Commit graph

15167 commits

Author SHA1 Message Date
Kevin Darbyshire-Bryant
885052fbfb kmod-sched-cake: bump to 20181002
Revert "Add workaround for wrong skb->mac_len values after splitting GSO"

Remove our local patch which did the same thing.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-10-02 19:59:05 +01:00
Stijn Tintel
7378ca79b9 strace: add option to enable libdw stack tracing
Fixes build with CONFIG_libdw=y.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-10-02 19:57:33 +03:00
Hans Dedecker
c8e2edfd9e netifd: update to latest git HEAD (FS#1875)
83428fa iprule: coding style fixes
aeec2a0 iprule: fix segfault (FS#1875)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-10-02 13:34:04 +02:00
Kevin Darbyshire-Bryant
b47614f9f1 kmod-sched-cake: don't gso fixup on fixed kernels
Kernels 4.14.73 & 4.9.140 include the gso fixup fix, so cake
doesn't need to do it.  Let's not waste cpu cycles by doing it in
cake which could be really important on cpu constrained devices.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-10-02 12:04:11 +01:00
Felix Fietkau
031c31ccdb mt76: update to the latest version, fixes mt76x2 beacon issue
94d4445 mt76: mt76x2: fix multi-interface beacon configuration

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-10-01 13:36:17 +02:00
Rosy Song
456df06071 odhcpd-ipv6only: fix dependency for IPV6
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-09-30 21:05:42 +02:00
Hans Dedecker
8e604dea31 netifd: update to latest git HEAD
94e156f scripts: fix previous commit
3c8ac1c netifd: fix wpa mixed mode matching

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-30 21:05:35 +02:00
Hauke Mehrtens
99e1a12fd0 kernel: Add missing config option for NFSDv4
This configuration option is not set when building the
layerscape/armv8_64b target.

Fixes: 92aa21497b ("kernel: build support for NFSv4 in nfsd")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-09-29 23:18:33 +02:00
Enrique Giraldo
61454a0a8c hostapd: add acs feature indication
Signed-off-by: Enrique Giraldo <enrique.giraldo@galgus.net>
2018-09-29 17:23:11 +02:00
W. Michael Petullo
92aa21497b kernel: build support for NFSv4 in nfsd
Signed-off-by: W. Michael Petullo <mike@flyn.org>
2018-09-29 17:23:11 +02:00
Emil Muratov
bbf46c9f8f zram-swap: bump pkg version
Signed-off-by: Emil Muratov <gpm@hotplug.ru>
2018-09-29 17:23:11 +02:00
Emil Muratov
70d3ffb47f zram-swap: Add "max compression streams" configuration option
Config option to limit maximum compression streams per zram dev for
multicore CPU's. This could be defined via 'zram_comp_streams' option in
the 'system' section of '/etc/config/system' file or via cli (for e.x.
with 'uci set system.@System[0].zram_comp_streams=2 && uci commit
system'). Default is number of logical CPU cores.

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
2018-09-29 17:23:11 +02:00
Emil Muratov
814cae7362 zram-swap: fix number of created zram devices for multicore CPU's
Use only one zram swap device of the specified $size instead of
[N x $size] devices for multicore CPUs Now zram module uses multiple
compression streams for each dev by default, so we do not need to create
several zram devs to utilize multicore CPUs.

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
2018-09-29 17:23:11 +02:00
Emil Muratov
9edc1fe8ab zram-swap: fix zram dev reset for multicore cpu devices
* "zram stop" could reset up to $(num_of_cores) zram devices even if
   some of those were not mounted as swap dev's. This fix tries to
   enumerate mounted swap zram dev's before making a reset

 * remove hot-added zram devs on stop (except zram0)

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
2018-09-29 17:23:11 +02:00
Emil Muratov
b9e89adfb7 zram-swap: compression algorithm configuration option
Compression algorithms for zram are provided by kernel crypto API, could
be any of [lzo|zl4|deflate|<some_more>] depending on kernel modules.
Compress algo for zram-swap could be defined via 'zram_comp_algo' option
in 'system' section of '/etc/config/system' file, or via cli (for e.x.
with 'uci set system.@System[0].zram_comp_algo=lz4 && uci commit
system'). check available algo's via 'cat /sys/block/zram0
/comp_algorithm'

Signed-off-by: Emil Muratov <gpm@hotplug.ru>
2018-09-29 17:23:11 +02:00
Christian Lamparter
641dc50164 base-files: make it possible to specify switch led mode
The swconfig switch led driver has the ability to switch
between a "link, rx and/or tx" mode. However, this feature
was not implemented in uci, the led init script and
config_generate.

This patch adds a seventh parameter to the
ucidef_set_led_switch() function. The accepted values for
this parameter are: link, rx and tx.
Any permutations of these three values are supported, as
long as they are properly encased with quotes.
If the parameter is not specified it will default to "all"
(link rx tx).

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-09-29 17:23:11 +02:00
Hauke Mehrtens
3404c5978a samsung: Add missing dependencies to kmod-of-mdio
The samsung target builds of_mdio.ko as a module, add the needed
dependency to it.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-09-29 17:23:11 +02:00
Felix Fietkau
93db9a65da mac80211: fix management frame protection issue with mt76 (and possibly other drivers)
Software crypto wasn't working for management frames because the flag
indicating management frame crypto was missing

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-29 16:05:14 +02:00
Felix Fietkau
273594b37c mt76: update to latest, adds mt76x0u and mt76x2u support, fixes a mt7603 powersave issue
d220f43 Revert "mt76x2: reset HW before probe"
0853d79 Revert "mt76x2: add functions for setting extended MAC address registers"
8ba17b1 Revert "mt76: use a per rx queue page fragment cache"
3f0ac35 mt76x2: init: disable APCLI by default
38014de mt76x2: remove unnecessary break in mt76x2_mac_process_tx_rate()
fbf4791 mt76x2: fix TXD_INFO bitmask definition
d00c616 mt76x2: fix mrr idx/count estimation in mt76x2_mac_fill_tx_status()
0d42d22 mt76: introduce mt76_{incr,decr} utility routines
0f6379a mt76x2: dfs: add sw event ring buffer
df8071f mt76x2: dfs: add sw pattern detector
016df9c mt76x2: debugfs: add sw pulse statistics to dfs debugfs
a6915cb mt76: move MT_TXD_INFO, MT_MCU_MSG and MT_RX_FCE_INFO defs in dma.h
911e6aa mt76x2: move mt76x2_fw_header and mt76x2_patch_header definitions in mcu.h
c55d29b mt76x2: move utility routines in mt76x2.h
d08ea82 mt76x2: introduce mt76x2_init_device routine
6a1e809 mt76x2: move interface_modes definition in mt76x2_init
5aa0972 mt76x2: introduce mt76x2_mac_load_tx_status routine
730b86c mt76x2: add napi struct to mt76_rx_poll_complete/mt76_rx_complete signatures
1ab6cea mt76x2: add buffer len to mt76x2_mac_write_txwi signature
7ac6dac mt76: rename mt76_tx_queue_skb in mt76_dma_tx_queue_skb
66f3949 mt76: introduce tx_queue_skb function pointer in mt76_bus_ops
d099694 mt76: introduce mt76x2-common module
9bf1aa1 mt76: add mt76x2_tx_common to mt76x2-common module
29f960a mt76: add mt76x2_mac_common to mt76x2-common module
8f568ce mt76: add mt76x2_init_common to mt76x2-common module
61c4c61 mt76: add mt76x2_common to mt76x2-common module
264edbe mt76: add mt76x2_phy_common to mt76x2-common module
7625508 mt76: move mt76x2_debugfs in mt76-common module
99a3afa mt76: add usb support to mt76 layer
25b4598 mt76: add driver code for MT76x2u based devices
253c443 mt76x0: core files
6ed7bc2 mt76x0: mac files
a2c1068 mt76x0: usb files
c332481 mt76x0: mcu files
0d7d9ed mt76x0: phy files
5d50834 mt76x0: init files
c633654 mt76x0: eeprom files
18a9d4e mt76x0: trace and debugfs files
7395bba mt76x0: dma and tx files
08dec4c mt76x0: main file
5892efd mt76: add more states
e176af8 mt76: Kconfig and Makefile for mt76x0 driver
5c38d48 mt76x0: disable HW before probe
2f37f60 mt76x0: load firmware from mediatek subdir
1388140 mt76x0: rename mt76_* functions
1cb65d5 mt76x0: rename trace symbols
4fe2b16 mt76x0: correct type for eeprom gain value
560b643 mt76x0: perform mt76x0_mac_set_ampdu_factor
d1645aa mt76x0: Remove VLA usage
f8a0da4 mt76: Fix comparisons with invalid hardware key index
884eca5 mt76: unify wait_for_mac
fc636f0 mt76: rename mt76x2_regs.h
493feb9 mt76: merge mt76x0/regs.h into mt76x02_regs.h
a238099 mt76: create new mt76x02-lib module for common mt76x{0,2} code
55bceee mt76: unify mac_get_key_info
f6c19cf mt76: add helpers for register access with mt76_dev struct
34a95b8 mt76: unify mac_shared_key_setup
4286255 mt76: unify mt76x02_mac_wcid_set_key
732535e mt76: unify mac_wcid_setup
51b74ac mt76: use mac_wcid_set_drop in mt76x0
1b4a98f mt76x0: use mt76_wcid_free in mt76x0
fcf2130 mt76: unify mt76x02_vif struct
1f35eb5 mt76: unify sta structure part 1
086ea9f mt76: unify sta structure part 2
caff9a2 mt76x0: initalize custom tx queues
7362da7 mt76x0: use mt76x02_sta and mt76x02_tx_status
3a03aa1 mt76: move mt76_reg_pair definition in mt76.h
a853831 mt76: split __mt76u_mcu_send_msg and mt76u_mcu_send_msg routines
a80564f mt76: move mt76x2u_mcu_deinit routine in mt76-usb module
ac92496 mt76: add multiple regs read support to usb_mcu layer
8b0e08f mt76x0: use mt76u_init for bus initialization
ef32115 mt76x0: remove mt76x0_vendor_reset routine
949858f mt76x0: remove mt76x0_vendor_single_wr routine
21ecb9b mt76x0: remove mt76x0_mcu_msg_alloc routine
4cfeebb mt76x0: use shared mt76 usb mcu completion
2600712 mt76x0: remove mt76x0_complete_urb routine
0bd0fe8 mt76x0: remove mt76x0_vendor_request routine
f88bde2 mt76x0: remove unused mt76x0_wait_asic_ready routine
7eca333 mt76x0: use mt76u_mcu_send_msg utility routine to send fw cmds
8fedb79 mt76x0: remove unused mt76x0_mcu structure
e8fe4f3 mt76x0: use mt76u_mcu_fw_send_data for fw uploading
b9c46a8 mt76x0: remove unused routines for usb_buff alloc/free
ed3366d mt76: Enable NL80211_EXT_FEATURE_CQM_RSSI_LIST
9867146 mt76: verify evt type in usb mcu response
82a8c8a mt76: move wcid fields to common mt76_dev struct
f409c6b mt76: unify sta_add / sta_remove
d972ddd mt76: pratially unify add_interface
f8f5788 mt76x0: fix wrong usage of wcid_mask in remove_interface
380f89c mt76: unify ampdu_action
8c7098e mt76: unify set_key
2a20cfc mt76x0: remove empty sta_notify
a690333 mt76: unify AC to hw queue mapping
4453308 mt76: unify conf_tx
d9352cb mt76x0: remove vif_mask
196720e mt76: unify remove_interface
57c3e89 mt76: unify add_interface
91fce2f mt76: unify sta_rate_tbl_update and related helpers
3977f48 mt76: unify txwi and rxwi structures
41e0403 mt76: unify load_tx_status
4674502 mt76: unify send_tx_status and related helpers
02816b0 mt76: use mt76_rx_status in mt76x0
0a17b1e mt76: unify mac_process_rate
8aac175 mt76x0: reserve enough space in mac80211
81a655a mt76: unify {insert/remove}_hdr_pad
d8f7d2e mt76: partially unify filling txwi fields
3533718 mt76x2: change mt76x2_tx_complete routine signature
469aeb1 mt76: move mt76x2_tx_complete routine in mt76x02-lib module
87f138b mt76: move mt76x2u_remove_dma_hdr in mt76x02-lib module
c87a7e8 mt76: move mt76x2u_tx_complete_skb in mt76x02-lib moudule
b85e072 mt76: move mt76_qsel definition in dma.h
53b3c5a mt76: move mt76x2u_set_txinfo in mt76x02-lib module
34cec25 mt76x0: introduce mt76x0_tx_prepare_skb routine
6c5ac15 mt76: move mt76x2u_tx_status_data in mt76x02-lib module
0ba8261 mt76x0: init mt76_driver_ops callbacks
2615090 mt76x0: use mt76_alloc_device for device allocation
3c40eaf mt76x0: disable usb rx bulk aggregation
746edd7 mt76x0: mark device as running in mt76x0_start
dd77785 mt76x0: simplify mt76_mac_process_rx signature
3739601 mt76x0: add mt76x0_queue_rx_skb routine
062aaa8 mt76x0: unify tx/rx datapath with mt76x2u driver
85f171f mt76x0: stop stat workqueue at hw stop
8c68115 mt76x0: set max fragments size
ac02f5c mt76x0: remove unused dma.c source file
964df72 mt76x0: remove unused stat work_queue
afb34b8 mt76x0: remove unused {tx/rx}_queue definitions
a4fd791 mt76x0: remove unused mt76x0_tx_status routine
0e92ff6 mt76x0: remove unused endpoint definitions
8340e19 mt76x0: remove unused stat_work
bfbbf05 mt76x0: enable per-sta tx queueing
a8fcaa3 mt76x0: init hw capabilities
6a9b73c mt76x0: trim rx skb to proper length
aa0c279 mt76: remove unused MT76_MORE_STATS state
873d792 mt76x0: remove mt76x0_stop_hardware routine
246a216 mt76: move mt76 rate definitions in mt76x02-lib module
aae3fb8 mt76x0: alloc mcu buffers first in mt76x0_mcu_cmd_init
3c693a1 mt76x0: fix memory leak during hw probe
98faee1 mt76x0: move stop related routines in mt76x0_mac_stop
d07c02a mt76x0: move mt76x0_init_hardware in mt76x0_register_device
12c01f4 mt76x0: do not free/alloc buffers during suspend/resume
297cc34 mt76x0: remove has_{2,5}ghz fields of mt76x0_eeprom_params
2d77a9a mt76x0: use mt76_register_device for device registration
bb57912 mt76x0: inital split between pci and usb
3e241f3 mt76x0: remove unused mt76x0_wcid
a8c61c2 mt76x0: remove some usb specific code from mt76x0_register_device
e4a7387 mt76x0: make device allocation bus neutral
6da4642 mt76x0: run vco calibration for each channel configuration
1ac35da mt76: move mt76x0 and mt76x2 mcu shared defs in mt76x02_mcu.h
4d43674 mt76: add mt76_mcu_ops data structure for mcu related pointers
479b153 mt76: add usb implementation of {wr,rd}_rp
e525b01 mt76: add rd_rp and wr_rp to bus_ops/mcu_ops
f5590b0 mt76: usb: use common helpers for mcu_alloc_msg()/mcu_send_msg()
d2773ce mt76: usb: move mt76x02 mcu code in mt76x02-usb module
6337ffb mt76: usb: move mt76u_skb_dma_info in mt76x02_usb_core.c
5a79f17 mt76x02: move TXD/RXD/MCU definitions in mt76x02_dma.h
88ece32 mt76x02: add static qualifier to mt76x02_remove_dma_hdr
d63b72f mt76x0: remove unused mt76x0_burst_read_regs
0aef244 mt76x0: remove mt76x0_burst_write_regs()
14aaf87 mt76: usb: remove skb check in mt76x{0,2}u mcu routines
46ba81c mt76x2: use mt76_dev instead of mt76x2_dev in mt76x2_tx_queue_mcu
dbc4442 mt76x2: remove leftover mt76u_buf data structure in mt76x2_mcu
26909cd mt76: introduce mmio data structure in mt76_dev
425e7e0 mt76: move __iomem regs in mt76_mmio
28cfe61 mt76x2: use mt76_dev instead of mt76x2_dev in mt76x2_mcu_msg_send
a1e27de mt76x2: use common helpers for mcu_alloc_msg()/mcu_send_msg()
90b1eac mt76: unify firmware header between mt76x0 and mt76x2
a0cbd4b mt76: move mt76{0,2} mcu shared code in mt76x02_mcu.c
a633c61 mt76x2: move mt76x2 mcu shared code in mt76x2_mcu_common.c
ce91108 mt76: move shared mcu_calibrate routine in mt76x02-lib module
2b3b4df mt76x2: move mt76x2_phy_tssi_compensate in mt76x2-common module
39a380a mt76: use a per rx queue page fragment cache
b4a2141 mt76x2u: run device cleanup routine if resume fails
df11092 treewide: Use struct_size() for kmalloc()-family
788becd treewide: devm_kzalloc() -> devm_kcalloc()
971005a mt76x2u: Add support for Alfa AWUS036ACM
878b0bd mt76: fix debugfs_simple_attr.cocci warnings
44ed12d wireless: Use octal not symbolic permissions
a6f80ef build: make building 76x2e and 7603e optional
1047913 mt76x0: usb: move firmware loading to usb.c
26b20f8 mt76x0: remove mcu source file
44145f3 mt76x0: remove unused usb header file
d56be99 mt76x0: usb: remove mt76_fw definition
3733445 mt76x2: fix tx power configuration for VHT mcs 9
0aced80 mt76x0: pci: add mt7650 PCI ID
35e88c0 mt76x0: pci: add fw uploading routine
3991afa mt76: move seq_put_array in mt76-core module
6cf6fba mt76: add stbc entries to mt76_rate_power
4451f99 mt76: move common eeprom definitions in mt76x02-lib module
c9100cb mt76: move eeprom utility routines in mt76x02_eeprom.h
611b8c7 mt76: move mt76x2_eeprom_get in mt76x02_eeprom.h
b59ed56 mt76: move mt76x02_mac_setaddr in mt76x02-lib module
844daeb mt76: move mt76x2_get_efuse_data in mt76x02-lib module
7556cb9 mt76: move mt76x2_ext_pa_enabled routine in mt76x02_eeprom.c
19d7853 mt76x0: remove mt76x0_set_country_reg routine
ba7a3da mt76: add mt76x02_get_rx_gain and mt76x02_get_lna_gain utility routines
35b0a2a mt76x0: unify lna_gain parsing
2a470db mt76x0: unify rssi_offset parsing
fe89537 mt76x0: unify temperature offset parsing
76bc22f mt76x0: unify freq offset parsing
bedeb3d mt76: move mt76x02_eeprom_parse_hw_cap in mt76x02-lib module
1adcd39 mt76x0: unify parse hw capabilities
df23620 mt76: move mt76x2_tssi_enabled in mt76x02_eeprom.h
ebca136 mt76: usb: remove WARN_ON in mt76u_get_rx_entry_len
cf8f750 mt76: fix return value of mt76x02_wait_for_mac
f802bd5 mt76: move mt76_rate_power in mt76_dev
4b6093c mt76: add mt76x02_phy_set_txpower utility routine
c206b8c mt76: move rate_txpower handler in mt76 debugfs
4da6fd3 mt76: move mt76x02_rate_power_val in mt76x02-lib module
fb3806d mt76x0: remove mt76x0_phy_set_tx_power and mt76x0_extra_power_over_mac
730db56 mt76x0: remove eeprom dependency from mt76x0_set_tx_power_per_rate
212fa2c mt76x0: remove eeprom dependency from mt76x0_get_power_info
280e452 mt76x0: use shared debugfs implementation
21fddc3 mt76x0: phy: introduce mt76x0_phy_set_txpower routine
b0d85d4 mt76: include linux/module.h in files using MODULE_*
a47083b mt76: report firmware version using ethtool
dc66f7c mt76: usb: make rx page_frag_cache access atomic
09d696b mt76: use skb_pad() instead of __skb_pad()
e8d7890 mt76x0: add quirk to disable 2.4GHz band for Archer T1U
e76fe15 mt76x2: disable WLAN core before probe
41c552f mt76x0: work around cflags issue in compat layer for trace.h
b95bc8a mt76x0: use mt76_poll in mt76x0_set_wlan_state
3a3554a mt76: move wait_for_wpdma in mt76x02_dma.h
0527feb mt76: add mt76x02_dma_enable/mt76x02_dma_disable utility routines
a8fda4b mt76: move mt76x02_set_irq_mask in mt76x02_mmio.c
11e3028 mt76: move queue initialization in mt76x02_mmio.c
5a29094 mt76: move mt76x02_beacon_offset in mt76x02_util.c
5f1d0ff mt76: mmio: add implementation of wr_rp and rd_rp
47eee35 mt76: move mt76x2_wait_for_bbp in mt76x02-lib module
7cc4be7 mt76x0: update initvals to latest version of vendor driver
e1a2179 mt76x0: pci: move mcu code in pci_mcu.c
886f6fc mt76x0: usb: move mcu code in usb_mcu.c
c7b28f4 mt76x0: use mt76x02 utility routines in mt76x0 init code
005d40a mt76x0: init: remove duplicated initialization
94776fe mt76x0: init: remove MT_PBF_SYS_CTRL configuration in mt76x0_reset_csr_bbp
5bb8339 mt76x0: init rx filter in mt76x0_init_hardware
fe1379a mt76: add mt76x02_mac_start routine
da982d3 mt76x0: usb: move initialization code in usb.c
22be43e mt76x0: pci: add hw initialization at bootstrap
15a50e1 mt76x0: phy: set antenna parameter according to wireless band
5d2a331 mt76: move set_{tx,rx}_path routines in mt76x02-lib module
8050d71 mt76x0: add ieee80211_ops ops pointer to mt76x0_alloc_device signature
c240904 mt76x0: pci: add mt76x0e_{start/stop} callbacks
b50f38a mt76x0: eeprom: load eeprom data from mtd by default
fb5bae0 mt76x0: usb: move mt76x0u_tx_prepare_skb in usb.c
4047e1f move mt7603 source files to mt7603/
14f70f4 mt7603: fix wcid for frames sent via drv_tx
542f17e mt76: fix handling ps-poll frames
7464cc9 mt76: check aggregation sequence number for frames sent via drv_tx

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-29 13:29:46 +02:00
Rosy Song
fcfb9e4ded util-linux: add eject support
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-09-28 23:13:22 +02:00
Hauke Mehrtens
b47a9cd4ba ath10k-ct: fix bandwidth conversion bug
This backports a patch from the upstream kernel which was also shipped
previously in mac80211.
This fixes the following warning:
WARNING: CPU: 0 PID: 2881 at backports-4.19-rc5-1/net/wireless/util.c:1146 cfg80211_calculate_bitrate+0x238/0x348 [cfg80211]
invalid rate bw=2, mcs=0, nss=1

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-09-28 23:05:43 +02:00
Ansuel Smith
39a9620547 ath10k-ct: adds leds support
This rework and adds patch from ath10k source to make leds work also on candela source

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2018-09-28 22:47:21 +02:00
Hauke Mehrtens
92a96dd662 mac80211: fix ipw200 build with kernel < 4.10
The __change_mtu() function is only compiled when
CPTCFG_IPW2200_PROMISCUOUS is set, more it to the general area.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-09-28 21:40:11 +02:00
Kevin Darbyshire-Bryant
37961f12ba wireguard: bump to 0.0.20180925
33523a5 version: bump snapshot
0759480 curve25519-hacl64: reduce stack usage under KASAN
b9ab0fc chacha20: add bounds checking to selftests
2e99d19 chacha20-mips32r2: reduce stack and branches in loop, refactor jumptable handling
d6ac367 qemu: bump musl
28d8b7e crypto: make constant naming scheme consistent
56c4ea9 hchacha20: keep in native endian in words
0c3c0bc chacha20-arm: remove unused preambles
3dcd246 chacha20-arm: updated scalar code from Andy
6b9d5ca poly1305-mips64: remove useless preprocessor error
3ff3990 crypto-arm: rework KERNEL_MODE_NEON handling again
dd2f91e crypto: flatten out makefile
67a3cfb curve25519-fiat32: work around m68k compiler stack frame bug
9aa2943 allowedips: work around kasan stack frame bug in selftest
317b318 chacha20-arm: use new scalar implementation
b715e3b crypto-arm: rework KERNEL_MODE_NEON handling
77b07d9 global: reduce stack frame size
ddc2bd6 chacha20: add chunked selftest and test sliding alignments and hchacha20
2eead02 chacha20-mips32r2: reduce jumptable entry size and stack usage
a0ac620 chacha20-mips32r2: use simpler calling convention
09247c0 chacha20-arm: go with Ard's version to optimize for Cortex-A7
a329e0a chacha20-mips32r2: remove reorder directives
3b22533 chacha20-mips32r2: fix typo to allow reorder again
d4ac6bb poly1305-mips32r2: remove all reorder directives
197a30c global: put SPDX identifier on its own line
305806d ratelimiter: disable selftest with KASAN
4e06236 crypto: do not waste space on selftest items
5e0fd08 netlink: reverse my christmas trees
a61ea8b crypto: explicitly dual license
b161aff poly1305: account for simd being toggled off midway
470a0c5 allowedips: change from BUG_ON to WARN_ON
aa9e090 chacha20: prefer crypto_xor_cpy to avoid memmove
1b0adf5 poly1305: no need to trick gcc 8.1
a849803 blake2s: simplify final function
073f3d1 poly1305: better module description

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-27 21:19:38 +01:00
Kevin Darbyshire-Bryant
d9a37d8d1e dnsmasq: bump to v2.80test7
Bump to latest test release:

3a610a0 Finesse allocation of memory for "struct crec" cache entries.
48b090c Fix b6f926fbefcd2471699599e44f32b8d25b87b471 to not SEGV on startup (rarely).
4139298 Change behavior when RD bit unset in queries.
51cc10f Add warning about 0.0.0.0 and :: addresses to man page.
ea6cc33 Handle memory allocation failure in make_non_terminals()
ad03967 Add debian/tmpfiles.conf
f4fd07d Debian bugfix.
e3c08a3 Debian packaging fix. (restorecon)
118011f Debian packaging fix. (tmpfiles.d)

Delete our own backports of ea6cc33 & 4139298, so the only real changes
here, since we don't care about the Debian stuff are 48b090c & 3a610a0

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-27 16:13:40 +01:00
Hauke Mehrtens
2a64c7ea74 mac80211: Use backports-4.19-rc5-1.tar.xz
This is an official release with some minor changes compared to the
unofficial 4.19-rc4-1 we used before.
* added bcma and ssb again, which is removed in OpenWrt
* fix to build with kernel 4.19
* other minor fixes not relevant for Openwrt.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-09-27 00:22:06 +02:00
Rosy Song
2dc1f54b12 iptables: fix dependency for libip6tc on IPV6
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-09-26 22:40:37 +02:00
Martin Schiller
e86cdf85a7 uboot-lantiq: fix compatibility with gcc7
Backport u-boot commit 704f3acfcf55343043bbed01c5fb0a0094a68e8a to fix
compatibility with gcc7.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2018-09-26 20:35:07 +02:00
Hauke Mehrtens
c662299bf9 ath10k-ct: update to version ath10k-4.16
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-09-26 16:39:45 +02:00
Hauke Mehrtens
02e7fa6f8a iw: update nl80211.h
Now this file matches the version in backports.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-09-26 16:39:44 +02:00
Hauke Mehrtens
4fcbad1aa0 mac80211: fix compile warning in 986-rt2x00-add-TX-LOFT-calibration.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-09-26 16:39:44 +02:00
Hauke Mehrtens
ec684ce193 mac80211: Add patches which were added later
These patches were added after the new matches structure for the
mac80211 package was created. All the deleted patches are already
integrated in kernel 4.19-rc4.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-09-26 16:39:44 +02:00
Hauke Mehrtens
db90c243a0 mac80211: update to version based on 4.19-rc4
This updates mac80211 to backports based on kernel 4.19-rc4.

I plan to integrate all the patches which are in this tar into upstream
backports soon.

I used the backports generated from this code:
https://github.com/hauke/backports/commits/wip2

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-09-26 16:39:44 +02:00
Daniel Golle
de1c58a64b mac80211: rt2x00: add experimental patches from Stanislaw Gruszka
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-09-26 16:39:44 +02:00
Daniel Golle
c837c41a76 mac80211: rt2x00: remove obsolete patch
According to Stanislaw Gruszka the patch
    600-23-rt2x00-rt2800mmio-add-a-workaround-for-spurious-TX_F.patch
should be dropped.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-09-26 16:39:44 +02:00
Tomislav Požega
d449233fd2 mac80211: rt2x00: add TX LOFT calibration
Add TX LOFT calibration from mtk driver.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
2018-09-26 16:39:44 +02:00
Tomislav Požega
5d1620f29c mac80211: rt2x00: add RXIQ calibration
Add RXIQ calibration found in mtk driver. With old openwrt builds this gets us ~8Mbps more of RX bandwidth (test with iPA/eLNA layout).
Please try if this makes any difference among various board/RF layouts.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
2018-09-26 16:39:43 +02:00
Tomislav Požega
e125b6abb2 mac80211: rt2x00: add RXDCOC calibration
Add RXDCOC calibration code from mtk driver. Please try if this makes any difference among various board/RF layouts.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
2018-09-26 16:39:43 +02:00
Tomislav Požega
061541f207 mac80211: rt2x00: add r calibration
Add r calibration code as found in mtk driver.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
2018-09-26 16:39:43 +02:00
Tomislav Požega
66929e3414 mac80211: rt2x00: add RF self TXDC calibration
Add TX self calibration based on mtk driver.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
2018-09-26 16:39:43 +02:00
Tomislav Požega
6044682b83 mac80211: rt2x00: write registers required for reducing power consumption
Write registers required for reducing power consumption like the vendor
driver does when ADJUST_POWER_CONSUMPTION_SUPPORT is set.
This helps devices to sync at better TX/RX rates and improves overall
performance.

Signed-off-by: Tomislav Požega <pozega.tomislav@gmail.com>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
[daniel@makrotopia.org: edited commit message]
2018-09-26 16:39:39 +02:00
Daniel Golle
b88df4a7c8 linux-firmware: set PKG_MIRROR_HASH
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-09-26 16:35:33 +02:00
John Crispin
0a1faecdb5 linux-firmware: add ath10k support
Signed-off-by: John Crispin <john@phrozen.org>
2018-09-26 16:35:33 +02:00
John Crispin
9860cdda76 ath10k-firmware: disable the package and use default linux-firmware package
Signed-off-by: John Crispin <john@phrozen.org>
2018-09-26 16:35:33 +02:00
John Crispin
d9eefa7a70 mac80211: rebase ontop of v4.18.5
Signed-off-by: John Crispin <john@phrozen.org>
2018-09-26 16:35:33 +02:00
Rosy Song
a6add47869 netifd: do not validate relevant section when ipv6 is not supported
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-09-25 22:35:38 +02:00
Florian Eckert
61a5994900 base-files: add network_get_metric() to /lib/functions/network.sh
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-09-25 10:16:03 +02:00
Mauro Mozzarelli
9f105ce8c8 kernel: netfilter: add IPVS kernel module support
IPVS (IP Virtual Server) implements transport-layer load balancing inside
the Linux kernel, so called Layer-4 switching. IPVS running on a host acts
as a load balancer at the front of a cluster of real servers, it can direct
requests for TCP/UDP based services to the real servers, and makes services
of the real servers to appear as a virtual service on a single IP address.

This change adds the following kmod packages
- kmod-nf-ipvs
- kmod-nf-ipvs-ftp
- kmod-nf-ipvs-sip

Signed-off-by: Mauro Mozzarelli <mauro@ezplanet.org>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
2018-09-24 21:44:37 +01:00
Andy Walsh
e0196152eb ncurses: use default host install
* just use default host/install, so libs/headers get properly generated/installed

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-09-24 19:22:53 +02:00
Andy Walsh
2bbc9376c6 gettext-full: host compile with -fpic
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-09-24 19:18:52 +02:00
Samuel Casa
65e9561b3d zram-swap: Shell cosmetic
Signed-off-by: Samuel Casa <samuel.casa@neratec.com>
2018-09-24 19:08:59 +02:00
Samuel Casa
b291517fdf zram-swap: remove trailing whitespaces in init script
Signed-off-by: Samuel Casa <samuel.casa@neratec.com>
[slightly reword subject]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-09-24 19:08:59 +02:00
David Yang
aaf46a8fe2 dante: disable sched_getscheduler() - not implemented in musl
musl doesn't come with an valid implementation of `sched_getscheduler()`;
it simply returns -ENOSYS for it. Without this option (and compile dante
with `sched_getscheduler()` enabled), you will get

    error: serverinit(): sched_getscheduler(2): failed to retrieve current
    cpuscheduling policy: Function not implemented

and dante won't start at all.

Ref: http://lists.alpinelinux.org/alpine-devel/3932.html
Ref: http://lists.alpinelinux.org/alpine-devel/3936.html
Signed-off-by: David Yang <mmyangfl@gmail.com>
[slightly reword commit message]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-09-24 19:04:47 +02:00
Tony Ambardar
4097ab6a97 base-files: fix postinstall uci-defaults removal
Commit 7f694582 introduced a bug where default_postinst() often fails to
remove a uci-defaults script after application, leaving it to run again
after a reboot.
(Note: commit 7f694582 also introduced FS#1021, now fixed by 73c745f6)

The subtle problem arises from the shell logical chain:
[ -f "$i" ] && . "$i" && rm -f "$i"

Most uci-defaults scripts contain a terminal 'exit 0' statement which,
when sourced, results in the logic chain exiting before executing 'rm -f'.
This was observed while testing upgrades of 'luci-app-sqm'.

The solution is to wrap the shell sourcing in a subshell relative to the
command 'rm -f':
( [ -f "$i" ] && . "$i" ) && rm -f "$i"

Revert to using 'grep' to prefilter the list of entries from the control
file, which yields the full path of uci-defaults scripts. This allows
keeping the existence check, directory change and script sourcing inside
the subshell, with the script removal correctly outside.

This approach avoids adding a second subshell only around the "." (source)
command. The change also preserves the fix FS#1021, since the full path is
used to source the script, which is POSIX-portable irrespective of PATH
variable or reference to the CWD.

Run Tested on: LEDE 17.01.4 running ar71xx, while tracing installation of
package luci-app-sqm with its associated /etc/uci-defaults/luci-sqm file.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
2018-09-24 18:58:00 +02:00
Jo-Philipp Wich
4f277eb640 lldpd: inhibit linking of libbsd on !GLIBC
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-09-24 08:36:10 +02:00
Rosy Song
9f0cb135dd busybox: fix dependency for IPV6
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-09-23 17:45:08 +02:00
Yangbo Lu
87d7a596ec layerscape: build ls-dpl package with linux dtc tool
Building ls-dpl package requires the dtc tool. This patch
is to support using linux dtc tool for ls-dpl package.
This avoids compile issue when host system doesn't have
the dtc tool.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:58 +02:00
Yangbo Lu
db30adc931 layerscape: fix get_device_file() function of restool
The restool failed to work with current gcc-7.3.0-musl.
This patch is to add a restool fix-up patch to fix
multiple problems encountered in the get_device_file()
function:
 - The deprecated atoi() function is replaced by strtoul
 - An invalid memory access was being performed by using
 memory from dir->d_name even after closedir(). This is
 fixed by a strdup() on the device filename.
 - Also, error prints now print any relevant error code.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:58 +02:00
Yangbo Lu
7016dd48f1 layerscape: add ls1012afrwy support and drop ls1012afrdm
ls1012afrdm was no longer supported in NXP Layerscape SDK.
Instead a new board ls1012afrwy was introduced in LSDK.
This patch is to drop ls1012afrdm and add ls1012afrwy support.
Since only 2MB NOR flash could be used, we just put u-boot
and firmware on NOR flash, and put kernel/dtb/rootfs on SD
card.

The Layerscape FRWY-LS1012A board is an ultra-low-cost
development platform for LS1012A Series Communication
Processors built on Arm Cortex-A53. This tool refines the
FRDM-LS1012A with more features for a better hands-on experience
for IoT, edge computing, and various advanced embedded
applications. Features include easy access to processor I/O,
low-power operation, micro SD card storage, an M2 connector, a
small form factor, and expansion board options via mikroBUS Click
Module. The MicroBUS Module provides easy expansion via hundreds
of powerful modules supporting sensors, actuators, memories,
and displays.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:57 +02:00
Yangbo Lu
eb684205e5 layerscape: add SD card boot support
NOR/QSPI Flash on Layerscape board only has limited 64MB memory size.
Since some boards (ls1043ardb/ls1046ardb/ls1088ardb/ls1021atwr)
could support SD card boot, we added SD boot support for them to put
all things on SD card to meet large memory requirement.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:57 +02:00
Yangbo Lu
f0ec7bd27d layerscape: add armv7 subtarget and ls1021atwr board support
The NXP TWR-LS1021A module is a development system based
on the QorIQ LS1021A processor.
- This feature-rich, high-performance processor module can
  be used standalone or as part of an assembled Tower System
  development platform.
- Incorporating dual Arm Cortex-A7 cores running up to 1 GHz,
  the TWR-LS1021A delivers an outstanding level of performance.
- The TWR-LS1021A offers HDMI, SATA3 and USB3 connectors as
  well as a complete Linux software developer's package.
- The module provides a comprehensive level of security that
  includes support for secure boot, Trust Architecture and
  tamper detection in both standby and active power modes,
  safeguarding the device from manufacture to deployment.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:57 +02:00
Yangbo Lu
ad1dbc0ca3 layerscape: add u-boot environment support for OpenWrt boot
This patch is to implement u-boot environment txt files
to support OpenWrt boot for all layerscape devices.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:56 +02:00
Yangbo Lu
dcf57c766a layerscape: update u-boot to LSDK-18.06
The u-boot source code had been migrated to codeaurora
for LSDK-18.06 release and the future release. This
patch is to update u-boot to LSDK-18.06 for both
uboot-layerscape and uboot-layerscape-armv8_32b packages.
Besides, this patch also introduced some other changes.
- Reworked uboot-layerscape makefile to make it more
  readable.
- Define package in uboot-layerscape-armv8_32b for each board.
- Fixed u-boot package selection in target image makefile.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:56 +02:00
Yangbo Lu
e83faa3d7d layerscape: drop uboot-layerscape patches
Dropped uboot-layerscape patches which were environemnt patches.
We will make u-boot environment binaries with a txt file for all
devices.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:56 +02:00
Yangbo Lu
5c325c2b63 layerscape: update restool to LSDK-18.06
The restool source code had been migrated to codeaurora
for LSDK-18.06 release and the future release. This patch
is to update restool to LSDK-18.06 release.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:56 +02:00
Yangbo Lu
32bb763e45 layerscape: update ls-ppa to LSDK-18.06
This patch is to update ls-ppa to LSDK-18.06 release
and to rework ls-ppa makefile to make it more readable.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:56 +02:00
Yangbo Lu
89c4ed57b7 layerscape: update ls-rcw to LSDK-18.06
The rcw source code had been migrated to codeaurora
for LSDK-18.06 release and the future release. The
source code had also involved ls1012ardb/ls1012afrdm/
ls1088ardb/ls2088ardb rcw, so we updated ls-rcw to
LSDK-18.06, reworked the makefile and dropped ls-rcw-bin
package in this patch. Also reworked ls-rcw patch to
adapt to the latest source code.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:56 +02:00
Yangbo Lu
984cf8d89d layerscape: update ppfe-firmware to LSDK-18.06
This patch is to update ppfe-firmware to LSDK-18.06 release.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:56 +02:00
Yangbo Lu
c19f520686 layerscape: update ls-mc to LSDK-18.06
This patch is to update ls-mc to LSDK-18.06 release.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:56 +02:00
Yangbo Lu
e4fee592ea layerscape: update ls-dpl to LSDK-18.06
The dpl-examples source code had been migrated to
codeaurora for LSDK-18.06 release and the future
release. This patch is to update this package to
LSDK-18.06.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:56 +02:00
Yangbo Lu
56853409c4 layerscape: update fman-ucode to LSDK-18.06
Actually there was no change for fman-ucode in LSDK-18.06
just tagged with LSDK-18.06. This patch is to rework the
fman-ucode makefile to make it more readable, and to use
lsdk-1806 as the PKG_VERSION.

Signed-off-by: Yangbo Lu <yangbo.lu@nxp.com>
2018-09-22 21:20:55 +02:00
Jasper Scholte
a689307c97 sunxi: build image/uboot for the NanoPi NEO2
The NanoPi NEO2 is a small Allwinner H5 based board available with
different DRAM configurations.
This board is very similar to the NanoPi NEO PLUS2

Signed-off-by: Jasper Scholte <NightNL@outlook.com>
2018-09-22 21:20:55 +02:00
Hartmut Knaack
d3a492c72f kernel: add Si7020 relative humidity/temperature sensor driver
Add support for the Silicon Labs Si7020 family of relative humidity and
temperature sensors using the I2C bus.

Signed-off-by: Hartmut Knaack <knaack.h@gmx.de>
2018-09-22 21:20:55 +02:00
Hartmut Knaack
265dcb05ea kernel: add TSL4531 ambient light sensor driver
Add support for the TAOS TSL4531x family of ambient light sensors using
the I2C bus.

Signed-off-by: Hartmut Knaack <knaack.h@gmx.de>
2018-09-22 21:20:55 +02:00
Magnus Kroken
7849f74117 mbedtls: update to 2.13.0
* Fixed a security issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing.
* Several bugfixes.
* Improvements for better support for DTLS on low-bandwidth, high latency networks with high packet loss.

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
2018-09-22 19:26:25 +02:00
Felix Fietkau
a32a70f4f2 ath9k: add back support for using tx99 with active monitor interfaces
Fixes controlling bitrate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-22 18:41:38 +02:00
Felix Fietkau
7decdf923a mac80211: fix tx queue allocation for active monitor interfaces
Fixes a crash with drivers like ath9k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-22 18:41:36 +02:00
Felix Fietkau
a6beca1f56 mt76: fix tx power issue for mt76x2
6e1898d mt76x2: fix tx power configuration for VHT mcs 9

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-22 12:56:18 +02:00
Luiz Angelo Daros de Luca
38a88ade14 elfutils: bump to 0.174
- Simplified musl patch with error.h concentrated into system.h

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
2018-09-21 21:32:12 +02:00
Kevin Darbyshire-Bryant
6c4cbe94bd dnsmasq: Change behavior when RD bit unset in queries.
Backport upstream commit

Change anti cache-snooping behaviour with queries with the
recursion-desired bit unset. Instead to returning SERVFAIL, we
now always forward, and never answer from the cache. This
allows "dig +trace" command to work.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-21 09:59:03 +01:00
Jonathan Lancett
95b3f8ec8d mwlwifi: driver version to 10.3.8.0-20180920
Signed-off-by: Jonathan Lancett <j.lancett@ntlworld.com>
[minor tweak to commit title]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-20 21:03:48 +01:00
Felix Fietkau
ccab68f2d3 ath9k: fix unloading the module
Registering a GPIO chip with the ath9k device as parent prevents unload,
because the gpiochip core increases the module use count.
Unfortunately, the only way to avoid this at the moment seems to be to
register the GPIO chip without a parent device

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-20 10:08:17 +02:00
Rosen Penev
5efd080e20 mdadm: Install /etc/config file as 600
/etc/config/mdadm is only used by the init script which is ran as root.
There is no need for it to be readable by anything else.

Added PKG_CPE_ID for proper CVE tracking.

Small reorganization for consistency between Makefiles.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:42:13 +01:00
Rosen Penev
4ad87744fa fstools: Install mount.hotplug and 10-fstab.defaults as 600
Both of these are used by programs that run as root and nothing else.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Rosen Penev
873801a671 usbmode: Update modeswitch data to 20170806
Changed hotplug file to 600 as it is only read by procd, which runs as
root.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Rosen Penev
39d8b2cf79 trelay: Install hotplug and config files as 600
The hotplug file is ran by procd, which runs as root. The config file is
used by the init script, which also runs as root.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Rosen Penev
7651e254d5 dropbear: Install /etc/config as 600
/etc/config/dropbear is used by the init script which only runs as root.

Small whitespace change.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Rosen Penev
add4871582 lldpd: Install /etc/config file as 600
/etc/config/lldpd is only used by the init script, which only runs as root

Adjusted homepage and download URLs to use HTTPS.

-std=c99 is useful for GCC versions less than 6. Current OpenWrt uses 7.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-19 09:41:28 +01:00
Hans Dedecker
6cd41ca673 netifd: update to latest git HEAD
23941d7 system-linux: enable by default ignore encaplimit for ip6 tunnels

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-19 10:09:25 +02:00
Hans Dedecker
d9691b66e2 map: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken map connectivity.
Therefore drop the default encaplimit value for map tunnels so
no destination option header is included by default.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-19 09:42:45 +02:00
Hans Dedecker
1241707b40 ds-lite: drop default encaplimit value
Setting encaplimit to a numerical value results into the value being
included as tunnel encapsulation limit in the destination option header
for tunneled packets.
Several users have reported interop issues as not all ISPs support the
destination option header containing the tunnel encapsulation limit
resulting into broken ds-lite connectivity.
Therefore drop the default encaplimit value for ds-lite tunnels so
no destination option header is included by default.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-19 09:42:28 +02:00
Jason A. Donenfeld
f07a94da50 wireguard: bump to 0.0.20180918
* blake2s-x86_64: fix whitespace errors
* crypto: do not use compound literals in selftests
* crypto: make sure UML is properly disabled
* kconfig: make NEON depend on CPU_V7
* poly1305: rename finish to final
* chacha20: add constant for words in block
* curve25519-x86_64: remove useless define
* poly1305: precompute 5*r in init instead of blocks
* chacha20-arm: swap scalar and neon functions
* simd: add __must_check annotation
* poly1305: do not require simd context for arch
* chacha20-x86_64: cascade down implementations
* crypto: pass simd by reference
* chacha20-x86_64: don't activate simd for small blocks
* poly1305-x86_64: don't activate simd for small blocks
* crypto: do not use -include trick
* crypto: turn Zinc into individual modules
* chacha20poly1305: relax simd between sg chunks
* chacha20-x86_64: more limited cascade
* crypto: allow for disabling simd in zinc modules
* poly1305-x86_64: show full struct for state
* chacha20-x86_64: use correct cut off for avx512-vl
* curve25519-arm: only compile if symbols will be used
* chacha20poly1305: add __init to selftest helper functions
* chacha20: add independent self test

Tons of improvements all around the board to our cryptography library,
including some performance boosts with how we handle SIMD for small packets.

* send/receive: reduce number of sg entries

This quells a powerpc stack usage warning.

* global: remove non-essential inline annotations

We now allow the compiler to determine whether or not to inline certain
functions, while still manually choosing so for a few performance-critical
sections.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-19 08:30:13 +01:00
Kevin Darbyshire-Bryant
687168ccd9 dnsmasq: Handle memory allocation failure in make_non_terminals()
Backport upstream commit:

ea6cc33 Handle memory allocation failure in make_non_terminals()

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-19 07:43:02 +01:00
Mike McCormack
e8cbfedc72 ucert: work around short read
usign occasionally writes 16 characters then exits without writing a LF,
leaving ucert hanging waiting for more input.  Accept 16 characters
or more rather than 17 to work around the short read.

Signed-off-by: Mike McCormack <mike@atratus.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-09-18 13:51:09 +02:00
Daniel Golle
e51aa699f7 uqmi: pass-through ipXtable to child interfaces
Allow setting specific routing tables via the ip4table and ip6table
options also when ${ifname}_4 and ${ifname}_6 child interfaces are
being created.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-09-15 19:18:42 +02:00
Kevin Darbyshire-Bryant
033f02b9b5 iproute2: q_cake: Also print nonat, nowash and no-ack-filter keywords
Pull in latest upstream tweaks:
Similar to the previous patch for no-split-gso, the negative keywords for
'nat', 'wash' and 'ack-filter' were not printed either. Add those as well.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-15 08:46:32 +01:00
Hannu Nyman
4a3298c124 busybox: update to 1.29.3
Update busybox to 1.29.3, minor bugfix release

https://git.busybox.net/busybox/log/?h=1_29_3

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
2018-09-15 08:57:14 +02:00
Rosy Song
918ec4d549 odhcpd: enable ipv6 server mode only when it is supported
Signed-off-by: Rosy Song <rosysong@rosinson.com>
2018-09-12 21:47:33 +02:00
Kevin Darbyshire-Bryant
8cac857289 iproute2: q_cake: Add printing of no-split-gso option
When the GSO splitting was turned into dual split-gso/no-split-gso options,
the printing of the latter was left out. Add that, so output is consistent
with the options passed

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-12 09:13:44 +01:00
Rafał Miłecki
b3d441c5f7 mac80211: brcmfmac: backport CYW89342 support & fixes from 4.20
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-09-12 08:40:24 +02:00
Kevin Darbyshire-Bryant
66fd41ba79 kmod-sched-cake: fix 6in4/gso performance issue
Bump to latest upstream cake:

Add workaround for wrong skb->mac_len values after splitting GSO

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2018-09-12 05:34:44 +01:00
Florian Fainelli
4fca0e8896 netifd: update to latest HEAD
0059335c5b60 CMakeList: Check that compiler supports -Wimplicit-fallthrough

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
2018-09-11 17:19:51 -07:00
Jason A. Donenfeld
a54f492d0c wireguard: bump to 0.0.20180910
* curve25519: arm: do not modify sp directly
* compat: support neon.h on old kernels
* compat: arch-namespace certain includes
* compat: move simd.h from crypto to compat since it's going upstream

This fixes a decent amount of compat breakage and thumb2-mode breakage
introduced by our move to Zinc.

* crypto: use CRYPTOGAMS license

Rather than using code from OpenSSL, use code directly from AndyP.

* poly1305: rewrite self tests from scratch
* poly1305: switch to donna

This makes our C Poly1305 implementation a bit more intensely tested and also
faster, especially on 64-bit systems. It also sets the stage for moving to a
HACL* implementation when that's ready.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-11 11:34:23 +02:00
Andy Walsh
4549ab46a8 base-files: /etc/services: add missing 'rpcbind' alias
* add missing 'rpcbind' alias to /etc/services

Allows rpcbind to open its 111 port and be reachable via lan, this is the default behaviour.

Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
2018-09-10 10:44:03 +02:00
Eneas U de Queiroz
0317fc3658 libpcap: patch to add limits.h to pcap-usb-linux.c
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
This is an upstream-applied patch that fixes 'PATH_MAX' and 'NAME_MAX'
undeclared when compiling on musl with CONFIG_PCAP_HAS_USB.

[aafa351] pcap-usb-linux.c: add missing limits.h for musl systems.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
2018-09-10 09:15:26 +02:00
Rosen Penev
a9aa25c8b6 usbutils: Update usb.ids to 0.315
Referencing the version instead of revision should fix uscan.

Tested on Turria Omnia.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-10 09:10:20 +02:00
Rafał Miłecki
ffa80bf5a7 mac80211: add iw command wrapper with error logging
Currently it's close to impossible to tell what part of mac80211 setup
went wrong. Errors logged into system log look like this:
radio0 (6155): command failed: No error information (-524)
radio0 (6155): command failed: Not supported (-95)
radio0 (6155): command failed: I/O error (-5)
radio0 (6155): command failed: Too many open files in system (-23)

With this commit change it's getting clear:
command failed: No error information (-524)
Failed command: iw dev wlan0 del
command failed: Not supported (-95)
Failed command: iw phy phy0 set antenna_gain 0
command failed: I/O error (-5)
Failed command: iw phy phy0 set distance 0
command failed: Too many open files in system (-23)
Failed command: iw phy phy0 interface add wlan0 type __ap

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2018-09-10 09:03:09 +02:00
Rosen Penev
f78e07ad2a hostapd: Fix compile with OpenSSL 1.1.0 + no deprecated APIs
Patch was accepted upsteam:

https://w1.fi/cgit/hostap/commit/?id=373c796948599a509bad71695b5b72eef003f661

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-09-10 09:01:37 +02:00
Luis Araneda
e2a4d14aaa uboot-zynq: use a file to modify the default environment
Follow the strategy of other targets and create a
default environment file, uEnv.txt, to configure the
behavior of U-Boot.
For now, use it to pass bootargs to the kernel

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-09-10 08:54:41 +02:00
Luis Araneda
306a60fcfe uboot-zynq: copy U-Boot images to STAGING_DIR
Create a directory inside STAGING_DIR and copy U-Boot
output images, so they can be used later when creating the
sdcard image

Additionally, like others targets, override the default
install method to avoid copying the images to bin directory

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-09-10 08:54:25 +02:00
Luis Araneda
e62df3dd8b uboot-zynq: automatically select the appropriate variant
Select the U-Boot variant automatically based on the
current selected device, and hide the package from
menuconfig

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-09-10 08:54:00 +02:00
Luis Araneda
5d2b702590 uboot-zynq: remove ZC706 board
The board was added when creating the target, but the
corresponding device was never defined inside the target

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-09-10 08:53:28 +02:00
Hans Dedecker
43d4b8e89e dnsmasq: bump to dnsmasq 2.80test6
Refresh patches

Changes since latest bump:

af3bd07 Man page typo.
d682099 Picky changes to 47b45b2967c931fed3c89a2e6a8df9f9183a5789
47b45b2 Fix lengths of interface names
2b38e38 Minor improvements in lease-tools
282eab7 Mark die function as never returning
c346f61 Handle ANY queries in context of da8b6517decdac593e7ce24bde2824dd841725c8
03212e5 Manpage typo.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-09 22:02:45 +02:00
Daniel Engberg
9cfa5f2cec curl: Update to 7.61.1
Update curl to 7.61.1

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-09-09 21:38:10 +02:00
pacien
ef01c1d308 odhcp6c: add client fqdn and reconfigure options
Allowing DHCPV6_CLIENT_FQDN and DHCPV6_ACCEPT_RECONFIGURE to be turned off.
Defaulting to false, former behavior remains unchanged.

Signed-off-by: pacien <pacien.trangirard@pacien.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
2018-09-08 21:36:30 +02:00
Koen Vandeputte
2253524023 gdb: bump to 8.2
*** Changes in GDB 8.2

 Support for the following target has been added:

    RiscV ELF (riscv*-*-elf)

 Support for following targets and native configurations has been removed:

    m88k running OpenBSD (m88*-*-openbsd*)
    SH-5/SH64 ELF (sh64-*-elf*)
    SH-5/SH64 (sh*)
    SH-5/SH64 running GNU/Linux (sh*-*-linux*)
    SH-5/SH64 running OpenBSD (sh*-*-openbsd*)

 Various Python API enhancements
 Aarch64/Linux enhancements:

    SVE support.
    Hardware watchpoints improvements for entities stored at unaligned addresses.
        New "c" response to disable the pager for the rest of the current command.
        C expressions can now use _Alignof, and C++ expressions can now use alignof.
        Improved flexibility for loading symbol files.
        The 'info proc' command nows works on running processes on FreeBSD systems as well as core files created on FreeBSD systems.
        A new --enable-codesign=CERT configure option to automatically codesign GDB after build (useful on MacOS X).

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Koen Vandeputte
77024a9d95 mac80211: backport upstream fixes
Backport most significant upstream fixes (excl. hwsim fixes)
Refreshed all patches.

Contains important fixes for CSA (Channel Switch Announcement)
and A-MSDU frames.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
2018-09-07 17:21:24 +02:00
Henrique de Moraes Holschuh
ca1b347691 dnsmasq: allow dnsmasq variants to be included in image
The dnsmasq variants should provide dnsmasq, otherwise it is impossible
to include them in the image.

This change allows one to have CONFIG_PACKAGE_dnsmasq=m and
CONFIG_PACKAGE_dnsmasq-full=y, e.g. because you want DNSSEC support, or
IPSETs suport on your 3000-devices fleet ;-)

Signed-off-by: Henrique de Moraes Holschuh <henrique@nic.br>
2018-09-06 17:57:59 +02:00
Hans Dedecker
3d377f4375 dnsmasq: bump to dnsmasq v2.80test5
Refresh patches
Remove 240-ubus patch as upstream accepted.
Add uci option ubus which allows to enable/disable ubus support (enabled
by default)

Upstream commits since last bump:

da8b651 Implement --address=/example.com/#
c5db8f9 Tidy 7f876b64c22b2b18412e2e3d8506ee33e42db7c
974a6d0 Add --caa-record
b758b67 Improve logging of RRs from --dns-rr.
9bafdc6 Tidy up file parsing code.
97f876b Properly deal with unaligned addresses in DHCPv6 packets.
cbfbd17 Fix broken DNSSEC records in previous.
b6f926f Don't return NXDOMAIN to empty non-terminals.
c822620 Add --dhcp-name-match
397c050 Handle case of --auth-zone but no --auth-server.
1682d15 Add missing EDNS0 section. EDNS0 section missing in replies to EDNS0-containing queries where answer generated from --local=/<domain>/
dd33e98 Fix crash parsing a --synth-domain with no prefix. Problem introduced in 2.79/6b2b564ac34cb3c862f168e6b1457f9f0b9ca69c
c16d966 Add copyright to src/metrics.h
1dfed16 Remove C99 only code.
6f835ed Format fixes - ubus.c
9d6fd17 dnsmasq.c fix OPT_UBUS option usage
8c1b6a5 New metrics and ubus files.
8dcdb33 Add --enable-ubus option.
aba8bbb Add collection of metrics
caf4d57 Add OpenWRT ubus patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-06 15:48:13 +02:00
Stijn Tintel
067e2f5f1d strace: fix build on aarch64
As of version 4.21, strace enforces mpers by default. The current
implementation of aarch64 compat in strace assumes it's identical to
ARMv7 EABI and therefore tries to enable m32 personality support. As
there is no -m32 support on aarch64, this causes the build to fail.

Restore previous strace behavior to fix build on aarch64.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Karl Palsson <karlp@tweak.net.au>
2018-09-05 23:49:15 +02:00
Hans Dedecker
ecc3165cbc odhcpd: bump to git HEAD (detect broken hostnames)
881f66b odhcpd: detect broken hostnames
3e17fd9 config: fix odhcpd_attrs array size

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-05 11:04:19 +02:00
Felix Fietkau
36c6ba3735 imx6: use BUILD_DEVICES in uboot-imx6 for mx6cuboxi
Fixes build with the default profile

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-05 10:00:01 +02:00
Jason A. Donenfeld
4ccbe7de6c wireguard: bump to 0.0.20180904
* Kconfig: use new-style help marker
* global: run through clang-format
* uapi: reformat
* global: satisfy check_patch.pl errors
* global: prefer sizeof(*pointer) when possible
* global: always find OOM unlikely

Tons of style cleanups.

* crypto: use unaligned helpers

We now avoid unaligned accesses for generic users of the crypto API.

* crypto: import zinc

More style cleanups and a rearrangement of the crypto routines to fit how this
is going to work upstream. This required some fairly big changes to our build
system, so there may be some build errors we'll have to address in subsequent
snapshots.

* compat: rng_is_initialized made it into 4.19

We therefore don't need it in the compat layer anymore.

* curve25519-hacl64: use formally verified C for comparisons

The previous code had been proved in Z3, but this new code from upstream
KreMLin is directly generated from the F*, which is preferable. The
assembly generated is identical.

* curve25519-x86_64: let the compiler decide when/how to load constants

Small performance boost.

* curve25519-arm: reformat
* curve25519-arm: cleanups from lkml
* curve25519-arm: add spaces after commas
* curve25519-arm: use ordinary prolog and epilogue
* curve25519-arm: do not waste 32 bytes of stack
* curve25519-arm: prefix immediates with #

This incorporates ASM nits from upstream review.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-09-05 08:52:36 +02:00
Alexander Couzens
967d6460c0
hostapd: fix build of wpa-supplicant-p2p
VARIANT:= got removed by accident.

Fixes: 3838b16943 ("hostapd: fix conflicts hell")
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
2018-09-03 21:51:06 +02:00
Felix Fietkau
7165378d19 uboot-imx6: fall back to MMC for SPL if boot mode is invalid
Fixes boot on Hummingboard

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-03 12:06:24 +02:00
Felix Fietkau
aa3efca8d9 uboot-imx6: remove obsolete patch
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-03 12:06:24 +02:00
Felix Fietkau
eab7bcc8e1 uboot-imx6: install images into STAGING_DIR_IMAGE
Will be used by a new combined image for cubox

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-09-03 12:06:24 +02:00
Hans Dedecker
17c9b72046 nghttp2: bump to 1.33.0
9d843334 Update bash_completion
23cb3f38 Update manual pages
1d682dcd Bump up version number to 1.33.0, LT revision to 31:0:17
601fbbb4 Update doc
f44aa246 Update AUTHORS
dd74a6dd Update manual pages
e959e733 src: Refactor utos
fb9a204d nghttpx: Fix compile error without mruby
cd096802 Update doc
7417fd71 nghttpx: Per-pattern not per-backend
2d1a981c Merge branch 'akonskarm-master'
45acc922 clang-format
214d0899 Merge branch 'master' of https://github.com/akonskarm/nghttp2 into akonskarm-master
31fd707d nghttpx: Fix broken healthmon frontend
9a2e38e0 fix code for reuse addr on asio client
d24527e7 Bump up LT revision due to v1.32.1 release
6195d747 nghttpx: Share mruby context if it is compiled from same file
fb97f596 nghttpx: Allocate mruby file because fopen requires NULL terminated string
0ccc7a77 nghttpx: Move blocked request data to request buffer for API request
32826466 nghttpx: Fix crash with API request
0422f8a8 nghttpx: Fix worker process crash with neverbleed write error
e329479a Merge pull request #1215 from nghttp2/mruby-per-backend
f80a7873 Merge branch 'akonskarm-reuse_addr'
866ac6ab add option reuse addr in local endpoint configuration of asio client
b574ae6a nghttpx: Support per-backend mruby script
de4fd7cd doc: Update doc
32d7883c nghttpx: Downstream::request_buf_full: take into account blocked_request_buf_
9b24e197 nghttpx: Choose h1 protocol if headers have been sent to backend on retry
13ffece1 Merge pull request #1214 from nghttp2/fix-rst-without-dconn
9d5b781d Fix stream reset if data from client is arrived before dconn is attached

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-09-03 10:46:20 +02:00
Kevin Darbyshire-Bryant
dc9388ac55 iproute2: update cake man page
CAKE supports overriding of its internal classification of
packets through the tc filter mechanism.

Update the man page in our package, even though we don't
build them.  Someone may find the documentation useful.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 30598a05385b0ac2380dd4f30037a9f9d0318cf2)
2018-08-31 15:30:28 +07:00
Kevin Darbyshire-Bryant
721dfd4eb8 kmod-sched-cake: bump to 20180827
Expand filter flow mapping to include hosts as well

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit d14ffdc307d36bd9abe908b46ff7baece54c9551)
2018-08-31 15:30:27 +07:00
Jo-Philipp Wich
555c592304 ppp: remove hardcoded lcp-echo-failure, lcp-echo-interval values
OpenWrt used to ship hardcoded defaults for lcp-echo-failure and
lcp-echo-interval in the non-uci /etc/ppp/options file.

These values break uci support for *disabling* LCP echos through
the use of "option keepalive 0" as either omitting the keepalive
option or setting it to 0 will result in no lcp-echo-* flags
getting passed to the pppd cmdline, causing the pppd process to
revert to the defaults in /etc/ppp/options.

Address this issue by letting the uci "keepalive" option default
to the former hardcoded values "5, 1" and by removing the fixed
lcp-echo-failure and lcp-echo-interval settings from the
/etc/ppp/options files.

Ref: https://github.com/openwrt/luci/issues/2112
Ref: https://dev.archive.openwrt.org/ticket/2373.html
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=854
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=1259
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-30 15:19:45 +02:00
Thomas Equeter
acedce1d79 uqmi: wait for the control device too
The control device /dev/cdc-wdm0 is not available immediately on the
D-Link DWR-921 Rev.C3, therefore the wwan interface fails to start at
boot with a "The specified control device does not exist" error.

This patch alters /lib/netifd/proto/qmi.sh to wait for
network.wwan.delay earlier, before checking for the control device,
instead of just before interacting with the modem.

One still has to use network.wwan.proto='qmi', as the "wwan" proto
performs that sort of check before any delay is possible, failing with a
"No valid device was found" error.

Signed-off-by: Thomas Equeter <tequeter@users.noreply.github.com>
2018-08-29 13:10:12 +02:00
Giuseppe Lippolis
774d7fc9f2 comgt: increase timeout on runcommands
Some combination of modem/wireless operator requires more time to
execute the commands.
Tested on DWR-512 embedded wwan modem and italian operator iliad (new
virtual operator).

Signed-off-by: Giuseppe Lippolis <giu.lippolis@gmail.com>
2018-08-29 08:34:10 +02:00
Paul Wassi
1bd6b91e0f base-files: provide more tolerant xterm detection
Set the window title not only in "xterm", but also in
e.g. "xterm-256color", "xterm-color", etc.
The case statement is taken from Debian / Ubuntu.

Signed-off-by: Paul Wassi <p.wassi@gmx.at>
2018-08-29 08:33:54 +02:00
Bruno Randolf
fe960cead7 ugps: Update to fix position calculation
This is necessary to get my position right.
Without this my longitude is incorrecty -15.85xxxx instead of -16.52yyyy

Signed-off-by: Bruno Randolf <br1@einfach.org>
2018-08-29 08:31:10 +02:00
Bruno Randolf
6b14a73f4f ugps: Add option disabled
Like many other packages, an option to disable can be practical.

Signed-off-by: Bruno Randolf <br1@einfach.org>
2018-08-29 08:31:10 +02:00
Robert Marko
a9d7353192 ethtool: Update to 4.18
Tested on 8devices Jalapeno(ipq40xx)
Introduces following changes:
Feature: Add support for WAKE_FILTER (WoL using filters)
Feature: Add support for action value -2 (wake-up filter)
Fix: document WoL filters option also in help message
Feature: ixgbe dump strings for security registers

Signed-off-by: Robert Marko <robimarko@gmail.com>
2018-08-28 13:46:16 +02:00
Hauke Mehrtens
af6e901ae8 strace: update strace to version 4.24
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-28 11:26:53 +02:00
Hauke Mehrtens
a2488f3a24 linux-firmware: realtek: Add FW for rtl8192eu, rtl8723au and rtl8723bu
These devices are more or less supported by the kmod-rtl8xxxu driver.

Fixes: FS#1789
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-27 18:13:33 +02:00
Hans Dedecker
6caa8e09aa nghttp2: bump to 1.32.1
4c76aaee Update manual pages
2b51ad67 Bump up version number to 1.32.1, LT revision to 30:3:16
708379dc Tweak nghttp2_session_set_stream_user_data
73106b0d Compile with clang-6.0

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-27 10:11:10 +02:00
Stijn Tintel
2c01425d2d ath10k-firmware: update both QCA988X CT variants
This fixes slow performance with 802.11w enabled.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-08-26 18:24:02 +02:00
Stijn Tintel
616b972920 ath10k-ct: bump to git HEAD
e0d2ce0 ath10k:  Support setting tx_antenna in descriptor field.
29c644f Update to latest 4.13 and 4.16 ath10k-ct drivers.
20db9db ath10k:  Support vdev stats for 4.9, 4.16  kernel
fd92066 ath10k:  Support 'ct-sta-mode' for 9984 firmware that supports it.
34954f0 ath10k:  get_tsf, PMF

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-08-26 18:40:46 +03:00
Hans Dedecker
8fd8e79143 iproute2: update to 4.18.0
Update to the latest version of iproute2; see https://lwn.net/Articles/762515/
for a full overview of the changes in 4.18.
Remove upstream patch 001-rdma-sync-some-IP-headers-with-glibc

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-25 20:54:00 +02:00
Felix Fietkau
d9792152fd ath9k: fix setting up tx99 with a monitor mode interface
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-08-25 19:18:08 +02:00
Hauke Mehrtens
e882e63f1e kernel: add missing dependency to regmap to kmod-gpio-mcp23s08
This fixes a build problem recently introduced.

Fixes: a904003b9b ("kernel: fix kmod-gpio-mcp23s08 for linux 4.14")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-25 18:18:35 +02:00
Keith Wong
79c233daa4 kernel: add kmod-tcp-bbr
This adds support for BBR (Bottleneck Bandwidth and RTT) TCP
congestion control. Applications (e.g. webservers, VPN client/server)
which initiate connections from router side can benefit from this.

This provide an easier way for users to use BBR by selecting /
installing kmod-tcp-bbr instead of altering kernel config and
compiling firmware by themselves.

Signed-off-by: Keith Wong <keithwky@gmail.com>
2018-08-25 15:40:24 +02:00
Daniel Engberg
e341f45913 libbsd: Update to 0.8.7
Update libbsd to 0.8.7
Remove glibc dependency
Clean up InstallDev and install entries
Use /usr path for consistency
Cherry pick patches from upstream to fix musl compilation

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-08-25 15:40:23 +02:00
Vladimir Vid
6cda4f6861 imx6: Initial support for SolidRun CuBox-i devices based on i.MX6 processors (i1, i2, i2eX, and i4Pro).
- Specifications -

CuBox i1:
- SoC: i.MX6 Solo
- Cores: 1
- Memory Size: 512MB
- GPU: GC880
- Wifi/Bluetooth: Optional
- USB 2.0 ports: 2
- Ethernet: 10/100/1000 Mbps

CuBox i2 | i2eX:
- SoC: i.MX6 Dual Lite
- Cores: 2
- Memory Size: 1GB
- GPU: GC2000
- Wifi/Bluetooth: Optional
- USB 2.0 ports: 2
- Ethernet: 10/100/1000 Mbps

CuBox i4Pro | i4x4:
- SoC: i.MX6 Quad
- Cores: 4
- Memory Size: 2/4 GB
- GPU: GC2000
- Wifi/Bluetooth: Build In
- USB 2.0 ports: 2
- Ethernet: 10/100/1000 Mbps

Built-in u-boot requires SPL (secondary program loader) to be present on the SD-card regardless of the image type which will be loaded.
SPL is generated by the u-boot-mx6cuboxi package which is preselected by the target device and can be found in bin/u-boot-mx6cuboxi directory.

Flashing the SPL:
dd if=/dev/zero of=/dev/mmcblk0 bs=1M count=4
dd if=bin/targets/imx6/generic/u-boot-mx6cuboxi/SPL of=/dev/mmcblk0 bs=1K seek=1

Preparing the firmware on the SD-card:
(echo o; echo n; echo p; echo 1; echo ''; echo ''; echo w) | fdisk /dev/mmcblk0
mkfs.ext4 /dev/mmcblk0p1
mount /dev/mmcblk0p1 /mnt
tar -xzf bin/targets/imx6/generic/openwrt-imx6-device-cubox-i-rootfs.tar.gz -C /mnt/
mkdir -p /mnt/boot
cp bin/targets/imx6/generic/{*-uImage,*.dtb,*.scr} /mnt/boot/

Generated u-boot.img needs to be placed on the first partition:
cp bin/targets/imx6/generic/u-boot-mx6cuboxi/u-boot.img /mnt/

To boot from the SD card:

Boot script which sets mmc/dtb parameters and boots the board is automatically sourced.
If this does not work for any reason:
mmc dev 0; load mmc 0:1 $scriptaddr boot/boot.scr; source $scriptaddr

Currently imx6dl-cubox-i.dtb (Dual Lite) and imx6q-cubox-i.dtb (Quad) device trees are available.

Tested on i4Pro, MMC, USB (+ HiD), HDMI and ethernet ports are working.
Wireless and bluetooth are broken ATM. According to SolidRun forums, BCM4329/BCM4330 firmware is used which works fine on older kernels.

Signed-off-by: Vladimir Vid <vladimir.vid@sartura.hr>
2018-08-25 15:40:23 +02:00
Antonio Silverio
672c430d6e mac80211: mwl8k: Expand non-DFS 5G channels
Add non-DFS 5G upper channels (149-165) besides existed 4 lower channels
(36, 40, 44, 48).

Signed-off-by: Antonio Silverio <menion@gmail.com>
2018-08-25 15:40:23 +02:00
Martin Schiller
a904003b9b kernel: fix kmod-gpio-mcp23s08 for linux 4.14
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
2018-08-25 15:33:52 +02:00
Luis Araneda
43dedd0661 uboot-zynq: add support for the zybo z7 board
Backport board support from the upcoming v2018.09 release,
and add an additional patch to read the MAC address
from flash memory

Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-08-25 15:33:50 +02:00
Rosen Penev
3ccc2ebe01 libevent2: Switch to using release tarball
Starting with version 2.1.8, a release tarball is available.

Simplifies the Makefile slightly.

Updated the project URL. HTTPS is broken. Issue has been reported upstream

Adjusted patches. CMake support is not present in the tarball. It's made
for Windows anyway.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-25 13:18:35 +02:00
Felix Fietkau
b6adfde0c6 mt76: update to the latest version
7daf962 mt7603: add survey support
980c606 mt7603: add fix for CCA signal configuration
30b8371 mt7603: fix BAR rate

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2018-08-24 21:33:54 +02:00
Hans Dedecker
2211ee0037 dropbear: backport upstream fix for CVE-2018-15599
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-24 15:25:26 +02:00
Jo-Philipp Wich
a27de701b0 wolfssl: disable broken shipped Job server macro
The AX_AM_JOBSERVER macro shipped with m4/ax_am_jobserver.m4 is broken on
plain POSIX shells due to the use of `let`.

Shells lacking `let` will fail to run the generated m4sh code and end up
invoking "make" with "-jyes" as argument, fialing the build.

Since there is no reason in the first place for some random package to
muck with the make job server settings and since we do not want it to
randomly override "-j" either, simply remove references to this defunct
macro to let the build succeed on platforms which not happen to use bash
as default shell.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 20:14:00 +02:00
Jo-Philipp Wich
9ffbe84ea4 grub2: rebase patches
Patch 300-CVE-2015-8370.patch was added without proper rebasing on the
version used by OpenWrt, make it apply and refresh the patch to fix
compilation.

Fixes: 7e73e9128f ("grub2: Fix CVE-2015-8370")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 19:08:58 +02:00
Jo-Philipp Wich
214146c6f2 uhttpd: support multiple Lua prefixes
Update to latest git HEAD in order to support configuring multiple
concurrent Lua prefixes in a single uhttpd instance:

  b741dec lua: support multiple Lua prefixes

Additionally rework the init script and update the default configuration
example to treat the lua_prefix option as key=value uci list, similar to
the interpreter extension mapping. Support for the old "option lua_prefix"
plus "option lua_handler" notation is still present.

Finally drop the sed postinstall hack in uhttpd-mod-lua to avoid mangling
files belonging to other packages. Since Lua prefixes have precedence
over CGI prefixes, simply register `/cgi-bin/luci` as Lua handler which
will only become active if both luci-base and uhttpd-mod-lua is installed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-23 09:18:04 +02:00
Rosen Penev
7e73e9128f grub2: Fix CVE-2015-8370
This CVE is a culmination of multiple integer overflow issues that cause
multiple issues like Denial of Service and authentication bypass.

More info: https://nvd.nist.gov/vuln/detail/CVE-2015-8370

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-23 07:15:53 +02:00
Rosen Penev
f9469efbfa bzip2: Fix CVE-2016-3189
Issue causes a crash with specially crafted bzip2 files.

More info: https://nvd.nist.gov/vuln/detail/CVE-2016-3189

Taken from Fedora.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-23 07:15:35 +02:00
Rosen Penev
499773f8ef samba36: Enable umdnsd support
Allows discovery without having to use NetBIOS. Useful for mobile devices.

Could eventually throw nbmd away. But that requires Windows 10...

Tested on Fedora 28 with avahi-discover.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:23:02 +02:00
Rosen Penev
7961009346 yamonenv: Remove dead URLs
uscan errors on the URL as it is no longer available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:22:17 +02:00
Rosen Penev
f5098a69ed fconfig: Remove dead URLs
uscan errors on the URL as it is no longer available.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:22:04 +02:00
Rosen Penev
f2e1fd0f35 apex: Remove dead URL.
uscan errors on the URL as it is no longer available.

Also switched the download URL to HTTPS.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
2018-08-22 11:21:53 +02:00
Jo-Philipp Wich
e5f56c07d7 iptables: make iptables-mod-conntrack-extra depend on kmod-ipt-raw
Since kernel 4.14 there is no auto assignment of conntrack helpers anymore
so fw3 needs raw table support in order to stage ct helper assignment rules.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-22 07:14:45 +02:00
Hans Dedecker
6c227e45cb dnsmasq: remove creation of /etc/ethers
Remove creation of file /etc/ethers in dnsmasq init script as the
file is now created by default in the base-files package by
commit fa3301a28e

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-21 15:55:10 +02:00
Luiz Angelo Daros de Luca
d810d44e5a base-files: create /etc/ethers by default
/etc/ethers is missing on /rom but always created when dnsmasq
runs. It is better to have it in place and avoid an extra change
in flash after firstboot.

It will generate an extra /etc/ethers-opkg when it has changed.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-21 15:55:00 +02:00
Jo-Philipp Wich
22681cdef2 uhttpd: update to latest Git head
952bf9d build: use _DEFAULT_SOURCE
30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-21 14:48:47 +02:00
Daniel Engberg
e1a1add517 mwlwifi: Update to 10.3.8.0-20180810
Update mwlwifi to 10.3.8.0-20180810

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
2018-08-21 07:44:37 +02:00
Hans Dedecker
40eb9bda44 netifd: update to latest git HEAD
7454d12 interface: let interface_set_down() return void
32f11a8 interface: make __interface_set_down() static
b9d5a8c interface: extend interface error messages in interface_set_up()
de394b3 interface: ensure NO_DEVICE error is always reported

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-20 16:27:38 +02:00
Yury Shvedov
cad9519eba hostapd: process all CSA parameters
This adds processing of all CSA arguments from ubus switch_chan request
in the same manner as in the control interface API.

Signed-off-by: Yury Shvedov <yshvedov@wimarksystems.com>
2018-08-20 09:24:43 +02:00
Daniel Engberg
d1ea8ac3b4 util-linux: Update to 2.32.1
Update util-linux to 2.32.1
For release notes see https://lwn.net/Articles/759922/

Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-16 22:29:28 +02:00
Mathias Kresin
56b8ac1e86 treewide: consolidate upgrade state set
Set the (sys)upgrade state when sourcing the stage2 script instead of
setting the state for each target individual.

This change fixes the, due to a missing state set, not working upgrade
led on ath79 and apm821xx.

Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-16 21:20:57 +02:00
Jo-Philipp Wich
8c91807214 rpcd: update to latest git HEAD
41333ab uci: tighten uci reorder operation error handling
f91751b uci: tighten uci delete operation error handling
c2c612b uci: tighten uci set operation error handling
948bb51 uci: tighten uci add operation error handling
51980c6 uci: reject invalid section and option names

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-16 09:43:11 +02:00
Hauke Mehrtens
d74d6c4522 openssl: update to version 1.0.2p
This fixes the following security problems:
 * CVE-2018-0732: Client DoS due to large DH parameter
 * CVE-2018-0737: Cache timing vulnerability in RSA Key Generation

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-08-15 22:32:07 +02:00
Jo-Philipp Wich
5762efd8b2 libubox: set RPATH for host build
This is required for programs that indirectly link libjson-c through the
libubox blobmsg_json library.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-14 23:54:59 +02:00
Hans Dedecker
e2791e80cb netifd: update to latest git HEAD
522456b device: gracefully handle device names exceeding IFNAMESIZ

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-14 22:56:31 +02:00
Stijn Tintel
03e5dcbf10 firewall: bump to git HEAD
12a7cf9 Add support for DSCP matches and target
06fa692 defaults: use a generic check_kmod() function
1c4d5bc defaults: fix check_kmod() function

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
2018-08-13 22:05:46 +03:00
Christian Lamparter
7b1b49bd32 packages: nvram: make it possible to include it for ath79 targets
The WD My Net Range Extender stores the MAC addresses inside the
nvram partition. This utility can extract it, but it's currently
not avilable on the ath79 target. Hence, this patch adds the
necessary target declaration, so it can be built.

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
2018-08-13 08:46:22 +02:00
Luis Araneda
09ac4aa86b uboot-zynq: update to 2018.07
Signed-off-by: Luis Araneda <luaraneda@gmail.com>
2018-08-13 08:43:58 +02:00
Jason A. Donenfeld
42dc0e2594 wireguard: bump to 0.0.20180809
* send: switch handshake stamp to an atomic

Rather than abusing the handshake lock, we're much better off just using
a boring atomic64 for this. It's simpler and performs better. Also, while
we're at it, we set the handshake stamp both before and after the
calculations, in case the calculations block for a really long time waiting
for the RNG to initialize.

* compat: better atomic acquire/release backport

This should fix compilation and correctness on several platforms.

* crypto: move simd context to specific type

This was a suggestion from Andy Lutomirski on LKML.

* chacha20poly1305: selftest: use arrays for test vectors

We no longer have lines so long that they're rejected by SMTP servers.

* qemu: add easy git harness

This makes it a bit easier to use our qemu harness for testing our mainline
integration tree.

* curve25519-x86_64: avoid use of r12

This causes problems with RAP and KERNEXEC for PaX, as r12 is a
reserved register.

* chacha20: use memmove in case buffers overlap

A small correctness fix that we never actually hit in WireGuard but is
important especially for moving this into a general purpose library.

* curve25519-hacl64: simplify u64_eq_mask
* curve25519-hacl64: correct u64_gte_mask

Two bitmath fixes from Samuel, which come complete with a z3 script proving
their correctness.

* timers: include header in right file

This fixes compilation in some environments.

* netlink: don't start over iteration on multipart non-first allowedips

Matt Layher found a bug where a netlink dump of peers would never terminate in
some circumstances, causing wg(8) to keep trying forever. We now have a fix as
well as a unit test to mitigate this, and we'll be looking to create a fuzzer
out of Matt's nice library.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-12 16:12:01 +02:00
Mathias Kresin
dfee452713 base-files: add function to get mac as text from flash
Add a function to get a mac stored as text from flash. The octets of
the mac address need to be separated by any separator supported by
macaddr_canonicalize().

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-11 21:36:27 +02:00
Mathias Kresin
ec28d2797c base-files: use consistent coding style
Add the opening bracket right after the function name, to do it the
same way for all functions in this file.

Signed-off-by: Dmitry Tunin <hanipouspilot@gmail.com>
Signed-off-by: Mathias Kresin <dev@kresin.me>
2018-08-11 21:36:27 +02:00
Yousong Zhou
3493c1cf41 uci: bump to source date 2018-08-11
Fixes segfault when parsing malformed delta lines

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2018-08-11 12:04:31 +00:00
John Crispin
1961948585 wpa_supplicant: fix CVE-2018-14526
Unauthenticated EAPOL-Key decryption in wpa_supplicant

Published: August 8, 2018
Identifiers:
- CVE-2018-14526
Latest version available from: https://w1.fi/security/2018-1/

Vulnerability

A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.

When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.

Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.

Vulnerable versions/configurations

All wpa_supplicant versions.

Acknowledgments

Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.

Possible mitigation steps

- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.

- Merge the following commits to wpa_supplicant and rebuild:

WPA: Ignore unauthenticated encrypted EAPOL-Key data

This patch is available from https://w1.fi/security/2018-1/

- Update to wpa_supplicant v2.7 or newer, once available

Signed-off-by: John Crispin <john@phrozen.org>
2018-08-10 15:48:21 +02:00
Thibaut VARÈNE
78b5764fd8 base-files: make wifi report unknown command
Avoid having /sbin/wifi silently ignore unknown keywords and execute
"up"; instead display the help message and exit with an error.

Spell out the "up" keyword (which has users), add it to usage output,
and preserve the implicit assumption that runing /sbin/wifi without
argument performs "up".

Signed-off-by: Thibaut VARÈNE <hacks@slashdirt.org>
2018-08-10 05:30:57 +02:00
David Bauer
c4931713df ath79: add support for OCEDO Koala
This commit adds support for the OCEDO Koala

SOC:	Qualcomm QCA9558 (Scorpion)
RAM:    128MB
FLASH:  16MiB
WLAN1:  QCA9558 2.4 GHz 802.11bgn 3x3
WLAN2:  QCA9880 5 GHz 802.11nac 3x3
INPUT:  RESET button
LED:    Power, LAN, WiFi 2.4, WiFi 5, SYS
Serial: Header Next to Black metal shield
        Pinout is 3.3V - GND - TX - RX (Arrow Pad is 3.3V)
        The Serial setting is 115200-8-N-1.

Tested and working:
 - Ethernet
 - 2.4 GHz WiFi
 - 5 GHz WiFi
 - TFTP boot from ramdisk image
 - Installation via ramdisk image
 - OpenWRT sysupgrade
 - Buttons
 - LEDs

Installation seems to be possible only through booting an OpenWRT
ramdisk image.

Hold down the reset button while powering on the device. It will load a
ramdisk image named 'koala-uImage-initramfs-lzma.bin' from 192.168.100.8.

Note: depending on the present software, the device might also try to
pull a file called 'koala-uimage-factory'. Only the name differs, it
is still used as a ramdisk image.

Wait for the ramdisk image to boot. OpenWRT can be written to the flash
via sysupgrade or mtd.

Due to the flip-flop bootloader which we not (yet) support, you need to
set the partition the bootloader is selecting. It is possible from the
initramfs image with

 > fw_setenv bootcmd run bootcmd_1

Afterwards you can reboot the device.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-08-09 18:44:57 +02:00
Hans Dedecker
2e02fdb363 odhcp6c: apply IPv6/ND configuration earlier
Apply IPv6/ND configuration before proto_send_update so that all config info
is available when netifd is handling the notify_proto ubus call.
In particular this fixes an issue when netifd is updating the downstream IPv6 mtu
as netifd was still using the not yet updated upstream IPv6 mtu to set the
downstream IPv6 mtu

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-09 18:46:57 +02:00
Hans Dedecker
e0fbf62821 iproute2: remove libutil from InstallDev section
Commit 4d961538f6 added libutil to the iproute2 InstallDev section
but lead to compile issues with packages picking up the wrong libutil
since libutil is quite a generic name ...
Further libutil is rather meant for internal usage in iproute2 than a
public API; therefore let's remove it from the InstallDev section together
with ll_map.h

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-09 17:48:03 +02:00
Hans Dedecker
6579af7a77 netifd: update to latest git HEAD
115a694 interface-ip: always override downstream IPv6 mtu

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-09 17:39:24 +02:00
Antonio Silverio
e2e39328d5 sunxi: Added support for Xunlong Orange Pi PC2
CPU: H5 High Performance Quad-core 64-bit Cortex-A53
GPU: Mali450 OpenGL ES 2.0/1.1/1.0, OpenVG 1.1, EGL
Memory: 1GB DDR3 (shared with GPU)
Onboard Storage: TF card (Max. 32GB) / NOR flash(2MB)
Onboard Network: 1000M/100M Ethernet RJ45
USB 2.0 Ports: Three USB 2.0 HOST, one USB 2.0 OTG, HOST mode
role by default in DTS
Buttons: Power Button(SW4) Debug TTL

UART: ..DC-IN..
>[GND][RX][TX] ..HDMI..

Signed-off-by: Antonio Silverio <menion@gmail.com>
2018-08-09 12:06:58 +02:00
Zoltan HERPAI
f4d3047671 firmware: intel-microcode: bump to 20180703
* New upstream microcode data file 20180703
    + Updated Microcodes:
      sig 0x000206d6, pf_mask 0x6d, 2018-05-08, rev 0x061d, size 18432
      sig 0x000206d7, pf_mask 0x6d, 2018-05-08, rev 0x0714, size 19456
      sig 0x000306e4, pf_mask 0xed, 2018-04-25, rev 0x042d, size 15360
      sig 0x000306e7, pf_mask 0xed, 2018-04-25, rev 0x0714, size 17408
      sig 0x000306f2, pf_mask 0x6f, 2018-04-20, rev 0x003d, size 33792
      sig 0x000306f4, pf_mask 0x80, 2018-04-20, rev 0x0012, size 17408
      sig 0x000406f1, pf_mask 0xef, 2018-04-19, rev 0xb00002e, size 28672
      sig 0x00050654, pf_mask 0xb7, 2018-05-15, rev 0x200004d, size 31744
      sig 0x00050665, pf_mask 0x10, 2018-04-20, rev 0xe00000a, size 18432
      sig 0x000706a1, pf_mask 0x01, 2017-12-26, rev 0x0022, size 73728
    + First batch of fixes for: Intel SA-00115, CVE-2018-3639, CVE-2018-3640
    + Implements IBRS/IBPB/STIPB support, Spectre-v2 mitigation
    + SSBD support (Spectre-v4 mitigation) and fix Spectre-v3a for:
      Sandybridge server, Ivy Bridge server, Haswell server, Skylake server,
      Broadwell server, a few HEDT Core i7/i9 models that are actually gimped
      server dies.

Signed-off-by: Zoltan HERPAI <wigyori@uid0.hu>
2018-08-09 01:00:06 +02:00
Rob Mosher
8a3582fa8a busybox: prevent compile hang with bzip2 enabled
The BZIP2_SMALL option was not being exposed via Config.in which
caused the build to fail as 'yes' is piped to the config during
build.  As it's expecting a number, it gets stuck in a loop.

Signed-off-by: Rob Mosher <nyt-openwrt@countercultured.net>
2018-08-08 22:08:49 +02:00
Jo-Philipp Wich
cc21dab6cc ucert: update to lastest git HEAD
Update to latest HEAD in order to fix a stack memory corruption issue:

1056e73 Change the sigb buffer to be the same size as the fread

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-08 19:52:13 +02:00
Hans Dedecker
4d961538f6 iproute2: add libutil to InstallDev section
In iproute2 v4.17 ll_map has been moved from the libnetlink to the libutil
library; add libutil as well to the staging dir in order to keep support
for ll_map

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
2018-08-08 14:29:08 +02:00
David Bauer
5107ba2374 uboot-envtools: add ath79 target
This adds uci entries for all ath79 devices for which this already was
the case on ar71xx. Additionally we add the OCEDO Koala as there was no
support in OpenWRT yet.

Signed-off-by: David Bauer <mail@david-bauer.net>
2018-08-08 08:38:45 +02:00
Daniel Golle
8174853c78 base-files: introduce sysupgrade signature chain verification
Verify ucert signature chains in sysupgrade images in case ucert is
installed and $CHECK_IMAGE_SIGNARURE = 1.
Also make sure ucert host binary is present and generate a self-signed
ucert in case $TOPDIR/key-build.ucert is missing.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-08 02:22:54 +02:00
Daniel Golle
7a52ce3faf ucert: update source
ad816fc set rpath to make bundle-libraries.sh happy
 63ad591 blob_buf needs to be zero'd

Now that libubox, libjson-c and libblobms_json are installed into
STAGING_DIR_HOST we can properly bundle ucert in the ImageBuilder.
Follow-up commits will make use of it to include a signature-chain in
sysupgrade images using fwtool.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 23:20:18 +02:00
Daniel Golle
73100024d3 libubox: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 22:31:48 +02:00
Daniel Golle
a5368dc30c libjson-c: set HOST_BUILD_PREFIX
Install into STAGING_DIR_HOST rather than STAGING_DIR_HOSTPKG to make
bundle-libraries.sh happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2018-08-07 22:31:48 +02:00
Jo-Philipp Wich
1c4a255aa1 libubox: fix source version date
The referenced Git commit was made on the 25th of July, not June.

Fixes 432eaa940f ("libubox: fix mirror hash")
Fixes 5dc32620c4 ("libubox: update to latest git HEAD")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-07 17:27:05 +02:00