e4d version: bump snapshot
bbe2f94 chacha20poly1305: wire up avx512vl for skylake-x
679e53a chacha20: avx512vl implementation
10b1232 poly1305: fix avx512f alignment bug
5fce163 chacha20poly1305: cleaner generic code
63a0031 blake2s-x86_64: fix spacing
d2e13a8 global: add SPDX tags to all files
d94f3dc chacha20-arm: fix with clang -fno-integrated-as.
3004f6b poly1305: update x86-64 kernel to AVX512F only
d452d86 tools: no need to put this on the stack
0ff098f tools: remove undocumented unused syntax
b1aa43c contrib: keygen-html for generating keys in the browser
e35e45a kernel-tree: jury rig is the more common spelling
210845c netlink: rename symbol to avoid clashes
fcf568e device: clear last handshake timer on ifdown
d698467 compat: fix 3.10 backport
5342867 device: do not clear keys during sleep on Android
88624d4 curve25519: explictly depend on AS_AVX
c45ed55 compat: support RAP in assembly
7f29cf9 curve25519: modularize dispatch

Refresh patches.

Compile-test-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-12-12 22:24:26 +01:00
Martin Schiller
65d62b5f4f dropbear: disable MD5 HMAC and switch to sha1 fingerprints
As MD5 is known weak for many years and more and more
penetration test tools complain about enabled MD5 HMAC
I think it's time to drop it.

By disabling the MD5 HMAC support dropbear  will also
automatically use SHA1 for fingerprints.
This shouldn't be a problem too.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-12-12 22:24:17 +01:00
Jo-Philipp Wich
902961c148 wolfssl: update to 3.12.2 (1 CVE)
Update wolfssl to the latest release v3.12.2 and backport an upstream
pending fix for CVE-2017-13099 ("ROBOT vulnerability").

Ref: https://github.com/wolfSSL/wolfssl/pull/1229
Ref: https://robotattack.org/

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-12 17:39:52 +01:00
Kabuli Chana
e4a69bda61 mwlwifi: update to version 10.3.4.0 / 2017-11-29
Improves stability on WRT3200ACM

Signed-off-by: Kabuli Chana <newtownBuild@gmail.com>
2017-12-12 12:00:50 +01:00
Hans Dedecker
893a1ede2e dnsmasq: add DHCP build switch support in full variant
Add config option which allows to enable/disable DHCP support at compile
time. Make DHCPv6 support dependant on DHCP support as DHCPv6 support
implies having DHCP support.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-10 16:42:01 +01:00
Jo-Philipp Wich
f4c68e1cc6 busybox: fix glibc libresolv dependency for LEDE nslook applet
Fixes d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config.
Fixes FS#1212.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-10 14:26:19 +01:00
Matthias Schiffer
d573b1287e
base-files: remove remaining uses of %N, and drop VERSION_NICK config symbol
Fixes d23e1e1e1a "merge: properly remove %n / %N references"

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
2017-12-09 23:27:41 +01:00
Jo-Philipp Wich
d23e1e1e1a merge: properly remove %n / %N references
- use %d instead of %n for opkg feed identifiers
- remove %n / %N references from version files

Fixes bf5cef47b3 merge: release/banner: drop release name and update banner.
Fixes FS#1213.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-12-09 16:01:14 +01:00
Mathias Kresin
abdf0dea3a netifd: always send DHCPv4 hostname
udhcpc doesn't send a hostname by default. Use the system hostname if
nothing else is specified, to always send a hostname.

It syncs the behaviour to odhcpc, which always sends a hostname.

Signed-off-by: Mathias Kresin <dev@kresin.me>
Acked-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-08 21:00:26 +01:00
Mathias Kresin
93bd46b719 procd: nand: remove nand_board_name platform override
It isn't uses anymore by any target.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-08 20:57:12 +01:00
Mathias Kresin
c90a8cb755 procd: nand: dont rely on boardname in nand_upgrade_tar
Kernel and rootfs in a subdirectory matching the userspace boardname,
was intended to use a single sysupgrade-tar archive for multiple boards
with different kernel/rootfs images. This feature was never used.

Use the first found directory in the tar archive instead of relying on
a directory named according to the userspace boardname.

It allows to change the boardname without adding another compatibility
layer - using the nand_board_name() function - for (sub)targets using
the metadata based image validation in favour to
nand_do_platform_check().

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-12-08 20:57:12 +01:00
Christian Lamparter
4e3f6dae04 base-files: upgrade: make get_partitions() endian agnostic
This patch fixes two issues with the current get_partitions()
function.

First: "Invalid partition table on $disk" will pop up on
legitimate images on big endian system.

This is because the little-endian representation of "55 AA" is
assumed in the context of little-endian architectures. On these
comparing it to the 16-bit word 0xAA55 does work as intented.
Whereas on big-endian systems, this would have to be 0x55AA.

This patch fixes the issue by replacing the integer conversion
and value match check with just a string comparision.

Second: The extraction of the type, start LBA and LBA num from
the partition table has the same endianness issue. This has been
fixed by using the new hex_le32_to_cpu() function. This function
will translate the stored little-endian data to the correct
byte-order if necessary.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-08 19:54:16 +01:00
Christian Lamparter
96b485ec7a firmware: ath10k-firmware: update QCA4019 firmware to 10.4-3.2.1-00058
This patch updates ath10k-firmware to use the
firmware-5.bin_10.4-3.2.1-00058 firmware for the QCA4019.

Cc: Hauke Mehrtens <hauke@hauke-m.de>
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-12-08 19:54:14 +01:00
Zoltan HERPAI
2ffff58c2b merge: uhttpd: update cert generation to match system defaults
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
d1ba483472 merge: busybox: update CONFIG_NSLOOKUP in busybox config and respective patch
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
23f774f727 merge: packages: update branding in core packages
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
1f8585cf99 merge: ssid: update default ssid
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
7b5c989ab9 merge: targets: update image generation and targets
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
bf5cef47b3 merge: release/banner: drop release name and update banner
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Zoltan HERPAI
34bbbbf9c3 merge: base: update base-files and basic config
Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2017-12-08 19:41:18 +01:00
Felix Fietkau
98fb380d88 mt76: update to the latest version, fixes setting per-vif mac address
d02a05b mt7603: update firmware to version 20160107100755
4d4cd05 Partially revert "mt7603: use mcu command to set timing registers, fix OFDM timeout values"
170f334 mt76x2: remove MAC address limitation for multi-vif setups
3563b8f mt76x2: clean up MAC/BSSID address initialization
9de77e1 mt76x2: drop wiphy->addresses
a6a6e25 mt76x2: init: disable APCLI by default
c64633e mt76x2: configure rx filter based on monitor mode setting
ac815fa mt76x2: init: fix rx filter default value during init
e504656 mt7603: configure other-unicast drop based on monitor mode setting

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-08 17:58:05 +01:00
Peter Wagner
55e70c8b72 openssl: update to 1.0.2n
add no-ssl3-method again as 1.0.2n compiles without the ssl3-method(s)

Fixes CVEs: CVE-2017-3737, CVE-2017-3738

Signed-off-by: Peter Wagner <tripolar@gmx.at>
2017-12-08 10:47:51 +01:00
Hans Dedecker
01c5cf0b24 odhcpd: fix faulty PKG_SOURCE_DATE in 711a816
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-07 18:43:01 +01:00
Rafał Miłecki
3cd6ccf199 opkg: bump to version 2017-12-07
Changes:
3b417b9 opkg_download: decode file:/ URLs
71c27cb file_util: implement urldecode_path()
d1fe095 file_util: consolidate hex/unhex routines
ebdfc12 add opkg option http_timeout
9f003e3 opkg: encode archive filenames while constructing download URLs
73e6c81 file_util: implement urlencode_path() helper
468158f libopkg: fix SHA256 calculation for big endian system

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-12-07 18:21:54 +01:00
Daniel Golle
173edcdc9d rpcd: update to version from 2017-12-07
cfe1e75c91bc1 sys: packagelist: allow listing all packages
74a784f037867 sys: fix passwd path

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-12-07 17:26:04 +01:00
Hans Dedecker
a39ddff428 dnsmasq: write atomic host file
Different invocations of the dnsmasq init script (e.g. at startup by procd)
will rewrite the dhcp host file which might result into dnsmasq reading an
empty dhcp host file as it is being rewritten by the dnsmasq init script.
Let the dnsmasq init script first write to a temp dhcp host file so it does
not overwrite the contents of the existing dhcp host file.

Reported-by: Hartmut Birr <e9hack@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-07 10:59:03 +01:00
Rosen Penev
94fcd92913 strace: Update to 4.20
Compiled and tested on mvebu. Mainly a kernel 4.14 change. Also
reordered the Makefile a little bit.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-12-07 11:46:37 +08:00
Timo Sigurdsson
bd45e15d0a hostapd: backport fix for wnm_sleep_mode=0
wpa_disable_eapol_key_retries can't prevent attacks against the Wireless
Network Management (WNM) Sleep Mode handshake. Currently, hostapd
processes WNM Sleep Mode requests from clients regardless of the setting
wnm_sleep_mode. Backport Jouni Malinen's upstream patch 114f2830 in
order to ignore such requests by clients when wnm_sleep_mode is disabled
(which is the default).

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[rewrite commit subject (<= 50 characters), bump PKG_RELEASE]
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-12-07 02:00:23 +02:00
Timo Sigurdsson
6515887ed9 hostapd: Expose the tdls_prohibit option to UCI
wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.

Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.

Make this option configurable via UCI, but disabled by default.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
2017-12-07 01:57:29 +02:00
Hans Dedecker
79a19e5d27 iproute2: align ip help text for tiny variant
Tiny variant supports a subset of the ip commands; align the ip help
text so it actually reflects which commands are supported in the
tiny variant.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-06 22:30:54 +01:00
Russell Senior
c3c1185d56 iproute2: update to v4.14.1
Preserves optionality of libmnl by letting configuration
script follow the HAVE_MNL environment variable.

Signed-off-by: Russell Senior <russell@personaltelco.net>
2017-12-06 22:30:00 +01:00
Hans Dedecker
711a816770 odhcpd: update to latest git HEAD
c516801 dhcpv4: notify DHCP ACK and RELEASE via ubus

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-06 19:17:44 +01:00
Hans Dedecker
347d18177e dnsmasq: backport infinite dns retries fix
If all configured dns servers return refused in response to a query in
strict mode; dnsmasq will end up in an infinite loop retransmitting the
dns query resulting into high CPU load.
Problem is fixed by checking for the end of a dns server list iteration
in strict mode.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-12-06 14:55:12 +01:00
Felix Fietkau
aec1b6bfcb samba36: backport an upstream fix for an information leak (CVE-2017-15275)
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-04 09:58:20 +01:00
Felix Fietkau
04127f0fec mt76: update to the latest version, adds stability fixes
11f42a8 mt76x2: add channel argument to eeprom tx power functions
3bd7e76 mt76x2: initialize channel power limits
19fff41 mt76x2: convert between per-chain tx power and combined output
737cf2b mt7603: rename mt7603_mac_reset to mt7603_pse_reset
8026638 mt7603: rename MT_PSE_RESET register
c4dd32a mt7603: remove watchdog reset on interface stop
d99092b mt7603: remove WARN_ON_ONCE for workaround checks
c8807b4 mt7603: simplify PSE reset
d8a5990 mt7603: warn if PSE reset fails
c079960 mt7603: clean up dma debug reads
96817d6 mt7603: make mt7603_mac_watchdog_reset() static
e953c78 mt7603: clear wtbl PS bit for powersave responses
57a2e33 mt7603: set tx-skip flag for powersave clients
c8e5ab1 mt7603: initialize wtbl ps flag on station add
b4034cf mt76x2: remove some harmless WARN_ONs in tx status and rx path
8e17d36 mt7603: remove some harmless WARN_ONs in rx path

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-12-03 19:06:24 +01:00
Ted Hess
b83c32511e layerscape: rename firmware packages to avoid name collisions
layerscape firmware package names collide with existing package contributions.
Ex: layerscape mc and midnight-commander(mc) are in conflict.

Firmware packages: mc, ppa, rcw and dpl are renamed to ls-mc, ls-ppa, ls-rcw
and ls-dpl respectively.

Signed-off-by: Ted Hess <thess@kitschensync.net>
2017-12-02 10:38:08 -05:00
Roman Yeryomin
b32e4c64c7 packages: dnsmasq: remove unused stamp file
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2017-12-02 09:58:04 +01:00
Hans Dedecker
b0b289ea45 curl: bump to 7.57.0 (3 CVEs)
CVE-2017-8816: NTLM buffer overflow via integer overflow
CVE-2017-8817: FTP wildcard out of bounds read
CVE-2017-8818: SSL out of buffer access

For other bugfixes and changes in 7.57.0 see https://curl.haxx.se/changes.html

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-30 09:44:17 +01:00
Yousong Zhou
b59b799cb1 ltq-ifxos: fix compilation against glibc
Fixes FS#1196

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2017-11-30 14:53:16 +08:00
Borja Salazar
759785c01a dnsmasq: add interface to ubus notification
Signed-off-by: Borja Salazar <borja.salazar@fon.com>
2017-11-29 22:03:39 +01:00
Felix Fietkau
e966ed236f mt76: update to the latest version, fixes encrypted mesh support and HT20 issues
fc28872 mac80211: add missing include
a4c82ca mt7603: add missing include required on newer kernels
792859b mt76x2: fix transmission of encrypted management frames
a51358e mt76x2: increase OFDM SIFS time

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-29 17:50:46 +01:00
Felix Fietkau
111b499024 mac80211: tweak TSQ settings
Latencies can be much higher on wifi devices, especially with
aggregation. Tune the network stack setting introduced in the previous
commit to account for that.
This commit reintroduces the previously reverted one with a fix for the
crash issues

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-29 17:46:41 +01:00
Jo-Philipp Wich
fcfd5cdb59 dnsmasq: fix dhcp-host entries with empty macs
Due to improper localization of helper variables, "config host" entries
without a given mac address may inherit the mac address of a preceeding,
leading to invalid generated netive configuration.

Fix the issue by marking the "macs" and "tags" helper variables in
dhcp_host_add() local, avoiding the need for explicitely resetting them
with each invocation.

Reported-by: Russell Senior <russell@personaltelco.net>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-11-28 18:11:25 +01:00
Felix Fietkau
47fa8654a1 Revert "mac80211: tweak TSQ settings"
This reverts commit 2dc485250d.
This patch needs some additional checks in order to avoid overwriting
unrelated fields for request sockets.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-28 14:23:43 +01:00
Kevin Darbyshire-Bryant
179125d334 wireguard: bump to snapshot 20171127
== Changes ==

 * compat: support timespec64 on old kernels
 * compat: support AVX512BW+VL by lying
 * compat: fix typo and ranges
 * compat: support 4.15's netlink and barrier changes
 * poly1305-avx512: requires AVX512F+VL+BW

 Numerous compat fixes which should keep us supporting 3.10-4.15-rc1.

 * blake2s: AVX512F+VL implementation
 * blake2s: tweak avx512 code
 * blake2s: hmac space optimization

 Another terrific submission from Samuel Neves: we now have an implementation
 of Blake2s using AVX512, which is extremely fast.

 * allowedips: optimize
 * allowedips: simplify
 * chacha20: directly assign constant and initial state

 Small performance tweaks.

 * tools: fix removing preshared keys
 * qemu: use netfilter.org https site
 * qemu: take shared lock for untarring

 Small bug fixes.

Remove myself from the maintainers list: we have enough and I'm happy to
carry on doing package bumps on ad-hoc basis without the 'official'
title.

Run-tested: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-11-27 14:50:04 +01:00
Stijn Tintel
2f1c05bb80 lldpd: bump to 0.9.9
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-11-27 09:43:23 +01:00
Hans Dedecker
0b3087eebf nghttp2: bump to 1.28.0
939ad5dd Update manual pages
24d92b97 Add deprecation warning when spdylay support is enabled
4c92ff18 Bump up version number to 1.28.0, LT revision to 29:0:15
280db5c6 Update neverbleed
7fbcb2d0 Merge pull request #1074 from nghttp2/fix-doc
53aeb2c3 Fix doc
ff200bfc clang-format-5.0
fee3151f Switch to clang-format-5.0
99a85159 Update manual pages
2a981a3f Merge pull request #1066 from nghttp2/nghttpx-add-affinity-cookie-secure
0028275d nghttpx: Add affinity-cookie-secure parameter to backend option
ee8bfddf Merge pull request #1063 from nghttp2/error_callback2
194acb1f src: Use nghttp2_error_callback2
43a2a70a Add nghttp2_error_callback2
73344ae9 nghttpx: Use plain hex string format for client serial
c479f612 Merge pull request #1060 from nghttp2/nghttpx-add-client-serial
eca0a302 nghttpx: Add $tls_client_serial log variable
4720c5cb nghttpx: Make client serial available in mruby script
cd55ab28 nghttpx: Add function to get serial number from certificate
d402cfdf Merge pull request #1057 from nghttp2/nghttpx-add-tls-client-issuer-name
22502182 Add tls_client_issuer_name log variable and expose it to mruby
05e1fd5e Update manual pages
943d7923 Add Session Affinity section to nghttpx howto
568ecbfb doc: Add missing port
f5ddd7f4 nghttpx: Make initial_addr_idx_ unsigned
88abbce7 nghttpx: Fix compile error with gcc
16e90365 nghttpx: Fix affinity retry
fa7945c6 nghttpx: Refactor
daca43f0 nghttpx: Fix stalled backend connection on retry
16bc11e6 nghttpx: Remove duplicated util::make_socket_nodelay
6f7e94cd Merge pull request #1047 from PiotrSikora/go_vet
61efa15a integration: Fix issues reported by the `go vet` tool.
8c0ea56b Merge pull request #1036 from nghttp2/nghttpx-affinity-cookie
54905371 nghttpx: Refactor
6010d393 integration: Add tests
be5c39a1 src: Add tests
b8fda680 nghttpx: Cookie based session affinity
e29b9c12 Merge pull request #1045 from nghttp2/nghttpx-sha1-fingerprint
539e2781 nghttpx: Add tls_client_fingerprint_sha1 to mruby and accesslog
7008afd4 nghttpx: Refactor get_x509_fingerprint to accept hash function
77a41756 Merge pull request #1041 from nghttp2/fix-examples-client-server
b15045d6 Merge pull request #1040 from nghttp2/nghttpx-mruby-add-more-tls-vars
03084f75 examples: Make client and server work with libevent-2.1.8
60baca27 nghttpx: Add more TLS related attributes to mruby Env object
86990db2 Merge pull request #1038 from nghttp2/nghttpx-add-more-logging-vars
cb376bcd nghttpx: Add client fingerprint and subject name to accesslog
f2b8edd1 nghttpx: Fix memory leak
c4f8afcf nghttpx: Get TLS info only when it is necessary when writing accesslog
1a1a216d Merge pull request #1037 from nghttp2/nghttpx-mruby-tls-client-vars
9f80a82c nghttpx: Add client fingerprint and subject name to mruby env
c573c80b nghttpx: Pass a pointer to SSL instead of TLSSessionInfo to LogSpec
3cd6817e Fix typos
d4a69658 Add another warning about mruby
8e06fe49 Fix typo
aaeeec8f Fix typos
66d5e246 Bump up version number to 1.28.0-DEV

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-27 10:12:03 +01:00
Daniel Engberg
38cc071ed1 mwlwifi: Update to latest commit in upstream repo
Update to latest commit in upstream repo
Bumps 88W8964 firmware to 9.3.0.8

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-11-25 20:11:30 +01:00
Fushan Wen
40868e3bb6 kmod-sched-cake: update to latest git HEAD
dfb2f6c pkt_sched: make compile again
5ab7026 sch_cake: make compile again
6f28803 codel5: make more checkpatch compliant
bd426aa Fix build error on 4.12
e4a3628 Whitespace tidy up

Signed-off-by: Fushan Wen <qydwhotmail@gmail.com>
2017-11-25 19:53:37 +01:00
Hans Dedecker
f965827bfb odhcpd: update to latest git HEAD
92e205d dhcpv6: fix compile issues when CER-ID extension is enabled

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-25 18:17:43 +01:00
Hans Dedecker
99ea749d37 odhcpd: add a full and ipv6only variant (FS#1188)
Add an ipv6only variant providing server services for RA, stateful and stateless
DHCPv6, prefix delegation and relay support for DHCPv6, NDP and RA.

The full variant called odhcpd supports DHCPv4 server as before.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-25 18:17:43 +01:00
Kevin Darbyshire-Bryant
088262ac7a wireguard: bump to 20171122
Bump to latest WireGuard snapshot release:

ed479fa (tag: 0.0.20171122) version: bump snapshot
efd9db0 chacha20poly1305: poly cleans up its own state
5700b61 poly1305-x86_64: unclobber %rbp
314c172 global: switch from timeval to timespec
9e4aa7a poly1305: import MIPS64 primitive from OpenSSL
7a5ce4e chacha20poly1305: import ARM primitives from OpenSSL
abad6ee chacha20poly1305: import x86_64 primitives from OpenSSL
6507a03 chacha20poly1305: add more test vectors, some of which are weird
6f136a3 compat: new kernels have netlink fixes
e4b3875 compat: stable finally backported fix
cc07250 qemu: use unprefixed strip when not cross-compiling
64f1a6d tools: tighten up strtoul parsing
c3a04fe device: uninitialize socket first in destruction
82e6e3b socket: only free socket after successful creation of new
df318d1 compat: fix compilation with PaX
d911cd9 curve25519-neon: compile in thumb mode
d355e57 compat: 3.16.50 got proper rt6_get_cookie
666ee61 qemu: update kernel
2420e18 allowedips: do not write out of bounds
185c324 selftest: allowedips: randomized test mutex update
3f6ed7e wg-quick: document localhost exception and v6 rule

Compile-tested-for: ar71xx
Run-tested-on: ar71xx Archer C7 v2

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-11-24 12:55:38 +01:00
Hauke Mehrtens
332438be40 uboot-sunxi: fix build of HAOYU Electronics Marsboard A10
The uboot target is named MarsBoard_A10 and it was not build at all.
This fixes a build problem seen by the build bot.

Fixes: 6a3565985f ("sunxi: Added profile for HAOYU Electronics Marsboard A10")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-23 21:25:46 +01:00
Hauke Mehrtens
4e93ec1ad6 kernel: i2c-piix4: fix dependency on TARGET_x86
Fix the target dependency to make it possible to select this module also
on x86 target and its subtargets.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:37:15 +01:00
Hauke Mehrtens
9cfcd49735 kernel: e100: take e100 firmware from linux-firmware repository
The firmware directory in the Linux kernel was removed in kernel 4.14,
take the e100 firmware files now from the linux-firmware repository
instead. To do so create the new package e100-firmware. This will also
work with older kernel versions.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:37:05 +01:00
Marcin Jurkowski
06e1b90404 kernel: add NFS4 client support
Adds NFS4 client support:
 1. Package kmod-fs-nfs is split into kmod-fs-nfs (nfs.ko) and
    kmod-fs-nfs-v3 (nfsv3.ko).
 2. A new package kmod-fs-nfs-v4 (nfsv4.ko) is created.
 3. Package kmod-fs-nfs-common-v4 is renamed to kmod-fs-nfs-rpcsec
    and includes additional module rpcsec_gss_krb5.ko.
    CONFIG_NFS_V4 goes into kmod-fs-nfs-v4, CONFIG_NFSD_V4 (NFS4
    server) is removed. Missing kernel module oid_registry.ko
    needed by auth_rpcgss.ko is added to the package.

A new package kmod-crypto-cts needed by rpcsec_gss_krb5.ko is
also created.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
[add dependency to kmod-crypto-ecb in fs-nfs-common-rpcsec]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:36:21 +01:00
Martin Schiller
0c78de869d kernel: add kmod-i2c-i801
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[Add i2c-smbus.ko and fix target dependency]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-11-22 22:34:56 +01:00
Martin Schiller
7ffeecd6ac kernel: add it87-wdt watchdog timer module
The module parameters "nogameport=1" and "nocir=1" are needed,
because this is not supported on recent chips and doesn't
really tell if the system is stable.

As this features will already be removed in linux-4.13 or newer,
this module parameters can be removed in the future.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2017-11-22 20:49:04 +01:00
Rosen Penev
9052dd6534 libusb-compat: Upgrade to 0.1.15
Compile tested on ramips (mt7621)

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-22 20:45:28 +01:00
Rosen Penev
fc4e7bdca7 usbutils: Update usb.ids file to latest
Signed-off-by: Rosen Penev <rosenp@gmail.com>
2017-11-22 20:45:07 +01:00
Christian Lamparter
5e6792eab4 wireless-regdb: fix PKG_MIRROR_HASH
make check complains about PKG_MIRROR_HASH of the wireless-regdb package:

WARNING: PKG_MIRROR_HASH does not match wireless-regdb-2017-10-20-4343d359.tar.xz
hash 5f5b669f32ae36cb65b1d99efbbbfd42c2983cda32f6448346e3e54ffaba3889

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-11-22 13:07:48 +01:00
Mathias Kresin
298ade22a0 acx-mac80211: fix build on kernel 4.9
The DEFINE_PCI_DEVICE_TABLE macro was removed with upstream commit
7e9321599011 ("treewide: remove references to the now unnecessary
DEFINE_PCI_DEVICE_TABLE").

Use the pci_device_id struct to fix the acx-mac80211 build failure on
ramips.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-22 08:21:53 +01:00
Hans Dedecker
6aa4b97a8a odhcpd: fix gcc7 build error
0573422 ndp: add switch/case fallthrough comments

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-21 15:15:20 +01:00
Leon M. George
63462910dd hostapd: remove unused local var declaration
Signed-off-by: Leon M. George <leon@georgemail.eu>
2017-11-21 13:11:42 +01:00
Leon M. George
cc0847eda3 hostapd: don't set htmode for wpa_supplicant
no longer supported

Signed-off-by: Leon M. George <leon@georgemail.eu>
2017-11-21 13:11:42 +01:00
Hans Dedecker
a28d1d5444 odhcpd: update to latest git HEAD (make dhcpv4 support optional)
fd80621 dhcpv4: make DHCPv4 support compiletime configurable
cf29925 treewide: rework handling of netlink events
24cdc1b treewide: add netlink file
5dfb716 treewide: align function naming

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-20 21:40:03 +01:00
Felix Fietkau
6a6dc94e0c mac80211: fix a race condition that could lead to a use-after-free on a timer
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-20 20:05:19 +01:00
Felix Fietkau
9247864b6e mac80211: fix netlink family id for nl80211 messages
Fixes responses for nl80211 calls

Reported-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-11-20 17:52:51 +01:00
John Crispin
b9e700cd58 kernel: fix lzo and lz4 modules
both of these have been split up and require additional ko files.

Signed-off-by: John Crispin <john@phrozen.org>
2017-11-20 13:10:57 +01:00
Emerson Pinter
bc50a97dfc dnsmasq: load instance-specific conf-file if exists
Without this change, the instance-specific conf-file is being added to procd_add_jail_mount,
but not used by dnsmasq.

Signed-off-by: Emerson Pinter <dev@pinter.com.br>
2017-11-19 22:27:49 +01:00
Alexander Couzens
bd1ee909d0 wolfssl: add PKG_CPE_ID ids to package and tools
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-19 02:29:08 +01:00
Daniel Engberg
dca96b7546 openssl: Add optimization option
Add option to optimize for speed instead of size

cmd: openssl speed md5 sha1 sha256 sha512 des des-ede3 aes-128-cbc \
aes-192-cbc aes-256-cbc rsa2048 dsa2048

=== Linksys WRT3200ACM ===

Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              14111.49k    47147.75k   123375.02k   206937.09k   258828.97k
sha1             14495.71k    46763.99k   116679.94k   188115.29k   228294.66k
des cbc          22315.63k    23118.98k    23323.14k    23348.22k    23363.58k
des ede3          8085.97k     8217.26k     8255.74k     8266.41k     8273.92k
aes-128 cbc      48740.10k    52606.12k    54224.98k    56263.68k    54774.44k
aes-192 cbc      43410.83k    47325.31k    48994.05k    49377.96k    48532.14k
aes-256 cbc      39132.46k    42512.60k    43692.63k    43997.18k    44070.23k
sha256           19987.80k    47314.69k    86119.08k   109352.28k   119466.67k
sha512            8034.63k    32321.92k    47495.94k    65777.32k    74080.26k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.020387s 0.000528s     49.1   1892.2
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.005920s 0.006396s    168.9    156.3

Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5              14655.49k    48561.79k   126953.56k   210741.93k   262430.72k
sha1             14607.90k    47032.15k   117725.87k   188226.22k   228499.46k
des cbc          28041.11k    29586.84k    29939.80k    30047.91k    30067.37k
des ede3         10697.93k    10899.75k    10956.97k    10972.84k    10980.01k
aes-128 cbc      58852.70k    65956.07k    68675.67k    69388.29k    69607.42k
aes-192 cbc      50299.73k    56501.23k    58491.65k    59008.00k    59159.89k
aes-256 cbc      44684.38k    47944.36k    49098.67k    49573.89k    49463.30k
sha256           19673.53k    47248.58k    86775.04k   110053.72k   119382.02k
sha512            8029.67k    32033.02k    47440.04k    65740.12k    74072.06k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.019666s 0.000529s     50.8   1892.0
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.005882s 0.006450s    170.0    155.0

=== D-Link DIR-860L (B1) ===
Default optimization:
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5               3376.97k    11654.74k    32966.76k    60016.27k    80729.43k
sha1              2310.95k     6024.87k    11680.32k    15273.93k    16784.07k
des cbc           6787.21k     7014.36k     7072.49k     7088.73k     7092.48k
des ede3          2462.47k     2499.87k     2509.48k     2511.35k     2514.75k
aes-128 cbc      10014.28k    11018.87k    11308.99k    11381.03k    11406.20k
aes-192 cbc       8930.35k     9675.27k     9895.97k     9954.57k     9971.92k
aes-256 cbc       8022.81k     8624.03k     8799.60k     8843.14k     8856.07k
sha256            2546.33k     5542.19k     9326.99k    11249.03k    11969.57k
sha512             877.22k     3503.44k     4856.01k     6554.96k     7299.32k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.109348s 0.003132s      9.1    319.3
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.032745s 0.037212s     30.5     26.9

Optimize for speed (-O3 instead of -Os and disable -DOPENSSL_SMALL_FOOTPRINT):
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
md5               3660.39k    12401.37k    34501.23k    62438.83k    81786.64k
sha1              3500.20k    10730.70k    25056.19k    37715.86k    44253.13k
des cbc           7189.75k     7545.88k     7641.90k     7665.71k     7672.18k
des ede3          2690.64k     2734.33k     2745.24k     2748.13k     2748.81k
aes-128 cbc      11325.29k    12731.75k    13151.34k    13259.95k    13289.55k
aes-192 cbc       9932.36k    10997.65k    11309.84k    11389.53k    11408.92k
aes-256 cbc       8845.13k     9677.01k     9920.30k     9980.77k     9996.42k
sha256            3200.50k     7107.76k    12230.85k    14933.73k    15962.15k
sha512             879.12k     3510.79k     4956.45k     6711.45k     7484.39k
                  sign    verify    sign/s verify/s
rsa 2048 bits 0.085641s 0.002365s     11.7    422.9
                  sign    verify    sign/s verify/s
dsa 2048 bits 0.023881s 0.026120s     41.9     38.3

-O3 is considered safe for OpenSSL
Ref: https://wiki.openssl.org/index.php/Compilation_and_Installation
Tested hardware: Linksys WRT3200ACM / D-Link DIR-860L (B1)

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-11-18 21:01:26 +01:00
Hans Dedecker
6fcf4228d8 netifd: update to latest git HEAD
c92106e interface-ip: add missing IPv6 policy rule

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-11-17 21:58:13 +01:00
Rafał Miłecki
36a92274a8 otrx: fix memory leak in otrx_create_append_zeros
A "free" call was missing after allocating a buffer.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-17 11:32:51 +01:00
Rafał Miłecki
70837168ef otrx: bump buffer size in otrx_create_append_file
Usually this function is called for appending some small files only
(like fs marks) but let's just make it more generic and capable of
handling bigger files easily. Increasing buffer to 1 KiB shouldn't hurt.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-17 11:30:31 +01:00
Rafał Miłecki
ab8f20c18d otrx: drop unused otrx_create_parse_options function
It was there in case of adding some "create" command options that should
be parsed before actually creating the output image. It seems we don't
need any at this point so let's drop this function for now.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2017-11-17 11:30:31 +01:00
Luis Araneda
1c139d664b mac80211: enable brcmfmac's SDIO support on sunxi target
Needed to support some SDIO connected cards, like AMPAK modules

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2017-11-17 08:20:22 +01:00
Luis Araneda
bf6b3afa8c uboot-sunxi: add NanoPi M1 Plus board
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2017-11-17 08:20:06 +01:00
Alexander Couzens
c61a239514
add PKG_CPE_ID ids to package and tools
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Thanks to swalker for CPE to package mapping and
keep tracking CVEs.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2017-11-17 02:24:35 +01:00
Simon Wunderlich
a479c79818 kobs-ng: add header for integer definitions
My compilation failed because of missing uint.* definitions:

In file included from mtd.h:33:0,
                 from bootstream.c:35:
BootControlBlocks.h:58:2: error: unknown type name 'uint8_t'
  uint8_t m_u8DataSetup;
  ^
BootControlBlocks.h:59:2: error: unknown type name 'uint8_t'
  uint8_t m_u8DataHold;
  ^
BootControlBlocks.h:60:2: error: unknown type name 'uint8_t'
  uint8_t m_u8AddressSetup;
  ^
BootControlBlocks.h:61:2: error: unknown type name 'uint8_t'
  uint8_t m_u8DSAMPLE_TIME;

Adding the header file fixes the problem.

Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
[fold changes into 001-compile.patch]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-11-16 22:56:54 +01:00
Bjørn Mork
f922b0c191 kernel: pull edgeport firmware from linux-firmware repo
The kernel firmware/ is going away, so pull this firmware
from the linux-firmware git repo instead. No actual changes
to the installed files.

Signed-off-by: Bjørn Mork <bjorn@mork.no>
2017-11-16 22:56:54 +01:00