oweals/openwrt.git
5 years agocurl: Use ca-bundle for all TLS libraries.
Rosen Penev [Sun, 27 May 2018 22:13:47 +0000 (15:13 -0700)]
curl: Use ca-bundle for all TLS libraries.

It simplifies the Makefile a bit. In addition, using ca-bundle
saves some space as well.

It also fixes an issue with at least transmission, which has a dependency
on ca-bundle, but currently libcurl with OpenSSL or GnuTLS cause it not
to work.

This has been tested on mt7621 with OpenSSL and GnuTLS just by running
'curl https://www.google.com' and seeing if there's a verify error.
The rest are already using ca-bundle and therefore work fine.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
Tested-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(backported from f97946c49680a5fe713d0e2caaf072789f70e68d)

5 years agoath10k-firmware: Fix QCA6174 support
Rosen Penev [Fri, 25 May 2018 03:47:46 +0000 (20:47 -0700)]
ath10k-firmware: Fix QCA6174 support

Currently when installing the firmware, a bunch of files and directories
that the ath10k driver does not look for are created.

The package now installs firmware for both hw 2.1 and 3.0 devices.
2.1 is abandonware but may be useful to keep.

3.0 firmware was tested on a Killer 1535 to be relatively stable with
802.11w disabled. 802.11w causes multiple firmware crashes but that's true
of other ath10k firmwares as well.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
(backported and squashed from
 27eab4fa578d696ab55b6264a1b35fad6488b664,
 d0fbe1956b3b9f07b6dcb54a8ed43a4904581e1d,
 e191c7ee797c8b3458eb9791212a56b16febeeb4)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agohostapd: properly build hostapd-only SSL variants
Daniel Golle [Thu, 31 May 2018 13:18:12 +0000 (15:18 +0200)]
hostapd: properly build hostapd-only SSL variants

Make sure hostapd-openssl is actually build against OpenSSL, same
for wolfSSL.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 987900f2de76e6d292e55aa068c39b03f79c8812)

5 years agohostapd: update packaging and patches
Daniel Golle [Wed, 30 May 2018 22:10:49 +0000 (00:10 +0200)]
hostapd: update packaging and patches

Clean up conflicts/provides/depends hell and add PROVIDES for
eapol-test variants while at it.
Update mesh-DFS patchset from Peter Oh to v5 (with local fixes) which
allows to drop two revert-patches for upstream commits which previously
were necessary to un-break mesh-DFS support.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 78f1974bc565d7544589a49ad8efd92c4ddec5b3)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agohostapd: convert ssl provider build options to variants
Daniel Golle [Fri, 25 May 2018 13:59:41 +0000 (15:59 +0200)]
hostapd: convert ssl provider build options to variants

Instead of selecting the SSL provider at compile time, build package
variants for each option so users can select the binary package without
having to build it themselves.
Most likely not all variants have actually ever been user by anyone.
We should reduce the selection to the reasonable and most used
combinations at some point in future. For now, build them all.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from c8fdd0e9c843dd483f6677dc41f7df17313aa3cd)

5 years agohostapd: update to git HEAD of 2018-05-21, allow build against wolfssl
Daniel Golle [Sat, 28 Apr 2018 19:12:19 +0000 (21:12 +0200)]
hostapd: update to git HEAD of 2018-05-21, allow build against wolfssl

Support for building wpa_supplicant/hostapd against wolfssl has been
added upstream recently, add build option to allow users using it.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 69f544937f8498e856690f9809a016f0d7f5f68b)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoustream-ssl: fix build against wolfSSL
Daniel Golle [Thu, 24 May 2018 16:51:44 +0000 (18:51 +0200)]
ustream-ssl: fix build against wolfSSL

commit 39a6ce205d (ustream-ssl: Enable ECDHE with OpenSSL.) broke
build against wolfSSL because wolfSSL doesn't (yet) support
SSL_CTX_set_ecdh_auto() of the OpenSSL API.

Fix this in ustream-ssl:

 189cd38b41 don't use SSL_CTX_set_ecdh_auto with wolfSSL

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 4f442f5f383837efcfb345033169178f74f63440)

5 years agowolfssl: change defaults to cover wpa_supplicant needs
Daniel Golle [Wed, 30 May 2018 22:34:15 +0000 (00:34 +0200)]
wolfssl: change defaults to cover wpa_supplicant needs

Implicetely selecting the required options via Kconfig snippet from
hostapd worked fine in local builds when using menuconfig but confused
the buildbots which (in phase1) may build wpad-mini and hence already
come with CONFIG_WPA_WOLFSSL being defined as unset which then won't
trigger changing the defaults of wolfssl.

Work around by explicitely reflecting wpa_supplicant's needs in
wolfssl's default settings to make buildbots happy.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from dad39249fb91d6f320256ac12944863f09bb2dc9)

5 years agowolfssl: add PKG_CONFIG_DEPENDS symbols
Daniel Golle [Fri, 25 May 2018 18:35:46 +0000 (20:35 +0200)]
wolfssl: add PKG_CONFIG_DEPENDS symbols

This change will trigger rebuild on buildbots in case of changed config
symbols, like in the case of hostapd selecting some wolfssl symbols
lately.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 5857088c5eb3a5a2409e3c57dbfa2487e08bbf4a)

5 years agowolfssl: update to version 3.14.4
Daniel Golle [Wed, 23 May 2018 21:26:41 +0000 (23:26 +0200)]
wolfssl: update to version 3.14.4

Use download from github archive corresponding to v3.14.4 tag because
the project's website apparently only offers 3.14.0-stable release
downloads.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
(backported from 4f67c1522d92bc4512c3ecf58c38ff9886530b48)

5 years agopackage sysfsutils: add support for sysfs settings at boot
Rodolfo Giometti [Wed, 28 Jun 2017 08:49:01 +0000 (10:49 +0200)]
package sysfsutils: add support for sysfs settings at boot

This patch is based on sysfsutils package's behaviour on Debian OS.

Signed-off-by: Rodolfo Giometti <giometti@linux.it>
(backported from 2437e0f67050cad79cc1778b18cefd8d3cd86d07)

5 years agokernel: merge kmod-fbcon with kmod-fb
Tomasz Maciej Nowak [Fri, 30 Mar 2018 22:12:03 +0000 (00:12 +0200)]
kernel: merge kmod-fbcon with kmod-fb

As of commit in kernel:
6104c37094 fbcon: Make fbcon a built-time depency for fbdev
framebuffer console is build in into framebuffer module and there's no
standalone fbcon module. Therefore drop the kmod-fbcon and enable
console in kmod-fb. The only targets which use these modules are imx6
and geode, both are on kernel 4.14 so no fallback for other kernels is
introduced.
Being at that this commit also fixes autoload of fbdev for x86.

Signed-off-by: Tomasz Maciej Nowak <tomek_n@o2.pl>
(backported from 9c0ddafd4663948fe5c6f3f4a7a7601fdbb36737)

5 years agoath10k-firmware: Fix mirror hash sum
Hauke Mehrtens [Sat, 19 May 2018 13:20:46 +0000 (15:20 +0200)]
ath10k-firmware: Fix mirror hash sum

This now matches what was generated locally on my PC and the file on the
mirror server.

Fixes: 349fe46103359 ("ath10k-firmware: Update QCA988X firmware to the latest version")
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
(backported from 56a03e434386ccd1359d5c995a5a3c0fcc44f6af)

5 years agoath10k-firmware: Update QCA988X firmware to the latest version
Timo Sigurdsson [Wed, 16 May 2018 22:33:56 +0000 (00:33 +0200)]
ath10k-firmware: Update QCA988X firmware to the latest version

This patch updates the QCA988X firmware to the latest revision
  firmware-5.bin_10.2.4-1.0-00037
found in the ath10k-firmware and linux-firmware repositories.

Tested on TP-Link Archer C7 v2 (ar71xx).

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(backported from 349fe46103359682692e6b175d22f8c05ff75f74)

5 years agonftables: bump to 0.8.5 version
Rosy Song [Tue, 15 May 2018 03:42:29 +0000 (11:42 +0800)]
nftables: bump to 0.8.5 version

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from 39e87e0ffc4eabf27d25459a369be425e9ef0474)

5 years agolibnftnl: bump to 1.1.0
Rosy Song [Tue, 15 May 2018 02:41:19 +0000 (10:41 +0800)]
libnftnl: bump to 1.1.0

Signed-off-by: Rosy Song <rosysong@rosinson.com>
(backported from c7e9d72f056a190fe14b1ebc3f07e726121e2965)

5 years agoebtables: update to latest git 2018-05-15
Hans Dedecker [Tue, 15 May 2018 12:00:37 +0000 (14:00 +0200)]
ebtables: update to latest git 2018-05-15

66a9701 ebtables: Fix build errors and warnings
9fff3d5 include: Fix musl libc compatibility
b1cdae8 extensions: Add string filter to ebtables

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(backported from ac70ac3532fefa78c944d8a26c8df0ca5d88d04e)
(rebased patches)
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years agoar71xx: add support for UniFi-AC-Mesh-Pro
Christoph Krapp [Thu, 8 Nov 2018 11:09:02 +0000 (11:09 +0000)]
ar71xx: add support for UniFi-AC-Mesh-Pro

This adds the build option for UniFi AC Mesh Pro as well as
model detection for it.
The device is a hardware clone of the AC Pro.

- SoC: QCA9563-AL3A (775Mhz)
- RAM: 128MiB
- Flash: 16MiB - dual firmware partitions!
- LAN: 2x 1000M - POE+
- Wireless:
        2.4G: QCA9563
          5G: UniFi Chip, QCA988X compatible

Signed-off-by: Christoph Krapp <achterin@googlemail.com>
(cherry picked from commit 987b961537b7002eda21df97dd8bfebe8882bc6d)

5 years agokernel: bump 4.14 to 4.14.88
Koen Vandeputte [Thu, 13 Dec 2018 10:46:02 +0000 (11:46 +0100)]
kernel: bump 4.14 to 4.14.88

Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Fixes CVE:
- CVE-2018-14625

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.145
Koen Vandeputte [Thu, 13 Dec 2018 10:43:25 +0000 (11:43 +0100)]
kernel: bump 4.9 to 4.9.145

Refreshed all patches.

Fixes CVE:
- CVE-2018-14625

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.87
Koen Vandeputte [Tue, 11 Dec 2018 12:31:35 +0000 (13:31 +0100)]
kernel: bump 4.14 to 4.14.87

Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.144
Koen Vandeputte [Tue, 11 Dec 2018 11:24:02 +0000 (12:24 +0100)]
kernel: bump 4.9 to 4.9.144

Refreshed all patches.

Compile-tested: ar71xx
Runtime-tested: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.14 to 4.14.86
Koen Vandeputte [Thu, 6 Dec 2018 12:34:21 +0000 (13:34 +0100)]
kernel: bump 4.14 to 4.14.86

Refreshed all patches.

Altered patches:
- 180-usb-xhci-add-support-for-performing-fake-doorbell.patch

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agokernel: bump 4.9 to 4.9.143
Koen Vandeputte [Wed, 28 Nov 2018 11:36:15 +0000 (12:36 +0100)]
kernel: bump 4.9 to 4.9.143

Refreshed all patches.

Altered patches:
- 950-0063-Improve-__copy_to_user-and-__copy_from_user-performa.patch
- 950-0149-Update-vfpmodule.c.patch
- 201-extra_optimization.patch

New symbol:
- CONFIG_HARDEN_BRANCH_PREDICTOR

Compile-tested on: ar71xx, ar7, arc770, at91, brcm2708, brcm63xx, ixp4xx, lantiq, layerscape, mpc85xx, orion, rb532, uml
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
5 years agoopenvpn: re-add option comp_lzo
Martin Schiller [Wed, 12 Dec 2018 12:43:20 +0000 (13:43 +0100)]
openvpn: re-add option comp_lzo

This option is deprecated but needs to be kept for backward compatibility. [0]

[0] https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#a--comp-lzo

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> [PKG_RELEASE increase]
(cherry picked from commit 3850b41f01925a7eddc24033ed155503c1ad2112)

5 years agorpcd: update to latest Git head
Jo-Philipp Wich [Thu, 22 Nov 2018 13:42:14 +0000 (14:42 +0100)]
rpcd: update to latest Git head

3aa81d0 file: access exec timeout via daemon ops structure
7235f34 plugin: store pointer to exec timeout value in the ops structure
ccd7c0a treewide: rename exec_timeout to rpc_exec_timeout
c79ef22 main: fix logic bug when not specifying a timeout option
2cc4b99 file: use global exec timeout instead of own hardcoded limit
ecd1660 exec: increase maximum execution time to 120s

Also expose the socket and timeout options in /etc/config/rpcd for
easier use.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commits 41055551151e12abf8efe710efa4dc025a7b7b6a,
 952b11766cd83898cf8f9626b75141eac6d4ad1a and
 e533fb17061027dca2cc60a9555fc2edb9e832eb)

5 years agoramips: fix leds on GL.iNet GL-MT300N-V2
Martin Weinelt [Fri, 2 Nov 2018 19:52:01 +0000 (20:52 +0100)]
ramips: fix leds on GL.iNet GL-MT300N-V2

The WAN LED now shows the link state. It's color is green,
not blue.

Signed-off-by: Martin Weinelt <hexa@darmstadt.ccc.de>
(cherry picked from commit 0411813c6f0520dea23a1c4f58f5956c504bf129)

5 years agoipq40xx: fix openmesh sysupgrade with tar content out of order
Marek Lindner [Sun, 2 Dec 2018 14:02:04 +0000 (22:02 +0800)]
ipq40xx: fix openmesh sysupgrade with tar content out of order

The tar extraction depends on the order in which the files
are added to the tar file. Since the order is not guaranteed
and depends on the host system, the combined mtd write fails
with sysupgrade images built on some systems.
Fix by changing to tar file order independent mtd write.

Fixes: 86e18f6706e1 ("ipq806x: add support for OpenMesh A42")
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
5 years agorules.mk: fix syntax error
Jo-Philipp Wich [Thu, 29 Nov 2018 11:32:34 +0000 (12:32 +0100)]
rules.mk: fix syntax error

Fix broken assignment operator added in a previous commit.

Fixes db73ec9f51 ("rules.mk: add INSTALL_SUID macro")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 1416b63dcbadbb5c11c2591b4513f5276b6dc744)

5 years agorules.mk: add INSTALL_SUID macro
Jo-Philipp Wich [Thu, 29 Nov 2018 10:59:20 +0000 (11:59 +0100)]
rules.mk: add INSTALL_SUID macro

This is useful for packages that want to stage SUID executables.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit b0261ee5e9bcbc743960727b5aad1829250d1add)

5 years agobase-files: fix prerm return value, align with postinst code
Tony Ambardar [Sat, 3 Mar 2018 04:04:36 +0000 (20:04 -0800)]
base-files: fix prerm return value, align with postinst code

The return value of a package prerm script is discarded and not returned
correctly by default_prerm(). This allows other operations like service
shutdown to "leak" their return value, prompting workarounds like commit
48cfc826 which do not address the root cause.

Preserve a package prerm script return value for use by default_prerm(),
sharing the corresponding code from default_postinst() for consistency.
Also use consistent code for handling of /etc/init.d/ scripts.

Run Tested on: LEDE 17.01.4 running ar71xx.

Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
(cherry picked from commit 8806da86f5da3b1b1e4d24259d168e2219c01a26)

5 years agosdk: find kernel modules when KDIR is a symlink
Karl Vogel [Thu, 29 Nov 2018 08:07:21 +0000 (09:07 +0100)]
sdk: find kernel modules when KDIR is a symlink

The find statement would not return any results if the KDIR_BASE pointed to a
symlink. Ran into this issue due to a custom Kernel/Prepare that was installing
a symlink to the kernel directory.

The extra slash at the end fixes this scenario and does no harm for targets that
have a proper KDIR.

Signed-off-by: Karl Vogel <karl.vogel@gmail.com>
(cherry picked from commit ae980458abf8299d614f4b34add32e18d054378d)

5 years agouhttpd: update to latest Git head
Jo-Philipp Wich [Wed, 28 Nov 2018 11:42:24 +0000 (12:42 +0100)]
uhttpd: update to latest Git head

cdfc902 cgi: escape url in 403 error output
0bba1ce uhttpd: fix building without TLS and Lua support
2ed3341 help: document -A option
fa5fd45 file: fix CPP syntax error
77b774b build: avoid redefining _DEFAULT_SOURCE

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 56378bc12da1aa4f9434bd1119ec770096d92cac)

5 years agouhttpd: support multiple Lua prefixes
Jo-Philipp Wich [Thu, 23 Aug 2018 07:07:23 +0000 (09:07 +0200)]
uhttpd: support multiple Lua prefixes

Update to latest git HEAD in order to support configuring multiple
concurrent Lua prefixes in a single uhttpd instance:

  b741dec lua: support multiple Lua prefixes

Additionally rework the init script and update the default configuration
example to treat the lua_prefix option as key=value uci list, similar to
the interpreter extension mapping. Support for the old "option lua_prefix"
plus "option lua_handler" notation is still present.

Finally drop the sed postinstall hack in uhttpd-mod-lua to avoid mangling
files belonging to other packages. Since Lua prefixes have precedence
over CGI prefixes, simply register `/cgi-bin/luci` as Lua handler which
will only become active if both luci-base and uhttpd-mod-lua is installed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 214146c6f298e593695c29b8c04a418dac914040)

5 years agouhttpd: update to latest Git head
Jo-Philipp Wich [Tue, 21 Aug 2018 12:48:47 +0000 (14:48 +0200)]
uhttpd: update to latest Git head

952bf9d build: use _DEFAULT_SOURCE
30a18cb uhttpd: recognize PATCH, PUT and DELETE HTTP methods

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 22681cdef21be45d4d2c3e21939209ea618b66e4)

5 years agoapm821xx: MBL: load kernel/dtb from SATA 0:1 first
Freddy Leitner [Mon, 26 Nov 2018 18:14:19 +0000 (19:14 +0100)]
apm821xx: MBL: load kernel/dtb from SATA 0:1 first

This remedies an issue with the MBL Duo if both disks are inserted
and contain OpenWrt. kernel and dtb would be loaded from SATA 1:1
while rootfs (/dev/sda2) would be mounted on SATA 0:1.

Such a mix&match would obviously only work if both OpenWrt versions/
builds are identical, and especially fail after sysupgrade upgraded
the system disk on SATA 0:1.

The fallback to SATA 1:1 needs to be kept for MBL Single (only has
SATA 1:1) and MBL Duo with one disk inserted on SATA 1:1. To speed
up booting in those cases, the unneccesarily doubled "sata init"
will only be called once. (In theory it could be omitted completely
since the on-flash boot script already initializes SATA to load the
on-disk boot script.)

Tested on MBL Duo (all possible combination of disks) and MBL Single

Signed-off-by: Freddy Leitner <hello@square.wf>
Acked-by: Christian Lamparter <chunkeey@gmail.com>
5 years agoapm821xx: wndr4700: restore sd-card media detection
Christian Lamparter [Sun, 14 Oct 2018 21:53:56 +0000 (23:53 +0200)]
apm821xx: wndr4700: restore sd-card media detection

This was not converted to the new, dt-based board name.

Fixes: e90dc8d2722 ("apm821xx: convert to device-tree board detection")
Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
6 years agouclient: update to latest Git head
Jo-Philipp Wich [Sat, 24 Nov 2018 19:10:26 +0000 (20:10 +0100)]
uclient: update to latest Git head

3ba74eb uclient-http: properly handle HTTP redirects via proxy connections

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit 0bd99db5118665bbe17f84427238c322af3deaae)

6 years agotools: tplink-safeloader: add C7v5 EU SupportList
David Bauer [Wed, 7 Nov 2018 21:31:46 +0000 (22:31 +0100)]
tools: tplink-safeloader: add C7v5 EU SupportList

Currently flash from WebIF is broken for Archer C7 v5 EU models as their
SupportList entries are missing.

The added entries originate from TP-Links latest Archer C7 v5 EU
firmware.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 53020ed4b981d8d48394842d0aff1a0d0497cc1c)

6 years agobase-files: fix unkillable processes after restart
Linus Kardell [Thu, 22 Nov 2018 10:35:08 +0000 (11:35 +0100)]
base-files: fix unkillable processes after restart

When restart is run on an init script, the script traps SIGTERM. This is
done as a workaround for scripts named the same name as the program they
start. In that case, the init script process will have the same name as
the program process, and so when the init script runs killall, it will
kill itself. So SIGTERM is trapped to make the init script unkillable.

However, the trap is retained when the init script runs start, and thus
processes started by restart will not respond to SIGTERM, and will thus
be unkillable unless you use SIGKILL. This fixes that by removing the
trap before running start.

Signed-off-by: Linus Kardell <linus@telliq.com>
(cherry picked from commit 2ac1a57677ce4e21513dca2a8efab1eb6e0a9c58)

6 years agokernel: bump 4.14 to 4.14.82
Koen Vandeputte [Wed, 21 Nov 2018 09:48:37 +0000 (10:48 +0100)]
kernel: bump 4.14 to 4.14.82

Refreshed all patches.

Compile-tested: cns3xxx, imx6, x86_64
Runtime-tested: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.138
Koen Vandeputte [Wed, 21 Nov 2018 09:45:19 +0000 (10:45 +0100)]
kernel: bump 4.9 to 4.9.138

Refreshed all patches.

Compile-tested: ar71xx, layerscape
Runtime-tested: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agoar71xx: fix TP-Link Archer C7 v5 switch LEDs
Rinki Kumari [Thu, 27 Sep 2018 16:10:15 +0000 (21:40 +0530)]
ar71xx: fix TP-Link Archer C7 v5 switch LEDs

Signed-off-by: Rinki Kumari <rinki13@gmail.com>
6 years agokernel: fix ubifs loosing O_TMPFILE data after power cut
Rafał Miłecki [Thu, 15 Nov 2018 11:28:50 +0000 (12:28 +0100)]
kernel: fix ubifs loosing O_TMPFILE data after power cut

There was a bug in ubifs related to the O_TMPFILE. When reapplying
changes after power cut data could be lost. This problem was exposed by
overlayfs and the upstream commit 3a1e819b4e80 ("ovl: store file handle
of lower inode on copy up").

This fixes a regression introduced when switching from 4.9 to 4.14.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit c6a1bcac16f92afa1e41eaceafc85075d97a74cd)

6 years agokernel: bump 4.14 to 4.14.81
Koen Vandeputte [Wed, 14 Nov 2018 11:37:10 +0000 (12:37 +0100)]
kernel: bump 4.14 to 4.14.81

Refreshed all patches.

Removed upstreamed patches:
- 081-spi-bcm-qspi-switch-back-to-reading-flash-using-smal.patch

Altered patches:
- 0054-cpufreq-dt-Handle-OPP-voltage-adjust-events

Compile-tested on: cns3xxx, imx6, ipq806x, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.137
Koen Vandeputte [Wed, 14 Nov 2018 11:32:49 +0000 (12:32 +0100)]
kernel: bump 4.9 to 4.9.137

Refreshed all patches.

Removed upstreamed hunks:
- 703-phy-support-layerscape.patch

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agosunxi: remove kernel 4.9 support
Koen Vandeputte [Wed, 14 Nov 2018 11:30:43 +0000 (12:30 +0100)]
sunxi: remove kernel 4.9 support

This target has been on 4.14 for a long time now.
Remove these leftovers as it interferes with kernel bumping.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agomac80211: fix spurious disconnections with powersave clients
Felix Fietkau [Tue, 13 Nov 2018 19:34:35 +0000 (20:34 +0100)]
mac80211: fix spurious disconnections with powersave clients

Affects all drivers using ieee80211_tx_status_noskb, e.g. ath9k and mt76

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agokernel: bump 4.14 to 4.14.80
Stijn Tintel [Mon, 12 Nov 2018 17:58:36 +0000 (19:58 +0200)]
kernel: bump 4.14 to 4.14.80

Refresh patches.

Compile-tested: cns3xxx, imx6, x86/64
Runtime-tested: cns3xxx, imx6, x86/64

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agotcpdump: explicitly disable libcap-ng support
Stijn Tintel [Thu, 19 Jul 2018 17:07:38 +0000 (20:07 +0300)]
tcpdump: explicitly disable libcap-ng support

If libcap-ng is detected during tcpdump build, support for it is
enabled and the binary is linked against it. Explicitly disable
libcap-ng support to avoid build failing due to a missing depndency.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years agomt76: update to the latest version, sync with master
Felix Fietkau [Mon, 12 Nov 2018 23:58:21 +0000 (00:58 +0100)]
mt76: update to the latest version, sync with master

- adds new drivers for mt76x2u, mt76x0u and mt76x0e
- adds back fixed version of the tx status fixes
- improves mt7603e stability

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agooxnas: squash-pick commits from master branch
Daniel Golle [Sun, 4 Nov 2018 17:22:33 +0000 (18:22 +0100)]
oxnas: squash-pick commits from master branch

 4f017c871d oxnas: switch to generic board detect
 ef9b169df0 oxnas: remove stray kernel config symbols
 cf7896117b oxnas: enable image metadata by setting SUPPORTED_DEVICES
 9bcc08958b oxnas: add console=ttyS0,115200 argument to bootargs
 b831eb5363 oxnas: kd20: correct memory size to 256MB
 217fe505b6 oxnas: remove superseded sysupgrade image check

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
6 years agomac80211: brcmfmac: add 2 more recent changes
Rafał Miłecki [Fri, 9 Nov 2018 22:01:11 +0000 (23:01 +0100)]
mac80211: brcmfmac: add 2 more recent changes

First one is a fix for reporting channels to the user space. Important
for users as they could try setting invalid channel and fail to start an
interface.

Later is a support for newer FullMAC chipset firmwares.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agobcm53xx: add DT patch describing pins mux controller
Rafał Miłecki [Fri, 9 Nov 2018 21:28:31 +0000 (22:28 +0100)]
bcm53xx: add DT patch describing pins mux controller

It's needed to support new devices that use specific pin functions.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 0cf32de17c47c7625c7ee9cc7d21c3489d86311b)

6 years agomac80211: backport firmware_request_nowarn and firmware_request_cache
Felix Fietkau [Fri, 9 Nov 2018 14:20:21 +0000 (15:20 +0100)]
mac80211: backport firmware_request_nowarn and firmware_request_cache

Required for an mt76 update to the latest version from master

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agokernel: backport and include linux/overflow.h
Felix Fietkau [Wed, 12 Sep 2018 14:58:32 +0000 (16:58 +0200)]
kernel: backport and include linux/overflow.h

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomac80211: backport sg_init_marker()
Felix Fietkau [Thu, 6 Sep 2018 11:30:24 +0000 (13:30 +0200)]
mac80211: backport sg_init_marker()

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agobcm53xx: update pinctrl driver
Rafał Miłecki [Fri, 9 Nov 2018 06:40:42 +0000 (07:40 +0100)]
bcm53xx: update pinctrl driver

It's upstream now with a one trivial fix.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f975ab8f4e3d5b8a8e81870c70d427f9d84b203b)

6 years agobcm53xx: add pending pinctrl driver
Rafał Miłecki [Thu, 11 Oct 2018 11:55:57 +0000 (13:55 +0200)]
bcm53xx: add pending pinctrl driver

It's required to support devices using adjustable SoC pins for some
specific purpose (e.g. I2C, PWM, UART1).

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f00cb94f7ced064d74839892116c3a0b8f10c872)

6 years agoscript: ipkg-build: honour $SOURCE_DATE_EPOCH
Jo-Philipp Wich [Thu, 8 Nov 2018 10:52:33 +0000 (11:52 +0100)]
script: ipkg-build: honour $SOURCE_DATE_EPOCH

When the SOURCE_DATE_EPOCH environment variable is set, use it to
override the timestamps of .ipk archive contents.

This ensures that .ipk archives built in environments without SCM
metadata (mainly the SDK) are reproducible between different runs.

Ref: https://github.com/openwrt/packages/issues/6954
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit d157a76c67bcb821d3ec8dcd4312390ef129a95a)

6 years agomac80211: brcmutil: backport chanspec debugging patch
Rafał Miłecki [Wed, 7 Nov 2018 11:21:59 +0000 (12:21 +0100)]
mac80211: brcmutil: backport chanspec debugging patch

It helps debugging possible WARN-ings.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
6 years agomac80211: brcmfmac: backport the latest 4.20 changes
Rafał Miłecki [Wed, 7 Nov 2018 08:01:32 +0000 (09:01 +0100)]
mac80211: brcmfmac: backport the latest 4.20 changes

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit b50f162b3cce3d95874e4394f4765413f58765f1)

6 years agomac80211: brcmfmac: rename 4.20 backport patches
Rafał Miłecki [Wed, 7 Nov 2018 11:02:43 +0000 (12:02 +0100)]
mac80211: brcmfmac: rename 4.20 backport patches

Include kernel version to help tracking changes.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit f7a3459ab9c4d8f5102c8ae0861ca481571703f7)

6 years agomac80211: add iw command wrapper with error logging
Rafał Miłecki [Tue, 4 Sep 2018 13:20:34 +0000 (15:20 +0200)]
mac80211: add iw command wrapper with error logging

Currently it's close to impossible to tell what part of mac80211 setup
went wrong. Errors logged into system log look like this:
radio0 (6155): command failed: No error information (-524)
radio0 (6155): command failed: Not supported (-95)
radio0 (6155): command failed: I/O error (-5)
radio0 (6155): command failed: Too many open files in system (-23)

With this commit change it's getting clear:
command failed: No error information (-524)
Failed command: iw dev wlan0 del
command failed: Not supported (-95)
Failed command: iw phy phy0 set antenna_gain 0
command failed: I/O error (-5)
Failed command: iw phy phy0 set distance 0
command failed: Too many open files in system (-23)
Failed command: iw phy phy0 interface add wlan0 type __ap

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit ffa80bf5a784a34b81e32144669f30560780bdb6)

6 years agokernel: Add support for Winbond w25q128jv SPI NOR flash
Baptiste Jonglez [Thu, 18 Oct 2018 09:08:20 +0000 (11:08 +0200)]
kernel: Add support for Winbond w25q128jv SPI NOR flash

Newer batches of several Mikrotik boards contain this yet-unsupported
flash chip, for instance:

- rb941-2nd (hAP lite)
- rb952ui-5ac2nd (hAP ac lite)
- RBM33G

and probably other Mikrotik boards need this patch as well.

The patch was submitted upstream by Robert Marko: https://patchwork.ozlabs.org/patch/934181/

Closes: FS#1715
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Cc: Robert Marko <robimarko@gmail.com>
[Rebased + refreshed on current kernels]
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agoimx6: fix DMA transaction errors
Koen Vandeputte [Mon, 5 Nov 2018 16:41:00 +0000 (17:41 +0100)]
imx6: fix DMA transaction errors

Following errors were seen in the past on imx6 when using serial:

[ 22.617622] imx-uart 2020000.serial: DMA transaction error.
[ 22.623228] imx-uart 2020000.serial: DMA transaction error.
[ 22.628826] imx-uart 2020000.serial: DMA transaction error.
[ 22.648951] imx-uart 2020000.serial: DMA transaction error.
[ 22.654558] imx-uart 2020000.serial: DMA transaction error.
[ 22.660156] imx-uart 2020000.serial: DMA transaction error.

Which is the reason why DMA for the serial ports
got disabled in commits:

efb362cd93b0 ("imx6: disable dma on uart")
3b4241071dd4 ("imx6: disable UART dma")

As indicated on mailinglist discussion, the cause seems to be
the usage of very old SDMA firmware which is present in the soc:

[    0.624302] imx-sdma 20ec000.sdma: Direct firmware load for imx/sdma/sdma-imx6q.bin failed with error -2
[    0.624318] imx-sdma 20ec000.sdma: Falling back to user helper
[   64.531607] imx-sdma 20ec000.sdma: external firmware not found, using ROM firmware

This patch adds the new firmware binary. (2196 bytes)

It is required to embed the binary into the kernel image, as it
gets loaded very early in the boot process where the rootfs is not
available yet:

[    0.622966] imx-sdma 20ec000.sdma: loaded firmware 3.3

Extended testing shows that the DMA errors are not seen anymore
when using this newer firmware version.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agoath9k: fix dynack in IBSS mode
Koen Vandeputte [Mon, 5 Nov 2018 10:31:12 +0000 (11:31 +0100)]
ath9k: fix dynack in IBSS mode

Currently, dynack was only tested upstream using AP/STA mode.
Testing it on IBSS, showed that late-ack detection was broken.

This is caused due to dynack using Association Request/Response
frames for late-ack detection, which IBSS does not use.
Also allowing Authentication frames here solves this.

A second issue also got fixed, which was also seen AP/STA mode:

When a station was added, the estimated value would be exponentially averaged
using 0 as a starting point.

This means that on larger distances, the ack timeout was still not high
enough before synchronizing would run out of late-ack's for estimation.

Fix this by using the initial estimated value as a baseline
and only start averaging in the following estimation rounds.

Test setup:
- 2x identical devices:  RB912UAG-5HPnD + 19dB sector
- IBSS
- 2x2 802.11an (ar9340), HT20, long GI
- RSSI's  -70 / -71
- Real distance: 23910 meter

Results (60s iperf runs):

Fixed coverage class 54 (up to 24300m):
* 21.5 Mbits/sec

Dynack:
* 28.9 Mbits/sec

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.14 to 4.14.79
Koen Vandeputte [Mon, 5 Nov 2018 10:23:17 +0000 (11:23 +0100)]
kernel: bump 4.14 to 4.14.79

Refreshed all patches.

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agoRevert "mt76: update to the latest version"
Felix Fietkau [Thu, 1 Nov 2018 18:56:30 +0000 (19:56 +0100)]
Revert "mt76: update to the latest version"

This reverts the following commits:

24ca1cda38fbc3c5ae1302e44ea9dba20cf01ea0
79989634289b25a09a533fb97b26e34cc7e81ea1

The update was reported to cause stability issues.
Revert until those are resolved

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agokernel: tolerate using UBI/UBIFS on MLC flash (FS#1830)
Koen Vandeputte [Thu, 18 Oct 2018 12:23:36 +0000 (14:23 +0200)]
kernel: tolerate using UBI/UBIFS on MLC flash (FS#1830)

starting from upstream commit 577b4eb23811 ("ubi: Reject MLC NAND")
it is not allowed to use UBI and UBIFS on a MLC flavoured NAND flash chip. [1]

According to David Oberhollenzer [2]:

The real problem is that on MLC NAND, pages come in pairs.

Multiple voltage levels inside a single, physical memory cell are used to
encode more than one bit. Instead of just having pages that are twice as big,
the flash exposes them as two different pages. Those pages are usually not
ordered sequentially either, but according to a vendor/device specific
pairing scheme.

Within OpenWrt, devices utilizing this type of flash,
combined with UBI(fs) will be bricked when a user upgrades
from 17.01.4 to a newer version as the MLC will be refused.

As these devices are currently advertised as supported by OpenWrt,
we should at least maintain the original state during the lifecycle
of the current releases.

Support can be gracefully ended when a new release-branch is created.

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Acked-by: Hauke Mehrtens <hauke@hauke-m.e>
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.77&id=577b4eb23811dfc8e38924dc476dbc866be74253
[2] https://lore.kernel.org/patchwork/patch/920344/

6 years agomt76: update to the latest version
Felix Fietkau [Sat, 27 Oct 2018 15:56:28 +0000 (17:56 +0200)]
mt76: update to the latest version

71b7a4a mt76: fix regression in tx status handling

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agomt76: update to the latest version
Felix Fietkau [Fri, 26 Oct 2018 15:13:38 +0000 (17:13 +0200)]
mt76: update to the latest version

199d6bf mt76x2: skip station tx status for non-sta wcid entries
d83ac6e mt76: only override control->sta on sw-encrypted tx
23abe5d mt76: add support for reporting tx status with skb
f8ce59e mt7603: use common tx status handling code

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agobcm53xx: use upstream SPI controller fix
Rafał Miłecki [Tue, 23 Oct 2018 07:42:00 +0000 (09:42 +0200)]
bcm53xx: use upstream SPI controller fix

This just moves patch to use 0xx prefix and includes maintainer's s-o-b.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 9b385b24967a53e88c31aee04ba629d276c4e69d)

6 years agobcm53xx: replace SPI revert with a fix sent upstream
Rafał Miłecki [Thu, 11 Oct 2018 08:01:45 +0000 (10:01 +0200)]
bcm53xx: replace SPI revert with a fix sent upstream

Instead of reverting whole commit it's enough to just revert a single
line change. It seems the real problem with the regressing commit was a
bump of read chunk size. Switching back to 256 B chunks is enough to fix
the problem/regression.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 92de28b751a473655fd0cf3d3a8b81ca1d27d758)

6 years agokernel: add missing symbol for target bcm53xx
Koen Vandeputte [Tue, 23 Oct 2018 08:52:27 +0000 (10:52 +0200)]
kernel: add missing symbol for target bcm53xx

Fixes: 47f68ca58615 ("kernel: bump 4.14 to 4.14.77")

Reported-by: Rafał Miłecki <rafal@milecki.pl>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agodnsmasq: bump to v2.80
Kevin Darbyshire-Bryant [Sun, 19 Aug 2018 18:52:00 +0000 (20:52 +0200)]
dnsmasq: bump to v2.80

Cherry-picked & squashed from relevant commits from master:

dnsmasq v2.80 release

Change from rc1:

91421cb Fix compiler warning.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 6c4d3d705a0d6e508de94dc49736c250ecdae27c)

dnsmasq: remove creation of /etc/ethers

Remove creation of file /etc/ethers in dnsmasq init script as the
file is now created by default in the base-files package by
commit fa3301a28e

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 6c227e45cb6a97c61d9fa2ffa35cebee2a048739)

dnsmasq: bump to dnsmasq v2.80test5

Refresh patches
Remove 240-ubus patch as upstream accepted.
Add uci option ubus which allows to enable/disable ubus support (enabled
by default)

Upstream commits since last bump:

da8b651 Implement --address=/example.com/#
c5db8f9 Tidy 7f876b64c22b2b18412e2e3d8506ee33e42db7c
974a6d0 Add --caa-record
b758b67 Improve logging of RRs from --dns-rr.
9bafdc6 Tidy up file parsing code.
97f876b Properly deal with unaligned addresses in DHCPv6 packets.
cbfbd17 Fix broken DNSSEC records in previous.
b6f926f Don't return NXDOMAIN to empty non-terminals.
c822620 Add --dhcp-name-match
397c050 Handle case of --auth-zone but no --auth-server.
1682d15 Add missing EDNS0 section. EDNS0 section missing in replies to EDNS0-containing queries where answer generated from --local=/<domain>/
dd33e98 Fix crash parsing a --synth-domain with no prefix. Problem introduced in 2.79/6b2b564ac34cb3c862f168e6b1457f9f0b9ca69c
c16d966 Add copyright to src/metrics.h
1dfed16 Remove C99 only code.
6f835ed Format fixes - ubus.c
9d6fd17 dnsmasq.c fix OPT_UBUS option usage
8c1b6a5 New metrics and ubus files.
8dcdb33 Add --enable-ubus option.
aba8bbb Add collection of metrics
caf4d57 Add OpenWRT ubus patch

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 3d377f4375c6e4a66c6741bbd2549ad53ef671b3)

dnsmasq: bump to dnsmasq 2.80test6

Refresh patches

Changes since latest bump:

af3bd07 Man page typo.
d682099 Picky changes to 47b45b2967c931fed3c89a2e6a8df9f9183a5789
47b45b2 Fix lengths of interface names
2b38e38 Minor improvements in lease-tools
282eab7 Mark die function as never returning
c346f61 Handle ANY queries in context of da8b6517decdac593e7ce24bde2824dd841725c8
03212e5 Manpage typo.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 43d4b8e89e68fcab00698ee3b70a58c74813a6a7)

dnsmasq: Handle memory allocation failure in make_non_terminals()

Backport upstream commit:

ea6cc33 Handle memory allocation failure in make_non_terminals()

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 687168ccd9154b1fb7a470fa8f42ce64a135f51d)

dnsmasq: Change behavior when RD bit unset in queries.

Backport upstream commit

Change anti cache-snooping behaviour with queries with the
recursion-desired bit unset. Instead to returning SERVFAIL, we
now always forward, and never answer from the cache. This
allows "dig +trace" command to work.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 6c4cbe94bd940b5c061e27744eb78805764d6b34)

dnsmasq: bump to v2.80test7

Bump to latest test release:

3a610a0 Finesse allocation of memory for "struct crec" cache entries.
48b090c Fix b6f926fbefcd2471699599e44f32b8d25b87b471 to not SEGV on startup (rarely).
4139298 Change behavior when RD bit unset in queries.
51cc10f Add warning about 0.0.0.0 and :: addresses to man page.
ea6cc33 Handle memory allocation failure in make_non_terminals()
ad03967 Add debian/tmpfiles.conf
f4fd07d Debian bugfix.
e3c08a3 Debian packaging fix. (restorecon)
118011f Debian packaging fix. (tmpfiles.d)

Delete our own backports of ea6cc33 & 4139298, so the only real changes
here, since we don't care about the Debian stuff are 48b090c & 3a610a0

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit d9a37d8d1eb7d117d5aa44924064a4a3b5517ddd)

dnsmasq: bump to v2.80test8

e1791f3 Fix logging of DNSSEC queries in TCP mode. Destination server address was misleading.
0fdf3c1 Fix dhcp-match-name to match hostname, not complete FQDN.
ee1df06 Tweak strategy for confirming SLAAC addresses.
1e87eba Clarify manpage for --auth-sec-servers
0893347 Make interface spec optional in --auth-server.
7cbf497 Example config file fix for CERT Vulnerability VU#598349.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 30cc5b0bf4f3cdfe950ca7fc380a34c81dd9d7e4)

dnsmasq: add dhcp-ignore-names support - CERT VU#598349

dnsmasq v2.80test8 adds the ability to ignore dhcp client's requests for
specific hostnames.  Clients claiming certain hostnames and thus
claiming DNS namespace represent a potential security risk. e.g. a
malicious host could claim 'wpad' for itself and redirect other web
client requests to it for nefarious purpose. See CERT VU#598349 for more
details.

Some Samsung TVs are claiming the hostname 'localhost', it is believed
not (yet) for nefarious purposes.

/usr/share/dnsmasq/dhcpbogushostname.conf contains a list of hostnames
in correct syntax to be excluded. e.g.

dhcp-name-match=set:dhcp_bogus_hostname,localhost

Inclusion of this file is controlled by uci option dhcpbogushostname
which is enabled by default.

To be absolutely clear, DHCP leases to these requesting hosts are still
permitted, but they do NOT get to claim ownership of the hostname
itself and hence put into DNS for other hosts to be confused/manipulate by.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit a45f4f50e16cd2d0370a4470c3ede0c6c7754ba9)

dnsmasq: fix compile issue

Fix compile issue in case HAVE_BROKEN_RTC is enabled

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
(cherry picked from commit 39e5e17045aceb2bfbd6b5c6ecfd6cfbce2f3311)

dnsmasq: bump to v2.80rc1

53792c9 fix typo
df07182 Update German translation.

Remove local patch 001-fix-typo which is a backport of the above 53792c9

There is no practical difference between our test8 release and this rc
release, but this does at least say 'release candidate'

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit b8bc672f247a68bc6f72f08f9352cd7aaa5cb9c4)

dnsmasq: fix dnsmasq failure to start when ujail'd

This patch fixes jailed dnsmasq running into the following issue:

|dnsmasq[1]: cannot read /usr/share/dnsmasq/dhcpbogushostname.conf: No such file or directory
|dnsmasq[1]: FAILED to start up
|procd: Instance dnsmasq::cfg01411c s in a crash loop 6 crashes, 0 seconds since last crash

Fixes: a45f4f50e16 ("dnsmasq: add dhcp-ignore-names support - CERT VU#598349")

Signed-off-by: Christian Lamparter <chunkeey@gmail.com>
[bump package release]
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 583466bb5b374b29b6b7cba6f065e97c4734f742)
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
6 years agokernel: bump 4.14 to 4.14.78
Koen Vandeputte [Mon, 22 Oct 2018 12:13:40 +0000 (14:13 +0200)]
kernel: bump 4.14 to 4.14.78

Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.135
Koen Vandeputte [Mon, 22 Oct 2018 09:51:07 +0000 (11:51 +0200)]
kernel: bump 4.9 to 4.9.135

Refreshed all patches.

Fixes:
- CVE-2018-10883

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.14 to 4.14.77
Koen Vandeputte [Thu, 18 Oct 2018 10:11:27 +0000 (12:11 +0200)]
kernel: bump 4.14 to 4.14.77

Refreshed all patches.

Altered patches:
- 666-Add-support-for-MAP-E-FMRs-mesh-mode.patch

New symbol for arm targets:
    - HARDEN_BRANCH_PREDICTOR

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Tested-by: Stijn Tintel <stijn@linux-ipv6.be>
6 years agokernel: bump 4.9 to 4.9.134
Koen Vandeputte [Thu, 18 Oct 2018 10:01:18 +0000 (12:01 +0200)]
kernel: bump 4.9 to 4.9.134

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agoar71xx: fix mtd corruption
Fabio Bettoni [Wed, 17 Oct 2018 12:27:31 +0000 (14:27 +0200)]
ar71xx: fix mtd corruption

In commit 9e1530b2a35e ("kernel: bump 4.9 to 4.9.117 for 18.06") [1], the following patch for removed:
- 403-mtd_fix_cfi_cmdset_0002_status_check.patch

This patch contained fixes for both write and erase functions.

While the chip-detects for erase got fixed upstream [2],
some modifications are still required, even with the fixes applied.

Not doing so results in following errors seen:

Collected errors:
 * pkg_write_filelist: Failed to open //usr/lib/opkg/info/luci-lib-ip.list: I/O error.
 * opkg_install_pkg: Failed to extract data files for luci-lib-ip. Package debris may remain!
 * opkg_install_cmd: Cannot install package luci-ssl.
 * opkg_conf_write_status_files: Can't open status file //usr/lib/opkg/status: I/O error.

[    0.780920] jffs2: version 2.2 (NAND) (SUMMARY) (LZMA) (RTIME) (CMODE_PRIORITY) (c) 2001-2006 Red Hat, Inc.
[    8.406396] jffs2: notice: (415) jffs2_build_xattr_subsystem: complete building xattr subsystem, 0 of xdatum (0 unchecked, 0 orphan) and 0 of xref (0 dead, 0 orphan) found.
[    8.423476] mount_root: switching to jffs2 overlay
[  270.902671] jffs2: Write of 1989 bytes at 0x005ce6f8 failed. returned -5, retlen 962
[  270.931965] jffs2: Write of 1989 bytes at 0x005ceec0 failed. returned -5, retlen 0
[  270.939631] jffs2: Not marking the space at 0x005ceec0 as dirty because the flash driver returned retlen zero
[  270.950397] jffs2: Write of 68 bytes at 0x005ceec0 failed. returned -5, retlen 0
[  270.957838] jffs2: Not marking the space at 0x005ceec0 as dirty because the flash driver returned retlen zero
[  270.968584] jffs2: Write of 68 bytes at 0x005ceec0 failed. returned -5, retlen 0
[  270.976027] jffs2: Not marking the space at 0x005ceec0 as dirty because the flash driver returned retlen zero
[  270.986735] jffs2: Write of 68 bytes at 0x005ceec0 failed. returned -5, retlen 0
[  270.994225] jffs2: Not marking the space at 0x005ceec0 as dirty because the flash driver returned retlen zero

[1] https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=fec8fe806963c96a6506c2aebc3572d3a11f285f
[2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.9.133&id=a0239d83e1cb60de5e78452d4708c083b9e3dcbe

Fixes: 9e1530b2a35e ("kernel: bump 4.9 to 4.9.117 for 18.06")
Signed-off-by: Fabio Bettoni <fbettoni@gmail.com>
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.14 to 4.14.76
Koen Vandeputte [Mon, 15 Oct 2018 09:24:04 +0000 (11:24 +0200)]
kernel: bump 4.14 to 4.14.76

Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.133
Koen Vandeputte [Mon, 15 Oct 2018 09:22:06 +0000 (11:22 +0200)]
kernel: bump 4.9 to 4.9.133

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agomac80211: fix A-MSDU packet handling with TCP retransmission
Felix Fietkau [Thu, 11 Oct 2018 16:48:35 +0000 (18:48 +0200)]
mac80211: fix A-MSDU packet handling with TCP retransmission

Improves local TCP throughput and fixes use-after-free bugs that could lead
to crashes.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
6 years agonetfilter: add missing dependency for kernel 4.14
Koen Vandeputte [Wed, 10 Oct 2018 15:31:40 +0000 (17:31 +0200)]
netfilter: add missing dependency for kernel 4.14

Since kernel 4.14.75 commit ("netfilter: xt_cluster: add dependency on conntrack module")
a dependency is required on kmod-nf-conntrack.

It seems this was already present for kmod-ipt-clusterip
but not yet for kmod-ipt-cluster

Add it fixing a build error when including kmod-ipt-cluster:

Package kmod-ipt-cluster is missing dependencies for the following libraries:
nf_conntrack.ko
modules/netfilter.mk:665: recipe for target '/mnt/ramdisk/koen/firmware/builds/openwrt/bin/targets/cns3xxx/generic/packages/kmod-ipt-cluster_4.14.75-1_arm_mpcore_vfp.ipk' failed
make[3]: *** [/mnt/ramdisk/koen/firmware/builds/openwrt/bin/targets/cns3xxx/generic/packages/kmod-ipt-cluster_4.14.75-1_arm_mpcore_vfp.ipk] Error 1
make[3]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt/package/kernel/linux'
Command exited with non-zero status 2
time: package/kernel/linux/compile#1.80#0.05#2.07
package/Makefile:107: recipe for target 'package/kernel/linux/compile' failed
make[2]: *** [package/kernel/linux/compile] Error 2
make[2]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt'
package/Makefile:103: recipe for target '/mnt/ramdisk/koen/firmware/builds/openwrt/staging_dir/target-arm_mpcore+vfp_musl_eabi/stamp/.package_compile' failed
make[1]: *** [/mnt/ramdisk/koen/firmware/builds/openwrt/staging_dir/target-arm_mpcore+vfp_musl_eabi/stamp/.package_compile] Error 2
make[1]: Leaving directory '/mnt/ramdisk/koen/firmware/builds/openwrt'
/mnt/ramdisk/koen/firmware/builds/openwrt/include/toplevel.mk:216: recipe for target 'world' failed
make: *** [world] Error 2

Fixes: bba743458eb4 ("kernel: bump 4.14 to 4.14.75")
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
[1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v4.14.75&id=b969656b46626a674232c0eadf92a394b89df07c

6 years agokernel: bump 4.14 to 4.14.75
Koen Vandeputte [Wed, 10 Oct 2018 10:37:20 +0000 (12:37 +0200)]
kernel: bump 4.14 to 4.14.75

Refreshed all patches.

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.132
Koen Vandeputte [Wed, 10 Oct 2018 09:37:42 +0000 (11:37 +0200)]
kernel: bump 4.9 to 4.9.132

Refreshed all patches.

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: enable memory compaction
Felix Fietkau [Tue, 9 Oct 2018 11:22:46 +0000 (13:22 +0200)]
kernel: enable memory compaction

Compaction is the only memory management component to form high order (larger
physically contiguous) memory blocks reliably. The page allocator relies on
compaction heavily and the lack of the feature can lead to unexpected OOM
killer invocations for high order memory requests. You shouldn't disable this
option unless there really is a strong reason for it.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Michal Hrusecky <michal.hrusecky@nic.cz>
6 years agoe2fsprogs: fix glibc compile issue (FS#1749,FS#1796)
Hans Dedecker [Mon, 8 Oct 2018 14:57:01 +0000 (16:57 +0200)]
e2fsprogs: fix glibc compile issue (FS#1749,FS#1796)

Fixes the following build error:

.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_post’
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_wait'
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_init’
.../toolchain-i386_pentium4_gcc-7.3.0_glibc/lib/gcc/i486-openwrt-linux-gnu/7.3.0/../../../../i486-openwrt-linux-gnu/bin/ld: ../lib/libcom_err.so: undefined reference to `sem_destroy’

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agoiperf: fix --daemon option
Rafał Miłecki [Sun, 7 Oct 2018 12:17:50 +0000 (14:17 +0200)]
iperf: fix --daemon option

Support for -D got broken in the 2.0.11 release by the upstream commit
218d8c667944 ("first pass L2 mode w/UDP checks, v4 only"). After that
commit clients were still able to connect but no traffic was passed.
It was reported and is fixed now in the upstream git repository.

Backport two patches to fix this. The first one is just a requirement
for the later to apply. The second one is the real fix and it needed
only a small adjustment to apply without backporing the commit
10887b59c7e7 ("fix --txstart-time report messages").

Fixes: 7d15f96eaf76 ("iperf: bump to 2.0.12")
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
(cherry picked from commit 87cd118794cc9375260ea213838e80ad5295e83c)

6 years agoar71xx: Fix installation of fw_setenv in sysupgrade ramdisk
Sven Eckelmann [Mon, 1 Oct 2018 10:27:25 +0000 (12:27 +0200)]
ar71xx: Fix installation of fw_setenv in sysupgrade ramdisk

The install_bin from /lib/upgrade/common.sh is no longer creating the
symlinks when a secondary parameter is added. But the fw_setenv program was
always copied this way to the ramdisk for the upgrade.

Instead, just install fw_setenv and let install_bin handle the detection of
the required dependencies.

Fixes: 438dcbfe74a6 ("base-files: automatically handle paths and symlinks for RAMFS_COPY_BIN")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
6 years agobase-files: Reintroduce sysupgrade_pre_upgrade hook
Sven Eckelmann [Mon, 1 Oct 2018 09:48:04 +0000 (11:48 +0200)]
base-files: Reintroduce sysupgrade_pre_upgrade hook

The sysupgrade_pre_upgrade hook was removed with 6a27c2f4b1a4 ("base-files:
drop fwtool_pre_upgrade") while there were still scripts using it:

* target/linux/ar71xx/base-files/lib/upgrade/allnet.sh
* target/linux/ar71xx/base-files/lib/upgrade/openmesh.sh
* target/linux/ipq40xx/base-files/lib/upgrade/openmesh.sh

Not running the hooks can either prevent a successful upgrade or brick the
device because the fw_setenv program cannot be started correctly.

Fixes: 6a27c2f4b1a4 ("base-files: drop fwtool_pre_upgrade")
Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
6 years agonetifd: fix segfault (FS#1875)
Hans Dedecker [Sun, 7 Oct 2018 13:33:29 +0000 (15:33 +0200)]
netifd: fix segfault (FS#1875)

d0fa124 iprule: fix segfault (FS#1875)

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
6 years agobuild: use CMAKE_SOURCE_SUBDIR variable to cmake.mk
Amol Bhave [Tue, 2 Oct 2018 15:48:27 +0000 (08:48 -0700)]
build: use CMAKE_SOURCE_SUBDIR variable to cmake.mk

Sometimes, the CMakeLists.txt file is not in the root directory of a
repo. In those cases, the CMAKE_SOURCE_SUBDIR variable can be specified
to use CMakeLists.txt from a subdirectory instead.

Signed-off-by: Amol Bhave <ambhave@fb.com>
6 years agokernel: bump 4.14 to 4.14.74
Koen Vandeputte [Thu, 4 Oct 2018 09:28:09 +0000 (11:28 +0200)]
kernel: bump 4.14 to 4.14.74

Refreshed all patches.

Fixes CVE:

- CVE-2018-7755

Compile-tested on: cns3xxx, imx6
Runtime-tested on: cns3xxx, imx6

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agokernel: bump 4.9 to 4.9.131
Koen Vandeputte [Thu, 4 Oct 2018 09:27:39 +0000 (11:27 +0200)]
kernel: bump 4.9 to 4.9.131

Refreshed all patches.

Fixes CVE:

- CVE-2018-10880
- CVE-2018-7755

Compile-tested on: ar71xx
Runtime-tested on: ar71xx

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
6 years agoar71xx: flag FritzBox 4020 buttons as active low
David Bauer [Tue, 11 Sep 2018 15:04:16 +0000 (17:04 +0200)]
ar71xx: flag FritzBox 4020 buttons as active low

Buttons of AVM FritzBox 4020 are incorrectly flagged as active high.

This was an oversight as RFKill button was working as expected even
with incorrectly flagged GPIO.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit cd02d4faf981bd4de0427cd23812b41192635d82)

6 years agokmod-sched-cake: bump to 20181002
Kevin Darbyshire-Bryant [Tue, 2 Oct 2018 18:54:30 +0000 (19:54 +0100)]
kmod-sched-cake: bump to 20181002

Revert "Add workaround for wrong skb->mac_len values after splitting GSO"

Remove our local patch which did the same thing.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit 885052fbfb0ea5ee49e6abc6878ae99ee011688b)

6 years agokmod-sched-cake: don't gso fixup on fixed kernels
Kevin Darbyshire-Bryant [Fri, 28 Sep 2018 08:42:33 +0000 (09:42 +0100)]
kmod-sched-cake: don't gso fixup on fixed kernels

Kernels 4.14.73 & 4.9.140 include the gso fixup fix, so cake
doesn't need to do it.  Let's not waste cpu cycles by doing it in
cake which could be really important on cpu constrained devices.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
(cherry picked from commit b47614f9f18c7d1c24104ef1d53c8d1ac8920ba4)

6 years agokerneL: bump 4.14 to 4.14.73
Koen Vandeputte [Tue, 2 Oct 2018 09:14:20 +0000 (11:14 +0200)]
kerneL: bump 4.14 to 4.14.73

Refreshed all patches.

Removed upstreamed:
- 192-Revert-ubifs-xattr-Don-t-operate-on-deleted-inodes.patch

Compile-tested on: cns3xxx, imx6, x86_64
Runtime-tested on: cns3xxx, imx6, x86_64

Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>