Commit graph

13794 commits

Author SHA1 Message Date
Jonas Gorski
471d5dc6e3 mwlwifi: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
5df30a169c mt76: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
3689f7c8ef mac80211: ath10k: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
7eda0d2272 broadcom-wl: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
5cee71904f broadcom-wl: reorder kmod build and pass EXTRA_VERSIONS
Reoder the build to build the glue module first and pass the glue module's
Module.symvers to the wl driver builds.

This allows modpost to properly store a wl_glue dependency in the driver.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
557e98ebcc broadcom-wl: define module directories
Define the module subdirs so our build system properly picks up the
Module.symvers.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
5172f799a3 ath10k-ct: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
dd9df74dfa ath10k-ct: define module directories
Define the module subdir so our buildsystem properly picks up the
Module.symvers.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
70e7efb12f acx-mac80211: drop PKG_BUILD_DEPENDS
We already have a DEPENDS on mac80211, which should be enough to ensure
headers are available before build.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jonas Gorski
860aba9e48 acx-mac80211: switch to AutoProbe
Now that we have working module dependency generation, we can switch to
AutoProbe and let modprobe handle loading required modules.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-27 13:06:15 +02:00
Jo-Philipp Wich
75021e9411 Revert "wpa_supplicant: log to syslog instead of stdout"
This reverts commit e7373e489d.

Support of "-s" depends on the CONFIG_DEBUG_SYSLOG compile time flag which
is not enabled for all build variants.

Revert the change for now until we can properly examine the size impact of
CONFIG_DEBUG_SYSLOG.

Fixes FS#1117.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-27 11:43:59 +02:00
Jo-Philipp Wich
d4e7af5278 mdadm: fix parameter quoting
Ensure that path defines are passed quoted to the compiler in order
to avoid cpp syntax errors.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-27 03:26:37 +02:00
Rosen Penev
8eadec40bd mdadm: Fix config generation
The init script generated something like "DEVICE=/dev/sda" when it should
have been generating "DEVICE /dev/sda". mdadm errors on this. Patch by jow.

Also changed the default sendmail path to /usr/sbin/sendmail. No package
in LEDE provides /sbin/sendmail. msmtp provides /usr/sbin/sendmail so use
that.

Also add a patch to fix file paths for mdadm runtime files. mdadm currently
errors on them since /run is missing. Once /run is added to stock LEDE, this
patch can be removed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[rewrap commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-27 02:32:32 +02:00
Martin Wetterwald
378e1a4858 iptables: Fix target TRACE issue
The package kmod-ipt-debug builds the module xt_TRACE, which allows
users to use '-j TRACE' as target in the chain PREROUTING of the table
raw in iptables.

The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so
that this feature which is implemented deep inside the linux IP stack
(for example in sk_buff) is compiled.

But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals
that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which
fails as this dynamic library is not present on the system.

I created the package iptables-mod-trace which takes care of that, and
target TRACE now works!

https://dev.openwrt.org/ticket/16694
https://dev.openwrt.org/ticket/19661

Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com>
[Jo-Philipp Wich: also remove trace extension from builtin extension list
                  and depend on kmod-ipt-raw since its required for rules]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
2017-10-27 02:31:33 +02:00
Henryk Heisig
f774d68fff ath10k-firmware: qca9888 firmware: remove board.bin
Signed-off-by: Henryk Heisig <hyniu@o2.pl>
2017-10-27 00:45:32 +02:00
Jonas Gorski
1dcd8e7cf1 mac80211: backport fixes for fix for CVE-2017-13080
Backport two fixes for the fix of CVE-2017-13080, preventing side channel
attacks and making it work for TKIP.

Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com>
2017-10-26 15:41:07 +02:00
John Crispin
21e59ee3a2 hostapd: fix up ubus support
Signed-off-by: John Crispin <john@phrozen.org>
2017-10-25 21:45:31 +02:00
Kevin Darbyshire-Bryant
240d4b1b6e ltq-xdsl-app: script style nit
Fix missing space style nit.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2017-10-25 18:48:51 +02:00
Mathias Kresin
dacf6db2ee ltq-adsl-app: add more script notifications
Backport HANDSHAKE and TRAINING notification from ltq-vdsl-app. It
unifies the dsl led blinking pattern accross all subtargets and allows
to get the current line status from the dsl led.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Mathias Kresin
63c436ea4b ltq-atm: remove xrx200 special handling
The lantiq ATM driver is load for all subtargets on demand now. There
is not need to handle the xrx200 ATM driver in a special way any
longer.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Mathias Kresin
b02b7004f8 lantiq: xway: rename nas0/ptm0 to dsl0
This change makes it possible to configure the wan/dsl ppp interface
settings independantly from the used TC-Layer (ATM/PTM).

By using dsl0 as interface name as for the xrx200 we can get rid of a
few conditionals which were introduced because of the different default
TC-Layer in xway and xrx200.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Mathias Kresin
1470c79ceb ltq-adsl-app: use notification based ATM/PTM driver load
This patch removes the fixed atm/ptm driver loading and
switches to notification based driver loading.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Mathias Kresin
d456a888d0 ltq-adsl-app: convert init script to procd
Use the procd features for the init script.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-25 08:45:05 +02:00
Stefan Oberhumer
06e41056aa libs/lzo: Reenable unaligned access on ARM, PPC, ...
Due a compiler bug on ARM targets
 ( https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64516 )
unaligned access was disabled on all targets other than i386 and
x86_64 with commit 061319ec3d .

A fix has been added to lzo-2.09 so it is not necessary to disable
unaligned access within the Makefile anymore.

Signed-off-by: Stefan Oberhumer <stefan@obssys.com>
2017-10-24 13:24:04 +02:00
Florian Fainelli
1a53315951 uboot-sunxi: Backport fix for stale CONFIG_SUNXIG_GMAC references
This backports the upstream commit fixing stale references to
CONFIG_SUNXI_GMAC which have been later replaced by CONFIG_SUN7I_GMAC.
This fixes the designware MAC pinmuxing on e.g: Lamobo R1.

Refresh patches while we are at it.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2017-10-23 18:42:25 -07:00
Stijn Tintel
683350873e kernel: add kmod-iio-bmp280
This driver supports the Bosch Sensortec BMP180/BMP280 pressure and
temperature sensors. It also supports the BME280 sensors with an
additional humidity channel.

Tested I2C and SPI modes with a BME280 sensor on a Raspberry Pi Zero W.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 12:50:30 +03:00
Stijn Tintel
19a7f44a5a kernel: move IIO modules to iio.mk
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-23 12:50:30 +03:00
Hans Dedecker
fbde9ac718 netifd: bump to git HEAD version (FS#1037)
0f96606 proto: add point-to-point IPv4 address config support (FS#1037)
1ee788d ubus: display the point-to-point IPv4 address

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-19 21:48:49 +02:00
Felix Fietkau
184c92e7fb uboot-envtools: add support for Nokia WI2A-AC200i
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-19 12:27:44 +02:00
Hauke Mehrtens
db4550c4c8 broadcom-wl: fix compile with kernel 4.9
ENOENT could not be found by the compiler when compiling again kernel
4.9.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-18 23:26:15 +02:00
Stijn Tintel
060e37567e hostapd: bump PKG_RELEASE
The previous commit did not adjust PKG_RELEASE, therefore the
hostapd/wpad/wpa_supplicant packages containing the AP-side workaround
for KRACK do not appear as opkg update.

Bump the PKG_RELEASE to signify upgrades to downstream users.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-18 13:02:12 +03:00
Jason A. Donenfeld
f6c4a9c045 wireguard: version bump to 0.0.20171017
This is a simple version bump. Changes:

  * noise: handshake constants can be read-only after init
  * noise: no need to take the RCU lock if we're not dereferencing
  * send: improve dead packet control flow
  * receive: improve control flow
  * socket: eliminate dead code
  * device: our use of queues means this check is worthless
  * device: no need to take lock for integer comparison
  * blake2s: modernize API and have faster _final
  * compat: support READ_ONCE
  * compat: just make ro_after_init read_mostly

  Assorted cleanups to the module, including nice things like marking our
  precomputations as const.

  * Makefile: even prettier output
  * Makefile: do not clean before cloc
  * selftest: better test index for rate limiter
  * netns: disable accept_dad for all interfaces

  Fixes in our testing and build infrastructure. Now works on the 4.14 rc
  series.

  * qemu: add build-only target
  * qemu: work on ubuntu toolchain
  * qemu: add more debugging options to main makefile
  * qemu: simplify shutdown
  * qemu: open /dev/console if we're started early
  * qemu: phase out bitbanging
  * qemu: always create directory before untarring
  * qemu: newer packages
  * qemu: put hvc directive into configuration

  This is the beginning of working out a cross building test suite, so we do
  several tricks to be less platform independent.

  * tools: encoding: be more paranoid
  * tools: retry resolution except when fatal
  * tools: don't insist on having a private key
  * tools: add pass example to wg-quick man page
  * tools: style
  * tools: newline after warning
  * tools: account for padding being in zero attribute

  Several important tools fixes, one of which suppresses a needless warning.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2017-10-17 19:43:06 +02:00
Stijn Tintel
c5f97c9372 hostapd: add wpa_disable_eapol_key_retries option
Commit 2127425434 introduced an AP-side
workaround for key reinstallation attacks. This option can be used to
mitigate KRACK on the station side, in case those stations cannot be
updated. Since many devices are out there will not receive an update
anytime soon (if at all), it makes sense to include this workaround.

Unfortunately this can cause interoperability issues and reduced
robustness of key negotiation, so disable the workaround by default, and
add an option to allow the user to enable it if he deems necessary.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 17:25:05 +03:00
Stijn Tintel
2127425434 hostapd: backport extra changes related to KRACK
While these changes are not included in the advisory, upstream
encourages users to merge them.
See http://lists.infradead.org/pipermail/hostap/2017-October/037989.html

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 17:24:47 +03:00
Stijn Tintel
5fff2f44d5 hostapd: bump PKG_RELEASE
The previous CVE bugfix commit did not adjust PKG_RELEASE, therefore the
fixed hostapd/wpad/wpa_supplicant packages do not appear as opkg update.

Bump the PKG_RELEASE to signify upgrades to downstream users.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 02:13:34 +03:00
Stijn Tintel
2f701194c2 mac80211: backport kernel fix for CVE-2017-13080
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-17 01:56:31 +03:00
Hauke Mehrtens
a29848c671 ppp: make the patches apply correctly again
This fixes a compile problem recently introduced by me.

Fixes: f40fd43ab2 ("ppp: fix compile warning")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-16 20:08:56 +02:00
Jason A. Donenfeld
699c6fcc31 wireguard: add wireguard to base packages
Move wireguard from openwrt/packages to base a package.

This follows the pattern of kmod-cake and openvpn. Cake is a fast-moving
experimental kernel module that many find essential and useful. The
other is a VPN client. Both are inside of core. When you combine the two
characteristics, you get WireGuard. Generally speaking, because of the
extremely lightweight nature and "stateless" configuration of WireGuard,
many view it as a core and essential utility, initiated at boot time
and immediately configured by netifd, much like the use of things like
GRE tunnels.

WireGuard has a backwards and forwards compatible Netlink API, which
means the userspace tools should work with both newer and older kernels
as things change. There should be no versioning requirements, therefore,
between kernel bumps and userspace package bumps.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Acked-by: Felix Fietkau <nbd@nbd.name>
2017-10-16 14:01:21 +03:00
Felix Fietkau
bbda81ce30 hostapd: merge fixes for WPA packet number reuse with replayed messages and key reinstallation
Fixes:
- CERT case ID: VU#228519
- CVE-2017-13077
- CVE-2017-13078
- CVE-2017-13079
- CVE-2017-13080
- CVE-2017-13081
- CVE-2017-13082
- CVE-2017-13086
- CVE-2017-13087
- CVE-2017-13088

For more information see:
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-16 12:01:57 +02:00
Hauke Mehrtens
f40fd43ab2 ppp: fix compile warning
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-15 14:19:49 +02:00
Martin Schiller
2dc9c8206b lantiq: xrx200: rename nas0/ptm0 to dsl0
This change makes it possible to configure the wan/dsl ppp interface
settings independantly from the used TC-Layer (ATM/PTM).

Now you can move a device from an ADSL/ATM port to an VDSL/PTM port
without any configuration changes for example.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
[use the dsl0 interface name for the default netdev trigger in 01_led,
add ip dependency]
Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-15 11:11:29 +02:00
Hauke Mehrtens
08bbb804c8 mac80211: ath6kl: add missing usb-core dependency to kmod-ath6kl-usb
This fixes a build problem with many targets.

Fixes 618ed77a17 ("mac80211: add ath6kl kernel modules")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-15 10:53:46 +02:00
Christian Lamparter
81e28be824 kernel: kmod-macsec module for 4.9
MACsec/IEEE 802.1AE is useful to secure communication to and
from endpoints at Layer 2.

Starting with 4.6, the linux kernel provides a universal
macsec driver for authentication and encryption of traffic
in a LAN, typically with GCM-AES-128, and optional replay
protection.

http://standards.ieee.org/getieee802/download/802.1AE-2006.pdf

Note:
LEDE can utilize MACsec with a static connectivity association
key (static PSK) with the ip-full package installed.
<http://man7.org/linux/man-pages/man8/ip-macsec.8.html>

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2017-10-15 00:24:22 +02:00
Daniel Engberg
e4b6900fd6 libs/libnl: Update to 3.3.0
Update libnl to 3.3.0
Import patches to fix compilation
Source: https://git.busybox.net/buildroot/tree/package/libnl
Source: https://gitweb.gentoo.org/proj/musl.git/diff/dev-libs/libnl/files/libnl-3.3.0_rc1-musl.patch?id=48d2a287
Use more automatic toolchain logic

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-10-15 00:24:22 +02:00
Florian Eckert
2e6d4c362b package/kernel/leds-apu2: add apu3 board detection
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-10-15 00:24:22 +02:00
Florian Eckert
2af41487e0 package/kernel/leds-apu2: fix whitespaces
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2017-10-15 00:24:22 +02:00
Yunhui Fu
0f061af98e wpan-tools: add the wpan-ping to test the 6LoWPAN network
This patch adds the help tool wpan-ping to test the 6LoWPAN
network to help the user debug network problem.

Signed-off-by: Yunhui Fu <yhfudev@gmail.com>
2017-10-15 00:24:22 +02:00
Ben Whitten
618ed77a17 mac80211: add ath6kl kernel modules
Allow board to include the ath6kl kernel modules.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-15 00:24:21 +02:00
Ben Whitten
76662637fa linux-firmware: add ath6k firmware to package
Systems which include the ath6k chipset need to have the firmware included
in the image.

Signed-off-by: Ben Whitten <ben.whitten@gmail.com>
2017-10-15 00:24:21 +02:00
Hans Dedecker
1cec4d4ef0 busybox: provide "ip"
Let busybox provide "ip" as it supports the ip applets link, address,
route, rule and neighbor

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-14 20:23:55 +02:00
Sandeep Sheriker Mallikarjun
0a919afae4 at91bootstrap: remove manual copy of binaries to BIN_DIR
removed copying of binaries to BIN_DIR during install and using
default/install to install binaries to BIN_DIR folder.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-10-14 00:33:34 +02:00
Sandeep Sheriker Mallikarjun
cc443e894a at91bootstrap: Add BUILD_SUBTARGET variable
Added sama5 to BUILD_SUBTARGET variable.This will populate at91bootstrap
menu options in bootloader menu only when SAMA5 devices are selected as
SUBTARGET and to avoid showing up this menu when legacy device is
selected as SUBTARGET and fixed typo mistake: sama5d3 -> sama5d2.

Signed-off-by: Sandeep Sheriker Mallikarjun <sandeepsheriker.mallikarjun@microchip.com>
2017-10-14 00:33:34 +02:00
Hauke Mehrtens
b4c3570666 uboot-at91: multiple build fixes
This fixes the following problems:
 * Add BUILD_DEVICES for legacy subtarget
 * Use features from u-boot.mk for sama5 subtarget This is mainly done
   by changing the prefix from uboot to U-Boot. This makes them depend
   on the sama5 subtarget and not selectable for the legacy subtarget
   any more

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-14 00:13:35 +02:00
Hans Dedecker
db18cee2d7 iproute2: bump to 4.13
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-13 21:48:44 +02:00
Felix Fietkau
5bd006aa26 mac80211: fix tx power regression
Revert an accidental change that was introduced by having an old version
of the patch in my git tree, which was merged in 609208597b

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-13 20:28:47 +02:00
Christian Lamparter
7ffb707576 dnsmasq: add listen_address parameter
This patch adds a parser for the uci representation of
dnsmasq's "-a | --listen-address" option.

In summary, this option forces dnsmasq to listen on the
given IP address(es). Both interface and listen-address
options may be given, in which case the set of both
interfaces and addresses is used.

Note that if no interface option is given, but listen_address is,
dnsmasq will not automatically listen on the loopback interface.
To achieve this, the loopback IP addresses, 127.0.0.1 and/or ::1
must be explicitly added.

This option is useful for ujailed dnsmasq instances, that would
otherwise fail to work properly, because listening to the
"This host on this network" address (aka 0.0.0.0 see rfc1700 page 4)
may not be allowed.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> (PKG_RELEASE increase)
2017-10-13 16:54:58 +02:00
Felix Fietkau
878456caf6 mt76: update to the latest version
e781569 update to latest mac80211/cfg80211 API changes
37654d7 mt76x2: fix tx status ampdu length corner case

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-13 11:45:57 +02:00
Felix Fietkau
609208597b mac80211: update to wireless-testing 2017-10-06
Rework the code to get rid of some extra kernel module dependencies
introduced in the last update.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-10-13 11:45:57 +02:00
Hauke Mehrtens
efbd4e721d ath10k-ct: activate user space firmware loading again
This backports a patch from kernel 4.14 to the ath10k-ct version based
on kernel 4.13.
Some devices are using a user space script to load the calibration data
from the flash and this was not trigged any more.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-12 23:40:27 +02:00
Ben Greear
3888e77c1c ath10k-ct driver: use dma_alloc_coherent, 4.13 based driver
This should help ath10k work on systems with little or no IOMMU
memory.  apu2 can boot two 9888 NICs now, for instance.  From
upstream patch by Adrian Chadd.

And, start building the 4.13 based CT ath10k driver.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-10-12 23:40:27 +02:00
Ben Greear
d8c559d614 ath10k-ct firmware: Tx-hang and EAPOL handling fixes for wave-2 firmware.
Changes since last LEDE release include:

  *  Fix key-setting bug that broke sending the EAPOL 2/4 in some cases.  This was a
     bug I introduced some time back while trying to fix .11r and simplify the key
     handling logic.  (Patch to wpa_supplicant fixed the race with sending the 4/4
     and setting the key...un-patched supplicant will still have this race and the 4-way
     auth will not work as reliably.)

  *  Increase amount of active-tids that can be scheduled.  This fixes a tx-stall
     seen with many station vdevs.

  *  Fix bug in upstream code that would cause the maximum peer to never be scheduled
     for tx.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2017-10-12 23:40:27 +02:00
Alexandru Ardelean
a5d016f361 net: uqmi: fix blocking in endless loops when unplugging device
If you unplug a QMI device, the /dev/cdc-wdmX device
disappears but uqmi will continue to poll it endlessly.

Then, when you plug it back, you have 2 uqmi processes,
and that's bad, because 2 processes talking QMI to the
same device [and the same time] doesn't seem to work well.

Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
2017-10-09 16:07:42 +02:00
Stijn Tintel
f8595a51d9 conntrack-tools: switch to git
There have been a number of interesting fixes in conntrack-tools since
the current latest release. Most notable is that this fixes IPv6
conntrack table syncing when cross-compiling conntrack-tools.

7e7748d src/main: refresh help message
fe32043 conntrackd.8: refresh file
47a4dda conntrackd.8: add reference to systemd
0cfe7ff doc/manual: include some bits about init systems
74a418b conntrackd: cthelper: ftp: Set match offset/len for PORT mangling
d833bed conntrackd: cthelper: ftp: Fix debug print
dd4b5a1 conntrackd: cthelper: Add new mdns helper
498d698 Link nfct and helper modules with `-z lazy`
9e94e85 sync-mode: print errno message on failure
ab81c35 log: print messages to stdout/sderr if running in console mode
631d92b log: introduce a mechanism to know if log was initialized
ccb1c8b conntrackd: replace error reporting in the config parser with dlog()
bee121e conntrackd: replace fprintf calls with dlog()
5a51b04 conntrack-tools: update Arturo Borrero Gonzalez email address
abb9984 helper: remove copy and paste from uapi kernel header
a91a004 src: add log message when resync is requested by other node
c2d8be1 systemd: fix missing log.h include
f6ca216 config: drop old/obsolete/deprecated conntrackd.conf config options
8b83771 conntrack: send mark filter to kernel iff set
1ba5e76 conntrackd: cthelper: Don't leak nat_tuple
832166d conntrackd: cthelper: Free pktb after use
ff843bc conntrackd: config: Do not strdup() tokens
b61c454 conntrackd: cthelper: ssdp: Track UPnP eventing
8ea394e conntrackd: Remove obsolete rule to catch ambiguous Checksum option
39398cd conntrackd: CommitTimeout breaks DisableExternalCache set On
29b390a conntrack: Support IPv6 NAT
381827a conntrackd: factorice tx_queue functions
131df89 conntrackd: factorize resync operations
d31bacc conntrackd: consolidate more code to use resync_send()
3d98496 conntrackd: request resync at startup
ef410bf conntrackd: remove use of HAVE_INET_PTON_IPV6
9d38445 conntrackd: evaluate configuration earlier
6feded7 conntrackd: cleanup if failed forking
dbfdea7 conntrackd: deprecate unix backlog configuration
210f542 conntrackd: make the daemon run in RT mode by default
37cc7f0 conntrackd: remove warning for -S
d2849d1 conntrack: Show multiple CPUs stats from proc
bc0b49a conntrackd: cthelper: ssdp: fix build with musl
0c77a25 tests: don't fail on modprobe since the driver might be built-in
eefe649 conntrack.8: refresh manpage

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:15:14 +03:00
Stijn Tintel
7695f144eb libnetfilter_conntrack: switch to git
In order to build conntrack-tools from git, a newer version of
libnetfilter_conntrack is required. As 1.0.6 is currently the latest
release, switch to git.

b0a7cf7 include: expose a copy of nf_conntrack_common.h
f68f7b3 conntrack: fix missing break in setobjopt_undo_dnat()
79dac5a conntrack: revert getobjopt_is_nat() condition
b266523 libnetfilter_conntrack: bump version to 1.0.7
e870432 labels: don't crash on NULL labelmap

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:12:00 +03:00
Stijn Tintel
bcfc39b763 libnetfilter_queue: bump to git HEAD
b39cac7 src: Correct typo in the location of internal.h in #include
58cb066 src: Declare the define visibility attribute together
e84b559 Revert "src: Declare the define visibility attribute together"
003c2b1 examples: set dummy connmark value to show use of NFQA_CT nested attribute
63973da doc: extend the doxygen section about NFQA_CFG_F_GSO
d7f74c7 build: bump version to 1.0.3
3f9eb57 build: bump library release version too
601abd1 doc: Add information about retrieving UID/GID/SECCTX fields

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-09 16:06:06 +03:00
Stijn Tintel
9e9696afc8 treewide: switch git.netfilter.org to HTTPS
As git.netfilter.org seems to support HTTPS, use that instead of HTTP
which is insecure, or GIT which is blocked on many corporate networks.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 21:10:36 +03:00
Stijn Tintel
6b533fd4bc ipset-dns: bump to git HEAD
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-08 20:51:03 +03:00
Daniel Golle
b80f6a5876 uboot-sunxi: build for NanoPi NEO
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2017-10-08 17:16:39 +02:00
Yangbo Lu
2e2203ff72 layerscape: update packages with LSDK git trees
NXP Layerscape LSDK had set up its own open source web site
and github for release.

https://lsdk.github.io
https://github.com/qoriq-open-source

This patch is to update rcw/fman_ucode/u-boot packages with LSDK
git trees. Also add some patches of packages to support LEDE.
Since ARMv8 32-bit u-boot images are same with ARMv8 64-bit images
but 64-bit toolchain couldn't be used for 32-bit targets, we still
use a private tree for ARMv8 32-bit u-boot images. This is in plan
to move this private tree to NXP Layerscape github.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-10-07 23:13:22 +02:00
Yangbo Lu
806624add5 layerscape: rename subtargets and update makefile files
Rename subtargets 32b/64b with armv8_32b/armv8_64b which are
more proper, and update makefile files. There also will be other
subtargets added in the future, like armv7.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2017-10-07 23:13:22 +02:00
Hans Dedecker
778970735b curl: add nghttp2 support
Add config option support for nghttp2

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-07 19:17:44 +02:00
Hans Dedecker
0e265dc0c7 nghttp2: add libnghttp2 package
The nghttp2 library is an implementation of the Hypertext Transfer
Protocol version 2 in C; it supports RFC7540 and RFC7541.
The package enables only the reusable C library; binary size is 130K (X86)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-07 19:17:44 +02:00
Thibaut VARENE
2be307c998 rbcfg: Implement CPU frequency control
This patch implements CPU frequency control as found on several
routerboard devices.

Supported SoCs:
- QCA953X
- AR9344

Tested on hAP lite and mAP lite (QCA953x): steps of 50MHz
Tested on LHG 5 (AR9344): steps of 50MHz

On unsupported hardware, this patch is a NOP: it will not alter the
new field.
"rbcfg help" will display an empty "cpu_freq" help listing.
"rbcfg show" will not show the cpu_freq field.
"rbcfg set/get cpu_freq" will return an error code.

Signed-off-by: Thibaut VARENE <hacks@slashdirt.org>
[adjusted subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2017-10-07 15:00:26 +02:00
Stijn Tintel
c088203535 hostapd: escape double quoutes in wpad CFLAGS
A recent commit in hostapd added a build option to specify the default
TLS ciphers. This build option is passed via CFLAGS. Due to the way
CFLAGS are handled when building wpad, the compiler tries to recursively
expand TLS_DEFAULT_CIPHERS, resulting in the following error:

../src/crypto/tls_openssl.c: In function 'tls_init':
<command-line>:0:21: error: 'DEFAULT' undeclared (first use in this function)
../src/crypto/tls_openssl.c:1028:13: note: in expansion of macro 'TLS_DEFAULT_CIPHERS'
   ciphers = TLS_DEFAULT_CIPHERS;
             ^

Escape double quotes in the .cflags file to avoid this.

Fixes: 2f78034c3e ("hostapd: update to version 2017-08-24")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-10-07 05:49:22 +03:00
Koen Vandeputte
2f78034c3e hostapd: update to version 2017-08-24
- Deleted upstreamed patches & parts
- Refreshed all

Compile tested: full-option package + tools (hostapd + wpa_supplicant)
Run-tested: hostapd wpa2 hotspot & wpa_supplicant IBSS link

Targets: cns3xxx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2017-10-07 05:46:04 +03:00
Hans Dedecker
bd27331eea netifd: update to latest git HEAD version (FS#1030)
5df3f01 config: suppress error if no wireless config present (FS#1030)
3429bd8 system-linux: add support for hotplug event 'move'

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-06 22:12:33 +02:00
Hans Dedecker
834c93e00b dropbear: fix PKG_CONFIG_DEPENDS
Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-06 09:38:00 +02:00
Hans Dedecker
7d905f1e95 uci: bump to git HEAD version
5ad59ad Add bitfield_set function from libubox

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-04 21:29:34 +02:00
Hans Dedecker
470b13975d libubox: bump to git HEAD version
632688e utils: nuke bitfield functions and macros
f714be1 uloop: make SIGCHLD signal handling optional

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-04 21:29:00 +02:00
Mathias Kresin
d07f924978 ltq-vmmc: disable for falcon
The module fails to compile with falcon. Remove the falcon depends from
the module to not (try to) compile it for falcon any longer.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-04 20:08:15 +02:00
Mathias Kresin
bd523d4573 ltq-ptm: mark AmazonSE support as broken
Albeit ltq-ptm is supported on AmazonSE, the package fails to compile.
Mark the AmazonSE variant as broken to not mark it unnecessary harder
to fix (and test) the compile error.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-10-04 20:08:15 +02:00
Hans Dedecker
a37655baca procd: use LN macro
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2017-10-03 11:07:26 +02:00
Kevin Darbyshire-Bryant
67ac017fef dnsmasq: bump to v2.78
Fixes CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495, 2017-CVE-14496

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
2017-10-02 18:26:53 +02:00
Hauke Mehrtens
5508510e74 sunxi: add Orange Pi R1 support
The following features are working and tested:
* both Ethernet ports
* MMC
* LED

The following features are not working:
* Wifi (There is a crappy driver we could port)
* SPI flash (I haven't looked into this)

I haven't tried out the rest.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-01 17:10:33 +02:00
Hauke Mehrtens
ba1aedafeb mac80211: fix compile error on PowerPC (PPC_85xx)
Including linux/interrupt.h in linux/hrtimer.h causes this error message
on PowerPC builds on x86, ARM and MIPS it works:

  CC [M]  /backports-4.14-rc2-1/compat/main.o
In file included from /backports-4.14-rc2-1/backport-include/linux/printk.h:5:0,
                 from ./include/linux/kernel.h:13,
                 from /backports-4.14-rc2-1/backport-include/linux/kernel.h:3,
                 from ./include/linux/list.h:8,
                 from /backports-4.14-rc2-1/backport-include/linux/list.h:3,
                 from ./include/linux/module.h:9,
                 from /backports-4.14-rc2-1/backport-include/linux/module.h:3,
                 from /backports-4.14-rc2-1/compat/main.c:1:
./include/linux/ratelimit.h: In function 'ratelimit_state_exit':
./include/linux/ratelimit.h:62:11: error: dereferencing pointer to incomplete type 'struct task_struct'
    current->comm, rs->missed);
           ^
./include/linux/printk.h:279:37: note: in definition of macro 'pr_warning'
  printk(KERN_WARNING pr_fmt(fmt), ##__VA_ARGS__)
                                     ^
./include/linux/ratelimit.h:61:3: note: in expansion of macro 'pr_warn'
   pr_warn("%s: %d output lines suppressed due to ratelimiting\n",
   ^

The backport of the hrtimer_start() functions needs the
linux/interrupt.h because some parts are defined there. Fix this by
moving the hrtimer_start() backport to the linux/interrupt.h backport
header file.

Fixes: a8f63a0717: ("mac80211: update to backports-4.14-rc2")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-01 16:41:19 +02:00
Hauke Mehrtens
a8f63a0717 mac80211: update to backports-4.14-rc2
This updates mac80211 to backprots-4.14-rc2.
This was compile and runtime tested with ath9k, ath10k and b43
with multiple stations and ieee80211w and in different scenarios by many
other people.

To create the backports-4.14-rc2-1.tar.xz use this repository:
https://git.kernel.org/pub/scm/linux/kernel/git/backports/backports.git
from tag v4.14-rc2-1

Then run this:
./gentree.py --git-revision v4.14-rc2 --clean  <path to linux repo> ../backports-4.14-rc2-1

This also adapts the ath10k-ct and mt76 driver to the changed cfg80211
APIs and syncs the nl80211.h file in iw with the new version from
backports-4.14-rc2.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2017-10-01 12:49:11 +02:00
Lucian Cristian
1114f5dc10 sunxi: improve A20 Lime2 upload speed
Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2017-09-30 23:50:57 +02:00
Daniel Engberg
c4562a9069 package/utils/f2fs-tools: Update to 1.9.0
Update f2fs-tools to 1.9.0
Remove patch as its been committed upstream

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2017-09-30 22:43:17 +02:00
Ryan Mounce
6a5a58ed27 util-linux: update to 2.30.2
Signed-off-by: Ryan Mounce <ryan@mounce.com.au>
2017-09-30 22:41:43 +02:00
Hauke Mehrtens
3adafda07c base-files: create /etc/config/ directory
The /bin/config_generate script and some other scripts are assuming the
/etc/config directory exists in the image. This is true in case for
example the package firewall, dropbear or dnsmasq are included, which
are adding the files under /etc/config/. Without any of these package
the system will not boot up fully because the /etc/config/ directory is
missing and some init scripts just fail.

Make sure all images with the base-files contain a /etc/config/
directory.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Acked-by: John Crispin <john@phrozen.org>
2017-09-30 22:22:38 +02:00
Mathias Kresin
fe36f7b0a6 ltq-vdsl-mei: revert disable optimized firmware download
This reverts commit b428f45c062dc8ca8c2f35f491fa467dc5b85519.

If the optimized firmware download is disabled, the xdsl subsystem
hangs in the "idle request" state after physically disconnecting and
reconnecting the xdsl modem from the line.

It might fix the failing line init on boot as well.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2017-09-30 20:36:48 +02:00
Stijn Tintel
c317af777b iw: fix build on musl host
The empty version.sh script causes a problem when run by make:
make[3]: /usr/bin/env bash: Shell program not found

Adding a shebang line in version.sh seems to solve it.

Fixes FS#977.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-29 14:59:06 +03:00
Felix Fietkau
e64463ebde util-linux: avoid using the getrandom syscall
getrandom blocks until the random pool is being initialized.
Unfortunately, this code is being called early during init to create the
overlay filesystem, on some devices leaving little chance for a
successful random pool init.
True randomness is not that important here, so fix this issue by
sticking to using /dev/urandom, like in older versions of this code.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-29 12:32:44 +02:00
Stijn Tintel
1d7042231b gdb: bump to 8.0.1
Add -static-libstdc++ to TARGET_LDFLAGS to avoid a hard dependency on
libstdc++, and -Wl,--gc-sections to further reduce the size on platforms
that support it.

Fixes CVE-2017-9778.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2017-09-29 06:33:39 +03:00
Felix Fietkau
6919f95bb3 mt76: update to the latest version, improves mt7603 stability
cb83f33 mt7603: mac: fix logic in mt7603_tx_hang()
21f20b4 mt7603: mac: fix register configuration in mt7603_rx_dma_busy()
d5e945e mt7603: mcu: fix indentation of mcu command definition

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-28 22:57:48 +02:00
Felix Fietkau
afe83f6151 linux-firmware: fix intel wireless-n 100 firmware package name
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-28 22:57:46 +02:00
Felix Fietkau
79216243d7 hostapd: add support for accessing 802.11k neighbor report elements via ubus
This API can be used to distribute neighbor report entries across
multiple APs on the same LAN.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-28 22:46:26 +02:00
Felix Fietkau
9f5f5d250e hostapd: add support for specifying device config options directly in uci
This is useful for tuning some more exotic parameters where it doesn't
make sense to attempt to cover everything in uci directly

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2017-09-28 22:45:59 +02:00
Marcin Jurkowski
a816e1eac7 dropbear: make ssh compression support configurable
Adds config option to enable compression support which is usefull
when using a terminal sessions over a slow link. Impact on binary
size is negligible but additional 60 kB (uncompressed) is needed for
a shared zlib library.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
2017-09-28 21:47:16 +02:00
John Crispin
00e9a7aacb umdns: update to latest git HEAD
b84fdac Add debug output for service_timeout
8f7e3bc Remove incorrect comma in http service json config
9f40133 Remove ttl==255 restriction for queries

Signed-off-by: John Crispin <john@phrozen.org>
2017-09-28 09:29:31 +02:00